Team Chat Logs

alect: poor recognition rates... best one was 16% from multi.surbl.org, everything else was way below that (rank 2 had 7%, iirc, and then only 0% with <10 hits out of >800 checked domains)

[00:52:13]

<alect>

not useful at all

[00:52:16]

alect: i'll put the results online and let you know where to find it

[00:52:39]

<alect>

ok

[00:52:57]

alect: yeah, i agree. now the question is: is the mechanism as such wrong for this purpose, or are the available block lists just not good enough for us?

[00:53:49]

will need a few minutes for that

[00:54:00]

<alect>

perhaps there is very little intersection between the urls from email spam and trac spam

[00:54:37]

It would make sense

[00:55:04]

email spam is about clicks, seems like trac/blog spam is more about page rank and whatnot

[00:55:12]

alect: that's what i currently think, too. the purpose of email spam vs. website spam is different

[00:55:21]

coderanger: ack

[00:56:14]

so who wants to be suckered into starting tracbl.org ;-)

[00:56:52]

<alect>

sounds like you just volunteered noah ;)

[00:57:17]

can't do DNS from here, or anything other than http/80

[00:57:29]

campus firewall is somewhat restrictive

[00:58:10]

coderanger: well, i'd be willing to contribute code and ideas at least.

[00:58:11]

though I suppose something XML-RPC based is an option

[00:58:24]

if I had FIOS i'd do it

[00:58:31]

pacopablo: FIOS?

[00:58:39]

fiber to the home

[00:58:54]

I've got the bandwidth, so I suppose I probably should :P

[00:59:02]

pacopablo: ah :)

[00:59:05]

<alect>

th has bandwidth to spare

[00:59:09]

<alect>

we can host it on that box

[00:59:10]

Verizon is rolling it out to everyone around me, but not me!

[00:59:24]

alect: Okay, I'll go see what I can hack up :)

[00:59:25]

<alect>

and it can do dns

[00:59:32]

<alect>

i just need to open the fw

[00:59:44]

would DNS be better than xml-rpc?

[01:00:03]

<alect>

it'd be much lighter weight at least

[01:00:05]

i was thinking a lot if a purely dnsbl-based is suited for that purpose...

[01:00:09]

<alect>

dunno about "better"

[01:00:29]

well once the backend it built, that can switched later

[01:00:36]

<alect>

paco: hah, how'd you manage that? :)

[01:00:37]

coderanger: well, DNS has the advantage of caches, taking a little load off of the DNS server

[01:01:22]

which of the two mailing lists would be suited for a discussion, by the way? users or dev?

[01:01:39]

probably -dev

[01:01:53]

since its more dev oriented

[01:02:10]

ok, so i guess i should join that now :)

[01:03:24]

<alect>

theoretically we could even use dynamic updates to allow sites to add urls too

[01:03:53]

<alect>

they sign up, we give them a key, plug that into their spamfilter plugin

[01:04:01]

<alect>

and when they train on spam

[01:04:03]

alect: I was thinking it could hook into the training system

[01:04:05]

<alect>

it uploads the urls

[01:04:05]

yeah

[01:04:15]

<alect>

could be all quite automagic

[01:04:23]

there is a major problem with current hostname-based blocklists:

[01:04:52]

then have a threshhold for how many users have to report a url before it is blocked probably

[01:05:00]

either they do whitelist masshosters such as aol.com, or they blacklist them. both is wrong, IMO

[01:05:29]

whitelisting their domains causes a lot of false negatives, and blacklisting probably a good rate of false positives

[01:06:08]

<alect>

we could have two rbls, an aggressive one and a conservative one

[01:06:34]

<alect>

i personally have no problem blocking all of aol.com

[01:06:36]

<alect>

:)

[01:07:03]

given that you can control the karma on the Trac side, its probably okay

[01:09:17]

i'd suggest a more general approach, so that the list is usable for non-trac-driven sites as well. this in return give a broader ground to judge posts (and better recognition rates, hopefully)

[01:10:03]

so then maybe it should be non-boolean (though that rules using DNS for access)?

[01:10:18]

just return a score of some kind

[01:11:19]

give me a second to order my mind, so i can explain :)

[01:14:06]

otaku42: Okay, just starting in on the DB schema

[01:14:14]

lol

[01:15:46]

lemme register this on trac-hacks so the code will be up somewhere

[01:16:05]

DieSpammersDIePlugin

[01:16:11]

I think that's whay you should call it

[01:16:26]

or CapitalPunishmentForSpammers

[01:16:33]

Plugin, of course

[01:19:33]

http://trac-hacks.org/browser/tracblplugin/0.10

[01:20:10]

anyone using tracburndown-plugin?

[01:24:19]

http://otaku42.de/static/spam-audit/

[01:25:40]

<alect>

coderanger: the A record can be a score in the form: 127.0.0.<score>

[01:25:56]

rbltest/ is the result of the check of the spamvertised domains that hit madwifi.org during the last 4 months and th last week against the rhsbls mentioned in rhsbl.lst

[01:26:04]

alect: Ahh, okay

[01:26:10]

the test results are in results-*

[01:26:19]

<alect>

so perhaps sites like aol.com could have a score of 1 while specific domains like viagra4u.com could have a score of 255

[01:26:29]

yeah

[01:26:36]

let the user define their cutoff

[01:27:54]

well, i don't think that this is (a proper) solution. it should at least be combined with a mechanism that allows to check the "subspace" of the hoster, such as home.aol.com/iamaspammer

[01:28:39]

downside: it requires at least two lookups for those hoster-URIs

[01:29:35]

however, it would most probably give better results, while still allowing to judge based on the "general hoster score", if necessary

[01:29:45]

<alect>

perhaps not..it could do: lookup 'home.aol.com/iamaspammer'.replace('/', '.')

[01:29:56]

<alect>

if that returns nothing, try just home.aol.com

[01:30:13]

alect: et voila, you have the second lookup :)

[01:30:25]

alect: but yes, that's basically what i have in mind

[01:30:27]

<alect>

yes but only if the first fails

[01:30:29]

<alect>

it's not every time

[01:31:27]

alect: how do you tell whether the domain belongs to a hoster? or would you follow that lookup scheme for every checked URI?

[01:31:54]

<alect>

i would guess every attempt

[01:32:13]

alect: how about the following idea:

[01:33:14]

alect: first check the domain, following the well-known lookup scheme, as suggested by http://www.surbl.org/implementation.html for example). means: look up the plain domain name (aol.com for example)

[01:33:24]

momplse, phone

[01:34:55]

does a redirect clear the referer header?

[01:38:26]

back

[01:39:54]

so, in the response to the first check there could be a bit that signals "domain belongs to a hoster", so a second lookup could be done to determine if the particular hoster "space" is known for spamvertisements

[01:40:32]

alect!

[01:40:41]

in fact there should be two bits, one for each of the two hoster types: <customer>.hoster.com and home.hoster.com/<customer>

[01:40:54]

maybe more types exist, but these are the two i've spotted so far

[01:42:56]

<vikas>

hi all, is there a way to use tracd with .htaccess for authentication?\

[01:43:03]

<omry>

when I mark a filtered comment as ham, will it get posted?

[01:43:30]

advantage of that lookup scheme: it avoids multiple lookups for non-hoster domains

[01:44:05]

otaku42: probably more like '*.hoster.com/<customer>' in the second case

[01:44:39]

vikas: You can use an htpasswd file if thats what you mean

[01:45:50]

coderanger: yeah, i guess there are several ways how that could be improved :)

[01:45:51]

<vikas>

coderanger: can we specify the LDAP server address, etc. in an htpasswd file?

[01:46:14]

vikas: No, for that you will need to use Apache or lighty

[01:46:27]

vikas: Or make an autentication plugin that uses LDAP directly

[01:47:43]

<vikas>

coderanger: oh ok, thanks!

[01:48:37]

by the way, a list of all spamvertised URIs used for my research described above can be found here: http://otaku42.de/static/spam-audit/data/normalized-uris-mw+th.lst

[01:48:37]

otaku42: The issue is then probably going to be server load

[01:49:34]

morn coderanger

[01:49:39]

asmodai: Alo

[01:50:44]

<vikas>

i

[01:50:59]

coderanger: well, yes and no, depending on the "preparation" of the lookup.

[01:51:09]

<vikas>

i've another issue -- installed web admin plugin, but its not showing up in the navigation bar..

[01:51:17]

the preparation of the lookup on the checking host, i mean

[01:51:18]

vikas: Anything in the log?

[01:51:24]

coderanger: How's tricks?

[01:51:29]

<vikas>

i've configured one user to have Trac_admin privileges

[01:51:47]

asmodai: Just hacking at the blacklist stuff :)

[01:52:31]

<vikas>

coderanger: what should I be looking for, in the log?

[01:52:42]

vikas: Is it loading the plugin

[01:53:52]

<vikas>

coderanger: no idea, actually, the log doesn't have anything about loading a plugin

[01:53:58]

<alect>

@logging

[01:53:58]

<evil_twin>

alect: "logging" is http://trac.edgewall.org/wiki/TracLogging <-- Enable debug logging to file, ensure your environments log/ directory is writeable by your web server user, check for errors.

[01:54:15]

coderanger: we should have a look at rbldnsd's configuration file... that seems to be very fast for this type of application. http://www.corpit.ru/mjt/rbldnsd.html

[01:54:27]

<vikas>

alect: I've enabled debug logging and it goes to log/trac.log

[01:54:38]

<vikas>

i can see various SQL queries, page accesses, etc.

[01:56:57]

vikas: How did you install the plugin

[01:57:14]

otaku42: For doing the distributed submission, a DB would probably be easier

[01:58:23]

coderanger: well, the database would be necessary of course to maintain the list itself, but the data should then be exported to some kind of configuration file for the dns server that handles the lookups

[01:58:36]

ahh, yeah

[02:00:50]

coderanger: another thing that should be considered: taking care of "URL redirection services" - these seem to be used occasionally by spammers to obfuscate the spamvertised domain

[02:01:04]

Yeah, but that is generally handled on the client

[02:01:17]

they are getting harder and harder to decode though

[02:01:49]

<gans20|malchik>

is it possible to format text in trac's wiki page in two columns?

[02:02:01]

coderanger: if everything else fails: try a HEAD request against the URL and see if it would be redirected

[02:02:07]

gans20|malchik: A table?

[02:02:28]

otaku42: Yeah, but that wont catch JS/Flash redirects

[02:02:42]

<gans20|malchik>

if a table is only hack then it is... is there any specific format for that purpose?

[02:03:06]

gans20|malchik: Not that I know of

[02:03:27]

<gans20|malchik>

so that it automatically choose what amount of text to show on the left and on the right columns respectively

[02:03:33]

<gans20|malchik>

hm... okay

[02:03:48]

gans20|malchik: You could make a macro to do it

[02:04:01]

gans20|malchik: But thats more layout than is usually considered "wikiish"

[02:04:35]

<gans20|malchik>

its just difficult to read long strings

[02:04:48]

<gans20|malchik>

for eyes I mean

[02:04:51]

gans20|malchik: It should wrap them for you

[02:05:18]

otaku42: But yeah, thats a start

[02:05:40]

otaku42: Also if the page isn't found, they can about the lookup right there

[02:05:48]

er, abort

[02:06:26]

coderanger: yep

[02:07:15]

<gans20|malchik>

coderanger, it? the macro I'll write?

[02:07:16]

<gans20|malchik>

:)

[02:07:32]

gans20|malchik: No, HTML in general

[02:07:51]

gans20|malchik: Unless you put it in <pre> ( {{{ }}} for Trac)

[02:08:04]

It will fit the text to the available space

[02:08:32]

<gans20|malchik>

oh, it wraps the text.. but on my 19' display they still looks too long

[02:08:41]

<capi_>

Hi everyone, sorry for just jumping in here but I have a question that I'd like to discuss here before filing a ticket: if I have old versions which I'd like to remove from being able to being entered for new versions, I remove them in trac-admin. But in this case, this version will also no longer show up int the details view of a milestone in the roadmap. Is there a way to have it still shown in the statistics and query?

[02:09:01]

capi_: No

[02:09:23]

capi_: You could make a ticketmaniplutator plugin to reject tickets with old versions

[02:10:09]

<capi_>

I see, thanks. I just wanted them to not show up in the drop down list of new tickets. Maybe I'll simply write a small patch there to check a list of "closed" versions.

[02:10:39]

capi_: That would mean no one uses old versions of your software?

[02:11:02]

Completed milestones should be removed from the dropdown boxes

[02:11:19]

<capi_>

Of course not, its just for some internal testing versions that never go public and which should no longer being tested. Its more a "build" than a public version.

[02:12:49]

<capi_>

coderanger: Hmm, maybe you are right and I should just introduce a milestone for every build.

[02:14:04]

<vikas>

coderanger: sorry, was afk.. i just downloaded the egg and ran easy-install <egg-file>

[02:14:18]

vikas: Did you enable it in trac.ini?

[02:14:23]

<vikas>

yeah

[02:14:26]

capi_: either way

[02:14:39]

vikas: and you restarted the server?

[02:14:47]

<vikas>

yup

[02:14:59]

vikas: Wanna pastebin your trac.ini

[02:15:02]

lisppaste5: url

[02:15:02]

To use the lisppaste bot, visit http://paste.lisp.org/new/trac and enter your paste.

[02:15:57]

<alect>

listpaste5: explode

[02:16:01]

<alect>

weak

[02:17:49]

alect: hahah

[02:17:52]

:P

[02:17:57]

vikas pasted "trac.ini for debugging webadmin" at http://paste.lisp.org/display/29612

[02:18:28]

vikas: This isn't 0.11dev right?

[02:18:44]

<vikas>

coderanger: nope, 0.10 (if you mean trac)

[02:18:53]

looks okay to me

[02:19:40]

<vikas>

coderanger: btw, i saw that AuthPlugin is written by you, does it support LDAP?

[02:19:54]

vikas: AuthForm, no it just uses HTTP auth

[02:20:13]

<vikas>

oh ok

[02:20:53]

<gans20|malchik>

is it possible to customize navigation menu (where Roadmap, Wiki, Search buttons located) to add my own buttons there?

[02:20:59]

<gans20|malchik>

in trac 0.10

[02:21:09]

gans20|malchik: Sure, just make a plugin

[02:21:47]

<gans20|malchik>

there's no plugins that already do this? :)

[02:22:05]

gans20|malchik: What kind of thing do you want to add?

[02:22:26]

<gans20|malchik>

A link to google groups .. just URL outside of trac

[02:22:37]

<gans20|malchik>

* that points outside of trac

[02:22:47]

http://trac-hacks.org/wiki/NavAddPlugin

[02:23:29]

<gans20|malchik>

there's just 0.9 version :(

[02:23:42]

gans20|malchik: it also works for 0.10

[02:23:50]

Most plugins will work on 0.10 unless stated otherwise

[02:23:53]

<gans20|malchik>

without change?

[02:23:59]

gans20|malchik: yes, iirc

[02:24:01]

notice the tags at the bottom

[02:24:42]

<gans20|malchik>

I saw them... but in the dowload budle there's just 0.9 version... I though that they just forget to pack it there

[02:24:53]

<gans20|malchik>

otaku42, you're the creator? :)

[02:24:57]

gans20|malchik: yes :)

[02:25:01]

<gans20|malchik>

cool :)

[02:25:15]

<gans20|malchik>

coderanger, and you're the creator of trac? :)

[02:25:27]

gans20|malchik: Nope, just a plugin hacker

[02:26:02]

<gans20|malchik>

=) I just saw your nickname here and there at the trac-haks =)

[02:26:24]

I have written a bunch of stuff on trac-hacks

[02:27:12]

<gans20|malchik>

As a volunteer?

[02:27:26]

yeah, we all do this in our spare time

[02:27:41]

all contributions on trac-hacks.org are done by volunteers

[02:28:17]

<gans20|malchik>

nice

[02:28:22]

Some stuff is probably done for work, and then posted, but not much

shit

he's back

who he?

(reminds me of "ringworld"...)

[02:29:41]

The arch nemesis.

[02:30:00]

"he!" - "who 'he'?" - "you!" - "ah, he!"

[02:30:36]

Hah!

[02:41:35]

<gans20|malchik>

is there any ways how to localize the trac navbar?

[02:41:54]

<gans20|malchik>

Can I localize the entire trac?

[02:42:12]

<gans20|malchik>

I want to make a Russian version :)

[02:42:19]

gans20|malchik: currently that is not possible without patching the whole source of trac

[02:42:37]

<gans20|malchik>

is it planned for future releases?

[02:42:43]

gans20|malchik: Yes

[02:42:55]

<gans20|malchik>

good

[02:52:57]

<gans20|malchik>

otaku42, it works, thanks for a great job! :)

[02:53:23]

The Trac notification code is really convoluted

[02:53:53]

gans20|malchik: you're welcome :)

[03:10:13]

otaku42: I gave you commit access to the tracbl code, so feel free to hack on it if you get bored :)

[03:12:22]

coderanger: i would love to - however, my python knowledge isn't very good yet :)

[03:12:44]

otaku42: There is lots of other stuff to work out than just the code ;-)

[03:13:01]

coderanger: but i guess that's a good reason to force myself to learning python :)

[03:13:05]

coderanger: true.

[03:13:11]

hehe

[03:13:21]

I actually only learned python because of Trac

[03:13:33]

(and I've never looked back :)

[03:15:09]

coderanger: i plan to get rid of various php4-implemented things running on madwifi.org, too (soon :))

[03:15:20]

diveintopython.org ftw!

[03:16:11]

coderanger: already bookmarked that... it's just that i don't find enough time to spend on that :/

[03:16:19]

yeah, its a lot

[03:16:35]

I actually learned a lot early on from staring at the Trac code

[03:17:53]

coderanger: that's how i made my first python steps... which led to various hacks and modifications we will use on the new server for madwifi.org (where we will switch to trac 0.10, finally).

[03:18:09]

coderanger: see http://projects.otaku42.de/browser for the results ;)

[03:18:51]

otaku42: I see you forked simpleticket :P

[03:19:32]

coderanger: among other things, yes :)

[03:20:17]

heh

[03:20:56]

coderanger: basically to make use of a private change to trac that allows to hide items from the navbar without requiring to remove permissions for accessing the corresponding component

[03:21:14]

Yeah, though I should probably swipe the Markup->html patch

[03:21:15]

:)

[03:21:41]

coderanger: feel free :)

[03:29:50]

Interesting, apparently you can segfault mod_python in such a way that Apache needs to be restarted, even though it is still listening

[03:30:06]

It just sends back 0 bytes

[03:56:43]

<noodl>

Hi guys. I just noticed that the TracGuide (live on your site and for 0.9.6) has "Administrating a Trac project" as the label for the TracAdmin link.

[03:56:49]

Okay, TracBL can hand out and verify API keys

[03:57:02]

<noodl>

That's poor English, Administrating isn't a word. Should be Administering.

[03:57:28]

coderanger: now there just needs to be a way to register API keys somehow :)

[03:57:29]

<noodl>

Should I create a ticket for that? I assume the default wiki pages are in your scm.

[03:57:45]

<coderanger</

Context Navigation

November 10, 2006

2006 10
Mo	Tu	We	Th	Fr	Sa	Su
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30
<<	<				>	>>

2006 10
Mo	Tu	We	Th	Fr	Sa	Su
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30
<<	<				>	>>

2006 10
Mo	Tu	We	Th	Fr	Sa	Su
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30
<<	<				>	>>