someone had set up (but never configured and implemented) an open source
analytics solution for sudoroom.org called piwik http://piwik.org/
do we have interest in running an analytics solution to have better
information to improve user experience for the site?
I'd consider setting it up, but don't have strong feelings at the moment.
I'm inclined to have less data about users, but having some data could be
valuable to provide better service.
what do folks think?
There are other open source web analytics options too:
https://en.wikipedia.org/wiki/List_of_web_analytics_software#Free_.2F_Open_…
Hey all,
I'm working on a series of upgrades for the website. Testing out a new
wordpress theme and event management / calendaring plugin on our
development site. Please take a look:
http://dev.sudoroom.org/
I plan to have www.sudoroom.org direct users to a landing page on this
site, with clear donation and calendar information, rather than directing
them to the wiki (as it does now).
I'll also need a few people to help migrate content, is anyone interested?
No coding skills required, just copying old event information into the new
event form so we can preserve the historical data.
// Matt
On Tue, Apr 29, 2014 at 4:37 PM, Matthew Senate <mattsenate(a)gmail.com> wrote:
> I plan to have www.sudoroom.org direct users to a landing page on this site,
> with clear donation and calendar information, rather than directing them to
> the wiki (as it does now).
Why can't we just work to put clear donation and calendar information
on the wiki?
You probably know that my preference has been to deprecate wordpress
and eventually move everything onto the wiki. I put a lot of work into
that project after first seeking input from everybody else involved. I
think the wiki format has potential to be more transparent and
hierarchical.
On Tue, Apr 29, 2014 at 5:58 PM, Matthew Senate <mattsenate(a)gmail.com> wrote:
> [snip]
Okay, thanks so much for explaining at length. This decision does seem
reasonable. I suppose we'd never get rid of wordpress entirely since
we already have a rich blog history, so it just makes sense to use its
other strengths too.
I still am apprehensive about other things creeping out of the wiki
and onto the wordpress, and information being duplicated in both
places. I hope we can stay vigilant about that.
I apologize for what must come off as a series of terse negative
emails the past few days. I know this is a critical formative time for
Sudo and I hope to be more available to help in depth again sometime
soon.
On Mon, Apr 28, 2014 at 3:11 PM, Matthew Senate <mattsenate(a)gmail.com> wrote:
> Can we submit a support ticket with godaddy to remove the lock?
You can try, I doubt it though. The internet seems to be full of
people who have tried and failed. Sorry for my mistake.
On Tue, Apr 29, 2014 at 12:50 AM, Matthew Senate <mattsenate(a)gmail.com> wrote:
> create your own account on the dev.sudoroom.org site using:
>
> user: sudoer
> pass: superuserdoroom
I appreciate all your hard work on this, but I would advocate for a
more security-conscious approach to this. My two concerns are:
1) We should not share a wordpress admin account passwords on a public
mailing list. Admin accounts are able to modify files on the server
and execute arbitrary code. This creates a very easy way for anybody
on the internet to pwn our entire web server and attack our users.
2) We should not serve the dev site on http or encourage users to
create accounts in cleartext. I can move it seamlessly to
https://sudoroom.org/dev/ with your consent.
I think we owe our users better than this, especially since we've
taught some of them to use Tor at our cryptoparties. They have trusted
us with email addresses and passwords in (among other things) the
blog, wiki, and mailman. This puts them and us at risk. It also
nullifies a lot of past time and effort that's gone into keeping our
server secure.
On Mon, Apr 28, 2014 at 2:46 PM, Matthew Senate <mattsenate(a)gmail.com> wrote:
> Given that it was a pain in the butt and took a bunch of time, at the very
> least it may be worth it (in the long term) to use Mozilla Persona to hack ...
>
> Added a wiki page with more details here: https://sudoroom.org/wiki/Persona
Persona's future is uncertain. Mozilla is no longer developing it, and
while they still host the servers, the most they can say is that
decommissioning "will absolutely not happen in 2014." :P
http://identity.mozilla.com/post/78873831485/transitioning-persona-to-commu…
On Mon, Apr 28, 2014 at 2:33 PM, Matthew Senate <mattsenate(a)gmail.com> wrote:
> So for some reason this didn't go all the way through. I'm not sure why.
> Does anyone want to state the next step, or should we start from scratch?
It didn't go through the first time because Jacob's email was the
admin contact in whois, Godaddy sent him a confirmation link, and he
never clicked it.
So I changed the admin contact to be info(a)sudoroom.org and tried again.
Which was a mistake because it apparently triggered a 60-day transfer
lock, so Godaddy won't let us try again until mid-June.
I've been thinking about how we could to encourage app development without
having to increase the administrative costs, especially for user
authentication.
Does anyone have any thoughts or experience with authentication systems
(CAS or otherwise) that they can share?
Specifically, it seems like Mozilla Persona is a really good solution for
us to implement and work towards:
https://en.wikipedia.org/wiki/Mozilla_Persona
A lot of systems already have libraries or support:
https://developer.mozilla.org/en-US/Persona/Libraries_and_plugins
It would be easy to implement using Mozilla.org as the provider, but due to
decentralization of the system, we should be able to point to our own
implemented server instead in the future.
Or perhaps there is a better alternative?
// Matt