imc-docs TODO

Ok, tons of things to fix or improve... tons of stuff already done, too : ImcDocsLog.

kompost

• polish monitoring/IDS stuff
• limit VServers CPU and memory usage, see http://linux-vserver.org/vsched+explained and gdm's e-mail to imc-docs-tech on April 21
• rate limit the connexions to sshd (ipt_recent - only >= linux 2.6.18)

Privacy & security

• httpS-only login ?
  • NOTE: hijacking a wiki user may not be as disruptive as hijacking an email account, but, as many persons use just one password, it could
  • login/logout stuff will be solved in dakar, as explained in ImcDocsPluginNotes
• prevent bruteforcing TWiki passwords ? for example, rate limit access to the logon script (Dakar) with any Apache anti-DoS module
• Logfile IP anonymizer must not replaces IP addresses in referer URLs. Example log line of a Google search:
  

  Oct  2 12:22:27 humus apache: [Sun Oct 02 12:22:27 2005] [error] [client 127.0.0.1] File does not exist: /var/www/docs.indymedia.org/twiki, referer: http://127.0.0.1/search?q=cache:jyckmHQhMDQJ:paris.indymedia.org/article.php3%3Fid_article%3D38618%26id_mot%3D10+les+avenus++de+mex%C4%B1co&hl=fr&lr=lang_fr
       

  • do we really need such data ? If we do, it involves hardcore syslog-ng stripping regexp configuration, if possible at all. -- IntRigeri - 12 Feb 2006
• Remove first and last name (and company where still present) off TWikiRegistration in all languages. Add additional fields if needed, but minimize mandatory form fields.

Trash cleaning

Have cron clean Trash (and Sandbox ?) web (NB: wait for Dakar to do this, since interface of the functions needed for the second step change a lot)

This is being discussed on TWiki:Codev/EmptyTrash and TWiki:TWiki/ManagingTopics#Deleted_Topics_How_to_Clear_the

Prevent misuse

• Prevent Wiki spam
• prevent TWikiGuest password change, ahahah
• make sure all webs are monitored by at least one person subscribed to WebNotify or reading the RSS feed

Documentation

NB: the topics access statistics are at http://docs.indymedia.org/stats/.

1. create a page that lists the tutorials and their translations - started at UsefulLinks - we need to expand this page, add in all the translated pages, then translate this page! -- GarconDuMonde - 26 Feb 2005
2. guidelines for naming conventions - ImcDocsNamingConventions
3. how to use docs.indymedia.org - started an FAQ at HowTo -- GarconDuMonde - 28 Feb 2005
4. modifying WebLeftBarCommon in order to include the two links to HowTo and UsefulLinks instead of the other ones.
5. translation work:
   • translate the TWiki documentation in a lot of languages (or find translations somewhere)
   • translation of our own documents (see above)
6. redo the WebHome's:
   • Global - see WebHomeDraft: pretty much completed, just need alster to say it looks ok and will be moved.
   • WebHome - see WebHomeDraft
   • Devel - see WebHomeDraft
   • Help
7. Copy https://wiki.boum.org/Boum/ChangesNotification somewhere

nb idea was to all try and work on some of these things over the 5 days and then get together at the end to agree changes

Functionality

• Email address obfuscation does not work with quotes ; bug reported on TWiki:Codev/ObfuscateEmailAddresses : propose patch to upstream : i + a NOT SO URGENT
  • double quotes : "truc@bidule.com"
  • simple quotes : 'truc@bidule.com'
  • href with no quotes : truc@bidule.com
  • href with double quotes : truc@bidule.com
  • href with single quotes : truc@bidule.com
• Fix menu on rdiff view NOT SO URGENT
  • The menu displayed on rdiff view is the one of twiki.org. Example: http://docs.indymedia.org/rdiff/Main/WebHome
• Provide more IMC specific InterWiki link rules
  • examples ?
  • already done for boum.org (for example: Boum:TechStdOut/PageAccueil)
• Add a capability to revert to previous versions of pages.
• setup revision comparison such as the mediawiki's, plus ability to comment every change : http://twiki.org/cgi-bin/view/Plugins/RevCommentPluginDev
• sectional edit : http://twiki.org/cgi-bin/view/Plugins/SectionalEditPlugin
• Extend twikirmuser.sh script to also delete users' attached files in the 'pub' directory
• making the usual administration tasks accessible from the web interface, especially making a perl script to remove accounts (the file in Main web and also the line in .htpasswd).

Look

Any customizations on the look of the website can be made through either PatternSkinCustomization or TWikiTemplates.

• sort out the 'webs' NOT SO URGENT
  • one idea is to have a separate web for each imc, like the Aotearoa web.
  • Dakar will support sub-webs : one idea is to have a sub-web per IMC
• add 'login' link to side bars
• shorten view type URLs : cf Boum:TechStdOut/BoumTWikiSetup

Performance

• look at caching solutions / proxy / most viewed pages : d + g NOT SO URGENT
• improve TWiki performance using mod_perl ; Dakar is supposed to work flawlessly with it.

Internationalization

• a lot of work to do... see TWikiInternationalization

Copyright notice

• Change to creative commons ?
  • the license would appear as:

This work is licensed under a Creative Commons License.

Of course, this raises the problem of the actual copyright notice that has been displayed since the wiki was first installed... GarconDuMonde has contacted the EFF and also Christiane who is the 'world contact' at creativecommons.

Plugins

• moved to ImcDocsPluginNotes (see also ImcDocsLog)

Migration to dakar

A dakar beta test install was setup in http://dev.docs.indymedia.org, allowing us to test the problems we will encounter during our future migration. So far, problems/issues are:

• maybe test a new authentification setup, since the default one (.htpasswd files + sessions) has some well-known weaknesses, and that better schemes are available.
• in order to save some CPU, our previous setup deactivated raw mode and non-default skins for non-authenticated users. This was based on an apache RewriteRule which redirected these "view" requests to "viewauth", "viewauth" being the twiki script requiring authentification before proceeding. This won't work anymore in dakar, since "viewauth" has disappeared. We have still to find out how can work around this.

Dakar includes a tick_twiki.pl, in tools/ directory, which is designed to be run from a cronjob to do some useful maintenance tasks.

Amongst the items that used to be in this TODO and that will be solved by Dakar, there is :

• make deleting attachments easier