Archive for the 'Uncategorized' Category



New stuff at Tigris: Managing those approval queues

Now that our upgrade’s complete, what did we get?

Here’s one thing that should interest all discussion list maintainers: your Pending Approval page just got more manageable, in two ways. The heart of the matter is, if you don’t act on a moderation request within a month, then the request is deleted entirely, automatically. No more eternally-growing spam lists to paw through for the occasional legitimate post.

If you’ve been in the habit of just ignoring this page entirely, then you can stop feeling guilty (you were, right?). These silly things are no longer bloating the database and slowing performance for everyone.

If, on the other hand, you’ve been in the habit of cleaning this stuff out occasionally, or hunting through it for legitimate requests to approve, then rejoice! The list is now in control.

Are you a list moderator, and don’t know what I’m talking about? Visit your project Discussions page (the one that lists the various discussion fora), and check the left navigation bar. You should see a “Project tools” section, including a “Discussions”  link. If you’re a list moderator for any list in this project, there should be a “Pending approval” category below there. Click that.

If you don’t find these links in your left nav, the Project Owner (who, of course, may also be you) has probably customized them away. There’s a check box for that, in the “Edit project -> Tool configuration” page, or some projects have made extensive HTML customizations that completely override these links. If  checking “Project tool links” doesn’t enable these links (or, if it conflicts too heavily with your re-HTML-ization), then make a book mark or something to

http://<yourproject&gt;.tigris.org/ds/viewForums.do

Getting rid of that spam

If you moderate a mail list on Tigris, you may have noticed an increase in moderation requests for irrelevant junk. Here’s what you can do about that immediately, what we’re doing about it quick-as-we-can, and a little explanation in case you’re still reading by then.

What you can do

  1. Visit the “Edit discussion” page for each afflicted list.
  2. Find the “Web post CAPTCHA” section, about half way down.
  3. Change the setting from “No CAPTCHA” to “Anonymous web posts only.”
  4. [Save changes] (way at the bottom)

What’s broken

While you were changing that setting, you probably noticed a note:

This option will be overridden to “Anonymous web posts only” as “Force CAPTCHA for unregistered users” is set at the domain configuration.

Therein lies the bug: the global override isn’t happening. This was working just fine before the upgrade, implemented as a “hot fix” for the site. The “hot fix” seems to be missing, or failing, with the new upgraded site.

What we’re doing

Still working on that, but we’ll get it fixed as soon as possible. Tune in to the announce@tigris.org list, or here, for information as it happens.

Upgrade complete; back in service

The upgrade of Tigris.Org is complete, and the system is back in service.

Please report any problems to feedback@tigris.org if at all possible. Of course, if it goes down, that won’t work, so feel free to tweet @tigrisdotorg, or add a comment here instead.

Tigris stage testing: hurry, hurry: only a few bugs left!

Have you found your bug in the Tigris stage site? Many brave souls have already dared the waters, yet not a one has identified a single problem! Could you be the first? Find out today! Log in to the staged version of your favorite Tigris project at http://yourproject.stage.tigris.org. Send bugs, complaints, and ecstatic praise to feedback@tigris.org.

Instructions and known problems were posted last week.

Unless some clever tester finds some major problem, we’ll be upgrading the real Tigris to this software version soon. We’re planning a weekend upgrade, either the weekend of March 26, or April 3. More on that as details develop.

Tigris.Org Update Update

Due to an additional problem discovered in the Subversion support of the new release, the Tigris upgrade to CEE 5.3 has been delayed a few days. The new schedule is:

Update stage to patch 3 1d  Wed 2/24/10 Wed 2/24/10
QA testing              5d  Thu 2/25/10 Wed 3/3/10
Community testing      10d  Thu 3/4/10  Wed 3/17/10
Production upgrade      1d  Fri 3/19/10 Fri 3/19/10

Permissions changes on Tigris.Org

Due to widespread defacement of project wikis, we have been forced to tighten security on Tigris.Org a bit. As of yesterday, users who are merely “Observers” in a project are no longer able to edit wiki pages. Project Owners who still want to grant widespread edit rights may add the new “Wiki Contributor” role along with “Observer,” to get the same permissions as before.

Why did we do this?
Well, you know … spam!

Over the last month or so, many projects have seen a rise in defacement of their wikis, by users with various fanciful names.

But Wikipedia isn’t so restrictive!

That’s true (though they’ve become somewhat stricter of late, and that trend may continue). But Wikipedia is a single wiki, with thousands of editors watching for this sort of thing. Tigris, on the other hand, is thousands of separate wikis, many with no editors actively watching them at all. The policies of each project are the responsibility of the Project Owner; central oversight and policy only comes into play at times like these, when there is widespread and unambiguous abuse.

How bad is it?

The defacements we’ve found to date are commercial / “warez” level spam, advertising businesses, some of whom have a less-than-obvious legal position, but none of which are pornographic or violent or otherwise deeply offensive. Similarly, we have not found any cases where the legitimate content of the wiki was damaged, only links to off-site web servers were added.

What can we do to clean up?

Every Project Owner should take a look over their project wiki for defacement. If it’s found, you’ll want to remove it; the “Page Information” link will be a handy way to do that. Page Information will also show you the user names of the culprits. You might want to rescind their membership in your project (although the security change I’ve mentioned here should be enough to prevent further defacement by Observer members).

Tigris being restarted

Tigris.Org is being restarted to fix an unplanned outage. Should be back on-line within about 15 minutes.

Update: well, it took just over three hours, not 15 minutes, but we’ve stabilized again and are back in service.

The root cause was a conflux of several problems (a configuration setting, some ill-advisadly permissible user-entered text, and a failure to filter stuff out) that  have been or will all be fixed.


tigrisdotorg on Twitter

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 179 other followers

Tigris.Org is powered, hosted, and managed by CollabNet, Inc.

Tigris.Org is powered, hosted, and managed by CollabNet, Inc.