From assaph at gmail.com Fri Sep 2 00:31:36 2005 From: assaph at gmail.com (Assaph Mehr) Date: Fri Sep 2 00:24:56 2005 Subject: [Pimki-users] Re: Pimki question: authors management In-Reply-To: References: <3ff47be905081915447b75cfd4@mail.gmail.com> <3ff47be9050825143058ab5ec5@mail.gmail.com> <3ff47be9050829062840bf20a1@mail.gmail.com> Message-ID: <3ff47be9050901213132696f63@mail.gmail.com> Hi Marco, (Replying to the pimki-users list, as this might be of interest). > Having accessed my pimki-site from different machines, I ended up > editing some pages with different user ids which are all correctly > displayed in my "Authors" page. > > Due to my lack of attention I ended up with four different authors all > pointing to myself (MG, MaGa, MarcoGanz, AnonymousCoward...). I > understand that Authors are linked to the changes they perform so they > should not be edited. Nevertheless I'm afraid the list is going to grow > in the future... I keep ending up with AnonymousCoward as well :-) In general, authors are just a string property of the revision - there is no user model behind it. If there happens to be a page named the same as the author, it will be linked from the pages' byline where the author is named, that's all. There is no consequence to changing the author of a particular revision. > Question: is there a way to clean up the authors who perfomed changes > to one site? One solution could be an "AKA" (also known as) mechanism > so that the system would be able to group pages modified by the same > person (though under different names)... There is no way to arrange for aliased in the author names now. My problem is this: Pimki is aimed at personal/small-group usage; having the wrong author name where everyone knows who the others are, is a minor annoyance; having to maintain a user-model with permissions, aliases etc is a major annoyance. So I'm wondering what will we gain that will be worth the extra hassle? The only area where it might be of usage is in publishing sections of the wiki, but considering that the site is not even remotely secure anyway, pimki stores all the data in clear text, it's really easy to just write whatever you want in the author field etc., I again don't see much value. On the plus side, If all you care about is the author name it's about 5 minutes work with Platypus to generate a Greasemonkey script that will automatically set the proper author name (I can generate it for you). > After a few days of personal usage, I'm going to extend access to my > pimki installation to a couple of colleagues as well... that's one of > the greatest tools I've seen in the last few months! Thanks for the compliment :-) Do you intend your colleagues to participate or just view the information? Do you intend to use between you just the wiki, or also the blogging and todo functionality? Just trying to understand cases of real-world usage. Cheers, Assaph From marco at marcoganz.com Fri Sep 2 04:40:22 2005 From: marco at marcoganz.com (marco@marcoganz.com) Date: Fri Sep 2 04:33:40 2005 Subject: [Pimki-users] Re: Pimki question: authors management In-Reply-To: <3ff47be9050901213132696f63@mail.gmail.com> References: <3ff47be905081915447b75cfd4@mail.gmail.com> <3ff47be9050825143058ab5ec5@mail.gmail.com> <3ff47be9050829062840bf20a1@mail.gmail.com> <3ff47be9050901213132696f63@mail.gmail.com> Message-ID: Hi Assaph (et al)! I'm involved in several projects and activities so in the last few months I've spent some time looking around for efficient PIM solutions without finding anything really interesting: after a couple of days of trial I've always ended up again with my to-do lists written on paper and yello stickers filling up my screen... shameful for a geek like me! ;-) There're nice (commercial) tools out there, like MindManager, but none of them has ever turned out to be a definitive solution. IMHO what they all lack compared to paper is the easiness and complete freedom by which you can add content and modify what's missing. On the other hand personally I don't care a lot about other technical issue they seem to address, like integration with a calendar or contact manager. That's what makes Pimki really interesting to me: I can add and modify content with almost the same freedom paper gives me since page creation and linking is all taken care automatically and the todo mechanism provides me with a way to rapidly check my highest priority tasks without having to spend time thinking about organizing and collecting this information myself... that's just what I need! In this sense something I would find really useful, as I told you already some time ago, is a way to visually distinguish between TODOs depending on their "time to expiry" and, very important, a way to keep track of TODOs after completion in order to be able to build a history of my actions (e.g. when a TODO is marked as "Done" in the TODO page it should be removed from the page it appeared on nevertheless it should be kept somewhere in a list of completed items, searcheable afterwards). What's interesting is that these needs seem to be common to several colleagues of mine, with different background and responsibilities, so these ideas seem not to be just my own. My colleagues will be managing they're own pimki sites, mostly using wikis and todos. On the other hand we still haven't seen the real need for blogging. We're thinking about moving to Pimkie our group intranet site as well... this would make blogging more attractive for sure. Going back to the "Authors" issue, I agree with you 100% that building a user model is not worth for the time being... it (and moreover a security model) would be the kind of enhancement that could justify a commercial release built on the open source one sometime later in the future. Ciao!!!!!!!!!!!!!!! -- Marco -- -----Original Message----- From: Assaph Mehr To: marco@marcoganz.com ; pimki-users@rubyforge.org Sent: Fri, 2 Sep 2005 14:31:36 +1000 Subject: Re: Pimki question: authors management Hi Marco, (Replying to the pimki-users list, as this might be of interest). > Having accessed my pimki-site from different machines, I ended up > editing some pages with different user ids which are all correctly > displayed in my "Authors" page. > > Due to my lack of attention I ended up with four different authors all > pointing to myself (MG, MaGa, MarcoGanz, AnonymousCoward...). I > understand that Authors are linked to the changes they perform so they > should not be edited. Nevertheless I'm afraid the list is going to grow > in the future... I keep ending up with AnonymousCoward as well :-) In general, authors are just a string property of the revision - there is no user model behind it. If there happens to be a page named the same as the author, it will be linked from the pages' byline where the author is named, that's all. There is no consequence to changing the author of a particular revision. > Question: is there a way to clean up the authors who perfomed changes > to one site? One solution could be an "AKA" (also known as) mechanism > so that the system would be able to group pages modified by the same > person (though under different names)... There is no way to arrange for aliased in the author names now. My problem is this: Pimki is aimed at personal/small-group usage; having the wrong author name where everyone knows who the others are, is a minor annoyance; having to maintain a user-model with permissions, aliases etc is a major annoyance. So I'm wondering what will we gain that will be worth the extra hassle? The only area where it might be of usage is in publishing sections of the wiki, but considering that the site is not even remotely secure anyway, pimki stores all the data in clear text, it's really easy to just write whatever you want in the author field etc., I again don't see much value. On the plus side, If all you care about is the author name it's about 5 minutes work with Platypus to generate a Greasemonkey script that will automatically set the proper author name (I can generate it for you). > After a few days of personal usage, I'm going to extend access to my > pimki installation to a couple of colleagues as well... that's one of > the greatest tools I've seen in the last few months! Thanks for the compliment :-) Do you intend your colleagues to participate or just view the information? Do you intend to use between you just the wiki, or also the blogging and todo functionality? Just trying to understand cases of real-world usage. Cheers, Assaph From assaph at gmail.com Tue Sep 13 09:52:49 2005 From: assaph at gmail.com (Assaph Mehr) Date: Tue Sep 13 09:45:39 2005 Subject: [Pimki-users] Re: Pimki2 - Ready for alpha testing In-Reply-To: <3ff47be905083106357da6a6af@mail.gmail.com> References: <3ff47be905083106357da6a6af@mail.gmail.com> Message-ID: <3ff47be905091306527f4cb9d1@mail.gmail.com> Hi All, Just a quick note to tell you about the new ToDo and bliki features in Pimki2. I have revamped the interfaces to both, and added different views for the todos. Go check it out if you're into alpha testing (but it is getting more stable :-) - all the details are in the help system. Comments most welcome! Cheers, Assaph From assaph at gmail.com Thu Sep 15 02:35:23 2005 From: assaph at gmail.com (Assaph Mehr) Date: Thu, 15 Sep 2005 16:35:23 +1000 Subject: [Pimki-users] [ANN] Pimki 1.8.092 Message-ID: <3ff47be9050914233529a49155@mail.gmail.com> Hi All, Am very happy to announce a new release of Pimki: The Wiki-based PIM to GetThingsDone! Pimki 1.8.092 is a maintenance release. It contains many small (and a few not-so-small :) bug fixes. Important note: this release is still based on Instiki 0.9.2. You cannot use Instiki 0.10.x snapshots directly. Snapshots from previous versions of both Pimki and Instiki should work fine. The next major version - Pimki2 - is now in alpha testing phase. It is fairly stable. A few features need more polishing, and the main issue remaining is integration with Instiki's still-under-development SQLite backend. Go to http://pimki.rubyforge.org for the full scoop. If you're running gems just run 'gem install Pimki' and it will be installed/upgraded for you. Otherwise just download, unzip and run! Cheers, Assaph From Vladare.17092985 at bloglines.com Fri Sep 30 02:46:23 2005 From: Vladare.17092985 at bloglines.com (Vladare.17092985@bloglines.com) Date: 30 Sep 2005 06:46:23 -0000 Subject: [Pimki-users] Evaluating ruby expressions (or even code) for ruby geeks :) Message-ID: <1128062783.4211099599.3242.sendItem@bloglines.com> Hello Assaph, It is not a problem when value of $SAFE is >= 2 But pimki users could be get a possibility to using mathematical expressions and other useful things. >Date: 2005-09-29 06:36 >Sender: Assaph Mehr >You mean something like: > <% FileUtils.rm_rf '/' %> >? >I don't think I'd ever want anonymous users to >be able to run >code server side. Even if you assume there's >only one user (i.e. >used as pure PIM), there are better ways to >execute code. >It would be perfect if pimki be able to eval >ruby code as the eRb >does > From assaph at gmail.com Fri Sep 30 08:23:30 2005 From: assaph at gmail.com (Assaph Mehr) Date: Fri, 30 Sep 2005 22:23:30 +1000 Subject: [Pimki-users] Evaluating ruby expressions (or even code) for ruby geeks :) In-Reply-To: <1128062783.4211099599.3242.sendItem@bloglines.com> References: <1128062783.4211099599.3242.sendItem@bloglines.com> Message-ID: <3ff47be90509300523g41d2129cv30f3618e8a9e63c1@mail.gmail.com> Hi Vladare, As has been shown in the past, $SAFE isn't as safe as you may think. There are *a lot* of problem with evaluating user input as code, so much so that the common way to refer to it "eval is evil". Basically any user input is untrusted and should never be eval'd directly. You can look in ruby-talk archive about attempts people have made in the past to secure this, and the replies with how to break their attempts (in normally less than 10 minutes :-). The upshot for this, is that it will require significant development effort that will yield a non-secure system for a feature that only very few users will use. I am a Ruby Geek myself (duh :), and I like all this cool stuff. However, contrary to what I expected Pimki is used quite a lot by groups, and the wiki itself is usually hosted in accessible sites. I've even seen public installations of Pimki. So I feel that no matter how cool it may sound, I have an obligation to the majority of the users not to provide a feature which may compromise their system. I much rather spend my limited development time on features that will enhance the information organisation capabilities. Cheers, Assaph On 30 Sep 2005 06:46:23 -0000, Vladare.17092985 at bloglines.com wrote: > Hello Assaph, > > It is not a problem when value of $SAFE is >= 2 > But pimki > users could be get a possibility to using mathematical expressions and other > useful things. > > > >Date: 2005-09-29 06:36 > >Sender: Assaph Mehr > > >You > mean something like: > > <% FileUtils.rm_rf '/' %> > >? > > >I don't think I'd > ever want anonymous users to >be able to run > >code server side. Even if you > assume there's >only one user (i.e. > >used as pure PIM), there are better > ways to >execute code. > > >It would be perfect if pimki be able to eval >ruby > code as the eRb > >does > > > _______________________________________________ > Pimki-users mailing list > Pimki-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/pimki-users >