Blogging Roller

Referer spammers are using domain names like italianamericanmarchingband.com and worldprintdealers.com to point to prOn sites now, making it even more difficult to filter out the trash.

Dave Sifry, CEO of blog stats company Technorati, charts 5000 or so corporate bloggers, which he calls a "small but influential group." His pie chart shows that the companies with the largest numbers of corporate bloggers are Sun and Microsoft. I'm not sure how he determines that a blog is a corporate blog, but he says he is counting blogs that are "clearly affiliated" with some corporate entity.

Joe Gregorio:

This is just like WinFS.

Except that it is shipping today.

And it just works.

And it doesn't require an upgrade to your operating system.

more...

Mac OS X Hints tells you how to post to your del.ico.us account directly from NetNewsWire. This is especially useful for those who have become addicted to NetNewsWire's built-in browser component.

I took a trip up to Baltimore and back today to meet with a very important customer. It seems like a waste to fly to attend only a 2 hour meeting, but the trip was interesting and well worth the cost. As an added bonus, I remembered a trip of similar duration and a story I like to call the longest trip to the bathroom ever. I will now inflict that > 10 year old story upon you.

One day I boarded a direct flight from Raleigh to New York's Laguardia airport. I arrived at Laguardia, walked outside and met a man holding high a sign that read "David Johnson." I stepped into the man's black limo for a 45 minute drive up to White Plains, NY. In White Plains, the man droppped me off at a non-descript three story office building and I went inside to sit down in a waiting room. After 10 minutes, a nurse called my name, handed me a small cup, and directed me to a bathroom. I closed the door, urinated in the cup, opened the door, and carefully handed the cup back to her. I walked outside, I met the man in the limo, we drove back to Laguardia, and I boarded a direct flight back to Raleigh.

A number of people have asked for some form of comment authentication in Roller. On blogs.sun.com, John Hoffman added a simple math test. If you want to leave a comment on blogs.sun.com, you have to be able to add. Other users have asked that only registered users be able to leave comments, some have asked for capchas, and some have asked for TypeKey support. To accomodate all of these forms of comment authentication, I introduced an interface called CommentAuthenticator. It looks like this:

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.context.Context;
import org.roller.pojos.CommentData;

public interface CommentAuthenticator
{
    public String getHtml(
                        Context context,
                        HttpServletRequest request, 
                        HttpServletResponse response);

    public boolean authenticate(
                        CommentData comment,
                        HttpServletRequest request);
}

I created a DefaultCommentAuthenticator, which does nothing: getHtml() returns and empty string and authenticate() always returns true. So, by default, Roller does no comment authentication. I also created a MathCommentAuthenticator which, like Hoffman's comment form on blogs.sun.com, asks a simple addition question.

If you want to change the way that Roller does authentication, you implement this interface. In the getHtml() method, you get a Velocity context, a request, and a response. This is your chance to add some HTML to the Roller comment form. For example, in the math authenticator, this is where I put the math question and the HTML <inpuyt> tag for the answer. In the authenticate() method, you get the comment that is to be authenticated and the request, so you can pull out any parameters you have have added the form. For example, I grab the answer to the math question from a request parameter named answer. To enable your new authenticator, put it in the Roller classpath and change the value of the org.roller.commentAuthenticator init parameter in Roller's web.xml.

Several people have asked for comment moderation (as seen on Russell's blog). I'm tracking that request as ROL-492, but it is probably not going to make it into Roller 0.9.9.5.

RED HERRING | Wiki wars: "Fans argue that Wikipedia’s open system taps into the collective wisdom of large groups of people to root out error and minimize bias. While anyone can make a change to any entry, the discussions around those changes are open, said Clay Shirky, an adjunct professor at New York University’s Interactive Telecommunications Program in New York City. “It’s like the security of sidewalks,” said Mr. Shirky. “If everyone shares a little the sidewalk is safe.”"

Wikipedia is just amazing. Given enough eyeballs all bias is evident? I hope that turns out to be true in the long run, but it seems pretty unlikely to me. (Via Dave Winer.)

James Robertson has some good thoughts on wiki vs. blog

Lance comments on the recent surge in referrer spam. I've been deleting referrers and adding ugly new ignore words to my Roller installation on a daily basis this week. It is really getting bad. Three options I would like to see in Roller:

• Referrer white list: a blog only accepts referrers that include words that are listed in the blog's white list.
• MT Blacklist: use the MT Blacklist data to filter referrers just as we now (in Roller 0.9.9) filter comments.
• Technorati check: a blog only accepts comments that come form other blogs that are in the blog's Technorati cosmos.

Dave Sifry's numbers put the size of the blogosphere at 4 million blogs, up from 3 million just three months ago in July. He graphs the number over time and the rate of acceleration as well. He also notes that 45% of old blogs have not had a post in 3 months. (Via Tim Bray.)

Colm Smyth wonders if blog editing capabilites should be built-into Star Office and how that should happen. What do I think? Yes! Absolutely. You could build a great WYSIWYG Atom API client with the Star Office HTML editor.

First, I created the Roller badges. I tried to withdraw them because of their legal incorrectness, but they escaped into the wild (and I deny all wrong doing).

  

Then, I created the java.blogs badge (but still I gets no respect):

Now, I'm back with the blogs.sun.com badge:

Sun Bloggers, now's your chance to toot your own horn, give yourself a pat on the back, and a big round of applause. Show your support of blogs.sun.com by displaying the badge it with a link to http://blogs.sun.com.

Eclipse doesn't work very well on Solaris x86, mostly due to the fact it is linked to Motif rather than GNOME. Everything appears to be double spaced and drag and drop don't work at all. I guess I could get the source and rebuild Eclipse against GNOME, but I would rather use my time to get up and running in Netbeans.

Netbeans 4.0b2 looks really good and works well on Solaris x86 (as you might expect). Unfortunately, I ran into a couple of problems while setting up for Roller development in Netbeans. I'm still surfing the mailing list archives and the bug tracker to determine if my problems are caused by known bugs, unknown bugs, or just user error on my part.

• Problem fetching a CVS "sub-module": Roller lives in the Java.Net CVS in /cvr/roller/roller, but I would like to checkout Roller code into ~/src/roller not ~/src/roller/roller. I tried to do this with the Netbeans by turning on the advanced settings and using various combinations of the "Checkout into Folder" and "Do Not Shorten Module Paths" but to no avail. I ended up using command-line CVS to do the trick, some thing like this cvs -d <cvsroot> co -d ~src/roller roller/roller. From there on out I was able to use the Netbeans CVS client on my code to update, commit, diff, etc.
  
  
• Problems importing the Roller build.xml file: Netbeans 4.0b2 has excellent Ant integration, but I had problems making it work with Roller. I tried setting up Roller as a "Web project with an existing Ant script" but when I pointed Netbeans at the Roller Ant file I got "Selected file is not a valid Ant script."

Update:

Turns out, I was able to fix the Roller build script by changing the way in which it brings in it's properties XML file. I changed the third line of the build script from this:

<!ENTITY properties SYSTEM "file:./properties.xmlf">

to this:

<!ENTITY properties SYSTEM "properties.xmlf">

Once I did that, I was able to bring Roller in as a "Java application with an exiting Ant script." I'm subscribed to the Netbeans users mailing list now and I'll direct my future gripes there. And, I'll write up a Roller Development with Netbeans document for the Roller Wiki once I get things sorted out.

I should rename this contrived little blogging crutch to Saturday photo. I never seem to get to it until 11:30 Friday night. This week, another photo taken by my father. The photo is a view from the Snowbird Mountain Inn in North Carolina.

Photo copyright Charles S. Johnson, Jr.

Was it just me, or was Bush's strategy for tonight's debate to out-shout both his opponent and the moderator?

Here are some notes about my adventures setting up my new Sun w2100z workstation with Solaris and JDS:

• Solaris x86: I installed the most recent update of Solaris x86. The installation went very smoothly and seemed less trouble than Debian or Redhat installers that I have used recently. The only snag I hit was my monitor. The kdmconfig program mentions my monitor by name, but not my video card. I picked the NVIDIA driver but it cannot drive my monitor at 1900x1200 so I settle for 1600x1200.
  
  
• JDS desktop. Installed recent build of JDS. The JDS desktop is based on GNOME, but it really looks great, much better than I have been able to make GNOME look. I think this is mostly due to a great theme, all new icons for everything, and proper config of fonts/anti-aliasing - but I think there are some other improvements.
  
  
• blastwave.org and pkg-get. Installed pkg-get from blastwave.org which is the Solaris equivalent of Debian's apt-get. Once you have pkg-get, you can install any package on the list by typing pkg-get -i <package-name>. Too bad the JDK is not in the blastwave dependency tree; I think it would be really cool if I could just type pkg-get to upgrade the JDK too.
  
  
• Upgrading Gaim. The JDS build I'm using includes Gaim 0.76, which can do all instant message protocols including AIM, Yahoo, MSN, and Jabber - Yahoo does not work because Yahoo has changed the password protocol since 0.76 was released. So I used pkg-get to upgrade gaim. But, pkg-get installs gaim in /opt/csw/bin, which does not overwrite the JDS version of Gaim in /usr/bin. Both versions of Gaim work, but I suspect that the software under /opt/csw/bin could get out of sync with JDS if I am not careful.
  
  
• Eclipse 3.0: I used pkg-get to install Eclipse 3.0 (package name eclipse). Eclipse for Solaris x86 is linked to Motif rather than GNOME, so it looks like crap.
  
  
• Netbeans 4: I downloaded Netbeans 4.0b2 from netbeans.org and fired it up. It doesn't look all that good either. The fonts are not quite right. Hmm... maybe I should try JDK5 and see it that makes a difference. I'll do that now and report back later...
  
  

I'm been scrambling to wrap up Roller 0.9.9.5 and Chapter 4 of my book (more about that later), so when my new box arrived I had mixed feelings. The new machine is awesome, a new Sun w2100z machine, a dual processor AMD Opteron with a 24" LCD flat screen, so I'm excited about setting up and seeing what it can do, but setting up a new machine takes time and I don't have a whole lot of that.

Anyhow, I decided to set up the new box and do all the moving around of machines and wires and junk that a new box always requires. I do that, get everything re-hooked up, turn the power on, and find that poor old Snoopdave, my homebuilt Debian box, has died and won't even emit a beep code. Arg. Now I'm in the market for a low-end Linux box.

That's what the Sun w2100z looks like. I would have posted a picture of mine, but Snoopdave was not the only casualty. My Kodak DX3600 camera also decided to die. It has frozen up and is now flashing the E13 error code, which apparently is the Kodak equivalent of the blue screen of death, except that it is permanent. So I'm also in the market for a new digital camera. Happy day.

Setting up the new Sun workstation was pretty easy. The Solaris 9 OS install was smooth and I found all of the software I need at blastwave.org (even Eclipse, but don't tell anybody). More about that later, it's time to get to work.

I've been working on the Roller user management and login code for over a week now. I just committed a bunch of changes. Here is a summary of my progress in this area:

• HTTPS for login only: Roller can now be configured to force logins to happen over HTTPS, while the rest of the UI remains on HTTP. I did this by using Jon Lipsky's SecureTag from AppFuse to force the login page to HTTPS and then later to force the UI back to HTTP.
  
  
• Editor/Admin UI URL improvements: Editor pages under /editor, admin under /admin. This makes it easier to setup security constraints for editor and admin roles. This was a sweeping change that affected almost all Struts actions in the editor/admin UI.
  
  
• Admin role: admin users are no longer specified in the Roller config, instead they have the admin role. The user-admin page now allows you grant and revoke this role and there is a command-line utility for doing the same.
• Allow admins to create new users: admins can now create new users through the editor/admin UI, even if new user registration is off.
  
  
• Encrypted passwords: Roller can now be configured for encrypted passwords and a utility exists for converting Roller from an unencrypted setup to an encrypted one.
  
  
• Confirmation passwords: all password prompts now ask for password to be entered twice for confirmation.
  
  
• Unit tests with HSQLDB: Added a couple of Ant tasks and so that the Roller build script can start, init, and stop HSQLDB as needed during unit testing. Also added Ant targets so that you can start, init, and stop HSQLDB when you run are running unit tests directly from your IDE.
  
  

Apart from bug fixes the only thing holding Roller 0.9.9.5 back now is comment spam. I need to add some form of comment authentication and introduce some better tools for comment spam removal.

O'Reilly Network: The New Bloglines Web Services: "Bloglines today announced a set of new web services APIs, allowing developers to write applications for reading RSS and Atom feeds by drawing data directly from the Bloglines databases. This is a very significant change in the landscape of RSS/Atom aggregators, the newsreading applications that have become more popular over the past few years. Along with the release of its web services, Bloglines announced that several desktop RSS/Atom aggregators, including FeedDemon, NetNewsWire, and Blogbot, will begin using these APIs to provide additional capabilities in their applications. The Bloglines Web Services make it very easy for developers to use RSS and Atom content for many purposes, and the services will also ease the traffic."

A "very significant change" indeed. The coolest part of the article is a blog app: a 150 line Groovy program that implements a complete BlogLines newsreader.

I've always avoided "controversial" topics such as politics on my blog, but that needs to change and this is important. Russell is right. Get out there and convince somebody to vote for Kerry and Edwards.