[pLog-svn] r6088 - plog/branches/lifetype-1.2/class/security

Andy myside at myside.mine.nu
Wed Jan 2 14:12:03 EST 2008



On Wed, 2 Jan 2008, Jon Daley wrote:

> 	One question - do you care about all updates, or updates to the
> main API?  I don't think our APIs change very often at all.  I understand
> the folks that heavily customize the stylesheets and admin templates have
> trouble staying up-to-date, though using source control for their own
> changes should make that trivial enough.  I wrote documentation on how to
> use SVK to merge local and our changes, and I have used that for some
> sites successfully.

I am concerned mostly with the API.  Using a public class that depends on 
a new method with-in new class, or changes to object structures that are 
returned.

Could their be a version that could set the standard for structor, yet 
build on the API, keeping legacy systems usable?  This would be a project 
within itself, but would version 3 be a consideration for this?  Will 2.5 
objects be obtained with the same method and class data returned as a 
stable, and as usable in a production system, that a legacy 2.X would 
have?

> 	If I had made lots of custom changes to LifeType, I probably
> wouldn't upgrade on a live site, unless I knew I could do it late at night
> or something when less people would notice.  But, depending on how you use
> LT's code, I'd think a "minor" upgrade, particularly the last couple,
> would be trivial to do even on a live site.
>

I have no Lifetype PHP custom code.  I use you API in it's entirety.  I am 
considering making a single change in ragards to seperate user dependant 
tables in DB's, while mainting a private admin SQL database.  However, 
this is too minor of a source code change to be worried about when 
considering upgrading versions.

> On Wed, 2 Jan 2008, Andy wrote:
>
>> Liftype is absolutely the best content providing system I have used.  The
>> API that you have available is giving me the ability to integrate an
>> ASP.NET registration and user management application using C#.
>>
>> Do be rather frank, you are releasing updates in too short of intervals.
>> I understand you all have great and new features and capabilities you want
>> to make available right away.  This, in many aspects is benificial to your
>> status in the blogging and CMS world.
>>
>> However, it is also a downfall.  Your platform is already at a stage that
>> can be used in a production environment, and exceeds any other content
>> system I have experienced.
>>
>> I understand you, as developers, are excited about releasing updates with
>> perfected blocks of code, and new features.  However, just as this is
>> gaining great interest in Lifetype, the interest is moving behind in
>> usability with the constant release of primary and minor versions.
>>
>> In one other aspect, who wants to use a system that can not be supported
>> more than a few minor released versions.
>>
>> I am developing a platform integrating mono with C#, along with ASP, using
>> your API.  Your applications is already at a point of global usability,
>> but others like myself are afraid of developing blogging platforms with
>> the constant update you releases.
>>
>> At an early stage of development, frequent updates are reasonable.  I
>> believe your developers are at a point at which you should focuse on
>> support of an amazing product version already available, and inforce a
>> reasonable deployment of updates at a pre set minimum amount of months.
>> 6 Months, 9 months is not a long time with other project standards.
>>
>> What your user base wants is support, security updates, and improvement
>> updates, now that, in my opinion, you have overpassed any other comparible
>> CMS platform.
>>
>> I understand you do not have a large amount of developers; you may even
>> think, as it is, very popular now, that you may gain even more interest
>> with early minor version updates.  However, that is what is limiting
>> production platforms to consider using your code.
>>
>> Please, slow down just a bit.  It will creat a baseline application
>> feature set, and its popularity, and the actuall use one can have of the
>> systems in production that could, and would be provided: results in a
>> truely impressive, global, popular platform - and response to your
>> organization will, in my opinion improve even more with this alternative
>> release cycle.
>>
>> Thank You,
>>
>> Andy Wright
>>
>> http://myside.com/1/
>>
>>
>> On Wed, 2 Jan 2008, Oscar Renalias wrote:
>>
>>> I have been running 1.2.6 in renalias.net and lifetype.net, perhaps
>>> it's time to release it?
>>>
>>> On Dec 26, 2007 1:01 AM, Oscar Renalias <oscar at renalias.net> wrote:
>>>> I just updated renalias.net and lifetype.net to 1.2.6, everything
>>>> looks ok so far in there.
>>>>
>>>> I think we can go ahead with 1.2.6 within a couple of days...
>>>>
>>>> Oscar
>>>>
>>>>
>>>> On Dec 24, 2007 10:43 PM, Jon Daley <plogworld at jon.limedaley.com> wrote:
>>>>>         I think 1.2.6 is ready to release, though I guess it would be good
>>>>> to test my latest code to make sure I didn't break anything.
>>>>>
>>>>> On Thu, 29 Nov 2007, Jon Daley wrote:
>>>>>
>>>>>
>>>>>> On Fri, 30 Nov 2007, Mark Wu wrote:
>>>>>>> Why can't we just put the bayesian filter in last order? it seems solve
>>>>>>> this
>>>>>>> problem easier.
>>>>>>       Does that fix everything?  It is certainly the easiest (coding and
>>>>>> performance) wise.
>>>>>>       With my thinking it seems like that fixes it - at least for now,
>>>>>> because we don't have any other plugins that would use the inputs of others.
>>>>>> And we can maybe do Mark's priority idea if we ever need that sort of thing.
>>>>>>       As long as it works for Paul's stuff, I think that sounds good. So,
>>>>>> then we should take Mark's rev 6088 or whatever it is and use that, but
>>>>>> modify it to pass in the previouslyRejected flag, and then put the bayesian
>>>>>> at the end.
>>>>>>
>>>>>>> BTW, most lifetype installations in CJK site does rely on Bayesian Filter
>>>>>>> to protect the spam attack. Because the tokenize algorithm can't separate
>>>>>>> CJK into each atomic token. We don't use stop words and "white space" to
>>>>>>> seperate a paragraph into "word".
>>>>>>       I am not sure what you are saying.  It seems like you are saying the
>>>>>> tokenizer doesn't work, so then it seems that the bayesian filter wouldn't be
>>>>>> very good at all...
>>>>>>
>>>>>>       Well, it's been 10 minutes since I read your idea of simply putting
>>>>>> the bayesian filter at the end, and haven't come up with a reason why it
>>>>>> won't work.  So, probably good.  Do you want to do it, or me?
>>>>>>
>>>>>> --
>>>>>> Jon Daley
>>>>>> http://jon.limedaley.com/
>>>>>>
>>>>>> Whenever people agree with me I always feel I must be wrong.
>>>>>> -- Oscar Wilde
>>>>>
>>>>> --
>>>>> Jon Daley
>>>>> http://jon.limedaley.com/
>>>>>
>>>>> Music is what feelings sound like.
>>>>> -- Anonymous
>>>>
>>>>> _______________________________________________
>>>>> pLog-svn mailing list
>>>>> pLog-svn at devel.lifetype.net
>>>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>>>
>>>>
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.lifetype.net
>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>>
>
> --
> Jon Daley
> http://jon.limedaley.com/
>
> Of course, we are all worms, but I like to think,
> at least, that I am a glowworm.
> -- Winston Churchill
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>


More information about the pLog-svn mailing list