|
|
|
Posted
over 6 years
ago
by
Haacked
I have a few great openings available that I have to share with you. These are really great positions working with really interesting and smart people all over the world. Some of the outstanding benefits include: Work from
... [More]
home. Work for a great project lead (me!). Work with an international team of really great developers. Work on a product used by thousands of people and seen by many more. Work tasks are pretty much self-directed. Nobody is looking over your shoulder. Set your own schedule and work at your own pace. Interesting cutting-edge ASP.NET work. Gain great experience working on a product and increase your marketable skills. Some of the interesting projects include:
Building a next-gen plugin architecture. Localization and Internationalization. Advanced Skinning architecture. General application architecture and API improvement. Streamlined UI design using AJAX. Advanced Bayesian statistical analysis coding. Windows CardSpaces and Infocard. For such a great opportunity, I must warn you about a few of the downsides.
No health care No Pay I have a gut feeling that second downside is going to be a bit of a deal breaker for a lot of people. But did I mention you can work as many or as few hours as you wish?
As you probably figured out already, I am attempting to recruit people to contribute to the Subtext Project. I have to cut down the number of hours I put into the project for the rest of the year and into the first couple months of the next year for a couple reasons I will mention later. I’ll still be heavily involved, but won’t be able to contribute as much code as I have been.
Why Accept No Pay For Work? I’ve written on this a bit before.
In truth, there are many reasons people work on open source software, and they are not all the same. Many just find it fun to work on something more interesting than the boring data-in data-out systems they build at work. Some want to have a hand in building a better mousetrap. Many enjoy participating in a community and perhaps gaining a bit of recognition among their peers.
However there is another angle I want to promote. It can help you get a better job. On one hand, it helps you get experience in skillsets you might not otherwise exercise at your current job.
37signals, that über hot company right now, see Open Source contributions as a great way to judge a potential candidate.
Open source is a gift to those who need to hire technical people. With open source, you can track someone’s work and contributions — good and bad — over a lengthy period of time.
That means you can judge people by their actions instead of just their words. You can make a decision based on the things that really matter:
In fact, they only hire people they know through open source. Most companies aren’t that extreme, but trust me, it’s a serious turn on to a potential employer.
Hmmm... I’m Intrigued. What Do You Need? Great! Glad you asked!
We have a great team as it stands, but we can always use more help in any and every area. Everyone is welcome to contribute to anything. Even so, I would like to have a few people step up and become responsible for a few areas. That person doesn’t necessarily have to do the work in the respective area, but just take ownership of getting people to contribute and get it down. Basically I want to decompose Subtext into multiple smaller projects. Here are some of our needs:
Documentation Guru: We need someone to be in charge of documentation. This would include making sure our project website is up to date. It can also include generating NDoc documentation and posting it on our site, etc... In fact, it’d be nice to have our project website redesigned to be a better resource for Subtext users.
Build and Deployment Master: Right now, this has been handled by a combination of Me, Steve Harman, and Simone (Simo) Chiaretta. Unless Simo wants this title, I think it’d be nice to have one person be responsible for maintaining our Continuous Integration and built scripts as well as our final deployments.
QA Manager and Testers: We need more people to help out with QA before we release builds, but one person to manage this process. I have someone in mind for this, but I thought I’d put it out there since we could use more help in this area. This would include helping us increase our unit test coverage and start getting WATIR tests going. After the last error plagued release (my fault), I want to get more serious in this area.
Developers, Developers, Developers: And of course, we need more developers! We have several ongoing mini-projects we could use help in. Simo is chugging away on our new plugin framework, but I know he’d appreciate some help as well as someone to start writing some initial plugins to deploy with Subtext.
I have a new skinning architecture I want to get in place, but I won’t have the time to implement it, though I can describe it to anyone who will listen in great detail.
Robb Allen is working on our new membership provider. I’m sure he’d love to have some help finishing the integration with Subtext.
And there are many more minor tasks that we’d like to get done such as general bug fixes, feature requests, code refactorings. I’d like to clean up some of our data access architecture to streamline it a bit. Maybe even evaluate using Subsonic.
Wrap Up To be clear, any and all contributions are worthy and helpful. I may be ambitious asking for volunteers to take on these specific management roles, but it’s worth a try.
However, if you have some time to contribute, but don’t want to take on a management role, don’t let this dissuade you. For example, if you don’t have time to help manage the QA process, but can do testing for a bit here and there when we are preparing a release, please jump on in!
If you are interested in joining in the efforts, start by subscribing to the subtext-devs mailing list and we’ll get you going. [Less]
|
|
Posted
over 6 years
ago
by
Haacked
Jeff Atwood points out several problems with using blacklists (specifically Akismet) to prevent comment spam. He makes the following point: The core problem is relying on a single method of defense against spam. Absolutely.
... [More]
Subtext employs several measures against comment spam, mostly of a heuristic nature. The latest release adds Akismet support as well as Visible and Invisible CAPTCHA.
The funny thing about CAPTCHA and especially Invisible CAPTCHA is the number of people who claim it won’t work and is broken. As Jeff points out, this may be true among researchers, but it is not the case in the wild. However let me back up his post with some numbers.
For the past four days, I have not emptied my blog spam folder, just to see what gets put in there. So far, in that time, my blog has received 1441 comments, trackbacks, etc... Of those, 1407 have been flagged as spam by Akismet or marked as spam by me. Of those, only one was a comment. The rest were trackbacks/pingbacks.
So as far as I am concerned, Invisible CAPTCHA is working well so far. And it has the benefit of being usable, assuming you can do simple math.
So assuming that CAPTCHA, for now, is the best approach to fighting comment spam, we need to deal with its critical weakness.
The real problem is how do we enable CAPTCHA for trackbacks?
I wrote about this problem before when I discussed my qualms about CAPTCHA.
The reason I didn’t mention CAPTCHA is that it would be ineffective for me. Much of my spam comes in via automated means such as a trackback/pingback . The whole point of a trackback is to allow another computer to post a comment on my site. So telling a computer apart from a human in that situation is pointless.
I mentioned this to Atwood who pointed out that trackbacks and pingbacks are indeed automated, but they are left on behalf of a user. This is true. When I write a blog post, Subtext will look at all the links in my post and attempt to trackback each one for me.
Unfortunately, the trackback and pingback APIs have no facility for dealing with CAPTCHA. Unless there were a community effort to revise these specs (I would be happy to join in), CAPTCHA for trackbacks and pingbacks are not gonna happen.
Even with such a community effort, implementing CAPTCHA for trackbacks is going to be a lot of work for blog implementers. In part, this is indicative of a usability issue with CAPTCHA based approaches. CAPTCHA requires human intervention. This makes integrating CAPTCHA with something like trackbacks hard work, whereas if someone comes up with a better automated filter, integrating that is easy.
So for the time being, we have two choices.
Abandon Trackbacks/Pingbacks Find better ways to filter trackbacks and pingbacks. I know many have decided to simply abandon trackbacks. I understand this choice, but I personally am not ready to throw in the towel just yet. Trackbacks can and do add a lot of value to discussions that occur via blogs. So far, Akismet has allowed me to reclaim trackbacks.
What is the next step? Well I agree with Jeff:
Akismet is a fine addition to our anti-spamming toolkit. But that doesn't mean it's a good idea to outsource your entire anti-spam effort to a single website, either. Anti-spam security starts at home. For best results, use defense in depth and combine local anti-spam measures, such as CAPTCHA, with Akismet as a backup.
Though I think we need to start working on some better non-CAPTCHA filters to combine with Akismet.
Tags: Comment Spam, Spam, Blogs, Trackbacks [Less]
|
|
Posted
over 6 years
ago
by
Steven Harman
I just pushed the latest bits out to the SourceForge download server. This bugfix release addresses the upgrade issue I mentioned in a previous post as well as a few CSS IE7 display bugs with Robb's KeyWest skin. This is officially
... [More]
Subtext 1.9.2.30. You can always find out what version you are running by logging into your Admin interface and taking a look in the bottom left corner.
Just for completeness - you should check out Phil's posts about the 1.9.2 upgrade process as well as the 1.9.2.23 release.
Get 'em While They're Hot! Download Here! [Less]
|
|
Posted
over 6 years
ago
by
Haacked
Steve Harman points out another bug in the upgrade process. I feel really terrible that this one slipped through, though as far as I can tell so far, it may be mostly cosmetic in its effect. It apparently converts some comments to trackbacks.
... [More]
While this is not desirable behavior, since we show both comments and trackbacks in the comment section, it might not have a huge negative effect.
Unfortunately, I am in San Jose right now, so I can’t update the release with a fix yet. Hopefully Steve can handle it. [Less]
|
|
Posted
over 6 years
ago
by
Steven Harman
While preparing to upgrade this blog from Subtext 1.5.2 to the latest 1.9.2 bits I discovered a bug in the Upgrade process - I hope you all made a backup of your database like Phil suggested! Impact When upgrading to 1.9.2 we move all
... [More]
comments and track/ping backs out of the subtext_Content database table, into the new subtext_Feedback table. All of the feedback items to get moved over to the new table, but it appears that some of the comments get transformed into trackbacks. DOH!
I've just checked in a fix, but I'll need to coordinate an updated release with Phil. Until we're able to release an updated version, I'd advise against upgrading to 1.9.2 as some of your comments may get turned into trackbacks.
Already Upgraded? I did a little analysis of the data in the subtext_Feedback table and found that real trackbacks (not comments that were mistaken for trackbacks) don't have an associated IP Address. So, you should be able to run the following query against your 1.9.2 Subtext database and revert the transformed trackbacks to comments.
UPDATE subtext_FeedBack
SET FeedbackType = 1
WHERE FeedbackType = 2 AND
(NOT IpAddress IS NULL AND LEN(IpAddress) > 0)
Be Advised: Use this script at your own risk! I've tested it a few times and it seems to work exactly as expected - but you should still be sure to make a backup before trying this.
Next Steps
Stay tuned to this post as I'll be sure to post any news and/or updates regarding the bug.
I just pushed the latest bits out to the SourceForge download site - so go grab them here. Also, check out my Subtext 1.9.2.30 release announcement here for more details. [Less]
|
|
Posted
over 6 years
ago
by
Haacked
In the essay entitled Hold the Mayo, 37signals points out the obvious fact that most surveys ask users what features they want added to a product. They rarely ask what features they want removed. I have in the past asked users for
... [More]
permission to remove features, but I've never taken the extra step of asking users, which features would they like removed. So here I go.
Which feature(s) would you like to see removed from Subtext?
I think a natural response I will receive is the question, Why would you ever want to remove a feature?
Features have many hidden costs. Even relatively simple features. I am going to tell a short story about one such occurrence that happened in Subtext. I won't name names and this is not meant to call anyone out for public embarrasment or chastisement. I have probably been more guilty of this than anyone.
Not too long ago, someone checked in a control into Subtext that displays recent comments, just as we were close to preparing a release. I was a little miffed at the time because I was not expecting anyone to add features at the time.
However this was a pet feature and some of the devs really wanted it in the system. Besides, it's such a small feature, what could go wrong? So I let it in not wanting to be a hard-ass about it.
The recent comments control is a pretty simple control in concept. When added to the main skin template, it simply displays recent comments left on various blog posts. Sounds simple, no?
However, as with any feature, the devil is in the details. Several problems immediately became apparent as we tested the release, and one problem affected me in a later release.
The control let you truncate comments after a certain number of characters. However it didn't strip HTML out, so if it truncated a comment in the middle of a tag, it would completely mess up the whole page. The control bypassed our provider model and made stored proc calls directly. The control displayed all feedback for a blog, even ones that were left via the Contact Page, thus potentially displaying private messages. Recently, I tried to append a little HTML comment after messages that had been processed by Akismet to make it easy to see that Akismet was indeed working by viewing source. Comments aren't being stripped by the Recent Comments control, so the site was broken in a way that I had not anticipated. It took a long time before I realized what was happening. So for a relatively small feature, a lot of development time and effort was used up in supporting it. I am glad we have the feature now, I really like it and plan to add it to my own blog at some point.
But the main point still stands, every feature is like an iceberg. When scoping it out in your head, you typically only think of the top part that sticks out above the water. However, the real effort is in the part under water that supports the whole thing.
So if there is a feature in your product that provides very little bang for the support buck, consider getting rid of it.
So again, Which feature(s) would you like to see removed from Subtext?
Tags: Subtext, Features, Software Development, Getting Real [Less]
|
|
Posted
over 6 years
ago
by
Haacked
Now that 37signals have put their book Getting Real online for free, I’ve finally gotten around to start reading it. And so far, I love it. I think there are a lot of great lessons, reminders, ideas in here that will help me make products I work
... [More]
on that much better.
I have a premonition, even before writing this, that a lot of people will tell me that the book is crap because they don’t believe in functional specifications and even Joel believes in functional specifications. As the authors point out in their Caveats, disclaimers, and other preemptive strikes page, their techniques don’t apply to everyone (though probably to more people than one would think). Also, their ideas are not an all or nothing affair. Gotta have your functional specs, then by all means keep doing it. Don’t throw out the baby with the bathwater.
Open Source projects are probably in the best position to make use of their guidelines, though I am sure many more projects would be made much better by getting real. Subtext will most certainly gain from many of these approaches. My hope is to use Subtext as a testing ground for the principles in Getting Real, and then using its success to show my clients that they don’t need to be so rigid about product development. We’ll see.
As you might guess, many of my upcoming blog posts will focus on some of these topics.
Tags: 37signals, Getting Real, Subtext [Less]
|
|
Posted
over 6 years
ago
by
Haacked
As I mentioned in my last post, someone reported a bug with deleting posts in the admin tool. That posts also describes a quick and dirty workaround. However, I fixed the bug and updated our current 1.9.2 release at SourceForge. The
... [More]
existing URL to download the release is still valid. The full version number for this release is 1.9.2.23.
To find out which version of Subtext you are running, just log into your admin and look in the bottom left corner. You should see the version there.
If you downloaded Subtext 1.9.2 before I applied the update, then you will probably see version 1.9.2.19 in there. If so, you have two options. You can either apply the quick and dirty patch mentioned in my last post, or you can download the latest build and update the Subtext.Framework.dll file in the bin directory.
However, this latest update also includes some CSS fixes for the KeyWest skin in IE 7 designed (and fixed) by Robb Allen. So if you are using that skin, you should download and apply this update.
Tags: Subtext [Less]
|
|
Posted
over 6 years
ago
by
Haacked
Someone reported that they cannot delete posts in the just released Subtext 1.9.2. I am mortified that we do do not have a unit test for this function! To our defense, we did start with 0% code coverage in unit tests and have now reached 37.9% and
... [More]
rising!
I have a quick fix if this problem affects you. I am also currently building a more permanent fix which I will release soon.
Run the following query in Query Analyzer (don’t forget to hit CTRL SHIFT M to replace the template parameters before executing this).
ALTER PROC
[<dbUser,varchar,dbo>].[subtext_DeletePost]
(
@ID int
, @BlogID int = NULL
)
AS
DELETE FROM [<dbUser,varchar,dbo>].[subtext_Links]
WHERE PostID = @ID
DELETE FROM [<dbUser,varchar,dbo>].[subtext_EntryViewCount]
WHERE EntryID = @ID
DELETE FROM [<dbUser,varchar,dbo>].[subtext_Referrals]
WHERE EntryID = @ID
DELETE FROM [<dbUser,varchar,dbo>].[subtext_Feedback]
WHERE EntryId = @ID
DELETE FROM [<dbUser,varchar,dbo>].[subtext_Content]
WHERE [ID] = @ID
GO
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO
GRANT EXECUTE ON
[<dbUser,varchar,dbo>].[subtext_DeletePost]
TO [public]
GO
Sorry for those that this affects. Like I said, we’ll have a bug fix out soon.
Tags: Subtext [Less]
|
|
Posted
over 6 years
ago
by
Steven Harman
Be sure to check out this announcement about the re-Release that we just dropped to fix a couple of bugs. So to be clear, the most recent (and now official) release's full version number is 1.9.2.23. Phew... it's out! You should
... [More]
check out Phil's full announcement to get all the details... or if you have a short attention span, then take a peek at the synopsis.
One thing to note... PLEASE take heed to the warning about backing up your entire site and database before upgrading to 1.9.2. As stated in the release announcement, this upgrade involves some huge schema changes in regards to how comments/trackbacks are stored - and we wouldn't want to lose all of that valuable data due to a botched upgrade attempt!
Oh, and you can download the latest bits here. [Less]
|
Copyright
©
2013
Black Duck Software, Inc.
and its contributors, Some Rights Reserved. Unless otherwise marked, this work is licensed under a
Creative Commons Attribution 3.0 Unported License
. Ohloh
®
and the Ohloh logo are trademarks of
Black Duck Software, Inc.
in the United States and/or other jurisdictions. All other trademarks are the property of their respective holders.