Antiquatis Website Wish List

The Institute is a non-profit, educational institution for the public promotion of the ideas and concepts put forth within the context of the Sanctuary Project. This forum is to discuss the structure of the Institute, requirements and the teach/learn and learn/teach systems.
Post Reply
User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Antiquatis Website Wish List

Post by LoneBear » Sun Nov 06, 2011 10:27 am

Tulan has graciously offered to create a custom website for Antiquatis, to get away from Drupal (main site), phpBB (forums) and all the associated spamming and hacking problems that are common with popular software. I've started this topic as a "wish list" for features that would be nice to have on the site. My wish list is mostly on the programming features side, so it would be nice to get feedback from the user community to make the site easier to navigate, search and work with.

Please reply to this topic with any feature requests, things you like about existing site features, or things you don't like (like having a separate registration for the forum). Thanks.

User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Programming: site access

Post by LoneBear » Sun Nov 06, 2011 10:59 am

Programming features--site access:

There are several kinds of visitors to the site, and it would be nice to standardize them from a programming standpoint to make things easier to identify and customize:

Guest: A person that is visiting the site, often for the first time, but has not registered. A lot of programs deal with this using a check to see if the person is logged in or not, I would prefer that the "not logged in" condition be associated with a definable username, such as "anonymous", so it can be treated as a regular user and customized as such.

Registered user: A person that has an account on the site, and has logged in. Also might be nice to control some basic theme/skins, either a choice of skins or at least the ability to set some basic colors and font sizes for readability.

Robot/Spiders (bots): Normally from search engines indexing the site, should be identifiable and assigned a username to control access. The phpBB forum software does this and it is displayed on the "recent users" list.

Info spiders: Robots/spiders that act like search engines, looking for email addresses and personal information, that tend to be abusive of the website. A normal search bot will scan a page, pause, then scan another, so it looks like a user browsing the system, and puts very little load on the server. Spambots try to read the entire site as fast as possible, and overload the server (rather than one page a minute, 100 pages a second). This makes the site unusable to regular people. It would be nice to track requests-per-second for a specific IP, and if it exceeds a threshold, create an IP-based username and block further access.

Site grabbers: Normally a person that has some software that copies a site to their local computer. In many cases, it looks like a spambot and overloads the server (this happens a LOT with the RS theory website). Can be identified because it acts like a spambot but may have a registered username attached to it. In this case, it would be nice to block access for a limited time and send an email to the user asking them not to do this, or to use a program that is friendlier to the server.

Spammers: Bots or people that are looking only to post spam, and spend a lot of time hitting the login and registration pages. Happens here all to frequently, as they have gotten smart enough to get through CAPTCHA images now. Getting to the point where PEOPLE can't read the images, but the robots can! Should be IP banned, but most of the time they originate from bogus IP addresses.

Though I was thinking that rather than block a spammer/hacker from the system, it might be interesting to just redirect them to a custom username and profile, so they see only what we want them to see... like a page containing bogus or useless information, or perhaps redirect them to, oh, say the Federal Trade Commission or the CIA. (Then they might actually DO something about all the spamming!) If enough sites did that, they might be able to put a stop to the "botnet" mania.

User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Dashboard

Post by LoneBear » Sun Nov 06, 2011 11:25 am

I've noticed a lot of applications these days have a "dashboard," which has a couple of different formats. One is a summary view of your site (to-do lists, etc), the other is a more like a HUD (Heads-Up Display) that pops up a bunch of widgets over the desktop.

The concept seems to be heading towards a user-customizable home page on the website, which is what I'd like to add to the wish list. Rather than me (or an admin) determining what you see when you log in, YOU should be able to define it, along the lines of Babylon 5's "Universe Today" (a custom-generated newspaper).

CMS (Code Management Systems) already use block layouts on themes/skins, but the blocks are determined by the site admin. If you look at the main website, you will see it is composed of a bunch of blocks of information, arranged on the screen in regions (the header region up top, the main content in the center, and menus to the right and left).

It would be nice to have these features for a dashboard:

1. Selectable content and ordering. If you are interested in the monastic aspects of the Institute, then you might want the latest monastery news right up front. If more of a reader, then you may want the CI library as your main choice.

2. Definable menus. The site contains a LOT of content and it would be nice to create personal menus of the sections you want quick access to (blogs, forums, books, stories, etc).

3. Since the site is dedicated to research, some research options, like the ability to bookmark specific points in articles and to be able to annotate them (add a personal comment at that point).

4. Once someone has created a custom dashboard, to timestamp it so when new features are added, they can be shown to each user to decide if they want to include them on their dashboard.

The anonymous user can be treated as a dashboard as well, as can the robots, spiders and others, with the restriction that only the admins can control that content. (Just need a security role as to who can "create dashboard").

It would also be nice to be able to control the theme/skin to some degree, particularly the basic colors and font sizes for readability.

Since the site is basically education and research, it needs to have features that make it easy for a user to do these things. These days, time is pressing, so the ability to mark where you are and resume when you return is important, as well as to make notations for further review or study, as well as submit feedback. (I'm not in favor of the "wiki" approach, as they get clobbered by spammers and it's a lot of work to review every change to see if it is valid or not.)

User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Site Registration

Post by LoneBear » Sun Nov 06, 2011 12:20 pm

I've noticed a similarity between the psychological components of a person and "social networking" on computers, which might be nice to include:

Ego-identity: The person sitting at the keyboard.
Persona: The username/alias used to present the ego-identity on a particular site.

The "username" is more of a persona than a person, as the choice of username, avatar and other features depends upon the interaction the person has with the other members of a website. (In topic mapping, the ego-identity would be associated with a role/player persona.) Some people use the same persona wherever they go on the internet. Others used different usernames. This is just natural, social interaction that makes sense, given the structure of the psyche.

It would be rather nifty to include this structure as part of the website, where you have your "identity" account, with personal information that can be strictly protected, and the "persona" of that account--usernames or handles that you can use for your public, social "face" on the system. These personae could be connected to the home page "dashboard" mentioned earlier, so if you're in a scientific mood today, you can use your professional persona and get your science home page. If feeling religious, switch to your monastic persona and pop up your philosophic home page dashboard.

I think it may allow for a more natural flow of information, as the external website can parallel the natural functioning of the psyche.

As we discussed in another topic of having multiple "profiles" with varying levels of detail, this approach may be suited to that.

Given the nature of spambots, it would be nice to have the registration system multi-paged. In other words, more like a registration Wizard than just a fill-in form. The Wizard approach adds a degree of complexity that bots won't be able to handle, and also provides the registrant with solid information on what is being asked, why it is being asked, and what their response is.

When a person first registers on the site, they would need to create the ego-identity as a container for the persona. This could be an OpenId account, or a private account (maybe support OpenId ourselves). Then they can go in and create the persona for that identity.

It also might be nice to associate a persona with a subdomain, so when visiting monastery.antiquatis.org you get your "monastic" persona by default. (This could easily be implemented by just grabbing the subdomain name and checking to see if there is a matching persona for it. If so, use it, if not, use the current persona.)

User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Non-web access components

Post by LoneBear » Wed Nov 09, 2011 2:50 pm

News Feeds

Basic news feeds need to be supported, Atom, RSS, etc. Like the dashboard, needs user-definable content and public content. A user should be able to log in and get access to news feeds on content his security level would allow him to access.

Email support

Needs a good email interface, hooked to the forum where uses can both read, post and reply like one would with Yahoo groups or something. I don't particularly like to have to check in to find out if there is anything new on the site--be nicer if I just got the posts and could interact via email directly.

User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Spam protection

Post by LoneBear » Sun Nov 13, 2011 11:30 am

MUST have strong, anti-spamming protection! I have to clear 10-20 bogus registrations every day from the Antiquatis, RS and RS2 sites. Image CAPTCHA has been compromised to the point where the bots have a better chance of recognizing the image than a real person registering does. And it should not be difficult to register. I know I get frustrated with sites and image CAPTCHA, where you can hardly make out the letters. Need a viable alternative to this.

On the main sites, I just posted a question of "Are you a human being?" and left a free-form field for someone to type "yes." That actually works fairly well, as spammers will put garbage or URLs in the text field. At least it is easy to sort out who is real and who isn't.

I also think the time delay is effective--I have to manually approve new accounts, which I normally do within 24 hours. Bots seem to count on instant approval, or at least approval via email confirmation. I've noticed that bot registration emails seldom bounce now--they collect the response at one of these free email services, and verify the email from the returned validation link so they can spam (that happens a LOT on this forum).

I did see a rather clever image CAPTCHA the other day--rather than a static, scrambled image, they had a fairly clear image that was an animation--a black box was sliding back and forth across the image, covering up the letters as it moved. Easy to read, if you just waited a few seconds for the box to uncover what was underneath. From an internal perspective, it meant that no single frame of the image contained the complete code--at least one letter was blacked out. Bots aren't intelligent enough to analyze an animation to find out what is being covered up.

User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Throttling

Post by LoneBear » Sun Nov 13, 2011 11:37 am

Another problem I run into frequently (particularly with the rstheory.org site) is access overload--someone using a program to download the entire site to their computer, or a spammer trying to search every page on the site for email addresses. I've seen these programs put up hundreds of requests a second, and since content is generated dynamically from an SQL database (not static pages), it overloads the server.

Need a mechanism to analyze pages-per-second per IP, and when it goes past a threshold, kill access until they get frustrated and go away. I don't have a problem with a person downloading the "public" site, but not if they are going to abuse the privilege and prevent others from accessing it by overloading the server. (Proper download programs will have delays built in, so they don't overload the server.)

User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Actions, Rules and/or Triggers

Post by LoneBear » Sun Nov 13, 2011 9:50 pm

One of the features I really like in Drupal is the Trigger/Action system, where you can tell it to watch for specific conditions (a trigger) and when they happen, perform some action. For example, when someone applies for membership in the Institute or Monastery, I have it shoot me an email to let me know to go to the approvals page (all role apps need approval). Of course, it doesn't do all the things I would like it to. For example, it would be nice to have conditionals, like when a user post count exceeds some number, to grant them a new role, sort of like this site does after you make 25 posts and get access to the Paths of the Ancients fora.

It would be nice to have a Trigger - Conditions - Action system, so that any time a user does something (or a system event occurs, like a cron job), to be able to automatically check against some conditions and fire off an action, like I would normally do from the administration panel.

User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Tokens and Views

Post by LoneBear » Sun Nov 13, 2011 9:57 pm

Drupal also has a rather nifty feature of being able to use "tokens" in text, for text and templates. For example, one can use [user:name] to refer to the currently logged-in user, or [content:title] to refer to the title of a topic. It is nice to customize messages, either for web output or emails.

There is also a "views" system that allows ad-hoc queries to the database that uses the tokens, so you can basically query any field, filter any way, and sort by anything, and take the results into a variety of output templates, from regular pages, RSS feeds, menus and code blocks. More and more things are ending up as views in Drupal, as it gets rid of the need for custom templates and provides for a standardized output, which makes it easier to interact with the site.

One thing missing is security on the fields--things like email have to be limited to administrator use, as you don't want an anonymous user being able to print out the username and email of everyone on the site. Spammers would have a field day with that! (Drupal limits which fields can be used for actions.)

User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Generic content formatting

Post by LoneBear » Sun Nov 13, 2011 10:26 pm

Here's a bit of a challenging 'wish'... I prefer the WYSIWYG approach to editing (versus tag formatting as done here, or programs like LaTeX) and use OpenOffice a lot now. But, it would be nice to have documents available in multiple formats, "on the fly," such as HTML, ePub, PDF, DrupalBook, etc., and not have to duplicate the effort saving a document as multiple file types, then having to go in and fix formatting, etc.

I am working on an RS2 book, which is done in OpenOffice, with text, chapters and figures. But to put it out on the site, I have to basically copy-paste the text, chapter-by-chapter, into a DrupalBook, upload each of the images I used, format and position them. It's a lot of work, so my original document and the web copies get out-of-sync very quickly. It would really be nice to have a high-level document storage, like OpenOffice Writer, that has a large selection of styling and formatting, then be able to use that file to generate dynamic HTML, PDF, etc., pages on the site. That way, when I update the document, all the other formats are automatically regenerated.

I prefer to start with a high-level program, because it is easier to drop things than to try to add them in. "Too many features" can be whittled down to the ones needed for a particular format, but if you don't have enough--you're stuck. I know I'd get a lot more written up that way!

User avatar
LoneBear
Legatus Legionis
Legatus Legionis
Posts: 3696
Joined: Thu Jul 22, 2004 12:38 am
Location: Utah
Contact:

Equations

Post by LoneBear » Thu Nov 17, 2011 12:52 pm

Definitely need to handle complex equations in any text, along with a simple pop-up to enter an equation so you can see what it will look like when it becomes part of the text.

Post Reply