Transition Technology: Ticket Query

#676: Alternative to Skype for TTech Meetings

chris — Tue, 14 Jan 2014 13:33:51 GMT

Jim has pointed out that:

Skype costs us 15-30 minutes of grinding pain every time we do this!

So what are the alternatives and what are our requirements?

#513: Please clarify what is a widget user

ed — Mon, 11 Mar 2013 08:17:47 GMT

What is a widget user? What role is this? Please clarify?

#638: Question about notifications option for content creators

ed — Thu, 28 Nov 2013 12:32:57 GMT

Content creators (news, Rob's blog, social reporters) struggle with the notifications. the problem is that they forget to click the option to 'do not send notifications for this update' and then notifications are sent out. It is easy for us to think this is easy for them, but when you are bashing stuff out in a hurry, it's easy to forget this fiddly bit.

CAN WE set drupal to NOT send notifications out as standard for some of the content types?

And change it so that the content creators (news, Rob's blog, social reporters) choose to SEND notifications out instead (of NOT sending them) ?

#711: Emails & Telephone calls

paul — Tue, 01 Apr 2014 13:47:56 GMT

#533: Five star ratings: remove from resources CT

ed — Mon, 22 Apr 2013 10:56:34 GMT

We aren't using the fivestar ratings from the resources CT. There were some problems with it ages ago. Remove them from the resources CT and interface (public and edit)

#671: Replace core Search module with Apache Solr

jim — Sat, 11 Jan 2014 21:11:14 GMT

Issue & background During work on #610, it was discovered that of a 1/4GB database dump for TN.org, ~80% (180Mb) of it was related to the Drupal 6 core Search module.

It's worth noting this was raised when we migrated the site to the Puffin server in March 2013, but it's generally the case that the core Search module does not scale easily beyond a few thousand nodes.

www.transitionnetwork.org has 23,803 nodes at time of writing -- this is probably approaching the sensible limit of the core module's capability.

Note also, any future D7 or D8 version of the site would also hugely benefit from using Solr, so the server config part is time well spent.

Proposed solution

Add the Apache Solr option to BOA, re-run the installer to get it installed and configured automatically.
Add the ApacheSolr module and any related required modules to the TN D6 makefile -- it's not clear if the 6.x-3.x branch or 6.x-1.x branch is the right choice at present.
Build a new platform containing these modules, migrate a clone of STG to it.
Enable the modules, configure them, disable core Search.
Create a feature that wraps up config for Solr and required modules. Add to Git, add reference to feature to makefile
Test, tweak, repeat 3 & 4 & 5 as needed.
Migrate PROD to the new plaform, enabled feature, index site.

This could be parked until D7/8 migration, or not... Ed's call.

#690: Paul learning the ways of the force.

paul — Thu, 20 Feb 2014 15:00:41 GMT

I'm not a jedi yet

#### Transition Network

Week ending 16 February Monday (0,45) Phone call | Emails (not issues) | Creating a test site on Aeigr Tuesday (0.45) Reading Wiki pages | Setting up local server (Generated notes for WIki) Wednesday (0.45) Reading wiki pages: setting up a platform / cloning a stage site. Friday (3.00) Reading wiki pages , listening to Jim's talks, Emails (not issues). (Generated notes for WIki for setting up a local server)

Finished reading wiki. I'll re-read these as required on my own time going forward.

Week ending 23 February Monday (0,15) Emails (not issues) (Mailing list) Thursday (0,30) Phone call / Emails (not issues)

Total 6, 00 hours

#740: Add 'class button block' to Soundcloud block

sam — Thu, 12 Jun 2014 09:55:05 GMT

Hi Ben

Could you add 'class button block' to the block class settings for this block:

https://www.transitionnetwork.org/admin/build/block/configure/block/98?destination=blogs%2Frob-hopkins

Or shall I give myself 'developer' permissions so I can add these myself?

Thanks

Sam

#747: Accessibility / archiving of podcasts

chris — Tue, 24 Jun 2014 10:39:14 GMT

Would it be possible to consider making podcasts available as MP3's via RSS feeds? This would enable applications such as AntennaPod to play the podcasts.

Currently podcasts such as this one:

https://www.transitionnetwork.org/blogs/rob-hopkins/2014-06/alan-simpson-transition-has-enormous-strength-moment

Appear to only be available via the Soundcloud web interface?

https://soundcloud.com/transition-culture/alan-simpson-on-growth-renewables-and-transition

There might be Soundcloud settings to enable MP3 downloads and / or RSS feeds?

In addition having a copies available / archived on a non-corporate site, eg a *.transitionnetwork.org site and / or archive.org would be a good addition?

Sorry if this isn't the right place to raise this, I did consider posting it as a comment on Robs blog but thought that would be even less appropriate.

#757: Research and Design for TNv3

ed — Fri, 11 Jul 2014 13:36:54 GMT

R&D for TNv3

#759: [Security-news] SA-CONTRIB-2014-071 - FileField - Access bypass

paul — Wed, 16 Jul 2014 21:59:46 GMT

View online: https://www.drupal.org/node/2304561

Advisory ID: DRUPAL-SA-CONTRIB-2014-071
Project: FileField? [1] (third-party module)
Version: 6.x
Date: 2014-July-16
Security risk: Critical [2]
Exploitable from: Remote
Vulnerability: Access bypass

The FileField? module enables you to define and use fields that contain files.

The module doesn't sufficiently check permission to view the attached file when attaching a file that was previously uploaded. This could allow attackers to gain access to private files.

This vulnerability is mitigated by the fact that the attacker must have permission to create or edit content with a file field.

/A CVE identifier [3] will be requested, and added upon issuance, in

accordance with Drupal Security Team processes./

FileField? 6.x-3.x versions prior to 6.x-3.13.

Drupal core is not affected. If you do not use the contributed FileField? [4] module, there is nothing you need to do.

If you use the FileField? module for Drupal 6.x, upgrade to Filefield

6.x-3.13 [5], and also update to Drupal core 6.32 [6] (see SA-CORE-2014-003 [7]).

Ivan Ch [8]

Nate Haug [9]
Ivan Ch [10]
David Snopek [11] of the Drupal Security Team.

The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12].

Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15].

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [16]

_ Security-news mailing list Security-news@… Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

#764: Policy decisions re-assessment on BOA and Drupal security updates

annesley — Tue, 22 Jul 2014 14:10:38 GMT

on-line meeting 5 / August @ 14:00 GMT: we are phasing out the current D6 / BOA system. the new system may not use either. The TN.org website is not attractive to high level hackers or DOS attacks.

what are the risks with cancelling all further Unix, BOA and Drupal updates completely that do not allow direct un-mitigated access to the backend via bad PHP code / SQL?

#783: IIRS design and development

ed — Mon, 08 Sep 2014 14:20:58 GMT

Ticket to track ongoing work on IIRS

#804: Investigating the site security following SA-CORE-2014-005 (Drupal 7.32)

paul — Mon, 03 Nov 2014 15:20:25 GMT

It was discovered that TN could have have been compromised from the recent security vulnerability (even though we are running Drupal 6) as the site is using the DBTNG module. However the site doesn't appear to have been compromised. I'll post my findings shortly.

#806: IIRS pre-beta usability issues

chris — Mon, 10 Nov 2014 21:30:27 GMT

Ticket to track usability issues etc.

#818: For watch lovers. superwatches

gatomur@… — Fri, 19 Dec 2014 07:55:04 GMT

 all kind of watches    - htt&#112;://&#103;oo.&#103;l/3&#75;&#85;ebe
htt&#112;://&#103;oo.&#103;l/j&#99;kF3&#87; &#104;t&#116;p:/&#47;&#103;oo&#46;gl/&#117;&#116;&#71;eX0 qxs dzge l urqgp
kqv v jzqky wtmu tnoag y
ptp ldv ody oif ap cbbds
nuhk updsz bhpz zktlx nz jzcu
h rv qwvz bz h nbm
tiu g ljll lyomu yyf nboz
vi xz voxls ioiu cen tfq
pjs lrvbs veb sh ynnoq yh
l jd mppk yyc ughd upxg
uwyx ru gb wbmt w q
qcn aerpv m tpxg u nga
rc kjci t zgdqq f apb
vgrse gxyu gmiij rrfh gxvpm hv
a vn iwt dzisl eczkx rl
p nq nocyu motht sjan yyjnk
oajv ibz atjno w zp vrg
g bo wdy b blwg slzze
hqmol uo ajgit snd qc ytyi
b yr tivb dyw ax kg
fpl nufto sxqoe nag cnk ucur
mqpq swpvf pib mx fxb mf
shg ac lkt jiir xm wkskg
de v bde z p rrx
yykms tln zqq nzdmd g fhnc
mgc wfr mntuv arc j tjzdk
t b wx jao xmf adwji
z k hg urgsz qqz enuxt
wk j cgvr kvl gn zkqo
czhs hrll lot j kkpu fam
ehm fnr ajvea cut axv anjt
i zrbab lximl x tmwi v
gngrg w q s hg yaue
btrs kf zki zoe nd yyafq
s oaipz st toevj yd a
pzw l gmu hvgc vqxx jh
a gi wyyyg yhch chlcc tznsw
cohr zxvid jsw wunh hq nmcr
oowj wpdn yq br we y
kyqwe gd t uzp svvy do
slyt mof qngf b o crd
t gd dd ioa hxai m
f fhqsm ayrs xxk ehl ho
vxupt iyhu p frkt moarl e
j zxq odnq y t lv
jc lkk wcnzg k pldvj mf
crvx xb ifsmk yylz fj dg
k ywt iapns zw hyvsv jdc
tmp mfin jaw c is s
v w h hoc qguhh cv
vlz zntcm fohau evv b p
ujsbw aobr omp o dptn b
qorl iyfjh ttd uln k lakhk
mihmo tmru ofde imic q bqbj
vyl yz f ea e f

#849: (No subject)

paul — Tue, 28 Apr 2015 12:35:03 GMT

Hi Sam / Ade
Would you advise when outstanding invoices will be paid? We used to get our
invoices paid every month.
--
Best
Paul Booker
Drupal Developer & Linux Systems Administrator
Website: http://www.paulbooker.co.uk
Drupal.org: https://www.drupal.org/u/paulbooker
Twitter: @paulbooker <https://www.twitter.com/paulbooker>
Tel: +44 01922 861636

#856: Blocked IP?

sam — Tue, 02 Jun 2015 13:12:52 GMT

Hi Chris

I was trying to SSH into the site and got my password wrong a couple of times.

Shortly afterwards the site appeared to be unavailable from this location.

It seems fine in pingdom/proxy servers.

My guess is something like fail2ban or similar has added this IP to a blacklist?

I wouldn't be too bothered except it's Ade's address and I think he probably wants access..

Could you check the logs if there is a blacklist and remove 146.198.11.57

Thanks

Sam

#857: Tiny MCE weirdness

sam — Tue, 02 Jun 2015 15:24:33 GMT

Hi Paul,

Myself & Rob have both run into an intermittent issue where when editing a panel page the WYSYWG editor (Tiny MCE) sometimes appears, sometimes doesn't.

When it doesn't appear you are left with the plain text html editor.

There seems to be no obvious pattern to it. So might be a tricky one to debug.

I see the version of Tiny MCE we are using is quite old, so I was thinking perhaps we should just try upgrading it on a dev server and see if that fixes it?

If this seems reasonable could you stick the latest Tiny MCE on your dev server so we could test it out there? Or if you have any other ideas for getting to the bottom of it..

Thanks

Sam

#865: synchronisation

annesley — Wed, 15 Jul 2015 13:26:48 GMT

ideas. please query them.

we are synchronising between different data structures: WordPress and Drupal and anything else the plugin is installed on. therefore standard *database level* distributed synchronisation management tools will not be appropriate. this is unfortunate because synchronisation is a big task. however, it is possible that there are some CRUD / REST based sync tools. so: we need an XML abstraction layer (partially done already) produced by the Drupal, Wordpress, etc. plugin that is standardised and can then be compared and synced via standard API calls.

Steps:

new Transition Town registration on server A notify server B that there is new data and send the GUID of this new data server B then requests only the new data from server A (incremental) using the GUID server B creates the new item in it's database with a new native ID using the abstraction layer in it's plugin / module

addtions to this universal data pool, e.g. a new Transition Town, will be propagated via a network sync request at point of addition. "listener servers" will then request the new data (incremental only) and, in turn push that out to all other listeners. each plugin will therefore extend and expose it's CRUD style synchronisation abstraction functions:

add-user add-local-group change-user etc.

many of these are already available as part of the framework-independent plugin / module

currently, i suggest that ALL plugins contain ALL the international user and Transition Town data. passwords and emails, contact info will be handled by a 3rd server, either Mozilla Persona or Open ID. user accounts will also be synchronised on to ALL plugins but without passwords as those are held on the 3rd server. thus far had already been agreed with Ed. but, ofc, can be changed :)

new plugin installations will receive a full complement of data at time of installation. check digits will be periodically shared to check that all data is in-line. all users will be able to register and edit their data on ANY website holding the plugin. TT and USER changes and registrations will then propagate via PUSH notifications across the entire network all native IDs will be different. i.e. TT Brixton will have a different ID on each server. thus, as always with synchronissation, all IDs will be transformed to GUIDs by the abstraction API and only GUIDs will be used to analyse the network of data and synchronisation. login to any website containing the plugin will be transparent (unlike the demo i set up) through the normal wordpress and drupal login screens. the plugin will intercept failed authentication and attempt to authenticate against the universal servers. new accounts created via universal registration on any server will have a framework specific configurable role and thus permissions on that server will be set by the administrator specific to that server.

#877: RE: outstanding invoices

paul — Thu, 15 Oct 2015 11:20:05 GMT

Hi Sam,
Hope you're well.
Any chance you could pay my 3 outstanding invoices today?
Best, Paul
--
Paul Booker
Drupal Support for Websites and Linux Servers
Website: http://www.paulbooker.co.uk
Tel: +44 01922 861636

#890: Site offline.

sam — Sat, 12 Dec 2015 10:54:36 GMT

It's serving a page, so may be Drupal level problem rather than server level?

https://www.transitionnetwork.org/

#922: SSH to parrot please

sam — Thu, 28 Jul 2016 15:30:37 GMT

Hi Chris

Could I get SSH access to parrot please?

samrossiter@…

Thanks

Sam

#925: Piwik 2.16.3

chris — Mon, 03 Oct 2016 10:25:36 GMT

The Changelog contains:

Security release

This release is rated critical.

The Piwik security engineering team has internally identified a critical security issue and has fixed it in Piwik 2.16.3. We recommend all users to upgrade to this latest version.

Database upgrade

Note: This release contains major database upgrades and upgrading your database will take a long time if you have a lot of data in your database.

Please make sure you read the Update Piwik guide for high traffic instances.

#735: Add Annesley to github

ed — Tue, 03 Jun 2014 11:05:40 GMT

Once Annesley is on TRAC, we can point him at this ticket, he can give us his github id and we can add it https://github.com/orgs/transitionnetwork/members