Thursday, September 28, 2006

Gettin' Wikijiggered

Wikijiggered? Trust me, it's a politer word than what I'm thinking at the moment!

I've been wrestling with DokuWiki, a wiki that the TechGnome (aka Nayth) mentioned to me. It's neat - a wiki that relies only on PHP and the standard HTML/Javascript/CSS blend, no backend database (unless you want one) and no java classes (I'll come back to those in a minute). One upshot of this is that the pages are saved as text files -- yes, I said text files, vanilla flavoured, human readable, completely portable text files.

So why am ready to rip a few limbs off something? ACLs.

Access Control Lists. Or should that be Administrators Cursing Loudly? Without ACL features turned on, DokuWiki performs as expected, all is well. Turn the ACL features on, and register a new user, get a password emailed back, and login... except the username/password combo doesn't work. Aargh! How can be so close and yet so far?!

I want to set up this wiki in a school, but I don't want anyone in the world being able to hack up students' work, I'd like a certain level of security around this - if student X vandalised student Y's work, I'll be able to track X down and kick his sorry ar... erm... reprimand him. But I can't do that with someone on the other side of the planet. Hence security. Hence ACLs. And hence "Aargh".

The security issue also came up the other day with blogs. KP wanted a blog that only she and her students would access. I was looking at setting up a blogging system anyway, but had assumed that the TechGnome would know how to lock up subdirectories of our webserver - what do I tell my students until they're tired of hearing it? Never assume.

Nayth, to his credit, had not been simply resting on his laurels - the issue was that Apple had changed things significantly when they introduced OS X, Nayth had simply not had the time to dig through the manuals/forums/online support, and no one had pushed him to find out the answer.

At this point, God said "Come, let us go down and confuse them" (actually, that was the people of the Shinar plain [Genesis 11], but it works here too), and reminded Nayth of something he had seen. Mac OS X Server has a built-in weblog setup.

A quick look at this revealed that it could be locked down to specific users who would be authenticated by LDAP against the users on our file server. Hooray! Problem solved. (Never assume.)

Further inspection of this wondrous blogging system revealed what I should have suspected. It's not something Apple cooked up from scratch - in fact, it's a pruned version of Blojsom, a java-based implementation of Blosxom. Pruned? Yes - Apple have removed several aspects of the standard Blojsom implementation, added their own OS X branded skins, tied it to LDAP, and so on. The point is obviously to make it work neatly with OS X Server, which it does, but at the sacrifice of features and the user interface.

Some of this can be worked around (e.g. themes), but others present a problem. For example, WYSIWYG editing is a standard feature of most blogging systems, but Apple have removed that bit. You can probably install TinyMCE, but if you do, forget about using Safari. There's no easy way to upload images - you can put them into a folder in the web server, but then you have to add the image tags manually. (Unless I can get one of the Blojsom plugins to do this for me. And here I'm starting to get out of my depth - Blojsom is java-based, and its plugins are java classes. If it's just a case of editing some text files to enable the appropriate classes, fine, but if something goes belly-up, well... oh look, a decoy!)

And if that wasn't enough? A user can only have one blog, based on his/her username. Of course, it's possible to create a blog for a 'group', and we could create as many 'groups' as we like, but this means creating 'groups' that aren't actually groups, and cluttering up user lists, and I hate kludges like that at the best of times.

In short, Apple's Mac OS X Server weblog system is wikijiggered blogshlock. (For that matter, so is Safari. Safari could be the best browser on the planet, except that when it comes to some things, like using rich text editors in blogging systems, it's hopeless. Hmm, I can feel another rant coming on.)

Software that takes you nine-tenths of the way, and then leaves you flat on your laurels, just short of your goal - don't you hate being wikijiggered?

Oh, the shame. The ACLs weren't the problem. The problem? My bad.

It turned out that in adjusting one of the files to set up the 'superuser', Dreamweaver was saving the file with 'Mac-style' CR line endings instead of 'Linux-style' LF line endings, and this was screwing up Dokuwiki's attempts to read the user names and password hashes.

I suppose I could blame the documentation which directed me to make the changes to that file but never mentioned the necessity of ensuring that it is saved with LFs rather than CRs, but then again, that documentation is in a wiki, so I suppose the responsible thing is to go back and add this myself.

So I guess I wikijiggered my own blog post. Ain't irony a beautiful thing?

Tuesday, September 26, 2006

Onions Make Me Cry

From Miguel Guhlin's blog for Sep 24:

TorPark, an anonymizing browser (available for Windows) that doesn't have to be installed on your computer, is now out, shares Ben Horst at ...[snip]... As far as I know, while it's possible to block, many school districts don't have a clue. . .the best they can do is block the download site that students might use. Now, all students have to do is load TorPark onto a USB drive (some schools are providing USB Flash drives to students as alternatives to floppies, so all they have to do is load it on there...convenient, huh?). ...[snip]... It's also available in different languages!

Plug it into any internet terminal whether at home, school, work, or in public. Torpark will launch a Tor circuit connection, which creates an encrypted tunnel from your computer indirectly to a Tor exit computer, allowing you to surf the internet anonymously. How much does Torpark cost? IT'S FREE.

What are the implications for something this easy to use? Well, don't worry, info-tech people will be getting all excited about blocking this! Quick, Quick...get started blocking and filtering!! What is fascinating is how K-12 schools can continue to try and block sites like this when there are communities of developers figuring out ways to bypass the blocks and's a free speech, protect your privacy kind of use that many Americans see as fundamental.

To achieve strong anonymity, intermediate services may be employed to thwart attempts at identification, even by governments. These attempt to use cryptography, passage through multiple legal jurisdictions, and various methods to thwart traffic analysis to achieve this. A more recent approach in internet anonymity involves the use of an onion router such as Tor. Onion routers send information over encrypted protocols to several intermediate computers around the world in order to make identification more difficult. This has been countered with advances in text analysis, in which the identity of a writer is determined by comparing the writing style of a piece to styles of pieces in which the author is known.

This last point--text analysis--almost reminds me of TurnItIn, and the ongoing controversy of using it.

At McLean High School, in Virginia, students collected more than 1,100 signatures on a petition opposing mandatory use of the service, according The Washington Post. The anti-Turnitin faction argues that the database violates students’ intellectual-property rights. And the high school’s use of Turnitin creates the sense that students are guilty until proved innocent, says Ben Donovan, a senior at McLean. "It’s like if you searched every car in the parking lot or drug-tested every student," he says. Source: The Chronicle Campus Blog [Source]

Around the Corner - - Courage can't see around corners, but goes around them anyway. - Mignon McLaughlin

I hadn't heard of onion routers until I read this blog entry and then did a little research, starting with the TorPark site itself. It's not hard to see why some school administrators would be getting nervy - this sort of technology can easily make a mockery of a school's filtering efforts.

And the more I think about that, the more convinced I am that trying to use technology to thwart people from using technology is about as sensible as washing grease stains with olive oil. (I was going to say, 'painting over wallpaper', but then I remembered my father... /sigh/.)

That's not to say that we don't use technology at all in managing technology in our school. Obviously Internet content filtering in a K-12 school is good practice, if only to protect little ones from the "nasty stuff". At the same time, relying almost exclusively on technology to handle what students do with technology is just crazy -- if we imagine that filtering systems will stop older/smarter students who are determined to bypass it, we're deluding ourselves.

The TurnItIn issue surrounds the use of software to detect plagiarism -- one gripe with it is that every student is "assumed guilty until proved innocent". As one commenter to the Chronicle Campus Blog pointed out, the software "will only catch the laziest students that simply buy a paper or copy a website off of the Internet, but it does nothing to stop a student from using a thesaurus to change enough words to fool the software" [comment 9 on the aforementioned Blog]. As almost every word processor now comes with a thesaurus, casting through a paper and 'adjusting' enough words to beat the software takes relatively little effort. (How many of these teachers have actually considered changing their assessment methods to address the problem?)

In the same vein, but on a different scale (but not that different), the music publishing companies who are currently pushing legislators in several countries to treat everyone as music pirates (and remember, you're guilty until proven innocent) are following the same flawed logic -- digital rights management is all about using technology to stop you from using technology. But can it really? I read somewhere recently that the new DRM technology in the latest incarnation of iTunes was broken in three days. If you can think of a way to lock it, someone else out there can conceive a way to unlock it.

I honestly think it's naive to believe that you can defeat technology with technology. But there's plenty of people out there who are going to try. And there will be lots of tears before they're through. Mostly their own, I suspect.