subject:"Re\: \[fossil\-users\] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki\?"

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

2017-04-29 Thread Matias Fonzo

On Sat, 29 Apr 2017 19:17:04 -0400
Richard Hipp  wrote:

> On 4/29/17, Matias Fonzo  wrote:
> >
> > The reason for which Fossil is using Javascript is because the code
> > is pretty effective to keep away the bots?.
> >  
> 
> Yes.  Rogue robots are getting more and more annoying.  There is an
> arms race between the robots and the anti-robot defenses in Fossil.
> At this point in time, the defenses in place are adequate.  But you
> never know when a new robot will come out and I'll have to come up
> with some new defense.

Thanks.  It's clear.
 
> There are also other user-interface features that use javascript
> because the overwhelming majority of web users have javascript
> enabled, and the interface really is much nicer when you use
> javascript.  Really.
> 

The problem is that Javascript is a requirement, and this acts as
something "non-universal" to access the content.  It could be a
rejection in the first instance for a possible user/contributor.



pgpf4t7N74pYB.pgp
Description: OpenPGP digital signature
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

2017-04-29 Thread Matias Fonzo

On Sat, 29 Apr 2017 19:14:49 -0400
Richard Hipp  wrote:

> On 4/29/17, Matias Fonzo  wrote:
> >
> > Some people who have tried to access the site, were redirected to
> > the "honeypot" page, they could not see the content of the site.
> >  
> 
> If you will ask the people who do not use javascript to log in as
> "anonymous", they will no longer be directed to the honeypot.
> 
> If you uncheck the "Enable hyperlinks for "nobody" based on User-Agent
> and Javascript" on the Admin/Access page, then everybody will be
> required to log in as "anonymous" (or some other user) in order to
> enable the hyperlinks.  Then there will never be any links to the
> honeypot.  But, that will make the interface more annoying to the vast
> majority of people who do in fact use javascript.
> 

Probably a redirection would be properly for the people who don't use
javascript (or it is disabled) for the "anonymous" login.



pgpYRGp_P4Xra.pgp
Description: OpenPGP digital signature
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

2017-04-29 Thread Richard Hipp

On 4/29/17, Matias Fonzo  wrote:
>
> The reason for which Fossil is using Javascript is because the code
> is pretty effective to keep away the bots?.
>

Yes.  Rogue robots are getting more and more annoying.  There is an
arms race between the robots and the anti-robot defenses in Fossil.
At this point in time, the defenses in place are adequate.  But you
never know when a new robot will come out and I'll have to come up
with some new defense.

There are also other user-interface features that use javascript
because the overwhelming majority of web users have javascript
enabled, and the interface really is much nicer when you use
javascript.  Really.

-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

2017-04-29 Thread Richard Hipp

On 4/29/17, Matias Fonzo  wrote:
>
> Some people who have tried to access the site, were redirected to the
> "honeypot" page, they could not see the content of the site.
>

If you will ask the people who do not use javascript to log in as
"anonymous", they will no longer be directed to the honeypot.

If you uncheck the "Enable hyperlinks for "nobody" based on User-Agent
and Javascript" on the Admin/Access page, then everybody will be
required to log in as "anonymous" (or some other user) in order to
enable the hyperlinks.  Then there will never be any links to the
honeypot.  But, that will make the interface more annoying to the vast
majority of people who do in fact use javascript.

-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

2017-04-29 Thread Matias Fonzo

Hi Richard,

Thanks for answering.

I am from the Dragora community, too.

On Sat, 29 Apr 2017 16:23:50 -0400
Richard Hipp  wrote:

> On 4/29/17, Zachary Storer  wrote:
> > Hello,
> >
> > I'm a community member of a tiny Gnu/Linux distro called Dragora.
> > < http://dragora.org>. We want to use fossil for our distro, but
> > we've noticed that some users are unable to access the wiki due to
> > JavaScript being enabled (I guess due to this issue: <
> > http://fossil-scm.org/index.html/doc/trunk/www/antibot.wiki>).
> >  
> 
> You can disable the anti-robot defenses.  Visit the Admin/Access page
> to adjust the settings.  Uncheck the "Enable hyperlinks for "nobody"
> based on User-Agent and Javascript" button and then press "Apply" at
> the bottom of the page.
> 
> When you do that, though, hyperlinks will only be visible for people
> who have logged in as "anonymous".  The requirement to login as
> "anonymous" is a kind of anti-robot defense that does not use
> javascript.

The reason for which Fossil is using Javascript is because the code
is pretty effective to keep away the bots?.
 
> You can further allow users to see hyperlinks without first logging in
> as anonymous by going to Admin/Users and editing the "anonymous" user
> to give that user "hyperlink" privilege.  If you do that, though, your
> site will become infected by robots who will download every historical
> tarball, ZIP archive, "annotation", and diff, sucking up all your
> bandwidth and CPU cycles.  A robots.txt file will not help - the
> offending bots all ignore robots.txt.  Perhaps you can keep the bots
> at bay by setting up a bandwidth-limiting proxy of some kind.

Unchecking the "Download Zip" under Users -> Nobody could help to reduce
the walk, true?.
 
> Javascript is also used to draw the timeline graph.  There is no way
> around that.  Either you enable Javascript, or you do without the
> timeline graph.
> 
> I wonder if you can be more specific about what your non-javascript
> users are having problems with?

Some people who have tried to access the site, were redirected to the
"honeypot" page, they could not see the content of the site.



pgpk2eZOZzj79.pgp
Description: OpenPGP digital signature
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

2017-04-29 Thread Richard Hipp

On 4/29/17, Joerg Sonnenberger  wrote:
>
> Something like
>
> if ($http_user_agent ~*
> (360Spider|80legs|App3leWebKit|Baiduspider|EasouSpider)) {
>   return 403;
>   }
> from my nginx.conf is a great help :)

It helps some.  But there are spiders that use UserAgent strings that
are copied from Firefox and Chrome.
-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

2017-04-29 Thread Joerg Sonnenberger

On Sat, Apr 29, 2017 at 04:23:50PM -0400, Richard Hipp wrote:
> You can further allow users to see hyperlinks without first logging in
> as anonymous by going to Admin/Users and editing the "anonymous" user
> to give that user "hyperlink" privilege.  If you do that, though, your
> site will become infected by robots who will download every historical
> tarball, ZIP archive, "annotation", and diff, sucking up all your
> bandwidth and CPU cycles.  A robots.txt file will not help - the
> offending bots all ignore robots.txt.  Perhaps you can keep the bots
> at bay by setting up a bandwidth-limiting proxy of some kind.

Something like

if ($http_user_agent ~* 
(360Spider|80legs|App3leWebKit|Baiduspider|EasouSpider)) {
return 403;
}
from my nginx.conf is a great help :)

Joerg
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

2017-04-29 Thread Richard Hipp

On 4/29/17, Zachary Storer  wrote:
> Hello,
>
> I'm a community member of a tiny Gnu/Linux distro called Dragora. <
> http://dragora.org>. We want to use fossil for our distro, but we've
> noticed that some users are unable to access the wiki due to JavaScript
> being enabled (I guess due to this issue: <
> http://fossil-scm.org/index.html/doc/trunk/www/antibot.wiki>).
>

You can disable the anti-robot defenses.  Visit the Admin/Access page
to adjust the settings.  Uncheck the "Enable hyperlinks for "nobody"
based on User-Agent and Javascript" button and then press "Apply" at
the bottom of the page.

When you do that, though, hyperlinks will only be visible for people
who have logged in as "anonymous".  The requirement to login as
"anonymous" is a kind of anti-robot defense that does not use
javascript.

You can further allow users to see hyperlinks without first logging in
as anonymous by going to Admin/Users and editing the "anonymous" user
to give that user "hyperlink" privilege.  If you do that, though, your
site will become infected by robots who will download every historical
tarball, ZIP archive, "annotation", and diff, sucking up all your
bandwidth and CPU cycles.  A robots.txt file will not help - the
offending bots all ignore robots.txt.  Perhaps you can keep the bots
at bay by setting up a bandwidth-limiting proxy of some kind.

Javascript is also used to draw the timeline graph.  There is no way
around that.  Either you enable Javascript, or you do without the
timeline graph.

I wonder if you can be more specific about what your non-javascript
users are having problems with?
-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?

8 matches

Site Navigation

Mail list logo

Footer information