Hello all, On Wednesday, June 19, 2002 10:24 PM, Doc Mana made this observation to the list:
> Some people who registered at Abu Sabaya and Aga Mulach. > Totoo ba ito? various other PLUG listers then chimed in... one of the last to reply was Marvin. On Thu, Jun 20, 2002 at 01:52:43PM -0700, Marvin Pascual replied: > Ito nga Doc ang nakakainis eh. Merong mga tao na pinag-laruan lang ang > signup page natin eh. Meron pa niyan sina Jericho Rosales, Bill Gates, Bin > Laden, etc. > > Sana next time ang signup page natin ay kaya niyang kunin ang IP address ng > taong nag-register para pag sa susunod ay malaman natin kung saan galing ang > nanggugulo sa atin eh. As chief instigator of the un-inspired but really simple signup script that we are using for the events, let me write a few observations about the signup script. It's a mousetrap! :) Yes. And it has no intelligence whatsoever. In fact, it has no batteries included. That being said, here's my story behind that signup script. It's nothing fantastic. But last February 9, 2002, PLUG had a General Assembly. And we had announced it on the different PLUG mailing lists (plug, ph-linux-newbie, etc). And people were posting left and right to the mailing lists that they were going, etc. etc. There was a lot of clutter!! And my brain just went haywire. Why are we all posting to the mailing list about wanting to go to this thing? There must be some more orderly way of doing this. And so, I whipped up a really quick-and-dirty signup script in PHP (I hadn't quite learned enough Python yet back then and PHP still has its uses) that is basically the same code that Ian has on our signup pages. I posted mail about the signup sheet on the mailing lists and around 105 people actually signed up over my dinky dial-up webserver. And then we had the GA. Fast forward several months or so, Ian wants to use the signup script for an event PLUG is sponsoring. And I revise the script so it's generic enough and send it to Ian. He reuses it. And the script is basically the same. There were some revisions I made, to strip HTML and other simple checks and error avoidance code. But email verification and identity verification is not something a mousetrap... er... a signup page needs. Heck, it's not even a full blown app! The signup sheet is just like its non-digital counterpart, vulnerable to grafitti (the first incarnation of the script had some really wacky jester embedding nice pictures on the list), to fictitious names, to undeliverable email addresses, etc. The objective of the signup sheet is to provide its viewers an estimate of potential attendees to an event and for potential attendees to make their intent to attend known as well (i.e. it's a measuring tool). The nice thing about the web based signup sheet is that it is accessible to anyone on the net. That happens to be both a boon and a bane. You fill in the details. After I had first packaged the script and sent it to Ian for re-use, I asked him if I should add more features. He asked in return, what for? And on reflection, I realized that adding all those other features would be unnecessary since the script, as it stands, works nicely for its intended purpose. Now, getting source IP addresses... doable... but -why-? What would we do to the spoofer? Flog him/her on PLUG? Email verification... again doable... but -why-? Why did we even have an email field in the list to begin with? <weg> Because the original author of the script thought that that was what we wanted in the list? How about those who have no email address but want to participate? When I originally wrote the script, I took it for granted that people who had access to the net would by default have a net identity, which would be their email address. It appears that people can have net access and still not have email. Kind of odd, but we have to recognize that. Identity verification... hmmm... this is gonna be a stretch. We can of course discount the possibility that Osama Bin Laden would like to visit our country after the wonderful job (*cough*) at rescuing the hostages from the Abu our boys did. But let's say Osama actually wanted to come here and really signed up. The only system I can think of that we can implement to possibly validate identities... (laugh hard now) is using credit cards. And even that system isn't foolproof. If you have ideas that can really enhance the signup script functionality, please let us know. Oh yeah, we could really make this part of a bigger system if you think about it. Then it would make more sense to add those other checks and it would even be worth the effort. But as a stand-alone script you really need to ask why you want the kitchen-sink built-in. back from a long email blackout, xen (aka pusakat) -- ___ eric pareja ([EMAIL PROTECTED]) User #8159 http://counter.li.org \e/ [ Chiba City: A Cyberpunk MUSH - http://chibacity.erisian.net ] GNU/Linux v [ Philippine Linux Users' Group + http://plug.linux.org.ph ] Software & [ IRC /join #plug @irc.free.net.ph every evening 10pm onwards ] Freedom "...the symbol is nothing. It is the reality behind every symbol that is all." _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
