5 Years!

I just realized that it’s been approximately 5 years since I started “blogging” – shortly after the untimely demise of The Company Who Shall Not Be Named (March, 2001), I started dabbling with weblog software. First, I played with a copy of a blog app that was included on my Dad’s MacAddict CD-ROM, then I played with Blosxom. The first year’s worth of posts were either intensely personal, or intensely boring (or both) and have long since evaporated into the ether. The oldest surviving post on this blog is just shy of 4 years old.

There must be some kind of pin or something. Or maybe a support group or 12-step program…

Blog move to Dreamhost now finalized

My various online bits are now living at Dreamhost. It took only a few minutes to install my stuff, copy over the files, and get up and running. It’s taken a bit longer to have DNS changes propagate, but I think that process is pretty much over now. WordPress seems pretty happy there, and I’ve installed copies of Drupal, Mediawiki and Lace (the cool ajax chat app), as well as a Quicktime streaming server and Jabber server. The last two were autoinstalls, so I just flicked them on to see what they did. Actually, everything but Lace could have been automatically installed, with subdomains and databases created automatically, but I opted to do the manual install because I already have copies of the apps configured.

So far, things seem to be working pretty well. They give an insane amount of disk space (20 GB to use as I need) and monthly bandwidth (1 TB/month, plus an extra 8 GB added each week), as well as SSH and FTP access.

I’m looking forward to playing around with Rails a bit, and have a place to host it.

The Dreamhost support team is also pretty darned responsive. I’ve had to contact them twice (once when their account creation form barfed on the apostrophe in my name, and once when the stats weren’t being displayed). Very helpful, those Dreamhost folks. They also have 2 blogs that they use to communicate about status and other stuff. The off-site dreamhoststatus.com blog is a good way to keep up on pending changes or outtages. And their general blog is just plain entertaining – with a category dedicated to rants! It’s good to see a decade-old hosting company that’s grown rather large still be able to have a sense of humour.

Update: One of the things I’m loving about hosting at Dreamhost is that backups are trivial. I have a script in my hosted account that I can trigger via SSH, and it will rsync my entire home directory (including all files needed to host my domain and any subdomains) to my desktop box on campus for backup. And, because rsync is so cool, it only takes a few seconds, since only changed files are sent. So, I can make sure all of my 300+MB of files are backed up in about 10 seconds. Add a scripted mysqldump into the mix, and all data backups are up to date as well.

Access Control Lists in Drupal?

I’ve been trying to figure out a workable solution for a couple of months, and have come up with nothing more than some hacks and approximations of what is needed.

Here’s a use case:

User “A” (let’s call her “Amy”) writes a blog post. She wants it to be readable by her professor (let’s call her “Betty”) and one other student (let’s call her “Carmen”).

But, she doesn’t want the post to be readable by the rest of the class, by students in other classes, nor by the unwashed masses stumbling across a post via Google.

So, Amy wants to grant these privileges to her blog post:
Amy: Read/Write/Delete
Betty: Read
Carmen: Read

Currently, she can create an Organic Group, add the three users to the group (let’s call it “Amy+Betty+Carmen”), and mark it as “not public” and having an audience of “Amy+Betty+Carmen”.

That Organic Groups model works, but for her next blog post, Amy wants it to be available by another student (let’s call him “Dmitry”). So, she has to create a new Organic Group called “Amy+Betty+Dmitry” and add the three users to the group. She then writes a new blog post, sets it to not be public, and have the audience of “Amy+Betty+Dmitry”.

That pattern just doesn’t scale. Each user may have to belong to hundreds of Organic Groups to cover all permutations of sharing and privacy involved with a class or project.

It would be easier if there was just an “Access” section of the blog authoring page, where Amy could just select the users that she wants to add to each of the two non-owner roles (read and edit). This could pose some issues wrt scalability – if there are 100 users in a copy of Drupal, she won’t want to have to scan a list. Ideally, some ajax-powered user search would let her just start typing a person’s name (she may not know their username or email address) and have the system provide a list of matches.

So, the Organic Groups trick works, but doesn’t scale. If Amy wants to allow co-authoring on a post (a book page or something), she needs to start fiddling around with Simple Access (or make sure everyone has “Administer Nodes” privs, which won’t fly in a community based on assumed privacy for some content). Simple Access is tied to Drupal’s concept of Roles, so there may need to be 13 bajillion Roles in the system to cover all permutations (or a Role per user). Doesn’t scale. And, there’s the strange interaction between Simple Access and Organic Groups, where if you want OG to work, you can’t use Simple Access (you have to create a dummy Role called “nobody” with nobody in it for OG to kick in, as Simple Access will override it otherwise).

There are some others who appear to have a similar need. First, there’s the “na-arbitrator” module, which adds access control lists to forum posts (so far) – but it appears to be tied to the concept of Roles, with Users being added as Moderators. Close.

Node Privacy by Role” module sounds close, but again is tied to the concept of Roles, not Users.

There’s the Taxonomy Access module, which would require enforcing a taxonomy and making sure only the appropriate people use a given term in the vocabulary. Don’t think this would scale either.

Then, there’s a rather detailed design spec but it appears to have been orphaned for a year or so… There are some other attempts dating back to 2004, but nothing appears to have been completed.

Perhaps the most promising sounding project is the “Groups” module – but even that hasn’t been touched in 13 months, and doesn’t work with Drupal 4.7

The official Drupal handbook includes a section that touches on this topic, but the solutions provided there don’t offer the level of user-defined granularity. They rely on administrators to set up roles and taxonomies and to manage the interaction between them. What is needed is a way for users to define the exact audience of any node they wish to restrict access to.

Long story short, I have no good idea on how to currently enable per-node per-user access controls in Drupal. I’ve got some projects that will either rely on this, or will benefit greatly from it.

AJAXWrite – MS Word in your browser

While Writely is cool, it deals with online documents. You can import/export, but the document lives online. That’s cool for many uses, but scares some people.

I just found a link to AjaxWrite (via Tangled up in Purple) – it’s a javascript based word processor that appears to be compatible with MS Word. You open and save documents on your local hard drive – not in the Internet Cloud.

AjaxWrite ScreenshotBasically, it’s just a copy of Word that lives in a browser window, meaning you don’t have to install it anywhere. Stick your .doc files on a USB thumbdrive (perhaps with a copy of Portable Firefox) and you’ve got a portable word processor that you can take anywhere, regardless of how a “guest” computer is configured… (actually, if you want portable word processors, there are some options for native applications as well)

In the screenshot here, I’ve opened a somewhat complicated .doc file on my hard drive (tables, colours, etc…) and it let me do editing right in Firefox. Note the toolbar icons, and regular menu bar.

It might not be quite as fully featured as a copy of MS Word, but it’s handy, and lives anywhere with an internet connection…