[Webteam] Contacting the Board (and maybe Box-Admins)

Ken Causey ken at kencausey.com
Mon Jan 7 20:45:28 UTC 2008 

On Mon, 2008-01-07 at 13:17 +0100, karl wrote:
> Ken Causey wrote:
> > Sure, and I mentioned it in the subject but failed to do so in the body
> > that I wonder about using such a thing for server issues.  So perhaps we
> > could have a single form with a radio list or drop down where the sure
> > specifies the topic of the mailing that would choose the recipient:
> > either the Board or Webteam or Box-Admins.  It might be useful to have
> > any messages related to the website or other community services to go to
> > both the webteam and box-admins mailing lists so whoever can handle the
> > issue best can do so quickly.
> >   
> 
> So, what is needed to get this going ? I'm not sure what is required to 
> do this.
> 
> Karl
> 

Well, let me just catalog my ideas:

1. Obviously the base is a page on the squeak.org website at a readily
linkable URL, perhaps something like http://www.squeak.org/Contact .

2. On the page will be a form for contacting at least the Board and as
previously discussed possibly the web team or box-admins team.  I
suggest we just start with the Board initially and deal with the rest
once we have that working.

3. The form will consist of

  3a. (eventually) either a choice of who to contact (board, web,
box-admins) or perhaps a 'reason' choice that maps to the contact.  This
will not be needed in the first version that would only emails the
board.

  3b. The name of the person submitting the form.

  3c. The email address of the person submitting the form ( I suggest
the user be required to enter this twice to help ensure that it is typed
correctly).

  3b. A subject field.

  3c. A large textarea for the message content.

  3d. A captcha image.  I need to work on this a bit but I believe I can
provide this functionality for you since it is used on the Mantis server
and I had to fiddle with it quite a bit to get it working.  I don't
think it will require too much effort for me to export it.  Of course
this would not be a Squeak implementation (PHP), but unless someone has
an itch to pursue this in Squeak, this seems like an expedient solution.

 3e. A field to type in the value the captcha represents.

 3f. A submit button, maybe a cancel and/or reset button.

4. Once sumbitted the following checking should be done:

 4a. Check that the email address entered twice matches.

 4b. Check that the captcha matches.  I'm still thinking about this but
the way this will work will probably be something like:

  i. When the form is created you generate a random short string which
will be the value.
 
  ii. Obviously you need to be able to link the value to the form in
some way, however you should not send it in a hidden field for obvious
reasons.  If you are using something like Seaside it's not a problem
since you can simply record the value in the session.  Otherwise you
might also generate an ID which is temporarily stored on the server side
along with the captcha value and only the ID is sent with the form.
Clearly there are various solutions to this, the exact one is not
important.

 iii. When generating the form you will insert an img tag with a URL
crafted to request the generation of the captcha image.  Here is one
possible problem.  The value will need to be sent as part of the URL.
First of all, despite my long discussion of hiding the value above, I
don't think we need to go to a great deal of trouble to hide the captcha
value, the main point of course is to defeat standardized bots.  As long
as the value is not in the page in some form that it can be readily
detected by the bot, I think we are OK.  At the same time perhaps we can
encrypt the value before placing it in the URL.  Something as simple at
ROT13 or the like might be good enough, we can discuss other better
solutions.

 iv.  Beyond that it's simply a matter of checking what the user enters
as the value and confirming that it matches the stored value.

 4c.  Check that the required fields are filled in: user's email
address, subject, message text.  Perhaps the name should also be
required, I'm not sure.

5. If all the checks in step 4 above succeed then an email message will
be generated with the appropriate content.  The message will have a From
field of a specific email address that will be subscribed to the
appropriate list.  The user supplied email address (and perhaps name)
should be placed in a Reply-To field.  The subject in the Subject field,
the message in the body.  It might also be valuable to include other
information such as the submitters IP address, the time of the
submission, etc.  The email will then be sent to the appropriate mailing
list address.

6.  The user will get an HTTP reply confirming that her message has been
received and that someone will respond as soon as possible.

7.  Optional: we might also consider automatically sending an email to
the address the user supplied with the content and a notice that the
information has been received, etc.

Well, that's my thoughts.  I would be happy to chat about this on IRC if
anyone likes of course, or by email.

Ken

> > Ken
> >
> > On Tue, 2007-12-18 at 21:48 +0100, Karl wrote:
> >   
> >> I've been thinking about something similar for the webteam list. We do 
> >> get a real message from time to time but the amount of spam is 
> >> overwhelming sometimes.
> >>
> >> Karl
> >>
> >> Ken Causey wrote:
> >>     
> >>> Related to my thread started earlier I'm no a cleanup campaign and one
> >>> of the things I'm trying to cleanup are over a hundred thousand
> >>> unmoderated messages sitting around that no one wants to moderate (and I
> >>> fully understand since I do this job on two lists twice a week myself).
> >>>
> >>> For most lists it's a relatively simple issue, reject messages from
> >>> non-subscribers in the future and I delete the old messages.  However
> >>> there are exceptions.  One of those is the Board mailing list.  The
> >>> Board needs to be contactable as a group.  However no one on the Board
> >>> has the time to look through the gobs and gobs of spam for the rare
> >>> valuable message.
> >>>
> >>> Craig and I spoke about this on IRC and he brought up the idea of a web
> >>> form with a captcha.  Obviously the ideal location for such a thing
> >>> would be on www.squeak.org.  Does anyone have the time to implement such
> >>> a thing?  I think I might be able to provide a shortcut on the captcha,
> >>> so don't sweat that one too much.  If you would like more information
> >>> let me know or come and chat on #squeak.
> >>>
> >>> Thanks!
> >>>
> >>> Ken
> >>>   
> >>> ------------------------------------------------------------------------
> >>>
> >>> _______________________________________________
> >>> Webteam mailing list
> >>> Webteam at lists.squeakfoundation.org
> >>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/webteam
> >>>   
> >>>       
> >>     
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.squeakfoundation.org/pipermail/webteam/attachments/20080107/f515279c/attachment.pgp

More information about the Webteam mailing list