Jump to content

Vote for ProcessWire to be packaged by BitNami


Recommended Posts

I notice that the next competition has already started and Ametys CMS has hit the ground running with 620 votes.

I could be wrong but I think those are carried over from the social network votes. Meaning, those 620 votes are probably their combined Facebook, g+1 and Twitter votes, which maybe are allowed to accumulate across contests? There clearly wasn't any gaming going on there though, because they started with 620 votes immediately the first second the contest began. All the other big players there also started with certain quantities before anyone had voted. That's why I think it's carried over from social networks.

I hope Bitnami doesn't ask you for some kind of "just-one-click module installing" or "updating".. or something like that..

We do have 1-click module installing already. But we'll setup whatever else they need. :) 

merits go to Darren he suggested processwire to b*itnam*!

I agree, thanks Darren for getting this started! There are a lot of other thanks to go around here too. I for one had kind of given up yesterday when it seemed like there was no legitimate way to win. Then Joss's dog started tweeting and he and others started asking for help from big players like @smashingmag, @modx, etc., and some of us found it very inspiring, among all the other things people were doing. Seeing people work so hard on something becomes contagious. The entire ProcessWire community got involved yesterday, which was fantastic to see whether we won or lost. 

Still I'm unsatified because am*t*s is still using their script. As @Processwire mentioned: JS and other manipulations can't be logged. Same Cookie logs are a minor amount in this game! and what about Tor?

I looked into their voting system in more detail yesterday after folks had expressed concerns (and after I'd sent that tweet). What I found was that whoever put it together knows what they are doing, unlike most similar voting systems. Their voting system is protected from iframe and/or ajax manipulation, meaning it's unlikely an exploit could take advantage of other users IP addresses without their knowledge (which was the problem with the opensourcecms.com voting system). The only exception would be users on old browsers like IE6 and IE7, but they may be accounting for that in some way I don't know about too. So while you can't accurately log these kinds of exploits, that point may not matter if the exploits are blocked in the first place. 

Regarding the 50 votes in a minute we may have seen from Ametys, I think the only thing that could produce that kind of result in this case would be if they sent a bulk-mailing to a big list. Social networks would be another way, but they don't have the social network reach to account for those numbers (unless they got a mention from someone else that does). It seems unlikely to me that 50 votes could be faked in a minute in this particular contest. 

Where the voting system does seem potentially problematic is when it comes to anonymizers (anonymous proxy servers). These are the kinds of services one uses if they might otherwise be blocked from a site due to geography, government, etc. These proxy server sites enable you to browse anonymously, automatically clear cookies, randomize the user agent, change the "location" (and thus IP) you are coming from, sometimes among hundreds or thousands of choices. They mask the identity of the original requester, as they don't pass through the usual headers that would lead you to the original IP. So as someone that has written voting systems similar to Bitnami's, these anonymizers scare me. I personally don't know of any way to account for or log that type of manipulation to votes. Though perhaps they do. The only silver lining in that I'd assume it takes real time, effort and money to use an anonymizer in this way–it's still manual labor, not a script, and probably not worth the effort for someone that wants to make a big dent (not a good way to get 50 votes in a minute). I'm assuming the previously mentioned Tor browser is a front-end to anonymous proxy servers, which falls in a similar scope. 

I think that a more accurate voting system would use a 1-to-1 mapping system between votes and social accounts from Facebook, g+1 and Twitter. But even that could be manipulated, as users might create numerous social network accounts. However, that's where it starts to take a whole lot more effort from that folks wishing to manipulate results (creating and validating accounts one after the other), increasing the odds of an accurate vote. The downside is that social-network oriented vote competitions are completely dependent upon social networks and it simply doesn't look as good as hosting your own. Not to mention, a certain percentage of very legitimate users avoid these social networks (our social network is our forum, after all). And philosophically, do we really want to hand any more of our keys and responsibilities over to these giant social networks? I prefer to get along without them intruding on everything in the web business. 

When it gets down to it, there really is no perfect way to handle an online voting system. So I think we need to cut the Bitnami folks some slack, as it does look like they are accounting for everything they can in the environment they have to work with (which is a lot more than most do). While I'd rather they just included the best software and avoided the whole contest thing in the first place... I'm sure the marketing folks want a contest (it's good for business). And if there has to be a contest, then at least they are taking the vote quality seriously. 

  • Like 3
Link to comment
Share on other sites

One other small thing is that Ametys is a Java application. Having worked within two other java applications and been involved in their communities, they are a very tight knit and mutually supportive bunch. 

The Java communities are like a hidden part of the developer community, sometimes - or it can feel like that. When I started looking at Liferay, it was like I had found an entire new world. Here were hard working developers who said things like "yes, heard of Wordpress - never used it though so I haven't the foggiest" or "Joomla - is that still around?" 

And there tends to be a general distrust of anything PHP which many see as a security risk waiting to pounce.

So, if Ametys got a lot of support from the java community, it would not necessarily be very obvious.

Anyway .... probably enough of this subject now!

There is the potential in the next couple of months of a few more people turning up to these forums looking for help and advice, so adding to any documentation might be more productive than moaning about a competition we just won!  ;)

There, I had to say that - as an old fart of a bear, I kind of saw it as a duty! (or perhaps just a bad habit)


  • Like 5
Link to comment
Share on other sites

So as someone that has written voting systems similar to Bitnami's, these anonymizers scare me. I personally don't know of any way to account for or log that type of manipulation to votes. Though perhaps they do.

One (definitely not fool-proof but still useful) approach is to rely on those same proxy sites and implement a simple blacklist. Hide My Ass! has a nice list of public proxy site IP's you can use -- and, surprise surprise, even buy as a .txt file. For $25 they even promise to email you updated copy every day "for life".

How's that for a business model?  ;)

  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...

I agree, that looks great. I'd say it's brilliant even. It's a "P" both in positive and negative space, and the whole thing is constructed from a wire. I'm wondering if the Bitnami folks would mind if we used that elsewhere. 

  • Like 10
Link to comment
Share on other sites


  • Create New...