i just put the <% linkedpath %> macro into the "navigation skin for users" and it isn't working properly. for example, when i open "/err/stories/42/", it renders this output:
Home//Story 42

I just stumbled over the outcome of the story Login/Logout - its not a bug its a feature and I'm not very pleased with the implemented 'solution' (others aren't, too; see help.antville). Of course, it is better than nothing, because someone who takes the time to check the URL of the login form now can be sure that it hasn't been tampered with. But this is more or less insider information, and insiders don't normally log in at untrusted blogs anyway. Here's an excerpt of the comment I posted under this story a couple of weeks ago:

IMO that approach isn't any good. it's nice of nosleep to document the issue and of you to try to prevent abuse, but you simply can't prevent a weblog creator who's allowed to integrate HTML without restrictions from fooling his visitors. restricting features will definitely annoy blog owners who lose control over their creations, but it won't help protecting innocent visitors, because a workaround that will still fool many of them can always be implemented.

The idea of making the login process "a little more secure" is futile—it either is secure or it's not. To prove my point, I just added a customised login form to my blog. As I already said, this approach would only work if several more restrictions would be implemented, some of which would be ridiculously nasty.

I'd suggest, if we really want to prevent that users' passwords are stolen, we should all make our login links point to the safe login, and there we should put up a message warning users of logging in anywhere else. This is how most sites with similar issues (e.g. go.icq.com) handle this. Educating the users, warning them of the dangers and presenting them with a safe workaround really is the only way to prevent them from doing stupid things.

Another possibility would be to restrict the customisation of skins so much that it's basicly not possible to write custom HTML any longer, which would make all blogs look somewhat the same and throw the whole Antville philosophy over board, so I'd say we shouldn't go for that.

I would be okay with having every user log in at www.antville.org, but as long as they're supposed to have the option of logging in at my blog, I want to customise that form so it fits in with the rest. So please lift that restriction, it doesn't do any good anyway.

If I enter a URL like foo.org, Antville converts it to a link. However, this doesn't make any sense between <code&rt; tags, because the link wouldn't end up as intended, i.e. foo.org<, but instead look like foo.org<, which is exactly what <code> is for. However, if I enter only 'foo.org' between the <code> tags, the desired result would be foo.org, without the link. Please fix.

BTW, I just noticed the horrible &rt; bug slipped into the code again... Actually, I just noticed I was an idiot. Once you confuse "less than" with "left than" (which makes no sense in the first place), you start thinking of the opposite as "right than"...

Since I had to install antclick some days ago, I built the packages from CVS, and since I have the packages built already, I thought I put them on the server for others to download.

adele.helma.org

The instructions for updating from pre1 are still valid, if you're updating from a later version, you just need to perform steps 1 to 3.

Have fun!

According to a quick calc I just did (keeping track of 4 accounts is not so easy) we are stopping now at approx. 2840 Euro.

Let's see what that money would buy us. A quick tour around various vendor's sites shows that we could spend that money on this IBM server.

It has a single Intel Xeon processor running at 2400 Mhz, upgradable to two CPUs. Adele, our current server, has dual Pentium 3 processors running at 500 Mhz, so this would most definitely fit our current needs, give us some headroom plus an optional upgrade path via the second processor.

The server comes with one 40 GB IDE harddisk. IDE disks should be ok, and it would be large enough space wise for some time to come. I'd much prefer to have a second hard disk though, so we can share the IO load for tasks like database, logging, static serving etc. However, with the current prices for IDE harddisks, this definitely wouldn't be a big hurdle.

The only major problem with this server is that it only comes with 512 MB RAM, which would be a downgrade from the 768 MB we currently have on adele. Folks, we really need 1 GB of RAM for the golden shiny future we all want for antville.org!

With the Antville server fund getting close to what we need, I'll start getting offers for systems that match our needs. I'll report everything I get here on the project weblog. If you know any cheap, high quality vendor, please let us know by posting a comment here - of course we'll consider everything. The main requirements are that the server must be rack-mountable, should preferably only be one rack-unit high, and must come from a major and trustworthy vendor (i.e. no experimental home-made stuff).

And of course it's still a great time to contribute to the antville server fund, if you haven't done so yet! The more we get, the more power to you!

while thinking about a way, of how to allow users to include individual favicons (those neat little icons in the location bar) for a weblog, i found out (to my surprise) that this is already possible. The Favicon is (at least for Mozilla) not restricted to the "image/x-icon" Image Type. So, in order to have your own favicon, just upload for example your 16x16 PNG-image, and include it into the head of your HTML-page with sthg like this: <link rel="shortcut icon" href="<% image as="url" name="favicon" %>" type="image/png" /> Regarding the original problem: making Antville suitable for accepting "image/x-icon" Images would be easy to implement. Add the new image-type to the evalImgType()-function in image/objectFunctions.js and make sure that Helma does not try to call new Image() for the uploaded data, but rather writes it directly to the disk (i could submit these changes into the CVS, if you want me to)

This is where it all begins. This is where I start my online journal. Its purpose? Well, that remains to be seen. Hopefully, as the weeks and months unfold, so will this new adventure. Please bear with me. Don't judge me too quickly. What I think and, hence, what I write, is apropos of whatever experience I am having at that moment. Sometimes I am sad. Sometimes I am happy. I am never just one thing. Mostly, I am.