esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ethan Jewett <>
Subject Re: ESME-267 - Pooled links in popular links list
Date Tue, 31 Aug 2010 18:07:23 GMT
Hi Vassil,

Assuming we have a problem (it sounds to me like this is up for
debate), I think a reasonable solution that doesn't reduce
functionality or defeat the purpose of short-links is to modify the
URL store to keep short-links found in public messages separate from
short-links found in pools. We could do this be adding a mapped
boolean flag attribute to the UrlStore class. We could also separate
short-links by pool, as you suggest, by storing the pool as an
attribute of the UrlStore class.

Either way we could make it so that clicks on links from pools don't
increment the counter, so links found only in pools will never appear
in the "Popular links" list.

What do you think? Are we going to run into problems with that? Will
this break any other functionality?


On Tue, Aug 31, 2010 at 11:52 AM, Vassil Dichev <> wrote:
> OK, I think this is a worse example, because there are many ways to
> find a list of URLs in a wiki (which were generally just not designed
> with privacy/security in mind).
> If you're willing to sacrifice convenience for security, the easiest
> change is not to parse URLs in messages in pools- it will appear as
> normal text, not as a hyperlink. The next thing we can do is set up a
> different type of URL which doesn't take you to the shortened URL, but
> directly to the target URL.
> If one really insists on shortening URLs in pools, then there must be
> one set of shortened URLs per pool. I don't think anyone will claim
> that this idea makes sense.
> Vassil
> On Tue, Aug 31, 2010 at 11:35 AM, Ethan Jewett <> wrote:
>> I agree in theory with your assessment of the google docs situation,
>> but I still think we're violating the expectation of security around
>> pools.
>> Take another example: An HR department is using a secure wiki to
>> discuss and organize an upcoming layoff. The wiki page is titled
>> "October layoff planning" and the URL is
>> https://hrwiki.corp.internal/October-layoff-planning. Someone posts
>> this URL to the layoff-planning pool on esme (the same group of people
>> with access to the wiki page) and a bunch of people in the pool click
>> on it. Suddenly, the upcoming layoff has been announced to every esme
>> user in the corporation. Whoops!
>> The point is, maybe that private information shouldn't be in the URL,
>> but a lot of applications do this whether or not it is a good idea. I
>> think we need to take that reality into account and change the way
>> this works to avoid the possibility of these scenarios.
>> Ethan
>> On Tuesday, August 31, 2010, Vassil Dichev <> wrote:
>>> Ethan, this defeats the purpose of having an URL shortener and it only
>>> gives you a false sense of security. Read my previous mail.
>>> Links have no notion of a pool. A link could come from messages in
>>> different pools or it might not be clicked "inside a message" at all.
>>> Let me know what you think.
>>> Vassil
>>> On Tue, Aug 31, 2010 at 9:44 AM, Ethan Jewett <> wrote:
>>>> [Changed subject to start a new thread. Was: "New issues - a couple of
>>>> blockers for 1.1 release"]
>>>> That's correct. The "Popular messages" functionality just keeps a
>>>> counter of how many times a message has been resent. If you look at
>>>> the UserActor.scala, lines 197 & 198, you'll see that the statistic
>>>> "ResendStat" is incremented when a message is resent, but only if the
>>>> message is not in a pool. Then when we want to find out what the most
>>>> popular messages are, we ask the PopStatsActor - for example in the
>>>> "popular" method of UserSnip.scala - line 213.
>>>> On the other hand, the "LinkClicked is incremented in UrlStore.scala -
>>>> line 40. Here there is never a check to see if the link came from a
>>>> message in a pool. (This counter is used in the "links" method in
>>>> UserSnip.scala, after the "popular" method.)
>>>> I think we need to check if a link came from a pool before
>>>> incrementing the counter, but in order to do this we need to record
>>>> what pool a link belonged to, so I think we need to make pool part of
>>>> the key of the UrlStore object and then populate this field when a new
>>>> link is created.
>>>> Ethan
>>>> On Tue, Aug 31, 2010 at 8:11 AM, Imtiaz Ahmed H E <>
>>>>> In the home when I type in a message sharing it with one pool and click
>>>>> resend it does not show up in Popular Messages. But if the message is
>>>>> it shows up on resend in Popular Pessages.
>>>>> Can you explain. Haven't gotten to Popular Links yet.
>>>>> Imtiaz
>>>>> ----- Original Message ----- From: "Ethan Jewett" <>
>>>>> To: <>
>>>>> Sent: Tuesday, August 31, 2010 11:37 AM
>>>>> Subject: Re: New issues - a couple of blockers for 1.1 release
>>>>> Hi,
>>>>> The issue doesn't happen with Popular Messages, only with Popular Links.
>>>>> I need to look into the implementation, but I have a feeling the
>>>>> Popular Links issue is going to be a headache. I believe that for a
>>>>> given link there is no way to tell what message it shows up in, which
>>>>> would make it impossible to tell if it is a link from a pooled message
>>>>> or not. We may have to modify the data model for storing links to flag
>>>>> the ones that started out in a pooled message...
>>>>> Regarding Pubsubhubbub, as Dick said, there's no hurry. I don't think
>>>>> I'll be working on it over the next couple of weeks.
>>>>> Thanks for all your efforts!
>>>>> Ethan
>>>>> On Tue, Aug 31, 2010 at 4:20 AM, Imtiaz Ahmed H E <>
>>>>> wrote:
>>>>>> Re
>>>>>> I haven't tried this but plan to fix it right away.
>>>>>> Tell me, is it only the links showing up in 'Popular Links' or is
that a
>>>>>> problem with the message itself also showing up in 'PopularMessages'
>>>>>> Looks like I'll never get going with pubsubhubub ! First there was
>>>>>> Release Planning mail with the pending 1.1 issues and now here are
>>>>>> more. Plan to get going after all 1.1 ending issues are resolved.
>>>>>> However, Ethan it was your issue originally and if you feel you want
>>>>>> take
>>>>>> it back again to push it to closure faster or something please do,
>>>>>> otherwise
>>>>>> I'll re-start on it once 1.1 is done...
>>>>>> Imtiaz
>>>>>> ----- Original Message ----- From: "Richard Hirsch"
>>>>>> <>
>>>>>> To: <

View raw message