[IMC-Tech] grant, small clarification
mark at indymedia.org
Wed Oct 29 15:05:24 PDT 2008
Personally I also have a lot of questions about the proposal, which I
haven't even tried to answer for myself (yet), mostly because my local
IMC isn't involved. Some of my concerns: 1) how would the 6-digit
budget contribute to actual current expenses of the indymedia network;
2) what might be the unintended side effects of "top-down" management
of a huge tech project by a couple sponsoring IMCs along with possible
external constraints from the funders; and 3) how might the project
stifle or imbalance the current horizontal network of volunteer
I think full answers on Toya's questions are missing in action so far,
but I will give some of my thoughts, based on my own interpretation and
limited knowledge. At the moment there is only a few paragraphs to the
proposal, and no details about project plan or budget, presumably
because it's only at the first step of the process.
> 1. How this proposal will address data retention problems and the
> others examples of data security problems I listed above?
The only thing the proposal talks about so far is that at the moment
many indymedia sites are using old more-or-less unsupported CMSs with
spam problems and potential security vulnerabilities. So a basic goal
would simply be upgrading to a modern CMS that can securely handle
posts (preventing cross-site request forgery, submission of unfiltered
HTML files, spam floods) and securely render the user-submitted content
(applying filters and so forth). This is an area where Drupal has some
good built in facilities but also needs user education so the site is
configured correctly. So another goal would be to have what Drupal
calls an install profile (in other words, initial installed modules and
configuration) to ensure sites get a secure configuration.
> 2. How this proposal will address lack of hosting spaces, bandwidth
> and system administration people?
I would really hope that a lot of the funds could be put towards
hosting spaces and bandwidth. It would be incredibly sad to see an IMC
get a huge grant and just hire some developers for a year because it
couldn't find any volunteers. The system requirements are pretty
straightforward (LAMP stack) and multiple sites can be installed on one
codebase, so in my opinion at least it wouldn't make any of this
worse for the participating IMCs...
> 3. Is there a way to build a geographically-distributed data
> redundancy out of this solution?
It would be nice for the proposal to directly address this, at least
making it a goal to come up with a proof of concept. Drupal doesn't
necessarily have good answers for all the classic problems that people
run into when scaling web applications, like lag problems when you
replicate databases to opposite sides of the globe. On the other hand
there *are* people building Drupal sites with load-balancing, failover,
Content Delivery Network, and other techniques, so it's not uncharted
territory. There's a need for research and testing and documenting.
> 4. Who will be the maintainer of this new solution? Update the code,
> look for security holes etc.
I for one would volunteer to look for security holes in any custom
indymedia code out there but I certainly wouldn't need funding to do
that. What I would hope is that the solution reused and when necessary
created off-the-shelf components that live on Drupal.org, relied on the
existing solid community to report vulnerabilities, and made use of the
Drupal security team to send out security advisories and the standard
means to notify site admins that they need to upgrade a module. on
Drupal.org, each "project" (module or whatever) has one or more
maintainers who are responsible and there's a process for others to
take over if something is abandoned. In other words, symbiotically
take advantage of the larger community and avoid reinventing any
> 5. How could this solution work together with the new-cms project?
I need to read the latest summary on what's up with new-cms. I only
know some basics about the multi-layered system. One idea would be
that a Drupal CMS could act as a front-end for other network-based
systems. For example I developed a Drupal distro (in a day job) that
functions as a front-end/client for a remote non-Drupal backend
connected via webservices; this was fairly straightforward because
there are so many "hooks" where custom functionality can be
To me the goals of the new-cms project are the kind of innovation what
would really deserve a huge grant, in comparison to the Drupal proposal
so far. Although at this point you can go back to the top regarding my
intial concerns about the grant...
More information about the imc-tech