GeekSwap

From: "K. Elise Walker" 
------------------------------------------------------
I have the template for GeekSwapMeet.org finished in Drupal 6. It has a
custom theme. Unfortunately, don't have filezilla on this Lap-Mac yet, or I
would upload and send a link over. Aaron, I uploaded a screen-shot to my
projects album on the dreaded FB if you want to take a look. It's basically
exactly what I sent over the last as an Illustrator rough-draft, just
finally put into code. I will start plugging in some of the info I have in
the notebook from that meeting we had on it, and if I have anymore questions
I will just email you personally. I sent this message over the list, since
looks like Ed, Lisa, and myself were working on it in some form/fashion
thought all in question should be updated.

-- 
Thank you for the opportunity to work with you. I look forward to your
reply.

K. Elise Walker
Design and Development Specialist
-------------------------------------------------
Werkew Design
keiko199@hotmail.com | 1-423-622-4243

=============================================================== From: Ed King ------------------------------------------------------ I guess I should get crackin' on some code, I've only put 3 hours into it so far, and those 3 hours may have been a total waste if Drupal handles user authentication (I don't know "jack" about Drupal; I guess I should read up on it and perhaps install it on my home server to play with)

=============================================================== From: Lisa Ridley ------------------------------------------------------ Drupal has an authentication component. it so far, and those 3 hours may have been a total waste if Drupal = handles user authentication (I don't know "jack" about Drupal; I guess I = should read up on it and perhaps install it on my home server to play = with) a custom theme. Unfortunately, don't have filezilla on this Lap-Mac yet, = or I would upload and send a link over. Aaron, I uploaded a screen-shot = to my projects album on the dreaded FB if you want to take a look. It's = basically exactly what I sent over the last as an Illustrator = rough-draft, just finally put into code. I will start plugging in some = of the info I have in the notebook from that meeting we had on it, and = if I have anymore questions I will just email you personally. I sent = this message over the list, since looks like Ed, Lisa, and myself were = working on it in some form/fashion thought all in question should be = updated. reply.

=============================================================== From: Mike Harrison ------------------------------------------------------ It has a pseudo-authentication component using cookies and sessions id's which allows use over http where it can all be snarfed and emulated. When we are done moving into the new digs, I'll offer a chugalug where I do the religious rant, and give demonstrations of becoming other people..

=============================================================== From: Aaron Welch ------------------------------------------------------ I would suggest you handle authentication on your own. We can always use OD= BC to do single signin. -AW o far, and those 3 hours may have been a total waste if Drupal handles user a= uthentication (I don't know "jack" about Drupal; I guess I should read up on= it and perhaps install it on my home server to play with) stom theme. Unfortunately, don't have filezilla on this Lap-Mac yet, or I wo= uld upload and send a link over. Aaron, I uploaded a screen-shot to my proje= cts album on the dreaded FB if you want to take a look. It's basically exact= ly what I sent over the last as an Illustrator rough-draft, just finally put= into code. I will start plugging in some of the info I have in the notebook= from that meeting we had on it, and if I have anymore questions I will just= email you personally. I sent this message over the list, since looks like E= d, Lisa, and myself were working on it in some form/fashion thought all in q= uestion should be updated. ly.

=============================================================== From: Rod-Lists ------------------------------------------------------ HTTPS not secure enough? ----- Original Message ----- From: "Mike Harrison" To: "CHUGALUG" Sent: Monday, March 21, 2011 10:18:47 AM GMT -05:00 US/Canada Eastern Subject: Re: [Chugalug] GeekSwap It has a pseudo-authentication component using cookies and sessions id's which allows use over http where it can all be snarfed and emulated. When we are done moving into the new digs, I'll offer a chugalug where I do the religious rant, and give demonstrations of becoming other people..

=============================================================== From: Rod-Lists ------------------------------------------------------ your right.=C2=A0 drupal 6 default is unsecure.=20 I've found info on enabling it in 7. Still digging on 6.=20 Thanks for the heads up.=20 ----- Original Message -----=20 From: "Mike Harrison" =20 To: "CHUGALUG" =20 Sent: Monday, March 21, 2011 10:18:47 AM GMT -05:00 US/Canada Eastern=20 Subject: Re: [Chugalug] GeekSwap=20 It has a pseudo-authentication component=20 using cookies and sessions id's=20 which allows use over http where it=20 can all be snarfed and emulated.=20 When we are done moving into the new digs,=20 I'll offer a chugalug where I do the religious rant,=20 and give demonstrations of becoming other people..=20

=============================================================== From: Ed King ------------------------------------------------------ lol, ok then how about this: http://s318813070.onlinehome.us/geekswap/login.php

=============================================================== From: Rod-Lists ------------------------------------------------------ Drupal=C2=A0 can support secure login.=20 This one way.=20 http://drupal.org/project/securelogin=20 Whatever platform it needs to be decided so=C2=A0css and art can be done.= =20 ----- Original Message -----=20 From: "Ed King" =20 To: "CHUGALUG" =20 Sent: Monday, March 21, 2011 12:46:30 PM GMT -05:00 US/Canada Eastern=20 Subject: Re: [Chugalug] GeekSwap=20 lol, ok then how about this:=C2=A0=C2=A0=C2=A0 http://s318813070.onlinehome= .us/geekswap/login.php=20 From: Aaron Welch =20 To: CHUGALUG =20 Sent: Mon, March 21, 2011 9:26:41 AM=20 Subject: Re: [Chugalug] GeekSwap=20 I would suggest you handle authentication on your own. =C2=A0We can always = use ODBC to do single signin.=20 -AW=20 =20 I guess I should get crackin' on some code, I've only put 3 hours into it s= o far, and those 3 hours may have been a total waste if Drupal handles user= authentication (I don't know "jack" about Drupal; I guess I should read up= on it and perhaps install it on my home server to play with)=20 From: K. Elise Walker < werkewdesign@gmail.com >=20 To: CHUGALUG < chugalug@chugalug.org >=20 Sent: Mon, March 21, 2011 4:41:04 AM=20 Subject: [Chugalug] GeekSwap=20 I have the template for GeekSwapMeet.org finished in Drupal 6. It has a cus= tom theme. Unfortunately, don't have filezilla on this Lap-Mac yet, or I wo= uld upload and send a link over. Aaron, I uploaded a screen-shot to my proj= ects album on the dreaded FB if you want to take a look. It's basically exa= ctly what I sent over the last as an Illustrator rough-draft, just finally = put into code. I will start plugging in some of the info I have in the note= book from that meeting we had on it, and if I have anymore questions I will= just email you personally. I sent this message over the list, since looks = like Ed, Lisa, and myself were working on it in some form/fashion thought a= ll in question should be updated.=20 --=20 Thank you for the opportunity to work with you. I look forward to your repl= y.=20 K. Elise Walker=20 Design and Development Specialist=20 -------------------------------------------------=20 Werkew Design=20 keiko199@hotmail.com | 1-423-622-4243=20

=============================================================== From: Aaron Welch ------------------------------------------------------ Drupal was decided for the main site. -AW ogin.php DBC to do single signin. o far, and those 3 hours may have been a total waste if Drupal handles user a= uthentication (I don't know "jack" about Drupal; I guess I should read up on= it and perhaps install it on my home server to play with) stom theme. Unfortunately, don't have filezilla on this Lap-Mac yet, or I wo= uld upload and send a link over. Aaron, I uploaded a screen-shot to my proje= cts album on the dreaded FB if you want to take a look. It's basically exact= ly what I sent over the last as an Illustrator rough-draft, just finally put= into code. I will start plugging in some of the info I have in the notebook= from that meeting we had on it, and if I have anymore questions I will just= email you personally. I sent this message over the list, since looks like E= d, Lisa, and myself were working on it in some form/fashion thought all in q= uestion should be updated. ly.

=============================================================== From: Mike Harrison ------------------------------------------------------ Even with a self-signed certificate.. that's enough for common application usage. ----------------------------------------------------- Easy rule of thumb (that still has exceptions): If you can change your password on a website/system: and it does not require you to re-login.... It is not "secure". Think about it, your credentials changed.. and yet it is allowing you to continue....

=============================================================== From: "K. Elise Walker" ------------------------------------------------------ This is all fine and dandy. I built the template in three hours. I can go back and rewrite it as XHTML/CSS in the same amount of time. Right now, it has no log in because it is just a one-page website like we talked about at the meeting.. for people to go to to see what time what day what hour, where at, directions etc. THIS IS NOT THE DATABASE. Yes, I put that in caps on purpose. Lisa was supposed to be working on the database engine for storing the items for sale, bar coding, etc. PS It has no log in because I didn't see the need to have one, as this is a built from scratch custom made template for a site that will only really be updated once a year or so.... not a blog etc that will be updated daily. Therefore, not sure why the authentication would be an issue....

=============================================================== From: Mike Harrison ------------------------------------------------------ While 99% of the time, that is correct. I'm just being grumpy and wheezee... and grumbling about the use of the word "secure". Please continue.. :)

=============================================================== From: Lisa Ridley ------------------------------------------------------ I'm playing with a QRCode library that batch generates QRCodes = now....... go back and rewrite it as XHTML/CSS in the same amount of time. Right = now, it has no log in because it is just a one-page website like we = talked about at the meeting.. for people to go to to see what time what = day what hour, where at, directions etc. THIS IS NOT THE DATABASE. Yes, = I put that in caps on purpose. Lisa was supposed to be working on the = database engine for storing the items for sale, bar coding, etc. is a built from scratch custom made template for a site that will only = really be updated once a year or so.... not a blog etc that will be = updated daily. Therefore, not sure why the authentication would be an = issue.... wrote:

=============================================================== From: Stephen Rees ------------------------------------------------------ Why not? You are logged in already, who you are is verified as far as the system is concerned. Your logged in status and identity are in session. Session doesn't magically end when you change your password. I never store password in session, so it isn't like I'm checking a user's password on every page in my applications.

=============================================================== From: James Nylen ------------------------------------------------------ Session IDs can be intercepted and spoofed.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Depends, what's the root pwd? :) Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2HouwACgkQABP1RO+tr2Q5+ACgt0JK0vT5r9ekceK9xPVMsZ4D wc0AoKx8xBeJybad8Z6J0+mRnPr5DqIE =CNZF -----END PGP SIGNATURE-----

=============================================================== From: Ed King ------------------------------------------------------ Depends, what's the root pwd? :) its not: 0wn lol

=============================================================== From: Stephen Rees ------------------------------------------------------ So...how does having to login again after a password change reduce the attack profile for session spoofing? You can be spoofed the same after changing your password and logging in again as before. Isn't that rather difficult to do to a SSL encrypted site? I've been coding for many years and this is all I'm familiar with - use SSL for login and protected areas, encrypt the sensitive data that is stored, verify IP's remain consistent throughout session, etc. etc.. Each is just another layer. If there is some best practice for protecting logins that I'm not aware of, I'd really love to hear it. -Stephen

=============================================================== From: Dee Holtsclaw ------------------------------------------------------ Using http, yes. But not with https.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That's not really a good example of whether it's "secure" or not... Kerberos for instance, won't require a new authentication or new ticket grant. Depending how you are handling your authentication for your stateless web application, it might not [immediately] either. You have to keep track of sessions somehow, and you don't want to pass the user/pass for every page request.... Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2HpUkACgkQABP1RO+tr2QkfQCggUdRWoG/N5xw3fjkikWaMzIZ PTMAn3BZH2t2bfeOZmYsiL06fyyNbMTl =riXA -----END PGP SIGNATURE-----

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know... I tried.... :) Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2HpyoACgkQABP1RO+tr2SaNACdEs68kXNMAvuTq0hpe8rt7oAY SyEAoJhnRShXQD1SxDnB7aK3W9kf4jk1 =Il4p -----END PGP SIGNATURE-----

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It doesn't and I'd be highly suspicious of a website that did prompt for such if it wasn't evident that it had otherwise ended my session. Because that tells me it's storing my credentials in a cookie somewhere.... Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2Hp+kACgkQABP1RO+tr2TWigCfZ+UcN3XQGhgL97VcfqdRZtmS w4UAnjCxTkLBBBWPzAQ8qg/LLTWpyboA =pHGB -----END PGP SIGNATURE-----

=============================================================== From: Mike Harrison ------------------------------------------------------ I've actually had this happen in financial systems: "Mike this is George.." (and I recognize the voice and the CID) "Someone is logged in as me from x.x.x.x, I changed my password and they are still accessing the system as me..." Turned out George logged in from someone else's computer and left the session up, which was the first mistake.. The system in question had 'fake-auth" or session based auth. ----------------- Session SHOULD change when credentials change. ----------------- I'll save the rest for a presentation.. It's a good one.

=============================================================== From: Mike Harrison ------------------------------------------------------ For starters.. real auth credentials are stored in a special way and place in the browser, not in "user space" like cookies and cache... and by default go away when you close the browser. You should not be able to use JavaScript to snag the credentials like you can with cookies.

=============================================================== From: "K. Elise Walker" ------------------------------------------------------ Okay. So, let's decide... do you want me to take the time to redo what I have in something that isn't Drupal. Ed, I'm not entirely sure what it is that you've been working on. Can you explain the portion you're working on to me. I'm starting to question my placement in this whole scenario. As far as I know Aaron liked the logo I came up with... if he is having someone else write the code for the general public friendly website that is cool. If anymore graphics are needed let me know, if that is the case and I can help, then I will be more than happy to.

=============================================================== From: Aaron Welch ------------------------------------------------------ Ed is working on a swap board for a lack of a better term. Right now everyt= hing you are doing is fine. I am going to setup the hosting for the site to= day when I have some backup with the little one. I appreciate all the help a= nd support you guys have given thus far. -AW On Mar 22, 2011, at 2:28 AM, "K. Elise Walker" wrot= e: ave in something that isn't Drupal. Ed, I'm not entirely sure what it is tha= t you've been working on. Can you explain the portion you're working on to m= e. I'm starting to question my placement in this whole scenario. As far as I= know Aaron liked the logo I came up with... if he is having someone else wr= ite the code for the general public friendly website that is cool. If anymor= e graphics are needed let me know, if that is the case and I can help, then I= will be more than happy to. ack profile for session spoofing? You can be spoofed the same after changing= your in the browser, not in "user space" like cookies and cache... and by defaul= t go away when you close the browser. You should not be able to use JavaScri= pt to snag the credentials like you can with cookies.

=============================================================== From: Rod-Lists ------------------------------------------------------ Lisa do you have Lee's contact?=20 We might be able do a little something to tie the too together.=20 ----- Original Message -----=20 From: "Aaron Welch" =20 To: "CHUGALUG" =20 Sent: Tuesday, March 22, 2011 7:11:36 AM GMT -05:00 US/Canada Eastern=20 Subject: Re: [Chugalug] GeekSwap=20 Ed is working on a swap board for a lack of a better term. =C2=A0Right now = everything you are doing is fine. =C2=A0I am going to setup the hosting for= the site today when I have some backup with the little one. =C2=A0I apprec= iate all the help and support you guys have given thus far.=20 -AW=20 On Mar 22, 2011, at 2:28 AM, "K. Elise Walker" < werkewdesign@gmail.com > w= rote:=20 Okay. So, let's decide... do you want me to take the time to redo what I ha= ve in something that isn't Drupal. Ed, I'm not entirely sure what it is tha= t you've been working on. Can you explain the portion you're working on to = me. I'm starting to question my placement in this whole scenario. As far as= I know Aaron liked the logo I came up with... if he is having someone else= write the code for the general public friendly website that is cool. If an= ymore graphics are needed let me know, if that is the case and I can help, = then I will be more than happy to.=20 On Mon, Mar 21, 2011 at 3:37 PM, Mike Harrison < cluon@geeklabs.com > wrote= :=20 So...how does having to login again after a password change reduce the atta= ck profile for session spoofing? You can be spoofed the same after changing= your=20 For starters.. real auth credentials are stored in a special way and place = in the browser, not in "user space" like cookies and cache... and by defaul= t go away when you close the browser. You should not be able to use JavaScr= ipt to snag the credentials like you can with cookies.=20

=============================================================== From: Lisa Ridley ------------------------------------------------------ And which "Lee" would that be? everything you are doing is fine. I am going to setup the hosting for = the site today when I have some backup with the little one. I = appreciate all the help and support you guys have given thus far. wrote: I have in something that isn't Drupal. Ed, I'm not entirely sure what it = is that you've been working on. Can you explain the portion you're = working on to me. I'm starting to question my placement in this whole = scenario. As far as I know Aaron liked the logo I came up with... if he = is having someone else write the code for the general public friendly = website that is cool. If anymore graphics are needed let me know, if = that is the case and I can help, then I will be more than happy to. wrote: attack profile for session spoofing? You can be spoofed the same after = changing your place in the browser, not in "user space" like cookies and cache... and = by default go away when you close the browser. You should not be able to = use JavaScript to snag the credentials like you can with cookies.

=============================================================== From: Ed King ------------------------------------------------------ me either ;-) My involvement in this project started with a quick conversation with Aaron at a Chugalunch 2 or 3 weeks ago. We talked about making a very simple swap board with user-logins and categories. I wasn't aware until recently that Lisa was working on "database stuff" (duplication of effort?) or that we were going to use Drupal. So now I'm like, totally confused as to who-is-doing-what and do we have to integrate with Drupal, which I know nothing about. If we are going to use Drupal then lets get a shared Drupal dev site up asap, and divy up the tasks Also, a reminder of how this project benefits Hackspace would be a good read...

=============================================================== From: Lisa Ridley ------------------------------------------------------ I second the duplication of effort sentiment. This project is beginning to s= pin out of control. At this point I'm going to cease and desist anything be= yond getting the consignment tracking done, complete with QrCode generator. IMHO, we need a project manager on this. =20 Sent from my iPad n at a Chugalunch 2 or 3 weeks ago. We talked about making a very simple sw= ap board with user-logins and categories. I wasn't aware until recently tha= t Lisa was working on "database stuff" (duplication of effort?) or that we w= ere going to use Drupal. =20 o integrate with Drupal, which I know nothing about. If we are going to use= Drupal then lets get a shared Drupal dev site up asap, and divy up the task= s ad... ave in something that isn't Drupal. Ed, I'm not entirely sure what it is tha= t you've been working on. Can you explain the portion you're working on to m= e. I'm starting to question my placement in this whole scenario. As far as I= know Aaron liked the logo I came up with... if he is having someone else wr= ite the code for the general public friendly website that is cool. If anymor= e graphics are needed let me know, if that is the case and I can help, then I= will be more than happy to.

=============================================================== From: Aaron welch ------------------------------------------------------ I will take the hit on this one. I was having several different efforts going on at the same time. All of which are mutually exclusive of each other. Here is a breakdown of projects as they relate to the Geek Swap Meet: Basic informational website and logos - Elise Craiglist style want to buy/want to sell site - Ed Inventory tracking system for consignment sales - Lisa (did not know you were doing this, but that is totally cool!) All of these projects stand on their own, that way if someone gets busy and something does not get done it is no big deal. What I would like to see now is the logos Elise has designed, the posting system that Ed has created, and the tracking system Lisa is working on. I have to get all of the documents turned in this week, so I would love to see where we stand on all of these. How does this benefit the Hackerspace? We are donating 10% of the profits for the event to the Hackerspace plus providing space at the show for gathering momentum and collecting dues (will talk about this at the next HS meeting). I am really hoping that we can get some good participation from the surrounding community (within 2hrs) to support having these types of events on a regular basis. I really appreciate everything you all have done thus far and look forward to seeing some of these projects come into the light here soon. Here is the link to the new mailing list: http://geekswapmeet.org/list/?p=subscribe&id=1 The Drupal instance is up and running at: http://www.geekswapmeet.org -AW

=============================================================== From: Ed King ------------------------------------------------------ alrighty then, if the swapboard is a "standalone" project then I will proceed with a stupid-simple swapboard and not worry about how or if it will ever be integrated into Drupal... or skinned with Elise's graphics and css... or integrated with Lisa's inventory tracking... or... or... or ;) I don't have anything worth showing yet... damn this nice weather!

=============================================================== From: Lisa Ridley ------------------------------------------------------ Hey Ed... Quick question regarding future "integration"....what are you usin= g as a database backend...MySQL? Sent from my iPad eed with a stupid-simple swapboard and not worry about how or if it will eve= r be integrated into Drupal... or skinned with Elise's graphics and css... = or integrated with Lisa's inventory tracking... or... or... or ;) oing on at the same time. All of which are mutually exclusive of each other= . Here is a breakdown of projects as they relate to the Geek Swap Meet: ere doing this, but that is totally cool!) d something does not get done it is no big deal. What I would like to see n= ow is the logos Elise has designed, the posting system that Ed has created, a= nd the tracking system Lisa is working on. I have to get all of the docume= nts turned in this week, so I would love to see where we stand on all of th= ese. for the event to the Hackerspace plus providing space at the show for gathe= ring momentum and collecting dues (will talk about this at the next HS meeti= ng). nding community (within 2hrs) to support having these types of events on a r= egular basis. I really appreciate everything you all have done thus far and= look forward to seeing some of these projects come into the light here soon= . o spin out of control. At this point I'm going to cease and desist anything= beyond getting the consignment tracking done, complete with QrCode generato= r. on at a Chugalunch 2 or 3 weeks ago. We talked about making a very simple s= wap board with user-logins and categories. I wasn't aware until recently th= at Lisa was working on "database stuff" (duplication of effort?) or that we w= ere going to use Drupal. =20 o integrate with Drupal, which I know nothing about. If we are going to use= Drupal then lets get a shared Drupal dev site up asap, and divy up the task= s ead... ave in something that isn't Drupal. Ed, I'm not entirely sure what it is tha= t you've been working on. Can you explain the portion you're working on to m= e. I'm starting to question my placement in this whole scenario. As far as I= know Aaron liked the logo I came up with... if he is having someone else wr= ite the code for the general public friendly website that is cool. If anymor= e graphics are needed let me know, if that is the case and I can help, then I= will be more than happy to.

=============================================================== From: Ed King ------------------------------------------------------ I really, really wanted to use VSAM files but 1and1 doesn't offer that so I had to go with MySQL :)

=============================================================== From: Lisa Ridley ------------------------------------------------------ I was secretly hoping you were harboring this desire to go with a NoSQL opti= on...I'm looking for an excuse to use MongoDB in a real project Sent from my iPad had to go with MySQL :) ing as a database backend...MySQL? ceed with a stupid-simple swapboard and not worry about how or if it will ev= er be integrated into Drupal... or skinned with Elise's graphics and css...= or integrated with Lisa's inventory tracking... or... or... or ;) oing on at the same time. All of which are mutually exclusive of each other= . Here is a breakdown of projects as they relate to the Geek Swap Meet: ere doing this, but that is totally cool!) nd something does not get done it is no big deal. What I would like to see n= ow is the logos Elise has designed, the posting system that Ed has created, a= nd the tracking system Lisa is working on. I have to get all of the docume= nts turned in this week, so I would love to see where we stand on all of th= ese. s for the event to the Hackerspace plus providing space at the show for gath= ering momentum and collecting dues (will talk about this at the next HS meet= ing). unding community (within 2hrs) to support having these types of events on a r= egular basis. I really appreciate everything you all have done thus far and= look forward to seeing some of these projects come into the light here soon= . o spin out of control. At this point I'm going to cease and desist anything= beyond getting the consignment tracking done, complete with QrCode generato= r. ron at a Chugalunch 2 or 3 weeks ago. We talked about making a very simple s= wap board with user-logins and categories. I wasn't aware until recently th= at Lisa was working on "database stuff" (duplication of effort?) or that we w= ere going to use Drupal. =20 to integrate with Drupal, which I know nothing about. If we are going to u= se Drupal then lets get a shared Drupal dev site up asap, and divy up the ta= sks ead... have in something that isn't Drupal. Ed, I'm not entirely sure what it is t= hat you've been working on. Can you explain the portion you're working on to= me. I'm starting to question my placement in this whole scenario. As far as= I know Aaron liked the logo I came up with... if he is having someone else w= rite the code for the general public friendly website that is cool. If anymo= re graphics are needed let me know, if that is the case and I can help, then= I will be more than happy to.

=============================================================== From: Ed King ------------------------------------------------------ normally I'd be "game" for learning something new, but I'm kinda time-challenged lately so I'd better stick with what I already know ;-) I will push myself to get a basic swapboard up 'n running before Friday, because come Saturday, the computers go "off" and the v8 Nova wagon comes "on" lol

=============================================================== From: Ed King ------------------------------------------------------ instead of reinventing the wheel with a custom programmed swapboard, why don't we just put up a phpbb for the swapboard and be "done" with it? these folks did it.. http://www.welltrainedmind.com/forums/forumdisplay.php?f=10

=============================================================== From: R D Flowers ------------------------------------------------------ Ed King wrote:

=============================================================== From: Chad Smith ------------------------------------------------------ I could be wrong, But I believe it is for a swap meet type website - hence the name. And for a Swap Meet - it is easier to have a maintained forum of available items that can be added to and taken away from on a moment by moment basis by those who are listing and removing items. Such a list being maintained in a centralized location, so that there is one list of available items that is always up to date, searchable, and accessible anywhere the Internet is. If you'd like to archive it periodically for your own personal enjoyment, I believe HTTrack still works. - Chad W Smith "I like a man who's middle name is W." - President George W. Bush - February 10, 2003 bit.ly/gwb-dubya

=============================================================== From: Chris Mowery ------------------------------------------------------ I would think something similar to Craigslist would be great for this. A quick search finds a clone named Chuckslist. http://chuckslist.rubyforge.org/ A bonus, it is named after Chuck Norris! - Chris e m of being ble I ary t l

=============================================================== From: Aaron welch ------------------------------------------------------ The only downside to this is search and I really do not like the way that forums display "item" type information. I think the Craigslist or Backpage.com look and feel is probably the easiest to use from the "customer" perspective. It needs to be non-geek friendly or no one will really use it. -AW

=============================================================== From: Ed King ------------------------------------------------------ do we want to try out Chuckslist? Do any of us know enough about Ruby/Rails (I don't) to customize Chuckslist if need be? Or maybe there is a Craigslist-style php system we could try, I guess I need to Google It just isn't sane for me to try and program a swapboard from scratch right now. Not that I couldn't do it, but my workload has changed significantly since I volunteered for this project (company I.T. group cut in half; my team inheriting other team's projects; information overload; Danger, Will Robinson!). So hopefully we find an existing system and customize it to our needs, with minimal effort, instead of programming from scratch...

=============================================================== From: Aaron Welch ------------------------------------------------------ Works for me. Let's give it a whirl... -AW ls (I don't) to customize Chuckslist if need be? Or maybe there is a Craigs= list-style php system we could try, I guess I need to Google t now. Not that I couldn't do it, but my workload has changed significantly= since I volunteered for this project (company I.T. group cut in half; my te= am inheriting other team's projects; information overload; Danger, Will Robi= nson!). So hopefully we find an existing system and customize it to our nee= ds, with minimal effort, instead of programming from scratch... orums display "item" type information. I think the Craigslist or Backpage.c= om look and feel is probably the easiest to use from the "customer" perspect= ive. It needs to be non-geek friendly or no one will really use it. e: on't we just put up a phpbb for the swapboard and be "done" with it? these f= olks did it.. oing on at the same time. All of which are mutually exclusive of each other= . Here is a breakdown of projects as they relate to the Geek Swap Meet: ere doing this, but that is totally cool!) d something does not get done it is no big deal. What I would like to see n= ow is the logos Elise has designed, the posting system that Ed has created, a= nd the tracking system Lisa is working on. I have to get all of the docume= nts turned in this week, so I would love to see where we stand on all of th= ese. for the event to the Hackerspace plus providing space at the show for gathe= ring momentum and collecting dues (will talk about this at the next HS meeti= ng). nding community (within 2hrs) to support having these types of events on a r= egular basis. I really appreciate everything you all have done thus far and= look forward to seeing some of these projects come into the light here soon= . o spin out of control. At this point I'm going to cease and desist anything= beyond getting the consignment tracking done, complete with QrCode generato= r. on at a Chugalunch 2 or 3 weeks ago. We talked about making a very simple s= wap board with user-logins and categories. I wasn't aware until recently th= at Lisa was working on "database stuff" (duplication of effort?) or that we w= ere going to use Drupal. =20 o integrate with Drupal, which I know nothing about. If we are going to use= Drupal then lets get a shared Drupal dev site up asap, and divy up the task= s ead... ave in something that isn't Drupal. Ed, I'm not entirely sure what it is tha= t you've been working on. Can you explain the portion you're working on to m= e. I'm starting to question my placement in this whole scenario. As far as I= know Aaron liked the logo I came up with... if he is having someone else wr= ite the code for the general public friendly website that is cool. If anymor= e graphics are needed let me know, if that is the case and I can help, then I= will be more than happy to.

=============================================================== From: Rod-Lists ------------------------------------------------------ Drupal has a lot of functionality.=20 What do you want to use? Forums, the rss feed, Shopping cart?=20 ----- Original Message -----=20 From: "Aaron welch" =20 To: "CHUGALUG" =20 Sent: Wednesday, March 23, 2011 3:31:46 AM GMT -05:00 US/Canada Eastern=20 Subject: Re: [Chugalug] GeekSwap=20 I will take the hit on this one. =C2=A0I was having several different effor= ts going on at the same time. =C2=A0All of which are mutually exclusive of = each other. =C2=A0Here is a breakdown of projects as they relate to the Gee= k Swap Meet:=20 Basic informational website and logos - Elise=20 Craiglist style want to buy/want to sell site - Ed=20 Inventory tracking system for consignment sales - Lisa (did not know you we= re doing this, but that is totally cool!)=20 All of these projects stand on their own, that way if someone gets busy and= something does not get done it is no big deal. =C2=A0What I would like to = see now is the logos Elise has designed, the posting system that Ed has cre= ated, and the =C2=A0tracking system Lisa is working on. =C2=A0I have to get= all of the documents turned in this week, so I would love to see where =C2= =A0we stand on all of these.=20 How does this benefit the Hackerspace? =C2=A0We are donating 10% of the pro= fits for the event to the Hackerspace plus providing space at the show for = gathering momentum and collecting dues (will talk about this at the next HS= meeting).=20 I am really hoping that we can get some good participation from the surroun= ding community (within 2hrs) to support having these types of events on a r= egular basis. =C2=A0I really appreciate everything you all have done thus f= ar and look forward to seeing some of these projects come into the light he= re soon.=20 Here is the link to the new mailing list:=20 http://geekswapmeet.org/list/?p=3Dsubscribe&id=3D1=20 The Drupal instance is up and running at:=20 http://www.geekswapmeet.org=20 -AW=20 =20 I second the duplication of effort sentiment. =C2=A0This project is beginni= ng to spin out of control. =C2=A0At this point I'm going to cease and desis= t anything beyond getting the consignment tracking done, complete with QrCo= de generator.=20 IMHO, we need a project manager on this. =C2=A0=20 Sent from my iPad=20 =20 me either ;-)=C2=A0=20 My involvement in this project started with a quick conversation with Aaron= at a Chugalunch 2 or 3 weeks ago.=C2=A0 We talked about making a very simp= le swap board with user-logins and categories.=C2=A0 I wasn't aware until r= ecently that Lisa was working on "database stuff" (duplication of effort?) = or that we were going to use Drupal.=C2=A0=20 So now I'm like, totally confused as to who-is-doing-what and do we have to= integrate with Drupal, which I know nothing about.=C2=A0 If we are going t= o use Drupal then lets get a shared Drupal dev site up asap, and divy up th= e tasks=20 Also, a reminder of how this project benefits Hackspace would be a good rea= d...=20 =C2=A0=20 From: K. Elise Walker < werkewdesign@gmail.com >=20 To: Mike Harrison < cluon@geeklabs.com >; CHUGALUG < chugalug@chugalug.org = Sent: Tue, March 22, 2011 1:28:52 AM=20 Subject: Re: [Chugalug] GeekSwap=20 Okay. So, let's decide... do you want me to take the time to redo what I ha= ve in something that isn't Drupal. Ed, I'm not entirely sure what it is tha= t you've been working on. Can you explain the portion you're working on to = me. I'm starting to question my placement in this whole scenario. As far as= I know Aaron liked the logo I came up with... if he is having someone else= write the code for the general public friendly website that is cool. If an= ymore graphics are needed let me know, if that is the case and I can help, = then I will be more than happy to.=20

=============================================================== From: Ed King ------------------------------------------------------ I couldn't get chuxlist to work so went searching for something else... I found lots of (mostly non-free) php-classified software candidates mentioned in this thread: http://www.sitepoint.com/forums/web-development-software-62/best-php-classifieds-software-196223-2.html One of the free classified systems mentioned was: http://www.almondsoft.com/alclfree.html Its free and stupid-simple; maybe a little bit too simple (in the free version of Almond Classifieds, it appears that anyone can delete anyone else's postings!) but its a start and it sure beats programming it from scratch. I and/or someone with "free time" (what is that??) could hack in some basic user-authentication and other common sense features... or... Aaron could cough up $45 and purchase Almond Lite and geekswap.org could be up and running tomorrow ;)

=============================================================== From: William Wade ------------------------------------------------------ Ok old thread, but just saw this pop up and thought it might be a good resource for anyone looking back at this discussion regarding classified sites. This one is OSS PHP/MySQL. Looks nice and easy with nice integration with paypal/etc... http://osclass.org/ via: http://www.webresourcesdepot.com/open-source-php-classifieds-applicati= on-osclass/ =C2=A0 I ned sifieds-software-196223-2.html ack in r... be

=============================================================== From: Ed King ------------------------------------------------------ OSClass looks good... what say ye Aaron? Can we get geekswap.org off the ground soon using one of these free or inexpensive pre-existing classified systems? ----- Original Message ---- From: William Wade To: CHUGALUG Sent: Sun, April 17, 2011 9:14:34 AM Subject: Re: [Chugalug] GeekSwap Ok old thread, but just saw this pop up and thought it might be a good resource for anyone looking back at this discussion regarding classified sites. This one is OSS PHP/MySQL. Looks nice and easy with nice integration with paypal/etc... http://osclass.org/ via: http://www.webresourcesdepot.com/open-source-php-classifieds-application-osclass/

=============================================================== From: Aaron Welch ------------------------------------------------------ Sounds great, can any of you meet this week to talk about the event? -AW he=20 =20 sclass/ ned sifieds-software-196223-2.html n e

=============================================================== From: Ed King ------------------------------------------------------ I can probably squeeze in some time... any possibility for a lunch meeting? Listening to people talk talk talk makes me hungry. Maybe Dave will show up with some herb... ----- Original Message ---- From: Aaron Welch To: CHUGALUG Sent: Sun, April 17, 2011 3:17:34 PM Subject: Re: [Chugalug] GeekSwap Sounds great, can any of you meet this week to talk about the event? -AW

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hehe, I have a 2' x 2' x 8" root ball, will that work for you? :) But I planted the sweet basil, flat Italian parsley, Greek oregano, chives and rosemary this year. And for peppers this year, only jalapeno, sweet banana and cayenne. But a lot more jalapeno this year :) Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2reeUACgkQABP1RO+tr2RHPQCfZlDQAPyas7n0ie5MIETh8zVE oEsAoLsqTr8kgSuy75Vuucrp3XrKH8Kv =Qy2M -----END PGP SIGNATURE-----

=============================================================== From: John Aldrich ------------------------------------------------------ Just don't plant 'em next to your tomatoes... I've heard that'll give you "hot" tomatoes. ;-)

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nah, I use the "strawberry" topsy turvy things. 15 holes for pepper plants, work great. Tomatoes are in the regular topsy turvy things plus the four in the herb bed, all on the other side of the yard. I'm actually most excited to see what the strawberry plants do this year. They are 6" taller than last year, and blooms like crazy. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2rhzIACgkQABP1RO+tr2QBCACfQu9xouCfn60JGbanGY9MMI1L 7UoAoJFKVWnOAMYckblfPPjPXx+9MOa6 =of0N -----END PGP SIGNATURE-----

=============================================================== From: Mike Harrison ------------------------------------------------------ Planting hot peppers among the 'maters helps keep the bugs away. Kinda like putting Linux servers among the Windisease Servers.. :) (See, I can TRY to make it on-topic.. at least I try!)