04 Feb 10

New UI Developer On The Scene

Hey all, my name is Kalid Azad, I’m the new UI Dev for MindTouch!

I got in touch with the company after a tweet regarding a project of mine, which led to an email/call & trip to San Diego to meet the team. San Diego apparently has name-brand sunshine, vs. the generic packaged stuff we get up in Seattle. The team was smart, friendly, down to earth, and it was cool talking about new technologies (git, no SQL style databases) with an atmosphere of curious experimentation. Not every new tech is the right fit, but it’s important to explore the possibilities and know what’s out there.

I’m a fan of MindTouch for a few reasons. First, it’s open source — I’ve worked inside closed corporations, and did a double-take when my first spec was put on a public site. Really? Other people can… read it? Believe it or not, this is mindblowing in other circumstances :). Being able/allowed/encouraged to engage with a community, in the open, from the getgo is really freeing.

Next, I love blogging about math/programming geekery, and was looking for a way to have readers contribute. I like tinkering around with new platforms (tweaking Wordpress, etc.) and being able to contribute to a project I’m experimenting with myself is just awesome. I’m keeping a list of little UX features that might be cool on my user page. Comments/feedback/UX ideas are more than welcome.

Last, I like the idea of separating the data (API) from the presentation layer, in that good ol’ MVC pattern. Theoretically, you can have a web  interface, gmail-like interface, desktop interface, iphone interface, command-line interface… and it should just all work. Just having the separation gives you the freedom to experiment, which I’m looking forward to doing.

Hrm… about me: I like javascript, jquery, snowboarding, web apps, iphones, TED, math geekery, jiu jitsu, startups, keeping the simple things simple and the complex things possible. Dislikes: Country music, bureaucracy, car doors that get half-closed but not quite so you have to re-open and close them again. In 2010, how does this still happen?!

Thinking about car doors that stick.

Back to normal now. Looking forward to working with everyone!

02 Feb 10

Searchable Properties

With the MindTouch 9.12 release, property search has taken a big (but still experimental) step to being a reality. First a short recap: properties are a way to associate metadata with the various kinds of resources used by MindTouch. Currently there are page, user, attachment, and global site properties. These all share a common API interface but slightly different usage patterns mostly differing in access permissions. Customers and community developers have used it for all sorts of things such as a data store for defect tracking, user workflow state, voting/feedback storage, etc.

Search is a natural progression of properties making them more powerful and effective for building solutions on top of MindTouch. There are a few usage patterns (as described with examples in the property search spec), but the most common will likely be to find pages that have a specific property that is equal to or contains a certain value. As with the page and attachment search currently in MindTouch, property search is implemented in Lucene giving it support for complex logical queries to be performed on the data you choose to store. Properties are only searched when explicitly asked. An example query combining a few concepts looks like:

+#assignedto:max +#priority:[1 TO 5] +#project:[API or DB] -#status:closed +title:"bugs/*"

We’re considering expanding property search to user properties (soon) and attachment properties (later) as well as allowing some user properties to be visible by others. These are discussed in more detail on the property search spec and we’d really appreciate your feedback!

20 Jan 10

Important Security Notice (9.08.3 Release)

MindTouch recently identified a security issue that, under certain server configurations, could cause administrative credentials to be disclosed. Our engineering team has confirmed the issue and released a hotfix to remediate this issue for all versions supported by MindTouch. We have also issued an incremental release (9.08.3) which contains this security patch. If you are running an older version of MindTouch, we have also provided patch files if you feel a major upgrade is too risky. Detailed instructions on how to patch your systems can be found here.

It is imperative that you update your MindTouch installs immediately. We urge you to take a proactive approach in applying this patch, which should take no longer than ten minutes.

MindTouch places a great emphasis on the security of the platform, and will continue to improve on our release processes to diminish the likelihood of these types of issues.

08 Jan 10

MindTouch 9.08.2 Released

We’re starting off 2010 with the final stabilization release for Minneopa prior to the shipping of Noatak. While the changelog only shows five fixes, these are all critical fixes that should be applied to your installs to help the performance of your deployment.

You can pick up updates of this release on the VM by running updateWiki.sh - for all other environments can download the update from our website.

17 Dec 09

How To Avoid Purgatory With MindTouch

As more and more developers build on top of the MindTouch platform, some seriously impressive and complex tools and applications have emerged. From NeilW’s incredible sortable paginated zebrafied table template to our own esteemed RoyK’s time tracker and beyond, our App Catalog is growing rapidly thanks to people developing on MindTouch. For me personally, it’s interesting to watch these applications progress and take different twists and turns to arrive at their final revisions.

Being on this side of the telescope has allowed me to get a good idea of not just how all the moving parts work, but also how they work best. By that same token unfortunately, I’ve also gotten a good idea of how they work the worst!  And believe me… it can be plenty bad.

Mise en place

Oftentimes, sluggish apps are doomed to Performance Purgatory because they were created in less-than-ideal spaces. The French phrase “mise en place”, or “everything in it’s place” (yes, I watch Top Chef), is equally applicable when it comes to developing Mise En Placewithin the MindTouch platform.

MindTouch’s distributed nature, combined with its’ RESTful API, provides countless means to extend functionality. With those means, however, it’s important to know what and where to create your apps; the DekiScript/Javascript/jQuery toolkit is an essential part of building useful enterprise tools, but it’s not the only (or always the best) one to use. Depending on the intended functionality, using other programmatic methods could greatly increase performance not just for that app, but for the entire site as well.

DekiScript/Javascript/jQuery

DekiScript is a very powerful but easy-to-learn scripting language that allows users to mash up data from a number of different sources into one uniquely useful product. Parameterized templates, dynamic reporting, and custom workflows can all be created using it. Most users in MindTouch use DekiScript to some extent, even if they don’t realize it; extensions such as flickr and Google are easily inserted by the extensions manager, but the end result is a DekiScript call.

More technical users use DekiScript (along with Javascript and jQuery) to create mini-apps like a simple poll or a bug tracker. DekiScript is great for things like this, for a few reasons:

  • It’s client-side, so users don’t have to install anything on the backend
  • Users can modify templates or pages to fit their individual needs
  • Templates are easily shared
  • You can utilize other DekiScript extensions and functionality, without having to create additional connectors

As a result, the vast majority of applications for MindTouch are written using the scripting tools available. Many of them, contributions from our community on both our developer site and in the forums, have blown me away with how much they can do. However, there are some downsides to DekiScript, which I’ll detail.

First, to use some of them, you need to have the UNSAFECONTENT permission to save it. Obviously, this is a good thing, since it prevents malicious activity. However, if a user with those permissions creates a page with unsafe content and another user without those perms edits and saves it, the scripting is disabled, essentially breaking the functionality. Second, because it is exposed to end user modification, it’s subject to changes that may make it more difficult to upgrade in the future. It’s also subject to bugs from other components, such as Internet Explorer or Mono. Sometimes the issues that arise from those components can require hair-pulling workarounds that’ll make you cry (jQuery and IE6, for example). Lastly, depending on what it’s doing, performance can be substantially slower than other server-side implementations; while DekiScript is powerful, it still relies on the browser and on calls going back and forth to the API.  As such, poorly-contrived code can be brutal on a MindTouch instance. I would know, I’ve been guilty of writing some!

PHP

The alternative to using client-side scripting is running your app server-side (duh). This has a number of advantages over making the browser and the MindTouch engine do all the work, as well as some disadvantages. For this post I’m just going to be referring to PHP on the same MindTouch server, but you can write your app in almost any language.

If you choose to have the app server-side, you have the security of knowing that only you (or other admins) php-med-trans can screw it up. This is a huge plus if you’re maintaining a site; because you have complete control over modification, maintenance and upgrades are much easier. In addition to the maintenance, performance is often significantly better. You’re not relying on the browser to do calculations or data manipulation, and since the script and MindTouch reside on the same server, data transfer times are drastically reduced.

PHP is also a great choice for a few other reasons. Hooks make it easy to interact with the API, and Special Page Plugins can be quickly created to extend MindTouch’s functionality. PHP is also very MySQL-friendly, so more complex apps that require the use of database can be written. Finally, the MindTouch UI is written in PHP!

Of course, some of the advantages of using PHP can also be disadvantages. It’s not quite as intuitive as DekiScript, so the technical ability requirement goes up. As it does reside out of reach of end users, the script cannot be collaborated on like templates can. It also cannot utilize the built-in MindTouch extensions. And if you’ve got a prohibitive IT department which has a lot of processes for deploying updated scripts… well, prepare for a lot of back-and-forth emails!

Who’s better?

The simple answer is… neither! Both the DekiScript/Javascript/jQuery toolset and server-side scripting have their appropriate places to be used, and they’re certainly not mutually exclusive; the richest apps I’ve seen to date are a combination of both client- and server-side implementations. From experience, I can say that the best way to determine what to use comes from taking the time before you start writing to properly spec your application. It’s a little more effort, but doing so will help you to figure out the best angle of attack and prevent headaches (and drastic changes!) down the road. Your apps (and your users) will thank you for it.