AJAX-powered search auto-completion for the docs

lilypond-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AJAX-powered search auto-completion for the docs

From:	Graham Percival
Subject:	AJAX-powered search auto-completion for the docs
Date:	Fri, 2 Apr 2010 01:58:38 +0100
User-agent:	Mutt/1.5.18 (2008-05-17)

Ok, I've run out of excuses to avoid tackling issue 815:
http://code.google.com/p/lilypond/issues/detail?id=815

See it in action here:
http://reinhold.kainhofer.com/~lilypond/ajax/user/lilypond/index.html

Looks pretty cool.  Unfortunately, there's some problems.

1.  It uses PHP, which I know nothing about.  I thought this was
named after a drug, but 2 minutes on wikipedia suggests that I was
thinking of PCP.  30 seconds of skimming the wikipedia page about
PHP suggests that it's similar to, or based on, perl.  It also
reminded me that PHP appears to have an obscene number of security
flaws -- I vaguely recall seeing "PHP security patches of the
week" for several months on LWN.

Unlike some people, the less I know about a technology, the less
eager I am to deploy it on the internet.  I have no reason to
doubt Reinhold's ability to create things securely, but at the
same time, I don't trust my ability to check and verify the
security of this setup.


2.  lilypond.org is hosted on a shared server, I don't know how
much CPU power this auto-completion would require, and I don't
know how much CPU power it would be polite to use.


3.  The patch was created almost a year ago, and texi2html has
undergone a lot of changes since then.  It might still apply
cleanly, or it might not.


With those factors in mind, we have a few options:
a)  Reject the patch.  We say "yeah, that looks cool, but sorry,
we can't fit it into lilypond.org and/or nobody wants to work on
the integration / fix the remaining issues / etc".

b)  Accept the patch, but disable it in a normal build.  We
integrate it with the rest of our build system and docs, but leave
it as an alternate configuration option.  People building the docs
locally, or making the docs available on their own systems (be it
lilynet.net or kainhofer.com or whatever) can enable it.  Then, if
there's any security or CPU-usage or whatever issues, it's those
people who get hosed and not lilypond.org.

c)  Accept the patch, disable it on a normal build, enable it on
lilynet.net (which IIRC has tons of resources), and then create a
doc.lilypond.org which redirects to the AJAX-enabled docs on
lilynet.net (or any other server that people want to volunteer).
That way, we don't disrupt the main site, but normal users can
still play around with the searching stuff.

d)  Accept the patch, make it default, host it on lilypond.org.
Unless there's a substantial amount of interest from skilled PHP
and web security people, I do not like this option.


Thoughts?

Cheers,
- Graham

[Prev in Thread]

Current Thread

[Next in Thread]

AJAX-powered search auto-completion for the docs, Graham Percival <=
- Re: AJAX-powered search auto-completion for the docs, Reinhold Kainhofer, 2010/04/08
  - Re: AJAX-powered search auto-completion for the docs, Graham Percival, 2010/04/09
    - Re: AJAX-powered search auto-completion for the docs, Reinhold Kainhofer, 2010/04/11

Prev by Date: Re: Major version: LilyPond 2.14.0 released!
Next by Date: Re: Major version: LilyPond 2.14.0 released!
Previous by thread: Re: %module-public-interface
Next by thread: Re: AJAX-powered search auto-completion for the docs
Index(es):
- Date
- Thread