Collaborator login
New collaborator registration
Forgot password

About the Representing Knowledge Web Site

This page describes the construction of this web site including rationale and changes. A lone journeyman in web site development markets, develops, maintains, and administers this site. Each added feature is a learning experience. Suggestions for improvement are welcome.

Web presentation languages

The natural language of this site is American English. Except for examples and citations, any comments should be written in English, even if the site eventually provides translations into other natural languages.

As markup, this site is migrating to HTML 5, having primarily used HTML 4.01, encoded with UTF-8, which should continue to make the site compatible with almost any relatively recent browser. The change to this unofficial standard involved converting the unsupported “acronym” tags to “abbr” tags; changing the unsupported “name” anchor attributes to “id” attributes; using different table width and cell centering syntax; and switching the “tt” tag to CSS monospace font.

No frames are used. Each link attempts to open in the top-most frame through the anchor (<a>) tag target="_top" attribute, which is not available in XHTML. This may prevent pages from being captured in frames of other web sites.

The developer recently implemented cascading style sheets (CSS), but for most styles and for some entire pages, the presentation will display with the default settings of each browser.

The developer implemented JavaScript to enhance the browsing experience, particular for the validation of data entry and the creation of new items. Since JavaScript presents possible dangers or poor browsing experiences, which some clients avoid with browser plug-ins, such as No Script, or browser preference changes, the site still operates with JavaScript disabled.

For decades, the developer has used EazyDraw from Dekorra Optics LLC on Macintosh computers to produce graphics.


In order to protect the Representing Knowledge web site, some IP addresses may be diverted directly to a login page if credentials have not already been supplied or an IP address may be refused altogether. Contact the administrator out of band to get around these protections.

The site uses Transport Layer Security (TLS), a Secure Sockets Layer (SSL) successor, for all but a few pages, mostly those describing the acceptance of a self-signed certificate or having public information.

Validated certificate

Until February 2014, this site used a self-signed certificate. Since companies like Namecheap can validate a self-signed certificate, turning it into a more acceptable certificate for less than $10 per year rather than the hundreds of dollars needed just a few years ago, this site went through the process. JBoss includes a modified Tomcat server, which uses the Java keytool program to manipulate the keystore. The keytool steps are:

After restarting the web server, the validated certificate should provide enough assurance for users to identify themselves.

Self-signed certificate

Otherwise, encountering a self-signed certificate evokes ominous browser warnings about an untrusted web site. Unfortunately, in order to see most of the content of this site, such a certificate had to be accepted, at least temporarily. Unlike the use of some certificates, a self-signed certificate secures a web site itself rather than viewers. Hence, the maintainer had not paid for more official certificates, which used to cost several hundreds of U.S. dollars from commercial firms like Verisign, Thawte, Digicert, Comodo, GoDaddy, and RSA. Such firms may still manage to have breaches (DigiNotar, Comodo, and RSA). Spending time with the “free” certificate organization CAcert may produce certificates many browsers still may not immediately accept.

Each type and version of browser may behave differently when receiving a self-signed certificate. Some examples:


Only collaborators who register and are authenticated have access to most information. At a minimum, a collaborator must chose an identifier and a password; and give a postal code, such as a U.S. ZIP code, which delimits a general location; and give at least one non-temporary e-mail address. If a collaborator is located in a place without postal codes, then a country, such as Iceland, should suffice. The administrator may use the e-mail address to manually authenticate the collaborator, particularly if the collaborator supplies little other relevant data. After authentication, collaborators get fuller access to the site.

Only authenticated collaborators and administrators can see information about other collaborators. If some collaborators choose to stay anonymous rather than engage in fuller discussions, then other authenticated collaborators will only see identifiers associated with whatever the anonymous collaborators produce and publicize.

To discourage unwanted disruptions, the site may ask registering collaborators to solve a captcha, mostly likely a reCaptcha from Google. The free reCaptcha service could allow Google to determine the social network of site collaborators, but this may be the price of avoiding Internet malefactors.


The administrator can manually reset forgotten passwords.

Collaborator passwords are hashed before being stored, but this does not necessarily protect passwords from discovery. Furthermore, the web site administrator may learn your unencrypted password. As with almost all web site passwords, for improved security, each web site should get a different password.

If the password of a registered collaborator appears compromised or the collaborator identifier is misused, the administrator may contact the collaborator, potentially disabling access until resolving the situation.

Checked that JBoss 5.1.0GA, used to implement this site, has not been and is not susceptible to the Heartbleed vulnerability, which compromises user names and passwords.


Browser sessions may be temporarily tracked with a URL query session name (;JSESSION=) rather than client session cookies, which ordinarily only remain until the browser quits, if the browser refuses to accept such cookies. Unfortunately, without the browser saving cookies, bookmarks may include long, numerical identifier strings, which may interfere with tracking future browser sessions. Fortunately, many activities do not depend on remembering session state, which tends just to increase convenience. The current session maximum inactivity timeout is 1800 seconds (0.5 hours).

Warrant Canary

The site administrators have never received an order under Section 215 of the USA Patriot Act as of August 27, 2022.

Application server

Initially, the web-site application server has also beeen a television and DVR, a 2006 Macintosh™ Mini running Mac OSX 10.5.8 (Leopard), with EyeTV peripherals. An old Macintosh™ running Mac OSX 10.4.11 (Tiger), which is a BSD variant (akin to UNIX® and Linux), provided final tests and hosted the database. Both machines hosted JBoss™ 5.1.0GA on Java 5.0 connecting to PostgreSQL 8.4.5 through JDBC3 9.0-801 and Hibernate 3.0.

Current server info: "WildFly Full 26.0.1.Final (WildFly Core 18.0.4.Final) - 2.2.14.Final"

The upload connection to the Internet is slow (< 4Mbps), which asks patience from downloaders. The connection may be easily overwhelmed.

Implementation layers

In order to support data collection and representation in graphs and tables, the JEE (J2EE) architecture has multiple layers.

JSP implementation

Even though JSPs have the most remote access to the data and are more complex than single computer language code, some operations need to be local to the JSP. The more complex JSPs, particularly for tables and graphs, have several internal sections.

Unusual web site address

The original web site name,, was chosen to avoid costs. NO-IP provides subdomains for free for sites that have a dynamic IP address. A client on the web site periodically connects with NO-IP, which lets NO-IP determine the current IP address of the web site and adjust the NO-IP domain name system (DNS) servers. Lists of dynamic domain name service providers include several free choices.

Now dnsExit.Com provides reasonably priced DNS for the site dynamic IP address. The previous NO-IP DNS addresses forward to them. Local Apache web servers forward standard ports to the implemented ports.

The web site uses the default JBoss ports of 8080 and 8443 for standard and secure connections rather than port 80 for standard HTTP and port 443 for secure HTTPS. The JBoss default ports allow the server to more safely run without super-user privileges, which UNIX®-like systems require for lower numbered ports, even when debugging. Running without super-user privileges already helped prevent more serious damage before JBoss patches were installed. The built-in Apache web server of the Macintosh may attempt to forward those requests that incorrectly do not include the non-standard ports to their corresponding JBoss default ports. This forwarding seems to deter much of the malicious traffic, which router NAT/PAT would not.


During March 2022, recognized that the website infrastructure needed to support TLS 1.2 in order to avoid offputting “modern” browser security warnings or an inability to download encrypted pages at all. Decided to upgrade Mac OS X to at least 10.11 El Capitan but avoid SIP versions, which make application development more difficult. Discovered that Xcode 7.3.1 from is the last version that refers to SDK 10.11. Later SDK versions refer to later Mac OS X functions, which prevent running PostgreSQL 11.15. Version 11.0 began support for procedures, which might improve concurrency. With Mac OS X 10.11 El Capitan, upgraded to the last supported OpenJDK, 16.0.1, and Wildfly 26.

Continuing into 2021, “‘Okay, then I'll make it myself,’ she said. And she did just that.” (fable) Developing a demo.

In January 2020, published JDBC and DataSource Access Logs from Filters and Valves software, which significantly upgrades the Apache JDBCAccessLogValve, which inspired it.

In 2019, created a development experiment site with waiting in reserve. The site has been upgraded to OpenJDK and Jakarta EE 8 versions of Java and JavaEE running Wildfly 17, which replaces the open source JBoss.

In December 2018, changed the name “high-order logic” to “closure logic” after discovering the context logic of the IKRIS project but learning that the name “context logic” was used differently in several different settings including over time in the IKRIS project where it became part of common logic.

During Spring 2017, completed a draft specification of the entity variable matching algorithm, which currently is only available to developers.

Before a talk on Knowledge Representation Goals and Requirements at Silicon Valley Data Science Camp 2016 that the San Francisco Bay Area Association for Computing Machinery (ACM) sponsored, the Knowledge Representation Comparisons page was greatly expanded and used as background. The home Welcome page was correspondingly simplified. The entity variable matching algorithms are being specified for implementation. Produced a substantial quantity of logic statements to encode English natural language syntax, instead of more typical grammars, to allow integrated processing. Will rely on either the Porter or Krovetz (Kstem) stemmer output as part of syntax parsing. Updated graphic examples with better primitive references and natual language parsing support may create more realistic unit tests.

In September 2014, added collaborator-only Knowledge Representation Formats page and, later, updated the graphic examples based on feedback.

In February 2014, purchased a domain name and an SSL certificate and therefore updated several pages. Agreements moved to the collaborator page.

As of January 2013, the Welcome page talks about the research hypothesis. Much of the previous February 2011 more enlarged description of the welcome page is in a separate comparisons of methods page. The administrator is looking for feedback on the more liberal agreement, which previously seemed unwelcoming to potential collaborators.

Registered collaborators may view the current database of mock primitives for testing and, with authentication, a few base-edition () primitives (5) and further primitives presented during a July 2010 Bay Area Artificial Intelligence Meetup talk (see also).

Authenticated collaborators may navigate among editions, whose contents are primitives, and create their own editions to edit primitives. When the name of primitives may be edited, JavaScript displays a button to create primitives. Without JavaScript, entry of new primitives has a work-around:

Since September 2012, an outline-style editor can save changes of conditional probabilities and logical expressions. Looking for comments about the appearance and usability. Since November 2012, collaborators may alternatively edit a KIF-like format of both primitives and groups of conditions with logical expressions.

Collaborators may register to view the site but cannot suggest changes through the site yet. Please let the administrator know out-of-band if you have comments such as expressing a preference to add comments directly to pages.

A public page of references and a glossary page will expand slowly.

A talk explaining information from this web site was given at the San Francisco Bay Area chapter meeting ( on Wednesday, July 18, 2012. Thanks to the ACM chapter leadership for the opportunity to get feedback! If there is interest, a longer version of the talk could be presented.

Site navigation

Only a few pages are visible without logging in.

Copyright © 2022 Robert L. Kirby.  All rights reserved.