Re: [Wikitech-l] Discuss skins work this Friday, 20 June

[Bartosz Dziewoński]

On Fri, 20 Jun 2014 23:23:01 +0200, Sumana Harihareswara 
 wrote:


(he'll be sending some links to the list shortly)


Everybody has thrown themselves at my patches so frantically, the only ones I 
have left are the ones that are not ready to be merged right now :) 
Nevertheless I'd welcome comments on them.

I've ran into one interesting problem – it'd be lovely to provide and display 
screenshots of the skins in some prominent places (e.g. the installer and user 
preferences), but there is currently no reasonable way to do this. Ideas 
welcome at https://bugzilla.wikimedia.org/show_bug.cgi?id=66295 .

Outstanding patches:

* https://gerrit.wikimedia.org/r/136615 "SpecialVersion: Show 'Skins' and 
'Extensions' in separate sections"
* https://gerrit.wikimedia.org/r/138652 "Support for enabling skins in the 
installer"

I also have a pair of patches for the Vector skin (not directly related to the project) 
that could use reviews: https://gerrit.wikimedia.org/r/138368 and 
https://gerrit.wikimedia.org/r/138369 "Stop using a suboptimal structure for 
Vector's variants menu".

--
Matma Rex

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Discuss skins work this Friday, 20 June

[Sumana Harihareswara]

On 06/16/2014 07:40 PM, Sumana Harihareswara wrote:
> Big changes are coming to MediaWiki's skin systems this summer; Friday
> at 18:00 UTC is a chance to ask for details, review code, and watch out
> for snags.
> https://www.mediawiki.org/wiki/Architecture_meetings/RFC_review_2014-06-20

The log & summary are up
https://www.mediawiki.org/wiki/Architecture_meetings/RFC_review_2014-06-20#Full_log
. The very short version: please do review MatmaRex's patches (he'll be
sending some links to the list shortly), and watch out for more
communication from Trevor onwiki and on IRC in the next week.

-- 
Sumana Harihareswara
Senior Technical Writer
Wikimedia Foundation

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Roadmap and deployment highlights - week of June 23rd

[aude]

On Fri, Jun 20, 2014 at 10:57 PM, Greg Grossmeier 
wrote:

> Hello and welcome to the latest edition of the WMF Engineering Roadmap
> and Deployment update.
>
> The full log of planned deployments next week can be found at:
> 
>
> A quick list of notable items...
>
>
> == Tuesday ==
>
> * MediaWiki deploy
> ** group1 to 1.24wmf10: All non-Wikipedia sites (Wiktionary, Wikisource,
>Wikinews, Wikibooks, Wikiquote, Wikiversity, and a few other sites)
> ** 
>
> * The "In other projects" sidebar Beta Feature will be enabled.
> ** 
>
>
We had to push this back, as we are not deploying anything new this week.
 We hope to enable this 2 weeks later.

Sorry if we forgot to update the calendar.

Cheers,
Katie



>
> == Wednesday ==
> * The updated Android Wikipedia app will be released via Google Play
>
>
> == Thursday ==
>
> * MediaWiki deploy
> ** group2 to 1.24wmf10 (all Wikipedias)
> ** group0 to 1.24wmf11 (test/test2/testwikidata/mediawiki)
>
>
> Thanks and as always, questions and comments welcome,
>
> --
> | Greg GrossmeierGPG: B2FA 27B1 F7EB D327 6B8E |
> | identi.ca: @gregA18D 1138 8E47 FAC8 1C7D |
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



-- 
@wikimediadc / @wikidata
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Roadmap and deployment highlights - week of June 23rd

[Greg Grossmeier]

Hello and welcome to the latest edition of the WMF Engineering Roadmap
and Deployment update.

The full log of planned deployments next week can be found at:


A quick list of notable items...


== Tuesday ==

* MediaWiki deploy
** group1 to 1.24wmf10: All non-Wikipedia sites (Wiktionary, Wikisource,
   Wikinews, Wikibooks, Wikiquote, Wikiversity, and a few other sites)
** 

* The "In other projects" sidebar Beta Feature will be enabled.
** 


== Wednesday ==
* The updated Android Wikipedia app will be released via Google Play


== Thursday ==

* MediaWiki deploy
** group2 to 1.24wmf10 (all Wikipedias)
** group0 to 1.24wmf11 (test/test2/testwikidata/mediawiki)


Thanks and as always, questions and comments welcome,

-- 
| Greg GrossmeierGPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca: @gregA18D 1138 8E47 FAC8 1C7D |


signature.asc
Description: Digital signature
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Version 1 of Rating and review system for MW extensions is out

[Aditya Chaturvedi]

Hi everyone,
Its a pleasure to inform you that the feature for rating and review on
extensions has been deployed on WikiApiary.com . It would be great if you
all can submit some reviews on the extensions known to you to enrich the
site and help in data collection. Please visit the individual pages of
extensions and submit your rating. (For example ParserFunctions
 )
The second step to involve to copy these ratings back to MW.o pages.
For this it is important to have some good data collected at wikiapiary.

Thanks and Regards,
Aditya.
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Discuss skins work this Friday, 20 June

[Sumana Harihareswara]

On 06/16/2014 07:40 PM, Sumana Harihareswara wrote:
> Big changes are coming to MediaWiki's skin systems this summer; Friday
> at 18:00 UTC is a chance to ask for details, review code, and watch out
> for snags.
> https://www.mediawiki.org/wiki/Architecture_meetings/RFC_review_2014-06-20
> 
> https://www.mediawiki.org/wiki/Requests_for_comment/Redo_skin_framework
> has Trevor Parscal's proposal: "Skins can be made out of widgets, server
> and client side objects which render/manage discrete elements on the
> page. A skin can then have a standard API on the server and client,
> which other software can rely on."
> 
> https://www.mediawiki.org/wiki/Separating_skins_from_core_MediaWiki has
> Bartosz's (MatmaRex's) work: "tl;dr Let's start putting all skins files
> in a single directory, and let's use a grown-up structure with one class
> per file + separate init code for them. Okay?" He also has several
> patches awaiting review, such as:
> 
>  136325: beta: bring in mediawiki/skins.git
>  136531: SkinTemplate: Move $stylename to Skin and soft-deprecate
>  138652: Support for enabling skins in the installer
>  135413: Separate Vector skin from core
>  138795: Separate MonoBook skin from core
>  138368: Stop using a suboptimal structure for Vector's variants menu
>  138369: Stop using a suboptimal structure for Vector's variants menu
> (cont.)
>  136615: SpecialVersion: Show 'Skins' and 'Extensions' in separate sections
> 
> Links at
> https://www.mediawiki.org/wiki/Architecture_meetings/RFC_review_2014-06-20#Topics
> . We'll meet in #wikimedia-office on Freenode. Time:
> http://www.timeanddate.com/worldclock/fixedtime.html?msg=Skin+discussion&iso=20140620T18&p1=1440&ah=1
> 
> 
> 7pm-8pm London
> 2pm-3pm Washington, DC
> 11am-noon San Francisco
> 
> Sorry that the timing's bad for Asia/Australia; I know MatmaRex and
> Trevor do respond to onwiki/Gerrit comments if you want to comment there.
> 
> If we have extra time this Friday, perhaps people can comment on
> https://www.mediawiki.org/wiki/Requests_for_comment/Alternate_disclosure_policy
> or https://www.mediawiki.org/wiki/Requests_for_comment/SOA_Authentication .

This will be in about 45 minutes in #wikimedia-office.

-- 
Sumana Harihareswara
Senior Technical Writer
Wikimedia Foundation

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] SVG linking of external images/bitmaps - xlink:href should support http(s) resources

[Chris Steipp]

On Thu, Jun 19, 2014 at 11:15 PM, "Christian Müller"  wrote:
>> Sent: Dienstag, 27. Mai 2014 um 21:21 Uhr
>> From: "Chris Steipp" 
>> To: "Wikimedia developers" 
>> Subject: Re: [Wikitech-l] SVG linking of external images/bitmaps - 
>> xlink:href should support http(s) resources
>> On Tue, May 27, 2014 at 9:37 AM, "Christian Müller"  wrote:
>>
>> > https://bugzilla.wikimedia.org/show_bug.cgi?id=65724#c3
>>
>> [..] Trusting an image library to correctly speak http
>> without a memory corruption seems a little scary as well, but I'll admit I
>> haven't looked at librsvg's code myself.
>
> In any case, it'd be the image library to fix.  Restricting access is an
> arguably crude workaround due to diffuse fears.  It breaks the standard
> and makes technology less useful to its users.
>
>> [..], if there are any
>> major browsers that will pull those resources in and let an attacker see
>> the user's IP address, we shouldn't allow that... hmm, and now that I read
>> the bug, I see this is firefox'es behavior in the image you uploaded. We
>> probably want to block that behavior.
>
> Yeah, Firefox's decision to adhere fully to the SVG standard is right imho,
> since it has to measure itself in compatibility tests with other browsers.
>
> If WP decides to cripple the standard for security reasons, that's their
> beer, but please stop starting to cripple user browsers.  Security of that
> is in the hand of users, they have to make the decision wich browser to
> use and whether that ought to be a security enhanced one with less standard
> compliance, or a full featured one like FF.

I meant that because those browsers are fully implementing the spec,
MediaWiki needs to protect our users privacy in case that is used. We
have no influence over Firefox development, and I agree, the browsers
should implement the spec. We just need to ensure we are taking
precautions in that context.

>
>> Allowing a whitelist of WMF domains via https may be possible. In general,
>> the security checking we do on uploaded files is complex enough that I
>> don't like adding another layer of specific checks and exceptions, but if
>> we can find a relatively simple way to do it that maintains our security
>> and privacy requirements, then I wouldn't stand in the way.
>
> Ok, within WP scope, hosting external dep files on foreign servers is out
> of reach, security- and longlivety-wise - it seems everyone agrees on this.
>
> Afai am concerned, two short-term achievable issues remain:
>
> 1) allow certain WMF domains via https for thumbnail generation and librsvg
>processing in general - this is to adhere to SVG standard, as long as
>dependant files remain in wikimedia universe.
>(Is there a chance for this to make it into 1.24git?)

Like I said, if someone can find a simple way to do this, we can allow
it in MediaWiki. If someone wants to work on it, one of the first
steps is to get the security/privacy requirements defined (along with
the function requirements, like cscott brought up in the reference
below). Most have been brought up here or on that bug, but someone
should distill those somewhere.

> 2) fixing chunked upload to not bail out on chunks that are exclusively
>base64 encoded and hence make valid files that include this base64
>chunk fail on upload - with an unusable error description.

This will unfortunately require a different approach to how we do
stashed/chunked uploads. Currently, each chunk is actually available
from the server as a file. So each piece has to be checked for xss
vectors, which is why your chunks currently fail. The stash will need
to be inaccessible to end users.

> Farther off might be the need to rethink part of the file infrastructure,
> to either broadly allow formats that are not self contained OR make a
> strong and reasoned decision against that and document it for wikipedians.
> This has been suggested here:
>   http://lists.wikimedia.org/pipermail/wikitech-l/2014-May/076700.html
>
>
> Regards,
> Christian
>
> ps:
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] [Engineering] Tech Talk: A few Python Tips

[Sumana Harihareswara]

On 06/18/2014 06:57 PM, Quim Gil wrote:
> Hi, we are hosting a Tech Talk tomorrow Thursday  June 19 at 19:30 UTC:
> 
> A Few Python Tips, by Sumana Harihareswara
> 
> Details: https://www.mediawiki.org/wiki/Meetings/2014-06-19
> 
> Video: https://plus.google.com/events/c4rjtirsfsn0am6jqhpjob6eakc
> 
> Local times:
> http://www.timeanddate.com/worldclock/fixedtime.html?iso=20140619T1230&p1=283&ah=1

I put notes, including sample code, up at
https://www.mediawiki.org/wiki/Talk:Meetings/2014-06-19 . I got feedback
that I went very fast, so when I give this talk next week at Open Source
Bridge, I'm going to leave out the PEP 8 stuff so I can go slower on
everything else, and I'll speak aloud as I'm typing so that people can
follow what I'm doing better.

-- 
Sumana Harihareswara
Senior Technical Writer
Wikimedia Foundation

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l