Hi Everyone,
I'd like to invite anyone interested to join in on a secure coding
documentation sprint on Friday of this week (Dec 21st), from 11:30am -
12:30pm PST (19:30-20:30 UTC). If you're interested in joining, but
can't make that specific time, let me know and we may hold more of
these if there's interest.
The goal of this sprint is to both help anyone who is interested learn
about some specific security vulnerabilities, and update our
documentation so that new developers can avoid these issues in the
future.
On Friday, I would like to address a couple of topics where we have
very little documentation:
* DOM-based XSS, and writing secure client side code. Closely related
is general security for gadget developers.
* Protecting private information (i.e., when do developers need to
check if data has been deleted / suppressed)
We'll spend a little time talking about each subject (and some
specific issues we've seen recently), and I'll have a rough article
outline in an etherpad. Then I would like everyone's help fleshing out
the documents so they are clear and informative for other developers
of all skill levels.
I'll have both a google hangout for video, and an audio line for
anyone who prefers to avoid closed technology. If you want to dial in,
please let me know so I can get you a phone number in advance.
Chris
Today, every operation that required captchas failed on every WMF
project with a "Ran out of captcha images" exception. After being
informed of it, I disabled Swift storage for captchas[1][2] after
which everything returned to normal. The problem persisted from 8:21
to 10:58 UTC.
---
[1] https://gerrit.wikimedia.org/r/40351
[2] https://gerrit.wikimedia.org/r/40352
--
Best regards,
Max Semenik ([[User:MaxSem]])
Hi guys!
During writing my tag extension I've face with the problem: sometimes the
UNIQ-QINU MWException has been throwed after my code is finished executing.
I've found the fix
http://www.mediawiki.org/wiki/QINU_fix
that recommends using
$parser->parse($input, $parser->mTitle, $parser->mOptions, false, false);
//in my case $parser is from the function argument.
Does anyone know more about this QINU exception, or where I can read more
about it? And also what are the last three parameters of the
Parser::parse() function? [1]
[1]
http://svn.wikimedia.org/doc/classParser.html#a0e3f2edd4bd47376953dfad4dcfc…
Cheers,
-----
Yury Katkov, WikiVote
Good morning,
I'm glad to announce git-review 1.20 is now available in the FreeBSD port tree.
Installation:
cd /usr/ports/devel/git-review/
make install
Vocabulary:
- a port in FreeBSD is a Makefile "cookbook" to download, compile when
needed and install an application;
- a package is the binary distribution prepared from this port; it is
automatically generated from FreeBSD build machines.
I will maintain this port.
--
Best Regards,
Sébastien Santoro aka Dereckson
http://www.dereckson.be/
I hereby celebrate that we've merged Ankur Anand's (drecodeam's) Flickr
integration work into UploadWizard, and that administrators on Commons
can now upload photos directly from Flickr. See
https://bugzilla.wikimedia.org/show_bug.cgi?id=28731 .
Once we've shaken this out on the live site, I believe we'll be able to
open it up so all users will be able to upload multiple images at once
from Flickr to Wikimedia Commons. I can only imagine how great this
will be for Wiki Loves Monuments next year. :-) Thanks to Ankur, Ryan
Kaldari, Mark Holmquist, and everyone else who worked on this!
The Gerrit changeset that went through 26 patchsets (if at first you
don't succeed, try, try again): https://gerrit.wikimedia.org/r/#/c/12269/
Ankur worked on this as part of his 2012 Google Summer of Code project.
His HTML5 drag-and-drop support and geolocation metadata import
for UploadWizard, still need polish before we can merge them:
https://gerrit.wikimedia.org/r/#/q/owner:drecodeam+status:open,n,z Feel
free to help.
Also, our blog post about this year's GSoC students is now re-posted on
the Google open source blog:
http://google-opensource.blogspot.com/2012/11/wikimedia-students-share-thei…
--
Sumana Harihareswara
Engineering Community Manager
Wikimedia Foundation
Hi, a year ago there was a discussion without conclusions pushed by
Guillaume:
http://thread.gmane.org/gmane.science.linguistics.wikipedia.technical/56962/
Based on that discussion and the current state of things, I just posted
a proposal at http://www.mediawiki.org/wiki/Talk:Social_media
Summary for the lazy email reader: :)
* One and only one @mediawiki account for relevant project news. Sumana
and me have access to it. Ideas welcome to improve the current situation.
* Only http://blog.wikimedia.org/c/technology/ and other potential
curated sources will be aggregated. The rest will be edited manually.
* Accounts created by MediaWiki Groups will be followed.
* @wikimediatech is fine as a bot driven account. As soon as I find out
who has access to that account I will propose a rename to something
'mediawiki' for naming consistency (privately, this is like discussing
domain names). Followers will be unaffected.
* And that's it. All the rest is to be cleaned.
--
Quim Gil
Technical Contributor Coordinator @ Wikimedia Foundation
http://www.mediawiki.org/wiki/User:Qgil
OSCON call for papers is now open:
July 22-26 at Portland (USA)
http://www.oscon.com/oscon2013
Anybody considering? Thoughts?
If we are interested: OSCON is a tough venue when it comes to get
proposals accepted. Good planning and coordination does help, and this
is why I'm asking here & now.
--
Quim Gil
Technical Contributor Coordinator @ Wikimedia Foundation
http://www.mediawiki.org/wiki/User:Qgil
Hello,
For a long time now we have been reviewing changes that contains
unwanted trailing whitespaces. To make sure the patch submitter is
warned about it, I have enabled trailing whitespace check on
mediawiki/core.git
The bug report is:
https://bugzilla.wikimedia.org/42628
I have only enabled such check on the mediawiki/core.git repository for
now. If that went well I will look up at enabling it on other repos.
cheer,
--
Antoine "hashar" Musso