On Sun, 2011-10-16 at 12:00 +0200, Ting Chen wrote:
today I would like to awake your attention and interest on a very old bug with the number 189: https://bugzilla.wikimedia.org/show_bug.cgi?id=189, and related to it Bug 29630: https://bugzilla.wikimedia.org/show_bug.cgi?id=29630
It is about the possibility of different MediaWiki plug-ins that would enable our projects, mostly WikiSource, but also Wikipedia, to input and show music notes on an easy way. You can really have impact on our projects by addressing this bug and make a lot of Wikisource community members happy.
Any takers on this?
It is my understanding that there are three road blockers on this one:
1) ABC vs Lilypond, and which exact implementation to use. At this point I assume everyone is so sick of waiting that no one will care what is used so long as something is used.
2) IIRC, Brion wanted this to be made around an universal system for handling automatically-generated images, that would also be useful for math and future similar extensions. But since this is such an old request, and such a system is not in sight, perhaps he could look the other way just one more time :)
3) And the big one, security. It has not been shown that any of the proposed implementations is secure. I was thinking that perhaps a way to overcome this would be to have a dedicated system just for handling music rendering. It would work something like this:
a) A dedicated server used only for music rendering. The server runs several virtual machines with the music rendering software. It only accepts the notes and returns the images.
b) When the parent server receives a text with the notes, it only passes it to a free virtual machine. When it receives the images from the virtual machine, it passes them back to the client.
c) If it doesn't receive the images within a certain time, it shuts down the virtual machine, starts a new one and returns an error image to the client.
Is there a hole in this system that would make it possible to hack the parent server by means of a malicious file?