(09:00:37 AM) gac410: Hi all - Anyone here for a release meeting? (09:05:32 AM) MichaelDaum: Hi George (09:05:45 AM) gac410: Hi Michael (09:07:26 AM) gac410: I'm considering stopping these regular meetings. The last two have had very limited attendance. There really is not much going on. Last meeting I didn't even capture the logs - vrurg stopped by, as did jomo, but no dev. discussion. (09:07:57 AM) gac410: I'm puttering on my feature proposal, but really nothing to report. There have been no new urgent tasks, and no progress on features. (09:08:18 AM) vrurg: Hi gac410 (09:08:28 AM) gac410: hi vrurg (09:09:33 AM) MichaelDaum: well we should keep the meeting in place, imho, just to give us a date to stop by to sync (09:09:44 AM) MichaelDaum: even when there is nothing specific to report (09:09:46 AM) gac410: Anyway, we are starting to resemble the t* release meetings, 2 people run through an agenda, approve each other's proposals, and chat about not much. (09:10:10 AM) MichaelDaum: I have no problem with that ... other than resembling the t* project (09:10:40 AM) MichaelDaum: we have to face the situation that there are very few contributors atm (09:11:23 AM) gac410: y, not sure how to deal with that. we've somewhat faded away a bit. (09:12:16 AM) gac410: daemon was suggesting that we start to talk up the project on some of the perl lists. try to entice new blood. (09:12:23 AM) vrurg: I tried to give a lighting talk at YAPC/TPC last Tuesday and invite people. But lack of experience & lack of time - failed to say one of two the most important things. :( (09:12:52 AM) gac410: At the same time that also brings some turmoil, and we do try to stay somewhat stable for the install base. (09:12:53 AM) vrurg: Don't think it would work out. (09:13:44 AM) MichaelDaum: honestly, the perl community is tough to get by (09:13:56 AM) MichaelDaum: at least that is what I sensed (09:14:15 AM) gac410: We do seem to have new installs happening. I was recently contacted by two businesses asking for install assistance. One I turned down, wanted it integrated into an old windows small business server. Not my cup of tea. (09:14:17 AM) vrurg: MichaelDaum: I wouldn't say so. (09:14:40 AM) gac410: The other one was nearby, and wanted to convert from twiki. I reviewed their configuration, and they never got back to me. (09:14:52 AM) MichaelDaum: gac410, yes, there is no lack for paid work (09:15:56 AM) MichaelDaum: I recently worked for telecom ... hewlett packard ships documentation as foswiki content together with some of their products (09:16:16 AM) gac410: wow. That's a surprise. (09:16:29 AM) MichaelDaum: I'll be in Finnland next week working for a research company. (09:17:18 AM) gac410: hp actually bundles foswiki on a product? (09:17:55 AM) MichaelDaum: they ship docu as a web that telekom loads into their wiki as static content (09:18:19 AM) gac410: cool. (09:19:14 AM) MichaelDaum: Intel keeps on providing dynamic security scans via rocketboards.org ... paying to fix issues. (09:19:40 AM) gac410: anyway, might as well touch on some dev stuff :D I've been working on the password manager changes. I think I'm doing it right - adding functions to all the modules (09:20:05 AM) gac410: cool Are those filtering back into core? I've not seen much in the way of security fixes recently. (09:20:27 AM) MichaelDaum: all I want to say: foswiki as a brand & product is still highly important and appreciated by lots of companies ... dont forget that! (09:21:05 AM) gac410: good. Thanks. I needed a pep talk :D (09:21:35 AM) gac410: We just need to figure out how to turn some of that back into activity. (09:22:24 AM) MichaelDaum: yea. I am constantly shifting priorities with stuff being developed during projects piling up to be committed back. my problem ... (09:22:32 AM) vrurg: But without new developer, without new entusiasts it may end up nowhere. Even with all the appreciation from the business. (09:23:17 AM) vrurg: Advertising is necessary. (09:23:24 AM) MichaelDaum: there are quite a few high value open source projects out there that face the same dilemma ... last but not least ntp. (09:23:32 AM) gac410: y. With the current status of devs tbh, I've been considering dropping away. Hard to get motivated with same ol same ol every two weeks. (09:24:04 AM) MichaelDaum: gac410, that would be terrible :( (09:24:31 AM) gac410: [off] y. I was trying to help out ntp recently. They have a bunch of servers they want upgraded for foswiki and one converted from twiki, but they seem to have gone quiet. (09:25:25 AM) gac410: well I'll hang in there for a while. But I'm very concerned that we have lost "critical mass" ... (09:25:28 AM) MichaelDaum: [off] NTP is not well funded and Harlan can't promise much of payment. (09:26:16 AM) gac410: [off] y. I've been paid some. and have done some gratis. The VHC work I did was for my own sanity trying to get ready to migrate some of his stuff. (09:26:53 AM) MichaelDaum: well, I'll certainly be staying. (09:27:03 AM) vrurg: Even with my weak ability to convince people I've got one guy pretty interested. Perhaps for no longer than a day, but that was just a minutes of personal conversation. (09:27:54 AM) gac410: Without a "bench" of devs I can't see how we'll every bring vrurg's work forward. And yet it's really important for a next generation of foswiki. (09:28:53 AM) gac410: Looking at migrating some of the twiki changes for that customer. There are some that would really need to be picked up by foswiki. (09:29:23 AM) MichaelDaum: have you got a list of those features? (09:30:19 AM) MichaelDaum: or could you describe at least one that would be worth it? (09:30:37 AM) gac410: One is TOPICTITLE ... that's on our backlog. @twitter handle linking might be useful. (09:31:03 AM) MichaelDaum: @mentioning (09:31:29 AM) gac410: Looks like they might have "web-level" administrators now (09:31:46 AM) MichaelDaum: what could that be good for? (09:31:55 AM) gac410: web admins? (09:32:06 AM) MichaelDaum: I've seen they have got a cache for web meta data (09:32:26 AM) MichaelDaum: but I really can't see the point for it (09:32:41 AM) MichaelDaum: nothing you could not implement using a wiki app (09:33:18 AM) gac410: it's just stuff that needs to be dealt with if someone tries to migrate a 6.x twiki. (09:34:01 AM) MichaelDaum: depends whether people are actually using this cruft (09:34:23 AM) gac410: A lot of lipstick on a pig IMHO, our core changes for unicode and especially perl and cpan compatibility are much much more important. (09:34:58 AM) MichaelDaum: and they dont have a fulltext search engine (09:36:24 AM) gac410: the reason they contacted for migration support was they tried to upgrade their server and had major issues. (ie probably the perl deprecations and bundling of obsolete cpan) (09:36:52 AM) MichaelDaum: y (09:36:57 AM) gac410: I still find it hard to believe that t* is bundling back-level CGI with known CVEs rather than fixing the issues. (09:37:12 AM) MichaelDaum: and I guess they are still running the probject on subversion (09:37:16 AM) gac410: yes (09:37:33 AM) MichaelDaum: yes, that one is particularly bad (09:38:01 AM) gac410: I have a checkout here. I occasionally do an update. every month or two - mostly it's extension changes, and cosmetic tweaks. very little actual development. (09:39:56 AM) gac410: just did an update. Last commit - june 1st. There were 12 in May. and some left-brace fixing in April. (09:44:28 AM) gac410: Looking at their last release meeting. Just approved "excludetopic=" option to the "createweb" api. (09:44:51 AM) gac410: Adding ability to turn off breadcrumbs in topmenu skin ... by web. (09:45:16 AM) MichaelDaum: yawn (09:45:23 AM) gac410: And struggling with CGI::Carp issues, and t.o is losing their hosting server (09:49:59 AM) gac410: anyway. I'm continuing to putter along on my password expiration changes. I think I've extended the API in a way that will coexist with alternative password managers / mappers. (09:50:49 AM) MichaelDaum: thats good to know. will try it out sooner than later. (09:51:41 AM) gac410: If mapper or password manager don't implement the API, the base methods return false for ifPasswordDisabled and changeRequired. but throw errors if core tries to disable a password or expire an account. (09:54:31 AM) gac410: The t* code does a redirect in Foswiki::UI::checkAccess() if a password change is required. I think that's probably the right place to do it. (09:54:42 AM) gac410: I have not implemented that yet. (09:55:28 AM) gac410: I was also considering reworking PasswordReset. we have several open tasks on that. Too easy to annoy someone by requesting password reset's on their behalf. (09:56:16 AM) gac410: we should probably generate a reset confirmation rather than just doing it and mailing out a new password. (09:58:02 AM) gac410: I've been wondering about generating a "ticket" that would allow access to ChangePassword rather than mailing out a new random pass that they then have to change. (09:58:50 AM) gac410: still not sure how to do that though and especially not introduce any security holes. (09:59:10 AM) MichaelDaum: what exactly is the problem with the current impl? (10:00:10 AM) gac410: 1) I can just reset your password. and they you have to deal with it. (10:00:10 AM) gac410: 2) It's emailed out in plain text, (10:00:45 AM) gac410: https://foswiki.org/Tasks/FoswikiUIPasswords (10:00:51 AM) MichaelDaum: the new password will be sent to me (10:01:06 AM) gac410: Yes, but you then have to make a note, or change it back. (10:01:18 AM) gac410: It's not a security hole. But it's annoying. (10:02:27 AM) MichaelDaum: ah okay. so the problem is the old one gets nuked. (10:03:01 AM) gac410: yes. And if I wanted to be an a**hole I could set up a cron job to reset your password at some interval. (10:03:16 AM) MichaelDaum: hens the ticket idea. (10:03:31 AM) gac410: yes (10:03:39 AM) MichaelDaum: I like that (10:03:49 AM) MichaelDaum: needs an expiry time n stuff (10:04:18 AM) gac410: yes Probably very similar to registration / approval. I can borrow a lot of that code I expect. (10:06:54 AM) MichaelDaum: cool (10:06:55 AM) gac410: If the "ticket" could allow access to specific topics, it might also be useful for invitation only registration, etc. But need to ponder that a bit more. (10:07:10 AM) MichaelDaum: we need to add it to the tick-foswiki expiry route as well (10:07:20 AM) gac410: yes (10:07:49 AM) MichaelDaum: I wished we had a way to registerCronJob() for plugins to be called by tick-foswiki (10:08:36 AM) gac410: y that would be nice. I think there are some old proposals around that area - an extension task scheduler. (10:09:00 AM) gac410: I think that is what TimotheLitt was working on before he left. (10:09:40 AM) MichaelDaum: we should keep that in the back of our mind. I keep amassing rest calls in a tools/foswiki_cronjobs.sh which is called during midnite (10:09:42 AM) gac410: But it was a boil the ocean approach iirc. He wanted the old configure to permit unlimited nesting of menus. and the old config couldn't hanle it. (10:10:06 AM) MichaelDaum: kiss (10:11:38 AM) gac410: y. As I was thinking about the password expiration process. I was wondering if that might be an area for a callback / hander dispatch. during checkAccess() processing. (10:14:24 AM) gac410: UI::checkAccess() if passwordExpired -> redirect to (configured) ChangePassword if ( registeredHandlers ) call a accessCheckHandler() returns true or can redirect. But don't want to get too complicated. (10:15:54 AM) gac410: the "accountExpired" could fall into that. thinking of dues-paying membership organization. Didnt' pay your dues by (date). your next login redirects to membership renewal. (10:19:59 AM) gac410: anyway, it was not part of my proposal, so I'll probably just comment a smell - might be a good place for a callback. (10:21:31 AM) MichaelDaum: one step at a time (10:21:38 AM) gac410: y (10:22:52 AM) MichaelDaum: any work that has got clear boundaries, that is makes sense in its own, should be kept as non-invasive as possible. (10:24:54 AM) gac410: y. accountExpires (which harlan wanted) is really hard to keep separate. You either need a shadow file of accounts & expirations, or have to add it to the .htpasswd file. Much cleaner to integrate it vs maintain a separate account table. (10:25:35 AM) gac410: But it is a pretty specialized need - so a strong argument could be made to make it an extension. (10:25:44 AM) vrurg: Ok, I need to go. If there anything for me then I'm gonna be back in a couple of hours. (10:25:59 AM) gac410: however nobody object to my proposal so ... (10:26:11 AM) MichaelDaum: long-term user code should write to a DBD (10:26:17 AM) gac410: vrurg, okay thanks. I think we are ready to wrap up. (10:26:23 AM) MichaelDaum: bye FoswikiOnSlack (10:26:26 AM) MichaelDaum: ^vurg (10:27:13 AM) gac410: MichaelDaum: y indeed. our topic mapper etc is badly in need of a redesign. (10:27:21 AM) MichaelDaum: at some point we need to rewrite all of the user code and make use of DBD ... snap (10:27:57 AM) gac410: Needs a user object too, rather than the mapper / manager approach. (10:28:36 AM) MichaelDaum: btw Modell Aachen have abandoned LdapContrib and are using an internal-only user mapping implementation ... I guess based on UnifiedUserMappingContrib that jast once started (10:28:46 AM) gac410: $user->wikiname() ->loginname ->emails ->isEnabled (10:31:36 AM) gac410: Looks like their code is maintained on github https://github.com/modell-aachen/UnifiedAuthContrib/tree/sprint/riga (10:34:03 AM) MichaelDaum: ah they' (10:34:07 AM) MichaelDaum: ve checked in their code (10:34:55 AM) MichaelDaum: now I see why I missed it: the bulk of their impl is hidden on a separate branch, not merged back to master (10:35:04 AM) gac410: Yes they do keep the code updated, but not in the default branch. If you quickly check github, there seems to be no activity on their ... snap (10:36:07 AM) gac410: At one point I tried to gather all the user mapper NG requirements into a brainstorm topic to help jast structure his code. But I don't think it went anywhere. (10:36:18 AM) gac410: and of course now I cannot find it. (10:37:00 AM) gac410: but really our current CUID / WikiName / LoginName triumvirate is very badly broken (10:41:02 AM) gac410: https://foswiki.org/Development/UserAuthMapping2dot0 (10:45:00 AM) gac410: anyway Thanks everyone. it's approaching an hour 45 let's wrap up. I'll get minutes posted later today. (10:45:27 AM) gac410: Next meeting - Monday July 10th (10:48:38 AM) MichaelDaum: thanks gac410 for keeping up the release meetings !