Discuss 7 April 2023 MWstake Meeting

From MWStake
Revision as of 14:41, 7 April 2023 by Bryandamon (talk | contribs) (Created page with "'''Raw transcript:'''<br> (00:01) '''Mark:''' Yeah. All right. Who's? And it mute myself. Um, Caregogo. Go (00:16) '''Gergo:''' it's someone has a lot of background noise. I...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Raw transcript:

(00:01) Mark: Yeah. All right. Who's? And it mute myself. Um, Caregogo. Go

(00:16) Gergo: it's someone has a lot of background noise. I think Greg, maybe. Could you put yourself?

(00:26) Greg: Is it? I I will

(00:28) Gergo: I think I'm not sure. Yeah, thanks. So maybe we can use the links to the Internet is in the chat. Biggest news, I think, is the dropping of Internet Explorer 11 support. So starting with media, Ricky Van, but 41, which comes out half a year from now. Internet Explorer 11 will get the no JavaScript treatment so Editing and reading pages will work via. Pure Server, only logic and all JavaScript is going to be Disably.

(01:08) Gergo: Disabled resource loader is, is going to refuse to load JavaScript basically. System Foundation websites. The usage was tiny, like tens of a person, something like that, and it's the one remaining supported browser. That's It doesn't that has a lot of lag in what kind of Internet standards it's about. So it was a bit of a pain point.

(01:33) Gergo: So that's happening. in half a year or I guess if you are developing for maybe a wiki Master. And then currently, because 1.40 has just been branched off. The next most important news probably is the secretaries. For all supported branches and for a bunch of extensions. Everything must have most of the budget issues are not. Particularly scary. The biggest thing is A and XSS. JavaScript injection, vulnerability in the widgets extension, which I think was fairly easy to exploit without special privileges.

(02:20) Gergo: Most of the other issues are either minor or you need like check user access or interface of data access or something like that of them. But widgets one seems relatively So if you use that, it should be scary. interested.

(02:35) Brian W: Do you mind if I add something about the widget one? I'm so in addition to that excess stuff, there's also a remote code execution. If you haven't updated your composer dependencies of which it's like recently and that's very scary, you should definitely make sure that your version of smarty, which would be installed by composers up to date.

(03:03) Gergo: Of thanks for the heads up. Should you send something about that to the guitar chord or did that happen and did I overlook it?

(03:12) Brian W: It's there, but the description in the extension. Supplement is. Unfortunately, vague. And like it's described. It just has the title debug task, which is make a security release for which it's Which I don't know why that was put there, but it's like not a very helpful description of the issue.

(03:39) Gergo: Yeah, that's not really.

(03:39) Mark: Could. Could you repeat?

(03:41) Gergo:

(03:42) Mark: What the issue is? I was I was busy helping Jeffrey, get on. So could your people

(03:49) Brian W: So, there's a bug and smarty which is a dependency of widgets. And basically if you run composer update, you're fine. But if you I have an old version of widgets or if you installed it get and have it run compose update in like a long time? It's possible that someone who could edge, it edit the widgets namespace on your wiki, I could execute PHP code and take over your server.

(04:22) Brian W: But it shouldn't be possible for someone without like access to the widget namespace. So it's not like anyone on the Internet. so I guess is that

(04:34) Mark: Yeah, I that seems like it's important for people to know but it is good.

(04:42) Gergo: Yeah, thank you for pointing that out. So in another news, media wiki even

(04:52) Gergo: 40 has been branched and the first release candidate should be happening about now. Welcome, as usual. if you use Garrett for your code repository, that have been some quite nice improvements, I think just work, I'm not hundred percent sure if you need to do anything for the early learning. But some of them is an early learning about which Tells you about failures before the entire process of multiple tests after each other finishing.

(05:30) Gergo: So if you have tests which run for half an hour, I guess that's only a case for foundation repositories then You get the error messages after five minutes instead, and the other change is that you can see the The progress status as icons at the top of the patch. In other news. There are two ongoing discussions in the technical decision making process run about creating guidelines for all Media, Wiki development about APIs, how APIs should be used how? But policies, they should have security requirements, you should have for APIs and so on.

(06:12) Gergo: The other change is about anonymous preferences. So stuff, like dark mode, or Text size which currently there is no way to store those. So so finding a way to store such preferences in cookies. What is my number of preferences for Non-locked in users, and, and figuring out a way to make that work without breaking caching on large traffic size. This is technical decision making process. So the link tasks are kind of feels less.

(06:50) Gergo: Hopefully eventually we are going to have information. And still able to have discussions about it. In related news, the technical decision making process is doing retrospective. And maybe the process is going to be reformed. The second link in the other part about the retro is a call for feedback at this point, a call for feedback about the retro process itself. That's the first step and then the eventual.

(07:22) Gergo: calls for feedback about the technical decision making processes opposite Metro in other news, the mobile content service is being decommissioned. This is a service that foundation run for its own website, it's open source, but it's very unlikely that anyone would have used it and would be affected by, its it's HTML format, it's specifically to be useful for the mobile apps, so probably in the bankers, but just in case, And the last bit of news, is that the Foundation's performance team put out an updated performance guidelines? So if you are working on a high traffic site, maybe there are interesting, insights in that All for this month.

(08:20) Greg: Cool. Those are all great updates. I was not aware of most of them except for the security release.

(08:30) Mark: Yeah, I my experience with the Platform. Like what was this? The retrospective that the technical decision making process? That was interesting? Because I was asked to join that and then there was a lot of noise about people, you know, saying How did he get on there? And I was like, I was asked So anyway, um, and it seems like there's a lot of there's trouble in this area with Wikimedia, it looks like just there's, Confusion.

(09:07) Mark: so, Anyway. Thomas, can you share your screen or do I need? I'm trying to figure out how to do to share your video, Brian. Can you share a video?

(09:27) Bryan H: Yeah, you, if you have it on your computer, you just share your tab that has the video your window.

(09:34) Mark: Yeah, I'm I'm just not. Well I guess I can try that but I'm kind of

(09:39) Bryan H: I can do it if you send me whatever you want, but yeah. It should work for you.

(09:44) Mark: It's actually it's hidden on the meeting page. It's in a comment on a meeting page. There's a URL there. Let me send it to the

(10:00) Mark: Form. Trying to figure out how to get this. Yeah, there it is. Okay. And I guess I will, I will I can try sharing this the thing but I'm This is that this is video Thomas made. Let's see if I can share my I guess I'll share the tab before I start the video, so Here we go. New. Tab.

(10:45) Bryan H: You can see your Google screen.

(10:47) Mark: Yeah. Let me know if you can't hear it.

(11:08) Mark: It's great, it's breaking up but could you hear it?

(11:11) Bryan H: You can hear it, yeah.

(11:12) Mark: Okay, I'm gonna give it a little time to buffer here and then hopefully, it'll it'll play right through. Presentation of page ownership. What is page ownership? Page ownership is an extension to manage permissions, created with the intent to assume to any user or group a page and this subpages. You can download it at this address, The first commit was one year a few more few months ago Then the version 102 was a major technique upgrade called Better Organizes You Performed. Here he wanted. This is related link on Jerry. I will post it the PDF. It's prose.

(11:58) Mark: Futures are user-friendly interface with all UI forms and widgets uses a wide range of hooks to handle transclusions, cash and semantic media wiki with regard of UX UI, I think is where design it. It's cost up to version 103. Another similar permissions right? Managers does not handle permissions in a granular way and the way as permissions are entered are arbitrary specifically you can set three rules, really add it to and admin but such rose don't reflect the standard media.

(12:37) Mark: We keep permission logics Here is an example, please check it a few seconds or your own. In the example, you can see the first input which is a customer or UI widget. Specifically our users Multisellite Widget which is an extension of the OH UI menu tag Multi select Widget which which has been further extended into a groups, Users Multi, select Widget, where you can insert both users and groups in the same input.

(13:19) Mark: This requires improvements both in the JavaScript and PHP files. With regard of the PHP side, you add a custom class in the Media Week is HTML form class in this way. Then in the form, descriptor, you have the following. Please check it a few seconds or your own. Not that the input type in the form, reflects the key of the type Mappings class variable. Not also, that array flip function.

(14:07) Mark: This is because characteristically media weak drop down inputs use as key, the localized value. And as value, the actual value here is an example. This is taken from the Includes a special specialist group Rights. Media Week is standard file. Then in order to create the HTML groups, uses multiple class. I have a standard the HTML uses modulate field inside the include this html4 fields and already, then the methods that needed to be REFRATTERED in general.

(15:01) Mark: If there are all, if a few changes, I have the comment that it is so you can identify them easily leaving the original copyright notice here is to be noted also the following Please check whether the arrows. That is the call to the Attra input class when the inclusion of the related JavaScript file. If you will open follow those files, you will find the original files, just copied leaving the original copyright.

(15:35) Mark: We just summed it when needed just check all of these if you are interested and you want to add it existing widget or created new ones, Another approach of the original extension page ownership is the two steps designed in order to create a new permissions and co-sequently. The pages in the first step you have a list of permissions applied to a specific page or if the latest special page is actually from the list of special pages to all pages of the week and in the second step, you can add it such set of permissions.

(16:18) Mark: By this may not added to exclude or include the users in the same control panel for the same set of rise. But you can create an additional set of rights per uses. And groups here is a screenshot of the pages, split in Apple and bottom part. This is the bottom part. The upper part contains a filter. If it related special page is not open from an article as mentioned about and the bottom part.

(16:58) Mark: Contains the list of permissions related to as specific page or for the week. And you can see the columns the role and permissions that together with Page are the most significant. now, with Page own Ership still. A lot of charity but very recently. I have just resigned all of that except the process in order to create something more universal unless arbitrary. All right. Thank you. Thank you, Thomas for that.

(17:41) Mark: I know we've been very interested in this. Extension is there anyone who, who

(17:50) Mark: has tried out his extension before this presentation? I thought I thought I heard Cindy I thought you were looking at. But, you know, Obviously, I'm not right.

(18:07) Bryan H: I haven't but I'd be interested. Also it's just a thought. Is this something that we could possibly try on MW State or See it in action somewhere.

(18:21) Mark: Yeah, Thomas. Do you have? You have an example of this. On a wiki somewhere, a public wiki.

(18:39) Mark: Let's go check the Wikipedia page. Yeah. The the extension page that he pointed to is, is rather Extensive. And get includes other information. That was

(19:05) Cindy: He commented in the comments. As you said he's

(19:07) Mark: Yeah.

(19:10) Gergo: Is the presentation public? Is it okay to share in the

(19:17) Mark: I've already linked it on the. I've already linked it on the meeting

(19:22) Mark: page but you can put in the ether pad, too I think. Yeah.

(19:40) Mark: On Wikisphere org. It's installed on the previous. Look at that.

(19:56) Mark: Are there pages that? Let's see. Are there pages we can look at on this. On wikisphere.org. That would help us see how this is working. Looks like it's

(20:20) Mark: I see it has a Properties tag tab on there, which I haven't seen before, which I guess is page properties.

(20:34) Cindy: Page properties is different than

(20:36) Cindy: page ownership though.

(20:37) Mark: Yeah.

(20:52) Mark: Semantic. Yeah. Okay. So

(21:01) Bryan H: And what's the integration with semantic medi-wiki? Is it required to have? Or is it helpful for

(21:15) Greg: I'm not answering that question. But I'm just saying, I want to say that there is a special page called, I Think It's Special page ownership, but and you can in because it's

(21:25) Greg: installed on wikisphere.org, you might possibly access it, but you have to log in first. So you either have to like create an account or login in order to see that special page. But that's one way to see this in

(21:39) Greg: action.

(21:43) Mark: if you have experience with this extension,

(21:47) Greg: I do not, I'm just reading through Doc Docs and extension pages

(21:52) Mark: Oh, okay.

(22:01) Bryan H: I know there's a few. Extensions, that provide. you know, edit access not view access. But what earlier is there some way to understand the differences between them?

(22:17) Mark: Someone should come up with the table of a comparison between the various extensions.

(22:24) Mark: It sounds like a project.

(22:32) Greg: Mark, did you just volunteer yourself again? Just kidding.

(22:34) Mark: no, I I absolutely did not and I'm trying to avoid a whole issue like we had with the comparison between

(22:42) Mark: different extensions and people got upset about Content being taken anyway, trying to avoid all that.

(22:53) Brian W: I mean, the big difference with any view. Restriction extension is like 30% of them. Don't work correctly.

(23:04) Mark: so yeah, I I think what would be really interesting for this extension is We had a better understanding of what of what it. Is supposed to do what it constrains and what it cannot do because of, you know, Media Wiki Just how Media Wiki is built. Um, it would it would be interesting Brian. If you could if you could look at this in you know give us You know, not not today, obviously but you know? Eventually look at this and maybe toss some questions back and forth with Thomas about how it works.

(23:47) Mark: And It seems like your your insight into how security and all

(23:54) Mark: that works on media wiki would help. You know, help us understand what, what this, how it does and how it works.

(24:06) Brian W: Maybe I can't make any promises.

(24:09) Mark: Of course, not I'm not asking you to make any promises. I'm just suggesting work for you to do and I know that you you don't have to accept that work.

(24:24) Mark: Yeah, I know. I know, I know people love me to assign them more but you I'm not doing it.

(24:32) Bryan H: At a very basic level. Is it a bureaucrat that has the the ability to assign? and then from them on, I mean, how does it work? Where like can I can I just protect a pages and normal user? For myself and then nobody can do anything. Is there like a top level,

(24:57) Mark: Yeah, that that's a good question. Thomas it who If I create a page, then can I say that? I own that page, and I'm the only one who can modify it. And and I do appreciate what you're saying about. You know that you're using the UI. That mean you wiki has I really like

(25:17) Mark: what you've done with the existing UI

(25:36) Mark: And Gergo just posted a link. Oh, it. So, you're not extending the the

(25:45) Mark: permissions extension.

(26:03) Mark: Okay. I mean if if you're saying this is just basically, it looks like what you're saying then is this is just a Improvement. It's not just but it's mainly an improvement of the UI for how

(26:23) Mark: ownership works. Which that was definitely needed as well. So because ownership, you know, these permissions on the pages are not something that we can Wikipedia is really focused on either. So and it is, it is you know, it is when I've looked at the page permissions and editing who can do what on Page, I

(26:52) Mark: I knew I was gonna have to spend some time looking at it before I really understood it. Um, and Gergo pointed to a link of comparison of different things. So, see, I don't have to write this thing. I believe Greg. You were talking about that. I don't have to write it. Figures already pointed to one.

(27:18) Bryan H: well,

(27:18) Greg: Yes. So my takeaway might take away is that this is a user friendly interface from Thomas's comment. This is a user-friendly interface to the Media, Wiki permissioning system, which exists. And um and and looking at the extension page in the features heading. There is a quick list of the permissions by type such as Reading Editing, Management Administration and Technical. So those are all different types of permissions that Media Wiki already supports.

(27:58) Greg: But they're a little bit cranky and hard to apply or see. And and so, it looks like this extension is all about providing a Oh you I You know, Media Wiki user interface forms enabled kind of improved. Use it interface to that.

(28:17) Greg: That's what it seems like if I'm understanding correctly and one other comment, I want to make is just that so many people forget that there's, you can, um, what is it called? When you lock a page, right? Like Protect, when you protect a page, um, that's just like me do wiki fundamental, You know, you can, if, if you have some sensitive content somewhere, anywhere in the wiki, whether it's a template, whether it's the main page or whatever page it is, you can just protect the page and, and that alone, lets you kind of lock

(28:52) Greg: it down to administrators or whatever. And so even though media wiki is designed to be completely open and completely kind of egalitarian. It does come with some, Controls that at least let you decide who can kind of who can do what on specific pages.

(29:12) Mark: So you know it based upon what you and Thomas are saying it occurred to me that this is something that would be useful for you know, corporate users who want to who talk about. Hey, we want to have these these permissions and without without saying, You know, we can do whatever you want. You know, corporate customer, here's the things. This would expose to them. What is available? So, yeah, that that's that seems like a good thing.

(29:46) Brian W: I would add that this seems to spend

(29:48) Brian W: some time also, During things to make few restrictions work a little more successfully than they do just out of the box. It seems to try and prevent prizio caching of views that like print cash pollution issues where like the wrong user can view a cached version of a page, they shouldn't be able to kind of seems to do stuff with SMW to prevent looking up restricted pages. So there's that as well.

(30:19) Mark: So so not only is it making the UI friendlier a little, it's also improving some tightening up. Some issues like you you mentioned the caching so overall, this looks like a very, very good thing to have

(30:43) Bryan H: It does talk about the ability to maybe limit reading. But then there's just a general warning that always pops up on any page that attempts that about don't, don't trust that this will do it. And so, is it? Something that there's either a thought that it works now or it will actually be not completely but More secure in the future or is protecting against reading. Still something that just shouldn't be attempted for the most part and medi-wiki.

(31:18) Brian W: And that template is sometimes a little bit of a lie. I mean, there's some truth to it, but also there's like, I think nobody wants to be the person to remove that

(31:30) Brian W: template and then get blamed for the results. but, Either way, like read restrictions are always an afterthought in mediocre, so there's There's probably always the risk of an overlooked case, or I don't know if you're storing nuclear secrets in media, wiki don't use weak restrictions.

(31:53) Bryan H: Yeah, and I'm not looking for a hundred percent, just You know, sometimes I look at that and I assume that it means that there's like a lot of known bugs and

(32:02) Bryan H: you really shouldn't do it versus. We think it's pretty good, but who knows which is kind of always the case.

(32:09) Brian W: yeah, like some of the read restrictions are are fairly good, especially the ones that are basically. The entire wiki, you can't basically the ones where like There's no people who have read restrictions, apply to them. Also are not allowed to edit those extensions tend to be fairly. Good. The ones where there's like users can edit some pages and then also their restricted from reading some other pages that tends to follow the rails a little bit with templates.

(32:47) Brian W: Although this extension does look like it tries to address that. um, but there's a lot of kind of risk and media wiki of basically, Something getting cached somewhere but the and a person. Like the cash version was made for somebody other than the person who sees it eventually there's usually the big risk and it's Kind of hard to tell from the outside that you caught every case like this so many funky little cases.

(33:18) Brian W: And like, if I was making an application where this was like a core requirement, I would kind of want me to repeat court to feel like that's a core requirement and not kind of do it as an afterthought because that's kind of like it's scary thing and special and such a big application. Like media will give not everyone is kind of on board with this being requirement. It's a lot of risk. Someone will introduce something.

(33:41) Brian W: Or just like because they think like well, we research and other things, I don't have to worry about it. So it's always kind of scary to kind of do that sort of thing an extension where people Might not be the extent, right? It might not be aware of everything media. Like no one can be aware of like every single line of mediocre gets huge. So, you know, there's always kind of risk on doing it, kind of learning it over top.

(34:06) Bryan H: What the immediate thing that comes to mind is either mediocre, default search or elasticsearch? Returning snippets of information, that is on the page, that shouldn't be shown to the user.

(34:19) Brian W: Yeah that's it. It's a good case. Other things that have been problems in the past have been like RSS. Feeds are common one that extensions don't handle. I don't know if that's still true but that used to be Template inclusion used to be a big one although that's kind of improved in recent years. And then other extensions like DPL and SMW also do their own thing.

(34:48) Greg: And so other extensions can do the wrong thing and including caching like SMW has its own, you know, caches like query caches and stuff like that. And then and then there's always special, you know, like recent changes and And/or, Special logs. So Media Wiki has a lot of pieces that all cooperate together and and it gets a little dicey when you come after the fact and try to segregate this stuff.

(35:16) Greg: And one thing I can say about Thomas's work, what I've seen is, he gets down into the nitty-gritty and uses the appropriate, you know, like integrations, and hooks, and everything. So that so that his extensions seem to be like what I would call, like really crafted an engineered extensions versus wallpaper. You know, he's not just, he's not just slapping stuff on top and saying, Yeah, it looks good.

(35:41) Greg: So, It.

(35:43) Brian W: Yeah, and I just briefly skimmed over the code. It definitely does look like he's thought about this hard and has covered quite a few cases that people often miss when they try and do this sort of thing. So, good job.

(35:57) Mark: All, yeah, Thomas.

(35:57) Gergo: Yeah.

(35:58) Mark: I I have to say that's high. Praise from both Brian and Gregg. I I didn't look at your code but you know, I just from seeing the use of Oh, you, I and all these other things, I I was, you know, I'm very impressed with what you've done. So I really appreciate this and I think it's a great It's a great addition to the whole, you know, media wiki ecosystem.

(36:23) Mark: So,

(36:25) Gergo: I think the general problem with played excess extensions is just that a I don't think anyone ever really looked through the Media, Wiki core

(36:35) Gergo: code base with That in mind. So it's it's just not a business case for basically all the people who were concur, And the the middle key user community is that that use media wiki in a restricted environment and contribute back much to core. So, like this, this sinks might work but again no one, no one really put enough 14 to Making sure that that they work. And similarly it's it's not really a part of the security advisory or security training for medic developers.

(37:12) Gergo: So for example, the Preventing access to private vehicles was broken for? we noticed so I don't know, three years once before in general, I think if if it matters, then I would avoid Read Access manipulation. I mean, if anything important is in the wiki, on the other hand, just just from skimming the extension page, it seems like it does to different things. One of them is is managing page access with an ownership system. So your assign users to pages.

(37:49) Gergo: And that task permission says, the other thing is just turning permissions into a dynamic system. So instead of configuration you

(37:56) Gergo: You can configure the permissions via form and imagery in there. So it in the database that that sounds really cool. But I am not sure about the performance impacts if there are any, but Other than that, that seems like a really nice enterprise use case that you can just use a graphical interface to configure your wiki instead of having to write PHP

(38:22) Brian W: I mean, it does look like it might be disabling parser cache, which Will have a significant performance impact. Say the least. But you to do that, if you're doing this, don't have a lot of choices.

(38:40) Bryan H: It might be just understood that, that's true. But are you talking like sitewide or is it on like just restricting pages from it?

(38:48) Brian W: I don't know. I I only really skimmed the code.

(38:53) Gergo: yeah, I was thinking more like I'm

(38:54) Mark: generally that Go ahead.

(38:58) Gergo: Yeah, I was thinking more like how the permission configuration system itself is loaded? Because if you can configure it on the key, then it's stored in a database, if it's stored in a database that's lower than storing it in PHP files, no idea if that's That that's the part. I would look at with the permission, I because that, that affects every page view, or API, request or

(39:22) Gergo: anything. But then again, I haven't took that the code. So it's just It's not

(39:31) Mark: Yeah, the parser cache is that's generally per page, though, it's not the whole site is done. So if you have site pages that aren't, you know, don't have any of this protection applied to them, they should not be if the partial cash for those pages, Should not be affected. I believe that's correct. Is that true? Brian.

(39:54) Brian W: It depends on what specifically the extension is doing it generally. Yes, it's on a page basis.

(39:58) Mark: Yes. Right. I do have since we're were we have 15 minutes left about? I do want to mention

(40:13) Mark: an unless there's more of the people want to talk about on this extension, I do have something else. I want to talk about here.

(40:19) Bryan H: I did.

(40:19) Mark: So,

(40:20) Bryan H: One more quick question, Just so there's been some allowance or thought taken for semantic media wiki specifically but I know cargo similarly also has basically once it's in cargo it's you're not structuring it using lockdown or anything else is Is there a possibility that this could be? Functionality, could be added to this extension to handle cargo as well.

(40:51) Brian W: This cargo. I don't know if cargo exposes hooks

(40:54) Brian W: to do that. Yet. I mean, I'm sure. That. cargo would be willing to add such hooks so I guess,

(41:09) Bryan H: Okay,

(41:12) Mark: Yeah, I would I It's a conversation that I think it would be better for

(41:17) Mark: Thomas and yarn to have. I so yes, go ahead, Gergo

(41:25) Brian W: Yes.

(41:28) Gergo: So I have two other topics, but they are probably less important than Emw can.

(41:35) Mark: Well, let let's let your Jeffrey talk about emw con, but after I talk about one thing I had, which is just tiny. Which I want to point out how much Cindy has done in this past month, about wiki apiary, it's very much more responsive now than it was before this month and Cindy, you know, we really appreciate all the work you've done. I just wanted to point that out and get you get, you the praise that you deserve.

(42:06) Mark: So Um, and now Jeffrey, go ahead.

(42:08) Cindy: Thank you.

(42:12) Jeffrey: All right. Thank you, Mark. Well I didn't really know what to say. Just wanted to, you know, it remind everyone that emw con is coming up soon, I can't wait to see everyone in Austin. I prepared a list of like You know, a, you know, a I guess several page document of, you know, where the hotel is how to get to the airport or get to the hotel from the airport, those kinds of things.

(42:42) Jeffrey: I can kind of go over it really quickly. And you know, Last but not least a dog can also has information on possible social events or places to eat and places to check out in Austin. Because Austin's a really fun city that's why we picked it. So with that, just wanted to point out like I think everyone is basically gonna fly in. If you drive to Austin, you probably already know what you're doing.

(43:07) Jeffrey: If you're flying in from a US or flying into a US, you'll want to take a Some sort of car based transportation because the public transit we have in

(43:17) Jeffrey: Austin. Contrary, what many people say, is horrible. So please take a car or rent a car and drive to the hotel. Um, there's some dining options nearby. The majority of which if you want anything like decent I would probably

(43:34) Jeffrey: recommend having to drive out from the Hotel. Uber is a thing in Austin as of a few years ago previously we had our own right? Share system. But now we have uber and lyft. It's pretty good. I think it should be too expensive. I think hopefully the ride will be under 50 dollars. And we,

(44:00) Jeffrey: We have a lot of people arriving before Tuesday, so I know on, I know, Brian and I were gonna get Franklin

(44:09) Jeffrey: barbecue and it's a extremely famous barbecue place. We're gonna get it on Tuesday afternoon, you know, you're welcome to join us. I just think you have to like either order ahead, which you should probably do as soon as you can before they sell out or you can go in person and wait a few hours in their line and I'm not exaggerating my few hours That's that's literally how long the line is.

(44:32) Jeffrey: um, but even before that, like I'm arriving in I'm having Sunday, so is Brian. So if y'all have any ideas of what to do, you know before, then I have a few ideas he could possibly, you know, partake in. We just don't have

(44:49) Jeffrey: enough people yet for like a big event. So, yeah, I might also be a little busy, you know. Austin. A lot of, I have a few people to visit in Austin, but I'm more than happy to provide suggestions or to even find some time that might work before the conference or maybe on the night of like Friday night, or Saturday morning for some pre-conference events. So, yeah, let let me or Brian know if you are going to be in Austin before Tuesday, more than happy to point you around to some fun things to do. And then, last but not least, Brian.

(45:28) Jeffrey: I know, I talked to you last night, one on one about something. Is this a good venue to bring it up?

(45:39) Bryan H: If you're talking about me then I think I know you're talking about so yeah. Sure.

(45:43) Jeffrey: Okay, did you want to talk about it or

(45:47) Bryan H: Are talking about your PDF.

(45:49) Jeffrey: Not. No, not the PDF. You mentioned something about what was it? It's a logistics. It was Oh, microphone.

(46:02) Bryan H: Oh, okay. Well this is something that comes up from time to time and maybe this is what you're asking me to talk about. But on, you know, look looking at renting audio visual equipment and Stuff. So the hotel actually has some things that we can use one of them that comes up. A lot is just extension cords and power strips. I think in the first Houston BMW con we ended up just Buying them and then giving them away to people whoever wanted because it ended up being cheaper which seems to be the case again you know the price for to rent it for one day allows you to buy it and then throw it away.

(46:38) Bryan H: So for two days and you'd be insane, not to, but similarly, I was wondering if maybe for It might make sense for you know MW sake to buy some microphones and mixers and it's the same thing, it'll actually be cheaper. To bite and throw it away. But if we bought it and carried around a different emw or SMW cons and there might be a business case there.

(47:08) Jeffrey: Is there anyone from the European side? That's an S&W Hall organizer here. I don't think I see anybody. Yeah. oh,

(47:18) Mark: well in that case, I, you know, I Brian mentioned this before, in a chat and I think I think it might make sense to get two different sets, one for Europe and one for the US because, you know, like, Bernard might be going to a few are Lex might be going to a few in Europe that the rest of us aren't going to and they they could take, you know, In that case we have two sets of equipment, one for each continent.

(47:51) Mark: so, you know,

(47:52) Bryan H: That makes sense. It was a electrical outlets and plugs be different anyway. So we wouldn't want to ship the whole thing over. But for some things are a little bit

(47:59) Mark: Right.

(48:01) Bryan H: smaller and a little you know, a little bit more portable that we are getting gouged on when we rent, it makes sense but it sounds like the smw con set up. For AV went really nice. So it'd be nice to understand what and how they did it. Do we need it audio mixer to go with it. But again, for some of the small stuff microphones and mixers Probably make sense maybe to buy and then ship around larger stuff.

(48:28) Bryan H: Maybe it makes sense like you know speakers and screens and projectors but maybe not yet.

(48:37) Cindy: Yeah I'm one of the few people that generally goes to both the SMW CON and the MW cons but I'm not 100% sure that I really want to add to my repertoire also lugging all of the equipment to both conferences for everyone. Probably not.

(48:54) Mark: Right. Definitely, I think, I think if we did buy we'd want to have Per continent. It's and, and hope.

(49:03) Cindy: And I think the electrical requirements is a good enough.

(49:06) Mark: Yeah.

(49:06) Cindy: Excuse to

(49:08) Mark: um, so

(49:08) Cindy: go

(49:10) Mark: I, I don't think we're gonna make any decision on this right now, but Gergo, you said you want, you had a couple more small things to talk about and we have about five minutes left. So

(49:22) Gergo: Right? So there has been very lively RFC discussion a couple years ago about Whether? Support for installing modification so I composer should be discontinued. and one of the pieces of that was that maybe we can core has some code for Faking that it has a composer. Identifier when it actually doesn't so that other extensions can depend on. I mean, the wiki core version by the composer system.

(49:57) Gergo: So, that was a Discussion to remove it. That didn't really go anywhere. It is out in a patch. Now, people want to merge that batch. Again, I It's not very clear to me to that extent. Anyone cards like very few extensions, actually use the features. so if someone feel strongly about using that and might be good time to Look at the task. Look at the patch and comments, explain how it's useful because if it's Not used by anyone really then I guess it's a good idea to simplify the code base by removing it.

(50:40) Brian W: I think one of the extensions that uses it is one of Jeroen's extensions.

(50:51) Gergo: Anyway, that, that was it. Other issue is probably premature. I wanted to say something about the foundations and your plan, but it's not established officially published yet. It's might still change. So Probably a topic for the next month.

(51:07) Mark: All right, sounds good. Um, The, the composer issue, I think my personal opinion is just It looks like that. Being able to rely on a specific version of media wiki is not really. I it would be good to have that in composure, but I don't think it's a blocker for anything. So it's not like they're taking away the ability to install extensions with composure, which, which would be a problem. But this is, this is less than that.

(51:41) Mark: So, I think it's

(51:43) Cindy: yeah, I agree that Yeah, this particular thing, seems to be not huge. That being said, We still have several open RFCs about composer. That. It would really be nice to get resolution on those. Finally and the problem is this whole thing keeps on rearing. It's ugly head with little things like patches like this where the whole conversation gets started again and I sort of feel like, there's a couple folks who would love to get rid of, Extension usage of composer. That.

(52:27) Greg: yeah, this

(52:30) Cindy: It just sort of like it keeps coming up in a way that if people aren't noticing something. Could. Do something important could get.

(52:42) Mark: Oh, this also this also goes back to

(52:43) Cindy: Removed.

(52:45) Mark: the other thing. We were talking about the TDF, the Technical Decision Forum, because

(52:50) Cindy: Yeah.

(52:51) Mark: then it's a, it's all reflected in that whole thing. So,

(52:54) Cindy: Which is a huge mess.

(52:58) Cindy: Don't get me started on the TDF, so yeah. Hopefully the retro on the retro will resolve, and we'll actually get a retro on the TDF and hopefully we'll

(53:09) Mark: Um, it sounds like we could.

(53:10) Cindy: eventually actually getting working system. The main reason, I haven't suggested resurrecting the composer RFC.

(53:20) Cindy: Or the Meeting Wiki release RFC or TDF thing.

(53:27) Cindy: Is because the system, you know, the fundamental system is broken. but, Yeah.

(53:38) Greg: Well I just want to say I mean like

(53:39) Mark: It sounds like we have one minute left on the clock but Brian could

(53:43) Mark: tell us quite a bit about. here, but we don't have time for We could have quite a discussion that.

(53:53) Greg: this that the fabricator issue it has a horrible title because it says RFC removability to install extensions and skins with composer. But it turns out

(54:06) Cindy: Yeah. And it's so it makes it sounds like it's more than it actually is. Right?

(54:09) Greg: It turns out the patch it turns out

(54:10) Brian W: Yeah.

(54:10) Cindy: And it sounds like if if that gets if

(54:11) Greg: that the patches all about just

(54:12) Cindy: that gets approved,

(54:15) Greg: specifying using composer specifying. Your your extensions requirements for media wiki on a package that doesn't

(54:22) Cindy: Yeah.

(54:22) Greg: exist. There is no media wiki package and and at the same time, you know, because there is an extension.json that's in that's entirely valid for that and and we're not gonna like, we're not gonna grab that away from Media Wiki right. As an extension developer, there will always be extension.json in Extension.json is where the extension distributor and whatever the internals of media wiki are that um you know, kind of work out Dependencies between extensions and Media Wiki Corps.

(54:53) Greg: So, so like the, it's just that the whole topic was brought up in a kind of, like, either badly worded way or maybe inflammatory way.

(55:03) Greg: And then it turns out, it's like, Oh no, we're just, we should just, you know, like, um, not use composer to specify, what should be specified in extension.json.

(55:13) Gergo: So as I understand the title is

(55:14) Mark: so,

(55:15) Gergo: pretty accurate, it's just one brought any code for doing what the title says but that was the actual intent. But what the yeah, the thing about

(55:23) Cindy: Yes.

(55:25) Gergo: the version requirement issue, is that, if you do it in composer, then you can use composer to automatically select the right version for you, which I have no idea if it's actually works. I don't know if anyone tested it but that would be the theoretical advantage. I agree. It's not a big advantage, but there is definitely a group of people who would like to get away with composer entirely other than library management for the extensions.

(55:52) Gergo: That's usually not a very productive discussion because it's usually goes we should write our own extension management system and get rid of composer. But then we want to write our own extension management system for have been wanting it for 10 years and the foundation is not funding it. So it has to happen in volunteer time. It's not really happening so so yeah it's not a good discussion to have, I agree but I don't see the title is intentionally inflammatory.

(56:19) Gergo: It's just what the person finding

(56:23) Mark: Um, so one thing I would say is this

(56:26) Mark: is in, and this is probably could be an inflammatory statement. This is an example of not infinity here, that, you know, we want to and create our own extension management thing. So, you know, that leads to the whole existence of extension. JSON is supposed to composer JSON, granted extension, JSON was created when composer Jason was in its infancy.

(56:54) Mark: So you know, it's it's a little it's a little not invented here but it's the same time. It it also reflects how Media Wiki community is kind of distinct from the PHP community is it and to a

(57:09) Mark: certain extent. So Um, anyway. I'll get off my soapbox. I, I guess that's about it.

(57:19) Mark: I don't have anything else to Let let me look, there's people chatting here. I can't. I missing all these comments.

(57:37) Mark: I your own since you commented you did you see this fabricator tasking? Could you Did you do any of your extensions? Use the Media Wiki dependency in Composer.

(57:53) Jeroen: Ah, I have not seen what you link to here, but it's I remember a few years ago, there was something like What you're talking about, I suspect it's the same issue and the same perhaps, not their productive discussion on there. I'm quite part of this topic, so,

(58:06) Greg: Simple batch upload. Some simple batch upload turns out to be one of two extensions that specify a Media Wiki version. In composition.

(58:19) Jeroen: Right, I very clearly recall. Something about people breaking the system at some point and then we having duty move it from various extensions. So I I see some theoretical benefits in having conversion in composer. Like It's also not a composer Jason versus extension, Jason Thing, having it in compulsive Jason as well allows you to do additional stuff, right? Like selecting the right package version rather than otherwise composer just everything automatically for you, like HP version and library versions.

(58:48) Jeroen: But the page be well, the majority version, it's one too, if we don't have it in there. Yeah.

(58:59) Mark: I think we've been as productive as we can be about this composer thing today, so knowing how much we've gotten accomplished in the past with it. So, Anyway. I I since, I guess I'm the The person who's running this meeting, how I'll adjourn it. So I'm a journey myself from this meeting. I will see you all later. Bye!

(59:25) Greg: Thanks everyone.

(59:26) Mark: Yeah.

(59:27) Cindy: Bye. Thanks.

Retrieved from "https://mwstake.org/w/index.php?title=Event_talk:169&oldid=3234"