Re: [Wikitech-l] Wikimedia Developer Summit 2017 discussion

On 29 Sep 2016 10:10 pm, "Marcin Cieslak" wrote: > > Dnia 28.09.2016 Quim Gil napisał/a: > > > Summit sessions are considered tasks themselves, not just a conversation > > happening in a room and eventually documented in a wiki page. > > I think this kind of

[Wikitech-l] How to check that the page contents has change from API

With the advent of Wikidata-based infoboxes, the page contents can change without the local text being changed, so without a new revision. Is there any way tho find out when this happens from the API? I know I can always do 2 API calls, one for the page and one for the item, but that's time

Re: [Wikitech-l] Code of Conduct

2016-09-30 1:18 GMT+03:00 Matthew Flaschen : > > The local projects in this case are MediaWiki.org, wikitech.wikimedia.org, > Phabricator, Gerrit, the technical mailing lists, the technical IRC > channels, and Etherpad. > > Activity in village pumps or elsewhere on other

Re: [Wikitech-l] Code of Conduct

On 09/29/2016 11:23 AM, Steinsplitter Wiki wrote: Positing it at the village pumpes of the local project (similar to the tech news notifications), for example :-) Or using limited CN banners (similar to the community survey banners). The local projects in this case are MediaWiki.org,

Re: [Wikitech-l] [RFC] Giving actual CSRF tokens to not logged in users (T40417)

Dnia 29.09.2016 Max Semenik napisał/a: >> Note it will affect scripts and API clients that expect to see "+\" as the >> token as a sign that they're logged out, or worse assume that's the token >> and don't bother to fetch it. > > > We had breaking API/frontend

Re: [Wikitech-l] [RFC] Giving actual CSRF tokens to not logged in users (T40417)

On 2016-09-29 1:00 PM, Brian Wolff wrote: > Personally, my preferred solution [0] [I might be biased in evaluating > them] would be to base the CSRF token on a session cookie if one > exists. If one does not exist, use a HMAC of the users IP addressed, > keyed using a server side secret (The only

Re: [Wikitech-l] Wikimedia Developer Summit 2017 discussion

Dnia 28.09.2016 Quim Gil napisał/a: > Summit sessions are considered tasks themselves, not just a conversation > happening in a room and eventually documented in a wiki page. I think this kind of captures the opinions expressed here very well (if it could be one sentence).

Re: [Wikitech-l] [RFC] Giving actual CSRF tokens to not logged in users (T40417)

On Thu, Sep 29, 2016 at 1:37 PM, Brad Jorsch (Anomie) wrote: > On Thu, Sep 29, 2016 at 4:00 PM, Brian Wolff wrote: > > > This way it will work for users without cookies (Maybe none exist, but I > > like the idea you can edit wikipedia without cookies)

Re: [Wikitech-l] [RFC] Giving actual CSRF tokens to not logged in users (T40417)

On Thu, Sep 29, 2016 at 4:00 PM, Brian Wolff wrote: > This way it will work for users without cookies (Maybe none exist, but I > like the idea you can edit wikipedia without cookies) There have been people who disabled cookies and still wanted to be able to use the sites.

Re: [Wikitech-l] Wikimedia Developer Summit 2017 discussion

Dnia 28.09.2016 Yaron Koren napisał/a: > Hi Quim, > > Most relevantly, the Chaos Communications Congress wiki uses the Semantic > Forms [1] extension to handle submissions - speakers use a form to enter > their talk proposals. I don't know how exactly talks are approved, or >

Re: [Wikitech-l] Wikimedia Developer Summit 2017 discussion

I agree with bawolff, although I also see Quim's point about reopening this discussion at this particular point in time. But I think it's an important conversation to have, even if it's not going to be directly relevant to this year's dev summit. We used to have a project called "Flow", short

[Wikitech-l] [RFC] Giving actual CSRF tokens to not logged in users (T40417)

Hi everyone: Currently, the CSRF token for anonymous users are very predictable. This potentially allows someone to make CSRF attacks against non-logged in users. I would like to propose we change that. Since this is a sort of major change, I'd appreciate everyone's feedback. There are multiple

Re: [Wikitech-l] Code of Conduct

On Thu, Sep 29, 2016 at 3:23 PM, Steinsplitter Wiki wrote: > > >>>To reach more people like you, what would be the best place to post > messages so you'd see them? > > > > > Positing it at the village pumpes of the local project (similar to the tech > news

Re: [Wikitech-l] Code of Conduct

>>To reach more people like you, what would be the best place to post messages so you'd see them? Positing it at the village pumpes of the local project (similar to the tech news notifications), for example :-) Or using limited CN banners (similar to the community survey banners).

Re: [Wikitech-l] Public Event Streams (AKA RCStream replacement) question

Hello, Regarding Wikidata, it is important to make the distinction here between the WMF internal use and public-facing facilities. The underlying sub-system that the public event streams will be relying on is called EventBus~[1], which is (currently) comprised of: (i) The producer HTTP proxy

Re: [Wikitech-l] Wikimedia Developer Summit 2017 discussion

On Tue, 2016-09-27 at 14:23 -0700, Info WorldUniversity wrote: > Is there a current (curated) summary of all the good suggestions for > WikiDev themes, and structuring of conference If I get the question correctly that's likely https://www.mediawiki.org/wiki/Talk:Wikimedia_Developer_Summit For

Re: [Wikitech-l] Code of Conduct

On Wed, 2016-09-28 at 11:07 +, Steinsplitter Wiki wrote: > I noticed that a Code of Conduct for Phabricator is getting > developed. Cool to see that people are creating such a policy, it is > standard yet in big other projects. :-) A Code of Conduct for Wikimedia's technical spaces is being

Re: [Wikitech-l] Public Event Streams (AKA RCStream replacement) question

> The big questions here is: how does it scale? This new service is stateless and is backed by Kafka. So, theoretically at least, it should be horizontally scalable. (Add more Kafka brokers, add more service workers.) > And then there’s several more important details to sort out: What's the >