07:34:31 <anitsirk> #startmeeting
07:34:31 <maharameet> Meeting started Tue Feb  2 07:34:31 2016 UTC.  The chair is anitsirk. Information about MeetBot at http://wiki.debian.org/MeetBot.
07:34:31 <maharameet> Useful Commands: #action #agreed #help #info #idea #link #topic.
07:34:34 <anitsirk> Hello and welcome to the 50th(!) Mahara developer meeting and the first in 2016. So: Happy round meeting number and happy new year! Please say who you are and prefix that with "#info" so that the meeting minutes pick it up.
07:34:34 <anitsirk> #info anitsirk is Kristina Hoeppner, Catalyst in Wellington, New Zealand
07:34:45 <robertl_> #info robertl_ is Robert Lyon, Catalyst in Wellington, New Zealand
07:34:47 <anzeljg> #info anzeljg is Gregor Anželj, developer and translator, Ljubljana, Slovenia
07:35:11 <yuliyabozhko> #info yuliya is Yuliya Bozhko from Totara Learning Solutions (Wellington, New Zealand)
07:35:12 <aarowlaptop> #info aarowlaptop is Aaron Wells, from Catalyst IT in Wgtn NZ
07:35:20 <anitsirk> #topic Topics from previous meeting
07:35:21 <anitsirk> #info aarowlaptop to update the wiki and readme file to reflect the addition of the two mobile browsers in the supported software. (It was agreed to start smoke-testing Mahara on mobile devices in the latest Safari (iOS) and Android Chrome [Android] browsers.)
07:35:50 <anitsirk> over to you aarowlaptop on that.
07:36:28 <aarowlaptop> I haven't updated those yet. :)
07:36:43 <aarowlaptop> But it should be a pretty small change
07:36:43 <anitsirk> ok. then we'll leave them as action item for next time?
07:36:46 <aarowlaptop> sure
07:36:58 <anitsirk> #action aarowlaptop to update the wiki and readme file to reflect the addition of the two mobile browsers in the supported software. (It was agreed to start smoke-testing Mahara on mobile devices in the latest Safari (iOS) and Android Chrome [Android] browsers.)
07:37:10 <anitsirk> next one is also yours, aarowlaptop
07:37:12 <anitsirk> #info aarowlaptop to ask the front-end devs to write up instructions for building a theme under windows
07:37:44 <aarowlaptop> Haven't done that one either...
07:37:54 <aarowlaptop> I'll fire off an email after this meeting
07:37:54 <anitsirk> do you want me to check with them?
07:38:09 <aarowlaptop> Hm, maybe that would be good. I'm not sure which of them to ask at this point
07:38:24 <anitsirk> #action anitsirk to ask the front-end devs to write up instructions for building a theme under windows
07:38:38 <anitsirk> and to complete three:
07:38:39 <anitsirk> #info aarowlaptop to collate information on use of Postgres 8.3 in LTS of the top 5-7 operating systems to determine whether support can be dropped or not. also take a look at Mahara rego data to see if those using Postgres 8.3 are on unsupported Mahara versions.
07:38:43 <aarowlaptop> That I *have* done
07:38:51 <anitsirk> :-)
07:39:12 <aarowlaptop> here's the link: https://docs.google.com/spreadsheets/d/1LIoLFuWBOtjdVIPSRuFnFdKirr2RpIl7oTarYxlhzgY/edit?usp=sharing
07:39:34 <anitsirk> https://docs.google.com/spreadsheets/d/1LIoLFuWBOtjdVIPSRuFnFdKirr2RpIl7oTarYxlhzgY/edit?usp=sharing
07:40:02 <yuliyabozhko> doesn't look too bad
07:40:28 <anitsirk> aarowlaptop: did you also look at the rego data?
07:40:31 <aarowlaptop> Yeah, the only ones I noticed that are still under support and with pre-8.4, are RHEL and CentOS (which I think is tied to RHEL)
07:41:00 <aarowlaptop> Ah, no, I didn't compare it to the stats data from mahara.org
07:41:37 <aarowlaptop> hm, but we have some data from a previous meeting, about the most common OS's rpeorted to mahara.org...
07:42:23 <aarowlaptop> https://docs.google.com/spreadsheets/d/1MTQmnDczefBzRzGWIYtWotEeIJTavEMegNkeHqGhgvE/edit?usp=sharing
07:43:17 <anitsirk> there wasn't anyone with a postgres 8.x
07:43:47 <aarowlaptop> yeah
07:43:58 <aarowlaptop> and all of the ones that reported their OSes, were using fairly recent ones
07:44:48 <anitsirk> so: shall we drop the support for 8.3 or maybe even more of the 8.x series?
07:45:18 <yuliyabozhko> that's in the next major release, right?
07:45:20 <aarowlaptop> If we raise our support level to 9.0, then the only still-in-support Linux OS we'd lose is RHEL
07:45:33 <aarowlaptop> yeah, that would be for 16.04, or even 16.10
07:45:40 <anitsirk> but that would only be for postgres.
07:45:43 <aarowlaptop> right
07:46:00 <anitsirk> do we know of anyone on rhel on postgres?
07:46:08 <aarowlaptop> There was a RHEL user who I was talking to on Launchpad, who mentioned that there is a compatibility package available for RHEL that makes the later Postgres versions available
07:46:09 <anitsirk> on an old version?
07:46:28 <robertl_> and removing official support may not effect 8.4 until we add some tricky 9.0 specific code
07:46:32 <aarowlaptop> Yes, there was one user who reported a bug in our 8.3 compatibility
07:46:37 <yuliyabozhko> 9.1, there is no 9.0
07:47:04 <robertl_> ok 9+ specific postgres code
07:47:10 <aarowlaptop> 9.x
07:47:21 <yuliyabozhko> oh wait, there is 9.0. never heard of it :)
07:48:03 <robertl_> because we tend to write sql to be compatible with postgres and mysql we tend to shy away from too fancy stuff
07:48:33 <aarowlaptop> that is true
07:48:46 <anitsirk> rhel supports 8.4 until 2020. that's four years out! no innovation possible
07:49:07 <yuliyabozhko> wow
07:49:09 <aarowlaptop> let me see if I can find that bug...
07:49:20 <robertl_> that's some decent long term support
07:49:24 <aarowlaptop> https://bugs.launchpad.net/mahara/+bug/1517658
07:49:40 <aarowlaptop> https://bugs.launchpad.net/mahara/+bug/1517658/comments/14
07:50:10 <aarowlaptop> RHEL has a service called "Red Hat Software Collections", which adds Postgres 9.2
07:50:49 <aarowlaptop> So, if someone complains, we can direct them to that
07:51:39 <anitsirk> should we adopt a similar support for databases as we have for browsers? i.e. only support versions that are supported by the provider, in this case postgres?
07:52:04 <anitsirk> postgres aims to support major releases for 5 years.
07:52:38 <anitsirk> that would mean though that 9.1 reaches its end of life in september this year
07:52:52 <anitsirk> http://www.postgresql.org/support/versioning/
07:53:22 <aarowlaptop> I think there isn't much harm in us supporting older DB versions
07:53:32 <aarowlaptop> I guess we realistically have two tiers of "support"
07:53:37 <aarowlaptop> there's the systems we actually test on
07:53:45 <aarowlaptop> and then there's the systems we will implement bug fixes for
07:54:10 <aarowlaptop> when those bugs are reported to us by members of the community
07:54:14 <anitsirk> #info aarowlaptop thinks there isn't much harm in us supporting older DB versions.
07:54:45 <aarowlaptop> I guess the main harm in supporting older versions, is when we have to implement bug fixes for them, but that isn't very often
07:54:54 <anitsirk> #info RHEL has a service called "Red Hat Software Collections", which adds Postgres 9.2 and thus a more modern version of postgres can be used on RHEL if there are issues with an older one that we don't support anymore
07:55:04 <aarowlaptop> and the other harm is that it prevents us from using the features of newer versions of the software
07:55:24 <aarowlaptop> but as robertl said, we tend not to use the extended functionality of the databases anyway, in order to maintain compatibility across postgres & mysql
07:55:41 <anitsirk> #info as robertl said, we tend not to use the extended functionality of the databases anyway, in order to maintain compatibility across postgres & mysql
07:56:01 <anitsirk> decision making time then?
07:56:16 <aarowlaptop> Yeah, let's raise it to... either 9.0 or 9.1
07:56:33 <aarowlaptop> hm, there must be a mistake in my table. I said that FreeBSD 9.3 has Postgres 8.4, and FreeBSD has Postgres 9.0
07:56:37 <aarowlaptop> let me fix that...
07:56:39 <anitsirk> robertl_ and yuliyabozhko as the two other voting members, what do you think?
07:56:43 <robertl_> yep 9.1 sounds good
07:56:50 <yuliyabozhko> I would go with 9.1
07:57:02 <anitsirk> from 16.04 on?
07:57:20 <yuliyabozhko> next major, so 16.04, I guess?
07:57:41 <anitsirk> aarowlaptop and robertl_ ^
07:57:49 <robertl_> yep, might as well say from next release
07:58:36 <aarowlaptop> according to my source of data (distrowatch.com) the still-supported versions of FreeBSD are on Postgres 9.0.22
07:58:45 <aarowlaptop> so let's say Postgres 9.0
07:58:46 <yuliyabozhko> we switched to 9.1 in Totara last year as a min Postgres version. no issues so far
07:58:52 <aarowlaptop> oh yeah?
07:59:00 <robertl_> If the community come back with a bug report for older version and supply a good fix then I imagine we'll add it - but anything hard/heavy we will politely decline
07:59:14 <yuliyabozhko> I remember 9.1 was because of some specific security fix
07:59:14 <robertl_> for 8.x versions
07:59:45 <aarowlaptop> interesting
07:59:52 <yuliyabozhko> or performance improvements. smth like that
07:59:56 <aarowlaptop> I don't think I've encountered that many institutions running FreeBSD anyway
08:00:08 <aarowlaptop> okay, let's say 9.1 then. No objections?
08:00:20 <robertl_> none from me
08:00:26 <yuliyabozhko> nope
08:00:29 <anitsirk> #agree Lowest supported PostgreSQL version will be 9.1 starting in Mahara 16.04.
08:00:48 <anitsirk> ok. onto the next action item from last time.
08:00:49 <anitsirk> #info Kristin to check with Jen and Julius and also go through the demos [of HTML5 player possibilities] and ask Brian that we can also get a UX person to go through.
08:01:02 <anitsirk> I've done that and the result was that VideoJS was the best for accessibility.
08:01:14 <anitsirk> There wasn't much difference for sighted users.
08:01:29 <anitsirk> #info VideoJS is the replacement for Flowplayer to provide an HTML5 media player.
08:01:53 <anitsirk> #info son started on the implementation and put up two patches for review. https://reviews.mahara.org/5988 and the child patch linked off it.
08:02:33 <anitsirk> the idea is to replace the remove the flash player and slot in the html5 player for the existing items for which flowplayer is used.
08:02:52 <anitsirk> #info the html5 player is pegged for the 16.04 release.
08:02:57 <anitsirk> that was it from me on this topic.
08:03:16 <anitsirk> any questions or comments?
08:03:42 <aarowlaptop> nope
08:04:08 <robertl_> not from me
08:04:19 <yuliyabozhko> no. it's a bit funny. but that's exactly the player that I selected for Totara Social after doing some research. it is quite a good one and easy to integrate
08:04:49 <yuliyabozhko> their audio support is not great though...
08:05:03 <anitsirk> in which way?
08:05:19 <yuliyabozhko> it requires a poster otherwise it looks like an empty video
08:05:53 <anitsirk> mhh. maybe there's a plugin?
08:05:54 <yuliyabozhko> I just use a generic audio file icon as a poster
08:06:00 <robertl_> a 'poster'? you mean a still image?
08:06:03 <yuliyabozhko> yep
08:06:24 <robertl_> yeah a generic audio image would be the way to go
08:06:32 <anzeljg> poster/still image: a mahara logo with smaller audio icon?
08:06:43 <yuliyabozhko> exactly :)
08:06:58 <yuliyabozhko> it's simple and hopefully they will improve later
08:07:05 <yuliyabozhko> other than that I found no issues
08:07:14 <anitsirk> #info VideoJS requires a still image for audio files. A simple icon image can be used.
08:07:16 <yuliyabozhko> I am not sure they have RTL support though
08:07:22 <anitsirk> that's great to know, yuliyabozhko
08:08:13 <anitsirk> let's move on. there's still lots on the agenda. last item from last time
08:08:15 <anitsirk> #info Kristina to check with patk about the character set for Raw.
08:08:15 <anitsirk> #info actually, anzeljg has investigated this and came up with a solution: https://reviews.mahara.org/5977 - The custom fonts that don't display necessary characters now have them.
08:08:15 <anitsirk> The fonts work fine. Thank you, anzeljg. I only had a question for where to put the information about the original fonts so it doesn't get lost and that the credit appears in the proper place.
08:08:58 <anitsirk> i thought the info about the original font might be good in the license file so that people would have all the info in one place.
08:10:15 <anitsirk> anzeljg / Gregor_: do you want to add anything?
08:11:13 <anzeljg> info is inside font files, inside font file license files and in separate README file. that should do it :)
08:11:48 <anzeljg> and I am not Gregor_ BTW :) that is somebody else
08:11:56 <anzeljg> :)
08:12:00 <yuliyabozhko> :)
08:12:00 <anitsirk> oh good to know anzeljg. and hello Gregor_
08:12:20 <anitsirk> anzeljg: thanks for the latest patch. i'll take a look tomorrow.
08:12:27 <Gregor_> :-) hi
08:12:32 <anitsirk> then that's it for that i would say.
08:12:36 <anzeljg> yep
08:12:54 <robertl_> would those file need updating from the originals in the future or are they completely separate  now?
08:13:26 <robertl_> eg if the originals got updated, would we need to update our ones?
08:13:43 <anzeljg> as far as I understand they are completely separate, but somebody could double check OFL license...
08:13:46 <anitsirk> the original font files still seem to be in the patch.
08:14:25 <anzeljg> anitsirk: there are no original font in the patch. they should be marked as deleted?!?
08:14:48 <anitsirk> anzeljg: ah. that's what the D stands for at the beginning of the line.
08:14:58 <anzeljg> :)
08:15:00 <anitsirk> never noticed it before
08:15:14 <anitsirk> hello mingard.
08:15:30 <anitsirk> right on time. we are starting with the new items any second now.
08:15:31 <mingard> hello :) am I late? couldn't remember the start time ...
08:15:36 <mingard> OK cool
08:16:23 <anitsirk> mingard and Gregor_: it would be great if you could briefly introduce yourself so we have you in the minutes. prefix your name with #info please so it's logged.
08:17:10 <anitsirk> in the meantime let's move to the next topic.
08:17:12 <mingard> #info mingard is Jono Mingard from Powershop, Wellington, New Zealand
08:17:12 <anitsirk> #topic Support for Internet Explorer 9 and 10 (End of life support: 12 January 2016) - Kristina
08:17:13 <anitsirk> #info Microsoft ended the support for Internet Explorer lower than version 11 on 12 January 2016.
08:17:13 <anitsirk> https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
08:17:13 <anitsirk> #idea We should drop official support for non-supported versions as well. Our general support info could also include: Latest 3 versions of browsers XYZ or that are still supported, whichever is the most recent (not quite sure about that wording yet). Mahara may still work on unsupported / older browsers, but you may not be able to use all functionality as designed.
08:17:30 <mingard> :D
08:17:33 <Gregor_> <-- Gregor Pirker I am the side admin from Mahara.at
08:18:10 <anitsirk> hey. great that you could make it, gregor. thanks for your registration today / yesterday.
08:18:15 <robertl_> anitsirk, I am all for dropping support for IE versions :)
08:18:24 <mingard> do we have any stats for how many institutions are still using it?
08:18:35 <anitsirk> mingard: hold on for a minute
08:18:36 <yuliyabozhko> anitsirk: I think MS still supports IE9 and 10 on Enterprise editions
08:18:40 <mingard> I suspect a lot will continue to do so despite everything (given Edge is only on windows 10)
08:18:40 <yuliyabozhko> it is not that simple
08:18:49 <robertl_> but saying that - the versions 10 hasn't given us too much grief
08:19:06 <mingard> yeah, I think we should drop 9 but not sure about 10 and 11
08:19:16 <robertl_> be great to forget version 9 though
08:19:29 <yuliyabozhko> :) true
08:19:39 <yuliyabozhko> is anyone testing with Edge yet?
08:19:41 <anitsirk> top 10 browsers for demo.mahara.org for the last 3 months:
08:19:44 <anitsirk> 1. chrome 47
08:19:48 <anitsirk> 2. chrome 46
08:19:54 <mingard> heh
08:19:54 <anitsirk> 3. firefox 42
08:19:59 <anitsirk> 4. firefox 43
08:20:14 <anitsirk> 5. IE 11 (4.9%)
08:20:20 <anitsirk> 6. Safari 9.0
08:20:25 <anitsirk> 7. Firefox 41
08:20:30 <anitsirk> 8. Mobile Safari
08:20:33 <anitsirk> 9.0
08:20:41 <anitsirk> 10. Chrome 48
08:20:46 <anitsirk> and that is 1.7%
08:20:57 <yuliyabozhko> oh man, you are so lucky you don't have to deal with corporates :(
08:21:06 <anitsirk> the next IE is actually IE 8 with less than 0.9%
08:21:27 <anitsirk> and we haven't supported that anymore for some time already
08:21:33 <mingard> really? ok, looks like most average people are on IE11 at least
08:21:35 <anitsirk> and it's below 1%
08:21:46 <mingard> so maybe drop IE 9 and 10 but keep 11? would that be much effort?
08:21:47 <anitsirk> mingard: yep. that's what piwik tells me :-)
08:22:24 <anitsirk> and it looks very similar for mahara.org as well
08:23:07 <robertl_> the effort in the past has been dealing with IE 6,7,8 oldness - and some ie 9 weirdness - I don't recall any html/css specific things for IE 10+
08:23:13 <anitsirk> well, mahara 15.04 and 15.10 will still run on those browsers. for our supported versions it's more like do we drop suport for IE 9-10 at a minor point release, i.e. in particular for 15.04 and 15.10.
08:23:38 <anitsirk> We would still support IE11 because that is the second last supported version of IE
08:24:11 <yuliyabozhko> btw, dropping old IEs will improve the output of HTML5 media player :) just saying
08:24:18 <mingard> oh true
08:24:25 <yuliyabozhko> IE9 is pretty bad with video and audio tags
08:24:45 <anzeljg> is this helpful in any way: #link https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer
08:25:00 <anitsirk> for mahara 15.04 we sill have IE9, 10 and 11 as supported browsers. for 15.10 we have 10, 11 and 12.
08:26:05 <mingard> this also looks interesting: https://msdn.microsoft.com/en-us/library/dn467846(v=vs.85).aspx
08:26:09 <anitsirk> I think dropping official support for IE9 and 10 for 15.04 and 15.10 would be good. mahara doesn't suddenly stop working for those as they were designed to work with these browsers, but we wouldn't necessarily have to worry about issues esp. since microsoft doesn't support those browsers. we should not encourage people to stay on unsupported browser versions.
08:26:28 <anzeljg> agree
08:26:48 <yuliyabozhko> sounds good
08:27:46 <anitsirk> aarowlaptop and robertl_?
08:28:11 <mingard> sounds fine. and if IE11 turns out to have problems/incompatibilities going forward we can revisit it then
08:28:17 <anitsirk> #idea anitsirk: think dropping official support for IE9 and 10 for 15.04 and 15.10 would be good. mahara doesn't suddenly stop working for those as they were designed to work with these browsers, but we wouldn't necessarily have to worry about issues esp. since microsoft doesn't support those browsers. we should not encourage people to stay on unsupported browser versions.
08:28:19 <robertl_> I agree
08:29:12 <anitsirk> oops. lost a voting member. let's see if aarow comes back
08:30:14 <anitsirk> aarowlaptop: do you agree?
08:30:42 <anitsirk> (you hadn't missed any info while you were off the channel)
08:30:52 <aarowlaptop> sorry, I was disconnected for a minute there
08:30:57 <aarowlaptop> what's the question?
08:31:16 <aarowlaptop> we were discussing dropping official support for IE9 & 10 for 15.04 and 15.10
08:31:31 <anitsirk> drop support for IE9 and 10 for 15.04 next minor release and for IE10 for next 15.10 release?
08:31:47 <anitsirk> see my comment at 21:28:16
08:32:38 <aarowlaptop> I hate to say it, but we probably shouldn't change the system requirements in a minor release
08:32:54 <aarowlaptop> that's the kind of change that is meant to be limited to major releases
08:33:09 <anitsirk> aarowlaptop: that would mean though to support IE9 and 10 until October next year for 15.04.
08:33:24 <aarowlaptop> do we still get many IE9/10 bugs for 15.04?
08:33:24 <anitsirk> and no user will get support from microsoft on these browser versions.
08:34:13 <anitsirk> or change the wording for 15.04 and 15.10 that mahara will work with these browser versions but we recommend to use a supported version or different browser?
08:34:24 <aarowlaptop> Yeah, I'd prefer that
08:34:38 <anitsirk> robertl_ and yuliyabozhko: OK with that?
08:35:03 <yuliyabozhko> yep
08:35:05 <robertl_> that sounds fine
08:35:14 <anitsirk> and then for 16.04 we only go with the officially supported recent browsers by microsoft, i.e. at the moment IE11 and 12?
08:35:55 <aarowlaptop> Sure, I'm okay with that
08:36:00 <anitsirk> #agree change the wording for 15.04 and 15.10 that mahara will work with IE9 and 10 (Mahara 15.04) and IE10 (Mahara 15.10) browser versions but we recommend to use a supported version or different browser
08:36:09 <robertl_> I'm fine with that
08:36:21 <anitsirk> #action anitsirk to update the readme for 15.04 and 15.10 and master
08:36:59 <anitsirk> #agree Change wording for Mahara 16.04 that only Microsoft supported browsers are supported to a maximum of the three most recent ones. in this case right now it would be IE 11 and 12.
08:37:11 <anitsirk> alright. thank you. onto the next topic. :-)
08:37:16 <anitsirk> #topic Password policy (currently 3-30 characters long) - Kristina
08:37:17 <anitsirk> #info you can set a password that is only 3 characters long on your account settings page. When you set up your first password though you are already asked for a longer one.
08:37:17 <anitsirk> #idea We should make the minimum length consistent (I think right now it is 6 characters) and not limit the length of the password. 30 characters may not be enough anymore when people are encouraged to choose phrases rather than short passwords.
08:37:55 <mingard> yes please! is there a reason the length limit exists?
08:38:11 <aarowlaptop> probably some historical reason
08:38:12 <anitsirk> mingard: no idea. probably from the old days when that was a thing
08:38:25 <yuliyabozhko> why not make a config setting and let admin decide?
08:38:27 <robertl_> no idea why it exists, maybe the db column was 30 chars
08:38:43 <anitsirk> gavin said we shouldn't have to worry about the length as a hash is stored anyway
08:38:51 <aarowlaptop> It'd be smoother if we set up some admin settings for password requirements... but I don't think that's really necessary
08:39:03 <anitsirk> yuliyabozhko: many admins may make bad / user friendly decisions? ;-)
08:39:04 <robertl_> but now it's encrypted so it should end up saved as a set length anyway
08:39:08 <aarowlaptop> there was a point early on where Mahara wasn't hashing passwords, so it could be from that
08:39:35 <aarowlaptop> funny, the "password" column is actually 255 characters
08:39:43 <mingard> presumably the length of the hash
08:39:53 <mingard> oh hang on, didn't see the previous comment
08:40:11 <anitsirk> i don't think we need to implement a password policy like moodle since a number of recommendations are these days to go with phrases rather than just cap / special char etc.
08:40:18 <aarowlaptop> anyway, yeah, we may as well lift the password length limit, for internal account passwords
08:40:19 <yuliyabozhko> =-O not hashing passwords?!
08:40:52 <robertl_> normal practice nowdays is to have a password min length as well as a check that it's got non-alphanumeric chars
08:40:54 <aarowlaptop> Yeah, I think I've seen some git commit messages relating to the implementation of hashed passwords, circa Mahara 0.6 or so
08:41:27 <anitsirk> #agree lift the password length limit for internal account passwords.
08:41:50 <anitsirk> #action anitsirk to create a bug report for  the password length
08:41:52 <aarowlaptop> By "lift the password limit", I mean we'll raise the length limit to a something large enough that it's unlikely anyone will hit it
08:41:57 <aarowlaptop> like... well, 255 characters
08:42:11 <anzeljg> :)
08:42:15 <aarowlaptop> just for form processing reasons
08:42:24 <mingard> and then in 10 years time when we all need 1000-character passwords to beat quantum computers we'll change it again!
08:42:29 <aarowlaptop> heh, yep
08:42:32 <anitsirk> ok. that should be well beyond what anybody wants to type every single time ;-)
08:42:38 <aarowlaptop> It's longer than a tweet
08:42:43 <anitsirk> yup
08:42:54 <anitsirk> let's move to mingard's topic
08:42:55 <anitsirk> #topic Mochikit replacement - Kristina
08:42:56 <anitsirk> #info mingard started on the Mochikit replacement
08:42:56 <anitsirk> https://reviews.mahara.org/#/q/owner:reason.koan%2540gmail.com+status:open
08:42:56 <anitsirk> #idea There are basically two approaches: 1) Replace Mochikit with equivalent modern JS but not change the structure of PHP. 2) Remove Mochikit and all JS from the PHP files. Approach 2 takes longer and wouldn't be possible to do for Mahara 16.04. Approach 1 might still be doable for 16.04.
08:42:56 <anitsirk> Over to you mingard for the details.
08:43:06 <mingard> ok
08:43:42 <mingard> for anyone who's unfamiliar, we currently have both MochiKit and jQuery javascript libraries, which both do similar things. MochiKit hasn't been updated in ages so we should be removing it
08:44:12 <yuliyabozhko> that is a big chunk of work...
08:44:25 <mingard> a secondary problem is that Mahara's JS generally is quite hard to understand and debug because a lot is embedded in PHP, and there are a lot of different conventions used throughout the project
08:45:00 <mingard> removing MochiKit isn't as big as it sounds because most functions have direct jQuery equivalents (it's just going through and replacing the ~1600 instances of MochiKit functions being used, then checking nothing breaks)
08:45:40 <mingard> however, I've discovered a lot of places where large chunks of functionality is duplicated, so it might make more sense to turn common functionality into jQuery plugins at the same time as removing MochiKit, which would be a lot more work
08:45:52 <yuliyabozhko> Moodle tried to keep JS code into YUI modules more or less separated from PHP code
08:46:13 <mingard> TL;DR removing MochiKit is mostly straightforward, but it wouldn't make Mahara's JS significantly better or easier to understand
08:46:19 <yuliyabozhko> so, plugins might be a way to go
08:46:40 <mingard> yeah, I think that would make sense
08:47:24 <mingard> that's a quick summary - anitsirk you mentioned possibly getting another JS dev for 16.10?
08:47:34 <robertl_> mingard, have you documented where the most duplication is happening?
08:47:47 <anitsirk> mingard: yes. the plan is to work with one of our senior front-end devs at catalyst to do that work.
08:48:13 <anitsirk> we wouldn't be able to do that for 16.04 though due to the volume of the work and feature freeze is also at the end of next week.
08:48:44 <anitsirk> but mingard, you suggested that it might still be worthwhile replacing mochikit with jquery in place for 16.04 as a start. would that still be true?
08:49:10 <anitsirk> #info we currently have both MochiKit and jQuery javascript libraries, which both do similar things. MochiKit hasn't been updated in ages so we should be removing it. a secondary problem is that Mahara's JS generally is quite hard to understand and debug because a lot is embedded in PHP, and there are a lot of different conventions used throughout the project
08:49:38 <anitsirk> #info removing MochiKit isn't as big as it sounds because most functions have direct jQuery equivalents (it's just going through and replacing the ~1600 instances of MochiKit functions being used, then checking nothing breaks). however, mingard discovered a lot of places where large chunks of functionality is duplicated, so it might make more sense to turn common functionality into jQuery plugins at the same time as removing MochiKit, which would be a
08:49:58 <anitsirk> #info TL;DR removing MochiKit is mostly straightforward, but it wouldn't make Mahara's JS significantly better or easier to understand
08:50:06 <anitsirk> #idea make plugins
08:50:12 <mingard> robertl_: no, I should do that. as an example, htdocs/admin/site/menu.php and htdocs/admin/groups/groupcategories.php have a big chunk of code to deal with lists which is basically doing the same thing
08:50:52 <robertl_> so is the duplication lots of places doing small duplication or a few places doing big duplication?
08:51:04 <robertl_> as the latter will be easier to fix
08:51:04 <mingard> a few places doing big duplication so far
08:51:12 <robertl_> cool
08:51:33 <mingard> the sort of thing where it would make sense to do $(element).maharaEditableList({ options }) or something
08:52:24 <mingard> anitsirk: honestly, I'm not sure, but if feature freeze is next week it probably wouldn't be worth rushing to eliminate MochiKit for 16.04
08:52:31 <robertl_> yep, it would be good to doc some mahara specific js snippets along with fixing up code
08:52:57 <mingard> it's working fine as-is and I think it would be wasted effort to migrate all the bits that are duplicated individually
08:53:10 <anitsirk> mingard: ok. sounds fine by me. might prevent us touching things doubly
08:54:03 <anitsirk> mingard: we'll then ignore your patches on that for the moment and will pick them back up once we get started with the replacement if that's OK with you.
08:54:54 <mingard> yep, sounds good. I'll work on finding and documenting duplicated sections, and maybe do a bit of a proposal on how we should restructure the scripts generally
08:55:12 <mingard> (for example, I would *really* like a js/vendor directory for all our 3rd-party stuff)
08:55:41 <anitsirk> #info we will tackle the mochikit replacement for Mahara 16.10 and try to do it all in one go (separate JS from PHP) and not only convert Mochikit into jQuery.
08:56:21 <anitsirk> mingard: i think what would be good if we'll arrange a chat between you and matthew then when he's ready to get started so your pre-work and thoughts are retained and he can take them into consideration.
08:56:45 <anitsirk> #action mingard will work on finding and documenting duplicated sections, and maybe do a bit of a proposal on how we should restructure the scripts generally
08:56:52 <mingard> yep, hopefully I can give him something to go on :)
08:57:02 <anitsirk> I'm sure you can.
08:57:17 <anitsirk> ok. let's move on to the second last official topic.
08:57:18 <anitsirk> #topic Sign the Contributor Covenant? - Kristina
08:57:19 <anitsirk> http://contributor-covenant.org/
08:57:19 <anitsirk> #idea Chris Cormack pointed me to this document and I wanted to see if there was any interest in looking into it further.
08:57:51 <mingard> I actually came across this independently the other day - looks like a really cool idea, although I have issues with some of the wording
08:58:14 <anitsirk> for example, mingard?
08:59:57 <mingard> hmm, on re-reading it, it doesn't sound so bad. I initially thought there was a strict permanent ban on contributors who broke the rules which didn't sound very nice
09:00:21 <mingard> but it looks like it's more discretionary than that so I must not have understood that properly the first time
09:00:24 <anitsirk> mingard: there might have been changes. when i first looked at it, the website looked vastly different ;-)
09:00:33 <mingard> heh, probably
09:01:06 <anitsirk> it's something we'd want to discuss in the wider community as it's not a technical issue. i just though to gauge interest here first
09:01:11 <mingard> anyway, I think it's a good way of codifying what should be implicit anyway, but IMO people should always prefer discussion over following it to the letter
09:01:21 <aarowlaptop> I don't have any problem with the covenant itself... it's the general set of rules I try to follow myself anyway
09:01:23 <anitsirk> anybody else having any option? aarowlaptop, anzeljg, Gregor_, robertl_, yuliyabozhko?
09:01:57 <anitsirk> oops. not option but opinion of course ;-)
09:02:06 <aarowlaptop> we haven't actually had any issues with these things lately, as far as I know, so I guess it would be a pro-active step
09:02:36 <anzeljg> I dont have any problems with that. I support it
09:02:36 <yuliyabozhko> I can't say I have any opinion right now :) need to have a look a bit more
09:02:37 <anitsirk> yes, more pro-active than re-active
09:02:43 <aarowlaptop> my only quibble is that I'm cautious to add more overhead to the project; i.e. another big page of rules that no one is going to actually read
09:03:04 <aarowlaptop> but... it's probably harmless
09:03:35 <anitsirk> would it be OK then for me to ask the wider community what they think?
09:03:39 <aarowlaptop> sure
09:03:39 <mingard> well, I don't think another page of rules that no one reads anyway will turn off many potential contributors ...
09:03:45 <anzeljg> of course
09:03:54 <yuliyabozhko> :)
09:04:06 <yuliyabozhko> I hope you are right, mingard :)
09:04:16 <yuliyabozhko> wouldn't want to scare people off
09:04:38 <anitsirk> well, could also encourage others to actually contribute ;-)
09:05:15 <aarowlaptop> yeah, in theory there might be people who feel more welcome as a result of seeing that policy made explicit
09:05:32 <anitsirk> #action anitsirk to start a discussion on mahara.org on whether to adopt the Contributor Covenant.
09:05:59 <anitsirk> the next topic is:
09:06:00 <anitsirk> #topic Persona shutdown (Launchpad Bug #1533377)
09:06:00 <anitsirk> https://bugs.launchpad.net/mahara/+bug/1533377
09:06:26 <anitsirk> #info Mozilla is shutting down Persona at the end of November 2016
09:06:31 <anitsirk> thanks for pointing that out, yuliyabozhko
09:06:32 <yuliyabozhko> I added that. I thought we wanted to discuss what to do with it :)
09:06:54 <anitsirk> aarowlaptop: made some comments on the report.
09:07:01 <aarowlaptop> so I did
09:07:27 <aarowlaptop> I think right now our best course is to wait for a month or two and see how things settle out, what steps other Persona users take
09:08:02 <mingard> I don't know if there's an equivalent 3rd-party auth system it would make sense to switch to
09:08:07 <mingard> or support instead\
09:08:09 <anitsirk> i made a note on the user manual for 15.10 about the shutdown to discourage new institutions from using it http://manual.mahara.org/en/15.10/administration/institutions.html#persona-authentication
09:08:25 <robertl_> https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers
09:08:34 <anitsirk> #idea wait for a couple of months to see what steps other Persona users take
09:08:36 <robertl_> there is some info there
09:08:39 <yuliyabozhko> waiting is not a bad idea. OpenBadges rely on persona and Mozilla will be working on finding a replacement
09:09:26 <anitsirk> we can always transfer persona accounts into manual mahara accounts by changing the auth method and then users doing a password reset.
09:09:54 <mingard> yeah, just wondering if people would choose it because they prefer having 3rd-party auth
09:09:59 <aarowlaptop> Hm, I wonder if a "passwordless email login" would be easier to do...
09:09:59 <yuliyabozhko> I can tell you what we are doing in Totara Social because we are removing Persona in the next release to minimise impact with the new sites
09:10:07 <aarowlaptop> as described on that Mozilla page
09:10:22 <yuliyabozhko> "passwordless email login"?
09:11:00 <mingard> interesting idea ... I haven't used a site with that so can't say whether it's useful or just annoying
09:11:12 <yuliyabozhko> node.js
09:11:32 <mingard> but you could implement it for PHP instead (someone probably has)
09:11:45 <yuliyabozhko> :) wouldn't be surprised
09:12:14 <anitsirk> yuliyabozhko: what are you doing?
09:12:28 <aarowlaptop> I think the "passwordless login" technique, is basically that every time you log in, you use the equivalent of a password reset email
09:12:34 <aarowlaptop> and you combine that with a "remember me" option
09:12:39 <aarowlaptop> so that users don't have to "log in" very often
09:12:52 <yuliyabozhko> but it still uses some token
09:12:52 <mingard> anitsirk: looking at the idea of https://passwordless.net/
09:13:01 <aarowlaptop> it is making an explicit practice out of something lots of people do as a matter of course ;)
09:13:10 <yuliyabozhko> I wonder what security is like...
09:13:39 <anitsirk> aarowlaptop: that's what persona did essentially i think. you only provided your full details once and if you trusted the site, you then only selected your email address and could log in over the next month without your password. and in the next month, you set your password again.
09:14:03 <mingard> it's just the idea of this is that you don't even have a password - that side is all hidden
09:14:11 <aarowlaptop> yep
09:14:20 <mingard> so you get sent an email and click a link once a month (or whatever) to stay logged in
09:14:33 <mingard> to log in again, rather
09:14:41 <aarowlaptop> you visit the site, you're logged out, you click the passwordless login button. It emails you a link (which contains a login token). You click that link, and now you're logged in.
09:15:12 <yuliyabozhko> so, it pretty much emails you a password
09:15:19 <aarowlaptop> a one-time password
09:15:31 <aarowlaptop> exactly as secure as having a password reset by email system
09:15:37 <mingard> that is per-device and per-browser though. not sure how it would be staying logged in on a laptop, desktop, phone, tablet, etc.
09:15:38 <anitsirk> mhh. i'd find that somewhat annoying esp. when the email doesn't arrive directly or you then need to log into your email account via 2fa...
09:15:42 <mingard> or is that just me
09:16:03 <anzeljg> BRB
09:16:10 <aarowlaptop> anyway, just something to think about
09:16:19 <yuliyabozhko> :) anyway. I would vote to wait
09:16:24 <aarowlaptop> me too
09:16:24 <anitsirk> yeah. let's table that for the moment. :-)
09:16:35 <yuliyabozhko> see what's happening in this area
09:16:47 <robertl_> yep, we still have plenty of time to make a decision and implement that choice
09:16:54 <aarowlaptop> Here's one thing we might want to do
09:16:56 <aarowlaptop> right away
09:17:07 <aarowlaptop> make the "persona" auth plugin be disabled by default on new Mahara installations
09:17:10 <anitsirk> #info we'll revisit what to move to in a few months when more information is available and some other projects also had time to think about a migration path.
09:17:21 <mingard> or at least add a warning message to the site itself (not just the manual)
09:17:27 <anitsirk> aarowlaptop: that's a good idea.
09:17:38 <aarowlaptop> yeah... might be a good idea to show a warning on the admin page
09:17:41 <anitsirk> #idea disable persona auth by default on new mahara installations
09:18:01 <robertl_> but for upgrading to new version it checks if any users are on persona and keeps it active?
09:18:07 <anitsirk> what about displaying a warning when trying to activate it instead of just on the admin page?
09:18:12 <yuliyabozhko> is there any stats how many people are using this auth method?
09:18:34 <aarowlaptop> I don't think the stats program says how many users are on different auth methods
09:18:42 <aarowlaptop> it just lists which plugins are installed and with which versions
09:18:57 <yuliyabozhko> hmm. right
09:19:04 <aarowlaptop> I was just thinking, we make it so that if you're doing a clean install of Mahara, the persona auth plugin is not enabled
09:19:07 <anitsirk> #idea show warning to admin when wanting to activate persona on a new mahara.
09:19:14 <aarowlaptop> if you're upgrading, we don't change anything
09:19:41 <anitsirk> like with saml. that is not installed per default
09:19:46 <aarowlaptop> yes, like that
09:20:40 <anitsirk> #action anitsirk to set up new bug report for disabling persona auth per default for 16.04 and add warning when about to enable it.
09:21:03 <anitsirk> i'll make it a separate one so we don't get confused with the bigger issue and think that's already been taken care of
09:21:45 <anzeljg> Can it be set so when upgrading it checks how many users uses that auth plugin and if no-one uses it it disables the persona?
09:21:55 <aarowlaptop> we could do that...
09:22:08 <aarowlaptop> let's put that as an add-on to the bug
09:22:17 <aarowlaptop> specifically, if no institutions have it set up as an auth method
09:22:25 <anitsirk> ok.
09:22:34 <aarowlaptop> in that situation, the site admin won't notice or care that it's been disabled
09:22:51 <anitsirk> #idea add to report that if no institution uses persona on an upgraded site, disable the plugin
09:23:04 <anitsirk> anything else?
09:23:27 <anitsirk> then for the most favorite topic on the agenda
09:23:29 <anitsirk> #topic Next meeting and chair
09:23:45 <anitsirk> what about 9 March 2016? http://www.timeanddate.com/worldclock/fixedtime.html?iso=20160309T07
09:24:16 <yuliyabozhko> I don't know where I am going to be, so would prefer not to commit right now :) any date works for me in this case :P
09:24:44 <anitsirk> hehe. you'll make it difficult then to pick a time. PST doesn't mesh with europe and nz :-(
09:24:54 <anitsirk> at least not easily many times of the year
09:25:07 <yuliyabozhko> that's fine. we'll sort it out. I am flexible, if anything ;)
09:25:26 <anitsirk> aarowlaptop, anzeljg, Gregor_, mingard and robertl_?
09:25:34 <mingard> the 9th works for me
09:25:51 <Gregor_> the 9th march sounds good :)
09:26:01 <aarowlaptop> sure
09:26:05 <aarowlaptop> works for me too
09:26:16 <anitsirk> aarowlaptop: no improv?
09:26:24 <anzeljg> if it will be Europe evening than yes
09:26:36 <aarowlaptop> not right now
09:26:38 <robertl_> 9th sounds ok
09:26:53 <anitsirk> anzeljg: would be european morning. or shall we reverse? that would then work for yuliyabozhko
09:27:26 <anzeljg> i can at evening so reverse (morning doesn't work for me)
09:27:35 <mingard> I suppose I could get up early ... ;)
09:27:39 <yuliyabozhko> well, if I am the only one in weird timezone, I will try to find time whenever it is convenient for eveyone else
09:27:39 <anzeljg> at least the 9th...
09:27:49 <anitsirk> what about the others? or different date?
09:28:01 <anzeljg> 8th or 10th works for me
09:28:41 <anitsirk> 10th then or would early morning be ok for you, aarowlaptop?
09:29:45 <anitsirk> so: http://www.timeanddate.com/worldclock/fixedtime.html?iso=20160310T07
09:29:58 <yuliyabozhko> cool
09:30:10 <anitsirk> early morning for 10 march (9 March evening in europe) wouldn't work for me as i already have an early morning meeting
09:30:22 <anitsirk> and who wants to chair? :-D
09:31:05 <aarowlaptop> yep
09:31:09 <aarowlaptop> 10th is fine
09:31:09 <anitsirk> please. not all at once.
09:31:58 <anzeljg> antisirk: would it be possible an hour later?
09:31:59 <anitsirk> and don't look at yuliyabozhko. she may not be able to make it. anybody else?
09:32:27 <anitsirk> an hour later would be fine by me. how about the rest?
09:32:44 <robertl_> ok by me
09:32:51 <mingard> works for me
09:33:08 <Gregor_> for me too :-)
09:33:15 <anitsirk> sold.
09:33:24 <anitsirk> now just for the chair. i'm not forgetting about that part. ;-)
09:34:45 <anzeljg> since I was causing some troubles I can (unless something urgent comes up at work - is it possible to have a backup in that case?)
09:35:11 <anitsirk> anzeljg: you weren't causing trouble. thank you for volunteering. i can be your backup.
09:35:20 <anzeljg> great. thanks
09:35:55 <anitsirk> #info the 51st Mahara developer meeting will take place on 10 March 2016 at 8:00 UTC. anzeljg is the chair for that meeting with anitsirk as backup.
09:35:56 <anitsirk> http://www.timeanddate.com/worldclock/fixedtime.html?iso=20160310T08
09:36:09 <anitsirk> #topic Any other business
09:36:15 <anitsirk> does anybody have anything?
09:36:22 <anzeljg> i do :)
09:36:31 <anitsirk> go ahead, anzeljg
09:36:36 <anzeljg> Integrate embed.ly into the "external media" and troubles moving blocks possibly related to blockmoveBlock function and the javascript...
09:36:48 <anzeljg> would it be possible to find a solution for that one
09:36:58 <anitsirk> #info Integrate embed.ly into the "external media" and troubles moving blocks possibly related to blockmoveBlock function and the javascript...
09:37:00 <anzeljg> https://reviews.mahara.org/#/c/5749/
09:37:01 <anzeljg> ..
09:37:45 <aarowlaptop> I'll try to look at that in the next couple of days
09:38:06 <robertl_> I suspect the solution is on the move end to repopulate the block with original text so the embed.ly js can do it's magic again
09:38:06 <anzeljg> thanks aarowlaptop!
09:38:31 <anitsirk> #action aarowlaptop to look at solution for moving blocks properly for https://reviews.mahara.org/#/c/5749/
09:38:38 <anitsirk> anybody else?
09:38:50 <mingard> not from me
09:39:00 <anitsirk> I have a quick one.
09:39:22 <anitsirk> #info feature freeze for Mahara 16.04 is at the end of next week. we are getting closer to April already!
09:39:43 <anitsirk> sorry. haven't updated the wiki page yet. will try to do so soon.
09:40:05 <anitsirk> if nobody else has any other business, we are now at the finish line.
09:40:10 <anitsirk> have a nice evening / morning
09:40:14 <anitsirk> #endmeeting