07:37:31 #startmeeting 07:37:31 Meeting started Tue Jul 31 07:37:31 2012 UTC. The chair is elky. Information about MeetBot at http://wiki.debian.org/MeetBot. 07:37:31 Useful Commands: #action #agreed #help #info #idea #link #topic. 07:37:39 anzeljg: afaik, anitsirk was updating the existing ones, and any new commit was to have new format 07:38:10 thanks hugh, we'll discuss that later ;) 07:38:24 #info elky is melissa draper, catalyst it, nz 07:38:39 #info hughdavenport is Hugh Davenport, Catalyst IT, NZ 07:38:45 #info anzeljg is Gregor Anzelj, Gimnazija Bezigrad, Slovenia 07:39:14 kevinmoilar, we do this so we're introduced in the minutes. care to introduce yourself? :) 07:39:37 #info kevinmoilar is Kevin Mueller, Liip AG, Switzerland 07:39:51 #link https://wiki.mahara.org/index.php/Developer_Area/Developer_Meetings/2012-07-31 07:40:17 #topic items from past meetings 07:40:21 waa lukecarrier jimcrib richardm adi_b lamiette dobedobedoh Mjollnir` sonn, any others ? 07:40:25 #topic dajan to raise appropriate issues in the tracker 07:40:35 anyone know if this was done? 07:40:43 no idea 07:41:10 elky: which issues? do you remember? 07:41:26 nope. i got home minutes before the meeting 07:41:40 iarenaza hi 07:41:41 hi iarenaza 07:41:47 iarenaza, hello! we've started the meeting if you want to #info introduce yourself 07:42:08 #info iarenaza is Iñaki Arenaza (Mondragon Unibertsitatea) 07:42:15 :) 07:42:16 Hi everybody 07:42:21 hi 07:42:47 iarenaza, so far we're on "dajan to raise appropriate issues in the tracker" in the agenda, but we'll move on since nobody knows the status and he's not here 07:42:48 * iarenaza I'll be on and off, as I'm doing some work stuff 07:43:16 * iarenaza having a look at the agenda 07:43:42 http://meetbot.mahara.org/mahara-dev/2012/mahara-dev.2012-04-25-20.02.log.html has it 07:43:52 #topic anzeljg To put together a quick wiki page with some information (possibly code too) <= wiki page done, code not yet. 07:44:02 yeah 07:44:03 #link https://wiki.mahara.org/index.php/Developer_Area/Specifications_in_Development/Cloud_Services 07:44:13 nice looking spec, anzeljg 07:44:18 It shpuld be done a month or so ago, but here it is... 07:44:21 don't believe dajan's thing has been done 07:44:22 #link https://wiki.mahara.org/index.php/Developer_Area/Specifications_in_Development/Cloud_Services 07:45:02 i also uploaded a code to github... for testing (feedback welcome) and that has not been oficially released yet... 07:45:12 #link https://github.com/anzeljg/mahara-cloud 07:45:42 Currently Cloud plugin has support/integration for Box, Dropbox, SugarSync and Zotero 07:45:43 .. 07:45:47 nice, we'll have a look at that between now and next meeting then 07:46:03 #info Currently Cloud plugin has support/integration for Box, Dropbox, SugarSync and Zotero 07:46:45 any other discussion needed at this point in time? 07:46:53 nope 07:47:18 moving on then 07:47:21 looks really nice anzeljg 07:47:34 iarenaza: the spec or the code ;) 07:47:59 the spec (haven't had a look at the code yet) 07:48:08 i know, just teasing you... 07:48:28 #topic alanmc to post to dev forum post about the mobile api 07:48:35 #link https://mahara.org/interaction/forum/topic.php?id=4747#post20953 07:48:45 alan's not online but he did post that earlier today 07:50:11 hughdavenport, you've been working with him on that, yes? 07:50:44 i know richardm was doing lots before he left 07:50:44 nope, haven't done anything on his stuff 07:50:50 ah ok 07:50:56 though he was going to ask me if he needed help 07:51:03 only done gerrit stuff with him 07:51:16 one of us needs to review it before next monday 07:51:36 yup, will be on my list 07:52:20 #action hugh to work with alan on maharadroid/api stuff before feature freeze 07:52:51 #topic elky look into removing google apps block from the core 07:53:03 #info elky's not had a chance 07:53:44 #info should be noted that much of it would be replaced by anzeljg's cloudy stuff which is yay 07:53:53 :) 07:54:05 ;) 07:54:15 #topic elky/hughdavenport update code guidelines and extend it to other than php 07:54:28 I haven't, still. hughdavenport? 07:54:34 been on leave 07:55:16 i didn't notice ;) 07:55:45 * kevinmoilar wonders how to interpret the 'may be' in The API may be extended to support messaging and commenting on blogposts in due course 07:55:54 on https://reviews.mahara.org/#/c/1439/ 07:56:13 will be a real boost i reckon, the messaging 07:56:19 kevinmoilar, pending time availability I'd guess 07:56:21 and commenting 07:56:26 hmm, would have to ask about that with alan 07:56:38 elky: can you ask him tomo? 07:57:01 hughdavenport, yep, but i suspect he'll echo my answer 07:57:42 #info kevinmoilar concerned about non-committal regarding messaging/commenting support in api 07:58:01 i hope i can motivate adi_b and the others to do a hackday once this crazy moodle migration summer is dealt with 07:58:14 #action elky to confirm plans with alan 07:58:52 elky: even if he just gives a general overview on how they may be extended in the commit message (and/or wiki) 07:59:05 would make it better if he suddenly dropped out 07:59:17 huh 08:00:23 #info hughdavenport suggests alan give "a general overview on how they may be extended in the commit message (and/or wiki)" 08:00:55 anything else on this particular topic? 08:01:24 any plans on iOS for this? 08:01:44 I don't think we have any iOS developers at catalyst 08:01:57 neither do we 08:02:09 so it'd depend on a wild iOS developer appearing 08:02:11 bar the phonegap etc 08:02:16 communitiy developer? 08:02:17 wild yeh 08:02:57 #info kevinmoilar asks about iOS support. answer; currently we don't know of an iOS developer, but if one magically appeared we'd not turn them away 08:02:59 I don't think it will happen at catalyst, as there is a cost to developing iOS app's (as well as dev cost) 08:03:09 apple charge you for using the SDK 08:03:15 because they are awesome 08:03:22 we might be able to 'find' some funding from client who showed interest - but that its wild too a the mom 08:03:28 hughdavenport, as well as the poor thing being slightly out of place here ;) 08:04:11 but yeah, not enough interest from our end to push this i guess 08:04:18 kevinmoilar, i suspect we could find finding, but unless it's big bucks, we'd want a pretty efficient dev to get it done 08:04:32 dajan! 08:04:33 hi dajan 08:04:39 hi dajan! 08:04:41 hi dajan 08:04:45 hello 08:04:46 we are in the meeting, please introduce yourself :) 08:04:48 long time :P 08:05:03 i am chatting with an ipad so not easy 08:05:18 kevinmoilar, ok to leave the api discussion until we know more from alan? 08:05:28 ok 08:05:32 we should go back to dajan's recurring agenda item 08:05:52 #topic dajan to raise appropriate issues in the tracker 08:06:07 I um, hope you remember what this is about :D 08:06:28 http://meetbot.mahara.org/mahara-dev/2012/mahara-dev.2012-04-25-20.02.log.html has it 08:07:09 hi rkabalin 08:07:15 Hello 08:07:18 hey rkabalin 08:07:21 hi rkabalin 08:07:21 rkabalin, hello, please introduce yourself to the meeting 08:07:34 #info Ruslan Kabalin - Lancaster University, UK 08:07:44 and so you know where we're at: http://meetbot.mahara.org/mahara-dev/2012/mahara-dev.2012-04-25-20.02.log.html has it 08:07:47 ok i will write in the tracker a few revommendations about extresource plugin to find a way to fusion Laurent Emprecht's plugin eith the actual external resources plugins we have nowadays in Mahara 08:07:49 #info dobedobedoh is Andrew Nicols - Lancaster University, UK 08:07:56 i do this next week 08:08:03 dajan, thank you 08:08:08 hi dobedobedoh 08:08:19 hello dobedobedoh 08:08:26 hi dajan and dobedobedoh 08:08:27 hi dobedobedoh 08:08:29 #info dajan says: i will write in the tracker a few revommendations about extresource plugin to find a way to fusion Laurent Emprecht's plugin eith the actual external resources plugins we have nowadays in Mahara 08:09:11 how about we give the lancaster guys a few moments to get up to speed 08:09:25 when i write eith on my ipad keyboard i meant "with". sorry about that 08:09:27 ;) 08:09:47 dajan, that's ok, my typing today is terrible even on real keyboards 08:12:11 in short i thing we should find a way of having just one block to embed all the different external sources that works in collaboration with the code for iframe and the new interface for iframe existing in 1.6 08:12:49 dajan, we have to weigh up the maintainability of something like that though 08:12:50 i hate this keyboard 08:13:44 #info dajan: we should find a way of having just one block to embed all the different external sources that works in collaboration with the code for iframes 08:13:59 #info elky: maintainability needs to be considered carefully too 08:14:12 rkabalin, dobedobedoh, up to speed? 08:14:56 yep 08:14:58 elky: Yes thanks 08:15:12 yes i agree with you elky But it may simplify the life of users and may also be more easy after to maintain for developers tho. if we find a way of doing it well it could be one stone two birds 08:15:24 we talked about some universal embedding plugin on last meeting 08:15:40 what dajan is talking about is the same? 08:15:55 rkabalin, im not sure if he's talking about anzeljg's thing or not 08:16:03 no 08:16:07 he's not 08:16:12 yes with the addition of oembed 08:16:25 I see 08:16:28 rkabalin: dajan presented it at maharauk 08:16:37 heh. perhaps you two need to talk this out 08:16:47 i did that to remember this 08:17:10 ok 08:17:44 ah, Laurent's plugin, yes, now I remember 08:17:47 i write something in the wiki and we will see how you take it or not see this next meeting 08:17:56 dajan, anzeljg could perhaps you two have a discussion some time in the next few weeks, in email or whatever, and work out where the similarities are and what the differences are? 08:18:18 we did that already, i think 08:18:23 with a coktail in Zurich maybe 08:18:26 also discussed this with anitsirk 08:18:30 ;) 08:18:47 anitsirk suggested we keep embed.ly for the people on shared hosting... 08:19:16 i see anitsirk next week in Fribourg (Switzerland) will have a chat with her about it 08:20:03 nice... 08:20:43 dajan: would be nice to see you too 08:20:53 #action kristina, dajan and anzeljg to coordinate and extend anzeljg's spec to work out similarities and differences etc 08:21:01 is that ok with you two? 08:21:12 fine with me 08:21:30 cool. the less confusion and double-work the better :) 08:21:33 but i didn't write any specs on that... 08:22:23 anzeljg, i see similarities in what you two are trying to do. i want to be able to understand what the simliarities are so we don't end up having to decide between two pieces of code later 08:22:41 kevinmoilar I am always happy to meet nice people and i am a good traveler 08:22:58 dajan: please let me know about your talk with kristina next week 08:23:12 dajan: i mean in fribourg next week - anitsikirk is visiting us at liip 08:23:19 i should be in Australia and may NZ in October 08:23:46 i meet you at Liip by the way 08:24:05 ? :) 08:24:09 ok, should we move on? 08:24:16 yes 08:24:23 #topic Continued: Discuss safeiframe xss vulnerabilities 08:25:05 we were going to continue the discussion of this 08:25:20 i'm still not sure what we should do about it 08:26:55 anyone else's thoughts? 08:28:07 hughdavenport? 08:28:19 remind me? 08:28:20 * iarenaza re-reading discussion from last time 08:28:38 hughdavenport, the safeiframes stuff will let people define their own regexes and stuff for iframes 08:28:52 which could let anything in if they mess it up 08:29:10 I thought we came to the conclusion that it requires admins to enter them so wasn't really a flaw 08:29:29 by people do you mean admins or also regular users? 08:29:35 admins 08:29:47 i don't see a problem then?!? 08:30:01 or is there one? 08:30:25 the problem was that the site admin and the system admin might not be the same person 08:30:42 oh... 08:30:45 anzeljg, it does mean everyone who reviews mahara for the security bounty is going to come to us telling us they can exploit it, and we get to tell them it's Not A Bug 08:31:01 i see 08:31:17 it _is_ a vulnerability. We have to work out the best way to manage it 08:31:46 so basically we want to let people whitelist sites, but in a way that doesn't open the site for XSS attacks. Which is rather difficult to do. 08:31:53 is it possible to have some kind of repository for these iframe regex codes 08:32:06 and these codes are review by someone? 08:32:17 sort of plugins... 08:32:17 anzeljg, likely. whether we have the capacity to manage that is another thing altogether 08:32:18 .. 08:32:30 I am aware of that... 08:32:40 :( 08:33:24 we'll just have to see how it goes, i guess. :-/ 08:34:00 #info still no resolution about the best way forward. will need to play it by ear 08:34:29 if you let admins add sites without additional checks, then you can't make it secure 08:34:33 anything else anyone wants to say or should we move on to picking next week's vict.. uh, chair? 08:35:05 next week's??? 08:35:10 month's 08:35:12 sorry 08:35:15 my question too :) 08:35:16 could we have a config variable in the config.php that gives will let decide if we show the interface in the admin screen or not so we can decidecwhen/if thecselfiframe inteface is accessible 08:35:17 ;) 08:35:41 dajan: richardm suggested that at last meeting. 08:35:46 dajan, yeah, i think that's the best we've come up with so far 08:35:48 i like dajan's suggestion 08:35:55 +1 08:36:07 +1 08:36:16 the suggestion was to have it on a timer 08:36:24 so it'd unset itself after a certain amount of time 08:36:43 can it be bound to a session? 08:37:11 It's a nice idea, but don't forget that the underlying problem still remains 08:37:34 sure, but it's still not something that should be on all the time 08:37:53 no if the sys admin thinks it is a good thing to have this interface it set the config var accordingly if he stopscto think that he does the opposite 08:38:40 dajan, elky: What about those situatinos where the sysadmin is though? 08:39:01 Or if the sysadmin is just a person who has put mahara on shared hosting 08:39:04 in my institution i am the only sys admin and admin so i would prefere to set it up to always until i maybe have another admin on the plateforme 08:39:17 dobedobedoh: if you have access to config.php, then you are good to go. 08:39:24 dobedobedoh, if you don't have ftp access, you're already facing those problems 08:39:36 hmm ok 08:40:12 anyway, the real problem is having malicious sites added to your trusted external content sites, not how you put that site in the list. 08:40:22 dajan, the purpose of this discussion is to make sure when it goes out, we've done everything we plausibly can to make the issue less of one :) 08:41:10 anyway, lets move on, i need dinner before midnight ;) 08:41:34 #topic Next meeting and Chair 08:43:09 August 28th (tues) or 29th (weds)? 08:43:19 either one is ok for me 08:43:27 either one 08:43:51 eithers fine 08:44:12 Could we at some point (next meeting) speak about webservices I see a huge potentialvfor moodle and other services integration with Mahara but i think there is a lack of info and example on this 08:44:22 I will be away whole august, but might be able to join actually 08:44:38 dajan: webservices? 08:44:40 either date for me 08:45:40 dobedobedoh? 08:45:57 wednesday rather 08:46:01 I think either are fine for me 08:46:15 anzeljg, https://wiki.mahara.org/index.php/Plugins/Auth/WebServices/WebServicesConfiguration 08:46:15 and who wants to chair? :) 08:46:30 dajan, hold a second and we'll record this in the other business bit :) 08:47:10 elky: I could do it 08:47:27 #info next meeting is wednesday August 29th 2012, iarenaza will chair 08:47:29 :D 08:47:35 everyone happy with that? 08:47:41 thanks 08:47:43 yep 08:47:43 elky: what time? 08:47:44 +1 08:47:44 yep 08:48:06 whole day meeting )) 08:48:06 uh... im taking it people would prefer half an hour later than today? 08:48:19 elky: should be morning in NZ, noon in EU? 08:48:23 elky, that'd be brilliant for me! 08:49:03 oh, i'm really not with it today 08:49:44 i keep thinking it's the same time of day next time, even though i know it's not 08:49:53 so 8 UTC? 08:50:14 yes 08:50:18 as usual 08:50:23 ok 08:50:42 we should possibly discuss the times if people are wanting to show up but both times are not useful 08:51:00 #undo 08:51:00 Removing item from minutes: 08:51:15 #info next meeting is wednesday August 29th 2012 utc 0800, iarenaza will chair 08:51:27 Time is fine... remembering is another matter 08:51:41 I normally put it into my calendar, but completely forgot this time around 08:51:42 dobedobedoh, it'd help if the chair remembered to remind you a full day before 08:51:54 Is this the right time? http://www.timeanddate.com/worldclock/fixedtime.html?msg=20th+Mahara+Developer+Meeting&iso=20120829T10&p1=327 08:51:55 but the chair had a rough monday and forgot :( 08:52:08 It'd help if sent an iCal-style invite around somehow ;) 08:52:25 meeting-invite stylee 08:52:28 elky, it should be 20:00, is not it? 08:52:28 or we will make another morning one in a row 08:52:31 dobedobedoh, we could probably do something with google calendar, but it is a bit crappy for timezones 08:52:39 is it? Darn 08:52:44 rkabalin, ... gah yes 08:52:53 will have to leave... 08:52:54 dobedobedoh, it's fine if you're eu or us :D 08:52:59 #undo 08:52:59 Removing item from minutes: 08:53:05 bye anzeljg 08:53:08 bye 08:53:12 bye anzeljg 08:53:17 #info next meeting is wednesday August 29th 2012 utc 8pm, iarenaza will chair 08:53:18 bye anzeljg 08:53:35 anzeljg, bye, thanks for coming :) 08:53:54 ok, so 8pm utc (not 8am). I'll fix the link 08:54:04 note to self: wine is not good for dinner during meetings 08:54:11 iarenaza, yes sorry 08:55:24 sorry about all the fishing - will adjust the timer there. now off to other things, thanks for the meeting! 08:55:26 Ok, that'd be the right one http://www.timeanddate.com/worldclock/fixedtime.html?msg=20th+Mahara+Developer+Meeting&iso=20120829T20 08:55:41 kevinmoilar, thanks for coming :) 08:55:44 bye kevinmoilar 08:55:59 #link http://www.timeanddate.com/worldclock/fixedtime.html?msg=20th+Mahara+Developer+Meeting&iso=20120829T20 08:56:06 Ok... a quick any othe rbusiness 08:56:17 #topic Other business: 08:56:35 #info Mahara 1.4.3 and 1.5.2 went out a few hours ago, yay! 08:56:46 got one (mainly to discusss with you elky :) 08:56:50 yay indeed 08:57:04 #info security releases, fix for that mysql can't cope with lots of things problem 08:57:34 iarenaza, yep? 08:58:07 I've got a patch for the mahara manual, to deal with internationalized images 08:58:19 the makefiles and so on. 08:58:37 in thecother business i can't copy paste my previous message regarding webservices but i would like with discuss this at some point if you agree 08:58:40 how can we move this forward? 08:58:49 i have to run sorry, will catch up with AOB tomo 08:58:54 iarenaza, yes, i saw that. i haven't had time to look at it yet i'm afraid 08:58:58 hughdavenport, ciao 08:59:07 elky: I have a newer (and bigger) one 08:59:09 dajan, i'll do that for you in a sec 08:59:20 t,x 08:59:26 tks 08:59:46 iarenaza, i did have one quick glance at it, and my main concern is that it requires us to have all of inkscape on the server 09:00:00 and i'm not sure that our sysadmins are going to let that 09:00:54 iarenaza, hopefully kristina will let me look at it over the next few weeks, and i'll discuss with you by email, ok? 09:01:03 ok 09:01:30 #info iaranza has a svg patch for the manual, will talk to elky in email about it 09:01:41 i have to leave you keep in touch soon by email forums etc Cheers to all 09:01:47 #info Could we at some point (next meeting) speak about webservices I see a huge potentialvfor moodle and other services integration with Mahara but i think there is a lack of info and example on this 09:02:01 dajan, ok, your thing is pasted now, goodbye 09:02:07 bye 09:02:10 bye dajan 09:02:17 I think i'll close the meeting now, everyone else is gone i think :D 09:02:22 XD 09:02:38 elky thanks for chairing! 09:02:40 iarenaza, i'm melissa@catalyst etc ok, drop me a mail and cc kristina :) 09:02:42 thanks elky for chairing 09:03:07 #endmeeting