Subject: KampalaMeetingLog2015x01x08.txt Date: January 8, 2015 4:13:26 PM PST [2:58pm]  HaraldJoerg joined the chat room. [3:01pm] PeterThoeny: hi HaraldJoerg! [3:01pm] PeterThoeny: häppy new yerar! [3:01pm] HaraldJoerg: Hello Peter! [3:01pm] HaraldJoerg: This is 11111011111, by the way [3:02pm] PeterThoeny: what did you do over new years? [3:02pm] HaraldJoerg: Being lazy, trying to catch up some sleep [3:03pm] PeterThoeny: what is that binary number? [3:03pm] HaraldJoerg: That's 2015... [3:03pm] PeterThoeny: ah [3:03pm] PeterThoeny: hehe [3:03pm] HaraldJoerg: One of three symmetrical binary years which I might survive [3:04pm] PeterThoeny: we went launch rockets [3:04pm] PeterThoeny: https://www.flickr.com/photos/peterthoeny/16201756502/ [3:04pm] PeterThoeny: and destroyed our corkscrew rocket [3:05pm] PeterThoeny: not sure if hideyo-san joins today [3:06pm] PeterThoeny: lets give it a few more min [3:10pm] PeterThoeny: agenda at http://twiki.org/cgi-bin/view/Codev/KampalaReleaseMeeting2015x01x08 [3:10pm] PeterThoeny: 1. Feature Requests for Kampala Release [3:10pm] PeterThoeny: 2. Extensions [3:10pm] PeterThoeny: 3. Review Urgent and Not So Urgent Bugs [3:10pm] PeterThoeny: 4. Miscellaneous [3:10pm] PeterThoeny: shall we do an informal chat or regular meeting? [3:11pm] HaraldJoerg: I am not really up to date... there was a lot of work last year, so I skipped the midnight sessions [3:11pm] PeterThoeny: yea, very late for you [3:12pm] PeterThoeny: impossible to find time that fits usa, europe and japan [3:12pm] HaraldJoerg: Yes, I know... our company has locations in Japan, Europe, and the US [3:12pm] PeterThoeny: let's do just an informal chat since only two of us [3:13pm] HaraldJoerg: That's just fine [3:13pm] PeterThoeny: in december we had two security alerts [3:13pm] PeterThoeny: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325 - XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables [3:13pm] PeterThoeny: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367 - XSS Vulnerability with Scope and Other URL Parameters of WebSearch [3:13pm] HaraldJoerg: Yes, I noticed, from monitoring RSS and from Mail [3:14pm] PeterThoeny: alerted via netsparker [3:14pm] PeterThoeny: good that people follow the recommended alert process [3:14pm] PeterThoeny: we have 2000+ people on the twiki-announce list [3:14pm] PeterThoeny: so they get alerted first [3:15pm]  HideyoImazu joined the chat room. [3:15pm] HaraldJoerg: I think that's a very good practice [3:15pm] PeterThoeny: anything you'd like to discuss? [3:15pm] PeterThoeny: ah, hi HideyoImazu-san! [3:15pm] HideyoImazu: sorry to be late, all [3:16pm] PeterThoeny: häppy new year [3:16pm] HideyoImazu: happy new year! [3:16pm] PeterThoeny: あけましておめでとうございます! [3:16pm] HideyoImazu: 本年もどうぞよそしく [3:16pm] PeterThoeny: 今年もよろしくお願いします。 [3:17pm] PeterThoeny: we just started an informal meeting [3:17pm] HideyoImazu: ok [3:17pm] PeterThoeny: just mentioned the two security alerts we had in december [3:17pm] PeterThoeny: shall we switch to formal meeting, or informal chat? [3:18pm] HideyoImazu: let's go formal [3:18pm] PeterThoeny: ok [3:18pm] PeterThoeny: ---++ 1. Feature Requests for Kampala Release [3:18pm] PeterThoeny: http://twiki.org/cgi-bin/view/Codev/TWikiFeatureProposals [3:19pm] PeterThoeny: i don't see any new proposal that needs attention [3:19pm] PeterThoeny: anything? [3:19pm] HideyoImazu: no [3:20pm] PeterThoeny: i want to revive an old one: [3:20pm] PeterThoeny: http://twiki.org/cgi-bin/view/Codev/PointAndClickAccessControl [3:20pm] PeterThoeny: on my to do list [3:20pm] PeterThoeny: i have some ideas how to do that intuitively [3:20pm] PeterThoeny: using ajax calls [3:21pm] PeterThoeny: this proposal only addresses setting the groups [3:21pm] PeterThoeny: using access control in topics and webs is out of scope, but should also be a point & click operation [3:21pm] PeterThoeny: any feedback/ideas on this? [3:21pm] HideyoImazu: we are using LDAP groups for access control a lot [3:22pm] HideyoImazu: and rarely use TWiki groups [3:22pm] PeterThoeny: ok, so setting groups is not needed in your case [3:22pm] HideyoImazu: right [3:22pm] PeterThoeny: but restricting access [3:22pm] PeterThoeny: is [3:22pm] HideyoImazu: right [3:22pm] PeterThoeny: do you just use web based restriction or also topic based one? [3:23pm] HideyoImazu: and I introduced MAILGROUP:group-name syntax [3:23pm] HideyoImazu: with a custom user handler [3:23pm] PeterThoeny: special plugin? [3:24pm] HideyoImazu: MAILGROUP:group-name and UID:user-id are recognized by the [3:24pm] HideyoImazu: standard mechanism [3:24pm] PeterThoeny: ah [3:24pm] HideyoImazu: through the user handler [3:24pm] HideyoImazu: user mapping handler [3:25pm] PeterThoeny: ok [3:25pm] PeterThoeny: mainly for web restriction? [3:25pm] HideyoImazu: and there is a plug-in to render MAILGROUP:group-name and UID:user-id [3:25pm] HideyoImazu: majority of the users understand that way [3:26pm] PeterThoeny: ok [3:26pm] HideyoImazu: but those notations can be used in WebNotify [3:27pm] PeterThoeny: so you still edit webpreferences and type text to set access restriction [3:27pm] PeterThoeny: i think setting access restriction should be point & click [3:27pm] PeterThoeny: on web level and topic level [3:27pm] HideyoImazu: agreed [3:28pm] PeterThoeny: let's move on [3:28pm] PeterThoeny: ---++ 2. Extensions [3:28pm] PeterThoeny: http://twiki.org/cgi-bin/view/Plugins/WebChanges [3:28pm] PeterThoeny: not too much activity [3:28pm] PeterThoeny: a few plugins updated since last meeting [3:29pm] PeterThoeny: DatePickerPlugin, WhereIsPlugin, SpreadSheetPlugin, MailerContrib, etc [3:29pm] PeterThoeny: i have nothing to add [3:29pm] PeterThoeny: on extensions [3:29pm] PeterThoeny: anything? [3:29pm] HideyoImazu: I slightly enhanced MailerContrib [3:30pm] HideyoImazu: so that the number of retries can be specified in configuration [3:30pm] PeterThoeny: good [3:30pm] HideyoImazu: it was hard-wired to 5 [3:31pm] PeterThoeny: in your case you needed more? [3:31pm] HideyoImazu: less [3:31pm] HideyoImazu: I set to 1 [3:32pm] PeterThoeny: any issue if you never reach 5? [3:32pm] PeterThoeny: trying to understand [3:33pm] HideyoImazu: my TWiki uses SMTP to send an email [3:33pm] HideyoImazu: trying multiple times within a short period doesn't help [3:33pm] HideyoImazu: each retry happens after a wait [3:33pm] HideyoImazu: which increases exponentially from 1 [3:34pm] HideyoImazu: to complete all 5 tries, it takes 15 seconds (1+2+4+8) [3:34pm] PeterThoeny: so you prefer to fail after first try [3:34pm] HideyoImazu: our SMTP server returns an error with a non-existent email address [3:35pm] HideyoImazu: if a non-existent address is put on WebNotify, and a topic or more is modified, then it causes 15 second delay [3:35pm] PeterThoeny: oic, the retry was mainly meant if the mail server is not reachable [3:36pm] HideyoImazu: if you have thousands of webs having many non-existent email address in WebNotify [3:36pm] PeterThoeny: that makes sense now [3:36pm] HideyoImazu: mailnotify takes very long [3:36pm] HideyoImazu: several hours simply retrying in vein [3:37pm] PeterThoeny: ok [3:37pm] PeterThoeny: let's move on [3:37pm] PeterThoeny: ---++ 3. Review Urgent and Not So Urgent Bugs [3:37pm] PeterThoeny: http://develop.twiki.org/~twiki4/cgi-bin/view/Bugs/WebChanges [3:37pm] PeterThoeny: just a few activities on the extensions we mentioned earlier [3:38pm] PeterThoeny: anything? [3:38pm] HideyoImazu: i made a minor change to TWiki::Net::sendEmail() [3:38pm] HideyoImazu: i changed "retries" to "tries" [3:38pm] PeterThoeny: yes, i have seen [3:39pm] HideyoImazu: the first attempt is not a "retry", right? [3:39pm] HideyoImazu: at least a person like me thinks so [3:39pm] PeterThoeny: true [3:39pm] PeterThoeny: ---++ 4. Miscellaneous [3:39pm] PeterThoeny: anything? [3:39pm] HideyoImazu: not from me [3:40pm] PeterThoeny: neither me [3:40pm] PeterThoeny: HaraldJoerg? [3:40pm] HideyoImazu: ah [3:40pm] HaraldJoerg: Nor from me [3:40pm] HideyoImazu: one thing [3:40pm] HideyoImazu: any progress with TableCellsWithTML? [3:41pm] HideyoImazu: ah, it looks fixed now [3:41pm] HideyoImazu: it had an issue with <<|>> [3:42pm] PeterThoeny: well, i fixed one bug, the one with bullet list spanning across tabel cells [3:42pm] HideyoImazu: please disregard [3:42pm] PeterThoeny: "table cells" [3:42pm] PeterThoeny: but the other one you mentioned is not fixed yet [3:42pm] PeterThoeny: http://develop.twiki.org/~twiki4/cgi-bin/view/Bugs/Item7589 A table may get unrendered [3:43pm] PeterThoeny: i'll fix it [3:43pm] HideyoImazu: ah. that's not about TableCellsWithTML though. Still, I'm waiting for the fix. [3:44pm] PeterThoeny: ok [3:44pm] PeterThoeny: actually, i'd like to mention one support case, looks like a bug [3:44pm] PeterThoeny: http://twiki.org/cgi-bin/view/Support/SID-02006 [3:44pm] PeterThoeny: SID-02006: ResetPassword / ChangePassword causing problem [3:45pm] PeterThoeny: i can't reproduce, but is a bug in sten's environment [3:45pm] PeterThoeny: would be nice if you could give a hand/ideas/hints [3:45pm] PeterThoeny: that is all i have [3:45pm] HideyoImazu: we are using a single-sign-on mechanism provided by the web app container. so not affected at all [3:46pm] PeterThoeny: ok [3:46pm] PeterThoeny: let's close the meeting [3:46pm] PeterThoeny: thank you HaraldJoerg & HideyoImazu-san! [3:46pm] PeterThoeny: i'll post the logs [3:47pm] HideyoImazu: ttyl [3:47pm] PeterThoeny: ttyl [3:49pm] HaraldJoerg: ok, ttyl... sorry was distracted by trying to understand the ResetPassword case [3:49pm] PeterThoeny: np [3:51pm] PeterThoeny: if you find time please contribute directly on the support topic [3:52pm] HaraldJoerg: Will try to reproduce it or to look at the code... [3:52pm] PeterThoeny: thank you harald! [3:53pm] HaraldJoerg: Oops: [3:53pm] HaraldJoerg: Software error: Use of uninitialized value $web in substitution (s///) at /opt/twiki6/lib/TWiki.pm line 3234. [3:54pm] PeterThoeny:what action? [3:55pm] HaraldJoerg: ResetPassword... This should be just a warning, maybe I made a setting to make all warnings fatal... [3:55pm] PeterThoeny: ok [3:56pm] HaraldJoerg: This is not an SVN installation, just my personal installation [3:58pm] HaraldJoerg: Ah, I did set $TWiki::cfg{WarningsAreErrors} = 1