IRC Archive for channel #xwiki
Last modified by Vincent Massol on 2012/10/18 18:44
bblfish1 left at 00:16 (Quit: Leaving.
bblfish joined #xwiki at 00:18
vmassol left at 00:23 (Quit: Leaving.
jvelociter left at 01:22 (Quit: jvelociter
arkub left at 01:38 (Ping timeout: 264 seconds
ktakemur joined #xwiki at 01:42
ktakemur_ joined #xwiki at 01:42
ktakemur_ - (01:43): nick ktakemur
ktakemur left at 01:43 (Client Quit
ktakemur_ left at 01:43 (Client Quit
ktakemur joined #xwiki at 01:44
mpavel left #xwiki at 01:51
jvelociter joined #xwiki at 04:19
ktakemur_ joined #xwiki at 04:51
ktakemur left at 04:51 (Read error: Connection reset by peer
ktakemur_ left #xwiki at 04:52
DV_ left at 05:15 (Read error: Connection reset by peer
nickless left at 05:53 (Ping timeout: 246 seconds
Denis left at 06:01 (Read error: Connection reset by peer
sdumitriu left at 06:07 (Quit: Leaving.
Denis joined #xwiki at 06:08
jvelociter left at 06:19 (*.net *.split
plunden left at 06:19 (*.net *.split
lucaa left at 06:19 (*.net *.split
TaurusLee left at 06:19 (*.net *.split
TaurusLee joined #xwiki at 06:26
DV_ joined #xwiki at 07:09
DV_ left at 07:17 (Ping timeout: 264 seconds
bblfish left at 07:38 (Ping timeout: 265 seconds
bblfish joined #xwiki at 07:43
DV_ joined #xwiki at 07:46
CalebJamesDeLisl - (07:56): Good morning bblfish, what are you going to need to authenticate foaf+ssl users? The servlet request? Will it work with a portlet?
plunden joined #xwiki at 08:13
plunden is now known as 92AAADNIF ([email protected]
mflorea joined #xwiki at 08:14
vmassol joined #xwiki at 08:14
jvelociter joined #xwiki at 08:14
lucaa joined #xwiki at 08:14
plunden joined #xwiki at 08:14
DV_ left at 08:54 (Ping timeout: 248 seconds
Denis left at 09:01 (Quit: Leaving.
vmassol - (09:03): good mornnig
vmassol - (09:03): guys do you also see the misplaced arrows for the panels on http://massol.myxwiki.org/xwiki/bin/view/Blog/ ?
vmassol - (09:03): seems to have been caused by the upgrade of myxwiki.org since I haven't touched that wiki
Denis joined #xwiki at 09:17
evalica joined #xwiki at 09:23
Enygma` joined #xwiki at 09:26
DV_ joined #xwiki at 09:37
anamarias joined #xwiki at 09:41
silviar joined #xwiki at 09:42
florinciu joined #xwiki at 09:43
DV_ left at 10:12 (Ping timeout: 252 seconds
DV_ joined #xwiki at 10:13
akshay joined #xwiki at 10:13
akshay - (10:13): hi
tmortagne joined #xwiki at 10:13
DV_ left at 10:14 (Read error: Connection reset by peer
DV_ joined #xwiki at 10:14
vmassol - (10:14): guys, any idea what could have caused this "regression": on http://massol.myxwiki.org/xwiki/bin/view/Blog/ I have misplaced arrows for the panels?
vmassol - (10:15): have we changed something related to these arrows in 2.3-snap?
lucaa left #xwiki at 10:16
akshay left at 10:17 (Quit: leaving
shelan_ joined #xwiki at 10:20
KermitTheFragger joined #xwiki at 10:24
glerouge joined #xwiki at 10:34
xenon75 joined #xwiki at 10:37
jvdrean joined #xwiki at 10:37
DV_ left at 10:38 (Read error: Connection reset by peer
DV_ joined #xwiki at 10:38
mflorea left at 10:39 (Quit: Leaving.
lucaa joined #xwiki at 10:53
lucaa - (10:59): hi devs. Could you please send your votes on the mail about including the annotations by default in the platform?
lucaa - (11:00): also the ones that voted on the 2.3 rel preparation mail, please make it official
glerouge - (11:01): so what's the subject of the one we should vote on in the end?
lucaa - (11:02): [vote] Bundle annotations in platform by default starting with 2.3M1
shelan_ left at 11:03 (Quit: Leaving
lucaa - (11:03): which means move to platform, add to the platform build (so that annotation support is always there) and for the client side code (annotations UI) there are the 2 strategies: either have it as an application to install or bundled with enterprise by default
glerouge - (11:04): done
sdumitriu joined #xwiki at 11:06
lucaa - (11:07): thanks glerouge
glerouge - (11:08): my pleasure lucaa
mpavel joined #xwiki at 11:08
mflorea joined #xwiki at 11:30
florinciu left at 11:34 (Read error: Connection reset by peer
florinciu joined #xwiki at 11:41
silviar - (11:44): Hi! I am noticing a different behavior in "XWiki Preferences > Panel Wizard"; When I click "Revert" I am taken to the XWiki Preferences main page http://localhost:8084/xwiki/bin/admin/XWiki/XWikiPreferences
silviar - (11:44): I noticed this while testing XWiki Enterprise 2.3-SNAPSHOT.27701
silviar - (11:44): note this doesn't happen in XE 2.2.2
bblfish left at 12:14 (Ping timeout: 268 seconds
sdumitriu - (12:16): vmassol: Ping
bblfish joined #xwiki at 12:16
bblfish - (12:27): pong
silviar - (12:27): Also editing a user/group from "XWiki Preferences > Users/Groups" doesn't work in IE6 & IE7; see printscreens on the incubator: http://incubator.myxwiki.org/xwiki/bin/view/Test/23Snapshots
MichelleShi joined #xwiki at 12:44
nickless joined #xwiki at 12:48
arkub joined #xwiki at 12:49
DV__ joined #xwiki at 12:59
arkub left at 13:01 (Ping timeout: 252 seconds
DV_ left at 13:03 (Ping timeout: 268 seconds
CalebJamesDeLisl - (13:12): bblfish: What are you going to need access to for your foaf+ssl login module?
bblfish - (13:12): hi
CalebJamesDeLisl - (13:12): Hello.
bblfish - (13:13): I think what I need is to be able to map URIs to whatever handle you have for a user
bblfish - (13:13): and save that map somewhere
bblfish - (13:13): so I can query by URI and get a user
bblfish - (13:13): then of course I can use the RDF on the web to fill in the info about the user
bblfish - (13:14): if he is new, or update it, if his info changes
CalebJamesDeLisl - (13:14): Currently we use a document with an object as the handle for the user (as you probably know)
CalebJamesDeLisl - (13:14): Right now I'm just interested in the authentication mechanism.
bblfish - (13:15): Well the authentication mechansim is done with info from the web, and the info the user gives me
CalebJamesDeLisl - (13:15): Does it need cookies or request parameters etc.
bblfish - (13:16): I suppose once authenticated it would be easiest to continue using whatever other handle you use
sdumitriu - (13:16): vmassol: Ping again
bblfish - (13:16): I suppose you use cookies
CalebJamesDeLisl - (13:16): We are using cookies at the moment, does your stuff need to be logging in through https?
bblfish - (13:17): the way foaf.me does it currently is to use https://foafssl.org/srv/idp to do the authentication
bblfish - (13:17): then they set a cookie
bblfish - (13:18): ( they are using foafssl.org so we can help test each other's software out )
bblfish - (13:18): stage 2 then, would be to avoid reliance on foafssl.org and to set up a local https port to do the same
bblfish - (13:18): then if you really wanted security, you could put the whole of xwiki behind https
bblfish - (13:19): and then I think you would not even need cookies
CalebJamesDeLisl - (13:19): I figured that was what your auth mechanism would do. I have to confess my lack of understanding about how ssl authentication works.
bblfish - (13:19): https has a session mechanism, I think
bblfish - (13:19): heh: it's really simple
bblfish - (13:19): we hacked the ssl layer
bblfish - (13:19): so we accept any certificate, even self signed
bblfish - (13:20): then we pass that to the application layer that does the verification
bblfish - (13:20): that code is here
bblfish - (13:20): <dependency>
bblfish - (13:20): <groupId>org.openrdf.sesame</groupId>
bblfish - (13:20): <artifactId>sesame-sail-nativerdf</artifactId>
bblfish - (13:20): <version>${sesame.version}</version>
bblfish - (13:20): </dependency>
bblfish - (13:20): heu
CalebJamesDeLisl - (13:20): Okay so you just get the sessionId from the HttpServletSession and do your validation, then as long as that stays the same all is good.
bblfish - (13:20): http://github.com/bblfish/foafssl-java/blob/master/foafssl-verifier/src/main/java/net/java/dev/sommer/foafssl/verifier/DereferencingFoafSslVerifier.java
CalebJamesDeLisl - (13:21): brb coffee :)
bblfish - (13:21): ah ok, me too then
glerouge1 joined #xwiki at 13:25
xenon75 left at 13:25 (Read error: Connection reset by peer
xenon75 joined #xwiki at 13:25
florinciu left at 13:26 (Quit: Leaving.
glerouge left at 13:29 (Ping timeout: 260 seconds
bblfish - (13:30): I am just refactoring that code, btw
bblfish - (13:31): there is a SPARQL query in there
bblfish - (13:31): the inputstream is the from an http connection to the WebId
bblfish - (13:33): ah no, its not even used. That is why I am refactoring.
CalebJamesDeLisl - (13:36): I see HttpsURLConnection but that's for the outgoing connection to the foaf+ssl server. Still can't find where it gets a ServletRequest or something from the user who is trying to authenticate.
bblfish - (13:37): let me see
sdumitriu - (13:39): vmassol: I think the problem on your blog is XWIKI-4934
vmassol - (13:39): checking thxs
bblfish - (13:39): that is here http://github.com/bblfish/foafssl-java/blob/master/foafssl-identity-provider/src/main/java/net/java/dev/sommer/foafssl/login/ShortRedirectIdpServlet.java
bblfish - (13:40): in tomcat you can get the certificate used with this code X509Certificate[] certificates = (X509Certificate[]) request
bblfish - (13:40): .getAttribute("javax.servlet.request.X509Certificate");
vmassol - (13:40): sdumitriu: is that issue a regression? Was working fine in 2.2 I believe and appeared when we upgraded to 2.3
sdumitriu - (13:40): Don't know
sdumitriu - (13:40): Maybe somebody just wrote a new panel macro in their wiki
sdumitriu - (13:40): So it's just a coincidence
bblfish - (13:41): anyway, that's the code running on foafssl.org, and that at some point would be running in xwiki
vmassol - (13:41): I haven't touched my blog pages
vmassol - (13:41): (haven't touched the wiki actually)
vmassol - (13:41): I didn't upgrade the XAR though
sdumitriu - (13:41): It's not about your content
bblfish - (13:42): CalebJamesDeLisl: does that help a bit?
sdumitriu - (13:42): Any other wiki in the farm could write a custom #displaypanel macro, and it will break all the other wikis
CalebJamesDeLisl - (13:42): Looking...
sdumitriu - (13:42): vmassol: So it's a big problem
vmassol - (13:44): oh I see… ouch
bblfish - (13:45): CalebJamesDeLisl: when using foafssl.org it is very simple: your login button just point to foafssl.org, and it redirects to an xwiki page with the WebId in the URL which is signed too, so that people cannot forge it
sdumitriu - (13:45): vmassol: At least that's what I get from the issue description, I didn't verify it
sdumitriu - (13:45): But is the only explanation of it
bblfish - (13:46): at that point xwiki knows - if it trusts foafssl.org - the webid of the user. It can the GET that webid for more info about him
bblfish - (13:46): s/the/then/
CalebJamesDeLisl - (13:47): Right I'm still not understanding what the user passes to xwiki to prove that they are not using someone else's id.
bblfish - (13:47): CalebJamesDeLisl: did you make a WebId on webid.myxwiki.org ?
CalebJamesDeLisl - (13:47): It seems to me that the xwiki auth code must check the client cert.
florinciu joined #xwiki at 13:48
CalebJamesDeLisl - (13:48): No I haven't. I'm weird about having to read things before I use them :)
bblfish - (13:48): well, you don't have to read, you just have to do
bblfish - (13:48): :-)
bblfish - (13:48): go make yourself an account
bblfish - (13:49): click the create webid button and look at the certificate it generated
CalebJamesDeLisl - (13:49): What will I be doing with it?:
bblfish - (13:49): You can then login to other sites
bblfish - (13:49): it just will be easier to understand
bblfish - (13:49): and you don't have to read! :)
CalebJamesDeLisl - (13:50): Oh yes I do :) Security stuff always looks like it works.
bblfish - (13:50): yes, but if you get the feel, it will tune your inutions
CalebJamesDeLisl - (13:51): Anyway I don't think logging in will tell me what I need to provide the auth module.
bblfish - (13:51): Please try it
bblfish - (13:51): It's 2 min
bblfish - (13:51): I spent days putting that together
CalebJamesDeLisl - (13:52): Well I'll set up an account but then I have to read the code to find how the login process works.
bblfish - (13:53): Well I can help you there
bblfish - (13:53): but it will be much faster to understand
bblfish - (13:54): ok so you have a home page now
bblfish - (13:54): there is a button, submit cert requrest. Put a name in the field and click that button
bblfish - (13:54): (what browser are you using?)
CalebJamesDeLisl - (13:54): FF3.6 way faster than 3.0.10 :)
bblfish - (13:55): cool
bblfish - (13:55): so you just go here http://webid.myxwiki.org/xwiki/bin/view/XWiki/aUser
bblfish - (13:56): type a name for your cert like "Netscape user"
bblfish - (13:56): of "FF me"
bblfish - (13:57): or whatever and click the "create certificate requ" button
CalebJamesDeLisl - (13:57): Done
bblfish - (13:58): don't know why webid is so slow now
bblfish - (13:58): it should have added a certificate to your browser
CalebJamesDeLisl - (13:59): https://foafssl.org/srv/idp is still trying to use the cert I created with localhost.
bblfish - (14:00): oh you had already used localhost. I forgot
bblfish - (14:00): yes, that's an issue I am trying to resolve
bblfish - (14:01): in your certificate Preferences->Advanced->
MichelleShi - (14:02): myxwiki.org down?
bblfish - (14:02): yes, it seems like it is
bblfish - (14:02): Preferences->Advanced->view certificates you will see your certs
bblfish - (14:03): in the cert you will find your public key and your web id
CalebJamesDeLisl - (14:03): Yes I just logged in to test.foafssl.org and it let me pick a cert.
bblfish - (14:03): that is what the code http://github.com/bblfish/foafssl-java/blob/master/foafssl-verifier/src/main/java/net/java/dev/sommer/foafssl/verifier/DereferencingFoafSslVerifier.java
bblfish - (14:03): verifies
bblfish - (14:03): it verifies that the public key in your cert matches the one in your foaf
CalebJamesDeLisl - (14:04): re myxwiki down: see what happens when you get me to touch something? ;)
bblfish - (14:04): I don't think that webid.myx… could shut down myxwiki too ?
CalebJamesDeLisl - (14:05): Yea it's a "virtual wiki"
MichelleShi - (14:05): when will myxwiki be available again?
bblfish - (14:05): perhaps I introduced an infinite loop in the code?
CalebJamesDeLisl - (14:05): XWiki scalability is very cool. it should restart in a few minutes.
sdumitriu - (14:06): myxwiki: java.lang.OutOfMemoryError: PermGen space
bblfish - (14:06): is there a stack trace?
sdumitriu - (14:06): I believe that pygments/jython has a problem
sdumitriu - (14:07): I think {{code}} triggers this
bblfish - (14:07): mhh, I don't use pygments, jython
CalebJamesDeLisl - (14:07): Might have been on the edge and I tipped it over getting that cert.
sdumitriu - (14:07): bblfish: It's not your fault
sdumitriu - (14:08): It's just a coincidence
bblfish - (14:08): CalebJamesDeLisl: I don't think you created a cert
bblfish - (14:08): thre is nothing http://webid.myxwiki.org/xwiki/bin/view/XWiki/aUser
bblfish - (14:08): or it crashed just then
bblfish - (14:09): oh wait, looking in wrong place
bblfish - (14:09): ah no
CalebJamesDeLisl - (14:10): hmm, I have a cert in the browser. Maybe sending it made it load one more class, straw that broke the camel's back so to speak.
MichelleShi - (14:10): It's available now.
bblfish - (14:10): yes, it was a bit slow
bblfish - (14:11): anyway, the way it works is by you having a certificate with a webid insides ( A URL for you) and then an http GET on http://webid.myxwiki.org/xwiki/bin/view/XWiki/aUser should show your public key
bblfish - (14:11): you should delete your certificates
bblfish - (14:11): and try again
CalebJamesDeLisl - (14:14): forgot the password I had used.
bblfish - (14:16): ok, well let me know when you are back on track...
bblfish - (14:16): I'll do some refactoring
CalebJamesDeLisl - (14:16): got it. and generated a new cert.
CalebJamesDeLisl - (14:17): Redirect back to the user page would be cool...
CalebJamesDeLisl - (14:17): I found out why my certs aren't going to the right place.
CalebJamesDeLisl - (14:18): I seem to get kicked out of login when I go to generate a cert.
bblfish - (14:18): ok, damn I tried fixing something recently...
bblfish - (14:19): let me try
CalebJamesDeLisl - (14:19): mmm create local objects, show certificate. fun fun/
CalebJamesDeLisl - (14:20): "simulate input from a personal profile document" wonder what this button does :)
bblfish - (14:20): CalebJamesDeLisl: I just created a cert
bblfish - (14:21): did you click the advanced button?
CalebJamesDeLisl - (14:21): of course
CalebJamesDeLisl - (14:21): You wonder how I break things.
bblfish - (14:21): ok, so then you have to create a certificate on the advanced page :-)
bblfish - (14:21): it just allows you to set a shorter time to live and test the whole script
CalebJamesDeLisl - (14:21): Yea the advanced page kicked me out of login.
CalebJamesDeLisl - (14:22): So I had to login and go back there.
bblfish - (14:22): I clicked advanced and am still logged in
bblfish - (14:23): ok I also created a cert in advanced in FF
vmassol - (14:23): sdumitriu: is it you who fixed the pb on massol.myxwiki.org?
vmassol - (14:23): (it's ok now)
CalebJamesDeLisl - (14:25): bblfish: I noticed your rdf stuff is in the document body so you were able to solve the http parser issue?
sdumitriu - (14:25): vmassol: No, myxwiki got restarted, and the problematic macro didn't get loaded yet
vmassol - (14:25): ah ok
bblfish - (14:26): yes, it was not a problem of the parser. It was bad html
bblfish - (14:26): now the page is xhtml 1.1 compliant I think
bblfish - (14:26): xhtml 1.1/rdfa compliant to be exact
bblfish - (14:27): are you logged in as aUser?
bblfish - (14:27): that could be your problem. You can't create a cert if you are not logged in as aUser
CalebJamesDeLisl - (14:27): Yes. still trying to find the public key in the user page.
bblfish - (14:27): it's not there
bblfish - (14:28): don't click the advanced buttone when makeing a cert
bblfish - (14:28): let's keep things simple
CalebJamesDeLisl - (14:28): Ahh yes, kicked out of login again.
bblfish - (14:28): is that perhaps because you don't have a first and last name?
bblfish - (14:30): ah you have a key now
CalebJamesDeLisl - (14:30): I don't know. I think vincent's script just deletes users doesn't kick them out.
bblfish - (14:30): http://webid.myxwiki.org/xwiki/bin/view/XWiki/aUser
bblfish - (14:30): you have a key
CalebJamesDeLisl - (14:30): Yes I have a key but kicked out again.
vmassol - (14:30): CalebJamesDeLisl: yes
vmassol - (14:31): CalebJamesDeLisl: it's not supposed to be needed anymore if you can configure your reg feature
vmassol - (14:31): to not allow empty names and ensure first name != last name
vmassol - (14:31): + captcha enabled
vmassol - (14:31): would be great if this could be configured on wiki.org and myxwiki.org
bblfish - (14:32): perhaps there is a bug in my velocity code http://webid.myxwiki.org/xwiki/bin/view/WebId/XWikiUserProfileSheet
sdumitriu - (14:32): So many people on IRC today... Is it because of GSoC?
bblfish - (14:32): perhaps I don't do $! somewhere
CalebJamesDeLisl - (14:33): I can make that change. I still have an class/object based way to configure the registration page sitting on the hard disk.
CalebJamesDeLisl - (14:34): Hmm, I think I'm getting kicked out because no username and password cookies are being set anymore.
CalebJamesDeLisl - (14:34): just jsession
bblfish - (14:34): ok, so not my code?
CalebJamesDeLisl - (14:35): I think it is not.
bblfish - (14:36): the code here http://www.myxwiki.org/
bblfish - (14:36): the web page looks broken
CalebJamesDeLisl - (14:38): Yes it does.
lucaa left at 14:39 (Quit: Leaving.
CalebJamesDeLisl - (14:39): Interestingly, my global username at myxwiki.org works (username and password cookies are set)
CalebJamesDeLisl - (14:40): Yet the local username at webid does not work. Probably configuration, I don't think anything was changed in the auth code.
vmassol - (14:43): page fixed
bblfish - (14:43): no, I only added WebId/ tree
bblfish - (14:44): I think recenlty we did something so that it returns rdfa doctype
bblfish - (14:44): but I can't see that affecting anything
CalebJamesDeLisl - (14:44): bblfish: https://foafssl.org/srv/idp reads back my /aUser#me page
bblfish - (14:45): yes, it does an HTTP get on it
CalebJamesDeLisl - (14:45): So where does the login happen?
CalebJamesDeLisl - (14:45): It looks like that page wants to be used to login somewhere else.
bblfish - (14:47): have you removed all you extranous broken certs from your browser?
bblfish - (14:47): then go here: http://nanoblog.me/
bblfish - (14:47): at the top is a login to your account link, it shows you how currently foafssl.org is working. (though I am about to rewrite it)
CalebJamesDeLisl - (14:49): I just pasted foaf.me into the text field at the page I was on and now it thinks I'm logged in...
bblfish - (14:49): I don't know where you are
bblfish - (14:50): what page are you looking at
CalebJamesDeLisl - (14:51): http://foaf.me/index.php and at the top it says logout.
CalebJamesDeLisl - (14:51): and it says the url of the webid page.
bblfish - (14:51): http://nanoblog.me/ is better
bblfish - (14:51): because you don't have anything in your foaf profile on xwiki, it's not going to be very interesting
bblfish - (14:52): next to the logout button did it give your xwiki url?
CalebJamesDeLisl - (14:56): Yes.
bblfish - (14:57): ok, so you were logged in then
CalebJamesDeLisl - (14:57): I just tracked the login process with firebug
CalebJamesDeLisl - (14:57): Horrible abuse of the redirect :)
bblfish - (14:57): yes. foafssl.org is a hack, to help people get going
CalebJamesDeLisl - (14:58): What I'm wondering about is the key which is passed to nanoblog. Who's key is that?
bblfish - (14:58): that is the signature of the URL
bblfish - (14:58): by foafssl.org
bblfish - (14:59): with a timestamp
CalebJamesDeLisl - (14:59): Signed by foafssl.org's key I presume?
bblfish - (14:59): yes
CalebJamesDeLisl - (14:59): I see.
bblfish - (14:59): which is printed on the srv/idp page
bblfish - (15:00): well the publick key is there
bblfish - (15:00): the private key is on the server
CalebJamesDeLisl - (15:00): While we're at it could we just put the whole thing into the auth code so there need not be the trust in foafssl.org?
bblfish - (15:00): yes of course
bblfish - (15:00): that would be step 2
bblfish - (15:00): the good thing about foafssl.org is I can do a quick test that way
bblfish - (15:01): then if you like it, you can roll it into auth
bblfish - (15:01): so I think writing a foaf+ssl login with foafssl.org is really simple
bblfish - (15:01): you could probably do it in less than a page of code
bblfish - (15:02): (depending on the lang of course)
CalebJamesDeLisl - (15:02): But you already have the code for foafssl.org written in java.
bblfish - (15:03): yes. setting up foafssl.org requires not just the java. It requires setting up xwiki with a client side cert
bblfish - (15:03): sorry
bblfish - (15:03): with a CA signed certificate
CalebJamesDeLisl - (15:03): I see.
bblfish - (15:03): (otherwise they see warning signals)
bblfish - (15:03): also it requires some setup at the ssl layer
bblfish - (15:04): so it requires more work. I would do that only after we can show that the basic idea works
CalebJamesDeLisl - (15:04): Right that very annoying FF page about self signed cert.
bblfish - (15:04): yes
CalebJamesDeLisl - (15:04): It didn't used to be that way.
92AAADNIF left #xwiki at 15:04
glerouge1 left at 15:04 (Quit: Leaving.
bblfish - (15:05): with Secure-DNS things will be a lot better
bblfish - (15:05): I think there will be no need for CAs anymore
bblfish - (15:05): and that is being rolled out right now in the US
CalebJamesDeLisl - (15:05): Mmm, not really. You still have the ISP people (hi guys) and the NSA (hi guys)
CalebJamesDeLisl - (15:06): The potential for middlemanning the connection is still there.
bblfish - (15:06): yes, it'll take time. But long term the guy who broke X509 recently told me a few good ideas he had
bblfish - (15:07): Dan Kaminsky
bblfish - (15:07): he was in Berlin for Chaos communication congress at Xmas
bblfish - (15:08): his idea is that with secure DNS you can put your server certificate into the DNS
bblfish - (15:08): in a way, that proves the association
bblfish - (15:08): can't remember what the DNS naming system is called
bblfish - (15:09): but that's a bit of time off :-)
CalebJamesDeLisl - (15:09): ccc I seem to remember reading txt files by them back when txt files were big.
CalebJamesDeLisl - (15:10): DNS and CA's share the same shortcomings, centralization.
DV__ left at 15:11 (Ping timeout: 260 seconds
bblfish - (15:12): http://events.ccc.de/congress/2009/wiki/Conference_Recordings
CalebJamesDeLisl - (15:13): Still trying to figure out how we could put a full auth mechanism on each xwiki instance.
vmassol - (15:14): tmortagne: are we ready to upgrade myxwiki.org to the new 2.3-snap now?
vmassol - (15:14): also, are we ready for the 2.2.3 release?
bblfish - (15:14): ok, so I think by default you can allow foaf+ssl using foafssl.org, and then if people like it, we give them a README to set up the certificates etc
tmortagne - (15:14): upgrade: i think so i was about to start
tmortagne - (15:14): for 2.2.3 i need to look around but i don't know any remaining blocker
vmassol - (15:14): guys are we ready for 2.3M1 release too?
bblfish - (15:14): (you can put up foafssl.xwiki.org too
bblfish - (15:14): if you don't want to rely on me
vmassol - (15:15): has anca done her commits?
vmassol - (15:15): (ie is annotations working on trunk?)
CalebJamesDeLisl - (15:15): bblfish: I trust you :) but I don't like this 3rd party stuff
vmassol - (15:15): I guess we need a few days more to test it
tmortagne - (15:15): vmassol: did not seen anything related to annotation in notification but i could have missed it
bblfish - (15:16): CalebJamesDeLisl: yes, I don't like it either, it is just a stepping stone. Reduces the size of what is required to get going.
vmassol - (15:16): I don't think I've seen it either
vmassol - (15:16): hmm so 2.3M1 will get delayed a bit more I guess
vmassol - (15:16): we should define a new date
vmassol - (15:16): but anca isn't here
vmassol - (15:16): anyone else has stuff for 2.2.3 or 2.3M1?
CalebJamesDeLisl - (15:16): bblfish: I don't like the idea that the servers still need a CA cert when it's all done.
bblfish - (15:16): CalebJamesDeLisl: I like to do things step by step. It helps debugging.
bblfish - (15:17): Ah ok. To change that you need to change the way browser manufacturers work, and I think that is the next step
CalebJamesDeLisl - (15:17): I wonder if firefox would let us sign eachother's keys :D
sdumitriu - (15:17): vmassol: There are always bugs to fix, but we have to draw a line
bblfish - (15:17): yes, we could do that
sdumitriu - (15:17): We can release a 2.2.4 in two weeks
CalebJamesDeLisl - (15:18): bblfish: I don't suppose any CA would sign keys for us which can sign other keys.
bblfish - (15:18): you could do the same we do with clent side certts, by have an issue Alternative WebId
bblfish - (15:18): on the server cert
CalebJamesDeLisl - (15:19): Now you're talkin'
bblfish - (15:19): but before you get people to understand that, they first have to understand the simple bit
bblfish - (15:19): we are doing now
bblfish - (15:19): when enough hackers grok that, we'll be hacking some good improvements into FF
CalebJamesDeLisl - (15:20): So all your "first step" authenticator will need are the request parameters and foafssl.org's key?
bblfish - (15:21): yes
bblfish - (15:21): I should automate the key by publishing it
bblfish - (15:21): in rdf
CalebJamesDeLisl - (15:21): And it should work through a portlet then.
vmassol - (15:21): sdumitriu: oh yes definitely, we shouldn't wait
bblfish - (15:21): i suppose I have not tried portlets
vmassol - (15:22): just asking if there were some regression/blocker still open
vmassol - (15:22): (for 2.2.3)
bblfish - (15:22): by the way the author of the GNU public licence, eben moglen's talk is clearly a huge call for the free software movement to start working on distributed social networks http://bit.ly/brQmJz
vmassol - (15:22): tmortagne: I think we're ready for the 2.2.3 release then if the functional tests pass
CalebJamesDeLisl - (15:22): If it *should* work through a portlet then I will write a request interface which extends portlet and servlet.
bblfish - (15:23): ok, cool :-) I think we even have some code to verify the signature in github
vmassol - (15:23): tmortagne: I have restested my demo with a snap on 2.2 branch from this morning and I don't have any exceptions anymore
tmortagne - (15:23): vmassol: i plan to upgrade myxwiki.org when hudson is done with the rebuild and test and release tomorrow morning 2.2.3
tmortagne - (15:23): ok cool
bblfish - (15:25): CalebJamesDeLisl: the test code is here I think http://github.com/bblfish/foafssl-java/blob/master/foafssl-identity-provider/src/test/java/net/java/dev/sommer/foafssl/login/ShortRedirectIdpServletTest.java
vmassol - (15:26): tmortagne: ok
tmortagne - (15:31): sdumitriu: you should maybe choose another example than "wiki" for http://platform.xwiki.org/xwiki/bin/view/Main/ShortURLs since it's the default servlet mapping for path based multiwiki
sdumitriu - (15:32): Oh, forgot that
sdumitriu - (15:32): This might actually break things
sdumitriu - (15:34): It seems to work when virtualwiki or multipath is disabled
sdumitriu - (15:34): Well, /wiki/ is a decent name for the mapping
sdumitriu - (15:34): I'll add a warning
tmortagne - (15:35): jvelociter: what do we do about http://jira.xwiki.org/jira/browse/XE-615 ?
tmortagne - (15:36): sdumitriu: yes when it's disabled it should work well i think
sdumitriu - (15:37): tmortagne: Where is path based multiwiki documented?
sdumitriu - (15:37): I can't find it on http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Virtualization
jvelociter - (15:37): tmortagne: I fixed the import as backup pack for programmers
jvelociter - (15:37): but indeed if guest is initially not a programmer that's not going to work
tmortagne - (15:38): sdumitriu: http://manager.xwiki.org/xwiki/bin/view/AdminGuide/AccessWiki and http://platform.xwiki.org/xwiki/bin/view/AdminGuide/URL+resolution
jvelociter - (15:39): tmortagne: maybe ok for what you say in XWIKI-4073
jvelociter - (15:39): (i.e. global admin instead of programming right)
tmortagne - (15:40): jvelociter: yes i don't see other solution
jvelociter - (15:41): it does not fix the issue for farm mode, but that's another problem
jvelociter - (15:41): (for local admins I mean)
tmortagne - (15:41): which issue ?
jvelociter - (15:42): the fact that local admins will not be able to import as backup the XE XAR that needs programming rights
tmortagne - (15:42): well we can't do anything about that
jvelociter - (15:42): yep
jvelociter - (15:43): except some xar signing or other not trivial development
bblfish - (15:43): CalebJamesDeLisl: did you find out what your login problem was on webid?
tmortagne - (15:43): except of course not have any page tht needs programming right in XE standard but all that page are in jira alreasy think
jvelociter - (15:43): first we should get rid of the need of prog right in the XE XAR
tmortagne - (15:43): yes
jvelociter - (15:43): tmortagne: can you handle the fix in Package.java ?
tmortagne - (15:44): jvelociter: yes should not be too long
jvelociter - (15:44): thanks
tmortagne - (15:46): the comment was already "Determine if the user performing the installation is a farm admin" ;)
CalebJamesDeLisl - (15:46): bblfish: I think it might be myxwiki cookie zone configuration. Thanks for the code. Still trying to figure out how we can not have to keep on begging verisign for out server keys.
florinciu left at 15:47 (Read error: Connection reset by peer
florinciu joined #xwiki at 15:49
bblfish - (15:49): CalebJamesDeLisl: you can use http://www.trustico.fr
bblfish - (15:49): otherwise, this protocol requires CAs to get started. As I say I think there are strong reasons to think that they won't be so useful for long
megha joined #xwiki at 15:50
sdumitriu - (15:50): CalebJamesDeLisl: Are you working on XWIKI-5019 and XWIKI-5020 ?
CalebJamesDeLisl - (15:51): sdumitriu: No I'm not, I'm not up to date on that part.
CalebJamesDeLisl - (15:56): bblfish: I wouldn't expect firefox to change, people have been complaining about that 'feature' for years.
MichelleShi - (15:56): vmassol, hi
tmortagne - (16:03): jvelociter: hmm the test is done for each document or do i read it the wrong way ?
jvelociter - (16:04): tmortagne: ah possible. maybe it's not in the right place
tmortagne - (16:05): i think one test for the whole import should be secure enough, otherwise whatever the test i will not works with guest user
tmortagne - (16:05): i should maybe send a mail
jvelociter - (16:06): as you feel
jvelociter - (16:06): maybe you can go for it
megha left at 16:10 (Ping timeout: 252 seconds
tmortagne - (16:13): mail sent, please vote quickly for it if you agree i would like to have this in 2.2.3
tmortagne - (16:16): jvelociter: is http://jira.xwiki.org/jira/browse/XSTOUCAN-146 needed in 2.2.3 ?
jvelociter - (16:16): I don't think so
jvelociter - (16:16): let me see
MichelleShi left at 16:27 (Quit: ??
jvelociter - (16:28): tmortagne: no
jvelociter - (16:28): I fixed only in 2.3
jvelociter - (16:29): (well not really fixed, it's rather an improvemnt)
tmortagne - (16:29): ok
tmortagne - (16:29): thanks
evalica left at 16:31 (Ping timeout: 252 seconds
xwikibot joined #xwiki at 20:11
sdumitriu - (20:11): !news
vmassol - (20:24): sdumitriu: cannot we contact the person responsible for the gsoc programme? (I think we shoud). I don't recall her name
sdumitriu - (20:25): Leslie?
sdumitriu - (20:25): Why?
vmassol - (20:25): yes leslie
vmassol - (20:25): well to understand why, although we've participated all those years and been a good gsoc citizens, etc
vmassol - (20:25): is it because we submitted late?
sdumitriu - (20:26): This year there were lots of applicants
sdumitriu - (20:27): 153 accepted out of 367 applicants
vmassol - (20:27): it was the same last year as I remember
headache - (20:31): i want to be honest if i'll find an organization partecipating to GSoC where i can contribute i'll give a try
sdumitriu - (20:31): Sure headache
headache - (20:33): however i will consider XWiki for a good alternative to boring bachelor degree thesis :)
megha left at 21:13 (Quit: Page closed
mflorea joined #xwiki at 21:14
headache - (21:27): tomorrow there will be an irc chat discussing rejected organizations
headache - (21:28): at 9 am or 10 am PST
xenon75 joined #xwiki at 21:35
nickless - (21:39): headache, which channel?
headache - (21:39): i think gsoc channel in freenode
headache - (21:39): i've read the news right now
xenon75 left at 21:41 (Ping timeout: 264 seconds
nickless - (21:41): thanks
headache - (21:42): you're welcome
lucaa joined #xwiki at 22:03
vmassol1 joined #xwiki at 22:08
vmassol left at 22:09 (Ping timeout: 246 seconds
mpavel left #xwiki at 22:33
mflorea left at 22:44 (Quit: Leaving.
Denis left at 23:32 (*.net *.split
Denis joined #xwiki at 23:36
Denis left at 23:46 (*.net *.split
lucaa left at 23:53 (*.net *.split
jvelociter left at 23:53 (*.net *.split
plunden left at 23:53 (*.net *.split
npm left at 23:53 (*.net *.split
LadySerena left at 23:53 (*.net *.split
nuvolari left at 23:53 (*.net *.split
bblfish left at 23:53 (*.net *.split
jfx left at 23:53 (*.net *.split
xipe left at 23:53 (*.net *.split
cypromis left at 23:53 (*.net *.split
CalebJamesDeLisl left at 23:53 (*.net *.split
vmassol1 left at 23:53 (*.net *.split
nickless left at 23:53 (*.net *.split
headache left at 23:53 (*.net *.split
TaurusLee left at 23:53 (*.net *.split
lucaa joined #xwiki at 23:59
headache joined #xwiki at 23:59
nickless joined #xwiki at 23:59
bblfish joined #xwiki at 23:59
plunden joined #xwiki at 23:59
jvelociter joined #xwiki at 23:59
TaurusLee joined #xwiki at 23:59
npm joined #xwiki at 23:59
nuvolari joined #xwiki at 23:59
jfx joined #xwiki at 23:59
CalebJamesDeLisl joined #xwiki at 23:59
LadySerena joined #xwiki at 23:59
xipe joined #xwiki at 23:59
cypromis joined #xwiki at 23:59
Denis joined #xwiki at 23:59
{{/code}}
