The Signpost

Technology report

Full steam ahead on Visual Editor, the avoidance of lock-breaking and 1.18b1 release

Contribute  —  
Share this
By Jarry1250

October Engineering Report published

The Wikimedia Foundation's Engineering Report for October was published last week on the Wikimedia Techblog and on the MediaWiki wiki, giving an overview of all Foundation-sponsored technical operations in that month. Many of the projects mentioned have been covered in The Signpost, including the New Orleans hackathon, the introduction of native https support for all Wikimedia wikis, and the local deployment of MediaWiki 1.18. Also included among the headlines on the report were the deployment of the Translate extension to Meta-Wiki and the completion of the first revision of the MediaWiki architecture document.

As described in brief in last week's "Technology report", progress is being made on a new parser and visual editor combination. The official engineering report documented exactly where that progress was coming from, with at least six developers (Trevor Parscal, Inez Korczynski, Roan Kattouw, Neil Kandalgaonkar, Brion Vibber and Gabriel Wicke, who only joined the team recently) each working on different elements of it concurrently.

Progress in other areas was more restrained but still being made; for example, developer Andrew Garrett worked on a script to convert existing LiquidThreads installations to the new, revised schema. Likewise, the "last critical bugs" in version 0.9 of WMF-supported offline reader Kiwix were fixed, with the release candidate cycle expected to begin shortly. There was also some bad news in the report, however, as it described how data analyst Erik Zachte had discovered inconsistencies in his report card numbers, which were investigated and attributed to packet loss of up to 25%, rendering several figures unreliable.

Scheduled for November are substantive work on the Git conversion and https support on the mobile platform to mirror that available on the non-mobile site.

User script writers grapple with protocol-relative URLs

With the switchover to native https slowly fading into history, the baton for ensuring total security has been passed on to script writers. This is because, although all interface images were switched over to using protocol-relative URLs, many user scripts will also have to be updated to use the new format.

Forcing use of insecure images or dependency scripts negates much of the benefit of using a secure site; as a consequence, browsers are right to show warnings, Ryan Lane explained. And as Brion Vibber described, the warnings are often very obvious: "Firefox can throw up a scary dialog box on every page view... Chrome does the big scary X-ing out of the 'https'... IE in latest versions just ignores any of the content that came over HTTP unless you opt back into it by clicking on a little bar at the bottom of the window" (Words and what not blog).

And so, with increasing numbers of users expected to switch to using the https version of the site, more and more script developers have been working to clear up any warnings; nonetheless, help will be needed within smaller sites to fix code copied and pasted from larger wikis months or even years before the https support went native.

In brief

Not all fixes may have gone live to WMF sites at the time of writing; some may not be scheduled to go live for many weeks.

How you can help
Help track down old developers

As developer Chad Horohoe explained on the wikitech-l mailing list, the conversion from SVN to Git requires that names and email addresses be input for all contributors to the project. Since SVN had no such requirement, help is needed to pair up the correct names and email addresses with old developer pseudonyms (help now).

+ Add a comment

Discuss this story

These comments are automatically transcluded from this article's talk page. To follow comments, add the page to your watchlist. If your comment has not appeared here, you can try purging the cache.
  • So does this mean the various issues with https support are being dealt with? Also, it would be convenient if https links to wikimedia pages (e.g., for a link to a specific article revision) within edits would automatically be translated back into ordinary http links, so other users get whatever they prefer (http or https). Edit: Oh, I see, https can be used for the same URL paths that http uses now – this should have been mentioned in the article. Nageh (talk) 17:18, 11 November 2011 (UTC)[reply]
Yes, you can just change http to https in the URL now, a fact only dropped from this article on the grounds it has appeared on all previous occasions the switchover has been mentioned. As you say, though, they is no automated switching based on user preference at the moment - so someone else can still link you to the "wrong" version. - Jarry1250 [Weasel? Discuss.] 17:48, 11 November 2011 (UTC)[reply]
Right, but it's actually already possible to use protocol-relative URLs in wikitext, which provide automatic switching, i.e. will point to HTTPS or HTTP depending on what the reader is using:
[//en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2011-11-07/Technology_report] (results in [1])
Regards, HaeB (talk) 18:19, 11 November 2011 (UTC)[reply]

An email petitioner asked if we could change Signpost links to https; I wasn't sure if this would mess things up for people being logged-out etc. Would it be possible to accommodate both constituencies? Skomorokh 18:32, 11 November 2011 (UTC)[reply]

You mean the links in the mailing list email we send out? - Jarry1250 [Weasel? Discuss.] 23:40, 11 November 2011 (UTC)[reply]
Yup (blog, twitter etc. too I suppose). Skomorokh 13:47, 12 November 2011 (UTC)[reply]
Well, the problem there is that we need a defined entry point. "//" just means "stay on the same protocol as you were before" which isn't great when you're linking from offsite (and most browsers won't even observe it cross-domain anyhow). (Plus a // link isn't recognised as a link by lots of email clients.) - Jarry1250 [Weasel? Discuss.] 17:35, 13 November 2011 (UTC)[reply]



       

The Signpost · written by many · served by Sinepost V0.9 · 🄯 CC-BY-SA 4.0