[15:26:10] <sumanah>	btw guillom I removed something about socialcoding4good from the status msg for my engineering report section because it seems like sc4g wants to be a little more quiet for the moment (need to get more clarification on that but that's my understanding)
[15:26:53] <guillom>	sumanah, ok. Since the page was public, I didn't think it was an issue.
[15:27:30] <sumanah>	understood
[15:27:36] <sumanah>	guillom: that is a very reasonable inference
[15:27:42] <sumanah>	guillom: which was my inference as well till I asked
[15:27:46] <guillom>	:)
[15:27:47] <sumanah>	guillom: I guess it's softlaunchy?
[15:27:50] <guillom>	ok
[18:22:40] <sumanah>	TheCount: I'm curious about the nick change, of course
[18:22:59] <TheCount>	Meeting in another channel.  :)
[18:27:59] <Nemo_bis>	sumanah, am I wrong or your last email to cultural-partners was not to wikisource-l as well?
[18:28:24] <sumanah>	Nemo_bis: I am not on wikisource-l
[18:28:28] <sumanah>	Nemo_bis: feel free to forward
[18:28:40] <Nemo_bis>	sumanah, ok, so I'm giving you a link :)
[18:28:43] <sumanah>	Nemo_bis: and link to https://bugzilla.wikimedia.org/show_bug.cgi?id=32695
[18:29:28] <Nemo_bis>	sumanah, it should be http://lists.wikimedia.org/pipermail/wikisource-l/2011-February/000939.html
[18:30:09] <sumanah>	I am reading that now
[18:30:25] <sumanah>	Platonides: ^^
[18:32:19] <Nemo_bis>	sumanah, I think Alex wrote something to wikitech-l as well
[18:33:40] <sumanah>	Nemo_bis: feel like adding links to that bug in bugzilla?
[18:34:06] <Nemo_bis>	ok
[18:53:36] <Inez_>	Good morning
[18:57:04] <Krinkle>	Anyone here familiar with how centralnotice works internally ?
[18:57:34] <Krinkle>	I can't find a way to export variables with a banner from php to the front.
[18:57:45] <gwicke>	good evening
[18:57:49] <Reedy>	Roan might know
[18:57:56] <Reedy>	Else Kaldari (But he's not about)
[18:58:11] <RoanKattouw>	I don't, really
[18:58:14] <RoanKattouw>	Ask Kaldari
[18:58:49] <Krinkle>	It can't be in mw.config since it has to be cacheable, but there is an ajax request going on to get the banner, that's where I think custom variables can be added
[18:59:35] <Krinkle>	which can then be used by javascript in building the banner.
[18:59:37] <Reedy>	Ping him an email and ask him to go on irc
[19:00:15] <TrevorParscal>	Hello, and welcome to the weekly features meeting!
[19:00:43] <Krinkle>	Oh right!
[19:00:49] <Krinkle>	(the features meeting)
[19:02:05] <guillom>	ohai!
[19:03:14] <TrevorParscal>	http://etherpad.wikimedia.org/FeaturesTeam20111129
[19:05:40] <Krinkle>	RoanKattouw: Uploading WCN to commons/wikitech today.
[19:05:48] <Krinkle>	RL2 presentation that is
[19:06:50] <RoanKattouw>	yay
[19:06:59] <RoanKattouw>	I watched the recording of our Wikimania talk today
[19:08:07] <jorm>	i wasn't too happy with those recordings.
[19:08:22] <jorm>	it was like, "zoomed in on the guy talking" and then the slides got lost and ignored.
[19:08:38] <RoanKattouw>	Ours were bad in a different way
[19:09:03] <Krinkle>	we could make a literal video out of that :P
[19:09:06] <RoanKattouw>	There's a cut somewhere where about 20 seconds of video is missnig
[19:09:26] <RoanKattouw>	The slides are visible but hard to see
[19:09:33] <sumanah>	however, my understanding is that this is still a far better situation than the 2010 wikimania videos :)
[19:09:45] <RoanKattouw>	There's a light spot obscuring the top left corner and the colors are bland and hard to distinguish
[19:09:47] <Krinkle>	yeah, much better
[19:09:47] <jorm>	the one of howie and me and swalling is missing the first 2 or 3 minutes.
[19:09:47] <RoanKattouw>	sumanah: Heck yeah
[19:09:49] <sumanah>	also, they actually had tripods
[19:09:59] <RoanKattouw>	It STILL bothers me that I've never seen my own 2010 presentation
[19:10:00] <sumanah>	unlike any video I've taken of our presentations :)
[19:10:29] <sumanah>	RoanKattouw: you're closer to Poland than I am, for interrogation/chasing/etc purposes :)
[19:10:55] <RoanKattouw>	Believe me, we've tried
[19:12:46] <RoanKattouw>	So, to the topic of the features meeting: I am once again announcing I'll be working very little this week, it's college application crunch time
[19:58:06] <kaldari>	Krinkle: howdy
[19:58:21] <Krinkle>	kaldari: Hey, thanks for coming in,.
[19:58:37] <kaldari>	I can't talk for long though
[19:58:59] <Krinkle>	So I'm working on the CentralNotice banner for research (Dario)
[19:59:17] <Krinkle>	I can't find a way to add variables to the data exported to the front-end when a banner is requested
[19:59:26] <Krinkle>	I need to add data that is queried from MySQL
[19:59:54] <DarTar>	Krinkle: have you heard from Jerome if eventually they need to have the user_name or user_id passed as a parameter?
[20:00:19] <kaldari>	and you want the data in the banner request itself?
[20:00:49] <kaldari>	that would ruin the caching
[20:01:39] <kaldari>	what sort of data are you trying to collect?
[20:01:57] <Krinkle>	kaldari: Well, I don't want to force any method in particular. Basically I need to know certain variables (i.e. account age, boolean true/false if user has 20 edits in last X days, and some others). These values can be cached in that they need not be live, but fixed at time of banner launch
[20:02:02] <Krinkle>	however it is both user and banner specific.
[20:02:36] <kaldari>	you need this data for every banner impression, or just for people who click the banner?
[20:03:08] <Krinkle>	every, since whether or not to show this banner (or another) depends on it. Only users with certain user group memberships and account age are shown this banner.
[20:03:30] <Krinkle>	rectify
[20:03:40] <Krinkle>	Without "(or another)"
[20:03:56] <Krinkle>	It's fine that if this banner is choosen, in javascript either something or nothing get's showqn.
[20:03:58] <Krinkle>	shown*
[20:04:12] <kaldari>	ah, that's a tricky one to implement. The only way you can do it currently is display a blank banner, evaluate the user with client-side js, and then conditionally display the banner.
[20:04:37] <Krinkle>	I got that far, but my problem is getting that data to client-side JS
[20:04:38] <kaldari>	actually, that's not a very clear explanation...
[20:04:46] <Krinkle>	only for logged-in users though
[20:05:04] <Krinkle>	banners are created entirely on-wiki it seems.
[20:05:14] <kaldari>	There are some obscure api methods you can use via ajax
[20:05:37] <kaldari>	lemme find it...
[20:05:38] <Nemo_bis>	Krinkle, if you find a solution please document it somewhere, because many asked this before
[20:05:57] <Krinkle>	Nemo_bis: yes, will do
[20:06:02] <Nemo_bis>	thanks
[20:06:38] <kaldari>	http://www.mediawiki.org/wiki/Extension:UserDailyContribs
[20:07:07] <kaldari>	it's enabled on the cluster and has an API for querying user data
[20:07:33] <kaldari>	the API is fairly limited though
[20:08:37] <kaldari>	http://en.wikipedia.org/w/api.php search for "userdailycontribs"
[20:08:38] <Krinkle>	Hm.. I was thinking more towards a PHP solution (i.e. api.php(or Special:NoticeFoo)?getdatafor=banner_id&format=json)
[20:08:51] <Krinkle>	but that api might be enough
[20:09:14] <kaldari>	There's no easy way to do it server side
[20:09:33] <kaldari>	You would have to rewrite some of SpecialBannerController
[20:09:34] <Krinkle>	I'd have to do quite a few api queries though. some to userdailycontribs, some to userinfo, some elsewhere
[20:10:01] <kaldari>	why's that?
[20:10:16] <kaldari>	oh you need a bunch of data huh?
[20:11:06] <Krinkle>	yeah
[20:11:23] <kaldari>	There might be some undocumented params in UserDailyContribs, but probably not for everything you need
[20:12:07] *Krinkle 	waits for gDocuments to load
[20:12:47] <kaldari>	Krinkle: Take a look at http://meta.wikimedia.org/w/index.php?title=Special:NoticeTemplate/view&template=2011EditorSurvey
[20:13:29] <kaldari>	it looks like you can get registration date from that API
[20:13:49] <kaldari>	although, I must warn you account registration date isn't 100% reliable.
[20:13:55] <kaldari>	some accounts are missing that data
[20:14:04] <kaldari>	especially really old ones
[20:14:33] <kaldari>	but I think it's less than 1% of accounts
[20:14:41] <kaldari>	dario might know better than me
[20:14:46] <Krinkle>	arch, I can't find the document.
[20:15:16] <DarTar>	kaldari: I'm on a skype call, will read you later
[20:15:27] <Krinkle>	DarTar: The specs were in a google document, right ?
[20:15:49] <Krinkle>	For some reason the mail thread about it got spread over three emailaccounts.
[20:16:14] <Krinkle>	DarTar: Could you verify and/or fix that you got me as ttijhof@wikimedia.org instead of *@gmail.com ?
[20:16:20] <Krinkle>	(from now on)
[20:16:36] <kaldari>	http://en.wikipedia.org/w/api.php?action=userdailycontribs&user=Krinkle&daysago=90&format=xml
[20:17:00] <kaldari>	That should get you most of the way there
[20:17:35] <Krinkle>	kaldari: very nice
[20:18:05] <Krinkle>	"To be eligible, an en:wp user must:"
[20:18:10] <Krinkle>	* be an admin on en:wp (group=sysop);
[20:18:16] <Krinkle>	or
[20:18:27] <Krinkle>	* on en:wp, have a total number of edits of at least 300 prior to the launching date of the study + of which at least 20 edits within the last 180 days prior to the launch of the study;
[20:18:37] <Krinkle>	or
[20:18:40] <Krinkle>	* have had an en:wp account registered for less than 30 days prior to the launching date of the study; and in any case
[20:18:48] <Krinkle>	* and in any case, not be a bot (group=bot).
[20:18:50] <kaldari>	be careful about copying code from that editor survey banner though, it sets some cookies and does other weirdness as well, which you probably don't want.
[20:19:11] <Krinkle>	I'll look out for that
[20:19:19] <kaldari>	geez, that's complicated :P
[20:19:57] <Krinkle>	yeah, I'm somewhat confused by some of it though, why include anyone under 300 edits that's less than 30 days old ?
[20:20:07] <kaldari>	but I think you can get it all from the API and the user's groups
[20:20:10] <Krinkle>	but for accounts older than 30 days, only if more than 300 edits
[20:20:26] <Krinkle>	kaldari: yep, user groups are exported in mw.config already
[20:20:38] <Krinkle>	wgUserGroups
[20:20:49] <Krinkle>	which is nice
[20:22:02] <kaldari>	I gotta run, need anything else?
[20:22:21] <Krinkle>	kaldari: Don't think so, this is enough stuff to keep me busy and hopefully finish it all.
[20:22:27] <Krinkle>	Thanks so much
[20:22:28] <kaldari>	cool
[20:23:01] <Krinkle>	yuck, now for getting it up on prototype :P
[20:23:18] <Krinkle>	and manipulating accounts to get test subjects that can actually match the parameters
[20:23:33] <kaldari>	Krinkle: if you feel like documenting your solution: http://meta.wikimedia.org/wiki/Help:CentralNotice
[20:25:32] <Krinkle>	kaldari: will do once I verify it works for me :)
[20:28:07] <DarTar>	re
[20:28:38] <DarTar>	Krinkle: updating my address book
[20:30:01] <DarTar>	Krinkle: do you want me to ping Jerome and ask him to join us in this channel?
[20:30:18] <DarTar>	he's online on skype
[20:30:32] <Krinkle>	well, I'm feeling like I can go back to work now. Is there something you'd like to discuss?
[20:31:17] <DarTar>	I see you had a question regarding the account reg date + edit count
[20:32:06] <DarTar>	so if the specs are confusing we should ask Jerome to confirm what they need
[20:32:47] <Krinkle>	personally I found the parameters a bit odd, but I don't know the survey so..
[20:32:54] <Krinkle>	but sure, let's ask to be sure :)
[20:32:58] <Krinkle>	before I knock myself out
[20:33:41] <DarTar>	ok hang on
[20:37:48] <RoanKattouw>	Krinkle: For the editor survey banner, couldn't you just use autopromote to resolve those conditions server side?
[20:38:05] <RoanKattouw>	APCOND_* allow complex expressions involving edit count and account age
[20:38:10] <Krinkle>	it's not boolean, the values need to be send to the survey server
[20:38:19] <RoanKattouw>	Oh
[20:38:19] <Krinkle>	the individual values that is
[20:38:23] <RoanKattouw>	Right
[20:39:01] <DarTar>	RoanKattouw: first time we do this, that's why we have Tech + Community + Legal + RCom involved
[20:39:15] <RoanKattouw>	DarTar: What ARE you doing, anyway?
[20:39:17] <Krinkle>	which reminds me, DarTar have you checked out (or otherwise know there is no issue with) regarding sending all this information to a third party from clicking a banner ?
[20:39:40] <Krinkle>	oh never mind DarTar , we already did that. It's all in the public API
[20:40:49] <DarTar>	RoanKattouw: running a CN banner to send eligible registered users to an external survey + behavioral economics exp run by Harvard/Sciences Po
[20:40:54] <DarTar>	the documentation is here: http://meta.wikimedia.org/wiki/Research:Dynamics_of_Online_Interactions_and_Behavior
[20:41:03] <RoanKattouw>	OK
[20:41:33] <Krinkle>	DarTar: Do you have a link to the google doc or etherpad with the specifications ?
[20:41:44] <Krinkle>	I can't find it, searched both my google accounts
[20:41:54] <DarTar>	Krinkle: sure, hang on (Jerome is joining in a moment btw)
[20:41:57] <Krinkle>	ok
[20:42:07] <DarTar>	http://etherpad.wikimedia.org/HarvardSciencesPo
[20:42:20] <Krinkle>	That's the one !
[20:43:14] <Krinkle>	DarTar: Rrr, dinner's calling. Back in 30 minnutes
[20:43:22] <DarTar>	np
[20:56:17] <DarTar>	hey Jerome_
[20:57:02] <DarTar>	Krinkle-away: Jerome_ is here if you need to ask him about the editor metrics when you're back from dinner
[21:00:50] <brion>	anybody speak spanish well enough to help somebody in #mediawiki? i'm pretty rusty
[21:04:24] <Krinkle>	Hi Jerome_
[21:05:18] <Krinkle>	so two things. A question about the parameters, and a small announcement about one aspect that can't be implemented (or is unlikely to be)
[21:05:51] <Krinkle>	first, when looking over the parameters I found something odd, may have been intentional but just making sure this is the case
[21:06:53] <Krinkle>	so basically the three groups targetted: 1) experienced wikipedians who became 'sysop', 2) users with recently active accounts over 30 days old with 300+ edits, 3) users with accounts less than 30 days old, regardless of edit count.
[21:06:55] <Krinkle>	correct ?
[21:07:46] <RoanKattouw>	It sounds like you could simplify #2 to "users with 300+ edits" and get the same result
[21:08:08] <Krinkle>	RoanKattouw: 300+ edits, 30 days old and 20 edits in last 3 months
[21:08:08] <RoanKattouw>	The "over 30 days" part is redundant, it doesn't actually exclude anyoen
[21:08:24] <RoanKattouw>	Right but still
[21:08:41] <Krinkle>	yeah, but it's not a problem to check account age the same time.
[21:08:54] <RoanKattouw>	You don't need to include age > 30d as a criterion if anyone with age <= 30d already gets a free pass due to #3
[21:09:09] <Krinkle>	right
[21:09:16] *RoanKattouw 	recognizes he's splitting mathematical hairs
[21:09:34] <Krinkle>	makes sense
[21:10:41] <Krinkle>	Jerome_: okay, It appeared to me as if there where 3 groups there almost cover all users but with small gaps in between that didn't make sense, but it appears there are no small gaps. It's fine as it is, I'm not going to doubt that, these specifications are written and provided, no problem
[21:11:39] <Krinkle>	Jerome_: So the second thing is, the specifications include "at the launching date of the study". that may be a problem as the API for these statistics only takes the number of days from 'now' back in the past (e.g. last day, last month, last 192 days???)
[21:12:25] <Krinkle>	not "between 182 days ago and 2 days ago"
[21:16:07] <Jerome_>	Oh I'm really sorry! Somedy just rushed into my office to ask some urgent questions.
[21:16:19] <Jerome_>	I'm catching up now on what you guys wrote...
[21:18:03] <Jerome_>	2) users with recently active accounts over 30 days old with 300+ edits
[21:18:14] <Jerome_>	This is not what's in the connection protocol
[21:18:29] <Krinkle>	from what I remember the protocol says "300+ edits, 30 days old and 20 edits in last 3 months"
[21:18:55] <Jerome_>	"total number of edits of at least 300 prior to the launching date of the study + at least 20 edits within the last 180 days prior to the launch of the study"
[21:19:06] <Krinkle>	right, 6 months (180 days)
[21:19:30] <Jerome_>	Which practically means 300+ edits, 180+ days old, 20+ edits within those last 180 days
[21:19:48] <Jerome_>	(prior to the launching of the study)
[21:19:53] <Jerome_>	right?
[21:20:11] <RoanKattouw>	No
[21:20:17] <RoanKattouw>	180 days old is not necessary
[21:20:29] <Krinkle>	it doesn't say the account has to be 180 days old
[21:20:42] <RoanKattouw>	I could make a thousand edits in the next hour and qualify
[21:21:37] <Krinkle>	I made it "30 days" in  my description but that won't be in the actual program code, it's implicit as group "3" says "less then 30 days old, any edit count" so it doesn't matter how old the account, since less than 30 they may not qualify as group 2 but they auto-quality as group 3.
[21:21:55] <Krinkle>	RoanKattouw: Then you'd quality as group 3 also
[21:22:10] <RoanKattouw>	Oh, right, age < 30
[21:22:15] <Krinkle>	So the question is, does the survey want to target users with 300+ edits that are between 30 and 180 days old ?
[21:22:24] <Jerome_>	No.
[21:22:55] <Krinkle>	but they do target users with any number of edits less than 30 days old.
[21:23:08] <Jerome_>	That's what I explained in my last mail. There was a small ambiguity there, which is not too detrimental... (users who make 300+ edits in less than 180 are very few I guess)
[21:23:16] <Jerome_>	Yes.
[21:23:25] <Jerome_>	So 3 categories to sum up.
[21:23:26] <Krinkle>	the problem is that, due to the inability to check "at point of launch date" the numbers will change over time
[21:23:50] <Krinkle>	making it kinda weird. If my account is 28 days old with 400 edits, I will quality today as "group 3" but in 3 days I won't quality under any group.
[21:24:26] <Jerome_>	Ah. So we're unable to subject our metrics to one specific point in time (i.e. the launching date of the study)?
[21:24:43] <RoanKattouw>	It should be possible to agree on a cut-off date for acct creation, right?
[21:25:10] <RoanKattouw>	The "n days prior to the start" thing isn't feasible for edit counts but it is feasible for account age
[21:25:35] <Jerome_>	Krinkle, do you second that: <RoanKattouw> The "n days prior to the start" thing isn't feasible for edit counts but it is feasible for account age
[21:26:31] <Krinkle>	Sure, account age is available is a timestamp. We can not query "account less than 30 days old at point x" but we can query "account created before date X" (so we calculate the date before doing the query, no problem)
[21:26:37] <Jerome_>	If this is so, what we can do is check for account creation subject to the launching date of the study but have our edit count metrics determined in a dynamic fashion.
[21:26:53] <Krinkle>	Jerome_: Right
[21:27:12] <Jerome_>	This will not change much in the sample of eligible users I guess...
[21:27:20] <Krinkle>	It's important that users cannot disappear from the target group over time, being added is fine I guess.
[21:28:13] <Jerome_>	So if you're a sysop you're a sysop. That's not subject to change. So group one is not a problem.
[21:28:19] <Krinkle>	edit count can decrease over time (deletion of stuff), however the API I  intend to use for this is a statistical API, one that does not decrease so we're safe there too.
[21:28:34] <RoanKattouw>	sysops can get desysopped, but that's raer
[21:28:36] <RoanKattouw>	*rare
[21:28:53] <^demon>	user_editcount doesn't decrease on page deletion iirc.
[21:28:58] <RoanKattouw>	Well, I should say uncommon
[21:28:59] <Krinkle>	i.e. the edit count is not queried live, we have edit counts per day per user in a special statistics table.
[21:29:12] <Jerome_>	Then account creation for less than 30 days prior to the launching date of the study: we can do it. So this group is safe too.
[21:29:26] <Krinkle>	^demon: dunno when, but I know that it can (or at least could in the past) decrease, which makes sense.
[21:30:49] <Jerome_>	So what will be determined dynamically are the criteria for group 2: 300+ edits, 180+ days old, 20+ edits within those last 180 days
[21:31:29] <Krinkle>	yeah, the total edit count is pretty safe, but the tricky one is 180days.
[21:31:35] <Jerome_>	Do you think that the people who will qualify under those 3 requirements will change over an 8 days period...
[21:31:53] <Krinkle>	should that be last 180 days as of now, or last 180 days +number of days since launch
[21:32:17] <Jerome_>	By the way, those 3 requirements are pretty much those which were used to qualify as a voter or candidate for the last board of trustees election.
[21:32:19] <Krinkle>	I suggest we do the latter, otherwise users could disqualify half-way the banner presentation if they made more edits in the past than they do now.
[21:33:16] <Krinkle>	Jerome_: yes, but those kind of votes are either manually checked afterwards through a direct database query, or it's done server side onsubmisison. Not client-side through a limited API that is loaded for almost all users of the site on any page :)
[21:34:00] <Jerome_>	Krinkle: Okay I see.
[21:36:01] <Krinkle>	Hm.. while I was testing this locally I just realized we may have a more important problem. I was changing the numbers in the API query and realized.. anyone can do that from the client side if they wanted to. Then I remembered the specification mentioned a token that we should use and generate an md5 hash.
[21:36:03] <Jerome_>	Krinkle: So what you want to avoid is users with 300+ edits who made 20+ edits in their last 180 days as of the launch of the study but not anymore a few days after?
[21:36:09] <Krinkle>	so that people can't fake this
[21:36:14] <Jerome_>	What you want is keep those in the sample, right?
[21:36:41] <Jerome_>	Yes. We have a secret key.
[21:37:49] <Jerome_>	Krinkle: So this should prevent any problem, right?
[21:37:50] <Krinkle>	Jerome_: Use case: User X made 20+ edits throughout last 180 days, tomorrow the last of those 180 days is no longer the last 180 days.
[21:38:18] <Krinkle>	Jerome_: yes that should prevent any problem with tampering data
[21:38:40] <Krinkle>	however??? since we're on the client side.. the token is currently public in my local testings
[21:38:44] <Krinkle>	it's right there in the JS
[21:39:11] <Jerome_>	Krinkle: then this guy does not qualify anymore if we check the metrics dynamically. I am with you on this.
[21:39:48] <Jerome_>	Do you think this is an issue? My guess was that very few users would be concerned by this...
[21:40:33] <Krinkle>	Jerome_: yeah that could potentially happen, but it's not a big deal and there's a simple fix. Instead of querying dynamically "last 180 days", we could query "days=180+(days since launch), last {days} days:"
[21:41:58] <Jerome_>	Krinkle: "days=180+(days since launch)" => this is okay for me I guess.
[21:43:51] <Jerome_>	Krinkle: so do you want to implement the system this way?
[21:44:27] <Jerome_>	Krinkle: if so, I'll just inform our team here to let them know and make sure that doesn't trigger any limitations on our side.
[21:44:33] <Jerome_>	Krinkle: sounds good?
[21:46:30] <Krinkle>	yes
[21:47:07] <Krinkle>	so regarding the hash, the reason for the hash is to make sure users can't submit random data
[21:47:49] <Krinkle>	getting that hash without exposing the token is never watertight on the client side, i.e. not gonna happen. I could figure out a server side way (perhaps write a new mini-API)
[21:48:02] <Krinkle>	however, alternatively I could make the banner give you a user_id
[21:48:17] <Krinkle>	then your end could query the API for this user and verify
[21:49:19] <Jerome_>	So I was currently answering to Dario's last mail, basically proposing that we use numeric user ids as login instead of usernames.
[21:50:02] <Jerome_>	Does that help?
[21:51:38] <Krinkle>	yes
[21:52:05] <Krinkle>	well, it doesn't matter for my end but I figure it might help on your end due to the non-latin characters you mentioned being problematic
[21:52:11] <Krinkle>	what is the username used for ?
[21:53:23] <Jerome_>	What we want is to avoid double participations. So we check that the same login does not complete the study twice.
[21:53:42] <Jerome_>	Previously login=username. Now we propose login=numeric user id.
[21:54:18] <Krinkle>	right so the hash isn't only used to avoid invalid submissions with fake numbers (i.e. user=newbie20000 usergroup=sysop (yeah right))
[21:54:28] <Krinkle>	but is also used to verify that the user is indeed that user
[21:54:33] <Jerome_>	yes.
[21:55:14] <Krinkle>	so using user_ids and letting your end get this data based on the user_id doesn't help as a user could submit the form with a different user_id if there is no check hash
[21:55:16] <Krinkle>	so we need a hash
[21:55:19] <Krinkle>	either way
[21:55:55] <Jerome_>	It would be better, yes.
[21:56:00] <Krinkle>	which means server side since JS isn't good at MD5 and we obviously shouldn't expose the token/salt
[21:57:07] <Krinkle>	CentralNotices are flexible, very flexible. But the one aspect that is currently consistent is that it's entirely created on-wiki and rendered client-side.
[21:57:42] <Jerome_>	So could you tell me with very simple words what's the problem with the secret key? :)
[21:58:02] <Jerome_>	(I don't write code indeed!)
[21:58:13] <Krinkle>	It's trivial to create a little API for this that just returns md5( $input-from-ajax . 'token here');
[21:58:30] <Krinkle>	oh sorry, I'll translate that to english
[21:58:32] <Krinkle>	:)
[21:58:54] <Jerome_>	Thanks! ;)
[21:59:40] <Krinkle>	So the problem is that right now our CentralNotices are entirely created through wiki-pages (which are public) and rendered through JavaScript (i.e. the program code is sent to the browser and rendered there). This makes them very flexible and makes it very easy to cache since the part that's done on the server is the same for every user, and in the browser it does something different depending on who you are
[22:00:23] <Krinkle>	However if we'd generate this check hash from within the browser, then the browser needs to be given the secret key as well
[22:00:28] <Jerome_>	Okay.
[22:00:50] <RoanKattouw>	In which case it's not exactly secret any moer
[22:00:55] <Krinkle>	which destroys the purpose of the key since once it's in the browser anyone with a little programming skills can easily see it and make their own fake hashes.
[22:00:59] <Jerome_>	I see. So the secret key would be made public information to anybody who is knowledgeable about this.
[22:01:30] <Krinkle>	well, no, we're not going to do that. In my opinion we either find a way around this or don't use check hashes at all.
[22:01:53] <RoanKattouw>	The computation would have to be done server-side
[22:01:57] <RoanKattouw>	That shouldn't be too hard, right?
[22:02:16] <Jerome_>	Yeah sure! Okay. So you propose to write up a short API that is not publicly accessible for the purpose of generating and sending the secret key.
[22:02:21] <RoanKattouw>	Generate md5( $username . '|' . $editcount . '|supersekritkey' ); on the server and export it to JS
[22:04:02] <Krinkle>	RoanKattouw: Well, PHP doesn't know about the banner at time of parsing a normal page (and shouldn't due to caching). Neither is there currently a way in CentralNotice to send extra data in the Ajax response since all properties about CentralNotices are kept in raw-html ns-mediawiki messages.
[22:04:24] <RoanKattouw>	so hack it
[22:04:31] <Krinkle>	so we'd simply export a mw.config variable in Extension:CentralNotice regardless of the banner for a little while
[22:04:32] <Krinkle>	yeah,
[22:04:36] <RoanKattouw>	Hack something in that exports that hash unconditionally
[22:04:38] <RoanKattouw>	Yeah
[22:04:58] <Krinkle>	that's still very safe, at least safe enough for the banner to verify and avoid fake submissions
[22:04:59] <Krinkle>	awesome
[22:06:47] <Jerome_>	So bottom line: it is possible to generate the secrect key and send it to our server on the server side?
[22:07:46] <Krinkle>	yes, the secret is kept on the server
[22:07:52] <Jerome_>	Cool! :)
[22:08:30] <Jerome_>	So is there any further things you'd like to discuss?
[22:09:09] <Jerome_>	I'm happy to talk through whatever concerns/questions you may have.
[22:09:20] <Krinkle>	Nope, seems like we're getting everything we intended.
[22:10:18] <Jerome_>	Great. I will send this discussion to our IT team so that they are updated on what you're up to.
[22:10:26] <Krinkle>	ok
[22:10:47] <Jerome_>	Then, I send you an updated Connection protocol in a bit.
[22:11:01] <Krinkle>	Mind if I read it first ? There's a bunch of stuff in between that was later made redundant, may wanna keep that out.
[22:11:19] <Krinkle>	(in the IRC conversation)
[22:11:51] <Jerome_>	Would you like to take the basic gist out of it and send me a clear transcript?
[22:12:04] <Krinkle>	sure, that works too
[22:12:08] <Krinkle>	I'll mail it to your shortly
[22:13:12] <Krinkle>	Or I could send it as reply to the mail group thread we already have
[22:13:13] <Jerome_>	Thank you Krinkle! This is a great (and very nice) idea of yours! :)
[22:13:34] <Krinkle>	You're welcome.
[22:13:51] <Jerome_>	Sure. You can write up a group update on the definition of the user metrics + secret key implementation.
[22:14:04] <Jerome_>	I think you would do this way better than myself...
[22:21:45] <Krinkle>	RoanKattouw: UserDailyContribs seems to use both Ymd and Y-m-d mixed when interacting with the date-column in the database (which is of mysql type "DATE").
[22:21:51] <Krinkle>	which would you recommend using as API format ?
[22:22:06] <RoanKattouw>	Ugh, MySQL DATE, really?
[22:22:21] <Krinkle>	Yep, wholy
[22:22:23] <RoanKattouw>	API output: use TS_ISO_8601
[22:22:35] <Krinkle>	input for basedate
[22:22:45] <RoanKattouw>	API input: feed the input value through wfTimestamp(), so it's "anything accepted by wfTimestamp()"
[22:22:56] <Krinkle>	right
[22:23:02] <RoanKattouw>	I'm not sure whether we have a TS_ constant for MySQL dates though. TS_DB is for Postgres
[22:23:08] <Krinkle>	which is strtotime-like ?
[22:23:13] <RoanKattouw>	The main reason for this is that people aren't supposed to use DATE
[22:23:16] <RoanKattouw>	No, not quite
[22:23:24] <RoanKattouw>	wfTimestamp() accepts all TS_* formats
[22:24:05] <RoanKattouw>	For most purposes, something that accepts ISO 8601 (timezoneless) as well as MW format (YYYYMMDDhhmmss) as well as UNIX timestamps is good enough
[22:24:09] <Krinkle>	http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/UserDailyContribs/UserDailyContribs.hooks.php?revision=91244&view=markup#l46
[22:24:09] <Krinkle>	http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/UserDailyContribs/UserDailyContribs.php?revision=99005&view=markup#l49
[22:24:22] <Krinkle>	http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/UserDailyContribs/patches/UserDailyContribs.sql?revision=73480&view=markup#l1
[22:24:25] <Krinkle>	those three show it
[22:24:30] <Krinkle>	Ymd, Y-m-d, DATE
[22:25:01] <RoanKattouw>	Right
[22:25:11] <RoanKattouw>	well gmdate() takes a UNIX timestamp as the second param
[22:25:35] <RoanKattouw>	So you could use gmdate( 'Y-m-d', wfTimestamp( TS_UNIX, $params['basetimestamp'] ) );   (or Ymd)
[22:26:20] <Krinkle>	mysql doesn't care ?
[22:26:58] <RoanKattouw>	I don't know
[22:27:00] <RoanKattouw>	Read the MySQL docs
[22:27:06] <Krinkle>	yeah, will do :)
[22:27:57] <Krinkle>	so I'd prefer of the basedate wouldn't require giving a phony timestamp. Perhaps basedate=Ymd, and then $params['basedate'].'000000' ?
[22:28:12] <RoanKattouw>	Hrmph
[22:28:33] <RoanKattouw>	Then you wouldn't have to convert it twice
[22:28:37] <Krinkle>	or is it too standard in the API to give dates always full, in that case I have no problem sticking to that conversion
[22:28:39] <Krinkle>	convention*
[22:28:42] <RoanKattouw>	I would prefer that basedate be a timestamp
[22:28:51] <RoanKattouw>	Because it makes validation so much easier
[22:28:57] <Krinkle>	alrighty
[22:29:18] <RoanKattouw>	If basedate is Ymd you're gonna either stick it directly into the query (eek) or convert it in a 3-step loop
[22:30:08] <Krinkle>	oh no, I;m not gonna stick it into the the query
[22:30:15] <Krinkle>	I was gonna feed it in place where you had put it
[22:30:27] <Krinkle>	gmdate( 'Y-m-d', wfTimestamp( TS_UNIX, $params['basedate'].'000000' ) );
[22:31:54] <Krinkle>	no PARAM_TYPE 'timestamp' ?
[22:32:15] <RoanKattouw>	I think there is one
[22:32:27] <Krinkle>	I thought so
[22:32:32] <RoanKattouw>	Yeah so that's the timestamp conversion loop^Wchain I was talking abuot
[22:33:30] <Krinkle>	'timestamp' is used indeed by several core APIs, it just wasn't listed in the switch() for PARAM_TYPE help message
[22:33:57] <Krinkle>	or it's in a separate switch(), nevemrind :)
[22:34:14] <Krinkle>	got it
[22:34:18] <Krinkle>	perfect!
[22:38:04] <Jerome_>	Krinkle: I just sent the updated version of the connection protocol. Just to let you know. :)
[22:38:13] <Krinkle>	Thx
[22:39:13] <Jerome_>	If anything is unclear, please just send me an e-mail saying "Jerome come back to IRC, we need to talk!", okay?
[22:39:29] <Krinkle>	Sure
[22:39:50] <Jerome_>	Cool. Keep us updated on this conversation then!
[22:40:00] <Jerome_>	And thanks a lot for your work!
[22:41:56] <Krinkle>	You're welcome.