[16:59] <io_error> error_bot: time
[16:59] <error_bot> io_error: 09:00 PM, August 24, 2005
[17:00] * Parts: error_bot ("io_error"�)
[17:00] <photomatt_wrk> okay then, let's get started :)
[17:00] <Podz> <meetup>
[17:00] * Joins: skeltoac|busy
[17:00] <mdawaffe> MCincubus: still blank
[17:01] * Joins: jonthejester
[17:01] <MCincubus> mdawaffe, "Topics"
[17:01] <photomatt_wrk> I'd like to make a few announcements up front
[17:01] * Joins: stevecooley
[17:01] <mdawaffe> MCincubus: ah - mind if I move it around?
[17:01] <photomatt_wrk> first, sorry for the forum issues last night, I made a mistake
[17:01] <photomatt_wrk> should be fixed now
[17:01] <Podz> np :)
[17:01] <photomatt_wrk> and everyone should oooh and ahhhh at the AJAX posting :)
[17:01] <MCincubus> mdawaffe, pretty it up all you like
[17:02] <MCincubus> okay, now I have to go find an issue to respond to just to test it out
[17:02] <jalenack> mdawaffe, that was some quick bugfixing for that ticket I added. nice one
[17:02] <mdawaffe> jalenack: ding!
[17:02] <photomatt_wrk> mdawaffe has been making some great improvements to the forums, I think the community is benefiting a lot from his work
[17:03] <Podz> I'd agree there certainly
[17:03] <MCincubus> also his work on WordPress bugs ++
[17:03] * Quits: photomatt_wrk
[17:03] <io_error> hm, well then
[17:03] <jalenack> heh
[17:03] <MCincubus> <meetup_limbo>
[17:04] * Blackb|rd starts picking his nose.
[17:04] * graeme kick's photomatt_wrk : too much yammering!
[17:04] <Blackb|rd> oh. sorry.
[17:04] * io_error breaks out a deck of cards
[17:04] * jalenack tries to stay calm
[17:04] <io_error> texas hold'em anybody?
[17:04] <tunicwriter> Quick, someone throw out an issue.
[17:05] <masquerade> io_error, deal me in
[17:05] <jalenack> deal me in too
[17:05] * Joins: photomatt_wrk
[17:05] <photomatt_wrk> whoops, sorry
[17:05] <mdawaffe> speaking of, photomatt_wrk the WP AJAX has been patched
[17:05] <photomatt_wrk> mdawaffe: make sure it's tagged as commit candidate
[17:05] <jonthejester> I saw something on AJAX posting...when was that added?
[17:05] <mdawaffe> k
[17:05] <relle> Is the ajax thing the yellow fade out on a new post?
[17:06] <photomatt_wrk> yeah it doesn't do a reload
[17:06] <photomatt_wrk> also deleting is really slick
[17:06] <photomatt_wrk> I'm hoping we can port some of that to WP as well
[17:06] <jonthejester> Slick, did you just add that (photo)matt?
[17:06] <photomatt_wrk> mdawaffe is the ajax guru of the week :)
[17:06] <relle> but the yellow fade thing is really painful on the eyes. A mellow blue might be nicer.
[17:06] <MCincubus> photomatt_wrk, yeah... Typo-like stuff would be cool
[17:06] <masquerade> photomatt_wrk, comments would perhaps be a nice place for that sort of AJAX
[17:06] * Quits: geoffrey ("ouch... gotta run!"�)
[17:07] <photomatt_wrk> MCincubus: typo is going to look shabby after 1.6
[17:07] <MCincubus> w00t
[17:07] <jonthejester> lol :)
[17:07] <ringmaster> What library are we using, generally, for Ajax?
[17:07] <jalenack> Sack
[17:08] <jalenack> http://twilightuniverse.com/2005/05/sack-of-ajax/
[17:08] <ringmaster> Cool.
[17:08] <MCincubus> there have been problems with ajax plugins conflicting... would be nice to have a unified method so plugins don't bump heads
[17:08] <photomatt_wrk> agreed
[17:08] <ringmaster> Note agenda item #3.
[17:08] <jonthejester> same here
[17:09] <mdawaffe> MCincubus: WP 1.6 now comes with sack, so people should use that
[17:09] <jalenack> and dojo is only for admin panel then?
[17:09] <ringmaster> No Dojo in source that I've seen.
[17:10] <mdawaffe> sacks the only ajax, I think, unless I missed something. Everything else is "just" JS
[17:10] * Joins: lastnode
[17:10] <ringmaster> I've remodeled my media stuff to use sack where once it used Dojo.
[17:10] <photomatt_wrk> cool
[17:10] <photomatt_wrk> I don't think dojo is quite ready
[17:11] <photomatt_wrk> or at least is too complicated for our uses
[17:11] <photomatt_wrk> the second announcement is that I'm working on getting the Codex back up
[17:11] <jalenack> fantastic
[17:11] * graeme claps
[17:11] <io_error> yes!!!
[17:11] <PotterSys> w00t!
[17:12] * lastnode applauds
[17:12] <MCincubus> ETA?
[17:12] * relle taps her foot and waits for the other shoe to drop.
[17:12] <io_error> heh
[17:12] <photomatt_wrk> there had been some custom mods to apache which were preventing logins from working
[17:12] <relle> ;-)
[17:12] <photomatt_wrk> and the guy who was handling it was out of town, so I've been kinda stuck
[17:12] <photomatt_wrk> now he's back and we're back on track
[17:13] <photomatt_wrk> eta: soon! *cough*
[17:13] <lastnode> i've been working some stuff on a local mediawiki install, so it'l be cool to be able to transfer it up
[17:13] <io_error> RSN?
[17:14] <photomatt_wrk> what's RSN?
[17:14] <io_error> Real Soon Now
[17:14] <relle> "really soon now"?
[17:14] <relle> lol
[17:14] <lastnode> :)
[17:14] <io_error> .g "real soon now"
[17:14] * io_error notes lack of bots
[17:14] <photomatt_wrk> ah
[17:14] <photomatt_wrk> we need more TLAs
[17:15] <io_error> http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//catb.org/%7Eesr/jargon/html/R/Real-Soon-Now.html&ei=R-MMQ8SjJKH4-AH_3pzPCQ
[17:15] <photomatt_wrk> okay moving on in the agenda
[17:15] <lastnode> mmm acronym soup
[17:15] <io_error> I hate when google does that to me
[17:15] <stevecooley> no problem, as long as your computer has LRF support
[17:15] <photomatt_wrk> " Using "secret keys" to protect admin functions from XSS - MCincubus"
[17:15] <photomatt_wrk> MCincubus: did you want to start that topic off?
[17:16] <MCincubus> We still have XSS vulnerabilities, and not everyone has referrers on, (say for mobile clients). I think the best method would be a unique key (maybe based off of admin password + salt MD5d)
[17:17] <photomatt_wrk> okay, to clarify
[17:17] <photomatt_wrk> there are no current XSS exploits
[17:17] <MCincubus> erm...
[17:17] <photomatt_wrk> adding a static unique key and removing referrers would actually open us up to XSS
[17:17] <io_error> would you like me to write one? :)
[17:18] <photomatt_wrk> because JS could read the static key before filing off the request
[17:18] <photomatt_wrk> the way other programs address this is through nonces
[17:18] <ringmaster> I like the idea of using nonces for XSS protection. Any thoughts on how to do it that way instead?
[17:18] <photomatt_wrk> however I think having nonces as well as referrer protection can't hurt
[17:19] <MCincubus> there is currently at least one page that has no protection at all.
[17:19] <MCincubus> at least, as far as I can tell
[17:20] <photomatt_wrk> well then email me and I'll check it
[17:20] <MCincubus> alright. So what's the deal with nonces?
[17:21] <photomatt_wrk> http://www.intertwingly.net/blog/1585.html
[17:21] <ringmaster> It's basically a one-off version of what you already described, right?
[17:21] <MCincubus> stored in the db?
[17:22] <ringmaster> That seems inefficient.
[17:24] <photomatt_wrk> I don't see it as a terribly high priority right now, however if we could find a way to automatically protect the forms in WP without having to change every file that'd be ideal
[17:24] <MCincubus> well, we'd need to insert the field into the form...
[17:25] <photomatt_wrk> if we could have some sort of output buffer that protected all forms or something
[17:25] <photomatt_wrk> anyway, food for thought
[17:25] <masquerade> or add a JS that inserts the form element, output buffers can get messy
[17:25] <photomatt_wrk> this should probably be discussed more on the hackers list
[17:25] <photomatt_wrk> MCincubus: email me if you think you've found someplace not protected
[17:26] <MCincubus> security@wordpress.org?
[17:26] <photomatt_wrk> yep
[17:26] <photomatt_wrk> alright, next up
[17:26] <photomatt_wrk> " Couple current bugs in forums to watch out for -- mdawaffe"
[17:26] <photomatt_wrk> mdawaffe?
[17:26] <mdawaffe> yeah
[17:27] <mdawaffe> If you reply to a topic that has 30 posts on it already, your post might show up at the bottom as 31 or i might not show up at all (it sort of depends_)
[17:27] <mdawaffe> it's on the NEXT page, but there's not link to that next page yet
[17:27] <mdawaffe> do a hard refresh to get everything squared
[17:28] <mdawaffe> oh - and the forums may not work on some older browsers - parts of the code don't degrade as nicely as they should yet
[17:28] <Podz> I'll try Lynx :)
[17:28] <mdawaffe> (and if someone could quick test posting out on IE just to verify, that'd be cool)
[17:28] <mdawaffe> Podz: I think it will actually work on lynx...
[17:29] <mdawaffe> not tried it though :)
[17:29] <photomatt_wrk> why not just ban IE outright?
[17:29] * lastnode supports that totally
[17:29] <Podz> mdawaffe:: http://wordpress.org/support/topic/42814#post-240265 I see no name ?
[17:29] <Podz> IE6 ^^
[17:29] <lastnode> why should we even bother? :)
[17:29] <MCincubus> ... because we'd have to register as a religious organization, likely.
[17:29] <jalenack> that'd be filtering out all the people who need support :p
[17:29] <lastnode> the cult of wordpress
[17:29] <tunicwriter> Because you can't ignore the majority.
[17:30] <mdawaffe> Podz: refresh?
[17:30] <MCincubus> Death to the IEfidels
[17:30] <mdawaffe> IE is miserable
[17:30] <Podz> nope - looks broken too. hang on
[17:30] <skeltoac|busy> It's not hard to cancel AJAXification for IE users.
[17:30] <mdawaffe> let me just go on record with that
[17:30] * io_error hates IE
[17:31] <mdawaffe> Podz: I think that must be due to a CSS change I had Matt apply
[17:31] <MCincubus> well, at least ensure that the fallback method works...
[17:31] * jalenack opens explorer/mac
[17:31] <stevecooley> :D
[17:31] <masquerade> http://browsehappy.com/ <-- we should display links there if people are using IE, it is "Brought to you by WordPress after all" ;-)
[17:31] <Podz> http://www.tamba2.org.uk/Image1.jpg
[17:31] <masquerade> er, put that after all outside of that quote
[17:31] <MCincubus> masquerade, top of my site does that
[17:31] <mdawaffe> skeltoac|busy: yeah - currently some of the forms are hardcoded with non degrading AJAX
[17:31] <mdawaffe> that'll change
[17:31] <photomatt_wrk> wow that's ugly
[17:32] <photomatt_wrk> I'll test it out in IE and work with mdawaffe after the meetup
[17:32] <photomatt_wrk> I don't think he has regular access to win/ie
[17:32] <skeltoac|busy> mdawaffe: Ewww.
[17:32] <io_error> odd
[17:32] * io_error posts in IE
[17:32] <mdawaffe> skeltoac|busy: care to patch it?
[17:32] <io_error> nobody's names are showing up?
[17:32] <MCincubus> looks strange in FF 1.06/Linux too
[17:32] <jalenack> ok ie/mac is handles alright
[17:32] * io_error takes a screenshot
[17:32] <mdawaffe> MCincubus: you're kidding me
[17:32] <skeltoac|busy> I've always rolled my own AJAX so I don't know the libraries... but now that I've vomited an exused I'll try :)
[17:32] <mdawaffe> son of a
[17:32] <jalenack> some css niggles
[17:33] <Podz> no names
[17:33] <MCincubus> mdawaffe, the "download" link
[17:33] <masquerade> I'm missing the purpose of two serach boxes
[17:33] <io_error> screenshot = http://gw.ioerror.us/~error/screenshot.html
[17:33] <masquerade> s/serach/search
[17:33] <mdawaffe> MCincubus: oh - the download link ain't me
[17:33] <Podz> mind - if IE is having all these problems, no-one is saying anything :)
[17:33] <masquerade> io_error, strange, its all find here
[17:34] <mdawaffe> skeltoac|busy: it's not in the AJAX, it's the way the forms are coded, actually, bad return values on submit etc.
[17:34] <skeltoac|busy> Ohh...
[17:34] <masquerade> fine*
[17:34] <jalenack> http://blog.jalenack.com/ss.png <-- IE5/mac
[17:34] <Podz> mdawaffe:: make a list if the views you want in IE and I'll cap them all ?
[17:34] <masquerade> jalenack, looks like a 404
[17:34] <jalenack> reload
[17:34] <mdawaffe> IE5/mac I don't care about at all
[17:34] <jalenack> yeah, don't worry about the AJAX at all for iemac
[17:35] <mdawaffe> (but it seems to do better than IE/win)
[17:35] <mdawaffe> Podz: ok - thanks
[17:35] * Parts: Blackb|rd
[17:35] <jalenack> there's a 1px gutter on the right side of the site
[17:36] <photomatt_wrk> let's save this for after the meetup
[17:36] <photomatt_wrk> we can have a CSS bug fix in #wordpress after we're done
[17:36] <jalenack> yeah
[17:36] <photomatt_wrk> wp.com invites for those that find fixes :)
[17:36] <mdawaffe> haha
[17:36] * MCincubus won't report the problem until he finds a fix :-)
[17:36] <io_error> heh, he's serious :)
[17:37] <photomatt_wrk> " Thoughts on moving sharable js in WP to a new directory - ringmaster"
[17:37] <photomatt_wrk> I think that's a great idea
[17:37] <mdawaffe> (why spend time fixing CSS when you could just bid on an invite.... ;) )
[17:37] <ringmaster> Candidates include TinyMCE, fat, and sack. Possibly others.
[17:37] * mdawaffe notes we do it in bbPress
[17:37] <mdawaffe> bb-scripts
[17:38] <photomatt_wrk> let me preface that with that we're trying as hard as possible to reduce root-level clutter
[17:38] <photomatt_wrk> which would include a new top-level directory
[17:38] <mdawaffe> wp-content/scripts
[17:38] * io_error likes reducing clutter
[17:38] <photomatt_wrk> wp-images is the next to go
[17:38] <masquerade> it'd be better in wp-includes
[17:38] <jonthejester> or what about wp-includes/scripts ?
[17:38] <skeltoac|busy> They seem like content more than includes
[17:38] <photomatt_wrk> mdawaffe: wp-content is for things that don't get updated by WP
[17:38] <MCincubus> includes is my vote
[17:38] <mdawaffe> FACT
[17:38] <photomatt_wrk> I'm inclined to put them in includes
[17:38] <mdawaffe> includes it is
[17:38] <jonthejester> same here
[17:38] <io_error> yep
[17:38] <photomatt_wrk> okay, I'll do that then
[17:38] <photomatt_wrk> :)
[17:39] <MCincubus> if a user wants to make their OWN JS it should go in content
[17:39] <skeltoac|busy> Oh right. Upgrades. Includes.
[17:39] <mdawaffe> MCincubus: good call
[17:39] <ringmaster> One point...
[17:39] <MCincubus> er, s/user/plugin
[17:39] <jalenack> and will this get included by default, even if there aren't any plugins using it?
[17:39] <photomatt_wrk> it's used by the WP backend
[17:39] <masquerade> jalenack, since its JS and not PHP, probably not
[17:39] <photomatt_wrk> so it's included by default
[17:39] <ringmaster> Is it ok that a page looks in a subdir of wp-includes, allowing visitors to see the wp-includes dir exists?
[17:39] <photomatt_wrk> ohwait
[17:39] <photomatt_wrk> no they won't be linked by default
[17:39] <jalenack> there could be a plugin hook
[17:39] <jalenack> that could turn it on
[17:39] <MCincubus> a switch
[17:40] <MCincubus> not a free for all... just, once one has flipped it, it gets put into the head
[17:40] <io_error> ringmaster: people can already see that wp-content, and wp-includes, and wp-admin, etc., exist
[17:40] <mdawaffe> these are all going to be JS, right?
[17:40] <jalenack> exactly
[17:40] <masquerade> ringmaster, anyone could find the wp-includes directory easily
[17:40] <mdawaffe> just hook into wp-head and add the line to include the js file
[17:40] <jalenack> as in, no OFF switch, just an on-switch
[17:40] <ringmaster> How do you easily find the wp-includes directory?
[17:40] <MCincubus> mdawaffe, but multiple plugins
[17:40] <ringmaster> Do themes reference files from there?
[17:40] <masquerade> ringmaster, go to the login form, look at the redirect, change that wp-admin to wp-includes in the URI...
[17:40] <io_error> ringmaster: a one-line index.php fixes the problem: <?php header("Location: ../"); ?> it's not clean, but it works :)
[17:40] <mdawaffe> MCincubus: ah - I see - always thinking for me, aren't you MCincubus :)
[17:41] * Quits: lastnode (Read error: 104 (Connection reset by peer)�)
[17:41] <masquerade> ringmaster, or, look at the links to the CSS, those go to wp-content, change it to wp-includes
[17:41] <MCincubus> there should be a wp_use_js(); or something
[17:41] <jalenack> yes
[17:41] <ringmaster> Why, as a visitor, would I know to change it to wp-includes?
[17:41] <io_error> or Options -Indexes
[17:41] <mdawaffe> tinymce is a lot to load if you only want sack
[17:42] <masquerade> ringmaster, we shouldn't be worried about visitors, its exploits that we should be worried about
[17:42] <MCincubus> mdawaffe, point. a switch for each functional group
[17:42] <mdawaffe> wp_use_js('tw-sack.js')
[17:42] <skeltoac|busy> function include_sack() { if ($GLOBALS['wp_sack_loaded'] return true; addaction('wp_head', 'wp_include_sack'); return true; } function wp_include_sack() { echo "<script..."; }
[17:42] Auto away:� 30mins of no action
[17:42] Auto Away deactivated, manual Away set:�10 Auto Away:� 30mins of no action
[17:42] Auto away is active
[17:42] <MCincubus> skeltoac|busy, exactly
[17:42] <skeltoac|busy> Oops, forgot to set $GLOBALS['wp_sack_loaded'] after done...
[17:42] * Joins: lastnode
[17:43] <MCincubus> heh, well... general idea
[17:43] <masquerade> skeltoac|busy, let's not contribute to global variable pollution, how about an array of items loaded instead
[17:43] <skeltoac|busy> Sure, whatever. General idea.
[17:43] <skeltoac|busy> Global array.
[17:43] <mdawaffe> I like one function that takes a filename instead of several functions
[17:43] <ringmaster> masquerade: By permitting outside access to a subdir in wp-includes, would we expose any of the code in wp-includes to attackers?
[17:43] Back:� Away for 31mins 6secs
[17:43] Away Deactivated:�4 Auto Away reactivated
[17:43] <MCincubus> mdawaffe, as do I... because it could be used for add-on JS
[17:44] <mdawaffe> MCincubus: exactly
[17:44] <skeltoac|busy> nice
[17:44] <ringmaster> What I mean is, currently we can disallow access to wp-includes for browsers and it doesn't hurt WP.
[17:44] <MCincubus> like... blank index.php?
[17:44] <lastnode> or .htaccess?
[17:44] <ringmaster> No, like loading site/wp-includes/class.php
[17:44] <ringmaster> Directly.
[17:44] <mdawaffe> it would need to be able to take a larger path, though. So JS could be put in wp-content/plugins
[17:45] <masquerade> ringmaster, I'm not really seeing the point here....
[17:45] <lastnode> ringmaster, wouldn't that be solved with a simple redirect rule?
[17:45] <MCincubus> mdawaffe, yeah, we'll have to hash out some of those details later
[17:45] <skeltoac|busy> wp-content is already generally open but we don't want core js in there. maybe a little root clutter is in order after all.
[17:45] <mdawaffe> skeltoac|busy: plugin JS in wp-content, core in wp-includes/scripts
[17:46] <masquerade> I agree with the wp-includes/scripts
[17:46] <MCincubus> I hate root clutter. SO MANY people install WP in the root dir of their website...
[17:46] * lastnode agrees
[17:46] <ringmaster> So there's no danger in running any file in wp-includes directly?
[17:46] <MCincubus> ringmaster, should get function undefined error real fast
[17:46] <io_error> MCincubus: yep, and I'm one of them
[17:47] <masquerade> Who cares if anyone can load up any of the files, its not getting them anywhere. You'd have include errors, undefined function errors, etc.
[17:47] <skeltoac|busy> ringmaster: None of them include()s wp-config
[17:47] <MCincubus> same with theme files
[17:47] <MCincubus> get_header(); and the party ends there
[17:47] <ringmaster> That may be the case. It's more safe to consider the security implications first.
[17:47] <ringmaster> If you all have done that so quickly, then boo-yah for you.
[17:48] <masquerade> ringmaster, there have been no security issues with it to date, I doubt putting JS there is going tob e any more of a problem
[17:48] <skeltoac|busy> Okay by me then.
[17:48] <masquerade> attackers can find wp-includes easily, its no chore
[17:48] <lastnode> ringmaster : access to the php files doesn't mean there's anything to execute in them, right?
[17:48] <ringmaster> No, it doesn't.
[17:48] <lastnode> arent the includes just functions used elsewhere?
[17:49] <masquerade> lastnode, essentially
[17:49] <ringmaster> All I'm asking is to continue to consider the security implications of this choice.
[17:49] <MCincubus> lastnode, some of them run stuff
[17:49] <ringmaster> There are plenty of places where SQL insertion wasn't expected and it was found.
[17:49] <MCincubus> I think classes.php tries to start a new WP_Query instance
[17:49] <lastnode> then, as I said earlier, wouldn't a rewrite rule work?
[17:49] <mdawaffe> ringmaster: I hope the security implications of any choice are considered
[17:49] <ringmaster> It's better to be SURE than say, "It should be fine."
[17:49] <MCincubus> ringmaster, that's true, but without wp-config.php, no SQL
[17:49] <lastnode> i agree, it should be considered
[17:50] * Joins: geoffrey
[17:50] <masquerade> ringmaster, I'm really not seeing anything at all that could be dangerous, wp-includes has been perfectly open to everyone up till now, adding another set of files there isn't going to make it any more dangerous
[17:50] <photomatt_wrk> okay, sounds good
[17:50] <photomatt_wrk> are there any outstanding issues people wanted to raise?
[17:51] <tunicwriter> We're still having flooding problems in #wordpress
[17:51] <Podz> not here
[17:51] * Parts: MCincubus ("Leaving"�)
[17:51] * Joins: MCincubus
[17:51] <jonthejester> tinymce doesn't do completely valid aligning, but it might be minor
[17:52] <lastnode> photomatt_wrk : there is a problem sometimes with problem users
[17:52] <photomatt_wrk> where?
[17:52] <lastnode> i think there needs to be a way some of the senior members around here can get opship and do temp bans
[17:52] <MCincubus> photomatt_wrk, I have some WP 1.6 bugs you might be interested in for wp.com (not now, just before you jet)
[17:52] <lastnode> photomatt_wrk : it hasn't been a recurring problem, but i assume it will be, as wp grows?
[17:52] <graeme> tunicwriter: can we make the bots take care of that?
[17:52] <mdawaffe> ringmaster: can you make sure I'm right on this
[17:52] <tunicwriter> graeme: It's not up to me :)
[17:52] <mdawaffe> http://trac.wordpress.org/ticket/1608
[17:53] <io_error> Bots shouldn't be making decisions that require human evaluation - not yet anyway.
[17:53] <graeme> io_error: flood.. though, that's pretty objective.
[17:53] <io_error> graeme: suppose one of our regular users accidentally pastes 7 or 8 lines or whatever the threshold is
[17:53] <skeltoac|busy> I, for one, welcome our new Bot Overlords.
[17:53] * Joins: error_bot
[17:53] <MCincubus> I accidentally pasted a flood the other night... it happens
[17:54] <error_bot> One bot to rule you all.
[17:54] <ringmaster> mdawaffe: Yeah, stupid me.
[17:54] <MCincubus> got my clipboards mixed up
[17:54] <lastnode> mcincubus : yeah, what im referring to is "nightwalker"
[17:54] <masquerade> Yeah, I often accidentally flood paste also, it happens
[17:54] <graeme> if you don't want to have people get teh kicked, you can have a gentle message /msg'd to e'em.
[17:54] <mdawaffe> ringmaster: no worries - ran up against it in bbPress (into which I've ganked your code)
[17:54] <io_error> graeme: we generally need a human to determine whether someone is causing trouble or just dropped their mouse
[17:54] <mdawaffe> thanks, btw
[17:54] <graeme> "oy, no flooding, flood in wp-flood"
[17:54] <ringmaster> mdawaffe: You got the last patch, then, too?
[17:54] <mdawaffe> yeah
[17:54] <ringmaster> Cool.
[17:55] <mdawaffe> pretty sure I applied your diffs in bb before WP got to them
[17:55] <ringmaster> Heh.
[17:55] * Quits: lastnode (Read error: 104 (Connection reset by peer)�)
[17:55] <mdawaffe> it's a nice system - bb has about 7 meta_caps
[17:55] <ringmaster> Sweet. I'm dying for a cap/role editor in WP now.
[17:55] <photomatt_wrk> when lastnode gets back I'll talk to him
[17:55] * Joins: lastnode
[17:56] <photomatt_wrk> otherwise, </meetup>
[17:56] <io_error> what we do need, at least for now, is for a few of the regular trusted users to have ops, in case someone does come around starting trouble
[17:56] <io_error> speak of the devil
[17:56] <stevecooley> no update on the theme browser, eh
[17:56] <mdawaffe> ringmaster: bb doesn't store roles in the DB, just user caps
[17:56] <lastnode> io_error : i agree
[17:56] <ringmaster> mdawaffe: So no roles in bb?
[17:56] <Podz> stevecooley:: there was a thread in the forums
[17:56] <MCincubus> http://trac.wordpress.org/ticket/1605 mdawaffe if you "accept" that bug, your name will show up next to it in the commit list, so it's easy to tell that you're the one vouching for it (instead of anonymous)
[17:56] <mdawaffe> there are - they're just hardwired
[17:56] <mdawaffe> MCincubus: cool
[17:56] <masquerade> stevecooley, jalenack and I will be around in #wordpress aftwards and tell you about what we're doing
[17:57] <photomatt_wrk> MCincubus: you had some bugs?
[17:57] <Podz> it seems there may be two in the end - but shadow and myself are keen to keep going if you are still interested
[17:57] <mdawaffe> ringmaster: http://bbpress.automattic.com/file/trunk/bb-includes/capabilities.php?rev=270&format=txt
[17:57] <MCincubus> photomatt_wrk, http://trac.wordpress.org/ticket/1612 and http://trac.wordpress.org/ticket/1613
[17:57] <jalenack> photomatt, I've got some css fixes
[17:57] <jalenack> http://phpfi.com/75565
[17:57] <jalenack> for wp.org
[17:58] <MCincubus> pingbacks broken on same site with rich text editor, and pingbacks broken when using fancy URIs
[17:58] <graeme> also... i think the downloads shouldn't be labeled with the date and maybe wordpress rather than latest.tar.gz
[17:58] <ringmaster> mdawaffe: caps.php needs a list of used caps with a plugin hook to filter them.
[17:58] <mdawaffe> indeed
[17:58] <masquerade> graeme, I'm pretty sure we've been over this before here and on hackers
[17:58] <mdawaffe> I keep meaning to do that
[17:59] <ringmaster> As soon as that is done, the role editor can begin.
[17:59] <ringmaster> Hardcoded roles are weird. :)
[17:59] <mdawaffe> no options table in bb :)
[17:59] <graeme> masquerade: alright then, as long as you've all got good reasons for keeping a lot of things labeled latest that aren't latest around.. that's cool by me.
[18:00] <ringmaster> mdawaffe: Creepy. :)
[18:00] <mdawaffe> heh - keeps SQL to a min, though
[18:00] <MCincubus> it's the latest stable, which is the latest that any normal user should be downloading.
[18:00] <ringmaster> mdawaffe: You could still build a non-role user and just assign caps, right?
[18:00] <mdawaffe> ringmaster: yes - all that naturally gets stored in usermeta
[18:00] <photomatt_wrk> graeme: if you download with a normal DL client it renames the file
[18:01] <photomatt_wrk> to wordpress-version.tar.gz
[18:01] <ringmaster> mdawaffe: It's all good, then. :)
[18:01] <masquerade> graeme, links !== filename
[18:03] * Parts: schulte
[18:03] * io_error runs short on time
[18:03] <graeme> photomatt_wrk: i just dl with wget.
[18:04] <photomatt_wrk> wget doesn't work right
[18:04] <photomatt_wrk> try it in a browser
[18:04] <lastnode> meetup over? i think i may have missed </meetup>
[18:04] <jalenack> photomatt_wrk, ^^ css fixes
[18:04] <mdawaffe> lastnode: yeah - you missed it :)
