Hugh Lashbrooke 11:45 am on October 28, 2019
Tags: make.wordpress.org/community ( 5 ), p2-xpost ( 18 )

X-post: Update: Contributor Orientation Tool

X-comment from +make.wordpress.org/community: Comment on Update: Contributor Orientation Tool

Ian Dunn 7:35 pm on October 25, 2019

Security review of authentication tokens

For the Five for the Future project, I ended up writing some custom code for authentication tokens which are stateful, have (cryptographically secure) random values, and can only be used once.

Those tokens will be used by companies to manage their pledges, so if an attacker was able to obtain a token, they’d be able to change a company’s name, logo, description, etc to something inappropriate, remove contributors from the pledge, and deactivate the pledge entirely.

The reasons why authentication tokens were chosen is documented in the commit, and additional background is available in issue #34 and PR #46.

Does anyone have any thoughts on the code, think there are any missing test cases, or see any other problems? If you think there’s an active vulnerability, please pingPing The act of sending a very small amount of data to an end point. Ping is used in computer science to illicit a response from a target server to test it’s connection. Ping is also a term used by Slack users to @ someone or send them a direct message (DM). Users might say something along the lines of “Ping me when the meeting starts.” me privately or report it via HackerOne.

Ian Dunn 4:34 pm on October 10, 2019

Next WordCamp.org ticket scrub on October 17th, 2019

This ticket scrub will happen on 2019-10-17 17:00 UTC in the #meta-wordcamp channel.

The focus is on MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. tickets with the WordCamp Site & Plugins component.

Comment below if there’s a specific ticket or topic you’d like to discuss.

+make.wordpress.org/community

Josepha 3:57 pm on August 30, 2019
Tags: make.wordpress.org/core, p2-xpost ( 18 )

X-post: Component Maintainers in 5.3

X-comment from +make.wordpress.org/core: Comment on Component Maintainers in 5.3

Corey McKrill 10:28 pm on August 23, 2019
Tags: wordcamp ( 33 )

Feature and maintenance update for WordCamp.org: July 16 – August 23 2019 edition

Here is a list of WordCamp.org feature developments and maintenance work that has been accomplished since the last update.

Shipped WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. blocks for all sites!
Refactored our client for the Meetup.com APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. to authenticate with OAuth 2.0 and use exclusively version 3 endpoints, just ahead of the platform’s hasty deprecation of API keys and v2 endpoints.
Made progress on an additional WordCamp Schedule blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience..
Made progress on improvements to WordCamp’s PWA pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party.
Reviewed/committed community contribution to fix a bug in the Attendees shortcode.
Fixed a problem that was preventing new sites from connecting to Jetpack.
Improved our ability to respond quickly to plugin security updates by making upgrade notices visible on production server, and setting up Composer dependencies.

#wordcamp

+make.wordpress.org/community

Corey McKrill 1:36 am on August 17, 2019
Tags: wordcamp ( 33 )

Next WordCamp.org ticket scrub on August 22nd, 2019

Oops! The ticket scrub scheduled for August 15th did not occur, so we’re trying again next week. This time the ticket scrub will happen on 2019-08-22 17:00 UTC in the #meta-wordcamp channel.

Comment below if there’s a specific ticket or topic you’d like to discuss.

#wordcamp

+make.wordpress.org/community

Ian Dunn 5:44 pm on August 8, 2019

Next WordCamp.org ticket scrub on August 15th, 2019

This ticket scrub will happen on 2019-08-15 17:00 UTC in the #meta-wordcamp channel.

Comment below if there’s a specific ticket or topic you’d like to discuss.

+make.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org//community

Tellyworth 12:01 pm on July 31, 2019

Block Directory updates

Here’s a brief outline of the status of the various parts of the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. directory project.

The design of the Block Inserter within GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ has gone through detailed explorations and iterations. The installation flow has been handed off for implementation. There is still some ongoing discussion around how to handle missing blocks and other error states. Mel has also explored some ideas for managing blocks within wp-admin.

Implementing the Block Inserter is in progress in the form of a pull request. Some internal architectural changes are underway, but that’s testable now by anyone able to run a Gutenberg local environment. The next major hurdle after re-architecting the code is fully implementing and testing the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party install code.

The Block Directory itself exists in a minimal form within the Plugin Directory. There is a prototype APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. endpoint for searching by block name, and work ongoing to implement that properly with ElasticSearch. Plugin developers can submit block-only plugins to the directory by including a block.json file and reaching out to @tellyworth in SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/.. We’ve also explored the feasibility of supporting GitHubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ for block plugins.

Ian Dunn 12:03 am on July 16, 2019
Tags: wordcamp ( 33 )

WordCamp.org Dev Update: June 18 – July 15, 2019

Here is a list of WordCamp.org feature developments and maintenance work that has been accomplished since the last update.

### July 2 – July 15

Pulled data for 2018 annual WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. report.
Improved contributor onboarding by creating new sample database for location environment.
Iterated on GitGit Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. Most modern plugin and theme development is being done with this version control system. https://git-scm.com/. -> SVNSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. sync.
Minor maintenance: fixing duplicate invoices, fixing caching bug, tested upstream PWA PRs for compatibility, installed pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party updates.

### June 18 – July 1

Rate limited penetration tests against CampTix.
Iterated on offline schedule and day-of-event template.
Drafted a plan to upgrade our Meetup.com APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. client to use oAuth and v3 endpoints ahead of their last-minute deprecation deadline.
Improved committer devex and onboarding process by switching the WordCamp.org repository from SVN to GitHubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/, and setting up fully-trusted SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server. certs in Docker.
Minor maintenance fixes: Installed plugin updates, enabled responsive embeds, updated “Polldaddy” strings to “Crowdsignal”.