Flurry of activity on the Deki front
I’ve been getting a bunch of updates related to bugs I’ve filed in Mindtouch’s database regarding the Deki software, so I thought I’d share some info on what I’m seeing going on.
- The bug I filed about requiring users to type spaces where they used underscores in their username while using the “forgot password” feature has been targeted to be fixed in the impending Lyons release.
- The bug I filed about losing your work if your login cookie goes away while you’re editing has also been targeted to be fixed in Lyons.
- The fact that there’s no link back to the article from its talk page is on the list to be fixed in Lyons as well.
- Likewise, the title of the Special:Tags pages are due to be made less ambiguous.
- A scripting command to fetch the name of the page that’s including a template is hopefully going to be added in Lyons. This will make several of our templates work better.
- Ability to make the main page semi-private without affecting permissions for new pages is also on the list.
- The ability to use HTTPS for authentication, then use HTTP for everything else is also on the Lyons list.
This is pretty good; none of these items are on my “most critical” list, but they’re all on the second tier “sure would make life better” list. It’s very exciting to see movement on these!
January 19th, 2009 at 5:14 PM
To clarify, while these bugs were assigned to devs for the “Lyons” release, they may still get punted for various reasons. However, they are being investigated and everything we can fix, will be fixed. Whatever doesn’t make it, will be retargeted for Lyons+, which will following 2-3 months after Lyons ships.
January 19th, 2009 at 7:16 PM
The ability to use HTTPS for authentication, then use HTTP for everything else is also on the Lyons list.
Bug 397125 mentions that we explicitly chose to go with HTTPS for all pages. Will the above change prevent that in some way?
January 19th, 2009 at 8:17 PM
The reason we explicitly chose to go with HTTPS for all pages is because Deki doesn’t support it just for auth. The site should be more responsive if we can use it for auth only. This assumes that MindTouch’s solution is secure and doesn’t include private data in the cookies and so forth. We’ll see what they do.
January 19th, 2009 at 8:19 PM
Steve — yes, that’s why I used words like “targeted.” We’ll see what happens; still, it’s exciting to see this stuff being looked at!
January 19th, 2009 at 8:20 PM
Woo — Deki now has a Wiki.inclusions feature that returns a list of the pages in the inclusion chain, so you can see who included you. This will be enormously useful!
January 21st, 2009 at 10:53 AM
The reason we explicitly chose to go with HTTPS for all pages is because Deki doesn’t support it just for auth. The site should be more responsive if we can use it for auth only. This assumes that MindTouch’s solution is secure and doesn’t include private data in the cookies and so forth. We’ll see what they do.
So, I think the best solution would be to use http for logged-out users and require SSL for logged-in users. That seems reasonable and keeps response time for most people down.