I'm working with Trust and Safety Product Team
User Details
- User Since
- Jun 12 2018, 2:22 PM (306 w, 5 d)
- Availability
- Available
- IRC Nick
- kostajh
- LDAP User
- Unknown
- MediaWiki User
- KHarlan (WMF) [ Global Accounts ]
Fri, Apr 26
@hashar, @STran, @Dreamy_Jazz and myself met to discuss this. @hashar prefers that we do *not* duplicate CI jobs. Because there is fairly little code coverage of anonymous IP editing scenarios (as evidenced by the relatively few failures in this patch), @hashar's recommendation is to proceed with T359043: Enable temp account creation in DevelopmentSettings.php. That approach also has the additional benefit of putting temporary accounts in front of developers so we can catch more issues not found by tests in CI, before this feature is in production.
Thu, Apr 25
Wed, Apr 24
Tue, Apr 23
It seems that once $wgAutoCreateTempUser['enabled'] = true; is set, it should stay that way, unless the wiki operator intends to permanently disable the feature. As that's out of scope for our purposes, I'm going to focus on a temporary switch off only.
A few observations based on https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1008530 and https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1021768 in my local environment:
Summary of meeting notes:
Fri, Apr 19
I see this error in my local environment (PHP 8.1, Apache) and am confused as to 1) why we don't see this error logged in production and 2) why this doesn't cause more serious issues related to central login, as the console error (Uncaught SyntaxError: Unexpected token '<' (at checkLoggedIn?type=script&wikiid=enwiki:2:223)) indicates that checkLoggedIn JavaScript doesn't run successfully.
Mon, Apr 15
Thu, Apr 11
Wed, Apr 10
Mar 28 2024
IMPORTANT: Unfortunately, semgrep supply chain found a vulnerable dependency that is reachable within ext:ReportIncident's dev dependencies (see: P58901). This is a dependency for @babel/preset-env@7.16.11 and jest@27.4.7, so perhaps merely bumping those versions to newer releases would mitigate the issue. Given vulnerability is for code execution, it would still be fairly sensitive even within a "dev" context.
Mar 27 2024
btw, in case this is relevant, https://logstash.wikimedia.org/goto/b060c8f0c137245fc0d63b9329583abe shows a spike of a bunch of requests with the same request ID, but those logs for handling web requests. I can file a separate task for that if you think it's worth investigating further.
yeah I think this was a duplicate of T76245, although, this task had proposed to use Quibble for the heavy lifting instead of having another set of developer environment tools for things like cloning, installing, and serving MW.
Mar 26 2024
Here is a demo of this stack of patches.
Mar 25 2024
Just linking T283013: Migrate beta cluster to ELK7 here, per the above.
Mar 22 2024
Mar 21 2024
I spent some time on handling top-level redirects for temp accounts on failed edits. My main observations are:
Mar 19 2024
Mar 18 2024
It would be nice to make this a little more complicated and include CentralAuth in whatever documentation/tooling we create, because that is a pretty common use case for setting up a multi-wiki setup in a local development environment.
According to iPoid-Service, at least some IPs on this range are associated with Luminati Proxy. So there is some amount of increased risk associated with relaxing rules for this range.
Mar 15 2024
Stalled pending the creation of the schema and MW implementation in T354597: Record IP reputation data for account creations and edits.
Mar 13 2024
Can we update documentation to instruct users to run rebuildLocalisationCache.php (or update.php with some custom flag to clear the localisation cache) after adding wfLoadExtension() in LocalSettings.php? I think it's pretty common for extension registration in other platforms to require an additional command to properly register an extension, and it doesn't seem that onerous.
Mar 12 2024
We discussed in temp accounts weekly check-in today. What we'll do for now: remove wikis with legacy Vector from the pilot wikis. Ideally, by the time we are rolling forward to other wikis, we'll be farther along with deploying Vector 2022 to wikis still using legacy Vector. If not, we can revisit this task.
Adding Quality-and-Test-Engineering-Team as well, cc @Jrbranaa
I'm planning to create a schema like "ip_reputation_log", looking something like:
Mar 11 2024
@Urbanecm_WMF and I discussed this one a bit today.
This time there was no issue: