Page MenuHomePhabricator
Create Task
Maniphest T276354

Don't attempt to tally large encrypted elections via the TallyPage
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

In order to avoid timeout errors, TallyPage shouldn't attempt to tally encrypted elections if they have more than a certain number of votes.

Instead, it should display an error message advising the user to tally using the tally.php maintenance script.

What's the threshold for a large election?

@jrbs attempted to tally some large encrypted elections in T269029#6693314 and T269029#6693321 and found:

No. votesTimed out?
143No (tallies instantly) <-- struck because isn't actually encrypted
594Yes
2118Yes

This was before we improved the speed of tallying in T271824. Locally we found significant speed-ups. It's difficult to test on production given the limited availability of large elections. @jrbs is the above table still the case, since T271824?

Until we know for sure, we could start by setting the threshold at 100 votes, based on some testing that @dom_walden did on beta.

Acceptance criteria

  • If an election is unencrypted, TallyPage works the same as before
  • If an election is encrypted, but has 100 votes or fewer, TallyPage works the same as before
  • If an election is encrypted and has more than 100 votes, TallyPage displays an error (similar to the error shown if the election isn't finished yet)
  • The error message says: The election is too large to be tallied via this page. Please use the maintenance script tally.php instead.

Details

SubjectRepoBranchLines +/-
No tally large encrypted electionsmediawiki/extensions/SecurePollmaster+26 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tchanders created this task.Mar 3 2021, 4:59 PM
Tchanders mentioned this in T276355: Investigate creating a job for tallying large encrypted elections and displaying the results [8H].Mar 3 2021, 5:02 PM
Niharika moved this task from Untriaged to Triage/To be Estimated on the Anti-Harassment board.Mar 3 2021, 5:04 PM
ARamirez_WMF set the point value for this task to 3.Mar 3 2021, 5:20 PM
ARamirez_WMF moved this task from Triage/To be Estimated to Cards ready for development on the Anti-Harassment board.
DLynch subscribed.Mar 3 2021, 5:21 PM

Meeting output:

  • pick a vote threshold
  • above said threshold show a warning, but still have the button available
Niharika moved this task from Cards ready for development to The Letter Song on the Anti-Harassment board.Mar 3 2021, 5:56 PM
Niharika edited projects, added Anti-Harassment (The Letter Song); removed Anti-Harassment.
jrbs added a comment.Mar 3 2021, 7:04 PM
In T276354, @Tchanders wrote:

@jrbs attempted to tally some large elections in T269029#6693314 and T269029#6693321 and found:

No. votesTimed out?
143No (tallies instantly)
594Yes
2118Yes

This was before we improved the speed of tallying in T271824. Locally we found significant speed-ups. It's difficult to test on production given the limited availability of large elections. @jrbs is the above table still the case, since T271824?

The issue is that a lot of the elections I tallied were not encrypted. The larger / "more important" elections tend to be the ones that are encrypted. So that 143-voter election (the 2020 Farsi ArbCom election) likely tallies immediately because it doesn't have to bother with GPG and such, which I think we isolated as the issue with the larger elections timing out. I don't know if a 143-voter election with encryption would be as easy to tally, and there's not really an easy way to test that in production since we'd need 100+ accounts to cast votes.

The other elections in your list (which I think are likely to be English ArbCom elections from other years) were encrypted which may have been the real reason they timed out.

Can we maybe try an encrypted election with a dozen or so voters to work out how long it takes per vote and do it that way?

Tchanders added a subscriber: dom_walden.Mar 3 2021, 8:16 PM

Can we maybe try an encrypted election with a dozen or so voters to work out how long it takes per vote and do it that way?

@jrbs Sounds like a good idea to check this, since we did find it scaled linearly when testing locally. (Not sure if 12 will be enough for the decryption to be the main bottleneck though.) I had mistakenly assumed all the elections you tallied were encrypted. Just to clarify, did the 594-vote and 2118-vote elections both still time out after we implemented the speedup?

When testing locally, we found quite a large speedup for tallying encrypted elections:

From T271824#6768315:

no. votesmasterpatch
500190s20s
1000x40s
3600x140s

From T271824#6763484:

No. votesmasternew patch
50030s20s
100060s40s

@dom_walden also tested on beta and found that encrypted elections with 50 votes didn't time out: T271824#6817965

Huji subscribed.Mar 3 2021, 10:27 PM

! In Task Description, @Tchanders wrote:
It's difficult to test on production given the limited availability of large elections.

One of the major deficiencies of MediaWiki-extensions-SecurePoll is that it does not have an API interface. If it did, we could use it to submit some votes programmatically to an election on testwiki. We could even create a CI test like that which would empirically measure the efficiency of SecurePoll after each patch.

Tchanders updated the task description. (Show Details)Mar 4 2021, 4:56 PM
Tchanders updated the task description. (Show Details)
Tchanders added a comment.Mar 4 2021, 5:00 PM
In T276354#6880963, @Huji wrote:

! In Task Description, @Tchanders wrote:
It's difficult to test on production given the limited availability of large elections.

One of the major deficiencies of MediaWiki-extensions-SecurePoll is that it does not have an API interface. If it did, we could use it to submit some votes programmatically to an election on testwiki. We could even create a CI test like that which would empirically measure the efficiency of SecurePoll after each patch.

Thanks @Huji, sounds like this would be worth filing... I doubt AHT would get round to this before the end of March, but would be useful to consider next time work is done on SecurePoll. @Niharika What do you think?

jrbs added a comment.Mar 4 2021, 8:04 PM

(sorry, I hadn't seen T276360: Output the time taken to run tally.php so we can judge what size of encrypted election times out when I commented here :) )

In T276354#6880571, @Tchanders wrote:

Can we maybe try an encrypted election with a dozen or so voters to work out how long it takes per vote and do it that way?

@jrbs Sounds like a good idea to check this, since we did find it scaled linearly when testing locally. (Not sure if 12 will be enough for the decryption to be the main bottleneck though.) I had mistakenly assumed all the elections you tallied were encrypted. Just to clarify, did the 594-vote and 2118-vote elections both still time out after we implemented the speedup?

I just tested both on votewiki (2014 English ArbCom election, id:392, and 2018 English ArbCom election, id:710) and both timed out.

Tchanders updated the task description. (Show Details)Mar 5 2021, 12:25 PM
Tchanders updated the task description. (Show Details)Mar 5 2021, 12:40 PM
Tchanders assigned this task to AGueyte.Mar 5 2021, 12:42 PM
Tchanders added a subscriber: AGueyte.

@AGueyte I thought this might be an interesting one for you so have assigned it to you - but feel free to unassign if you'd rather work on something else! I've added some acceptance criteria to the task description to clarify what needs to be done.

AGueyte moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (The Letter Song) board.Mar 5 2021, 8:25 PM
Huji added a subscriber: Legoktm.Mar 6 2021, 5:39 PM
In T276354#6883573, @Tchanders wrote:
In T276354#6880963, @Huji wrote:

One of the major deficiencies of MediaWiki-extensions-SecurePoll is that it does not have an API interface. If it did, we could use it to submit some votes programmatically to an election on testwiki. We could even create a CI test like that which would empirically measure the efficiency of SecurePoll after each patch.

Thanks @Huji, sounds like this would be worth filing... I doubt AHT would get round to this before the end of March, but would be useful to consider next time work is done on SecurePoll. @Niharika What do you think?

@Tchanders this is already proposed by @Legoktm in T44465 which was filed back in 2012.

Tchanders added a comment.Mar 8 2021, 3:25 PM
In T276354#6889393, @Huji wrote:

@Tchanders this is already proposed by @Legoktm in T44465 which was filed back in 2012.

Thanks @Huji - we won't file a duplicate then!

gerritbot added a comment.Mar 10 2021, 9:34 PM

Change 670586 had a related patch set uploaded (by AGueyte; owner: AGueyte):
[mediawiki/extensions/SecurePoll@master] WIP No tally large encrypted elections

https://gerrit.wikimedia.org/r/670586

gerritbot added a project: Patch-For-Review.Mar 10 2021, 9:34 PM
AGueyte moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (The Letter Song) board.Mar 11 2021, 2:42 PM
Tchanders moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (The Letter Song) board.Mar 15 2021, 7:30 PM
gerritbot added a comment.Mar 15 2021, 7:40 PM

Change 670586 merged by jenkins-bot:
[mediawiki/extensions/SecurePoll@master] No tally large encrypted elections

https://gerrit.wikimedia.org/r/670586

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.35; 2021-03-16).Mar 15 2021, 8:00 PM
Maintenance_bot removed a project: Patch-For-Review.Mar 15 2021, 8:10 PM
dom_walden moved this task from QA/Testing 🐞 to Done: Q3 (2020-2021) on the Anti-Harassment (The Letter Song) board.Mar 18 2021, 3:21 PM

We only count votes which are not struck or marked as duplicates. Therefore, I can tally an encrypted election with over 100 votes but less than 100 of which are not struck or duplicates.

Niharika closed this task as Resolved.Mar 24 2021, 12:12 PM
jrbs mentioned this in T301180: Allow local wikis to set up elections.Nov 22 2022, 9:12 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL