Diff generation should use PoolCounter
Closed, ResolvedPublic


Example diff: https://en.wikipedia.org/w/index.php?title=User:Jane023/Paintings_in_the_Hermitage&diff=711865027&oldid=709806317
It takes 69 freaking seconds to render even with wikidiff2! Looking at logs, a user was waiting for it to generate for a few seconds, then tried again, resulting in two diffs being generated concurrently. This is a DoS vector, and we need to take measures to avoid having all servers render the same diff. At least diff results are cached so an attacker would need to switch between diffs to produce a long outage.

MaxSem created this task.Mar 25 2016, 6:03 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 25 2016, 6:03 PM
greg added a subscriber: greg.Mar 25 2016, 8:43 PM

dpatrick triaged this task as Low priority.Mar 29 2016, 9:02 PM

Looks good to me.

However, the error reporting for this patch isn't very good. Even something as simple as

'error' => function( $status ) { throw new FatalError( $status->getWikiText() ); } ]

for the error callback of PoolCounterDoWork would probably be ok if we don't expect errors to happen very often.

To that end, here's an alternative version:

To that end, here's an alternative version:

LGTM, let's deploy it.

To that end, here's an alternative version:

LGTM, let's deploy it.

Cool. Assuming things go smoothly with the DC transition, I'll probably deploy this tomorrow afternoon.

csteipp closed this task as Resolved.May 5 2016, 6:24 PM
csteipp claimed this task.

Patch is now deployed.

18:23 csteipp: deployed patch for T130947

demon changed the visibility from "Custom Policy" to "Public (No Login Required)".May 20 2016, 5:28 PM
demon changed Security from Software security bug to None.
Restricted Application added a subscriber: Malyacko. · View Herald TranscriptMay 20 2016, 5:28 PM