the whole RSS module needs a rewrite
Dec 10 2018
Or: use a server password (see https://freenode.net/kb/answer/registration#logging-in).
which can probably be done by addingthis.Send("PASS" + Configuration.IRC.LoginNick + ":" + Configuration.IRC.LoginPw)
before the USER command at https://github.com/benapetr/wikimedia-bot/blob/master/src/WMBot/IRC/WmIRCProtocol.cs#L55
Dec 9 2018
Funnily enough I found a critical bug so release 3.4.6 right now
this actually seems to be resolved in Qt 5.12
Dec 8 2018
Dec 7 2018
now you can change in project config (since 3.4.5)
Dec 4 2018
fixed, idk why 2 bots were there, hope it's not a case elsewhere too
Dec 3 2018
it seems that this bug is already solved but only in master, the fix was never released. In order to get the fixed Huggle version try http://petr.insw.cz/huggle/nightly/huggle3.zip
It just happened again, while the Phab claims to be solved. Is there something more to do about this? Grüße vom Sänger 15:16, 2 December 2018 (UTC)
Nov 28 2018
Nov 26 2018
This is not a bug, you just forgot to read the manual ;)
By default Huggle performs MW rollback - which you should already be familiar with as Huggle users are expected to be experienced in anti-vandalism before using it.
Nov 22 2018
This is a bug in upstream project - snapcraft, lowering prio
Also don't forget to keep this extension updated because hostnames of bots may change
You can install this, but you will need latest nightly build for it to work: https://www.mediawiki.org/wiki/Huggle/JS/hanguard.js
Nov 19 2018
hm if it's related to whole project that this should be in project config
well, since I have no idea how to fix this we need to implement some warning in edit form so that people are aware of this bug
I would like to add some more JS stuff before release so it's waiting for it now
I definitely don't want to hardcode this cloak into Huggle's source code, that would kill all potential user-created bots
The current ClueBot relay is not running on wmflabs because they are not stable enough, it's running on my personal VPS so the IP address would be different from that list anyway. I can easily have the bot registered and give it any cloak, such "cluebot.huggle-service"
Nov 18 2018
Nov 15 2018
Currently the check for new messages is real crap.
Nov 11 2018
Nov 7 2018
Nov 6 2018
Also, my question was the other way round: Can an attacker *hide* entries from my list?
That said, filling it with thousands of good entries is also an abuse scenario in my opinion. As the entries are sorted by ORES score, placing thousands of good edits with a faked score of 9999 at the top of the list will avoid the bad edits from being noticed.
Nov 4 2018
Hello, what exactly is needed from us as users of the VM? As far as I know NFS was used automatically for /home and similar. Other than that, locations like dumps or scratch are not in use. I am not so sure about project though. /home was used automatically, since puppet auto configure it on every new instance, or at least used to. I don't have problems replacing NFS /home with local one.
Was there ever any case of "unauthenticated attacker" being on Huggle's HAN? The IRC channel is monitored. Since it was launched about 4 years ago, there was exactly 0 incidents in there I know of. Should anyone try to misuse the channel, they would be banned from it.
Nov 3 2018
If labs have resources for this, I could probably create a new postgre SQL server on top of supported OS, but it means at least 20GB of storage, right now wm-bot's IRC logs in SQL have over 12GB
I am wondering what does the change of COW base image actually means for us?
No there isn't any problem with a security rule, as I said I can connect to it from wm-bot2 instance using psql (postgre's CLI) just fine, it's wm-bot's npgsql library that isn't able to connect there, probably some kind of a bug in the library itself.
I recommend to remove "Security" tag as changing scores in Huggle's queue has nothing to do with security.
No, your understanding is wrong here :) /anyone/ with any nick can manipulate the interpretation of ORES scores via IRC
it would help if someone from wmf labs staff explained what exactly happened with huggle-pg instance, I believe its IP changed and I also believe that some of the software on instance changed, possibly was updated by someone?
this is caused by some weird issue when connecting to postgre server, while it's possible to connect just fine using psql client, wm-bot's npgsql library fails with:
Nov 2 2018
this is caused by some wmf labs related issue, it seems that instance huggle-pg was stuck for a very long time, and now it was unstuck, but there are still issues getting wm-bot to connect there.
Oct 22 2018
Is there any LTS alternative that is going to suffice for next 5 - 10 years so that we don't need to go through this pointless hassle again in few years?