Page MenuHomePhabricator

AntiCompositeNumber
Volunteer Steward

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Tuesday

  • Clear sailing ahead.

User Details

User Since
Nov 13 2016, 3:31 PM (294 w, 7 h)
Availability
Available
IRC Nick
AntiComposite
LDAP User
AntiCompositeNumber
MediaWiki User
AntiCompositeNumber [ Global Accounts ]

Recent Activity

Today

AntiCompositeNumber added a comment to T311710: Thumbnails failing for SVG file (429 Too Many Requests/500 Internal Server Error).

Trying with modern librsvg, I get Error rendering SVG Jamaica_Constabulary_Force_emblem_(fair_use)-plain.svg: rendering error: NoMemory. Production librsvg just generates an empty file. Both fail quickly, not waiting on a timeout or anything.

Sun, Jul 3, 2:50 AM · Thumbor, Wikimedia-SVG-rendering, SVG, Wikimedia-production-error

Thu, Jun 30

AntiCompositeNumber added a comment to T302521: Citoid ISBN lookup not working.

Down again. Would it be possible to return an error other than 404 for this? I have a few (infrequently run) integration tests that use this API, and it would be useful to be able to detect when this happens.

Thu, Jun 30, 3:04 AM · Citoid

Wed, Jun 29

AntiCompositeNumber merged T311642: Taglines conflict with buttons into T311564: Content sub unreadable in Vector 22.
Wed, Jun 29, 9:41 PM · Readers-Web-Backlog (Kanbanana-FY-2021-22), Desktop Improvements, Regression, Vector
AntiCompositeNumber merged task T311642: Taglines conflict with buttons into T311564: Content sub unreadable in Vector 22.
Wed, Jun 29, 9:41 PM

Thu, Jun 16

AntiCompositeNumber created T310840: Too easy to make unintentional changes on Special:GlobalGroupPermissions.
Thu, Jun 16, 9:16 PM · Stewards-and-global-tools, MediaWiki-extensions-CentralAuth

Wed, Jun 15

AntiCompositeNumber awarded T310532: Investigate McRouter GET request spike from wmf.15 a Manufacturing Defect? token.
Wed, Jun 15, 2:31 AM · MW-1.39-notes (1.39.0-wmf.17; 2022-06-20), Performance-Team, Release-Engineering-Team (Radar), Release, Train Deployments

Tue, Jun 14

AntiCompositeNumber added a comment to T309815: Use OOUI in Special:CheckUser.

It appears that the new form doesn't switch the radio button to "Get edits" when I accidentally try to get IP addresses for an IP. The old form would show an error and switch to "Get edits", but the new form just shows the error.

Tue, Jun 14, 2:38 PM · MW-1.39-notes (1.39.0-wmf.17; 2022-06-20), CheckUser

Mon, Jun 13

AntiCompositeNumber added a project to T310528: Thumbor URLs are too permissive: Traffic.

The last part of URLs should already be normalized by the upload-frontend proxy, rOPUP modules/varnish/templates/upload-frontend.inc.vcl.erb:155, so there's no affect on server-side caching. I see no reason to error here, though a redirect to the canonical may be appropriate.

Mon, Jun 13, 5:28 PM · Traffic, Thumbor

Fri, Jun 10

AntiCompositeNumber added a comment to T307164: IP Info log access to staff, stewards, checkusers, ombudsmen.

If someone with CU (or CU log, in the case of ombuds) access is compromised, we have much larger issues than the IP Info log.

Fri, Jun 10, 9:19 PM · Anti-Harassment (AHaT Sprint 7: The Tin Foil Hat), IP Info

Mon, Jun 6

AntiCompositeNumber added a comment to T35245: Incorrect text positioning/kerning in SVG rendering (text/tspan x/y, dx/dy attribute; upstream).

SVG support is still inconsistent, especially in IE 11 (which is still supported on Wikimedia wikis for the moment). SVG is generally smaller, but not always (we have some absurdly large SVG files being mostly used for 220px thumbnails). Making arbitrary user-generated SVGs safe for client-side rendering is not entirely trivial, see T5593: [Epic] SVG client side rendering and subtasks. Further discussion is best placed on one of those tasks.

Mon, Jun 6, 9:11 PM · Thumbor, Wikimedia-SVG-rendering, Upstream

Sun, Jun 5

AntiCompositeNumber updated subscribers of T309411: sysop access to ipinfo logs can leak IP addresses that sysops should not have access to.
Sun, Jun 5, 7:52 PM · User-Urbanecm, Vuln-Infoleak, Stewards-and-global-tools, Anti-Harassment, IP Info, Security, Security-Team
AntiCompositeNumber raised the priority of T309411: sysop access to ipinfo logs can leak IP addresses that sysops should not have access to from Low to Medium.
Sun, Jun 5, 3:03 AM · User-Urbanecm, Vuln-Infoleak, Stewards-and-global-tools, Anti-Harassment, IP Info, Security, Security-Team
AntiCompositeNumber added a comment to T309411: sysop access to ipinfo logs can leak IP addresses that sysops should not have access to.

+1 to removing ipinfo-view-log from sysop no later than Monday morning. I don't think this quite justifies an emergency Sunday change, but I also don't think we need to wait for Legal here.

Sun, Jun 5, 3:02 AM · User-Urbanecm, Vuln-Infoleak, Stewards-and-global-tools, Anti-Harassment, IP Info, Security, Security-Team

May 27 2022

AntiCompositeNumber added a comment to T307164: IP Info log access to staff, stewards, checkusers, ombudsmen.

access was granted to staff and steward in T296499#7962227

May 27 2022, 12:30 AM · Anti-Harassment (AHaT Sprint 7: The Tin Foil Hat), IP Info
AntiCompositeNumber added a comment to T296499: Grant certain groups the ipinfo-view-full right.

It looks like the global group modifications never happened. I have granted ipinfo, ipinfo-view-full, and ipinfo-view-log to staff and steward. T309318 has been created to clarify that global sysops should also be given access.

May 27 2022, 12:24 AM · Anti-Harassment (AHaT Sprint 3: Lady Dimitrescu), IP Info

May 4 2022

AntiCompositeNumber added a comment to T307595: Review OAuth consumer with sensitive rights (1e8e9033d9df4ff0d3e326e9ebbf06fb).

For what it's worth, the OAuth app guidelines TNT linked are a draft created 5 years ago without significant revision or discussion since. I do think it would be useful to have a discussion between stewards, WMF security, the WMF staffers who already help review OAuth consumers, and the broader community about how these consumers are reviewed, and to work toward consensus-backed guidelines.

May 4 2022, 5:51 PM · user-sbassett, SecTeam-Processed, Stewards-and-global-tools, Security-Team
AntiCompositeNumber added a project to T307595: Review OAuth consumer with sensitive rights (1e8e9033d9df4ff0d3e326e9ebbf06fb): Stewards-and-global-tools.
May 4 2022, 3:53 PM · user-sbassett, SecTeam-Processed, Stewards-and-global-tools, Security-Team

Apr 25 2022

AntiCompositeNumber created T306844: iOS thinks Special:CentralAuth is a login form.
Apr 25 2022, 9:32 PM · Stewards-and-global-tools, MediaWiki-extensions-CentralAuth

Apr 7 2022

AntiCompositeNumber closed T305630: ToC mismatch on commons: old and new versions of vector display different ToCs due to gadgets as Resolved.
Apr 7 2022, 5:50 PM · Commons, Desktop Improvements, Readers-Web-Backlog (Kanbanana-FY-2021-22)
AntiCompositeNumber added a project to T305630: ToC mismatch on commons: old and new versions of vector display different ToCs due to gadgets: Commons.

https://commons.wikimedia.org/wiki/MediaWiki:Gadget-Stockphoto.js#L-40 tests for skin support, so it's not loaded on New Vector after the variable was changed.

Apr 7 2022, 5:24 PM · Commons, Desktop Improvements, Readers-Web-Backlog (Kanbanana-FY-2021-22)

Apr 3 2022

AntiCompositeNumber added a comment to T301048: Structured data not visible in structured data tab on a lot of files.

I've noticed this as well. I edited the structured data on https://commons.wikimedia.org/wiki/File:GLASER-DIRKS_100G.jpg with QuickStatements, and everything looked fine. I then edited the wikitext with the normal editor (though it was opened by https://add-information.toolforge.org) and the structured data disappeared. Purging and null editing didn't help, and another editor could see it fine. Only after saving another edit to the same page did it reappear.

Apr 3 2022, 1:28 AM · Structured-Data-Backlog (Current Work), Editing-team, Commons, StructuredDataOnCommons, Structured Data Engineering

Mar 28 2022

AntiCompositeNumber added a comment to T304814: MWoffliner scrapes slowed down by Thumbor failure throttling 429s.

But, even if we agree with that, what is sure is that it can not be that a random final user, after one request, get such an error

Mar 28 2022, 9:00 PM · SRE, Traffic, Thumbor, affects-Kiwix-and-openZIM
AntiCompositeNumber added a comment to T304814: MWoffliner scrapes slowed down by Thumbor failure throttling 429s.

The actual failure for this thumbnail is

ImageMagickException: Failed to convert image convert: IDAT: invalid distance too far back `/tmp/tmp5SM7vX' @ error/png.c/MagickPNGErrorHandler/1628.

which is easily fixed with pngfix. I have done so, the file is now thumbnailed properly.

Mar 28 2022, 2:54 PM · SRE, Traffic, Thumbor, affects-Kiwix-and-openZIM
AntiCompositeNumber renamed T304814: MWoffliner scrapes slowed down by Thumbor failure throttling 429s from Unjustified HTTP 429 responses lead to "endless" Wikipedia scrapes to MWoffliner scrapes slowed down by Thumbor failure throttling 429s.
Mar 28 2022, 2:37 PM · SRE, Traffic, Thumbor, affects-Kiwix-and-openZIM
AntiCompositeNumber added a comment to T304814: MWoffliner scrapes slowed down by Thumbor failure throttling 429s.

429 is returned when the thumbnail hits one of four ratelimits (see https://wikitech.wikimedia.org/wiki/Thumbor#Throttling). That includes a ratelimit on requests for thumbnails that have recently failed to generate. 429 is used because the request should not be retried at that point. This task is largely a duplicate of T175512.

Mar 28 2022, 2:36 PM · SRE, Traffic, Thumbor, affects-Kiwix-and-openZIM
AntiCompositeNumber awarded T304801: Special:GlobalGroupPermissions should select the current restricting wiki set by default a Like token.
Mar 28 2022, 2:35 AM · Stewards-and-global-tools, MW-1.39-notes (1.39.0-wmf.5; 2022-03-28), Regression, MediaWiki-extensions-CentralAuth

Mar 21 2022

AntiCompositeNumber added a comment to T304354: It is impossible to oversight who has reviewed a revision via FlaggedRevs (CVE-2022-28212).

That annotation is added in rEFLR frontend/FlaggedRevsUIHooks.php:789. It looks like if the revision text is deleted, the annotation won't be shown at all, based on rEFLR frontend/FlaggedRevsUIHooks.php:763. Easy fix would be to change that so it isn't shown if any part of the revision is deleted.

Mar 21 2022, 7:47 PM · Patch-For-Review, MW-1.39-notes (1.39.0-wmf.6; 2022-04-04), SecTeam-Processed, Vuln-Infoleak, Security-Team, Security, MediaWiki-extensions-FlaggedRevs

Mar 18 2022

AntiCompositeNumber added a comment to T303735: SecurePoll improperly lists users with usernames starting with an asterix .

The simple solution would be to change securepoll-voter-name-remote from $1 to <nowiki>$1</nowiki>. Or we could change it to a CentralAuth link (unless we run elections from private/fishbowl wikis?). securepoll-voter-name-local should be fine because the username's in a link already.

Mar 18 2022, 2:31 AM · MW-1.39-notes (1.39.0-wmf.6; 2022-04-04), MediaWiki-extensions-SecurePoll

Mar 16 2022

AntiCompositeNumber added a comment to T302771: Local accounts forcibly created with Special:CreateLocalAccount should have a unique method in Special:CentralAuth.

centralauth-merge-method-admin uses rECAU icons/merged-admin.png, would it make sense to reuse that icon? There's only 2037 accounts with that status, so it's not exactly common (source).

Mar 16 2022, 9:29 PM · MediaWiki-extensions-CentralAuth
AntiCompositeNumber added a comment to T252719: Upgrade thumbor to Thumbor 7 and python3.

In Wikimedia code, pyexiv2 is only used to read image orientation, exiftool is used for everything else. Thumbor proper uses py3exiv2, but might switch to pyexiv2 (which has its own problems and probably wouldn't be suitable in Wikimedia production).

Mar 16 2022, 8:51 PM · Patch-For-Review, Thumbor Migration, Python3-Porting

Mar 15 2022

AntiCompositeNumber added a comment to T303774: Investigate the practice of making thousands of global blocks per day on Meta-Wiki.

Historically, for whatever reason, that hasn't been done, and there are several examples of stewards using their own accounts for semi-auto or supervised auto global blocks and locks. I do think it's mostly been an expediency thing, and there's no statement in policy, guidelines, whatever, for or against the practice.

Mar 15 2022, 10:44 PM · SecTeam-Processed, Security-Team, Stewards-and-global-tools

Mar 14 2022

AntiCompositeNumber added projects to T303774: Investigate the practice of making thousands of global blocks per day on Meta-Wiki: Stewards-and-global-tools, SRE, Security-Team.

This is necessary mitigation for T265845.

Mar 14 2022, 11:08 PM · SecTeam-Processed, Security-Team, Stewards-and-global-tools

Mar 11 2022

AntiCompositeNumber added a comment to T280430: Translations of MediaWiki pages unnecessarily forced into mobile view with no way to disable it.

I wouldn't exactly call it a feature. An anti-feature, maybe. It certainly makes things like reading discussions more difficult.

Mar 11 2022, 4:23 PM · Language-Team (Language-2022-January-March), MobileFrontend (Tracking), ExternalGuidance
AntiCompositeNumber added a comment to T294484: <Code Stewardship Review> Thumbor.

Good to hear, thank you.

Mar 11 2022, 4:22 PM · Performance-Team (Radar), Thumbor, Code-Stewardship-Reviews, Foundational Technology Requests

Mar 10 2022

AntiCompositeNumber awarded Blog Post: GitLab: Rethinking how we handle access control a Like token.
Mar 10 2022, 12:42 AM · Release-Engineering-Team, GitLab

Mar 7 2022

AntiCompositeNumber added a comment to T303062: Add Facebook Discover to trusted XFF list.

I used the RIPEstat Announced Prefixes API, since that's what AntiCompositeBot is set up to use. There are, of course, more and less specific announcements that overlap.

31.13.24.0/21
31.13.64.0/18
31.13.64.0/24
31.13.65.0/24
31.13.66.0/24
31.13.67.0/24
31.13.68.0/24
31.13.69.0/24
31.13.70.0/24
31.13.71.0/24
31.13.72.0/24
31.13.73.0/24
31.13.74.0/24
31.13.75.0/24
31.13.77.0/24
31.13.80.0/24
31.13.81.0/24
31.13.82.0/24
31.13.83.0/24
31.13.84.0/24
31.13.85.0/24
31.13.86.0/24
31.13.88.0/24
31.13.89.0/24
31.13.92.0/24
31.13.93.0/24
31.13.94.0/24
31.13.96.0/19
45.64.40.0/22
66.220.144.0/20
66.220.144.0/21
66.220.152.0/21
69.63.176.0/20
69.63.176.0/21
69.63.184.0/21
69.171.224.0/19
69.171.224.0/20
69.171.240.0/20
69.171.250.0/24
74.119.76.0/22
102.132.96.0/20
102.132.96.0/24
102.132.99.0/24
102.132.100.0/24
102.132.101.0/24
103.4.96.0/22
129.134.0.0/17
129.134.25.0/24
129.134.26.0/24
129.134.27.0/24
129.134.28.0/24
129.134.29.0/24
129.134.30.0/23
129.134.30.0/24
129.134.31.0/24
157.240.0.0/17
157.240.2.0/24
157.240.3.0/24
157.240.6.0/24
157.240.7.0/24
157.240.8.0/24
157.240.9.0/24
157.240.10.0/24
157.240.11.0/24
157.240.12.0/24
157.240.13.0/24
157.240.14.0/24
157.240.15.0/24
157.240.17.0/24
157.240.18.0/24
157.240.19.0/24
157.240.20.0/24
157.240.21.0/24
157.240.22.0/24
157.240.24.0/24
157.240.25.0/24
157.240.26.0/24
157.240.27.0/24
157.240.28.0/24
157.240.30.0/24
157.240.192.0/18
157.240.194.0/24
157.240.195.0/24
157.240.196.0/24
157.240.197.0/24
157.240.199.0/24
157.240.200.0/24
157.240.201.0/24
157.240.203.0/24
157.240.204.0/24
157.240.205.0/24
157.240.206.0/24
157.240.207.0/24
157.240.209.0/24
157.240.210.0/24
157.240.211.0/24
157.240.212.0/24
157.240.213.0/24
157.240.214.0/24
157.240.216.0/24
157.240.217.0/24
157.240.218.0/24
157.240.220.0/24
157.240.221.0/24
157.240.222.0/24
157.240.223.0/24
157.240.224.0/24
157.240.225.0/24
157.240.226.0/24
157.240.229.0/24
157.240.231.0/24
157.240.232.0/24
157.240.233.0/24
157.240.234.0/24
157.240.235.0/24
157.240.236.0/24
157.240.238.0/24
157.240.240.0/24
157.240.241.0/24
173.252.64.0/19
173.252.88.0/21
173.252.96.0/19
179.60.192.0/22
179.60.192.0/24
179.60.193.0/24
179.60.194.0/24
179.60.195.0/24
185.60.216.0/22
185.60.216.0/24
185.60.217.0/24
185.60.218.0/24
185.89.218.0/23
185.89.218.0/24
185.89.219.0/24
204.15.20.0/22
Mar 7 2022, 3:39 PM · MW-1.39-notes (1.39.0-wmf.1; 2022-03-21-early), User-TheresNoTime, MediaWiki-extensions-TrustedXFF

Mar 5 2022

AntiCompositeNumber updated AntiCompositeNumber.
Mar 5 2022, 2:58 AM
AntiCompositeNumber added a member for stewardbots: AntiCompositeNumber.
Mar 5 2022, 2:57 AM
AntiCompositeNumber added a watcher for stewardbots: AntiCompositeNumber.
Mar 5 2022, 2:57 AM

Mar 4 2022

AntiCompositeNumber updated the task description for T303062: Add Facebook Discover to trusted XFF list.
Mar 4 2022, 6:23 PM · MW-1.39-notes (1.39.0-wmf.1; 2022-03-21-early), User-TheresNoTime, MediaWiki-extensions-TrustedXFF
AntiCompositeNumber created T303062: Add Facebook Discover to trusted XFF list.
Mar 4 2022, 4:59 PM · MW-1.39-notes (1.39.0-wmf.1; 2022-03-21-early), User-TheresNoTime, MediaWiki-extensions-TrustedXFF

Mar 3 2022

AntiCompositeNumber added a comment to T302979: Failure to produce an image at specified resolution.

https://salsa.debian.org/debian/imagemagick/-/blob/master/config/policy.xml#L58 are the default policies that Debian sets.

Mar 3 2022, 7:38 PM · Commons, Thumbor
AntiCompositeNumber moved T302979: Failure to produce an image at specified resolution from Backlog to Broken or missing thumbnails on the Thumbor board.

Testing locally:

2022-03-03 17:52:35 thumbor:DEBUG METRICS: inc: response.count:1
2022-03-03 17:52:35 thumbor:DEBUG Format specified: png
2022-03-03 17:52:35 thumbor:DEBUG METRICS: inc: storage.miss:1
2022-03-03 17:52:35 thumbor:DEBUG Importing: wikimedia_thumbor.loader.https
2022-03-03 17:52:35 thumbor:DEBUG [HTTPS] load_sync: https%3A//upload.wikimedia.org/wikipedia/commons/7/7c/Dive_sites_of_the_Whittle_Rock_Reef_high_resolution.png
2022-03-03 17:52:35 thumbor:DEBUG [HTTPS] Loading normalized URL: https://upload.wikimedia.org/wikipedia/commons/7/7c/Dive_sites_of_the_Whittle_Rock_Reef_high_resolution.png
2022-03-03 17:52:36 thumbor:DEBUG [HTTPS] return_contents: /tmp/tmpRAu6on
2022-03-03 17:52:36 thumbor:DEBUG METRICS: inc: original_image.status.200:1
2022-03-03 17:52:36 thumbor:DEBUG METRICS: inc: original_image.response_bytes:4096
2022-03-03 17:52:36 thumbor:DEBUG [Proxy] Looking for a png engine
2022-03-03 17:52:36 thumbor:DEBUG [ExiftoolRunner] command: ['/usr/bin/exiftool', '-ImageSize', '-s', '-s', '-s', '/tmp/tmpRAu6on']
2022-03-03 17:52:36 thumbor:DEBUG [ShellRunner] Command: ['/usr/bin/timeout', '--foreground', '59', '/usr/bin/exiftool', '-ImageSize', '-s', '-s', '-s', '/tmp/tmpRAu6on']
2022-03-03 17:52:36 thumbor:DEBUG [ShellRunner] Stdout: 14040x9930
Mar 3 2022, 5:57 PM · Commons, Thumbor
AntiCompositeNumber edited projects for T302979: Failure to produce an image at specified resolution, added: Commons; removed WMF-General-or-Unknown, Traffic, SRE.
Mar 3 2022, 5:50 PM · Commons, Thumbor

Mar 2 2022

AntiCompositeNumber created P21730 (An Untitled Masterwork).
Mar 2 2022, 8:51 PM

Mar 1 2022

AntiCompositeNumber created T302771: Local accounts forcibly created with Special:CreateLocalAccount should have a unique method in Special:CentralAuth.
Mar 1 2022, 4:15 AM · MediaWiki-extensions-CentralAuth

Feb 24 2022

AntiCompositeNumber renamed T302521: Citoid ISBN lookup not working from Citoid ISBN lookup working to Citoid ISBN lookup not working.
Feb 24 2022, 6:56 PM · Citoid
AntiCompositeNumber added a project to T302521: Citoid ISBN lookup not working: Citoid.
Feb 24 2022, 6:56 PM · Citoid
AntiCompositeNumber created T302521: Citoid ISBN lookup not working.
Feb 24 2022, 6:56 PM · Citoid
AntiCompositeNumber added a comment to T302357: Image on enwiki home page (today's featured image) fails to load with CORS violation..

When a file description page is purged, the old thumbnails are removed from caching and cold storage (Swift). This is expected, otherwise purging wouldn't work as expected. The file was in failure throttling, which means no new attempts to thumbnail the file would be made for 1 hour. This is expected, otherwise requests for a broken file would cause a denial of service. If purging reset the failure throttle, it could be used in a DOS attack.

Feb 24 2022, 3:02 AM · Wikimedia-SVG-rendering, Thumbor
AntiCompositeNumber added a comment to T206250: Remove wgCategories from mw.config.

HISTORY says:

* New wgCategories JavaScript global variable for userscripts.

So would be worth mwgrep'ing to see what user scripts are using it. I do think removing it and replacing it with some mw.api.categories helper is a good idea (after some deprecation period of course). AFAIK though all the relevant information is already exposed via the API so removing that project.

Feb 24 2022, 12:50 AM · Performance-Team (Radar), Technical-Debt (Deprecation process), MediaWiki-Interface, Front-end-Standards-Group

Feb 23 2022

AntiCompositeNumber added projects to T302357: Image on enwiki home page (today's featured image) fails to load with CORS violation.: Thumbor, Wikimedia-SVG-rendering.

Looks like the actual failing URL here is https://upload.wikimedia.org/wikipedia/commons/thumb/2/21/Horse_anatomy.svg/2880px-Horse_anatomy.svg.png. This is a larger-size thumbnail of an SVG that uses significant Gaussian blur, so from a Thumbor perspective this is a duplicate of T200866: rsvg-convert times out while generating large thumbnails with heavy use of Gaussian blur. If you think MediaViewer should handle the error condition differently, you can file a task for that.

Feb 23 2022, 12:59 AM · Wikimedia-SVG-rendering, Thumbor
AntiCompositeNumber merged T302357: Image on enwiki home page (today's featured image) fails to load with CORS violation. into T200866: rsvg-convert times out while generating large thumbnails with heavy use of Gaussian blur.
Feb 23 2022, 12:59 AM · Upstream, Wikimedia-SVG-rendering, Thumbor
AntiCompositeNumber merged task T302357: Image on enwiki home page (today's featured image) fails to load with CORS violation. into T200866: rsvg-convert times out while generating large thumbnails with heavy use of Gaussian blur.
Feb 23 2022, 12:59 AM · Wikimedia-SVG-rendering, Thumbor

Feb 22 2022

AntiCompositeNumber added a comment to T112147: Rename the oversight group on WMF projects to the MediaWiki standard (whatever that is).

Should the group-suppress and group-suppress-member messages be overridden in WikimediaMessages? It would be very annoying to create all the overrides needed in Commons to keep the name as expected. The qqq message documentation is also out of date for this use, as it refers to Flow.

Feb 22 2022, 4:37 PM · MW-1.38-notes (1.38.0-wmf.26; 2022-03-14), User-Urbanecm, Patch-For-Review, User-notice, Trust-and-Safety, Wikimedia-Site-requests, MediaWiki-General
AntiCompositeNumber closed T302258: Create new GitLab project group: <name> as Invalid.
Feb 22 2022, 1:25 AM · GitLab (Project Migration), Release-Engineering-Team

Feb 20 2022

AntiCompositeNumber added a comment to T171074: HTML comment next to a heading disables heading highlighting.

Took a shot at adding support for trailing comments. I didn't do leading comments because it would be more complex and I don't have a use case for it. Matching the size to the rest of the line makes sense to me.

image.png (376×443 px, 33 KB)

Feb 20 2022, 2:04 AM · MW-1.39-notes (1.39.0-wmf.1; 2022-03-21-early), User-TheDJ, MediaWiki-extensions-CodeMirror

Feb 19 2022

AntiCompositeNumber added a comment to T298229: 76 items in notice group doesnt mark as read..

Thanks to T302047, I now have 89 cross-wiki notifications, mostly thanking me for my first edit on a wiki. Trying to mark them all as read silently errors.

Feb 19 2022, 4:48 AM · Notifications, Growth-Team

Feb 16 2022

AntiCompositeNumber added a comment to T301844: Request increased quota for pageviews Toolforge tool.

hrm, works for me

tools.anticompositetest@tools-sgebastion-07:~$ webservice --cpu 200m --replicas 8 --backend=kubernetes python3.9 start
Starting webservice.........
tools.anticompositetest@tools-sgebastion-07:~$ kubectl get all
NAME                                    READY   STATUS    RESTARTS   AGE
pod/anticompositetest-d686cb4dc-9scv5   1/1     Running   0          3m17s
pod/anticompositetest-d686cb4dc-c97kq   1/1     Running   0          3m17s
pod/anticompositetest-d686cb4dc-gldqp   1/1     Running   0          3m19s
pod/anticompositetest-d686cb4dc-hf2jm   1/1     Running   0          3m17s
pod/anticompositetest-d686cb4dc-lsqt2   1/1     Running   0          3m17s
pod/anticompositetest-d686cb4dc-n7jqd   1/1     Running   0          3m17s
pod/anticompositetest-d686cb4dc-pvqmh   1/1     Running   0          3m18s
pod/anticompositetest-d686cb4dc-x67pz   1/1     Running   0          3m18s
Feb 16 2022, 4:08 PM · Community-Tech (CommTech-Sprint-19), Tool-Pageviews, Toolforge (Quota-requests)

Feb 15 2022

AntiCompositeNumber added a comment to T301807: Two MPG files are audio files, but are classified as video.

No, the MIME type must match the extension in the title.

Feb 15 2022, 9:06 PM · MediaWiki-File-management, Commons
AntiCompositeNumber added a comment to T284883: CodeMirror – support highlighting the new <tvar> tag syntax.

The problem mentioned in T172456#4024855 still applies. Adding support for <tvar name="1"></tvar> is fairly easy, it would just be defined as another HTML tag (since Translate doesn't register it as a parser tag). However, highlighting will break on pages that use <tvar|1></> syntax. It doesn't break horribly, but it treats the <tvar|1> tag as unclosed.

image.png (82×568 px, 13 KB)

I think this is reasonable enough given that the </> syntax is deprecated.

Feb 15 2022, 5:28 AM · Community-Tech, Patch-For-Review, WMDE-TechWish-Maintenance, MediaWiki-extensions-Translate, MediaWiki-extensions-CodeMirror
AntiCompositeNumber updated the task description for T255208: Catalog and evaluate methods of analysis for Wikimedia captcha performance.
Feb 15 2022, 2:35 AM · observability, user-sbassett, ConfirmEdit (CAPTCHA extension), Security-Team, Security

Feb 10 2022

AntiCompositeNumber added a project to T301438: Support extracting cover from the ogg file and use it as a thumbnail: TimedMediaHandler.
Feb 10 2022, 6:18 AM · TimedMediaHandler, Thumbor, MediaWiki-File-management, Commons
AntiCompositeNumber added projects to T301438: Support extracting cover from the ogg file and use it as a thumbnail: MediaWiki-File-management, Thumbor.
Feb 10 2022, 2:01 AM · TimedMediaHandler, Thumbor, MediaWiki-File-management, Commons
AntiCompositeNumber updated subscribers of T301433: Wikimedia\Rdbms\DBReadOnlyError: Database is read-only: The database is read-only until replication lag decreases..
Feb 10 2022, 1:07 AM · MW-1.38-notes (1.38.0-wmf.22; 2022-02-14), Patch-For-Review, Wikipedia-Android-App-Backlog (Android Release FY2021-22), Wikimedia-production-error
AntiCompositeNumber added a comment to T301433: Wikimedia\Rdbms\DBReadOnlyError: Database is read-only: The database is read-only until replication lag decreases..

Was noted in #wikimedia-operations yesterday, before the train rolled to group0. I've been anecdotally seeing more than usual since last week (first one in my bot's logs was Feb 3).

Feb 10 2022, 1:06 AM · MW-1.38-notes (1.38.0-wmf.22; 2022-02-14), Patch-For-Review, Wikipedia-Android-App-Backlog (Android Release FY2021-22), Wikimedia-production-error

Feb 9 2022

AntiCompositeNumber created T301427: Discussion tools not working on some pages with videos when using "New video player" beta feature (Uncaught TypeError: startMarker is null).
Feb 9 2022, 11:27 PM · Verified, Editing-team (FY2021-22 Kanban Board), DiscussionTools

Feb 7 2022

AntiCompositeNumber added a comment to T289943: Quarry suggests invalid database names, and doesn't suggest some valid database names.

heartbeat_p actually shouldn't be included in the list, because with the multi-instance databases it only includes lag for the current slice. So you need to connect to a different database and then query heartbeat_p.heartbeat. So it's only meta_p and centralauth_p that need to be added. So all.dblist (or maybe open.dblist, or all.dblist - private.dblist) seems like the better option

Feb 7 2022, 3:55 PM · Quarry

Feb 3 2022

AntiCompositeNumber added a comment to T274050: Users trying to analyze pages are being told they are blocked when they are not.

Cookie blocks show as the original block, not an autoblock, and don't have the autoblock exemption list applied. But the cookie should only have been applied if a request was made as the blocked user while they were blocked, right? And IABot would have to be sharing cookies between users. Might be worth looking in the cookie jar for any enwikiBlockID cookies.

Feb 3 2022, 6:30 PM · Anti-Harassment, MediaWiki-Blocks, InternetArchiveBot
AntiCompositeNumber added a comment to T271421: Test envoyproxy as a WMF's CDN TLS terminator with real traffic.

Another report of user-facing impact in #mediawiki from someone using the w3m browser: https://wm-bot.wmcloud.org/logs/%23mediawiki/20220203.txt

Feb 3 2022, 1:25 AM · Patch-For-Review, Traffic, SRE
AntiCompositeNumber added a project to T300818: Template displays text in other language than the user's preferred one: MediaWiki-Internationalization.
Feb 3 2022, 12:06 AM · MediaWiki-Internationalization, Commons, I18n

Feb 2 2022

AntiCompositeNumber moved T300735: Specific file inaccessible at highest resolution from Backlog to Broken or missing thumbnails on the Thumbor board.
Feb 2 2022, 4:11 PM · Thumbor, Commons
AntiCompositeNumber moved T300735: Specific file inaccessible at highest resolution from Incoming to Thumbnail and file renderings on the Commons board.
Feb 2 2022, 4:11 PM · Thumbor, Commons
AntiCompositeNumber triaged T300735: Specific file inaccessible at highest resolution as Low priority.

On my machine using current Ghostscript and ImageMagick, gs took 20.81 seconds and convert took 14.73 seconds.

Feb 2 2022, 4:10 PM · Thumbor, Commons

Jan 31 2022

AntiCompositeNumber added a comment to T274050: Users trying to analyze pages are being told they are blocked when they are not.

Sounds like it's autoblock-related, same as T68639/T74501: Need a way for trusted OAuth apps to make edits from blocked IPs. https://en.wikipedia.org/wiki/MediaWiki:Block-autoblock-exemptionlist does have WMF IP ranges on it though, and Cloud VPS shouldn't be handing out IPv6 addresses yet I don't think (T37947). So I'm not entirely sure what's going on there. Per https://openstack-browser.toolforge.org/server/cyberbot-exec-iabot-02.cyberbot.eqiad1.wikimedia.cloud the current floating IP should be 185.15.56.29.

Jan 31 2022, 3:58 PM · Anti-Harassment, MediaWiki-Blocks, InternetArchiveBot

Jan 26 2022

AntiCompositeNumber created P19228 vrt-activity.py.
Jan 26 2022, 2:01 AM

Jan 25 2022

AntiCompositeNumber added a comment to T290619: Confirmation page for Special:PageTranslation?do=unmark is too generic.

Does do-encourage and do-discourage currently have a confirmation at all or no?

Jan 25 2022, 4:16 PM · Voice & Tone, MediaWiki-extensions-Translate
AntiCompositeNumber added a comment to T75714: Update JavaScript syntax checker for gadgets and user-scripts for ES6.
In T75714#7647489, @Tgr wrote:

Since MediaWiki 1.36 (or in the case of Wikimedia wikis, rMWb267f7aa9075: resourceloader: Allow modules to mark themselves as ES6-only which was merged last March) ResourceLoader does support ES6. Is anything needed here beyond exposing the es6 ResourceLoader flag to gadgets?

Jan 25 2022, 3:49 AM · Patch-For-Review, Performance-Team, MediaWiki-ResourceLoader

Jan 23 2022

AntiCompositeNumber claimed T38380: After re-uploading a file, users still see the browser-cached thumbnail for the old version.
Jan 23 2022, 3:32 PM · MW-1.38-notes (1.38.0-wmf.21; 2022-02-07), Performance-Team (Radar), MediaWiki-Core-HTTP-Cache, Commons, Multimedia, MediaWiki-File-management
Restricted Application added a project to T38380: After re-uploading a file, users still see the browser-cached thumbnail for the old version: Performance-Team.

T149847 would be the eventual best solution, but a cache-busting query parameter would be a good quick fix. The WMF upload-frontend cache configuration removes the query string, so we won't bust the server-side cache by adding a parameter.

Jan 23 2022, 5:58 AM · MW-1.38-notes (1.38.0-wmf.21; 2022-02-07), Performance-Team (Radar), MediaWiki-Core-HTTP-Cache, Commons, Multimedia, MediaWiki-File-management
AntiCompositeNumber claimed T284869: Improve tooltips of "cur" and "prev" links on revision history page.
Jan 23 2022, 1:17 AM · MW-1.38-notes (1.38.0-wmf.19; 2022-01-24), MediaWiki-Page-history

Jan 22 2022

AntiCompositeNumber merged T299821: Visual Editor - can't add caption into T299818: Fields for caption and alt text do not appear in media and gallery dialogs.
Jan 22 2022, 5:20 AM · Verified, MW-1.38-notes (1.38.0-wmf.18; 2022-01-17), Editing-team (FY2021-22 Kanban Board), VisualEditor
AntiCompositeNumber merged task T299821: Visual Editor - can't add caption into T299818: Fields for caption and alt text do not appear in media and gallery dialogs.
Jan 22 2022, 5:19 AM · VisualEditor

Jan 20 2022

AntiCompositeNumber added a project to T298700: [L] Remove coordinate location from Structured Data without putting the coordinates in the edit summary: Wikidata.

if not, why (if at all) should Commons be different?

Jan 20 2022, 10:14 PM · MW-1.39-notes (1.39.0-wmf.7; 2022-04-11), Wikidata, Structured-Data-Backlog (Current Work), SDC-Statements, Commons
AntiCompositeNumber added a comment to T299351: Configuration variable to disable the "content was" on deletion pages.

On Commons, I don't think I've ever seen this feature be useful. In pretty much every situation where a drop-down reason is sufficient to delete something, without an additional comment, the page content should not be publicly displayed. Commons has not disabled the interface message, but I think most admins regularly doing deletions remove it, either manually or with the script. I've only ever seen template markup or spam/vandalism/copyvio/LTA attack names be prefilled.

Jan 20 2022, 8:47 PM · SecTeam-Processed, MediaWiki-Configuration, MediaWiki-Page-deletion

Jan 14 2022

AntiCompositeNumber added a comment to T293958: 1.38.0-wmf.17 deployment blockers.

I first noticed category update problems on Commons on 5 January, but didn't pay much mind to it as I've become desensitized toward category update problems on Commons. Specifically, category updates were displayed on File pages but not on the Category page, even though they were in Special:WhatLinksHere for the cat. The numbers matched what the Category page showed.

Jan 14 2022, 6:01 AM · Patch-For-Review, Release-Engineering-Team (Next), Release, Train Deployments

Jan 10 2022

AntiCompositeNumber added a comment to T216815: Upgrade Thumbor to Bullseye.

Is any work being done on this?

Jan 10 2022, 9:18 PM · User-jijiki, serviceops, SRE, Thumbor

Jan 6 2022

AntiCompositeNumber edited projects for T298700: [L] Remove coordinate location from Structured Data without putting the coordinates in the edit summary, added: SDC-Statements; removed StructuredDataOnCommons.
Jan 6 2022, 3:27 PM · MW-1.39-notes (1.39.0-wmf.7; 2022-04-11), Wikidata, Structured-Data-Backlog (Current Work), SDC-Statements, Commons
AntiCompositeNumber created T298700: [L] Remove coordinate location from Structured Data without putting the coordinates in the edit summary.
Jan 6 2022, 3:26 PM · MW-1.39-notes (1.39.0-wmf.7; 2022-04-11), Wikidata, Structured-Data-Backlog (Current Work), SDC-Statements, Commons

Jan 5 2022

AntiCompositeNumber closed T297844: Namespace "module" name in Sicilian as Resolved.

Aliases backported to wmf.16, both should be deployed when the train rolls forward.

Jan 5 2022, 7:50 PM · MW-1.38-notes (1.38.0-wmf.16; 2022-01-03), MediaWiki-extensions-Scribunto, I18n
AntiCompositeNumber edited projects for T297844: Namespace "module" name in Sicilian, added: MW-1.38-notes (1.38.0-wmf.16; 2022-01-03); removed Patch-For-Review, MW-1.38-notes (1.38.0-wmf.17; 2022-01-10).
Jan 5 2022, 7:48 PM · MW-1.38-notes (1.38.0-wmf.16; 2022-01-03), MediaWiki-extensions-Scribunto, I18n

Jan 3 2022

AntiCompositeNumber added a comment to T6845: CAPTCHA doesn't work for people with visual impairments.

We do have some statistics in https://grafana.wikimedia.org/d/000000370/captcha-failure-rates?orgId=1 and https://grafana.wikimedia.org/d/000000004/authentication-metrics?orgId=1. The CAPTCHA failure rate is consistently at ~30%, or 100-200 per hour (rolling average). The number of attempted CAPTCHAs per hour (500-600), however, is significantly smaller than the number of displayed CAPTCHAs (which is noisy but consistently in the tens of thousands range). That would seem to imply that replacing the CAPTCHA with a "Bots go away" sign would be nearly as effective. That, or the data on displayed CAPTCHA is not being collected correctly.

Jan 3 2022, 3:35 PM · Platform Engineering, Readers-Web-Backlog, Security, ConfirmEdit (CAPTCHA extension), Accessibility, Design, WCAG-Level-A

Jan 2 2022

AntiCompositeNumber created T298452: Some wikibase tables not available in commonswiki_p.
Jan 2 2022, 8:26 PM · Data-Engineering, cloud-services-team (Kanban), Data-Services

Dec 28 2021

AntiCompositeNumber added projects to T290094: For IPv6, wgRangeContributionsCIDRLimit is significantly smaller than wgBlockCIDRLimit: MediaWiki-Special-pages, IPv6.

By my count, there are currently 428 blocks on enwiki and 153 global blocks larger than the contribs CIDR limit. All are webhost/open proxy blocks. Only one is larger than a /24 (global 2603::/20).

Dec 28 2021, 5:26 PM · IPv6, MediaWiki-Special-pages, MediaWiki-Blocks

Dec 23 2021

AntiCompositeNumber added a comment to T297844: Namespace "module" name in Sicilian.

Should the old namespace name be aliased to the new one, to prevent broken links?

Dec 23 2021, 11:48 PM · MW-1.38-notes (1.38.0-wmf.16; 2022-01-03), MediaWiki-extensions-Scribunto, I18n
AntiCompositeNumber created P18260 Road signs in the Philippines/sign lookup table logs.
Dec 23 2021, 4:23 AM

Dec 22 2021

AntiCompositeNumber added a comment to T298177: CI is doing nada (Gearman).

I've rechecked everything that looked like it got dropped during the restart.

Dec 22 2021, 4:21 AM · Zuul, Release-Engineering-Team, Continuous-Integration-Infrastructure

Dec 21 2021

AntiCompositeNumber added a comment to T297185: [SPIKE] Identify areas affected by delaying purging of blocks by X days [8H].

Will delaying the purge affect anything that currently checks against ipblocks and if it does, what can/should be done?

Dec 21 2021, 8:02 PM · Anti-Harassment (The Letter Song), IP Info

Dec 18 2021

AntiCompositeNumber added a comment to T297968: Allow Wikimedia Maps usage on bbcrewind.co.uk.

I don't believe this request meets the criteria in the Maps Terms of Use.

Wikimedia Maps may not be used by third-party services outside of the Wikimedia projects. We may make limited allowances for services that support the Wikimedia projects, such as community tools hosted on Wikimedia Cloud Services.
[...]
The following are prohibited on the Wikimedia Maps service:

  1. Use for anything other than supporting the Wikimedia projects (for example, you may build a tool for Wikipedia editors, but you may not use it for an unrelated app or business)
Dec 18 2021, 1:17 AM · Maps, SRE

Dec 16 2021

AntiCompositeNumber added a comment to T290300: Serve WCQS Sparql endpoint through api.wikimedia.org with OAuth 2.

In any case with mandatory authentication you will basically limit all use cases where the client side would query data dynamically for UI (say like https://wikidocumentaries-demo.wmflabs.org ) to something where user approval is asked first.

Dec 16 2021, 6:33 PM · Wikidata-Query-Service, Wikidata