Page MenuHomePhabricator
People Bawolff

Bawolff (Brian Wolff)
SecurityAdministrator

Projects (16)
View All

Calendar

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Oct 25 2014, 1:53 AM (325 w, 6 d)
Roles
Administrator
Availability
Available
IRC Nick
Bawolff
LDAP User
Brian Wolff
MediaWiki User
Bawolff [ Global Accounts ]

Hi!

Recent Activity
View All

Today

Bawolff added a comment to T272659: TemporaryPasswordPrimaryAuthenticationProvider does not use the language that the request was created in.

Its generally expected that an extension will change the user's language if appropriate. By default the user's language will be the content language not the request language.

Fri, Jan 22, 3:53 AM · MediaWiki-Authentication-and-authorization

Wed, Jan 20

Bawolff awarded T272238: Elasticsearch and Kibana are switching to non-OSI-approved SSPL licence a Pirate Logo token.
Wed, Jan 20, 4:54 PM · observability, Software-Licensing, Wikimedia-Logstash, SRE

Sun, Jan 3

Bawolff added a comment to T230415: Stop ignoring paragraph and region separators in DjVu file OCR text layer.

Text layer is generally generated on upload. It used to be refreshable by action=purge but i dont think that is the case anymore. There is a maintenance script to refresh all of a specific file type.

Sun, Jan 3, 5:51 AM · Patch-For-Review, MW-1.36-notes (1.36.0-wmf.21; 2020-12-08), Wikisource, MediaWiki-DjVu

Dec 22 2020

Bawolff awarded T269718: RCE in Widgets extension (CVE-2020-35625) a Mountain of Wealth token.
Dec 22 2020, 8:58 PM · ShoutWiki, MediaWiki-extensions-Widgets, Security
Bawolff added a comment to T270286: Do a security review of the Widgets extension.

Just FYI, I looked at this a little bit a long time ago. I don't think much has changed, but its possible it has, so this might be out of date, but my main take aways at the time were:

Dec 22 2020, 8:52 PM · Security, MediaWiki-extensions-Widgets

Dec 11 2020

Bawolff added a comment to T263220: Limit concurrency of DPL queries.

Huh. That's not the error i was expecting if the limit was too low. That sounds like something was wrong with poolcounter generally.

Dec 11 2020, 3:24 AM · SRE, serviceops, PoolCounter, Platform Team Workboards (Clinic Duty Team), MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Performance Issue, Patch-For-Review, DynamicPageList (Wikimedia)

Nov 26 2020

Bawolff added a comment to T257301: Create a web demo for phan taint-check.
In T257301#6650049, @Legoktm wrote:

So... https://doc.wikimedia.org/mediawiki-tools-phan-SecurityCheckPlugin/master/demos/ exists! It'll get updated whenever a new commit is merged in phan-taint-check-plugin (takes ~15 min but we can speed it up a lot).

Except it seems to be getting blocked by CSP: Content Security Policy: The page’s settings blocked the loading of a resource at blob:https://doc.wikimedia.org/f8ce60d3-f6e6-4f98-b42b-ab1c401856fc (“script-src”).

Do we need to adjust a CSP rule for this?

Nov 26 2020, 1:41 AM · phan-taint-check-plugin

Nov 25 2020

Bawolff added a comment to T268641: PushToWatch: classic CSRF (CVE-2020-35626).

lgtm, although i have no idea why its stripping non alphabetical characters from the username.

Nov 25 2020, 9:49 AM · Vuln-CSRF, MediaWiki-extensions-PushToWatch, Security, Security-Team
Bawolff awarded T257301: Create a web demo for phan taint-check a Mountain of Wealth token.
Nov 25 2020, 5:51 AM · phan-taint-check-plugin
Bawolff awarded T268652: Story idea for Blog: Automatic security analysis for PHP code a Love token.
Nov 25 2020, 5:27 AM · phan-taint-check-plugin, Technical-blog-posts

Nov 17 2020

Bawolff added a comment to T263220: Limit concurrency of DPL queries.

Note: A config change is needed in wmf-config before the patch will take affect.

Nov 17 2020, 5:48 AM · SRE, serviceops, PoolCounter, Platform Team Workboards (Clinic Duty Team), MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Performance Issue, Patch-For-Review, DynamicPageList (Wikimedia)
Bawolff changed the visibility for T262240: Burst of connections on ruwikinews (s3).
Nov 17 2020, 5:48 AM · User-Urbanecm, Performance-Team (Radar), Wikimedia-Incident, SRE, Security, Security-Team
Bawolff added a comment to T262240: Burst of connections on ruwikinews (s3).

In the interest of transparency and knowledge sharing, can this task be public? AFAICT, there is not private info on here, the traffic wasn't an intentional DOS, and the underlying issue is now fixed.

Nov 17 2020, 4:44 AM · User-Urbanecm, Performance-Team (Radar), Wikimedia-Incident, SRE, Security, Security-Team

Nov 10 2020

Bawolff added a comment to T267647: Disable MediaWiki's gzip compression when using apache with HTTP/2.

I don't think it has anything to do with MobileFrontend or Minerva, but yeah probably. There's been about 4 reports I've seen on the support desk, so its not just that one person.

Nov 10 2020, 3:34 PM · MediaWiki-General
Bawolff created T267647: Disable MediaWiki's gzip compression when using apache with HTTP/2.
Nov 10 2020, 3:24 PM · MediaWiki-General

Nov 5 2020

Bawolff added a comment to T266508: PollNY: Stored XSS (CVE-2020-29003).

This looks like it fixes the XSS's properly, as far as that patch goes (I did not look at any of the other PollNY code beyond what was in the patch)

Nov 5 2020, 8:48 AM · Social-Tools, PollNY, Vuln-XSS, Security

Oct 31 2020

Bawolff awarded T266707: MediaHandler::addMeta() can't decide if values are escaped HTML, literal strings, or wikitext a Love token.
Oct 31 2020, 11:06 PM · MW-1.36-notes (1.36.0-wmf.16; 2020-11-03), MediaWiki-File-management, Commons

Oct 30 2020

Bawolff added a comment to T266775: Stalls on db1075 (s3) replica db.
In T266775#6588742, @jcrespo wrote:

I am mostly certain that this was the issue causing db1075 stalls, as processlist has decreased a lot (a slow query can be millions of times more impactful than a regular query).

From a certain point of view, @Urbanecm you made db1075 10x faster, thank you!

Oct 30 2020, 2:14 AM · Datacenter-Switchover, User-Urbanecm, DynamicPageList (Wikimedia), MediaWiki-General, DBA

Oct 26 2020

Bawolff added a project to T266425: JsonContent prettification can puts large json pages over the size limit: JsonConfig.
Oct 26 2020, 4:37 AM · Maps (Kartographer), JsonConfig, MediaWiki-ContentHandler, Commons
Bawolff added a comment to T266425: JsonContent prettification can puts large json pages over the size limit.

So original user is complaining about the JsonConfig.Map content model. In the generic json it looks like prettification comes after the size check, so somehow you can create a page that is bigger than the allowed size

Oct 26 2020, 4:35 AM · Maps (Kartographer), JsonConfig, MediaWiki-ContentHandler, Commons
Bawolff created T266425: JsonContent prettification can puts large json pages over the size limit.
Oct 26 2020, 3:19 AM · Maps (Kartographer), JsonConfig, MediaWiki-ContentHandler, Commons

Oct 8 2020

Bawolff created T264986: Check that curl is new enough to support CURLMOPT_MAX_HOST_CONNECTIONS.
Oct 8 2020, 5:41 AM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.26; 2021-01-12), MediaWiki-libs-HTTP, MW-1.35-release, good first task

Oct 3 2020

Bawolff created T264492: Upgrading OATHAuth extension broken on sqlite.
Oct 3 2020, 9:32 AM · MW-1.36-notes (1.36.0-wmf.12; 2020-10-05; NEVER DEPLOYED), good first task, MediaWiki-extensions-OATHAuth, SQLite

Sep 28 2020

Bawolff added a comment to T255175: Remove LiquidThreads from production.

It’s used by < 9 pages on en.wiktionary, 8 on wikinews , 7 on hu wikipedia, 5 on wikibooks, 0 on sv wikisource. If that low usage is not an indication of an extension that should be removed from production I’m not sure what is.

Sep 28 2020, 10:57 AM · Growth-Team, Code-Stewardship-Reviews, Code-Health, MediaWiki-extensions-LiquidThreads

Sep 26 2020

Bawolff awarded T263842: S5 replication issue, affecting watchlist and probably recentchanges a Evil Spooky Haunted Tree token.
Sep 26 2020, 2:42 AM · Sustainability (Incident Followup), Wikimedia-Incident, SRE, DBA

Sep 25 2020

Bawolff awarded T263800: Implement .well-known/change-password redirect on Wikimedia sites a Love token.
Sep 25 2020, 1:48 AM · Security, Wikimedia-Site-requests

Sep 19 2020

Bawolff added a comment to T263220: Limit concurrency of DPL queries.

More specificly its meant to prevent query pileups. The common case of a query pileup in DPL being a template with a dpl on it being used on tens of thousands of pages, all being refreshed at once, which the short cache will eliminate. The pool counter solution as a fall back should eliminate any other situation of DPL query pileup.

Sep 19 2020, 10:42 PM · SRE, serviceops, PoolCounter, Platform Team Workboards (Clinic Duty Team), MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Performance Issue, Patch-For-Review, DynamicPageList (Wikimedia)

Sep 18 2020

Bawolff added a comment to T262391: DPL extension has been disabled on Russian Wikinews.

Not sure the bomb metaphor is helpful. There's other features in mediawiki that would also cause problems if subjected to the level of traffic that DPL was subject to in this situation. However there is no doubt that DPL does not meet the performance standards that a new feature would be required to meet today.

Sep 18 2020, 9:25 AM · User-Urbanecm, Platform Engineering, Patch-For-Review, Performance-Team (Radar), Editing-team, Wikimedia-Site-requests, DynamicPageList (Wikimedia)

Sep 14 2020

Bawolff added a comment to T188109: Please enable DynamicPageList on bd.wikimedia.org.

FWIW, DPL scales roughly linear in the size of the smallest category used in the query (Or in edge cases, the size of the page table). bdwikimedia has 2320 pages total, and seems unlikely to become even an order of magnitude bigger, ever. Performance load of the extension for a wiki of that size is very small.

Sep 14 2020, 4:53 AM · Wikimedia-Site-requests
Bawolff added a comment to T262240: Burst of connections on ruwikinews (s3).

So, my proposal for re-enabling on ruwikinews, would be to do it with the following settings: https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/+/626919

Sep 14 2020, 4:22 AM · User-Urbanecm, Performance-Team (Radar), Wikimedia-Incident, SRE, Security, Security-Team

Sep 12 2020

Bawolff added a comment to T262391: DPL extension has been disabled on Russian Wikinews.

It looks like this will need to be done anyway because Russian Wikinews is in the TOP 100 Wikimedia projects now and we plan to triple the number of articles in the very near future.

Who decides on this issue? What do we need to do?

Sep 12 2020, 6:52 PM · User-Urbanecm, Platform Engineering, Patch-For-Review, Performance-Team (Radar), Editing-team, Wikimedia-Site-requests, DynamicPageList (Wikimedia)
Bawolff added a comment to T262240: Burst of connections on ruwikinews (s3).
In T262240#6445460, @Marostegui wrote:

So this has kept happening overnight, the last spike was a couple of hours ago (same queries and same wiki). The change we made yesterday to stop parsing every day and parsing everyweek...does that take effect straightaway or the pages that are flagged to be reparsed will keep being reparsed and we'll see the effect in one week?

In T262240#6444424, @matmarex wrote:
@Marostegui Can you convince MySQL to magically use this kind of plan for this query? Or, do you think it's a good idea to generate queries with STRAIGHT_JOIN when doing these kinds of queries on very large categories? (I imagine this would be much slower for normal-sized categories, so it'd have to be conditional.)

Thanks a lot for the investigation @matmarex for the research!

We can try to give a hint to the optimizer using some USE INDEX or FORCE INDEX or even IGNORE INDEX for the existing query. I would rather try that first than going for the STRAIGHT JOIN if we can avoid it.
If we find that the STRAIGHT JOIN is our best chance here, we'd need to test some example queries on the big wikis, as I am a bit afraid on how crazy the optimizer can go there with that sort of JOIN.

@matmarex if you can change a bit the existing query to insert some USE INDEX for something that would make more sense, we can try that manually on the existing hosts and check what the optimizer would do and see if that results on a better plan.
While the query you've made with STRAIGHT JOIN seems certainly much better than the existing...let's see if a USE INDEX is enough as that would require less changes and less potential issues with the optimizer.

Thank you again!

PS: We still don't know if this is the culprit or the issue or just the result of something else slowing down all the big queries :-(

Sep 12 2020, 8:33 AM · User-Urbanecm, Performance-Team (Radar), Wikimedia-Incident, SRE, Security, Security-Team
Bawolff added a comment to T261481: Allow bureaucrats to remove sysop permissions on Commons.

FWIW, my personal opinion is we should more evaluate whether the decision has legitimacy in context of the community that made the decision, rather than be a slave to a specific percentage (After all, consensus is not a vote ;). Have any of the oppose people in that discussion or any other prominent contributors to commons expressed a view that the closure was illegitimate? If not, I think we should do this, if they did, then we should re-evaluate the situation. As far as I can tell, this close was not controversial at commons, so I think we should follow it.

Sep 12 2020, 5:29 AM · User-Urbanecm, Wikimedia-Site-requests, Commons
Bawolff added a comment to T262391: DPL extension has been disabled on Russian Wikinews.

For context, I can't speak for ruwikinews, but at enwikinews, DPL is considered a business-critical aspect of the software. Removing it would probably be the equivalent to removing say Watchlist from enwiki (a feature which has similar non-ideal performance characteristics)

Sep 12 2020, 4:04 AM · User-Urbanecm, Platform Engineering, Patch-For-Review, Performance-Team (Radar), Editing-team, Wikimedia-Site-requests, DynamicPageList (Wikimedia)

Sep 10 2020

Bawolff added a comment to T262391: DPL extension has been disabled on Russian Wikinews.
In T262391#6450728, @ssr wrote:

I am not a technician, just wondering: isn't it possible that DPL work is just done at a separate outer server and original server just redirects to it?

Sep 10 2020, 3:44 PM · User-Urbanecm, Platform Engineering, Patch-For-Review, Performance-Team (Radar), Editing-team, Wikimedia-Site-requests, DynamicPageList (Wikimedia)
Bawolff added a comment to T262391: DPL extension has been disabled on Russian Wikinews.
In T262391#6449801, @Krassotkin wrote:

@Bawolff What do you mean?
Do we need to remove DPL from PanARMENIAN categories https://ru.wikinews.org/?curid=19312, https://ru.wikinews.org/?curid=1543119 and https://ru.wikinews.org/?curid=6829679?
Or PanARMENIAN request from "Other themes" template https://ru.wikinews.org/?curid=19721, example (right): https://ru.wikinews.org/?curid=7348599?
Or both? Or somewhere else?

Sep 10 2020, 3:33 PM · User-Urbanecm, Platform Engineering, Patch-For-Review, Performance-Team (Radar), Editing-team, Wikimedia-Site-requests, DynamicPageList (Wikimedia)
Bawolff added a comment to T262240: Burst of connections on ruwikinews (s3).

If newsbot is done with its import, it means future refresh to those pages might only be through the job queue. I think job queue has fancy code to monitor db health and adjust speed, although that might only be for replica lag and as far as i understand, a replica being overloaded with queries doesn't actually contribute to replica lag.

Sep 10 2020, 7:06 AM · User-Urbanecm, Performance-Team (Radar), Wikimedia-Incident, SRE, Security, Security-Team
Bawolff added a comment to T262240: Burst of connections on ruwikinews (s3).

I made a patch which i believe would reduce risk of this particular type of cache stampede (not sure if that's right word): https://gerrit.wikimedia.org/r/c/mediawiki/extensions/intersection/+/626268/

Sep 10 2020, 6:53 AM · User-Urbanecm, Performance-Team (Radar), Wikimedia-Incident, SRE, Security, Security-Team
Bawolff added a comment to T262391: DPL extension has been disabled on Russian Wikinews.

So it seems like what happened, is that NewsBot imported a lot (~100k) articles over a very short time frame, that all had the template {{тема|Материалы PanARMENIAN.Net}} on them. This had a DPL on it that did the category intersection of two categories both with ~100k articles. (To oversimplify) DPL gets slower the bigger the smallest category specified is. Thus this particular DPL was a somewhat slow one. Being somewhat slow by itself was ok, but having 100k articles edited at roughly the same time which all had the same slow DPL on it, was too much for the servers.

Sep 10 2020, 6:26 AM · User-Urbanecm, Platform Engineering, Patch-For-Review, Performance-Team (Radar), Editing-team, Wikimedia-Site-requests, DynamicPageList (Wikimedia)
Bawolff added a comment to T262240: Burst of connections on ruwikinews (s3).

So summary of what happened

  • Newsbot imports a massive number (~100,000) of pages that have {{тема|Материалы PanARMENIAN.Net}} ( link) on them and are in [[category:Материалы PanARMENIAN.Net]] in very short time frame
    • This template adds <dynamicpagelist>category = Опубликовано category = Материалы PanARMENIAN.Net notcategory = Не публиковать notcategory = Ожидаемые события по датам notcategory = Архивные новости notcategory=Викиновости коротко count = 18 stablepages = only suppresserrors = true namespace = Main addfirstcategorydate = true ordermethod = created </dynamicpagelist> To these pages. Key point this corresponds to the query above, where Опубликовано is the c1 inner category join, c2 is the Материалы PanARMENIAN.Net inner category join, the LIMIT is 18 (count=18) and the ORDER BY is page_id (ordermethod=created)
  • So we now have 100k pages that have to run this kind of inefficient query
  • page caching doesn't particularly help, as all these pages are new and have to be rendered at least once
  • PoolCounter doesn't help because the query is on many pages (Perhaps one mitigation could be to use the pool counter to limit the max number of things that can make a DPL query at one time, to prevent query pileup)
  • The mitigation of changing DPL cache time probably doesn't help, as its unlikely these parses are being triggered by view after parse cache expiry, its probably all initial insert and jobqueue template changes
Sep 10 2020, 4:00 AM · User-Urbanecm, Performance-Team (Radar), Wikimedia-Incident, SRE, Security, Security-Team
Bawolff added a comment to T124841: Address performance needs for Wikimedia from DynamicPageList extension so that it can be deployed to further wikis.

Or i guess its not used on enwikinews, other languages might be different.

Sep 10 2020, 3:15 AM · Editing-team, Performance Issue, DynamicPageList (Wikimedia)
Bawolff updated Bawolff.
Sep 10 2020, 3:06 AM
Bawolff added a comment to T262391: DPL extension has been disabled on Russian Wikinews.
In T262391#6448769, @matmarex wrote:

@Krassotkin Folks from the Wikimedia Foundation are going to work on this. However, please understand that nobody here is familiar with the DynamicPageList extension, and it only gets any attention in emergencies like this. The original authors of the extension (who apparently have been inactive for years now) clearly haven't anticipated it being used on a project with 100,000+ pages, and this isn't something that can be fixed in an hour. I would not expect a speedy solution.

Sep 10 2020, 2:45 AM · User-Urbanecm, Platform Engineering, Patch-For-Review, Performance-Team (Radar), Editing-team, Wikimedia-Site-requests, DynamicPageList (Wikimedia)
Bawolff added a comment to T124841: Address performance needs for Wikimedia from DynamicPageList extension so that it can be deployed to further wikis.

Lastedit isnt commonly used, i mean we should check but probably ok. However the other fields, even if in an index,often cannot effectively be used as an index.

Sep 10 2020, 2:28 AM · Editing-team, Performance Issue, DynamicPageList (Wikimedia)
Bawolff added a comment to T262391: DPL extension has been disabled on Russian Wikinews.

Which means we have another time bomb on our hands, doesn't imply we should have more time bombs in more places.

Sep 10 2020, 2:23 AM · User-Urbanecm, Platform Engineering, Patch-For-Review, Performance-Team (Radar), Editing-team, Wikimedia-Site-requests, DynamicPageList (Wikimedia)
Bawolff added a comment to T262391: DPL extension has been disabled on Russian Wikinews.

Where is the technical description of what happened to trigger the removal? This doesn't seem orderly, so i assume something happened here {Edit: I know now]

Sep 10 2020, 2:20 AM · User-Urbanecm, Platform Engineering, Patch-For-Review, Performance-Team (Radar), Editing-team, Wikimedia-Site-requests, DynamicPageList (Wikimedia)

Sep 5 2020

Bawolff added a comment to T262052: Create a shell script that identifies filters on WMF wikis matching a reg exp pattern.

I tended to do this more from toolforge, so i would download the dblist file first from noc. On prod servers i think its usually located in /srv/mediawiki/dblists, but not 100% sure

Sep 5 2020, 6:00 PM · MW-1.36-notes (1.36.0-wmf.10; 2020-09-22), User-Huji, AbuseFilter
Bawolff added a comment to T262052: Create a shell script that identifies filters on WMF wikis matching a reg exp pattern.

I used to use a shell for loop with all.dblist to do these sorts of things (very roughly along the lines of)-

for i in `cat all.dblist` do sql $i -e 'SELECT DATABASE(), foo...';done > output.tsv
Sep 5 2020, 2:10 AM · MW-1.36-notes (1.36.0-wmf.10; 2020-09-22), User-Huji, AbuseFilter

Aug 31 2020

Bawolff added a comment to T40417: MediaWiki's anonymous edit token leaves wiki installations (incl. Wikipedia) open to mass anonymous spam we can't block.

Hmm. I think @dbarratt 's idea (checking origin and failing open if not present) could work. Of course should not do it during cors requests. Probably not the safest idea presented, but the other ideas seem locked in a stalemate. Given attacker cannot choose the victims browser in a csrf attack, even if it only works on most browsers that's still a significant reduction of risk.

Aug 31 2020, 6:26 PM · Patch-Needs-Improvement, Security, MediaWiki-Authentication-and-authorization, TechCom-RFC
Bawolff added a comment to T261133: Ban IP edits on pt.wiki.

But this request will only be made if WMF employees; not taking that request, a "violation" of the founding principles

Aug 31 2020, 1:31 AM · Growth-Team, Anti-Harassment, Wikimedia-Site-requests

Aug 28 2020

Bawolff added a comment to T259771: RFC: Drop support for older database upgrades.

I often encounter users upgrading from much older versions. At least from ~ 1.16 era.

Aug 28 2020, 8:35 PM · Patch-For-Review, MediaWiki-Stakeholders-Group, Platform Engineering, TechCom-RFC
Bawolff added a comment to T261133: Ban IP edits on pt.wiki.

(i.e., without consensus from the developer community and/or input from the systems administrators),

Aug 28 2020, 3:37 AM · Growth-Team, Anti-Harassment, Wikimedia-Site-requests

Aug 27 2020

Ostrzyciel awarded T261375: ForeignApiRepo should be configurable as to how long it caches api responses a Like token.
Aug 27 2020, 10:51 AM · MediaWiki-File-management, Commons
Bawolff added a comment to T261375: ForeignApiRepo should be configurable as to how long it caches api responses.

Additionally, siteinfo is only cached for 2 hours, and that's something that changes basically never. I think we should default to 1 week for that.

Aug 27 2020, 7:06 AM · MediaWiki-File-management, Commons
Bawolff created T261375: ForeignApiRepo should be configurable as to how long it caches api responses.
Aug 27 2020, 6:59 AM · MediaWiki-File-management, Commons
Bawolff added a comment to T190576: Consider to cache again InstantCommons requests by default.

This should probably not be done. I think it would decrease performance by at least 50% on a cache miss (and change nothing on a cache hit). Disabling the cache disables the feature entirely which is a lot faster than simply caching it.

Aug 27 2020, 6:30 AM · Multimedia, Commons, MediaWiki-File-management, MediaWiki-Configuration
Bawolff merged T261374: ForeignApiRepo should process responsive image requests in parallel into T56037: ForeignAPIRepo / InstantCommons should fetch multiple-density thumbnails in one request.
Aug 27 2020, 6:28 AM · Commons, MediaWiki-File-management
Bawolff merged task T261374: ForeignApiRepo should process responsive image requests in parallel into T56037: ForeignAPIRepo / InstantCommons should fetch multiple-density thumbnails in one request.
Aug 27 2020, 6:28 AM · Commons, MediaWiki-File-management
Bawolff created T261374: ForeignApiRepo should process responsive image requests in parallel.
Aug 27 2020, 6:26 AM · Commons, MediaWiki-File-management

Aug 26 2020

Bawolff added a comment to T261133: Ban IP edits on pt.wiki.

The fact is that allowing unregistered edits is just an unwritten ideal and feature of Wikipedia

Aug 26 2020, 9:23 AM · Growth-Team, Anti-Harassment, Wikimedia-Site-requests

Aug 11 2020

Bawolff added a comment to T260016: Request Security check of allowing editing from mirror/fork site.

This is not a security problem, but a social problem. Users should not enter their user credentials from one website into a different website. This applies to Wikipedia, your gmail account and your online banking.

Aug 11 2020, 1:47 AM · Privacy Engineering, Security, Chinese-Sites

Jul 14 2020

aborrero awarded T125589: Allow each tool to have its own subdomain for browser sandbox/cookie isolation a Love token.
Jul 14 2020, 9:12 AM · Security, cloud-services-team (Kanban), Toolforge

Jul 4 2020

Bawolff updated subscribers of T257102: Mediawiki 1.34.2 tarball incompatible with 7zip on windows due to Pax format.
Jul 4 2020, 9:04 AM · Upstream, MediaWiki-Releasing
Bawolff created T257102: Mediawiki 1.34.2 tarball incompatible with 7zip on windows due to Pax format.
Jul 4 2020, 9:03 AM · Upstream, MediaWiki-Releasing

May 27 2020

Lens0021 awarded T215713: Missing dependencies in extension snapshots a Like token.
May 27 2020, 11:14 PM · MW-1.34-release, MW-1.33-release, VPS-project-Extdist, MW-1.32-release, ExtensionDistributor

May 25 2020

Bawolff closed T248583: PollNY: Classic CSRF in Special:CreatePoll & Special:UpdatePoll + API module as Resolved.
May 25 2020, 11:35 PM · Social-Tools, PollNY, Security, Security-Team
Bawolff changed the visibility for T248583: PollNY: Classic CSRF in Special:CreatePoll & Special:UpdatePoll + API module.
May 25 2020, 11:35 PM · Social-Tools, PollNY, Security, Security-Team
Bawolff closed T215713: Missing dependencies in extension snapshots as Resolved.

This should be fixed now

May 25 2020, 7:43 PM · MW-1.34-release, MW-1.33-release, VPS-project-Extdist, MW-1.32-release, ExtensionDistributor
Bawolff added a comment to T253586: extensions including semantic-forms via composer are broken and breaking extension distributor.

This might be less of an issue in practise, because except when force rebuilding like i did just now, this code path will only be execute if someone commits to the branch in question.

May 25 2020, 7:32 PM · MediaWiki-extensions-MediaWikiFarm, MediaWiki-extensions-SemanticSignup, MediaWiki-extensions-Page_Forms, VPS-project-Extdist
Bawolff added a project to T253588: extdist is not rotating logs: VPS-project-Extdist.
May 25 2020, 7:26 PM · VPS-project-Extdist
Bawolff created T253588: extdist is not rotating logs.
May 25 2020, 7:26 PM · VPS-project-Extdist
Bawolff added a comment to T253586: extensions including semantic-forms via composer are broken and breaking extension distributor.

At least one of the problematic extensions is SemanticPageSeries and SemanticImageInput

May 25 2020, 7:21 PM · MediaWiki-extensions-MediaWikiFarm, MediaWiki-extensions-SemanticSignup, MediaWiki-extensions-Page_Forms, VPS-project-Extdist
Bawolff created T253586: extensions including semantic-forms via composer are broken and breaking extension distributor.
May 25 2020, 7:02 PM · MediaWiki-extensions-MediaWikiFarm, MediaWiki-extensions-SemanticSignup, MediaWiki-extensions-Page_Forms, VPS-project-Extdist
Bawolff added a comment to T215713: Missing dependencies in extension snapshots.

New issue:

May 25 2020, 6:37 PM · MW-1.34-release, MW-1.33-release, VPS-project-Extdist, MW-1.32-release, ExtensionDistributor
Bawolff added a comment to T221887: Ignore css in displaytitle when $wgRestrictDisplayTitle is enabled.

Things like Kalai's 3<span style="position: absolute; top: -9999px;">^</span><sup><i>d</i></sup> conjecture are really interesting though, as that's kind of what this task specifically wants to prevent.

May 25 2020, 6:01 PM · Security-Team, User-notice, Patch-For-Review, MediaWiki-Parser
Bawolff added a comment to T221887: Ignore css in displaytitle when $wgRestrictDisplayTitle is enabled.

Everyone talks about user-space, but some mainspace examples:

<span class="texhtml mvar" style="font-style:italic;">e</span> (mathematical constant)
<span class="texhtml mvar" style="font-style:italic;">p</span>-group
<span class="texhtml mvar" style="font-style:italic;">σ</span>-algebra
<i>Pseudotsuga menziesii <span style="font-style:normal;">var.</span> glauca</i>
<span lang="mi" style="font-style:normal;" title="Māori language text">Paikea</span>
<span class="texhtml mvar" style="font-style:italic;">e</span> (number)
<span style="text-decoration:overline;">SOS</span>
<i>Lactobacillus delbrueckii <span style="font-style:normal;">subsp.</span> bulgaricus</i>
Proof that <span class="texhtml mvar" style="font-style:italic;">e</span> is irrational
Proof that 22/7 exceeds <span class="texhtml mvar" style="font-style:italic;">π</span>
<span class="texhtml mvar" style="font-style:italic;">π</span>-calculus
List of topics related to <span class="texhtml mvar" style="font-style:italic;">π</span>
<i>Ulmus minor <span style="font-style:normal;">subsp.</span> minor</i>
<i>Sidalcea oregana <span style="font-style:normal;">var.</span> calva</i>
<span lang="gd" style="font-style:normal;" title="Scottish Gaelic language text">Bòrd na Gàidhlig</span>
<i>Capsicum annuum <span style="font-style:normal;">var.</span> glabriusculum</i>
Leibniz formula for <span class="texhtml mvar" style="font-style:italic;">π</span>
<i>Argyroxiphium sandwicense <span style="font-style:normal;">subsp.</span> macrocephalum</i>
<span class="texhtml mvar" style="font-style:italic;">x̅</span> and R chart
<i>S<span style="position:relative"><sup>m</sup><sub style="position:absolute; left:0; bottom:0">n</sub></span></i> theorem
<span lang="gd" style="font-style:normal;" title="Scottish Gaelic language text">Corrachadh Mòr</span>
<span class="texhtml mvar" style="font-style:italic;">e</span> (constant)
ISO-8859-8-<span style="font-family: &#39;Georgia Pro&#39;, Georgia, &#39;DejaVu Serif&#39;, Times, &#39;Times New Roman&#39;, serif;">I</span>
<i>Acacia ramulosa <span style="font-style:normal;">var.</span> linophylla</i>
<span style="font-family:Cambria">Ƙ</span>
List of newspapers that reprinted <i>Jyllands-Posten</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s Muhammad cartoons
<i>Rolling Stone</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s 500 Greatest Albums of All Time
<i>Rolling Stone</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s 500 Greatest Songs of All Time
Chronology of computation of <span class="texhtml mvar" style="font-style:italic;">π</span>
Approximations of <span class="texhtml mvar" style="font-style:italic;">π</span>
<span class="texhtml mvar" style="font-style:italic;">n</span>-ary
List of formulae involving <span class="texhtml mvar" style="font-style:italic;">π</span>
<i>Ulmus davidiana <span style="font-style:normal;">var.</span> japonica</i>
<i>Ulmus</i> 'Nanguen' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Lutece</span>
<i>Paeonia daurica <span style="font-style:normal;">subsp.</span> mlokosewitschii</i>
<i>TV Guide</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s 50 Greatest TV Shows of All Time
<i>Correa reflexa <span style="font-style:normal;">var.</span> speciosa</i>
<i>Ulmus</i> 'Wanoux' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Vada</span>
<i>Ampelopsis glandulosa <span style="font-style:normal;">var.</span> brevipedunculata</i>
<i>Ulmus</i> 'Morton' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Accolade</span>
<i>Ulmus</i> 'Morton Glossy' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Triumph</span>
<i>Ulmus</i> 'Morton Plainsman' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Vanguard</span>
<i>Ulmus</i> 'Morton Red Tip' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Danada Charm</span>
<i>Ulmus</i> 'Morton Stalwart' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Commendation</span>
<i>Banksia integrifolia <span style="font-style:normal;">subsp.</span> integrifolia</i>
<i>Banksia integrifolia <span style="font-style:normal;">subsp.</span> compar</i>
<i>Banksia integrifolia <span style="font-style:normal;">subsp.</span> monticola</i>
<i>Ulmus minor <span style="font-style:normal;">subsp.</span> canescens</i>
<i>Capparis spinosa <span style="font-style:normal;">subsp.</span> nummularia</i>
<i>Ulmus parvifolia</i> 'UPMTF' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Bosque</span>
<i>Ulmus parvifolia</i> 'Emer II' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Allee</span>
<i>Ulmus parvifolia</i> 'A. Ross Central Park' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Central Park Splendor</span>
<i>Ulmus parvifolia</i> 'Zettler' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Heritage</span>
<i>Ulmus davidiana</i> var. <i>japonica</i> 'JFS-Bieberich' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Emerald Sunshine</span>
<i>Ulmus laevis <span style="font-style:normal;">var.</span> celtidea</i>
<i>Eriogonum longifolium <span style="font-style:normal;">var.</span> harperi</i>
<i>Anadenanthera peregrina <span style="font-style:normal;">var.</span> falcata</i>
<i>Anadenanthera colubrina <span style="font-style:normal;">var.</span> cebil</i>
<i>Ulmus laciniata <span style="font-style:normal;">var.</span> nikkoensis</i>
<i>Ulmus americana <span style="font-style:normal;">var.</span> floridana</i>
<i>Ulmus bergmanniana <span style="font-style:normal;">var.</span> bergmanniana</i>
<i>Ulmus bergmanniana <span style="font-style:normal;">var.</span> lasiophylla</i>
<i>Ulmus changii <span style="font-style:normal;">var.</span> changii</i>
<i>Ulmus changii <span style="font-style:normal;">var.</span> kunmingensis</i>
<i>Ulmus glaucescens <span style="font-style:normal;">var.</span> glaucescens</i>
<i>Ulmus glaucescens <span style="font-style:normal;">var.</span> lasiocarpa</i>
<i>Ulmus macrocarpa <span style="font-style:normal;">var.</span> glabra</i>
<i>Ulmus macrocarpa <span style="font-style:normal;">var.</span> macrocarpa</i>
<i>Ulmus davidiana <span style="font-style:normal;">var.</span> davidiana</i>
<i>Ulmus parvifolia <span style="font-style:normal;">var.</span> coreana</i>
<i>Coincya monensis <span style="font-style:normal;">subsp.</span> monensis</i>
<i>Coincya monensis <span style="font-style:normal;">subsp.</span> recurvata</i>
<i>Muehlenbeckia horrida <span style="font-style:normal;">subsp.</span> abdita</i>
<i>Parapuzosia <span style="font-style:normal;">(</span>Austiniceras<span style="font-style:normal;">)</span></i>
<i>Puzosia <span style="font-style:normal;">(</span>Bhimaites<span style="font-style:normal;">)</span></i>
<i>Banksia armata <span style="font-style:normal;">var.</span> armata</i>
<i>Banksia armata <span style="font-style:normal;">var.</span> ignicida</i>
<i>Olea europaea <span style="font-style:normal;">subsp.</span> cuspidata</i>
<i>Ulmus laevis <span style="font-style:normal;">var.</span> simplicidens</i>
<i>Yucca gloriosa <span style="font-style:normal;">var.</span> tristis</i>
<i>Lilium pardalinum <span style="font-style:normal;">subsp.</span> pitkinense</i>
<i>Lupinus latifolius <span style="font-style:normal;">var.</span> barbatus</i>
<i>Vachellia nilotica <span style="font-style:normal;">subsp.</span> adstringens</i>
<i>Acacia ayersiana <span style="font-style:normal;">var.</span> latifolia</i>
<i>Vachellia nilotica <span style="font-style:normal;">subsp.</span> cupressiformis</i>
<i>Vachellia nilotica <span style="font-style:normal;">subsp.</span> hemispherica</i>
<i>Vachellia nilotica <span style="font-style:normal;">subsp.</span> indica</i>
<i>Vachellia nilotica <span style="font-style:normal;">subsp.</span> kraussiana</i>
<i>Vachellia nilotica <span style="font-style:normal;">subsp.</span> nilotica</i>
<i>Vachellia nilotica <span style="font-style:normal;">subsp.</span> subalata</i>
<i>Vachellia nilotica <span style="font-style:normal;">subsp.</span> tomentosa</i>
<i>Acacia aneura <span style="font-style:normal;">var.</span> aneura</i>
<i>Acacia aneura <span style="font-style:normal;">var.</span> argentea</i>
<i>Acacia aneura <span style="font-style:normal;">var.</span> fuliginea</i>
<i>Acacia aneura <span style="font-style:normal;">var.</span> intermedia</i>
<i>Acacia aneura <span style="font-style:normal;">var.</span> macrocarpa</i>
<i>Acacia aneura <span style="font-style:normal;">var.</span> major</i>
<i>Acacia aneura <span style="font-style:normal;">var.</span> microcarpa</i>
<i>Acacia aneura <span style="font-style:normal;">var.</span> pilbarana</i>
<i>Acacia aneura <span style="font-style:normal;">var.</span> tenuis</i>
<i>Anadenanthera peregrina <span style="font-style:normal;">var.</span> peregrina</i>
<i>Acacia coriacea <span style="font-style:normal;">subsp.</span> coriacea</i>
<i>Acacia coriacea <span style="font-style:normal;">subsp.</span> pendens</i>
<i>Acacia coriacea <span style="font-style:normal;">subsp.</span> sericophylla</i>
<i>Acaciella angustissima <span style="font-style:normal;">var.</span> suffrutescens</i>
<i>Acacia acuminata <span style="font-style:normal;">subsp.</span> acuminata</i>
<i>Vachellia aroma <span style="font-style:normal;">var.</span> aroma</i>
<i>Vachellia aroma <span style="font-style:normal;">var.</span> huarango</i>
<i>Vachellia caven <span style="font-style:normal;">var.</span> caven</i>
<i>Vachellia caven <span style="font-style:normal;">var.</span> dehiscens</i>
<i>Vachellia caven <span style="font-style:normal;">var.</span> microcarpa</i>
<i>Vachellia caven <span style="font-style:normal;">var.</span> stenocarpa</i>
<i>Senegalia polyacantha <span style="font-style:normal;">subsp.</span> campylacantha</i>
List of <i>Footballers<span class="nowrap" style="padding-left:0.1em;">&#39;</span> Wives</i> characters
<i>Banksia laevigata <span style="font-style:normal;">subsp.</span> laevigata</i>
<i>Gaeumannomyces graminis <span style="font-style:normal;">var.</span> avenae</i>
<i>Gaeumannomyces graminis <span style="font-style:normal;">var.</span> graminis</i>
<i>Nectria mammoidea <span style="font-style:normal;">var.</span> rubi</i>
List of <i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>Til Death</i> episodes
<i>Rhododendron minus <span style="font-style:normal;">var.</span> chapmanii</i>
<i>Diaporthe phaseolorum <span style="font-style:normal;">var.</span> phaseolorum</i>
<i>Anadenanthera colubrina <span style="font-style:normal;">var.</span> colubrina</i>
<i>Ulmus wallichiana <span style="font-style:normal;">subsp.</span> xanthoderma</i>
<i>Ulmus wallichiana <span style="font-style:normal;">subsp.</span> wallichiana</i>
<i>Ulmus wallichiana <span style="font-style:normal;">var.</span> tomentosa</i>
<i>Uromyces lineolatus <span style="font-style:normal;">subsp.</span> nearcticus</i>
<i>Uromyces trifolii-repentis <span style="font-style:normal;">var.</span> fallens</i>
<i>Uromyces viciae-fabae <span style="font-style:normal;">var.</span> viciae-fabae</i>
<i>Pythium ultimum <span style="font-style:normal;">var.</span> ultimum</i>
<i>Podosphaera clandestina <span style="font-style:normal;">var.</span> clandestina</i>
<i>Time</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s All-Time 100 Movies
<i>Geotrichum candidum <span style="font-style:normal;">var.</span> citri-aurantii</i>
List of representations of <span class="texhtml mvar" style="font-style:italic;">e</span>
<i>Banksia spinulosa <span style="font-style:normal;">var.</span> collina</i>
<i>Puccinia extensicola <span style="font-style:normal;">var.</span> hieraciata</i>
<i>Diaporthe phaseolorum <span style="font-style:normal;">var.</span> caulivora</i>
<i>Diaporthe phaseolorum <span style="font-style:normal;">var.</span> sojae</i>
<i>Puccinia substriata <span style="font-style:normal;">var.</span> indica</i>
<i>Uromyces proeminens <span style="font-style:normal;">var.</span> poinsettiae</i>
2<span class="texhtml mvar" style="font-style:italic;">π</span> theorem
<i>Mentha longifolia <span style="font-style:normal;">var.</span> asiatica</i>
<i>Ulmus parvifolia</i> 'BSNUPF' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Everclear</span>
<i>Zapoteca portoricensis <span style="font-style:normal;">subsp.</span> portoricensis</i>
Proof that <span class="texhtml mvar" style="font-style:italic;">π</span> is irrational
<i>Ficus popenoei <span style="font-style:normal;">subsp.</span> malacocarpa</i>
<i>Sambucus racemosa <span style="font-style:normal;">subsp.</span> racemosa</i>
<i>Conospermum stoechadis <span style="font-style:normal;">subsp.</span> sclerophyllum</i>
<i>Epipactis helleborine <span style="font-style:normal;">var.</span> youngiana</i>
<i>Banksia spinulosa <span style="font-style:normal;">var.</span> spinulosa</i>
<i>Banksia spinulosa <span style="font-style:normal;">var.</span> cunninghamii</i>
<span class="texhtml mvar" style="font-style:italic;">x̅</span> and s chart
10<span style="position:absolute; top: -9999px">^</span><sup>16</sup> to 1
Liu Hui's <span class="texhtml mvar" style="font-style:italic;">π</span> algorithm
<i>Portland</i><span style="position:absolute; top: -9999px"> (shipwreck)</span>
CSS <i>Alabama</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s New England Expeditionary Raid
CSS <i>Alabama</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s Gulf of Mexico Expeditionary Raid
CSS <i>Alabama</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s South Atlantic Expeditionary Raid
CSS <i>Alabama</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s South African Expeditionary Raid
CSS <i>Alabama</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s Indian Ocean Expeditionary Raid
CSS <i>Alabama</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s South Pacific Expeditionary Raid
<span class="texhtml mvar" style="font-style:italic;">n</span>-body problem
I am the <span style="font-variant:small-caps">Lord</span> thy God
&#928;<sup>0</sup><sub><span style="margin-left:-0.5em">1</span></sub> class
<i>Le Monde</i><span class="nowrap" style="padding-left:0.1em;">&#39;s</span> 100 Books of the Century
<span class="music-symbol" style="font-family: Arial Unicode MS, Lucida Sans Unicode;"><span class="music-flat">&#x266d;</span></span>VII–V<sup>7</sup> cadence
<i>Buddleja crispa</i> 'Huimoon' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Moon Dance</span>
<i>Buddleja davidii</i> 'Adokeep' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Adonis Blue</span>
<i>Buddleja davidii</i> 'Camkeep' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Camberwell Beauty</span>
<i>Buddleja</i> 'Minpap' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Reve de Papillon</span>
<i>Buddleja davidii</i> 'Buddma' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Moonshine</span>
<i>Buddleja davidii</i> 'Mongo' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Nanho Blue</span>
<i>Buddleja davidii</i> 'Monum' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Nanho Purple</span>
<i>Buddleja davidii</i> 'Monite' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Nanho White</span>
<i>Buddleja davidii</i> 'Notbud' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Masquerade</span>
<i>Buddleja davidii</i> 'Courtabud' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Operette</span>
<i>Buddleja davidii</i> 'Peakeep' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Peacock</span>
<i>Buddleja davidii</i> 'Pyrkeep'  = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Purple Emperor</span>
<i>Buddleja davidii</i> 'Thia' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Santana</span>
<i>Buddleja</i> 'Monrell' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Strawberry Lemonade</span>
<i>Buddleja davidii</i> 'Grefoj' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Fourth of July</span>
<i>Buddleja</i> 'Podaras4' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Grande Blueberry Cobbler</span>
<i>Buddleja</i> 'Podaras5' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Grande Peach Cobbler</span>
<i>Buddleja</i> 'Podaras2' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Grande Sweet Marmalade</span>
<i>Buddleja</i> 'Podaras3' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Grande Tangerine Dream</span>
<i>Buddleja</i> 'Podaras1' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Grande Vanilla</span>
<i>Buddleja</i> 'Podaras8' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Petite Blue Heaven</span>
<i>Buddleja</i> 'Podaras16' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Petite Pink</span>
<i>Buddleja</i> 'Podaras15' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Petite Snow White</span>
<i>Buddleja</i> 'Podaras13' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Petite Tutti Fruitti Pink</span>
<i>Buddleja</i> 'Lonplum' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Sugar Plum</span>
<i>Buddleja</i> 'Morning Mist' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Silver Anniversary</span>
<i>Buddleja</i> 'Podaras12' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Flow Lavender</span>
<i>Buddleja</i> 'Podaras10' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Petite Dark Pink</span>
<i>Buddleja</i> 'Podaras14' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Petite Fuchsia</span>
<i>Buddleja</i> 'Podaras11' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Lavender</span>
<i>Buddleja</i> 'Podaras7' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Flow Mauve Pink</span>
<i>Buddleja</i> 'Podaras6' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Peace</span>
<i>Buddleja</i> 'Podaras9' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Flutterby Pink</span>
<span class="smallcaps"><span style="font-variant: small-caps; text-transform: lowercase;">L</span></span>-Norpseudoephedrine
<i>Buddleja</i> 'ILVOargus2' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Argus Velvet</span>
<i>Buddleja</i> 'ILVOargus1' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Argus White</span>
<span style="text-transform:lowercase;">london2012.com</span>
<span style="text-transform:lowercase;">of</span><span> Verona</span>
<i>Buddleja</i> 'Minpap3' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Reve de Papillon Blue</span>
<i>Buddleja</i> 'Minpap2' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Reve de Papillon White</span>
<i>Buddleja davidii</i> 'Tobuivo' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Buzz Ivory</span>
<i>Buddleja davidii</i> 'Tobudpipur' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Buzz Magenta</span>
<i>Buddleja davidii</i> 'Tobudviole' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Buzz Lavender</span>
<i>Buddleja davidii</i> 'Tobuskyblu' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Buzz Sky Blue</span>
<i>NME</i><span class="nowrap" style="padding-left:0.1em;">&#39;s</span> Cool List
<i>Buddleja</i> 'Hinebud 3' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Angel White</span>
<i>Buddleja</i> 'Hinebud 1' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Lavender Veil</span>
<i>Buddleja</i> 'Hinebud 2' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Purple Splendor</span>
Kalai's 3<span style="position: absolute; top: -9999px;">^</span><sup><i>d</i></sup> conjecture
<i>Buddleja davidii</i> 'SMBDPB' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Merry Magic Orchid</span>
<i>Buddleja davidii</i> 'SMBDPL' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Merry Magic Purple</span>
<i>Buddleja davidii</i> 'SMBDVL' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Merry Magic Violet</span>
<i>Buddleja davidii</i> 'Harkstead Indigo' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Buzz Indigo</span>
<i>Buddleja davidii</i> 'Tobudvelve' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Buzz Red</span>
<i>Buddleja davidii</i> 'PIIBD-II' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Funky Fuchsia</span>
<i>Buddleja davidii</i> 'PIIBD-I' = <span class="trade_designation" style="font-variant:small-caps; margin-left: 0.05em;">Groovy Grape</span>
2-Amino-5-formylamino-6-(5-phospho-<span class="smallcaps"><span style="font-variant: small-caps; text-transform: lowercase;">D</span></span>-ribosylamino)pyrimidin-4(3<i>H</i>)-one
Zhao Youqin's <span class="texhtml mvar" style="font-style:italic;">π</span> algorithm
<span class="texhtml mvar" style="font-style:italic;">x̄</span> and R chart
<i>NME</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s The 500 Greatest Albums of All Time
<span class="smallcaps"><span style="font-variant: small-caps; text-transform: lowercase;">L</span></span>-Photo-leucine
<i>The Guardian</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s 100 Best Novels Written in English
<i>FHM</i><span class="nowrap" style="padding-left:0.1em;">&#39;s</span> 100 Sexiest Women (UK)
List of <i>Brunch at Bobby<span class="nowrap" style="padding-left:0.1em;">&#39;</span>s</i> episodes
<i>Rolling Stone</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s 100 Greatest Songwriters of All Time
<i>Radio Times</i><span class="nowrap" style="padding-left:0.1em;">&#39;s</span> Most Powerful People
<i>Cahiers du cinéma</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s Annual Top 10 Lists
<i>Rosa</i> <q style="quotes: &quot;&#39;&quot; &quot;&#39;&quot;;">Graham Thomas</q>
<i>Rolling Stone Argentina</i><span class="nowrap" style="padding-left:0.1em;">&#39;</span>s The 100 Greatest Albums of National Rock
May 25 2020, 5:33 PM · Security-Team, User-notice, Patch-For-Review, MediaWiki-Parser

May 24 2020

Bawolff added a comment to T215713: Missing dependencies in extension snapshots.

Appears there are two issues:

May 24 2020, 10:10 PM · MW-1.34-release, MW-1.33-release, VPS-project-Extdist, MW-1.32-release, ExtensionDistributor

May 23 2020

Bawolff added a comment to T248583: PollNY: Classic CSRF in Special:CreatePoll & Special:UpdatePoll + API module.

Looks like you are adding an edit token to the forms, and then checking it when processing it, so this should fix the issue.

May 23 2020, 11:04 PM · Social-Tools, PollNY, Security, Security-Team

May 15 2020

Bawolff added a comment to T252853: updateSearchIndex.php sql error not all tables locked.
In T252853#6139881, @Aklapper wrote:

Also, why exactly was this reported in Phabricator, in addition to https://www.mediawiki.org/wiki/Topic:Vbps68wp2h51ifg6 ?

May 15 2020, 3:46 PM · MediaWiki-Maintenance-system
Bawolff updated the task description for T252853: updateSearchIndex.php sql error not all tables locked.
May 15 2020, 3:42 PM · MediaWiki-Maintenance-system
Bawolff renamed T252853: updateSearchIndex.php sql error not all tables locked from updateSearchIndex.php to updateSearchIndex.php sql error not all tables locked.
May 15 2020, 3:39 PM · MediaWiki-Maintenance-system
Bawolff awarded T252811: Requesting +2 rights for Mediawiki Group for DannyS712 a Like token.
May 15 2020, 12:36 AM · User-DannyS712, MediaWiki-Gerrit-Group-Requests

May 9 2020

Bawolff added a comment to T248440: Extract CSV file from Wikipedia/Commons/MediaWiki Special pages.

For reference, if you wanted to build this into mediawiki, these sort of things are implemented as subclasses of ApiFormatterBase: https://doc.wikimedia.org/mediawiki-core/master/php/classApiFormatBase.html

May 9 2020, 7:21 PM · Wikimedia-Hackathon-2020, MediaWiki-Special-pages
Bawolff added a comment to T248440: Extract CSV file from Wikipedia/Commons/MediaWiki Special pages.

You can click on the links at https://www.mediawiki.org/w/api.php?action=help&modules=query for examples for different types of queries. As an example, here is a list of my contribs: https://www.mediawiki.org/w/api.php?action=query&list=usercontribs&ucuser=Bawolff&format=json&formatversion=2

May 9 2020, 7:01 PM · Wikimedia-Hackathon-2020, MediaWiki-Special-pages
Bawolff added a comment to T252291: RFC: Establish a list of gray/grim Wikimedia sites.

Imo, this proposal is inapropriate to a hackathon/phabricator. Its very literally an extremely contentious community social issue and should be discussed through normal community processes on meta

May 9 2020, 6:26 PM · Community-consensus-needed, Wikimedia-Hackathon-2020
Bawolff added a comment to T248440: Extract CSV file from Wikipedia/Commons/MediaWiki Special pages.

These pages all have json downloads (via api) so i guess is this asking to add csv as an output format for the api?

May 9 2020, 6:20 PM · Wikimedia-Hackathon-2020, MediaWiki-Special-pages

Apr 7 2020

Bawolff added a comment to T249486: Change Content Security Policy on betacommons to allow api.flickr.com.

CSP is still being tested. Its enforced on beta for testing purposes, in prod it only gives warning on browser developer console

Apr 7 2020, 12:08 AM · Security-Team, ContentSecurityPolicy, Wikimedia-Site-requests, Beta-Cluster-Infrastructure

Apr 6 2020

Bawolff added a comment to T249486: Change Content Security Policy on betacommons to allow api.flickr.com.

Note, the flickr thing is part of the uploadwizard extension, not a gadget or anything like that. Most of the other things like that had builtin exceptions, at least in the short term (in the spirit of stabilizing the status quo before changing things)

Apr 6 2020, 4:00 PM · Security-Team, ContentSecurityPolicy, Wikimedia-Site-requests, Beta-Cluster-Infrastructure
Bawolff added a comment to T249513: CSP report-uri is deprecated.

Fwiw, deprecated or not all browsers seem to support it and no browser seems to have plans to remove it

Apr 6 2020, 3:38 PM · Technical-Debt, Security, ContentSecurityPolicy, Front-end-Standards-Group, Security-Team, WorkType-NewFunctionality, MediaWiki-General

Apr 5 2020

Bawolff added a comment to T208188: RFC: Partial opt-out method for Content security policy.

In context of the RFC process, the question is whether the proposed technical solution is satisfactory and feasible in the context of current and anticipated future requirements. The problem seems to be that such requirements are unclear, since there is no clarity on what would be acceptable or desirable behavior from the user's perspective, in the short and medium term.

Apr 5 2020, 6:53 PM · Privacy Engineering, Security, Platform Team Workboards (Clinic Duty Team), Patch-For-Review, ContentSecurityPolicy, TechCom-RFC, TechCom, Security-Team

Apr 4 2020

Bawolff added a comment to T208188: RFC: Partial opt-out method for Content security policy.

Please note, my contract with WMF ended, so I'm not really working on this anymore. The security team will presumably be detailing what the future plans are here. However, I wanted to mention what my thoughts were on this subject at the time when I left.

Apr 4 2020, 8:52 PM · Privacy Engineering, Security, Platform Team Workboards (Clinic Duty Team), Patch-For-Review, ContentSecurityPolicy, TechCom-RFC, TechCom, Security-Team
Bawolff added a comment to T249419: RFC: Render data visualizations on the server.

I think the most complex (and underspecified) aspect here, is data invalidation. Which to be fair, the current solution handles by basically pretending its not a problem. However, graphs can include all sorts of additional resources. These resources aren't even recorded, and there is no cache invalidation when they change. What we do here is probably going to depend a lot on if we continue to pretend this problem doesn't exist, or try to address it.

Apr 4 2020, 8:28 PM · covid-19, TechCom-RFC
Bawolff awarded T249419: RFC: Render data visualizations on the server a Love token.
Apr 4 2020, 7:26 PM · covid-19, TechCom-RFC

Mar 30 2020

Bawolff added a comment to T248849: [Sofa] [[MediaWiki:Sofa-desc/qqq]] translation issue.

There is no phab project for Sofa (nor do i think it really makes sense to create one for my hack side project that doesn't even work yet)

Mar 30 2020, 2:17 PM · MediaWiki-extensions-Other, I18n
Bawolff added a comment to T248849: [Sofa] [[MediaWiki:Sofa-desc/qqq]] translation issue.

For reference, its an experimental idea of making an extension similar to DPL/SMW/Cargo (e.g. User defined query capabilities to generate reports), but have the data model be more like CouchDB.

Mar 30 2020, 1:23 PM · MediaWiki-extensions-Other, I18n
Bawolff added a comment to T248849: [Sofa] [[MediaWiki:Sofa-desc/qqq]] translation issue.

I responded on the ticket, but honestly, I would suggest disabling translations for it, until some future time where the extension actually does something. I'm not actively working on it at the moment, so it may be a while (if ever) that it becomes a usable extension.

Mar 30 2020, 1:21 PM · MediaWiki-extensions-Other, I18n
Bawolff added a comment to T248849: [Sofa] [[MediaWiki:Sofa-desc/qqq]] translation issue.

Note, this is like a half-done crazy extension idea. There's probably not much point in translating it at this stage.

Mar 30 2020, 1:14 PM · MediaWiki-extensions-Other, I18n

Mar 29 2020

Bawolff created T248809: review i18n message config-sqlite-parent-unwritable-group in installer.
Mar 29 2020, 11:47 PM · MediaWiki-Installer
Bawolff added a comment to T248808: Add CSP policy to installer.

The policy I'm thinking of: default-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; script-src 'self' 'nonce-VnNsWAXz4PjrGZ0kPP5hGvDa'; img-src 'self' data: i.creativecommons.org licensebuttons.net; frame-src creativecommons.org 'self'; base-uri 'none'

Mar 29 2020, 11:40 PM · Patch-For-Review, ContentSecurityPolicy
Bawolff created T248808: Add CSP policy to installer.
Mar 29 2020, 11:34 PM · Patch-For-Review, ContentSecurityPolicy
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL