Page MenuHomePhabricator

Bawolff (Brian Wolff)
Busy-bodyAdministrator

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Monday

  • Clear sailing ahead.

User Details

User Since
Oct 25 2014, 1:53 AM (400 w, 4 h)
Roles
Administrator
Availability
Available
IRC Nick
Bawolff
LDAP User
Brian Wolff
MediaWiki User
Bawolff [ Global Accounts ]

Hi!

Recent Activity

May 23 2022

Bawolff closed T306591: ParserOutput->hasText() is confusing and probably broken (And hence generate-html => false is probably buggy) as Resolved.
May 23 2022, 11:00 PM · MW-1.39-notes (1.39.0-wmf.12; 2022-05-16), Patch-For-Review, MediaWiki-Parser, Platform Team Initiatives (MCR)
Bawolff closed T299896: Massmessage's content handler sometimes parses the delivery list as an empty HTML as Resolved.

Afaik all follow up is done now

May 23 2022, 11:00 PM · MW-1.39-notes (1.39.0-wmf.9; 2022-04-25), Platform Engineering, MediaWiki-Parser, MassMessage
Bawolff added a comment to T299896: Massmessage's content handler sometimes parses the delivery list as an empty HTML.

If there are other issues we should use a new bug for them.

May 23 2022, 10:58 PM · MW-1.39-notes (1.39.0-wmf.9; 2022-04-25), Platform Engineering, MediaWiki-Parser, MassMessage
Bawolff renamed T308993: Template backlinks on ?action=info broken on 1.37 from Possibly outdated bug in Page Information report for templates to Template backlinks on ?action=info broken on 1.37.
May 23 2022, 6:53 AM · MW-1.37-release, Platform Engineering, MediaWiki-Page-derived-data
Bawolff added a project to T296435: Title::getLinksTo() appears to be broken: MW-1.37-release.
May 23 2022, 6:47 AM · MW-1.37-release, Patch-For-Review, MediaWiki-General
Bawolff added a comment to T308993: Template backlinks on ?action=info broken on 1.37.

Possibly dupe of https://phabricator.wikimedia.org/T296435

May 23 2022, 6:47 AM · MW-1.37-release, Platform Engineering, MediaWiki-Page-derived-data
Bawolff added a project to T308993: Template backlinks on ?action=info broken on 1.37: MW-1.37-release.

Seems like Title::getLinksTo is using LinkCache::getSelectFields which does not include page_namespace or page_title on 1.37.2 (but looks refactored on master). Maybe a backport gone wrong?

May 23 2022, 6:45 AM · MW-1.37-release, Platform Engineering, MediaWiki-Page-derived-data

May 20 2022

Bawolff awarded T116948: Undeploy CodeReview a Burninate token.
May 20 2022, 10:21 PM · Release-Engineering-Team (Seen), Patch-For-Review, Technical-Debt, MediaWiki-extensions-CodeReview, Wikimedia-Site-requests
Bawolff updated the task description for T308013: Assign SPDX headers to puppet.git.
May 20 2022, 9:47 AM · Patch-For-Review, Infrastructure-Foundations, SRE

May 6 2022

Bawolff added a comment to T293323: Transitioning Responsibility for MediaWiki Releases.

The plan is for there to be a document that will lay out the responsibilities for releases, and WMF will retain some of those responsibilities, such as providing the infrastructure and accounts.

May 6 2022, 10:59 PM · tech-decision-forum

May 3 2022

Bawolff added a comment to T185664: Code stewardship review: FlaggedRevs.

Hmm, If I understand this correctly the "sighted" (stable version) is enough for Google News and it doesn't use quality tier for aggregating news. It woud be nice to confirm somehow.

May 3 2022, 7:11 PM · User-notice, MediaWiki-extensions-FlaggedRevs, Code-Stewardship-Reviews
Bawolff added a comment to T270911: Remove GWToolset extension from Wikimedia Commons.

well - other than GWtoolset running remotely, and pattypan requiring image downloads and spreadsheet wrangling.
interesting christmas present to commons, to turn off a tool that was developed by WMUK and unsupported for years, in favor of a java script tool supported by a single volunteer. perhaps you would care to consider a general tool management process?

May 3 2022, 6:48 PM · Structured-Data-Backlog, Code-Stewardship-Reviews, Technical-Debt, Wikimedia-Site-requests, Commons, Community-consensus-needed, MediaWiki-extensions-GWToolset, GLAM
Bawolff awarded T270911: Remove GWToolset extension from Wikimedia Commons a Burninate token.
May 3 2022, 6:23 PM · Structured-Data-Backlog, Code-Stewardship-Reviews, Technical-Debt, Wikimedia-Site-requests, Commons, Community-consensus-needed, MediaWiki-extensions-GWToolset, GLAM

May 2 2022

Bawolff awarded T307243: Add the MWStake logo (and link) to the footer of MediaWiki software a Dislike token.
May 2 2022, 1:48 PM
Bawolff added a comment to T307243: Add the MWStake logo (and link) to the footer of MediaWiki software.

I'm opposed to this. While i sympathize with MWStake wanting to increase its reach, MW should not be used for what is essentially advertising.

May 2 2022, 1:46 PM

Apr 30 2022

Bawolff added a comment to T221442: Only 10 categories are displayed for a page.

This was partially fixed in f3a17b7cb98b3d8

Apr 30 2022, 3:31 PM · MediaWiki-extensions-MsCatSelect

Apr 29 2022

Bawolff closed T307028: XSS in Extension:RSS when $wgRSSAllowLinkTag = true; as Resolved.
Apr 29 2022, 9:22 PM · MW-1.39-notes (1.39.0-wmf.10; 2022-05-02), Patch-For-Review, MediaWiki-extensions-RSS, Security, Security-Team
Bawolff changed the visibility for T307028: XSS in Extension:RSS when $wgRSSAllowLinkTag = true;.
Apr 29 2022, 9:22 PM · MW-1.39-notes (1.39.0-wmf.10; 2022-05-02), Patch-For-Review, MediaWiki-extensions-RSS, Security, Security-Team
Bawolff renamed T227157: SVG thumbnailing fails on windows due to symlink call from Use copy if symlink fails to SVG thumbnailing fails on windows due to symlink call.
Apr 29 2022, 9:04 PM · MW-1.39-notes (1.39.0-wmf.10; 2022-05-02), Commons, MediaWiki-File-management, MediaWiki-General
Bawolff added a comment to T307028: XSS in Extension:RSS when $wgRSSAllowLinkTag = true;.

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/RSS/+/787807 . I guess i shouldn't +2 myself, so if anyone wants to review...

Apr 29 2022, 7:10 PM · MW-1.39-notes (1.39.0-wmf.10; 2022-05-02), Patch-For-Review, MediaWiki-extensions-RSS, Security, Security-Team

Apr 28 2022

Bawolff added a project to T307028: XSS in Extension:RSS when $wgRSSAllowLinkTag = true;: Patch-For-Review.
Apr 28 2022, 12:22 PM · MW-1.39-notes (1.39.0-wmf.10; 2022-05-02), Patch-For-Review, MediaWiki-extensions-RSS, Security, Security-Team
Bawolff added a comment to T307028: XSS in Extension:RSS when $wgRSSAllowLinkTag = true;.

Proposed patch

Apr 28 2022, 12:06 PM · MW-1.39-notes (1.39.0-wmf.10; 2022-05-02), Patch-For-Review, MediaWiki-extensions-RSS, Security, Security-Team

Apr 27 2022

Bawolff added a comment to T307028: XSS in Extension:RSS when $wgRSSAllowLinkTag = true;.

Its related to the custom strip marker scheme, i'm not sure if that's what is being referred to in the other task. The code path involved here is the one using the Sanitizer, not the one with a custom escaping function.

Apr 27 2022, 6:39 PM · MW-1.39-notes (1.39.0-wmf.10; 2022-05-02), Patch-For-Review, MediaWiki-extensions-RSS, Security, Security-Team
Bawolff added a project to T307028: XSS in Extension:RSS when $wgRSSAllowLinkTag = true;: MediaWiki-extensions-RSS.
Apr 27 2022, 5:46 PM · MW-1.39-notes (1.39.0-wmf.10; 2022-05-02), Patch-For-Review, MediaWiki-extensions-RSS, Security, Security-Team
Bawolff created T307028: XSS in Extension:RSS when $wgRSSAllowLinkTag = true;.
Apr 27 2022, 5:45 PM · MW-1.39-notes (1.39.0-wmf.10; 2022-05-02), Patch-For-Review, MediaWiki-extensions-RSS, Security, Security-Team
Bawolff added a comment to T306815: Nimbus skin: XSS via the "Advertise" link interface messages.

Looks good :)

Apr 27 2022, 1:21 PM · SecTeam-Processed, Vuln-XSS, Nimbus, Security

Apr 26 2022

Bawolff changed the visibility for T306741: FanBoxes: classic CSRF in Special:UserBoxes.
Apr 26 2022, 3:20 PM · SecTeam-Processed, Vuln-CSRF, FanBoxes, Social-Tools, Security
Bawolff added a comment to T306815: Nimbus skin: XSS via the "Advertise" link interface messages.

$adMsg should probably also be ->escaped() as well for the href. FILTER_VALIDATE_URL allows urls like https://example.com/"><script>alert(1)</script>. Additionally, if you assume the message is not trusted, you can have javascript scheme urls to get xss e.g. javascript://%0aalert(1) passes FILTER_VALIDATE_URL.

Apr 26 2022, 3:18 PM · SecTeam-Processed, Vuln-XSS, Nimbus, Security
Bawolff added a comment to T306741: FanBoxes: classic CSRF in Special:UserBoxes.

Looks like it fixes the problem

Apr 26 2022, 3:03 PM · SecTeam-Processed, Vuln-CSRF, FanBoxes, Social-Tools, Security
Bawolff added a comment to T109909: Anon-only range block doesn't allow password resets.

An anon-only email block on an IP address is unlikely to have any meaning other than the here-desired one, as Special:EmailUser is not available to logged-out users by default and in probably almost all MediaWiki configurations.

Apr 26 2022, 8:44 AM · MediaWiki-Blocks

Apr 25 2022

Bawolff added a comment to T109909: Anon-only range block doesn't allow password resets.

Is there any way to increase the priority for this to get fixed?

Apr 25 2022, 7:27 AM · MediaWiki-Blocks

Apr 22 2022

Bawolff added a comment to T299896: Massmessage's content handler sometimes parses the delivery list as an empty HTML.

I think i figured out the actual cause on cluster - SpamBlacklist extension. I believe 3cb265f1 is the change that triggered this issue.

Apr 22 2022, 9:48 AM · MW-1.39-notes (1.39.0-wmf.9; 2022-04-25), Platform Engineering, MediaWiki-Parser, MassMessage

Apr 21 2022

Bawolff updated the task description for T306591: ParserOutput->hasText() is confusing and probably broken (And hence generate-html => false is probably buggy).
Apr 21 2022, 6:46 AM · MW-1.39-notes (1.39.0-wmf.12; 2022-05-16), Patch-For-Review, MediaWiki-Parser, Platform Team Initiatives (MCR)
Bawolff added a comment to T299896: Massmessage's content handler sometimes parses the delivery list as an empty HTML.

Ok, steps to reproduce locally (This is contrived, I don't know if this is what's happening on cluster. However, MediaWiki\Extension\TemplateData\Hooks::onMultiContentSave does something very similar to this, so i believe something along these is plausible):

Apr 21 2022, 5:19 AM · MW-1.39-notes (1.39.0-wmf.9; 2022-04-25), Platform Engineering, MediaWiki-Parser, MassMessage
Bawolff updated the task description for T306591: ParserOutput->hasText() is confusing and probably broken (And hence generate-html => false is probably buggy).
Apr 21 2022, 5:12 AM · MW-1.39-notes (1.39.0-wmf.12; 2022-05-16), Patch-For-Review, MediaWiki-Parser, Platform Team Initiatives (MCR)
Bawolff updated the task description for T306591: ParserOutput->hasText() is confusing and probably broken (And hence generate-html => false is probably buggy).
Apr 21 2022, 4:33 AM · MW-1.39-notes (1.39.0-wmf.12; 2022-05-16), Patch-For-Review, MediaWiki-Parser, Platform Team Initiatives (MCR)
Bawolff created T306591: ParserOutput->hasText() is confusing and probably broken (And hence generate-html => false is probably buggy).
Apr 21 2022, 4:26 AM · MW-1.39-notes (1.39.0-wmf.12; 2022-05-16), Patch-For-Review, MediaWiki-Parser, Platform Team Initiatives (MCR)

Apr 20 2022

Bawolff added a watcher for MediaWiki-extensions-QuickInstantCommons: Bawolff.
Apr 20 2022, 9:11 AM
Bawolff added a comment to T299896: Massmessage's content handler sometimes parses the delivery list as an empty HTML.

My theory is that this is caused by https://github.com/wikimedia/mediawiki-extensions-MassMessage/blob/master/includes/Content/MassMessageListContentHandler.php#L238 - calling $parserOutput->setText('') for the case where generateHtml is false. The docs say you should do $parserOutput->setText(null) in that case. (I would also note, that ParserOutput constructor defaults to text being '' if you don't set it at all instead of null, which seems really dangerous and wrong)

Apr 20 2022, 9:07 AM · MW-1.39-notes (1.39.0-wmf.9; 2022-04-25), Platform Engineering, MediaWiki-Parser, MassMessage

Apr 19 2022

Bawolff closed T305837: QuickInstantCommons is incompatible with TimedMediaHandler, MediaWiki 1.37 or earlier as Declined.
Apr 19 2022, 1:56 AM · MediaWiki-extensions-QuickInstantCommons, User-RhinosF1
Bawolff added a comment to T305837: QuickInstantCommons is incompatible with TimedMediaHandler, MediaWiki 1.37 or earlier.

This is expected behaviour on 1.37 - You need 1.38 for the extension to work with TimedMediaHandler. There's not really much i can do for earlier versions.

Apr 19 2022, 1:55 AM · MediaWiki-extensions-QuickInstantCommons, User-RhinosF1

Apr 8 2022

Bawolff created T305758: Italian translation uses parser functions in lastmodifiedat message.
Apr 8 2022, 9:03 PM · MW-1.38-release, MW-1.36-release, MW-1.35-release, MW-1.37-release, I18n

Apr 1 2022

Bawolff added a comment to T259771: RFC: Drop support for older database upgrades.

Just as an aside, i feel like i've seen an increase in support desk questions because of this. In particular people will try to to do the upgrade in steps, but then they will try and use an old version of mw with php8 and have problems.

Apr 1 2022, 6:22 AM · MW-1.36-notes, MW-1.37-notes (1.37.0-wmf.1; 2021-04-13), User-Ladsgroup, TechCom-RFC (TechCom-RFC-Closed), MediaWiki-Stakeholders-Group, Platform Engineering

Mar 27 2022

Bawolff created T304783: LocalSettings.php is missing page gives deprecation warnings.
Mar 27 2022, 8:32 AM · MW-1.37-notes, MW-1.35-notes, MW-1.38-notes, MW-1.36-notes, MW-1.37-release, MW-1.36-release, MW-1.35-release, MW-1.39-notes (1.39.0-wmf.8; 2022-04-18), MW-1.38-release, MediaWiki-Installer

Mar 16 2022

Bawolff added a comment to T303560: Installer should check for PCRE compile time option PCRE_CONFIG_NEWLINE.

So we want to add a new env check for this. The existing ones are here https://github.com/wikimedia/mediawiki/blob/master/includes/installer/Installer.php#L137 we probably also have to add appropriate i18n messages.

Mar 16 2022, 4:19 AM · MW-1.38-notes, MW-1.35-notes, MW-1.36-notes, MW-1.37-notes, MW-1.39-notes (1.39.0-wmf.5; 2022-03-28), MW-1.38-release, MW-1.37-release, MW-1.36-release, MW-1.35-release, good first task, MediaWiki-Installer

Mar 11 2022

Bawolff added a project to T303560: Installer should check for PCRE compile time option PCRE_CONFIG_NEWLINE: good first task.
Mar 11 2022, 12:21 AM · MW-1.38-notes, MW-1.35-notes, MW-1.36-notes, MW-1.37-notes, MW-1.39-notes (1.39.0-wmf.5; 2022-03-28), MW-1.38-release, MW-1.37-release, MW-1.36-release, MW-1.35-release, good first task, MediaWiki-Installer

Mar 10 2022

Bawolff created T303560: Installer should check for PCRE compile time option PCRE_CONFIG_NEWLINE.
Mar 10 2022, 8:38 PM · MW-1.38-notes, MW-1.35-notes, MW-1.36-notes, MW-1.37-notes, MW-1.39-notes (1.39.0-wmf.5; 2022-03-28), MW-1.38-release, MW-1.37-release, MW-1.36-release, MW-1.35-release, good first task, MediaWiki-Installer

Jan 1 2022

Bawolff added a comment to T155029: MediaWiki.org: Generate infoboxes from extension.json in git.

Hmm. We might soonhit a scaling limit with the bot, as Module:extensionJson is getting close to 2mb max page size

Jan 1 2022, 7:55 PM · Tool-extjsonuploader, User-Tgr, MediaWiki-Stakeholders-Group, Developer-Wishlist (2017), MediaWiki-Documentation, Documentation

Dec 30 2021

Bawolff added a comment to T298336: EasyTimeline extension makes part of the browser completely transparent. .

I'm going to guess that this is a bug in Firefox's GPU acceleration, and might depend on GPU driver and things.

Dec 30 2021, 2:23 AM · EasyTimeline
Bawolff awarded T298336: EasyTimeline extension makes part of the browser completely transparent. a The World Burns token.
Dec 30 2021, 2:21 AM · EasyTimeline

Dec 29 2021

Bawolff added a comment to T298358: API should report if a foreign file is a redirect or not.

Currently working around by seeing if the descriptionurl field matches the file name, but that's pretty hacky

Dec 29 2021, 2:17 AM · Commons, MediaWiki-File-management, MediaWiki-Action-API
Bawolff created T298358: API should report if a foreign file is a redirect or not.
Dec 29 2021, 1:28 AM · Commons, MediaWiki-File-management, MediaWiki-Action-API

Dec 15 2021

Bawolff added a comment to T194606: It should be able to add a parameter to skip the form edit page and directly save the target text.

As an aside, SemanticForms extension does do something like this.

Dec 15 2021, 5:27 AM · Security, MediaWiki-extensions-InputBox
Bawolff added a comment to T297725: <inputbox> extension should not be allowed to touch .js sub-pages.

Nothing particularly special about this extension - you could just directly link the url instead.

Dec 15 2021, 5:24 AM · MW-1.38-notes (1.38.0-wmf.21; 2022-02-07), WMDE-TechWish-Sprint-2022-01-19, WMDE-TechWish-Sprint-2022-01-05, User-notice, SecTeam-Processed, WMDE-TechWish-XMAS-Sprint-2021-12-15, WMDE-TechWish-Maintenance, Security, MediaWiki-extensions-InputBox

Dec 6 2021

Bawolff added a comment to T269130: Cross-Site Scripting (XSS) in Commons.wikipedia.org.

Hello Dylsss,Hope you are well. I know that was valid, But I have no word to express how to prove that one! Now the Wikipedia Security team got it! I reported it last year in 2020 (December)! But who report again that is this year (2021). But my report got a duplicate tag! I don't know why! Is it possible to do anything about this issue?

Dec 6 2021, 8:00 AM · Commons, WikibaseMediaInfo, Vuln-XSS, Structured-Data-Backlog, Structured Data Engineering, Security

Nov 30 2021

Bawolff added a comment to T267804: Varnish 503 errors on page with large number of flag icons..

Basically i suspect this is a dupe of T56033

Nov 30 2021, 2:22 AM · MediaWiki-Parser, SRE
Bawolff added a comment to T267804: Varnish 503 errors on page with large number of flag icons..

Afaik, on (file object) cache miss, parser doesn't bulk load file objects, but loads them one at a time from db as it encounters them in the wikitext (compared to say how doing link existence checks works with batching). Even though its a local db, this probably adds up, especially if there's other complex stuff on the page. That would also explain why the null edit is fast - its probably succesfully hitting memcached much more.

Nov 30 2021, 2:19 AM · MediaWiki-Parser, SRE

Nov 21 2021

Bawolff updated subscribers of T296142: Add QuickInstantCommons to translatewiki.
Nov 21 2021, 4:57 AM · MediaWiki-extensions-QuickInstantCommons, translatewiki.net
Bawolff updated the task description for T296142: Add QuickInstantCommons to translatewiki.
Nov 21 2021, 4:55 AM · MediaWiki-extensions-QuickInstantCommons, translatewiki.net
Bawolff created T296142: Add QuickInstantCommons to translatewiki.
Nov 21 2021, 4:38 AM · MediaWiki-extensions-QuickInstantCommons, translatewiki.net

Nov 18 2021

Bawolff added a comment to T268203: Set $digitTransformTable to use english-style 0123456789 digits on sdwiki.

In addition to the actual digits, should the thousands separator continue to be ٬ or should it be a comma , like in english?

Nov 18 2021, 4:44 AM · Patch-For-Review, MediaWiki-Internationalization
Bawolff added a comment to T268203: Set $digitTransformTable to use english-style 0123456789 digits on sdwiki.

Oh i see, we now use NumberFormatter (backed by CLDR data - https://github.com/unicode-org/cldr/blob/main/common/main/sd.xml#L4810 ) if digitTransformTable is not set.

Nov 18 2021, 4:33 AM · Patch-For-Review, MediaWiki-Internationalization
Bawolff added a comment to T268203: Set $digitTransformTable to use english-style 0123456789 digits on sdwiki.

Huh that's weird.

Nov 18 2021, 3:46 AM · Patch-For-Review, MediaWiki-Internationalization
Bawolff added a comment to T268203: Set $digitTransformTable to use english-style 0123456789 digits on sdwiki.

I changed the title of this bug to give a more clear technical summary.

Nov 18 2021, 1:40 AM · Patch-For-Review, MediaWiki-Internationalization
Bawolff renamed T268203: Set $digitTransformTable to use english-style 0123456789 digits on sdwiki from On Sindhi Wikipedia, in the page history, edit size difference should be shown in Arabic numerals instead of Sindhi numerals to Set $digitTransformTable to use english-style 0123456789 digits on sdwiki.
Nov 18 2021, 1:36 AM · Patch-For-Review, MediaWiki-Internationalization

Nov 16 2021

Bawolff created T295745: Echo notifications dialog broken on narrow screens in timeless.
Nov 16 2021, 3:21 AM · Timeless

Nov 13 2021

Bawolff added a comment to T66056: [InstantCommons] Page with hundreds image links takes 60 seconds to parse.

Just FYI, I'm experimenting with performance improvements in the extension QuickInstantCommons. Initial tests show a 55x speed improvement, and I also have additional ideas that are not yet implemented.

Nov 13 2021, 9:34 AM · Multimedia, MediaWiki-File-management

Nov 10 2021

Bawolff added a comment to T294885: Add Extension:WikiSEO to English Wikiversity.

It would probably make more sense to make a specific extension for that then use wikiseo (imho)

Nov 10 2021, 9:45 PM · Patch-For-Review, Wikimedia-extension-review-queue, Wikimedia-Site-requests, Wikimedia-Extension-setup

Oct 21 2021

Bawolff added a comment to T192866: Some DjVu files have too much metadata to fit in their database column.

The individuals and teams on the maintainers list are separate. If a person is listed for a component and a team is listed, it doesn't mean that that person is on that team. (Assuming Aaron hasn't switched teams, he is on the performance team not sdc)

Oct 21 2021, 1:28 PM · MW-1.38-notes (1.38.0-wmf.7; 2021-11-02), User-Ladsgroup, Structured-Data-Backlog, Multi-Content-Revisions, Structured Data Engineering, User-TheDJ, MediaWiki-File-management, MediaWiki-DjVu, Commons
Bawolff added a comment to T192866: Some DjVu files have too much metadata to fit in their database column.

and @Bawolff for the Reading team who own PdfHandler (since PDFs have the exact same problem, but just rarely trigger it for various reasons).

Oct 21 2021, 1:06 AM · MW-1.38-notes (1.38.0-wmf.7; 2021-11-02), User-Ladsgroup, Structured-Data-Backlog, Multi-Content-Revisions, Structured Data Engineering, User-TheDJ, MediaWiki-File-management, MediaWiki-DjVu, Commons

Oct 20 2021

Bawolff updated the task description for T293852: Consider merging fileCacheExpiry and apiThumbCacheExpiry in ForeignAPIRepo.
Oct 20 2021, 6:20 AM · Commons, MediaWiki-File-management
Bawolff created T293852: Consider merging fileCacheExpiry and apiThumbCacheExpiry in ForeignAPIRepo.
Oct 20 2021, 6:16 AM · Commons, MediaWiki-File-management

Oct 16 2021

Bawolff added a comment to T293563: ForeignAPIRepo uses adaptiveTTL to cache image metadata (MW API) responses, but calculated last-modified incorrectly.

To be clear, ForeignAPIRepo::httpGET is used in places where last-modified header makes sense. However ForeignAPIRepo::httpGetCached is not.

Oct 16 2021, 10:24 PM · Commons, MediaWiki-File-management
Bawolff added a comment to T293563: ForeignAPIRepo uses adaptiveTTL to cache image metadata (MW API) responses, but calculated last-modified incorrectly.

If this worked properly, it would probably be much safer to set fileMetadataExpiry to something high like a week (On the presumption that images that are edited, get edited often.

Oct 16 2021, 9:47 PM · Commons, MediaWiki-File-management
Bawolff created T293563: ForeignAPIRepo uses adaptiveTTL to cache image metadata (MW API) responses, but calculated last-modified incorrectly.
Oct 16 2021, 9:44 PM · Commons, MediaWiki-File-management

Aug 5 2021

Bawolff added a comment to T288180: Investigate Extension:GoogleNewsSitemap query performance.

My example was randomly chosen. I think its pretty representative of enwikinews, but its possible the worst case is worse. The worst case on ruwikinews is probably quite a bit worse due to the order of magnitude size difference (but still not anywhere near as bad as the problematic dpl query)

Aug 5 2021, 12:00 PM · DBA, Sustainability (Incident Followup), MediaWiki-extensions-GoogleNewsSitemap
Bawolff added a comment to T288180: Investigate Extension:GoogleNewsSitemap query performance.

Its similar to DPL. Main differences:

Aug 5 2021, 7:19 AM · DBA, Sustainability (Incident Followup), MediaWiki-extensions-GoogleNewsSitemap

Aug 4 2021

Bawolff added a comment to T287380: Decide on the future of DPL.

So i missed originally that the ordermethod was set to "created" (aka page_id) on the dpl query. This made me confused about the query plan chosen and i said some incorrect things about it being unideal.

Aug 4 2021, 10:00 AM · MW-1.37-notes (1.37.0-wmf.16; 2021-07-26), Sustainability (Incident Followup), SRE, DynamicPageList (Wikimedia)
Bawolff added a comment to T287380: Decide on the future of DPL.

Just to summarize some additional investigation that was done:

  • The triggering event seems to be this edit https://ru.wikinews.org/w/index.php?title=%D0%A1%D0%BB%D1%83%D0%B6%D0%B5%D0%B1%D0%BD%D0%B0%D1%8F:%D0%96%D1%83%D1%80%D0%BD%D0%B0%D0%BB%D1%8B&logid=19137921
    • Creating that category page triggered a job which parsed a large number of pages that had a DPL query on them, instigating the DB to overload
  • Its possible (although i don't have conclusive evidence) that mariadb was using an unideal query plan for this particular query, which may have exacerbated the situation. This particular DPL query may have been scaling proportional to the size of the categorylinks table (44M) instead of proportional to the size of the category (180k) i didn't originally notice that ordermethod in the query was set to created instead of categoryadd. categoryadd has more efficient execution
  • ruwikinews had log entries that this particular DPL query (The one for the infobox on "В мире‏‎") had been failing due to timeouts for several days in the lead up to the incident. This meant that the mitigation introduced in the previous incident (wgDLPQueryCacheTime - Which was really a band-aid) was at least sometimes not applying, as it doesn't work for queries that take so long that they timeout.
  • Possibly the mitigation from last time (wgDLPQueryCacheTime) helped us scale further, but when it did fail, it resulted in a much harder failure
Aug 4 2021, 8:58 AM · MW-1.37-notes (1.37.0-wmf.16; 2021-07-26), Sustainability (Incident Followup), SRE, DynamicPageList (Wikimedia)

Aug 3 2021

Bawolff added a comment to T287380: Decide on the future of DPL.

Please enable DPL at least at Main Page of RWN. This 1 page seem to be safe for servers and it's most crucial for RWN.

Aug 3 2021, 12:26 AM · MW-1.37-notes (1.37.0-wmf.16; 2021-07-26), Sustainability (Incident Followup), SRE, DynamicPageList (Wikimedia)

Jul 30 2021

Bawolff added a comment to T287702: All tracking categories should be automatically hidden categories.

A complicating factor is that the category name is parsed and people throw #switch in there. Maybe not an edge case that matters in practise though.

Jul 30 2021, 3:57 AM · MediaWiki-TrackingCategories

Jul 28 2021

Bawolff added a comment to T287380: Decide on the future of DPL.

@Bawolff Maybe you can try replacing database queries with CirrusSearch queries. It won't take long but we can at least test this hypothesis.

Jul 28 2021, 2:17 PM · MW-1.37-notes (1.37.0-wmf.16; 2021-07-26), Sustainability (Incident Followup), SRE, DynamicPageList (Wikimedia)
Bawolff added a comment to T287380: Decide on the future of DPL.

Note: extension:googlenewssitemap which powers the rss feeds on wikinews ( https://en.wikinews.org/w/index.php?title=Special:NewsFeed&format=atom ) does similar queries.

Jul 28 2021, 4:45 AM · MW-1.37-notes (1.37.0-wmf.16; 2021-07-26), Sustainability (Incident Followup), SRE, DynamicPageList (Wikimedia)
Bawolff added a comment to T287380: Decide on the future of DPL.

For reference, DPL queries can be grouped into the following four performance categories (from best to worst):

Jul 28 2021, 4:26 AM · MW-1.37-notes (1.37.0-wmf.16; 2021-07-26), Sustainability (Incident Followup), SRE, DynamicPageList (Wikimedia)

Jul 27 2021

Bawolff added a comment to T287380: Decide on the future of DPL.

I'd argue we have to disable DPL from everywhere, this has potential to cause a full outage in our system but from any wiki that has it turned on. Intentionally or unintentionally.

Jul 27 2021, 9:32 AM · MW-1.37-notes (1.37.0-wmf.16; 2021-07-26), Sustainability (Incident Followup), SRE, DynamicPageList (Wikimedia)
Bawolff added a comment to T287380: Decide on the future of DPL.

On the other hand, in the last discussion, it was decided to rewrite the DPL to CirrusSearch.

Jul 27 2021, 7:24 AM · MW-1.37-notes (1.37.0-wmf.16; 2021-07-26), Sustainability (Incident Followup), SRE, DynamicPageList (Wikimedia)

Jul 26 2021

Bawolff added a comment to T287380: Decide on the future of DPL.

IIRC, Wikimedia's DPL fork was created as part of the Wikivoyage migration rush because a few of the incoming communities insisted they needed it; some of those extensions have been subsequently worked around and dropped from Wikimedia production, and that's probably the best outcome for DPL too. I appreciate that a couple of wikis have built processes that rely upon it, but I can't see it being remotely justified given the complexity and risk to the wider Wikimedia movement.

Jul 26 2021, 8:00 PM · MW-1.37-notes (1.37.0-wmf.16; 2021-07-26), Sustainability (Incident Followup), SRE, DynamicPageList (Wikimedia)
Bawolff added a comment to T287362: General site outage caused by ruwikinews usage of DPL: "upstream connect error or disconnect/reset before headers. reset reason: overflow".

ruwikinews now has 13M pages (bigger than enwiktionary). Even if the band aid solution would have worked last time, we might be passed that at this point.

Jul 26 2021, 7:43 PM · User-Ladsgroup, Wikimedia-Incident, SRE
Bawolff added a comment to T263220: Limit concurrency of DPL queries.

@Bawolff I think you wrote the comment at https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/+/645994/2/wmf-config/PoolCounterSettings.php#87 I think that suggests to reduce/tune if errors the values of 'workers'/'maxqueue' (not the timeout) in sync, but the comment is not 100% clear to me. Could you confirm that is the intention?

I will send an amend or a followup patch with clearer wording if you confirm that is the case, we don't have to think a lot if eventually we end up under the stress of an outage. E.g.:

// Note, this uses nowait:., so 'timeout' must always be 0.
// 'worker' and 'maxqueue' can be tuned, but they should be equal to each other.
// E.g. In the event DPL is causing DB problems, decrease both 'worker' AND 'maxqueue' to 2.
Jul 26 2021, 6:40 PM · Slow-DB-Query, SecTeam-Processed, Security, Vuln-DoS, Sustainability (Incident Followup), SRE, serviceops, PoolCounter, Platform Team Workboards (Clinic Duty Team), MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Performance Issue, Patch-For-Review, DynamicPageList (Wikimedia)

Jun 27 2021

alistair3149 awarded T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki a Love token.
Jun 27 2021, 1:21 AM · MediaWiki-General, ContentSecurityPolicy, Platform Team Legacy (Watching / External), TechCom-RFC (TechCom-RFC-Closed), Patch-For-Review, Epic, Security-Team

May 24 2021

Bawolff added a comment to T283456: OAuth identfy endpoint should not expose unconfirmed email address.

If oauth apps are identifying people by email adress, seems like there is an impersonation risk here if they forget to verify the confirmed flag.

May 24 2021, 12:05 AM · Patch-For-Review, Security, MediaWiki-extensions-OAuth

May 17 2021

FriedrickMILBarbarossa awarded T197501: Make users without 2FA setup not have checkuser right regardless of their groups a Pterodactyl token.
May 17 2021, 4:12 AM · Stewards-and-global-tools, MediaWiki-Authentication-and-authorization, CheckUser, MediaWiki-extensions-OathAuth

Mar 28 2021

Bawolff updated Bawolff.
Mar 28 2021, 3:22 AM
Bawolff removed a watcher for phan-taint-check-plugin: Bawolff.
Mar 28 2021, 3:20 AM

Mar 9 2021

Languageseeker awarded T161934: Add support for JP2 files a Love token.
Mar 9 2021, 6:46 PM · MW-1.36-notes (1.36.0-wmf.35; 2021-03-16), Thumbor, MediaWiki-File-management, Commons

Feb 8 2021

Bawolff created T274173: Echo icon overlaps sitename on timeless mobile samsung internet browser.
Feb 8 2021, 6:54 PM · Timeless

Jan 22 2021

Bawolff added a comment to T272659: TemporaryPasswordPrimaryAuthenticationProvider does not use the language that the request was created in.

Its generally expected that an extension will change the user's language if appropriate. By default the user's language will be the content language not the request language.

Jan 22 2021, 3:53 AM · MediaWiki-Authentication-and-authorization

Jan 20 2021

Bawolff awarded T272238: Elasticsearch and Kibana are switching to non-OSI-approved SSPL licence a Pirate Logo token.
Jan 20 2021, 4:54 PM · SRE Observability (FY2021/2022-Q3), Observability-Logging, observability, Software-Licensing, Wikimedia-Logstash, SRE

Jan 3 2021

Bawolff added a comment to T230415: Stop ignoring paragraph and region separators in DjVu file OCR text layer.

Text layer is generally generated on upload. It used to be refreshable by action=purge but i dont think that is the case anymore. There is a maintenance script to refresh all of a specific file type.

Jan 3 2021, 5:51 AM · MW-1.36-notes (1.36.0-wmf.37; 2021-03-30), All-and-every-Wikisource, MediaWiki-DjVu

Dec 22 2020

Bawolff awarded T269718: RCE in Widgets extension (CVE-2020-35625) a Mountain of Wealth token.
Dec 22 2020, 8:58 PM · Vuln-DirectObjectReference, Vuln-MissingAuthz, ShoutWiki, MediaWiki-extensions-Widgets, Security