Fae (Fæ)
User

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Dec 7 2014, 3:49 PM (184 w, 4 d)
Availability
Available
IRC Nick
Fae
LDAP User
Unknown
MediaWiki User

Commonsist. Mostly harmless.

Recent Activity

May 20 2018

Fae added a comment to T194864: Raise the rate limit for autopatrollers on Commons.

Meh, changing some categories is not exactly the crime of the decade, especially considering it only takes a few seconds to swap the entire lot back. If these are the only example of misuse, it's a really, really, weak case for breaking standard tools for good faith contributors.

May 20 2018, 8:54 AM · Patch-For-Review, User-Urbanecm, Wikimedia-Site-requests, Commons
Fae added a comment to T194864: Raise the rate limit for autopatrollers on Commons.

Based on the last set of numbers, I would up my suggestion of a limit to 3000 edits / minute on Commons.

May 20 2018, 3:22 AM · Patch-For-Review, User-Urbanecm, Wikimedia-Site-requests, Commons

May 19 2018

Fae added a comment to T194864: Raise the rate limit for autopatrollers on Commons.

Sure, I'll take care of the vandalism on Wikimedia Commons, don't over-egg the case. The realistic risk of damage or disruption has not been made clear to us "non security" volunteers. Rather than telling us off in an attempt to make us feel stupid, try explaining the case properly and leave bullying tactics at the school gate.

May 19 2018, 2:54 PM · Patch-For-Review, User-Urbanecm, Wikimedia-Site-requests, Commons
Fae added a comment to T194864: Raise the rate limit for autopatrollers on Commons.

It's quite normal to change 2000 files in 60 seconds with catalot or use VFC to make a DR with several hundred files in half that.

May 19 2018, 1:52 PM · Patch-For-Review, User-Urbanecm, Wikimedia-Site-requests, Commons

May 18 2018

Fae added a comment to T194864: Raise the rate limit for autopatrollers on Commons.

As was requested previously, where is the link/reference to make the change. If this affects all tools for Commons users, then there should have been a public proposal on Commons, not a super duper secret Phabricator task because "security".

May 18 2018, 4:42 AM · Patch-For-Review, User-Urbanecm, Wikimedia-Site-requests, Commons

May 13 2018

Fae added a comment to T193075: Create the 'Event coordinator' user group on English Wikipedia.

Every wiki can appoint account creators (they are able to creaete unlimited amount of accounts) RIGHT NOW, there's almost no change. There's just allowing them to grant confirmed status => this is affecting only enwiki.

May 13 2018, 9:30 AM · MW-1.32-release-notes (WMF-deploy-2018-05-08 (1.32.0-wmf.3)), Patch-For-Review, Wikimedia-Site-requests
Fae added a comment to T193075: Create the 'Event coordinator' user group on English Wikipedia.

It is already allowed. Admin of every SUL project can create unlimited number of account. This is about delegation of sysop power.

May 13 2018, 8:53 AM · MW-1.32-release-notes (WMF-deploy-2018-05-08 (1.32.0-wmf.3)), Patch-For-Review, Wikimedia-Site-requests
Fae added a comment to T193075: Create the 'Event coordinator' user group on English Wikipedia.

@Fae: This is just a user group on English Wikipedia, every sysop can create an account that is "globalized" - no global RFC is needed IMHO.

May 13 2018, 8:42 AM · MW-1.32-release-notes (WMF-deploy-2018-05-08 (1.32.0-wmf.3)), Patch-For-Review, Wikimedia-Site-requests
Fae added a comment to T193075: Create the 'Event coordinator' user group on English Wikipedia.

This is a change that affects all projects, not just the English Wikipedia. A RFC is still needed on meta, and all affected projects appropriately notified.

May 13 2018, 8:23 AM · MW-1.32-release-notes (WMF-deploy-2018-05-08 (1.32.0-wmf.3)), Patch-For-Review, Wikimedia-Site-requests

May 8 2018

Fae awarded T194131: CentralAuth registration date incorrect a Piece of Eight token.
May 8 2018, 9:04 AM · MediaWiki-extensions-CentralAuth

May 6 2018

Fae created T193981: Commons 'more' tab actions - harmonize target behaviour.
May 6 2018, 12:40 PM · Commons

May 4 2018

Fae added a comment to T150605: Publish an analysis of the OurMine hack.

Nudge - it has now been 1 year, 5 months, 21 days since this request for publication was raised. We are not asking MI6 about attempts on the Prime Minister's life, it should be possible to explain what happened and the basics of how it will be prevented in the future without creating a hacker's guide to breaking Wikimedia.

May 4 2018, 1:50 PM · Security-Team, Security-General
Fae created T193846: Publish analysis of sustained login attack of 3 May 2018.
May 4 2018, 9:32 AM · Security-Team

Apr 10 2018

Fae created T191910: Specific Abusefilter rule on Commons overwriting artwork.
Apr 10 2018, 6:30 PM · Wikimedia-General-or-Unknown, Commons

Mar 6 2018

Fae added a comment to T187302: Special:Upload prepending "== {{int:filedesc}} ==" twice (Commons).

there is no community consensus on Wikimedia Commons that every image page should start with " {{int:filedesc}} "

Honestly, I see that as Commons' problem. If there is no consensus that it should start with it, then there is also no consensus that it shouldn't. This is a tool, not a magic guessing game. It's been doing this for years without significant complaints. Figure it out. is what I say. :)

On a personal note, i kinda like it. As I dislike putting licenses into the permission field of the information template.

Mar 6 2018, 12:33 PM · MW-1.31-release-notes (WMF-deploy-2018-03-06 (1.31.0-wmf.24)), Patch-For-Review, Multimedia, Multimedia-Team-Working-Board, Commons, MediaWiki-Special-pages

Mar 5 2018

Fae added a comment to T188852: MediaWiki $wgMaxArticleSize is not enforced during file/page creation.

Has anyone seen the same behaviour when posting via the API, or does this not happen?

Mar 5 2018, 10:08 AM · MediaWiki-Configuration, Commons

Mar 3 2018

Fae added a comment to T179884: Files occasionally getting uploaded to Commons without file pages..

Could someone pull a list of files that were my uploads and notify me on-wiki? I just had about 20 or 30 PD Library of Congress images deleted and even listing them is a drag.

Mar 3 2018, 2:20 PM · UploadWizard, Multimedia, media-storage, Commons

Feb 28 2018

Fae added a comment to T187302: Special:Upload prepending "== {{int:filedesc}} ==" twice (Commons).

As far as I am aware, there is no community consensus on Wikimedia Commons that every image page should start with " {{int:filedesc}} ". It would be useful to make it easy for an uploader to add these types of headings, such as by pressing a "cleanup my wikitext" button, but it is a bad thing to force standardization on users based on unfounded assumptions.

Feb 28 2018, 8:14 AM · MW-1.31-release-notes (WMF-deploy-2018-03-06 (1.31.0-wmf.24)), Patch-For-Review, Multimedia, Multimedia-Team-Working-Board, Commons, MediaWiki-Special-pages

Jan 10 2018

Fae added a comment to T13871: Add support for JPEG 2000 images once it's out of patent.

The renaming of this task is unhelpful and misleading. "once it's out of patent" should be removed as JP2000 is defined as free to use without restriction, regardless of particular patents. The renaming makes this task unnecessarily permanently unimplementable.

Jan 10 2018, 8:31 AM · Commons, Multimedia, MediaWiki-File-management

Dec 24 2017

Fae added a comment to T183085: [RfC] Drop compat module.

Unless there is an immediate issue, please keep this minor backwards compatibility. Most of my stuff is now in Core but look have a library of Compat handy things that once broken are unlikely to be revisited. Deliberately breaking them does not make much sense.

Dec 24 2017, 11:18 AM · Patch-For-Review, Pywikibot-RfCs, Pywikibot-core

Nov 29 2017

Fae added a comment to T161934: Add support for JP2 files.

How can we heat this up? Would kicking off a Commons proposal make any difference?

Nov 29 2017, 12:40 PM · MediaWiki-File-management, Commons, Multimedia
Fae awarded T161934: Add support for JP2 files a Like token.
Nov 29 2017, 12:36 PM · MediaWiki-File-management, Commons, Multimedia
Fae awarded T161934: Add support for JP2 files a Like token.
Nov 29 2017, 12:36 PM · MediaWiki-File-management, Commons, Multimedia
Fae awarded T161934: Add support for JP2 files a Yellow Medal token.
Nov 29 2017, 12:36 PM · MediaWiki-File-management, Commons, Multimedia

Nov 10 2017

Fae added a comment to T180241: Please add images.collection.cooperhewitt.org to $wgCopyUploadsDomains.

Project page and a link for initial uploads is at https://commons.wikimedia.org/wiki/User:F%C3%A6/Project_list/Cooper-Hewitt

Nov 10 2017, 9:52 PM · Patch-For-Review, Commons, Wikimedia-Site-requests
Fae created T180241: Please add images.collection.cooperhewitt.org to $wgCopyUploadsDomains.
Nov 10 2017, 3:08 PM · Patch-For-Review, Commons, Wikimedia-Site-requests

Oct 19 2017

Fae added a comment to T155290: Add a data-page-only wiki markup header to datasets.

A new Wikimedia Commons proposal has been created to allow for additional licenses for Data files. This would reduce the confusion about whether data imported from elsewhere needs attribution or can be redefined as CC0.

Oct 19 2017, 12:23 PM · Maps, Discovery, Commons-Datasets

Oct 17 2017

Fae awarded T155290: Add a data-page-only wiki markup header to datasets a Doubloon token.
Oct 17 2017, 6:12 PM · Maps, Discovery, Commons-Datasets
Fae added a comment to T155290: Add a data-page-only wiki markup header to datasets.

I had not caught on that as well as templates, it's not possible to add data files to categories (unless I'm missing a way to do it). Again an unsatisfying workaround is to use Data talk pages, with a current example being the maintenance category: https://commons.wikimedia.org/wiki/Category:Data_files_with_Open_Street_Map_coordinates.

Oct 17 2017, 6:08 PM · Maps, Discovery, Commons-Datasets

Oct 12 2017

Steinsplitter awarded T178051: Unwriteable error when creating DR in Commons:Data a Like token.
Oct 12 2017, 1:45 PM · Commons-Datasets
Fae added a comment to T178051: Unwriteable error when creating DR in Commons:Data.

As Data_talk pages are ordinary pages, for the example case I have raised https://commons.wikimedia.org/wiki/Commons:Deletion_requests/Data_talk:Kuala_Lumpur_Districts.map.

Oct 12 2017, 10:55 AM · Commons-Datasets
Fae awarded T178051: Unwriteable error when creating DR in Commons:Data a Like token.
Oct 12 2017, 9:55 AM · Commons-Datasets
Jeff_G awarded T178051: Unwriteable error when creating DR in Commons:Data a Doubloon token.
Oct 12 2017, 9:51 AM · Commons-Datasets
Fae added a comment to T178051: Unwriteable error when creating DR in Commons:Data.

Update: I may be quite wrong about readonly. Checking my upload logs, Wikimedia Commons has been reporting as read-only in response to attempted API uploads since 6:34 through to now (10:40) UK time.

Oct 12 2017, 9:43 AM · Commons-Datasets
Fae created T178051: Unwriteable error when creating DR in Commons:Data.
Oct 12 2017, 9:27 AM · Commons-Datasets

Sep 14 2017

Fae added a comment to T169864: Zoomviewer is down.

Good! However this task should not be marked as 'resolved' and the more general point that the WMF should be thinking of providing ZoomViewer facilities as part of the media viewer... or at least something that get maintained long term in the same way.

Sep 14 2017, 1:05 PM · Tools, Commons
Fae added a comment to T169864: Zoomviewer is down.

@dschwen is away, and has been for a long time. ZoomViewer should be migrated to being WMF supported. Without it, Commons is not a suitable platform for high resolution images which are now the norm for digital archives, such as high resolution scans of oil paintings.

Sep 14 2017, 7:09 AM · Tools, Commons

Sep 13 2017

Fae awarded T169864: Zoomviewer is down a Doubloon token.
Sep 13 2017, 12:58 PM · Tools, Commons

Sep 4 2017

Fae awarded T171027: "Read timeout is reached" DBQueryError when trying to load specific users' watchlists (with +1000 articles) on several wikis a Like token.
Sep 4 2017, 12:27 PM · MW-1.31-release-notes (WMF-deploy-2017-10-03 (1.31.0-wmf.2)), User-notice, MediaWiki-extensions-WikibaseRepository, Wikidata-Former-Sprint-Board, Patch-For-Review, Collaboration-Team-Triage (Collab-Team-This-Quarter), DBA, Wikidata, Commons, Contributors-Team, Wikimedia-log-errors, MW-1.30-release-notes (WMF-deploy-2017-08-08_(1.30.0-wmf.13)), Russian-Sites, Wikimedia-General-or-Unknown, Performance, MediaWiki-Watchlist

Aug 20 2017

Restricted Application added a project to T13871: Add support for JPEG 2000 images once it's out of patent: Commons.
Aug 20 2017, 9:08 PM · Commons, Multimedia, MediaWiki-File-management

Jul 17 2017

Fae added a comment to T169952: Write Pywikibot script to create tables of thankers.

Faebot was creating these tables using SQL, the same query across several projects. It stopped working due to time-outs after some WMF changes. To fix it I would need to break up the query so it can work within the more limited query times available. I might get around to fixing it, but it's floating in my sub-watermargin pile.

Jul 17 2017, 10:38 AM · Pywikibot-Thanks, Pywikibot-core

Jun 18 2017

Fae added a comment to T167947: Allow searching for similar images on Commons via perceptual hashes.

This is indeed a resurrection of the 2 years old T121797, however that got waylaid by the same "bigger question" of creating an independent database to return general Hamming distances. If this proposal to make available image hashes (whether perception, difference or others), it has little chance of getting anywhere if we don't at least take the first step of being able to return the image hash on an API request, or database query for an image. This minimal change does not require much smart programming, nor creative design. With the hashes available, anyone can immediately search for hash matches, and if they wish to compare Hamming distance for non-matches, they can write separate scripts or tools to do it far more easily, the bit-wise difference being extremely simple. In my experiments with greater-than-zero distances, the results have much narrower potential utility, leading me to believe that this would be for analysing rather specialized collections and questions which means only having to process a constrained sample space. Simple matches, where the Hamming distance is zero, across all Commons images offers immediate benefits, namely finding duplicates and detecting copyright violations by matching new uploads against the hashes for already deleted images, rather than only doing a comparison with the SHA1 cryptic hash.

Jun 18 2017, 10:03 AM · Multimedia, MediaWiki-File-management, Commons

Jun 15 2017

Fae created T167947: Allow searching for similar images on Commons via perceptual hashes.
Jun 15 2017, 9:21 AM · Multimedia, MediaWiki-File-management, Commons

Jun 13 2017

Fae awarded T165860: Request for +2 rights on mediawiki/* for Ladsgroup a Like token.
Jun 13 2017, 10:25 PM · RelEng-Archive-FY201718-Q1, Repository-Ownership-Requests

Jun 5 2017

Fae added a comment to T166271: Please add www.defenceimagery.mod.uk to $wgCopyUploadsDomains.

It's working, thanks!

Jun 5 2017, 8:16 PM · Patch-For-Review, Commons, Wikimedia-Site-requests

Jun 3 2017

Fae added a comment to T166271: Please add www.defenceimagery.mod.uk to $wgCopyUploadsDomains.

...

Anyway, why we actually whitelist? Is there a Dos attack possible? Only
from our infrastructure i think but this can be solved by throttling upload
by URL actions by user. In some time maybe autoblock them.

Jun 3 2017, 8:48 PM · Patch-For-Review, Commons, Wikimedia-Site-requests

May 31 2017

Fae created T166644: Closure of Glamtools list.
May 31 2017, 9:05 AM · Wikimedia-Mailing-lists

May 30 2017

Fae added a comment to T166271: Please add www.defenceimagery.mod.uk to $wgCopyUploadsDomains.

I'm unclear as to why we are worried about tokens. If url upload is allowed, then the URL with a token passed as a parameter looks like:
http://www.defenceimagery.mod.uk/fotoweb/cmdrequest/rest/Download.fwx/45153802.jpg?D=EFCC51FEE65DA414D18085DA188CAB45524FFC4F7A63A403C47E17A8BEF1E554B796D6EA4FD91784A04B36049843E1FB56B129047A099FD2448D5AA2FD3EBB84D49852E5EF22F9F1E9930FDF2671F90028F4747E4DAAD3BE496BC62277DF33E1BC24AB66E7B4B90225B163F54F224DFE65DFE22A5F65B6D1328840103D2F128F615EE150C8AA32E00FC8DA1E13BEA266&ForceSaveDialog=no

May 30 2017, 10:04 PM · Patch-For-Review, Commons, Wikimedia-Site-requests

May 24 2017

Fae created T166271: Please add www.defenceimagery.mod.uk to $wgCopyUploadsDomains.
May 24 2017, 10:05 PM · Patch-For-Review, Commons, Wikimedia-Site-requests

May 15 2017

Fae awarded T129216: Pywikibot should support async chunked uploading a Like token.
May 15 2017, 4:05 PM · Pywikibot-Commons, Patch-For-Review, Pywikibot-General, Pywikibot-core

May 11 2017

Fae updated the task description for T165031: Gadgets that use both scripts and styles, but do not specify type=general, are never loaded (JS file not loaded but CSS file is).
May 11 2017, 12:14 PM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), Performance-Team, MediaWiki-ResourceLoader, Commons
Fae updated subscribers of T165031: Gadgets that use both scripts and styles, but do not specify type=general, are never loaded (JS file not loaded but CSS file is).
May 11 2017, 12:11 PM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), Performance-Team, MediaWiki-ResourceLoader, Commons
Fae created T165031: Gadgets that use both scripts and styles, but do not specify type=general, are never loaded (JS file not loaded but CSS file is).
May 11 2017, 12:08 PM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), Performance-Team, MediaWiki-ResourceLoader, Commons

May 9 2017

Fae added a comment to T164643: Please add esamultimedia.esa.int to $wgCopyUploadsDomains.

*.esa.int works for what we know. The only images I've seen so far have been on the two specific domains listed.

May 9 2017, 12:19 PM · Patch-For-Review, User-Urbanecm, Commons, Wikimedia-Site-requests

May 6 2017

Mrjohncummings awarded T164643: Please add esamultimedia.esa.int to $wgCopyUploadsDomains a Party Time token.
May 6 2017, 8:14 AM · Patch-For-Review, User-Urbanecm, Commons, Wikimedia-Site-requests
Yann awarded T164643: Please add esamultimedia.esa.int to $wgCopyUploadsDomains a Like token.
May 6 2017, 8:12 AM · Patch-For-Review, User-Urbanecm, Commons, Wikimedia-Site-requests
Fae created T164643: Please add esamultimedia.esa.int to $wgCopyUploadsDomains.
May 6 2017, 7:29 AM · Patch-For-Review, User-Urbanecm, Commons, Wikimedia-Site-requests

Apr 26 2017

Fae added a comment to T160529: Sender email spoofing.

I have no idea if the same person is behind this, or it's just a bit of haphazard pointy trolling, but this seems far too easy to disrupt email lists with cross-posted spam:
https://lists.wikimedia.org/pipermail/gendergap/2017-April/006589.html
Example from today, directed at me.

Apr 26 2017, 1:43 PM · Security, Operations, Mail, Wikimedia-Mailing-lists
Fae awarded T160529: Sender email spoofing a Like token.
Apr 26 2017, 1:39 PM · Security, Operations, Mail, Wikimedia-Mailing-lists

Apr 21 2017

Fae added a comment to T163535: Upload verification-error possibly triggered by EXIF.

Yes, the inconsistency is worrying. However I'm also concerned that the recommended "fix" is slightly stupid from the GLAM uploads perspective. I am not going to tamper with perfectly okay original EXIF data, that matches the EXIF data in external archives, just because on Commons we invented an arbitrary and non-intelligent filter.

Apr 21 2017, 12:41 PM · MediaWiki-Uploading, Multimedia, Commons
Fae updated the task description for T163535: Upload verification-error possibly triggered by EXIF.
Apr 21 2017, 11:12 AM · MediaWiki-Uploading, Multimedia, Commons
Fae updated the task description for T163535: Upload verification-error possibly triggered by EXIF.
Apr 21 2017, 7:07 AM · MediaWiki-Uploading, Multimedia, Commons
Fae created T163535: Upload verification-error possibly triggered by EXIF.
Apr 21 2017, 7:07 AM · MediaWiki-Uploading, Multimedia, Commons

Feb 15 2017

Fae added a comment to T157897: Spam blacklist by-pass right for agreed batch upload projects.

I suggest this task is closed. There's too much push back against the task description for this to be realistic. If someone wishes to propose a new task aimed at the blacklist filter process helpfully parsing url redirects, perhaps for a limited number of iterations, and checking those against the blacklist again before rejecting a text, that would be positive.

Feb 15 2017, 11:35 AM · SpamBlacklist, Commons

Feb 14 2017

Fae added a comment to T157897: Spam blacklist by-pass right for agreed batch upload projects.

@Billinghurst See the discussion at https://commons.wikimedia.org/wiki/Commons:Bureaucrats%27_noticeboard#Upload_project_spam_blacklist_exception_.27right.27 which was started at the same time this task was opened.

Feb 14 2017, 12:31 PM · SpamBlacklist, Commons

Feb 13 2017

Fae updated subscribers of T157897: Spam blacklist by-pass right for agreed batch upload projects.

@matmarex This task is not about adding links to the spam-whitelist for a single GLAM upload project that has already completed. It is pointless to list individual bit.ly links, when what is requested is a generic solution in order to support and encourage "officially agreed" batch upload projects.

Feb 13 2017, 10:13 PM · SpamBlacklist, Commons
Fae added a comment to T157897: Spam blacklist by-pass right for agreed batch upload projects.

@Billinghurst that's the point of this task, to avoid volunteers like me having to write ever extending amounts of code to by-pass blacklists. We have the same problem with filename blacklists. I already have around 10 types of error trap in my upload process, I see little benefit in creating my own unique parser for all metadata fields on an GLAM import when the results post absolutely no risk whatsoever to Wikimedia Commons or our reusers and readers.

Feb 13 2017, 4:30 PM · SpamBlacklist, Commons

Feb 12 2017

zhuyifei1999 awarded T157897: Spam blacklist by-pass right for agreed batch upload projects a Y So Serious token.
Feb 12 2017, 8:00 PM · SpamBlacklist, Commons
Fae added a comment to T157897: Spam blacklist by-pass right for agreed batch upload projects.

With regard to later edit, my edit today to https://commons.wikimedia.org/w/index.php?title=File:Marcha_das_Mulheres_Negras_(23137414611).jpg&action=history would have been impossible as the text contained a bit.ly link. So, I dispute impossible.

Feb 12 2017, 7:41 PM · SpamBlacklist, Commons
Yann awarded T157897: Spam blacklist by-pass right for agreed batch upload projects a Like token.
Feb 12 2017, 1:51 PM · SpamBlacklist, Commons
Fae created T157897: Spam blacklist by-pass right for agreed batch upload projects.
Feb 12 2017, 1:10 PM · SpamBlacklist, Commons

Feb 1 2017

Fae added a comment to T156855: Add images.metmuseum.org domain to $wgCopyUploadsDomains.

As Pharos and his folks are working to a deadline, I heartily endorse white-listing the site. This is no-risk as Pharos can ensure that test runs prove to everyone's confidence that licensing has been addressed and that the metadata is nicely handled, including credit templates and links to the license evidence, even if that requires an OTRS ticket.

Feb 1 2017, 8:39 PM · Patch-For-Review, Wikimedia-Site-requests

Jan 31 2017

Fae awarded T156855: Add images.metmuseum.org domain to $wgCopyUploadsDomains a Like token.
Jan 31 2017, 11:09 PM · Patch-For-Review, Wikimedia-Site-requests

Jan 30 2017

Fae added a comment to T150605: Publish an analysis of the OurMine hack.

Nudge. Why has this taken over 10 weeks?

Jan 30 2017, 2:36 PM · Security-Team, Security-General

Jan 23 2017

Fae added a comment to T155844: Please add <https://finds.org.uk> to $wgCopyUploadsDomains.

Uploads will be from https://finds.org.uk/, will *.finds.org.uk cater for that?

Jan 23 2017, 2:18 PM · Patch-For-Review, User-Urbanecm, Commons, Wikimedia-Site-requests

Jan 20 2017

Fae added a comment to T155844: Please add <https://finds.org.uk> to $wgCopyUploadsDomains.

The licence is CC-BY as stated at https://finds.org.uk/info/termsandconditions.

Jan 20 2017, 7:58 PM · Patch-For-Review, User-Urbanecm, Commons, Wikimedia-Site-requests
Fae created T155844: Please add <https://finds.org.uk> to $wgCopyUploadsDomains.
Jan 20 2017, 7:10 PM · Patch-For-Review, User-Urbanecm, Commons, Wikimedia-Site-requests

Nov 29 2016

Fae created T151890: Publish an analysis of the suppression of selected user_properties.
Nov 29 2016, 4:22 PM · Security-General
Fae awarded T124101: Specific revisions of multiple files missing from Swift - 404 Not Found returned a The World Burns token.
Nov 29 2016, 1:53 PM · User-Josve05a, Operations, Multimedia, media-storage, Commons

Nov 26 2016

Fae added a comment to T150605: Publish an analysis of the OurMine hack.

I mentioned BotPasswords as my understanding of https://www.mediawiki.org/wiki/Manual:Pywikibot/BotPasswords, was that it's just a password like any other, hence only as secure as the conventional login. However OAuth uses access tokens which provides an additional level of security. If the WMF is recommending that sysop accounts use 2FA, then my presumption would be that BotPasswords should be avoided on bot accounts with sysop rights for the same reasons.

Nov 26 2016, 11:58 AM · Security-Team, Security-General

Nov 24 2016

Fae added a comment to T150605: Publish an analysis of the OurMine hack.

Thanks, I was unsure if those were the response. I do not see any moves to ensure the advice to administrators is enforced. I doubt there will be any new policies until the analysis itself.

Nov 24 2016, 3:06 PM · Security-Team, Security-General
Fae added a comment to T150605: Publish an analysis of the OurMine hack.

Nudge It's coming up to 2 weeks since the OurMine hack became public knowledge. Please at least issue an interim analysis, I'm sure there is a good understanding of what happened and how. In the absence of any official analysis, volunteers are working on assumptions right now, such as whether administrators using longer passwords is sufficient protection and whether BotPasswords is okay to use on bot accounts with sysop rights, rather than OAuth.

Nov 24 2016, 12:21 PM · Security-Team, Security-General

Nov 22 2016

Davey2010 awarded T150605: Publish an analysis of the OurMine hack a Barnstar token.
Nov 22 2016, 10:38 PM · Security-Team, Security-General

Nov 16 2016

Fae added a comment to T150853: Create a burn-down list of administrator accounts without 2FA or password changes since 11 November.

It may be that publishing dates of password changes would be more than can be queried from the public database, however a table of admins showing which had adopted 2FA is the type of thing that I would struggle to imagine as any significant extra risk and has good value as part of the community agreeing new policies for trusted accounts. In terms of targeting, this is probably a lot less significant than sharing user_properties or analysing edit patterns, which are available to anyone.

Nov 16 2016, 2:24 PM · Security-Team, Security-General
Reedy awarded T150853: Create a burn-down list of administrator accounts without 2FA or password changes since 11 November a Dislike token.
Nov 16 2016, 2:07 PM · Security-Team, Security-General
Fae created T150853: Create a burn-down list of administrator accounts without 2FA or password changes since 11 November.
Nov 16 2016, 1:50 PM · Security-Team, Security-General

Nov 15 2016

Fae added a comment to T150645: BotPasswords login fails in Pywikibot core.

After digging into login.py, I'm wondering if we should be recommending that BotPasswords is avoided. Authorizing OAuth for user accounts wanting to simply run scripts for themselves, rather than making apps for others, happens automatically without needing any human approvals. For Pywikibot, once the user has their credentials, they simply add paste them into their local user-config.py, no other steps needed to get them to work.

Nov 15 2016, 12:07 PM · TestMe, Pywikibot-core
Ladsgroup awarded T150646: Create a Wikimedia hosted two-factor authentication app for multiple platforms a Dislike token.
Nov 15 2016, 7:37 AM · Community-IdeaLab

Nov 14 2016

Fae updated the task description for T150645: BotPasswords login fails in Pywikibot core.
Nov 14 2016, 7:20 PM · TestMe, Pywikibot-core
Fae awarded T150646: Create a Wikimedia hosted two-factor authentication app for multiple platforms a Cookie token.
Nov 14 2016, 10:47 AM · Community-IdeaLab
Poyekhali awarded T150605: Publish an analysis of the OurMine hack a Barnstar token.
Nov 14 2016, 10:42 AM · Security-Team, Security-General
Fae created T150646: Create a Wikimedia hosted two-factor authentication app for multiple platforms.
Nov 14 2016, 10:40 AM · Community-IdeaLab
Fae awarded T150645: BotPasswords login fails in Pywikibot core a Like token.
Nov 14 2016, 10:22 AM · TestMe, Pywikibot-core
Fae created T150645: BotPasswords login fails in Pywikibot core.
Nov 14 2016, 10:18 AM · TestMe, Pywikibot-core

Nov 13 2016

Checkingfax awarded T150605: Publish an analysis of the OurMine hack a Barnstar token.
Nov 13 2016, 3:17 PM · Security-Team, Security-General
Fae awarded T150605: Publish an analysis of the OurMine hack a Like token.
Nov 13 2016, 2:26 PM · Security-Team, Security-General
TomT0m awarded T150605: Publish an analysis of the OurMine hack a Like token.
Nov 13 2016, 12:52 PM · Security-Team, Security-General
Thibaut120094 awarded T150605: Publish an analysis of the OurMine hack a Like token.
Nov 13 2016, 12:31 PM · Security-Team, Security-General
Fae created T150605: Publish an analysis of the OurMine hack.
Nov 13 2016, 11:24 AM · Security-Team, Security-General

Oct 29 2016

Steinsplitter awarded T149478: Exceptional SQL time-out limits for volunteers doing special analysis a Party Time token.
Oct 29 2016, 12:06 PM · DBA