I highly support this proposal. The visited link color we use is too dark and very hard to distinguish from normal text. I think a brighter version of the same color would be ideal. I use RebeccaPurple in my vector.css on fawiki and find it very distniguishable.
Wed, Dec 12
In fawiki, 2 and 3 are most common (and we are gradually moving away from 2 and towards 3). As more templates become Lua-based, we are also moving away from all of the above, towards having a wrapper template (like 2) which calls an all-English template which then calls the Lua code, thereby not having to localize the Lua code at all.
Tue, Dec 4
I like your proposal. However, I think if we are doing this, then we should also rename the pertinent i18n message keys, and that means we should also move them on TranslateWiki using a bot, so people don't re-translate them under the new key. I'm sure there is a process for that, perhaps one of the TranslateWiki staff should be engaged early on?
Thank you all for the great work!
Mon, Dec 3
This continues to be an issue. See https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/476439/ as a recent example.
Sun, Dec 2
Thu, Nov 29
I am separating this because I will need some time to familiarize myself with the unit tests to devise an appropriate strategy for this. I don't want the implementation of the parent task and its other child to be delayed because of this.
Test instructions for https://gerrit.wikimedia.org/r/476439
Excellent idea! Patch coming shortly.
Wed, Nov 28
I am setting priority, as I will be working on it myself.
@Bawolff here you are!
Mon, Nov 26
Sun, Nov 25
@Anomie: when I try https://fa.wikipedia.org/w/api.php?action=query&prop=coordinates&titles=File:Pandora Tomorrow box art.jpg&format=json with my browser, I get a valid API response (and HTTP status is obviously 200). But when I try longer links, I do not get a response. And when I replace the spaces with %20 I also do not get a response. This is with Firefox 63.0.3
Fair comment, Daimona; I removed that line as well. New patch attached.
Uploading a new patch that would just remove the IP field from the results for now.
In terms of a long-term solution: how about we never show the IP in the GET request at all, but allow for a brand new POST-only query which would take the log ID and a reason, and return its private details?
Sat, Nov 24
I think this will do the job for now. Later, we should make sure the actual reason is a required field in the API call.
Which feature? The ability to see private details (through the web interface) was enabled after a loooooooong process. See T152934 and related tasks.
Thanks for pointing that out. Elevating to UBN.
Definitely a very high priority. Since an active threat is not identified and no CU account has been compromised, I am not yet marking it as UBN.
Thu, Nov 22
Mon, Nov 19
I had a feeling it is related to FastCGI as well (just like the other two mentioned above). Sadly, I have no knowledge of FastCGI troubleshooting. I will quietly monitor this thread. Positively surprised that this did not happen during T207560.
Fri, Nov 16
Fun fact: if you press enter while you are in the "Question text" field, it will make the first of the Admins fields disappear. If you keep pressing Enter, the rows in the Admin section disappear one by one. And if you press enter again after all this, it will make a new empty input box appear in the Admins section!
Safe to say that T179446 is a duplicate of this?
Thu, Nov 15
Brian has been tremendously helpful in situations like this. I am going to add him here, in case he has time to check the server logs.
Someone should look at the server logs and tell us what exactly is logged.
Melos, this patch looks good. Please post it publicly and I will +2 it. Like Brian, I think it is okay to work on this in public.
Oh, you are right. That is a massive undertaking.
Wed, Nov 14
Nov 14 2018
Huh! @Bawolff I think you just revealed a security issue; let me create a non-Public task for it.
Nov 13 2018
@4nn1l2 there is no way for us to know if the election was encrypted or not (because our election admin access was removed, appropriately, prior to the election being finalized). But I assume that ALL elections are encrypted by Joe or James. Once the election is complete, they can run the tallies for us.
@revi and @alanajjar the voting period ends in about 21.5 hours from when I am writing this (i.e. exactly at Nov 14, 00:00:00 UTC). At that point you have THREE DAYS to review the votes and look for potential socks. You can see the list of voters on the votewiki, and along with it, you can see their IP address and UA string. If necessary, we can also run additional CU queries for you (I am a local CU), or you can run it yourself (by promoting yourself as a temporary local CU).
Nov 8 2018
@Daimona can I ask you to kindly rename the task as I suggest above, and create the parent task as well?
Nov 6 2018
There are two issues at hand:
As evident from https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/SecurePoll/+/471556/ and https://integration.wikimedia.org/ci/job/mwext-php70-phan-seccheck-docker/24376/console this issue is persisting. Also adding @Ladsgroup
Oct 31 2018
At this point, there is no reason for our accounts to be open either; please block them.
Oct 30 2018
@jrbs At this point, you can remove me from the election admins. You can also remove 4nn1l2.
I understand it better now. Let me update the patch and provide you with some queries.
Oct 29 2018
Sweet; I will submit a patch by the end of the day.
I know it has been the weekend, but just to make sure this gets priority on Monday, I am setting it at High. Note that we only have Monday and Tuesday to configure this election (as well as change the config of votewiki, temporarily, to set the default language to Persian "fa").
Oct 27 2018
@jcrespo I think it is best to move directly to the final desired state (see updated task definition above). This means we would want to run a bunch of DISTINCT queries, and from a DBA perspective, this may mean we need a few new indexes.
I am increasing the priority for this, because in some cases this functionality can truly impact the process and outcome of a CU. (For those who have access, see T207232 as an example)
@Reedy can I ask you to kindly take a look at this?
I updated the git working copy of SecurePoll and reran the above and now I get this error message:
Oct 26 2018
@jrbs can you please give me (and 4nn1l2) permission to edit the election?
Please give updates on this thread about how the work is progressing. Note that the intent is to keep all of the communication publicly on this task.
Oct 23 2018
I can only +1 it, as my +2 rights don't expand into the WMF branches.
Great work by the way!
Not once merged, but once deployed.
Oct 21 2018
Oct 20 2018
Importing the list of eligible voters can be done right now. Sunfyre has run the query and I am attaching a clean version of the output.
Oct 18 2018
@Aklapper great direction, thank you!
Oct 17 2018
I still need an answer as to how we merge a patch like this.
Oct 16 2018
@Daimona: your patch checks out. But I also noticed a related issue:
I like Daimona's patch better. I am going to test it momentarily; assuming that it checks out, what is our approach here? Do we have Daimona post it publicly, have me merge it within minutes, have Daimona create a cherry pick for WMF current build, have someone SWAT it ASAP, or do we try to minimize the amount of time things are public in some other way (e.g. I submit and merge the patch myself, or even, we have someone who can SWAT it submit and merge the patch in both places, based on my verbal approval here?)