Jalexander (James Alexander)Administrator
Trust & Safety (also chocolates)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Wednesday

  • Clear sailing ahead.

User Details

User Since
Oct 9 2014, 9:41 AM (206 w, 4 d)
Roles
Administrator
Availability
Available
IRC Nick
Jamesofur
LDAP User
Jalexander
MediaWiki User
Jalexander-WMF [ Global Accounts ]

Recent Activity

Fri, Sep 21

Jalexander added a member for acl*access-policy-approvers: sguebo_WMF.
Fri, Sep 21, 5:34 PM

Fri, Aug 31

Jalexander added a comment to T200559: Exposing revIDs of deleted edits for research purposes.

@PEarleyWMF: we discussed privacy implications; can you comment further on this, and if/who you think should be looped in.

Fri, Aug 31, 7:04 PM · Trust-and-Safety, Privacy, Anti-Harassment, Research

Aug 23 2018

Jalexander placed T201668: Requesting access to restricted production access and analytics-privatedata-users for Karen Brown up for grabs.
Aug 23 2018, 10:34 PM · Patch-For-Review, Operations, SRE-Access-Requests
Jalexander placed T202363: Requesting access to restricted production access and analytics-privatedata-users for Ty Hargrove up for grabs.
Aug 23 2018, 10:33 PM · Patch-For-Review, Operations, SRE-Access-Requests
Jalexander added a comment to T151910: Globally blocked users can still use Thanks.

Just for documentation purposes on here because I know some task readers were confused (others are not, it's just not clear in the writing :) ): Global blocks are IP based instead of user based so there are no "globally blocked users" in this case. This particular bug comes up when someone is editing on an (unblocked) local account but connecting via a globally blocked IP that is "hard" blocked (does not allow editing even when logged in unless you have the ip block exemption user right). Still should be fixed (and Roan and I chatted so i know he was fixing it with this in mind) just clarifying for the audience :).

Aug 23 2018, 4:58 AM · MW-1.32-release-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), Patch-For-Review, Growth-Team, Thanks, Security

Aug 22 2018

Jalexander closed T104729: Refactor private LCATools codebase to split repetitive code into classes and move modules that can be public onto Labs for others to use as Resolved.

What's the status of this now there's the new takedown tool?

Aug 22 2018, 10:07 PM · Wikimania-Hackathon-2015, Trust-and-Safety
Jalexander moved T199993: Indef blocked users can get information exposed per mail from Backlog to Security/Privacy on the Trust-and-Safety board.
Aug 22 2018, 10:05 PM · Patch-For-Review, MW-1.32-release-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), Growth-Team (Current Sprint), Trust-and-Safety, MediaWiki-User-management, Notifications, Security
Jalexander added a project to T199993: Indef blocked users can get information exposed per mail: Trust-and-Safety.
Aug 22 2018, 10:05 PM · Patch-For-Review, MW-1.32-release-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), Growth-Team (Current Sprint), Trust-and-Safety, MediaWiki-User-management, Notifications, Security
Jalexander created T202486: Requesting access to restricted production access and analytics-privatedata-users for Kalliope Tsouroupidou.
Aug 22 2018, 7:17 AM · Patch-For-Review, Operations, SRE-Access-Requests

Aug 21 2018

Jalexander updated the task description for T202362: Requesting access to restricted production access and analytics-privatedata-users for Samuel Guebo.
Aug 21 2018, 8:41 AM · Patch-For-Review, Operations, SRE-Access-Requests
Jalexander created T202363: Requesting access to restricted production access and analytics-privatedata-users for Ty Hargrove.
Aug 21 2018, 8:40 AM · Patch-For-Review, Operations, SRE-Access-Requests
Jalexander created T202362: Requesting access to restricted production access and analytics-privatedata-users for Samuel Guebo.
Aug 21 2018, 8:33 AM · Patch-For-Review, Operations, SRE-Access-Requests
Jalexander added a comment to T201667: Requesting access to restricted production access and analytics-privatedata-users for Patrick Earley .

Please note this task is currently blocked on @PEarleyWMF logging into their wikitech account to create the ldap entry (which is automatic upon their login.)

Until that time, this is unable to proceed.

Aug 21 2018, 3:53 AM · Operations, SRE-Access-Requests
Jalexander added a comment to T201668: Requesting access to restricted production access and analytics-privatedata-users for Karen Brown.

Please note that I'm now on clinic duty this week, so I need to confirm a few things. This task is currently blocked by @Kbrown logging into their wikitech account. Once they do so, we'll be able to check if the ldap user was created and can move from there.

Aug 21 2018, 3:53 AM · Patch-For-Review, Operations, SRE-Access-Requests

Aug 15 2018

Jalexander added a comment to T201668: Requesting access to restricted production access and analytics-privatedata-users for Karen Brown.

(Granted I obviously can't do that now for them when the account is already created... though I guess I could try to rename it away)

Aug 15 2018, 12:18 AM · Patch-For-Review, Operations, SRE-Access-Requests
Jalexander added a comment to T201668: Requesting access to restricted production access and analytics-privatedata-users for Karen Brown.

Did she log into wikitech and set a real password instead of the temporary one? That would populate user_password.

Yes-ish. I logged in and tried to set a real password, but got an error message (the exact content of which I have unfortunately forgotten, but I think it was something about the "authorization plugin"?), and now can't log in with either original temporary password OR the new password I tried to use.

Aug 15 2018, 12:17 AM · Patch-For-Review, Operations, SRE-Access-Requests

Aug 14 2018

Jalexander added a comment to T201668: Requesting access to restricted production access and analytics-privatedata-users for Karen Brown.

Note that "kbrown" is a username already taken in LDAP and it's KEVIN Brown, not Karen.

@Jalexander @Kbrown Could you please make a Wikitech/LDAP user (on https://wikitech.wikimedia.org) and let us know which one you picked?

Aug 14 2018, 5:00 PM · Patch-For-Review, Operations, SRE-Access-Requests
Jalexander added a comment to T201667: Requesting access to restricted production access and analytics-privatedata-users for Patrick Earley .

Hi @PEarleyWMF @Jalexander Could you please create a user on Wikitech/LDAP (https://wikitech.wikimedia.org/w/index.php?title=Special:CreateAccount&returnto=Main+Page) and let us know which user name you picked?

Aug 14 2018, 3:04 PM · Operations, SRE-Access-Requests

Aug 10 2018

Jalexander created T201668: Requesting access to restricted production access and analytics-privatedata-users for Karen Brown.
Aug 10 2018, 8:57 AM · Patch-For-Review, Operations, SRE-Access-Requests
Jalexander created T201667: Requesting access to restricted production access and analytics-privatedata-users for Patrick Earley .
Aug 10 2018, 8:53 AM · Operations, SRE-Access-Requests

Jul 30 2018

Jalexander added a comment to T104500: Old versions of sensitive user data (email, password hashes) can remain in database indefinitely due to local and global DB not being kept in sync.

See related security issue T179900 (which we've seen at least a couple independent complaints about so can be found)

Jul 30 2018, 10:40 PM · WMF-Legal, Privacy, MediaWiki-extensions-CentralAuth
Jalexander added a comment to T104500: Old versions of sensitive user data (email, password hashes) can remain in database indefinitely due to local and global DB not being kept in sync.

Pinging this because it's come up in a review of some of our privacy questions, it would be really good to try and find a way to resolve this. For me it's mostly the email question. A user who is removing or changing their email can understandably assume that they are removing the old version from our record and we tend to tell people this. Unfortunately this issue means that not only do they not realize that the email continues to exist elsewhere the ability to remove it is now out of their hands. If they go to another wiki and look at their preferences (for example) it will still say they don't have an email address set because the preferences are checking the global database.

Jul 30 2018, 10:31 PM · WMF-Legal, Privacy, MediaWiki-extensions-CentralAuth

Jul 11 2018

Jalexander closed T199231: Disable 2fa for Wikimedia account Alhen as Resolved.

This is done now, @Alhen please let us know if you run into any issues.

Jul 11 2018, 5:58 AM · Trust-and-Safety, Wikimedia-General-or-Unknown

Jul 10 2018

Jalexander added a comment to T199231: Disable 2fa for Wikimedia account Alhen.

I tried, but I have been unsuccessful so far, hence this request. I must have made a mistake when writing them down or something.

Jul 10 2018, 9:34 PM · Trust-and-Safety, Wikimedia-General-or-Unknown

Jul 3 2018

Jalexander added a comment to T198536: Password / email reset for user BrillLyle.

Hi there, So the browser login that was still working no longer works -- and I am no longer able to edit Wikipedia logged in a BrillLyle. Please, if anyone can help, I would really appreciate it. I would prefer not to have to register a new account. Thanks so much in advance. - Erika aka BrillLyle

Jul 3 2018, 4:07 PM · Trust-and-Safety, Wikimedia-Site-requests

Jun 21 2018

Jalexander added a comment to T197836: Takedown tool should use UTC everywhere (including datepicker).

Is the back end using UTC, maybe? If you were doing this after 00:00 UTC it might be confused. Just a hypothesis.

I think you're on to something. :)

FWIW it would be ideal if the tool still used UTC since all dates / times from the sites use UTC. Trying to mentally work that out into local time would be very confusing :)

Jun 21 2018, 5:09 PM · Anti-Harassment (AHT Sprint 27), Wikimedia-Takedown-Tools
Jalexander triaged T197838: Double File: on DMCA user warning template as Normal priority.
Jun 21 2018, 2:00 AM · Wikimedia-Takedown-Tools
Jalexander triaged T197836: Takedown tool should use UTC everywhere (including datepicker) as Normal priority.
Jun 21 2018, 2:00 AM · Anti-Harassment (AHT Sprint 27), Wikimedia-Takedown-Tools
Jalexander triaged T197837: Child Protection notices hitting error as High priority.

James, can you please set an appropriate priority for this and T197838 and T197836? Our SLA will be:
— UBN interrupts the current sprint
— High gets taken into our next sprint
— Normal (and lower) are ignored until a future focused improvement sprint

Jun 21 2018, 1:59 AM · Anti-Harassment (AHT Sprint 25), Wikimedia-Takedown-Tools

Jun 20 2018

Jalexander created T197838: Double File: on DMCA user warning template.
Jun 20 2018, 11:16 PM · Wikimedia-Takedown-Tools
Jalexander created T197837: Child Protection notices hitting error.
Jun 20 2018, 11:14 PM · Anti-Harassment (AHT Sprint 25), Wikimedia-Takedown-Tools
Jalexander created T197836: Takedown tool should use UTC everywhere (including datepicker).
Jun 20 2018, 11:11 PM · Anti-Harassment (AHT Sprint 27), Wikimedia-Takedown-Tools

Jun 2 2018

Jalexander raised the priority of T181570: Cannot specify deleted/suppressed pages in pages involved field from High to Unbreak Now!.
Jun 2 2018, 1:17 AM · Anti-Harassment (AHT Sprint 23), Wikimedia-Takedown-Tools
Jalexander added a comment to T181570: Cannot specify deleted/suppressed pages in pages involved field.

This task is under UBN status for nearly one month, is there any reason that without fixing this task, tool can't work well? If not, I would suggest to downgrade UBN to High or Normal.

@dbarratt ^^

Jun 2 2018, 1:16 AM · Anti-Harassment (AHT Sprint 23), Wikimedia-Takedown-Tools

May 30 2018

Jalexander awarded T195888: Create "vanish" option in Special:GlobalRenameRequest a Like token.
May 30 2018, 12:44 AM · Trust-and-Safety, Privacy, User-revi, MediaWiki-extensions-CentralAuth, GlobalRename

May 4 2018

Jalexander added a comment to T193769: Thousands of failed login attempts (wrong password).

Since the crack started, the CAPTCHA error rate was high.
However, at about 5/3 18:30 UTC, the CAPTCHA error rate suddenly falls (from almost 100% to a normal rate).
Guess: the cracker find a way to bypass the CAPTCHA check (e.g. proxies, fake IP's).

The reduction there is because of other mitigation techniques (not a bad thing)

May 4 2018, 3:44 AM · Security-Team

Mar 22 2018

Jalexander added a comment to T189943: Reveal email recipient's username in checkuser query results.

FTR (said in a call with the Stewards Tuesday but for the record) I'm going to be talking with Legal about this and will loop back once we're set there and/or have other questions.

Mar 22 2018, 8:50 PM · Security-team-backlog, WMF-Legal, Anti-Harassment, Privacy, CheckUser, Stewards-and-global-tools

Mar 21 2018

Jalexander triaged T181570: Cannot specify deleted/suppressed pages in pages involved field as High priority.

Assigning High so that it's first looked at if we have time for it since it makes the CP tool unusable (they are basically always deleted/suppressed already).

Mar 21 2018, 10:44 PM · Anti-Harassment (AHT Sprint 23), Wikimedia-Takedown-Tools

Feb 27 2018

RandomDSdevel awarded T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects a Mountain of Wealth token.
Feb 27 2018, 9:51 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter

Feb 22 2018

Jalexander added a comment to T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.

There are a few permission that should still be added to Ombudsman group [1], so they can see everything correctly. It was reported that one of them can't see the details of a log.

I would add:

  • abusefilter-hidden-log
  • abusefilter-log
  • abusefilter-log-detail
  • abusefilter-log-private

I could add if none opposes that.

[1] - https://meta.wikimedia.org/wiki/Special:GlobalGroupPermissions/ombudsman
These permission above are only for viewing and are already available to stewards.

Feb 22 2018, 8:41 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter

Feb 21 2018

Jalexander added a comment to T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.

I get "Originating IP address Not Available" on Wikispecies, when trying to use this function, and it doesnt come up in the Check user log.

Feb 21 2018, 4:49 AM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter
MusikAnimal awarded T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects a Love token.
Feb 21 2018, 1:16 AM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter

Feb 20 2018

Jalexander updated the task description for T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.
Feb 20 2018, 10:48 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter
Jalexander added a comment to T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.

This is approved from the Trust & Safety side now (and hence the WMF). @MarcoAurelio is doing the global changes now and submitting the local patch which I'll shepherd though SWAT this afternoon.

Feb 20 2018, 10:47 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter

Feb 16 2018

Jalexander updated the task description for T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.
Feb 16 2018, 9:36 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter
Jalexander added a comment to T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.

We're pretty much good, done a bit of testing and will do a bit more but should be ready to roll out a patch to give to CUs on Tuesday (US Holiday on Monday and I'd rather not launch with folks either on their weekend or going to it in case there are issues/questions).

Feb 16 2018, 9:35 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter
Jalexander added a comment to T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.

Grabbed this because in addition to walking through it with Aeryn tomorrow going to do some production testing from the SuSa side. Once we're all set I'll submit the patch to turn on for CUs etc. (assuming the old data purge stuff is set up? I believe that is now but will check on).

Feb 16 2018, 5:49 AM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter
Jalexander claimed T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.
Feb 16 2018, 5:39 AM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter

Feb 7 2018

Jalexander added a comment to T152934: Log accessing private information by those with 'abusefilter-private' permission.

@MarcoAurelio In my local wiki on a VM, I tested this code every time I submitted a new patch and it did log the data appropriately. I have no way to tell if there is a beta limitation involved or not. Do you think I could be temporarily given access to beta to test things out there?

Feb 7 2018, 11:35 PM · Epic, MW-1.31-release-notes (WMF-deploy-2018-02-13 (1.31.0-wmf.21)), Stewards-and-global-tools, Security-Team, AbuseFilter
Jalexander added a comment to T152934: Log accessing private information by those with 'abusefilter-private' permission.

@Huji I'm sure we can arrange that if @Jalexander is okay :)

Feb 7 2018, 11:33 PM · Epic, MW-1.31-release-notes (WMF-deploy-2018-02-13 (1.31.0-wmf.21)), Stewards-and-global-tools, Security-Team, AbuseFilter

Dec 20 2017

Jalexander closed T183329: Reset mailing list password for tawikisource as Resolved.

Done

Dec 20 2017, 6:06 AM · Wikimedia-Mailing-lists
Jalexander created T183329: Reset mailing list password for tawikisource.
Dec 20 2017, 6:00 AM · Wikimedia-Mailing-lists

Dec 15 2017

Jalexander added a comment to T182541: Update Wikimedia configuration to prevent some users from sending emails.

The patch looks good from SuSa's side. We'll also want to add it to a couple global groups but I've verified it's available and we do that on-wiki so I'll send a note to the Stewards to do that side.

Dec 15 2017, 8:34 PM · Anti-Harassment (AHT Sprint 12), Trust-and-Safety, Patch-For-Review, Wikimedia-Site-requests

Dec 9 2017

Jalexander closed T182373: Disable 2FA for EVinente as Resolved.

done :) thanks RadiX

Dec 9 2017, 12:11 AM · Trust-and-Safety, Wikimedia-Site-requests

Dec 8 2017

Jalexander claimed T182373: Disable 2FA for EVinente.
Dec 8 2017, 9:01 PM · Trust-and-Safety, Wikimedia-Site-requests

Nov 19 2017

Jalexander closed T180889: Disable 2FA for Ask21 as Resolved.

Thanks Marco, done. Verified with CUWiki

Nov 19 2017, 11:19 PM · Trust-and-Safety, Wikimedia-Site-requests

Sep 6 2017

Jalexander added a comment to T157761: use htpasswd instead of htdigest for arbcom archive passwords.

FTR this can get held off for now (or even just closed as rejected). We're transitioning away from Mailman for this list. Handling the archives that currently remain will be decided after.

Sep 6 2017, 6:46 PM · Operations

Sep 5 2017

Jalexander added members for acl*access-policy-approvers: Kbrown, jrbs.
Sep 5 2017, 4:57 PM

Aug 30 2017

Jalexander added a comment to T173475: Echo Notification Mute (Block List) can be bypassed by changing username.

Why is this not on gerrit...?

Aug 30 2017, 6:15 PM · MW-1.31-release-notes (WMF-deploy-2017-10-03 (1.31.0-wmf.2)), Anti-Harassment (AHT Sprint 6), Patch-For-Review, Security, Collaboration-Team-Triage, Notifications

Aug 24 2017

Jalexander added a comment to T173880: Database Error when Creating DMCA Takedown.

Thanks David, still got this though the file upload is definitely working now. For the error I'm filling in the the form for DMCA completely and so far have tried either not uploading a file, not sending to Lumen and Not posting to WMF Wiki and still getting the error (though the exact error adjusts since some things are no longer saved in the query). For simplicity writing down exactly what I'm using in case there is any weirdness that's causing it:

Aug 24 2017, 11:48 PM · Anti-Harassment (AHT Sprint 3), Wikimedia-Takedown-Tools

Jul 31 2017

Jalexander added a comment to T171430: Security Issue Access Request for Kbrown.

Hi all. @Jalexander, @Kbrown can you confirm than Karen has completed either an employee or volunteer NDA?

Jul 31 2017, 4:51 PM · Security

Jul 24 2017

Jalexander created T171430: Security Issue Access Request for Kbrown.
Jul 24 2017, 7:09 AM · Security

Jul 23 2017

Jalexander added a comment to T171405: Cannot suppress pages while deleting following change to page deletion interface.

@Jalexander: the workaround is to suppress the log event manually, no? Doesn't seem worth keeping private accordingly unless I am misunderstanding...

Jul 23 2017, 10:36 PM · MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)), Patch-For-Review, MediaWiki-Revision-deletion, Security-Core, Vuln-Infoleak, Regression, Security, MediaWiki-Page-deletion
Jalexander added a project to T171405: Cannot suppress pages while deleting following change to page deletion interface: Regression.
Jul 23 2017, 8:35 PM · MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)), Patch-For-Review, MediaWiki-Revision-deletion, Security-Core, Vuln-Infoleak, Regression, Security, MediaWiki-Page-deletion
Jalexander updated subscribers of T171405: Cannot suppress pages while deleting following change to page deletion interface.
Jul 23 2017, 8:26 PM · MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)), Patch-For-Review, MediaWiki-Revision-deletion, Security-Core, Vuln-Infoleak, Regression, Security, MediaWiki-Page-deletion
Jalexander set Security to security-bug on T171405: Cannot suppress pages while deleting following change to page deletion interface.

Pulling this in to the security zone because the attack vector it exposes.

Jul 23 2017, 8:23 PM · MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)), Patch-For-Review, MediaWiki-Revision-deletion, Security-Core, Vuln-Infoleak, Regression, Security, MediaWiki-Page-deletion

Jul 17 2017

Jalexander added a comment to T170878: Audit users and account expiry dates for stat boxes.

Still need on my end preferably without expiration. Biggest use is hive/beeline access for relatively routine subpoena/legal data gathering (one might need to happen today for example depending on what we decide at a meeting) and occasionally other T&S investigations when needed and approved (rare given the level of private data but important when needed).

Jul 17 2017, 10:18 PM · User-Elukey, Patch-For-Review, Analytics-Kanban, Analytics-Cluster

Jul 13 2017

Jalexander added a comment to T170601: Massive spam to -owner mailing lists from *@qq.com emails.

From https://wikitech.wikimedia.org/wiki/Mailman

Spam scores

The mailman UI supports this via the configuration variable header_filter_rules aka. 'Spam Filter Regexp' (description: Filter rules to match against the headers of a message.). See also https://www.gnu.org/software/mailman/mailman-admin/sender-filters.html

This can be found in the administrative interface in Privacy options...-> [Spam filters] -> Spam Filter Regexp (or visit directly the URL, replacing YOURLIST with your list name: https://lists.wikimedia.org/mailman/admin/YOURLIST/?VARHELP=privacy/spam/header_filter_rules ).

So someone from Operations has to check Spam Filter Regexp for each list ? Write a small script ?

Jul 13 2017, 7:44 PM · Wikimedia-Mailing-lists, Security

Jul 3 2017

Jalexander changed the status of T169543: Set up / identify Salesforce database for takedown tools from Open to Stalled.

This is going to be slightly stalled for a short time, the salesforce instance is still having it's final setup because we've been transferring over all of our data from Sugar. It should be done and available to be dealt with later this week. I'll see if I can scrounge up documentation to help in the meanwhile too :)

Jul 3 2017, 5:26 PM · Wikimedia-Takedown-Tools, Anti-Harassment
Jalexander changed the status of T169543: Set up / identify Salesforce database for takedown tools, a subtask of T167187: Epic ⚡️ : Implement DMCA and CP takedown report tools, from Open to Stalled.
Jul 3 2017, 5:26 PM · Anti-Harassment (AHT Sprint 8), Wikimedia-Takedown-Tools

Jun 29 2017

Jalexander updated subscribers of T169268: Limiting thanks for new users at pl.wikipedia.

@kaldari do you know if this is possible atm?

Jun 29 2017, 9:12 PM · Anti-Harassment (AHT Sprint 7), User-Urbanecm, Wikimedia-Site-requests, Trust-and-Safety, Collaboration-Team-Triage

Jun 22 2017

Jalexander added a comment to T167982: Reset credentials on Wikimedia SUL User:SJ81 bis.

@jrbs There's a script in MediaWiki core that allows resetting email and password for an account. If the problem is that you cannot be convinced by the evidence of the edit linked here that this account belongs to the requestor then I have no objections but if it is for technical restrictions then please have a look at resetUserEmail.php and changePassword.php.
Regards.

Jun 22 2017, 5:33 PM · Trust-and-Safety, Wikimedia-Site-requests

Jun 10 2017

Jalexander added a comment to T166400: Split out the 3 standalone tools from the DMCA toolbox and deploy them on tool labs .

Welp! doesn't need OAuth. https://meta.wikimedia.org/w/api.php?action=sitematrix&format=json

Honestly I think this should be rewritten as a SPA in JavaScript. :)

Jun 10 2017, 3:32 AM · Anti-Harassment (AHT Sprint 1), Community-Tech

Jun 5 2017

Jalexander added a comment to T167059: Mailing List Needed - Wiki Women Camp .

So I did this, and then noticed it was assigned to @Jalexander, my apologies if I shouldnt have processed this! (I normally would leave assigned tasks alone, I was just working on mailing list items and got carried away.)

Please note this list has now been created: https://lists.wikimedia.org/mailman/listinfo/wikiwomencamp. Please note the list description should be set more accurately by the list administrators.

The initial list admin password is only sent to the original list owner (kharold), not to everyone on the list. Additionally, the list is set to most permissive first, since it wasn't requested otherwise. So archives and list is public, but the list admins can lock that down easily enough.

Jun 5 2017, 9:34 PM · Wikimedia-Mailing-lists

Jun 1 2017

Jalexander added a comment to T46481: A cloned banner should copy translated messages to CNBanner.

Alright, fair enough. :) Thanks for the info. I'm just now having to clean up after a cloned banner so I might be a little jaded ;)

Jun 1 2017, 4:53 PM · I18n, MediaWiki-extensions-CentralNotice

May 30 2017

Jalexander created T166627: Internal error when you attempt to email a user you've blocked from Notifications.
May 30 2017, 10:15 PM · Anti-Harassment (AHT Sprint 1), MW-1.30-release-notes (WMF-deploy-2017-06-06_(1.30.0-wmf.4)), Patch-For-Review, Collaboration-Team-Triage (Collab-Team-Q4-Apr-Jun-2017), Trust-and-Safety, Notifications

May 25 2017

Jalexander added a comment to T159898: Investigate DMCA Takedown Form for requested updates.

Assuming we don't want to change that workflow, it probably means that we don't want to host the tool on Tool Labs. According to Bryan, its best to believe that anything in Tools can be seen by anyone else. There are only a small number of people with root access, but lots and lots of people have shell access and local root exploits are possible.

May 25 2017, 12:37 AM · Anti-Harassment (AHT Sprint 1), Community-Tech

May 24 2017

Jalexander added a comment to T159898: Investigate DMCA Takedown Form for requested updates.

... upload the offending image to the tool and it sends it to the National Center for Missing and Exploited Children

@Jalexander: Do you know if the images are stored locally to the file system (even temporarily)? If so, using Tool Labs might be risky.

May 24 2017, 10:15 PM · Anti-Harassment (AHT Sprint 1), Community-Tech
Jalexander added a comment to T159898: Investigate DMCA Takedown Form for requested updates.

Yeah, the OAuth info should not be an issue. That is all handled securely. I'm not sure I understand what James is saying about "offending images are uploaded/processed and sent externally for example and IP data is processed". @Jalexander, could you elaborate on that? When you say that images are uploaded/processed, where is that occurring? Are you uploading copies of the images into the tool itself? Or just referring to the copies on Commons? What do you mean by "sent externally"? Does the tool email a copy of the images to law enforcement? If so, we would need to double check who has access to the Tool Labs email server, but I don't imagine it would be a blocker. Mostly, we're worried about the tool storing its own copy of private/sensitive data. If that isn't happening, it's probably OK to host on Tool Labs.

May 24 2017, 9:58 PM · Anti-Harassment (AHT Sprint 1), Community-Tech

May 13 2017

Jalexander added a comment to T165213: Translate extension not working on Meta.

Meta is currently under script error. The error is Uncaught Error: Unknown dependency: mw.geoIP

May 13 2017, 4:25 AM · MediaWiki-extensions-Translate
Jalexander added a comment to T165213: Translate extension not working on Meta.

These both seem to be working now, not sure exactly what happened but I'm at least a bit nervous that it was me a couple hours ago :( ( in an attempt to fix some issues with a gadget I tried to set a dependency to solve a race condition https://meta.wikimedia.org/w/index.php?title=MediaWiki:Gadgets-definition&diff=16752348&oldid=16751393 ). Still don't think it "should" have caused everything else to fail but wouldn't be the most surprising thing.

May 13 2017, 4:23 AM · MediaWiki-extensions-Translate
Jalexander added a comment to T165213: Translate extension not working on Meta.

I'm having issues with Notifications on Meta (and not on other wikis) where the drop down doesn't come (instead it goes to Special:Notifications and hangs/fails. I'm wondering if there is a larger javascript issue on Meta which is causing it.

May 13 2017, 3:56 AM · MediaWiki-extensions-Translate

May 5 2017

Jalexander closed T163854: Create voter lists for Board & FDC Elections 2017 as Resolved.

resolving, was completed earlier

May 5 2017, 7:47 PM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), MW-1.29-release (WMF-deploy-2017-04-11_(1.29.0-wmf.20)), Elections

Apr 27 2017

Jalexander created T164043: SecurePoll requiring property_wiki for global elections.
Apr 27 2017, 11:13 PM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), Patch-For-Review, MediaWiki-extensions-SecurePoll
Jalexander updated the task description for T163854: Create voter lists for Board & FDC Elections 2017.
Apr 27 2017, 2:23 AM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), MW-1.29-release (WMF-deploy-2017-04-11_(1.29.0-wmf.20)), Elections
Jalexander removed a project from T163854: Create voter lists for Board & FDC Elections 2017: Patch-For-Review.
Apr 27 2017, 2:20 AM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), MW-1.29-release (WMF-deploy-2017-04-11_(1.29.0-wmf.20)), Elections

Apr 25 2017

Jalexander created T163854: Create voter lists for Board & FDC Elections 2017.
Apr 25 2017, 10:37 PM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), MW-1.29-release (WMF-deploy-2017-04-11_(1.29.0-wmf.20)), Elections

Apr 20 2017

Jalexander awarded T162981: Create edit confirmation checkbox gadget for VisualEditor a Love token.
Apr 20 2017, 5:27 PM · User-Ryasmeen, MediaWiki-Page-editing, VisualEditor, Trust-and-Safety

Apr 18 2017

Jalexander added a comment to T163260: Security Issue Access Request for matanya.

For the record I'd support Matanya in this as someone who can be really useful to have insight and input into Security/private cases.

Apr 18 2017, 9:11 PM · Security

Apr 5 2017

Jalexander added a comment to T162096: Potential abuse of MW Cookie Blocks.

This is f***ing unbelievable!

Apr 5 2017, 11:13 PM · Community-Tech, MediaWiki-General-or-Unknown, Security

Mar 23 2017

Jalexander changed the visibility for T157883: Blocked users should not be allowed to run checkuser queries.
Mar 23 2017, 11:56 PM · Security, Stewards-and-global-tools, CheckUser
Jalexander closed T158590: General confidentiality agreement translation in German (L9) has a mistake as Resolved.

Done

Mar 23 2017, 9:49 PM · Access-Policy
Jalexander claimed T158590: General confidentiality agreement translation in German (L9) has a mistake.

Sorry for the delay, I'm the one who understands the setup the most but the massive amounts of Phab emails I get mean that it's fairly easy for me to miss any pings unless I get a poke elsewhere. I've verified the request and am making the change now.

Mar 23 2017, 9:48 PM · Access-Policy

Feb 17 2017

Jalexander removed a member for Trust-and-Safety: Philippe-WMF.
Feb 17 2017, 12:58 AM
Jalexander added members for Trust-and-Safety: PEarleyWMF, jrbs, Fluffernutter, Kalliope, JanWMF.
Feb 17 2017, 12:58 AM

Feb 8 2017

Jalexander added a comment to T157500: Query percentage of English Wikipedia admins without 2FA.

Ugh. How would we even query this? Either it's a query across multiple dbservers to get to the centralauth db...

Or we do it on user preferences? Else writing a maintenance script

I think it's reasonable to do; it doesn't show any personally identifiable data

@Jalexander Any comments from your end about "releasing"/publicising this information if we get it? :)

Feb 8 2017, 7:39 PM · Security

Feb 3 2017

Jalexander added a comment to T157097: New Usernames/Passwords for arbcom archive access.

"Casliber" does not exist as a current user. The others listed as needing a reset do. I'll create that as a new user then. ?

Feb 3 2017, 2:32 AM · Operations
Jalexander placed T157097: New Usernames/Passwords for arbcom archive access up for grabs.
Feb 3 2017, 1:52 AM · Operations
Jalexander created T157097: New Usernames/Passwords for arbcom archive access.
Feb 3 2017, 1:51 AM · Operations

Jan 29 2017

Jalexander reopened T131766: Create acl*stewards as "Open".

I'm going to reopen this rather then creating a new one (or not) in order to allow people to wave their hands and call me crazy as needed given that it was previously declined. I'd like to (and currently plan to barring good reason not to) create this acl in order to allow it to be added as managers on the Confidentiality Agreements (the only way they're able to see signatures) so that they're able to quickly and efficiently process requests for access on meta without waiting on staff.

Jan 29 2017, 12:09 AM · RelEng-Archive-FY201718-Q1, WMF-Legal, Phabricator, Stewards-and-global-tools, Project-Admins