Jalexander (James Alexander)Administrator
Trust & Safety (also chocolates)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Oct 9 2014, 9:41 AM (192 w, 4 d)
Roles
Administrator
Availability
Available
IRC Nick
Jamesofur
LDAP User
Jalexander
MediaWiki User
Jalexander-WMF

Recent Activity

Sat, Jun 2

Jalexander raised the priority of T181570: Cannot specify deleted/suppressed pages in pages involved field from High to Unbreak Now!.
Sat, Jun 2, 1:17 AM · Anti-Harassment (AHT Sprint 23), Wikimedia-Takedown-Tools
Jalexander added a comment to T181570: Cannot specify deleted/suppressed pages in pages involved field.

This task is under UBN status for nearly one month, is there any reason that without fixing this task, tool can't work well? If not, I would suggest to downgrade UBN to High or Normal.

@dbarratt ^^

Sat, Jun 2, 1:16 AM · Anti-Harassment (AHT Sprint 23), Wikimedia-Takedown-Tools

Wed, May 30

Jalexander awarded T195888: Create "vanish" option in Special:GlobalRenameRequest a Like token.
Wed, May 30, 12:44 AM · Trust-and-Safety, Privacy, User-revi, GlobalRename, MediaWiki-extensions-CentralAuth

May 4 2018

Jalexander added a comment to T193769: Thousands of failed login attempts (wrong password).

Since the crack started, the CAPTCHA error rate was high.
However, at about 5/3 18:30 UTC, the CAPTCHA error rate suddenly falls (from almost 100% to a normal rate).
Guess: the cracker find a way to bypass the CAPTCHA check (e.g. proxies, fake IP's).

The reduction there is because of other mitigation techniques (not a bad thing)

May 4 2018, 3:44 AM · Security-Team

Mar 22 2018

Jalexander added a comment to T189943: Reveal email recipient's username in checkuser query results.

FTR (said in a call with the Stewards Tuesday but for the record) I'm going to be talking with Legal about this and will loop back once we're set there and/or have other questions.

Mar 22 2018, 8:50 PM · Anti-Harassment, Privacy, Security-Team, CheckUser, Stewards-and-global-tools

Mar 21 2018

Jalexander triaged T181570: Cannot specify deleted/suppressed pages in pages involved field as High priority.

Assigning High so that it's first looked at if we have time for it since it makes the CP tool unusable (they are basically always deleted/suppressed already).

Mar 21 2018, 10:44 PM · Anti-Harassment (AHT Sprint 23), Wikimedia-Takedown-Tools

Feb 27 2018

RandomDSdevel awarded T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects a Mountain of Wealth token.
Feb 27 2018, 9:51 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter

Feb 22 2018

Jalexander added a comment to T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.

There are a few permission that should still be added to Ombudsman group [1], so they can see everything correctly. It was reported that one of them can't see the details of a log.

I would add:

  • abusefilter-hidden-log
  • abusefilter-log
  • abusefilter-log-detail
  • abusefilter-log-private

I could add if none opposes that.

[1] - https://meta.wikimedia.org/wiki/Special:GlobalGroupPermissions/ombudsman
These permission above are only for viewing and are already available to stewards.

Feb 22 2018, 8:41 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter

Feb 21 2018

Jalexander added a comment to T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.

I get "Originating IP address Not Available" on Wikispecies, when trying to use this function, and it doesnt come up in the Check user log.

Feb 21 2018, 4:49 AM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter
MusikAnimal awarded T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects a Love token.
Feb 21 2018, 1:16 AM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter

Feb 20 2018

Jalexander updated the task description for T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.
Feb 20 2018, 10:48 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter
Jalexander added a comment to T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.

This is approved from the Trust & Safety side now (and hence the WMF). @MarcoAurelio is doing the global changes now and submitting the local patch which I'll shepherd though SWAT this afternoon.

Feb 20 2018, 10:47 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter

Feb 16 2018

Jalexander updated the task description for T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.
Feb 16 2018, 9:36 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter
Jalexander added a comment to T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.

We're pretty much good, done a bit of testing and will do a bit more but should be ready to roll out a patch to give to CUs on Tuesday (US Holiday on Monday and I'd rather not launch with folks either on their weekend or going to it in case there are issues/questions).

Feb 16 2018, 9:35 PM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter
Jalexander added a comment to T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.

Grabbed this because in addition to walking through it with Aeryn tomorrow going to do some production testing from the SuSa side. Once we're all set I'll submit the patch to turn on for CUs etc. (assuming the old data purge stuff is set up? I believe that is now but will check on).

Feb 16 2018, 5:49 AM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter
Jalexander claimed T160357: Allow those with CheckUser right to access AbuseLog private information on WMF projects.
Feb 16 2018, 5:39 AM · User-notice, WMF-Legal, Wikimedia-Site-requests, Stewards-and-global-tools, Security-Team, AbuseFilter

Feb 7 2018

Jalexander added a comment to T152934: Log accessing private information by those with 'abusefilter-private' permission.

@MarcoAurelio In my local wiki on a VM, I tested this code every time I submitted a new patch and it did log the data appropriately. I have no way to tell if there is a beta limitation involved or not. Do you think I could be temporarily given access to beta to test things out there?

Feb 7 2018, 11:35 PM · Epic, MW-1.31-release-notes (WMF-deploy-2018-02-13 (1.31.0-wmf.21)), Stewards-and-global-tools, Security-Team, AbuseFilter
Jalexander added a comment to T152934: Log accessing private information by those with 'abusefilter-private' permission.

@Huji I'm sure we can arrange that if @Jalexander is okay :)

Feb 7 2018, 11:33 PM · Epic, MW-1.31-release-notes (WMF-deploy-2018-02-13 (1.31.0-wmf.21)), Stewards-and-global-tools, Security-Team, AbuseFilter

Dec 20 2017

Jalexander closed T183329: Reset mailing list password for tawikisource as Resolved.

Done

Dec 20 2017, 6:06 AM · Wikimedia-Mailing-lists
Jalexander created T183329: Reset mailing list password for tawikisource.
Dec 20 2017, 6:00 AM · Wikimedia-Mailing-lists

Dec 15 2017

Jalexander added a comment to T182541: Update Wikimedia configuration to prevent some users from sending emails.

The patch looks good from SuSa's side. We'll also want to add it to a couple global groups but I've verified it's available and we do that on-wiki so I'll send a note to the Stewards to do that side.

Dec 15 2017, 8:34 PM · Anti-Harassment (AHT Sprint 12), Trust-and-Safety, Patch-For-Review, Wikimedia-Site-requests

Dec 9 2017

Jalexander closed T182373: Disable 2FA for EVinente as Resolved.

done :) thanks RadiX

Dec 9 2017, 12:11 AM · Trust-and-Safety, Wikimedia-Site-requests

Dec 8 2017

Jalexander claimed T182373: Disable 2FA for EVinente.
Dec 8 2017, 9:01 PM · Trust-and-Safety, Wikimedia-Site-requests

Nov 19 2017

Jalexander closed T180889: Disable 2FA for Ask21 as Resolved.

Thanks Marco, done. Verified with CUWiki

Nov 19 2017, 11:19 PM · Trust-and-Safety, Wikimedia-Site-requests

Sep 6 2017

Jalexander added a comment to T157761: use htpasswd instead of htdigest for arbcom archive passwords.

FTR this can get held off for now (or even just closed as rejected). We're transitioning away from Mailman for this list. Handling the archives that currently remain will be decided after.

Sep 6 2017, 6:46 PM · Operations

Sep 5 2017

Jalexander added members for acl*access-policy-approvers: Kbrown, jrbs.
Sep 5 2017, 4:57 PM

Aug 30 2017

Jalexander added a comment to T173475: Echo Notification Mute (Block List) can be bypassed by changing username.

Why is this not on gerrit...?

Aug 30 2017, 6:15 PM · MW-1.31-release-notes (WMF-deploy-2017-10-03 (1.31.0-wmf.2)), Anti-Harassment (AHT Sprint 6), Patch-For-Review, Security, Notifications, Collaboration-Team-Triage

Aug 24 2017

Jalexander added a comment to T173880: Database Error when Creating DMCA Takedown.

Thanks David, still got this though the file upload is definitely working now. For the error I'm filling in the the form for DMCA completely and so far have tried either not uploading a file, not sending to Lumen and Not posting to WMF Wiki and still getting the error (though the exact error adjusts since some things are no longer saved in the query). For simplicity writing down exactly what I'm using in case there is any weirdness that's causing it:

Aug 24 2017, 11:48 PM · Anti-Harassment (AHT Sprint 3), Wikimedia-Takedown-Tools

Jul 31 2017

Jalexander added a comment to T171430: Security Issue Access Request for Kbrown.

Hi all. @Jalexander, @Kbrown can you confirm than Karen has completed either an employee or volunteer NDA?

Jul 31 2017, 4:51 PM · Security

Jul 24 2017

Jalexander created T171430: Security Issue Access Request for Kbrown.
Jul 24 2017, 7:09 AM · Security

Jul 23 2017

Jalexander added a comment to T171405: Cannot suppress pages while deleting following change to page deletion interface.

@Jalexander: the workaround is to suppress the log event manually, no? Doesn't seem worth keeping private accordingly unless I am misunderstanding...

Jul 23 2017, 10:36 PM · MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)), Patch-For-Review, MediaWiki-Revision-deletion, Security-Core, Vuln-Infoleak, Regression, Security, MediaWiki-Page-deletion
Jalexander added a project to T171405: Cannot suppress pages while deleting following change to page deletion interface: Regression.
Jul 23 2017, 8:35 PM · MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)), Patch-For-Review, MediaWiki-Revision-deletion, Security-Core, Vuln-Infoleak, Regression, Security, MediaWiki-Page-deletion
Jalexander updated subscribers of T171405: Cannot suppress pages while deleting following change to page deletion interface.
Jul 23 2017, 8:26 PM · MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)), Patch-For-Review, MediaWiki-Revision-deletion, Security-Core, Vuln-Infoleak, Regression, Security, MediaWiki-Page-deletion
Jalexander set Security to security-bug on T171405: Cannot suppress pages while deleting following change to page deletion interface.

Pulling this in to the security zone because the attack vector it exposes.

Jul 23 2017, 8:23 PM · MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)), Patch-For-Review, MediaWiki-Revision-deletion, Security-Core, Vuln-Infoleak, Regression, Security, MediaWiki-Page-deletion

Jul 17 2017

Jalexander added a comment to T170878: Audit users and account expiry dates for stat boxes.

Still need on my end preferably without expiration. Biggest use is hive/beeline access for relatively routine subpoena/legal data gathering (one might need to happen today for example depending on what we decide at a meeting) and occasionally other T&S investigations when needed and approved (rare given the level of private data but important when needed).

Jul 17 2017, 10:18 PM · User-Elukey, Patch-For-Review, Analytics-Kanban, Analytics-Cluster

Jul 13 2017

Jalexander added a comment to T170601: Massive spam to -owner mailing lists from *@qq.com emails.

From https://wikitech.wikimedia.org/wiki/Mailman

Spam scores

The mailman UI supports this via the configuration variable header_filter_rules aka. 'Spam Filter Regexp' (description: Filter rules to match against the headers of a message.). See also https://www.gnu.org/software/mailman/mailman-admin/sender-filters.html

This can be found in the administrative interface in Privacy options...-> [Spam filters] -> Spam Filter Regexp (or visit directly the URL, replacing YOURLIST with your list name: https://lists.wikimedia.org/mailman/admin/YOURLIST/?VARHELP=privacy/spam/header_filter_rules ).

So someone from Operations has to check Spam Filter Regexp for each list ? Write a small script ?

Jul 13 2017, 7:44 PM · Wikimedia-Mailing-lists, Security

Jul 3 2017

Jalexander changed the status of T169543: Set up / identify Salesforce database for takedown tools from Open to Stalled.

This is going to be slightly stalled for a short time, the salesforce instance is still having it's final setup because we've been transferring over all of our data from Sugar. It should be done and available to be dealt with later this week. I'll see if I can scrounge up documentation to help in the meanwhile too :)

Jul 3 2017, 5:26 PM · Wikimedia-Takedown-Tools, Anti-Harassment
Jalexander changed the status of T169543: Set up / identify Salesforce database for takedown tools, a subtask of T167187: Epic ⚡️ : Implement DMCA and CP takedown report tools, from Open to Stalled.
Jul 3 2017, 5:26 PM · Anti-Harassment (AHT Sprint 8), Wikimedia-Takedown-Tools

Jun 29 2017

Jalexander updated subscribers of T169268: Limiting thanks for new users at pl.wikipedia.

@kaldari do you know if this is possible atm?

Jun 29 2017, 9:12 PM · Anti-Harassment (AHT Sprint 7), User-Urbanecm, Wikimedia-Site-requests, Collaboration-Team-Triage, Trust-and-Safety

Jun 22 2017

Jalexander added a comment to T167982: Reset credentials on Wikimedia SUL User:SJ81 bis.

@jrbs There's a script in MediaWiki core that allows resetting email and password for an account. If the problem is that you cannot be convinced by the evidence of the edit linked here that this account belongs to the requestor then I have no objections but if it is for technical restrictions then please have a look at resetUserEmail.php and changePassword.php.
Regards.

Jun 22 2017, 5:33 PM · Trust-and-Safety, Wikimedia-Site-requests

Jun 10 2017

Jalexander added a comment to T166400: Split out the 3 standalone tools from the DMCA toolbox and deploy them on tool labs .

Welp! doesn't need OAuth. https://meta.wikimedia.org/w/api.php?action=sitematrix&format=json

Honestly I think this should be rewritten as a SPA in JavaScript. :)

Jun 10 2017, 3:32 AM · Anti-Harassment (AHT Sprint 1), Community-Tech

Jun 5 2017

Jalexander added a comment to T167059: Mailing List Needed - Wiki Women Camp .

So I did this, and then noticed it was assigned to @Jalexander, my apologies if I shouldnt have processed this! (I normally would leave assigned tasks alone, I was just working on mailing list items and got carried away.)

Please note this list has now been created: https://lists.wikimedia.org/mailman/listinfo/wikiwomencamp. Please note the list description should be set more accurately by the list administrators.

The initial list admin password is only sent to the original list owner (kharold), not to everyone on the list. Additionally, the list is set to most permissive first, since it wasn't requested otherwise. So archives and list is public, but the list admins can lock that down easily enough.

Jun 5 2017, 9:34 PM · Wikimedia-Mailing-lists

Jun 1 2017

Jalexander added a comment to T46481: A cloned banner should copy translated messages to CNBanner.

Alright, fair enough. :) Thanks for the info. I'm just now having to clean up after a cloned banner so I might be a little jaded ;)

Jun 1 2017, 4:53 PM · I18n, MediaWiki-extensions-CentralNotice

May 30 2017

Jalexander created T166627: Internal error when you attempt to email a user you've blocked from Notifications.
May 30 2017, 10:15 PM · Anti-Harassment (AHT Sprint 1), MW-1.30-release-notes (WMF-deploy-2017-06-06_(1.30.0-wmf.4)), Patch-For-Review, Collaboration-Team-Triage (Collab-Team-Q4-Apr-Jun-2017), Trust-and-Safety, Notifications

May 25 2017

Jalexander added a comment to T159898: Investigate DMCA Takedown Form for requested updates.

Assuming we don't want to change that workflow, it probably means that we don't want to host the tool on Tool Labs. According to Bryan, its best to believe that anything in Tools can be seen by anyone else. There are only a small number of people with root access, but lots and lots of people have shell access and local root exploits are possible.

May 25 2017, 12:37 AM · Anti-Harassment (AHT Sprint 1), Community-Tech

May 24 2017

Jalexander added a comment to T159898: Investigate DMCA Takedown Form for requested updates.

... upload the offending image to the tool and it sends it to the National Center for Missing and Exploited Children

@Jalexander: Do you know if the images are stored locally to the file system (even temporarily)? If so, using Tool Labs might be risky.

May 24 2017, 10:15 PM · Anti-Harassment (AHT Sprint 1), Community-Tech
Jalexander added a comment to T159898: Investigate DMCA Takedown Form for requested updates.

Yeah, the OAuth info should not be an issue. That is all handled securely. I'm not sure I understand what James is saying about "offending images are uploaded/processed and sent externally for example and IP data is processed". @Jalexander, could you elaborate on that? When you say that images are uploaded/processed, where is that occurring? Are you uploading copies of the images into the tool itself? Or just referring to the copies on Commons? What do you mean by "sent externally"? Does the tool email a copy of the images to law enforcement? If so, we would need to double check who has access to the Tool Labs email server, but I don't imagine it would be a blocker. Mostly, we're worried about the tool storing its own copy of private/sensitive data. If that isn't happening, it's probably OK to host on Tool Labs.

May 24 2017, 9:58 PM · Anti-Harassment (AHT Sprint 1), Community-Tech

May 13 2017

Jalexander added a comment to T165213: Translate extension not working on Meta.

Meta is currently under script error. The error is Uncaught Error: Unknown dependency: mw.geoIP

May 13 2017, 4:25 AM · MediaWiki-extensions-Translate
Jalexander added a comment to T165213: Translate extension not working on Meta.

These both seem to be working now, not sure exactly what happened but I'm at least a bit nervous that it was me a couple hours ago :( ( in an attempt to fix some issues with a gadget I tried to set a dependency to solve a race condition https://meta.wikimedia.org/w/index.php?title=MediaWiki:Gadgets-definition&diff=16752348&oldid=16751393 ). Still don't think it "should" have caused everything else to fail but wouldn't be the most surprising thing.

May 13 2017, 4:23 AM · MediaWiki-extensions-Translate
Jalexander added a comment to T165213: Translate extension not working on Meta.

I'm having issues with Notifications on Meta (and not on other wikis) where the drop down doesn't come (instead it goes to Special:Notifications and hangs/fails. I'm wondering if there is a larger javascript issue on Meta which is causing it.

May 13 2017, 3:56 AM · MediaWiki-extensions-Translate

May 5 2017

Jalexander closed T163854: Create voter lists for Board & FDC Elections 2017 as Resolved.

resolving, was completed earlier

May 5 2017, 7:47 PM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), MW-1.29-release (WMF-deploy-2017-04-11_(1.29.0-wmf.20)), Elections

Apr 27 2017

Jalexander created T164043: SecurePoll requiring property_wiki for global elections.
Apr 27 2017, 11:13 PM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), Patch-For-Review, MediaWiki-extensions-SecurePoll
Jalexander updated the task description for T163854: Create voter lists for Board & FDC Elections 2017.
Apr 27 2017, 2:23 AM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), MW-1.29-release (WMF-deploy-2017-04-11_(1.29.0-wmf.20)), Elections
Jalexander removed a project from T163854: Create voter lists for Board & FDC Elections 2017: Patch-For-Review.
Apr 27 2017, 2:20 AM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), MW-1.29-release (WMF-deploy-2017-04-11_(1.29.0-wmf.20)), Elections

Apr 25 2017

Jalexander created T163854: Create voter lists for Board & FDC Elections 2017.
Apr 25 2017, 10:37 PM · MW-1.30-release-notes (WMF-deploy-2017-05-09_(1.30.0-wmf.1)), MW-1.29-release (WMF-deploy-2017-04-11_(1.29.0-wmf.20)), Elections

Apr 20 2017

Jalexander awarded T162981: Create edit confirmation checkbox gadget for VisualEditor a Love token.
Apr 20 2017, 5:27 PM · User-Ryasmeen, MediaWiki-Page-editing, VisualEditor, Trust-and-Safety

Apr 18 2017

Jalexander added a comment to T163260: Security Issue Access Request for matanya.

For the record I'd support Matanya in this as someone who can be really useful to have insight and input into Security/private cases.

Apr 18 2017, 9:11 PM · Security

Apr 5 2017

Jalexander added a comment to T162096: Potential abuse of MW Cookie Blocks.

This is f***ing unbelievable!

Apr 5 2017, 11:13 PM · Community-Tech, MediaWiki-General-or-Unknown, Security

Mar 23 2017

Jalexander changed the visibility for T157883: Blocked users should not be allowed to run checkuser queries.
Mar 23 2017, 11:56 PM · Security, Stewards-and-global-tools, CheckUser
Jalexander closed T158590: General confidentiality agreement translation in German (L9) has a mistake as Resolved.

Done

Mar 23 2017, 9:49 PM · Access-Policy
Jalexander claimed T158590: General confidentiality agreement translation in German (L9) has a mistake.

Sorry for the delay, I'm the one who understands the setup the most but the massive amounts of Phab emails I get mean that it's fairly easy for me to miss any pings unless I get a poke elsewhere. I've verified the request and am making the change now.

Mar 23 2017, 9:48 PM · Access-Policy

Feb 17 2017

Jalexander removed a member for Trust-and-Safety: Philippe-WMF.
Feb 17 2017, 12:58 AM
Jalexander added members for Trust-and-Safety: PEarleyWMF, jrbs, Fluffernutter, Kalliope, JanWMF.
Feb 17 2017, 12:58 AM

Feb 8 2017

Jalexander added a comment to T157500: Query percentage of English Wikipedia admins without 2FA.

Ugh. How would we even query this? Either it's a query across multiple dbservers to get to the centralauth db...

Or we do it on user preferences? Else writing a maintenance script

I think it's reasonable to do; it doesn't show any personally identifiable data

@Jalexander Any comments from your end about "releasing"/publicising this information if we get it? :)

Feb 8 2017, 7:39 PM · Security-Team

Feb 3 2017

Jalexander added a comment to T157097: New Usernames/Passwords for arbcom archive access.

"Casliber" does not exist as a current user. The others listed as needing a reset do. I'll create that as a new user then. ?

Feb 3 2017, 2:32 AM · Operations
Jalexander placed T157097: New Usernames/Passwords for arbcom archive access up for grabs.
Feb 3 2017, 1:52 AM · Operations
Jalexander created T157097: New Usernames/Passwords for arbcom archive access.
Feb 3 2017, 1:51 AM · Operations

Jan 29 2017

Jalexander reopened T131766: Create acl*stewards as "Open".

I'm going to reopen this rather then creating a new one (or not) in order to allow people to wave their hands and call me crazy as needed given that it was previously declined. I'd like to (and currently plan to barring good reason not to) create this acl in order to allow it to be added as managers on the Confidentiality Agreements (the only way they're able to see signatures) so that they're able to quickly and efficiently process requests for access on meta without waiting on staff.

Jan 29 2017, 12:09 AM · RelEng-Archive-FY201718-Q1, WMF-Legal, Phabricator, Stewards-and-global-tools, Project-Admins

Jan 21 2017

Jalexander closed T155858: Create project for Media-Reports tool as Resolved.

Created at media-reports-tool

Jan 21 2017, 12:02 AM · Project-Admins

Jan 20 2017

Jalexander created media-reports-tool.
Jan 20 2017, 11:58 PM
Jalexander added a comment to T155858: Create project for Media-Reports tool.

Yeah, I think that in this case media-reports-tool may end up being best, we'd try to avoid using -tool as a common word usually but I worry that media reports has too many other possible meanings (such as the report the tool is designed to help create) and would be confusing otherwise.

Jan 20 2017, 11:50 PM · Project-Admins

Jan 5 2017

Jalexander closed T154640: Password reset for wikimedia-medicine mailing list as Resolved.

New password emailed to both registered list admins :)

Jan 5 2017, 5:25 AM · Wikimedia-Mailing-lists

Dec 21 2016

Jalexander set the image for acl*access-policy-approvers to F5127108: fa-lock-red.png.
Dec 21 2016, 5:30 PM

Dec 20 2016

Jalexander added a hashtag to acl*access-policy-approvers: #acl_access-policy-approvers.
Dec 20 2016, 2:52 PM
Jalexander changed the edit policy for acl*otrs-admins.
Dec 20 2016, 2:30 PM
Jalexander renamed acl*access-policy-approvers from Access Policy - Approvers to acl*access-policy-approvers.
Dec 20 2016, 2:13 PM
Jalexander added members for acl*otrs-admins: Matthewrbowker, Rjd0060, Emufarmers.
Dec 20 2016, 2:12 PM
Jalexander renamed acl*access-policy-approvers from acl*access-policy-approvers to Access Policy - Approvers.
Dec 20 2016, 2:11 PM
Jalexander created acl*otrs-admins.
Dec 20 2016, 2:08 PM
Jalexander closed T146015: The project Access Policy - Approvers should be acl* instead as Resolved.
Dec 20 2016, 1:56 PM · Project-Admins, Phabricator
Jalexander renamed acl*access-policy-approvers from Access Policy - Approvers to acl*access-policy-approvers.
Dec 20 2016, 1:56 PM
Jalexander claimed T153586: Create acl*otrs-admins.
Dec 20 2016, 1:12 PM · Phabricator

Dec 19 2016

Jalexander added a comment to T153586: Create acl*otrs-admins.

Approval from the SuSa/Legal side is already done, the NDA discussed is the OTRS version of the Confidentiality agreement for nonpublic information and the OTRS administrators having access tot he signatures was always planned. I can set up the ACL myself (to work similarly to the one we use for SuSa staff and the main agreement) if easiest.

Dec 19 2016, 7:02 PM · Phabricator

Dec 14 2016

Jalexander added a comment to T133109: Add basic abuse prevention to UrlShortener.

Also: How hard is it to deactivate a url if worst comes to worst? Is it just a db row being dropped (or changed) or is it something more massively pita?

Dec 14 2016, 4:24 AM · Patch-For-Review, MediaWiki-extensions-UrlShortener
Jalexander added a comment to T133109: Add basic abuse prevention to UrlShortener.

yeah, I think a rate limit could prevent the biggest amount of this. That makes it a lot harder to try and force a problematic, specific, url to use. 10 per 2 is probably ok for anon/newbie (building it in allows us to adjust if we see people trying to abuse anyway). Honestly for users without rate limit exemption (or higher limits in general) I would think it doesn't need to be set crazy high either (50-100?) but could certainly be higher then 10.

Dec 14 2016, 4:21 AM · Patch-For-Review, MediaWiki-extensions-UrlShortener

Dec 8 2016

Jalexander added a project to T152588: Whitelist TSG for account creation: Trust-and-Safety.

The prefix will be "tsgqa."

Dec 8 2016, 2:11 AM · Trust-and-Safety, Patch-For-Review, Reading-Admin, Wikimedia-Site-requests

Dec 2 2016

Jalexander closed T151293: Need new listadmin password for irc-contacts mailing list as Resolved.

New PW sent to all current admins.

Dec 2 2016, 11:40 PM · Wikimedia-Mailing-lists
Jalexander added a comment to T151293: Need new listadmin password for irc-contacts mailing list.

Yeah, no one seems to have the password at the moment.. hence the request. :)

Dec 2 2016, 11:37 PM · Wikimedia-Mailing-lists

Nov 30 2016

Jalexander added a comment to T151966: Password recovery blocked from the WMF office.

If IPs are blocked then blocking password resets from that IP makes sense given the history of abuse there. That said:

Nov 30 2016, 6:33 PM · Security

Nov 22 2016

Jalexander added a comment to T151293: Need new listadmin password for irc-contacts mailing list.

Have you lost the current one and need to change it or have all admins lost the old one now?

Nov 22 2016, 9:47 PM · Wikimedia-Mailing-lists

Oct 18 2016

Jalexander added projects to T148588: Echo notified of two emails to me, neither email has arrived yet: MediaWiki-Email, Operations.

Adding ops for now because it seems like it could be something stuck on the server side but may not be.

Oct 18 2016, 9:00 PM · Mail

Oct 17 2016

Jalexander added a comment to T148352: Default language of votewiki set to Persian (fa) for anonymous users. Change to English (en).

Yeah, thanks for switching it back, it would have been done before the next election just wasn't yet because there hadn't been any reason to (was waiting until we were setting up the next cycle).

Oct 17 2016, 1:57 AM · Patch-For-Review, Wikimedia-Site-requests

Aug 23 2016

Jalexander added a comment to T143593: Fork NYPL emoji bot for Commons images (to give back 'similar' Commons images).

Well the first thing you could do would be to crowd source it from Wikipedia ;) one of my favorite little tricks is that you can already search for many emoji since redirects are set up for many of them (and you should be able to relatively trivially do a search on the emoji and see if a direct result comes up)

Aug 23 2016, 7:57 AM · Google-Summer-of-Code (2018), Commons, Possible-Tech-Projects

Aug 2 2016

Jalexander added a comment to T133901: Hebrew Wikipedia abuse filter is blocking global-flow-create moves.

Ok.... we can try to experiment a bit more and you may want to ask around on IRC. Im happy to grant whatever rights are required for you to do this but this may not be a rights issue, you have every right you should need and so we probably need to check abuse filters or oddities in global user pages, flow etc. I'm not sure what the issue is.

Aug 2 2016, 1:18 PM · Collab-Team-Q1-July-Sep-2016, Collaboration-Community-Engagement, StructuredDiscussions, Trust-and-Safety
Jalexander added a comment to T133901: Hebrew Wikipedia abuse filter is blocking global-flow-create moves.

Can you try now? We've added the move user page and move sub page right

Aug 2 2016, 1:00 PM · Collab-Team-Q1-July-Sep-2016, Collaboration-Community-Engagement, StructuredDiscussions, Trust-and-Safety
Jalexander added a comment to T133901: Hebrew Wikipedia abuse filter is blocking global-flow-create moves.

It looks like there are a bunch of different move rights now include "move root user pages" I assume that's what'a stopping you... I don't remember those even existing last time I looked but I'm sure they've existed longer then I think. I'll get the stewards to add to the user rights.

Aug 2 2016, 9:49 AM · Collab-Team-Q1-July-Sep-2016, Collaboration-Community-Engagement, StructuredDiscussions, Trust-and-Safety
Jalexander closed T133901: Hebrew Wikipedia abuse filter is blocking global-flow-create moves as Resolved.

This actually looks like this was done in March but we never updated the task? Everyone with global flow create has move :) Let me know if you need anything else however!

Aug 2 2016, 12:28 AM · Collab-Team-Q1-July-Sep-2016, Collaboration-Community-Engagement, StructuredDiscussions, Trust-and-Safety

Jul 11 2016

Jalexander closed T132970: Password reset for admins on wikipedia-library mailing list as Resolved.

another new password sent to emails of admins... I've tested and works not sure what happened with the old one

Jul 11 2016, 7:38 PM · Wikimedia-Mailing-lists, The-Wikipedia-Library

Jul 7 2016

Jalexander updated subscribers of T119736: Could not find local user data for {Username}@{wiki}.

@Philippe is also having this issue (under User:Philippe) tried to do the work around listed (go to https://test.wikipedia.org/w/index.php?title=Special%3ACentralAuth&target=Philippe and log in to scnwiki which is what it lists) but he just got another exception when doing that.

Jul 7 2016, 6:25 AM · Collaboration-Team-Triage, MW-1.28-release (WMF-deploy-2016-07-19_(1.28.0-wmf.11)), User-notice, Notifications, MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-06-28_(1.28.0-wmf.8)), MW-1.28-release (WMF-deploy-2016-07-05_(1.28.0-wmf.9)), MW-1.28-release (WMF-deploy-2016-07-12_(1.28.0-wmf.10)), Patch-For-Review, MW-1.27-release (WMF-deploy-2016-01-12_(1.27.0-wmf.10)), MediaWiki-extensions-CentralAuth, Wikimedia-General-or-Unknown, MediaWiki-User-login-and-signup
Jalexander added a comment to T104671: Rename 'restricted' group?.

updated the table for both myself and Joe (who at the moment is there generally to shadow and back me up). I obviously don't really care what specific rights group we have but I'm not sure any other groups currently exist for our use case other then restricted (unless we were upgraded to deployer obviously which I leave to others, I generally work under 'least access' type rules but there are obviously different things to balance). The biggest things we get out of restricted and need to keep:

Jul 7 2016, 3:56 AM · Patch-For-Review, Operations