Page MenuHomePhabricator

Platonides (platonides)
User

Projects (6)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Tuesday

  • Clear sailing ahead.

User Details

User Since
Oct 24 2014, 10:10 PM (352 w, 1 d)
Availability
Available
LDAP User
Platonides
MediaWiki User
Platonides [ Global Accounts ]

Recent Activity

Wed, Jul 7

Platonides added a comment to T286267: Redirect old /mailman/options/<list> urls.

That was fast :)

Wed, Jul 7, 12:01 AM · SRE, Wikimedia-Mailing-lists
Platonides created T286269: Internal server error (with ugly html tags) when changing Autoresponse postings text.
Wed, Jul 7, 12:00 AM · SRE, Upstream, Wikimedia-Mailing-lists

Tue, Jul 6

Platonides closed T265568: daily-image-l stopped sending on 2020-10-11 as Resolved.

I have actually removed those two print() statements (some debugging, it seems), so it doesn't produce any output.

Tue, Jul 6, 11:45 PM · Tools, Wikimedia-Mailing-lists, SRE, Commons
Platonides created T286267: Redirect old /mailman/options/<list> urls.
Tue, Jul 6, 11:38 PM · SRE, Wikimedia-Mailing-lists

Mon, Jul 5

Platonides added a comment to T265568: daily-image-l stopped sending on 2020-10-11.

It's still sending the announcement-only mail, but the cron is working now. :-) :-)

Mon, Jul 5, 2:18 AM · Tools, Wikimedia-Mailing-lists, SRE, Commons
Platonides added a comment to T283472: Reproducible HTTP 503 error trying to import from Telugu wikipedia to Telugu Wikibooks.

So you are trying to import https://te.wikipedia.org/wiki/%E0%B0%B8%E0%B0%BE%E0%B0%AE%E0%B1%86%E0%B0%A4%E0%B0%B2%E0%B1%81_-_%E0%B0%85 ?
Does importing another page, or not including the full history succeed?

Mon, Jul 5, 2:13 AM · serviceops, Wikimedia-General-or-Unknown, MediaWiki-Core-Snapshots

Sun, Jul 4

Platonides added a comment to T265568: daily-image-l stopped sending on 2020-10-11.

And, weird enough, it both went through and sent back an auto-reponse saying it's an announcement-only mailing list.

Sun, Jul 4, 10:16 PM · Tools, Wikimedia-Mailing-lists, SRE, Commons
Platonides added a comment to T265568: daily-image-l stopped sending on 2020-10-11.

Well, having too many things is probably part of the reason ;-)

Sun, Jul 4, 10:00 PM · Tools, Wikimedia-Mailing-lists, SRE, Commons
Platonides added a comment to T265568: daily-image-l stopped sending on 2020-10-11.

This can't be that hard. @Legoktm do you want me to have a look at this? Doesn't seem to require any advenced permission, only on potd and ml, so I could probably handle it.

Sun, Jul 4, 12:38 AM · Tools, Wikimedia-Mailing-lists, SRE, Commons
Platonides updated the task description for T173894: Mailman cannot correctly decode GB2312-superset mails labelled as GB2312 (non-standard behavior).
Sun, Jul 4, 12:25 AM · Znuny, SRE, Wikimedia-Mailing-lists, Chinese-Sites
Platonides added a comment to T286122: Make auditing members of mailing lists bound to a user right easier.

mailman3 supports having an account with multiple emails. Requiring one of them (not necessarily the mail used in the mailing list) to match the wiki one seems acceptable.

Sun, Jul 4, 12:23 AM · SRE, Wikimedia-Mailing-lists

Sat, Jul 3

Platonides added a project to T286138: Cannot use NFC security keys with WebAuthn on iOS: MediaWiki-extensions-OATHAuth.
Sat, Jul 3, 11:58 PM · MediaWiki-extensions-OATHAuth

Sat, Jun 26

Platonides added a comment to T285602: Out-of-sync REL 1.35 VisualEditor with VisualEditor extension.

gerrit autobumping it may actually be preferable, indeed.

Sat, Jun 26, 9:43 PM · Patch-For-Review, LibUp, VisualEditor
Platonides created T285602: Out-of-sync REL 1.35 VisualEditor with VisualEditor extension.
Sat, Jun 26, 6:26 PM · Patch-For-Review, LibUp, VisualEditor

Fri, Jun 25

Platonides updated the task description for T283983: Autovoice wikibugs in all channels it speaks in.
Fri, Jun 25, 8:40 PM · wikimedia-irc-libera, Wikibugs

May 14 2021

Platonides added a comment to T282348: Mailman3 bounce runner is running very slowly.

Probably more a Feature Request for upstream, but I think mailman3 should parse that rejection message, find out the error is actually due to the specific message it was trying to deliver, and not increment the bounce counter. Giving semantics to the error messages isn't ideal, but I'm not sure that's possible with their enhanced status codes alone. At least, those error messages are very clear on why it is rejecting them. It also means hardcoding the messages used for certain vendors (to which more can be added in the future), but given the prevalence of gmail/gsuite is so large, and this issue will appear often enough, to make this worthwhile.

May 14 2021, 11:21 PM · SRE, Wikimedia-Mailing-lists

Apr 8 2021

Platonides added a comment to T279108: Introduce a Front-end Build Step for MediaWiki Skins and Extensions.

I'm not convinced by the "don't commit the result" part. The "compiled" code is still needed for tarballs and even the developers themselves. And they must be using the same version as in prod, or they could be testing a slightly different code, which would be hard to discover.

Apr 8 2021, 11:00 PM · Design-Systems-team-board, tech-decision-forum

Mar 28 2021

Platonides added a comment to T278584: Promote use of SASL for Cloud VPS/Toolforge hosted Libera.chat / Freenode IRC bots.

I'm not currently running an IRC bot from Toolforge, but I have been using SASL for a long time. That code was already there 5 years ago.

Mar 28 2021, 1:02 AM · wikimedia-irc-libera, Toolforge, Cloud-VPS

Mar 1 2021

Platonides added a comment to T276148: SSH Access of Git data in GitLab.

I don't think it's complicated at all. It should run fin on a ssh with a Match rule to only allow from external networks the user git (and, while we're at it, forcecommand it there, too).
The part that may be controversial -simple but controversial- is to open port 22 in the firewall to this machine. However, a ssh listening on an alternate port and opening that one is equally bad, should there be a fatal sshd vulnerability.

Mar 1 2021, 11:36 PM · Patch-For-Review, Release-Engineering-Team (Doing), SRE, User-brennen, GitLab (Initialization)

Jan 26 2021

Platonides added a comment to T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis.

(Maybe split this subthread into a new task "Connecting to prod should be easy?")

Jan 26 2021, 10:41 PM · Product-Analytics, Inuka-Team

Jan 24 2021

Platonides added a comment to T235554: MediaWiki::outputResponsePayload seemingly causes net::ERR_HTTP2_PROTOCOL_ERROR 200 and compression issues in 1.35.

Sorry @Peculiar_Investor, you are right in that there was a change in 1.35.1, I was thinking this was included in 1.35.0
The related change in 1.35.0 vs 1.35.1 was that Content-Encoding: none was changed into Content-Encoding: identity (T258877).

Jan 24 2021, 11:23 PM · MW-1.36-notes, MW-1.36-release, MW-1.37-notes (1.37.0-wmf.1; 2021-04-13), MW-1.35-notes, Patch-For-Review, wbstack, MW-1.35-release, Regression, MediaWiki-General, Performance-Team, Anti-Harassment, Cloud-VPS
Platonides added a comment to T250227: Investigate and evaluate hCaptcha to replace Wikimedia's Fancy Captcha.

I don't think they would need the IP address. If all they want are statistics on the number of requests/solves from an IP address, they could be given a HMAC of the IP address with a secret salt. Plus probably the AS and country of the IP, since I'm sure that's also part of their risk analysis. They couldn't combine requests from wmf users with those from third parties, wikimedia sites would be on its own island, but that's the goal. We have a big enough user base, that I doubt it combining it would really be needed. That, plus proxying the actual image loads (and not letting them insert arbitrary javascript, but using a known-good copy), I think would work wrt privacy. Still not ideal from a FOSS philosophical POV, though.

Jan 24 2021, 3:52 AM · Software-Licensing, Tech-Product API Roadmap, Product Infrastructure Roadmap, Privacy, ConfirmEdit (CAPTCHA extension), Security-Team
Platonides added a comment to T235554: MediaWiki::outputResponsePayload seemingly causes net::ERR_HTTP2_PROTOCOL_ERROR 200 and compression issues in 1.35.

@Peculiar_Investor I don't think that's an issue of 1.35.0 vs 1.35.1 but just that $wgDisableOutputCompression = true; doesn't work with the invisible caching which your hosting does.

Jan 24 2021, 12:42 AM · MW-1.36-notes, MW-1.36-release, MW-1.37-notes (1.37.0-wmf.1; 2021-04-13), MW-1.35-notes, Patch-For-Review, wbstack, MW-1.35-release, Regression, MediaWiki-General, Performance-Team, Anti-Harassment, Cloud-VPS

Jan 14 2021

Platonides created P13763 Usuarios de eswiki por número de talleres .
Jan 14 2021, 1:01 AM

Jan 11 2021

Platonides added a comment to T271202: Provide raw KaiOSAppFeedback data to Chelsea Riley for analysis.

On the topic of ssh accesses, there shouldn't be a "big headache of using the command line" for getting access to the cluster. I don't think anyone here with "Technical" in their role would have a problem for doing that, but it wouldn't be necessary. There shouldn't be a need to use a command line, even. There are graphical tools for creating SSH keys and transferring files via ssh. And if the file to copy was in the bastion host, that would be even easier, as no jumping would be needed.
If getting access is being such a big issue (and for multiple people!), that seems a sign that the documentation is in urge need for improvement. It would be a matter of following a number of steps with screenshots. Fill this value here, then click that button, copy the following magical settings into this file.

Jan 11 2021, 6:14 PM · Product-Analytics, Inuka-Team

Dec 14 2020

Platonides added a comment to T262193: Allow local file uploads on Ukrainian Wikisource.

@Ahonc: they want to upload Ukranian files which are Public Domain in the US but not in Ukraine.
I agree with @Urbanecm in that this seems a can of worms for contributors to Wikisource in Ukraine (which we can fairly expect to be based in Ukraine), which would be uploading files violating the copyright in their local country.

Dec 14 2020, 12:50 AM · WMF-Legal, Community-consensus-needed, Wikimedia-Site-requests

Dec 12 2020

Platonides added a comment to T270008: Regex AbuseFilter problem.

I have been debugging the specific filter with @SRuizR and it wasn't a problem in the regex engine.

Dec 12 2020, 11:57 PM · AbuseFilter

Nov 1 2020

Platonides added a comment to T266298: Enable wgAbuseFilterNotificationsPrivate by default for WMF wikis.

The current is setup seems inconsistent, since private filters don't trigger a feed notification, yet an anonymous user can view on Special:AbuseLog that they were triggered, so I see no reason not to publish that through the RCFeed.

Nov 1 2020, 5:19 PM · User-Urbanecm, AbuseFilter, User-DannyS712, Wikimedia-Site-requests

Sep 7 2020

Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

We should get a CVE for this extension vulnerability. This code has been here since 2014, and was added itself to avoid a XSS, so basically (assuming it wasn't safe before and something changed) everyone with MobileFrontend installed would be affected.

Sep 7 2020, 11:10 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262230: Make it explicit that Wikimedia doesn't pay bug bounties.

https://www.mediawiki.org/w/index.php?title=Reporting_security_bugs&type=revision&diff=4089248&oldid=4046737

Sep 7 2020, 11:00 PM · Documentation, Security-Team
Platonides created T262233: MobileFrontend doesn't work with Vector.
Sep 7 2020, 10:48 PM · MW-1.36-notes (1.36.0-wmf.10; 2020-09-22), Readers-Web-Backlog (Kanbanana-FY-2020-21), Patch-For-Review, Vector (Vector (Tracking)), MW-1.35-release, MobileFrontend
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

My +2 to nray patch

Sep 7 2020, 10:39 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

I thought it was removing links from headers, but it seems it was not doing anything ¯\_(ツ)_/¯ (other than adding a security vulnerability).

Sep 7 2020, 10:36 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

Testing it.

Sep 7 2020, 10:24 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

Actually removing the regex seems preferable, indeed.
However, I think this may produce links inside links, which the previous code was trying to avoid?

Sep 7 2020, 10:12 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

The basic fix I tried

Sep 7 2020, 9:49 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).
section.line = section.line.replace(  /<\/?a\b("[^"]*"|'[^']*'|[^>])*>/g, '' );
Sep 7 2020, 9:31 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

probably fixed by changing to

Sep 7 2020, 7:37 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

This also happens (in Mobile) when forcing a different skin, such as monobook or vector

Sep 7 2020, 6:30 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides renamed T262213: XSS on Pages viewed on Mobile (CVE-2020-26120) from XSS on Mobile Talk Pages to XSS on Pages viewed on Mobile.
Sep 7 2020, 6:28 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

If the page is protected (thus no edit section link), the XSS doesn't fire

Sep 7 2020, 6:20 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

The first img doesn't really need any parameters:

==  <center><img><img src=zxcv onerror=throw(document.domain)> ==
Sep 7 2020, 6:14 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team
Platonides added a comment to T262213: XSS on Pages viewed on Mobile (CVE-2020-26120).

I have simplified it to

Sep 7 2020, 5:37 PM · MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), Readers-Web-Backlog (Kanbanana-FY-2020-21), Mobile, MobileFrontend, Vuln-XSS, Security, Security-Team

Aug 25 2020

Platonides added a comment to T261248: Security review request for IRCCloud.

potential security and privacy concerns with IRC surfaced

Aug 25 2020, 11:45 PM · Security

Aug 13 2020

Platonides added a comment to T260301: MediaWiki should support modern OAuth authentication for SMTP.

There is certainly a lack of documentation. It would be appreciated if you can tell us the result of you setting this up. Or directly update https://www.mediawiki.org/wiki/Manual:$wgSMTP

Aug 13 2020, 12:52 AM · MediaWiki-Email

Aug 12 2020

Platonides added a comment to T260301: MediaWiki should support modern OAuth authentication for SMTP.

MediaWiki can use the internal PHP mail() function or PEAR::Mail.

Aug 12 2020, 11:09 PM · MediaWiki-Email

Aug 10 2020

Platonides renamed T260084: revisiondelete API module works with the target without namespace but logs the wrong title from Deletion log is without namespace on hywiki to revisiondelete API module works with the target without namespace but logs the wrong title.
Aug 10 2020, 9:28 PM · MediaWiki-Revision-deletion
Platonides added a comment to T260084: revisiondelete API module works with the target without namespace but logs the wrong title.

Probably because the ids themselves would be everything needed to hide them.

Aug 10 2020, 7:48 PM · MediaWiki-Revision-deletion
Platonides added a project to T260084: revisiondelete API module works with the target without namespace but logs the wrong title: MediaWiki-Logevents.
Aug 10 2020, 7:16 PM · MediaWiki-Revision-deletion
Platonides added a comment to T260084: revisiondelete API module works with the target without namespace but logs the wrong title.

What value were you using on title? 'File:Ջուդիթ Կրանց.jpg' ? Or perhaps something like just 'Ջուդիթ Կրանց.jpg' ?

Aug 10 2020, 7:16 PM · MediaWiki-Revision-deletion

Aug 8 2020

Platonides added a comment to T256541: Fix the problem with gravatar and mailman3.

There is no need to actually proxy gravatar. We could have our own instance. Gravatar is just a service mapping email md5 to an uploaded image. Is people still uploading their avatars there? Didn't that stop like a decade ago? Even if some people have an image there, it seems saner to use our own "wikimedia avatars". I'm not particularly happy on using the (hashed) email as primary key, but that seems to be what they are working with.

Aug 8 2020, 11:38 PM · Upstream, SRE, Wikimedia-Mailing-lists

Aug 7 2020

Platonides added a comment to T175691: Geoip lookup - Misidentifying country due to travelling.

It could go both ways. If as an Hungarian with only Hungarian credit card, and temporarily visiting the US, you are given HU options, it would succeed. OTOH, if you only had a US card, or if it persisted a US cookie after coming back, it's a failure.

Aug 7 2020, 10:26 PM · SRE, Traffic, FR-Q2-FY2019-20-cleanup-list, Fundraising-Backlog, MediaWiki-extensions-CentralNotice

Aug 2 2020

Platonides added a project to T259443: Deleting some specific files is not working on Commons: MediaWiki-Uploading.
Aug 2 2020, 9:14 PM · Structured-Data-Backlog, Commons, Structured Data Engineering, MediaWiki-Page-deletion, MediaWiki-File-management, Wikimedia-production-error
Platonides added a comment to T259443: Deleting some specific files is not working on Commons.

Files uploaded in 2013 with two upload entries at the same minute.

Aug 2 2020, 8:48 PM · Structured-Data-Backlog, Commons, Structured Data Engineering, MediaWiki-Page-deletion, MediaWiki-File-management, Wikimedia-production-error
Platonides added a project to T259443: Deleting some specific files is not working on Commons: MediaWiki-extensions-UploadBlacklist.
Aug 2 2020, 8:47 PM · Structured-Data-Backlog, Commons, Structured Data Engineering, MediaWiki-Page-deletion, MediaWiki-File-management, Wikimedia-production-error

Jul 26 2020

Platonides added a comment to T258877: MediaWiki sets invalid Content-Encoding: none.

The content encoding of 'identity', was added in rfc2616 with a note that it "SHOULD NOT be used in the Content-Encoding header". The transfer coding identity was removed by rfc7230. rfc7231 uses "identity" as a special value in the context of Accept-Encoding, not of Content-Encoding. Anyway, the semantics of a Content-encoding: identity are completely clear and supported even if it may make for a redundant header.

Jul 26 2020, 1:11 AM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.13; 2020-10-12), MediaWiki-General
Platonides claimed T258877: MediaWiki sets invalid Content-Encoding: none.
Jul 26 2020, 12:37 AM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.13; 2020-10-12), MediaWiki-General
Platonides removed a project from T258877: MediaWiki sets invalid Content-Encoding: none: MediaWiki-Core-Hooks.
Jul 26 2020, 12:29 AM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.13; 2020-10-12), MediaWiki-General
Platonides created T258877: MediaWiki sets invalid Content-Encoding: none.
Jul 26 2020, 12:29 AM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.13; 2020-10-12), MediaWiki-General

Jul 9 2020

Platonides renamed T230425: Page creation log should not display the content of deleted pages from Recent changes new page entries should not display the content of deleted pages to Page creation log should not display the content of deleted pages.
Jul 9 2020, 10:11 PM · Performance-Team (Radar), Anti-Harassment, MediaWiki-Logevents
Platonides renamed T230425: Page creation log should not display the content of deleted pages from Page creation log should not display the content of deleted pages to Recent changes new page entries should not display the content of deleted pages.
Jul 9 2020, 10:09 PM · Performance-Team (Radar), Anti-Harassment, MediaWiki-Logevents

Jun 16 2020

Platonides added a comment to T230245: Make SwiftFileBackend::doStoreInternal defer the opening of file handles to stay in the concurrency limit.

$maxConcurrency was set to 50, but we had nearly one thousand operations pending.

Jun 16 2020, 9:09 PM · Performance-Team, Patch-For-Review, MediaWiki-File-management, Commons, Platform Engineering (Icebox), SRE, SRE-swift-storage, Editing-team, ConfirmEdit (CAPTCHA extension)
Platonides added a comment to T230245: Make SwiftFileBackend::doStoreInternal defer the opening of file handles to stay in the concurrency limit.

I can disable $async on FileBackendStore::doQuickOperationsInternal(), and then it no longer fails. Understandably, that makes the process slower (Copied 969 captchas to storage in 43.6 seconds).

Jun 16 2020, 8:52 PM · Performance-Team, Patch-For-Review, MediaWiki-File-management, Commons, Platform Engineering (Icebox), SRE, SRE-swift-storage, Editing-team, ConfirmEdit (CAPTCHA extension)
Platonides added a comment to T230245: Make SwiftFileBackend::doStoreInternal defer the opening of file handles to stay in the concurrency limit.

I found it is a file descriptor problem. ulimit -n is set to 1024. FormatJson is failing with

Jun 16 2020, 8:27 PM · Performance-Team, Patch-For-Review, MediaWiki-File-management, Commons, Platform Engineering (Icebox), SRE, SRE-swift-storage, Editing-team, ConfirmEdit (CAPTCHA extension)

Jun 12 2020

Platonides added a comment to T230245: Make SwiftFileBackend::doStoreInternal defer the opening of file handles to stay in the concurrency limit.

I would try

  • throwing a clearstatcache() somewhere, in case it makes find the file Json again
  • run a different program than python that creates the file externally, e.g. touch filename
Jun 12 2020, 10:58 PM · Performance-Team, Patch-For-Review, MediaWiki-File-management, Commons, Platform Engineering (Icebox), SRE, SRE-swift-storage, Editing-team, ConfirmEdit (CAPTCHA extension)

Jun 8 2020

Platonides added a comment to T205619: Upload to Commons fails with a common ADSL connection in Taiwan.

It doesn't make any sense that you can upload to phabricator, but not to commons.
I would suspect some crazy with some intermediate box, but the whole connection is encrypted.

Jun 8 2020, 12:41 AM · SRE, Wikimedia-General-or-Unknown, Commons

Jun 7 2020

Platonides added a comment to T52864: Upgrade GNU Mailman from 2.1 to Mailman3.

Note: The receiving Exim doesn't seem to be configured to accept list mail:

Jun 7 2020, 2:00 AM · Security-Team, SRE, Wikimedia-Mailing-lists
Platonides added a comment to T52864: Upgrade GNU Mailman from 2.1 to Mailman3.

MX records cannot have IP addresses. They must be associated to a hostname (plus a priority)

Jun 7 2020, 1:57 AM · Security-Team, SRE, Wikimedia-Mailing-lists

May 31 2020

Platonides added a comment to T244665: CopyPatrol incorrectly encodes non-ASCII letters (with diacritics) in article titles, so the links do not work.

It might be a simple issue of changing the db charset, or adding a SET NAMES to the client.

May 31 2020, 8:28 PM · I18n, Community-Tech, CopyPatrol

May 6 2020

Platonides created T251962: Double escaped entities in {{FULLPAGENAME}} on customized Delete-legend message again.
May 6 2020, 12:12 AM · MediaWiki-Parser, MediaWiki-Interface

Apr 23 2020

Platonides added a comment to T248294: Separate permission for creating a page with a custom content model.

Maybe, rather than a new permission for that, something like $wgCustomModelProtection[] which allows requiring a specific right for certain models (presumably those that could be sensitive, most models shouldn't need that), rather than a one-right fits all approach.

Apr 23 2020, 1:46 AM · Editing-team, Security-Team, MediaWiki-User-management, User-DannyS712

Apr 22 2020

Luke081515 awarded T250131: Allow the owner to lock its former account if it has been compromised a Love token.
Apr 22 2020, 4:28 PM · Trust-and-Safety, MediaWiki-extensions-CentralAuth, Security

Apr 20 2020

Platonides added a comment to T249703: Automatically close Pull Requests in repos mirrored on Github.

Heh, calling it "Welcome Bot" sounded nicer, even if it would still be saying go away from GitHub ;)

Apr 20 2020, 12:28 AM · Developer-Advocacy (Apr-Jun 2020), Release-Engineering-Team, User-Majavah, Wikimedia-GitHub
Platonides added a comment to T249703: Automatically close Pull Requests in repos mirrored on Github.

I understand the app Name will be the bot name, so rather than "Wikimedia PR Closer" I would prefer something more user-friendly, such as "Wikimedia Welcome Bot for GitHub users"

Apr 20 2020, 12:09 AM · Developer-Advocacy (Apr-Jun 2020), Release-Engineering-Team, User-Majavah, Wikimedia-GitHub

Apr 17 2020

Platonides added a comment to T246726: Prevent data loss in DiscussionTools caused by MediaWiki not detecting edit conflicts with yourself.

A point that is somewhat behind this is that the edit conflict isn't isn't too user friendly, which makes edit conflicts more burdensome.

Apr 17 2020, 12:13 AM · Verified, MW-1.35-notes (1.35.0-wmf.25; 2020-03-24), OWC2020 (OWC2020 Replying 1.0), Editing-team (Q3 2019-2020 Kanban Board), DiscussionTools

Apr 16 2020

Platonides added a comment to T250314: Investigate Privacy Pass for Wikimedia Sites.

https://github.com/WICG/trust-token-api seems to be another project doing basically the same thing.

Apr 16 2020, 9:53 PM · Privacy Engineering, Privacy, Security-Team, Wikimedia-General-or-Unknown
Platonides added a comment to T250314: Investigate Privacy Pass for Wikimedia Sites.

If a third party would be presenting our challenges, it could help making them not be able to link the requestors of captchas (for which they would have IP addresses, run js, etc.) and the actual wikipedia (since the token will be redeemed at a later date).

Apr 16 2020, 9:44 PM · Privacy Engineering, Privacy, Security-Team, Wikimedia-General-or-Unknown
Platonides added a comment to T246726: Prevent data loss in DiscussionTools caused by MediaWiki not detecting edit conflicts with yourself.

Yes, because with the behavior of the "back" button in browsers at the time, it was actually needed. It no longer is.

Apr 16 2020, 8:26 PM · Verified, MW-1.35-notes (1.35.0-wmf.25; 2020-03-24), OWC2020 (OWC2020 Replying 1.0), Editing-team (Q3 2019-2020 Kanban Board), DiscussionTools

Apr 14 2020

Platonides created T250131: Allow the owner to lock its former account if it has been compromised.
Apr 14 2020, 2:03 AM · Trust-and-Safety, MediaWiki-extensions-CentralAuth, Security

Apr 11 2020

Platonides added a comment to T246726: Prevent data loss in DiscussionTools caused by MediaWiki not detecting edit conflicts with yourself.

Note that MediaWiki doesn't "fail" to detect the conflict if the edit was made by the same user. It explicitly goes and does an expensive check to see if it should ignore the conflict because the edit is by the same user. This was explicitly implemented as a feature. Don't ask me why though ;)

Apr 11 2020, 1:08 AM · Verified, MW-1.35-notes (1.35.0-wmf.25; 2020-03-24), OWC2020 (OWC2020 Replying 1.0), Editing-team (Q3 2019-2020 Kanban Board), DiscussionTools

Apr 5 2020

Platonides renamed T243937: Wiki email not delivered to GMail from Wiki email not delievered to GMail to Wiki email not delivered to GMail.
Apr 5 2020, 2:13 PM · Infrastructure-Foundations, SRE, Mail
Platonides added a comment to T243937: Wiki email not delivered to GMail.

I don't think that graph is the right one, André. It may provide approximate data (both are emails), but I think list email is even sent from a completely different relay.

Apr 5 2020, 2:13 PM · Infrastructure-Foundations, SRE, Mail

Mar 22 2020

Platonides added a comment to T248269: Consider ignoring blocks that were quickly reverted [Was: Block report on personal account].

I think it could be a good request that the tool shouldn't show it. However, the tool is completely right. The user was blocked for 1030 days.

Mar 22 2020, 7:56 PM · XTools

Mar 15 2020

Platonides renamed T247719: Europeana links dont work - web is down?!?! from Understand how we can track changes in European and avoid linkroot in Wikidata to Understand how we can track changes in Europeana and avoid linkrot in Wikidata.
Mar 15 2020, 11:46 PM · User-Salgo60
Platonides added a comment to T246970: Quarry: Lost connection to MySQL server during query.

Why are you using that query?

Mar 15 2020, 12:52 AM · Quarry, Data-Services

Mar 14 2020

Platonides added a comment to T247682: Add {{em}} magic word.

And how do you know, server-side, the number of px in 1 em for the current user?

Mar 14 2020, 10:33 PM · ParserFunctions, MediaWiki-Parser
Platonides added a comment to T247587: XDebug makes requiring files unreasonably slow and affects open file limit.

There are file descriptors being opened that you did not capture. Some suggestions: openat, dup2, socket, accept...

Mar 14 2020, 1:21 AM · Patch-For-Review, MediaWiki-Vagrant

Mar 13 2020

Platonides added a comment to T152434: Add method to Revision to check if it was a Revert, and whether an edit was Reverted.

A great usecase of this would be to allow showing a collapsed view of the history page. Currently, you have some page histories where it almost hasn't changed for years, yet there are a lot of history entries due to edits and reverts/undos.
It would be great to have them collapsed as a single link mentioning there were 53 irrelevant edits, so that only actual changes affecting the current page are shown.

Mar 13 2020, 11:19 PM · Google-Summer-of-Code (2020), Growth-Team, Platform Team Legacy (Watching / External), Readers-Web-Backlog (Tracking), Product-Infrastructure-Team-Backlog, Trending-Service, Epic, MediaWiki-Page-editing, Contributors-Team, MediaWiki-Interface

Feb 18 2020

Platonides added a comment to T241768: Pilot social media traffic reports for English Wikipedia.

Or simply a Michael Jackson event! (that we'd better be aware, too)

Feb 18 2020, 11:26 PM · Research (FY2019-20-Research-April-June), Privacy Engineering

Feb 3 2020

Platonides added a comment to T239150: Login for SUL account on enwiki stopped working without clear hint why (due to password being in top 100000 list).

(...) Then we can hard-reset your password and reset it through the system.

Alternatively you can email ca-at-wikimedia.org from the email associated with the account.

Feb 3 2020, 11:37 PM · Trust-and-Safety, MediaWiki-User-login-and-signup, Wikimedia-General-or-Unknown
Platonides added a comment to T239150: Login for SUL account on enwiki stopped working without clear hint why (due to password being in top 100000 list).

@Beej--phabricator can you check if the password being rejected was indeed in the large list at
https://github.com/danielmiessler/SecLists/blob/aad07ff/Passwords/10_million_password_list_top_100000.txt ?

Feb 3 2020, 10:50 PM · Trust-and-Safety, MediaWiki-User-login-and-signup, Wikimedia-General-or-Unknown

Jan 14 2020

Platonides added a comment to T242696: AbuseFilter not blocking edits that trigger the Filter.

Maybe mwlog1001 will have some details about what happened?

Jan 14 2020, 12:46 AM · User-Daimona, AbuseFilter
Platonides created T242696: AbuseFilter not blocking edits that trigger the Filter.
Jan 14 2020, 12:45 AM · User-Daimona, AbuseFilter

Jan 11 2020

Platonides added a comment to T242520: Allow Cloud mailing list to be indexed .

As an external solution, it could be added to an external mailing list archiver such as marc (they already have wikitech-l, mediawiki-l...)

Jan 11 2020, 10:41 PM · User-RhinosF1, SRE, Wikimedia-Mailing-lists

Jan 3 2020

Platonides added a comment to T241781: Audit members of #security for more than x duration of no activity.

It was added by @chasemp on Apr 23 2019, 6:53 PM, along WDoranWMF.

Jan 3 2020, 12:57 AM · Security, Phabricator, Security-Team

Dec 20 2019

Platonides closed T241267: Spamhaus check suddenly started bouncing me; whitelist request? as Invalid.
Dec 20 2019, 9:53 PM · SRE, Wikimedia-Mailing-lists
Platonides added a comment to T241267: Spamhaus check suddenly started bouncing me; whitelist request?.

The entry SBL205747 is special in that it is an entry requested by mail.com itself. When they consider that the email they are going to send is spam, they send it through an IP address listed there so that people checking the Spamhaus blacklist may block it.

Dec 20 2019, 9:52 PM · SRE, Wikimedia-Mailing-lists
Platonides added a comment to T240520: Produce dumps of commons thumbnail URLs.

Then the internal urls are really no different than the public ones. Converting them would simply mean prepending "https://upload.wikimedia.org/wikipedia/commons/thumb/"

Dec 20 2019, 1:38 AM · Patch-For-Review, Dumps-Generation, Internet-Archive, Datasets-Archiving

Dec 12 2019

Platonides added a comment to T240520: Produce dumps of commons thumbnail URLs.

How are the internal swift urls? I'm not sure why we need two lists.
Also, while a baseline, I don't expect python to be the most efficient construct. A better one could be construed directly in C. Or even use a Bloom filter rather than a set.

Dec 12 2019, 10:18 PM · Patch-For-Review, Dumps-Generation, Internet-Archive, Datasets-Archiving

Dec 5 2019

Platonides added a comment to T239866: Investigate use of bz2 decompression tools on multistream files.

I think the bzip2 api doesn't handle the multistream transparently, so tools coded using that would probably be affected.

Dec 5 2019, 10:10 PM · Dumps-Generation