Page MenuHomePhabricator

ST47
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Monday

  • Clear sailing ahead.

User Details

User Since
Apr 30 2019, 3:34 AM (78 w, 4 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
ST47 [ Global Accounts ]

Recent Activity

Sat, Oct 24

ST47 added a comment to T265784: Toolforge & Cloud VPS egress IP has been blocked by RIPE whois database for excessive use.

I don't believe the -r flag has any effect on other RIRs. My patch to ipwhois only uses the -r flag when querying RIPE's servers.

Sat, Oct 24, 6:50 AM · Toolforge, Cloud-VPS, cloud-services-team (Kanban), Stewards-and-global-tools
ST47 added a comment to T265784: Toolforge & Cloud VPS egress IP has been blocked by RIPE whois database for excessive use.

The block was lifted, mentioned a few comments above. However the rate limit is still in place, so we may be blocked again if we exceed 1000 queries to RIPE in 1 day.

Sat, Oct 24, 3:27 AM · Toolforge, Cloud-VPS, cloud-services-team (Kanban), Stewards-and-global-tools

Wed, Oct 21

ST47 closed T266082: When a revision is suppressed, any abusefilter hits should also be suppressed as Invalid.

Oh,I didn't know that, thanks!

Wed, Oct 21, 2:07 AM · MediaWiki-Revision-deletion, AbuseFilter
ST47 created T266082: When a revision is suppressed, any abusefilter hits should also be suppressed.
Wed, Oct 21, 1:20 AM · MediaWiki-Revision-deletion, AbuseFilter

Tue, Oct 20

ST47 added a comment to T265784: Toolforge & Cloud VPS egress IP has been blocked by RIPE whois database for excessive use.

There are two ongoing actions here:

  • nskaggs seems to be planning to contact RIPE on behalf of the cloud services team
  • the whois tool needs to be updated

Reopened

Tue, Oct 20, 5:06 PM · Toolforge, Cloud-VPS, cloud-services-team (Kanban), Stewards-and-global-tools
ST47 reopened T265784: Toolforge & Cloud VPS egress IP has been blocked by RIPE whois database for excessive use as "Open".
Tue, Oct 20, 5:05 PM · Toolforge, Cloud-VPS, cloud-services-team (Kanban), Stewards-and-global-tools
ST47 added a comment to T265784: Toolforge & Cloud VPS egress IP has been blocked by RIPE whois database for excessive use.

I heard back again from RIPE and the IP has been unblocked. Asking them to treat it as a proxy IP would still be desirable, in order to reduce the chance of this happening again.

Tue, Oct 20, 4:55 PM · Toolforge, Cloud-VPS, cloud-services-team (Kanban), Stewards-and-global-tools

Mon, Oct 19

ST47 added a comment to T265784: Toolforge & Cloud VPS egress IP has been blocked by RIPE whois database for excessive use.

I have updated as-info and whois-referral. isprangefinder uses the whois tool's json output, it doesn't make whois queries directly.

Mon, Oct 19, 4:34 PM · Toolforge, Cloud-VPS, cloud-services-team (Kanban), Stewards-and-global-tools
ST47 added a comment to T265784: Toolforge & Cloud VPS egress IP has been blocked by RIPE whois database for excessive use.

I received the following from RIPE technical support:

Mon, Oct 19, 4:07 PM · Toolforge, Cloud-VPS, cloud-services-team (Kanban), Stewards-and-global-tools

Sat, Oct 17

ST47 updated the task description for T265784: Toolforge & Cloud VPS egress IP has been blocked by RIPE whois database for excessive use.
Sat, Oct 17, 2:40 AM · Toolforge, Cloud-VPS, cloud-services-team (Kanban), Stewards-and-global-tools
ST47 updated the task description for T265784: Toolforge & Cloud VPS egress IP has been blocked by RIPE whois database for excessive use.
Sat, Oct 17, 2:36 AM · Toolforge, Cloud-VPS, cloud-services-team (Kanban), Stewards-and-global-tools
ST47 created T265784: Toolforge & Cloud VPS egress IP has been blocked by RIPE whois database for excessive use.
Sat, Oct 17, 2:12 AM · Toolforge, Cloud-VPS, cloud-services-team (Kanban), Stewards-and-global-tools

Sep 9 2020

ST47 added a comment to T27377: Update username in AbuseFilter interface when user is renamed using Renameuser.

While it might not completely fix the problem for global filters, would a hook "onRenameUserSQL" in the style of this patch to CheckUser solve most of this problem?

Sep 9 2020, 3:40 AM · AbuseFilter (Overhaul-2020), MediaWiki-extensions-Renameuser, MediaWiki-extensions-CentralAuth, GlobalRename
ST47 merged T262367: AbuseFilter history doesn't recognize username changes. into T27377: Update username in AbuseFilter interface when user is renamed using Renameuser.
Sep 9 2020, 3:37 AM · AbuseFilter (Overhaul-2020), MediaWiki-extensions-Renameuser, MediaWiki-extensions-CentralAuth, GlobalRename
ST47 merged task T262367: AbuseFilter history doesn't recognize username changes. into T27377: Update username in AbuseFilter interface when user is renamed using Renameuser.
Sep 9 2020, 3:37 AM · AbuseFilter

Sep 8 2020

ST47 added a comment to T262347: login.toolforge.org ssh broken due to LDAP lookup failures.

According to #wikimedia-cloud:

Sep 8 2020, 10:22 PM · cloud-services-team (Kanban), Wikimedia-Incident, Toolforge
ST47 added a comment to T262239: enwiki database replicas (Toolforge and Cloud VPS) are more than 24h+ lagged.

Thank you Manuel! Apparently I just didn't know what to search for. What is "MCR"?

Sep 8 2020, 5:08 PM · cloud-services-team (Kanban), DBA, Data-Services
ST47 created T262239: enwiki database replicas (Toolforge and Cloud VPS) are more than 24h+ lagged.
Sep 8 2020, 5:39 AM · cloud-services-team (Kanban), DBA, Data-Services

Sep 2 2020

ST47 added a comment to T261087: When deleting a page, give the option to also delete the page creation log.

Okay, but that isn't new.

Sep 2 2020, 5:07 PM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), MediaWiki-Revision-deletion
ST47 added a comment to T261087: When deleting a page, give the option to also delete the page creation log.

Fixed in patch set 3

Sep 2 2020, 2:15 PM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), MediaWiki-Revision-deletion

Aug 24 2020

ST47 created T261087: When deleting a page, give the option to also delete the page creation log.
Aug 24 2020, 1:20 AM · MW-1.35-notes, MW-1.36-notes (1.36.0-wmf.9; 2020-09-15), MediaWiki-Revision-deletion

Aug 20 2020

ST47 added a comment to T260925: The Abusefilter API should indicate whether an abuselog entry has been suppressed.

Oh, I have to specifically ASK for it by adding |hidden to aflprop! Yes, this works for me.

Aug 20 2020, 4:47 PM · AbuseFilter
ST47 created T260925: The Abusefilter API should indicate whether an abuselog entry has been suppressed.
Aug 20 2020, 4:37 PM · AbuseFilter

Aug 14 2020

ST47 added a comment to T259212: Attempting to block a locked/hidden user causes Fatal TypeError from DatabaseBlock::equals().

@Tchanders I guess I don't know. On the contributions page, there are links to "change block" or "unblock" (rather than "block"). However, there is no block log that I can see. The username is hidden for good reason, but the user ID (on enwiki, at least) is 39840215.

Aug 14 2020, 6:32 PM · MW-1.36-notes (1.36.0-wmf.6; 2020-08-25), Anti-Harassment (The Letter Song), MW-1.35-notes, Wikimedia-production-error, MediaWiki-Blocks

Aug 12 2020

ST47 added a comment to T260222: Can't change user groups if the user has an '@' in their username.

Awesome, thanks @DannyS712 . I agree that it isn't urgent because the user in question is indef blocked, and as there is a workaround. I do not think a sysadmin should set $wgUserrightsInterwikiDelimiter to any nonsense.

Aug 12 2020, 6:35 AM · MediaWiki-User-management
ST47 created T260222: Can't change user groups if the user has an '@' in their username.
Aug 12 2020, 6:21 AM · MediaWiki-User-management

Aug 11 2020

ST47 added a comment to T259212: Attempting to block a locked/hidden user causes Fatal TypeError from DatabaseBlock::equals().

@Tchanders The first time, yes, but when I re-tested it on august 4th, I used the same account as when I originally reported the bug. So it would have been blocked for several days at that point.

Aug 11 2020, 6:08 PM · MW-1.36-notes (1.36.0-wmf.6; 2020-08-25), Anti-Harassment (The Letter Song), MW-1.35-notes, Wikimedia-production-error, MediaWiki-Blocks

Aug 4 2020

ST47 added a comment to T259212: Attempting to block a locked/hidden user causes Fatal TypeError from DatabaseBlock::equals().

I can reliably reproduce it, it does not seem to be intermittent or one-off.

Aug 4 2020, 6:55 AM · MW-1.36-notes (1.36.0-wmf.6; 2020-08-25), Anti-Harassment (The Letter Song), MW-1.35-notes, Wikimedia-production-error, MediaWiki-Blocks

Jul 30 2020

ST47 created T259212: Attempting to block a locked/hidden user causes Fatal TypeError from DatabaseBlock::equals().
Jul 30 2020, 5:14 AM · MW-1.36-notes (1.36.0-wmf.6; 2020-08-25), Anti-Harassment (The Letter Song), MW-1.35-notes, Wikimedia-production-error, MediaWiki-Blocks

Jul 21 2020

ST47 added a comment to T257893: Request User-Agent Client-Hints on all of MediaWiki's Responses.

Clearly they haven't really thought this new feature through, since they talk about benefits like only requesting the client's CPU architecture only when it is needed to serve the correct version of a downloadable executable, while undermining that very use case by requiring a full request-response round trip before providing the necessary information. It is as if Google thinks that your average website is able to predict the user's next browsing action, and set the Accept-CH header accordingly. Or they forgot to define a new 300-series status code "Try Again".

Jul 21 2020, 8:40 PM · Anti-Harassment, Patch-For-Review, Performance-Team (Radar), Platform Engineering, MediaWiki-General

Jul 15 2020

ST47 added a comment to T258105: Use Sec-CH-UA-* when available instead of User-Agent.

I would encourage you to store this in addition to the User-Agent, not instead of it. The User-Agent field may remain useful in many circumstances. I understand that it is extremely complex to make a schema change on the WMF cluster. I submit that it is worth doing so, for these reasons:

Jul 15 2020, 11:17 PM · Anti-Harassment, CheckUser

Jul 14 2020

ST47 added a comment to T242825: Deal with Google Chrome User-Agent deprecation.

I wouldn't recommend it, as we may want that structured data to remain structured for the purposes of filtering. Plus, that field is only 255 characters long.

Jul 14 2020, 1:44 PM · Analytics-Radar, Product-Analytics, Anti-Harassment, Privacy Engineering, User-revi, CheckUser
ST47 added a comment to T242825: Deal with Google Chrome User-Agent deprecation.

@Huji, if the extra hints are "accepted" by the server via the "Accept-CH" header in the HTTP response, then they will be included in *subsequent* requests by the same client. No extra hints will be provided in the first request from a given client. If MediaWiki includes the "Accept-CH" header on every response, then at minimum every POST request will have the hints included, as it must have been preceded by a GET (to load the form, get a CSRF token, etc).

Jul 14 2020, 1:23 PM · Analytics-Radar, Product-Analytics, Anti-Harassment, Privacy Engineering, User-revi, CheckUser

Jul 11 2020

ST47 added a comment to T257538: CheckUser "get edits" is sorted incorrectly for users with many edits, which may be causing a performance issue for those queries.

I don't know what you mean about checkuser-too-many changing. That is used when a range check for "get edits" or "get users" returns too many results, so the special page shows a list of individual IP addresses with edits. That message was never shown when running "get edits" on a user account or a single IP address, "checkuser-limited" was.

Jul 11 2020, 5:51 PM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser
ST47 added a comment to T257641: Max results should not be hard-coded in CheckUser.

Thanks, not sure why I didn't notice that in my own testing. I have set the limit to 7 edits in my localsettings.php, and get edits for user and get edits for IP are both working for me now.

Jul 11 2020, 2:19 AM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser

Jul 10 2020

ST47 added a comment to T257641: Max results should not be hard-coded in CheckUser.

@Huji, I don't know if I agree with your comment here. Prior to this change, if someone called doUserIPsDBRequest(.., .., 200), then the LIMIT would be 200. I don't know when that would ever happen - since it isn't possible to specify a limit in Special:CheckUser - but the current patch set behaves in the same way as the original code.

Jul 10 2020, 11:25 PM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser
ST47 added a comment to T257538: CheckUser "get edits" is sorted incorrectly for users with many edits, which may be causing a performance issue for those queries.

I didn't see that you had edited your comment to say that you were working on a new patch set until I had already uploaded a new version of https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/611399 to fix the "is_null" lint error and the message documentation error.

Jul 10 2020, 7:39 PM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser
ST47 added a comment to T257641: Max results should not be hard-coded in CheckUser.

@Huji I think I fixed the lint errors with this patch, but go ahead and make any other changes that are needed

Jul 10 2020, 7:36 PM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser
ST47 added a comment to T257538: CheckUser "get edits" is sorted incorrectly for users with many edits, which may be causing a performance issue for those queries.

I don't think the gerrit patch uploader takes Depends-On into account, as I am getting a merge conflict when trying to upload the rebased version of this patch.

Jul 10 2020, 6:29 PM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser
ST47 claimed T257641: Max results should not be hard-coded in CheckUser.
Jul 10 2020, 6:11 PM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser
ST47 added a comment to T257538: CheckUser "get edits" is sorted incorrectly for users with many edits, which may be causing a performance issue for those queries.

@Huji No problem, I do have a patch for that one as well. I have some doubts about how to handle changing the system message, but I'll ask you over in that ticket.

Jul 10 2020, 6:11 PM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser
ST47 added a comment to T257538: CheckUser "get edits" is sorted incorrectly for users with many edits, which may be causing a performance issue for those queries.

@Huji, I think it's actually easier to do this one first, since it deletes a bunch of duplicate code. I will look at T257641 as well, though.

Jul 10 2020, 3:23 AM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser

Jul 9 2020

ST47 claimed T257538: CheckUser "get edits" is sorted incorrectly for users with many edits, which may be causing a performance issue for those queries.

Claiming, I will develop and test a patch to make get_edits get the 5000 most recent edits, and to format the results in the same way as in the normal (fewer than 5000 edits) case.

Jul 9 2020, 11:09 PM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser
ST47 created T257538: CheckUser "get edits" is sorted incorrectly for users with many edits, which may be causing a performance issue for those queries.
Jul 9 2020, 4:06 AM · MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Patch-For-Review, CheckUser

Jun 16 2020

ST47 added a comment to T255506: Identify how abuse log details were purged from the CU logs.

Here's a difference. On enwiki, all users can access https://en.wikipedia.org/wiki/Special:AbuseFilter , even if they are logged out. On fawiki, "The action you have requested is limited to users in one of the groups: Administrators, Patrollers, Autopatrollers, Eliminators, Abuse filter editors."

Jun 16 2020, 2:22 AM · MW-1.36-notes (1.36.0-wmf.10; 2020-09-22), MW-1.35-notes (1.35.0-wmf.39; 2020-06-30), AbuseFilter, CheckUser
ST47 added a comment to T255506: Identify how abuse log details were purged from the CU logs.

Earlier, I checked several recent hits on private filters on enwiki and couldn't find any examples of missing CU data. This includes hits on a "no action" private filter (1007), and hits on a "disallow" private filter (1050), and includes edits as recently as within the last 24 hours. So this isn't universally happening to all filter hits. There must be some commonality between the users, filters, or perhaps wiki configurations, that is causing this inconsistent behavior.

Jun 16 2020, 2:13 AM · MW-1.36-notes (1.36.0-wmf.10; 2020-09-22), MW-1.35-notes (1.35.0-wmf.39; 2020-06-30), AbuseFilter, CheckUser

Jun 15 2020

ST47 added a comment to T255506: Identify how abuse log details were purged from the CU logs.

Are there many other log entries in the database on fawiki (or enwiki) with the exact same cuc_actiontext? Would be helpful to know whether this is a regression, and if so, when it started appearing.

Jun 15 2020, 11:21 PM · MW-1.36-notes (1.36.0-wmf.10; 2020-09-22), MW-1.35-notes (1.35.0-wmf.39; 2020-06-30), AbuseFilter, CheckUser

Jun 12 2020

ST47 added a comment to T253802: Configure WMF wikis to log login attempts in CheckUser.

I like @Reedy's idea of only excluding successful login attempts of bots. Going with the same naming convention as $wgCheckUserLogLogins, I guess we can introduce a $wgCheckUserLogSuccessfulBotLogins that defaults to true in the code, but is set to false on WMF wikis. Any thought on that?

Jun 12 2020, 3:56 PM · User-Urbanecm, User-Huji, MW-1.36-notes (1.36.0-wmf.6; 2020-08-25), Trust-and-Safety, WMF-Legal, CheckUser, Wikimedia-Site-requests

Jun 8 2020

ST47 added a comment to T254805: Document Wptuser account on English Wikipedia.

If this bot will only edit in its userspace, requesting a bot flag at https://en.wikipedia.org/wiki/Wikipedia:Bots/Requests_for_approval will be quite painless, and will both hide its edits from recent changes, and grant it ipblock-exempt.

Jun 8 2020, 7:21 PM · Documentation, Performance-Team

May 28 2020

ST47 added a watcher for Train Deployments: ST47.
May 28 2020, 7:45 PM

May 18 2020

ST47 added a comment to T252894: Unsophisticated bad actors dataset.

So, I've started trying to build the set of known sockpuppet groups based on userpage tagging and block summaries. So far I have 14,700 masters and a total of 174,000 accounts. If we cut that down to cases with 10 or more confirmed accounts, it's 131,000 accounts across 3,100 masters. Currently I'm formatting this as a JSON file with the following schema:

May 18 2020, 5:31 PM · artificial-intelligence, Machine Learning Platform

May 14 2020

ST47 created T252801: CheckUser API is slow in "get edits" mode, possibly due to failing to use an index.
May 14 2020, 5:23 PM · MW-1.35-notes (1.35.0-wmf.34; 2020-05-26), Performance Issue, CheckUser

May 13 2020

ST47 added a comment to T252559: CheckUser API in "get edits" mode misses certain types of changes that the Special page provides.

Apologies for wasting anyone's time on this. I didn't realize that the API defaults to only 14 days worth of data, instead of defaulting to 90 days like the special page.

May 13 2020, 8:19 PM · CheckUser
ST47 closed T252559: CheckUser API in "get edits" mode misses certain types of changes that the Special page provides as Invalid.
May 13 2020, 8:05 PM · CheckUser

May 12 2020

ST47 added a comment to T252559: CheckUser API in "get edits" mode misses certain types of changes that the Special page provides.

I tested this on a Vagrant dev environment and it worked fine:

May 12 2020, 7:10 PM · CheckUser
ST47 added a comment to T252559: CheckUser API in "get edits" mode misses certain types of changes that the Special page provides.

I assumed that the API was intentionally filtering out log entries, but that isn't correct. Is there some other reason why entries like these appear on Special:CheckUser but not on the API?

May 12 2020, 4:40 PM · CheckUser
ST47 updated the task description for T252559: CheckUser API in "get edits" mode misses certain types of changes that the Special page provides.
May 12 2020, 4:21 PM · CheckUser
ST47 created T252559: CheckUser API in "get edits" mode misses certain types of changes that the Special page provides.
May 12 2020, 4:18 PM · CheckUser

May 8 2020

ST47 added a comment to T252226: Thanks activities should be logged by CheckUser.

In T247540, Reedy indicated that the table has about 60,000,000 rows on wikidata and 10,000,000 on enwiki.

May 8 2020, 5:15 PM · User-notice, MW-1.35-notes (1.35.0-wmf.40; 2020-07-07), User-DannyS712, CheckUser, Thanks, Growth-Team

Apr 28 2020

ST47 added a comment to T251277: When a user is renamed CU logs in which they were the target user should be updated.

Assigning to $renameUserSQL->tables['cu_log'] in two separate hooks doesn't change the fact that they're modifying the same variable, whichever hook runs last corresponds to the entry in $renameUserSQL->tables that will actually be run.

Apr 28 2020, 5:42 PM · User-Huji, CheckUser

Apr 25 2020

ST47 updated the task description for T251012: Protection sometimes gives an "invalid expiration date" error, but processes the protection anyway.
Apr 25 2020, 1:01 AM · MediaWiki-Page-protection, MediaWiki-extensions-FlaggedRevs
ST47 created T251012: Protection sometimes gives an "invalid expiration date" error, but processes the protection anyway.
Apr 25 2020, 1:00 AM · MediaWiki-Page-protection, MediaWiki-extensions-FlaggedRevs

Apr 24 2020

ST47 added a comment to T247540: Should CheckUser track bot edits?.

I can't say I've ever had a reason to CheckUser a bot, but I *can* imagine situations where it would be useful to be able to do so. Sampling is a good idea, but does the cu_changes table really represent a significant storage cost?

Would it be useful to get info for edits, if there was still info for log entries? I.e. what about only ignore bots' edits, which keeping log entries, etc

Apr 24 2020, 2:36 AM · Stewards-and-global-tools, Anti-Harassment, CheckUser
ST47 added a comment to T247540: Should CheckUser track bot edits?.

I can't say I've ever had a reason to CheckUser a bot, but I *can* imagine situations where it would be useful to be able to do so. Sampling is a good idea, but does the cu_changes table really represent a significant storage cost?

Apr 24 2020, 1:59 AM · Stewards-and-global-tools, Anti-Harassment, CheckUser

Apr 21 2020

ST47 added a comment to T249562: Checkuser should allow reblocking users and tag pages even if users are already blocked.

I personally would support this feature. In addition to the "blocked" notice provided by CheckUser itself (which is usually accurate), I think most CUs have a javascript that indicates users that are blocked with a strikethrough, and indef blocked users with italics and strikethrough. So, we know if they're blocked. Often, I do want to re-block them, either to use the {{checkuserblock-account}} template, to change the block from temporary to indefinite, and occasionally to revoke talk page access for a sockpuppeteer which routinely abuses it.

Apr 21 2020, 4:14 PM · MW-1.35-notes (1.35.0-wmf.35; 2020-06-02), Anti-Harassment (The Letter Song), User-Urbanecm, CheckUser

Mar 9 2020

ST47 added a comment to T246261: Allow check user to specify time range for Special:Investigate.

@Prtksxna True, but we don't use the time limit for that purpose. The only reason we would use a shorter time limit in the current tool is if we run a check on an IP address or range, and get the error that there were more than 5000 edits within the 90 day window. (In fact, the current log doesn't even show what time limit we chose.)

Mar 9 2020, 3:24 AM · MW-1.35-notes (1.35.0-wmf.38; 2020-06-23), Anti-Harassment (The Letter Song), CheckUser

Mar 4 2020

ST47 added a comment to T246353: Investigate and mitigate trivial bypass to AntiSpoof.

Thanks for the discussion. I unfortunately am not able to log in to Gerrit, due to an issue with my account. My understanding is that it isn't possible to fix. Please email me privately with any other questions about that.

Mar 4 2020, 5:37 PM · user-sbassett, Patch-For-Review, Anti-Harassment, Security-Team, Security, AbuseFilter, AntiSpoof

Feb 28 2020

ST47 added a comment to T246353: Investigate and mitigate trivial bypass to AntiSpoof.

Ah, I see, thanks. New patch 0001 is the same as the above, but with the dist/ files updates. New patch 0002 also collapses multiple level equivalences, which I don't know if it's required but it might be clearer for reviewers.

Feb 28 2020, 3:34 AM · user-sbassett, Patch-For-Review, Anti-Harassment, Security-Team, Security, AbuseFilter, AntiSpoof

Feb 27 2020

ST47 added a comment to T246353: Investigate and mitigate trivial bypass to AntiSpoof.

Good point. I have attached a patch which uses a python script to collect the confusables.txt data and add it in to the equivset database. The patch is against https://phabricator.wikimedia.org/source/Equivset/repository/master/. Several notes:

Feb 27 2020, 9:00 PM · user-sbassett, Patch-For-Review, Anti-Harassment, Security-Team, Security, AbuseFilter, AntiSpoof
ST47 added projects to T246353: Investigate and mitigate trivial bypass to AntiSpoof: AntiSpoof, AbuseFilter.
Feb 27 2020, 3:55 PM · user-sbassett, Patch-For-Review, Anti-Harassment, Security-Team, Security, AbuseFilter, AntiSpoof
ST47 created T246353: Investigate and mitigate trivial bypass to AntiSpoof.
Feb 27 2020, 3:50 PM · user-sbassett, Patch-For-Review, Anti-Harassment, Security-Team, Security, AbuseFilter, AntiSpoof

Feb 21 2020

ST47 added a comment to T245499: Improve performance of Compare query for Special:Investigate.

I don't know if you have any data on how often the 5000 result limit in the current tool is hit, my personal experience is that it's fairly common particularly for mobile IP ranges. If that limit was brought even lower per IP range, e.g. if only the last 1000 edits from an IP range were considered, I think that would be a significant degradation.

Feb 21 2020, 10:33 PM · MW-1.35-notes (1.35.0-wmf.25; 2020-03-24), Anti-Harassment (The Letter Song), Performance Issue, CheckUser

Feb 17 2020

ST47 created T245379: "Script" unicode characters not included in equivset, and therefore can be used to spoof AbuseFilter.
Feb 17 2020, 12:35 AM · Equivset, Security

Feb 6 2020

ST47 updated the event description for E1140: Test event.
Feb 6 2020, 11:03 PM · events
ST47 cancelled E1140: Test event.
Feb 6 2020, 11:02 PM · events
ST47 updated the event description for E1140: Test event.
Feb 6 2020, 11:02 PM · events
ST47 updated the event description for E1140: Test event.
Feb 6 2020, 11:02 PM · events
ST47 updated the event description for E1140: Test event.
Feb 6 2020, 11:01 PM · events
ST47 added a comment to E1140: Test event.

Test comment, had notifications off...

Feb 6 2020, 11:00 PM · events
ST47 created E1140: Test event.
Feb 6 2020, 11:00 PM · events

Jan 4 2020

ST47 created T241891: Log and display in CheckUser when a user trips a cookie block.
Jan 4 2020, 5:55 PM · CheckUser

Dec 31 2019

ST47 created T241652: Allow overriding a range block with a more specific block with different settings.
Dec 31 2019, 5:32 PM · MediaWiki-User-management, Anti-Harassment

Dec 29 2019

ST47 added a watcher for CheckUser: ST47.
Dec 29 2019, 7:16 AM
ST47 added a watcher for acl*security: ST47.
Dec 29 2019, 7:16 AM

Dec 22 2019

ST47 added a comment to T203083: "Administrator" is hardcoded in various permission error messages.

I'm told in T241318 that administrators cannot view the content of deleted css/js pages. So, is it a bug that I can see those edits in Special:DeletedContributions and Special:RevisionDelete?

Dec 22 2019, 1:03 PM · MediaWiki-Authentication-and-authorization, MediaWiki-Interface
ST47 created T241318: Unable to access deleted revisions of a page.
Dec 22 2019, 11:19 AM

Dec 16 2019

ST47 added a comment to T240805: Link to view RevDelete/Suppressed revision is missing if only the username or edit summary was hidden.

Huh? I just tested this with an edit where the username was suppressed. Without &unhide=1, I see "(Username or IP removed)". With &unhide=1, I see the IP address. Adding the link would not be redundant, it would be the only way to get to the diff view or revision view with the suppressed content revealed.

Dec 16 2019, 11:20 PM · MediaWiki-Revision-deletion
ST47 created T240805: Link to view RevDelete/Suppressed revision is missing if only the username or edit summary was hidden.
Dec 16 2019, 1:49 AM · MediaWiki-Revision-deletion

Nov 23 2019

ST47 added a comment to T238995: AbuseFilter (and AntiSpoof?) not catching certain Unicode equivalencies.

Some more digging: wmf is on version 1.3.0 of https://packagist.org/packages/wikimedia/equivset#1.3.0 . So I guess this is a request to deploy equivset 1.4.0.

Nov 23 2019, 7:45 PM · Security, AntiSpoof, AbuseFilter
ST47 updated subscribers of T238995: AbuseFilter (and AntiSpoof?) not catching certain Unicode equivalencies.
Nov 23 2019, 7:38 PM · Security, AntiSpoof, AbuseFilter
ST47 created T238995: AbuseFilter (and AntiSpoof?) not catching certain Unicode equivalencies.
Nov 23 2019, 7:37 PM · Security, AntiSpoof, AbuseFilter

Jun 26 2019

ST47 created T226594: Wiki pages are very wide in Monobook for logged in users.
Jun 26 2019, 2:22 AM · MW-1.34-notes (1.34.0-wmf.11; 2019-06-26), Regression, MonoBook