Tgr (Gergő Tisza)
Software Engineer, WMF Reading

Projects (38)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Wednesday

  • Clear sailing ahead.

User Details

User Since
Sep 19 2014, 4:55 PM (213 w, 3 d)
Availability
Available
IRC Nick
tgr
LDAP User
Gergő Tisza
MediaWiki User
Tgr (WMF) [ Global Accounts ]

Things my team is working on: Reading-Infrastructure-Team-Backlog (kanban board)
Side projects I am working on (or planning to, eventually): User-Tgr
You can find more info about me on my user page.

Recent Activity

Yesterday

Tgr updated the task description for T206074: Wikimedia Technical Conference 2018 Session - Choosing the technologies to build our APIs.
Sun, Oct 21, 11:53 PM · Wikimedia-Technical-Conference-2018
Tgr updated the task description for T206074: Wikimedia Technical Conference 2018 Session - Choosing the technologies to build our APIs.
Sun, Oct 21, 7:33 PM · Wikimedia-Technical-Conference-2018
Tgr updated the task description for T206074: Wikimedia Technical Conference 2018 Session - Choosing the technologies to build our APIs.
Sun, Oct 21, 7:31 PM · Wikimedia-Technical-Conference-2018
Tgr created T207606: Allow Phabricator pastes to be formatted as remarkup.
Sun, Oct 21, 6:32 PM · Upstream, Phabricator (Upstream)
Tgr added a comment to T206059: Wikimedia Technical Conference 2018 Session - Choosing installation methods and environments for 3rd party users.

I'm leading T206074: Wikimedia Technical Conference 2018 Session - Choosing the technologies to build our APIs which is influenced a fair bit by 3rd party support plans. It would be great if this session could make a recommendation on what portability / platform compatibility requirements Wikimedia/MediaWiki APIs should have. (Should such APIs be installable via some container mechanism? Via OS packages? Via the package management system of their respective programming language? Should they be usable on an average cheap VPS? On a shared web host? Should we have some classification for Wikimedia functionality (e.g. essential/nonessential or generic/wiki-specific) and have different expectations for different classes?)

Sun, Oct 21, 4:06 AM · Wikimedia-Technical-Conference-2018

Sat, Oct 20

Tgr awarded T201009: Run deleteLocalPasswords.php in WMF prod (Central Auth wikis only!) after 1.32.0-wmf.16 is everywhere a Doubloon token.
Sat, Oct 20, 10:57 PM · MW-1.32-notes (WMF-deploy-2018-09-25 (1.32.0-wmf.23)), Patch-For-Review, User-Ladsgroup, Wikimedia-maintenance-script-run, Security, Wikimedia-Site-requests

Thu, Oct 18

Tgr added a comment to T200392: RfC: Release notes automation.

The meat of it was

<legoktm> on the task there's some discussion about integrating merge drivers into Gerrit and Zuul, which I'm all for, but I have no idea how to do that technically, and I'm not sure anyone else does either
<legoktm> [...] I don't expect that to happen anytime soon... :(
<legoktm> so my bot proposal would just require me writing the bot and having it run on a cron
Thu, Oct 18, 3:49 PM · MediaWiki-Documentation, TechCom-RFC
Tgr reopened T207325: Footnote weirdness after editing the title parameter as "Open".

The mechanism of this error might be similar to T206527, but it's not going to be fixed by MCS patches (only apps use that API, VisualEditor doesn't) so reopening.

Thu, Oct 18, 3:28 PM · TemplateStyles, VisualEditor
Tgr added a comment to T118413: Wikimedia wikis should use https:// in $wgServer.

When the task was written, we still allowed HTTP POST to the API (since redirects don't work there) and that could cause problems with relative URLs. Now that HTTP is completely disallowed (not from the user's POV but in the sense that our MediaWiki servers will never receive one) relative URLs are less problematic, but they still require some work to turn into absolute URLs so replacing the relative URLs in the configuration would be a performance (micro)optimization, at least.

Thu, Oct 18, 3:26 PM · Patch-For-Review, Wikimedia-Site-requests
Tgr updated subscribers of T207231: Deprecate wfLogWarning/MWDebug::warning.

I think @daniel uses it occasionally, maybe he has more insight? I never used it myself, nor the development toolbar that it is supposed to integrate with. wfLogWarning seems useless to me, you should either throw an exception or log an error, but triggering an error (which might or might disrupt code execution, depending on whether the headers are already sent) seems like the worst of two worlds. wfWarn is the same, except it only happens when $wgDevelopmentWarnings is true (is that something people generally set?) so maybe that's not completely useless, but I think it would be a saner approach to use the logging framework for everything and then use a log processor to trigger errors for log events with level error and above if that's desired.

Thu, Oct 18, 3:22 PM · Technical-Debt (Deprecation), MediaWiki-Debug-Logger

Wed, Oct 17

Tgr claimed T206074: Wikimedia Technical Conference 2018 Session - Choosing the technologies to build our APIs.
Wed, Oct 17, 3:13 PM · Wikimedia-Technical-Conference-2018

Tue, Oct 16

Tgr added a comment to T194164: Start reading from change_tag_def in production.

And all the URLs are crazy like that. Is that some kind of SQL injection scanning?

Tue, Oct 16, 7:13 AM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), User-Ladsgroup, Wikidata-Campsite (Wikidata-Campsite-Iteration-∞), Patch-For-Review, Wikidata, Wikidata-Campsite, MediaWiki-Change-tagging
Tgr added a comment to T194164: Start reading from change_tag_def in production.

Seems to have started an hour ago, though, not when the patch was deployed: https://logstash.wikimedia.org/goto/ed4d3af593dd6d272ee6b5ef0bed5d67

Tue, Oct 16, 7:11 AM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), User-Ladsgroup, Wikidata-Campsite (Wikidata-Campsite-Iteration-∞), Patch-For-Review, Wikidata, Wikidata-Campsite, MediaWiki-Change-tagging

Mon, Oct 15

Tgr added a comment to T207058: Ignore /vendor in operations/mediawiki-config.

You should use composer install --no-dev, but then it's already installed (there's a composer.lock and everything) so not sure why you'd need it in the first place.

Mon, Oct 15, 10:25 PM · Wikimedia-Site-requests
Tgr added a comment to T207054: Some Commons pages fatal with IncompleteRevisionException: "Uninitialized field: content_address".

Aside: was the file File:(a)Original Image (b)Image Generated using equation(1) (c)Image generated using equation(2) (d) Image generated using equation(3) (e)Image generated using equation(4).jpg created by some tool? Seems like the name and caption got mixed up.

Mon, Oct 15, 7:14 PM · Performance-Team, MediaWiki-ResourceLoader, Core Platform Team, Multi-Content-Revisions, Wikimedia-production-error
Tgr added a comment to T206589: [Bug] Page load reports error: Raven has not been configured..

FWIW https://en.wikipedia.beta.wmflabs.org/wiki/Barack_Obama is not the best example as it times out pretty much all the time (too large for the Beta servers I assume).

Mon, Oct 15, 7:10 PM · Patch-For-Review, Reading-Infrastructure-Team-Backlog, Sentry, Readers-Web-Backlog (Tracking)
Tgr closed T206589: [Bug] Page load reports error: Raven has not been configured. as Resolved.
Mon, Oct 15, 7:09 PM · Patch-For-Review, Reading-Infrastructure-Team-Backlog, Sentry, Readers-Web-Backlog (Tracking)
Tgr added a comment to T187142: Deduplicate template styles in Parsoid.

Note that deduplication should only happen after Cite did its own duplication checking of <ref> tags. In the PHP parser that caused T205803: Duplicate reference name errors in English Wikipedia caused by MediaWiki templatestyle handling? (although there the deduplication happens late so the exact cause was different).

Mon, Oct 15, 4:36 PM · Performance-Team (Radar), Parsoid, TemplateStyles

Sun, Oct 14

Tgr added a comment to T74874: Provide a way to add hyperlink in Quarry results/output.

I would have a first fix in JavaScript for the URLs, which is a simpler case, but I’m not sure it is really useful given there are not so much URLs in MediaWiki databases.

Sun, Oct 14, 10:07 PM · Quarry
Tgr updated the task description for T45086: Capture PHP warnings with stacktraces in MediaWiki and save to logstash.
Sun, Oct 14, 6:27 AM · Performance-Team, User-Tgr, MediaWiki-Debug-Logger, Deployments
Tgr closed T189922: Vagrant clock gets out of sync as Resolved.

Hopefully adding ntp to the default packages fixed it.

Sun, Oct 14, 1:13 AM · Patch-For-Review, MediaWiki-Vagrant

Sat, Oct 13

Tgr added a comment to T200997: Add raw HTML messages in WMF-deployed extensions to $wgRawHtmlMessages.

Fair enough.

Sat, Oct 13, 3:25 AM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Security, Patch-For-Review, Security-General, I18n, MediaWiki-Internationalization
Tgr updated the task description for T200997: Add raw HTML messages in WMF-deployed extensions to $wgRawHtmlMessages.
Sat, Oct 13, 3:24 AM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Security, Patch-For-Review, Security-General, I18n, MediaWiki-Internationalization

Fri, Oct 12

Tgr added a comment to T201009: Run deleteLocalPasswords.php in WMF prod (Central Auth wikis only!) after 1.32.0-wmf.16 is everywhere.
ariaDB [enwiki]> select type, centralized, attached, count(*) from (select CASE WHEN user_password = '' THEN 'null' WHEN user_password LIKE ':null:%' THEN 'nullable' ELSE 'real' END type, gu_id IS NOT NULL centralized, lu_name IS NOT NULL attached from user left join centralauth.globaluser on gu_name = user_name left join centralauth.localuser on lu_name = gu_name and lu_wiki = 'enwiki') x group by type, centralized, attached order by type, centralized, attached;
+----------+-------------+----------+----------+
| type     | centralized | attached | count(*) |
+----------+-------------+----------+----------+
| null     |           0 |        0 |     2599 |
| null     |           1 |        0 |       26 |
| null     |           1 |        1 | 10977004 |
| nullable |           0 |        0 |        7 |
| nullable |           1 |        1 | 23720799 |
| real     |           0 |        0 |       19 |
| real     |           1 |        0 |       11 |
+----------+-------------+----------+----------+
7 rows in set (1 hour 4 min 33.52 sec)

So that looks sane after all (I messed up some former queries not recorded here and got confused). A few thousand unattached accounts with no password, probably system users. Lots of attached accounts with no password or marked for password removeal, that's OK. Seven unattached accounts marked for password removal - that should not happen but the number is small enough not to care (also, all of them are barely used).

Fri, Oct 12, 11:19 PM · MW-1.32-notes (WMF-deploy-2018-09-25 (1.32.0-wmf.23)), Patch-For-Review, User-Ladsgroup, Wikimedia-maintenance-script-run, Security, Wikimedia-Site-requests
Tgr added a comment to T200997: Add raw HTML messages in WMF-deployed extensions to $wgRawHtmlMessages.

Just stating for the record, that raw html messages is generally considered "deprecated" since eons ago. No new code should introduce new raw html messages, and raw html messages are grounds for an extension to fail the extension security review that new extensions are required to go through.

Fri, Oct 12, 9:12 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Security, Patch-For-Review, Security-General, I18n, MediaWiki-Internationalization
Tgr closed T206834: ApiQueryReadingListsTest::testApiQuery is failing: Timestamps passed to "rlchangedsince" cannot be older than "2018-09-12T04:18:40Z". as Resolved.
Fri, Oct 12, 8:00 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Patch-For-Review, Reading-Infrastructure-Team-Backlog (Kanban), Reading List Service
Tgr added a comment to T71237: Use of SVG nominal size in MMV.

I don't think these icons should be triggering the media viewer. The image size is known at time of clicking, so why not avoid loading the lightbox when the image is say < 50px width?

Fri, Oct 12, 7:59 PM · Google-Code-in-2018, Multimedia, goodfirstbug, MediaWiki-extensions-MultimediaViewer
Tgr added a comment to T71237: Use of SVG nominal size in MMV.

That is weird but harmless (and what's the point of looking at icons in a lightbox anyway? They are typically already presented in the article in their intended size.)

Fri, Oct 12, 7:37 PM · Google-Code-in-2018, Multimedia, goodfirstbug, MediaWiki-extensions-MultimediaViewer
Tgr updated the task description for T200997: Add raw HTML messages in WMF-deployed extensions to $wgRawHtmlMessages.
Fri, Oct 12, 6:33 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Security, Patch-For-Review, Security-General, I18n, MediaWiki-Internationalization
Tgr closed T154891: Several of the wikieditor-toolbar-* messages are used as raw html as Resolved.
Fri, Oct 12, 6:31 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Patch-For-Review, WikiEditor, goodfirstbug
Tgr added a comment to T71237: Use of SVG nominal size in MMV.

It would be fit to the viewport. I don't think anyone really cares about icons, but with maps, graphs, charts, diagrams and the like this is a serious defect.

Fri, Oct 12, 6:02 PM · Google-Code-in-2018, Multimedia, goodfirstbug, MediaWiki-extensions-MultimediaViewer
Tgr added a comment to T206798: [feature request] Have one File: page host/list multiple file formats per image.

Technically this could be done with multi-content revisions but I doubt that's what you had in mind.

Fri, Oct 12, 4:00 AM · Multimedia, MediaWiki-File-management, Commons
Tgr closed T206796: [feature request] file extension independent from filetype as Declined.

Delete the old file and create a redirect if you want. Way too many things rely on the file extension (some browsers, processing software, plenty of MediaWiki's internal logic) for this to be feasible, even if there were some real use case behind it.

Fri, Oct 12, 2:02 AM · MediaWiki-File-management, Multimedia, Commons

Thu, Oct 11

Tgr updated the task description for T200997: Add raw HTML messages in WMF-deployed extensions to $wgRawHtmlMessages.
Thu, Oct 11, 11:22 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Security, Patch-For-Review, Security-General, I18n, MediaWiki-Internationalization
Tgr added a comment to T191738: Bundle Echo extension with MW 1.32.

License is MIT which is compatible with GPL 2+.

Thu, Oct 11, 11:14 PM · Growth-Team, MW-1.32-release, Collaboration-Team-Triage, Notifications, MediaWiki-Releasing
Tgr updated the task description for T191738: Bundle Echo extension with MW 1.32.
Thu, Oct 11, 11:14 PM · Growth-Team, MW-1.32-release, Collaboration-Team-Triage, Notifications, MediaWiki-Releasing
Tgr added a comment to T201009: Run deleteLocalPasswords.php in WMF prod (Central Auth wikis only!) after 1.32.0-wmf.16 is everywhere.

Last year:

MariaDB [enwiki]> select type, month, count(*) from (select substr(user_registration, 5, 2) month, CASE WHEN user_password = '' THEN 'null' WHEN user_password LIKE ':null:%' THEN 'nullable' ELSE 'real' END type from user where user_registration like '2018%') x group by type, month order by type, month;
+----------+-------+----------+
| type     | month | count(*) |
+----------+-------+----------+
| null     | 01    |   229575 |
| null     | 02    |   209061 |
| null     | 03    |   228393 |
| null     | 04    |   222129 |
| null     | 05    |   236213 |
| null     | 06    |   208321 |
| null     | 07    |   213515 |
| null     | 08    |   220190 |
| null     | 09    |   236030 |
| null     | 10    |    86839 |
| nullable | 01    |     2567 |
| nullable | 02    |     1439 |
| nullable | 03    |      263 |
+----------+-------+----------+
13 rows in set (3 min 30.78 sec)

so loginOnly worked reliably, that's good to know.

Thu, Oct 11, 8:14 PM · MW-1.32-notes (WMF-deploy-2018-09-25 (1.32.0-wmf.23)), Patch-For-Review, User-Ladsgroup, Wikimedia-maintenance-script-run, Security, Wikimedia-Site-requests
Tgr added a comment to T201009: Run deleteLocalPasswords.php in WMF prod (Central Auth wikis only!) after 1.32.0-wmf.16 is everywhere.

Looking at a yearly split:

MariaDB [enwiki]> select type, year, count(*) from (select substr(user_registration, 1, 4) year, CASE WHEN user_password = '' THEN 'null' WHEN user_password LIKE ':null:%' THEN 'nullable' ELSE 'real' END type from user) x group by type, year order by type, year;
+----------+------+----------+
| type     | year | count(*) |
+----------+------+----------+
| null     | NULL |      875 |
| null     | 2001 |       11 |
| null     | 2002 |       40 |
| null     | 2003 |      167 |
| null     | 2004 |      707 |
| null     | 2005 |     1831 |
| null     | 2006 |     6441 |
| null     | 2007 |    12808 |
| null     | 2008 |   163013 |
| null     | 2009 |   467386 |
| null     | 2010 |   468152 |
| null     | 2011 |   431266 |
| null     | 2012 |   555270 |
| null     | 2013 |   560576 |
| null     | 2014 |   751923 |
| null     | 2015 |   959804 |
| null     | 2016 |  1833713 |
| null     | 2017 |  2667320 |
| null     | 2018 |  2084388 |
| nullable | NULL |   489890 |
| nullable | 2001 |      194 |
| nullable | 2002 |     1859 |
| nullable | 2003 |     8523 |
| nullable | 2004 |    40387 |
| nullable | 2005 |   181961 |
| nullable | 2006 |  2402061 |
| nullable | 2007 |  2942642 |
| nullable | 2008 |  2364086 |
| nullable | 2009 |  2243067 |
| nullable | 2010 |  1902052 |
| nullable | 2011 |  1867750 |
| nullable | 2012 |  1609565 |
| nullable | 2013 |  1721041 |
| nullable | 2014 |  2415410 |
| nullable | 2015 |  2569495 |
| nullable | 2016 |   920114 |
| nullable | 2017 |    36776 |
| nullable | 2018 |     4269 |
| real     | NULL |        1 |
| real     | 2004 |        1 |
| real     | 2005 |        2 |
| real     | 2006 |        2 |
| real     | 2007 |        1 |
| real     | 2010 |        1 |
| real     | 2015 |       11 |
| real     | 2016 |        7 |
| real     | 2017 |        4 |
+----------+------+----------+
47 rows in set (3 min 16.67 sec)

it seems in the old times some 25% of accounts did not have passwords (autocreations, maybe?), after the introduction of AuthManager that went down to 1% (no password by default but password changes restored it?) and to zero after enabling loginOnly mode in March 2018. So I guess that does not sound that insane, although it does not match my understanding of how things should work (autocreation should create a localpassword without loginOnly enabled).

Thu, Oct 11, 8:06 PM · MW-1.32-notes (WMF-deploy-2018-09-25 (1.32.0-wmf.23)), Patch-For-Review, User-Ladsgroup, Wikimedia-maintenance-script-run, Security, Wikimedia-Site-requests
Tgr closed T206727: action=formcreate results in save error as Invalid.

I'd say let's reopen this task in December if that does not fix the issue, but just by looking at the code it seems it should.
(Sorry, I skimmed the commits between 4.3 and master before submitting but somehow missed that one.)

Thu, Oct 11, 6:30 PM · MediaWiki-extensions-Page_Forms
Tgr added a comment to T206727: action=formcreate results in save error.

Hm, yeah. Probably fixed in rEPFMfd4d8bbbd2bd: Add 'wpUnicodeCheck' field to wikitext form submission? @Revansx can you check?

Thu, Oct 11, 5:39 PM · MediaWiki-extensions-Page_Forms
Tgr updated the task description for T206074: Wikimedia Technical Conference 2018 Session - Choosing the technologies to build our APIs.
Thu, Oct 11, 5:39 AM · Wikimedia-Technical-Conference-2018
Tgr updated subscribers of T127233: Endpoints which do not need to authenticate users should set MW_NO_SESSION.

(Hopeful).

Thu, Oct 11, 4:40 AM · Technical-Debt (Deprecation), MW-1.32-release, MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), User-Tgr, Patch-For-Review, MW-1.27-release-notes, MediaWiki-Authentication-and-authorization
Tgr updated the task description for T206727: action=formcreate results in save error.
Thu, Oct 11, 1:00 AM · MediaWiki-extensions-Page_Forms
Tgr created T206727: action=formcreate results in save error.
Thu, Oct 11, 12:58 AM · MediaWiki-extensions-Page_Forms
Tgr added a comment to T199121: RFC: Spec for representing multiple content objects per revision (MCR) in XML dumps.

@Halfak the questions is: given that XML readers are somewhat flexible, so a script that was written some time ago and has no knowledge of MCR will still be able to read MCR dumps and see all the fields it expects, and it will quietly ignore non-main slots as unknown fields, what should such a script see at the location where it looks for the sha1 of the revision?

Thu, Oct 11, 12:50 AM · Core Platform Team Kanban (Doing), Core Platform Team (MCR), Multi-Content-Revisions (New Features), SDC Engineering, Dumps-Generation, User-ArielGlenn, User-Daniel, TechCom-RFC, Wikidata

Wed, Oct 10

Tgr added a comment to T191183: Enable avatars in gerrit.

UX-wise a single central place for profile images is obviously preferable, so using Phabricator makes a lot of sense. (Having some way to store a profile image in your Wikimedia central account would make even more... maybe in the next decade :) OTOH that would mean you can't use a different image, which could be problematic as the avatar size is very different between Phabricator (several sizes, but most commonly 50x50 in comment threads and 140x140 on hover) and Gerrit (16x16) so the same image might not work well.

Wed, Oct 10, 11:15 PM · Traffic, Operations, Patch-For-Review, Gerrit
Tgr added a comment to T206642: Non-interface administrators can't view source of user .js pages.

There are two issues here:

  • Should action=edit show a readonly edit page for non-existing titles that the user has no rights to create? (Note that this is not the case currently, e.g. en:Add article?action=edit will give you a similar error. Note also that "non-existing" is somewhat vague; pages might not exist in the database but still handled somewhat as if they existed and had content, see e.g. en:MediaWiki:Timeless.js.)
  • Should the "view source" tab be shown at all if the page does not exist and the user has no right to create it? Protected titles like en:Add article do not have any view/edit options.
Wed, Oct 10, 7:25 PM · MediaWiki-General-or-Unknown
Tgr added a comment to T206589: [Bug] Page load reports error: Raven has not been configured..

Broken by rOMWCc1d589465ac3: Remove sentry $wmg -> $wg, apparently.

Wed, Oct 10, 6:00 PM · Patch-For-Review, Reading-Infrastructure-Team-Backlog, Sentry, Readers-Web-Backlog (Tracking)
Tgr added a comment to T206504: Create a new endpoint which returns articles in need of a description.

Wikidata descriptions are stored in the central Wikibase server DB, and overrides are stored in the enwiki DB, so real-time filtering on records not having either is probably not possible (short of making MediaWiki duplicate that data somehow) - cross-server queries are not entirely impossible in MariaDB but probably not something we want to get into. So there would have to be some two-stage process that fills up a queue with prospective entries based on a wikidata query, then filters it based on the enwiki query, then discards entries as they get returned by the API.

Wed, Oct 10, 4:48 PM · Mobile-Content-Service, Reading-Infrastructure-Team-Backlog
Tgr added a comment to T206589: [Bug] Page load reports error: Raven has not been configured..

That means $wgSentryDsn has not been set for that wiki, or Raven.config() has not been called before invoking the Raven error handler. In theory neither should be possible: the DSN is set for all beta-cluster wikis, and the config method is called right before installing the error handler.

Wed, Oct 10, 2:42 AM · Patch-For-Review, Reading-Infrastructure-Team-Backlog, Sentry, Readers-Web-Backlog (Tracking)

Tue, Oct 9

Tgr added a comment to T71237: Use of SVG nominal size in MMV.

GCI task: https://codein.withgoogle.com/dashboard/tasks/4905284943216640/
Seems trivial (suspiciously trivial, even).

Tue, Oct 9, 11:29 PM · Google-Code-in-2018, Multimedia, goodfirstbug, MediaWiki-extensions-MultimediaViewer
Tgr added a comment to T201009: Run deleteLocalPasswords.php in WMF prod (Central Auth wikis only!) after 1.32.0-wmf.16 is everywhere.

Looking at enwiki:

mysql:research@analytics-store.eqiad.wmnet [enwiki]> select type, count(*) from (select CASE WHEN user_password = '' THEN 'null' WHEN user_password LIKE ':null:%' THEN 'nullable' ELSE 'real' END type from user) x group by type;
+----------+----------+
| type     | count(*) |
+----------+----------+
| null     | 10947477 |
| nullable | 23721608 |
| real     |       30 |
+----------+----------+
3 rows in set (2 min 29.85 sec)

which seems a bit suspicious. Nullable means attached user who does not need a local password (and it will be deleted by the final pass of the script) - I would expect there to be way more of those. Null means those users already have no password - either they registered after loginOnly was enabled in January, or they changes their password since then, or the account was autocreated (I think? not quite sure how that would be handled), or they are system users. 30% of all users seems a bit too high for that. (Real means non-attached users with a password; those are the results of bugs and I would have expected one or two magnitudes more of them.)
So I think it's worth manually double-checking that the script does the right thing, before making irreversible changes-

Tue, Oct 9, 10:41 PM · MW-1.32-notes (WMF-deploy-2018-09-25 (1.32.0-wmf.23)), Patch-For-Review, User-Ladsgroup, Wikimedia-maintenance-script-run, Security, Wikimedia-Site-requests
Tgr added a comment to T191183: Enable avatars in gerrit.

Really? As far as I know all gravatar integrations send hashes of emails. This means they don't know which email it is, unless it exists in their system (assuming they don't crawl email addresses from elsewhere).

Tue, Oct 9, 8:39 PM · Traffic, Operations, Patch-For-Review, Gerrit
Tgr added a comment to T206504: Create a new endpoint which returns articles in need of a description.

Will the API look for titles missing a description in some arbitrary user language, or in wiki content language? If there is no Wikidata description in the content language, but there is a local override, should that be taken into account?

Tue, Oct 9, 8:31 PM · Mobile-Content-Service, Reading-Infrastructure-Team-Backlog
Tgr added a comment to T199121: RFC: Spec for representing multiple content objects per revision (MCR) in XML dumps.

Just add a <revision-sha1> tag?

Tue, Oct 9, 6:11 PM · Core Platform Team Kanban (Doing), Core Platform Team (MCR), Multi-Content-Revisions (New Features), SDC Engineering, Dumps-Generation, User-ArielGlenn, User-Daniel, TechCom-RFC, Wikidata
Tgr added a comment to T203566: ParserOutput cache incompatibility errors in 1.32.0-wmf.20.

Still need to revert rMW1bb5b58eb1cd: Unwrap HTML loaded from parser cache -> gerrit 465465.

Tue, Oct 9, 6:10 PM · Core Platform Team Backlog (Later), Core Platform Team (Security, stability, performance and scalability (TEC1)), MediaWiki-Parser, MediaWiki-Cache, Wikimedia-production-error
Tgr closed T174035: Allow the view action to show multiple slots [MCR] as Resolved.
Tue, Oct 9, 3:15 AM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Multi-Content-Revisions (MCR-SDC File Caption Support - phase 2), Patch-For-Review, SDC General, Wikidata
Tgr closed T174035: Allow the view action to show multiple slots [MCR], a subtask of T174036: Diffs page should show diffs and content from multiple slots [MCR], as Resolved.
Tue, Oct 9, 3:15 AM · MW-1.32-notes (WMF-deploy-2018-09-18 (1.32.0-wmf.22)), MW-1.32-release, Epic, Multi-Content-Revisions (MCR-SDC File Caption Support - phase 2), SDC General, Wikidata

Mon, Oct 8

Mainframe98 awarded T206438: Split grants for editing user JSON and user JS a Like token.
Mon, Oct 8, 6:52 AM · Patch-For-Review, MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OAuth, Security
APerson awarded T206438: Split grants for editing user JSON and user JS a Like token.
Mon, Oct 8, 5:16 AM · Patch-For-Review, MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OAuth, Security
Tgr created T206438: Split grants for editing user JSON and user JS.
Mon, Oct 8, 3:26 AM · Patch-For-Review, MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OAuth, Security

Sat, Oct 6

Tgr added a comment to T110291: Update all extensions to use AuthManager.

Not really. Maybe for hyper-competent students.

Sat, Oct 6, 4:49 PM · Patch-For-Review, Goal, MediaWiki-extensions-General, MediaWiki-Authentication-and-authorization

Fri, Oct 5

Tgr updated the task description for T206074: Wikimedia Technical Conference 2018 Session - Choosing the technologies to build our APIs.
Fri, Oct 5, 8:54 PM · Wikimedia-Technical-Conference-2018
Tgr added a comment to T205921: Content model version field to accompany content model.

Having the version in the content type means you cannot do a quiet upgrade on edit, you need to change the content type (which normal users do not have the rights for). For something like wikitext where the version change is very obvious to users that's probably for the best. For something where users only interact with the content via some kind of custom GUI and versions are mostly incomprehensible to them, it might be less ideal.

Fri, Oct 5, 4:54 PM · MediaWiki-ContentHandler, JADE, TechCom-RFC

Thu, Oct 4

Tgr added a comment to T205921: Content model version field to accompany content model.

OTOH, if you are using JSON or some other structured representation where a version number is easily added, then just having the version number in there seems more straightforward.

Thu, Oct 4, 10:31 PM · MediaWiki-ContentHandler, JADE, TechCom-RFC
Tgr added a comment to T206130: Non logged in users are able to review and patrol pages on enwiki using the API.

Ugh, I am very sorry about this :( I broke it in gerrit 455481 and meant to fix it in 456140 but somehow did not realize the security implications and left the patch stalled when I got other urgent stuff to do, and forgot about it...

Thu, Oct 4, 10:29 PM · Wikimedia-production-error (Shared Build Failure), MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Growth-Team (Current Sprint), Patch-For-Review, MediaWiki-extensions-PageCuration, Security, MediaWiki-Patrolling, English-Wikipedia-New-Pages-Patrol
Tgr added a comment to T206247: "PHP Warning: headers already sent" from thumb.php.

Seems like a pretty uninteresting followup error. The real error is HTTP 401 (Unauthorized) in 'SwiftFileBackend::doStreamFile'˙ in the first example and HTTP 401 (Unauthorized) in 'SwiftFileBackend::doGetFileStatMulti'` in the second (so, Swift errors).

Thu, Oct 4, 10:22 PM · Multimedia, Commons, MediaWiki-File-management, Wikimedia-production-error
Tgr added a comment to T180378: simplewiki has a lot of MassMessage failures due to "readonly".

Duplicate of T139380: MassMessage failed delivery claiming "readonly" although the page is not protected?

Thu, Oct 4, 6:28 PM · MassMessage
Tgr added a comment to T199121: RFC: Spec for representing multiple content objects per revision (MCR) in XML dumps.

Some issues that we did not have time to fully discuss during the meeting:

  • sha1 B/C. There are two candidates for the old sha1 field: the sha1 of the main slot and the sha1 of the full revision (which is computed as taking the base36 sha1 of slot 1, concatenating the raw value of slot 2, taking the sha1 of that, concatenating slot 3, taking the sha1 of that etc). When there is just the main slot, the two coincide, so no B/C issue with that. When there are multiple slots, which is the more B/C friendly option? sha1 is mainly used for revert detection, but how would an application that is only aware of the main slot define reverts?
  • Backfilling the id. Legacy clients expect a numerical text id for the main slot; when we switch to external storage, we'll have an URL instead (which will be exposed as a different attribute). Can we provide some id still so old clients don't break? The actual value of the id is internal detail and not relevant to clients; what's relevant is that it should either be unique or (preferably) hash-like (ie. only main slots with the same text have the same id). In theory we could use some kind of content hash (first N digits of the base10 sha1, for example) but it will not fit into a 32 bit integer (current max text ID is about 900 million; fake IDs should avoid any range that can be, or could be within reasonable time, a text ID; max value for a signed int32 is around 2 billion) - is that likely enough to break clients to make the whole idea moot?
  • in theory a lot of resources could be saved if identical slot contents are only written out once (they will be a very frequent occurrence due to reverts) - not so much in the actual dump files, as the compression there takes care of duplicate content anyway, but it would mean less text to process, both in the dump infrastructure and for reusers. Text IDs / blob URLs can be assumed to be deduplicated, but they also cannot be published without checking that they correspond to a (visible) revision. That seems like a hard problem; can we do something about it?
Thu, Oct 4, 7:59 AM · Core Platform Team Kanban (Doing), Core Platform Team (MCR), Multi-Content-Revisions (New Features), SDC Engineering, Dumps-Generation, User-ArielGlenn, User-Daniel, TechCom-RFC, Wikidata

Wed, Oct 3

Tgr added a comment to T206143: Slow response of new preferences UI: Shows content of all tabs on a single page for a moment.

I think there are easy solutions for that: make sure the client-js/client-nojs classes are available very early on (if that's not in the case already), put display: none on the tabs other than the first in .client-js.

Wed, Oct 3, 10:01 PM · Performance, UI-Standardization, MediaWiki-User-preferences
Tgr created P7623 (An Untitled Masterwork).
Wed, Oct 3, 6:43 PM
Tgr added a comment to T206143: Slow response of new preferences UI: Shows content of all tabs on a single page for a moment.
< tgr> do you know what connection speed you have?`
< [1997kB]> ~5mbps
< andre__> I can confirm that bug.
< andre__> tgr: Firefox on Fedora
< [1997kB]> also it happens on Chome for Android.
Wed, Oct 3, 5:46 PM · Performance, UI-Standardization, MediaWiki-User-preferences
Tgr added a project to T206143: Slow response of new preferences UI: Shows content of all tabs on a single page for a moment: UI-Standardization.
Wed, Oct 3, 5:34 PM · Performance, UI-Standardization, MediaWiki-User-preferences
Tgr added a comment to T206090: Certain Special:MobileDiff urls fatal with "Bad value for parameter $old: must be a TextContent".

To be clear, the problem is not related to mobile diffs. Any extension that provides non-text content types (Content subclasses which are not TextContent subclasses) should also provide a custom DifferenceEngine or SlotDiffRenderer as the default one will throw. Flow somehow disables the normal diff URLs so something like https://www.mediawiki.org/w/index.php?diff=2382486 does not cause an error (although it doesn't do what the user would expect, either), but anything else that invokes the diff logic will throw, e.g. https://www.mediawiki.org/wiki/Special:ComparePages?rev1=2382480&rev2=2382486

Wed, Oct 3, 6:42 AM · MobileFrontend (MobileFrontend Special Pages), Readers-Web-Backlog (Tracking), Multi-Content-Revisions, MediaWiki-History-or-Diffs, Growth-Team, Wikimedia-production-error, StructuredDiscussions
Tgr updated subscribers of T206101: Sort out how page/rendering language related properties are used.

From @Anomie in https://gerrit.wikimedia.org/r/c/mediawiki/core/+/434544/28/includes/Revision/RevisionRenderer.php#227 :

  • The distinction between the target language and the interface language does still make sense. Special pages should still use the interface language, as should the skin chrome. Wikibase is weird, as are Commons file pages that make heavy use of {{int:}} to be pseudo-translated.
  • The "content language" should just be the default page/target language. Most code that currently uses $wgContLang should probably be using the target language instead.
  • ParserOptions should always have a target language set. To make that happen correctly, ParserOptions constructors would need to be passed a Title.[1] Then it can default to the page language[2] if one is set, falling back to the content language.
  • ParserOptions should probably split the cache on the target language when the language is used, like it already does for the interface language.

[1]: This should replace Parser::parse() taking a Title of its own.
[2]: Not the page-view language, ideally. Variant transformations for the page-view language should be done post-parse so as to not split the cache.

Wed, Oct 3, 6:10 AM · MediaWiki-Internationalization
Tgr created T206101: Sort out how page/rendering language related properties are used.
Wed, Oct 3, 6:07 AM · MediaWiki-Internationalization
Tgr added a parent task for T201848: Make DifferenceEngine callers pass revisions, not contents: T189220: Ensure that relevant extensions are MCR-aware.
Wed, Oct 3, 3:37 AM · Core Platform Team Kanban (Doing), Multi-Content-Revisions (Tech Debt), Core Platform Team (MCR), Patch-For-Review, MediaWiki-History-or-Diffs
Tgr added a parent task for T202763: Update extensions which customize content diff rendering: T189220: Ensure that relevant extensions are MCR-aware.
Wed, Oct 3, 3:37 AM · Multi-Content-Revisions (Tech Debt), Core Platform Team Backlog (Later), Core Platform Team (MCR), MediaWiki-extensions-General
Tgr added subtasks for T189220: Ensure that relevant extensions are MCR-aware: T201848: Make DifferenceEngine callers pass revisions, not contents, T202763: Update extensions which customize content diff rendering.
Wed, Oct 3, 3:37 AM · Multi-Content-Revisions (Tech Debt), Core Platform Team (MCR), Core Platform Team Backlog (Epic), SDC Engineering, Epic, MW-1.32-notes (WMF-deploy-2018-09-25 (1.32.0-wmf.23))
Tgr added a parent task for T117279: Move InlineDifferenceEngine into core / remove MobileDiff: T202763: Update extensions which customize content diff rendering.
Wed, Oct 3, 3:37 AM · Multi-Content-Revisions, Readers-Web-Backlog (Tracking), Technical-Debt (RW-Tech-Debt), MobileFrontend
Tgr added a subtask for T202763: Update extensions which customize content diff rendering: T117279: Move InlineDifferenceEngine into core / remove MobileDiff.
Wed, Oct 3, 3:37 AM · Multi-Content-Revisions (Tech Debt), Core Platform Team Backlog (Later), Core Platform Team (MCR), MediaWiki-extensions-General
Tgr added subtasks for T189220: Ensure that relevant extensions are MCR-aware: T191795: Support MCR in mobile, T200687: MCR support in TemplateStyles.
Wed, Oct 3, 1:05 AM · Multi-Content-Revisions (Tech Debt), Core Platform Team (MCR), Core Platform Team Backlog (Epic), SDC Engineering, Epic, MW-1.32-notes (WMF-deploy-2018-09-25 (1.32.0-wmf.23))
Tgr added a parent task for T191795: Support MCR in mobile: T189220: Ensure that relevant extensions are MCR-aware.
Wed, Oct 3, 1:05 AM · Readers-Web-Backlog (Tracking), User-mobrovac, Services (designing), MobileFrontend, RESTBase, Mobile-Content-Service, Parsoid, Reading-Infrastructure-Team-Backlog, Multi-Content-Revisions
Tgr added a parent task for T200687: MCR support in TemplateStyles: T189220: Ensure that relevant extensions are MCR-aware.
Wed, Oct 3, 1:05 AM · Multi-Content-Revisions, TemplateStyles
Tgr added a parent task for T195779: MCR support in ORES: T189220: Ensure that relevant extensions are MCR-aware.
Wed, Oct 3, 1:04 AM · Epic, Multi-Content-Revisions, Scoring-platform-team, ORES
Tgr added a subtask for T189220: Ensure that relevant extensions are MCR-aware: T195779: MCR support in ORES.
Wed, Oct 3, 1:04 AM · Multi-Content-Revisions (Tech Debt), Core Platform Team (MCR), Core Platform Team Backlog (Epic), SDC Engineering, Epic, MW-1.32-notes (WMF-deploy-2018-09-25 (1.32.0-wmf.23))
Tgr added a comment to T189220: Ensure that relevant extensions are MCR-aware.

More precisely,

Wed, Oct 3, 12:59 AM · Multi-Content-Revisions (Tech Debt), Core Platform Team (MCR), Core Platform Team Backlog (Epic), SDC Engineering, Epic, MW-1.32-notes (WMF-deploy-2018-09-25 (1.32.0-wmf.23))
Tgr added a comment to T196087: Refactored implementation of MCR page update interface.

We should probably undeprecate WikiPage::doEditContent and co. for 1.32. They refer the user to PageUpdater but that's still not stable and there is no officially supported way to acquire an instance.

Wed, Oct 3, 12:51 AM · Multi-Content-Revisions (Tech Debt), Core Platform Team (MCR), Core Platform Team Backlog (Epic), Epic, Wikidata
Tgr added a comment to T206090: Certain Special:MobileDiff urls fatal with "Bad value for parameter $old: must be a TextContent".

Is this a frequent error or just no one bothered to manually construct a mobile diff of a Flow edit before? There are 4 separate URLs in Logstash, could just be a developer poking around after seeing the initial error. That or MobileFrontend started to expose links somehow. Either way, doesn't seem like a train blocker to me and I doubt such URLs would have worked before. (How does Flow handle diffs at all? It has a non-text content type but it does not seem to have its own diff engine implementation.)

Wed, Oct 3, 12:21 AM · MobileFrontend (MobileFrontend Special Pages), Readers-Web-Backlog (Tracking), Multi-Content-Revisions, MediaWiki-History-or-Diffs, Growth-Team, Wikimedia-production-error, StructuredDiscussions
Tgr added a comment to T206090: Certain Special:MobileDiff urls fatal with "Bad value for parameter $old: must be a TextContent".
Wed, Oct 3, 12:09 AM · MobileFrontend (MobileFrontend Special Pages), Readers-Web-Backlog (Tracking), Multi-Content-Revisions, MediaWiki-History-or-Diffs, Growth-Team, Wikimedia-production-error, StructuredDiscussions

Tue, Oct 2

Tgr created T206049: Gitiles project landing pages should have an anonymous clone URL.
Tue, Oct 2, 10:00 PM · Gerrit
Tgr added a comment to T127233: Endpoints which do not need to authenticate users should set MW_NO_SESSION.

Endpoints that look like they should not need sessions are: load.php, static.php, opensearch_desc.php, profileinfo.php. Probably also thumb.php

Tue, Oct 2, 8:56 PM · Technical-Debt (Deprecation), MW-1.32-release, MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), User-Tgr, Patch-For-Review, MW-1.27-release-notes, MediaWiki-Authentication-and-authorization
Tgr added a comment to T205984: File on officewiki fails to thumbnail (shows errors in MultimediaViewer).

If I fetch the URL with no cookies I get the same 404 error and X-Cache-Status: hit-front (unlike the working URLs which correctly return an access denied page and X-Cache-Status: pass). So I guess this got messed up in Varnish somehow. (And probably MediaWiki is sending the wrong Vary headers on 404.)

Tue, Oct 2, 5:43 PM · media-storage, Multimedia, MediaWiki-extensions-MultimediaViewer
Tgr added a comment to T200392: RfC: Release notes automation.

I don't think Jenkins has anything to do with merging; it's a job triggering framework. AIUI merging is done by Gerrit (when you click "Rebase") and Zuul (when you click +2 and it creates the revision to run gate-and-submit jobs on). Gerrit uses JGit which has no merge driver support. Zuul uses GitPython, which uses command line git, and even has merge drivers in one of its unit tests so that could probably work but how useful is it without support in Gerrit?

Tue, Oct 2, 5:32 PM · MediaWiki-Documentation, TechCom-RFC
Tgr added a comment to T189922: Vagrant clock gets out of sync.

A more obscure error caused by this that I just ran into was vagrant git-update failing with

fatal: unable to access 'https://gerrit.wikimedia.org/r/p/mediawiki/core.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

and curl failing with SSL certificate problem: certificate is not yet valid. Apparently gerrit.wikimedia.org's Let's Encrypt certificate has just auto-renewed and Vagrant got out of sync by over a day and that was enough for the cert's notBefore condition to fail.

Tue, Oct 2, 12:19 AM · Patch-For-Review, MediaWiki-Vagrant

Mon, Oct 1

Tgr added a comment to T205578: Admins cannot view revision-deleted revisions.

To answer my own question, fallback happens via looking up the other worker's result in the parser cache, so as long as the parser cache is used correctly, it's fine. And the parser cache is only used for current revisions and there the audience does not really matter. What's still confusing is that fallback()/getCachedWork() don't check the revision ID. I guess that's just a bug that has little impact because old revisions rarely get stampeded...

Mon, Oct 1, 10:57 PM · Core Platform Team Kanban, Core Platform Team (MCR), Multi-Content-Revisions (Reactive), MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Regression, MediaWiki-Revision-deletion
Tgr added a comment to T205578: Admins cannot view revision-deleted revisions.

or having the caller pass a constructor parameter to explicitly bypass the audience check.

Mon, Oct 1, 9:28 PM · Core Platform Team Kanban, Core Platform Team (MCR), Multi-Content-Revisions (Reactive), MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Regression, MediaWiki-Revision-deletion
Tgr added a comment to T205893: Automatically trigger waitForReplication after a sufficiently high number of rows has been written.

It would also be nice to maybe use the Maintenance methods for committing more often in scripts.

Mon, Oct 1, 8:48 PM · Wikimedia-Incident, MediaWiki-Database
Tgr added a comment to T57420: Remove local wiki password hash when CentralAuth has attached account.
That did not cause problems on other wikis because normally this script would go through all user records but only change a very small number of them
Mon, Oct 1, 5:15 PM · Wikimedia-production-error, Wikimedia-Incident, MW-1.32-notes (WMF-deploy-2018-08-07 (1.32.0-wmf.16)), MediaWiki-extensions-CentralAuth
Tgr added a project to T205893: Automatically trigger waitForReplication after a sufficiently high number of rows has been written: Wikimedia-Incident.
Mon, Oct 1, 5:11 PM · Wikimedia-Incident, MediaWiki-Database