Page MenuHomePhabricator

Tgr (Gergő Tisza)
Software Engineer, WMF

Projects (43)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Sep 19 2014, 4:55 PM (495 w, 3 d)
Availability
Available
IRC Nick
tgr
LDAP User
Gergő Tisza
MediaWiki User
Tgr (WMF) [ Global Accounts ]

Things my team is working on: MediaWiki-Platform-Team
Side projects I am working on (or planning to, eventually): User-Tgr
You can find more info about me on my user page.

Recent Activity

Fri, Mar 15

Tgr added a comment to T358236: Cannot create a new wiki on beta cluster.

@Tgr In ExternalStoreDB::initializeTable() we were passing QUERY_IGNORE_DBO_TRX only, which anyway was incorrect - the schema initialization code should pass QUERY_CHANGE_SCHEMA which is also a flag that isWriteQuery() would consider.

Fri, Mar 15, 4:33 PM · MW-1.42-notes (1.42.0-wmf.23; 2024-03-19), Patch-For-Review, MediaWiki-Platform-Team, Beta-Cluster-Infrastructure
Tgr added a comment to T358236: Cannot create a new wiki on beta cluster.

Database::query() uses QueryBuilderFromRawSql::buildQuery() to convert raw SQL strings to query objects, and that method will always add either QUERY_CHANGE_NONE or QUERY_CHANGE_ROWS. But that stack trace doesn't match that happening - Database::query() already receives a Query object, somehow. Manually overriding the flags might paper over the problem, which might not be the best approach here. What if the Query object is corrupted in other ways as well?

Fri, Mar 15, 2:48 PM · MW-1.42-notes (1.42.0-wmf.23; 2024-03-19), Patch-For-Review, MediaWiki-Platform-Team, Beta-Cluster-Infrastructure

Thu, Mar 14

Tgr added a comment to T358236: Cannot create a new wiki on beta cluster.

The logic of handling an SQL string in Database::query() looks solid to me, but...

#2 /srv/mediawiki-staging/php-master/includes/libs/rdbms/database/DBConnRef.php(119): Wikimedia\Rdbms\Database->query(Object(Wikimedia\Rdbms\Query), 'ExternalStoreDB...', 8)
#3 /srv/mediawiki-staging/php-master/includes/libs/rdbms/database/DBConnRef.php(302): Wikimedia\Rdbms\DBConnRef->__call('query', Array)
#4 /srv/mediawiki-staging/php-master/includes/externalstore/ExternalStoreDB.php(266): Wikimedia\Rdbms\DBConnRef->query('-- Blobs table ...', 'ExternalStoreDB...', 8)

...it looks like a query string is transformed into a Query object in the process of a simple call proxying, and Database::query() is already receiving an object (presumably with invalid flags)? No idea what's going on there.

Thu, Mar 14, 5:58 PM · MW-1.42-notes (1.42.0-wmf.23; 2024-03-19), Patch-For-Review, MediaWiki-Platform-Team, Beta-Cluster-Infrastructure
Tgr added a comment to T345249: Mitigate phase-out of third-party cookies in CentralAuth.

I'll file a task about that.

Thu, Mar 14, 3:55 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T360104: Test cross-domain cookie access with OAuth-style popup + redirect workflow.
Thu, Mar 14, 3:53 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359926: Test cross-domain cookie access with Related Website Sets.
Thu, Mar 14, 3:49 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359948: Test cross-domain cookie access with Storage Access API.
Thu, Mar 14, 3:49 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359948: Test cross-domain cookie access with Storage Access API.
Thu, Mar 14, 2:28 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359926: Test cross-domain cookie access with Related Website Sets.
Thu, Mar 14, 1:54 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359948: Test cross-domain cookie access with Storage Access API.
Thu, Mar 14, 12:29 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T360104: Test cross-domain cookie access with OAuth-style popup + redirect workflow.
Thu, Mar 14, 12:28 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359948: Test cross-domain cookie access with Storage Access API.
Thu, Mar 14, 12:23 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359948: Test cross-domain cookie access with Storage Access API.
Thu, Mar 14, 12:23 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr created T360104: Test cross-domain cookie access with OAuth-style popup + redirect workflow.
Thu, Mar 14, 12:19 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359948: Test cross-domain cookie access with Storage Access API.
Thu, Mar 14, 12:17 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359926: Test cross-domain cookie access with Related Website Sets.
Thu, Mar 14, 11:01 AM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359948: Test cross-domain cookie access with Storage Access API.
Thu, Mar 14, 11:00 AM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth

Wed, Mar 13

Tgr added a comment to T345249: Mitigate phase-out of third-party cookies in CentralAuth.

I don't think a test site would have much point.

Wed, Mar 13, 11:36 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a comment to T345249: Mitigate phase-out of third-party cookies in CentralAuth.

Have any of Google, Apple or Mozilla announced an intent to deprecate or break OAuth-like redirects?

Wed, Mar 13, 11:33 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359957: Enroll in Chrome third-party cookies deprecation trial.
Wed, Mar 13, 10:22 PM · WMF-General-or-Unknown, MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a comment to T359957: Enroll in Chrome third-party cookies deprecation trial.

Usually origin trials are disabled for a given site after reaching 0.5% of all Chrome pageloads; it seems unlikely but not completely inconceivable that Wikipedia would reach this threshold. But, if I understand the documentation correctly, this restriction doesn't apply for deprecation trials, only trials of new features, so we don't need to worry about it.

Wed, Mar 13, 7:37 PM · WMF-General-or-Unknown, MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a comment to T359957: Enroll in Chrome third-party cookies deprecation trial.

There are two third-party cookie blocking deprecation trials:

  • A first party trial where we could register a top-level domain such as wikipedia.org and third-party cookie access is allowed as long as the top-level document's domain is a subdomain of that. Enabling the trial happens via an Origin-Trial HTTP header or a corresponding meta tag on the embedding page.
  • A third-party trial where we can register a third-party domain and then it can be used anywhere. The documentation is a bit confusing on this point but AIUI you we can either use a header or meta tag on the embedded page, or use JS to add a meta tag to the embedding page. (The generic origin trial docs include this somewhat confusing warning: "Caution: A third-party token must be provided in an external JavaScript file included via a <script> element: a third-party token won't work in a meta tag, inline script or HTTP header.") Whether the trial will be declared on embedding or embedded pages needs to be declared up ahead; if we want both, we need to register twice.
Wed, Mar 13, 7:33 PM · WMF-General-or-Unknown, MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth

Tue, Mar 12

Tgr added a comment to T359957: Enroll in Chrome third-party cookies deprecation trial.

Enrolling requires filing a bug about the website being affected, so here it is: https://issuetracker.google.com/issues/329250103

Tue, Mar 12, 9:02 PM · WMF-General-or-Unknown, MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a comment to T345249: Mitigate phase-out of third-party cookies in CentralAuth.

Next step is to test the relevant browser APIs:

spec investigationtestbrowserfunctionality
RWST345589T359926Chromecookie access, probably on par with current
FedCMT335851T359947Chrome, Edge, Opera (maybe Firefox soon?)browser-mediated identity checks
Storage AccessT359948all moderncookie access after user interaction
Tue, Mar 12, 5:20 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a comment to T359948: Test cross-domain cookie access with Storage Access API.

Back when I looked at requestStorageAccessFor, it was still in development. Now caniuse says it's available, but only works between sites of the same RWS set. So it might not be relevant for this task at all.

Tue, Mar 12, 5:10 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr placed T181869: Error "Session {session}: Metadata has an anonymous user, but a non-anon user was provided" up for grabs.

Improved the inline docs a little. (Note that the message changed, it is now Session "{session}": the session store entry is for an anonymous user, but the session metadata indicates a non-anonynmous user.) I have two hypotheses of what could be happening:

  • When the user logs out, the login cookies do not get unset for some reason, so the user is left with an anonymous session (is this actually true? do we set the backend session to anonymous on logout, rather than deleting it?) but logged-in cookies. I don't think this explains what's going on, given how frequent the logs are, and failing to unset cookies isn't something that should happen often.
  • When the user logs out on CentralAuth, cookies on domains other than the current one are left in place (T143001: Wiki sites should delete all their cookies during logout). I don't think this would result in this message (those domains would have no session or an invalid logged-in session, not an anonymous session) but maybe I misremember the details of how CentralAuth session invalidation on login works.
Tue, Mar 12, 4:58 PM · MW-1.42-notes (1.42.0-wmf.20; 2024-02-27), MediaWiki-Platform-Team, Documentation, MediaWiki-Core-AuthManager, MediaWiki-extensions-CentralAuth
Tgr placed T204787: Session Warning: "User ID mismatch, {uid_a} !== {uid_b}" up for grabs.
Tue, Mar 12, 4:46 PM · MediaWiki-Platform-Team, MediaWiki-Core-AuthManager
Tgr claimed T359926: Test cross-domain cookie access with Related Website Sets.
Tue, Mar 12, 4:46 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr moved T359947: Test cross-domain authentication with Federated Credentials Management API from Inbox, needs triage to Current Sprint on the MediaWiki-Platform-Team board.
Tue, Mar 12, 4:45 PM · MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team
Tgr moved T359948: Test cross-domain cookie access with Storage Access API from Inbox, needs triage to Current Sprint on the MediaWiki-Platform-Team board.
Tue, Mar 12, 4:45 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr triaged T359957: Enroll in Chrome third-party cookies deprecation trial as High priority.
Tue, Mar 12, 4:44 PM · WMF-General-or-Unknown, MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr created T359957: Enroll in Chrome third-party cookies deprecation trial.
Tue, Mar 12, 4:43 PM · WMF-General-or-Unknown, MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359948: Test cross-domain cookie access with Storage Access API.
Tue, Mar 12, 3:15 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a subtask for T345249: Mitigate phase-out of third-party cookies in CentralAuth: T359948: Test cross-domain cookie access with Storage Access API.
Tue, Mar 12, 3:03 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a parent task for T359948: Test cross-domain cookie access with Storage Access API: T345249: Mitigate phase-out of third-party cookies in CentralAuth.
Tue, Mar 12, 3:03 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a comment to T359948: Test cross-domain cookie access with Storage Access API.

Relevant (but outdated) description from the parent task:

Use the requestStorageAccess() or requestStorageAccessFor() API, which allow access to third-party cookies. (requestStorageAccess is better supported, but needs to be called by the embedded resource, so it's only usable for iframes; requestStorageAccessFor is called by the embedder.) These would probably be part of using first-party sets, but can be used without those as well; however, then they would require explicit user opt-in (and separately for each domain), making them less practical. Also, they can only be called after user interaction.
support: requestStorageAccess (caniuse) is supported in Firefox and Safari, supported but requires first-party sets in Edge, behind a feature flag in Chrome. requestStorageAccessFor is Chrome-only (chromestatus).

Tue, Mar 12, 3:03 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr created T359948: Test cross-domain cookie access with Storage Access API.
Tue, Mar 12, 3:02 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a subtask for T345249: Mitigate phase-out of third-party cookies in CentralAuth: T359947: Test cross-domain authentication with Federated Credentials Management API.
Tue, Mar 12, 2:56 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a subtask for T335851: Investigate the Federated Credential Management browser API: T359947: Test cross-domain authentication with Federated Credentials Management API.
Tue, Mar 12, 2:56 PM · MediaWiki-Platform-Team, affects-Miraheze, User-Tgr, MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager
Tgr added parent tasks for T359947: Test cross-domain authentication with Federated Credentials Management API: T335851: Investigate the Federated Credential Management browser API, T345249: Mitigate phase-out of third-party cookies in CentralAuth.
Tue, Mar 12, 2:56 PM · MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team
Tgr created T359947: Test cross-domain authentication with Federated Credentials Management API.
Tue, Mar 12, 2:56 PM · MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team
Tgr updated the task description for T359926: Test cross-domain cookie access with Related Website Sets.
Tue, Mar 12, 2:50 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359926: Test cross-domain cookie access with Related Website Sets.
Tue, Mar 12, 2:48 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a comment to T332022: [Epic] Undeploying StructuredDiscussions (Flow).

Undeployment is hard because you need to convert the existing content but switching Flow to readonly on a given wiki should be trivial, if there is community support for it (except someone would have to move all the Flow pages afterwards to make place for wikitext comments).

Tue, Mar 12, 2:41 PM · Epic, StructuredDiscussions, DiscussionTools, Editing-team, Growth-Team
Tgr renamed T359926: Test cross-domain cookie access with Related Website Sets from Test cross-domain authentication with Related Website Sets to Test cross-domain cookie access with Related Website Sets.
Tue, Mar 12, 12:33 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a subtask for T345249: Mitigate phase-out of third-party cookies in CentralAuth: T359926: Test cross-domain cookie access with Related Website Sets.
Tue, Mar 12, 12:06 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a subtask for T345589: Investigate the First-Party Sets browser API: T359926: Test cross-domain cookie access with Related Website Sets.
Tue, Mar 12, 12:06 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager
Tgr added parent tasks for T359926: Test cross-domain cookie access with Related Website Sets: T345249: Mitigate phase-out of third-party cookies in CentralAuth, T345589: Investigate the First-Party Sets browser API.
Tue, Mar 12, 12:06 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr created T359926: Test cross-domain cookie access with Related Website Sets.
Tue, Mar 12, 12:05 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth

Mon, Mar 11

Tgr added a comment to T161859: Make Wikitech an SUL wiki.

In my mind it just needs an account migration pretty much exactly like SUL unification did back in the day. The ~labswiki suffix for un-migrated local only accounts should go a long way towards keeping CentralAuth happy I think? Has the stack changed such that that solution is no longer possible?

Mon, Mar 11, 9:02 PM · cloud-services-team, Epic, wikitech.wikimedia.org
Tgr added a comment to T334623: How do we log unsuccessful first edits for temporary users?.

I like your idea of splitting the constraints into user-independent and user-dependent.

Mon, Mar 11, 12:38 PM · Trust and Safety Product Sprint (Sprint Gangan (11th - 22nd March)), Data-Persistence, AbuseFilter, Temporary accounts
Tgr added a comment to T359775: LoadBalancer::resolveDomainId should support virtual domains.

For the record, the exact stack trace is

Wikimedia\Rdbms\DBConnectionError from line 1123 of /vagrant/mediawiki/includes/libs/rdbms/loadbalancer/LoadBalancer.php: Cannot access the database: Unknown database 'virtual' (127.0.0.1)
#0 /vagrant/mediawiki/includes/libs/rdbms/loadbalancer/LoadBalancer.php(779): Wikimedia\Rdbms\LoadBalancer->reportConnectionError()
#1 /vagrant/mediawiki/includes/libs/rdbms/loadbalancer/LoadBalancer.php(767): Wikimedia\Rdbms\LoadBalancer->getServerConnection()
#2 /vagrant/mediawiki/includes/libs/rdbms/database/DBConnRef.php(103): Wikimedia\Rdbms\LoadBalancer->getConnectionInternal()
#3 /vagrant/mediawiki/includes/libs/rdbms/database/DBConnRef.php(117): Wikimedia\Rdbms\DBConnRef->ensureConnection()
#4 /vagrant/mediawiki/includes/libs/rdbms/database/DBConnRef.php(351): Wikimedia\Rdbms\DBConnRef->__call()
#5 /vagrant/mediawiki/includes/utils/BatchRowIterator.php(248): Wikimedia\Rdbms\DBConnRef->select()
#6 /vagrant/mediawiki/includes/utils/BatchRowIterator.php(206): BatchRowIterator->next()
#7 /vagrant/mediawiki/extensions/AntiSpoof/maintenance/BatchAntiSpoofClass.php(94): BatchRowIterator->rewind()
#8 /vagrant/mediawiki/maintenance/includes/MaintenanceRunner.php(698): BatchAntiSpoof->execute()
#9 /vagrant/mediawiki/maintenance/run.php(51): MediaWiki\Maintenance\MaintenanceRunner->run()
#10 /var/www/w/MWScript.php(99): require_once('/vagrant/mediaw...')
#11 {main}
Mon, Mar 11, 12:24 PM · Data-Persistence, MediaWiki-libs-Rdbms

Sun, Mar 10

Tgr updated the task description for T359775: LoadBalancer::resolveDomainId should support virtual domains.
Sun, Mar 10, 9:27 PM · Data-Persistence, MediaWiki-libs-Rdbms
Tgr created T359775: LoadBalancer::resolveDomainId should support virtual domains.
Sun, Mar 10, 9:27 PM · Data-Persistence, MediaWiki-libs-Rdbms
Tgr added a comment to T359750: Provide visitor stats that can be imported into caniuse.com.

Just filter to logged-in pageviews. I think we already do that somewhere, there just isn't any public export of the data.

Sun, Mar 10, 6:16 PM · Data Products, Data-Engineering, Data-Engineering-Dashiki
Tgr added a subtask for T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions: T158365: Session "{session}": Metadata merge failed: {exception}.
Sun, Mar 10, 5:46 PM · Test-Coverage, MediaWiki-Platform-Team, Epic, MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager
Tgr added a parent task for T158365: Session "{session}": Metadata merge failed: {exception}: T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions.
Sun, Mar 10, 5:46 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager
Tgr added a subtask for T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions: T204459: Session "{session}": CentralAuth saved source {saved} != expected source {expected}.
Sun, Mar 10, 5:46 PM · Test-Coverage, MediaWiki-Platform-Team, Epic, MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager
Tgr added a parent task for T204459: Session "{session}": CentralAuth saved source {saved} != expected source {expected}: T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions.
Sun, Mar 10, 5:46 PM · MediaWiki-Platform-Team, MediaWiki-Core-AuthManager
Tgr claimed T359537: Special:BotPasswords grant for "access checkuser data" should have the "grants with security risk" icon.
Sun, Mar 10, 5:44 PM · MW-1.42-notes (1.42.0-wmf.22; 2024-03-12), Patch-For-Review, MediaWiki-Platform-Team, MediaWiki-Core-AuthManager, CheckUser
Tgr moved T359537: Special:BotPasswords grant for "access checkuser data" should have the "grants with security risk" icon from Inbox, needs triage to Current Sprint on the MediaWiki-Platform-Team board.
Sun, Mar 10, 5:44 PM · MW-1.42-notes (1.42.0-wmf.22; 2024-03-12), Patch-For-Review, MediaWiki-Platform-Team, MediaWiki-Core-AuthManager, CheckUser
Tgr added a comment to T359750: Provide visitor stats that can be imported into caniuse.com.

The data provided by https://analytics.wikimedia.org/dashboards/browsers/ can be downloaded. What do you want above and beyond that?

Sun, Mar 10, 8:37 AM · Data Products, Data-Engineering, Data-Engineering-Dashiki
Tgr added a comment to T359754: Some extension repositories corrupted during vagrant git-update.

No idea if this is a bug with Vagrant or composer itself. Vagrant doesn't reference composer/pcre at all.

Sun, Mar 10, 8:26 AM · MediaWiki-Vagrant

Sat, Mar 9

Tgr created T359754: Some extension repositories corrupted during vagrant git-update.
Sat, Mar 9, 7:42 PM · MediaWiki-Vagrant
Tgr added a comment to T359537: Special:BotPasswords grant for "access checkuser data" should have the "grants with security risk" icon.

Those were added in https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/+/264437 and I'm pretty sure they were meant to be temporary.

Sat, Mar 9, 5:08 PM · MW-1.42-notes (1.42.0-wmf.22; 2024-03-12), Patch-For-Review, MediaWiki-Platform-Team, MediaWiki-Core-AuthManager, CheckUser
Tgr added a comment to T359750: Provide visitor stats that can be imported into caniuse.com.

(Couldn't find any analytics-related project that isn't specific either to some software component or to some WMF management process, so tagging WMF-General-or-Unknown.)

Sat, Mar 9, 5:02 PM · Data Products, Data-Engineering, Data-Engineering-Dashiki
Tgr created T359750: Provide visitor stats that can be imported into caniuse.com.
Sat, Mar 9, 5:00 PM · Data Products, Data-Engineering, Data-Engineering-Dashiki
Tgr updated the image for Hungarian-Sites from F42502976: profile to F42503011: profile.
Sat, Mar 9, 4:56 PM
Tgr set the image for Hungarian-Sites to F42502976: profile.
Sat, Mar 9, 4:54 PM

Thu, Mar 7

Tgr added a comment to T359537: Special:BotPasswords grant for "access checkuser data" should have the "grants with security risk" icon.

It's listed in T290790: Group OAuth grants by riskiness as such but looks like I forgot to make an actual patch for it.

Thu, Mar 7, 1:45 PM · MW-1.42-notes (1.42.0-wmf.22; 2024-03-12), Patch-For-Review, MediaWiki-Platform-Team, MediaWiki-Core-AuthManager, CheckUser

Wed, Mar 6

Tgr closed T319671: Migrate derivative from Toolforge GridEngine to Toolforge Kubernetes as Resolved.

The tool is still generating uploads.

Wed, Mar 6, 1:00 PM · Grid-Engine-to-K8s-Migration

Tue, Mar 5

Tgr merged T256525: Stay logged in doesn’t work, global login doesn’t work on different projects into T345249: Mitigate phase-out of third-party cookies in CentralAuth.
Tue, Mar 5, 1:29 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr merged task T256525: Stay logged in doesn’t work, global login doesn’t work on different projects into T345249: Mitigate phase-out of third-party cookies in CentralAuth.
Tue, Mar 5, 1:27 PM · MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager
Tgr added a comment to T256525: Stay logged in doesn’t work, global login doesn’t work on different projects.

Since this was reported in 2020 June and Safari rolled out third-party cookie blocking beginning 2020 March, it was very likely caused by that feature, which is already covered by several other tasks and has been somewhat improved since. So let's close this.

Tue, Mar 5, 1:27 PM · MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager
Tgr added a comment to T359064: Represent temporary account expiry with system blocks.

System blocks are not stored in the database (or, if you want, the de facto storage mechanism would be the global user registration date field in this case). Using the authentication state as storage mechanism instead would be probably possible too.

Tue, Mar 5, 12:09 PM · MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team, Temporary accounts
Tgr added a comment to T359116: Split up CentralAuth into smaller extensions.

with user rename from MediaWiki core maybe also moved there

We just done T27482: Merge RenameUser into core and since 1. most MediaWiki installations are single and 2. we merged it because there are maintanence script using the rename feature, there are no reason to split it again.

Tue, Mar 5, 12:03 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359116: Split up CentralAuth into smaller extensions.
Tue, Mar 5, 12:03 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth

Mon, Mar 4

Tgr updated the task description for T359116: Split up CentralAuth into smaller extensions.
Mon, Mar 4, 10:11 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a comment to T358979: Show global block information on Special:CentralAuth/<username>.

@Bugreporter I filed T359116: Split up CentralAuth into smaller extensions about splitting up CentralAuth.

Mon, Mar 4, 10:10 PM · Trust and Safety Product Team, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team, GlobalBlocking
Tgr created T359116: Split up CentralAuth into smaller extensions.
Mon, Mar 4, 10:10 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a comment to T358985: Admin account created by the installer isn't made global by CentralAuth.

Note there is a similar (but different in terms of mechanics) problem with system users: T214722: Introduce global system users / T111686: Add new accounts used by extensions to SUL / T275931: Have new MassMessage system users be automatically attached to CentralAuth.

Mon, Mar 4, 9:29 PM · Continuous-Integration-Config, MediaWiki-Installer, ci-test-error, MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a comment to T17294: Allow blocking of global accounts.
In T17294#9560358, @Tgr wrote:

In fact maybe we could make the script block the temporary account when it expires, that's a state already understood by all kinds of tooling (and e.g. a warning is already implemented when trying to message the user). It also works regardless of what authentication extension you use, while checking if the session has been invalidated would have to be implemented separately for all authentication extensions.

Mon, Mar 4, 9:19 PM · Temporary accounts, MediaWiki-Platform-Team, MediaWiki-Blocks, Goal, Epic, Stewards-and-global-tools, GlobalBlocking
Tgr added a comment to T358030: denote whether temporary accounts is expired.

I think the easiest way to do this would be T359064: Represent temporary account expiry with system blocks.

Mon, Mar 4, 9:18 PM · Temporary accounts
Tgr added a comment to T300271: [IP Masking] Temporary Account Expiration.

Somewhat belatedly, I thought of what seems like a better method (although maybe somewhat complementary): T359064: Represent temporary account expiry with system blocks

Mon, Mar 4, 9:18 PM · Patch-For-Review, Growth-Team (Sprint 3 (Growth Team)), IP-Masking-Growth-Team, Temporary accounts
Tgr added a comment to T358469: Display expired temporary account names differently.

See also T358030: denote whether temporary accounts is expired.

Mon, Mar 4, 9:15 PM · Temporary accounts
Tgr added a comment to T357935: Show temp user status on Special:CentralAuth/<username>.

In hindsight a better way to do this would be T359064: Represent temporary account expiry with system blocks (and then some version of T358979: Show global block information on Special:CentralAuth/<username>).

Mon, Mar 4, 9:13 PM · Patch-For-Review, MediaWiki-Platform-Team, Temporary accounts, MediaWiki-extensions-CentralAuth
Tgr updated the task description for T359064: Represent temporary account expiry with system blocks.
Mon, Mar 4, 9:09 PM · MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team, Temporary accounts
Tgr updated the task description for T359060: BlockDisablesLogin should be a block flag.
Mon, Mar 4, 9:04 PM · MediaWiki-Blocks
Tgr updated the task description for T359060: BlockDisablesLogin should be a block flag.
Mon, Mar 4, 9:03 PM · MediaWiki-Blocks
Tgr added a comment to T358985: Admin account created by the installer isn't made global by CentralAuth.

Could it be done in the LoadExtensionSchemaUpdates hook handler?

Mon, Mar 4, 5:39 PM · Continuous-Integration-Config, MediaWiki-Installer, ci-test-error, MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr created T359064: Represent temporary account expiry with system blocks.
Mon, Mar 4, 3:31 PM · MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team, Temporary accounts
Tgr created T359060: BlockDisablesLogin should be a block flag.
Mon, Mar 4, 3:10 PM · MediaWiki-Blocks
Tgr edited projects for T352227: Work around cache partitioning in iframe sandboxing, added: Security, MediaWiki-General; removed MediaWiki-Platform-Team.

Per T334940#9537862, this will not be worked on in the context of the Graph extension. I think it's still meaningful in the wider context of T169027: Provide iframe sandboxing for rich-media extensions (defense in depth) so we can leave the task open.

Mon, Mar 4, 1:41 PM · MediaWiki-General, Security, Performance Issue
Tgr closed T222807: Sandbox Graph extension into an iframe as Declined.

Per T334940#9537862, not happening.

Mon, Mar 4, 1:39 PM · MediaWiki-Platform-Team, MediaWiki-extensions-Graph
Tgr closed T222807: Sandbox Graph extension into an iframe, a subtask of T346291: Re-enable the Graph Extension for use at all Wikimedia Wikis, as Declined.
Mon, Mar 4, 1:38 PM · MediaWiki-extensions-Graph
Tgr added a comment to T358973: VisualEditor renders empty table rows (rows with no cells).

So apparently the old parser HTML doesn't have an empty row, the Parsoid HTML does have an empty row but it's invisible (as an empty <tr> should be) and VisualEditor inserts an "add cell" affordance (implemented as a <td>) so the row is not empty anymore.

Mon, Mar 4, 1:22 PM · Parsoid (Tracking), VisualEditor, VisualEditor-Tables
Tgr added a comment to T358979: Show global block information on Special:CentralAuth/<username>.

I suppose that would require some sort of hook for adding information snippets to Special:CentralAuth. At which point I wonder if we should rename it to something less extension-specific (like CentralUser)?

Mon, Mar 4, 12:45 PM · Trust and Safety Product Team, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team, GlobalBlocking
Tgr added a comment to T358985: Admin account created by the installer isn't made global by CentralAuth.

Extensions aren't enabled when the installer runs and creates the admin account. Vagrant migrates the admin user manually; other environments could do that, or I guess we could create some sort of post-install hook that the installer calls as a final step.

Mon, Mar 4, 12:44 PM · Continuous-Integration-Config, MediaWiki-Installer, ci-test-error, MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth

Sun, Mar 3

Tgr created T358973: VisualEditor renders empty table rows (rows with no cells).
Sun, Mar 3, 9:16 AM · Parsoid (Tracking), VisualEditor, VisualEditor-Tables

Wed, Feb 28

Tgr added a comment to T357685: mediawiki 1.40: $wgReadOnly and access restriction result in confusing login error.

Use shell.php and check what kind of object is returned by ObjectCache::getInstance( $wgSessionCacheType ).

Wed, Feb 28, 3:54 PM · MediaWiki-Platform-Team, MediaWiki-Core-AuthManager