Page MenuHomePhabricator

Tgr (Gergő Tisza)
Software Engineer, WMF Reading

Projects (37)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Sep 19 2014, 4:55 PM (234 w, 6 d)
Availability
Available
IRC Nick
tgr
LDAP User
Gergő Tisza
MediaWiki User
Tgr (WMF) [ Global Accounts ]

Things my team is working on: Reading-Infrastructure-Team-Backlog (kanban board)
Side projects I am working on (or planning to, eventually): User-Tgr
You can find more info about me on my user page.

Recent Activity

Today

Tgr moved T204577: JsonConfig emits PHP error "Cannot access property on non-object" in JCApi::addStatusConf from Regressed 1.32-wmf.20 to Regressed longer ago on the Wikimedia-production-error board.
Thu, Mar 21, 11:26 PM · User-zeljkofilipin, MediaWiki-extensions-JsonConfig, Wikimedia-production-error
Tgr moved T204577: JsonConfig emits PHP error "Cannot access property on non-object" in JCApi::addStatusConf from Regressed longer ago to Regressed 1.32-wmf.20 on the Wikimedia-production-error board.
Thu, Mar 21, 11:26 PM · User-zeljkofilipin, MediaWiki-extensions-JsonConfig, Wikimedia-production-error
Tgr updated the task description for T218926: MediaWiki-Vagrant complains about insecure NIC setting.
Thu, Mar 21, 7:00 PM · Security, MediaWiki-Vagrant
Tgr added a comment to T218926: MediaWiki-Vagrant complains about insecure NIC setting.

Adding a default NIC type as suggested in the links does not seem to do anything. Maybe the vagrant box would have to be rebuilt?
Using a newer version of Virtualbox might not be an easy option since Virtualbox provides its own driver and secure boot requires signed drivers. At least the .deb files downloadable from Oracle do not take care of that.

Thu, Mar 21, 6:57 PM · Security, MediaWiki-Vagrant
Tgr merged T210764: Vagrant has detected a configuration issue which exposes a vulnerability with the installed version of VirtualBox into T218926: MediaWiki-Vagrant complains about insecure NIC setting.
Thu, Mar 21, 6:52 PM · Security, MediaWiki-Vagrant
Tgr merged task T210764: Vagrant has detected a configuration issue which exposes a vulnerability with the installed version of VirtualBox into T218926: MediaWiki-Vagrant complains about insecure NIC setting.
Thu, Mar 21, 6:52 PM · Release-Engineering-Team (Kanban), MediaWiki-Vagrant
Tgr updated the task description for T218926: MediaWiki-Vagrant complains about insecure NIC setting.
Thu, Mar 21, 6:48 PM · Security, MediaWiki-Vagrant
Tgr updated the task description for T218926: MediaWiki-Vagrant complains about insecure NIC setting.
Thu, Mar 21, 6:39 PM · Security, MediaWiki-Vagrant
Tgr updated the task description for T218926: MediaWiki-Vagrant complains about insecure NIC setting.
Thu, Mar 21, 6:38 PM · Security, MediaWiki-Vagrant
Tgr created T218926: MediaWiki-Vagrant complains about insecure NIC setting.
Thu, Mar 21, 6:38 PM · Security, MediaWiki-Vagrant
Tgr added a comment to T218844: Update Gerrit /r/p/ links to /r/.

there's a related task but I'm unable to find it

Thu, Mar 21, 4:56 PM · Patch-For-Review, good first bug, Documentation, Epic, Wikimedia-General-or-Unknown, Gerrit
Tgr added a comment to T218844: Update Gerrit /r/p/ links to /r/.

Yeah. this is about links which will end up in somebody's git config as a git remote URL (so URL used for git clone, git remote add, .gitmodules and such). Sorry, I should have been clearer.

Thu, Mar 21, 4:54 PM · Patch-For-Review, good first bug, Documentation, Epic, Wikimedia-General-or-Unknown, Gerrit
Tgr added a project to T218844: Update Gerrit /r/p/ links to /r/: Documentation.
Thu, Mar 21, 2:56 AM · Patch-For-Review, good first bug, Documentation, Epic, Wikimedia-General-or-Unknown, Gerrit
Tgr created T218844: Update Gerrit /r/p/ links to /r/.
Thu, Mar 21, 2:51 AM · Patch-For-Review, good first bug, Documentation, Epic, Wikimedia-General-or-Unknown, Gerrit
Tgr added a comment to T193613: Come up with a strategy for handling PHP interface changes.

At this point I'd say, any time you want to use an interface, you should probably use an abstract class instead. (Except maybe if that class is not going to be exposed externally, but then what's the point of an interface in the first place?)

Thu, Mar 21, 12:53 AM · TechCom, TechCom-RFC, MediaWiki-General-or-Unknown
Tgr added a comment to T52399: {{fullurl:}} and {{SERVER}} when used on mobile do not resolve to commons.m.wikimedia.org but to commons.wikimedia.org.

This task is probably more related to T195494: Handle mobile domains in core than the one it got merged into.

Thu, Mar 21, 12:26 AM · MediaWiki-Parser
Mill <mill@mail.com> committed rMLZEc90f4b88ea78: whaaaaaaaaaaaa (authored by Tgr).
whaaaaaaaaaaaa
Thu, Mar 21, 12:22 AM
Mill <mill@mail.com> committed rMLZE1e7eb0be420a: vhaaaaaaaaaaaa (authored by Tgr).
vhaaaaaaaaaaaa
Thu, Mar 21, 12:22 AM

Tue, Mar 19

Tgr added a comment to T218674: User::getRights() applies session rights restrictions to non-session users.

User::getBlockedStatus has some ugly checks to see whether the User object whose status has been queried is the same as the global user (to determine whether the IP from $wgRequest can be used to check for IP blocks).

Tue, Mar 19, 4:49 PM · MediaWiki-User-management, MediaWiki-API
Tgr added a comment to T204747: UserMerge: Code Stewardship Review.

If UserMerge is no longer supported, how do you do to remove spam users with the API?

Tue, Mar 19, 1:47 AM · Release-Engineering-Team (Kanban), Stewards-and-global-tools, MediaWiki-extensions-UserMerge, Code-Stewardship-Reviews

Mon, Mar 18

Tgr added a comment to T165795: Ldap auth extension vs. ldap vs. username Case.

We need a method that returns all case variants of a name that exist in LDAP; the rest of the patch does not require familiarity with LDAP. If that list is empty, allow user creation; if the list is exactly one element, only allow login/creation if it matches the casing provided by the user (since providers cannot change the casing of the MediaWiki user); if it's larger, probably just log and die. Also return the list in providerNormalizeUsername() for account creation UI checks.

Mon, Mar 18, 11:51 PM · Patch-For-Review, MediaWiki-Authentication-and-authorization, wikitech.wikimedia.org, MediaWiki-extensions-LdapAuthentication
Tgr added a comment to T208988: Fix Flow random test failures.

Same issue in https://integration.wikimedia.org/ci/job/wmf-quibble-core-vendor-mysql-hhvm-docker/10779/console:

16:24:01 ResourceLoaderFileModule::readStyleFile: style file not found: "/workspace/src/extensions/VisualEditor/lib/ve/lib/color-picker/color-picker.css"
...
16:24:01 Message 'visualeditor-diff-no-changes' required by 'ext.visualEditor.mwsave' must exist
Mon, Mar 18, 11:44 PM · Growth-Team, Continuous-Integration-Config, Patch-For-Review, User-kostajh, StructuredDiscussions
Tgr added a subtask for T159299: Deprecate $wgUser: T218555: Provide access to WebRequest and associated information via a service object.
Mon, Mar 18, 11:28 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Patch-For-Review, Technical-Debt (Deprecation), MediaWiki-User-management
Tgr added a parent task for T218555: Provide access to WebRequest and associated information via a service object: T159299: Deprecate $wgUser.
Mon, Mar 18, 11:28 PM · Core Platform Team Backlog (Later), Core Platform Team (Decoupling (CDP2)), MediaWiki-Decoupling
Tgr added a comment to T159299: Deprecate $wgUser.

We don't really have a good replacement for $wgUser right now; that will be provided by T218555: Provide access to WebRequest and associated information via a service object. There are benefits in switching to RequestContext, but it also means having to work twice.

Mon, Mar 18, 11:28 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Patch-For-Review, Technical-Debt (Deprecation), MediaWiki-User-management
Tgr added a comment to T218278: Allow FlaggedRevs page stability to be set programmatically based on edit quality.

Thanks! I couldn't remember where I heard about that.

Mon, Mar 18, 9:03 AM · MediaWiki-extensions-FlaggedRevs, User-Tgr
Tgr updated the task description for T218278: Allow FlaggedRevs page stability to be set programmatically based on edit quality.
Mon, Mar 18, 8:10 AM · MediaWiki-extensions-FlaggedRevs, User-Tgr
Tgr updated the task description for T218278: Allow FlaggedRevs page stability to be set programmatically based on edit quality.
Mon, Mar 18, 8:07 AM · MediaWiki-extensions-FlaggedRevs, User-Tgr
Tgr moved T218277: Build statistics toolset to support WM-HU editor retention grant from Backlog to Huwiki on the User-Tgr board.
Mon, Mar 18, 7:33 AM · Outreach-Programs-Projects, User-Tgr
Tgr moved T218278: Allow FlaggedRevs page stability to be set programmatically based on edit quality from Backlog to Huwiki on the User-Tgr board.
Mon, Mar 18, 7:32 AM · MediaWiki-extensions-FlaggedRevs, User-Tgr
Tgr added a project to T218277: Build statistics toolset to support WM-HU editor retention grant: Outreach-Programs-Projects.
Mon, Mar 18, 7:29 AM · Outreach-Programs-Projects, User-Tgr

Sat, Mar 16

Neil_P._Quinn_WMF awarded T215042: Set up a hosted Matrix.org / Riot instance a Love token.
Sat, Mar 16, 4:45 AM · User-Tgr, Wikimedia-General-or-Unknown
Tgr committed rMLZEa9fc4061a15e: Use standard 'use' notation (authored by Tgr).
Use standard 'use' notation
Sat, Mar 16, 2:36 AM
Tgr committed rMLZEd118dcc45b80: Expose getElementsById/getElementsByTagName (authored by Tgr).
Expose getElementsById/getElementsByTagName
Sat, Mar 16, 2:36 AM
Tgr added a comment to T118774: No way to force a user to change their password if it's invalid.

Do we consider this good enough for enabling on Wikimedia wikis and/or core, or are we holding out for a more complex version that includes a grace period?

Sat, Mar 16, 1:35 AM · MW-1.33-notes (1.33.0-wmf.21; 2019-03-12), Security, Patch-For-Review, MediaWiki-User-login-and-signup
Tgr added a comment to T218432: LinkTarget should have an equals() method.

Well, it's an interface so it shouldn't assume that the implementation is always the same (and at least during the transition from Title to TitleValue it might not be). Also even if the two objects are of the same type, pure object comparison is not really reliable: === will differentiate between two instances of the same title, and == will do a recursive field equality check which might fail if e.g. comparing a fully loaded and a not fully loaded Title.

Sat, Mar 16, 12:23 AM · Patch-For-Review, MediaWiki-Decoupling
Tgr edited projects for T218449: Determine new password requirements for MediaWiki core, added: MediaWiki-Authentication-and-authorization; removed MediaWiki-extensions-Auth_remoteuser.
Sat, Mar 16, 12:17 AM · MediaWiki-Authentication-and-authorization, MediaWiki-Stakeholders-Group, Security, MediaWiki-User-login-and-signup

Fri, Mar 15

Tgr added a comment to T151425: Enlarge Popular Password File to 100,000 entries and enforce the new minimum in the config.

although we might want to change it to have suggestChangeOnLogin => true for the default policy group (and false for the others), per above.

Fri, Mar 15, 10:11 PM · Patch-For-Review, MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Security-team-backlog, MediaWiki-User-login-and-signup
Tgr created T218449: Determine new password requirements for MediaWiki core.
Fri, Mar 15, 10:09 PM · MediaWiki-Authentication-and-authorization, MediaWiki-Stakeholders-Group, Security, MediaWiki-User-login-and-signup
Tgr added a comment to T211550: Password length check should count unicode characters.

The NIST guidelines say "For purposes of the above length requirements, each Unicode code point SHALL be counted as a single character."
Absent strong reasons to the contrary, we should probably go with that.

Fri, Mar 15, 10:01 PM · MediaWiki-User-login-and-signup
Tgr added a comment to T151425: Enlarge Popular Password File to 100,000 entries and enforce the new minimum in the config.

I think the work for popular passwords and password length, while near each other in the code, likely don't touch much of the same code.

Fri, Mar 15, 9:27 PM · Patch-For-Review, MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Security-team-backlog, MediaWiki-User-login-and-signup
Tgr edited projects for T218432: LinkTarget should have an equals() method, added: MediaWiki-Decoupling; removed MediaWiki-General-or-Unknown.

Tagging as MediaWiki-Decoupling since I don't think we have a MediaWiki component LinkTarget belongs to, and these abstract interface stem from (the predecessor of) the decoupling project.

Fri, Mar 15, 8:11 PM · Patch-For-Review, MediaWiki-Decoupling
Tgr created T218432: LinkTarget should have an equals() method.
Fri, Mar 15, 8:09 PM · Patch-For-Review, MediaWiki-Decoupling

Thu, Mar 14

Tgr added a comment to T218183: Audit uses of PHP DOM in Wikimedia software.

Subbu mentioned on IRC that some projects ran into difficulties using DOMDocument parsing with UTF-8; another thing a replacement could possibly fix.

Thu, Mar 14, 11:21 PM · TechCom, MediaWiki-General-or-Unknown, Parsoid-PHP
Tgr added a comment to T217172: Vector should replace rendering from PHP with Mustache.

Why would this change? We are talking about replacing string stitching with templating which seems like a no-brainer to me.

Thu, Mar 14, 9:56 PM · MW-1.33-notes (1.33.0-wmf.22; 2019-03-19), Performance-Team (Radar), Patch-For-Review, Vector
Tgr added a comment to T151425: Enlarge Popular Password File to 100,000 entries and enforce the new minimum in the config.

Do we have a timeline for this? PasswordCannotBePopular has been deprecated in core and our using of it is spamming the logs. If we don't plan to do this soon, we should probably revert or temporarily disable the deprecation.

Thu, Mar 14, 9:13 PM · Patch-For-Review, MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Security-team-backlog, MediaWiki-User-login-and-signup
Tgr merged T218359: Replace PasswordCannotBePopular with PasswordNotInLargeBlacklist on Wikimedia wikis into T151425: Enlarge Popular Password File to 100,000 entries and enforce the new minimum in the config.
Thu, Mar 14, 9:11 PM · Patch-For-Review, MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Security-team-backlog, MediaWiki-User-login-and-signup
Tgr merged task T218359: Replace PasswordCannotBePopular with PasswordNotInLargeBlacklist on Wikimedia wikis into T151425: Enlarge Popular Password File to 100,000 entries and enforce the new minimum in the config.
Thu, Mar 14, 9:11 PM · Wikimedia-production-error, MediaWiki-Authentication-and-authorization, Security
Tgr added a comment to T218359: Replace PasswordCannotBePopular with PasswordNotInLargeBlacklist on Wikimedia wikis.

I guess this is basically just T151425: Enlarge Popular Password File to 100,000 entries and enforce the new minimum in the config.

Thu, Mar 14, 9:11 PM · Wikimedia-production-error, MediaWiki-Authentication-and-authorization, Security
Tgr added a comment to T218257: Article creation suggestion on search should check for permissions.

Hm, yeah, it does seem to be checked correctly. So maybe quickUserCan does not work with whatever permission hook EventLogging handles?

Thu, Mar 14, 9:06 PM · Need-volunteer, good first bug, MediaWiki-Interface, Discovery-Search, MediaWiki-Search
Tgr added a comment to T218359: Replace PasswordCannotBePopular with PasswordNotInLargeBlacklist on Wikimedia wikis.

(Sort of related: {T148238}, although it would not help with old accounts of course.)

Thu, Mar 14, 8:54 PM · Wikimedia-production-error, MediaWiki-Authentication-and-authorization, Security
Tgr created T218359: Replace PasswordCannotBePopular with PasswordNotInLargeBlacklist on Wikimedia wikis.
Thu, Mar 14, 8:52 PM · Wikimedia-production-error, MediaWiki-Authentication-and-authorization, Security
Tgr updated subscribers of T218137: Deploy Extension:WikimediaEditorTasks to Beta.

AIUI (@Jdforrester-WMF please correct me if wrong) he steps needed are:

  1. add the extension to make-wmf-branch
  2. make 1.33.0-wmf.20 and 1.33.0-wmf.21 branches in the extension (probably not necessary? but won't hurt); also 1.33.0-wmf.22 if the next MediaWiki branch cut happens before this
  3. add the extension to mediawiki/extensions as a submodule
  4. add the extension to the 1.33.0-wmf.20 and 1.33.0-wmf.21 branches of mediawiki/core as a submodule (docs)
  5. in production, pull the new mediawiki/core commits for those branches, do a git submodule update --init extensions/WikimediaEditorTasks
  6. run scap sync
  7. deploy all the config patches above
  8. (bonus: fix our docs to actually mention this)
Thu, Mar 14, 4:27 PM · Patch-For-Review, Reading-Infrastructure-Team-Backlog (Kanban), WikimediaEditorTasks
Tgr committed rESCD97b702f8dc8b: Set blacklist regex (authored by Tgr).
Set blacklist regex
Thu, Mar 14, 2:33 AM
Tgr created T218278: Allow FlaggedRevs page stability to be set programmatically based on edit quality.
Thu, Mar 14, 2:32 AM · MediaWiki-extensions-FlaggedRevs, User-Tgr
Tgr created T218277: Build statistics toolset to support WM-HU editor retention grant.
Thu, Mar 14, 2:31 AM · Outreach-Programs-Projects, User-Tgr
Tgr updated the task description for T211744: Organize WMF office mixer during EMWCon 2019.
Thu, Mar 14, 1:48 AM · User-Tgr, MediaWiki-Stakeholders-Group, events
Tgr added a comment to T217850: Remex could use some helper/utility classes.

On the other hand, maybe there would be more users if it were easier to figure out how to? I think the basic use cases are fairly obvious:

  • turn a string representation of a HTML document into a DOM tree
  • replace part of a DOM tree with something that's given as a HTML string (ie. do what setting innerHTML does in Javascript; see also T217705 on that)

Those would be helpful for reusers with more complicated use cases as well, as they would serve as the canonical example of what the building blocks are. Currently your best bet is test.php for that, which is not particularly helpful.

Thu, Mar 14, 12:41 AM · RemexHtml

Wed, Mar 13

Tgr closed T218256: Search error on beta meta as Invalid.

Ah, cool, thanks. I should have looked at the logs which make it pretty clear this is transient. I just tend to assume that anything broken on beta has been broken for weeks with no one noticing...

Wed, Mar 13, 10:23 PM · Elasticsearch, Beta-Cluster-Infrastructure, Discovery-Search, Beta-Cluster-reproducible
Tgr updated subscribers of T52864: Have a conversation about migrating from GNU Mailman 2.1 to GNU Mailman 3.0.

There has been a lot of activity on Discourse, OTOH. @Qgil might be able to say more on that.

Wed, Mar 13, 10:14 PM · Operations, Wikimedia-Mailing-lists
Tgr edited projects for T218256: Search error on beta meta, added: Beta-Cluster-Infrastructure, Elasticsearch; removed CirrusSearch.

Looks like beta ES is down, the log is full of 502 Bad Gateway and similar errors.

Wed, Mar 13, 9:50 PM · Elasticsearch, Beta-Cluster-Infrastructure, Discovery-Search, Beta-Cluster-reproducible
Tgr added a comment to T218183: Audit uses of PHP DOM in Wikimedia software.

Here's a search for all Wikimedia-deployed code using PHP DOM classes. At a glance:

  • wmde/php-vuejs-templating uses extended HTML for templating and parses it via DOMDocument (with a comment saying TODO html5 tags can fail parsing)
  • Flow, already discussed elsewhere
  • the help API module does some lightweight URL rewriting
  • ResourceLoader does SVG parsing, not sure if that's relevant here
  • some of things in core (LocalisationCache, preprocessor, import) and some extensions (DonationInterface, GWToolset, Translate, RSS, CodeReview, FileImporter, Timeline...) use it for XML parsing, probably not relevant here
  • parser test framework (there's a comment on how that's problematic)
  • HTMLFormatter (and MobileFormatter in MobileFrontend)
  • CommonsMetadata for description template parsing, as mentioned above
  • ImageMap re-parses the parser output for post-processing
  • Wikibase uses Remex for URL post-processing
  • TextExtracts for HTML extracts
  • ZeroBanner for... whatever, it's getting axed soon anyway
Wed, Mar 13, 9:24 PM · TechCom, MediaWiki-General-or-Unknown, Parsoid-PHP
Tgr added a comment to T127405: Review current style and integrate Messages and message boxes (errors, warnings) as WikimediaUI component.

MediaViewer also has its own homegrown error page (open some image in MediaViewer, disconnect from internet, open another image on same page). Also there's the Varnish error page when MediaWiki servers are not available at all, although hopefully these days that's not shown much.

Wed, Mar 13, 9:03 PM · Wikimedia Design Style Guide, UI-Standardization, UI-Standardization-Kanban
Tgr added a comment to T127405: Review current style and integrate Messages and message boxes (errors, warnings) as WikimediaUI component.

There is also the JS popup notice used by the watchlist star icon and some other things, native form errors (HTML5 form validation attributes which are handled by the browser directly - try submitting a registration form with an empty password for example), edit notices (which VisualEditor hides into a weird dropdown thing and the old editor just pastes on top of everything), wikitext parse errors (they use the errorbox, but not always, I think? maybe it depends on preview vs. save?), Lua console errors (open a Module: namespace page for editing and enter something into the debug window at the bottom); AbuseFilter warnings/errors. If you want to get into templates as well then also {{error}}.

Wed, Mar 13, 9:00 PM · Wikimedia Design Style Guide, UI-Standardization, UI-Standardization-Kanban
Tgr added a project to T218257: Article creation suggestion on search should check for permissions: good first bug.
Wed, Mar 13, 8:49 PM · Need-volunteer, good first bug, MediaWiki-Interface, Discovery-Search, MediaWiki-Search
Tgr created T218257: Article creation suggestion on search should check for permissions.
Wed, Mar 13, 8:48 PM · Need-volunteer, good first bug, MediaWiki-Interface, Discovery-Search, MediaWiki-Search
Tgr created T218256: Search error on beta meta.
Wed, Mar 13, 8:42 PM · Elasticsearch, Beta-Cluster-Infrastructure, Discovery-Search, Beta-Cluster-reproducible
Tgr added a comment to T218087: Performance review of Extension:WikimediaEditorTasks.

Probably should be held back until the maintenance script for loading suggestion data is in place? That seems the only part that could be tricky performance-wise.

Wed, Mar 13, 8:35 AM · MW-1.33-notes (1.33.0-wmf.23; 2019-03-26), DBA, Patch-For-Review, Performance-Team, Reading-Infrastructure-Team-Backlog, WikimediaEditorTasks
Tgr added a comment to T215000: Fill gaps in PHP DOM's functionality.

Symfony has a pretty mature looking CSS selector to XPath library. (I probably should have checked that before writing the same logic in 491892...) Should be benchmarked against Zest at some point.

Wed, Mar 13, 6:35 AM · Patch-For-Review, Parsoid-PHP
Tgr added a comment to T217867: Port domino (or another spec-compliant DOM library) to PHP.

Filed T218183: Audit uses of PHP DOM in Wikimedia software about listing where else such a library could be useful.

Wed, Mar 13, 6:31 AM · Core Platform Team Backlog (Attic), Parsoid-PHP
Tgr added a comment to T215000: Fill gaps in PHP DOM's functionality.

Filed T218183: Audit uses of PHP DOM in Wikimedia software about seeing where else these fixes could be useful.

Wed, Mar 13, 6:30 AM · Patch-For-Review, Parsoid-PHP
Tgr added a subtask for T218183: Audit uses of PHP DOM in Wikimedia software: T217360: Replace libxml/xpath in HtmlFormatter with Remex/zest.
Wed, Mar 13, 6:30 AM · TechCom, MediaWiki-General-or-Unknown, Parsoid-PHP
Tgr added a parent task for T217360: Replace libxml/xpath in HtmlFormatter with Remex/zest: T218183: Audit uses of PHP DOM in Wikimedia software.
Wed, Mar 13, 6:29 AM · Discovery-Search, TextExtracts, CirrusSearch, MobileFrontend, MediaWiki-General-or-Unknown
Tgr added a comment to T218183: Audit uses of PHP DOM in Wikimedia software.

T217360: Replace libxml/xpath in HtmlFormatter with Remex/zest already has its own bug.
CommonsMetadata has some very limited HTML DOM navigation, too.

Wed, Mar 13, 6:28 AM · TechCom, MediaWiki-General-or-Unknown, Parsoid-PHP
Tgr created T218183: Audit uses of PHP DOM in Wikimedia software.
Wed, Mar 13, 6:26 AM · TechCom, MediaWiki-General-or-Unknown, Parsoid-PHP

Tue, Mar 12

Tgr added a comment to T216089: Undeploy UserMerge Extension from WMF production.

When done, the extension review instructions should probably be updated.

Tue, Mar 12, 9:22 PM · Release-Engineering-Team (Backlog), Stewards-and-global-tools, MediaWiki-extensions-UserMerge
Tgr added a comment to T151291: "User::loadFromSession called before the end of Setup.php" warning due to AbuseFilter.

AbuseFilter checks on autocreation will ignore user settings when parsing messages or text. Error messages will be in the default wiki language, not the user's language (which is not set at this point anyway, although in theory some global preferences extension could provide it). Autocreation errors are not shown to the user anyway so I don't think there's any impact other than log noise.

Tue, Mar 12, 6:36 AM · Core Platform Team (Security, stability, performance and scalability (TEC1)), Core Platform Team Backlog (Later), User-Daimona, AbuseFilter, Wikimedia-production-error
Tgr added a comment to T218057: Determine workflow to selectively purge potentially privacy-sensitive EXIF fields, such as geocoordinates, from a Wikimedia Commons file.

See also T58612: Add map widget for coordinate selection.

Tue, Mar 12, 4:37 AM · Multimedia, Privacy, Commons, UploadWizard, MediaWiki-File-management
Tgr added a comment to T218068: OAuth app descriptions should be translatable.

OAuth app entries have various fields that 1) are displayed to users in the confirmation dialog, 2) are displayed to users browsing the app list. Both of those should be translatable (but especially the first).

Tue, Mar 12, 4:21 AM · I18n, MediaWiki-extensions-OAuth
Tgr created T218068: OAuth app descriptions should be translatable.
Tue, Mar 12, 4:18 AM · I18n, MediaWiki-extensions-OAuth

Mon, Mar 11

Tgr added a comment to T212521: RFC: Let's stop using QUnit as a mechanism for integration tests.

Selenium tests are slow, fragile, hard to maintain and hard to understand. Using it for integration tests would just make testing harder.

Mon, Mar 11, 7:50 AM · TechCom-RFC, Patch-For-Review, User-Jdlrobson

Sun, Mar 10

Tgr awarded T133646: Run performance test on commits (Fresnel) a Love token.
Sun, Mar 10, 6:00 AM · Performance-Team-notice, Fresnel, Performance-Team
Tgr added a comment to T217172: Vector should replace rendering from PHP with Mustache.

How does it affect security? (One reason I'm not a fan of Mustache - {{x}} vs. {{{x}}} to differentiate between safe parameters and potential XSS vectors is as broken a notation as you can get.)

Sun, Mar 10, 5:51 AM · MW-1.33-notes (1.33.0-wmf.22; 2019-03-19), Performance-Team (Radar), Patch-For-Review, Vector
Tgr added a comment to T217172: Vector should replace rendering from PHP with Mustache.

How does this affect downstream skins? AFAIK Vector is popular as a "parent" skin; will modifying it become harder (or easier)? More specifically, will there be a mechanism to override a template?
How does it affect security? (One reason I'm not a fan of Mustache - {{x}} vs. {{{x}}} to differentiate between safe parameters and potential XSS vectors is as broken a notation as you can get.)
Maintainability-wise it is a pretty clear win, although I think you could achieve it with plain old PHP templates as well.

Sun, Mar 10, 5:49 AM · MW-1.33-notes (1.33.0-wmf.22; 2019-03-19), Performance-Team (Radar), Patch-For-Review, Vector

Sat, Mar 9

Tgr committed rMLZEc30a6844a0c1: Normalize class in xpath-based matching (authored by Tgr).
Normalize class in xpath-based matching
Sat, Mar 9, 4:59 AM
Tgr committed rMLZEddae4fbd0525: Use testing-access-wrapper (authored by Tgr).
Use testing-access-wrapper
Sat, Mar 9, 4:59 AM
Tgr added a comment to T162379: Decide which non-standard CSS properties to support in TemplateStyles.

Apparently there's a Compatiblity living standard for vendor prefixes which everyone should support. It's a WHATWG spec so not easy to judge how established it is, but it has been around since 2015, at least.

Sat, Mar 9, 1:51 AM · Core Platform Team, Core Platform Team Backlog (Later), Patch-For-Review, css-sanitizer, TemplateStyles

Fri, Mar 8

Tgr added a comment to T217867: Port domino (or another spec-compliant DOM library) to PHP.

An alternative is to port domino/etc to C directly and have it be usable as a PHP extension so we get good perf as well. If it used libxml's nodes underneath you could still do fast XPath queries, etc, using the existing DOMXPath package.

Fri, Mar 8, 7:20 PM · Core Platform Team Backlog (Attic), Parsoid-PHP
Tgr added a comment to T202352: Convert MultiHttpClient to use Guzzle.

Not specific to etcd: https://logstash-beta.wmflabs.org/goto/ada0e105ccdfa5bfbd83a38049431c5c
6 is CURLMOPT_MAXCONNECTS which is apparently getting passed to curl_setopt instead of curl_multi_setopt. So presumably triggered by https://gerrit.wikimedia.org/r/c/mediawiki/core/+/454346/16/includes/libs/MultiHttpClient.php#227. From a very superficial glance at the Guzzle code, it does not seem to support custom curl_multi options at all.

Fri, Mar 8, 7:23 AM · Patch-For-Review, MW-1.33-notes (1.33.0-wmf.21; 2019-03-12), Core Platform Team Kanban (Waiting for Review), Core Platform Team (Code Health (TEC13)), MediaWiki-General-or-Unknown
Tgr archived Product & Technology WG.
Fri, Mar 8, 6:00 AM
Tgr closed T202843: TechWG: Collect focus group members as Invalid.

Closing old TechWG tasks, we ended up not using Phabricator.

Fri, Mar 8, 6:00 AM · Product & Technology WG
Tgr closed T203927: TechWG: Fill out diversity matrix as Invalid.

Closing old TechWG tasks, we ended up not using Phabricator.

Fri, Mar 8, 6:00 AM · Product & Technology WG

Thu, Mar 7

Tgr added a comment to T217766: Flow\Exception\WikitextException: ParseEntityRef: no name.

Because @cscott mentioned pre newlines in <pre>s, I verified that these are treated the same by both serialization methods:

Thu, Mar 7, 10:38 PM · MW-1.33-notes (1.33.0-wmf.22; 2019-03-19), Growth-Team (Current Sprint), StructuredDiscussions, Parsoid, Wikimedia-production-error
Tgr added a comment to T217766: Flow\Exception\WikitextException: ParseEntityRef: no name.

XMLSerializer is a far bit slower than native serialization. On a vagrant box, with the Obama article: saveHTML: 0.032903, saveXML: 0.015279, XMLSerializer::serialize: 0.445519 second.

Thu, Mar 7, 10:34 PM · MW-1.33-notes (1.33.0-wmf.22; 2019-03-19), Growth-Team (Current Sprint), StructuredDiscussions, Parsoid, Wikimedia-production-error
Tgr added a comment to T215000: Fill gaps in PHP DOM's functionality.

Maybe it is some misguided attempt to account for the difference between Document in the DOM spec and Document in the HTML spec? (Not that DOMDocument implements anything out of the latter interface...)
Should be worth an upstream report.

Thu, Mar 7, 7:58 PM · Patch-For-Review, Parsoid-PHP
Tgr committed rESCD1380c5024423: Set blacklist regex (authored by Tgr).
Set blacklist regex
Thu, Mar 7, 10:05 AM
Tgr committed rESCDb64d29e48e2c: Set blacklist regex (authored by Tgr).
Set blacklist regex
Thu, Mar 7, 10:05 AM
Tgr moved T213362: Limit what URLs Proton can access from To Do to Code Review on the Reading-Infrastructure-Team-Backlog (Kanban) board.
Thu, Mar 7, 5:54 AM · Patch-For-Review, Reading-Infrastructure-Team-Backlog (Kanban), Security, Core Platform Team Backlog (Watching / External), Services (watching), Proton
Tgr updated subscribers of T217724: Investigate 2019-03-01 Proton incident.

The incident report mentions a hundred zombie processes stuck since Jan 30 (ie. for over a month). There was a request spike that day, causing a CPU and memory spike (and OOM kills), per T214975: proton experienced a period of high CPU usage, busy queue, lockups. The queue size is 50 per vars.yaml, but the incident report talks about 99 chromium processes, so clearly the queue failed to limit these. (That or some kind of double-counting is going on, 50 vs. 99 seems like an unlikely coincidence...)

Thu, Mar 7, 5:17 AM · Core Platform Team (Security, stability, performance and scalability (TEC1)), Reading-Infrastructure-Team-Backlog, Proton
Tgr updated subscribers of T217114: Migrate Proton to nodejs 10.

@MoritzMuehlenhoff on what time scale do you expect this to happen?

Thu, Mar 7, 4:56 AM · Reading-Infrastructure-Team-Backlog, Proton