Tgr (Gergő Tisza)
Software Engineer, WMF Reading

Projects (38)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Sep 19 2014, 4:55 PM (226 w, 4 d)
Availability
Available
IRC Nick
tgr
LDAP User
Gergő Tisza
MediaWiki User
Tgr (WMF) [ Global Accounts ]

Things my team is working on: Reading-Infrastructure-Team-Backlog (kanban board)
Side projects I am working on (or planning to, eventually): User-Tgr
You can find more info about me on my user page.

Recent Activity

Today

Tgr added a comment to T214375: Update installer to check for an AES library.

Note that the confusion came because the informative message wasn't seen until $wgShowExceptionDetails=true; was added.

Tue, Jan 22, 10:26 PM · MediaWiki-Installer, Security, MediaWiki-Authentication-and-authorization
Tgr updated the task description for T214375: Update installer to check for an AES library.
Tue, Jan 22, 10:24 PM · MediaWiki-Installer, Security, MediaWiki-Authentication-and-authorization
Tgr added a comment to T210739: Target deletion during page move fails.

I don't see any cannotdelete errors pre 01-10. Did those somehow not make it into Logstash?

Tue, Jan 22, 9:10 PM · Anti-Harassment, MW-1.33-notes (1.33.0-wmf.13; 2019-01-15), Patch-For-Review, User-notice, Core Platform Team Backlog (Watching / External), Core Platform Team (Security, stability, performance and scalability (TEC1)), MediaWiki-Special-pages, Wikimedia-production-error
Tgr updated subscribers of T210313: Statistics for views of individual Wikimedia images.

You are right, I didn't look at the output, just that it gives an OK response. Image views are int the same file so probably a simple fix though? Maybe @Harej remembers if that was an intentional limitation or a bug.

Tue, Jan 22, 6:54 PM · Analytics, Tool-Pageviews
Tgr placed T214375: Update installer to check for an AES library up for grabs.

Composer can't do complex requirements like "either OpenSSL or mcrypt or install this library". Could be added as a proposed library I suppose. TBH unencrypted user authentication data in the session is an insignificant risk for the average MediaWiki site so I would treat this as a usability problem more than a security one.

Tue, Jan 22, 6:37 PM · MediaWiki-Installer, Security, MediaWiki-Authentication-and-authorization
Samwilson awarded T179030: OAuthClient should check for error before validating JWT a Like token.
Tue, Jan 22, 6:08 PM · User-Tgr, MediaWiki-extensions-OAuth
Tgr added a comment to T212268: Make the abusefilter-blocker user not be a sysop.

Yes, although maybe that should be put into newSystemUser itself.

Tue, Jan 22, 4:28 PM · AbuseFilter, User-Daimona, Patch-For-Review
Tgr moved T213505: [DRAFT] RfC: OpenGraph descriptions in wiki pages from Doing to Code Review on the Reading-Infrastructure-Team-Backlog (Kanban) board.
Tue, Jan 22, 9:32 AM · Reading-Infrastructure-Team-Backlog (Kanban)
Tgr updated the task description for T213505: [DRAFT] RfC: OpenGraph descriptions in wiki pages.
Tue, Jan 22, 9:32 AM · Reading-Infrastructure-Team-Backlog (Kanban)
Tgr added a comment to T214215: MinimumPasswordLengthToLogin error message is unhelpful.

Maybe it is not high priority but I would leave a ticket open somewhere to take care of the duplication.

Tue, Jan 22, 9:18 AM · Patch-For-Review, MediaWiki-Authentication-and-authorization
Tgr added a comment to T156293: Cannot render diffs where pages are converted from wikitext to MassMessageListContent .

Funnily enough this depends on which direction you look at it . https://www.mediawiki.org/w/index.php?title=User%3AQuiddity%2Fdemomodel&type=revision&diff=2234115&oldid=2234116 works fine (although not exactly useful as it compares with the JSON representation of the MassMessage list).

Tue, Jan 22, 8:03 AM · MediaWiki-History-or-Diffs, Readers-Web-Backlog (Tracking), Wikimedia-production-error, MassMessage
Tgr added a comment to T214003: Merge the "extended-uploader" and "autopatrolled" user groups on Commons.

There is no wait for replication on the script?

Tue, Jan 22, 7:57 AM · Patch-For-Review, User-Zoranzoki21, Wikimedia-Site-requests, Commons
Tgr added a comment to T214003: Merge the "extended-uploader" and "autopatrolled" user groups on Commons.

Obviously UW cannot prevent you from uploading a file with FlickrVerifiedByUploadWizard it, that would be done by an abuse filter as before, I imagine. But fair enough.

Tue, Jan 22, 1:51 AM · Patch-For-Review, User-Zoranzoki21, Wikimedia-Site-requests, Commons
Tgr added a comment to T214003: Merge the "extended-uploader" and "autopatrolled" user groups on Commons.

@AlexisJazz If you mean at the exact same time, it's extra work and does not seem necessary. If you mean within a few days of each other, that's doable, sure. I was waiting for a reply on my comment.

Tue, Jan 22, 1:24 AM · Patch-For-Review, User-Zoranzoki21, Wikimedia-Site-requests, Commons

Yesterday

Kghbln awarded T173141: Provide a way to install Composer dependencies after installing an extension, without updating all unrelated libraries a Love token.
Mon, Jan 21, 10:31 PM · Upstream, Composer

Sun, Jan 20

Tgr added a subtask for T210313: Statistics for views of individual Wikimedia images: T207208: API endpoint for mediacounts.
Sun, Jan 20, 10:35 PM · Analytics, Tool-Pageviews
Tgr added a parent task for T207208: API endpoint for mediacounts: T210313: Statistics for views of individual Wikimedia images.
Sun, Jan 20, 10:35 PM · Analytics
Tgr added a comment to T207208: API endpoint for mediacounts.

See also:

Sun, Jan 20, 10:34 PM · Analytics
Tgr added a comment to T201180: How to get display statistics of the content publised on Commons.

Duplicate of T210313: Statistics for views of individual Wikimedia images?

Sun, Jan 20, 10:33 PM · Analytics
Tgr added a comment to T210313: Statistics for views of individual Wikimedia images.

The aggregation is exposed at https://tools.wmflabs.org/mediaviews-api/api/2, but I couldn't find the source of it. It seems similar to https://github.com/harej/mediaplaycounts but the code hosted there seems to actually have support for images, but it seems this tool isn't operational currently (would presumably at https://tools.wmflabs.org/mediaplaycounts/).

Sun, Jan 20, 10:31 PM · Analytics, Tool-Pageviews
Tgr added a comment to T207208: API endpoint for mediacounts.

There's an unofficial API: https://tools.wmflabs.org/mediaviews-api/api/2

Sun, Jan 20, 10:23 PM · Analytics
Tgr added a comment to T206929: Flaky unit test Flow RevisionCollectionPermissionsTest::testPermissions.

Still flaky: https://integration.wikimedia.org/ci/job/wmf-quibble-core-vendor-mysql-hhvm-docker/7932/console

01:38:13 1) Flow\Tests\Api\ApiFlowModerateTopicTest::testModerateLockedTopic
01:38:13 Wikimedia\Rdbms\DBQueryError: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading? 
01:38:13 Query: INSERT  INTO `unittest_flow_revision` (rev_id,rev_user_id,rev_user_ip,rev_user_wiki,rev_parent_id,rev_change_type,rev_type,rev_type_id,rev_content,rev_flags,rev_mod_state,rev_mod_user_id,rev_mod_user_ip,rev_mod_user_wiki,rev_mod_timestamp,rev_mod_reason,rev_last_edit_id,rev_edit_user_id,rev_edit_user_ip,rev_edit_user_wiki,rev_content_length,rev_previous_content_length) VALUES ('���@��l','1',NULL,'wikidb-unittest_','���C���l','delete-topic','post','���C���l','Hi there!','utf-8,topic-title-wikitext','delete','1',NULL,'wikidb-unittest_','20190120013514','<>&{};',NULL,NULL,NULL,NULL,'0','9')
01:38:13 Function: Flow\Data\Storage\RevisionStorage::insert
01:38:13 Error: 1062 Duplicate entry '\x05\xA1\xA3\x97\x01C\xFE\xF5\x0F\xC1l' for key 'flow_revision_unique_parent' (/workspace/db/quibble-mysql-m0txa6t2/socket)
Sun, Jan 20, 2:41 AM · Patch-For-Review, StructuredDiscussions, Wikimedia-production-error (Shared Build Failure), Growth-Team

Sat, Jan 19

Tgr removed a project from T214215: MinimumPasswordLengthToLogin error message is unhelpful: Security.
Sat, Jan 19, 10:14 PM · Patch-For-Review, MediaWiki-Authentication-and-authorization
Tgr changed the visibility for T214215: MinimumPasswordLengthToLogin error message is unhelpful.
Sat, Jan 19, 10:14 PM · Patch-For-Review, MediaWiki-Authentication-and-authorization
Tgr renamed T214215: MinimumPasswordLengthToLogin error message is unhelpful from Privileged account has a password length of <10 characters and can't log in. to MinimumPasswordLengthToLogin error message is unhelpful.
Sat, Jan 19, 10:13 PM · Patch-For-Review, MediaWiki-Authentication-and-authorization
Tgr added a comment to T214215: MinimumPasswordLengthToLogin error message is unhelpful.

We shouldn't be enforcing anything just yet as https://gerrit.wikimedia.org/r/#/c/operations/mediawiki-config/+/479570/ isn't publicised/deployed yet

Sat, Jan 19, 10:13 PM · Patch-For-Review, MediaWiki-Authentication-and-authorization
Tgr merged task T203063: PHP Fatal exception when viewing diffs for certain .map pages on Wikimedia Commons into T214217: Improve handling of diffs between different content types.
Sat, Jan 19, 12:15 AM · Discovery, Wikimedia-production-error, MediaWiki-extensions-JsonConfig, Commons-Datasets
Tgr merged task T156293: Cannot render diffs where pages are converted from wikitext to MassMessageListContent into T214217: Improve handling of diffs between different content types.
Sat, Jan 19, 12:15 AM · MediaWiki-History-or-Diffs, Readers-Web-Backlog (Tracking), Wikimedia-production-error, MassMessage
Tgr merged task T94863: Following a diff link to a post you don't have access to triggers fatal error into T214217: Improve handling of diffs between different content types.
Sat, Jan 19, 12:15 AM · Growth-Team, StructuredDiscussions, Collaboration-Team-Triage
Tgr merged task T52202: Diffing between different content models throws a fatal error into T214217: Improve handling of diffs between different content types.
Sat, Jan 19, 12:15 AM · MediaWiki-ContentHandler, Wikidata, MediaWiki-extensions-WikibaseRepository
Tgr merged tasks T52202: Diffing between different content models throws a fatal error, T94863: Following a diff link to a post you don't have access to triggers fatal error, T156293: Cannot render diffs where pages are converted from wikitext to MassMessageListContent , T203063: PHP Fatal exception when viewing diffs for certain .map pages on Wikimedia Commons into T214217: Improve handling of diffs between different content types.
Sat, Jan 19, 12:15 AM · Patch-For-Review, MediaWiki-History-or-Diffs
Tgr created T214217: Improve handling of diffs between different content types.
Sat, Jan 19, 12:12 AM · Patch-For-Review, MediaWiki-History-or-Diffs

Fri, Jan 18

Tgr added a project to T156293: Cannot render diffs where pages are converted from wikitext to MassMessageListContent : MediaWiki-History-or-Diffs.
Fri, Jan 18, 11:58 PM · MediaWiki-History-or-Diffs, Readers-Web-Backlog (Tracking), Wikimedia-production-error, MassMessage
Tgr merged T213938: When watching specific kinds of history on mobile devices, it returns a fatal error. into T156293: Cannot render diffs where pages are converted from wikitext to MassMessageListContent .
Fri, Jan 18, 11:57 PM · MediaWiki-History-or-Diffs, Readers-Web-Backlog (Tracking), Wikimedia-production-error, MassMessage
Tgr merged task T213938: When watching specific kinds of history on mobile devices, it returns a fatal error. into T156293: Cannot render diffs where pages are converted from wikitext to MassMessageListContent .
Fri, Jan 18, 11:57 PM · Wikimedia-production-error, MediaWiki-History-or-Diffs
Tgr edited projects for T213938: When watching specific kinds of history on mobile devices, it returns a fatal error. , added: MediaWiki-History-or-Diffs, Wikimedia-production-error; removed Multi-Content-Revisions, MobileFrontend.
Fri, Jan 18, 11:56 PM · Wikimedia-production-error, MediaWiki-History-or-Diffs
Tgr added a comment to T213938: When watching specific kinds of history on mobile devices, it returns a fatal error. .

Well, as the message says, the diff is between two different content types (which are not both text-based). In general, I don't think we can do much better than showing an error (although maybe it should be an ErrorPageError, not an exception). It would be nicer not to show difflinks when the contents cannot be diffed, but that seems like a lot of work for a very fringe use case.

Fri, Jan 18, 11:55 PM · Wikimedia-production-error, MediaWiki-History-or-Diffs
Tgr added a comment to T101131: Enable Gerrit reviewers-by-blame plugin.

More upstream bugs:

Fri, Jan 18, 7:39 PM · Release-Engineering-Team (Kanban), Patch-For-Review, Developer-Wishlist (2017), Gerrit
AdHuikeshoven awarded T214077: Create discourse-test mailing list a Love token.
Fri, Jan 18, 10:18 AM · Discourse, Operations, Wikimedia-Mailing-lists
AdHuikeshoven awarded T214077: Create discourse-test mailing list a Like token.
Fri, Jan 18, 10:18 AM · Discourse, Operations, Wikimedia-Mailing-lists
AdHuikeshoven awarded T214077: Create discourse-test mailing list a Like token.
Fri, Jan 18, 10:17 AM · Discourse, Operations, Wikimedia-Mailing-lists
Tgr closed T214004: PCS summary Swagger doc using the wrong source as Invalid.
Fri, Jan 18, 1:37 AM · Reading-Infrastructure-Team-Backlog, Page Content Service, RESTBase

Thu, Jan 17

Tgr added a comment to T214000: Evaluate difficulty of porting PCS summary logic to PHP.

A precondition for doing this is that the code needs to be fast enough to run during a parse or render (if it has to be done asynchronously, we can just use PCS as it is now). Current PCS latency is 200ms p50, 250ms p75, 1s p95, 50s p99. That's obviously unworkable but given that we'd omit most of the processing that's currently done, processing time might become significantly shorter. Also, much of the remaining processing could probably be optimized (e.g. the element removal does a separate DOM pass for every element).

Thu, Jan 17, 10:53 PM · Reading-Infrastructure-Team-Backlog (Kanban)
Tgr added a comment to T213362: Limit what URLs Proton can access.

@pmiazga yeah that sounds like the most practical approach.

Thu, Jan 17, 7:58 PM · Security, Core Platform Team Backlog (Watching / External), Services (watching), Reading-Infrastructure-Team-Backlog, Proton
Tgr added a comment to T101131: Enable Gerrit reviewers-by-blame plugin.

ideally in the long term we should request automated actions like that are done by a system user and not as a actual user when the user isn't actually performing the action.

Thu, Jan 17, 7:58 PM · Release-Engineering-Team (Kanban), Patch-For-Review, Developer-Wishlist (2017), Gerrit
Tgr added a project to T214077: Create discourse-test mailing list: Discourse.
Thu, Jan 17, 7:14 PM · Discourse, Operations, Wikimedia-Mailing-lists
Tgr updated subscribers of T214077: Create discourse-test mailing list.
Thu, Jan 17, 7:14 PM · Discourse, Operations, Wikimedia-Mailing-lists
Tgr created T214077: Create discourse-test mailing list.
Thu, Jan 17, 7:13 PM · Discourse, Operations, Wikimedia-Mailing-lists
Tgr added a comment to T212795: Build a MediaWiki extension (+ API module) to track counts of qualifying edits for the App Editor Tasks feature.

As a last resort, the data could always be stored as userjs-* user settings. The limitation there (apart from being an ugly hack) is that the data needs to be small, but AIUI we are just talking about a few numbers here.

Thu, Jan 17, 5:35 PM · Wikipedia-Android-App-Backlog, Reading-Infrastructure-Team-Backlog (Kanban)
Tgr added a comment to T213362: Limit what URLs Proton can access.

@phuedx as far as I could see Puppeteer does not provide a method for response interception. Some people intercept the request, then make a new request directly from the intercept handler callback and return that, but that seems a bit fragile.

Thu, Jan 17, 5:31 PM · Security, Core Platform Team Backlog (Watching / External), Services (watching), Reading-Infrastructure-Team-Backlog, Proton
Tgr added a comment to T89131: Server side flickr review.
Thu, Jan 17, 4:23 PM · Patch-For-Review, Commons, Multimedia, UploadWizard
Tgr added a comment to T214004: PCS summary Swagger doc using the wrong source.

I see, thanks. I did a search for some of the strings but apparently messed up. I assumed there's some kind of Swagger spec redirection going on.

Thu, Jan 17, 7:09 AM · Reading-Infrastructure-Team-Backlog, Page Content Service, RESTBase
Tgr added a comment to T214000: Evaluate difficulty of porting PCS summary logic to PHP.

The process of creating the summary looks like this:

  1. get Parsoid HTML
  2. split via <section>, get lead section (parsoidSections.createDocumentFromLeadSection)
  3. remove dewiki IPA markup (stripGermanIPA.js)
  4. remove elements matching certain CSS selectors (rmElements.js, conf)
  5. remove some useless spans, e.g. replace <span>[</span>1<span>]</span> with [1] (rmBracketSpans.js)
  6. remove comment nodes (rmComments.js)
  7. remove some common HTML attributes (rmAttributes.js, conf)
  8. remove the mw* ids generated by Parsoid (rmMwIdAttributes.js)
  9. fetch the contents of the first non-empty <p> block + any trailing content until the next <p> (extractLeadIntroduction.js)
  10. turn links into spans, drop spans which do not do any styling (summarize.js#37-38)
  11. remove elements matching certain CSS selectors (summarize.js#39-44)
  12. remove Parsoid-specific HTML attributes (summarize.js#45)
  13. if the lead does not seem to contain math formulas, remove parentheses that are inside parentheses or have space inside and space/nbsp right before them, or are / have become empty (summarize.js#46-67 and 17-27)
  14. collapse whitespace (summarize.js#69-73, summarize.js#78-79)
  15. call sanitize-html, which will discard non-text tags like <script>, and then remove a bunch of non-whitelisted tags while keeping their contents, and remove a bunch of non-whitelisted attributes/styes from allowed tags (sanitizeSummary.js)
  16. remove space/nbsp before punctuation in some cases (summarize.js#81-88)
  17. do a standard DOM HTML-to-text transformation on the results (summarize.js#93)
Thu, Jan 17, 3:36 AM · Reading-Infrastructure-Team-Backlog (Kanban)
Tgr created T214004: PCS summary Swagger doc using the wrong source.
Thu, Jan 17, 2:59 AM · Reading-Infrastructure-Team-Backlog, Page Content Service, RESTBase
Tgr moved T214000: Evaluate difficulty of porting PCS summary logic to PHP from To Do to Doing on the Reading-Infrastructure-Team-Backlog (Kanban) board.
Thu, Jan 17, 2:39 AM · Reading-Infrastructure-Team-Backlog (Kanban)
Tgr added a subtask for T213505: [DRAFT] RfC: OpenGraph descriptions in wiki pages: T214000: Evaluate difficulty of porting PCS summary logic to PHP.
Thu, Jan 17, 2:38 AM · Reading-Infrastructure-Team-Backlog (Kanban)
Tgr added a parent task for T214000: Evaluate difficulty of porting PCS summary logic to PHP: T213505: [DRAFT] RfC: OpenGraph descriptions in wiki pages.
Thu, Jan 17, 2:38 AM · Reading-Infrastructure-Team-Backlog (Kanban)
Tgr created T214000: Evaluate difficulty of porting PCS summary logic to PHP.
Thu, Jan 17, 2:38 AM · Reading-Infrastructure-Team-Backlog (Kanban)
Tgr added a comment to T101131: Enable Gerrit reviewers-by-blame plugin.

Works great, thank you for fixing it!

Thu, Jan 17, 2:32 AM · Release-Engineering-Team (Kanban), Patch-For-Review, Developer-Wishlist (2017), Gerrit
Tgr awarded T101131: Enable Gerrit reviewers-by-blame plugin a Yellow Medal token.
Thu, Jan 17, 2:30 AM · Release-Engineering-Team (Kanban), Patch-For-Review, Developer-Wishlist (2017), Gerrit
Tgr added a comment to P7988 arwiki graph stats.

Maybe the low request count is because failed requests are not counted?
Or I might just be overestimating how many people look at talk pages.

Thu, Jan 17, 2:03 AM
Tgr added a comment to P7988 arwiki graph stats.

Apparently they have a template on every talk pages which is supposed to query the pageviews API and show a pageview graph. Ugh. It seems to be broken on most pages (example).

Thu, Jan 17, 2:01 AM
Tgr added a comment to T213362: Limit what URLs Proton can access.

IMO a stronger upstream CSP is nice to have but relying on just that is fragile; it is too easy to change it at the source without understanding what effect that will have on Proton. Whatever filtering is used should ideally be more self-contained than that.

Thu, Jan 17, 1:41 AM · Security, Core Platform Team Backlog (Watching / External), Services (watching), Reading-Infrastructure-Team-Backlog, Proton

Wed, Jan 16

Tgr added a comment to T184144: Investigation: Who Wrote That revision search tool.

It could also likely be that there is a completely different, better way of doing this than with spans.

Wed, Jan 16, 8:43 PM · Who-Wrote-That, Community-Tech
Tgr added a comment to T212101: Lock wait timeout exceeded in UploadFromChunks::updateChunkStatus.

Let's keep this task to be about the lock wait timeout error, please.

Wed, Jan 16, 8:26 PM · Multimedia, MediaWiki-Uploading
Tgr updated the task description for T139380: MassMessage failed delivery claiming "readonly" although the page is not protected.
Wed, Jan 16, 8:13 PM · MassMessage
Tgr merged T213942: MassMessage not consistently delivering messages into T139380: MassMessage failed delivery claiming "readonly" although the page is not protected.
Wed, Jan 16, 8:10 PM · MassMessage
Tgr merged task T213942: MassMessage not consistently delivering messages into T139380: MassMessage failed delivery claiming "readonly" although the page is not protected.
Wed, Jan 16, 8:10 PM · MassMessage
hashar awarded T101131: Enable Gerrit reviewers-by-blame plugin a Mountain of Wealth token.
Wed, Jan 16, 7:53 PM · Release-Engineering-Team (Kanban), Patch-For-Review, Developer-Wishlist (2017), Gerrit
Tgr updated subscribers of T212795: Build a MediaWiki extension (+ API module) to track counts of qualifying edits for the App Editor Tasks feature.

@Tgr Could the recently-created ConfigurableCounters extension just be renamed and repurposed (since it's currently basically empty)? Not sure how the picture looks on the Gerrit admin side.

Wed, Jan 16, 7:27 PM · Wikipedia-Android-App-Backlog, Reading-Infrastructure-Team-Backlog (Kanban)
Tgr added a comment to T212795: Build a MediaWiki extension (+ API module) to track counts of qualifying edits for the App Editor Tasks feature.

IMO having separate extensions for the pieces of functionality that are conceptually unrelated (counters, a task queue, a key-value store) makes sense. It's more work and slightly more risky (in the sense that if it turns out there needs to be a stronger interaction between them, it's a bit more effort to rearrange things if they were separate extensions initially) so it's fair to take the easier route; but they do seem useful in general (both as MediaWiki extensions and as Wikimedia functionality available to volunteers doing their own things).

Wed, Jan 16, 7:23 PM · Wikipedia-Android-App-Backlog, Reading-Infrastructure-Team-Backlog (Kanban)
Tgr added a comment to T195551: [BUG] Formatting in local descriptions is breaking use of descriptions (example: San Francisco article).

I guess I'm thinking of T204592: [BUG] Wikitext appearing in some descriptions, which should be plain text.

Wed, Jan 16, 7:22 PM · Reading-Infrastructure-Team-Backlog, Wikipedia-iOS-App-Backlog
Tgr added a comment to T195551: [BUG] Formatting in local descriptions is breaking use of descriptions (example: San Francisco article).

The goal of the subtask was to ensure people can't put things in the description override that they couldn't put into the Wikidata description (newlines, specifically). The question is, is that good enough? There was some discussion of filtering out text that looks to the user like HTML tags (ie. &lt;p&gt;) for example. But now I think I have confused bugs and that was discussed somewhere else.

Wed, Jan 16, 7:16 PM · Reading-Infrastructure-Team-Backlog, Wikipedia-iOS-App-Backlog
Tgr added a comment to T212795: Build a MediaWiki extension (+ API module) to track counts of qualifying edits for the App Editor Tasks feature.

The right place for something like that would seem to be https://www.mediawiki.org/wiki/Extension:MobileApp, whether in purpose-built tables per feature, or a generic key-value store. The latter would have the virtue of allowing the app teams to iterate or change plans in an agile way without necessarily requiring RI involvement for each change.

Wed, Jan 16, 5:34 PM · Wikipedia-Android-App-Backlog, Reading-Infrastructure-Team-Backlog (Kanban)
Tgr added a comment to T213942: MassMessage not consistently delivering messages.

Probably a case of T139380: MassMessage failed delivery claiming "readonly" although the page is not protected? You should probably see the error in the local wiki's massmessage log.
(Yes, that's not super useful.)

Wed, Jan 16, 5:22 PM · MassMessage
Tgr claimed T213362: Limit what URLs Proton can access.
Wed, Jan 16, 4:46 PM · Security, Core Platform Team Backlog (Watching / External), Services (watching), Reading-Infrastructure-Team-Backlog, Proton
Tgr added a parent task for T213505: [DRAFT] RfC: OpenGraph descriptions in wiki pages: T142090: Add hover-card like summary (og:description) to open graph meta data printing plain summary.
Wed, Jan 16, 4:29 PM · Reading-Infrastructure-Team-Backlog (Kanban)
Tgr added a subtask for T142090: Add hover-card like summary (og:description) to open graph meta data printing plain summary: T213505: [DRAFT] RfC: OpenGraph descriptions in wiki pages.
Wed, Jan 16, 4:29 PM · Core Platform Team Backlog (Watching / External), Reading-Infrastructure-Team-Backlog, Readers-Web-Backlog (Tracking), Services (watching), Design (RW-Design-Debt), New-Readers, MediaWiki-General-or-Unknown
Tgr updated the task description for T213505: [DRAFT] RfC: OpenGraph descriptions in wiki pages.
Wed, Jan 16, 4:28 PM · Reading-Infrastructure-Team-Backlog (Kanban)

Tue, Jan 15

Tgr created T213874: Build mwdumper automatically.
Tue, Jan 15, 10:58 PM · Continuous-Integration-Config, Utilities-mwdumper
Tgr added a comment to T212101: Lock wait timeout exceeded in UploadFromChunks::updateChunkStatus.

Same error, lock wait timeout in UploadFromChunks::updateChunkStatus (at chunk 457). Maybe we should add some debug logging for when exactly each chunk starts / ends uploading, to see if the client does anything weird there.

Tue, Jan 15, 8:34 PM · Multimedia, MediaWiki-Uploading
Tgr added a comment to T213362: Limit what URLs Proton can access.

Yeah, this is about an attacker triggering requests from Proton by putting references to external resources in the article content (CSS, images, prefetch etc). Probably not really exploitable given that article HTML is restricted and Proton does not execute Javascript, and other methods are probably limited to GET and very restricted in what information they can return; but even so, giving attackers the ability to make requests from within the DMZ is just not something you want to do, no matter how directly exploitable it is.

Tue, Jan 15, 8:30 PM · Security, Core Platform Team Backlog (Watching / External), Services (watching), Reading-Infrastructure-Team-Backlog, Proton
Tgr added a comment to T213016: Sometimes Redis does not work on MediaWiki-Vagrant with PHP 7.2.

Looking closer, php-redis is actually installed on the box, but it's the plain Debian version, not the WMF version (and it seems a lot older, so it presumably does not support 7.2 - the DPKG Depends clause says phpapi-20151012 while for the WMF version it's phpapi-20180731 | phpapi-20170718 | phpapi-20160303 | phpapi-20151012 | phpapi-20131226. So I guess Puppet installed it at some point when the WMF repo didn't include a higher-priority version, and now that it does Puppet's package clause is not intelligent enough to update it?
(As before, manually running sudo apt install php-redis fixes the issue, because that does install the WMF version. Although I then have to do the same thing for php-igbinary as well, which is also not automatically upgraded.)

Tue, Jan 15, 6:51 PM · Patch-For-Review, MediaWiki-Vagrant
Tgr reopened T213016: Sometimes Redis does not work on MediaWiki-Vagrant with PHP 7.2 as "Open".

Let's say this is fixed. I ran into a similar error where php-redis itself wasn't installed (that should also not have been possible in theory). Hopefully I just have bad luck.

Tue, Jan 15, 5:50 PM · Patch-For-Review, MediaWiki-Vagrant
Tgr added a comment to T213368: Support language variants in Proton.

Technically not dependent, just easier to develop/test once you can see some effect from doing it, I imagine.

Tue, Jan 15, 5:06 PM · Reading-Infrastructure-Team-Backlog, Proton
Tgr added a comment to T213362: Limit what URLs Proton can access.

Yeah, the task should have been phrased in terms of a goal, not an implementation. Fixed.

Tue, Jan 15, 8:35 AM · Security, Core Platform Team Backlog (Watching / External), Services (watching), Reading-Infrastructure-Team-Backlog, Proton
Tgr renamed T213362: Limit what URLs Proton can access from Put Proton behind a web proxy to Limit what URLs Proton can access.
Tue, Jan 15, 8:34 AM · Security, Core Platform Team Backlog (Watching / External), Services (watching), Reading-Infrastructure-Team-Backlog, Proton
Tgr added a comment to T206504: Create a new endpoint which returns articles in need of a description.

Maybe it would be worth coming up with an abstract specification for the queue API (it seems clear that we need some kind of queue API and can't always generate tasks real-time) and choose based on that whether it should be driven by Redis or, say, Kafka or MySQL. What are the use case expectations fetching a random element from the queue stands for? Ensuring no two users get the same data? Ensuring the same user does not get the same data again and again? What is the language filter a translation feature is interested in? A specific source and target language? Any source and target that's within some set of languages that the user speaks? Specific target (the wiki the user wants to improve) but a set of potential sources? What other task features can we anticipate that do not fit into the "different task types in different queues" model? (E.g. article topics?)

Tue, Jan 15, 6:40 AM · Growth-Team, MediaWiki-extensions-GettingStarted, Wikipedia-Android-App-Backlog, Reading-Infrastructure-Team-Backlog (Kanban), Mobile-Content-Service
Tgr added a comment to T212795: Build a MediaWiki extension (+ API module) to track counts of qualifying edits for the App Editor Tasks feature.

Some questions about future usage of the scoring component that might influence architecture choices:

  • Using MediaWiki (or more generally server-side) storage means that 1) different clients cannot have different scores or different achievement thresholds; 2) the feature cannot be extended to anonymous users (e.g. for getting user sign up after they made N edits). Those seem like unlikely use cases, but just to confirm, are we OK with excluding them?
  • Wikidata and Commons are central projects but presumably at some point there will be task types which can be done on any Wikipedia (or some other sister project). Will there be a need to track scores in some other way than separately per wiki? (E.g. total number of Wikipedia edits.)
  • Is it important for scoring to be consistent, in the sense that old points use the same logic as new points? (Ie. if the scoring logic changes, say reverts are changed to decrease score by 1 instead of resetting to 0, is it important for analytics or A/B tests or whatever to apply to changes to scores accumulated in the past?)
Tue, Jan 15, 6:07 AM · Wikipedia-Android-App-Backlog, Reading-Infrastructure-Team-Backlog (Kanban)
Tgr created T213786: Fix OAuth code coverage report.
Tue, Jan 15, 5:36 AM · Test-Coverage, MediaWiki-extensions-OAuth
Tgr added a comment to T208901: TemplateStyles breaks a paragraph if a file is inserted inline.

The details will vary a bit by which version of the HTML spec you look at, but going by HTML 5.2 (December 2017), the content model for <p> elements is "phrasing content" (roughly what pre-5 versions used to call "inline elements"). <style> and almost all <link> elements are "flow content" (roughly analogous to what pre-5 versions called "block elements"), and thus are not allowed inside a <p> element.

Tue, Jan 15, 3:03 AM · Parsoid, TemplateStyles, MediaWiki-Parser

Mon, Jan 14

Tgr added a comment to T213587: Permit url("data:image/svg+xml,...") in CSS Sanitizer if no external access.

hrefs are filtered in general. See the part with the comment Do not allow relative links, or unsafe url schemas. For <a> tags, only data:, http: and https: and same-document fragment links are allowed. For all other tags, only data: and fragment are allowed. (and then there is some more filtering for data: after that). No idea about old files.

Mon, Jan 14, 10:24 PM · TemplateStyles
Tgr added a comment to T213760: Rethink autoconfirmed requirement for OAuth.

See also T142317: Creating an owner-only consumer should not require an autoconfirmed account.

Mon, Jan 14, 9:30 PM · MediaWiki-extensions-OAuth
Tgr created T213760: Rethink autoconfirmed requirement for OAuth.
Mon, Jan 14, 9:29 PM · MediaWiki-extensions-OAuth
Tgr added a comment to T211621: The 'your password is weak' message should display on log in for privileged accounts only.

Probably should be handled the same way as rMWf15ecc60cd94: Add force option to password policy: add some password policy option like skipLogin, handle merging of different policy options / statuses in UserPasswordPolicy and put the result in a status flag, handle the flag in AbstractPasswordPrimaryAuthenticationProvider::setPasswordResetFlag.

Mon, Jan 14, 9:03 PM · Anti-Harassment (Bet — ב), MediaWiki-User-login-and-signup
Tgr added a comment to T213587: Permit url("data:image/svg+xml,...") in CSS Sanitizer if no external access.

This opens another question: Is it actually checked that no SVG on Commons does contain any <image>, <script>, <use>?

Mon, Jan 14, 8:39 PM · TemplateStyles
Tgr added a comment to T211881: graphoid: Code stewardship request.

Are those numbers reliable? Arabic Wikipedia gets about 5M pageviews a day, and it sounds like almost every article has a graph (or maybe it's used on non-article pages?) - compared to that the ~1000 graph views daily seem surreally low.

Mon, Jan 14, 8:29 PM · Core Platform Team Backlog (Watching / External), Services (watching), Release-Engineering-Team (Kanban), Operations, Code-Stewardship-Reviews, Graphoid
Tgr added a comment to T208246: Change password length requirement and ensure enforcement for privileged users (from 8 to 10).

On a closer look (which I should have done before raising here, sorry) bots had a minlength of 8 in core for a long time, and all that happened was that it was raised to 10 in rMWfc9efe67d599: Increase default minimum password length on privileged groups and bots at the same time when all the other core minlength settings were raised. Which certainly makes sense, it keeps things simple. So please disregard the above.

Mon, Jan 14, 7:40 PM · Patch-For-Review, MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Anti-Harassment (AHT Sprint 35), MediaWiki-User-login-and-signup
Tgr added a comment to T213587: Permit url("data:image/svg+xml,...") in CSS Sanitizer if no external access.

Besides code complexity, using real SVGs makes review easier and attacks based on misleading images (clickjacking etc) somewhat harder.

Mon, Jan 14, 6:42 PM · TemplateStyles
Tgr added a comment to T208246: Change password length requirement and ensure enforcement for privileged users (from 8 to 10).

bot have a lot of extra privileges on English Wikipedia (as an example), including editsemiprotected, autopatrol, and ipblock-exempt, and exemptions from captchas and various rate limits.

Mon, Jan 14, 6:33 AM · Patch-For-Review, MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Anti-Harassment (AHT Sprint 35), MediaWiki-User-login-and-signup