Xaosflux (Xaos Flux)
Executive

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Tuesday

  • Clear sailing ahead.

User Details

User Since
Nov 2 2014, 4:13 PM (206 w, 6 d)
Availability
Available
IRC Nick
xaosflux
LDAP User
Unknown
MediaWiki User
Xaosflux [ Global Accounts ]

Recent Activity

Yesterday

Xaosflux added a comment to T206580: Use object stash for persisting last-use proprety to control curation toolbar display.

@kostajh looks like so far the issue has been people following those links with the ?show argument, checking before closing this.

Sat, Oct 20, 2:59 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), MW-1.33-notes (1.33.0-wmf.1; 2018-10-23), Patch-For-Review, Growth-Team (Current Sprint)

Fri, Oct 19

Xaosflux added a comment to T207482: Curation toolbar opt-out in preferences.

When was this move to force-on? The behavior for the last years has been that it could be activated, but minimizing and dismissing it would keep it off unless you specifically turned it back on with the 'curate article' link?

Fri, Oct 19, 3:57 PM · MediaWiki-extensions-PageCuration, Growth-Team
Xaosflux updated the task description for T207472: Improved watchlist is no longer showing seen indicators and point types have become small.
Fri, Oct 19, 2:23 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), MW-1.33-notes (1.33.0-wmf.1; 2018-10-23), Patch-For-Review, Growth-Team, Regression, MediaWiki-Watchlist
Xaosflux created T207472: Improved watchlist is no longer showing seen indicators and point types have become small.
Fri, Oct 19, 2:20 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), MW-1.33-notes (1.33.0-wmf.1; 2018-10-23), Patch-For-Review, Growth-Team, Regression, MediaWiki-Watchlist
Xaosflux added a comment to T206580: Use object stash for persisting last-use proprety to control curation toolbar display.

At https://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_(technical)&oldid=864788191#How_can_I_permanently_hide_the_page_curation_rightside_toolbar we have at least one user reporting that they are no longer able to persistently DISMISS the triage toolbar, in that it keeps reappearing when unwanted.

Fri, Oct 19, 1:29 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), MW-1.33-notes (1.33.0-wmf.1; 2018-10-23), Patch-For-Review, Growth-Team (Current Sprint)
Xaosflux added a comment to T110329: Disable some parts of the editing interface from IPs and newbies because we don't trust them to use them correctly.

@Deskana, if the advanced control panels could use a named identifier, I suspect enwiki would likely just hide it with css for newbies based on the autoconfirmed or other group membership css's - and that would likely address itwiki's concern as well, right now the naming appears to be dynamic (e.g. id="ooui-28")

Fri, Oct 19, 12:14 PM · VisualEditor-MediaWiki, VisualEditor

Thu, Oct 18

Xaosflux added a comment to T110329: Disable some parts of the editing interface from IPs and newbies because we don't trust them to use them correctly.

Checked over deleted edits, 10 for 10 got their index directive from VE as well. Even being able to hide the advanced control would help and then could be managed by communities - however it appears to not use a distinctive ID, instead using generated OOUI--nn ID's that could possibly also be used elsewhere.

Thu, Oct 18, 11:28 PM · VisualEditor-MediaWiki, VisualEditor
Xaosflux added a comment to T110329: Disable some parts of the editing interface from IPs and newbies because we don't trust them to use them correctly.

@Deskana we certainly had evidence of misuse of INDEX but didn't look in to the cause, but as @suffusion_of_yellow 's investigation shows, we had a 100% rate of issue with VE over a small sample size

Thu, Oct 18, 10:39 PM · VisualEditor-MediaWiki, VisualEditor

Wed, Oct 17

Xaosflux added a comment to T110329: Disable some parts of the editing interface from IPs and newbies because we don't trust them to use them correctly.

en wiki (https://en.wikipedia.org/w/index.php?title=Wikipedia:Edit_filter_noticeboard&oldid=864548831#VisualEditor) has created an edit filter to stop the rampant misuse of indexing in user space, that upon review we think is from this tool.

Wed, Oct 17, 11:17 PM · VisualEditor-MediaWiki, VisualEditor

Mon, Oct 15

Xaosflux added a comment to T205578: Admins cannot view revision-deleted revisions.

OK I'm following you now, you expect to see the before and after diff, plus the revision compiled text below. I don't see that either, but I can't recall if I used to see it in this view.

Mon, Oct 15, 8:50 PM · Core Platform Team Kanban, Core Platform Team (MCR), Multi-Content-Revisions (Reactive), MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Regression, MediaWiki-Revision-deletion
Xaosflux added a comment to T205578: Admins cannot view revision-deleted revisions.

Diff: https://test.wikipedia.org/w/index.php?title=T205578_example&diff=next&oldid=362682&unhide=1 works for me as well.

Mon, Oct 15, 11:48 AM · Core Platform Team Kanban, Core Platform Team (MCR), Multi-Content-Revisions (Reactive), MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Regression, MediaWiki-Revision-deletion
Xaosflux added a comment to T205578: Admins cannot view revision-deleted revisions.

@Daimona - worked for me (example here: https://test.wikipedia.org/w/index.php?title=T205578_example&oldid=362683&unhide=1 on testwiki) - goes right to the deleted text.

Mon, Oct 15, 12:01 AM · Core Platform Team Kanban, Core Platform Team (MCR), Multi-Content-Revisions (Reactive), MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Regression, MediaWiki-Revision-deletion

Sat, Oct 13

Xaosflux closed T150566: Support BotPasswords as Resolved.
Sat, Oct 13, 4:42 PM · MediaWiki-Authentication-and-authorization, WorkType-NewFunctionality, Bot-Frameworks, AutoWikiBrowser
Xaosflux closed T150566: Support BotPasswords, a subtask of T169397: [AutoWikiBrowser] Authentication/Login tickets, as Resolved.
Sat, Oct 13, 4:42 PM · Tracking, AutoWikiBrowser
Xaosflux added a comment to T150566: Support BotPasswords.

AWB currently supports BotPassword logons, information on usage included above, closing.

Sat, Oct 13, 4:41 PM · MediaWiki-Authentication-and-authorization, WorkType-NewFunctionality, Bot-Frameworks, AutoWikiBrowser
Xaosflux claimed T150566: Support BotPasswords.
Sat, Oct 13, 4:40 PM · MediaWiki-Authentication-and-authorization, WorkType-NewFunctionality, Bot-Frameworks, AutoWikiBrowser

Thu, Oct 11

Xaosflux added a comment to T204455: "copyvio" actions should be publically logged on projects.

@MMiller_WMF while that is the 'default' - it can be set per project at MediaWiki:Logentry-pagetriage-copyvio-insert

Thu, Oct 11, 10:40 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Patch-For-Review, Growth-Team (Current Sprint), MediaWiki-extensions-PageCuration, English-Wikipedia-New-Pages-Patrol
Xaosflux updated the task description for T206731: add copyviobot group management to testwiki test2wiki enwiki.
Thu, Oct 11, 3:56 AM · Patch-For-Review, Growth-Team (Current Sprint), Community-consensus-needed, Wikimedia-Site-requests
Xaosflux triaged T206731: add copyviobot group management to testwiki test2wiki enwiki as Normal priority.
Thu, Oct 11, 3:54 AM · Patch-For-Review, Growth-Team (Current Sprint), Community-consensus-needed, Wikimedia-Site-requests
Xaosflux added a parent task for T202041: Copyvio: Create PageTriage API module to receive copyvio info: T199359: New Pages Feed: copyvio addition.
Thu, Oct 11, 2:13 AM · MW-1.32-notes (WMF-deploy-2018-08-21 (1.32.0-wmf.18)), Patch-For-Review, Growth-Team (Current Sprint)
Xaosflux added a subtask for T199359: New Pages Feed: copyvio addition: T202041: Copyvio: Create PageTriage API module to receive copyvio info.
Thu, Oct 11, 2:13 AM · MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Epic, Growth-Team (Current Sprint), English-Wikipedia-New-Pages-Patrol
Xaosflux created T206731: add copyviobot group management to testwiki test2wiki enwiki.
Thu, Oct 11, 2:11 AM · Patch-For-Review, Growth-Team (Current Sprint), Community-consensus-needed, Wikimedia-Site-requests

Wed, Oct 10

Xaosflux added a comment to T206689: Special:AbuseFilter has an empty oo-ui-tagMultiselectWidget-handle box in the tag control.

Ooops thanks for the note @Daimona - been staring at too many other things today!

Wed, Oct 10, 7:11 PM · MediaWiki-Special-pages, AbuseFilter
Xaosflux added a comment to T206689: Special:AbuseFilter has an empty oo-ui-tagMultiselectWidget-handle box in the tag control.

Wed, Oct 10, 6:28 PM · MediaWiki-Special-pages, AbuseFilter
Xaosflux triaged T206689: Special:AbuseFilter has an empty oo-ui-tagMultiselectWidget-handle box in the tag control as Low priority.
Wed, Oct 10, 6:28 PM · MediaWiki-Special-pages, AbuseFilter
Xaosflux created T206689: Special:AbuseFilter has an empty oo-ui-tagMultiselectWidget-handle box in the tag control.
Wed, Oct 10, 6:27 PM · MediaWiki-Special-pages, AbuseFilter

Fri, Oct 5

Xaosflux added a comment to T22005: AbuseLog show private data (timestamp emailconfirm).

This field is again showing, populated, and is able to be queried even without a filter hit, and can be accessed without even logging on. Example: https://de.wikipedia.org/wiki/Spezial:Missbrauchsfilter/examine/263782881 shows this tickets authors confirmation datestamp.

Fri, Oct 5, 11:18 AM · AbuseFilter

Thu, Oct 4

Xaosflux added a comment to T205578: Admins cannot view revision-deleted revisions.

Thank you, looks good - tested on Group2 projects.

Thu, Oct 4, 10:48 PM · Core Platform Team Kanban, Core Platform Team (MCR), Multi-Content-Revisions (Reactive), MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Regression, MediaWiki-Revision-deletion

Wed, Oct 3

Xaosflux updated subscribers of T206130: Non logged in users are able to review and patrol pages on enwiki using the API.
Wed, Oct 3, 1:37 PM · Wikimedia-production-error (Shared Build Failure), MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Growth-Team (Current Sprint), Patch-For-Review, MediaWiki-extensions-PageCuration, Security, MediaWiki-Patrolling, English-Wikipedia-New-Pages-Patrol
Xaosflux created T206130: Non logged in users are able to review and patrol pages on enwiki using the API.
Wed, Oct 3, 1:36 PM · Wikimedia-production-error (Shared Build Failure), MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Growth-Team (Current Sprint), Patch-For-Review, MediaWiki-extensions-PageCuration, Security, MediaWiki-Patrolling, English-Wikipedia-New-Pages-Patrol

Tue, Oct 2

Xaosflux added a comment to T199359: New Pages Feed: copyvio addition.

I could be the only one hung up on this, just think it shouldn't even claim to be determining a legal status (violation of a copyright), just an information status (possible copied text) or the like.

Tue, Oct 2, 10:08 PM · MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Epic, Growth-Team (Current Sprint), English-Wikipedia-New-Pages-Patrol
Xaosflux added a comment to T206024: Create some machine-readable way of distinguishing image deletion notifications by Community Tech bot.

@eranroz Tthe trial showed using tags was successful , but when it was time to go live there wasn't a good use-case for tags to be used. I suggest opening a short discussion to see what the community wants - but I don't have any specific objection.

Tue, Oct 2, 10:04 PM · Commons, Community-Tech

Sun, Sep 30

Xaosflux added a comment to T198758: Load .json configuration files via ResourceLoaderWikiModule.

@Izno Please note, we think making a bot to sync json pages to js pages is far from ideal, and having this be able to work server-side in a way that "data" can be edited outside of "code" would be much preferred. For anyone following you can check on the bot build progress here: https://en.wikipedia.org/wiki/Wikipedia:Bots/Requests_for_approval/MusikBot_II_2

Sun, Sep 30, 4:31 AM · MediaWiki-Interface, Performance-Team, MediaWiki-ResourceLoader

Thu, Sep 27

Xaosflux updated subscribers of T205578: Admins cannot view revision-deleted revisions.
Thu, Sep 27, 2:36 PM · Core Platform Team Kanban, Core Platform Team (MCR), Multi-Content-Revisions (Reactive), MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Regression, MediaWiki-Revision-deletion
Xaosflux added a comment to T205578: Admins cannot view revision-deleted revisions.

Example on testwiki:

Thu, Sep 27, 2:35 PM · Core Platform Team Kanban, Core Platform Team (MCR), Multi-Content-Revisions (Reactive), MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Regression, MediaWiki-Revision-deletion
Xaosflux updated the task description for T205578: Admins cannot view revision-deleted revisions.
Thu, Sep 27, 2:30 PM · Core Platform Team Kanban, Core Platform Team (MCR), Multi-Content-Revisions (Reactive), MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Regression, MediaWiki-Revision-deletion

Sep 16 2018

Xaosflux added a comment to T85847: Grant editcontentmodel right to all logged in users.

@IKhitron ok, I must have misunderstood you , I though you wanted to allow an existing group to use the 'editcontentmodel' right and were denied.

Sep 16 2018, 8:36 PM · Community-consensus-needed, MW-1.28-release (WMF-deploy-2016-09-13_(1.28.0-wmf.19)), MW-1.28-release-notes, MW-1.27-release-notes, MW-1.27-release (WMF-deploy-2016-03-01_(1.27.0-wmf.15)), Patch-For-Review, MediaWiki-ContentHandler
Xaosflux added a comment to T199359: New Pages Feed: copyvio addition.

To follow up from project talks, I suggest the labeling for this is updated from "copyvio" to "copydetect" or the like, especially as we are relying on a third party - our labeling should be neutral (this text appears to have been copied from somewhere else) as opposed to making a legal claim (this text has violated a copyright law).

Sep 16 2018, 7:58 PM · MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Epic, Growth-Team (Current Sprint), English-Wikipedia-New-Pages-Patrol
Xaosflux added a comment to T85847: Grant editcontentmodel right to all logged in users.

This shouldn't be blocking using templatestyles, when creating a new template style (e.g. https://test.wikipedia.org/wiki/Template:389573/styles.css) is is already in the correct content model.

Sep 16 2018, 7:03 PM · Community-consensus-needed, MW-1.28-release (WMF-deploy-2016-09-13_(1.28.0-wmf.19)), MW-1.28-release-notes, MW-1.27-release-notes, MW-1.27-release (WMF-deploy-2016-03-01_(1.27.0-wmf.15)), Patch-For-Review, MediaWiki-ContentHandler
Xaosflux created T204455: "copyvio" actions should be publically logged on projects.
Sep 16 2018, 6:47 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), Patch-For-Review, Growth-Team (Current Sprint), MediaWiki-extensions-PageCuration, English-Wikipedia-New-Pages-Patrol

Sep 14 2018

Xaosflux added a comment to T106516: Greyscale pngs without gAMA chunk rendered with incorrect contrast [or setting the gamma in GIMP exports to PNG].

Current possible example: https://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_(technical)&oldid=859512933#Thumbnail_too_dark?

Sep 14 2018, 2:35 PM · Multimedia, MediaWiki-File-management, Patch-For-Review, goodfirstbug, Upstream, Commons

Sep 7 2018

Xaosflux added a comment to T203727: Restructure and improve 'Basic information' section.

Is that the entire page? Where are all the parts that were in "signature" and "email options" now? Is "restore defaults" still down the page?

Sep 7 2018, 3:22 AM · Patch-For-Review, UI-Standardization, MediaWiki-User-preferences

Sep 4 2018

Xaosflux added a comment to T199359: New Pages Feed: copyvio addition.

How is "copyright" of submissions being validated? From a much earlier review it appeared that this was only looking for "unoriginal" text, not text that was actually violating a copyright as its labeling suggests?

Sep 4 2018, 9:40 PM · MW-1.32-notes (WMF-deploy-2018-10-02 (1.32.0-wmf.24)), Patch-For-Review, Epic, Growth-Team (Current Sprint), English-Wikipedia-New-Pages-Patrol

Aug 29 2018

Xaosflux awarded T202989: Administrators can no longer view deleted history of js/css pages a Cookie token.
Aug 29 2018, 1:19 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core
Xaosflux added a comment to T202989: Administrators can no longer view deleted history of js/css pages.

What are the next steps here - will someone from the dev community claim this and work on it?

Aug 29 2018, 11:57 AM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core

Aug 28 2018

Xaosflux added a comment to T202989: Administrators can no longer view deleted history of js/css pages.

In order for oversighters (who are in almost all cases also admin) to suppress they will need to be able to see the deleted history, which they can not now.

Aug 28 2018, 5:57 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core
Xaosflux added a project to T203000: Introduce engineer user group on Czech Wikipedia: Community-consensus-needed.

@Urbanecm can you link to a community discussion in support of this new group?

Aug 28 2018, 3:00 PM · Patch-For-Review, Wikimedia-Site-requests, User-Urbanecm
Xaosflux added a comment to T202989: Administrators can no longer view deleted history of js/css pages.

@Teles right now on most configuration you must be sysop AND intadmin to use viewdelete on jss/css pages.

Aug 28 2018, 2:43 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core
Xaosflux added a comment to T202989: Administrators can no longer view deleted history of js/css pages.

@stjn, FYI if you are an intadmin, and NOT also an admin (or otherwise a holder of viewdelete) - you can't see these deleted pages either; I expected that behavior - just FYI

Aug 28 2018, 2:36 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core
BethNaught awarded T202989: Administrators can no longer view deleted history of js/css pages a Heartbreak token.
Aug 28 2018, 2:29 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core
Xaosflux lowered the priority of T202989: Administrators can no longer view deleted history of js/css pages from High to Normal.

I think its a problem, as it gives interface administrator the ability to hide revisions from most everyone (oh noes its 'superdelete') - limiting the transparency of what they did.

Aug 28 2018, 2:06 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core
Xaosflux updated the task description for T202989: Administrators can no longer view deleted history of js/css pages.
Aug 28 2018, 1:42 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core
Xaosflux updated the task description for T202989: Administrators can no longer view deleted history of js/css pages.
Aug 28 2018, 1:42 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core
Xaosflux added a comment to T190015: Create separate user group for editing sitewide CSS/JavaScript that does not include administrators by default.

@Tgr see "unforseen problem" T202989 ; leaving it to you if you want this reopened or if will be otherwise handled

Aug 28 2018, 1:41 PM · MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), User-Tgr, Trust-and-Safety, Wikimedia-General-or-Unknown, Patch-For-Review, Security, JavaScript, Security-Core
Xaosflux updated subscribers of T202989: Administrators can no longer view deleted history of js/css pages.
Aug 28 2018, 1:28 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core
Xaosflux updated subscribers of T202989: Administrators can no longer view deleted history of js/css pages.

Enwiki discussion that brought this up: https://en.wikipedia.org/w/index.php?title=Wikipedia:Bureaucrats%27_noticeboard&oldid=856932527#View_delete_problem

Aug 28 2018, 1:26 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core
Xaosflux triaged T202989: Administrators can no longer view deleted history of js/css pages as High priority.
Aug 28 2018, 1:24 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-General-or-Unknown, Security, JavaScript, Security-Core

Aug 27 2018

Xaosflux added a comment to T200176: Deletion of user js and css requires deletion and edituser* rights.

I think "delete" alone should be enough here, e.g. if there is abusive js in some place and the page gets deleted, you don't want it restored by people that can't make it normally.

Aug 27 2018, 9:02 PM · MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), Patch-For-Review, Security-Core, MediaWiki-User-management, Security

Aug 26 2018

Xaosflux added a comment to T173889: Rename article_ and _(prefixed)text variables to page_ and _(prefixed)title.

@Daimona thank you for the update, I'll keep an eye on T190653 for resolution of the "false" --> value fix

Aug 26 2018, 8:10 PM · MW-1.32-notes (WMF-deploy-2018-09-18 (1.32.0-wmf.22)), Growth-Team, MediaWiki-extensions-HitCounters, StructuredDiscussions, User-notice, Patch-For-Review, AbuseFilter
Xaosflux added a comment to T173889: Rename article_ and _(prefixed)text variables to page_ and _(prefixed)title.

While it looks like it was declined(?) before in T54053, none of the moved_to and moved_from protection values are actually being populated, are these deprecated and should just be removed? Example: https://test.wikipedia.org/wiki/Special:AbuseFilter/examine/398011

Aug 26 2018, 5:19 PM · MW-1.32-notes (WMF-deploy-2018-09-18 (1.32.0-wmf.22)), Growth-Team, MediaWiki-extensions-HitCounters, StructuredDiscussions, User-notice, Patch-For-Review, AbuseFilter

Aug 24 2018

Xaosflux added a comment to T92795: Users without 'editcontentmodel' user right cannot create MassMessage delivery lists.

From discussion on T202597 -

Aug 24 2018, 12:04 AM · MassMessage
Xaosflux added a comment to T92795: Users without 'editcontentmodel' user right cannot create MassMessage delivery lists.

@wctaiwan as an immediate workaround, you can do what we did on enwiki: create a batch of empty shells.

Aug 24 2018, 12:02 AM · MassMessage

Aug 23 2018

Xaosflux added a comment to T202597: 'editcontentmodel' missing in metawiki's MassMessage sender group.

@Vogone, this could be re titled - unless you want to build a community consensus on metawiki for changing their group only - I think in the discussion so far we've identified that this is really a "global" problem that could be fixed a few ways.

Aug 23 2018, 5:23 PM · Patch-For-Review, Community-consensus-needed, Wikimedia-Site-requests
Xaosflux added a comment to T202597: 'editcontentmodel' missing in metawiki's MassMessage sender group.

Follow up from: https://meta.wikimedia.org/w/index.php?title=Meta:Babel&oldid=18322653#'editcontentmodel'_permission_for_'massmessage-senders'

Aug 23 2018, 2:17 PM · Patch-For-Review, Community-consensus-needed, Wikimedia-Site-requests
Xaosflux added a comment to T202597: 'editcontentmodel' missing in metawiki's MassMessage sender group.

True, however that access allows for much more than only creating massmessage delivery lists. I'd 100% support a configuration that allows massmessage people to use that special createlist function without also needing to be able to change content models on every page as the default.

Aug 23 2018, 4:05 AM · Patch-For-Review, Community-consensus-needed, Wikimedia-Site-requests
Xaosflux added a comment to T202597: 'editcontentmodel' missing in metawiki's MassMessage sender group.

This is not an "error" it is by design. Simply being able to use the massmessage extension doesn't require changing content models.

Aug 23 2018, 2:50 AM · Patch-For-Review, Community-consensus-needed, Wikimedia-Site-requests

Aug 20 2018

Xaosflux added a comment to T61245: Review the PageNotice extension for deployment.

May be a solution for T6469

Aug 20 2018, 8:54 PM · Wikimedia-extension-review-queue, Community-consensus-needed, Wikimedia-Extension-setup
Xaosflux added a comment to T202244: CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions.

@MarcoAurelio I don't think @Steinsplitter was asking about forcing the group to use it, but to change the CN editing process to reject users that don't have 2FA in addition to other permissions?

Aug 20 2018, 8:25 PM · Fr-CentralNotice-translations, Fundraising-Backlog, MediaWiki-extensions-CentralNotice, Trust-and-Safety, Security, JavaScript, Security-Core

Aug 19 2018

ToBeFree awarded T202244: CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions a Barnstar token.
Aug 19 2018, 8:50 PM · Fr-CentralNotice-translations, Fundraising-Backlog, MediaWiki-extensions-CentralNotice, Trust-and-Safety, Security, JavaScript, Security-Core
Base awarded T202244: CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions a Pterodactyl token.
Aug 19 2018, 8:03 PM · Fr-CentralNotice-translations, Fundraising-Backlog, MediaWiki-extensions-CentralNotice, Trust-and-Safety, Security, JavaScript, Security-Core
Xaosflux created T202244: CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions.
Aug 19 2018, 7:44 PM · Fr-CentralNotice-translations, Fundraising-Backlog, MediaWiki-extensions-CentralNotice, Trust-and-Safety, Security, JavaScript, Security-Core

Aug 18 2018

Xaosflux added a comment to T202095: Require that CentralAuth's global groups all use lowercase internal identifiers.

@Huji how was this determined? Did you manage to query every filter on every project?

Aug 18 2018, 6:06 PM · Core Platform Team Kanban (Doing), Core Platform Team ( Code Health (TEC13)), Patch-For-Review, MediaWiki-extensions-CentralAuth

Aug 17 2018

Xaosflux added a comment to T202095: Require that CentralAuth's global groups all use lowercase internal identifiers.

@Huji enwiki 635 has been updated as well (note it was a deleted filter)

Aug 17 2018, 9:08 PM · Core Platform Team Kanban (Doing), Core Platform Team ( Code Health (TEC13)), Patch-For-Review, MediaWiki-extensions-CentralAuth
Xaosflux added a comment to T202095: Require that CentralAuth's global groups all use lowercase internal identifiers.

It looks like the related default text for MediaWiki:Group-otrs-member-member does not exist either

Aug 17 2018, 11:17 AM · Core Platform Team Kanban (Doing), Core Platform Team ( Code Health (TEC13)), Patch-For-Review, MediaWiki-extensions-CentralAuth
Xaosflux added a comment to T202095: Require that CentralAuth's global groups all use lowercase internal identifiers.

and for any project that localized links for these messages:

Aug 17 2018, 11:11 AM · Core Platform Team Kanban (Doing), Core Platform Team ( Code Health (TEC13)), Patch-For-Review, MediaWiki-extensions-CentralAuth
Xaosflux added a comment to T202095: Require that CentralAuth's global groups all use lowercase internal identifiers.

I changed enwiki's 642; but as the primary purpose of this group is to feed a variable for abusefilters - getting a handle on what is impacted should not be delayed

Aug 17 2018, 11:08 AM · Core Platform Team Kanban (Doing), Core Platform Team ( Code Health (TEC13)), Patch-For-Review, MediaWiki-extensions-CentralAuth
Xaosflux added a comment to T202095: Require that CentralAuth's global groups all use lowercase internal identifiers.

Not sure if there is a good way to search every projects abuse filter details, after a quick search though I found these on 4 large sites:

Aug 17 2018, 2:20 AM · Core Platform Team Kanban (Doing), Core Platform Team ( Code Health (TEC13)), Patch-For-Review, MediaWiki-extensions-CentralAuth

Aug 16 2018

Xaosflux added a comment to T202095: Require that CentralAuth's global groups all use lowercase internal identifiers.

Note, this group is primarily used by various abuse filters, they should be checked to see if this change will require filter updates.

Aug 16 2018, 11:48 PM · Core Platform Team Kanban (Doing), Core Platform Team ( Code Health (TEC13)), Patch-For-Review, MediaWiki-extensions-CentralAuth

Aug 5 2018

Xaosflux added a comment to T200176: Deletion of user js and css requires deletion and edituser* rights.

As there is already special checks in place for userjs/usercss could this also allow for deletion - as the mediawiki namespace normally has its own protection it won't allow arbitrary creation (unlike userspace).

Aug 5 2018, 9:47 PM · MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), Patch-For-Review, Security-Core, MediaWiki-User-management, Security
Xaosflux added a comment to T190015: Create separate user group for editing sitewide CSS/JavaScript that does not include administrators by default.

@Tgr agree it could be desirable - please correct me if I'm wrong but after this change this scenario is created:

Aug 5 2018, 9:28 PM · MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), User-Tgr, Trust-and-Safety, Wikimedia-General-or-Unknown, Patch-For-Review, Security, JavaScript, Security-Core
Xaosflux added a comment to T190015: Create separate user group for editing sitewide CSS/JavaScript that does not include administrators by default.

Followup #2: Will global renamer's that are not local interface admins still be able to move user .js/.css subpages? If not, how will these fail?

Aug 5 2018, 7:43 PM · MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), User-Tgr, Trust-and-Safety, Wikimedia-General-or-Unknown, Patch-For-Review, Security, JavaScript, Security-Core
Xaosflux added a comment to T190015: Create separate user group for editing sitewide CSS/JavaScript that does not include administrators by default.

Following up on discussion from enwiki: Will local sysops's still be able to delete css/js pages if they are not also able to edit them? Specifically in relation to user css/user js pages I suspect this is going to increase the number of users seeking access. Would it be difficult to allow admins to continue to be able to delete? I'm guessing same problem will occur for oversighting these pages? That is if an OS is not also an interface admin will they be unable to perform oversight operations on these pages?

Aug 5 2018, 7:29 PM · MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), User-Tgr, Trust-and-Safety, Wikimedia-General-or-Unknown, Patch-For-Review, Security, JavaScript, Security-Core

Jul 27 2018

Xaosflux added a comment to T197087: Remove or limit edituserjs and similar rights.

With this being removed from sysop, is it actually also being ADDED to techadmin - or will it be orphaned?

Jul 27 2018, 8:24 PM · Security, MediaWiki-Interface, Security-Core

Jul 20 2018

Xaosflux added a comment to T125723: Create an 'ARTICLE_LASTXH_CONTRIBUTORS' function.

This sounds like a very expensive way to run filters, how would it scale? Can someone show a mockup filter for when there are an example 10 different pairs of these restrictions? Or would you implement a separate filter for each group? This also doesn't seem to address discussion type pages - perhaps more filters for that?

Jul 20 2018, 1:05 PM · AbuseFilter

Jul 18 2018

Xaosflux added a comment to T186325: Retaining data for courses organized through the extension during and after deprecation period.

@TheDJ regarding pages like Special:CampusVolunteers, T45931 suggests these profiles are somehow being hidden - they also don't appear to be removable or editable by admins, making them problematic.

Jul 18 2018, 7:34 PM · MediaWiki-extensions-EducationProgram
Xaosflux added a comment to T190015: Create separate user group for editing sitewide CSS/JavaScript that does not include administrators by default.

@Tgr if communities need to opt-in to enable this of their bureaucrats the project level RfCs may take some time (a month is not unusual for a project like enwiki) - as the final specification for what access is being removed from sysop, and which access is being included by default in local-interfaceadmin ?

Jul 18 2018, 11:36 AM · MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), User-Tgr, Trust-and-Safety, Wikimedia-General-or-Unknown, Patch-For-Review, Security, JavaScript, Security-Core

Jul 9 2018

Xaosflux added a comment to T153454: Enable BotPasswords (or similar feature) for web/interactive access.

@Ajraddatz my hopes would be that it would be like botpasswords, where basically you could log on with multiple passwords if you opt in to it, and when you opt in to it you can choose what access is available under your opt. You could lock certain passwords to certain IP's, make some edit-only, etc. Put everything entirely in control of the editor.

Jul 9 2018, 9:42 PM · Security, Security-General, MediaWiki-Authentication-and-authorization

Jul 8 2018

Xaosflux added a comment to T198961: Watchlist on meta wiki not displaying changes until "show" button is clicked.

See also T176033

Jul 8 2018, 12:58 AM · Growth-Team, MediaWiki-Watchlist

Jul 3 2018

Xaosflux changed the status of T85393: Alert users when performing restricted actions with Special:MovePage from Open to Stalled.
Jul 3 2018, 1:25 AM · MediaWiki-Page-editing, MediaWiki-Special-pages

Jul 2 2018

Xaosflux added a comment to T198651: Abuse filter log is showing wrong information.

Possibly related to T173977 ?

Jul 2 2018, 8:16 PM · Patch-For-Review, AbuseFilter
Xaosflux created T198651: Abuse filter log is showing wrong information.
Jul 2 2018, 8:12 PM · Patch-For-Review, AbuseFilter

Jul 1 2018

Xaosflux closed T197860: Special:Userrights does not display temporary groups if the user is in no non-temporary, non-automatic groups as Resolved.
Jul 1 2018, 4:29 AM · Patch-For-Review, MediaWiki-Platform-Team (MWPT-Q4-Apr-Jun-2018), MediaWiki-Special-pages
Xaosflux updated subscribers of T197860: Special:Userrights does not display temporary groups if the user is in no non-temporary, non-automatic groups.
Jul 1 2018, 4:29 AM · Patch-For-Review, MediaWiki-Platform-Team (MWPT-Q4-Apr-Jun-2018), MediaWiki-Special-pages
Xaosflux updated the task description for T197860: Special:Userrights does not display temporary groups if the user is in no non-temporary, non-automatic groups.
Jul 1 2018, 4:28 AM · Patch-For-Review, MediaWiki-Platform-Team (MWPT-Q4-Apr-Jun-2018), MediaWiki-Special-pages
Xaosflux renamed T197860: Special:Userrights does not display temporary groups if the user is in no non-temporary, non-automatic groups from 7iaaaaaaaa to Special:Userrights does not display temporary groups if the user is in no non-temporary, non-automatic groups.
Jul 1 2018, 4:28 AM · Patch-For-Review, MediaWiki-Platform-Team (MWPT-Q4-Apr-Jun-2018), MediaWiki-Special-pages
Xaosflux closed T195304: Special:UserRights does not display temporary groups to users that can not change userrights as Resolved.
Jul 1 2018, 4:28 AM · MediaWiki-User-management, MediaWiki-Special-pages
Xaosflux updated the task description for T195304: Special:UserRights does not display temporary groups to users that can not change userrights.
Jul 1 2018, 4:28 AM · MediaWiki-User-management, MediaWiki-Special-pages
Xaosflux renamed T195304: Special:UserRights does not display temporary groups to users that can not change userrights from 7hcaaaaaaa to Special:UserRights does not display temporary groups to users that can not change userrights.
Jul 1 2018, 4:28 AM · MediaWiki-User-management, MediaWiki-Special-pages
Xaosflux assigned T195625: Implement a responsive layout for MonoBook to Isarra.
Jul 1 2018, 4:28 AM · Patch-For-Review, User-notice, MonoBook
Xaosflux lowered the priority of T195625: Implement a responsive layout for MonoBook from High to Normal.
Jul 1 2018, 4:28 AM · Patch-For-Review, User-notice, MonoBook