Xaosflux (Xaos Flux)
Executive

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Nov 2 2014, 4:13 PM (159 w, 4 d)
Availability
Available
IRC Nick
xaosflux
LDAP User
Unknown
MediaWiki User
Xaosflux

Recent Activity

Mon, Nov 20

Xaosflux added a project to T152794: Enable visual editor in Wikiprojects spaces on English Wikipedia: Community-consensus-needed.
Mon, Nov 20, 6:17 PM · Community-consensus-needed, VisualEditor-MediaWiki, Wikimedia-Site-requests, VisualEditor

Fri, Nov 17

Xaosflux added a comment to T172079: Special:OATH should go to 2FA setup, not just disable.

Something seems to be missing here - you can enroll as many devices as you want, at any time with us - provided you store your two-factor secret key. That key can be re-used in the future to initialize more authentication clients at any time. So this is already information that the users have, though hopefully if they store it they store it safely. That being said, being able to access it online after re authenticating with 2FA seems fine to me.

Fri, Nov 17, 6:26 PM · MediaWiki-extensions-OATHAuth

Thu, Nov 16

Xaosflux added a comment to T180654: Disable Two-factor authentication for user AuburnPilot (enwiki).

@jrbs can you take a look at T85706 - seems there is a gap on what policies and procedures are best to use in these situations. Thank you!

Thu, Nov 16, 3:10 AM · Wikimedia-Site-requests, Support-and-Safety

Sun, Nov 5

Xaosflux renamed T174282: some autoconfirmed enwiki users are unable to edit semi-protected pages / create new articles from autoconfirmed enwiki user is unable to edit semi-protected pages to some autoconfirmed enwiki users are unable to edit semi-protected pages / create new articles.
Sun, Nov 5, 3:31 PM · MediaWiki-User-management

Oct 14 2017

Xaosflux changed the status of T71607: Split 'protect' right in two distinct permissions (instead of using '$wgCascadingRestrictionLevels') from Open to Stalled.
Oct 14 2017, 2:36 PM · MediaWiki-Page-protection
Xaosflux added a comment to T71607: Split 'protect' right in two distinct permissions (instead of using '$wgCascadingRestrictionLevels').

Just ran across this again in discussion on enwiki: https://en.wikipedia.org/wiki/Wikipedia:Village_pump_(policy)#RFC:_Proposal_to_allow_Template_Editors_the_ability_to_indirectly_edit_the_Main_Page

Oct 14 2017, 2:36 PM · MediaWiki-Page-protection

Oct 12 2017

Xaosflux added a parent task for T166109: Some students enrol but do not show up in the list of enrolled users: T156502: Enrolled student not appearing in student list on education course page.
Oct 12 2017, 12:15 PM · MediaWiki-extensions-EducationProgram
Xaosflux added a subtask for T156502: Enrolled student not appearing in student list on education course page: T166109: Some students enrol but do not show up in the list of enrolled users.
Oct 12 2017, 12:15 PM · MediaWiki-extensions-EducationProgram
Xaosflux triaged T156502: Enrolled student not appearing in student list on education course page as Normal priority.
Oct 12 2017, 12:14 PM · MediaWiki-extensions-EducationProgram
Xaosflux triaged T166109: Some students enrol but do not show up in the list of enrolled users as Normal priority.

Another recent example:

Oct 12 2017, 12:11 PM · MediaWiki-extensions-EducationProgram

Oct 10 2017

Xaosflux closed T177728: Special:Block is showing ⧼blockip-legend⧽ when the associated message does not exist as Resolved.

This is now resolved, showing the default data

Oct 10 2017, 11:37 AM · MediaWiki-User-management, Regression
Xaosflux added a comment to T177728: Special:Block is showing ⧼blockip-legend⧽ when the associated message does not exist.

@Liuxinyu970226 if you want to follow up on that, please open a new ticket for problems with phabricator itself.

Oct 10 2017, 11:37 AM · MediaWiki-User-management, Regression

Oct 9 2017

Xaosflux updated subscribers of T177728: Special:Block is showing ⧼blockip-legend⧽ when the associated message does not exist.

@Reedy , possibly related to an update you mentioned in T177705

Oct 9 2017, 2:24 AM · MediaWiki-User-management, Regression
Xaosflux triaged T177728: Special:Block is showing ⧼blockip-legend⧽ when the associated message does not exist as Normal priority.
Oct 9 2017, 2:23 AM · MediaWiki-User-management, Regression
Xaosflux added a comment to T177705: REGRESSION - Option to suppress user accounts on blocks (hideuser) disappeared after migrating to OOjs UI.

With multiple changes to this interface occurring, a new bug may be related and is reported in T177728.

Oct 9 2017, 2:22 AM · MW-1.31-release-notes (WMF-deploy-2017-10-03 (1.31.0-wmf.2)), Patch-For-Review, Regression, Stewards-and-global-tools, MediaWiki-User-management
Xaosflux created T177728: Special:Block is showing ⧼blockip-legend⧽ when the associated message does not exist.
Oct 9 2017, 2:21 AM · MediaWiki-User-management, Regression

Oct 5 2017

Xaosflux awarded T177429: Linter's UI message strings cannot include wikimarkup a Like token.
Oct 5 2017, 9:34 PM · MW-1.31-release-notes (WMF-deploy-2017-10-10 (1.31.0-wmf.3)), Patch-For-Review, MediaWiki-extensions-Linter

Oct 4 2017

Xaosflux moved T177182: Spammy notices should go away from Unsorted to Single wikis on the Community-consensus-needed board.
Oct 4 2017, 2:39 PM · Community-consensus-needed, InternetArchiveBot
Xaosflux added a project to T177182: Spammy notices should go away: Community-consensus-needed.
Oct 4 2017, 2:39 PM · Community-consensus-needed, InternetArchiveBot
Xaosflux added a comment to T177182: Spammy notices should go away.

See Also https://en.wikipedia.org/wiki/Wikipedia:Bots/Noticeboard#Run_around.2C_re:_InternetArchiveBot

Oct 4 2017, 1:12 PM · Community-consensus-needed, InternetArchiveBot

Oct 1 2017

Xaosflux triaged T177157: can't sign in on wikipedia as Low priority.
Oct 1 2017, 1:55 AM
Xaosflux added a comment to T177157: can't sign in on wikipedia.

@Antoniolexis2001 try clearing all your wikimedia cookies (if you can't find them clear all cookies) and try again. If you still can't log on please let us know much more details.

Oct 1 2017, 1:55 AM

Sep 25 2017

Xaosflux added a comment to T126798: Add rollback confirmation to mediawiki software.

No please, adding extra steps to rollback will be very annoying. Fine for having an OPTION to "require confirmation for rollback (maybe also undo?) actions" that can be opted in to.

Sep 25 2017, 8:13 PM · MediaWiki-General-or-Unknown

Sep 16 2017

Xaosflux added a comment to T175684: Please create the Edit filter helper user group on en.wp.

Creating the messages is not a blocking task, however I've already made the localizations so it is done anyway.

Sep 16 2017, 12:18 PM · User-MarcoAurelio, Wikimedia-Site-requests

Sep 8 2017

Xaosflux added a comment to T174862: Special:AbuseLog should not show log entries of private filters.

I like the idea of per-filter additional screening being an option.

Sep 8 2017, 11:36 PM · AbuseFilter
Xaosflux added a comment to T162895: LintErrors should have a manual at the top of the report pages.

@Elitre isn't that what we already have - there are messages assigned to these pages already, just make translations.

Sep 8 2017, 4:33 PM · MediaWiki-extensions-Linter
Xaosflux triaged T162895: LintErrors should have a manual at the top of the report pages as Low priority.

Even the help link is customizable on wiki from MediaWiki:helppage-top-gethelp

Sep 8 2017, 3:27 AM · MediaWiki-extensions-Linter

Sep 7 2017

Xaosflux added a comment to T162895: LintErrors should have a manual at the top of the report pages.

MediaWiki:Linterrors-summary looks as though it can be populated to include whatever you want

Sep 7 2017, 5:15 PM · MediaWiki-extensions-Linter

Aug 31 2017

Xaosflux added a comment to T174282: some autoconfirmed enwiki users are unable to edit semi-protected pages / create new articles.

I expect he should have been since ~2017-06-02 (passing the 4day+10 edits threshold)

Aug 31 2017, 1:29 PM · MediaWiki-User-management

Aug 30 2017

Xaosflux added a comment to T153691: Strengthen two factor authentication by making it concurrent instead of sequential during the authentication process.

This is only with the current coding. I've used other 2FA systems such as RSA's token system, the logon screen has multiple boxes: userid, tokenPIN/tokenCode, password, realm. Failed logons for any reason all present the same error.

Aug 30 2017, 11:12 PM · MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OATHAuth, Security-Team
Xaosflux added a comment to T174282: some autoconfirmed enwiki users are unable to edit semi-protected pages / create new articles.

Certainly, the GUI reflects that as well. Short of asking him for his password what other options exist for troubleshooting this? Is there an "impersonate" feature that can be used by devs?

Aug 30 2017, 12:43 PM · MediaWiki-User-management

Aug 27 2017

Xaosflux created T174282: some autoconfirmed enwiki users are unable to edit semi-protected pages / create new articles.
Aug 27 2017, 12:55 PM · MediaWiki-User-management

Aug 24 2017

Xaosflux removed projects from T173556: class "not-patrolled" no longer set for <li> on Special:NewPages: MW-1.30-release-notes, User-Urbanecm, Regression.

Confirmed resolved on enwiki https://en.wikipedia.org/wiki/Special:NewPages

Aug 24 2017, 8:40 PM · Regression, User-Urbanecm, MW-1.30-release, MediaWiki-Patrolling

Aug 18 2017

Xaosflux updated subscribers of T173556: class "not-patrolled" no longer set for <li> on Special:NewPages.
Aug 18 2017, 2:44 AM · Regression, User-Urbanecm, MW-1.30-release, MediaWiki-Patrolling
Xaosflux created T173556: class "not-patrolled" no longer set for <li> on Special:NewPages.
Aug 18 2017, 2:43 AM · Regression, User-Urbanecm, MW-1.30-release, MediaWiki-Patrolling

Jul 23 2017

Xaosflux triaged T157747: ?action=info incorrectly states that a new page is indexed when not as Normal priority.
Jul 23 2017, 4:54 PM · MediaWiki-extensions-PageCuration, Collaboration-Team-Triage

Jul 20 2017

Xaosflux added a comment to T170969: pageimages is listing non-free media as page_image_free.

on-wiki is too dependent on random editors - ANY non-free license should override any free license

Jul 20 2017, 10:27 PM · Reading-Web-Local-Wiki-Issues, Readers-Web-Backlog (Tracking), CommonsMetadata, MediaWiki-API, PageImages

Jul 18 2017

Xaosflux added a project to T170969: pageimages is listing non-free media as page_image_free: MediaWiki-API.
Jul 18 2017, 6:49 PM · Reading-Web-Local-Wiki-Issues, Readers-Web-Backlog (Tracking), CommonsMetadata, MediaWiki-API, PageImages
Xaosflux created T170969: pageimages is listing non-free media as page_image_free.
Jul 18 2017, 6:47 PM · Reading-Web-Local-Wiki-Issues, Readers-Web-Backlog (Tracking), CommonsMetadata, MediaWiki-API, PageImages

Jul 17 2017

Xaosflux added a comment to T170097: Some old accounts unable to login.

@jsn.sherman I can now log on.

Jul 17 2017, 4:10 AM · Library-Card-Platform, MediaWiki-extensions-OAuth

Jul 15 2017

Xaosflux added a comment to T170753: Wikipedia Library Server Error.

Steps to reproduce now:

  1. go to wikipedialibrary.wmflabs.org
  2. press logon
  3. get error
Jul 15 2017, 10:54 PM · Library-Card-Platform
Xaosflux created T170753: Wikipedia Library Server Error.
Jul 15 2017, 10:52 PM · Library-Card-Platform

Jul 7 2017

Xaosflux added a comment to T169261: Users unable to remain logged in, associated with attempts to upgrade the password hash on every login.

Just had another user with issue (https://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_(technical)&oldid=789384548#Problem_with_logging_in) Nineko - they only got in after finding a wiki they had never logged in to with central auth (zh.wikivoyage in this case).

Jul 7 2017, 1:31 AM · MW-1.30-release-notes (WMF-deploy-2017-07-11_(1.30.0-wmf.9)), MediaWiki-Authentication-and-authorization, Wikimedia-General-or-Unknown

Jul 6 2017

Xaosflux added a comment to T168736: AbuseFilter is reading variables incorrectly and tripping the wrong edits.

@MusikAnimal - forget that last one - there was a deletion action in the middle there.

Jul 6 2017, 10:40 PM · Anti-Harassment, AbuseFilter
Xaosflux added a comment to T168736: AbuseFilter is reading variables incorrectly and tripping the wrong edits.

STRIKE THIS - it was a deletion/restoration

Jul 6 2017, 7:11 PM · Anti-Harassment, AbuseFilter

Jul 2 2017

Xaosflux added a comment to T150566: Support BotPasswords.

@Reedy is there anything you want done here?

Jul 2 2017, 3:18 PM · WorkType-NewFunctionality, Bot-Frameworks, AutoWikiBrowser
Xaosflux added a comment to T150566: Support BotPasswords.

@Zoranzoki21 see https://en.wikipedia.org/wiki/Wikipedia:Using_AWB_with_2FA for the "Easy Guide"

Jul 2 2017, 2:27 PM · WorkType-NewFunctionality, Bot-Frameworks, AutoWikiBrowser
Xaosflux added a comment to T169261: Users unable to remain logged in, associated with attempts to upgrade the password hash on every login.

Just had another one reporting on enwiki, User:Thankyoubaby - had them resolve it by browsing directly to https://login.wikimedia.org

Jul 2 2017, 1:43 AM · MW-1.30-release-notes (WMF-deploy-2017-07-11_(1.30.0-wmf.9)), MediaWiki-Authentication-and-authorization, Wikimedia-General-or-Unknown

Jul 1 2017

Xaosflux lowered the priority of T150566: Support BotPasswords from Normal to Lowest.
Jul 1 2017, 12:42 PM · WorkType-NewFunctionality, Bot-Frameworks, AutoWikiBrowser

Jun 30 2017

Xaosflux added a comment to T14396: "what links here" should list the template, not the pages that use it.

In some cases it could be desirable to link back, so if this is going to be implemented it should be in a manner that is editor controlled as to the link back target.

Jun 30 2017, 3:39 PM · Discovery-Search, Community-Wishlist-Survey-2016, Schema-change, MediaWiki-Special-pages

Jun 24 2017

Xaosflux awarded T168736: AbuseFilter is reading variables incorrectly and tripping the wrong edits a Burninate token.
Jun 24 2017, 12:43 AM · Anti-Harassment, AbuseFilter

Jun 14 2017

Xaosflux added a comment to T162454: LanguageScreenshotBot trying to edit a non-existent page without signing in.

Please note, as decided in Wikipedia:Articles for deletion/Screenshot/fodder the English Wikipedia community rejects having such test pages hosted in mainspace. Possible alternatives would be loading the text to a specific version, or using a different namespace.

Jun 14 2017, 11:51 PM · Release-Engineering-Team (Next), User-Ryasmeen, User-zeljkofilipin, VisualEditor

Jun 7 2017

Xaosflux renamed T71168: De emphasize pre selected edit summaries in mobile application from De emphasize pre selected edit summaries to De emphasize pre selected edit summaries in mobile application.
Jun 7 2017, 8:46 PM · Wikipedia-Android-App-Backlog, Wikipedia-iOS-App-Backlog
Xaosflux added a comment to T167347: Labels on Special:Undelete should be updated after fuzzy search is added.

If it really is a title only search perhaps "Show page titles containing:" would be ever better

Jun 7 2017, 8:17 PM · MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)), Patch-For-Review, Discovery-Search (Current work), Discovery

May 31 2017

Xaosflux raised the priority of T162068: Delete mailing list wikien-bureaucrats from Lowest to Low.
May 31 2017, 9:33 PM · Wikimedia-Mailing-lists
Xaosflux removed a project from T162068: Delete mailing list wikien-bureaucrats: WMF-Legal.

WMF legal replied:

May 31 2017, 9:33 PM · Wikimedia-Mailing-lists

May 30 2017

Xaosflux added a comment to T159468: Ensure that the 2FA login interface accepts scratch codes.

@Mholloway is this concern related to a specific interface (e.g. the Android Mobile Client interface, the general Web interface) ?

May 30 2017, 10:55 AM · Reading Epics (Authentication), Wikipedia-Android-App-Backlog

May 25 2017

Xaosflux added a comment to T162068: Delete mailing list wikien-bureaucrats.

@RobH (https://en.wikipedia.org/w/index.php?title=Wikipedia:Bureaucrats%27_noticeboard&oldid=782186616) was opened and closed out as DELETE the archives. Please review that discussion. Note there was no reply from WMF legal - but if there are legal controls in place than existing foundation policies would trump these volunteer decisions.

May 25 2017, 12:05 PM · Wikimedia-Mailing-lists

May 24 2017

Xaosflux awarded T11790: Watchlist doesn't show earlier normal edits when hiding bot edits or minor edits a Like token.
May 24 2017, 11:40 PM · Bot-Frameworks, Collaboration-Team-Triage, Community-Wishlist-Survey-2016, Patch-For-Review, Epic, MediaWiki-Watchlist

May 21 2017

Xaosflux added a project to T162068: Delete mailing list wikien-bureaucrats: WMF-Legal.

enwiki discussion has asked if there are WMF-Legal issues that need to be addressed - dropped them an email.

May 21 2017, 8:31 PM · Wikimedia-Mailing-lists

May 19 2017

Xaosflux added a comment to T162068: Delete mailing list wikien-bureaucrats.

I prodded the enwiki discussion at https://en.wikipedia.org/wiki/Wikipedia:Bureaucrats%27_noticeboard#wikien-bureaucrats_archives

May 19 2017, 10:47 AM · Wikimedia-Mailing-lists

May 16 2017

Xaosflux updated the task description for T157747: ?action=info incorrectly states that a new page is indexed when not.
May 16 2017, 9:54 PM · MediaWiki-extensions-PageCuration, Collaboration-Team-Triage

Apr 26 2017

Xaosflux added a comment to T162068: Delete mailing list wikien-bureaucrats.

@RobH we will review the archive needs and submit a separate ticket for them if this is closed prior to a decision.

Apr 26 2017, 9:49 PM · Wikimedia-Mailing-lists

Apr 17 2017

Xaosflux added a comment to T138711: Enable Machine Translation in English in the content translation tool.

There is a enwiki RFC open that may resolve the community consensus question here: https://en.wikipedia.org/wiki/Wikipedia_talk:Translation#RFC

Apr 17 2017, 4:49 AM · Community-consensus-needed, WorkType-NewFunctionality, ContentTranslation, ContentTranslation-Deployments
Xaosflux added a comment to T138711: Enable Machine Translation in English in the content translation tool.

One recurring issue has been trouble with the translation tool interface - it is hard to add community controlled messages in to the page - adding a MediaWiki transclusion to the page where community expectations could be spelled out may be sufficient. Any devs of this tool have options for us?

Apr 17 2017, 2:33 AM · Community-consensus-needed, WorkType-NewFunctionality, ContentTranslation, ContentTranslation-Deployments

Apr 16 2017

Xaosflux changed the status of T138711: Enable Machine Translation in English in the content translation tool from Open to Stalled.

@kaldari - the existence of the enwiki abusefilter is preventing all CXT by newer users to the English Wikipedia - however it does not represent a community consensus that machine translation is supported otherwise - please cite an enwiki discussion supporting enabling machine translation - the only thing I am seeing in https://en.wikipedia.org/wiki/Wikipedia:Translation#Avoid_machine_translations - specifically saying to avoid machine translations for all editors.

Apr 16 2017, 11:37 PM · Community-consensus-needed, WorkType-NewFunctionality, ContentTranslation, ContentTranslation-Deployments

Apr 7 2017

MGChecker awarded T143531: Back out the change that changed action=purge to require a confirmation page a Like token.
Apr 7 2017, 11:09 PM · Patch-For-Review, MediaWiki-General-or-Unknown, Regression

Apr 5 2017

Nemo_bis awarded T162068: Delete mailing list wikien-bureaucrats a Piece of Eight token.
Apr 5 2017, 9:29 AM · Wikimedia-Mailing-lists

Apr 3 2017

Xaosflux updated the task description for T162068: Delete mailing list wikien-bureaucrats.
Apr 3 2017, 5:05 PM · Wikimedia-Mailing-lists
Xaosflux triaged T162068: Delete mailing list wikien-bureaucrats as Lowest priority.
Apr 3 2017, 5:03 PM · Wikimedia-Mailing-lists
Xaosflux created T162068: Delete mailing list wikien-bureaucrats.
Apr 3 2017, 5:02 PM · Wikimedia-Mailing-lists

Mar 30 2017

Xaosflux created T161772: phabricator search fails with PhutilAggregateException.
Mar 30 2017, 1:24 AM · Phabricator

Mar 22 2017

Xaosflux added a comment to T153118: Edit notices box not displaying all the items or not displaying them well?.

Another example on enwiki - going to a page with editnotices (e.g. https://en.wikipedia.org/w/index.php?title=Abortion&action=edit) using the source editor works fine - if switching to VE the notices are lost, manually looking for them in the triangle button says no notices. (Firefox, monobook)

Mar 22 2017, 3:24 AM · VisualEditor-MediaWiki, VisualEditor

Jan 30 2017

Xaosflux moved T156448: Remove flaggedrevs-protect-review (PC2) page protection option from the English Wikipedia from To deploy to Done on the Wikimedia-Site-requests board.
Jan 30 2017, 11:49 PM · User-Urbanecm, Wikimedia-Site-requests

Jan 27 2017

Xaosflux triaged T156448: Remove flaggedrevs-protect-review (PC2) page protection option from the English Wikipedia as Low priority.
Jan 27 2017, 4:23 AM · User-Urbanecm, Wikimedia-Site-requests
Xaosflux added a project to T156448: Remove flaggedrevs-protect-review (PC2) page protection option from the English Wikipedia: Wikimedia-Site-requests.
Jan 27 2017, 4:23 AM · User-Urbanecm, Wikimedia-Site-requests
Xaosflux removed a project from T156448: Remove flaggedrevs-protect-review (PC2) page protection option from the English Wikipedia: MediaWiki-Configuration.
Jan 27 2017, 4:22 AM · User-Urbanecm, Wikimedia-Site-requests
Xaosflux added a project to T156448: Remove flaggedrevs-protect-review (PC2) page protection option from the English Wikipedia: MediaWiki-Configuration.
Jan 27 2017, 4:21 AM · User-Urbanecm, Wikimedia-Site-requests
Xaosflux created T156448: Remove flaggedrevs-protect-review (PC2) page protection option from the English Wikipedia.
Jan 27 2017, 4:16 AM · User-Urbanecm, Wikimedia-Site-requests

Jan 9 2017

Xaosflux added a comment to T151770: Frequent loss of session data in Firefox (since around 2016-11-28).

In Firefox 50.1.0 I don't see a key named network.cookie.maxPerHost - is the workaround suggesting to create this key, is so what datatype?

Jan 9 2017, 10:36 PM · User-Urbanecm, User-notice, Upstream, Browser-Support-Firefox, MediaWiki-Authentication-and-authorization, Contributors-Team

Jan 4 2017

Xaosflux updated the task description for T142209: Semi-protected pages that were fully protected should automatically return to previous state (#7).
Jan 4 2017, 8:40 PM · TCB-Team (Oct2016-March2017), German-Community-Wishlist-Main-Wishes
Xaosflux updated the task description for T142209: Semi-protected pages that were fully protected should automatically return to previous state (#7).
Jan 4 2017, 8:39 PM · TCB-Team (Oct2016-March2017), German-Community-Wishlist-Main-Wishes
Xaosflux added a comment to T142209: Semi-protected pages that were fully protected should automatically return to previous state (#7).

I'd like to see an optional set of parameters for protection to solve this. 2 possible workflows:

Jan 4 2017, 8:39 PM · TCB-Team (Oct2016-March2017), German-Community-Wishlist-Main-Wishes

Jan 1 2017

Xaosflux updated subscribers of T70399: Provide a way to transclude a specific revision of a template.
Jan 1 2017, 5:23 PM · MediaWiki-Templates

Dec 20 2016

Xaosflux added a comment to T153691: Strengthen two factor authentication by making it concurrent instead of sequential during the authentication process.

This of course is equivalent to exposing whether or not the user has OATH enabled, since an attacker could just use a dummy password and then see if they get an OATH prompt.

Except the goal is not to protect the user's OATH enrollment status, which does not matter and is not secret. The goal is to make an incorrect password indistinguishable from an incorrect OATH code by not attempting to authenticate until all the necessary secrets have been collected.

Dec 20 2016, 3:04 AM · MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OATHAuth, Security-Team

Dec 19 2016

Xaosflux added a comment to T153691: Strengthen two factor authentication by making it concurrent instead of sequential during the authentication process.

I'm not too picky on the "how" as long as the result is that information on if the password was correctly guessed is not revealed. Similarly, the authentication failed error message should not be different for bad token vs bad password vs bad both.

Dec 19 2016, 7:13 PM · MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OATHAuth, Security-Team
Xaosflux updated the task description for T153691: Strengthen two factor authentication by making it concurrent instead of sequential during the authentication process.
Dec 19 2016, 5:45 PM · MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OATHAuth, Security-Team
Xaosflux edited projects for T153691: Strengthen two factor authentication by making it concurrent instead of sequential during the authentication process, added: MediaWiki-extensions-OATHAuth; removed MediaWiki-extensions-TwoFactorAuthentication.
Dec 19 2016, 5:41 PM · MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OATHAuth, Security-Team
Xaosflux added a comment to T153691: Strengthen two factor authentication by making it concurrent instead of sequential during the authentication process.

Suggested implementation would be to collect all authentication information simultaneously (userid, passphase, 2FA response). For accounts without 2FA enabled, simply ignore any (including null responses) to the challenge response.

Dec 19 2016, 5:40 PM · MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OATHAuth, Security-Team
Xaosflux created T153691: Strengthen two factor authentication by making it concurrent instead of sequential during the authentication process.
Dec 19 2016, 5:38 PM · MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OATHAuth, Security-Team

Dec 16 2016

Xaosflux added a comment to T153403: Watchlist toast no longer processing markup.

I'm not sure what dewiki is trying to do, but its a mess to readers right now who are seeing this:

Dec 16 2016, 9:54 PM · MediaWiki-Watchlist, Regression
Xaosflux added a comment to T153403: Watchlist toast no longer processing markup.

Thank you for the note.

Dec 16 2016, 8:05 PM · MediaWiki-Watchlist, Regression
Xaosflux reopened T153403: Watchlist toast no longer processing markup, a subtask of T45512: Add wikitext bold and italic support to jqueryMsg, as Open.
Dec 16 2016, 7:56 PM · MediaWiki-Internationalization, I18n, JavaScript
Xaosflux reopened T153403: Watchlist toast no longer processing markup as "Open".
Dec 16 2016, 7:56 PM · MediaWiki-Watchlist, Regression
Xaosflux closed T153403: Watchlist toast no longer processing markup as Resolved.

I suppose whatever parts the local communities want. If devs are pushing that only plain text and the variable will be supported for this interface then this (and the parent) should just be moved to won't fix.

Dec 16 2016, 7:55 PM · MediaWiki-Watchlist, Regression
Xaosflux closed T153403: Watchlist toast no longer processing markup, a subtask of T45512: Add wikitext bold and italic support to jqueryMsg, as Resolved.
Dec 16 2016, 7:55 PM · MediaWiki-Internationalization, I18n, JavaScript
Xaosflux changed the status of T45512: Add wikitext bold and italic support to jqueryMsg from Open to Stalled.
Dec 16 2016, 6:41 PM · MediaWiki-Internationalization, I18n, JavaScript
Xaosflux triaged T153403: Watchlist toast no longer processing markup as Low priority.
Dec 16 2016, 6:38 PM · MediaWiki-Watchlist, Regression
Xaosflux renamed T153403: Watchlist toast no longer processing markup from Watchlist toast no longer processing markup and parser functions to Watchlist toast no longer processing markup.
Dec 16 2016, 6:37 PM · MediaWiki-Watchlist, Regression
Xaosflux added a subtask for T45512: Add wikitext bold and italic support to jqueryMsg: T153403: Watchlist toast no longer processing markup.
Dec 16 2016, 6:37 PM · MediaWiki-Internationalization, I18n, JavaScript