Page MenuHomePhabricator

grin (Peter Gervai)
Being

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Friday

  • Clear sailing ahead.

User Details

User Since
Feb 23 2015, 12:25 PM (238 w, 1 d)
Availability
Available
IRC Nick
grin
LDAP User
Unknown
MediaWiki User
Grin [ Global Accounts ]

Google me.

(Blurb: huwp founder, osm contributor, dmoz/hu section founder; doing all kinds of weird stuff with email, linux, perl, various networkng equipments and stuff. Talking/writing too much. https://en.wikipedia.org/wiki/Peter_Gervai )

Recent Activity

Aug 6 2019

grin added a comment to T207650: Email sent from wikipedia UI seems to use nondeliverable sender: 550 Administrative prohibition.

Hmm, the problem is possibly here:

Aug 6 2019, 7:02 PM · Mail
grin added a comment to T207650: Email sent from wikipedia UI seems to use nondeliverable sender: 550 Administrative prohibition.

You are wrong, it was rejected by, as I have mentioned several times, by mx1001.wikimedia.org [2620:0:861:3:208:80:154:76]. What you are seeing is the rejection based on the rejection of mx1001. The important part is:

Aug 6 2019, 6:50 PM · Mail
grin added a comment to T207650: Email sent from wikipedia UI seems to use nondeliverable sender: 550 Administrative prohibition.

It is still not fixed, but I have a recent sample.

Aug 6 2019, 6:16 PM · Mail

May 20 2019

grin added a comment to T186061: Evaluate Matrix / Riot.im.
  1. If one's running a real room then "power levels" ought to be used a bit differently to prevent problems later: one shall use "admin" as level 90, and "owner" as level 100, and there may be used a level between admin and normal to let people to invite others or to change the topic of the room. The main reason is that equivalent level users cannot change one another, so without the admin+ level admins cannot be demoted, either by request ("I have lost the client keys please remove me") or due to loss of trust.
May 20 2019, 3:47 PM · Matrix, User-Tgr, Developer-Advocacy

Oct 25 2018

grin created T207938: Make actual number of servers available (like in Grafana board).
Oct 25 2018, 11:00 AM · observability, Graphite

Oct 24 2018

grin added a comment to T207650: Email sent from wikipedia UI seems to use nondeliverable sender: 550 Administrative prohibition.

Sorry for being unclear, it wasn't intentional. There was a report of missing mail sent from Wikipedia (wikipedia posted a notice to the user that an email has been sent and the email never have been arrived) and I started inspecting mailserver logs for unusual traffic from anything wikipedia related around the same timeframe.
If anyone really want to do anything about it I can spend time and testing on it [basically sending mail myself and correlate with logs], but not before, since unfortunately my time is a scarce resource.

Oct 24 2018, 2:21 PM · Mail
grin added a comment to T207650: Email sent from wikipedia UI seems to use nondeliverable sender: 550 Administrative prohibition.

Steps to reproduce: I can't tell you, since this is an incoming email. I have included possibly all the information required to look it up (except the specific timestamp, 2018-10-18 19:49:57 CET) in the mailserver logs, but obviously I do not have any further information on a mail I neither originated nor received. :-) It's from wikipedia, and judging by the sender it may have been generated from something on huwiki, so my educated guess was email-to-a-registered-user-from-the-website.

Oct 24 2018, 10:11 AM · Mail

Oct 22 2018

grin created T207650: Email sent from wikipedia UI seems to use nondeliverable sender: 550 Administrative prohibition.
Oct 22 2018, 11:34 AM · Mail

Jun 7 2018

grin added a comment to T193148: How does the GDPR affect Wikimedia sites and Wikibase instances?.

And the conclusion was …?

Jun 7 2018, 2:18 PM · WMF-Legal, Wikibase-UserGroup

Feb 1 2018

grin added a comment to T186193: clamav errors on mendelevium.

It's a clamd bug + a signature bug. The signature has been fixed the same day it's been fucked up, and clamd will be updated to fix the problem (which resulted dangling filehandles, out of file descriptors, not deleted tmp files and more). Should have been error-free if sigs were updated.

Feb 1 2018, 6:39 PM · Mail

Jan 5 2018

grin added a comment to T184230: Disavow emails from wikipedia.com.

Whoever uses it should be covered by the SPF anyway, that's the point.

Jan 5 2018, 7:49 AM · Patch-For-Review, Operations, Mail

Jul 21 2017

grin added a comment to T166291: Exim panics when spamd reaches maxchildren.

I know I am lazy so I still haven't decyphered the configs how you handle spamd, but a few notes in the dark:

  • you can use defer_ok to let messages through in case of spamd failure
spam = everybody/defer_ok
  • creating spamd instances are usually pretty cheap if you're using fast common bayes (like redis) and fast common whitelist (like postgres). I have usually four spamd containers around, 2 for everyday load (40%-40%) and the rest is for emergencies (10%-10%), which only get used when the main ones saturate. (I gave them plenty of mamory and let 50+ connection per instance.)
  • I observed no real difference between prefork or dynamic fork configs (unless your fork is expensive), so it's pointless to fiddle with it
  • exim max parallel deliveries strongly correlate to expected spamd parallel scans. if you let exim handle lots of connections you need spamd which can handle it as well.
Jul 21 2017, 11:56 AM · Mail, Operations

Jun 4 2017

grin created T166991: Add language support for hu.
Jun 4 2017, 5:51 PM · Bad-Words-Detection-System, revscoring, Scoring-platform-team, artificial-intelligence

May 3 2017

grin added a comment to T117127: Add support for the Meek STV method in SecurePoll.

A bit of a latecomer but I would comment that by some (and this some seems to be more some than the meek supporters* ;-)) the Schulze STV (https://en.wikipedia.org/wiki/Schulze_STV) is considered pretty useful in the real life scenarios (and usually recommended over other multi-winner systems by geeks).

May 3 2017, 8:05 AM · Elections, MediaWiki-extensions-SecurePoll

Apr 8 2017

grin added a comment to T160529: Sender email spoofing.

@Nemo_bis uh, these servers are basically idle. Any SPF checking may be okay, fork or otherwise.

Apr 8 2017, 9:51 PM · Security, Operations, Mail, Wikimedia-Mailing-lists

Apr 7 2017

grin added a comment to T133717: Letsencrypt all the prod things we can - planning.

Just as a sidenote: be aware that wildcards are only wildcard one level up, not any; *.wikimedia.org matches robh.wikimedia.org but not server01.robh.wikimedia.org (which became obvious on the OSM tileservers on labs).

Apr 7 2017, 8:13 PM · Operations, Traffic
grin added a comment to T160529: Sender email spoofing.

AFAIK, from the list members email server point of view, any SPF check will pass since it's checking WMF's mailman server.

Indeed, see example (from a gmail recipient address):

Received-SPF: pass (google.com: domain of wikiquote-l-bounces@lists.wikimedia.org designates 208.80.154.75 as permitted sender) client-ip=208.80.154.75;

Do we need to install spf-tools-perl and set CHECK_RCPT_SPF=true in https://phabricator.wikimedia.org/diffusion/OPUP/browse/production/modules/role/templates/exim/exim4.conf.mx.erb ?
https://wiki.debian.org/Exim#SPF_filtering

Apr 7 2017, 8:09 PM · Security, Operations, Mail, Wikimedia-Mailing-lists
grin added a comment to T160529: Sender email spoofing.

Dropping/autorejecting email with matching header
​X-Spam-Score: .+\+\+\+\+\+
(which is above spam scrote 5.00) probably helps a lot.

That's not something someone in my position can do since the email never goes through the legitimate (i.e. SPF authorised) server. It goes straight to WMF's server who send it out to list members. AFAIK, from the list members email server point of view, any SPF check will pass since it's checking WMF's mailman server.

Apr 7 2017, 8:03 PM · Security, Operations, Mail, Wikimedia-Mailing-lists

Apr 6 2017

grin added a comment to T160529: Sender email spoofing.

I'll also accept suggestion for what I can do on my end.

Dropping/autorejecting email with matching header
​X-Spam-Score: .+\+\+\+\+\+
(which is above spam scrote 5.00) probably helps a lot.

Apr 6 2017, 9:00 PM · Security, Operations, Mail, Wikimedia-Mailing-lists
grin added a comment to T160529: Sender email spoofing.

Am I right to guess that we don't do (strict or else) SPF checking while we definitely should? Exim can handle SPF just fine alone, as well as spamassassin.
It's also a bit weird that we let an email to go with the flow with 10+ spam points, but maybe there are hist[oe]rical reasons...

Apr 6 2017, 8:57 PM · Security, Operations, Mail, Wikimedia-Mailing-lists

Mar 29 2017

grin added a comment to T161256: multi-component wmflabs.org subdomains doesn't work under simple wildcard TLS cert.

I would expect some background check from you before answering. Let me do it then. HTTP/2 support by browser versions:

Some of these are pretty recent versions. I don't really agree your optimism about coverage.

I believe @MaxSem was referring to MediaWiki official level of support for various internet browsers (see https://www.mediawiki.org/wiki/Compatibility) rather than browsers support levels for HTTP/2 processing.

Mar 29 2017, 10:13 AM · cloud-services-team (Kanban), Operations, Traffic, Maps, Cloud-VPS, DNS

Mar 28 2017

grin added a comment to T161256: multi-component wmflabs.org subdomains doesn't work under simple wildcard TLS cert.

The only valid use for labs is WMF projects,

Mar 28 2017, 7:55 PM · cloud-services-team (Kanban), Operations, Traffic, Maps, Cloud-VPS, DNS

Mar 27 2017

grin added a comment to T161256: multi-component wmflabs.org subdomains doesn't work under simple wildcard TLS cert.

Now, in the time of HTTP/2.0 over TLS, there are modern pipelining techniques that render multiple domains not needed.

Just don't forget that we're talking about the Real World™, where Internet Exploder v5.0 is still reality. Not that I say I want to support that but SPDY/HTTP2 isn't that ubiquitous and older clients may well hit rate limits hard.
People with godmode flags may check how many requests are and are not using HTTP2, and help to make informed decisions.

Mar 27 2017, 9:29 AM · cloud-services-team (Kanban), Operations, Traffic, Maps, Cloud-VPS, DNS

Mar 23 2017

grin created T161256: multi-component wmflabs.org subdomains doesn't work under simple wildcard TLS cert.
Mar 23 2017, 9:28 PM · cloud-services-team (Kanban), Operations, Traffic, Maps, Cloud-VPS, DNS

Nov 18 2016

grin added a comment to T141815: Define tile usage policy.

Thanks for the reminder, I've got a word back from MQ, and they said, that in 2014 MapQuest served 380 million Open Tiles per day, 9.3 million Open geocodes per day, and 38 million Open reverse geocodes per day (these numbers were readily available).

Nov 18 2016, 2:39 PM · Operations, WMF-Legal, Maps-Sprint, Maps, Discovery
grin added a comment to T150421: Provide a sender email address alias for use in Special:Emailuser (aka 2-way email relay).

Whenever I had to do such a service it's getting done by a really simple mailforwarder. Every user have a hashed mailbox, say, u8ee7d5a0@private.wikipedia.org (and even the hash could be generated from the account name and not from the email, if one's worrying about deniability), do not even have to be created as it may be generated on the fly. Outbound email uses this sender, and all replies get processed and forwarded to the user's real email address. In theory I can do this for you if you have a spare CT/VM with access to user email addresses (or a copy of it) and have a net connection.

Nov 18 2016, 11:34 AM · Anti-Harassment, Privacy, Trust-and-Safety, Mail, MediaWiki-Email

Nov 17 2016

grin created T150966: Unhandled exception "syntax error, unexpected @, expecting $end" when search string contains @.
Nov 17 2016, 5:00 PM · Phabricator (2017-01-25)

Nov 8 2016

grin added a comment to T141815: Define tile usage policy.

Another sidenote: this decision should have a good visibility to the people planning server resources.
And I try to ask around MapQuest what traffic levels did they observe before throwing it in.

Nov 8 2016, 7:34 AM · Operations, WMF-Legal, Maps-Sprint, Maps, Discovery

Nov 7 2016

grin added a comment to T141815: Define tile usage policy.

@debt: as @BBlack pointed out in the start of this thread, we tend to have a fairly liberal view on who can reuse our content / services

Nov 7 2016, 6:40 PM · Operations, WMF-Legal, Maps-Sprint, Maps, Discovery

Oct 14 2016

grin added a comment to T146391: eeden ethernet outage.

The time the link went away has there been any VRRP change?

Oct 14 2016, 1:18 PM · Operations, ops-esams, netops, DNS, Traffic

Oct 7 2016

grin added a comment to T146968: OTRS spam classification methods and systems.

Now, I can't say anything definite given the relevant servers are operated by the WMF, so I suppose only they'd be able to provide perfectly up-to-date information,

Oct 7 2016, 2:23 PM · Operations, OTRS, Mail

Oct 6 2016

hoo awarded T146967: https://grafana.wikimedia.org/dashboard/db/wikidata-api doesn't fill since 7th sep a The World Burns token.
Oct 6 2016, 6:58 PM · User-Addshore, Patch-For-Review, WMDE-Analytics-Engineering, Wikidata, Graphite

Sep 29 2016

grin added a comment to T4508: "you are blocked - don't edit" message similar to "you have new messages".

Geez, that was 11 years ago. :-P

Sep 29 2016, 8:33 AM · WorkType-NewFunctionality, MediaWiki-General
grin created T146968: OTRS spam classification methods and systems.
Sep 29 2016, 8:26 AM · Operations, OTRS, Mail
grin created T146967: https://grafana.wikimedia.org/dashboard/db/wikidata-api doesn't fill since 7th sep.
Sep 29 2016, 8:13 AM · User-Addshore, Patch-For-Review, WMDE-Analytics-Engineering, Wikidata, Graphite

Sep 27 2016

grin added a watcher for OTRS: grin.
Sep 27 2016, 10:50 AM
grin added a watcher for Mail: grin.
Sep 27 2016, 10:49 AM

Sep 23 2016

grin added a comment to T146391: eeden ethernet outage.

(testing lurking on phabricator made me see this ;-))
my 2'cents: since defgw was not pingable I'd check (apart from arp) irqs on the machine, I suspect you've checked that there was nothing in syslog saying stuck ethernet rings or device. if it was on v6 the gw may play tricks but it's usually doesn't happen on static v4 configs.
as a sidenote this also happen on cabling problems when only one wire is faulty (no link loss but loss of one direction), usually happens when someone's fiddling around. switch hardly can say anything useful, much more helpful would be the counters on the machine eth.
sorry for chiming in. :-)

Sep 23 2016, 5:58 AM · Operations, ops-esams, netops, DNS, Traffic

Sep 14 2016

grin added a comment to T144508: Point wikipedia.in to 205.147.101.160 instead of URL forward.
Sep 14 2016, 1:50 PM · Domains, WMF-Legal, DNS, Traffic, Operations

Sep 9 2016

grin added a comment to T144508: Point wikipedia.in to 205.147.101.160 instead of URL forward.

I respectfully disagree with most of the points, but as it's been said before: I have noted that the topic should be considered complex in case of a decision should be reached.

Sep 9 2016, 7:06 AM · Domains, WMF-Legal, DNS, Traffic, Operations

Sep 2 2016

grin added a comment to T144508: Point wikipedia.in to 205.147.101.160 instead of URL forward.

@BBlack thanks for the detailed reply. I try not to talk apart this task, so I try hard to be brief.

Sep 2 2016, 3:03 PM · Domains, WMF-Legal, DNS, Traffic, Operations
grin added a comment to T144508: Point wikipedia.in to 205.147.101.160 instead of URL forward.
Sep 2 2016, 10:22 AM · Domains, WMF-Legal, DNS, Traffic, Operations

Aug 26 2016

grin added a watcher for DNS: grin.
Aug 26 2016, 11:27 PM

Apr 12 2016

Restricted Application updated subscribers of T45665: Spam filter not filtering majority of spam to Junk folder.
Apr 12 2016, 7:38 PM · Operations, OTRS

Sep 30 2015

grin added a comment to T101051: Migrate AWB away from SourceForge?.

As a sidenote: migrating all the eggs of the whole world into one basket of github seem to be a bad long-term strategy. I'd say doing it independently should be preferred.

Sep 30 2015, 1:46 PM · AutoWikiBrowser