Page MenuHomePhabricator

suffusion_of_yellow (Suffusion of Yellow)
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Monday

  • Clear sailing ahead.

User Details

User Since
Oct 15 2018, 6:19 PM (75 w, 4 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
Suffusion of Yellow [ Global Accounts ]

Recent Activity

Feb 13 2020

suffusion_of_yellow added a comment to T245094: Abusefilter: restricted action blockautopromotion is available, shouldn't be.

It looks like the only actions that are disabled by default are block, rangeblock, and degroup. The reason blockautopromote is available on enwiki is that no one's ever explicitly disabled it with $wgAbuseFilterActions['blockautopromote'] = false;, yes? The question is, do we need "community consenus" to get that line added, given that AFAIK no one has used that option in years on enwiki?

Feb 13 2020, 2:31 AM · AbuseFilter, Security, User-DannyS712, Security-Team

Jan 29 2020

suffusion_of_yellow added a comment to T240976: Mobile "new messages" notification should be more intrusive by default.

Marking this as low priority for now. @suffusion_of_yellow - could you expand a bit on why you think that the red circle is not a good enough indicator? I agree that we are most definitely not a social media site, but regardless I think it's an effective way to notify.

Jan 29 2020, 7:15 PM · Readers-Web-Backlog, MobileFrontend

Jan 12 2020

suffusion_of_yellow renamed T242558: LogicException when parsing section with list-defined references from LogicException when previewing section with list-defined references to LogicException when parsing section with list-defined references.
Jan 12 2020, 11:32 PM · Cite
suffusion_of_yellow created T242558: LogicException when parsing section with list-defined references.
Jan 12 2020, 11:18 PM · Cite

Dec 18 2019

suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

@suffusion_of_yellow regarding "range talk", lets assume for a moment that it did exist - how would you expect notification/clearing of such a notification to function?

Dec 18 2019, 8:13 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

I'm curious how high the rate of IP users is that are not ignoring "their" talk page. Especially if they don't have a static IP. (Anybody having any numbers?)

Dec 18 2019, 6:10 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

@ovasileva: Why was this one marked low priority? I understand that people might disagree with me about T240976, and I'll respond to your question there later, but this one's a big deal. We literally have no way whatsoever to initiate a discussion with logged-out mobile users. Worse, we think we're talking to them.

Dec 18 2019, 5:30 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)

Dec 17 2019

suffusion_of_yellow added a project to T240976: Mobile "new messages" notification should be more intrusive by default: MobileFrontend.
Dec 17 2019, 5:46 PM · Readers-Web-Backlog, MobileFrontend
suffusion_of_yellow created T240976: Mobile "new messages" notification should be more intrusive by default.
Dec 17 2019, 5:44 PM · Readers-Web-Backlog, MobileFrontend
suffusion_of_yellow renamed T240889: Mobile IP editors not given any indication that they have new messages from Logged-out mobile editors not given any indication that they have new messages to Mobile IP editors not given any indication that they have new messages.
Dec 17 2019, 5:09 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)
suffusion_of_yellow renamed T240889: Mobile IP editors not given any indication that they have new messages from Mobile editors not shown new messages banner to Logged-out mobile editors not given any indication that they have new messages.
Dec 17 2019, 5:08 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

@Xaosflux: Thanks! I consider the IP issue a high priority problem, the logged-in issue less so. I had assumed that the goal had been to deliver the banner to all users, in one form or another (as on desktop), and a simple bug was preventing the display. Now that I know that part of this is intentional, I will split the task.

Dec 17 2019, 5:04 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)
suffusion_of_yellow updated the task description for T240889: Mobile IP editors not given any indication that they have new messages.
Dec 17 2019, 5:38 AM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

@Ammarpad: I only see the red circle when I'm logged in. I see no indication of any kind that there is a message, when logged out. Do you?

Dec 17 2019, 5:38 AM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)

Dec 16 2019

suffusion_of_yellow created T240907: Block message does not transclude template for mobile editors when Reason field includes a template.
Dec 16 2019, 9:55 PM · MediaWiki-User-management, Mobile
suffusion_of_yellow updated the task description for T240889: Mobile IP editors not given any indication that they have new messages.
Dec 16 2019, 9:32 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

If this ticket is about the lack of a "You have new messages" banner in the mobile interface for logged out users, then I do not see any bug here. Not sure as the steps are confusing and don't explicitly list an expected and an actual outcome, and if that was in mobile or desktop or in that one window or that other window.

Dec 16 2019, 8:09 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

@suffusion_of_yellow: Is one of these browser windows in private mode, or not?

Dec 16 2019, 8:05 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)
suffusion_of_yellow updated the task description for T240889: Mobile IP editors not given any indication that they have new messages.
Dec 16 2019, 7:28 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)
suffusion_of_yellow created T240889: Mobile IP editors not given any indication that they have new messages.
Dec 16 2019, 7:25 PM · Notifications, MobileFrontend, Growth-Team, Readers-Web-Backlog (Design)

Dec 14 2019

suffusion_of_yellow added a comment to T240115: Some filter hits have old_wikitext === new_wikitext.

Certainly seems resolved on enwiki. I re-enabled the filter in the task, and there were no hits in about a day. Thanks!

Dec 14 2019, 5:29 PM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Core Platform Team, AbuseFilter

Dec 13 2019

suffusion_of_yellow added a comment to T240487: XSS in MinervaNeue skin (CVE-2019-19910).

It's a good default to try to find and test vulnerabilities like this locally, but again, sometimes that's just incredibly inconvenient or even impossible and so discreet testing somewhere like the testwikis becomes the only viable option to fixing these vulnerabilities.

Dec 13 2019, 7:37 PM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS
Jdlrobson awarded T240487: XSS in MinervaNeue skin (CVE-2019-19910) a Like token.
Dec 13 2019, 7:34 PM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS
suffusion_of_yellow added a comment to T240487: XSS in MinervaNeue skin (CVE-2019-19910).

How do I find out if an XSS impacts production? I don't want to save anything like that on testwiki, even if I delete it one minute later.
Anyhoo, this page works for me even with $wgFragmentMode = [ 'html5', 'legacy' ];:

Dec 13 2019, 5:56 AM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS

Dec 11 2019

suffusion_of_yellow added a project to T240502: Raw HTML in MobileFrontend: MobileFrontend.
Dec 11 2019, 8:35 PM · Security, Readers-Web-Backlog (Kanbanana-2019-20-Q3), MobileFrontend
suffusion_of_yellow created T240502: Raw HTML in MobileFrontend.
Dec 11 2019, 8:32 PM · Security, Readers-Web-Backlog (Kanbanana-2019-20-Q3), MobileFrontend
suffusion_of_yellow added a project to T240487: XSS in MinervaNeue skin (CVE-2019-19910): MobileFrontend.
Dec 11 2019, 6:43 PM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS
suffusion_of_yellow added a comment to T240487: XSS in MinervaNeue skin (CVE-2019-19910).
Dec 11 2019, 6:41 PM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS
suffusion_of_yellow added a comment to T240487: XSS in MinervaNeue skin (CVE-2019-19910).

User-agent Mozilla/5.0 (X11; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
MediaWiki 1.35.0-alpha (fdfa0e9)
MobileFrontend 2.1.0 (a812ef8)

Dec 11 2019, 6:40 PM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS
suffusion_of_yellow created T240487: XSS in MinervaNeue skin (CVE-2019-19910).
Dec 11 2019, 6:40 PM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS

Dec 9 2019

suffusion_of_yellow added a comment to T240115: Some filter hits have old_wikitext === new_wikitext.

Haven't tried to set up the 2017 editor locally. That means installing VE first, yes?

Dec 9 2019, 11:29 PM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Core Platform Team, AbuseFilter
suffusion_of_yellow added a comment to T240115: Some filter hits have old_wikitext === new_wikitext.

Could varnish be doing something with the line endings? I'm in the US, so we are probably connecting to different datacenters.

Dec 9 2019, 6:50 PM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Core Platform Team, AbuseFilter
suffusion_of_yellow added a comment to T240115: Some filter hits have old_wikitext === new_wikitext.

User agent: Mozilla/5.0 (X11; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0

Dec 9 2019, 5:05 PM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Core Platform Team, AbuseFilter

Dec 8 2019

suffusion_of_yellow added a comment to T240115: Some filter hits have old_wikitext === new_wikitext.

I just realized that almost all of those edits were saved, and _lines variables are just unavailable.

Dec 8 2019, 7:10 PM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Core Platform Team, AbuseFilter
suffusion_of_yellow added a comment to T240115: Some filter hits have old_wikitext === new_wikitext.

Reproduced on testwiki, again with the 2017 editor: See https://test.wikipedia.org/wiki/Special:AbuseLog/55835. The some content triggered this on enwiki; see https://en.wikipedia.org/wiki/Special:AbuseLog/25537680.

Dec 8 2019, 6:57 PM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Core Platform Team, AbuseFilter
suffusion_of_yellow added a project to T240115: Some filter hits have old_wikitext === new_wikitext: AbuseFilter.
Dec 8 2019, 6:00 PM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Core Platform Team, AbuseFilter
suffusion_of_yellow created T240115: Some filter hits have old_wikitext === new_wikitext.
Dec 8 2019, 5:59 PM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Core Platform Team, AbuseFilter

Nov 15 2019

suffusion_of_yellow added a project to T238451: abusefilterchecksyntax and abusefilterevalexpression should require the same permissions: AbuseFilter.
Nov 15 2019, 9:43 PM · Security, MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), AbuseFilter
suffusion_of_yellow created T238451: abusefilterchecksyntax and abusefilterevalexpression should require the same permissions.
Nov 15 2019, 9:40 PM · Security, MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), AbuseFilter

Nov 14 2019

suffusion_of_yellow updated subscribers of T238270: "extendedconfirmed" sometimes missing from user_rights.
Nov 14 2019, 12:05 AM · AbuseFilter

Nov 13 2019

suffusion_of_yellow added a comment to T238270: "extendedconfirmed" sometimes missing from user_rights.

Ok, that explains 25321331. I also don't see tboverride in user_rights, so it looks like GorillaWarfare didn't grant Huggle editprotected rights. This can probably be closed as invalid, but 'll leave that to Daimona.

Nov 13 2019, 11:59 PM · AbuseFilter
suffusion_of_yellow added a comment to T238270: "extendedconfirmed" sometimes missing from user_rights.

@JJMC89: That makes sense, in theory. But is it really impossible to edit EC-protected pages from Huggle? If not, EC should still be part of the rights.

Nov 13 2019, 10:26 PM · AbuseFilter
suffusion_of_yellow added a comment to T238270: "extendedconfirmed" sometimes missing from user_rights.

Original discussion here (PermaLink).

Nov 13 2019, 10:13 PM · AbuseFilter
suffusion_of_yellow created T238270: "extendedconfirmed" sometimes missing from user_rights.
Nov 13 2019, 10:00 PM · AbuseFilter

Nov 10 2019

suffusion_of_yellow added a comment to T237887: Old public versions of private filters are publicly viewable (CVE-2019-18987).

@Urbanecm: That was quick! Your commit message says users can "view any version of any filter", but the problem isn't that severe. Only old public versions are visible, which is only a problem when filter managers tick the wrong box. At least, I get an error for:

Nov 10 2019, 10:31 PM · Security, MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), User-Urbanecm, AbuseFilter
suffusion_of_yellow updated subscribers of T237887: Old public versions of private filters are publicly viewable (CVE-2019-18987).
Nov 10 2019, 9:15 PM · Security, MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), User-Urbanecm, AbuseFilter
suffusion_of_yellow added a project to T237887: Old public versions of private filters are publicly viewable (CVE-2019-18987): AbuseFilter.
Nov 10 2019, 9:14 PM · Security, MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), User-Urbanecm, AbuseFilter
suffusion_of_yellow created T237887: Old public versions of private filters are publicly viewable (CVE-2019-18987).
Nov 10 2019, 9:14 PM · Security, MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), User-Urbanecm, AbuseFilter

Jul 11 2019

suffusion_of_yellow added a comment to T227733: Draft: Masking IP addresses for increased privacy.

This change could actually reduce the privacy of registered users. If "privileged user" means CheckUser, this will require massively increasing the number of CheckUsers needed to deal with routine day-to-day vandalism. A compromised (or rogue) CheckUser account is a disaster, so the privacy of registered users depends on keeping the number of such accounts as low as possible.

Jul 11 2019, 4:21 PM · Core Platform Team Workboards (Initiatives), Privacy Engineering, Privacy, MediaWiki-User-management, Anti-Harassment

Jun 26 2019

suffusion_of_yellow reopened T226503: [Regression wmf.10] Notification icons in the personal toolbar don't appear when using Monobook as "Open".
Jun 26 2019, 12:02 AM · MW-1.34-notes (1.34.0-wmf.13; 2019-07-09), User-MarcoAurelio, Growth-Team, Notifications, Regression, MonoBook
suffusion_of_yellow added a comment to T226503: [Regression wmf.10] Notification icons in the personal toolbar don't appear when using Monobook.

@Catrope: Now, in multiple browsers, document.body.scrollWidth > 10000 in MonoBook, producing a huge amount of empty space to the right of the content. Seemed to start with this fix.

Jun 26 2019, 12:01 AM · MW-1.34-notes (1.34.0-wmf.13; 2019-07-09), User-MarcoAurelio, Growth-Team, Notifications, Regression, MonoBook

May 15 2019

suffusion_of_yellow added a comment to T223023: Switching from source to visual editing in mobile web removes all other sections.

@matmarex: Also tried in my sandbox, and it seems to work! And based on the latest data (created by piping variable dumps from an existing abuse filter to a throwaway Perl script), the problem seems to have stopped for everyone else.

May 15 2019, 12:30 AM · MW-1.34-notes (1.34.0-wmf.4; 2019-05-07), VisualEditor (Current work), VisualEditor-MediaWiki-Mobile, MobileFrontend, Section Editing

May 14 2019

suffusion_of_yellow updated the task description for T223195: Invalid IPv6 URL on page causes all non-autoconfirmed edits to trigger CAPTCHA.
May 14 2019, 5:40 AM · ConfirmEdit (CAPTCHA extension)
suffusion_of_yellow created T223195: Invalid IPv6 URL on page causes all non-autoconfirmed edits to trigger CAPTCHA.
May 14 2019, 5:38 AM · ConfirmEdit (CAPTCHA extension)

May 13 2019

suffusion_of_yellow added a comment to T223023: Switching from source to visual editing in mobile web removes all other sections.

Based on this extract from one of our section-blanking filters, it looks like this problem started on around 9 May, and is happening about 40 times per day on enwiki.

May 13 2019, 12:49 AM · MW-1.34-notes (1.34.0-wmf.4; 2019-05-07), VisualEditor (Current work), VisualEditor-MediaWiki-Mobile, MobileFrontend, Section Editing

Jan 15 2019

suffusion_of_yellow added a comment to T213763: Session failure warning message ('sessionfailure') still gives bad advice.

In principle, you should only get the session failure error if your token doesn't match your cookie, or if the request was missing some fields. In the event you have cookies disabled you should get a different error message. (I have not tested this myself - perhaps this code is broken and giving the wrong error message)

Jan 15 2019, 11:46 PM · Patch-For-Review, MediaWiki-Interface

Nov 24 2018

suffusion_of_yellow added a comment to T210329: CheckUsers have unlogged access to IP addresses via the AbuseFilter API.

A very quick fix would be to restore the status quo, and temporarily remove the abusefilter-private right from all CheckUsers.

Nov 24 2018, 7:33 PM · Security, MW-1.34-notes (1.34.0-wmf.20; 2019-08-27), MW-1.33-notes (1.33.0-wmf.8; 2018-12-11), Privacy, AbuseFilter
suffusion_of_yellow added a project to T210329: CheckUsers have unlogged access to IP addresses via the AbuseFilter API: AbuseFilter.
Nov 24 2018, 6:37 PM · Security, MW-1.34-notes (1.34.0-wmf.20; 2019-08-27), MW-1.33-notes (1.33.0-wmf.8; 2018-12-11), Privacy, AbuseFilter
suffusion_of_yellow updated subscribers of T210329: CheckUsers have unlogged access to IP addresses via the AbuseFilter API.
Nov 24 2018, 6:35 PM · Security, MW-1.34-notes (1.34.0-wmf.20; 2019-08-27), MW-1.33-notes (1.33.0-wmf.8; 2018-12-11), Privacy, AbuseFilter
suffusion_of_yellow created T210329: CheckUsers have unlogged access to IP addresses via the AbuseFilter API.
Nov 24 2018, 6:34 PM · Security, MW-1.34-notes (1.34.0-wmf.20; 2019-08-27), MW-1.33-notes (1.33.0-wmf.8; 2018-12-11), Privacy, AbuseFilter

Oct 18 2018

suffusion_of_yellow added a comment to T110329: Disable some parts of the editing interface from IPs and newbies because we don't trust them to use them correctly.

en wiki (https://en.wikipedia.org/w/index.php?title=Wikipedia:Edit_filter_noticeboard&oldid=864548831#VisualEditor) has created an edit filter to stop the rampant misuse of indexing in user space, that upon review we think is from this tool.

Do you have evidence of that, or is it a guess?
It would be relatively straightforward to figure that out, by seeing how many of the edits that add the magic word have the "Visual edit" tag on them.

Oct 18 2018, 9:30 PM · VisualEditor-MediaWiki, VisualEditor