Page MenuHomePhabricator

tstarling (Tim Starling)
UserAdministrator

Projects (19)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Oct 15 2014, 8:27 PM (275 w, 1 d)
Roles
Administrator
Availability
Available
LDAP User
Tim Starling
MediaWiki User
Tim Starling (WMF) [ Global Accounts ]

Recent Activity

Yesterday

tstarling added a comment to T243051: A query builder for MediaWiki core.

In a meeting, @daniel convinced me that there's not much to gain by making SelectQueryBuilder be a value object as opposed to having IDatabase act as a factory. It's likely that anything that constructs a SelectQueryBuilder will also need access to an IDatabase, at least for addQuotes(). If IDatabase is a factory, then SelectQueryBuilder can potentially be extended in future with expression builder functions that depend on addQuotes() etc.

Thu, Jan 23, 10:54 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, MediaWiki-General

Tue, Jan 21

tstarling added a comment to T243051: A query builder for MediaWiki core.

Is it easier to accept a context-sensitive useIndex() function if you consider it to be effectively appending to a query string?

Tue, Jan 21, 3:10 AM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, MediaWiki-General
tstarling added a comment to T243051: A query builder for MediaWiki core.

I like the "fluent" style for builders in general, for something like $builder->select(...)->from( ... )->where( ... ). In fact, because of this, I'd prefer from over tables (or maybe support both).

Tue, Jan 21, 12:29 AM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, MediaWiki-General

Mon, Jan 20

tstarling added a comment to T243051: A query builder for MediaWiki core.

A goal I have is to try to put table options close to the tables they serve. So far, I have formal parameters:

Mon, Jan 20, 5:58 AM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, MediaWiki-General
tstarling added a comment to T243051: A query builder for MediaWiki core.

We could always have an interface that returns a partially filled SelectQueryBuilder, with empty conditions. I'm not sure if it's worth worrying about right now. The low hanging fruit is one-off queries that aren't part of any larger query building system, and direct callers of Database::select() like QueryPage::reallyDoQuery(). I mentioned getQueryInfo() because it's a good analogy, I'm not planning to get rid of it immediately. The point of introducing SelectQueryBuilder is to split a useful concept out of ApiQueryBase so that it can be used in pure backends.

Mon, Jan 20, 1:13 AM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, MediaWiki-General

Fri, Jan 17

tstarling created T243051: A query builder for MediaWiki core.
Fri, Jan 17, 4:25 AM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, MediaWiki-General

Wed, Jan 15

tstarling added a comment to T240884: Standalone service to evaluate user-provided regular expressions.

There is https://pecl.php.net/package/re2 . It was written for PHP 5 and was never updated after its initial release in 2011, but we have the skills to update it for PHP 7 and review it for security. If we believe in RE2 then we shouldn't be afraid to invest in it.

Wed, Jan 15, 9:54 PM · User-Addshore, TechCom-RFC, Wikidata

Wed, Jan 8

tstarling added a comment to T240307: Hook container with strong types and DI.

Task description edit: I came up with a pretty neat and simple hook deprecation system, slightly different to what I proposed in the comment above. See what you think. It doesn't need core to be aware of the deprecation chain, it just needs a list of deprecated hooks.

Wed, Jan 8, 5:09 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling updated the task description for T240307: Hook container with strong types and DI.
Wed, Jan 8, 5:07 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling added a comment to T240307: Hook container with strong types and DI.

Task description edit: remove the term "listener" and move hook interfaces into the namespace of the caller.

Wed, Jan 8, 4:50 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling updated the task description for T240307: Hook container with strong types and DI.
Wed, Jan 8, 4:49 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team

Tue, Jan 7

tstarling added a comment to T240307: Hook container with strong types and DI.

One thing I don't quite see is why we still need hooks names, other than the names of the associated interfaces. This seems redundant and prone to inconsistencies. For legacy hook, there could be an aliasing mechanism by which extra names for a hook can be registered, which then get mapped to the name of an interface.

Tue, Jan 7, 4:18 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team

Dec 17 2019

tstarling added a comment to T240307: Hook container with strong types and DI.
public function onMyOldHook() {
    if ( interface_exists( MyNewHook::class ) ) {
        return; // new hook interface exists, assume it was/will be called
    }
    // hook logic goes here
}
Dec 17 2019, 6:29 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team

Dec 16 2019

MGChecker awarded T240307: Hook container with strong types and DI a Like token.
Dec 16 2019, 2:39 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling updated the task description for T240307: Hook container with strong types and DI.
Dec 16 2019, 12:25 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team

Dec 12 2019

tstarling added a comment to T239724: Fatal error: "Object does not support method calls" (from MemcachedPeclBagOStuff).

Are those all happening on requests that are timing out (and killed as a result)?
If some of these fatals happen when timeouts aren't involved, then I think it's an entirely different diagnosis and a more general problem than just timeouts.

Dec 12 2019, 6:50 PM · Core Platform Team Workboards (Architecture Review Workboard), Performance-Team, MediaWiki-Cache, Wikimedia-production-error
tstarling added a comment to T187154: Performance regression from Apcu/ExtensionRegistry::loadFromQueue on PHP7.

apcu_fetch() copies the data out of shared memory instead of referring to it. So it's slower than opcache or HHVM's APC. Large arrays are especially slow since allocator calls are needed for each array element.

Dec 12 2019, 4:01 PM · Core Platform Team Workboards (Clinic Duty Team), PHP 7.2 support, Release-Engineering-Team-TODO, Performance-Team (Radar)
tstarling added a comment to T239724: Fatal error: "Object does not support method calls" (from MemcachedPeclBagOStuff).

My running theory is that the interrupt opportunity used by our php-excimer extension is not cleanly occurring between two PHP statements, nor cleanly between two parts of a fluent call chain in PHP.

Dec 12 2019, 1:33 AM · Core Platform Team Workboards (Architecture Review Workboard), Performance-Team, MediaWiki-Cache, Wikimedia-production-error
apaskulin awarded T240307: Hook container with strong types and DI a Like token.
Dec 12 2019, 12:49 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team

Dec 11 2019

tstarling claimed T237618: Amendments to the Gerrit Privilege policy.
Dec 11 2019, 9:09 PM · TechCom
daniel awarded T240307: Hook container with strong types and DI a Love token.
Dec 11 2019, 7:02 PM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
Daimona awarded T240307: Hook container with strong types and DI a Like token.
Dec 11 2019, 6:23 PM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
TK-999 awarded T240307: Hook container with strong types and DI a Yellow Medal token.
Dec 11 2019, 6:08 PM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling added a comment to T240307: Hook container with strong types and DI.

It's true that the performance implications would be concerning if the plan was to migrate all extension hook classes to use DI without splitting them up. I think existing massive hook classes in extensions could initially continue to use MediaWikiServices::getInstance() but switch from static functions to non-static functions with interfaces. That way, they get documentation and strong typing, they just don't get DI for now.

Dec 11 2019, 6:06 PM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team

Dec 10 2019

tstarling added a comment to T240307: Hook container with strong types and DI.
  • The idea of sharing a single hook container in extension with multiple hook callbacks seems fine at first, but it's not clear to me why we want to encourage this. In particular, I think this has worked out somewhat negatively in the Wikibase-family of extensions. Their hook singletons are too monolithic and closely coupled. It makes the code hard to maintain, and (more to my own interest) creates a performance nightmare in that to invoke any hook, you end up constructing an expensive tree of services for all dependencies of all hooks. See T177311 and T160678 for examples of this.
Dec 10 2019, 10:32 PM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling added a comment to T240307: Hook container with strong types and DI.

That change weakened the rationale for having a centralized HookRunner class for all core hooks, do you think I should reconsider that?

Dec 10 2019, 5:31 PM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling updated the task description for T240307: Hook container with strong types and DI.
Dec 10 2019, 5:29 PM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling added a comment to T240307: Hook container with strong types and DI.

I note that for cases where ExtensionFoo wants to add a listener for a hook from ExtensionBar but also wants to maintain the ability to be used when ExtensionBar is not installed, it will need to register a separate listener just for ExtensionBar's hooks because the requisite interfaces won't be available when ExtensionBar is not available.

Dec 10 2019, 5:27 PM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
Bawolff awarded T240307: Hook container with strong types and DI a Like token.
Dec 10 2019, 5:28 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling updated the task description for T240307: Hook container with strong types and DI.
Dec 10 2019, 5:25 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling updated the task description for T240307: Hook container with strong types and DI.
Dec 10 2019, 5:23 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team
tstarling created T240307: Hook container with strong types and DI.
Dec 10 2019, 5:07 AM · TechCom-RFC (TechCom-Approved), User-Daniel, Core Platform Team

Dec 6 2019

tstarling created T239975: Complete WikiPage/Article split and deprecate Page interface.
Dec 6 2019, 6:53 AM · Core Platform Team Workboards (Architecture Review Workboard), MediaWiki-General

Dec 4 2019

Njk awarded T214998: Remove .m. subdomain, serve mobile and desktop variants through the same URL a Like token.
Dec 4 2019, 2:56 PM · TechCom-RFC, Readers-Web-Backlog (Tracking), Traffic, Operations, MobileFrontend
Darylgolden awarded T214998: Remove .m. subdomain, serve mobile and desktop variants through the same URL a Like token.
Dec 4 2019, 2:48 PM · TechCom-RFC, Readers-Web-Backlog (Tracking), Traffic, Operations, MobileFrontend
tstarling added a comment to T237101: Grant +2 on mediawiki and extensions to Rosalie Perside (WMDE).

I mean, you could just directly contact your local friendly Gerrit admin. If that admin is me, I don't really need a task, I'm happy to just act on an email or IRC message, as I did in this case. For other administrators, whether a task is needed would depend on their workflow. In Gerrit-Privilege-Requests we now have a workboard in which you can flag tasks as being ready for administrator action. That would probably be a good workflow for this project as well. But for onboarding, it's potentially slow.

Dec 4 2019, 3:39 AM · MediaWiki-Gerrit-Group-Requests

Dec 3 2019

tstarling closed T237101: Grant +2 on mediawiki and extensions to Rosalie Perside (WMDE) as Resolved.

Done. Note that the "expedited process" states that it is not necessary to file a Phabricator task. I would not recommend filing a task.

Dec 3 2019, 11:16 PM · MediaWiki-Gerrit-Group-Requests
tstarling added a comment to T239666: RESTBase requests to Parsoid/PHP that contain a "." in the title (without a /<revid> component) fail with a http 403.

VisualEditor logs the failure response from RESTBase, e.g. https://logstash.wikimedia.org/app/kibana#/doc/logstash-*/logstash-mediawiki-2019.12.03/mediawiki?id=AW7JwbdXKWrIH1QRemDK&_g=h@44136fa

Dec 3 2019, 3:24 AM · MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), User-Ryasmeen, RESTBase, VisualEditor, Parsoid
tstarling added a comment to T237604: Record per-server power usage.

I've some concerns to proceed with this. In our experience the BMCs are not that stable and an excessive interaction with them seems to aggravate the situation, statistically causing more BMCs to become unresponsive and requiring a reset.
For this reason we've kept to a minimum our checks of BMCs and I'd rather not add something that query the BMC so often.

Dec 3 2019, 2:39 AM · observability

Nov 28 2019

tstarling added a comment to T239448: MMV close button fails to restore scroll in Firefox.

As I wrote on Gerrit, the proposed fix may not be ideal: delaying the scroll causes visual flicker even in browsers unaffected by the bug, and the time before scroll may need to be very long to be reliable.

Nov 28 2019, 11:15 PM · Patch-For-Review, MediaViewer
tstarling created T239448: MMV close button fails to restore scroll in Firefox.
Nov 28 2019, 10:54 PM · Patch-For-Review, MediaViewer
tstarling added a comment to T236963: Deploy version 1.10.0 of wikidiff2 to production.

keys.txt only has my 2008 and 2009 keys, since that's when I was doing MediaWiki releases.

Nov 28 2019, 2:05 AM · serviceops, Operations, wikidiff2, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling added a comment to T236963: Deploy version 1.10.0 of wikidiff2 to production.

@tstarling is the gpg key that you used to sign that release available anywhere? https://www.mediawiki.org/keys/keys.txt still has your old ones. I'm currently not able to verify the release to update it in Debian.

Nov 28 2019, 1:55 AM · serviceops, Operations, wikidiff2, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling added a comment to T237618: Amendments to the Gerrit Privilege policy.

I strongly disagree with the idea of forking an extension just because the sole maintainer went away. That's not how open source projects are meant to work. The open source license grants the rights to continue to work on a project. I think the MediaWiki community in general owns MediaWiki extensions and should not need permission from the original author to continue work. The idea of a "chain of trust" is the exact thing I was arguing against when I made the new Gerrit privilege policy, since I don't trust existing maintainers to properly review the bona fide status of proposed new developers.

Nov 28 2019, 1:21 AM · TechCom
tstarling added a comment to T230848: Reader gets file description.

Invalid file extension found in the path info or query string.

Nov 28 2019, 1:13 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)

Nov 26 2019

tstarling added a comment to T232563: Drop IE6 and IE7 basic compatibility and security support.

I'll reply to @AlexisJazz by private email.

Nov 26 2019, 1:10 AM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Patch-For-Review, MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General

Nov 25 2019

tstarling added a comment to T57332: Sanitizer::checkCss blacklist can be bypassed using vertical tab (ASCII 11).

In the course of backing out these changes for T232563, I confirmed the full-width, superscript parenthesis and S-repeat attacks against IE 6 and confirmed that they do not affect IE 8.

Nov 25 2019, 1:59 AM · Security, MediaWiki-Parser

Nov 22 2019

tstarling added a comment to T157658: Factor out a backend from EditPage.

The big unsolved question here was what to do about request context access from hooks, AbuseFilter being the most intractable example. I think the answer is to just let them call RequestContext::getMain(), without any FauxRequest. Most access to RequestContext is just for the user and IP address, which is correct for all web callers. If we need to have editing from the job queue or some other CLI request, the context user can be faked as necessary. The session manager documentation suggests using SessionManager::getSessionById() for authenticated jobs.

Nov 22 2019, 5:49 AM · Core Platform Team, MediaWiki-Page-editing

Nov 21 2019

tstarling added a comment to T238849: Post switchover to Parsoid/PHP on private wikis, VE edit saves on officewiki responded with a HTTP 412.

Yes, looks correct to me. Ignoring an If-Match header is not compliant with RFC 7232: "An origin server that receives an If-Match header field MUST evaluate the condition prior to performing the method." If If-Match support is really needed for correctness, a strong ETag should be used, since the only difference between a strong and a weak ETag is that a strong ETag may pass If-Match.

Nov 21 2019, 11:44 PM · User-Ryasmeen, Patch-For-Review, Parsoid-PHP, VisualEditor

Nov 20 2019

tstarling placed T114445: [RFC] Balanced templates up for grabs.
Nov 20 2019, 10:56 PM · MediaWiki-Templates, Parsing-Team, Patch-For-Review, TechCom-RFC
tstarling closed T230492: Requesting SRE permissions to create Gerrit projects under operations/debs as Resolved.

Done.

Nov 20 2019, 12:54 AM · Gerrit-Privilege-Requests
tstarling added a comment to T236963: Deploy version 1.10.0 of wikidiff2 to production.

Should be done now.

Nov 20 2019, 12:20 AM · serviceops, Operations, wikidiff2, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling added a comment to T236963: Deploy version 1.10.0 of wikidiff2 to production.

Never mind, I found https://www.mediawiki.org/wiki/Extension:Wikidiff2/Release_process

Nov 20 2019, 12:15 AM · serviceops, Operations, wikidiff2, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling added a comment to T236963: Deploy version 1.10.0 of wikidiff2 to production.

I haven't made a tarball for wikidiff2 before and I can't find any documentation of how that is meant to be done. It looks like wikidiff2 is the only PHP extension that is released in this way. I assume I just do a git archive and sign it with gpg, then upload it to releases1001:/srv/org/wikimedia/releases/wikidiff2 ? There's no other procedure to follow or script to run? I don't need to be in that wikidiff2 group because I have root.

Nov 20 2019, 12:01 AM · serviceops, Operations, wikidiff2, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)

Nov 19 2019

tstarling added a comment to T238575: Wikibase test builds failing with “ERROR: 0 is not in the dispatch table”.

In getCandidateClients(), the return value ultimately comes from IDatabase::selectFieldValues(), implying that we have some wb_changes_dispatch rows where the chd_site is actually 0. I’m not sure if that’s correct.

Nov 19 2019, 5:59 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Wikidata-Campsite (Wikidata-Campsite-Iteration-∞), Wikidata

Nov 18 2019

tstarling added a comment to T230848: Reader gets file description.

Per my previous discussion with @eprodromou , the preferred transform is a thumbnail or poster which would be displayed on the image description page, or an icon thumb if there is no other thumbnail image. To do this, you will need to duplicate some of the logic from ImagePage::openShowImage(). In particular, around line 415:

Nov 18 2019, 6:05 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T238197: mediawiki/core CI failure with test WANObjectCacheTest::testGetWithSetCallback.

PS1 of my logging change showed it failing due to worthRefreshPopular() returning true. Since the times are mocked, the chance of this happening should be a constant 1/825. To me, it seems like it's failing more often than that, like almost always. SamplingStatsdClientTest calls mt_srand(0), so maybe the exact right number of mt_rand() calls are done between SamplingStatsdClientTest and WANObjectCacheTest.

Nov 18 2019, 4:49 AM · MW-1.35-notes (1.35.0-wmf.14; 2020-01-07), MediaWiki-Core-Testing, Wikimedia-production-error (Shared Build Failure), ci-test-error, MediaWiki-General
tstarling closed T238378: Bot edit count endpoint is timing out as Resolved.

Deployed now. The link in the task description now returns quickly.

Nov 18 2019, 12:47 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), mariadb-optimizer-bug, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP), MediaWiki-REST-API
tstarling added a comment to T238378: Bot edit count endpoint is timing out.

I'm going to deploy it now.

Nov 18 2019, 12:09 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), mariadb-optimizer-bug, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP), MediaWiki-REST-API

Nov 17 2019

AlexisJazz awarded T232563: Drop IE6 and IE7 basic compatibility and security support a Like token.
Nov 17 2019, 7:22 AM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Patch-For-Review, MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General
Benjaminikuta awarded T214998: Remove .m. subdomain, serve mobile and desktop variants through the same URL a Like token.
Nov 17 2019, 4:54 AM · TechCom-RFC, Readers-Web-Backlog (Tracking), Traffic, Operations, MobileFrontend

Nov 16 2019

Darxus awarded T214998: Remove .m. subdomain, serve mobile and desktop variants through the same URL a Like token.
Nov 16 2019, 8:00 PM · TechCom-RFC, Readers-Web-Backlog (Tracking), Traffic, Operations, MobileFrontend

Nov 15 2019

tstarling added a comment to T238378: Bot edit count endpoint is timing out.

So the plot thickened when I wrote a patch and tested the resulting query in production. It was slow. So I isolated the relevant difference:

Nov 15 2019, 4:22 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), mariadb-optimizer-bug, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP), MediaWiki-REST-API
tstarling updated subscribers of T238378: Bot edit count endpoint is timing out.

I tried running this request from eval.php, but I was not patient enough to find out how long it would have taken. I killed the query after about 10 minutes. SHOW FULL PROCESSLIST before killing:

Nov 15 2019, 3:40 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), mariadb-optimizer-bug, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP), MediaWiki-REST-API
tstarling claimed T238378: Bot edit count endpoint is timing out.
Nov 15 2019, 2:29 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), mariadb-optimizer-bug, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP), MediaWiki-REST-API

Nov 14 2019

tstarling added a comment to T236930: API Developer supports different request media types.

The core REST API doesn't have a policy on the content type of the request body. ParsoidHandler is the thing assuming JSON input, core does not do content type validation. The idea was that handlers would be responsible checking the content-type and responding with a 415 if necessary. Maybe some of the logic could be factored out into a helper provided by core, but I don't think the Router should be validating the request content type before it executes the handler. We talked about that in T221177 and concluded that it opens a big can of worms.

Nov 14 2019, 11:39 PM · Patch-For-Review, Core Platform Team Workboards (Green), Story, CPT Initiatives (Parsoid REST API in PHP (CDP2)), MediaWiki-REST-API, Parsoid-PHP
tstarling updated subscribers of T236963: Deploy version 1.10.0 of wikidiff2 to production.

I've uploaded the version bump to Gerrit. I've reviewed both the changes that were merged while I was out, and the more recent ones. I think it's ready to go now. I would appreciate it if @jijiki or someone else from SRE could merge the version update and build and deploy new packages.

Nov 14 2019, 6:02 AM · serviceops, Operations, wikidiff2, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling added a comment to T234665: Add OAuth 2.0 support to MediaWiki REST API.

We'd probably need to register an "internal" consumer with the OAuth extension for it to be able to use for generating the token. We'd also have to deal with the violation of the traditional separation where MediaWiki core doesn't depend on extensions somehow, if nothing else by implementing a very minimal version of OAuth 2 for this internal consumer in core (separate from the OAuth 2 in the OAuth extension that's usable by external clients).

Nov 14 2019, 3:46 AM · Epic, Core Platform Team Workboards (Epics), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T237852: System Administrator avoids CSRF attacks on MediaWiki REST API.

Not at all, A CSRF token is to protect against cross-site request forgery, it does not contain the data necessary to authorize the request. In other words, you need the CSRF token and the Cookie header. Whereas providing an access_token is all you need with OAuth.

Nov 14 2019, 2:10 AM · Core Platform Team Workboards (Green), Security-Team, Story, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP)

Nov 13 2019

tstarling added a comment to T237852: System Administrator avoids CSRF attacks on MediaWiki REST API.

I wrote about this topic at T234665#5655122. The summary is that I think OAuth 2.0 grant_type=client_credentials can be authenticated using session cookies. From the client's point of view, fetching an access token using client_credentials and submitting it back in order to authenticate a write request is basically the same as using a CSRF token. In OAuth 2.0, there's no MAC calculation, tokens are just "bearer" tokens which are replayed back to the server without modification, so clients are much simpler to implement.

Nov 13 2019, 11:42 PM · Core Platform Team Workboards (Green), Security-Team, Story, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP)
tstarling moved T236964: Pass section headers to wikidiff2 to get section header diffs from Waiting for Review to Ready to Deploy on the Core Platform Team Workboards (Green) board.
Nov 13 2019, 1:19 AM · MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)

Nov 12 2019

tstarling added a comment to T234665: Add OAuth 2.0 support to MediaWiki REST API.
Nov 12 2019, 9:16 AM · Epic, Core Platform Team Workboards (Epics), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234666: Use OAuth 2.0 With Client Developer's Authorization.

I'm not sure I understand this. As I said at T234677#5655125, the spec says the client ID should not be used for authorization.

Nov 12 2019, 6:22 AM · Story, Core Platform Team Workboards (User Stories), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234668: Request new OAuth 2.0 client ID.

Per my comment at T234665#5655122, I think this should be done in Extension:OAuth, sharing a UI with OAuth 1.0.

Nov 12 2019, 6:19 AM · Story, Core Platform Team Workboards (User Stories), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234669: List OAuth 2.0 client IDs.

Per my comment at T234665#5655122, I think this should be done in Extension:OAuth, sharing a UI with OAuth 1.0.

Nov 12 2019, 6:19 AM · Story, Core Platform Team Workboards (User Stories), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234670: Delete OAuth 2.0 client ID.

Per my comment at T234665#5655122, I think this should be done in Extension:OAuth, sharing a UI with OAuth 1.0.

Nov 12 2019, 6:19 AM · Story, Core Platform Team Workboards (User Stories), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234677: Support Free and Open Source software API clients with OAuth 2.0.

My interpretation of RFC 6749 is that the client_id is not secret, regardless of source code license. Section 2.2 says "The client identifier is not a secret; it is exposed to the resource owner and MUST NOT be used alone for client authentication." So I'm not sure if there is any special problem we need to solve here.

Nov 12 2019, 6:14 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (OAuth 2.0)
tstarling updated subscribers of T234665: Add OAuth 2.0 support to MediaWiki REST API.

I read RFC 6749 and have some observations.

Nov 12 2019, 6:00 AM · Epic, Core Platform Team Workboards (Epics), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234975: Curator reviews an edit.

Having a compare endpoint with only one parameter would make it easier to cache. Is that how you imagine this, just the same compare endpoint but with a single revision parameter?

Nov 12 2019, 1:12 AM · Core Platform Team Workboards (User Stories), Story, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T235240: Curator reads a revision offline.

What is "bogobytes"?

Nov 12 2019, 1:08 AM · Core Platform Team Workboards (Green), Story, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP)

Nov 11 2019

tstarling moved T236964: Pass section headers to wikidiff2 to get section header diffs from Doing to Waiting for Review on the Core Platform Team Workboards (Green) board.
Nov 11 2019, 5:31 AM · MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling added a comment to T237445: Diff - alternate patch for returning byteOffsetStart objects from wikidiff2.

I renamed "title" to "heading" in the section info objects.

Nov 11 2019, 2:47 AM · iOS-app-v6.5-Squid-On-A-Tandem-Bike, Wikipedia-iOS-App-Backlog

Nov 8 2019

tstarling added a comment to T237445: Diff - alternate patch for returning byteOffsetStart objects from wikidiff2.

I've updated my change with one that bundles section offset information, it's ready for review. Sample output showing added text after a multi-line heading:

Nov 8 2019, 6:13 AM · iOS-app-v6.5-Squid-On-A-Tandem-Bike, Wikipedia-iOS-App-Backlog
tstarling added a comment to T234450: Some Special:Contributions requests cause "Error: 0" from database or WMFTimeoutException.

I think it would be interesting to try adding a per-user concurrency limit of say 2, enforced with PoolCounter. I don't think PoolCounter has been used in that way before, but I think it should work. I'm assuming the slow query times were caused by an overload, which was in turn caused by high concurrency, which seems to be the conclusion of the comments above, but I haven't verified that. I'm not sure if also adding rate limits would be useful -- a concurrency limit implicitly limits the rate. The only advantage of a rate limit would be to prevent large numbers of cheap queries, but I'm not sure if it's worth preventing that.

Nov 8 2019, 12:27 AM · MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), Patch-For-Review, User-notice, Core Platform Team Workboards (Clinic Duty Team), Vuln-DoS, Security, Performance Issue, MediaWiki-Special-pages, Wikimedia-production-error

Nov 7 2019

tstarling updated the task description for T237604: Record per-server power usage.
Nov 7 2019, 4:58 AM · observability
tstarling created T237604: Record per-server power usage.
Nov 7 2019, 4:52 AM · observability

Nov 6 2019

tstarling claimed T237555: Config change to enable MW REST API.
Nov 6 2019, 10:24 PM · Core Platform Team Workboards (Green)
tstarling updated the task description for T237555: Config change to enable MW REST API.
Nov 6 2019, 10:24 PM · Core Platform Team Workboards (Green)

Nov 5 2019

tstarling added a comment to T235572: Compose query for minor edit count.

I don't think it's appropriate to add an index for this. Indexes make INSERT queries slower, and increase the size of the database, which I think would result in a net performance reduction considering the low traffic planned for this endpoint.

Nov 5 2019, 3:43 AM · DBA, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)

Nov 4 2019

tstarling added a comment to T236964: Pass section headers to wikidiff2 to get section header diffs.

The patch linked above appears to work. The differences between the output I'm getting and your expected output file seem to be due to the fact that I haven't merged 546231 locally yet. I marked it WIP mostly because I'm unsure if this is the way we want to do it at all, per my long comment on 546231.

Nov 4 2019, 4:32 AM · MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling added a comment to T236963: Deploy version 1.10.0 of wikidiff2 to production.

I've written some comments in Gerrit. This is not ready for deployment just yet.

Nov 4 2019, 3:22 AM · serviceops, Operations, wikidiff2, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)

Nov 3 2019

tstarling created T237207: Docker image missing for php-compile-php72-docker .
Nov 3 2019, 11:37 PM · Continuous-Integration-Config, Release-Engineering-Team (CI & Testing services), Release-Engineering-Team-TODO (201911), ci-test-error

Nov 1 2019

tstarling added a comment to T236964: Pass section headers to wikidiff2 to get section header diffs.

I just want to confirm that it's OK to implement this prior to https://gerrit.wikimedia.org/r/c/mediawiki/php/wikidiff2/+/546231 being completed.

Nov 1 2019, 4:55 AM · MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling moved T236964: Pass section headers to wikidiff2 to get section header diffs from Ready to Doing on the Core Platform Team Workboards (Green) board.
Nov 1 2019, 4:53 AM · MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling claimed T236964: Pass section headers to wikidiff2 to get section header diffs.

Best if I take this one since it will involve messing around with the Parser. No need for help at this stage.

Nov 1 2019, 4:53 AM · MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling closed T230647: +2 for NavinoEvans on labs/tools/lsa.git as Resolved.

I added NavinoEvans to the group.

Nov 1 2019, 2:55 AM · Gerrit-Privilege-Requests
tstarling closed T234124: Requesting access for SemanticACL extension as Resolved.

In general it would be nice if at least one developer could endorse a person before a ticket is escalated to the admins or TechCom. I see that @mmodell has finally done so, so I'm closing this.

Nov 1 2019, 2:35 AM · Gerrit, TechCom, Developer-Advocacy, Gerrit-Privilege-Requests

Oct 25 2019

tstarling added a comment to T230845: Reader gets media links.

Looks like I said the same thing as @Pchelolo above at T230848#5605205.

Oct 25 2019, 2:57 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T230848: Reader gets file description.

id: ID of the file

Oct 25 2019, 2:30 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T230846: Reader gets language links.

410 – page was deleted

410 Gone client error response code indicates that access to the target resource is no longer available at the origin server and that this condition is likely to be permanent. - pages are not deleted permanently in MW, why are we using 410?

Oct 25 2019, 1:08 AM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)