Page MenuHomePhabricator

tstarling (Tim Starling)
UserAdministrator

Projects (19)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Friday

  • Clear sailing ahead.

User Details

User Since
Oct 15 2014, 8:27 PM (264 w, 6 d)
Roles
Administrator
Availability
Available
LDAP User
Tim Starling
MediaWiki User
Tim Starling (WMF) [ Global Accounts ]

Recent Activity

Today

tstarling moved T236964: Pass section headers to wikidiff2 to get section header diffs from Waiting for Review to Ready to Deploy on the Core Platform Team Workboards (Green) board.
Wed, Nov 13, 1:19 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Patch-For-Review, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)

Yesterday

tstarling added a comment to T234665: Add OAuth 2.0 support to MediaWiki REST API.
Tue, Nov 12, 9:16 AM · Epic, Core Platform Team Workboards (Epics), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234666: Use OAuth 2.0 Client ID for Authorization.

I'm not sure I understand this. As I said at T234677#5655125, the spec says the client ID should not be used for authorization.

Tue, Nov 12, 6:22 AM · Story, Core Platform Team Workboards (User Stories), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234668: Request new OAuth 2.0 client ID.

Per my comment at T234665#5655122, I think this should be done in Extension:OAuth, sharing a UI with OAuth 1.0.

Tue, Nov 12, 6:19 AM · Story, Core Platform Team Workboards (User Stories), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234669: List OAuth 2.0 client IDs.

Per my comment at T234665#5655122, I think this should be done in Extension:OAuth, sharing a UI with OAuth 1.0.

Tue, Nov 12, 6:19 AM · Story, Core Platform Team Workboards (User Stories), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234670: Delete OAuth 2.0 client ID.

Per my comment at T234665#5655122, I think this should be done in Extension:OAuth, sharing a UI with OAuth 1.0.

Tue, Nov 12, 6:19 AM · Story, Core Platform Team Workboards (User Stories), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234677: Support Free and Open Source software API clients with OAuth 2.0.

My interpretation of RFC 6749 is that the client_id is not secret, regardless of source code license. Section 2.2 says "The client identifier is not a secret; it is exposed to the resource owner and MUST NOT be used alone for client authentication." So I'm not sure if there is any special problem we need to solve here.

Tue, Nov 12, 6:14 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (OAuth 2.0)
tstarling updated subscribers of T234665: Add OAuth 2.0 support to MediaWiki REST API.

I read RFC 6749 and have some observations.

Tue, Nov 12, 6:00 AM · Epic, Core Platform Team Workboards (Epics), CPT Initiatives (OAuth 2.0)
tstarling added a comment to T234975: Curator reviews an edit.

Having a compare endpoint with only one parameter would make it easier to cache. Is that how you imagine this, just the same compare endpoint but with a single revision parameter?

Tue, Nov 12, 1:12 AM · Core Platform Team Workboards (User Stories), Story, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T235240: Curator reads a revision offline.

What is "bogobytes"?

Tue, Nov 12, 1:08 AM · Core Platform Team Workboards (User Stories), Story, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP)

Mon, Nov 11

tstarling moved T236964: Pass section headers to wikidiff2 to get section header diffs from Doing to Waiting for Review on the Core Platform Team Workboards (Green) board.
Mon, Nov 11, 5:31 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Patch-For-Review, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling added a comment to T237445: Diff - alternate patch for returning byteOffsetStart objects from wikidiff2.

I renamed "title" to "heading" in the section info objects.

Mon, Nov 11, 2:47 AM · iOS-app-v6.5-Squid-On-A-Tandem-Bike, Wikipedia-iOS-App-Backlog

Fri, Nov 8

tstarling added a comment to T237445: Diff - alternate patch for returning byteOffsetStart objects from wikidiff2.

I've updated my change with one that bundles section offset information, it's ready for review. Sample output showing added text after a multi-line heading:

Fri, Nov 8, 6:13 AM · iOS-app-v6.5-Squid-On-A-Tandem-Bike, Wikipedia-iOS-App-Backlog
tstarling added a comment to T234450: Some Special:Contributions requests cause "Error: 0" from database or WMFTimeoutException.

I think it would be interesting to try adding a per-user concurrency limit of say 2, enforced with PoolCounter. I don't think PoolCounter has been used in that way before, but I think it should work. I'm assuming the slow query times were caused by an overload, which was in turn caused by high concurrency, which seems to be the conclusion of the comments above, but I haven't verified that. I'm not sure if also adding rate limits would be useful -- a concurrency limit implicitly limits the rate. The only advantage of a rate limit would be to prevent large numbers of cheap queries, but I'm not sure if it's worth preventing that.

Fri, Nov 8, 12:27 AM · User-notice, Core Platform Team Workboards (Clinic Duty Team), Vuln-DoS, Security, Performance Issue, MediaWiki-Special-pages, Wikimedia-production-error

Thu, Nov 7

tstarling updated the task description for T237604: Record per-server power usage.
Thu, Nov 7, 4:58 AM · observability
tstarling created T237604: Record per-server power usage.
Thu, Nov 7, 4:52 AM · observability

Wed, Nov 6

tstarling claimed T237555: Config change to enable MW REST API.
Wed, Nov 6, 10:24 PM · Core Platform Team Workboards (Green)
tstarling updated the task description for T237555: Config change to enable MW REST API.
Wed, Nov 6, 10:24 PM · Core Platform Team Workboards (Green)

Tue, Nov 5

tstarling added a comment to T235572: Compose query for minor edit count.

I don't think it's appropriate to add an index for this. Indexes make INSERT queries slower, and increase the size of the database, which I think would result in a net performance reduction considering the low traffic planned for this endpoint.

Tue, Nov 5, 3:43 AM · DBA, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)

Mon, Nov 4

tstarling added a comment to T236964: Pass section headers to wikidiff2 to get section header diffs.

The patch linked above appears to work. The differences between the output I'm getting and your expected output file seem to be due to the fact that I haven't merged 546231 locally yet. I marked it WIP mostly because I'm unsure if this is the way we want to do it at all, per my long comment on 546231.

Mon, Nov 4, 4:32 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Patch-For-Review, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling added a comment to T236963: Deploy latest version of wikidiff2 to production.

I've written some comments in Gerrit. This is not ready for deployment just yet.

Mon, Nov 4, 3:22 AM · wikidiff2, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)

Sun, Nov 3

tstarling created T237207: Docker image missing for php-compile-php72-docker .
Sun, Nov 3, 11:37 PM · Continuous-Integration-Config, Release-Engineering-Team (CI & Testing services), Release-Engineering-Team-TODO (201911), ci-test-error

Fri, Nov 1

tstarling added a comment to T236964: Pass section headers to wikidiff2 to get section header diffs.

I just want to confirm that it's OK to implement this prior to https://gerrit.wikimedia.org/r/c/mediawiki/php/wikidiff2/+/546231 being completed.

Fri, Nov 1, 4:55 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Patch-For-Review, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling moved T236964: Pass section headers to wikidiff2 to get section header diffs from Ready to Doing on the Core Platform Team Workboards (Green) board.
Fri, Nov 1, 4:53 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Patch-For-Review, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling claimed T236964: Pass section headers to wikidiff2 to get section header diffs.

Best if I take this one since it will involve messing around with the Parser. No need for help at this stage.

Fri, Nov 1, 4:53 AM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Patch-For-Review, MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (Green)
tstarling closed T230647: +2 for NavinoEvans on labs/tools/lsa.git as Resolved.

I added NavinoEvans to the group.

Fri, Nov 1, 2:55 AM · Gerrit-Privilege-Requests
tstarling closed T234124: Requesting access for SemanticACL extension as Resolved.

In general it would be nice if at least one developer could endorse a person before a ticket is escalated to the admins or TechCom. I see that @mmodell has finally done so, so I'm closing this.

Fri, Nov 1, 2:35 AM · Gerrit, TechCom, Developer-Advocacy, Gerrit-Privilege-Requests

Fri, Oct 25

tstarling added a comment to T230845: Reader gets media links.

Looks like I said the same thing as @Pchelolo above at T230848#5605205.

Fri, Oct 25, 2:57 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T230848: Reader gets file description.

id: ID of the file

Fri, Oct 25, 2:30 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T230846: Reader gets language links.

410 – page was deleted

410 Gone client error response code indicates that access to the target resource is no longer available at the origin server and that this condition is likely to be permanent. - pages are not deleted permanently in MW, why are we using 410?

Fri, Oct 25, 1:08 AM · Patch-For-Review, Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)

Fri, Oct 18

geraki awarded T6845: CAPTCHA doesn't work for people with visual impairments a Barnstar token.
Fri, Oct 18, 6:33 PM · Security, WCAG-Level-A, Security-Extensions, Design, Accessibility, ConfirmEdit (CAPTCHA extension)

Tue, Oct 15

ToBeFree awarded T232563: Drop IE6 and IE7 basic compatibility and security support a Like token.
Tue, Oct 15, 12:02 AM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General

Mon, Oct 14

tstarling added a comment to T230842: Contributor creates a page.

I realize that you prefer PUT-to-create, but POST-to-create is such a dominant pattern in APIs that I'm really reluctant to remove it. Can you live with having both?

Mon, Oct 14, 3:17 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)

Oct 11 2019

Elitre awarded T6845: CAPTCHA doesn't work for people with visual impairments a Heartbreak token.
Oct 11 2019, 11:19 AM · Security, WCAG-Level-A, Security-Extensions, Design, Accessibility, ConfirmEdit (CAPTCHA extension)

Oct 3 2019

Ladsgroup awarded T232563: Drop IE6 and IE7 basic compatibility and security support a Like token.
Oct 3 2019, 7:31 PM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General
TK-999 awarded T232563: Drop IE6 and IE7 basic compatibility and security support a Like token.
Oct 3 2019, 7:30 PM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General

Oct 2 2019

Jdforrester-WMF awarded T234474: Expand Gerrit Manager permissions a Like token.
Oct 2 2019, 8:19 PM · Operations, Gerrit, Release-Engineering-Team (Development services), Release-Engineering-Team-TODO, TechCom
tstarling created T234474: Expand Gerrit Manager permissions.
Oct 2 2019, 8:19 PM · Operations, Gerrit, Release-Engineering-Team (Development services), Release-Engineering-Team-TODO, TechCom

Oct 1 2019

tstarling added a comment to T230844: Reader searches for a topic.

Is revision_id meant to be the current revision ID of the page, or the revision ID at the time of indexing? My previous comment related to the latter since there are easier ways to get the current revision of a page.

Oct 1 2019, 11:52 PM · Patch-For-Review, Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T230844: Reader searches for a topic.

version_id should be revision_id, or {"revision": {"id": ...}}.

Oct 1 2019, 10:49 AM · Patch-For-Review, Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)
tstarling updated subscribers of T230843: Contributor updates a page.
  • Summary: not supporting edit summaries in this version
Oct 1 2019, 6:56 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T230842: Contributor creates a page.

As I said in a comment on the design principles doc, like @mobrovac, I think the PUT endpoint should allow creation, if we do go ahead and implement PUT. The only reason to use POST for creation is if the target URL is not known to the client.

Oct 1 2019, 6:12 AM · Core Platform Team Workboards (User Stories), Story, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T229663: Contributor gets page source.

For the purposes of the CRUD interface, this needs to return whatever is sent with PUT, and that probably means wikitext. The path could be a subresource /page/{title}/wikitext, following the principle that subresources should be used for "larger, more expensive, less-frequently-used properties, or properties with different access rights" (ref), which would seem to describe the wikitext of the page. For HTML delivery we could use /page/{title}/html, but that doesn't seem to be necessary for the CRUD sprint.

Oct 1 2019, 6:01 AM · Core Platform Team Workboards (User Stories), MediaWiki-REST-API, Story, CPT Initiatives (Core REST API in PHP)

Sep 30 2019

awight awarded T176370: Migrate to PHP 7 in WMF production a Evil Spooky Haunted Tree token.
Sep 30 2019, 7:38 AM · MW-1.34-notes (1.34.0-wmf.22; 2019-09-10), CPT Initiatives (PHP7 (TEC4)), Patch-For-Review, TechCom-RFC (TechCom-Approved), User-ArielGlenn, HHVM, Operations
tstarling added a comment to T231580: Implement GET Revision Comparison.

If you put the title in the URL then you are back to the same place with inability to support IMS revalidation. We need to preserve the ability to map from the revision ID to the page in order to support Last-Modified headers. To recap: if the title appears in the output (or the path) then the Last-Modified header depends on the move history, which we don't store in a structured, usable form.

Sep 30 2019, 1:08 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)

Sep 29 2019

Aklapper awarded T176370: Migrate to PHP 7 in WMF production a Like token.
Sep 29 2019, 7:18 PM · MW-1.34-notes (1.34.0-wmf.22; 2019-09-10), CPT Initiatives (PHP7 (TEC4)), Patch-For-Review, TechCom-RFC (TechCom-Approved), User-ArielGlenn, HHVM, Operations

Sep 28 2019

Krinkle awarded T158730: Automate WMF wiki creation a Orange Medal token.
Sep 28 2019, 3:29 AM · Release-Engineering-Team, Release-Engineering-Team-TODO, Core Platform Team Legacy (Watching / External), Services (watching), Patch-For-Review, MediaWiki-Configuration

Sep 27 2019

TheDJ awarded T232563: Drop IE6 and IE7 basic compatibility and security support a Like token.
Sep 27 2019, 11:14 AM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General

Sep 26 2019

tstarling added a comment to T232485: RFC: Core REST API namespace and version.

I've talked with @Joe on IRC about his objections to this RFC. I think he would be prepared to accept the RFC with the following changes:

Sep 26 2019, 5:31 AM · TechCom-RFC (TechCom-Approved), Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)

Sep 25 2019

tstarling updated subscribers of T232485: RFC: Core REST API namespace and version.

I did propose a technical way to encourage extensions to use a prefix at T221177#5142785, but it was shouted down. The opposing view was that extensions can and should register additional actions which relate to resources provided by core. This is what I described above, at T232485#5486509, but it was first proposed by @Tgr at T221177#5145523.

Sep 25 2019, 12:35 PM · TechCom-RFC (TechCom-Approved), Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231580: Implement GET Revision Comparison.

I updated the task description according to the above comment. I also added "slot_role" to the "from" and "to" objects, giving the slot role name.

Sep 25 2019, 12:13 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling updated the task description for T231580: Implement GET Revision Comparison.
Sep 25 2019, 12:13 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling updated the task description for T231580: Implement GET Revision Comparison.
Sep 25 2019, 12:09 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)

Sep 24 2019

tstarling closed T214618: Requesting repository ownership for /mediawiki/extensions/OdbcDatabase as Resolved.

I added Stewart Alpert to the relevant group for elevated permissions in the OdbcDatabase extension.

Sep 24 2019, 10:42 AM · Gerrit-Privilege-Requests

Sep 23 2019

tstarling added a comment to T231580: Implement GET Revision Comparison.

I closed T232488 with a comment summarising the discussion between me and @eprodromou regarding /json suffixes. Everything is JSON. I'm not sure if we resolved on the exact name of the /structured suffix but I think it would be confusing to use /json when all the formats are a kind of JSON, hence the need to think of another name for it.

Sep 23 2019, 11:53 PM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling closed T232488: "json" type indicator in URL patterns, a subtask of T231338: Page history API, as Declined.
Sep 23 2019, 11:40 PM · CPT Initiatives (Core REST API in PHP), Epic, Core Platform Team Workboards (Epics)
tstarling closed T232488: "json" type indicator in URL patterns as Declined.

This is not really what I was attempting to ask for, as I just discussed with @eprodromou. Everything is JSON, so /json is redundant. My concern is just about changing what's inside the JSON depending on the needs of the client, for example the three diff formats I described at T231580. I don't think there is a simple top-level solution for that, we just have to think about future use cases on some of these endpoints.

Sep 23 2019, 11:40 PM · Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling updated the task description for T231580: Implement GET Revision Comparison.
Sep 23 2019, 5:47 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231580: Implement GET Revision Comparison.

In the WIP patch, instead of "from_revision" and "from_title" I had a nested structure:

{
  "response": {
    "from": {
      "id": 1522,
      "title": "Main_Page"
    },
    "to": {
      "id": 1526,
      "title": "Main_Page"
    },
Sep 23 2019, 5:45 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231580: Implement GET Revision Comparison.

Is the title meant to be the DB key, or the text form, or the display title (HTML formatted), or a plain text representation of the display title? If it's the display title then should it be in the user's variant?

Sep 23 2019, 4:37 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling updated subscribers of T231580: Implement GET Revision Comparison.

It's not possible to do an IMS/INM revalidation of a 403 or 404 response, since a 304 status code is defined as implying that the status code would have been 200. So the best we can do for those responses is a short Expires.

Sep 23 2019, 3:55 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231580: Implement GET Revision Comparison.

Some additional considerations which apply to either interface style:

Sep 23 2019, 2:51 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231580: Implement GET Revision Comparison.

In the content negotiation version you would also have a directory index style endpoint /revision/{id}/compare/{other}. This would just list the role name of each modified slot.

Sep 23 2019, 2:14 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231580: Implement GET Revision Comparison.

Content negotiation version of this, for consideration:

Sep 23 2019, 2:09 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231580: Implement GET Revision Comparison.

I made the following changes. Please revert if any are unacceptable:

  • Added a format parameter to the path, here /structured, so that we may also add /table and /inline.
  • Changed method specification from GET only to GET or HEAD, to conform with the HTTP specification and existing routing code (T226043)
  • Removed the requirement that the request body be empty. RFC 2616 prohibits such a request body, whereas RFC 7231 says that such a request body has "no defined semantics", which might be interpreted as a suggestion to ignore the body, which is the normal handling of such requests. In any case, the endpoint seems like the wrong place to implement such a requirement. I don't think any endpoint should interpret a GET request body: RFC 7231 says that "sending a payload body on a GET request might cause some existing implementations to reject the request", which seems like a good enough reason to not do that. Proxies may fail to forward it. The best way to enforce this handling would be to have RequestFromGlobals::getBody() always return an empty stream for a GET request.
  • Specified that "diffs" contains a JSON object mapping MCR slot role name to the result of wikidiff2_inline_json_diff(), rather than "TBD".
  • Renamed "title" to "from_title" and added "to_title" since there was no requirement that the revision IDs refer to the same page.
  • For clarity given the above change, renamed "from" and "to" to "from_revision" and "to_revision" respectively.
  • It said that a 304 should be generated if there is "no change between revisions". I'm not sure if this is just unclear wording, but RFC 7232 defines the 304 status code as something which can only be used in response to IMS/INM, it is not possible to send it if the from and to revisions merely contain the same content. If the from and to revisions merely contain the same content, the diff array will be empty, thus allowing the client to receive the title and other metadata.
Sep 23 2019, 1:53 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling updated the task description for T231580: Implement GET Revision Comparison.
Sep 23 2019, 1:53 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231580: Implement GET Revision Comparison.

Since there was no response to my questions here, I'll just update the task description to address these problems.

Sep 23 2019, 12:45 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)

Sep 21 2019

Volker_E awarded T232563: Drop IE6 and IE7 basic compatibility and security support a Like token.
Sep 21 2019, 2:05 AM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General

Sep 20 2019

MusikAnimal awarded T232563: Drop IE6 and IE7 basic compatibility and security support a Like token.
Sep 20 2019, 7:11 PM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General

Sep 17 2019

tstarling renamed T232485: RFC: Core REST API namespace and version from Namespace and version to Core REST API namespace and version.
Sep 17 2019, 11:06 PM · TechCom-RFC (TechCom-Approved), Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a project to T232485: RFC: Core REST API namespace and version: TechCom-RFC.

I think this task should be an RFC. It proposes a set of public endpoints which will inevitably be used by clients other than iOS. It proposes a path scheme which implies a trivial extension (v0 -> v1) to a permanent, official, public API. It proposes introducing a /core namespace despite contrary views on that point.

Sep 17 2019, 10:59 PM · TechCom-RFC (TechCom-Approved), Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)

Sep 16 2019

tstarling added a comment to T232613: LBFactoryMulti.php: PHP Notice: Undefined index: .

The theory that zend_empty_string fails to have its hash value initialised when opcache is enabled was not correct. It is already initialised before php-fpm forks. So the new theory is that it is initialised correctly but something sets it back to zero.

Sep 16 2019, 7:09 AM · Patch-For-Review, MW-1.34-notes (1.34.0-wmf.22; 2019-09-10), Core Platform Team Workboards (Clinic Duty Team), Wikimedia-Rdbms, PHP 7.2 support, Wikimedia-production-error

Sep 14 2019

Daimona awarded T232563: Drop IE6 and IE7 basic compatibility and security support a Like token.
Sep 14 2019, 1:03 PM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General
tstarling added a comment to T232613: LBFactoryMulti.php: PHP Notice: Undefined index: .

Changing ILoadBalancer::GROUP_GENERIC to a string of length greater than 1 might also work as a permanent workaround. It could be say '[generic]'. But the other bugs would remain unfixed unless they also changed their array keys.

Sep 14 2019, 10:19 AM · Patch-For-Review, MW-1.34-notes (1.34.0-wmf.22; 2019-09-10), Core Platform Team Workboards (Clinic Duty Team), Wikimedia-Rdbms, PHP 7.2 support, Wikimedia-production-error
tstarling added a comment to T232613: LBFactoryMulti.php: PHP Notice: Undefined index: .

This should be tried as a workaround: opcache.interned_strings_buffer = 0 in php.ini.

Sep 14 2019, 8:45 AM · Patch-For-Review, MW-1.34-notes (1.34.0-wmf.22; 2019-09-10), Core Platform Team Workboards (Clinic Duty Team), Wikimedia-Rdbms, PHP 7.2 support, Wikimedia-production-error
tstarling added a comment to T232613: LBFactoryMulti.php: PHP Notice: Undefined index: .

Continuing the core dump analysis:

Sep 14 2019, 5:05 AM · Patch-For-Review, MW-1.34-notes (1.34.0-wmf.22; 2019-09-10), Core Platform Team Workboards (Clinic Duty Team), Wikimedia-Rdbms, PHP 7.2 support, Wikimedia-production-error

Sep 13 2019

tstarling added a comment to T232613: LBFactoryMulti.php: PHP Notice: Undefined index: .

I'll dump my notes here, sorry about it being long and boring. Summary: no answers yet.

Sep 13 2019, 12:38 PM · Patch-For-Review, MW-1.34-notes (1.34.0-wmf.22; 2019-09-10), Core Platform Team Workboards (Clinic Duty Team), Wikimedia-Rdbms, PHP 7.2 support, Wikimedia-production-error
tstarling added a comment to T232613: LBFactoryMulti.php: PHP Notice: Undefined index: .

It didn't generate a core dump. In my defence I did only say that it would "probably be enough". It doesn't work because PR_SET_DUMPABLE is used to disable core dumps. To enable core dumps, the PHP FPM pool option process.dumpable needs to be set to "yes". This can safely be set to "yes" globally since rlimit_core still defaults to zero, so it doesn't dump core on segfault unless the limit has been manually raised. You can see the current configuration with php-fpm7.2 -tt, and I'm also going to upload a test script.

Sep 13 2019, 4:46 AM · Patch-For-Review, MW-1.34-notes (1.34.0-wmf.22; 2019-09-10), Core Platform Team Workboards (Clinic Duty Team), Wikimedia-Rdbms, PHP 7.2 support, Wikimedia-production-error

Sep 12 2019

tstarling added a comment to T232485: RFC: Core REST API namespace and version.

I understand Daniel's desire to avoid putting a collection of half-baked endpoints into production with generic unversioned names. How about we split the whole iPhone app support project into an extension and give it its own prefix? Then it can act as a prototype for similar endpoints to be introduced to core.

Sep 12 2019, 11:32 PM · TechCom-RFC (TechCom-Approved), Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling moved T231580: Implement GET Revision Comparison from Ready to Doing on the Core Platform Team Workboards (Green) board.
Sep 12 2019, 5:57 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231580: Implement GET Revision Comparison.

Why is it diffs plural? A diff is what you get when you compare two revisions.

Sep 12 2019, 5:54 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231347: Curator compares revisions.

Can the request/response details be removed from the task description, to avoid duplicating the discussion? It's all at T231580.

Sep 12 2019, 5:51 AM · CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (User Stories), Story
tstarling added a comment to T231580: Implement GET Revision Comparison.

To repeat my comment from T231347: The diff format is needed, and JSON is not one of the options. I think the options are "table" (wikidiff2_do_diff), "inline" (wikidiff2_inline_diff) and "structured" (wikidiff2_inline_json_diff, T232231). So we would have e.g. /revision/{id}/compare/{other}/table , which would have HTML in JSON. For "structured", hopefully it is not necessary to double-encode the JSON.

Sep 12 2019, 4:45 AM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231347: Curator compares revisions.

The diff format is needed, and JSON is not one of the options. I think the options are "table" (wikidiff2_do_diff), "inline" (wikidiff2_inline_diff) and "structured" (wikidiff2_inline_json_diff, T232231). So we would have e.g. /revision/{id}/compare/{other}/table , which would have HTML in JSON. For "structured", hopefully it is not necessary to double-encode the JSON.

Sep 12 2019, 4:42 AM · CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (User Stories), Story
tstarling added a comment to T232485: RFC: Core REST API namespace and version.

I would support having a major version number which is associated with each route, not a global version number. It should start at v1, not v0. I think it should be incremented extremely rarely: in most of the cases which @Anomie mentions above, it would not be incremented. I don't think we should commit to supporting old versions forever. For example, if you need to add a CSRF token to a vulnerable endpoint, you could add the v2 endpoint and remove the v1 endpoint in the same commit.

Sep 12 2019, 4:10 AM · TechCom-RFC (TechCom-Approved), Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T231347: Curator compares revisions.

I renamed version to revision, as discussed.

Sep 12 2019, 3:08 AM · CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (User Stories), Story
tstarling renamed T231347: Curator compares revisions from Curator compares versions to Curator compares revisions.
Sep 12 2019, 3:07 AM · CPT Initiatives (Core REST API in PHP), Core Platform Team Workboards (User Stories), Story
tstarling closed T230914: User authentication with OAuth 1.0, a subtask of T229662: Minimal client REST API, as Resolved.
Sep 12 2019, 3:03 AM · MediaWiki-REST-API, Core Platform Team Workboards (Epics), Epic, CPT Initiatives (Core REST API in PHP)
tstarling closed T230914: User authentication with OAuth 1.0 as Resolved.

As far as I can see, there are no proposed write actions, so CSRF should not be a problem initially. Allowing OAuth but ignoring session authentication is not "keeping it simple", because nothing in MediaWiki does that, whereas allowing both forms of authentication was done with a few lines of code and has now been merged.

Sep 12 2019, 3:03 AM · Core Platform Team Workboards (Green), Story, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T229661: Core REST API in MediaWiki.

If it is meant to be the umbrella for work planned for CPT for some time period, I think a project is the right way to indicate that also. But the project name should specify the scope.

Sep 12 2019, 2:59 AM · MediaWiki-REST-API, Core Platform Team, CPT Initiatives (Core REST API in PHP)
tstarling added a comment to T229661: Core REST API in MediaWiki.

This appears to be a tracking task, not a completable project. Per https://www.mediawiki.org/wiki/Phabricator/Project_management/Tracking_tasks , tracking tasks should not be used. I think these tasks should be put in the MediaWiki-REST-API project.

Sep 12 2019, 2:49 AM · MediaWiki-REST-API, Core Platform Team, CPT Initiatives (Core REST API in PHP)

Sep 11 2019

tstarling added a comment to T232563: Drop IE6 and IE7 basic compatibility and security support.

The same kind of query also confirms that IE7 users are mostly seeing redirects, whereas IE8 still works. Of course it would be possible to extend support for non-WMF users of MediaWiki, but I don't think we should do that.

Sep 11 2019, 9:11 PM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General
tstarling added a comment to T232563: Drop IE6 and IE7 basic compatibility and security support.

@Krinkle pointed out that IE6 and IE7 attempting to visit Wikipedia are typically redirected to an error page due to not supporting current TLS ciphers. I confirmed that this is the case using the webrequest_sampled_128 table in analytics via Turnilo. For UAs containing "MSIE 6.0", 71% of requests result in a 301 status code, whereas for all UAs, 3% of requests result in a 301 status code. So IE6 and IE7 are already thoroughly broken for readers.

Sep 11 2019, 9:01 PM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General
Jdforrester-WMF awarded T232563: Drop IE6 and IE7 basic compatibility and security support a Like token.
Sep 11 2019, 3:50 PM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General
tstarling added a project to T232563: Drop IE6 and IE7 basic compatibility and security support: MediaWiki-General.
Sep 11 2019, 5:27 AM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General
tstarling created T232563: Drop IE6 and IE7 basic compatibility and security support.
Sep 11 2019, 5:10 AM · MW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes, User-notice, TechCom-RFC (TechCom-Approved), MediaWiki-General
tstarling added a comment to T198492: Create a maintenance script to drop rev_text_id and ar_text_id from the database..

Maybe that was true 15 years ago, but update.php seems well-established now.

Sep 11 2019, 1:56 AM · MW-1.35-release, CPT Initiatives (MCR), Multi-Content-Revisions (Tech Debt), Wikidata

Sep 10 2019

tstarling added a comment to T201965: Vagrant setup produces exception about $wgServer when https role is active.

I think protocol-relative URLs should be deprecated. If you really need a wiki to be accessible via both HTTP and HTTPS, you can always have a dynamic $wgServer, but all the hacks that help to switch between HTTP and HTTPS and the support for cache sharing between the two should just be removed. HTTPS should be used for public websites, and HTTP for localhost. There's not really a situation in which switching between the two is advisable.

Sep 10 2019, 11:33 PM · MediaWiki-Vagrant
tstarling claimed T231580: Implement GET Revision Comparison.
Sep 10 2019, 12:09 PM · MW-1.35-notes (1.35.0-wmf.2; 2019-10-15), Patch-For-Review, Core Platform Team Workboards (Green), CPT Initiatives (Core REST API in PHP)
tstarling moved T230914: User authentication with OAuth 1.0 from Waiting for Review to Done on the Core Platform Team Workboards (Green) board.
Sep 10 2019, 12:05 PM · Core Platform Team Workboards (Green), Story, CPT Initiatives (Core REST API in PHP)