Re: [Wikitech-l] Making two factor auth less annoying

[Gergo Tisza]

On Sun, Aug 12, 2018 at 6:47 PM Petr Bena  wrote:

> With two factor authentication it doesn't seem to be possible to make
> session persistent


Two-factor authentication does not affect how the session works. If you
check "Remember me", the login will last for 180 days, whether you use
two-factor authentication or not.
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Making two factor auth less annoying

[Adam Wight]

Hi Petr,

Thank you for thinking about improvements to 2FA, the lack of session
persistence makes me want to buy a paper encyclopedia.

Another issue to add to your list is that a lost 2FA device (plus lost
scratch codes) requires admin help or someone with DB access, because the
self-serve option asks for a 2FA code in order to disable.  Most industry
implementations allow a 2FA reset via primary email account as well as
scratch codes.  There are many bugs about this, and I can't tell if the
design is a feature or bug.  Here's an interesting suggestion for how to
fix: https://phabricator.wikimedia.org/T180896

Regards,
Adam

On Sun, Aug 12, 2018 at 9:48 AM Petr Bena  wrote:

> Oh and I totally forgot to include link to phab task:
> https://phabricator.wikimedia.org/T201784
>
> On Sun, Aug 12, 2018 at 6:47 PM, Petr Bena  wrote:
> > Hello,
> >
> > I would like to do some major changes to two factor auth. I am cross
> > posting this on phabricator and the mailing list to give it some more
> > attention and to start some proper discussion before anyone starts
> > working on this:
> >
> > Right now there are only two options for two factor authentication:
> >
> > * Don't use two-factor authentication (insecure)
> > * Use two factor authentication (annoying as hell)
> >
> > With two factor authentication it doesn't seem to be possible to make
> > session persistent and it really is extremely annoying to look for
> > your mobile phone, open the app and fill in the code everytime you
> > want to do some simple wiki action. I am very lazy and even found
> > myself to rather decide not to do a minor change (be it fix of typo
> > correction etc. in article on English Wikipedia etc) rather than going
> > through the hassle of using the google authenticator.
> >
> > I think it would be really cool to have an option (or maybe even more
> > of them?) that would help to specify when two factor auth is really
> > desired, so that for example users could decide that for simple
> > actions like wiki editing normal login would be sufficient, but for
> > changes like:
> >
> > * Change of password
> > * Change of (some) preferences
> > * Admin actions (block, delete etc.)
> >
> > P.S. Unfortunately I no longer have so much free time to track every
> > single thread in this mailing list, so maybe this is a duplicate of
> > some older idea by someone else, if that's the case, please merge the
> > phab task with whatever the other identical proposal is.
> >
> > Thank you
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] ForkableMaintenance: thoughts and help with tests/code coverage

[Brion Vibber]

Thanks, looks like I misinterpreted the report output. :)

I think I can add a test case for ParallelMaintenance which should make the
warning go away.

-- brion

On Sun, Aug 12, 2018, 1:51 PM Kunal Mehta  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> On 08/11/2018 06:48 PM, Brion Vibber wrote:
> > Second, probably related to that I'm seeing a failure in the code
> > coverage calculations -- it's seeing some increased coverage on the
> > parent process at least but seems to think it's returning a
> > non-zero exit code somewhere, which marks the whole operation as a
> > failure:
> >
> > https://integration.wikimedia.org/ci/job/mediawiki-phpunit-coverage-pa
> tch-docker/460/console
> 
>
> I
> >
> think your test and the tool are working properly, there just is an
> actual coverage drop:
>
> +-+++
> | Filename| Old %  | New %  |
> +-+++
> | includes/QueueingForkController.php | 0  |  07.92 |
> | maintenance/Maintenance.php |  20.51 |  19.83 |
> +-+++
>
> If you look at the HTML report[1], all the new lines added to
> Maintenance.php are not covered by tests, which is decreasing coverage.
>
> The tool currently reports a coverage drop if it drops in any file,
> which isn't necessary ideal, see [2].
>
> [1]
> https://integration.wikimedia.org/ci/job/mediawiki-phpunit-coverage-patc
> h-docker/460/artifact/log/coverage.html
> 
> [2] https://phabricator.wikimedia.org/T188687
>
> - -- Legoktm
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEE+h6fmkHn9DUCyl1jUvyOe+23/KIFAltwnZ4ACgkQUvyOe+23
> /KIm8w//WZVvuCCxHlW2CmbKtw/hjiBCxTUsmFAdb4QCco2nJe1qcSKtU9tBWq0n
> HrT32rEK06sYSPFrcHE6KYCHYtaLAGn8zcpXTCnB15mq1c/yrkwNucXwpBbbs28b
> 776EjNzTnU8UbTP0y9qt+Z3g1rRAjFjbXSqbh/3Vi9nQDlgS+cCgMwudZ+INzCeV
> L0O+JKZKmfAswcSZbSVkWFDBQMZulhlP4ztS0hTYyixnGTl5z2Cc3c7F2OvjlcIx
> lyGZkh1544X6hG7t9t5o35Tjbwt/Y5de617QiiN6dvFO6OrxD/mNs17kp302WJS7
> FjcPjFXvSsOdobG0Ff/cg8/cy1m5Ek6fctw1cCMWnYruy7rcYvt9QYz8NRxaSIES
> PdYmL8AiuY0173AKTTMgmOxjg0phY6Mrf7d8eo81zRwkENBjzwut2gEF6s4xeR6I
> jnKdqpHta6HWs3wF7+dTNxH8v5f7TRGVkz1PwacdbHZBj8PEUAge7789f2qqzByb
> V2P5tr/nMCTrIoc+iPsjif1AbQsbLk+dKs1BDHxymChnZa0gTIbUGnTriqKn4xIo
> qkZyflm66OHa+R6C3hcs5+OTfVnx7Sqqcmk3b7vC3N5ydlEwUXJSI9PrOC6xr77s
> ltUPh/8hsA3TLJ6CHyCwgnZtyZOL6XczysOHiWpBeH1wWhl+gwQ=
> =DSVw
> -END PGP SIGNATURE-
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] My Phabricator account has been disabled

[Yaron Koren]

 Nuria Ruiz  wrote:
> The CoC will prioritize the safety of the minority over the comfort of the
> majority.

This is an odd thing to say, in this context. I don't believe anyone's
safety is endangered by hearing the phrase in question, so it seems like
just an issue of comfort on both sides. And who are the minority and
majority here?

> The way the bug was closed might be incorrect (I personally as an engineer
> agree that closing it shows little understanding of how technical teams do
> track bugs in phab, some improvements are in order here for sure) but the
> harsh interaction is just one out of many that have been out of line for
> while.

This seems like the current argument - that it's not really about the use
of a phrase, it's about an alleged pattern of behavior by MZMcBride. What
this pattern is I don't know - the one example that was brought up was a
blog post he wrote six years ago, which caused someone else to say
something mean in the comments. (!) As others have pointed out, there's a
lack of transparency here.

-Yaron
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] ForkableMaintenance: thoughts and help with tests/code coverage

[Kunal Mehta]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

On 08/11/2018 06:48 PM, Brion Vibber wrote:
> Second, probably related to that I'm seeing a failure in the code
> coverage calculations -- it's seeing some increased coverage on the
> parent process at least but seems to think it's returning a
> non-zero exit code somewhere, which marks the whole operation as a
> failure:
> 
> https://integration.wikimedia.org/ci/job/mediawiki-phpunit-coverage-pa
tch-docker/460/console

I
> 
think your test and the tool are working properly, there just is an
actual coverage drop:

+-+++
| Filename| Old %  | New %  |
+-+++
| includes/QueueingForkController.php | 0  |  07.92 |
| maintenance/Maintenance.php |  20.51 |  19.83 |
+-+++

If you look at the HTML report[1], all the new lines added to
Maintenance.php are not covered by tests, which is decreasing coverage.

The tool currently reports a coverage drop if it drops in any file,
which isn't necessary ideal, see [2].

[1]
https://integration.wikimedia.org/ci/job/mediawiki-phpunit-coverage-patc
h-docker/460/artifact/log/coverage.html
[2] https://phabricator.wikimedia.org/T188687

- -- Legoktm
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE+h6fmkHn9DUCyl1jUvyOe+23/KIFAltwnZ4ACgkQUvyOe+23
/KIm8w//WZVvuCCxHlW2CmbKtw/hjiBCxTUsmFAdb4QCco2nJe1qcSKtU9tBWq0n
HrT32rEK06sYSPFrcHE6KYCHYtaLAGn8zcpXTCnB15mq1c/yrkwNucXwpBbbs28b
776EjNzTnU8UbTP0y9qt+Z3g1rRAjFjbXSqbh/3Vi9nQDlgS+cCgMwudZ+INzCeV
L0O+JKZKmfAswcSZbSVkWFDBQMZulhlP4ztS0hTYyixnGTl5z2Cc3c7F2OvjlcIx
lyGZkh1544X6hG7t9t5o35Tjbwt/Y5de617QiiN6dvFO6OrxD/mNs17kp302WJS7
FjcPjFXvSsOdobG0Ff/cg8/cy1m5Ek6fctw1cCMWnYruy7rcYvt9QYz8NRxaSIES
PdYmL8AiuY0173AKTTMgmOxjg0phY6Mrf7d8eo81zRwkENBjzwut2gEF6s4xeR6I
jnKdqpHta6HWs3wF7+dTNxH8v5f7TRGVkz1PwacdbHZBj8PEUAge7789f2qqzByb
V2P5tr/nMCTrIoc+iPsjif1AbQsbLk+dKs1BDHxymChnZa0gTIbUGnTriqKn4xIo
qkZyflm66OHa+R6C3hcs5+OTfVnx7Sqqcmk3b7vC3N5ydlEwUXJSI9PrOC6xr77s
ltUPh/8hsA3TLJ6CHyCwgnZtyZOL6XczysOHiWpBeH1wWhl+gwQ=
=DSVw
-END PGP SIGNATURE-

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Шта те чини срећном ове недеље? / What's making you happy this week? (Week of 12 August 2018)

[Pine W]

Recently, I was outside at night, and I was fortunate to see several
meteors. The 2018 Perseid  meteor
shower is at its peak this weekend.

Also, yesterday I spent some time on English Wikipedia's main page
 and browsed some of the linked
articles. I was glad to be reminded that regardless of world events, good
or bad, we continue to create Wikipedia.

What's making you happy this week? You are welcome to write in any language.

Pine
( https://meta.wikimedia.org/wiki/User:Pine )
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Making two factor auth less annoying

[Petr Bena]

Oh and I totally forgot to include link to phab task:
https://phabricator.wikimedia.org/T201784

On Sun, Aug 12, 2018 at 6:47 PM, Petr Bena  wrote:
> Hello,
>
> I would like to do some major changes to two factor auth. I am cross
> posting this on phabricator and the mailing list to give it some more
> attention and to start some proper discussion before anyone starts
> working on this:
>
> Right now there are only two options for two factor authentication:
>
> * Don't use two-factor authentication (insecure)
> * Use two factor authentication (annoying as hell)
>
> With two factor authentication it doesn't seem to be possible to make
> session persistent and it really is extremely annoying to look for
> your mobile phone, open the app and fill in the code everytime you
> want to do some simple wiki action. I am very lazy and even found
> myself to rather decide not to do a minor change (be it fix of typo
> correction etc. in article on English Wikipedia etc) rather than going
> through the hassle of using the google authenticator.
>
> I think it would be really cool to have an option (or maybe even more
> of them?) that would help to specify when two factor auth is really
> desired, so that for example users could decide that for simple
> actions like wiki editing normal login would be sufficient, but for
> changes like:
>
> * Change of password
> * Change of (some) preferences
> * Admin actions (block, delete etc.)
>
> P.S. Unfortunately I no longer have so much free time to track every
> single thread in this mailing list, so maybe this is a duplicate of
> some older idea by someone else, if that's the case, please merge the
> phab task with whatever the other identical proposal is.
>
> Thank you

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Making two factor auth less annoying

[Petr Bena]

Hello,

I would like to do some major changes to two factor auth. I am cross
posting this on phabricator and the mailing list to give it some more
attention and to start some proper discussion before anyone starts
working on this:

Right now there are only two options for two factor authentication:

* Don't use two-factor authentication (insecure)
* Use two factor authentication (annoying as hell)

With two factor authentication it doesn't seem to be possible to make
session persistent and it really is extremely annoying to look for
your mobile phone, open the app and fill in the code everytime you
want to do some simple wiki action. I am very lazy and even found
myself to rather decide not to do a minor change (be it fix of typo
correction etc. in article on English Wikipedia etc) rather than going
through the hassle of using the google authenticator.

I think it would be really cool to have an option (or maybe even more
of them?) that would help to specify when two factor auth is really
desired, so that for example users could decide that for simple
actions like wiki editing normal login would be sufficient, but for
changes like:

* Change of password
* Change of (some) preferences
* Admin actions (block, delete etc.)

P.S. Unfortunately I no longer have so much free time to track every
single thread in this mailing list, so maybe this is a duplicate of
some older idea by someone else, if that's the case, please merge the
phab task with whatever the other identical proposal is.

Thank you

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] ForkableMaintenance: thoughts and help with tests/code coverage

[Brion Vibber]

(I've made both changes on the PR.)

-- brion

On Sun, Aug 12, 2018 at 7:54 AM Brion Vibber  wrote:

>
> On Sun, Aug 12, 2018, 2:49 AM Aryeh Gregor  wrote:
>
>>
>> For what it's worth, when I saw ForkableMaintenance I thought of
>> forking an open-source project, not Unix fork().  Something like
>> ParallelMaintenance or ParallelizableMaintenance would better suggest
>> the desired meaning for me.
>>
>
> I like it... I'll reserve the Fork terminology for the low level
> controllers which deal with the processes and change the maintenance
> wrapper to ParallelMaintenance.
>
> Any preferences on --fork=N vs --threads=N for the cli option? I'm leaning
> to changing it to --threads.
>
> -- brion
>
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] ForkableMaintenance: thoughts and help with tests/code coverage

[Brion Vibber]

On Sun, Aug 12, 2018, 2:49 AM Aryeh Gregor  wrote:

>
> For what it's worth, when I saw ForkableMaintenance I thought of
> forking an open-source project, not Unix fork().  Something like
> ParallelMaintenance or ParallelizableMaintenance would better suggest
> the desired meaning for me.
>

I like it... I'll reserve the Fork terminology for the low level
controllers which deal with the processes and change the maintenance
wrapper to ParallelMaintenance.

Any preferences on --fork=N vs --threads=N for the cli option? I'm leaning
to changing it to --threads.

-- brion
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] ForkableMaintenance: thoughts and help with tests/code coverage

[Aryeh Gregor]

On Sun, Aug 12, 2018 at 4:48 AM, Brion Vibber  wrote:
> While working on some maintenance scripts for TimedMediaHandler I've been
> trying to make it easier to do scripts that use multiple parallel processes
> to run through a large input set faster.
>
> My proposal is a ForkableMaintenance class, with an underlying
> QueueingForkController which is a refactoring of the
> OrderedStreamingForkController used by (at least) some CirrusSearch
> maintenance scripts.

For what it's worth, when I saw ForkableMaintenance I thought of
forking an open-source project, not Unix fork().  Something like
ParallelMaintenance or ParallelizableMaintenance would better suggest
the desired meaning for me.

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l