Re: [Wikitech-l] The mw.ext construct in lua modules

2019-01-24 Thread Thiemo Kreuz 
Is there a question assigned with this long email? Is this a call for feedback?

Kind regards
Thiemo

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] [Wikimedia-l] Security Notification: Malware creating fake Wikipedia donation banner

2019-01-24 Thread Jay prakash 
This was actually happened with me.[1]

[1] https://phabricator.wikimedia.org/T188217

On Fri, Jan 25, 2019, 4:29 AM Adam Wight  Horrifying!
>
> Is there anything we can do from our side, e.g. include some Javascript
> which can detect and disable the malware banner?
>
> [[mw:Adamw]]
>
> On Thu, Jan 24, 2019 at 10:11 AM Paulo Santos Perneta <
> paulospern...@gmail.com> wrote:
>
> > Hi,
> >
> > I seem to recall some OTRS tickets recently sent warning about it. Should
> > they be forward to any address in particular, in case they keep coming
> in?
> >
> > Paulo
> >
> > John Bennett  escreveu no dia quinta, 24/01/2019
> > à(s) 14:02:
> >
> > > Hello,
> > >
> > > In order to keep the community informed of threats against Wikimedia
> > > projects and users, the Wikimedia Security team has some information to
> > > share.
> > >
> > > Malware installed via pirated contented downloaded from sites such as
> the
> > > Pirate Bay can cause web browsers compromised by the malware to create
> a
> > > fake donation banner for Wikipedia users. While the actual malware is
> not
> > > installed or distributed via Wikipedia, unaware visitors may be
> confused
> > or
> > > tricked by it's activities.
> > >
> > > The malware seeks to trick visitors to Wikipedia by looking like a
> > > legitimate Wikipedia banner asking for donations. Once the user clicks
> on
> > > the banner, they are then taken to a portal that leads them to transfer
> > > money to a fraudulent bitcoin account that is not controlled by the
> > > Foundation.
> > >
> > > The current version of this malware is only infecting Microsoft Windows
> > > users at the time of this notification. To date, the number of people
> > > affected is small. The fraudulent accounts have taken approximately
> $700
> > > from infected users. However, we strongly encourage all users to use
> and
> > > update their antivirus software.
> > >
> > >
> > > Additional details and a screenshot of the fake donation banner on can
> be
> > > found at Bleepingcomputer.com. [0]
> > >
> > > [0]
> > >
> > >
> >
> https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/
> > >
> > > Thanks,
> > >
> > > John Bennett
> > > ___
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > https://meta.wikimedia.org/wiki/Wikimedia-l
> > > New messages to: wikimedi...@lists.wikimedia.org
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > 
> > ___
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: wikimedi...@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > 
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] PolyGerrit theme has been updated for gerrit.wikimedia.org

2019-01-24 Thread Daniel Zahn 
Thanks Paladox and Tyler. This made me finally opt-in and switch to
Polygerrit now for my own everyday UI.
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Change in autocomplete behavior on wikitech and mw.org

2019-01-24 Thread Erik Bernhardson 
The default autocomplete profile has been changed to include sub phrase
matching. Essentially this means the autocomplete matching can start at
various points within the page title, rather than only at the very start.
This has shown to be particularly useful on sites with long or nested page
titles like mw.org and wikitech.

This is only the default, if you don't enjoy the new behaviour it can be
changed back to the default profile (or other, stricter profiles) from the
Special:Preferences Search tab.

Related ticket: https://phabricator.wikimedia.org/T212788

Erik B.
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] The mw.ext construct in lua modules

2019-01-24 Thread John Erling Blad 
At the Extension:Scribunto/Lua reference manual, at several places,[1]
it is pointed out that the lua-libs should use the form 'mw.ext.NAME'.
This creates visual noise in the code. Any lib included should have a
extension page, thus it has already been given an unique name. In
addition, only the libraries that need to be preloaded are added to
the mw-structure, and those are the extensions. The ext-addition is
like saying "this is an extension and it is only extensions that needs
to be added to the mw-struct so we make it abundantly clear that this
is an extension".

The only cases where a name can collide is if some external lib is
included, that external lib has the same name as an extension, and if
someone in addition preloads the external lib. The chance is quite
frankly pretty slim, as there are rather few external libs that makes
sense to preload in this environment, especially as preloading imply
some kind of interaction with the environment. That means it is an
extension.

I guess I'm stepping on some toes here…

So to make it abundantly clear, not 'mw.ext.NAME' (or 'mw.ext.NaMe',
or 'mw.ext.name') but 'mw.name' (lowercase, not camelcase). If the
call is a constructor or some kind of builder interface, then
'mw.name(…)' is totally valid. I do not believe it is wise to turn the
lib into an instance by the call, but it can return an instance, it
can cache previously returned instances, and it can somehow install
the instance(s) in the current environment.

An extension should have any pure root libs at 'pure/name.lua' and
additional libs at 'pure/name/additional.lua', where 'pure' is
resolved in the 'ScribuntoExternalLibraries' hook.

[1] 
https://www.mediawiki.org/wiki/Extension:Scribunto/Lua_reference_manual#Extension_libraries_(mw.ext)

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] [Wikimedia-l] Security Notification: Malware creating fake Wikipedia donation banner

2019-01-24 Thread Adam Wight 
Horrifying!

Is there anything we can do from our side, e.g. include some Javascript
which can detect and disable the malware banner?

[[mw:Adamw]]

On Thu, Jan 24, 2019 at 10:11 AM Paulo Santos Perneta <
paulospern...@gmail.com> wrote:

> Hi,
>
> I seem to recall some OTRS tickets recently sent warning about it. Should
> they be forward to any address in particular, in case they keep coming in?
>
> Paulo
>
> John Bennett  escreveu no dia quinta, 24/01/2019
> à(s) 14:02:
>
> > Hello,
> >
> > In order to keep the community informed of threats against Wikimedia
> > projects and users, the Wikimedia Security team has some information to
> > share.
> >
> > Malware installed via pirated contented downloaded from sites such as the
> > Pirate Bay can cause web browsers compromised by the malware to create a
> > fake donation banner for Wikipedia users. While the actual malware is not
> > installed or distributed via Wikipedia, unaware visitors may be confused
> or
> > tricked by it's activities.
> >
> > The malware seeks to trick visitors to Wikipedia by looking like a
> > legitimate Wikipedia banner asking for donations. Once the user clicks on
> > the banner, they are then taken to a portal that leads them to transfer
> > money to a fraudulent bitcoin account that is not controlled by the
> > Foundation.
> >
> > The current version of this malware is only infecting Microsoft Windows
> > users at the time of this notification. To date, the number of people
> > affected is small. The fraudulent accounts have taken approximately $700
> > from infected users. However, we strongly encourage all users to use and
> > update their antivirus software.
> >
> >
> > Additional details and a screenshot of the fake donation banner on can be
> > found at Bleepingcomputer.com. [0]
> >
> > [0]
> >
> >
> https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/
> >
> > Thanks,
> >
> > John Bennett
> > ___
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: wikimedi...@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > 
> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: wikimedi...@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] PolyGerrit theme has been updated for gerrit.wikimedia.org

2019-01-24 Thread Paladox via Wikitech-l 
Hi, i am pleased to say that gerrit.wikimedia.org PolyGerrit theme has been 
updated to match timeless (blue/red/green) instead of the plain grey.
this is what it looks like: https://phabricator.wikimedia.org/F28019595 in 2.15 
and in 2.16: https://phabricator.wikimedia.org/F28019604
Thanks to thcipriani who played with my original change and made it look much 
much better (awesome), addressing feedback from Volker E.
Also thanks to Luca from upstream which came up with a original theme for 
GerritHub which my change is based on!


___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Security Notification: Malware creating fake Wikipedia donation banner

2019-01-24 Thread John Bennett 
Hello,

In order to keep the community informed of threats against Wikimedia
projects and users, the Wikimedia Security team has some information to
share.

Malware installed via pirated contented downloaded from sites such as the
Pirate Bay can cause web browsers compromised by the malware to create a
fake donation banner for Wikipedia users. While the actual malware is not
installed or distributed via Wikipedia, unaware visitors may be confused or
tricked by it's activities.

The malware seeks to trick visitors to Wikipedia by looking like a
legitimate Wikipedia banner asking for donations. Once the user clicks on
the banner, they are then taken to a portal that leads them to transfer
money to a fraudulent bitcoin account that is not controlled by the
Foundation.

The current version of this malware is only infecting Microsoft Windows
users at the time of this notification. To date, the number of people
affected is small. The fraudulent accounts have taken approximately $700
from infected users. However, we strongly encourage all users to use and
update their antivirus software.


Additional details and a screenshot of the fake donation banner on can be
found at Bleepingcomputer.com. [0]

[0]
https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/

Thanks,

John Bennett
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l