[Wikitech-l] Passwd auth on mobile site fubar, or me?
Just got fail to authenticate to m.en including getting it to send me a temp password in case I forgot it. It it me or a site problem? -george william herbert george.herb...@gmail.com Sent from Kangphone ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Gerrit Commit Wars
As a rule, in industry practice, developers don't get to redefine expected functionality to avoid something being a bug. Communications gaps on what expected functionality was are to some extent unavoidable. Some bugs slip into that crack. But, if both the test and users would have complained, it is a bug, regardless of what reasonable developer expectations were. Yes, it sucks. But, this is what having real users (versus idealized ones) brings... -george william herbert george.herb...@gmail.com Sent from Kangphone On Mar 10, 2014, at 11:05 AM, Tyler Romeo wrote: > On Mon, Mar 10, 2014 at 2:01 PM, Brandon Harris wrote: > >> This is a fairly limited view. The functionality was *broken*. It failed >> to work in the way it was expected to work. That’s what “broken” means. > > > I'm not going to bother repeating myself. I recommend re-reading this > thread for an explanation of how it is disputed as to whether this patch > broke anything. > > *-- * > *Tyler Romeo* > Stevens Institute of Technology, Class of 2016 > Major in Computer Science > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] MediaWiki performance analysis
On Nov 15, 2013, at 12:33 PM, Tyler Romeo wrote: > Isn't it always best just to go with the flow? ;) No. Build performance testing and QA testing into the flow on any project. (I know you were joking, but the industry as a whole does not get this one, so I berate people a lot...). -george william herbert george.herb...@gmail.com Sent from Kangphone ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] 2013 Datacenter RFP - open for submissions
This is the RFP, not contract. It's industry typical for information needed to decide if followup and then site visit are called for, for particular potential vendors. -george william herbert george.herb...@gmail.com Sent from Kangphone On Oct 21, 2013, at 7:56 AM, Jay Ashworth wrote: > Well, perhaps I'm unfairly comparing the RFP's density to that of the > last two colo contracts I saw, but I'm not sure I have a copy of those; > I will take a look, and abide until them. > > Cheers, > -- jra > > - Original Message - >> From: "Leslie Carr" >> To: "Wikimedia developers" >> Sent: Monday, October 21, 2013 10:52:36 AM >> Subject: Re: [Wikitech-l] 2013 Datacenter RFP - open for submissions >> I'm curious which details you would like to see? >> >> On Mon, Oct 21, 2013 at 5:22 PM, Jay Ashworth wrote: >>> - Original Message - >>>> From: "Ken Snider" >>> >>>> After working through the specifics internally, we now have a >>>> public >>>> RFP posted[1] and ready for proposals. We invite any organization >>>> meeting the requirements outlined to submit a proposal for review. >>> >>> My snap reaction, Ken, is that the RFP seems fairly thin on relevant >>> details; how many passes did it go through before you posted it? How >>> much input came from the Ashburn project? Equinix Tampa? >>> >>> Or was it left loose on purpose, to see what people would come up >>> with? >>> >>> Cheers, >>> -- jra >>> -- >>> Jay R. Ashworth Baylink j...@baylink.com >>> Designer The Things I Think RFC 2100 >>> Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII >>> St Petersburg FL USA #natog +1 727 647 1274 >>> >>> ___ >>> Wikitech-l mailing list >>> Wikitech-l@lists.wikimedia.org >>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l >> >> >> >> -- >> Leslie Carr >> Wikimedia Foundation >> AS 14907, 43821 >> http://as14907.peeringdb.com/ >> >> ___ >> Wikitech-l mailing list >> Wikitech-l@lists.wikimedia.org >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > -- > Jay R. Ashworth Baylink > j...@baylink.com > Designer The Things I Think RFC 2100 > Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII > St Petersburg FL USA #natog +1 727 647 1274 > > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] 2013 Datacenter RFP - open for submissions
On Oct 19, 2013, at 3:17 AM, Maarten Dammers wrote: > You probably want to include that you're looking for a tier-4 data center This is more marketing-foo than realistic. I have had longer-than-expected-max outages in every datacenter I've had systems in save one (which is luck, not extra robustness). Every time I site survey a "tier 4" I can find vulnerabilities. -george william herbert george.herb...@gmail.com Sent from Kangphone ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Persian Wikipedia stance on SSL
On Sep 10, 2013, at 12:49 AM, Amir Ladsgroup wrote: > and problem of internet > access becomes even worse when the government makes speed of internet on > SSL so low that time of opening a simple page becomes like 4 times higher > when people try to use SSL, We are not proposing to shut of http://, we are proposing to require it for nearly all logins. Normal user browsing will not be affected. Reader experience will be unaffected. Editors have more reason to use https there than almost anywhere. Sent from Kangphone ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] HTTPS for logged in users on Wednesday August 21st
If it was six months ago, I would suggest we hand over a unique random cookie with the redirect and verify on the HTTPS side that the cookie showed up, to make sure that it worked. And then only keep a success/fail log for IP block, perhaps, no user data. That would seem privacy neutral. Too late now to do that, though. Sent from Kangphone On Aug 20, 2013, at 10:24 PM, Greg Grossmeier wrote: > >> Is there any chance that monitoring could track success of login if someone >> is redirected from HTTP to HTTPS? The redirects should be easy to spot. > > I don't know, honestly. The log we were working from initially doesn't > have that data in it (we don't track our users, remember? ;)), but I'll > look more closely tomorrow. > > Greg > > -- > | Greg GrossmeierGPG: B2FA 27B1 F7EB D327 6B8E | > | identi.ca: @gregA18D 1138 8E47 FAC8 1C7D | > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] HTTPS for logged in users on Wednesday August 21st
On Aug 20, 2013, at 9:43 PM, Greg Grossmeier wrote: > Additionally, to see if any changes have a major effect on the ability > of people to log in, we've started parsing out the successful > centralauth autentications and will have a nice Ganglia graph tomorrow. > We also parsed out some historical data on those going back a week or > more to have a better idea of what "normal" is. Our numbers here are > "successful logins per hour" which should be a decent metric to watch. Thanks, Greg. Is there any chance that monitoring could track success of login if someone is redirected from HTTP to HTTPS? The redirects should be easy to spot. -george Sent from Kangphone ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] HTTPS for logged in users on Wednesday August 21st
+foundation-l On Aug 20, 2013, at 1:20 PM, Brion Vibber wrote: > This is an acceptable trade-off which we've allowed the Chinese government > to make for us before, and here we're talking about a much smaller effect > (on contributors only). > > Again, it's not our business to fix China. China has to fix China. None of which changes that this is not properly an ops team decision, particularly without notification, warning, workaround explained to people. If the explanation as to the effects on users in those locales is correct, I would like the Ops team to voluntarily stand back and notify and allow some wider discussion and explanation of the workaround. If Ops won't do that, then I would like to request that the WMF executive intervene and direct ops to pause and allow wider notification and discussion and explanation of the workaround. If the WMF executive is not willing I would like to request that the Board review the situation promptly and direct a pause per above. The outcome is not wrong. THIS IS THE WRONG WAY TO DO IT, without warning and explanation to the community. Sent from Kangphone ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] HTTPS for logged in users on Wednesday August 21st
On Aug 20, 2013, at 12:57 PM, Brion Vibber wrote: > IMO it's simply unacceptable to leak authentication tokens or account > passwords in cleartext; allowing any form of login over HTTP is dinosaur > behavior and we'd be crazy to let it continue, whether for "some sites" > only or all. We should require HTTPS for all logins on all sites in all > languages all the time. This is a defensible position. That is not my point. It appears that the ops team is about to kick anyone who is unfortunate enough to live in the wrong countries off the projects, without a clue what happened or obvious fallback they will realize. Without publicity or explanation or a HTTP landing pad that explains. This magnitude of change is political, not purely technical/operational. And demands both notification and a fallback that users will be reasonably able to grasp. Again, this is still a little fuzzy as to the impact. But it seems like we dump China users of en.wp without warning or immediately obvious workaround. And if that's right, the ops team should not do this. It needs wider warnings and discussion, and is not an ops decision to make. Sent from Kangphone ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] HTTPS for logged in users on Wednesday August 21st
On Aug 20, 2013, at 12:03 PM, James Alexander wrote: > Yeah, this seems to contradict what I thought Ryan was saying above and > what I was under the impression for. The bad use case for here (as describe > by Risker for example) is a mainland china user from zhWiki logging in > (through http) but now not being able to visit enWiki logged in at all > (because it will force them to https and https is blocked). Posed for sake of argument, assuming this interpretation is correct: This is unacceptable and a blocking bug to this rollout. The suggested "just find an excepted project and log in there first" is neither easy nor self-evident enough to be effective for those users. The silent failure mode they will encounter will effectively be a silent site outage for them. The change must be delayed until people geographically / nationally denied HTTPS can log in again. Sent from Kangphone ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
