On Tue, 20 Aug 2013 00:48:09 +0200, Rob Lanphier ro...@wikimedia.org wrote:
I'm personally interested in the absolute size of the Gerrit change
request queue, not in relation to anything else, but just as an
absolute number (over time). When this number gets large, we should
all probably be
Do you mean the mwCustomEditButtons array? If so, then that doesn't work
anymore per bug 47872, but there's a simple fix, see
https://bugzilla.wikimedia.org/show_bug.cgi?id=47872#c15
--
Matma Rex
___
Wikitech-l mailing list
https://www.mediawiki.org/wiki/API:Login#Construct_cookies probably
needs to be updated - perhaps by removing the 'Construct cookies
manually' part entirely (since that sounds like asking for trouble!)
--
Yuvi Panda T
http://yuvi.in/blog
___
On Tue, Aug 20, 2013 at 6:57 PM, Yuvi Panda yuvipa...@gmail.com wrote:
https://www.mediawiki.org/wiki/API:Login#Construct_cookies probably
needs to be updated - perhaps by removing the 'Construct cookies
manually' part entirely (since that sounds like asking for trouble!)
Max already
On Mon, 2013-08-19 at 17:56 -0400, Sumana Harihareswara wrote:
At Wikimania I found out that Marius Hoch (hoo man) is contracting
with Wikimedia Germany till September 30th and is specifically doing
accessibility bugfixes. He says: I'm always open for suggestions and
reviewers/ testers for my
Tyler Romeo wrote:
On Mon, Aug 19, 2013 at 9:32 PM, MZMcBride z...@mzmcbride.com wrote:
My understanding from https://bugzilla.wikimedia.org/29898 is that as
of August 20, 2013, there is now a user preference that can toggle
HTTP/HTTPS as being required. This is similar to what Gmail and others
On Tue, Aug 20, 2013 at 10:34 AM, MZMcBride z...@mzmcbride.com wrote:
I'm not sure that counts as moot. People incapable of using HTTPS will
simply be locked out of their accounts indefinitely? How many users will
this affect?
I wonder if making it possible to toggle this user preference via
On Mon, 2013-08-19 at 13:05 -0700, Quim Gil wrote:
Out of code contributions, the only candidate to become a KPI that came
to mind was the effectiveness responding to Bugzilla reports. Maybe you
are right the priority of this one is higher than the age of code
contributors. Thoughts?
FOSDEM will take place on 1 and 2 February 2014 in Brussels. Now it's
the time to apply for DevRooms and main track sessions.
https://fosdem.org/2014/news/2013-08-06-call-for-participation/
Key dates:
15 September
* deadline for developer room proposals
1 October
* deadline for main track
We've talked in the past about hosting a Wikimedia dev room or table for
FOSDEM, but never got our acts together to apply. I think we should
*totally* apply for a wiki devroom this year - FOSDEM is one of the best
conferences I've ever been to, and especially given our wiki-representation
in
quote name=Tyler Romeo date=2013-08-20 time=10:50:23 -0400
On Tue, Aug 20, 2013 at 10:34 AM, MZMcBride z...@mzmcbride.com wrote:
(And if the user preference isn't meant to serve those who can't use
HTTPS, who is it intended to serve?)
My point is that it doesn't matter what your user
Thank you both, concise and clear. :)
Even though they are just quick ephemeral updates they are useful so
I've copied them to
* https://www.mediawiki.org/wiki/Auth_systems/status#2013-08-20 and
*
https://www.mediawiki.org/wiki/Site_performance_and_architecture/status#2013-08-20
which appear
On Tue, Aug 20, 2013 at 1:12 PM, Greg Grossmeier g...@wikimedia.org wrote:
One group of users that is always being forgotten in this discussion is
the group who use Wikipedia over really crappy connections that aren't
censoring them. These users will have a hard time using an SSL
connection
MZ brings up a good point. Do we have any idea what the reject rate is
for Abusefilter on desktop?
Also is there any way to view the edits that triggered AbuseFilter to
get an idea bout what % of them were actually vandalism?
On Mon, Aug 19, 2013 at 6:25 PM, MZMcBride z...@mzmcbride.com wrote:
If you can figure out what abuse rule was triggered, you can look at all
the hits on Special:AbuseLog. For example
'abusefilter-warning-all-categories-removed
668' is probably rule 132, so you can see that at
https://en.wikipedia.org/w/index.php?title=Special:AbuseLogwpSearchFilter=132
On Tue,
On 20 August 2013 13:12, Greg Grossmeier g...@wikimedia.org wrote:
quote name=Tyler Romeo date=2013-08-20 time=10:50:23 -0400
On Tue, Aug 20, 2013 at 10:34 AM, MZMcBride z...@mzmcbride.com wrote:
(And if the user preference isn't meant to serve those who can't use
HTTPS, who is it
To clarify, the default value for this HTTPS option is false, meaning you
have to explicitly turn it on in order to force HTTPS. In other words, the
only functional change being made by this deployment is that *login* on
certain projects will be over HTTPS. So for those who do not have HTTPS,
they
On Tue, Aug 20, 2013 at 10:58 AM, Tyler Romeo tylerro...@gmail.com wrote:
To clarify, the default value for this HTTPS option is false, meaning you
have to explicitly turn it on in order to force HTTPS. In other words, the
only functional change being made by this deployment is that *login* on
On Tue, Aug 20, 2013 at 11:07 AM, James Alexander
jalexan...@wikimedia.orgwrote:
* The 'force https' preference is an option that is, by default, turned
off.
It is turned on by default when $wgSecureLogin is enabled.
* However, for most wikis (not all), force https login is turned on.
On Tue, Aug 20, 2013 at 2:31 PM, Chad innocentkil...@gmail.com wrote:
I'm beginning to think there's a disconnect between what we coded
and what people expect. The preference is *on* by default which I
think is what's going to cause problems. We can change defaults
before tomorrow so I think
On Tue, Aug 20, 2013 at 11:36 AM, Tyler Romeo tylerro...@gmail.com wrote:
On Tue, Aug 20, 2013 at 2:31 PM, Chad innocentkil...@gmail.com wrote:
I'm beginning to think there's a disconnect between what we coded
and what people expect. The preference is *on* by default which I
think is
On Tue, Aug 20, 2013 at 2:38 PM, Chad innocentkil...@gmail.com wrote:
Did you read the patch? If $wgSecureLogin is true, prefershttps is
also true. This is core.
Oh, I didn't see that Demon had added that in. My bad.
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in
On Tue, Aug 20, 2013 at 11:31 AM, Chad innocentkil...@gmail.com wrote:
* If you login from an http (non secure) login page such as zhWiki or
faWiki you will be able to remain logged in while going to a non secure
wiki page (http://en.wikipedia.org ) and not be forced to https (unless
you
On Aug 20, 2013, at 12:03 PM, James Alexander jalexan...@wikimedia.org wrote:
Yeah, this seems to contradict what I thought Ryan was saying above and
what I was under the impression for. The bad use case for here (as describe
by Risker for example) is a mainland china user from zhWiki
The vast majority of people we serve with Wikipedia and friends don't have
accounts and don't log in, and won't be affected in any way by this change.
IMO it's simply unacceptable to leak authentication tokens or account
passwords in cleartext; allowing any form of login over HTTP is dinosaur
Okay, so I think there's a fair deal of confusion in a lot of minds as to
how this all is going to work. So let's take a fairly simple and common
use case, and work out how we're going to keep these users editing.
The use case I suggest we work out is English Wikipedia editor who lives
in China
quote name=Bartosz Dziewoński date=2013-08-20 time=12:16:09 +0200
On Tue, 20 Aug 2013 00:48:09 +0200, Rob Lanphier ro...@wikimedia.org wrote:
I'm personally interested in the absolute size of the Gerrit change
request queue, not in relation to anything else, but just as an
absolute number
On Aug 20, 2013, at 12:57 PM, Brion Vibber bvib...@wikimedia.org wrote:
IMO it's simply unacceptable to leak authentication tokens or account
passwords in cleartext; allowing any form of login over HTTP is dinosaur
behavior and we'd be crazy to let it continue, whether for some sites
only
Wikipedia was blocked ENTIRELY in China for years; people interested in
*reading* as well as contributing used circumvention tools (VPNs etc) to
more securely access the site, and just got generic errors if they didn't.
This is an acceptable trade-off which we've allowed the Chinese government
to
+foundation-l
On Aug 20, 2013, at 1:20 PM, Brion Vibber bvib...@wikimedia.org wrote:
This is an acceptable trade-off which we've allowed the Chinese government
to make for us before, and here we're talking about a much smaller effect
(on contributors only).
Again, it's not our business to
We have just released Commons for iOS (version 1.0.8) and Android
(1.0beta11), with *major* UI and performance improvements on iOS and minor
bug fixes on Android.
This is our first release in a couple months on iOS -- we hoped to have one
out before Wikimania but were delayed due to problems with
On 20 August 2013 16:57, Brion Vibber bvib...@wikimedia.org wrote:
We have just released Commons for iOS (version 1.0.8) and Android
(1.0beta11), with *major* UI and performance improvements on iOS and minor
bug fixes on Android.
This is our first release in a couple months on iOS -- we
Hello guys,
Are you thinking to develop apps for FirefoxOS too?
2013/8/20 Risker risker...@gmail.com
On 20 August 2013 16:57, Brion Vibber bvib...@wikimedia.org wrote:
We have just released Commons for iOS (version 1.0.8) and Android
(1.0beta11), with *major* UI and performance
Usually central notice banners link to an announcement that can be
viewed in many languages.
The HTTPS banner that is being displayed at the moment links to a
rough page[0] that has only English version. Could anyone craft an
announcement suitable for translation?
[0]
Brion Vibber wrote:
Wikipedia was blocked ENTIRELY in China for years; people interested in
*reading* as well as contributing used circumvention tools (VPNs etc) to
more securely access the site, and just got generic errors if they didn't.
This is an acceptable trade-off which we've allowed the
On Tue, 20 Aug 2013 23:19:22 +0200, MZMcBride z...@mzmcbride.com wrote:
If we change all sites to require HTTPS for
logged-in users, we'll certainly increase site security and enhance the
user experience for most users, but is that worth losing every
zh.wikipedia.org contributor who lives in
On Tue, Aug 20, 2013 at 2:05 PM, Rodrigo Padula rodrigopad...@wikimedia.org
wrote:
Hello guys,
Are you thinking to develop apps for FirefoxOS too?
Currently we're not planning a version of the Commons uploader app. Photo
uploading works in Firefox via the mobile web site, though it's not
2013/8/21 Brion Vibber bvib...@wikimedia.org:
(The Commons uploader apps may or may not eventually roll into the main
Wikipedia app on iOS and Android too, we haven't decided for sure yet.)
That sound weird (read: divergent from all the stuff we read in the
WMF plans and reports). Shouldn't the
On 20 aug. 2013, at 23:21, Bartosz Dziewoński matma@gmail.com wrote:
On Tue, 20 Aug 2013 23:19:22 +0200, MZMcBride z...@mzmcbride.com wrote:
If we change all sites to require HTTPS for
logged-in users, we'll certainly increase site security and enhance the
user experience for most
Hey Brion,
Very cool!
I just downloaded Commons for iOS and uploaded a photo in minutes … it went
smooth as silk :)
Thanks for you fine work, which should enable many more folks to contribute
multimedia content on the go.
Cheers,
Fabrice
On Aug 20, 2013, at 1:57 PM, Brion Vibber wrote:
The lack of secure login on WMF wikis is a *major security issue*, and
AFAIK is the biggest publicly known security issue in the site. All you
need is some random checkuser to be using Wikipedia at a Starbucks, and all
of a sudden the privacy policy of every single registered user is violated.
On Tue, Aug 20, 2013 at 3:57 PM, Tyler Romeo tylerro...@gmail.com wrote:
The lack of secure login on WMF wikis is a *major security issue*, and
AFAIK is the biggest publicly known security issue in the site.
Time out...
We do not have a lack of secure login. That was solved a long time
On Tue, Aug 20, 2013 at 3:57 PM, Tyler Romeo tylerro...@gmail.com wrote:
The lack of secure login on WMF wikis is a *major security issue*, and
AFAIK is the biggest publicly known security issue in the site.
Indeed. For a Signpost article three years ago, I asked a security
researcher (who had
Hey all,
Chris Steipp found a bug in CentralNotice yesterday and I've applied a
modified version of his patch. He has asked me not to commit it to gerrit
until Friday's security release.
I've applied that patch to wmf12 and wmf13.
Please do not git submodule update the CentralNotice extension!
On Tue, Aug 20, 2013 at 12:46 PM, George William Herbert
george.herb...@gmail.com wrote:
The change must be delayed until people geographically / nationally denied
HTTPS can log in again.
Tim's working on a patch that should make this possible:
https://gerrit.wikimedia.org/r/#/c/80166/
The
On Tue, Aug 20, 2013 at 7:22 PM, Erik Moeller e...@wikimedia.org wrote:
On Tue, Aug 20, 2013 at 12:46 PM, George William Herbert
george.herb...@gmail.com wrote:
The change must be delayed until people geographically / nationally
denied HTTPS can log in again.
Tim's working on a patch that
On 20 August 2013 22:22, Erik Moeller e...@wikimedia.org wrote:
On Tue, Aug 20, 2013 at 12:46 PM, George William Herbert
george.herb...@gmail.com wrote:
The change must be delayed until people geographically / nationally
denied HTTPS can log in again.
Tim's working on a patch that should
Erik Moeller wrote:
In general, though, I'd prefer for WMF to move away from what could be
characterized as appeasement and towards actively resisting censorship
and monitoring.
I agree with you and I imagine most developers would agree with you. But
the question remains: do most Wikimedians?
I
On Tue, Aug 20, 2013 at 8:04 PM, MZMcBride z...@mzmcbride.com wrote:
Erik Moeller wrote:
In general, though, I'd prefer for WMF to move away from what could be
characterized as appeasement and towards actively resisting censorship
and monitoring.
I agree with you and I imagine most
On 08/20/2013 11:05 PM, Risker wrote:
Perhaps then you might want to re-familiarize yourself with the WMF's
policy on political advocacy
I'm sorry Risker, but you've got this backwards. Making a long-overdue
/minimal/ fix to our login process is not political advocacy.
Compromising the
As mentioned earlier this week, we deployed an initial version of the OAuth
extension to the test wikis yesterday. I wanted to follow up with a few
more details about the extension that we deployed (although if you're just
curious about OAuth in general, I recommend starting at oauth.net, or
On 21 August 2013 00:08, Marc A. Pelletier m...@uberbox.org wrote:
On 08/20/2013 11:05 PM, Risker wrote:
Perhaps then you might want to re-familiarize yourself with the WMF's
policy on political advocacy
I'm sorry Risker, but you've got this backwards. Making a long-overdue
/minimal/ fix
Ryan Lane wrote:
Maybe what we're doing is appeasement, but realistically we have no
political power against China. The editors from mainland China had a
discussion with some of us at Wikimania and they said that Wikipedia is
basically unknown in China because Baidupedia is what shows up in the
On Tue, Aug 20, 2013 at 9:20 PM, Risker risker...@gmail.com wrote:
The mandatory use of HTTPS outside of a limited number of countries where
we know the editors will be blocked is not what I am talking about.
No, but the point is that there's no apolitical choice here. Actively
suppressing a
quote name=MZMcBride date=2013-08-21 time=00:23:04 -0400
Ryan Lane wrote:
Maybe what we're doing is appeasement, but realistically we have no
political power against China. The editors from mainland China had a
discussion with some of us at Wikimania and they said that Wikipedia is
basically
This is highly anticipated on my part and awesome. I will integrate it
into wikimetrics asap.
Dan
On Tue, Aug 20, 2013 at 9:15 PM, Chris Steipp cste...@wikimedia.org wrote:
As mentioned earlier this week, we deployed an initial version of the OAuth
extension to the test wikis yesterday. I
quote name=Greg Grossmeier date=2013-08-20 time=21:43:55 -0700
The caveats (really important to read):
https://docs.google.com/a/wikimedia.org/document/d/1Y2vs8lpevv9PtH_dp3P5hZeKuczB4-1xDXOHCaeuhw8/edit
(one really important caveat is we don't even list countries which had
less than 100
On 21 August 2013 00:51, Greg Grossmeier g...@wikimedia.org wrote:
quote name=Greg Grossmeier date=2013-08-20 time=21:43:55 -0700
The caveats (really important to read):
https://docs.google.com/a/wikimedia.org/document/d/1Y2vs8lpevv9PtH_dp3P5hZeKuczB4-1xDXOHCaeuhw8/edit
(one really
On Aug 20, 2013, at 9:43 PM, Greg Grossmeier g...@wikimedia.org wrote:
Additionally, to see if any changes have a major effect on the ability
of people to log in, we've started parsing out the successful
centralauth autentications and will have a nice Ganglia graph tomorrow.
We also
quote name=George William Herbert date=2013-08-20 time=22:09:41 -0700
Is there any chance that monitoring could track success of login if someone
is redirected from HTTP to HTTPS? The redirects should be easy to spot.
I don't know, honestly. The log we were working from initially doesn't
have
quote name=Risker date=2013-08-21 time=01:03:51 -0400
Thank you for sharing this data, Greg. I am surprised to see 5 additional
countries with more than 10% failure rates, and another 11 with more than
5%, although these tend to also have higher than average margins of error.
It would be
61 matches
Mail list logo