Re: [Wikitech-l] PHPUnit 6+ on older versions of MW

[Kunal Mehta]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

On 05/15/2018 11:25 PM, Jeroen De Dauw wrote:
> Failing tests:
> https://travis-ci.org/JeroenDeDauw/Maps/builds/375344161
> 
> Code: https://github.com/JeroenDeDauw/Maps

OK, so you need to use the PHPUnit4And6Compat trait as explained
in[1]. That polyfills the setExpectedException() method that was
removed in PHPUnit 6. Since you want to support older MediaWiki
versions that don't have the trait, if you write your tests expecting
PHPUnit 4 and leave a dummy trait in place for older versions, it
should work out.

I submitted this as a PR at [2]. Whenever you stop testing against
pre-1.31 versions of MediaWiki, you can drop the trait and write your
tests expecting PHPUnit 6.

That said, it looks like master of the Maps extension isn't actually
running any tests against older versions of MediaWiki, they all seem
to report "No tests executed!"[3].

> I'd be ideal to have the older versions of MediaWiki use PHPUnit
> 6.x or later, but I've not found a way to do so yet.

You'd have to backport the PHPUnit4And6Compat trait as well as the
autoloader aliasing[4].

[1]
https://lists.wikimedia.org/pipermail/wikitech-l/2018-April/089766.html
[2] https://github.com/JeroenDeDauw/Maps/pull/424
[3] https://travis-ci.org/JeroenDeDauw/Maps/jobs/378261536
[4]
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/master/t
ests/common/TestsAutoLoader.php#191

- -- Legoktm
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE+h6fmkHn9DUCyl1jUvyOe+23/KIFAlr86EIACgkQUvyOe+23
/KJ+MA/+KseYsMrpvAeQWBQq31I7WcGCQWHQGPNRrAQtnPIbIc+IlfoS3+wNmB/J
m1TSSzj20pAtqwvGB/dJsoER/LJRKWdSXWeYSpKIm7xtEfK1qdVqSlbsgeHVBC+/
HnK6MRxExZwL1p0IpWsJIdt7q7+dIx7CBrVqOIe1f6DZRO+pKatZrTNiEUOAzawr
GayLMFmL37J66sV/eMTTMB30iJJG3WZow0TvtHnhhTdl4f3jVFpQC2DVgSsGAKa0
x89G3gTOPo3kP+3wYt8T+2gO4li/V75RPdA2ZJnDCNDdwPoM3RDb+AnVTefSbTXS
0q5JITOvRzxb4kXiXDIEFv6DHuKhTjJMAQKBWj+cHbnZTXM0ot2HCEsAHMnyJggD
p6xCP8y4EP8fu0dH5+bWhgcWKD8pr1kA2gMFHFmXVgc1dTVrH1L4n8VDIeJcX2IK
Xp96GD4rSEC3hiZ0BJLrWSltFqQf5bj9HCqOmbkBRm85/cD0C+APferrfPr5USgV
gqBf1vjjAoz76ctobqLG6eli6DRSjjIR5pqvNKkJyFA5vRt2uqWnCXownmHlCT/a
HPYh2AmGK+NAJZKwDtYS9sPClQ671BlpeMOp94ASB24bKkOqyapPr5pu1hukN3oG
z+kB+u5GP50dsXM03kq3h3+Ful62Etrnc6ydbilh5csZzgUREBs=
=+jql
-END PGP SIGNATURE-

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Provide input on the future direction of MediaWiki's extension management system

[Kunal Mehta]

Hi everyone,

As part of the MediaWiki Platform Team's goal to develop a roadmap for
MediaWiki, we want to solicit input on the future direction of
MediaWiki's extension management system. One of MediaWiki's greatest
strengths is the diverse extension ecosystem. But navigating that
ecosystem and managing those extensions can be difficult and cumbersome.

Please provide input on what features you'd like to see at:
.
You can suggest a specific feature, or endorse and comment on other
people's proposals. I've put down a few proposal to help start the
discussion, but I'm sure that everyone has plenty more :-).

The goal will be to collate the input provided there, and use it to
plan future development work on improving extension management.

If you know other people who use MediaWiki and have valuable opinions,
please let them know about the RfC.

Thanks,
Kunal / Legoktm



signature.asc
Description: OpenPGP digital signature
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] 2018-05-16 Scrum of Scrums meeting notes

[Grace Gellerman]

https://www.mediawiki.org/wiki/Scrum_of_scrums/2018-05-16

=2018-05-16=
== Callouts ==
* Fundraising campaigns
https://meta.wikimedia.org/wiki/CentralNotice/Calendar
* Readers Web, Performance: Help reviewing the CitationUsage schema
instrumentation: https://gerrit.wikimedia.org/r/#/c/432534/.
* Modern Event Platform -- Analytics starting interviewing user, anyone
interested should reach Andrew Otto (
https://phabricator.wikimedia.org/T185233)


== Audiences ==
=== Readers ===
 iOS native app 
* Blocked by:
* Blocking:
* Updates:
**5.8.1 released; small bug fixes + Wikidata magic word override (
https://phabricator.wikimedia.org/project/view/3339/ )
**Continuing work on tech debt release, 5.8.2 (
https://phabricator.wikimedia.org/project/view/3358/ )

 Android native app 
* Blocked by:
* Blocking:
* Updates:
**

 Readers Web 
* Blocked by:
* Blocking:
* Updates:
**Working with Services on Proton (Chromium PDF rendering backend service)
instrumentation  https://phabricator.wikimedia.org/T189307
**Page issues A/B testing framework in progress
https://phabricator.wikimedia.org/T193584
**Team is at offsite + hackathon so not much else going on
**Full stack engineer backfill hiring continues
**Minor Popups refactoring
*Quarterly goal dependency update:
**[[metawiki:Wikimedia_Foundation_Annual_Plan/2017-2018/Draft/Programs/Product#Program_2:_Better_Encyclopedia|Outcome
1, Objective 4]]: Continue improving the ways that users can download
articles of interest for later consumption
*** Reading Web depends on SRE, RelEng, Reading Infra

 Readers Infrastructure 
* Blocked by:
** RelEng on https://gerrit.wikimedia.org/r/#/c/432310/
* Blocking:
* Updates:
** Closed out most follow-up work for Short description magic word.
** Reading list browser extensions (Chrome/FF/Safari) coming soon.
*Quarterly goal dependency update:
**[[metawiki:Wikimedia_Foundation_Annual_Plan/2017-2018/Draft/Programs/Product#Program_2:_Better_Encyclopedia|Outcome
1, Objective 4]]: Continue improving the ways that users can download
articles of interest for later consumption
*** Reading Web depends on SRE, RelEng, Reading Infra
**[[Wikimedia Audiences/2017-18 Q4 Goals#Readers|Increase code sharing of
client apps by coalescing and moving more logic to the server]]
***Reading Infra depends on Parsing, Services

= Maps =
* Blocked by:
* Blocking:
* Updates:
**

 Multimedia 
* Updates
** Hackathon prep impacting some throughput
** OOUI work on WikibaseMediaInfo elements to start soon; UploadWizard
license selection getting OOUI makeover as well
** Search indexing hitting some snags - discussion ongoing
*Quarterly goal dependency update:
**[[Wikimedia Audiences/2017-18 Q4 Goals#Programs|Objective 3.1]] Prepare
for launch of the first Structured Data on Commons feature (multilingual
file captions)
***SDC depends on Multimedia,SRE, WMDE, Search Platform, MediaWiki
Platform, Research
**  [[Wikimedia Audiences/2017-18 Q4 Goals#Programs|Objective 2.1]]
Integrate structured file captions into search
*** SDC depends on Search Platform, Multimedia
**[[metawiki:Wikimedia_Foundation_Annual_Plan/2017-2018/Final/Structured_Data#Segment_4:_Programs|Segment
4, Outcome 2]]: Develop a better understanding of existing needs for
Structured Commons- T171252
***Research depends on Multimedia

=== Contributors ===
 Community Tech 
* Blocked by:
* Blocking:
* Updates:
** GlobalPreferences live on test wikis, will be slowly rolling it out
further
** Investigating how to integrate PageTriage with ORES and some external
copyvio detection service

 Anti-Harassment Tools 
* Blocked by:
* Blocking:
* Updates:
**

 Editing 
* Blocked by:
* Blocking:
** Updates:
**

 Parsing 
* Blocked by:
* Blocking:
* Updates:
*Quarterly goal dependency update:
**[[metawiki:Wikimedia_Foundation_Annual_Plan/2017-2018/Final/Programs/Product#Program_3:_Increase_device_support_for_editing|Goal
3.6]]  Support work towards unifying MediaWiki's parser implementations, in
liaison with Technology's MediaWiki team
*** Parsing depends on MediaWiki Platform, Services
**[[Wikimedia Audiences/2017-18 Q4 Goals#Readers|Increase code sharing of
client apps by coalescing and moving more logic to the server]]
Increase code sharing of client apps by coalescing and moving more logic to
the server.
*** Reading Infra depends on Parsing, Services
**
[[Wikimedia Technology/Goals/2017-18 Q4#Program 7. Smart tools for better
data|Outcome 2: Objective 1]]: Revision storage scaling
*** Services depends on SRE, Parsing

 Collaboration 
* Blocked by:
* Blocking:
* Updates:
**

 Language 
* Blocked by: Core Platform to take a look at:
https://phabricator.wikimedia.org/T151116 - Abuse filters set to warn users
require two captchas
* Blocking: None
* Updates:
** ContentTranslation Version 2 work continue.
** Most of team members will be at Hackathon, so slow week.
*Quarterly goal dependency update:

Re: [Wikitech-l] Recent Account hijacking activities

[Brian Wolff]

Forcing people to change passwords regularly does tend to reduce overall
password security because people tend to get very tired of the process and
will start to pick really poor passwords. That doesn't mean you should
never change your password - changing your password from time to time, as
long as its a strong password that you do not use anywhere else - does
improve your security. That said, in terms of user security, the most
important factor is not using the same password on multiple websites. After
that, comes using a strong password (for example using a password manager
so your password is randomly generated). Then comes 2FA if available for
your account. I would rank changing your password from time to time a
distant fourth - still a good idea - but the first two things are much more
important in my mind.

(I can't comment on ongoing investigations so this should only be taken as
a comment about general password security and not about this particular
incident)
--
Brian
Wikimedia Security Team

On Wednesday, May 16, 2018, Leon Ziemba  wrote:
> I'm no security expert, so bear with me! Just looking for some
> clarification.
>
>> regularly changing your passwords
>
> It was my understanding studies have shown regularly changing passwords
can
> be adverse, no? [1][2] Not sure if we have a stance on that, because this
> is the first time I've heard it come up.
>
> I don't know if this is relevant to this particular incident of account
> hijacking, but I've also been told it's important to ensure your
> password is unique
> to Wikimedia, and to turn on two-factor authentication, if possible and
you
> are willing to do so.[3][4]
>
> [1]
>
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
> [2]
>
https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach
> [3]
>
https://meta.wikimedia.org/wiki/Password_strength_requirements/en#So_that's_it,_my_account_is_secure
> ?
> [4] https://office.wikimedia.org/wiki/Security_Basics#Passwords (staff
only)
>
> ~Leon
>
> On Wed, May 16, 2018 at 8:10 AM John Bennett 
wrote:
>
>> *On 8 May 2018, account hijacking activities were discovered on
Wikiviajes
>> - Spanish Wikivoyage (es.wikivoyage.org ). It
>> was
>> identified by community stewards and communicated to the Trust and
Safety,
>> Legal, and Security teams who responded to the event.  At this time the
>> event is still under investigation and we are unable to share more about
>> what is being done without risking additional hijacking of accounts.
>> However, we feel it is important to share what details we can and inform
>> the community of what happened.  Similar to past security incidents, we
>> continue to encourage everyone to take some routine steps to maintain a
>> secure computer and account - including regularly changing your
passwords,
>> actively running antivirus software on your systems, and keeping your
>> system software up to date. The Wikimedia Foundation's Security team and
>> others are investigating this incident as well as potential improvements
to
>> prevent future incidents. We are also working with our colleagues in
other
>> departments to develop plans for how to best share future status updates
on
>> each of these incidents. However, we are currently focused on resolving
the
>> issues identified. If you have any questions, please contact the Trust
and
>> Safety team (ca{{@}}wikimedia.org ). John
>> BennettDirector of Security, Wikimedia Foundation*
>> ___
>> Wikitech-l mailing list
>> Wikitech-l@lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Recent Account hijacking activities

[Leon Ziemba]

I'm no security expert, so bear with me! Just looking for some
clarification.

> regularly changing your passwords

It was my understanding studies have shown regularly changing passwords can
be adverse, no? [1][2] Not sure if we have a stance on that, because this
is the first time I've heard it come up.

I don't know if this is relevant to this particular incident of account
hijacking, but I've also been told it's important to ensure your
password is unique
to Wikimedia, and to turn on two-factor authentication, if possible and you
are willing to do so.[3][4]

[1]
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
[2]
https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach
[3]
https://meta.wikimedia.org/wiki/Password_strength_requirements/en#So_that's_it,_my_account_is_secure
?
[4] https://office.wikimedia.org/wiki/Security_Basics#Passwords (staff only)

~Leon

On Wed, May 16, 2018 at 8:10 AM John Bennett  wrote:

> *On 8 May 2018, account hijacking activities were discovered on Wikiviajes
> - Spanish Wikivoyage (es.wikivoyage.org ). It
> was
> identified by community stewards and communicated to the Trust and Safety,
> Legal, and Security teams who responded to the event.  At this time the
> event is still under investigation and we are unable to share more about
> what is being done without risking additional hijacking of accounts.
> However, we feel it is important to share what details we can and inform
> the community of what happened.  Similar to past security incidents, we
> continue to encourage everyone to take some routine steps to maintain a
> secure computer and account - including regularly changing your passwords,
> actively running antivirus software on your systems, and keeping your
> system software up to date. The Wikimedia Foundation's Security team and
> others are investigating this incident as well as potential improvements to
> prevent future incidents. We are also working with our colleagues in other
> departments to develop plans for how to best share future status updates on
> each of these incidents. However, we are currently focused on resolving the
> issues identified. If you have any questions, please contact the Trust and
> Safety team (ca{{@}}wikimedia.org ). John
> BennettDirector of Security, Wikimedia Foundation*
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Upcoming WMCS network outages: Tuesday May 15th (DONE)

[Andrew Bogott]

We had a couple of minutes of downtime just now, and everything is back 
up.  This went a lot better today; this should be the last of these 
network interruptions for a while.


-Andrew



On 5/15/18 3:31 PM, Andrew Bogott wrote:
The next step in this is scheduled for tomorrow at at 15:00 UTC, 
8:00AM in SF.  Again, all network service will be interrupted for 5-10 
minutes.


Sorry for all the emails!  With luck there will only be one more.

-Andrew

On 5/15/18 12:24 PM, Andrew Bogott wrote:
We're leaving things in this in-between state (running network 
services through our backup host, labnet1002) for the duration.  All 
services should be running as normal until further notice.


Once we iron out the current unexpected issue there will be another 
interruption; I'll provide as much warning about that as I can.  It's 
unlikely to be today, in any case.


Sorry for any inconvenience caused!

-Andrew


On 5/15/18 12:04 PM, Andrew Bogott wrote:
Things are back up and running for the moment.  The last switch-over 
went poorly so we haven't actually reached our goals yet; there may 
be another interruption yet coming up.


-A


On 5/15/18 8:33 AM, Andrew Bogott wrote:
The first of these tasks is done and the network is back up and 
running.  The outage lasted a bit less than 10 minutes.


There will be another similar outage in a few hours.

-Andrew

On 5/2/18 10:22 AM, Andrew Bogott wrote:


As part of some long-deferred routine maintenance, we need to 
update (and, in one case, physically move) the network servers 
that handle all traffic between WMCS instances.  During each 
change, all WMCS network traffic (including network access to all 
tools and VMs) will be interrupted for several minutes.


The first outage will be:

  Tuesday, May 15 at 13:00 UTC

The second outage will be three hours later:

  Tuesday, May 15 16:00 UTC

In each case outages should last no more than ten to fifteen minutes.

More details about this move can be found at 
https://phabricator.wikimedia.org/T193579 .


-Andrew












___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Recent Account hijacking activities

[John Bennett]

*On 8 May 2018, account hijacking activities were discovered on Wikiviajes
- Spanish Wikivoyage (es.wikivoyage.org ). It was
identified by community stewards and communicated to the Trust and Safety,
Legal, and Security teams who responded to the event.  At this time the
event is still under investigation and we are unable to share more about
what is being done without risking additional hijacking of accounts.
However, we feel it is important to share what details we can and inform
the community of what happened.  Similar to past security incidents, we
continue to encourage everyone to take some routine steps to maintain a
secure computer and account - including regularly changing your passwords,
actively running antivirus software on your systems, and keeping your
system software up to date. The Wikimedia Foundation's Security team and
others are investigating this incident as well as potential improvements to
prevent future incidents. We are also working with our colleagues in other
departments to develop plans for how to best share future status updates on
each of these incidents. However, we are currently focused on resolving the
issues identified. If you have any questions, please contact the Trust and
Safety team (ca{{@}}wikimedia.org ). John
BennettDirector of Security, Wikimedia Foundation*
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] PHPUnit 6+ on older versions of MW

[Jeroen De Dauw]

Hey Legoktm,

This is for the Maps extension, though I will also need to deal with this
elsewhere.

Failing tests: https://travis-ci.org/JeroenDeDauw/Maps/builds/375344161

Code: https://github.com/JeroenDeDauw/Maps

I'd be ideal to have the older versions of MediaWiki use PHPUnit 6.x or
later, but I've not found a way to do so yet.

Cheers

--
Jeroen De Dauw | https://entropywins.wtf | https://keybase.io/jeroendedauw
Software Crafter | Speaker | Student | Strategist | Contributor to Wikimedia
and Open Source
~=[,,_,,]:3
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l