Re: [Wikitech-l] Making two factor auth less annoying

2018-08-13 Thread Adam Wight 
Apologies, "lack of session persistence" was a bad way to summarize what
I've been seeing.  My session persistence is usually fine, and lasts a
while regardless of whether 2FA is enabled.

What I was complaining about is that 2FA has to be used every time I log
in.  There doesn't seem to be an industry standard yet, for example gmail
asks for 2FA only every 30 days if you've previously authenticated on the
same machine, but GitHub asks for 2FA on every login.  Asking only once a
month seems like a great compromise to consider.

-Adam

On Mon, Aug 13, 2018 at 10:21 AM Nick Wilson (Quiddity) <
nwil...@wikimedia.org> wrote:

> On Mon, Aug 13, 2018 at 5:13 AM Amir E. Aharoni
>  wrote:
> > Most of the time my session doesn't work across projects. If I log in to
> > the English Wikipedia, I have to log in again to mediawiki.org, Hebrew
> > Wikisource, and Wikidata [...]
>
> This (old, erratic, hard to reproduce) bug can usually be fixed by
> logging out, and then clearing your cookies for all Wikimedia domains.
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Status of anti-vandalism measures in Phabricator

2018-08-13 Thread Pine W 
Thank you, Mukunda. I am experiencing a shortage of good news today, so I'm
glad to read about your work on this.

Hopefully people whose accounts are accidentally disabled will be
understanding, and hopefully their recovery experiences will be simple and
straightforward.

Regards,
Pine
( https://meta.wikimedia.org/wiki/User:Pine )


On Mon, Aug 13, 2018 at 9:34 PM Mukunda Modell 
wrote:

> Anti-vandalism functionality has now been deployed in Phabricator for a
> while. After adjusting the parameters in response to a few initial issues
> and letting it run over the weekend, I'm now fairly confident in the
> algorithm. It should reliably detect and disable accounts which are doing
> automated edits (except for the bots that we have white-listed ). In
> addition, it should be unlikely to affect users due to normal user activity
> like task submission / editing / commenting, etc.  When a user account is
> disabled due to antivandalism, a notification is posted into the
> phabricator event feed[1]. If any account is disabled due to a false
> positive, then any phabricator admin may re-enable the account in the usual
> way within phabricator's 'manage user' UI.
>
> If anyone has any questions, or notices a problem, please let me know!
>
> [1] https://phabricator.wikimedia.org/feed/query/all/
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Status of anti-vandalism measures in Phabricator

2018-08-13 Thread Mukunda Modell 
Anti-vandalism functionality has now been deployed in Phabricator for a
while. After adjusting the parameters in response to a few initial issues
and letting it run over the weekend, I'm now fairly confident in the
algorithm. It should reliably detect and disable accounts which are doing
automated edits (except for the bots that we have white-listed ). In
addition, it should be unlikely to affect users due to normal user activity
like task submission / editing / commenting, etc.  When a user account is
disabled due to antivandalism, a notification is posted into the
phabricator event feed[1]. If any account is disabled due to a false
positive, then any phabricator admin may re-enable the account in the usual
way within phabricator's 'manage user' UI.

If anyone has any questions, or notices a problem, please let me know!

[1] https://phabricator.wikimedia.org/feed/query/all/
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Making two factor auth less annoying

2018-08-13 Thread Nick Wilson (Quiddity) 
On Mon, Aug 13, 2018 at 5:13 AM Amir E. Aharoni
 wrote:
> Most of the time my session doesn't work across projects. If I log in to
> the English Wikipedia, I have to log in again to mediawiki.org, Hebrew
> Wikisource, and Wikidata [...]

This (old, erratic, hard to reproduce) bug can usually be fixed by
logging out, and then clearing your cookies for all Wikimedia domains.

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] My Phabricator account has been disabled

2018-08-13 Thread Petr Bena 
I am a bit late to the party, but do we seriously spend days
discussing someone being banned from a bug tracker just for saying
"WTF", having their original comment completely censored, so that the
community can't even make a decision how bad it really was? Is that
what we turned into? From highly skilled developers and some of best
experts in the field to a bunch of language nazis?

We have tens of thousands of open tasks to work on and instead of
doing something useful we are wasting our time here. Really? Oh, come
on...

We are open source developers. If you make Phabricator too hostile to
use it by setting up some absolutely useless and annoying rules,
people will just move to some other bug tracker, or decide to spend
their free time on a different open source project. Most of us are
volunteers, we don't get money for this.

P.S. if all the effort we put into this gigantic thread was put into
solving the original bug instead (yes it's a bug, not a feature) it
would be already resolved. Instead we are mocking someone who was so
desperate with the situation to use some swear words.

On Mon, Aug 13, 2018 at 12:06 AM, Yaron Koren  wrote:
>  Nuria Ruiz  wrote:
>> The CoC will prioritize the safety of the minority over the comfort of the
>> majority.
>
> This is an odd thing to say, in this context. I don't believe anyone's
> safety is endangered by hearing the phrase in question, so it seems like
> just an issue of comfort on both sides. And who are the minority and
> majority here?
>
>> The way the bug was closed might be incorrect (I personally as an engineer
>> agree that closing it shows little understanding of how technical teams do
>> track bugs in phab, some improvements are in order here for sure) but the
>> harsh interaction is just one out of many that have been out of line for
>> while.
>
> This seems like the current argument - that it's not really about the use
> of a phrase, it's about an alleged pattern of behavior by MZMcBride. What
> this pattern is I don't know - the one example that was brought up was a
> blog post he wrote six years ago, which caused someone else to say
> something mean in the comments. (!) As others have pointed out, there's a
> lack of transparency here.
>
> -Yaron
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Fwd: Re: [Cloud-announce] Operation on Cloud VPS next monday 13th Aug

2018-08-13 Thread Andrew Bogott 
FYI, this maintenance is starting in a few minutes and will result in 
some CI downtime.  Gerrit will probably refuse to test or merge patches 
while the work is in progress.



 Forwarded Message 
Subject:Re: [Cloud-announce] Operation on Cloud VPS next monday 13th Aug
Date:   Mon, 13 Aug 2018 15:30:45 +0200
From:   Arturo Borrero Gonzalez 
Reply-To:   cl...@lists.wikimedia.org
Organization:   Wikimedia Foundation
To: cloud-annou...@lists.wikimedia.org



On 07/08/18 18:24, Arturo Borrero Gonzalez wrote:

Hi!

Next monday 13th we will be doing some maintenance on the main Cloud VPS
deployment to merge the keystone service of both main and eqiad1
deployments (the new one that we will eventually put into production).

Toolforge users will not be affected by this outage.

Day: Monday 13th August
Start time: 14:00 UTC
Finish time: 16:00 UTC or ASAP

Keystone is a central point in openstack, so most horizon operations
like login, creating/deleting VMs could be affected. On the other hand,
VMs will keep working and we don't expect any network outage.

This operation will allow us to have a smooth transition in the future
when we move all projects and instances to the new eqiad1 deployment and
is a previous step to having multi-region support in our Cloud VPS service.

Please let us know any question or suggestions you may have.



Reminder, this is happening today in 30 minutes.

___
Wikimedia Cloud Services announce mailing list
cloud-annou...@lists.wikimedia.org (formerly labs-annou...@lists.wikimedia.org)
https://lists.wikimedia.org/mailman/listinfo/cloud-announce

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Making two factor auth less annoying

2018-08-13 Thread MA 
Hi,

I am not experiencing any issues with 2FA on my account. Maybe something
related to cookie/browser?

Best regards.
-- 
M. A.
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Making two factor auth less annoying

2018-08-13 Thread Amir E. Aharoni 
2018-08-13 11:19 GMT+03:00 Daniel Kinzler :

> Am 13.08.2018 um 07:34 schrieb Gergo Tisza:
> > Two-factor authentication does not affect how the session works. If you
> > check "Remember me", the login will last for 180 days, whether you use
> > two-factor authentication or not.
>
> Yea, works fine for me - and this is the first time I hear people complain
> that
> they constantly have to log in again with 2fa. This certainly isn't
> intentional.
> Sounds like a bug that only affacts a few people... or are people so used
> to
> pain and suffering that so few complain about it?
>

Something like this has been happening for about a week with me.

Most of the time my session doesn't work across projects. If I log in to
the English Wikipedia, I have to log in again to mediawiki.org, Hebrew
Wikisource, and Wikidata, and every time I need to type teh 2FA token. It
wasn't like this earlier.

I've been using 2FA since the password attack on May 4, but this only
started happening to me last week.

I'm using Firefox 63 (Nightly).

--
Amir Elisha Aharoni · אָמִיר אֱלִישָׁע אַהֲרוֹנִי
http://aharoni.wordpress.com
‪“We're living in pieces,
I want to live in peace.” – T. Moore‬
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Stalled repository ownership request (April 2018)

2018-08-13 Thread MA 
Hello,

A gerrit administrator is required to review and handle
, either to ask for
clarifications or close it one way or another. Repository ownership
requests take aprox. one week; this has been sitting there since April
without virtually no activity but pings for assistance. I think the
user deserves an answer.

Thank you, M.

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Making two factor auth less annoying

2018-08-13 Thread Brian Wolff 
While there are two people in this thread complaining so i suspect its not
that obscure, but this is also the first i have ever heard of it as well.
Definitely something we need to track down.

--
Brian
On Monday, August 13, 2018, Daniel Kinzler 
wrote:
> Am 13.08.2018 um 07:34 schrieb Gergo Tisza:
>> Two-factor authentication does not affect how the session works. If you
>> check "Remember me", the login will last for 180 days, whether you use
>> two-factor authentication or not.
>
> Yea, works fine for me - and this is the first time I hear people
complain that
> they constantly have to log in again with 2fa. This certainly isn't
intentional.
> Sounds like a bug that only affacts a few people... or are people so used
to
> pain and suffering that so few complain about it?
>
> -- dnaiel
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Making two factor auth less annoying

2018-08-13 Thread Daniel Kinzler 
Am 13.08.2018 um 07:34 schrieb Gergo Tisza:
> Two-factor authentication does not affect how the session works. If you
> check "Remember me", the login will last for 180 days, whether you use
> two-factor authentication or not.

Yea, works fine for me - and this is the first time I hear people complain that
they constantly have to log in again with 2fa. This certainly isn't intentional.
Sounds like a bug that only affacts a few people... or are people so used to
pain and suffering that so few complain about it?

-- dnaiel

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l