Wikitech-l October 2016

wikitech-l@lists.wikimedia.org

81 participants
93 discussions

[MediaWiki-announce] CentralAuth security update
by Gergo Tisza 28 Oct '16

28 Oct '16

A security bug [1] has been fixed in CentralAuth; the bug caused logouts to silently fail if the local account on the central login wiki was unattached. That does not happen under normal circumstances, so the vulnerability can only be exposed if some other error causes attaching accounts to fail; nevertheless you are advised to update your installations. The fix has been backported to all supported versions (those for MediaWiki 1.23, 1.26 and 1.27). Gergő https://www.mediawiki.org/wiki/User:Tgr_(WMF) [1] https://phabricator.wikimedia.org/T137551 _______________________________________________ MediaWiki announcements mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

1 0

[MediaWiki-announce] OAuth security update #2
by Gergo Tisza 28 Oct '16

28 Oct '16

The recent OAuth security fix [1] had a bug [2] which caused some legitimate OAuth requests to be rejected. The affected versions have been updated to work properly. Apologies for the disruption. Gergő https://www.mediawiki.org/wiki/User:Tgr_(WMF) [1] https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-October/00019… [2] https://phabricator.wikimedia.org/T149194 _______________________________________________ MediaWiki announcements mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

1 0

Recently proposed patchsets by new contributors awaiting code review
by Andre Klapper 27 Oct '16

27 Oct '16

Your help is welcome to provide feedback (CR±1/2) and guidance: == mediawiki/extensions/Favorites: == https://gerrit.wikimedia.org/r/#/q/project:mediawiki/extensions/Favorites+s… 4 patches by same author. Extension might be unmaintained, looking at https://phabricator.wikimedia.org/diffusion/EFAV/ ? == mediawiki/extensions/LdapAuthentication: == since 2016-09-27 (4th time listed here): Allow local user creation even if LDAP user creation is disabled https://gerrit.wikimedia.org/r/#/c/313019/ (Still no CR±1 but review comments by Tgr - thanks!) == mediawiki/extensions/MixedNamespaceSearchSuggestions: == since 2016-10-22 (patch has 3 lines): Fix Namespace Display in resources/ext.mnss.search.less https://gerrit.wikimedia.org/r/#/c/317325/ == pywikibot/core: == https://lists.wikimedia.org/pipermail/wikitech-l/2016-May/085598.html might make me exclude Pywikibot from future emails, as its developers might not have a shared understanding when it comes to the importance of providing fast reviews quickly to new contributors. since 2016-09-25 (4th time listed here): Checks the type of isbn and modifies accordingly https://gerrit.wikimedia.org/r/#/c/312726/ (Still no CR±1 but a review comment by Whym - thanks!) since 2016-10-15: Silence warnings https://gerrit.wikimedia.org/r/#/c/316060/ Thanks in advance for your reviews! -- Andre Klapper | Wikimedia Bugwrangler http://blogs.gnome.org/aklapper/

1 0

Technical Design Intern Search | Job description
by Maria Cruz 27 Oct '16

27 Oct '16

Hello all, There is a new internship opportunity in the Community Engagement department for a Technical Design Intern. We are looking for a candidate who works and/or studies in the field of computer science and information systems, has experience in advanced wiki markup and design skills for web, and the ability to excel in a fast-paced, multitasking environment, among other qualifications. Knowledge and or experience with Wikimedia Projects a plus! The Technical Design Intern will work closely with the Communications and Outreach Coordinator (that would be me!) on the Wikimedia Resource Center, the redesign of the Evaluation Portal on Meta Wikimedia, and migration and archiving of L&E portal pages from existing namespaces to new namespace, among other tasks. You can find the complete job description here: https://boards.greenhouse.io/wikimedia/jobs/488570#.WBE6X-ErKRs If you are interested, please apply. If you know someone who might fit this position, please forward the email to them! Cheers, *María Cruz * \\ Communications and Outreach Coordinator, L&E Team \\ Wikimedia Foundation, Inc. mcruz(a)wikimedia.org | Twitter: @marianarra_ <https://twitter.com/marianarra_>

3 3

REMINDER: Wikimedia Developer Summit proposal submission deadline is in 5 days!
by Srishti Sethi 27 Oct '16

27 Oct '16

Hello all, Just a reminder that the deadline for the call for proposals for the Wikimedia Developer Summit 2017 <https://www.mediawiki.org/wiki/Wikimedia_Developer_Summit> is *next Monday, October 31st, 2016*. To submit your proposal, please visit https://www.mediawiki.org/wiki/Wikimedia_Developer_Summit/Call_for_particip…. We look forward to reading your proposals! Cheers, Srishti P.S. Ignore this message, if you have already submitted a proposal. -- Srishti Sethi Developer Advocate Wikimedia Foundation https://meta.wikimedia.org/wiki/User:SSethi_(WMF)

1 0

Changing a default system message
by Aran 27 Oct '16

27 Oct '16

Hi, I have an extension that change some of the default system messages for example "talk" to "comment", but since upgrading to 1.27 these messages no longer change. I've tried rebuildmessages.php and rebuildLocalisationCache.php but nothing seems to allow me to override these default messages any more. New messages that the extension introduces can be changed no problem. Does anyone here know the proper procedure for doing this? Thanks, Aran

3 5

Latest search updates
by Deborah Tankersley 27 Oct '16

27 Oct '16

After extensive testing over the last several months using a new search query scoring method called BM25 (Best Matching) [1], we recently completed a limited production release to the following top languages: English, German, Spanish, Russian, Portuguese, French, Italian, Polish, Dutch and Arabic. This new release is replacing the older search method called tf-idf (term frequency-inverse document frequency) [2]. We have additional testing to do [3,4] to figure out if BM25 will work in languages that don’t use spaces in-between their words , i.e.: Japanese, Chinese, etc. The Discovery team announces much of our completed work in weekly status updates [5 , 6 ], but some of the work isn’t actually obvious to anyone who uses our search engine - t hat is because it isn’t actually ‘live’ until a complete re-index of the servers occur. We’ve created a recurring ticket in Phabricator [ 7 ] to keep track of the work that goes live in production after a re-index, such as the one we’ve also just completed. A few highlights of the recent re-index are implementing ascii-folding for the French language and fixing several bugs for French ÿ, and Russian ’Е’ and 'Ё' when those characters are entered in a search query. Cheers from the Discovery Search Team! [1] https://en.wikipedia.org/wiki/Okapi_BM25 [2] https://en.wikipedia.org/wiki/Tf%E2%80%93idf [3] https://phabricator.wikimedia.org/T147495 [4] https://phabricator.wikimedia.org/T147501 [5] https://www.mediawiki.org/wiki/Wikimedia_Discovery#Updates [ 6 ] https://www.mediawiki.org/wiki/Discovery/Status_updates [ 7 ] https://phabricator.wikimedia.org/T147505 -- deb tankersley Product Manager, Discovery irc: debt Wikimedia Foundation

1 0

[MediaWiki-announce] OAuth security update
by Gergő Tisza 26 Oct '16

26 Oct '16

Hi all, a minor security bug [1] has been fixed in the OAuth extension: * a connected application could use the /identify endpoint to learn the username of a user even if the application has been disabled. * a connected application could use the /identify endpoint to learn the username of a user even if the user was locked or blocked from login (this could be problematic when OAuth is used for authentication, such as with the OAuthAuthentication [2] extension). The fix has been backported to all supported versions (those for MediaWiki 1.23, 1.26 and 1.27). Gergő https://www.mediawiki.org/wiki/User:Tgr_(WMF) [1] https://phabricator.wikimedia.org/T148600 [2] https://www.mediawiki.org/wiki/Extension:OAuthAuthentication _______________________________________________ MediaWiki announcements mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

1 0

Small, old, unreviewed MediaWiki Core patches waiting in Gerrit
by Andre Klapper 25 Oct '16

25 Oct '16

Another list of oldest MW Core patches, touching <=10 lines, with CR=0, Verified>0, without merge conflicts in Gerrit, sorted by age. Decisions (=CR) welcome. Thanks in advance for your review + help reducing our review backlog. https://gerrit.wikimedia.org/r/#/c/258037/ Qualify page titles as such in messages about editing or acting on a page /languages/i18n/en.json https://gerrit.wikimedia.org/r/#/c/145882/ Add two properties to Action.php /includes/actions/Action.php https://gerrit.wikimedia.org/r/#/c/264621/ Linker: No need to encode single quotes in makeBrokenImageLinkObj() /includes/Linker.php https://gerrit.wikimedia.org/r/#/c/265375/ Add class to EditPage text area when editing an old revision /includes/EditPage.php https://gerrit.wikimedia.org/r/#/c/251804/ Export: Use BCP 47 language code for attribute xml:lang /includes/export/XmlDumpWriter.php https://gerrit.wikimedia.org/r/#/c/187898/ Move notification area from mw.util.$content to document.body /resources/Resources.php /resources/src/mediawiki/mediawiki.notification.js https://gerrit.wikimedia.org/r/#/c/269108/ Fix the uppercase issue of "lang" parameter in ImagePage /includes/page/ImagePage.php https://gerrit.wikimedia.org/r/#/c/278449/ splitTrail: treat two or more apostrophes as trail /includes/Linker.php https://gerrit.wikimedia.org/r/#/c/276945/ Convert Special:ListFiles to OOUI /includes/specials/pagers/ImageListPager.php https://gerrit.wikimedia.org/r/#/c/248572/ Tweak packed-hover gallery mode for better video compat /resources/src/mediawiki/page/gallery.js https://gerrit.wikimedia.org/r/#/c/279087/ Remove dummy language codes from Names.php /languages/data/Names.php https://gerrit.wikimedia.org/r/#/c/272708/ Change .tocnumber to use grey text for section numbers in ToC boxes /resources/src/mediawiki.skinning/content.css Thanks for comments, reviews, merges in the last edition to: Florian, Jforrester, Krinkle, Legoktm, Matmarex, Phuedx, RobLa, Tjones. -- Andre Klapper | Wikimedia Bugwrangler http://blogs.gnome.org/aklapper/

1 0

The Revision Scoring weekly update
by Aaron Halfaker 24 Oct '16

24 Oct '16

Hey, This is the 26th and 27th weekly update from revision scoring team that we have sent to this mailing list. We forgot to send the update for last week! Last week, we were featured in Research's quarterly review. In the last 3 months, we achieved our goals to expand the ORES extension to 6 wikis (we made it to 8!) and to release datasets of article quality predictions. The minutes from the quarterly review are not yet online, but once they are, you'll be able to see them at [1]. Maintenance and robustness: - We discussed and decided on a set of strategies for handling goodfaith/naive DOS attacks on ORES[2] - We fixed an i18n issue in Wiki Labels[3] - We updated the article quality models (wikiclass/wp10) to use revscoring 1.3.0[4] - We investigated and solved a memory leak in our pre-caching utility[5] - We configured celery to send its logs to a place where we can read them for easier debugging[6] - We deployed a set of schema changes to constrain the ORES Review Tools database appropriately[7] - Also worth noting is that the services cluster (SCB) has been expanded[8]. ORES has now doubled in capacity Datasets - We discussed how to make the historical article quality dataset available via quarry[8]. Regretfully, it seems that we'll not be able to do that for at least a couple of months. New development - We've implemented embedding of machine-readable scores in a JS variable on-wiki[9]. This will make it easier for tool developers to experiment with new ways of displaying Special:RecentChanges more easily. It's also a necessary precondition for adding color-based signaling of ORES' confidence about an edit. 1. https://meta.wikimedia.org/wiki/Wikimedia_Foundation_metrics_and_activities… 2. https://phabricator.wikimedia.org/T148347 -- [Discuss] DOS attacks on ORES. What to do? 3. https://phabricator.wikimedia.org/T139587 -- Revision not found error unformatted and not localized 4. https://phabricator.wikimedia.org/T147201 -- Update wikiclass for revscoring 1.3.0 5. https://phabricator.wikimedia.org/T146500 -- Investigate memory leak in precached 6. https://phabricator.wikimedia.org/T147898 -- Send celery logs to /srv/log/ores instead of /var/lib/daemon.log 7. https://phabricator.wikimedia.org/T147734 -- Review and deploy 309825 8. https://phabricator.wikimedia.org/T147903 -- Expand SCB cluster 9. https://phabricator.wikimedia.org/T146718 -- [Discuss] Hosting the monthly article quality dataset on labsDB 10. https://phabricator.wikimedia.org/T143611 -- Embed machine readable ores scores as data on pages where ORES scores things Sincerely, Aaron from the Revision Scoring team

1 0

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Wikitech-l October 2016