This is the weekly TechCom board review in preparation of our meeting on
Wednesday. If there are additional topics for TechCom to review, please let
us know by replying to this email. However, please keep discussion about
individual RFCs to the Phabricator tickets.
Activity since Monday 2020-09-28 on the following boards:
T264334 <https://phabricator.wikimedia.org/T264334>: Could the
registered module manifest be removed from the client?
New task about the possibility of removing the huge module registry
from the js sent to the client. The idea is being discussed.
Committee board activity: Nothing to report, besides inbox
New RFCs: none.
T262946 <https://phabricator.wikimedia.org/T262946>: Bump Firefox
version in basic support to 3.6 or newer
Moves to P3 (explore)
It is pointed out that we’ve dropped support in production for TLS
1.0/1.1 in january, so de facto only Firefox 27+ is able to
connect to the
In light of that, it’s suggested that we might bump the minimum
supported versions of browsers further.
IRC meeting request: none
Other RFC activity:
T260714 <https://phabricator.wikimedia.org/T260714>: Parsoid Extension
Last call to be approved, that will end on October 7 (tomorrow)
T487 <https://phabricator.wikimedia.org/T487>: RfC: Associated
On last call to be declined, there is some opposition to the
opportunity of marking it as declined on phabricator. Last call
on October 7 (tomorrow)
T263841 <https://phabricator.wikimedia.org/T263841>: RFC: Expand API
title generator to support other generated data.
Erik asks if this is going to be generally applied to all generators
Principal Site Reliability Engineer, Wikimedia Foundation
This email contains updates for October 7, 2020. For the HTML version, see:
*= 2020-10-07 =*
== Callouts ==
* SRE: MediaWiki DC switchback to eqiad will be Tuesday, October 27.
Services switchback will be either the following day or the day before, TBD.
== Product ==
=== Structured Data ===
* Updates: "beta" milestone for mediasearch
== Technology ==
=== Site Reliability Engineering ===
** S5 replication broke on some hosts
https://phabricator.wikimedia.org/T263842, IR draft
** MediaWiki DC switchback to eqiad will be Tuesday, October 27. Services
switchback will be either the following day or the day before
** Service 2 Service communication now all encrypted
** Digicert unified cert renewal still in purchasing, we’re using
LetsEncrypt at all edges for now, with Globalsign also available as a
backup if necessary.
deb tankersley (she/her)
sr program manager, engineering
I'm Ratnabali, I'm an Outreachy applicant. I went through the "Refactor
Selenium tests and perform cleanup" project description and found it to be
really interesting. I would like to work on the project and would
appreciate any help on how to get started with first-time contributions.
Earlier today a vulnerability was uncovered that might have permitted
unauthorized users to manipulate project membership or create or delete
VMs within cloud-vps. That issue has since been resolved, and there is
currently no evidence that anyone exploited it.
Nevertheless, out of an abundance of caution: if you are a project
admin, please review the members and projectadmins of your project. If
you see any unknown or untrusted users or unexpected instances, remove
them and notify me directly about what you found and what you've done.
-Andrew + the WMCS team
[crosspost from Maps-l]
Today the Wikimedia Foundation is announcing the deprecation of the public
API for Wikimedia map tiles. Around mid October the Foundation will end
support for the Wikimedia Maps Service API . This change affects people
using Wikimedia maps on their own website or app. Maps on the Wikimedia
sites, in Wikimedia-hosted tools and gadgets, and on maps.wikimedia.org
won't be affected.
This decision was made based on recent outage incidents, primarily due to
spikes in third party usage, along with an analysis showing that more than
a third of maps provided are to non-Wikimedia services (including many to
After the most recent incident , the service was limited so that only
cached maps tiles would be available. While this protected the servers, it
made the service unpredictable and highlighted the unsustainability of our
tile service. So, we have made the decision to discontinue the maps APIs
for non-Wikimedia users.
This change will allow our teams working on Maps to focus on the
sustainability of the maps used within Wikimedia projects.
You can follow the implementation of this change on Phabricator .
Manager, Community Relations Specialists
today, I looked to a handful of unit and integration tests in MediaWIki
core, and I noticed we do not have a single namespace pattern for tests.
I would find it natural for integration tests (that are already in the
integration subfolder) to be in MediaWiki\Tests\Integration namespace, and
unit tests to be in MediaWiki\Tests\Unit.
This would allow those two kind of test to use "same" class name, and would
avoid hacks similar to
However, I'm not sure if this pattern I described in previous paragraphs is
the best one, and what is the best way of going forward in this case.
Thanks for any comments,
This week's deployment branch of MediaWiki encountered multiple issues
during deployments, first on Wednesday and again on Thursday, ultimately
ending in rolling back to wmf.10 each time. Further, Thursday's
deployment resulted in a security incident which is currently still under
Due to the ongoing investigation, deployments of wmf.11 are blocked until
You can find more information in Phabricator and I will update this mailing
list when the status changes.
The humble train conductor.
1. T263177 1.36.0-wmf.11 deployment blockers
2. T264370 User authentication security issue (Oct 1)
Everyone on all Wikimedia wikis has been logged out, and will have to log
back in again.
This was done out of an abundance of caution, after we received one (1)
user report of being logged in as someone else.
Said report coincided with the deployment of a new MediaWiki release which
caused other problems around User session objects; this is possibly related
and under active investigation.
We believe the number of possibly-affected users was small, and that the
time window in which the error was possible was short. However, we believe
that resetting all sessions is a prudent measure to ensure that the impact
More details to follow, after technical investigation has determined a
Apologies for the disruption,
Chris Danis (he/him)
Staff Site Reliability Engineer
Wikimedia Foundation <https://wikimediafoundation.org/>