Wikitech-l September 2020

wikitech-l@lists.wikimedia.org

61 participants
58 discussions

TechCom meeting 2020-09-30

by Timo Tijhof

This is the weekly TechCom board review in preparation of our meeting. If there are additional topics for TechCom to review, please let us know by replying to this email. However, please keep discussion about individual RFCs to the Phabricator tickets. Activity since Monday 2020-09-21 on the following boards: https://phabricator.wikimedia.org/tag/techcom/ https://phabricator.wikimedia.org/tag/techcom-rfc/ Committee inbox: - T263904 <https://phabricator.wikimedia.org/T263904>: Are traits part of the stable interface? - New question by @DannyS712. Committee board activity: - T227776 <https://phabricator.wikimedia.org/T227776>: General ParserCache service class for large "current" page-derived data - @daniel's team will soon start work on this project. - T244058 <https://phabricator.wikimedia.org/T244058>: Strategy for storing old revisions in ParserCache. - @daniel analyzed various code paths relating to this. New RFCs: - T263841 <https://phabricator.wikimedia.org/T263841>: RFC: Expand API title generator to support other generated data - @matthiasmullie started an RFC with interest from Structured Data and Search Platform teams. Phase progression: - T240775 <https://phabricator.wikimedia.org/T240775>: RFC: Support PHP 7.4 preload - Moves to P3. - Interest from the Performance Team. - T260714: <https://phabricator.wikimedia.org/T260714> RFC: Parsoid Extension API - Moves to Last Call to be *Approved* on 7 Oct. - T487 <https://phabricator.wikimedia.org/T487>: RFC: Associated namespaces - Moves to Last Call to be *Declined* on 7 Oct. - @tgr mentions that Bask Wikipedia (eu.wikipedia.org) has a " Txikipedia <https://eu.wikipedia.org/wiki/Txikipedia:Azala>" namespace that could benefit from this. IRC meeting request: (none) Other RFC activity: - T260330: <https://phabricator.wikimedia.org/T260330> RFC: PHP microservice for containerized shell execution - @tstarling wrote an example to demonstrate how the Score extension could work. - T250406 <https://phabricator.wikimedia.org/T250406>: RFC: Hybrid extension management - @RHeigl asks about next steps. - T120085 <https://phabricator.wikimedia.org/T120085>: RFC: Serve Main Page of Wikimedia wikis from a consistent URL - @bblack indicates their team considers this an Epic Idea™. Thank you Brandon. -- Timo

3 years, 6 months

RELEASE INFO -- Push Notifications

by Seve Kim

Hi all, > *Summary *Push Notifications are now available to enable on all wikis for > Android & iOS Wikipedia apps *Background:* - Wikimedia Product teams needed a new way to drive user engagement and retention for features like "Thank You's" and "Edit Reminders" - Similar to web and email notifications, editors receive quick notifications outside of using the native apps - Push notifications are a way to send messages to user devices without the user engaging with the application - The Product Infrastructure team[1] designed and built the underlying infrastructure[2] to provide the push notification capability for other product teams to leverage - This first release of v1.0.0 provides the following features: - App users can now receive notifications sooner, even when the app is not currently running - App users can subscribe and unsubscribe to receive Echo notifications - Echo can send messages to the user via native Wikipedia apps for Android and iOS - The system can limit the rate and volume of messages to prevent server overload - Invalid subscriptions are automatically removed from the system upon notification request failure - You can find more information on our MediaWiki[2] and WikiTech pages[3] [1] https://www.mediawiki.org/wiki/Wikimedia_Product/Wikimedia_Product_Infrastr… [2] https://www.mediawiki.org/wiki/Wikimedia_Product_Infrastructure_team/Push_N… [3] https://wikitech.wikimedia.org/wiki/Push_notifications Best, -- Seve Kim *(he/him)* Sr. Technical Product Manager <https://wikimediafoundation.org/> *"Imagine a world in which every single human being can freely share in the sum of all knowledge. That's our commitment."*

3 years, 6 months

Local Development Updates and New Mailing List

by Jeena Huneidi

Hello Everyone, TL;DR: New mailing list for local dev discussion -> https://lists.wikimedia.org/mailman/listinfo/local-dev New wiki page for updates -> https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Local_Dev… This year’s developer satisfaction survey[0] revealed that many people felt there wasn’t enough communication around local dev improvement efforts. In fact, some people didn’t even know that there were any. The following is a brief history of those efforts and an update on what we have in progress, as well as some ways for us to communicate and keep informed about the local development space. A little under 2 years ago, I took on the task of developing a container-based development environment for mediawiki and services, partially since our production deployments are moving in that direction. As someone who had never done development on Mediawiki and its surrounding extensions and services, and whose job was not to do that development, this was (and is) a challenge. Here’s a quick outline of what I, with other contributors, did since then: 1. Coded and analyzed the 2019 developer satisfaction survey[1] and did one on one interviews with developers to understand the problems faced by developers. - This research provided insights into areas in and out of the scope of local development that probably deserve more attention 2. Created a prototype in minikube[2] - Brennen Bearnes created the dev-images repo to support this work - Demonstrated at the Prague Hackathon in 2019 - Did not generate much interest - Confirmed suspicions that kubernetes is not an ideal tool for developing 3. Led local-dev work group meetings 4. Presented findings and ideas at Tech Conf in 2019[3] with Brennen - Together with session attendees, decided to create mediawiki-docker[4], a lightweight dev solution for pure mediawiki developers. - Had another session to attempt to figure out what kinds of services, etc, could be grouped together for more complex development environments, but didn’t explain this in a way that session attendees understood, and they probably left frustrated 5. Continued work on mediawiki-docker, and a cli[5] to simplify repetitive docker commands - Kosta Harlan, along with Brennen, Mukunda Modell, and James Forrester headed this up - Zeljko Fillipin (and a bunch of other people!) worked on documentation of setting up a number of extensions to use with mediawiki-docker, which indicates some adoption of mediawiki-docker You can collaborate with us or track our progress by visiting our phabricator work board[6]. Tasks welcome :) As a preview, some open tasks are: - Command-line wrapper for interacting with core's docker-compose stack - https://phabricator.wikimedia.org/T246111 - Tasks under this task to make the CLI more useful - Set up distribution of MediaWiki-Docker CLI - https://phabricator.wikimedia.org/T250241 - Accomplishing this means devs can use cli commands to interact with mediawiki-docker without cloning the cli repo and building the project - Set up CI for mediawiki-docker - https://phabricator.wikimedia.org/T248779 - So we can avoid regressions We’re still exploring the best way to manage docker-compose files for different extensions and services for a more complex development environment. To address the concerns about lack of communication in a more consistent manner, I’d like to introduce a long-overdue way for us to have discussion on local dev topics through a new local-dev mailing list: https://lists.wikimedia.org/mailman/listinfo/local-dev. I’ve also created this wiki page for updates about local-dev: https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Local_Dev…. Since I’ve recently created this page, there is not much to see there at the moment. If you've made it this far, thanks for reading! I hope these changes will help improve communication and collaboration with everyone who wants to participate. [0] https://www.mediawiki.org/wiki/Developer_Satisfaction_Survey/2020 [1] https://www.mediawiki.org/wiki/Developer_Satisfaction_Survey/2019 [2] https://gerrit.wikimedia.org/g/releng/local-charts [3] https://docs.google.com/presentation/d/1ZuQGkzXylvJnPSmP4epKjsS7TghXvK99AwX…, https://docs.google.com/presentation/d/15a5yxOyPGlOADIQ6D4MmxM7ucvkec2ySpeR… [4] https://www.mediawiki.org/wiki/MediaWiki-Docker [5] https://gerrit.wikimedia.org/g/mediawiki/tools/cli [6] https://phabricator.wikimedia.org/tag/mediawiki-docker/ -- Jeena Huneidi Software Engineer, Release Engineering Wikimedia Foundation

3 years, 6 months

MediaWiki Extensions and Skins Security Release Supplement (1.31.9/1.34.3/1.35.0)

by Scott Bassett

Greetings- With the security/maintenance release of MediaWiki 1.31.9/1.34.3/1.35.0 [0], we would also like to provide this supplementary announcement of MediaWiki extensions and skins with now-public Phabricator tasks, security patches and backports [1]: == MobileFrontend == + (T238075) - Alert group Cookie(s) without HttpOnly flag are set due to default configuration < https://gerrit.wikimedia.org/r/q/I8e84f1cbc8878974532b511cebd9de40c5de55c6 > == MobileFrontend == + (T262213, CVE-2020-26120) - XSS on Pages viewed within MobileFrontend extension < https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea > == CentralAuth == + (T260485, CVE-2020-25869) - CentralAuth uses wrong actor ID when locally suppressing the user < https://gerrit.wikimedia.org/r/q/Iaa886a1824e5a74f4501ca7e28917c780222aac0 > < https://gerrit.wikimedia.org/r/q/I2336954c665366a99f9995df9b08071d4de6db79 > == FileImporter == + (T262628, CVE-2020-26121) - FileImporter imports the file even when the target page is protected on Commons < https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b > The Wikimedia Security Team recommends updating these extensions and/or skins to the current master branch or relevant, supported release branch [2] as soon as possible. Some of the referenced Phabricator tasks above _may_ still be private. Unfortunately, when security issues are reported, sometimes sensitive information is exposed and since Phabricator is historical, we cannot make these tasks public without exposing this sensitive information. If you have any additional questions or concerns regarding this update, please feel free to contact security(a)wikimedia.org or file a security task within Phabricator [3]. [0] https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-September/000… [1] https://phabricator.wikimedia.org/T256342 [2] https://www.mediawiki.org/wiki/Version_lifecycle [3] https://www.mediawiki.org/wiki/Reporting_security_bugs -- Scott Bassett sbassett(a)wikimedia.org

3 years, 7 months

T254495 - wikibase/termbox

by Jared G. Blumer

Hi everyone, I'm a volunteer for QTE and was assigned the task of using eslint-config-wikimedia 0.16.x in all repositories with Selenium tests <https://phabricator.wikimedia.org/T254495#6497062> and updating .eslintrc.json files with the Selenium WDIO test suite. When updating the wikibase/termbox repo's eslint-config-wikimedia to its current 0.17.0 release and updating eslint to 7.10.0, I receive nearly 900 errors when running "npm run test:lint" Most errors are node/no-object-assign, node/no-missing-import, es/no-object-values. I understand that the node/no-missing-import errors are mostly coming from an issue with the module alias "@" defined in package.json but I'm not certain how to resolve this or proceed on the other errors. Does anyone have any advice? Thanks! Jared

3 years, 7 months

MediaWiki 1.31.10 patching issues

by Sam Reed

Hello all, Sorry for the numerous emails on this usually quiet mailing list. It came to our attention that the 1.31.10 patch doesn't apply ontop of the 1.31.9 patch [1]. This was due to the diff patches being created ignoring whitespace, which we are slightly surprised this hasn't bitten us before. It has been fixed going forward. To that extent, if you have already applied mediawiki-1.31.9.patch.gz [2] and mediawiki-1.31.10.patch.gz [3] won't apply ontop of it, please use mediawiki-1.31.10-fixup.patch.gz [4] instead. The signature can be found at mediawiki-1.31.10-fixup.patch.gz.sig [5] for those who verify their downloaded files. If you haven't yet upgraded, I have re-issued the 1.31.9.patch [2] and 1.31.10.patch [3] to take account of the whitespace changes. So you can download those two patches fresh and they should apply as expected (i.e. follow the original instructions). If you require the old version of those patches, they can be found below: * mediawiki-1.31.10.patch.gz.old [6] * mediawiki-1.31.10.patch.gz.old.sig [7] * mediawiki-1.31.9.patch.gz.old [8] * mediawiki-1.31.9.patch.gz.old.sig [9] Once again I apologise for the inconvenience, but hopefully this resolves all outstanding issues. Thanks Sam [1] https://phabricator.wikimedia.org/T263866 [2] https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.9.patch.gz [3] https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.10.patch.gz [4] https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.10-fixup.patch… [5] https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.10-fixup.patch… [6] https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.10.patch.gz.old [7] https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.10.patch.gz.ol… [8] https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.9.patch.gz.old [9] https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.9.patch.gz.old…

3 years, 7 months

Scrum of scrums/2020-09-23

by Deb Tankersley

Hello, This email contains updates for September 23, 2020. For the HTML version, see: https://www.mediawiki.org/wiki/Scrum_of_scrums/2020-09-23 Cheers, Deb ------------------------ *= 2020-09-23 =* == Product == === iOS native app === * Updates: ** Monitoring version [[phab:project/view/4661/|6.7.0]] in App Store *** Widgets v1 ** In code freeze on bug fix release [[phab:project/view/4831/|6.7.1]] *** Widgets bugs/polish and Chinese variant fix ** In development on [[phab:project/view/4992/|6.7.2]] *** Article as a Living Document experiment === Abstract Wikipedia === * Updates: ** [[metawiki:Abstract_Wikipedia/Wiki_of_functions_naming_contest|Community naming contest]] launched for what to call the central wiki of functions. ** Initial bootstrap ZType schemata content now [[phab:T260315|injected into the wiki on installation]]. ** Very basic first pass of the rich editing interface (in Vue) nearing completion. ** Some consideration of the needs for common widget library in Vue with WMDE colleagues. == Technology == === Engineering Productivity === ==== Quality and Test Engineering ==== * Blocked by: ** Wikidata: [https://github.com/wmde/wdio-wikibase/pull/25 Make wdio-wikibase work with wdio 6] === Site Reliability Engineering === * Updates: ** Working on etcd SLOs, api-gateway SLOs with PET, finalizing the TLS migration for all services. -- deb tankersley (she/her) sr program manager, engineering Wikimedia Foundation

3 years, 7 months

TechCom Radar 2020-09-23

by Tim Starling

The minutes from TechCom's triage meeting on 2020-09-23. Present: Tim S, Dan A, Daniel K, Niklas L, Timo T. RFC: Parsoid Extension API * https://phabricator.wikimedia.org/T260714 * TS: on the basis of Subbu’s comment listing the different consultations, should go to last call. * TT: fine to put on last call * DK: no objections, doing * On Last Call to be approved on Oct 7. RFC: Associated namespaces * https://phabricator.wikimedia.org/T487 * DK: use cases mentioned easier to implement with MCR, suggest to close this RFC. * TT: some other theoretical use cases have also been covered by https://phabricator.wikimedia.org/T165149 * TT: decline with last call? * DK: wouldn’t be opposed to it if someone needed it or would do the work, but does have merit, just no buy-in. * TT: currently, if something doesn’t get resourced, it just stays in P1. * On Last Call to be declined on Oct 7. Next week IRC office hours No IRC discussion scheduled for next week. You can also find our meeting minutes on MediaWiki.org <https://www.mediawiki.org/wiki/Wikimedia_Technical_Committee/Minutes>. See also the TechCom RFC board <https://phabricator.wikimedia.org/tag/mediawiki-rfcs/> If you prefer you can subscribe to our newsletter <https://www.mediawiki.org/wiki/Newsletter:TechCom_Radar> on the wiki.

3 years, 7 months

Maintenance release: 1.31.10 / 1.34.4

by Sam Reed

The 1.31.10 and 1.34.4 versions fix the issue with the backports in the 1.31.9 and the 1.34.3 releases. The patches linked here need applying on top of the previous patches for 1.31.9 and 1.34.3. See the previous email for those patches. The full downloads here contain all the previous fixes from the security and maintenance release. 1.35.0 will still be released tomorrow. Once again, I apologise for the inconvenience of the issues with the previous release. ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.10.tar.gz Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.10.tar.gz Patch to previous version (1.31.9): https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.10.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.10.tar.gz… https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.10.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.10.patch.gz.sig Public keys: https://www.mediawiki.org/keys/keys.html ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.4.tar.gz Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.34/mediawiki-core-1.34.4.tar.gz Patch to previous version (1.34.3): https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.4.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.34/mediawiki-core-1.34.4.tar.gz.… https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.4.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.4.patch.gz.sig Public keys: https://www.mediawiki.org/keys/keys.html

3 years, 7 months

New CI Promote Step for Service Developers

by Jeena Huneidi

Hi Everyone, I'd like to announce a new CI feature for developers of services deployed to kubernetes! It's now possible for your helmfile values files to be automatically updated with new image versions after changes are merged to your service. You can read more about it and how to enable it here: https://phabricator.wikimedia.org/phame/post/view/208/ci_now_updates_your_d… If you have any questions or run into problems, please feel free to reach out to Release Engineering directly or on IRC at #wikimedia-releng. -- Jeena Huneidi Software Engineer, Release Engineering Wikimedia Foundation

3 years, 7 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Wikitech-l September 2020