[00:41:05] 6MediaWiki-Core-Team, 6Availability-Team: Look into Maria 10 parallel-replication - https://phabricator.wikimedia.org/T85266#1188175 (10aaron) Although DB1055 had a spike at 00:00 similar to 1072 (https://tendril.wikimedia.org/chart?hosts=db10%2855%29&vars=^seconds_behind_master&mode=delta) today. Even with it... [01:58:16] 6MediaWiki-Core-Team, 6Security, 5Patch-For-Review: Stored XSS in SVG via embedded SVG - https://phabricator.wikimedia.org/T85850#1188304 (10csteipp) Asasigned CVE-2015-2931 > Use CVE-2015-2931 for this issue involving an incomplete list of disallowed MIME types for data: URIs (the application/xml type wasn... [01:58:30] 6MediaWiki-Core-Team, 6Security, 5Patch-For-Review: Stored XSS in SVG via embedded SVG - https://phabricator.wikimedia.org/T85850#1188305 (10csteipp) [01:58:50] 6MediaWiki-Core-Team, 6Security, 5Patch-For-Review, 7Vuln-XSS: Fix SVG blacklist for animate - https://phabricator.wikimedia.org/T86711#1188306 (10csteipp) [01:59:10] 6MediaWiki-Core-Team, 6Security, 5Patch-For-Review, 7Vuln-XSS: Fix SVG blacklist for animate - https://phabricator.wikimedia.org/T86711#974689 (10csteipp) > Use CVE-2015-2932 for this issue involving an incomplete list of dangerous parts of HTML5. (The list is supposed to include all uses of 'animate attri... [01:59:33] 6MediaWiki-Core-Team, 6Security, 5Patch-For-Review, 7Vuln-XSS: XSS in language converter when used with Html class's tricky escaping - https://phabricator.wikimedia.org/T73394#1188308 (10csteipp) [02:12:34] 6MediaWiki-Core-Team, 6Availability-Team: Look into Maria 10 parallel-replication - https://phabricator.wikimedia.org/T85266#1188318 (10aaron) Tempted to at least partly blame the misc::maintenance::purge_abusefilter job. It runs at 1AM daily and uses 'LIMIT' with UPDATE, which we don't support so the LIMIT is... [05:00:43] bd808: woot :D [07:41:54] 6MediaWiki-Core-Team, 6Availability-Team: Look into Maria 10 parallel-replication - https://phabricator.wikimedia.org/T85266#1188788 (10Springle) db1071 and 72 QPS loads look high, but they aren't really struggling even at peak. I'd tend to agree that most replag spikes are due to slow writes, and not individu... [08:00:48] 6MediaWiki-Core-Team, 6Availability-Team: Look into Maria 10 parallel-replication - https://phabricator.wikimedia.org/T85266#1188808 (10Springle) Re MariaDB 10 benefits: There isn't any obvious leap in performance to point to compared to 5.5. Some stuff is faster, some isn't. The biggest benefits have been:... [14:07:24] * anomie is having a really hard time holding back the snarkiness in replying to the architecture astronauting and general "I don't understand this, but I feel qualified to blindly redesign it" going on in 182858... [14:11:25] * ^d isn't touching [14:24:58] 6MediaWiki-API-Team, 10MediaWiki-extensions-OAuth: OAuth: Authorisation should not fail because you don't have an account on central wiki - https://phabricator.wikimedia.org/T74469#1189528 (10Tgr) [14:57:27] *91* comments on on file in the review? [15:08:38] where? [15:11:49] 6MediaWiki-Core-Team, 10MediaWiki-Debug-Logging, 6Release-Engineering, 10Wikimedia-Logstash, and 2 others: Log php fatals with full backtraces again (fatal.log on fluorine) - https://phabricator.wikimedia.org/T89169#1189640 (10Legoktm) Progress! We now have logs that look like: ``` 2015-04-08 15:08:56 mw12... [15:12:31] MaxSem: https://gerrit.wikimedia.org/r/#/c/182858/ [15:34:44] <^d> legoktm: I finished making all those branches last night [15:35:03] woot :D [15:35:06] <^d> I want to rewrite that script. It clones every extension one by one just to push a branch which is stupid [15:35:24] can it just create the branches using gerrit's API? [15:35:32] <^d> Probably [16:31:45] 6MediaWiki-API-Team, 10MediaWiki-extensions-CentralAuth, 5Patch-For-Review: Add javascript confirmation button to Special:GlobalRenameQueue - https://phabricator.wikimedia.org/T95428#1190070 (10Legoktm) a:3Legoktm [16:33:11] 6MediaWiki-API-Team, 10Librarization, 7Documentation, 5MW-1.25-release: Update [[mw:Composer]] to include information about usage with libraries - https://phabricator.wikimedia.org/T85172#1190242 (10Legoktm) [16:36:16] legoktm: https://gerrit.wikimedia.org/r/#/c/202766/ [16:36:55] burritocat: are we already running that on a cron? [16:37:13] should be hit in /usr/local/bin/update-special-pages [17:01:07] legoktm: misc::maintenance::update_special_pages [17:02:04] and misc::maintenance::update_article_count [17:03:20] ok [17:03:23] +2'd [17:11:43] legoktm: https://gerrit.wikimedia.org/r/#/c/202659/ [17:18:04] bd808: Does it make sense to explicitly share at Scrum-of-scrums things like your recent alerts that "Hey, big thing X was just pushed, so you might notice weird stuff"? Or is email/phab sufficient? [17:18:46] It's nice to mention things like that at SoS [17:19:01] hopefully people saw the emails, but ... yeah [17:22:17] cool [17:29:48] 6MediaWiki-API-Team, 10MediaWiki-extensions-OAuth: OAuth: Authorisation should not fail because you don't have an account on central wiki - https://phabricator.wikimedia.org/T74469#1190598 (10Nemo_bis) >>! In T74469#752694, @csteipp wrote: > Trying to force an autocreation on the central wiki as part of the au... [17:48:57] ^d: lots of easy commits at https://gerrit.wikimedia.org/r/#/q/owner:%22Aaron+Schulz%22+status:open,n,z :) [17:53:34] <^d> burritocat: 7 +2s for you :) [17:54:54] <^d> 8 [18:01:24] \o/ [18:01:30] * burritocat hands https://gerrit.wikimedia.org/r/#/c/202657/ to legoktm [18:33:10] ori: https://gerrit.wikimedia.org/r/#/c/202457/1 [19:01:25] 6MediaWiki-API-Team, 6Analytics-Engineering, 10MediaWiki-API, 10Wikipedia-Android-App, and 2 others: Add page_id and namespace to X-Analytics header in App / api requests - https://phabricator.wikimedia.org/T92875#1191182 (10Legoktm) [19:18:04] 6MediaWiki-API-Team, 10SUL-Finalization, 5Patch-For-Review: Check for empty global accounts - https://phabricator.wikimedia.org/T93167#1191262 (10Legoktm) p:5Triage>3High a:3Anomie [20:07:43] 6MediaWiki-API-Team, 10Librarization, 7Documentation, 5MW-1.25-release: Update [[mw:Composer]] to include information about usage with libraries - https://phabricator.wikimedia.org/T85172#1191556 (10greg) p:5Triage>3Normal [21:10:43] 6MediaWiki-Core-Team, 10Wikimedia-General-or-Unknown, 5Patch-For-Review: "refreshLinks.php --dfn-only" can't reliably make it through a full enwiki run - https://phabricator.wikimedia.org/T38195#1191788 (10PleaseStand) The above change is in 1.25wmf24, which has been deployed to all Wikipedias. There may sti... [21:16:01] 6MediaWiki-API-Team, 10MediaWiki-extensions-SecurePoll: Set up mini wikifarm in Labs which has SecurePoll on it - https://phabricator.wikimedia.org/T88725#1191823 (10bd808) [21:16:05] 6MediaWiki-API-Team, 10Incident-20150205-SiteOutage, 10MediaWiki-Debug-Logging, 10Wikimedia-Logstash, and 2 others: Decouple logging infrastructure failures from MediaWiki logging - https://phabricator.wikimedia.org/T88732#1191822 (10bd808) [21:16:15] 6MediaWiki-API-Team, 10Wikimedia-Wikimania-Scholarships: Operational support for Wikimania Scholarships 2015 cycle - https://phabricator.wikimedia.org/T90739#1191829 (10bd808) [21:19:52] 6MediaWiki-Core-Team, 15User-Bd808-Test: Setup communication infrastructure for new Platform teams - https://phabricator.wikimedia.org/T93904#1191839 (10bd808) [21:19:55] 6MediaWiki-Core-Team, 15User-Bd808-Test: Setup communication infrastructure for new Search team - https://phabricator.wikimedia.org/T94488#1191838 (10bd808) 5Open>3Resolved [21:20:32] 6MediaWiki-Core-Team, 15User-Bd808-Test: Setup communication infrastructure for new Availability team - https://phabricator.wikimedia.org/T93941#1191840 (10bd808) 5Open>3Resolved [21:20:35] 6MediaWiki-Core-Team, 15User-Bd808-Test: Setup communication infrastructure for new Platform teams - https://phabricator.wikimedia.org/T93904#1149339 (10bd808) [21:24:31] 6MediaWiki-API-Team, 10MediaWiki-Authentication-and-authorization, 7Epic: Modernize MediaWiki authentication system - https://phabricator.wikimedia.org/T89459#1191855 (10bd808) [21:26:20] csteipp: Do you have a "team" project in phabricator for security? [21:28:02] bd808: Not really. I'm (ab)using the Security group as it for now, but that's also for mediawiki security bugs, so I don't like it. [21:28:33] Want a "security-team" project? [21:29:01] bd808: Yeah, let's do that [21:30:13] 6MediaWiki-Core-Team, 15User-Bd808-Test: Setup communication infrastructure for new Security team - https://phabricator.wikimedia.org/T95482#1191880 (10bd808) 3NEW a:3bd808 [21:33:31] bd808: do you have project-create perms yet? [21:33:56] greg-g: Nope. I'm just a plain jerk in Phab [21:34:31] bd808: if you're in the security project, you can add yourself to project creators [21:34:42] 6MediaWiki-Core-Team, 15User-Bd808-Test: Setup communication infrastructure for new Security team - https://phabricator.wikimedia.org/T95482#1191914 (10bd808) [21:35:47] Is that a "good" thing to do? When I asked last week if I should ask for create rights or just open tickets andre told me to open tickets [21:37:06] well, some people dislike spreading power around, I, on the other hand, love it [21:37:09] :) [21:37:12] bd808: if you follow the guidelines that andre posted somewhere, i don't think he'll mind. [21:37:21] phabricator just makes it hard to undo things. [21:37:36] You should always open a ticket for projects you create, but if it's uncontroversial like a new team or new extension, just create it and close the ticket [21:37:44] csteipp: is it ok if I delete https://integration.wikimedia.org/ci/job/test-csteipp-sensiolabs-securityadvisorieschecker/ ? [21:38:23] legoktm: except for all of the sprint projects the PMs/Scrum masters make, that would be too much busy work [21:38:47] ie: I didn't create a "create q4 goals project for releng [21:39:31] legoktm: yep [21:41:18] 6MediaWiki-Core-Team, 6Project-Creators, 15User-Bd808-Test: Create Security-Team project - https://phabricator.wikimedia.org/T95486#1191945 (10bd808) 3NEW a:3bd808 [21:41:36] greg-g: ^ [21:42:41] onit [21:43:34] 6MediaWiki-Core-Team, 15User-Bd808-Test: Setup communication infrastructure for new Security team - https://phabricator.wikimedia.org/T95482#1191970 (10greg) [21:43:37] 6MediaWiki-Core-Team, 6Project-Creators, 15User-Bd808-Test: Create Security-Team project - https://phabricator.wikimedia.org/T95486#1191968 (10greg) 5Open>3Resolved #security-team {{done}} [21:43:46] thanks greg-g [21:44:21] 6MediaWiki-Core-Team, 15User-Bd808-Test: Setup communication infrastructure for new Platform teams - https://phabricator.wikimedia.org/T93904#1191974 (10bd808) [21:47:33] ergg [21:47:38] can it not start with Security- [21:47:46] Team-Security [21:47:50] it's going to show up in the dropdown when someone types "Security" [21:47:51] Super-Security-Team [21:48:35] luckily, it comes after: Security-Core [21:48:35] Security-Extensions [21:48:35] Security-General [21:48:35] Security-Reviews [21:48:36] Security-Other [21:48:39] oop, sorry [21:48:52] spammer ;) [21:49:09] sorry for wasting \n's [21:49:33] It would be nice if all the WMF teams started with WMF-* IMHO but... not my call [21:50:10] WMF-MediaWiki-API-Team is quite a tag however [21:50:24] I'm not opposed [21:50:29] Is it possible to tweak the ordering of the type-ahead? If you get to "secur" neither "Security" or "Security Team" are listed... grr. [21:51:25] that dropdown is an annoying scab and difference of opinion with upstream [21:53:32] csteipp: create a totally random hashtag for the project and use it to get to your specific project [21:55:51] #asfkasjdglaejkt [22:08:28] for those in the backlog meeting: https://phabricator.wikimedia.org/maniphest/query/sadg6xJW_QKf/#R [22:08:44] burritocat: ^ [22:14:58] 6MediaWiki-API-Team, 10MediaWiki-Debug-Logging, 6Release-Engineering, 10Wikimedia-Logstash, and 2 others: Log php fatals with full backtraces again (fatal.log on fluorine) - https://phabricator.wikimedia.org/T89169#1192161 (10ksmith) [22:38:35] bd808: i think you're in a backlog grooming meeting, but when you get back: is the consensus (prsumably from that pre-review) that currently yellow status items should be.... Green because progress was made or Red because they aren't done? [22:39:08] done on 3/31 == green; else == red [22:39:26] ty [22:39:34] * greg-g makes a lot of red [22:39:51] winter is coming [22:42:26] now it's all red minus the "elena and rummana are awesome" one :) [22:45:28] legoktm: Is it a bad thing that I can DDOS wikibugs so easily? [22:45:55] DDOS isn't the right word, but cause it to get kicked [22:45:57] bd808: not really, it'll rejoin automatically [22:46:27] -D [22:46:27] also, why is mw-core being removed from everything instead of just archiving the project? [22:46:53] (that's what we did with #quality-assurance, just archive and add another relevant project) [23:02:49] oh? archive first? [23:03:31] we were just unlicking cookies and trying to make sure WIP went to the right place(s) [23:03:53] If archive first is the "right thing" I'm all for that [23:04:35] but I want people to get pinged for things that are basically being dumped back into the general "nobody looks at this" pool [23:05:02] that's a fair point [23:05:35] I've also been removing #releng from things that sure, we'd like to do, but I don't want it to look like only we should do it [23:09:01] csteipp: logged in changes the session right? [23:09:30] meh, that still doesn't explain https://phabricator.wikimedia.org/T49741 [23:09:40] burritocat: It changes your sessionid [23:09:44] it would still save the new one with positions on account creation [23:09:44] Not your token [23:09:49] We change the token on logout [23:09:58] and next view would wait on those master positions [23:25:49] legoktm: https://phabricator.wikimedia.org/T87397 -- where does it go now? [23:26:40] bd808: API and Availability? burritocat asked me to file that one so I assume he knows how to fix it [23:27:16] k. sounds like it goes in the the mystery "devops" bucket [23:27:54] 6MediaWiki-API-Team, 6Availability-Team, 10MediaWiki-JobQueue: Create separate job loop for LocalRenameUserJob - https://phabricator.wikimedia.org/T87397#1192528 (10bd808) [23:29:09] bd808: heh, I can't remember that much [23:29:26] I guess we wanted to unlock accounts faster or something [23:30:07] *nod* probably to stop legoktm from hogging the runner when he was/is doing big renames [23:31:05] burritocat: I think it's from all staff when the job got queued on the wrong wiki and created the tight loop and we started talking about it and you said it should go into a separate loop to be faster [23:32:50] 6MediaWiki-Core-Team: virt1000 DB connection error spam - https://phabricator.wikimedia.org/T78487#1192536 (10bd808) 5Open>3declined a:3bd808 wikitech moved off of virt1000. If it's still a problem it will show up in the log file triage. [23:38:13] burritocat: where does this live? -- https://phabricator.wikimedia.org/T75960 -- parsing? [23:38:29] yep [23:47:07] 6MediaWiki-Core-Team, 10Wikimedia-Logstash: Ignore apache2 log2udp messages and transition rules to the syslog stream of the same events - https://phabricator.wikimedia.org/T76760#1192594 (10bd808) 5Open>3Resolved a:3bd808 {{done}} a long time ago via [23:48:22] burritocat: one more -- https://phabricator.wikimedia.org/T86215 [23:49:28] performance? [23:49:37] 6MediaWiki-Core-Team: CSS validator survey and design work - https://phabricator.wikimedia.org/T989#1192610 (10bd808) [23:50:03] works for me