[13:03:00] tgr: Crazy. Run the maintenance script to attach the loginwiki account? [13:03:46] anomie: sure, I can fix it, just wondering if it's worth adding a condition for that [13:04:07] abort autologin if the loginwiki account is not attached or something like that [13:04:18] tgr: If you want to, sure. [13:05:19] Loginwiki *shouldn't* ever have unattached accounts, because it makes absolutely no sense, but I wouldn't oppose a safety check. [13:06:44] ok, I'll add it to the "things to do when AuthManager" is out pile [13:07:18] anomie: can you look at https://phabricator.wikimedia.org/T137194 ? [13:09:01] do you think it's worth providing the requests to the audit hook? or maybe special-case PasswordRequest somehow? [13:10:04] tgr: Did we ever use LoginAuthenticateAudit for that purpose? I left out "password" when making the new hook because there isn't necessarily one. Adding in requests could be done, but what would you do about the additional requests after UI or REDIRECT responses? [13:10:33] yes, it would get messy [13:10:52] we use LoginAuthenticateAudit to collect password length stats currently [13:11:08] I suppose that was added after the admin password length RfC [13:12:54] Yeah, that's new since last time I looked. [13:13:22] https://gerrit.wikimedia.org/r/#/c/222025/ merged November 2015. [13:16:26] in general, collecting stats to inform password policy seems like a valid use case [13:17:28] we could just pass the original set of requests, that's stored in the session anyway [13:18:33] the fully general approach would be something like [[...initial requests...], [...requests needed after first submit...], ...] but I doubt it's useful enough to be worth the effort [13:55:10] tgr: Re I38ac7883d, are we that close to turning it on in prod? [13:57:02] anomie: we have to be, Chad is going on vacation next week :) but if SWAT goes more smoothly today and the AbuseFilter patches are merged, there won't be any blockers I know of [13:57:24] Awesome! [13:57:28] I would enable it today on group0, a few hours after the train [14:37:40] anomie: what do you think of asking for the 21-22 UTC window for enabling on group0? [14:40:17] tgr: If my being online is needed, I note that's 5pm-6pm my time so I'll probably be looking at getting dinner then. [14:48:03] anomie: one hour later, maybe? I can do the deployment itself, but if anything goes wrong it would be good if you were available [14:48:26] I had ample oppurtinity to learn that debugging CentralAuth in production is beyond my ability [14:57:12] * anomie is checking his plans for this evening [15:51:04] tgr: Let's plan for starting at 22 UTC [16:10:46] anomie: can we do the same the next two days? [16:11:08] tgr: I'll have to check on that one. [17:24:24] anomie: how did you test OpenStackManager? [17:25:05] tgr: By loading the patch on labtestwikitech.wikimedia.org and poking at it to see if stuff broke. [17:26:31] anomie: if you want to veto There is a link at the bottom of the page whenever Hovercards is on production to allow you to opt in, thus closing this as Invalid. Pinging @Nirzar in case this is a symptom of the link being undiscoverable and needing a design change. [17:26:54] ugh, why does linux have so many clipboards [17:27:47] anomie: if you want to veto https://gerrit.wikimedia.org/r/293130 please do so before I test it :) [17:28:09] it's a very lazy fix but AIUI OSM will only be supported for a few weeks anyway [17:28:37] tgr: Eeew. I'll pretend I never saw the patch. [17:35:27] tgr: s/a few weeks/a few months/ [18:35:51] anomie: re schedule, 22 UTC ok for the other days? [18:36:32] tgr: Probably. Inconvenient, but I can deal with it. [18:55:28] greg-g: please check mail [18:57:40] * greg-g will always hear "you've got mail" in response to things like that :) [19:11:11] anomie: I see you used /srv/mediawiki/php-authmanager for live testing on labtestwiki, how does that work? can you just put 'php-authmanager' in wikiversions.json? [19:12:17] tgr: Yes. Or wikiversions.php, I forget which. [19:31:32] greg-g: Remember when I had the "You've got mail" extension on my browser? That was annoying :p [19:33:44] ostriches: yes, and yes :) [19:56:42] tgr anomie my testing didn't yield a repro of the ff issue on nexus 7 android v5 firefox. we look good from the styling perspective. [19:57:08] thx for checking dr0ptp4kt [19:57:30] tgr: thx for working through the different scenarios with me earlier, both you and anomie [19:58:07] anomie: Status::getMessage seems horribly broken to me [19:58:19] what the hell is the point of the $msgCount+ thing? [19:58:40] (still trying to debug the password change dialog) [20:01:45] tgr: $msgCount is used to make a "* $1\n* $2\n* $3\n* $4" (and so on) key for RawMessage, to combine all the input messages. I don't know why it's done with a RawMessage though. [20:02:07] Oh, I suppose because that gets returned directly if $longContext and $shortContext are both null. [20:02:20] anomie: OK but why is it incremented when $shortContext is used? [20:03:15] No idea. [20:05:58] Yeah, that looks buggy. [20:41:25] greg-g: no objection then? [20:51:32] anomie: should HTTP POSTing to any api.php action get me the https expected error? [20:51:41] I'm not seeing it with this test -- curl -v -X POST 'http://en.wikipedia.org/w/api.php' --data 'action=query&meta=tokens&type=csrf&format=json' [20:52:35] bd808: I think you have to be logged in for it to happen. [20:53:03] hmmm.. ok [20:53:48] so there is a hole in our net [20:57:17] anomie: how did you disable rsync or whatever is periodically deleting /srv/mediawiki/php-authmanager on labstestweb2001? [20:57:58] tgr: I didn't? [21:00:43] * anomie heads out to find dinner before 2200 UTC [21:05:10] tgr: nope, chad's right [22:03:44] greg-g, ostriches, i use ~500 .wav files of word pronunciations (mostly from m-w.com) that are randomized via https://addons.mozilla.org/en-US/thunderbird/addon/email-notification-randomizer/?src=userprofile (with a forced xpi override to make it function with current version). So, my computer will randomly blurt out "aardvark", "implosion", "mesopotamia", "mellifluous", "shenanigans", etc. :> [22:17:52] anomie: https://gerrit.wikimedia.org/r/293227 [22:18:11] tgr: Looks correct [22:18:37] after spending inane amounts of time trying to test patches on labtestwiki and failing, I'll leave that to tomorrow, wikitech is group1 [22:19:38] anomie: also if you don't have reserbations about them, can you merge https://gerrit.wikimedia.org/r/#/c/293210/ and https://gerrit.wikimedia.org/r/#/c/293094/ ? [22:23:26] '94 merged. '10 could use documentation as to WTF is going on there. [22:23:30] tgr: ^ [22:26:38] anomie: updated [22:28:10] tgr: replied [22:49:43] gah these merges are taking forever [22:49:57] good thing there is only one change for SWAT [22:59:52] in hindsight I should have changed out the config change first and only do the backports afterwards [23:00:05] ...synced out... [23:22:06] anomie: enabled on group0 [23:24:16] hm, CentralAuth autologin doesn't seem to be working accross wikis with AM enabled and disabled [23:24:24] which is not tragic [23:24:36] works between mw and test though [23:27:56] hm, autologin on the login page is working, just not on the main page [23:28:14] I have seen this in the past, maybe not related at all [23:39:54] tgr: What I'm seeing is that my browser isn't sending the cookie back to loginwiki when it gets called as the png or the script. But if I hit the URL directly, it does send the cookies so it works. I have no idea what might have changed that. [23:42:56] anomie: can you look at https://gerrit.wikimedia.org/r/293242 ? [23:43:27] +2ed [23:55:58] tgr: Remind me in the morning to help you get your patch on labtestwikitech for testing. [23:57:19] anomie: thanks [23:57:37] I think we are good if you want to call it a day