[00:01:31] <Reedy>	 It'd definitely be nice to get that extension undeployed
[00:03:04] <Reedy>	 only 3 wikis using it
[00:04:19] <James_F>	 It'd be easier to manually write the SQL queries, FFS.
[00:05:23] <Reedy>	 ?
[00:05:42] <James_F>	 Than painstakingly confirming the maintenance script is right.
[00:05:56] <James_F>	 Two years to move 200 DB rows.
[00:06:11] <Reedy>	 lol
[00:06:26] * James_F is just grumpy about how hard it is for us to actually finish things. :-)
[00:06:27] <Reedy>	 I think we just run it, disable the extension, then clean up if necessary
[00:06:33] <James_F>	 WFM.
[00:07:37] <Reedy>	 Though not at 1am when I need to go to bed
[00:07:43] <Reedy>	 Job for later in the day post sleep
[00:07:51] <James_F>	 +1
[00:08:25] <Reedy>	 https://phabricator.wikimedia.org/T141954#4600256
[16:11:25] <DanielK_WMDE_>	 Krinkle: do you still think the ITEM TOO BIG is UBN? From my investigation, there seems to be nothing to see here... for pages > 1 MB, we get a cache entry > 4 MB, which seems to be hitting memcache's limit
[16:42:41] <DanielK_WMDE_>	 anomie: did you look at the missing preview in McrUndo?
[16:42:53] <DanielK_WMDE_>	 I could work on that on the train tomorrow, if you don't
[16:46:26] <Krinkle>	 DanielK_WMDE_: Well, I'd be nice if the application either was able to make it work within the limit, or to decide based on it to not do it for input larger than a certain size (consistently, based on pre-serialization, for more predictable behaviour).
[16:46:36] <Krinkle>	 But that's rather difficult I guess given the client doesn't know the max size
[16:47:03] <Krinkle>	 So I'm not sure how to avoid an error level log message here while still acknowledging the behaviour as acceptable
[16:47:12] <Krinkle>	 DanielK_WMDE_: Did you find it affects non-stash as wel?
[16:47:16] <Krinkle>	 e.g. regular parser cache?
[16:49:01] <DanielK_WMDE_>	 Krinkle: the parser cache doesn't log if this fails. 
[16:49:09] <DanielK_WMDE_>	 I could make a patch that changes this
[16:49:34] <Krinkle>	 Yeah, you mentioned that yesterday, I thought maybe you determined indirectly whether it also fails to store there
[16:49:41] <Krinkle>	 but yeah, let's find out.
[16:49:47] <DanielK_WMDE_>	 Krinkle: it would fail less foten, since the cached object is smaller, since it doesn't contain the PST content
[16:50:05] <Krinkle>	 I assume it does contain the final HTML though
[16:50:16] <Krinkle>	 wait, why does the stash contain both HTML and PST?
[16:51:04] <DanielK_WMDE_>	 Krinkle: Memcached error for key "ruwiki:pcache:idhash:6440754-0!canonical" on server "/var/run/nutcracker/nutcracker.sock:0": ITEM TOO BIG
[16:51:08] <DanielK_WMDE_>	 does happen
[16:51:13] <Krinkle>	 right
[16:51:49] <Krinkle>	 It's not UBN I suppose, so long it is based on user input being too big and it being a pre-existing issue
[16:52:00] <Krinkle>	 I am unable to see now why it appeared to be a new issue
[16:53:09] <Krinkle>	 Would be nice I guess if both were INFO level, or if we have a check based on strlen($wikitext) being > something, and then make it an error iff that is small
[16:53:19] <Krinkle>	 because the PHP code doesnt know the reason is "TOO BIG", it just knows it fails.
[16:53:21] <Krinkle>	 Which can still be bad.
[16:54:14] <Krinkle>	 or... well, I guess {{subst:BIG}} would fool that. prolly based on pstContent 
[16:54:37] <Krinkle>	 we need better error handling from memc
[16:54:53] <Krinkle>	 unlike the sql driver, it seems to expose very little. maybe we can tune that.
[16:55:11] <DanielK_WMDE_>	 we could also enforce a limit in php, and have the memc limit set higher than that
[16:55:22] <DanielK_WMDE_>	 we do that for uploads, iirc
[16:55:37] <Krinkle>	 Yeah
[16:55:52] <Krinkle>	 That means we'd have to do serilalize in user land though, right?
[16:55:57] <Krinkle>	 to be able to check its size
[16:56:25] <DanielK_WMDE_>	 yea. we kind of want to do that anyway, to get away from php serialize
[16:56:34] <Krinkle>	 Yeah
[16:56:48] <Krinkle>	 I just want to avoid having the client serialize a serialized blob as a "string" with serialize()
[16:56:54] <Krinkle>	 that would inflate it somewhat
[16:57:13] <Krinkle>	 hopefully it has a 'raw' mode as well, for simple strings, or some other indication
[16:57:17] <DanielK_WMDE_>	 don't know if that can be avoided
[16:57:39] <DanielK_WMDE_>	 for parser output & friends,it wouldn't really matter
[16:57:44] <Krinkle>	 it does have modes besides serialize
[16:57:46] <DanielK_WMDE_>	 but for small payloads, it would be annoying
[16:57:59] <Krinkle>	 also perf-wise, we call memc a lot
[18:35:58] <Reedy>	 James_F: https://gerrit.wikimedia.org/r/461702 would look to be what's missing from running the disabledaccount migration script
[18:36:00] <Reedy>	 lol
[18:36:38] <Reedy>	 Hauskatze: ^^
[18:36:47] <James_F>	 Ha.
[18:37:12] <Reedy>	 That will do an AND won't it?
[18:37:14] * Reedy double checks
[18:37:20] * Hauskatze looks
[18:37:43] <James_F>	 Yeah, do you want AND there rather than OR?
[18:38:10] <Hauskatze>	 James_F: DissableAccount does empty password AND email IIRC
[18:38:15] <James_F>	 (Isn't blank password sufficient?)
[18:38:43] <Hauskatze>	 dunno
[18:38:48] <Reedy>	 apart from I typoed
[18:39:02] <James_F>	 Details.
[18:39:32] <Reedy>	 It wouldn't surpirse me if we have people on these wikis with no email set
[18:39:44] <Reedy>	 So them getting blocked, although funny, would be unintended
[18:40:14] <James_F>	 Yeah. Though they get their accounts created through CreateAccount, they might later unset their e-mail.
[18:40:17] <Reedy>	 var_dump( wfGetDB( DB_REPLICA )->selectFieldValues( 'user', 'user_id', [ 'user_password' => '', 'user_email' => '', ] ) );
[18:40:21] <Reedy>	 5 rows
[18:40:22] <Reedy>	 WFM
[18:41:23] <Reedy>	 Hauskatze: Happy if I run the script with that enhancement then? :P
[18:41:42] <Hauskatze>	 Reedy: if it catches the disabled accounts fine, okay
[18:41:51] <Reedy>	 Well, it gets a list of everyone in the inactive group
[18:42:00] <Reedy>	 It gets a list of everyone with no password and no email
[18:42:03] <Reedy>	 Combines them
[18:42:08] <Reedy>	 Makes sure they're unique
[18:42:10] <Reedy>	 Then does the same stuff
[18:42:14] <Reedy>	 James_F: SHIP IT
[18:42:32] <Hauskatze>	 ok, that should do it I think
[18:42:43] <Hauskatze>	 +1
[18:43:33] <Hauskatze>	 one day I'll learn enough PHP and MediaWiki code to be confident enough with those patches...
[18:53:01] <Hauskatze>	 Could somebody by chance review https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/CentralAuth/+/372803/ please?
[18:53:13] <Hauskatze>	 it's been some months there
[18:57:52] <James_F>	 Well, that's CentralAuth for you. Deeply scary code. :-(
[19:07:10] <tgr>	 blanking the password is not really reliable btw
[19:07:26] <tgr>	 user could have a bot password or any number of other things
[19:07:41] <tgr>	 on non-WMF wikis they might have some non-password-based login method even
[19:07:45] <Reedy>	 This definitely predates botpasswords etc
[19:07:54] <Reedy>	 And it's cruft
[19:07:57] <Reedy>	 And it's going away
[19:08:06] <tgr>	 AuthManager::revokeAccessForUser exists for that purpose
[19:08:15] <Reedy>	 Certainly, if it was staying around... We should be fixing it
[19:08:31] <Reedy>	 (plan is to disable it today)
[19:09:02] <Hauskatze>	 o'bye disableaccount
[19:09:15] <tgr>	 I'm just saying, if the extension is still in use today, we might want to clean up any security holes it might have
[19:09:26] <Reedy>	 It is
[19:09:28] <tgr>	 (bot passwords and owner-only OAuth consumers, basically)
[19:09:32] <Reedy>	 But I'm also saying I plan to get rid of it tonight
[19:09:43] <Reedy>	 long overdue
[19:10:09] <tgr>	 oh, rigt, it's going to be converted into login-disabled blocks
[19:10:14] <tgr>	 that should be safe
[19:10:36] <James_F>	 First net extension we're dropping since MwEmbedSupport in June; before that UnicodeConverter in May, and CleanChanges in February.
[19:10:46] <James_F>	 E_TOOMANYEXTENSIONS.
[19:11:00] <Hauskatze>	 and I'm proposing to get rid of UserMerge James_F 
[19:11:06] <James_F>	 +1
[19:11:14] <Hauskatze>	 given that we're not able to use it it makes no sense to keep it there
[19:11:17] <Krenair>	 Should the extension be marked on mw.o as a security risk after it's undeployed?
[19:11:19] <Hauskatze>	 (IMHO)
[19:11:20] <James_F>	 Oh, and before CleanChanges it was Cards in June 2017.
[19:11:42] <tgr>	 Krenair: it's going to be archived I think?
[19:11:53] <tgr>	 although maybe worth marking anyway
[19:11:59] <Hauskatze>	 archive? whee, more work for me :P
[19:12:31] * Reedy cracks the whip
[19:12:33] <Reedy>	 free labour
[19:12:57] <James_F>	 No no, keep them enthralled, don't let them go!
[19:13:12] <Hauskatze>	 I plan to archive all the OCG repos for Collection as requested, but after dinner
[19:13:39] <James_F>	 Hauskatze: Thank you, as always.
[19:13:46] <Hauskatze>	 I should be able to do all the remaining work myself after CI stuff, etc.
[19:13:55] <Hauskatze>	 James_F: for one thing I know how to do... :)
[19:15:34] <Krenair>	 I haven't looked into the Collection/OCG stuff for a long time
[19:15:40] <Krenair>	 how's that going?
[19:16:26] <Hauskatze>	 they ain't going, not used as per mdhollowa-y :)
[19:20:02] <Krinkle>	 James_F: Is there a list of extensions added/removed by month?
[19:20:17] <Krinkle>	 Wouldbe interseting to catalog by year at least +/-
[19:20:37] <James_F>	 Krinkle: `git log wmf-config/extensions-list`.
[19:21:40] <James_F>	 (Aka "no, but effort plus raw data plus experience can make one in your head".)
[19:26:49] <Hauskatze>	 fwiw James_F CongressLookup can be undeployed or deactivated as it was targeted for the Senate vote and that happened long ago
[19:27:10] <Hauskatze>	 the ball is on the House roof, if not thrown-out already
[19:27:18] <Hauskatze>	 I'm speaking about the Net Neutrality campaign
[19:27:28] <James_F>	 Yeah. Is there a Phab task?
[19:27:37] <Hauskatze>	 I'm not sure one exists
[19:28:03] <Hauskatze>	 maybe we can just deactivate on InitialiseSettings in the next swat window
[19:28:24] <Hauskatze>	 although if it's not going to be used, just uninstall fully :)
[19:29:02] <Hauskatze>	 dinner, see you
[22:29:14] <Reedy>	 yay
[22:29:21] <Reedy>	 travis is passing on the security patches
[22:31:01] <Reedy>	 7.2 is painful though
[22:32:45] <Reedy>	 wat
[22:32:45] <Reedy>	 https://travis-ci.org/wikimedia/mediawiki/builds/431252924
[22:32:49] <Reedy>	 HISTORY change broke postgres?
[22:32:58] <Reedy>	 oh, stalled
[22:32:59] <Reedy>	 meh
[22:40:20] <Krinkle>	 Reedy: btw, there's two identical retValue PHP Notice Undefined index still.
[22:40:24] <Krinkle>	 From other files in EducationProgram
[22:40:31] <Krinkle>	 I didn't realise at first it was a different file.
[22:40:35] <Reedy>	 :(
[22:40:37] <Krinkle>	 How far are we with killing that?
[22:40:38] <Reedy>	 Example?
[22:40:54] <Krinkle>	 > /srv/mediawiki/php-1.32.0-wmf.22/extensions/EducationProgram/includes/pagers/CoursePager.php:170
[22:40:54] <Reedy>	 Well, jynus did the sql dumps that need confirming, moving...
[22:40:59] <Reedy>	 So I guess within a week or so
[22:41:00] <Krinkle>	 and
[22:41:01] <Krinkle>	 > /srv/mediawiki/php-1.32.0-wmf.22/extensions/EducationProgram/includes/pagers/OrgPager.php:148
[22:41:20] <Krinkle>	 havent' looked but presumably the same construct
[22:41:24] <Krinkle>	 as the one we fixe
[22:41:24] <Krinkle>	 d
[22:41:32] <Krinkle>	 Anyway, ignored in my dashboard for now
[22:41:40] <Krinkle>	 don't waste time on it :)
[22:41:51] <Reedy>	 Would need a bit more context to attempt to fix
[22:41:57] <Reedy>	 a switch with no default
[22:42:04] <Reedy>	 "Variable $retValue might have not been defined more... (⌘F1)"
[22:42:06] <Reedy>	 PHPStorm knows what's up
[22:42:23] <James_F>	 Just disable the damn thing.
[22:42:31] <Reedy>	 but yeah... Hopefully it's not gonna be around for too much longer
[22:42:35] <Reedy>	 The SQL dumps are done, so...
[22:42:47] <James_F>	 We can leave it installed just in case we need to re-activate it for some reason.
[22:43:25] <Reedy>	 I want to get the sql dumps somewhere public before disabling it
[22:43:57] <Reedy>	 Otherwise vojtech will get stroppy
[22:44:11] <Reedy>	 https://phabricator.wikimedia.org/T174802#4598130
[22:45:32] <Reedy>	 I should have a look at the dumps tomorrow
[23:01:45] <Reedy>	 James_F: https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/461814/
[23:01:51] <Reedy>	 Bets that upsets someone like... The SMW folk?
[23:05:15] <legoktm>	 probably upsets the spell checkers ;)
[23:09:10] <James_F>	 legoktm: Be nice. Reedy can't help being from Yorkshire where they speak funny. ;-)
[23:09:21] <Reedy>	 fecking code
[23:10:34] <paladox>	 lol
[23:16:51] <TimStarling>	 xhprof has not been updated for PHP 7.0
[23:17:01] <TimStarling>	 also the code is not all that great
[23:17:15] <TimStarling>	 so the first thing is to decide whether we want to keep it or write a new thing
[23:17:35] <legoktm>	 TimStarling: there are two or three xhprof PHP 7 forks
[23:17:54] <TimStarling>	 ok, that is both helpful and sucky
[23:18:13] <TimStarling>	 we will take over PECL maintainership
[23:18:44] <legoktm>	 https://github.com/tideways/php-xhprof-extension I think is the most maintained one
[23:18:54] <legoktm>	 (MW also supports it, and it's packaged for Debian)
[23:19:20] <TimStarling>	 if we change PECL then the manual at php.net/xhprof should also change, it's important
[23:19:30] <legoktm>	 then there's https://github.com/phacility/xhprof/tree/experimental (the branch name should inspire confidence)
[23:20:36] <legoktm>	 Also the PHP version doesn't include all the HHVM functionality like https://github.com/phacility/xhprof/pull/52
[23:21:17] <TimStarling>	 I have a patch of my own which is not anywhere
[23:21:26] <legoktm>	 TimStarling: https://secure.phabricator.com/T9805#233567 has some notes about how xhprof should have never been allowed in PECL because of the CLA
[23:21:31] <TimStarling>	 https://bugs.php.net/bug.php?id=64165
[23:21:47] <TimStarling>	 closed on the basis of xhprof being unmaintained
[23:27:35] <TimStarling>	 so he wants it to be renamed
[23:29:03] <legoktm>	 seems like, but it also doesn't seem like they're accepting patches anyways so any effort to maintain it is effectively a fork
[23:31:39] <TimStarling>	 there's no trademark
[23:52:22] <TimStarling>	 but it's unclear whether it's worth wading into this for what is really a very modest extension
[23:52:33] <TimStarling>	 the tideways version is apparently less than 1000 lines