[00:55:33] 10Phabricator, 10Project-Admins, 10Wikimedia-Venezuela: Create several (sub)projects for Wikimedia Venezuela - https://phabricator.wikimedia.org/T167584#3399398 (10White-Master) >>! In T167584#3399034, @Aklapper wrote: >> And all milestones created in that project? > Please clarify which milestone(s) you wan... [07:27:08] 10Phabricator, 10Project-Admins, 10Wikimedia-Venezuela: Create several (sub)projects for Wikimedia Venezuela - https://phabricator.wikimedia.org/T167584#3399642 (10Aklapper) Let me stress some unanswered parts of my question: Please clarify which milestone(s) you want to have **in which project.** I guess th... [09:28:55] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400079 (10Framawiki) @Aklapper @mmodell Please have a look on T169502. I can't edit the content of this task, it tells me "You do not ha... [09:31:10] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400082 (10Mainframe98) While we're at it, please also delete the files uploaded by https://phabricator.wikimedia.org/p/Bobitoptop/, whic... [09:44:35] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400125 (10Volans) @Framawiki @Mainframe98 thanks for letting us know. I've disabled the two users and removed their files. I didn't touc... [09:51:31] twentyafterfour: I can neither edit nor do anything in https://phabricator.wikimedia.org/T169502 (spam task): "You do not have access to any forms which are enabled and marked as edit forms." Is that intentional? [09:53:06] andre__: fixed [09:53:27] twentyafterfour: oh thanks, that was quick! [10:02:23] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400156 (10Volans) @Aklapper @mmodell the cleaning effort is clearly not working! After my last full cleaning of recent files, there are... [10:15:02] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400190 (10mmodell) @volans: Some possibilities which have been discussed for further countermeasures: **Moderately disruptive possibili... [10:16:03] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400191 (10mmodell) @volans: We could set up a cron job to delete files that match your query? [10:21:37] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400229 (10Framawiki) @mmodell perhaps we should create a new task to discuss on this subject ? Or create an RfC on mw.org ? But perhaps... [10:32:06] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400270 (10mmodell) @volans, @Framawiki: The files in question have been removed. [10:38:37] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400290 (10mmodell) I am embarassed to admit to how I did it, and I will be the first to stress that we we need a much safer / cleaner wa... [10:52:34] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400361 (10Volans) @mmodell thanks for cleaning those too, but I don't think that this method can be applied in general. There are ex-leg... [10:59:38] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400382 (10mmodell) The destroy command does a fairly thorough job of cleaning up references. The warning about breaking things is generi... [11:01:39] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400398 (10mmodell) >>! In T168142#3400361, @Volans wrote: > @mmodell thanks for cleaning those too, but I don't think that this method c... [11:14:36] 10Project-Admins, 10Continuous-Integration-Config, 10Gerrit, 10MediaWiki-extensions-Nonlinear: Archive the NonLinear extension - https://phabricator.wikimedia.org/T169519#3400422 (10Aklapper) [11:25:09] 10Phabricator, 10Project-Admins, 10Wikimedia-Venezuela: Create several (sub)projects for Wikimedia Venezuela - https://phabricator.wikimedia.org/T167584#3400474 (10White-Master) >>! In T167584#3399642, @Aklapper wrote: > Let me stress some unanswered parts of my question: Please clarify which milestone(s) yo... [11:29:59] 10Project-Admins, 10Continuous-Integration-Config, 10Gerrit, 10MediaWiki-extensions-Nonlinear: Archive the NonLinear extension - https://phabricator.wikimedia.org/T169519#3400422 (10MarcoAurelio) I have closed as declined the remaining open tasks. Next steps I guess is to mark the gerrit repo as archived? [11:33:04] 10Phabricator, 10Project-Admins, 10Wikimedia-Venezuela: Create several (sub)projects for Wikimedia Venezuela - https://phabricator.wikimedia.org/T167584#3400543 (10Aklapper) 05Open>03Resolved >>! In T167584#3398762, @White-Master wrote: > Sorry again! @Aklapper can you create a project like #Wikimedia-Fu... [11:53:04] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3400617 (10Aklapper) On the general situation, not on deleting content of disabled accounts: It's not a long-term strategy to continue e... [15:19:47] 10Project-Admins, 10Scoring-platform-team: Create a phabricator project for meta-ORES - https://phabricator.wikimedia.org/T169229#3401228 (10Halfak) See https://phabricator.wikimedia.org/tag/meta-ores/ [15:20:00] 10Project-Admins, 10Scoring-platform-team: Create a phabricator project for meta-ORES - https://phabricator.wikimedia.org/T169229#3401230 (10Halfak) 05Open>03Resolved [15:29:57] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3401247 (10zhuyifei1999) >>! In T168142#3400617, @Aklapper wrote: >e.g. videos how to reproduce a bug Why can't they upload to commons,... [15:30:37] andre__: is the abuse still ongoing? [15:37:45] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3401265 (10Urbanecm) Videos and other bigger files probably should. But small screenshots and other similar files can be in phabricator i... [15:44:15] gerrit admin here? [15:51:09] TabbyCat, don't ask to ask [15:51:20] zhuyifei1999_, depends on definitions I guess. :) It's definitely not "entirely over" or such [15:51:44] andre__: for saying that you'd better not say anything [15:51:58] TabbyCat, excuse me? [15:52:17] TabbyCat: What I meant is: Please ask your followup question and don't ask for attention first. Saves one roundtrip of communication. [15:52:39] if there is a Gerrit admin and if they see the message, they would reply anyway :) [15:52:53] okay okay so I'd like someone to mark mediawiki/extensions/Nonlinear to read-only in gerrit if that's possible [15:53:11] or maybe we need to wait and abandon the pending -2/-2 change there? [15:53:17] any gerrit admin can do it [15:53:27] andre__: I'm thinking, can phab disallow uploads based on complex conditions? something like abusefilter in mediawiki [15:53:29] better now? :) [15:54:13] that's already covered in https://phabricator.wikimedia.org/T169519 right? [15:54:15] it might be possible to set a file size limit based on its type if that's possible [15:54:21] zhuyifei1999_, don't think so [15:54:28] :( [15:54:45] zhuyifei1999_, but even if - I'd upload stuff in zip file and would work around it [15:54:48] don't think that helps at all [15:55:29] yeah, then you'd have to make the zip real small [15:56:03] I've already seen 2MB zip uploads of stuff [15:56:10] so does not really help [15:56:38] :/ [15:58:06] yeah, commons has a filter for jpeg https://commons.wikimedia.org/wiki/Special:AbuseFilter/160 that sets the size limit to 3*width*height bytes + 8MiB, but many abusive uploads still go through [15:59:00] andre__: I can only guess that it's implicitly requested there, yep. [15:59:32] file delete bot isn't possible on phab either right? [16:00:51] (if that's the case it would rule out porting https://commons.wikimedia.org/wiki/Special:Log/delete/Embedded_Data_Bot to phab) [16:04:32] zhuyifei1999_ diffusion uses uploads too. So any limiting there would block any patches that do the same thing. [16:04:48] it uses chunking so large files are put into /files/ [16:05:18] hmm [16:05:38] 10Project-Admins, 10Continuous-Integration-Config, 10Gerrit, 10MediaWiki-extensions-Nonlinear, 10Patch-For-Review: Archive the NonLinear extension - https://phabricator.wikimedia.org/T169519#3401406 (10MarcoAurelio) Things done: * #MediaWiki-extensions-nonlinear has been edited to note that the extension... [16:06:17] maybe prevent newbies to upload files in Phabricator [16:06:21] ? [16:06:33] TabbyCat: sleeper accounts [16:07:14] on Wikimedia wikis we have the same problem with spambots and sleeper accounts ain't easy to find [16:07:56] i am thinking how does our gerrit install prevent this? [16:08:00] we see less spam there. [16:08:31] I guess what we could do is have mediawiki accounts created only if approved. and ldap accounts like we do for gerrit? [16:36:27] TabbyCat, I want newbies to upload files to Phabricator, because any first file could include a screenshot of a valid bug. [16:36:43] I can understand that [16:36:50] no easy solution it seems [16:36:53] so it's a tradeoff between many many aspects [16:38:07] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3401616 (10Aklapper) >>! In T168142#3401247, @zhuyifei1999 wrote: > Why can't they upload to commons, especially considering J18? In som... [16:38:47] paladox, I don't know if Gerrit "prevents it" but I don't think Gerrit has a UI that makes it easy/obvious to download a single uploaded file? [16:40:59] You can download patches. Though yes it is not easy as phab file application as gerrit's is made for patches not uploading one file and downloading it. [16:41:23] But i meant about people creating spammy accounts and registering them. [16:42:44] Maybe what we need is if the user makes 10+ tasks or comments or patches they can then use the files application to upload any over the size of lets say 1mb? [16:43:00] as I've explained before I don't see how that helps. [16:43:17] create 10+ spam/useless tasks or comments and work around it. [16:44:03] oh [16:44:04] hmm [16:45:50] what about an admin approving users use of files application? So this should affect new users. [16:45:50] No "quick ideas" will help. [16:46:01] paladox, we need ideas that scale. [16:46:06] ok [16:46:08] not random stuff. [16:46:21] We already enabled approving new user accounts for a while. [16:46:50] which means an admin can spend time thinking whether to allow a certain user or not. Based on unclear criteria and not enough info (only IP addresses). [16:46:55] Same problem. Does not scale. [17:50:40] 10Diffusion, 10ORES, 10Repository-Admins, 10Scoring-platform-team, and 2 others: Diffusion repository can't be cloned: 500 errors (research-ores-editquality) - https://phabricator.wikimedia.org/T157141#3401937 (10awight) [17:52:47] 10Phabricator: Unclear what the point of tokens in Phabricator is - https://phabricator.wikimedia.org/T899#3401960 (10D3r1ck01) When @QuimGil awarded a token to one of my tickets on phab: T166981, I started trying to figure out what particular tokens mean. @Qgil awarded me a "Yellow Medal" and I am now in search... [18:00:15] andre__: We (me, Mukunda, others) had a very lengthy discussion about this on Friday. We were thinking something like an autoconfirmed mode (a la MediaWiki) [18:00:29] So brand new accounts had to wait a couple days and make like a comment or two before uploading files [18:00:48] Yeah, it's a little annoying for a well-meaning first time user, but I think it'd stop a good amount of the vandals. [18:01:18] (also had a few other ideas about decoupling the "disable a user" bit from admin permissions, so we could make some sort of "moderator" group who can respond to vandals quickly when an admin isn't around) [18:07:12] RainbowSprinkles: that is all very +1 from me [18:07:18] tho it means nothing :) [18:07:57] I think the latter would be a pretty easy change with a lot of gain. Disabling users is pretty harmless and totally reversible. We could entrust quite a few users with that bit [18:08:11] yes truly [18:08:15] And that way if vandalism is happening, someone can respond quickly to stop it until an admin can jump in [18:08:26] that is the primary delay between bad actor and delay [18:08:30] tryign to get the attention of an admin [18:08:32] afaict [18:08:44] second delay there was meant as disable :) [18:08:48] :) [18:18:57] RainbowSprinkles: +1 from me aswell [18:46:34] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3402154 (10Framawiki) Is it just possible to block an ip range to download a file on phab ? A hook in this part of the program ? [19:33:09] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3402276 (10mmodell) @framawiki: I think that would be possible [19:34:50] 10Phabricator, 10Wikimedia-Site-requests, 10Wikimedia-Incident: Cleanup phabricator.wikimedia.org uploaded files, WP zero abuse - https://phabricator.wikimedia.org/T168142#3402287 (10mmodell) > Plus spammers might start to register accounts, leave them dormant for a while, and then use them. This is what I... [19:36:29] 10Phabricator: Unclear what the point of tokens in Phabricator is - https://phabricator.wikimedia.org/T899#3402292 (10mmodell) they are arbitrary, essentially just a way of showing appreciation. [19:49:23] re: allowing non-admins to disable users: I looked into it a little and I actually couldn't deduce where the admin permission is enforced. It should be easy to open that up to a larger group of people but I haven't figured out how so far. [20:36:54] 10Diffusion, 10Phabricator (Upstream), 10Upstream: Diffusion "Branches" list is too long, could be collapsed like "Tags" - https://phabricator.wikimedia.org/T103641#3402478 (10mmodell) 05Open>03Resolved [20:43:52] twentyafterfour: Well non-admins have the option, but it does bait and switch like so many phab things :p [20:44:04] So it might be enforced at a write-level rather than read [20:44:05] :) [20:44:19] yeah .. I didn't actually find it enforced anywhere :-/ [20:44:23] (here's a button, click it. NOPE YOU CAN'T DO THAT :)) [20:44:24] lol [20:45:11] 10Project-Admins, 10User-bd808, 10cloud-services-team (Kanban): Rename and update Cloud Services Phabricator projects - https://phabricator.wikimedia.org/T167244#3402507 (10bd808) a:03bd808 [20:45:25] what Kanban means? [20:47:00] TabbyCat: it's a project management technique / practice [20:47:20] thank you twentyafterfour [20:47:27] http://lmgtfy.com/?q=kanban [20:47:48] sorry, couldn't resist teh lmgtfy [20:48:02] hahahaha [20:48:06] funny [20:48:18] didn't knew about that page [20:48:21] https://en.wikipedia.org/wiki/Kanban_(development) is the more relevant link [20:48:47] will check it out in some minutes, I have a new batch of spambots to lock :| [20:49:01] relentless [20:49:52] 10Diffusion, 10Patch-For-Review, 10Regression, 10Release-Engineering-Team (Kanban): Unable to browse refs/meta/config in Diffusion - https://phabricator.wikimedia.org/T137354#3402517 (10mmodell) p:05High>03Normal a:03mmodell I'll deploy it this week