[18:09:51] Hi, recently Bengali Wikiquote (bn.wikiquote.org) was created but the sitename still showing in English. How this can be fixed? [18:11:19] Aftabuzzaman: leave a comment on https://phabricator.wikimedia.org/T319183 [18:11:31] you can user your wiki user [18:12:28] Ok. [20:42:07] when you use hotcat on bn.wikiquote.org (recently created), it gives edit summary in English but it doesn't happen on other Bengali project. Any idea how to fix it? [20:44:32] Aftabuzzaman: with an edit in mediawiki config probably [20:48:07] mutante Hi, I added here https://w.wiki/5otw then test on Bengali wikivoyage https://w.wiki/5otz (correct edit summary) & Bengali wikiquote https://w.wiki/5ou5 (incorrect edit summary). [20:48:34] tested* [20:49:07] Aftabuzzaman: oh, yea, I don't know. But I would just repeat what I said earlier, comment on the ticket. then people will respond [20:49:45] Aftabuzzaman: few people are reading this during this time of day, you want Europeans to see it [21:03:14] Aftabuzzaman: where are you getting HotCat from on bnwikiquote? The gadget does not seem to have been installed locally on that wiki per https://bn.wikiquote.org/wiki/Special:Gadgets [21:06:09] bd808 It supposed to give edit summary in Bengali even if it is not installed locally. See Bengali wikivoyage https://w.wiki/5otz (i didn't activate the gadget locally but still it gives correct edit summary). [21:08:18] * bd808 sees that on bnwikivoyage the gadget definition for HotCat is just a cross-site loader for the version from commons -- https://bn.wikivoyage.org/wiki/%E0%A6%AE%E0%A6%BF%E0%A6%A1%E0%A6%BF%E0%A6%AF%E0%A6%BC%E0%A6%BE%E0%A6%89%E0%A6%87%E0%A6%95%E0%A6%BF:Gadget-HotCat.js [21:12:56] Oh, Thank you. [21:13:12] Is there anyone here who has global-interface-editor permission? We don't have anyone who can create this page right now. [21:15:31] Please create https://bn.wikiquote.org/wiki/মিডিয়াউইকি:Gadget-HotCat.js/local_defaults by copy-pasting https://w.wiki/5ouF [21:16:14] Aftabuzzaman: https://bn.wikivoyage.org/wiki/%E0%A6%AE%E0%A6%BF%E0%A6%A1%E0%A6%BF%E0%A6%AF%E0%A6%BC%E0%A6%BE%E0%A6%89%E0%A6%87%E0%A6%95%E0%A6%BF:Gadget-HotCat.js/local_defaults looks like this bn localization magic on bnwikivoyage for the gadget. [21:18:07] There is some code in https://commons.wikimedia.org/wiki/MediaWiki:Gadget-HotCat.js that looks like it should also load https://commons.wikimedia.org/wiki/MediaWiki:Gadget-HotCat.js/bn if your $wgUserLanguage is set to "bn", but I can't confirm that actually fires [21:18:17] the instructions are https://commons.wikimedia.org/wiki/Help:Gadget-HotCat#Using_the_Commons_version_of_HotCat_on_another_wiki [21:18:44] * bd808 thinks that it is far beyond time for hotcat to be turned into an extension rather than a gadget [21:18:55] that would be ideal [21:22:07] that's T104394 I guess? [21:22:07] T104394: Clean up and Graduate HotCat via Beta Features - https://phabricator.wikimedia.org/T104394 [21:22:32] yeah just found that as well, looks like it didn't go far [21:23:19] and yeah, it wouldn't be worth doing without also doing a substantial rewrite [21:25:02] this seems like a false statement to me. the thing is copied all over the place in really janky ways that are poorly understood. even if the js is gross, having it in an extension would be a way to make it easier to install and to iterate on fixing. [21:25:31] but I'm not going to fight anyone over it ;) [21:25:53] the problem would be passing extension security review [21:26:22] while saying "nobody who wrote this code is around anymore, it's old, and nobody fully understands it" [21:26:59] you seem to assume that someone actually reads the js in an extension during a security review... ;) [21:28:52] I guess if I wanted to help with a thing like this my energy would be better spent on trying to make Gadgets NG (2.0 and 3.0 are already cookie licked names I think) happen with support for central/shared gadget deployments [21:32:02] Frances asked on the talk page ~7 years ago and got no responses -- https://commons.wikimedia.org/wiki/MediaWiki_talk:Gadget-HotCat.js/Archive04#Interest_in_conversion_to_an_extension? [21:33:56] GadgetsV5 [21:34:04] >.> [21:39:15] ok, having gotten all the way down to T158462 I will now leave this rabbit hole [21:39:16] T158462: Identify high-use gadgets and ensure that they have proper long-term maintenance - https://phabricator.wikimedia.org/T158462 [21:42:44] Does anyone know if there is a workaround for central auth auto login being broken in Firefox? I'm assuming that it stopped working because of cross-site cookie sandboxing changes in some (relatively) recent Firefox version. [21:43:51] I think https://blog.mozilla.org/en/security/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/ is why it stopped working for me... [21:53:56] https://support.mozilla.org/en-US/kb/total-cookie-protection-and-website-breakage-faq has some ideas [22:18:50] ask the CPTO /s [22:20:00] https://bugzilla.mozilla.org/show_bug.cgi?id=1696095 [22:24:52] fwiw the person Tim Starling was conversing with is now working on Chrome, possibly on the same feature [23:30:51] "I still think it's a good idea to adopt a different authentication flow for your site" but it's not saying *how* it expects it to work [23:34:57] bd808: I turned off the cookie protection for Wikimedia domains [23:35:54] I did the network.cookie.cookieBehavior=4 hack, but making it only for our domains would be nicer. [23:37:40] I hadn't noticed that *Firefox* had changed its behavior [23:38:00] it just seemed to require an explicit click to log in [23:38:10] I guess to do it by domain I have to visit them and then click the "shield" and then toggle the setting? The about:preferences#privacy UI seems to only allow you to remove things that have been added that way... [23:42:39] yeah, I turn it off with the shield menu. you only have to do it once per TLD, because it will then set a *.domain.org cookie that gets past ETP [23:43:00] until your session expires/gets cancelled and you have to log in on random small wikis all over again [23:43:37] This needs a "think of the Stewards!" sticker :) [23:43:44] i get the same issue in chrome with third-party cookies disabled. my workaround is to re-enable them for a couple minutes whenever i need to log in, then visit every site to get the right first-party cookies set, then re-disable them. :/ [23:44:07] we really should rework our login stuff to not require that [23:46:05] every time we manage to build a team capable of fixing authn things somebody comes along and breaks them up :/ but yes, as horrible as CentralAuth is login.wikimedia.org is probably worse. [23:47:59] yeah, it would be ideal if the WMF found some money to look at auth flow including fixing 2fa [23:48:44] is it really a money problem? [23:49:14] AntiComposite: is there a particular problem with our TOTP 2FA that you would like to see fixed? Or jsut that we never have figured out how to scale account recovery for lost TOTP seeds? [23:49:31] TOTP isn't the problem, Webauthn is [23:49:41] since it only works on a single FQDN [23:49:45] * bd808 shudders [23:50:38] I've avoided all the webauthn things here and elsewhere, so I guess I don't have a lot of ideas about how to fix that (protocol?) issue [23:51:41] there are two ways: redirect to loginwiki and do it there, or put loginwiki in an iframe [23:52:02] Platonides: calling prioritization issues money issues is convenient. it lets us pretend that there is a missing resource rather than facing the fact that we are just choosing to spend our energy elsewhere. [23:52:39] Platonides: it's a management problem [23:53:00] its an E_TOOMANYTHINGS problem really [23:54:40] if the thing you want done isn't on the current hot list then it seems that is because somebody kept you off of the list, but most of the time it is because we have so many things on the lists that we can't even figure out how to start prioritizing them [23:55:36] but there is some truth to it being harder to "sell" working on mostly hidden until they break things like authn systems [23:56:46] I was the manager of the team that built AuthManager and I had to justify us working on that project every 3 months for nearly 2 years [23:57:02] it was tiring