[08:36:50] <Nemo_bis>	 What's the "session state" in context of Lua/Scribunto? https://translatewiki.net/wiki/MediaWiki:Apihelp-scribunto-console-param-clear/en
[08:39:24] <Nemo_bis>	 The scribunto console doesn't seem to be documented anywhere
[11:43:50] <s1991>	 Niharika: I've requested phabricator project, will take a while?
[11:44:16] <Niharika>	 s1991: Yes. Maybe a couple of days. 
[11:44:25] <s1991>	 ok, np
[13:51:27] <Randomage>	 Is it possible to use ResourceLoader to load an external javascript?
[13:51:39] <Randomage>	 like the google ads one
[13:53:35] <devunt>	 yes you can
[13:54:02] <devunt>	 but it depends on url scheme
[13:54:20] <devunt>	 you can't load http script on https wiki pages
[13:54:29] <Randomage>	 yeah it's protocol-less
[13:54:37] <Randomage>	 the kind that starts with //
[13:54:55] <devunt>	 then you can use like 
[13:54:58] <devunt>	 mw.loader.load('//ads.google.com/script.js');
[13:59:16] <Randomage>	 hm, I don't seem to be able to make it work.
[14:00:26] <Randomage>	 Nevermind, I got it working.
[14:00:30] <Randomage>	 Thank you!
[14:00:37] <devunt>	 no problem
[14:30:03] <Randomage>	 Ok, how do I go about configuring a javascript parameter in an included resource?
[14:30:22] <Randomage>	 Is that even possible?
[14:35:08] <Randomage>	 maybe mw.config.get ?
[14:39:23] <Krenair>	 what are you talking about?
[14:39:46] <Krenair>	 mw.config.get returns MediaWiki configuration variables in JS
[14:50:04] <Randomage>	 Basically I want to set up a variable and use it from inside a javascript file loaded with ResourceLoader
[14:50:27] <Randomage>	 but mw.config seems to be holding only a selected few values.
[14:52:05] <Krenair>	 do you know javascript?
[14:52:25] <Krenair>	 you can mw.config.set stuff where appropriate, and then mw.config.get from your other module
[14:52:27] <Randomage>	 a little bit
[14:52:34] <Randomage>	 Ok.
[14:52:39] <Krenair>	 if it's actually MW config that is
[14:52:51] <Randomage>	 that's the "good" alternative to global variables basically
[14:53:02] <Randomage>	 it's an extension configuration
[14:53:07] <Randomage>	 an extension I am writing.
[14:53:08] <Krenair>	 OK for extension configuration
[14:53:14] <Krenair>	 don't use it for just any random global
[14:53:23] <Randomage>	 I had it working already I'm trying to use the proper tools tho.
[15:01:05] <Randomage>	 hmm, I can't come up with a decent method to set those.
[15:05:34] <Randomage>	 onResourceLoaderGetConfigVars hooks seems like they would do.
[17:34:19] <QuasAtWork>	 this is definitely a bit OT to ask in here but if anybody has experience removing and immunizing a server against Geodo botnet C&C infection, would appreciate advice (my wiki server got hit by it yesterday)
[17:36:28] <RobotsOnDrugs>	 wipe and restore from backup?
[17:40:05] <QuasAtWork>	 well we haven't put that off the list but if there were a simpler option I'd take it obviously :>
[17:40:20] <Skizzerz>	 that IS the simpler option
[17:41:05] <QuasAtWork>	 well my main issue is not knowing how they got in, and thus not being able to stop it from happening again
[17:41:11] <Skizzerz>	 the complicated option is "figure out everything that managed to get infected. If they managed to break into root or pull off kernel exploits, then wipe and restore from backup"
[17:41:54] <Skizzerz>	 is it a VM/VPS or a physical box?
[17:43:15] <Skizzerz>	 QuasAtWork: see above question :)
[17:43:32] <Skizzerz>	 (also if VM, what hypervisor is it running on)
[17:44:03] <QuasAtWork>	 physical
[17:44:26] <Skizzerz>	 ok, so definitely an actual issue with something on the box then
[17:44:47] <Skizzerz>	 if you can figure out what account the botnet is running as, that narrows down the possible entry points
[17:44:58] <Skizzerz>	 (to things also under that account)
[17:45:19] <Skizzerz>	 so, make sure all of those things are at their latest patch level
[17:45:20] <QuasAtWork>	 well it's not currently running; my main sys admin has shut it down, but he said it had attained root elevation.
[17:45:25] <Skizzerz>	 oh
[17:45:27] <Skizzerz>	 then the box is fucked
[17:45:31] <Skizzerz>	 wipe it and restore from backup
[17:45:35] <QuasAtWork>	 it made several changes to cover its tracks that would require root ordinarily
[17:45:44] <QuasAtWork>	 like redirecting .bash_rc to /dev/null
[17:45:58] <Skizzerz>	 and make sure everything is fully patched
[17:46:13] <Nebraskka>	 any way to float left external image?
[17:46:39] <Skizzerz>	 wrap it in <div style="float:left">?
[17:47:00] <Nebraskka>	 awesome idea, let me try
[17:47:25] <Nebraskka>	 Skizzerz, thanks, it's worked
[17:48:16] <Skizzerz>	 QuasAtWork: finding the initial entry point may be difficult if it's been carefully covering its tracks, likely requiring hours of research. If you can get everything on there patched to the latest level, that would be best
[17:48:26] <QuasAtWork>	 yeah.
[17:48:32] <QuasAtWork>	 I'm sure something wasn't
[17:48:48] <Skizzerz>	 wish I could help more, but once root elevation is attained, there's little other recourse :(
[17:48:57] <QuasAtWork>	 I can't find any info on the vector this botnet uses
[17:49:03] <RobotsOnDrugs>	 QuasAtWork: if it got root, you definitely need to wipe and restore, and then figure out how it got in before making it available to the internet again
[17:49:06] <QuasAtWork>	 all the research is on what it does to PCs
[17:50:14] <RobotsOnDrugs>	 trying to scrub it out will be a huge time sink and you'll never be comfortable
[20:09:44] <SamB_laptop>	 is there a way to get some wikitext evaluated at the top of every page in the Module namespace, or at least every such page with the "wikitext" content model?
[20:09:55] <SamB_laptop>	 alternatively, an easy way to get a list of such pages would be useful.
[20:10:20] <SamB_laptop>	 (So we can fix their content models.)
[20:11:04] <bawolff>	 SamB_laptop: I can get that for you
[20:12:47] <SamB_laptop>	 did the bug that caused importing Modules to give them the wrong content model get fixed?
[20:14:49] * bawolff doesn't know
[20:18:06] <bawolff>	 oh, there's all the '/doc' pages are wikitext
[20:18:38] <Smilie>	 Hi. Any one else having troubles setting user rights for "all" or the "user" group in version 1.24?
[20:21:35] <bawolff>	 Smilie: I haven't heard of anyone having issues
[20:22:10] <bawolff>	 If you pastebin the config you have, and link to Special:UserGroupRights, I might be able to help you debug
[20:22:48] <bawolff>	 SamB_laptop: http://quarry.wmflabs.org/query/3610
[20:23:29] <Smilie>	 bawolff: https://dpaste.de/x0XM for config, and http://intranet.jeklynnheights.com/wiki/index.php?title=Special:ListGroupRights
[20:26:17] <bawolff>	 Smilie: Did you put those lines at the very bottom of LocalSettings.php ?
[20:26:31] <Smilie>	 bawolff: yep
[20:27:50] <bawolff>	 Smilie: Hmm, nothing seems out of place. Make sure you're editing the right LocalSettings.php file and all that
[20:27:54] * bawolff doesn't know
[20:28:07] <Smilie>	 alright, ty though
[20:29:18] <Smilie>	 oh
[20:29:26] <Smilie>	 it appears it was an extension called haloAcl
[20:41:17] <Betacommand>	 Smilie: what are you trying to do with group rights?
[20:41:49] <Smilie>	 I wanted to restrict people from creating new accounts. They will be synched via LDAP
[20:42:02] <Betacommand>	 !rights
[20:42:03] <wm-bot>	 For information on customizing user access, see < http://www.mediawiki.org/wiki/Help:User_rights >. For common examples of restricting access using both rights and extensions, see < http://www.mediawiki.org/wiki/Manual:Preventing_access >.
[20:44:59] <Betacommand>	 Smilie: can you remove the passwords and paste all of localsettings?
[20:45:25] <Smilie>	 It's all good I got it working after disabling an extension :)
[20:46:21] <Betacommand>	 Smilie: what extension?
[20:46:50] <Smilie>	 http://www.mediawiki.org/wiki/Extension:Access_Control_List
[20:48:13] <Betacommand>	 Ah figures
[20:59:18] <SamB_laptop>	 bawolff: oh, neat! I had no idea that service even existed.