[00:28:00] <ayudaACA27265>	 KSKWISISINENDUDJDJEI
[00:28:00] <ayudaACA27265>	 F
[00:28:01] <ayudaACA27265>	 FD
[00:28:01] <ayudaACA27265>	 G
[00:28:01] <ayudaACA27265>	 J
[00:28:02] <ayudaACA27265>	 H
[00:28:02] <ayudaACA27265>	 W
[00:28:02] <ayudaACA27265>	 GE
[00:28:03] <ayudaACA27265>	 F
[05:08:48] <gicode>	 tgr|away_: Hi
[05:10:09] <gicode>	 tgr|away_: I'm working on updating an AuthPlugin and I noticed an issue in includes/Preferences.php.  It checks $authManager->allowsAuthenticationDa
[05:10:53] <gicode>	 tgr|away_: Rather $authManager->allowsAuthenticationDataChange( ... )->isGood()
[05:12:18] <gicode>	 tgr|away_: But the API for AuthManager says that I should "Return StatusValue::newGood( 'ignored' ) if you don't support this AuthenticationRequest type."
[05:12:57] <gicode>	 tgr|away_: So it seems like either the docs are wrong or the prefs code is broken.
[05:19:14] <tgr>	 gicode: that was fixed in d850025e, apparently we forgot to backport it to 1.27
[05:19:20] <tgr>	 thanks for reporting
[05:19:39] <gicode>	 tgr: Oh, thanks
[05:19:49] <gicode>	 :-)
[05:21:23] <gicode>	 Hmm, looking at that change, I don't see a fix
[05:21:59] <gicode>	 It looks like that change switched from testing a boolean response to testing isGood(), but it still doesn't check that the value is "ignored"
[05:22:07] <gicode>	 Per the API docs for AuthManager
[05:23:43] <gicode>	 tgr: It looks like there are only a few places that actually check for "ignored"
[05:25:44] <tgr>	 gicode: you are probably looking at the API docs for (Primary|Secondary)AuthenticationProvider, not AuthManager
[05:25:55] <gicode>	 Yeah
[05:26:13] <gicode>	 Am I looking in the wrong place?
[05:26:36] <tgr>	 yes
[05:27:25] <tgr>	 those are internal to AuthManager, everything else is using AuthManager::allowsAuthenticationDataChange which does not use 'ignored'
[05:27:33] <gicode>	 I trying to create a PrimaryAuthenticationProvider that doesn't "providerAllowsAuthenticationDataChange"
[05:28:26] <gicode>	 tgr: This is the code I see: https://doc.wikimedia.org/mediawiki-core/master/php/AuthManager_8php_source.html#l00848
[05:28:50] <gicode>	 tgr: It looks like if I return "ignored", AuthManager passes that up the chain
[05:29:17] <gicode>	 tgr: And then Preferences.php isn't looking for "ignored", so the Change Password link is displayed anyways
[05:30:02] <tgr>	 hm, I don't remember what is the point of setting 'ignored' there
[05:30:09] <tgr>	 maybe unit tests
[05:30:43] <gicode>	 It looks like "Status" is trying to say whether the call succeeded or not rather than the boolean result of the call
[05:30:48] <tgr>	 but calling warning() means that $status->isOk() will pass but $status->isGood will not
[05:31:06] <gicode>	 Oh
[05:31:18] <gicode>	 Ah, I didn't notice that
[05:31:57] <tgr>	 Status is one of the less user-friendly pieces of code in MediaWiki
[05:33:37] <tgr>	 so when you write a provider just return Status::newGood( 'ignored' ), that should work fine
[05:34:22] <tgr>	 probably should be part of AbstractPrimaryAuthenticationProvider, too
[05:34:41] <gicode>	 Thanks for your help.  I'll have to chase my code further.  I am unconditionally returning StatusValue::newGood( 'ignored' ); from providerAllowsAuthenticationDataChange and I am still seeing the "Change password" link on prefs
[05:35:04] <gicode>	 Oh
[05:35:12] <gicode>	 Status vs StatusValue perhaps
[05:35:37] <tgr>	 but then, a primary provider that does not handle data change is probably rare
[05:36:17] <gicode>	 tgr: I'm trying to hide the password change feature for my SessionProvider
[05:36:27] <gicode>	 This is for the Auth_remoteuser extension
[05:36:59] <gicode>	 The only way I could find to do it was to subclass the local auth provider and override that method
[05:37:26] <tgr>	 that seems like a bad idea
[05:37:27] <gicode>	 Status isn't working differently from StatusValue :-/
[05:37:55] <tgr>	 yeah, for the most part those two are interchangeable
[05:38:01] <gicode>	 tgr: A lot of the stuff Auth_remoteuser does seems like a bad idea, but such is how it has always been :-(
[05:38:32] <tgr>	 another annoyance with Status, a refactoring attempt that was never finished
[05:38:59] <tgr>	 true
[05:39:21] <gicode>	 tgr: https://xkcd.com/927/ :-)
[05:39:46] <tgr>	 still, if you don't want to use local passwords, just remove LocalPasswordPrimaryAuthenticationProvider
[05:40:08] <gicode>	 Oh, it's possible to have no authentication providers?
[05:40:43] <tgr>	 technically possible
[05:40:47] <gicode>	 If I do that, is there another way to manage the "providerAllowsPropertyChange" stuff?
[05:41:01] <gicode>	 Like to disable email or real name changes when those are provided by the extension
[05:41:17] <tgr>	 in practice I think some setup code will assume that at least TemporaryPasswordPrimaryAuthenticationProvider is there
[05:41:25] <gicode>	 OK
[05:41:35] <tgr>	 but removing the LocalPassword one should be fine
[05:43:47] <tgr>	 hm, you probably do need your own authentication provider if you want to disallow those
[05:43:59] <gicode>	 It looks like returning newFatal "works".  I can go with that for now.
[05:44:32] <tgr>	 you will need to remove/replace LocalPassword... anyway
[05:44:51] <gicode>	 Oh, hmm
[05:44:54] <gicode>	 Maybe that's my issue
[05:45:18] <gicode>	 I assumed there can be only one at a time, but looking again, that isn't correct
[05:45:25] <gicode>	 That must be the problem
[05:45:54] <tgr>	 either that or prevent all password changes, which is again a bad idea because someone might use Auth_Remoteuser together with some other password-based auth extension
[05:46:27] <tgr>	 no, one of the goals of AuthManager was to allow any number of alternative login methods
[05:47:05] <gicode>	 Makes sense
[05:48:00] <gicode>	 If you're using Auth_remoteuser though, I'm not sure how it would be possible to use another auth mechanism
[05:48:17] <gicode>	 Which hook would be best to use to remove the default auth provider?
[05:48:25] <tgr>	 of course if you use a SessionProvider which disallows logins then there is not much point having any primary auth providers
[05:50:39] <tgr>	 there isn't really a good place for that
[05:51:50] <tgr>	 SetupAfterCache is probably the least bad one
[06:00:15] <gicode>	 Thanks for all your help :-)
[06:00:27] <gicode>	 tgr: One more piece working
[06:00:34] <gicode>	 :-)
[09:50:38] <Nemo_bis>	 sigh "Wikimedia subsite of openoffice.org" https://mail-archives.apache.org/mod_mbox/openoffice-dev/201609.mbox/%3C008d01d204a9%24bd37caa0%2437a75fe0%24%40apache.org%3E
[11:18:13] <abian>	 Does any MediaWiki volunteer know how to create a new MediaWiki interface message? :)
[11:18:18] <abian>	 https://phabricator.wikimedia.org/T138652
[12:32:24] <ankry>	 hi
[12:32:47] <ankry>	 is there any way to check tags from abusefilter?
[12:33:18] <ankry>	 or no chance as they are set later
[12:33:19] <ankry>	 ?
[13:54:34] <jubo2>	 y0
[13:54:58] <jubo2>	 Nginx or Apache for serving MediaWikis, Semantic MediaWiki and a Commons ?
[13:55:03] <jubo2>	 I can't decide
[13:55:08] <jubo2>	 I sorta like both
[14:04:18] <Dereckson>	 Hi jubo2.
[14:04:31] <Dereckson>	 Take the one you're the more happy to configure.
[14:04:39] <Dereckson>	 and the more proficient too
[14:05:12] <Dereckson>	 You seem to want to create a more complex infrastructure with several wikis, you'll probably need to tweak web server configuration.
[14:05:30] <Dereckson>	 nginx is ray
[14:05:58] <Dereckson>	 nginx is rather interesting for stuff like @try_files to simplify a lot the syntax and avoid some rewrite rules
[14:06:09] <Dereckson>	 Wikimedia uses Apache
[14:06:53] <Dereckson>	 (to serve MediaWiki, there are some nginx too for other parts of the infrastructure)
[14:08:42] <Dereckson>	 There is no question of performance anymore: 1. for real perfs, you use a cache (e.g. Varnish) 2. Apache HTTP has an event worker too if you like the nginx model to serve requests
[14:09:02] <Dereckson>	 So it's basically a question of what do you want to configure.
[14:09:46] <jubo2>	 Dereckson: thanks for info
[14:10:01] <jubo2>	 I got a Nginx in Netherlands.. it is easier to conf
[14:10:26] <jubo2>	 less clutter from the 90's 
[14:10:31] <jubo2>	 then on the other hand
[14:10:52] <jubo2>	 I do got a working set of rewrite rules for Apache to get pretty URL
[14:11:23] <jubo2>	 from 2.2 -> 2.4 series switch I needed to change some things but they should be good to go for switch server and keep using Apache 2.4
[14:11:57] <jubo2>	 I got mi first server that from a hosting company that runs only on renewable electricity
[14:12:24] <jubo2>	 "Get a free green graphic with positive connotations scribed all over it."
[14:12:41] <jubo2>	 Expensive like hell this "Host in Finlan" business
[14:12:48] <Dereckson>	 Apache 2.2 -> 2.4 config update is basically Order allow,deny / allow from all → Require all granted
[14:12:51] <jubo2>	 but the laws are like really good
[14:13:17] <Dereckson>	 https://httpd.apache.org/docs/2.4/upgrading.html
[14:13:26] <jubo2>	 and the daattasaal is inside bedrock
[14:13:30] <jubo2>	 added bonus
[14:14:09] <Dereckson>	 I'm not comfortable with the idea web server technology choice means pick a datacenter 
[14:15:18] <Dereckson>	 Perhaps a good middle-term goal would be "be able to deploy on what we need per app, not per datacenter"
[14:16:45] <Dereckson>	 That should be a red flag your infrastructure isn't flexible enough to deploy apps the modern state-of-art way if you need to pick a DC because one has servs with Apache, another with nginx
[14:23:07] <jubo2>	 Dereckson: What??
[14:23:30] <jubo2>	 Sure you can have servers with Apache and servers with Nginx in same or óther DCs
[14:23:49] <jubo2>	 not sure if it is any good but it is totally possible
[14:38:53] <Jianhui67>	 Any mw admin here?
[14:39:01] <Jianhui67>	 Just a question
[14:39:59] <andre__>	 !ask | Jianhui67
[14:39:59] <wm-bot>	 Jianhui67: Please feel free to ask your question: if anybody who knows the answer is around, they will surely reply. Don't ask for help or for attention before actually asking your question, that's just a waste of time – both yours and everybody else's. :)
[14:40:36] <Jianhui67>	 Can pages like https://www.mediawiki.org/wiki/Talk:Sangam_Devkota be deleted
[14:42:17] <Nemo_bis>	 sure (done)
[15:01:16] <Jianhui67>	 Nemo_bis: how do I tag such pages for deletion
[15:18:18] <Nemo_bis>	 Jianhui67: Flow? No idea, I don't use Flow
[15:18:47] <Nemo_bis>	 feel free to just add {{delete}} to the corresponding subjectpage with a note that the request applies to the talk page
[16:35:48] <wushin>	 Heya. Strange issue. We have 6 pages in a category but only 3 show up in the category list if you aren't logged in. You get all 6 if you are logged in. We check pages for protection and etc differences but can't find any. Any help/advice?
[16:38:38] <Dereckson>	 wushin: caching
[16:39:05] <Dereckson>	 https://www.mediawiki.org/wiki/Manual:Cache
[16:43:56] <wushin>	 Dereckson Danke!
[17:24:37] <Bobmorane>	 Hi! I am looking for where javascript is loaded on Mediawiki 1.26
[17:25:01] <Bobmorane>	 I have a trouble with all the js dynamic elements on the pages, (search suggestions list, sorting tables, info messages) like if they had been turned off or uninstalled, but all the resources are in place
[17:26:40] <Bobmorane>	 Js runs correctly on the rest of the website btw. Any help?
[17:33:16] <MaxSem>	 Bobmorane, reload page with developer tools open. any errors/resources that failed to load?
[17:35:27] <Bobmorane>	 MaxSem nope
[17:36:20] <Bobmorane>	 And no php error in relation with this
[17:41:20] <Bobmorane>	 I have a 500 internal error on this : /load.php?debug=false&lang=fr&modules=startup&only=scripts&skin=vector 
[18:27:41] <Tuxedo>	 Alphos, you wrote: "Tuxedo : the bug is also present on your other server, but it's masked by your configuration - either display_errors Off or error_reporting off for E_DEPRECATED-level errors - if not both".
[18:27:53] <Tuxedo>	 I found the cause!
[18:28:29] <Tuxedo>	 In my LocalSettings.php, I had this:
[18:28:31] <Tuxedo>	 error_reporting( -1 );
[18:28:32] <Tuxedo>	  ini_set( 'display_errors', 1 );
[18:28:56] <Tuxedo>	 Which resulted in many warnings but no real errors.
[18:29:49] <Tuxedo>	 Thanks for having pointed me in the right direction! No need for me to re-install the whole wiki system :-)
[18:40:56] <Tuxedo>	 On an unrelated question in dealing with spam: I recently installed a brand new wiki on a completely new domain and initially kept it open for editing. It only took a day or so before the usual spammers added pages and links.
[18:41:52] <Tuxedo>	 I set up instant commons. Could it happen that some prolific spammers are logging wikis making use of this feature via some public page on commons that links back to locations where images are used?
[18:44:07] <MaxSem>	 nope, it's not tracked
[18:44:27] <MaxSem>	 they just crawl the web looking for targets
[18:59:02] <Alphos>	 they can simply keep track of what new domains are pushed to DNS registries ;-)
[18:59:23] <Alphos>	 "oh look, a new domain ! maybe we can spam it" is pretty much the way to go :p
[19:12:15] <Nightcinder>	 ldap groups won't work :(
[19:13:19] <Nightcinder>	 and i don't understand why
[19:13:52] <DarkFeather>	 Nightcinder: Define "won't work"? "getent group" doesn't return what you think or some such?
[19:14:10] <Nightcinder>	 DarkFeather: i can't get the groups to show up in mediawiki
[19:14:13] <Nightcinder>	 i'm sure it's because whitespace
[19:14:25] <Nightcinder>	 but i'm not at liberty to fix/change that
[19:24:47] <DarkFeather>	 OOOOOH memberof
[19:25:16] <DarkFeather>	 Having trouble with that myself.
[19:26:44] <Nightcinder>	 neat it broke when i added ssl
[19:28:38] <Tuxedo>	 Ok. I guess it must be the public DNS.
[19:32:19] <Nightcinder>	 2016-09-06 19:28:03 INFINITY5 my_wiki: 2.1.0 Using memberOf
[19:32:20] <Nightcinder>	 2016-09-06 19:28:03 INFINITY5 my_wiki: 2.1.0 memberOf attribute isn't set
[19:36:37] <DarkFeather>	 Nightcinder: have you set up the memberOf overlay?
[19:36:49] <DarkFeather>	 Are you using OpenLDAP as your LDAP host?
[19:36:49] <Nightcinder>	 at this point i have no idea
[19:38:11] <DarkFeather>	 Who's your LDAP server?
[19:39:31] <Nightcinder>	 i'm using active directory with the ldap mediawiki authentication
[19:42:44] <Nightcinder>	 2016-09-06 19:38:16 INFINITY5 my_wiki: 2.1.0 Checking to see if user is in: sysop
[19:42:44] <Nightcinder>	 2016-09-06 19:38:16 INFINITY5 my_wiki: 2.1.0 Entering hasLDAPGroup
[19:42:44] <Nightcinder>	 2016-09-06 19:38:16 INFINITY5 my_wiki: 2.1.0 Adding user to: sysop
[19:42:45] <Nightcinder>	 HAHA!
[19:47:43] <DarkFeather>	 What went wrong?
[19:53:40] <Nightcinder>	 the naming scheme
[19:53:42] <Nightcinder>	 was backwards
[19:53:53] <Nightcinder>	 in AD it's dc=local dc=domain dc=com
[19:54:00] <Nightcinder>	 in localsettings i had it domain, local, com
[19:54:04] <Nightcinder>	 flipped it, worked
[19:57:51] <DarkFeather>	 Ah, there you go
[21:46:08] <jubo2>	 I just lost a wiki.. Apache2.4 is up but the wiki is nowhere to be found
[21:46:16] <jubo2>	 and I didn't change a conf
[21:46:25] <jubo2>	 other sites seem fine
[21:46:40] <jubo2>	 I'm having a bad computer day
[21:46:49] <jubo2>	 I have 1/4 of free social media down
[21:47:18] <jubo2>	 and now the most important thing... the development wiki is down and I have no idea what went wrong coz I didn't touch a thing
[21:48:42] <jubo2>	 maybe I just reboot the server
[21:49:18] <jubo2>	 nothing like "100,000 Facebook useds are going to kill you for the 60 second outtage"
[21:50:38] <Platonides>	 you are jinxed
[22:00:00] <jubo2>	 damn
[22:00:16] <jubo2>	 at least I have new servers the old servers don't know the passwords to
[22:07:23] <jubo2>	 I get another browser
[22:07:31] <jubo2>	 maybe it'll be up then
[22:10:51] <jubo2>	 nope.
[22:11:15] <jubo2>	 damn there is nasty things going on with high probability
[22:11:31] <jubo2>	 2 servers having weird symptoms without explanations
[22:11:53] <jubo2>	 but I got 2 other servers with today's backups 
[22:12:03] <jubo2>	 and a 0.5TB disk stuck onto a shell
[22:12:09] <jubo2>	 and some offline backups
[22:17:20] <jubo2>	 I have no idea what went wrong that the MediaWiki is down
[22:17:29] <jubo2>	 Apache2 is up
[22:17:43] <jubo2>	 other sites on the same MySQL are up
[22:17:58] <jubo2>	 other sites are using PHP5 too
[22:19:18] <jubo2>	 y0 pliiz
[22:19:33] <jubo2>	 I got a MW down and a diaspora* down and it is 1:19 AM
[22:20:20] <jubo2>	 I did not change a thing on the Debian8.5 server running a LAMP stack prior to observing that the MW is brokeh
[22:37:30] <jubo2>	 nope
[22:37:45] <jubo2>	 after restart of server the MediaWiki is still down
[22:39:02] <jubo2>	 all other sites on the same Apache2.4 are fine
[22:39:16] <jubo2>	 I have no swearwordin' idea what is going on over here
[22:39:52] <jubo2>	 I prlly accidentally hurt somthing
[22:42:14] <jubo2>	 I cannot see it
[22:42:26] <jubo2>	 prlly some consorted attack on the effort
[22:42:27] <Platonides>	 look at the error log
[22:42:41] <jubo2>	 Platonides: ok.. /var/log/..?
[22:43:02] <Platonides>	 typically /var/log/apache2/error.log
[22:43:12] <Platonides>	 plus whatever error_log you have set in php.ini
[22:44:54] <jubo2>	 nothing weird looking in error.log
[22:45:33] <Platonides>	 !debug | jubo2 
[22:45:34] <wm-bot>	 jubo2: For information on debugging (including viewing errors), see http://www.mediawiki.org/wiki/Manual:How_to_debug . A list of related configuration variables is at https://www.mediawiki.org/wiki/Manual:Configuration_settings#Debug.2Flogging
[22:47:05] <jubo2>	 I not technically very adept
[22:47:27] <jubo2>	 all I know is that afaik I didn't touch a thing and the MW 1.28 stopped working
[23:12:50] <jubo2>	 seems an 'arp' on the develop.consumerium.org does not resolve
[23:13:01] <jubo2>	 so it seems an DNS problem 
[23:13:10] <jubo2>	 and the hosting guy
[23:13:24] <jubo2>	 and the hosting guys' DNS interface won't answer
[23:13:47] <jubo2>	 so it would seem it is probably an attack on the hosting guys' DNS
[23:15:29] <jubo2>	 I should prlly inform them by email
[23:16:47] <jubo2>	 can someone else confirm that 'arp develop.consumerium.org' gives a "Host name lookup failure" ... if I knew that I'd report this to the hosting guys.. now I just not sure what is going on
[23:19:14] <Platonides>	 arp ??
[23:19:22] <douglas>	 jubo2: fails for me
[23:19:33] <Platonides>	 arp only works in the same network…
[23:19:42] <Platonides>	 if you mean dns
[23:19:49] <Platonides>	 the server returns an error
[23:19:51] <Platonides>	 (SERVFAIL)
[23:19:55] <Skizzerz>	 arp is for translating IP addresses to MAC addresses
[23:19:58] <Skizzerz>	 not for hostnames to IPs
[23:20:08] <Platonides>	 yes
[23:20:49] <Platonides>	 you are right 
[23:20:49] <Skizzerz>	 jubo2: you'd want to use either dig (if on linux) or nslookup (if windows) to figure out DNS issues
[23:20:55] <Platonides>	 it doesn't make sense to ask that someone at the other side of the world to run that command
[23:20:59] <Platonides>	 but even less that way
[23:22:34] <Skizzerz>	 if you're actually on the same internal network and arping the IP address (not hostname) is failing, it indicates that IP is not connected to the network
[23:22:42] <Skizzerz>	 aka the server is down
[23:22:46] <Skizzerz>	 or misconfigured
[23:24:26] <jubo2>	 Skizzerz: 'sudo apt install arp' fails on the host machine (a Debian8.5)
[23:24:36] <Skizzerz>	 ???
[23:24:37] <jubo2>	 this is getting freakier and freakier
[23:24:50] <Skizzerz>	 I'd assume it would
[23:24:59] <jubo2>	 huh?
[23:25:21] <Skizzerz>	 since 1) apt isn't a command (maybe you're thinking apt-get?), 2) arp is preinstalled, 3) arp is entirely the wrong tool to use, as explained above
[23:26:27] <Skizzerz>	 oh
[23:26:30] <Skizzerz>	 scratch #1
[23:26:32] <jubo2>	 'dig develop.consumerium.org' just times out
[23:26:44] <Skizzerz>	 but 2 and 3 are still valid
[23:27:04] <jubo2>	 and yes.. on a Debian 'apt', 'apt-get' and 'aptitude' are pretty much synonyms
[23:27:07] <Skizzerz>	 ok, so the DNS servers are probably down
[23:27:20] <Skizzerz>	 I'm getting a SERVFAIL when I try
[23:27:23] <Skizzerz>	 (same as Platonides)
[23:27:24] <jubo2>	 Skizzerz: I sent the hosting guys email just a couple of minutes ago
[23:28:33] <jubo2>	 Skizzerz: coz the WebUI for the DNS is not responding either so that makes the likelyhood of problem with their DNS <-> Web glue
[23:28:48] <Skizzerz>	 it's quite possibly a DNS issue, yes
[23:29:04] <jubo2>	 Да.
[23:29:49] <jubo2>	 They are a small shop.. they won't be there till 8AM
[23:30:31] <jubo2>	 but hey.. got 3 other servers and 1 shell with 0.5TB disk so it no panic-situation