[00:37:35] <Quasar`>	 anybody else having trouble with Extension TorBlock not working?
[00:37:54] <Quasar`>	 if I try to force it to requery exit nodes it gets "1" node
[00:38:07] <Quasar`>	 and it's not blocking anything.
[00:45:30] <Quasar`>	 I have someone using Tor to attack my site so it's kind of unfortunate
[01:12:24] <Quasar`>	 wonder if it's because it returns 11 MB of data
[01:17:29] <eadthem>	 im attemping an upgrade on 1.28.0 to 1.29.1    When trying to run pending jobs i get the message PHP Catchable fatal error:  Argument 2 passed to RefreshLinksJob::__construct() must be of the type array, string given
[01:22:29] <bawolff>	 Umm you could probably just clear all the refreshlinks jobs and not worry about it
[01:22:39] <eadthem>	 how do you do that?
[01:22:46] <bawolff>	 they just do some cache clearing so not critical
[01:22:50] <eadthem>	 the showjobs.php only says a number
[01:22:55] <eadthem>	 i was expecting a list
[01:22:56] <bawolff>	 umm good question
[01:23:27] <bawolff>	 theres an extra argument to showJobs.php to make it give a break down by type
[01:23:38] <bawolff>	 but i cant remember what it is
[01:23:49] <eadthem>	 it also fails
[01:24:01] <eadthem>	 this wiki has been upgraded before but i didnt run jobs
[01:24:06] <eadthem>	 id never herd of it before 
[01:24:14] <bawolff>	 i guess you could just delete everything in the job table
[01:26:05] <eadthem>	 running backup
[01:37:35] <bawolff>	 Its required arrays since 9632223e
[01:38:00] <bawolff>	 but even before that it would have been broken if given a string as second arg
[01:40:01] <bawolff>	 since 721731f4 which was nov 2013
[01:40:35] <bawolff>	 so maybe its not just an upgrade issue but something else causing bad jobs to be created
[01:40:58] <bawolff>	 since you are not upgrading from a pre 2013 version of mw
[01:49:01] <eadthem>	 well this install started as 1.17
[01:49:08] <eadthem>	 ive never done a runjobs
[01:49:09] <eadthem>	 ever
[02:04:54] <Quasar`>	 managed to get it to log wfDebugOut, I get 2017-09-25 02:04:25 doomwiki doomwikidb: Got no reply or an invalid reply from Onionoo.
[02:05:25] <Quasar`>	 yet if I wget the exact same URL I get the full list
[02:14:00] <Quasar`>	 return value from Http::get() is empty
[02:36:43] <bawolff>	 That may mean it had a non 200 status code
[02:41:34] <Quasar`>	 tried upping the timeout and setting a non-default user agent, neither of those helped
[02:59:46] <legoktm>	 Quasar`: try using MWHttpRequest::factory() ? that should give better debugging info than Http::get()
[03:17:05] <Quasar`>	 legoktm: installing curl/libcurl(-dev)/php5-curl made it start working
[03:17:29] <Quasar`>	 default php method seems to not like doing much
[03:17:40] <bawolff>	 Might have been tls issues
[03:17:53] <Quasar`>	 that wouldn't surprise me :>
[03:18:10] <bawolff>	 old versions of php had lots of tls issues
[03:32:57] <legoktm>	 Quasar`: what version of php are you using?
[03:40:57] <Quasar`>	 5.6.30
[03:44:45] <legoktm>	 hmm, I thought 5.6 had improved HTTPS support but I guess not
[03:51:17] <Quasar`>	 we'll be updating it "soon" (TM)
[03:51:59] <Quasar`>	 nobody who knows me trusts my brand of soon though :>
[13:09:13] <JuanDaugherty>	 is there an extension or app that is like a regular control panel or configuator, the things that aren't on special pages?
[13:09:53] <JuanDaugherty>	 for example, I've just upgraded from 24 to 29
[13:10:11] <JuanDaugherty>	 and I find the allow HTML setting has been lost
[13:10:40] <JuanDaugherty>	 would be great if there was an app that had that rather than having the parameter and set in in a file
[13:11:04] <JuanDaugherty>	 *than having to find
[13:12:58] * JuanDaugherty checks out Configurator extension
[13:13:40] <DanielK_WMDE>	 JuanDaugherty: that would be very convenient, and also very dangerous
[13:14:44] <DanielK_WMDE>	 JuanDaugherty: an option for online configuration even for security relevant settings (like allowing raw html) has been discussed time and time before. Sure, such an option could exist for people who don't mid the security implications. but nobody has written the code.
[13:16:21] <DanielK_WMDE>	 oh, bawolff just joined. maybe ask him about a way to change configuration settings liek wgRawHtml via the web interface...
[13:16:52] <JuanDaugherty>	 are you saying the configurator extension is dangerous?
[13:17:19] <JuanDaugherty>	 and if so for some reason other that access by a bad actor?
[13:17:28] <bawolff>	 Setting raw html from the web interface sounds scary...
[13:18:06] <bawolff>	 the main threat of setting config stuff from web interface is a bad actor
[13:18:10] <JuanDaugherty>	 i've been using it for more than a decade
[13:18:27] <JuanDaugherty>	 i.e. HTML in mediawiki
[13:18:45] <DanielK_WMDE>	 JuanDaugherty: well, it also requires the LocalSettings.php file to be writable by the web application. That means otherwise minor security risks become much bigger.
[13:19:05] <bawolff>	 not just that a bad actor can mess up your site, but probably could execute arbitrary code depending on which config
[13:19:17] <bawolff>	 and also what daniel said
[13:19:19] <DanielK_WMDE>	 JuanDaugherty: and wrt "bad access": you effectively grant shell access to the server to anyone who can get access to configurator.
[13:19:34] <DanielK_WMDE>	 settings include commands that get run on the shell
[13:19:34] <JuanDaugherty>	 this is only for my dev copy, i can not deploy the configuration extension to the public server
[13:19:46] <DanielK_WMDE>	 of someone replaces diff3 with rm -rf, you are in deep shit
[13:19:52] <DanielK_WMDE>	 so yea, it'S dangerous.
[13:19:54] <JuanDaugherty>	 i said "bad actors"
[13:20:23] <DanielK_WMDE>	 JuanDaugherty: yea, sorry. actors. amounts to the same thing.
[13:20:54] <DanielK_WMDE>	 do you trust session cookies to manage shell access? if yes, then you are fine.
[13:20:54] <JuanDaugherty>	 and did you see where I said I'm working with an instance only I can access?
[13:21:14] <DanielK_WMDE>	 well, for a dev wiki, sure, no problem
[13:21:23] <bawolff>	 Its also if someone hacks your site via some other means, usually they try to write to php files to maintain persistence
[13:21:26] <DanielK_WMDE>	 but for a dev install, what'S the problem with editing the file?
[13:22:07] <bawolff>	 JuanDaugherty: it all comes down to threat models and risks vs rewards
[13:22:17] <DanielK_WMDE>	 for an in-house wiki at a company, the risk is also lower... unless you have a disgruntled soon-to-be-ex-emplyee who knows about these things. then it's more dangerous.
[13:22:36] <bawolff>	 Whether or not the risk is worth it depends on context
[13:23:41] <DanielK_WMDE>	 JuanDaugherty: in your case, I suppose the big question is - how do you make sure only you can access the wiki?
[13:23:47] <bawolff>	 if you are talking test install, that nobody but you can access then it probably doesnt matter what you do
[13:24:11] <bawolff>	 but be careful only you can access
[13:25:48] <Lycurgus>	 (switched to my wiki user identity)
[13:26:26] <bawolff>	 Also keep in mind that on wiki config means suddenly that xss or csrf vulns potentially are now rce vulns
[13:30:28] <bawolff>	 Anyways, to answer your original question, some of the json extension config work will make this sort of thing probably easier in the future
[13:30:58] <bawolff>	 there used to be an extension:config but i dont think it works anymore
[13:32:09] <DanielK_WMDE>	 bawolff: writing JSON is only marginally better than writing PHP as long as we have cli commands in the JSON.
[13:32:32] <DanielK_WMDE>	 would also need a whitelist. then, ok
[13:32:35] <bawolff>	 setting $wgRawHtml via wiki is probably not  that much more of a sec change since you can already put raw html in mediawiki namespace, but other config settings are really dangerous
[13:33:15] <bawolff>	 DanielK_WMDE: I was thinking more the Config class that lego introduced as part of that
[13:33:23] <bawolff>	 not the jsony stuff itself
[13:34:08] <bawolff>	 Accessing the config vars via that layer of indirection might make it easier to do weird stuff
[13:34:16] <DanielK_WMDE>	 The Config class could be used to split configuration into dangerous / not so dangerous parts, in theory. 
[13:34:16] <bawolff>	 like fetch them from db
[13:34:21] <DanielK_WMDE>	 But as it is now, it doesn't do much
[13:34:36] <bawolff>	 yeah. But potential is there
[13:34:57] <DanielK_WMDE>	 yes, and I'd like to see that done. but i don't think there's much pressure behind that at all
[13:35:11] <bawolff>	 yeah i agree
[13:36:59] <Lycurgus>	 bawolff, DanielK_WMDE, ty!
[14:53:23] <Lycurgus>	 the thing that makes the configurator next to worthless, besides the fact that it has to be converted to the current extension interfaces, is that it just works 
[14:53:57] <Lycurgus>	 with prior LocalSettings rather than accessing a comprehensive current set
[15:00:12] <Lycurgus>	 or possibly even hard coded into the extension script
[15:43:14] <Nehagup>	 Hey everyone I was trying to make a schema: namespace.  Any suggestions to develop schema: namespace on mediawiki using json file?
[16:55:18] <eduaddad>	 do you have any system page that works as status?
[17:02:27] <eduaddad>	 do you have any system page that works as status?
[17:07:38] <Nehagup>	 I have mediawiki system setup in vagrant.
[17:11:19] <andre__>	 eduaddad: what does that mean?
[17:11:35] <andre__>	 Nehagup: congratulations. :)
[17:14:43] <Nehagup>	 Thanks! There's more to go.  Can you please guide me about creating a schema: namespace from a json file. (It's not very clear in documentation).
[17:23:32] <andre__>	 Nehagup, can you link to the documentation please?
[17:23:43] <andre__>	 and explain why you'd like to do that?
[17:23:54] <andre__>	 I probably cannot help with that, but context makes it easier for others to help.
[17:32:12] <Niharika>	 Nehagup: You're looking for https://www.mediawiki.org/wiki/Extension:EventLogging :)
[17:33:07] <Niharika>	 In short - "vagrant roles enable eventlogging && vagrant provision" but I highly recommend you read the docs to better understand what is going on behind the scenes.
[17:35:39] <Spiker01>	 Hello all, everybody. Does anyone understand in Russian?
[17:39:59] <Spiker01>	 I installed MediaWiki in the local directory. I have several questions: How can I edit the main theme (Vector), for example, add several links to the "footer"? I was looking for Google, but I did not find anything specific.
[17:40:38] <DanielK_WMDE>	 Spiker01: do you want to edit the skin, or replace the skin, or change the list of available skins?
[17:41:30] <Nehagup>	 @andre__  I'm trying to setup a schema on my local machine setup.
[17:41:30] <Nehagup>	 @Niharika Thanks for the guidance. On it..!! :)
[17:42:26] <andre__>	 Spiker01, https://www.mediawiki.org/wiki/Manual:Footer
[17:42:50] <DanielK_WMDE>	 andre__: it'S a bit silly that this is so complicated :) 
[17:42:58] <DanielK_WMDE>	 it should just be a single system message
[17:42:59] <DanielK_WMDE>	 meh
[17:43:32] <andre__>	 DanielK_WMDE, most things are silly. It's 15y old software.
[17:43:50] <DanielK_WMDE>	 tell me about it
[17:44:00] * DanielK_WMDE goes back to refactoring the Revision class
[17:46:09] * andre__ thumbs up
[17:47:32] <Spiker01>	  DanielK_WMDE I have not thought about this before your question. But now: I'll try to copy the directory with the given skin and rename it, and then edit it. I'll try to do it so that I can roll back.
[17:48:55] <Spiker01>	 andre__  DanielK_WMDE Thanks.
[19:51:37] <PhillipC>	 Hello
[19:52:20] <PhillipC>	 Looking for direction regarding a new security invention that will prevent unauthorized access/entry. Can anyone help?
[19:53:44] <bawolff>	 Umm like a new door lock?
[19:53:59] <bawolff>	 you are definitely in the wrong place...
[19:55:19] <PhillipC>	 Hi there.. actually, I have conceptualized a new software security idea that will detour all hacking activity. I am looking for contacts.
[19:55:59] <PhillipC>	 Like Google/facebook etc personnel to gain representation.
[19:56:51] <PhillipC>	 This will be the standard in security.. i am certain of it.. stay tuned
[19:58:21] <bawolff>	 Probably they wont care unless you give some specific details/evidence of your claim
[19:59:00] <bawolff>	 Or at the very least write a paper detailing your idea
[20:00:12] <bawolff>	 New ideas are a dime a dozen. Its proving your idea works and you know what you are talking about that matters
[20:17:26] <Lcawte>	 What format/content does MobileFrontend expect the $wgMFMobileHeader variable to contain?
[20:58:18] <spiker01>	 What IRC client would you recommend using in Windows?
[20:59:26] <Vulpix>	 spiker01: if you use firefox, Chatzilla is usually good enough
[21:06:01] <Zppix>	 spiker01:  i use irccloud
[21:08:53] <MaxSem>	 Vulpix, isn't Chatzilla dying soon with FF's old extensions?
[21:09:02] <James_F>	 Yes
[21:10:23] <tabbycat>	 what?
[21:10:32] <tabbycat>	 chatzilla is dying?
[21:10:43] <tabbycat>	 what I'm gonna use :(
[21:11:07] <Zppix>	 tabbycat:  irccloud?
[21:11:07] <MaxSem>	 https://tech.slashdot.org/story/17/02/17/1635216/mozilla-will-deprecate-xul-add-ons-before-the-end-of-2017
[21:12:09] <Vulpix>	 ugh :(
[21:15:45] <bawolff>	 Cant you use chatzilla as an independent xul app?
[21:21:05] <spiker01>	 How can I add my HTML code to the sidebar (Vector theme)?
[21:29:29] <rxy>	 spiker01:  if you can modify a Setting php files, you can use this Hook:   https://www.mediawiki.org/wiki/Manual:Hooks/SkinBuildSidebar  
[21:34:36] <spiker01>	 rxy I not 'quite' understand: I can not edit the sidebar in the Vector theme?
[21:42:07] <rxy>	 spiker01: Can you modify the LocalSettings.php? if not, you should be use MediaWiki:Common.js instead.
[21:46:20] <rxy>	 if you want to simply add a links in sidebar, see below:
[21:46:22] <rxy>	 !sidebar
[21:46:22] <wm-bot>	 To edit the navigation menu on the left, edit page [[MediaWiki:Sidebar]] on your wiki using its special syntax (see https://www.mediawiki.org/wiki/Manual:Interface/Sidebar for details). If you need more control, you can use the SkinBuildSidebar hook (https://www.mediawiki.org/wiki/Manual:Hooks/SkinBuildSidebar).
[21:47:22] <spiker01>	 rxy Yes i can edit and modify LocalSettings.php and Common js. Thanks.