[Wikitech-l] getting Request object from EditPage
Hi guys! I'm writing the EditPage::showEditForm:fields and I want to get a Request object. The use of wgRequest considered to be deprecated, so how is it possible to get request object in my hook function? static public function showBacklinks($editpage, $output){ return true; } Cheers, Yury Katkov, WikiVote ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] getting Request object from EditPage
Of course I mean WebRequest class. - Yury Katkov, WikiVote On Tue, Dec 18, 2012 at 4:48 PM, Yury Katkov katkov.ju...@gmail.com wrote: Hi guys! I'm writing the EditPage::showEditForm:fields and I want to get a Request object. The use of wgRequest considered to be deprecated, so how is it possible to get request object in my hook function? static public function showBacklinks($editpage, $output){ return true; } Cheers, Yury Katkov, WikiVote ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Going to FOSDEM
On Tue, Dec 18, 2012 at 12:15 AM, Quim Gil q...@wikimedia.org wrote: On 12/14/2012 03:52 PM, Sébastien Santoro wrote: At least for me it was not evident to see in which room would MediaWiki sessions fit better. I was lucky since mine is about community, outreach etc, but a pure technical session... https://fosdem.org/2013/news/2012-11-01-cfp/ Looking forward to meeting in you in Brussels! Well... In fact, it works like this: a project or a group of projects (NetBSD and FreeBSD work together for example) requests a DevRoom and manage them. So what should be done in 2013 is request early a MediaWiki devroom for one day (and we should kindly but strongly secure the Saturday if we've an outreach goal, as the interest, motivation of external people is higher). -- Best Regards, Sébastien Santoro aka Dereckson http://www.dereckson.be/ ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Small tweak to Gerrit Verified category - tomorrow
On Mon, Dec 17, 2012 at 11:45 PM, Chad innocentkil...@gmail.com wrote: Hello, After some of the recent changes to the Gerrit workflow with Jenkins and Zuul, we've received some complaints about how Jenkins is reporting its results. Right now, it is using both the Verified and Code Review categories. This is bad because it gives you a false sense of what has been reviewed for most queries and dashboards. So tomorrow, we are going to tweak the way Jenkins reports back to Gerrit by extending the Verified vote range from -1..+1 to -2..+2. This will allow Jenkins to give a range of results, all in the Verified category (and keeping it out of Code Review, which will once again only be for humans). The new Verified range will behave as Code Review does now (-2 is veto, +2 for submit). Linting jobs will receive Verified ±1 votes. Unit tests jobs (triggered after someone votes CR+2, as it currently is) will receive Verified ±2 votes. So, anyone who's got Verified permissions on a repository (project owners, this means you), beginning tomorrow at around 13:00 UTC you will see extended Verified options. We'll let everyone know when this is complete. This is complete. We noticed this morning that there was actually a mistake in last night's e-mail: we did not add a Verified category for -2. The current Verified options look as follows: -1 : Fails 0 : No Score 1 : Checked 2 : Verified Code Review is now back to being human-only. As always, please reach out to us if you have any problems at all. -Chad Antoine ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] getting Request object from EditPage
On Tue, Dec 18, 2012 at 4:48 PM, Yury Katkov katkov.ju...@gmail.com wrote: Hi guys! I'm writing the EditPage::showEditForm:fields and I want to get a Request object. The use of wgRequest considered to be deprecated, so how is it possible to get request object in my hook function? static public function showBacklinks($editpage, $output){ return true; } OutputPage is a context source, so you can do $output-getRequest(). Less nicer way is $editpage-getArticle()-getContext()-getRequest(). -Niklas -- Niklas Laxström ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] Deploying to test2 before other wikis
Hi everyone, My understanding is that some new extensions intended for widespread deployment aren't getting deployed to test2.wikipedia.org before going to other production wikis. As I was discussing this with Chris McMahon, he pointed out that there's no stated policy that this should be done. test2.wikipedia.org is basically a standard configuration wiki on the production cluster that we use as the final place for testing before going out to other production wikis. Pretty much anything destined for one of our top wikis or to a substantial number of smaller wikis should go to test2. That's especially true now that our QA team is relying on test2 as an automated test target. Is there any reason why this shouldn't be a stated policy? If not, where should we state the policy so that people are aware of it? Rob ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Deploying to test2 before other wikis
On Tue, Dec 18, 2012 at 11:23 AM, Rob Lanphier ro...@wikimedia.org wrote: Hi everyone, My understanding is that some new extensions intended for widespread deployment aren't getting deployed to test2.wikipedia.org before going to other production wikis. As I was discussing this with Chris McMahon, he pointed out that there's no stated policy that this should be done. test2.wikipedia.org is basically a standard configuration wiki on the production cluster that we use as the final place for testing before going out to other production wikis. Pretty much anything destined for one of our top wikis or to a substantial number of smaller wikis should go to test2. That's especially true now that our QA team is relying on test2 as an automated test target. Is there any reason why this shouldn't be a stated policy? If not, where should we state the policy so that people are aware of it? test is very similar, only it doesn't run off the full cluster, just a single apache (and uses the nfs copy, so it's good to use before scapping). Whatever policy we come up with should clarify when to use test vs test2. -Chad ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Deploying to test2 before other wikis
It would be cool if part of that policy was testing on beta cluster which is also supposed to be identicaly configured as production and is even closer to production because the MediaWiki space is cloned from production and on beta cluster we have replicated each production wiki with its custom configuration On Tue, Dec 18, 2012 at 5:23 PM, Rob Lanphier ro...@wikimedia.org wrote: Hi everyone, My understanding is that some new extensions intended for widespread deployment aren't getting deployed to test2.wikipedia.org before going to other production wikis. As I was discussing this with Chris McMahon, he pointed out that there's no stated policy that this should be done. test2.wikipedia.org is basically a standard configuration wiki on the production cluster that we use as the final place for testing before going out to other production wikis. Pretty much anything destined for one of our top wikis or to a substantial number of smaller wikis should go to test2. That's especially true now that our QA team is relying on test2 as an automated test target. Is there any reason why this shouldn't be a stated policy? If not, where should we state the policy so that people are aware of it? Rob ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Going to FOSDEM
On 12/18/2012 06:56 AM, Sébastien Santoro wrote: On Tue, Dec 18, 2012 at 12:15 AM, Quim Gil q...@wikimedia.org wrote: On 12/14/2012 03:52 PM, Sébastien Santoro wrote: At least for me it was not evident to see in which room would MediaWiki sessions fit better. I was lucky since mine is about community, outreach etc, but a pure technical session... https://fosdem.org/2013/news/2012-11-01-cfp/ Looking forward to meeting in you in Brussels! Well... In fact, it works like this: a project or a group of projects (NetBSD and FreeBSD work together for example) requests a DevRoom and manage them. So what should be done in 2013 is request early a MediaWiki devroom for one day (and we should kindly but strongly secure the Saturday if we've an outreach goal, as the interest, motivation of external people is higher). As someone that has been involved in let's requested a FOSDEM devroom discussions before, I believe that the outcome actually reflects how fit your project is to receive new contributors: if you don't make it is probably because you are not ready for it. We were not ready for FOSDEM 2013 but I do hope we will be ready for FOSDEM 2014. PS: established MediaWiki groups in Brussels, Paris, Amsterdam, London, Cologne, Berlin etc would definitely contribute to that goal (hint, hint). -- Quim Gil Technical Contributor Coordinator @ Wikimedia Foundation http://www.mediawiki.org/wiki/User:Qgil ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Deploying to test2 before other wikis
On Tue, Dec 18, 2012 at 9:27 AM, Petr Bena benap...@gmail.com wrote: It would be cool if part of that policy was testing on beta cluster which is also supposed to be identicaly configured as production and is even closer to production because the MediaWiki space is cloned from production and on beta cluster we have replicated each production wiki with its custom configuration This would be desirable, and is reflected in this request: https://bugzilla.wikimedia.org/show_bug.cgi?id=43203 -Chris ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Deploying to test2 before other wikis
Until test2.wikipedia.org has a .m domain with an automatic redirect to it for mobile devices, the mobile team will need to continue to use test.wikipedia.org for final testing of MobileFrontend prior to deployment (I opened an RT ticket for setting this up: https://rt.wikimedia.org/Ticket/Display.html?id=4149). I agree with Chad that it would be great to have better clarity around when test vs test2 is appropriate, and for what. On Tue, Dec 18, 2012 at 8:29 AM, Chris McMahon cmcma...@wikimedia.orgwrote: On Tue, Dec 18, 2012 at 9:27 AM, Petr Bena benap...@gmail.com wrote: It would be cool if part of that policy was testing on beta cluster which is also supposed to be identicaly configured as production and is even closer to production because the MediaWiki space is cloned from production and on beta cluster we have replicated each production wiki with its custom configuration This would be desirable, and is reflected in this request: https://bugzilla.wikimedia.org/show_bug.cgi?id=43203 -Chris ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l -- Arthur Richards Software Engineer, Mobile [[User:Awjrichards]] IRC: awjr +1-415-839-6885 x6687 ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] Sorting out MediaWiki @ social media
Hi, a year ago there was a discussion without conclusions pushed by Guillaume: http://thread.gmane.org/gmane.science.linguistics.wikipedia.technical/56962/ Based on that discussion and the current state of things, I just posted a proposal at http://www.mediawiki.org/wiki/Talk:Social_media Summary for the lazy email reader: :) * One and only one @mediawiki account for relevant project news. Sumana and me have access to it. Ideas welcome to improve the current situation. * Only http://blog.wikimedia.org/c/technology/ and other potential curated sources will be aggregated. The rest will be edited manually. * Accounts created by MediaWiki Groups will be followed. * @wikimediatech is fine as a bot driven account. As soon as I find out who has access to that account I will propose a rename to something 'mediawiki' for naming consistency (privately, this is like discussing domain names). Followers will be unaffected. * And that's it. All the rest is to be cleaned. -- Quim Gil Technical Contributor Coordinator @ Wikimedia Foundation http://www.mediawiki.org/wiki/User:Qgil ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Deploying to test2 before other wikis
Is there any reason why this shouldn't be a stated policy? If not, where should we state the policy so that people are aware of it? Considering that testwiki has a nice documentation page [0] and test2wiki doesn't [1], I think we should probably clear that up before announcing any policy. [0] http://wikitech.wikimedia.org/view/Test.wikipedia.org [1] http://wikitech.wikimedia.org/view/Test2.wikipedia.org -- Mark Holmquist Software Engineer, Wikimedia Foundation mtrac...@member.fsf.org http://marktraceur.info * Sent from Ubuntu GNU/Linux * ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] Anonymous user id on wikipedia?
I've been digging around in our cookie jar, as part of my work with Fundraising, and I have a few questions about the cookies we set on anonymous users. First, I am deeply impressed with the care we have taken to respond to the community's privacy concerns, and after first-hand experience negotiating with our lawyers to implement an additional cookie, I think that WMF deserves its place as a model to the rest of the internet. I would like to help clean up or at least explain the few oversights I identify below, so that we can be fully confident that we are doing everything we can to prevent abuse of our visitors' privacy. 1) Anonymous users are given a 1-year cookie which uniquely identifies them. After logging out and clearing all cookies from my browser, I visited en.wikipedia.org and received this cookie. Why would an anonymous user be given an identifying token? mediaWiki.user.id=oDNtHcMSeGMSZyRehhuC7ypQRuPEGk3a; expires=Wed, 18 Dec 2013 18:25:38 GMT; path=/; domain=en.wikipedia.org 2) Anonymous users are enrolled in clicktracking. I was surprised because the extension page at http://www.mediawiki.org/wiki/Extension:ClickTracking specifies that it affects users, and I think it should very explicitly state that it affects logged-in users and anonymous visitors if that is really the intention. clicktracking-session=0orJJTU79otWR6x1m8ykUAyasVpZJBn2x; path=/; domain=en.wikipedia.org 3) Registered user's cookies are not cleared at logout. This seems like a pretty basic fix. enwikiUserName=Adamw; expires=Sun, 16 Jun 2013 18:43:51 GMT; path=/; domain=en.wikipedia.org; Secure; HttpOnly Ideally, an anonymous user, whether or not they have ever been logged in as a registered user, will not transmit any personally identifying information in their requests. All three of these cookies violate that principle. I have not found any public debate on the issue, hopefully others are interested in this topic. Regards, Adam Wight ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Sorting out MediaWiki @ social media
On Tue, Dec 18, 2012 at 1:14 PM, Quim Gil q...@wikimedia.org wrote: * @wikimediatech is fine as a bot driven account. As soon as I find out who has access to that account I will propose a rename to something 'mediawiki' for naming consistency (privately, this is like discussing domain names). Followers will be unaffected. This shouldn't be renamed imho, since it's not about MediaWiki--it's about Wikimedia tech generally. -Chad ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Sorting out MediaWiki @ social media
On 12/18/2012 11:21 AM, Chad wrote: On Tue, Dec 18, 2012 at 1:14 PM, Quim Gil q...@wikimedia.org wrote: * @wikimediatech is fine as a bot driven account. As soon as I find out who has access to that account I will propose a rename to something 'mediawiki' for naming consistency (privately, this is like discussing domain names). Followers will be unaffected. This shouldn't be renamed imho, since it's not about MediaWiki--it's about Wikimedia tech generally. We agree on the meaning. Let's try to agree on the words. This is a side effect of this ambiguous use of MediaWiki / Wikimedia-tech that we haven't resolved yet. MediaWiki as in MediaWiki project, MediaWiki community, MediaWiki groups... Not just MediaWiki Core. For outsiders, we can be found at mediawiki.org and therefore it's easy to identify us as MediaWiki. It's also easy to explain that MediaWiki powers Wikipedia. But explaining Wikimedia is more complex, and then making a cut to isolate Wikimedia tech is just too much for the casual reader. Hence the idea of simplifying with MediaWiki as a general term. For instance, the proposal says: Description: News from the MediaWiki project. Powering Wikipedia and the Wikimedia movement. -- Quim Gil Technical Contributor Coordinator @ Wikimedia Foundation http://www.mediawiki.org/wiki/User:Qgil ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Sorting out MediaWiki @ social media
On Tue, Dec 18, 2012 at 2:50 PM, Quim Gil q...@wikimedia.org wrote: On 12/18/2012 11:21 AM, Chad wrote: On Tue, Dec 18, 2012 at 1:14 PM, Quim Gil q...@wikimedia.org wrote: * @wikimediatech is fine as a bot driven account. As soon as I find out who has access to that account I will propose a rename to something 'mediawiki' for naming consistency (privately, this is like discussing domain names). Followers will be unaffected. This shouldn't be renamed imho, since it's not about MediaWiki--it's about Wikimedia tech generally. We agree on the meaning. Let's try to agree on the words. This is a side effect of this ambiguous use of MediaWiki / Wikimedia-tech that we haven't resolved yet. MediaWiki as in MediaWiki project, MediaWiki community, MediaWiki groups... Not just MediaWiki Core. For outsiders, we can be found at mediawiki.org and therefore it's easy to identify us as MediaWiki. It's also easy to explain that MediaWiki powers Wikipedia. But explaining Wikimedia is more complex, and then making a cut to isolate Wikimedia tech is just too much for the casual reader. Hence the idea of simplifying with MediaWiki as a general term. For instance, the proposal says: Description: News from the MediaWiki project. Powering Wikipedia and the Wikimedia movement. But I don't think that description is accurate at all. The MediaWiki project refers to MediaWiki--not other WMF sites. -Chad ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Sorting out MediaWiki @ social media
On 12/18/2012 11:56 AM, Chad wrote: But I don't think that description is accurate at all. The MediaWiki project refers to MediaWiki--not other WMF sites. Ok, if @wikimediatech is only distributing updates about http://wikitech.wikimedia.org/ then you are right and let's just leave the username as it is. Still, can the description be perhaps improved? Wikimedia Tech Team (identi.ca) or Wikimedia Tech Staff (Twitter) can be confused by outsiders as a place to know about all tech related activities. I wonder how many of the 80 / 535 followers (our highest numbers in any tech related account) fell in this confusion. What about something more descriptive? Wikimedia technical infrastructure updates. Pointing to the MediaWiki account from the description would be also useful. -- Quim Gil Technical Contributor Coordinator @ Wikimedia Foundation http://www.mediawiki.org/wiki/User:Qgil ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Anonymous user id on wikipedia?
1) This I have no idea about, but it's definitely not in the core, because my test wiki doesn't set this cookie. It has to be an extension. 2) users does not imply logged-in users. The extension page says it tracks users' clicks, which is accurate as that is exactly what it does. If it meant to say only logged in users, it would have said that. However, it may be wise for a functionality to be introduced in that extension that does actually restrict clicktracking to only logged in users if configured that way. On the other hand, this isn't a privacy issue since it does not associate the user's tracking with their identity in any way (even when logged in, the clicktracking session is separate from their actual session). 3) That is done on purpose. It's a convenience feature. Notice how when you logout and then go back to the login page that your username is already filled in for you. AFAIK, it isn't used in any way by MediaWiki to identify the user. *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com On Tue, Dec 18, 2012 at 1:57 PM, Adam Wight awi...@wikimedia.org wrote: I've been digging around in our cookie jar, as part of my work with Fundraising, and I have a few questions about the cookies we set on anonymous users. First, I am deeply impressed with the care we have taken to respond to the community's privacy concerns, and after first-hand experience negotiating with our lawyers to implement an additional cookie, I think that WMF deserves its place as a model to the rest of the internet. I would like to help clean up or at least explain the few oversights I identify below, so that we can be fully confident that we are doing everything we can to prevent abuse of our visitors' privacy. 1) Anonymous users are given a 1-year cookie which uniquely identifies them. After logging out and clearing all cookies from my browser, I visited en.wikipedia.org and received this cookie. Why would an anonymous user be given an identifying token? mediaWiki.user.id=**oDNtHcMSeGMSZyRehhuC7ypQRuPEGk**3a; expires=Wed, 18 Dec 2013 18:25:38 GMT; path=/; domain=en.wikipedia.org 2) Anonymous users are enrolled in clicktracking. I was surprised because the extension page at http://www.mediawiki.org/wiki/** Extension:ClickTrackinghttp://www.mediawiki.org/wiki/Extension:ClickTrackingspecifies that it affects users, and I think it should very explicitly state that it affects logged-in users and anonymous visitors if that is really the intention. clicktracking-session=**0orJJTU79otWR6x1m8ykUAyasVpZJB**n2x; path=/; domain=en.wikipedia.org 3) Registered user's cookies are not cleared at logout. This seems like a pretty basic fix. enwikiUserName=Adamw; expires=Sun, 16 Jun 2013 18:43:51 GMT; path=/; domain=en.wikipedia.org; Secure; HttpOnly Ideally, an anonymous user, whether or not they have ever been logged in as a registered user, will not transmit any personally identifying information in their requests. All three of these cookies violate that principle. I have not found any public debate on the issue, hopefully others are interested in this topic. Regards, Adam Wight __**_ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/**mailman/listinfo/wikitech-lhttps://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Anonymous user id on wikipedia?
On 12/18/2012 03:28 PM, Tyler Romeo wrote: 1) This I have no idea about, but it's definitely not in the core, because my test wiki doesn't set this cookie. It has to be an extension. Merely calling the mediaWiki.user.id() JavaScript function, which was introduced into core MediaWiki in https://www.mediawiki.org/wiki/Special:Code/MediaWiki/78539 , sets the one-year cookie. Nothing in core MW (except for the corresponding QUnit test) actually uses the function. However, the following code in extensions/E3Experiments/experiments/openTask.js does call that function. I can confirm this code is executed merely by loading Wikipedia's Main Page. // FIXME for anons, calling mw.user.id() simply ensures the // mediaWiki.user.id cookie is set, if it isn't already. if ( !$.cookie( 'mediaWiki.user.id' ) ) { if ( mw.user.id() === mw.user.getName() ) { $.cookie( 'mediaWiki.user.id', generateId(), { expires: 365, path: '/' } ); } } 3) That is done on purpose. It's a convenience feature. Notice how when you logout and then go back to the login page that your username is already filled in for you. AFAIK, it isn't used in any way by MediaWiki to identify the user. Even if you do not check Remember my login on this browser, the username is saved for 180 days (which, by the way, is four times the duration set out in the WMF privacy policy). As far as I can tell, this feature has existed at least since the phase3 reorg in 2003, if not before then. -- Wikipedia user PleaseStand http://en.wikipedia.org/wiki/User:PleaseStand ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Anonymous user id on wikipedia?
Dario attempted to respond but mailman is bouncing his message. Posting on his behalf. From: Dario Taraborelli dtarabore...@wikimedia.org Subject: Re: [Wikitech-l] Anonymous user id on wikipedia? Date: December 18, 2012 2:09:56 PM PST To: Wikimedia developers wikitech-l@lists.wikimedia.org To further clarify the use of this randomly assigned token, we use mediawiki.user.id to count client events that occur as part of a given funnel. For example: we count impressions, button clicks or submit events to measure whether an experimental version of a feature has a higher conversion rate than the default version. We rely on tokens to be able to deduplicate event counts and make sure that when users reload a form multiple times this doesn't affect conversion measurements. These measurements are being used to optimize feature design and to assess the impact of small experiments run by the Foundation's editor engagement teams. As Kevin notes, the cookie is set by the mw.user.id() function – which you can call and test in your browser's JS console – and it persists across browser sessions. The function is currently called by a number of extensions that need to set a token and assign users to a bucket or test condition as part of testing. Dario -- Ori Livneh On Tuesday, December 18, 2012 at 1:41 PM, Kevin Israel wrote: On 12/18/2012 03:28 PM, Tyler Romeo wrote: 1) This I have no idea about, but it's definitely not in the core, because my test wiki doesn't set this cookie. It has to be an extension. Merely calling the mediaWiki.user.id() JavaScript function, which was introduced into core MediaWiki in https://www.mediawiki.org/wiki/Special:Code/MediaWiki/78539 , sets the one-year cookie. Nothing in core MW (except for the corresponding QUnit test) actually uses the function. However, the following code in extensions/E3Experiments/experiments/openTask.js does call that function. I can confirm this code is executed merely by loading Wikipedia's Main Page. // FIXME for anons, calling mw.user.id() simply ensures the // mediaWiki.user.id cookie is set, if it isn't already. if ( !$.cookie( 'mediaWiki.user.id' ) ) { if ( mw.user.id() === mw.user.getName() ) { $.cookie( 'mediaWiki.user.id', generateId(), { expires: 365, path: '/' } ); } } 3) That is done on purpose. It's a convenience feature. Notice how when you logout and then go back to the login page that your username is already filled in for you. AFAIK, it isn't used in any way by MediaWiki to identify the user. Even if you do not check Remember my login on this browser, the username is saved for 180 days (which, by the way, is four times the duration set out in the WMF privacy policy). As far as I can tell, this feature has existed at least since the phase3 reorg in 2003, if not before then. -- Wikipedia user PleaseStand http://en.wikipedia.org/wiki/User:PleaseStand ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org (mailto:Wikitech-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Anonymous user id on wikipedia?
On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel pleasest...@live.com wrote: Even if you do not check Remember my login on this browser, the username is saved for 180 days (which, by the way, is four times the duration set out in the WMF privacy policy). As far as I can tell, this feature has existed at least since the phase3 reorg in 2003, if not before then. Not really. The cookie expiration was bumped to 180 days back in August of 2011. Before that we had a shorter expiry. See https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given that the user has to agree to the remember me function, I do not feel this is a privacy concern. Ideally, an anonymous user, whether or not they have ever been logged in as a registered user, will not transmit any personally identifying information in their requests. I'm not sure, but I thought I heard somewhere that we give logged out users cookies to ensure that some local caching is invalidated. -bawolff ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] ganglia temporarily private
Hi All, Due to some security concerns, ganglia.w.o is currently behind htaccess. We're actively working to resolve the security issues, and will restore public access once they are resolved. Sorry for the inconvenience! Cheers, Peter ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Anonymous user id on wikipedia?
I'm not sure, but I thought I heard somewhere that we give logged out users cookies to ensure that some local caching is invalidated. This is true. I believe it has to do with Squid and how it uses cookies to determine whether to serve a cached page or not. I'm a little uneasy about this tracking, but I can understand the reasoning behind it. *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com On Tue, Dec 18, 2012 at 6:50 PM, bawolff bawolff...@gmail.com wrote: On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel pleasest...@live.com wrote: Even if you do not check Remember my login on this browser, the username is saved for 180 days (which, by the way, is four times the duration set out in the WMF privacy policy). As far as I can tell, this feature has existed at least since the phase3 reorg in 2003, if not before then. Not really. The cookie expiration was bumped to 180 days back in August of 2011. Before that we had a shorter expiry. See https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given that the user has to agree to the remember me function, I do not feel this is a privacy concern. Ideally, an anonymous user, whether or not they have ever been logged in as a registered user, will not transmit any personally identifying information in their requests. I'm not sure, but I thought I heard somewhere that we give logged out users cookies to ensure that some local caching is invalidated. -bawolff ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Anonymous user id on wikipedia?
On 12/18/2012 06:50 PM, bawolff wrote: On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel pleasest...@live.com wrote: Even if you do not check Remember my login on this browser, the username is saved for 180 days (which, by the way, is four times the duration set out in the WMF privacy policy). As far as I can tell, this feature has existed at least since the phase3 reorg in 2003, if not before then. Not really. The cookie expiration was bumped to 180 days back in August of 2011. Before that we had a shorter expiry. See https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given that the user has to agree to the remember me function, I do not feel this is a privacy concern. No, I tested and Kevin is correct. The remember me controls whether the user_token cookie is set: https://www.mediawiki.org/wiki/Manual:User_table#user_token . In practice, this means you will be logged in for 180 days. But even if you don't check it, your username and user id (but not password or being logged in) will be cached in a cookie for 180 days. I believe the relevant code starts at https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2845 . I have reported the 30 v. 180 discrepancy to le...@wikimedia.org Matt Flaschen ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Anonymous user id on wikipedia?
Maybe I'm missing something, but where is the 180 days number coming from. When User::setCookies() sets the cookies, it gives it no expiry, so in reality the cookie persists until the browser removes it. *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com On Tue, Dec 18, 2012 at 11:07 PM, Matthew Flaschen mflasc...@wikimedia.orgwrote: On 12/18/2012 06:50 PM, bawolff wrote: On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel pleasest...@live.com wrote: Even if you do not check Remember my login on this browser, the username is saved for 180 days (which, by the way, is four times the duration set out in the WMF privacy policy). As far as I can tell, this feature has existed at least since the phase3 reorg in 2003, if not before then. Not really. The cookie expiration was bumped to 180 days back in August of 2011. Before that we had a shorter expiry. See https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given that the user has to agree to the remember me function, I do not feel this is a privacy concern. No, I tested and Kevin is correct. The remember me controls whether the user_token cookie is set: https://www.mediawiki.org/wiki/Manual:User_table#user_token . In practice, this means you will be logged in for 180 days. But even if you don't check it, your username and user id (but not password or being logged in) will be cached in a cookie for 180 days. I believe the relevant code starts at https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2845 . I have reported the 30 v. 180 discrepancy to le...@wikimedia.org Matt Flaschen ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Anonymous user id on wikipedia?
On 12/19/2012 12:47 AM, Tyler Romeo wrote: Maybe I'm missing something, but where is the 180 days number coming from. When User::setCookies() sets the cookies, it gives it no expiry, so in reality the cookie persists until the browser removes it. From User::setCookies(): foreach ( $cookies as $name = $value ) { if ( $value === false ) { $this-clearCookie( $name ); } else { $this-setCookie( $name, $value, 0, $secure ); } } From the doc comment for User::setCookie(): @param $exp Int Expiration time, as a UNIX time value; if 0 or not specified, use the default $wgCookieExpiration From WebResponse::setcookie(): if ( $expire == 0 ) { $expire = time() + $wgCookieExpiration; } From DefaultSettings.php: $wgCookieExpiration = 180*86400; -- Wikipedia user PleaseStand http://en.wikipedia.org/wiki/User:PleaseStand ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Anonymous user id on wikipedia?
On 12/19/2012 12:47 AM, Tyler Romeo wrote: Maybe I'm missing something, but where is the 180 days number coming from. When User::setCookies() sets the cookies, it gives it no expiry, so in reality the cookie persists until the browser removes it. Here (https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2864) User::setCookies calls User::setCookie (singular) with expiration 0 for UserID and UserName. I don't know where you see no expiration. However, User::setCookie (https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2794) itself says if 0 or not specified, use the default $wgCookieExpiration It actually calls WebResponse::setcookie (https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/WebResponse.php;h=e4677380f4d61a7b45fcdaa922c199499ac2a712;hb=refs/heads/master#l41). Both User::setCookie and WebResponse::setcookie default the $exp if it is not passed in, though it is in this case. setcookie does that expiration logic. 0 corresponds to expire = time() + $wgCookieExpiration. I don't see any way there can be an infinite cookie. Matt Flaschen ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Anonymous user id on wikipedia?
Ah, I see. Thanks for the explanation. It's a bit misleading, because in PHP's actual setcookie function, using 0 as the expiry makes it expire at the end of the session. *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com On Wed, Dec 19, 2012 at 1:07 AM, Matthew Flaschen mflasc...@wikimedia.orgwrote: On 12/19/2012 12:47 AM, Tyler Romeo wrote: Maybe I'm missing something, but where is the 180 days number coming from. When User::setCookies() sets the cookies, it gives it no expiry, so in reality the cookie persists until the browser removes it. Here ( https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2864 ) User::setCookies calls User::setCookie (singular) with expiration 0 for UserID and UserName. I don't know where you see no expiration. However, User::setCookie ( https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2794 ) itself says if 0 or not specified, use the default $wgCookieExpiration It actually calls WebResponse::setcookie ( https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/WebResponse.php;h=e4677380f4d61a7b45fcdaa922c199499ac2a712;hb=refs/heads/master#l41 ). Both User::setCookie and WebResponse::setcookie default the $exp if it is not passed in, though it is in this case. setcookie does that expiration logic. 0 corresponds to expire = time() + $wgCookieExpiration. I don't see any way there can be an infinite cookie. Matt Flaschen ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l