[Wikitech-l] getting Request object from EditPage

2012-12-18 Thread Yury Katkov
Hi guys!

I'm writing the EditPage::showEditForm:fields and I want to get a
Request object. The use of wgRequest considered to be deprecated, so
how is it possible to get request object in my hook function?

 static public function showBacklinks($editpage, $output){
 return true;
 }

Cheers,
Yury Katkov, WikiVote

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] getting Request object from EditPage

2012-12-18 Thread Yury Katkov
Of course I mean WebRequest class.
-
Yury Katkov, WikiVote



On Tue, Dec 18, 2012 at 4:48 PM, Yury Katkov katkov.ju...@gmail.com wrote:
 Hi guys!

 I'm writing the EditPage::showEditForm:fields and I want to get a
 Request object. The use of wgRequest considered to be deprecated, so
 how is it possible to get request object in my hook function?

  static public function showBacklinks($editpage, $output){
  return true;
  }

 Cheers,
 Yury Katkov, WikiVote

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Going to FOSDEM

2012-12-18 Thread Sébastien Santoro
On Tue, Dec 18, 2012 at 12:15 AM, Quim Gil q...@wikimedia.org wrote:
 On 12/14/2012 03:52 PM, Sébastien Santoro wrote:
 At least for me it was not evident to see in which room would MediaWiki
 sessions fit better. I was lucky since mine is about community, outreach
 etc, but a pure technical session...

 https://fosdem.org/2013/news/2012-11-01-cfp/

 Looking forward to meeting in you in Brussels!
Well... In fact, it works like this: a project or a group of projects
(NetBSD and FreeBSD work together for example) requests a DevRoom and
manage them.

So what should be done in 2013 is request early a MediaWiki devroom
for one day (and we should kindly but strongly secure the Saturday if
we've an outreach goal, as the interest, motivation of external people
is higher).

--
Best Regards,
Sébastien Santoro aka Dereckson
http://www.dereckson.be/

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Small tweak to Gerrit Verified category - tomorrow

2012-12-18 Thread Chad
On Mon, Dec 17, 2012 at 11:45 PM, Chad innocentkil...@gmail.com wrote:
 Hello,

 After some of the recent changes to the Gerrit workflow with
 Jenkins and Zuul, we've received some complaints about how
 Jenkins is reporting its results. Right now, it is using both the
 Verified and Code Review categories. This is bad because
 it gives you a false sense of what has been reviewed for most
 queries and dashboards.

 So tomorrow, we are going to tweak the way Jenkins reports
 back to Gerrit by extending the Verified vote range from -1..+1
 to -2..+2. This will allow Jenkins to give a range of results, all
 in the Verified category (and keeping it out of Code Review,
 which will once again only be for humans). The new Verified
 range will behave as Code Review does now (-2 is veto, +2 for
 submit).

 Linting jobs will receive Verified ±1 votes. Unit tests jobs
 (triggered after someone votes CR+2, as it currently is) will
 receive Verified ±2 votes.

 So, anyone who's got Verified permissions on a repository
 (project owners, this means you), beginning tomorrow at around
 13:00 UTC you will see extended Verified options. We'll let
 everyone know when this is complete.


This is complete. We noticed this morning that there was actually a
mistake in last night's e-mail: we did not add a Verified category for -2.
The current Verified options look as follows:

-1 : Fails
0  : No Score
1  : Checked
2  : Verified

Code Review is now back to being human-only. As always, please
reach out to us if you have any problems at all.

-Chad  Antoine

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] getting Request object from EditPage

2012-12-18 Thread Niklas Laxström
 On Tue, Dec 18, 2012 at 4:48 PM, Yury Katkov katkov.ju...@gmail.com wrote:
 Hi guys!

 I'm writing the EditPage::showEditForm:fields and I want to get a
 Request object. The use of wgRequest considered to be deprecated, so
 how is it possible to get request object in my hook function?

  static public function showBacklinks($editpage, $output){
  return true;
  }

OutputPage is a context source, so you can do $output-getRequest().
Less nicer way is $editpage-getArticle()-getContext()-getRequest().

  -Niklas

--
Niklas Laxström

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Deploying to test2 before other wikis

2012-12-18 Thread Rob Lanphier
Hi everyone,

My understanding is that some new extensions intended for widespread
deployment aren't getting deployed to test2.wikipedia.org before going
to other production wikis.  As I was discussing this with Chris
McMahon, he pointed out that there's no stated policy that this should
be done.

test2.wikipedia.org is basically a standard configuration wiki on the
production cluster that we use as the final place for testing before
going out to other production wikis.  Pretty much anything destined
for one of our top wikis or to a substantial number of smaller wikis
should go to test2.  That's especially true now that our QA team is
relying on test2 as an automated test target.

Is there any reason why this shouldn't be a stated policy?  If not,
where should we state the policy so that people are aware of it?

Rob

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Deploying to test2 before other wikis

2012-12-18 Thread Chad
On Tue, Dec 18, 2012 at 11:23 AM, Rob Lanphier ro...@wikimedia.org wrote:
 Hi everyone,

 My understanding is that some new extensions intended for widespread
 deployment aren't getting deployed to test2.wikipedia.org before going
 to other production wikis.  As I was discussing this with Chris
 McMahon, he pointed out that there's no stated policy that this should
 be done.

 test2.wikipedia.org is basically a standard configuration wiki on the
 production cluster that we use as the final place for testing before
 going out to other production wikis.  Pretty much anything destined
 for one of our top wikis or to a substantial number of smaller wikis
 should go to test2.  That's especially true now that our QA team is
 relying on test2 as an automated test target.

 Is there any reason why this shouldn't be a stated policy?  If not,
 where should we state the policy so that people are aware of it?


test is very similar, only it doesn't run off the full cluster, just a
single apache (and uses the nfs copy, so it's good to use before
scapping). Whatever policy we come up with should clarify when
to use test vs test2.

-Chad

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Deploying to test2 before other wikis

2012-12-18 Thread Petr Bena
It would be cool if part of that policy was testing on beta cluster which
is also supposed to be identicaly configured as production and is even
closer to production because the MediaWiki space is cloned from production
and on beta cluster we have replicated each production wiki with its custom
configuration


On Tue, Dec 18, 2012 at 5:23 PM, Rob Lanphier ro...@wikimedia.org wrote:

 Hi everyone,

 My understanding is that some new extensions intended for widespread
 deployment aren't getting deployed to test2.wikipedia.org before going
 to other production wikis.  As I was discussing this with Chris
 McMahon, he pointed out that there's no stated policy that this should
 be done.

 test2.wikipedia.org is basically a standard configuration wiki on the
 production cluster that we use as the final place for testing before
 going out to other production wikis.  Pretty much anything destined
 for one of our top wikis or to a substantial number of smaller wikis
 should go to test2.  That's especially true now that our QA team is
 relying on test2 as an automated test target.

 Is there any reason why this shouldn't be a stated policy?  If not,
 where should we state the policy so that people are aware of it?

 Rob

 ___
 Wikitech-l mailing list
 Wikitech-l@lists.wikimedia.org
 https://lists.wikimedia.org/mailman/listinfo/wikitech-l

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Going to FOSDEM

2012-12-18 Thread Quim Gil

On 12/18/2012 06:56 AM, Sébastien Santoro wrote:

On Tue, Dec 18, 2012 at 12:15 AM, Quim Gil q...@wikimedia.org wrote:

On 12/14/2012 03:52 PM, Sébastien Santoro wrote:
At least for me it was not evident to see in which room would MediaWiki
sessions fit better. I was lucky since mine is about community, outreach
etc, but a pure technical session...

https://fosdem.org/2013/news/2012-11-01-cfp/

Looking forward to meeting in you in Brussels!

Well... In fact, it works like this: a project or a group of projects
(NetBSD and FreeBSD work together for example) requests a DevRoom and
manage them.

So what should be done in 2013 is request early a MediaWiki devroom
for one day (and we should kindly but strongly secure the Saturday if
we've an outreach goal, as the interest, motivation of external people
is higher).


As someone that has been involved in let's requested a FOSDEM devroom 
discussions before, I believe that the outcome actually reflects how fit 
your project is to receive new contributors: if you don't make it is 
probably because you are not ready for it.


We were not ready for FOSDEM 2013 but I do hope we will be ready for 
FOSDEM 2014.


PS: established MediaWiki groups in Brussels, Paris, Amsterdam, London, 
Cologne, Berlin etc would definitely contribute to that goal (hint, hint).


--
Quim Gil
Technical Contributor Coordinator @ Wikimedia Foundation
http://www.mediawiki.org/wiki/User:Qgil

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Deploying to test2 before other wikis

2012-12-18 Thread Chris McMahon
On Tue, Dec 18, 2012 at 9:27 AM, Petr Bena benap...@gmail.com wrote:

 It would be cool if part of that policy was testing on beta cluster which
 is also supposed to be identicaly configured as production and is even
 closer to production because the MediaWiki space is cloned from production
 and on beta cluster we have replicated each production wiki with its custom
 configuration



This would be desirable, and is reflected in this request:
https://bugzilla.wikimedia.org/show_bug.cgi?id=43203

-Chris
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Deploying to test2 before other wikis

2012-12-18 Thread Arthur Richards
Until test2.wikipedia.org has a .m domain with an automatic redirect to it
for mobile devices, the mobile team will need to continue to use
test.wikipedia.org for final testing of MobileFrontend prior to deployment
(I opened an RT ticket for setting this up:
https://rt.wikimedia.org/Ticket/Display.html?id=4149).

I agree with Chad that it would be great to have better clarity around when
test vs test2 is appropriate, and for what.

On Tue, Dec 18, 2012 at 8:29 AM, Chris McMahon cmcma...@wikimedia.orgwrote:

 On Tue, Dec 18, 2012 at 9:27 AM, Petr Bena benap...@gmail.com wrote:

  It would be cool if part of that policy was testing on beta cluster which
  is also supposed to be identicaly configured as production and is even
  closer to production because the MediaWiki space is cloned from
 production
  and on beta cluster we have replicated each production wiki with its
 custom
  configuration
 


 This would be desirable, and is reflected in this request:
 https://bugzilla.wikimedia.org/show_bug.cgi?id=43203

 -Chris
 ___
 Wikitech-l mailing list
 Wikitech-l@lists.wikimedia.org
 https://lists.wikimedia.org/mailman/listinfo/wikitech-l




-- 
Arthur Richards
Software Engineer, Mobile
[[User:Awjrichards]]
IRC: awjr
+1-415-839-6885 x6687
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


[Wikitech-l] Sorting out MediaWiki @ social media

2012-12-18 Thread Quim Gil
Hi, a year ago there was a discussion without conclusions pushed by 
Guillaume: 
http://thread.gmane.org/gmane.science.linguistics.wikipedia.technical/56962/


Based on that discussion and the current state of things, I just posted 
a proposal at http://www.mediawiki.org/wiki/Talk:Social_media


Summary for the lazy email reader:  :)

* One and only one @mediawiki account for relevant project news. Sumana 
and me have access to it. Ideas welcome to improve the current situation.


* Only http://blog.wikimedia.org/c/technology/ and other potential 
curated sources will be aggregated. The rest will be edited manually.


* Accounts created by MediaWiki Groups will be followed.

* @wikimediatech is fine as a bot driven account. As soon as I find out 
who has access to that account I will propose a rename to something 
'mediawiki' for naming consistency (privately, this is like discussing 
domain names). Followers will be unaffected.


* And that's it. All the rest is to be cleaned.

--
Quim Gil
Technical Contributor Coordinator @ Wikimedia Foundation
http://www.mediawiki.org/wiki/User:Qgil

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Deploying to test2 before other wikis

2012-12-18 Thread Mark Holmquist
 Is there any reason why this shouldn't be a stated policy?  If not,
 where should we state the policy so that people are aware of it?

Considering that testwiki has a nice documentation page [0] and
test2wiki doesn't [1], I think we should probably clear that up before
announcing any policy.

[0] http://wikitech.wikimedia.org/view/Test.wikipedia.org
[1] http://wikitech.wikimedia.org/view/Test2.wikipedia.org

-- 
Mark Holmquist
Software Engineer, Wikimedia Foundation
mtrac...@member.fsf.org
http://marktraceur.info
* Sent from Ubuntu GNU/Linux *

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


[Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread Adam Wight
I've been digging around in our cookie jar, as part of my work with 
Fundraising, and I have a few questions about the cookies we set on 
anonymous users.


First, I am deeply impressed with the care we have taken to respond to 
the community's privacy concerns, and after first-hand experience 
negotiating with our lawyers to implement an additional cookie, I think 
that WMF deserves its place as a model to the rest of the internet.  I 
would like to help clean up or at least explain the few oversights I 
identify below, so that we can be fully confident that we are doing 
everything we can to prevent abuse of our visitors' privacy.


1) Anonymous users are given a 1-year cookie which uniquely identifies 
them.  After logging out and clearing all cookies from my browser, I 
visited en.wikipedia.org and received this cookie.  Why would an 
anonymous user be given an identifying token?
mediaWiki.user.id=oDNtHcMSeGMSZyRehhuC7ypQRuPEGk3a; expires=Wed, 18 
Dec 2013 18:25:38 GMT; path=/; domain=en.wikipedia.org


2) Anonymous users are enrolled in clicktracking.  I was surprised 
because the extension page at 
http://www.mediawiki.org/wiki/Extension:ClickTracking specifies that it 
affects users, and I think it should very explicitly state that it 
affects logged-in users and anonymous visitors if that is really the 
intention.
clicktracking-session=0orJJTU79otWR6x1m8ykUAyasVpZJBn2x; path=/; 
domain=en.wikipedia.org


3) Registered user's cookies are not cleared at logout.  This seems like 
a pretty basic fix.
enwikiUserName=Adamw; expires=Sun, 16 Jun 2013 18:43:51 GMT; path=/; 
domain=en.wikipedia.org; Secure; HttpOnly


Ideally, an anonymous user, whether or not they have ever been logged in 
as a registered user, will not transmit any personally identifying 
information in their requests.  All three of these cookies violate that 
principle.  I have not found any public debate on the issue, hopefully 
others are interested in this topic.


Regards,
Adam Wight

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Sorting out MediaWiki @ social media

2012-12-18 Thread Chad
On Tue, Dec 18, 2012 at 1:14 PM, Quim Gil q...@wikimedia.org wrote:
 * @wikimediatech is fine as a bot driven account. As soon as I find out who
 has access to that account I will propose a rename to something 'mediawiki'
 for naming consistency (privately, this is like discussing domain names).
 Followers will be unaffected.


This shouldn't be renamed imho, since it's not about MediaWiki--it's about
Wikimedia tech generally.

-Chad

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Sorting out MediaWiki @ social media

2012-12-18 Thread Quim Gil

On 12/18/2012 11:21 AM, Chad wrote:

On Tue, Dec 18, 2012 at 1:14 PM, Quim Gil q...@wikimedia.org wrote:

* @wikimediatech is fine as a bot driven account. As soon as I find out who
has access to that account I will propose a rename to something 'mediawiki'
for naming consistency (privately, this is like discussing domain names).
Followers will be unaffected.



This shouldn't be renamed imho, since it's not about MediaWiki--it's about
Wikimedia tech generally.


We agree on the meaning. Let's try to agree on the words.

This is a side effect of this ambiguous use of MediaWiki / 
Wikimedia-tech that we haven't resolved yet.


MediaWiki as in MediaWiki project, MediaWiki community, MediaWiki 
groups... Not just MediaWiki Core.


For outsiders, we can be found at mediawiki.org and therefore it's easy 
to identify us as MediaWiki. It's also easy to explain that MediaWiki 
powers Wikipedia. But explaining Wikimedia is more complex, and then 
making a cut to isolate Wikimedia tech is just too much for the casual 
reader.


Hence the idea of simplifying with MediaWiki as a general term.

For instance, the proposal says:

Description: News from the MediaWiki project. Powering Wikipedia and 
the Wikimedia movement.


--
Quim Gil
Technical Contributor Coordinator @ Wikimedia Foundation
http://www.mediawiki.org/wiki/User:Qgil

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Sorting out MediaWiki @ social media

2012-12-18 Thread Chad
On Tue, Dec 18, 2012 at 2:50 PM, Quim Gil q...@wikimedia.org wrote:
 On 12/18/2012 11:21 AM, Chad wrote:

 On Tue, Dec 18, 2012 at 1:14 PM, Quim Gil q...@wikimedia.org wrote:

 * @wikimediatech is fine as a bot driven account. As soon as I find out
 who
 has access to that account I will propose a rename to something
 'mediawiki'
 for naming consistency (privately, this is like discussing domain names).
 Followers will be unaffected.


 This shouldn't be renamed imho, since it's not about MediaWiki--it's about
 Wikimedia tech generally.


 We agree on the meaning. Let's try to agree on the words.

 This is a side effect of this ambiguous use of MediaWiki /
 Wikimedia-tech that we haven't resolved yet.

 MediaWiki as in MediaWiki project, MediaWiki community, MediaWiki
 groups... Not just MediaWiki Core.

 For outsiders, we can be found at mediawiki.org and therefore it's easy to
 identify us as MediaWiki. It's also easy to explain that MediaWiki powers
 Wikipedia. But explaining Wikimedia is more complex, and then making a cut
 to isolate Wikimedia tech is just too much for the casual reader.

 Hence the idea of simplifying with MediaWiki as a general term.

 For instance, the proposal says:

 Description: News from the MediaWiki project. Powering Wikipedia and the
 Wikimedia movement.


But I don't think that description is accurate at all. The MediaWiki project
refers to MediaWiki--not other WMF sites.

-Chad

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Sorting out MediaWiki @ social media

2012-12-18 Thread Quim Gil

On 12/18/2012 11:56 AM, Chad wrote:

But I don't think that description is accurate at all. The MediaWiki project
refers to MediaWiki--not other WMF sites.


Ok, if @wikimediatech is only distributing updates about 
http://wikitech.wikimedia.org/ then you are right and let's just leave 
the username as it is.


Still, can the description be perhaps improved?

Wikimedia Tech Team (identi.ca) or Wikimedia Tech Staff (Twitter) 
can be confused by outsiders as a place to know about all tech related 
activities. I wonder how many of the 80 / 535 followers (our highest 
numbers in any tech related account) fell in this confusion.


What about something more descriptive?

Wikimedia technical infrastructure updates.

Pointing to the MediaWiki account from the description would be also useful.

--
Quim Gil
Technical Contributor Coordinator @ Wikimedia Foundation
http://www.mediawiki.org/wiki/User:Qgil

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread Tyler Romeo
1) This I have no idea about, but it's definitely not in the core, because
my test wiki doesn't set this cookie. It has to be an extension.

2) users does not imply logged-in users. The extension page says it
tracks users' clicks, which is accurate as that is exactly what it does. If
it meant to say only logged in users, it would have said that. However, it
may be wise for a functionality to be introduced in that extension that
does actually restrict clicktracking to only logged in users if configured
that way. On the other hand, this isn't a privacy issue since it does not
associate the user's tracking with their identity in any way (even when
logged in, the clicktracking session is separate from their actual session).

3) That is done on purpose. It's a convenience feature. Notice how when you
logout and then go back to the login page that your username is already
filled in for you. AFAIK, it isn't used in any way by MediaWiki to identify
the user.

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerro...@gmail.com



On Tue, Dec 18, 2012 at 1:57 PM, Adam Wight awi...@wikimedia.org wrote:

 I've been digging around in our cookie jar, as part of my work with
 Fundraising, and I have a few questions about the cookies we set on
 anonymous users.

 First, I am deeply impressed with the care we have taken to respond to the
 community's privacy concerns, and after first-hand experience negotiating
 with our lawyers to implement an additional cookie, I think that WMF
 deserves its place as a model to the rest of the internet.  I would like to
 help clean up or at least explain the few oversights I identify below, so
 that we can be fully confident that we are doing everything we can to
 prevent abuse of our visitors' privacy.

 1) Anonymous users are given a 1-year cookie which uniquely identifies
 them.  After logging out and clearing all cookies from my browser, I
 visited en.wikipedia.org and received this cookie.  Why would an
 anonymous user be given an identifying token?

 mediaWiki.user.id=**oDNtHcMSeGMSZyRehhuC7ypQRuPEGk**3a; expires=Wed, 18
 Dec 2013 18:25:38 GMT; path=/; domain=en.wikipedia.org


 2) Anonymous users are enrolled in clicktracking.  I was surprised because
 the extension page at http://www.mediawiki.org/wiki/**
 Extension:ClickTrackinghttp://www.mediawiki.org/wiki/Extension:ClickTrackingspecifies
  that it affects users, and I think it should very explicitly
 state that it affects logged-in users and anonymous visitors if that is
 really the intention.

 clicktracking-session=**0orJJTU79otWR6x1m8ykUAyasVpZJB**n2x; path=/;
 domain=en.wikipedia.org


 3) Registered user's cookies are not cleared at logout.  This seems like a
 pretty basic fix.

 enwikiUserName=Adamw; expires=Sun, 16 Jun 2013 18:43:51 GMT; path=/;
 domain=en.wikipedia.org; Secure; HttpOnly


 Ideally, an anonymous user, whether or not they have ever been logged in
 as a registered user, will not transmit any personally identifying
 information in their requests.  All three of these cookies violate that
 principle.  I have not found any public debate on the issue, hopefully
 others are interested in this topic.

 Regards,
 Adam Wight

 __**_
 Wikitech-l mailing list
 Wikitech-l@lists.wikimedia.org
 https://lists.wikimedia.org/**mailman/listinfo/wikitech-lhttps://lists.wikimedia.org/mailman/listinfo/wikitech-l

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread Kevin Israel
On 12/18/2012 03:28 PM, Tyler Romeo wrote:
 1) This I have no idea about, but it's definitely not in the core, because
 my test wiki doesn't set this cookie. It has to be an extension.

Merely calling the mediaWiki.user.id() JavaScript function, which was
introduced into core MediaWiki in
https://www.mediawiki.org/wiki/Special:Code/MediaWiki/78539 , sets the
one-year cookie. Nothing in core MW (except for the corresponding QUnit
test) actually uses the function.

However, the following code in
extensions/E3Experiments/experiments/openTask.js does call that
function. I can confirm this code is executed merely by loading
Wikipedia's Main Page.

// FIXME for anons, calling mw.user.id() simply ensures the
// mediaWiki.user.id cookie is set, if it isn't already.
if ( !$.cookie( 'mediaWiki.user.id' ) )  {
if ( mw.user.id() === mw.user.getName() ) {
$.cookie( 'mediaWiki.user.id', generateId(), { expires:
365, path: '/' } );
}
}

 3) That is done on purpose. It's a convenience feature. Notice how when you
 logout and then go back to the login page that your username is already
 filled in for you. AFAIK, it isn't used in any way by MediaWiki to identify
 the user.

Even if you do not check Remember my login on this browser, the
username is saved for 180 days (which, by the way, is four times the
duration set out in the WMF privacy policy). As far as I can tell, this
feature has existed at least since the phase3 reorg in 2003, if not
before then.

-- 
Wikipedia user PleaseStand
http://en.wikipedia.org/wiki/User:PleaseStand

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread Ori Livneh
Dario attempted to respond but mailman is bouncing his message. Posting on his 
behalf.

From: Dario Taraborelli dtarabore...@wikimedia.org
Subject: Re: [Wikitech-l] Anonymous user id on wikipedia?
Date: December 18, 2012 2:09:56 PM PST
To: Wikimedia developers wikitech-l@lists.wikimedia.org

To further clarify the use of this randomly assigned token, we use 
mediawiki.user.id to count client events that occur as part of a given funnel. 
For example: we count impressions, button clicks or submit events to measure 
whether an experimental version of a feature has a higher conversion rate than 
the default version. We rely on tokens to be able to deduplicate event counts 
and make sure that when users reload a form multiple times this doesn't affect 
conversion measurements. These measurements are being used to optimize feature 
design and to assess the impact of small experiments run by the Foundation's 
editor engagement teams.

As Kevin notes, the cookie is set by the mw.user.id() function – which you can 
call and test in your browser's JS console – and it persists across browser 
sessions. The function is currently called by a number of extensions that need 
to set a token and assign users to a bucket or test condition as part of 
testing.

Dario


--
Ori Livneh


On Tuesday, December 18, 2012 at 1:41 PM, Kevin Israel wrote:

 On 12/18/2012 03:28 PM, Tyler Romeo wrote:
  1) This I have no idea about, but it's definitely not in the core, because
  my test wiki doesn't set this cookie. It has to be an extension.
  
  
  
 Merely calling the mediaWiki.user.id() JavaScript function, which was
 introduced into core MediaWiki in
 https://www.mediawiki.org/wiki/Special:Code/MediaWiki/78539 , sets the
 one-year cookie. Nothing in core MW (except for the corresponding QUnit
 test) actually uses the function.
  
 However, the following code in
 extensions/E3Experiments/experiments/openTask.js does call that
 function. I can confirm this code is executed merely by loading
 Wikipedia's Main Page.
  
 // FIXME for anons, calling mw.user.id() simply ensures the
 // mediaWiki.user.id cookie is set, if it isn't already.
 if ( !$.cookie( 'mediaWiki.user.id' ) ) {
 if ( mw.user.id() === mw.user.getName() ) {
 $.cookie( 'mediaWiki.user.id', generateId(), { expires:
 365, path: '/' } );
 }
 }
  
  3) That is done on purpose. It's a convenience feature. Notice how when you
  logout and then go back to the login page that your username is already
  filled in for you. AFAIK, it isn't used in any way by MediaWiki to identify
  the user.
  
  
  
 Even if you do not check Remember my login on this browser, the
 username is saved for 180 days (which, by the way, is four times the
 duration set out in the WMF privacy policy). As far as I can tell, this
 feature has existed at least since the phase3 reorg in 2003, if not
 before then.
  
 --  
 Wikipedia user PleaseStand
 http://en.wikipedia.org/wiki/User:PleaseStand
  
 ___
 Wikitech-l mailing list
 Wikitech-l@lists.wikimedia.org (mailto:Wikitech-l@lists.wikimedia.org)
 https://lists.wikimedia.org/mailman/listinfo/wikitech-l




___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread bawolff
On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel pleasest...@live.com wrote:


 Even if you do not check Remember my login on this browser, the
 username is saved for 180 days (which, by the way, is four times the
 duration set out in the WMF privacy policy). As far as I can tell, this
 feature has existed at least since the phase3 reorg in 2003, if not
 before then.

Not really. The cookie expiration was bumped to 180 days back in
August of 2011.  Before that we had a shorter expiry. See
https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given
that the user has to agree to the remember me function, I do not feel
this is a privacy concern.

Ideally, an anonymous user, whether or not they have ever been logged in as a 
registered user, will not transmit any personally identifying information in 
their requests.

I'm not sure, but I thought I heard somewhere that we give logged out
users cookies to ensure that some local caching is invalidated.

-bawolff

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


[Wikitech-l] ganglia temporarily private

2012-12-18 Thread Peter Youngmeister
Hi All,

Due to some security concerns, ganglia.w.o is currently behind htaccess.
We're actively working to resolve the security issues, and will restore
public access once they are resolved.

Sorry for the inconvenience!

Cheers,
Peter
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread Tyler Romeo

 I'm not sure, but I thought I heard somewhere that we give logged out
 users cookies to ensure that some local caching is invalidated.

This is true. I believe it has to do with Squid and how it uses cookies to
determine whether to serve a cached page or not.

 I'm a little uneasy about this tracking, but I can understand the
reasoning behind it.

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerro...@gmail.com



On Tue, Dec 18, 2012 at 6:50 PM, bawolff bawolff...@gmail.com wrote:

 On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel pleasest...@live.com
 wrote:

 
  Even if you do not check Remember my login on this browser, the
  username is saved for 180 days (which, by the way, is four times the
  duration set out in the WMF privacy policy). As far as I can tell, this
  feature has existed at least since the phase3 reorg in 2003, if not
  before then.

 Not really. The cookie expiration was bumped to 180 days back in
 August of 2011.  Before that we had a shorter expiry. See
 https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given
 that the user has to agree to the remember me function, I do not feel
 this is a privacy concern.

 Ideally, an anonymous user, whether or not they have ever been logged in
 as a registered user, will not transmit any personally identifying
 information in their requests.

 I'm not sure, but I thought I heard somewhere that we give logged out
 users cookies to ensure that some local caching is invalidated.

 -bawolff

 ___
 Wikitech-l mailing list
 Wikitech-l@lists.wikimedia.org
 https://lists.wikimedia.org/mailman/listinfo/wikitech-l

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread Matthew Flaschen
On 12/18/2012 06:50 PM, bawolff wrote:
 On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel pleasest...@live.com wrote:
 

 Even if you do not check Remember my login on this browser, the
 username is saved for 180 days (which, by the way, is four times the
 duration set out in the WMF privacy policy). As far as I can tell, this
 feature has existed at least since the phase3 reorg in 2003, if not
 before then.
 
 Not really. The cookie expiration was bumped to 180 days back in
 August of 2011.  Before that we had a shorter expiry. See
 https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given
 that the user has to agree to the remember me function, I do not feel
 this is a privacy concern.

No, I tested and Kevin is correct.  The remember me controls whether
the user_token cookie is set:
https://www.mediawiki.org/wiki/Manual:User_table#user_token .  In
practice, this means you will be logged in for 180 days.

But even if you don't check it, your username and user id (but not
password or being logged in) will be cached in a cookie for 180 days.

I believe the relevant code starts at
https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2845
.

I have reported the 30 v. 180 discrepancy to le...@wikimedia.org

Matt Flaschen

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread Tyler Romeo
Maybe I'm missing something, but where is the 180 days number coming from.
When User::setCookies() sets the cookies, it gives it no expiry, so in
reality the cookie persists until the browser removes it.

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerro...@gmail.com



On Tue, Dec 18, 2012 at 11:07 PM, Matthew Flaschen
mflasc...@wikimedia.orgwrote:

 On 12/18/2012 06:50 PM, bawolff wrote:
  On Tue, Dec 18, 2012 at 5:41 PM, Kevin Israel pleasest...@live.com
 wrote:
 
 
  Even if you do not check Remember my login on this browser, the
  username is saved for 180 days (which, by the way, is four times the
  duration set out in the WMF privacy policy). As far as I can tell, this
  feature has existed at least since the phase3 reorg in 2003, if not
  before then.
 
  Not really. The cookie expiration was bumped to 180 days back in
  August of 2011.  Before that we had a shorter expiry. See
  https://www.mediawiki.org/wiki/Special:Code/MediaWiki/94430 . Given
  that the user has to agree to the remember me function, I do not feel
  this is a privacy concern.

 No, I tested and Kevin is correct.  The remember me controls whether
 the user_token cookie is set:
 https://www.mediawiki.org/wiki/Manual:User_table#user_token .  In
 practice, this means you will be logged in for 180 days.

 But even if you don't check it, your username and user id (but not
 password or being logged in) will be cached in a cookie for 180 days.

 I believe the relevant code starts at

 https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2845
 .

 I have reported the 30 v. 180 discrepancy to le...@wikimedia.org

 Matt Flaschen

 ___
 Wikitech-l mailing list
 Wikitech-l@lists.wikimedia.org
 https://lists.wikimedia.org/mailman/listinfo/wikitech-l

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread Kevin Israel
On 12/19/2012 12:47 AM, Tyler Romeo wrote:
 Maybe I'm missing something, but where is the 180 days number coming from.
 When User::setCookies() sets the cookies, it gives it no expiry, so in
 reality the cookie persists until the browser removes it.

From User::setCookies():
foreach ( $cookies as $name = $value ) {
if ( $value === false ) {
$this-clearCookie( $name );
} else {
$this-setCookie( $name, $value, 0, $secure );
}
}

From the doc comment for User::setCookie():
@param $exp Int Expiration time, as a UNIX time value; if 0 or not
specified, use the default $wgCookieExpiration

From WebResponse::setcookie():
if ( $expire == 0 ) {
$expire = time() + $wgCookieExpiration;
}

From DefaultSettings.php:
$wgCookieExpiration = 180*86400;

-- 
Wikipedia user PleaseStand
http://en.wikipedia.org/wiki/User:PleaseStand

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread Matthew Flaschen
On 12/19/2012 12:47 AM, Tyler Romeo wrote:
 Maybe I'm missing something, but where is the 180 days number coming from.
 When User::setCookies() sets the cookies, it gives it no expiry, so in
 reality the cookie persists until the browser removes it.

Here
(https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2864)
User::setCookies calls User::setCookie (singular) with expiration 0 for
UserID and UserName.  I don't know where you see no expiration.

However, User::setCookie
(https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2794)
itself says if 0 or not specified, use the default $wgCookieExpiration

It actually calls WebResponse::setcookie
(https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/WebResponse.php;h=e4677380f4d61a7b45fcdaa922c199499ac2a712;hb=refs/heads/master#l41).
 Both User::setCookie and WebResponse::setcookie default the $exp if it
is not passed in, though it is in this case.  setcookie does that
expiration logic.

0 corresponds to expire = time() + $wgCookieExpiration.

I don't see any way there can be an infinite cookie.

Matt Flaschen

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Re: [Wikitech-l] Anonymous user id on wikipedia?

2012-12-18 Thread Tyler Romeo
Ah, I see. Thanks for the explanation. It's a bit misleading, because in
PHP's actual setcookie function, using 0 as the expiry makes it expire at
the end of the session.

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerro...@gmail.com



On Wed, Dec 19, 2012 at 1:07 AM, Matthew Flaschen
mflasc...@wikimedia.orgwrote:

 On 12/19/2012 12:47 AM, Tyler Romeo wrote:
  Maybe I'm missing something, but where is the 180 days number coming
 from.
  When User::setCookies() sets the cookies, it gives it no expiry, so in
  reality the cookie persists until the browser removes it.

 Here
 (
 https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2864
 )
 User::setCookies calls User::setCookie (singular) with expiration 0 for
 UserID and UserName.  I don't know where you see no expiration.

 However, User::setCookie
 (
 https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/User.php;h=28ff63004797bdf8c1bcb1696a7526f294b3a283;hb=refs/heads/master#l2794
 )
 itself says if 0 or not specified, use the default $wgCookieExpiration

 It actually calls WebResponse::setcookie
 (
 https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes/WebResponse.php;h=e4677380f4d61a7b45fcdaa922c199499ac2a712;hb=refs/heads/master#l41
 ).
  Both User::setCookie and WebResponse::setcookie default the $exp if it
 is not passed in, though it is in this case.  setcookie does that
 expiration logic.

 0 corresponds to expire = time() + $wgCookieExpiration.

 I don't see any way there can be an infinite cookie.

 Matt Flaschen

 ___
 Wikitech-l mailing list
 Wikitech-l@lists.wikimedia.org
 https://lists.wikimedia.org/mailman/listinfo/wikitech-l

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l