[00:00:00] <domas>	 twitter/facebook/whicheverotheraccount
[00:00:04] <Ryan_Lane>	 that's possible without login with facebook
[00:00:14] <StevenW>	 I smell a testable hypothesis ;)
[00:00:20] <domas>	 yeah, by putting stuff into user page? 
[00:00:42] <Ryan_Lane>	 it's doable with OAuth
[00:01:21] <Ryan_Lane>	 in fact, basically everything you are suggesting is
[00:01:50] <domas>	 there're lots of experiments that can be suggested
[00:02:11] <Ryan_Lane>	 and I bet that almost none of them require "log in with facebook"
[00:02:55] <domas>	 log in with openid! 
[00:03:05] <Ryan_Lane>	 I also dislike openid as a consumer
[00:03:17] <Ryan_Lane>	 except as a substitute for SSO
[00:03:22] <Ryan_Lane>	 where the consumer is forced
[00:04:37] <jeremyb>	 i dislike saml where the implementation involves a 60 sec wait at a white screen of death before moving on to the next step. (that's what my cable company does when i log in)
[00:04:46] * jeremyb  has complained about this before

[00:04:57] <Ryan_Lane>	 jeremyb: that's just a piss-poor implementation
[00:05:09] <jeremyb>	 Ryan_Lane: hence the where clause :)
[00:06:30] <domas>	 log in with diaspora sounds awesome though
[00:07:14] <Ryan_Lane>	 :D
[00:08:27] <domas>	 anyway, it is kinda odd, trusting plaintext smtp and plaintext http as authentication
[00:09:01] <domas>	 of course, principal position could be "open only", so going after solutions like Persona
[00:09:09] <domas>	 would I like something like that to happen? sure
[00:12:11] <Ryan_Lane>	 I'd prefer something like persona, yes
[00:12:39] <Ryan_Lane>	 that requires buy-in from most identity providers, though, and it cuts into their business model
[00:13:03] <Ryan_Lane>	 so there's no real incentive for them to do it
[00:13:44] <domas>	 surprise, thats what free market brings you
[00:14:37] <Ryan_Lane>	 when there's little to no restriction to the tracking and privacy of users, yep
[00:14:46] <domas>	 there are restrictions
[00:15:24] <Ryan_Lane>	 I did say "little to no", right? :)
[00:15:30] <domas>	 wikimedia operates under US law, other companies operate under both US and EU 
[00:15:43] <domas>	 so you may have wrong impression
[00:16:13] <Ryan_Lane>	 it's allowed to track users across the internet
[00:17:37] <Ryan_Lane>	 it's allowed to track identities across sites via the "log me in with" functionality so that companies can create massive profiles on users
[00:17:44] <TimStarling>	 plaintext SMTP is not so bad, compared to plaintext HTTP
[00:18:05] <domas>	 GSM providers track your location! 
[00:18:06] <domas>	 [hint: that is needed to make a call]
[00:18:11] <jeremyb>	 TimStarling: because probably neither end is on unsecured wifi?
[00:18:12] <TimStarling>	 most people don't run SMTP servers over unsecured wifi
[00:19:03] <TimStarling>	 as long as you use SSL for actually checking mail
[00:19:10] <domas>	 also, there are different legislations
[00:19:10] <domas>	 you may be limited to US view
[00:21:19] <domas>	 wikimedia also 'tracks' when I move among different wikimedia projects
[00:21:19] <domas>	 tracks when I click the donation banner
[00:21:40] <domas>	 it even uses cookies
[00:21:44] <domas>	 to determine whether to show me banners
[00:21:44] <domas>	 :)
[00:22:16] <domas>	 Ryan_Lane: depends on implementation
[00:22:34] <domas>	 Ryan_Lane: log-me-in may exist only on 'login.wikimedia'
[00:22:48] <TimStarling>	 do you think we should have a Tor hidden service?
[00:22:57] <TimStarling>	 just a super simple one, probably read-only
[00:23:12] <TimStarling>	 I've been thinking about the security of HTTPS
[00:24:15] <TimStarling>	 it wouldn't be surprising if our private HTTPS certs were held by any interested US govt agency and any government agency of a US ally, would it?
[00:24:28] <TimStarling>	 they could just get them from DigiCert
[00:24:33] <csteipp>	 private key?
[00:24:44] <TimStarling>	 with a Tor hidden service, they'd have to get the private key from us
[00:25:01] <csteipp>	 does digicert have our key?
[00:25:05] <domas>	 TimStarling: can use perfect forward secrecy etc
[00:25:14] <csteipp>	 yes, please
[00:25:15] <TimStarling>	 yeah, I've been reading about PFS this morning
[00:25:26] <domas>	 why would CAs have private certs?
[00:25:34] <domas>	 they have just public keys
[00:25:48] <domas>	 unless of course someone uploaded private keys to them
[00:25:48] <domas>	 :)
[00:26:20] <TimStarling>	 yes, ok, maybe I misunderstood how CAs work
[00:26:23] <csteipp>	 thats what i thought. i was worries someone in ops had given it to them for some reason...
[00:26:45] <domas>	 TimStarling: how dare you
[00:26:50] <csteipp>	 yeah, they should just sign our public key, and we send that off to everyone...
[00:26:53] <domas>	 TimStarling: you're working at top5 website
[00:26:59] <domas>	 you should know better
[00:27:24] * domas  just got a fundraising banner \o/

[00:27:34] <Prodego>	 its ok, its only 6 by some metrics 
[00:28:00] <domas>	 yup
[00:28:04] <domas>	 logged in users
[00:28:08] <domas>	 :)
[00:29:03] <TimStarling>	 still, a Tor hidden service would be interesting for other reasons, wouldn't it?
[00:29:12] <domas>	 sure
[00:29:27] * domas  remembers Berlin/Tor/CCC incident :)

[00:31:34] <Prodego>	 TimStarling: just as a fun thing to do though, mostly?
[00:32:22] <Prodego>	 for a site like Wikipedia that is read only for the vast majority of users (anyone happen to know the numbers?) a tor hidden service doesn't give you a whole lot
[00:33:30] <domas>	 well, wikipedian tinfoil hat speculations only work about other stuff
[00:33:34] <domas>	 doesn't apply to wikipedia itself
[00:33:48] <domas>	 why would you care what people are reading if you can see their google searches, right?
[00:37:02] <jeremyb>	 TimStarling: why not allow hidden service for all global ipbe ppl?
[00:37:11] <jeremyb>	 (including writes)
[00:37:40] <domas>	 how's the perf of those services, by the way?
[00:38:12] <domas>	 is wikimedia participating in http2.0 discussions?
[00:38:25] <jeremyb>	 maybe the CAs don't have the wikimedia keys but at least they can sign new certs with CN=*.wikipedia.org for the government
[00:38:37] <domas>	 jeremyb: there's SSL observatory, that would catch that
[00:38:40] <TimStarling>	 jeremyb: ipbe?
[00:38:57] <TimStarling>	 domas: depends on how narrow the targeting is
[00:39:08] <Prodego>	 jeremyb: is that an advantage over a tor hidden service though? I have no idea how those keys are distributed
[00:39:33] <lazyktm>	 ipbe = ip block exemption
[00:39:52] <domas>	 TimStarling: true, although for practical application it has to be wide enough
[00:40:36] <jeremyb>	 domas: maybe... i was thinking it would be to target specific users
[00:40:50] <jeremyb>	 TimStarling: what lazyktm said
[00:40:56] <domas>	 if you're targeting specific users you don't need to sniff their traffic anymore
[00:40:58] <domas>	 you already found them
[00:40:59] <domas>	 :)
[00:41:03] <jeremyb>	 Prodego: which keys?
[00:41:17] <jeremyb>	 hah domas
[00:41:19] <Prodego>	 jeremyb: the public key for the hidden service
[00:41:20] <TimStarling>	 jeremyb: well, two reasons
[00:42:16] <TimStarling>	 one is that working out whether a user is ipblock-exempt and displaying appropriate error messages when they are not is beyond what I mean by "super simple"
[00:42:32] <TimStarling>	 another is that even ipblock-exempt users can DoS the site
[00:42:57] <domas>	 DoS over Tor?
[00:43:13] <domas>	 ah, action=parse, yeah
[00:43:18] <domas>	 already forgot about these!
[00:43:39] <TimStarling>	 yeah, it only takes 7 requests, see https://en.wikipedia.org/wiki/User_talk:Timrollpickering#Template_null_edits
[00:44:10] <TimStarling>	 7 requests generating 22 million parse operations in the job queue
[00:44:15] <jeremyb>	 TimStarling: uhhhh, then only let them log in at all if they're ipbe?
[00:44:18] <domas>	 <3
[00:44:18] <jeremyb>	 idk
[00:44:20] <TimStarling>	 some amplification right?
[00:44:31] <jeremyb>	 or don't allow purge via hidden service
[00:46:20] <jeremyb>	 hrmmmm
[00:47:31] <domas>	 oh yay, twitter added two factor auth
[00:48:11] <jeremyb>	 orly
[00:48:17] <James_F>	 domas: Clearly we need to do that.
[00:48:31] <jeremyb>	 https://blog.twitter.com/2013/getting-started-login-verification
[00:48:41] <jeremyb>	 James_F: we already did
[00:48:48] <jeremyb>	 James_F: OATHauth
[00:49:08] <jeremyb>	 errr, OATHAuth*
[00:49:31] <James_F>	 jeremyb: Remind me again about that being live in production for user accounts? :-)
[00:49:40] <domas>	 yup, it is also very easy to use
[00:49:47] <domas>	 just as easy as using a phone number
[00:50:21] <domas>	 oh yay, market street
[00:50:41] <jeremyb>	 James_F: well not every service supports it i gues. but at least the main wiki does. (wikitech)
[00:50:46] <jeremyb>	 guess*
[00:51:00] <jeremyb>	 i wonder how you'd integrate that with HTTP Basic Auth
[00:51:07] <James_F>	 jeremyb: "main wiki"? ;-)
[00:51:20] <p858snake|l>	 main wiki, um lol
[01:12:16] <Prodego>	 I always thought those were mostly an excuse to get your phone number
[08:33:58] <BadDesign>	 Are the Wikipedia dumps UTF-8 encoded?
[08:36:26] <J_Milburn>	 If anyone could help- when I try to access Wikipedia on Firefox, I get this screen- http://imgur.com/64cyntG It doesn't seem to apply to any other site, which are working fine, and doesn't apply to Chrome. Any ideas?
[08:39:09] <BadDesign>	 regardless of the language the XML dumps are always UTF-8 encoded?
[08:42:20] <p858snake|l>	 J_Milburn: is your internet going through any sort of local proxy?
[08:42:37] <p858snake|l>	 J_Milburn: can you do a traceroute and post the results
[08:42:44] <J_Milburn>	 How do I do that?
[08:43:02] <p858snake|l>	 oh wait, doesn't apply to chrome
[08:43:17] <p858snake|l>	 check what extensions you have installed in your firefox instance
[08:46:12] <J_Milburn>	 Adblock Plus, Chatzilla, ColourfulTabs, SiteAdvisor, TabMixPlus and TinEye
[08:49:55] <J_Milburn>	 None of which were installed recently
[08:51:38] <J_Milburn>	 I can actually access www.wikipedia.org, and even foreign language Wikipedias.
[08:52:06] <J_Milburn>	 Could someone link a page on the secure server? I could try with that
[08:55:02] <hashar>	 J_Milburn: just add https ?
[08:55:40] <J_Milburn>	 Yep, that works
[08:55:51] <J_Milburn>	 Thanks
[12:31:26] <odder>	 [9d2201c5] 2013-07-10 12:31:12: Fatal exception of type MWException
[12:31:32] <odder>	 awesome, and how helpful!
[12:31:39] <hoo>	 Reedy: ^
[12:32:26] <odder>	 [6b584201] 2013-07-10 12:32:15: Fatal exception of type MWException
[12:33:20] * hoo  wishes he could look these up himself

[12:33:37] <odder>	 just FYI, this prevents me from submitting a change to [[m:Tech/News]]
[12:33:53] <hoo>	 mh...
[12:34:19] <hoo>	 Wild guess: Translate extension
[12:34:32] <odder>	 that's my guess too :-)
[12:37:02] <odder>	 on a completely unrelated note
[12:37:03] <odder>	 https://meta.wikimedia.org/w/index.php?title=Template:TOC-right&action=edit
[12:37:08] <odder>	 https://meta.wikimedia.org/w/index.php?title=Template:TOCright&action=edit
[12:37:09] <odder>	 https://meta.wikimedia.org/w/index.php?title=Template:TOC_right&action=edit
[12:37:12] <odder>	 I love Wikimedians <3<3<3
[12:37:51] <hoo>	 reminds me of: "* Style again! This seems like a code duplication since we already have
[12:37:51] <hoo>	 	 * mStyles. This is what makes OpenSource amazing."
[12:37:59] <hoo>	 in OutputPage that is
[12:48:03] <odder>	 oh dear. that doesn't look like a temporary problem.
[12:49:45] <hoo>	 ...
[12:49:59] <odder>	 !b 50973
[12:50:00] <wm-bot>	 https://bugzilla.wikimedia.org/50973
[12:50:22] <odder>	 I'm getting this on 'save', not 'preview'
[16:16:08] <Svick>	 apergos: hello
[16:16:12] <apergos>	 hey
[16:16:21] * apergos  looks around for pare... no tab complete

[16:16:35] <Svick>	 yeah, he doesn't seem to be here
[16:16:42] <apergos>	 pingd in gtalk
[16:17:12] <apergos>	 we'll see if he shows up in a couple minutes, otherwise it's logged so..
[16:23:23] <apergos>	 ok he can read the logs :-D
[16:23:34] <apergos>	 no commit today (yet) I see... how are things going?
[16:25:54] <Svick>	 reasonably well, i can now write page metadata to the dump, next i'll make sure i can also read them back and then writing revisions
[16:26:11] <apergos>	 oohh nice
[16:26:17] * apergos  itches for a makefile :-P

[16:26:27] <apergos>	 maybe over the weekend? 
[16:26:29] <apergos>	 :-)
[16:29:48] <Svick>	 about that: my father is in a hospital (on the other side of the country), so i'm going to go and visit him; i'll probably leave friday and stay there over the weekend; i'll try to work as well, but i'm not sure how much
[16:30:11] <apergos>	 ok
[16:30:15] <apergos>	 family first obviously
[16:30:36] <Svick>	 thanks for understanding
[16:31:05] <apergos>	 nothing to understand; first off, weekends are off time unless you gotta make a deadline, and second family is always priority
[16:31:07] <apergos>	 anyways
[16:31:21] <apergos>	 maybe friday a Makefile? :-D
[16:31:22] <Svick>	 on the other hand, i might not have Visual Studio there, so it might be a good time to create the makefile
[16:31:48] <Svick>	 yeah, i'll try
[16:32:00] <apergos>	 ok
[16:32:22] <apergos>	 anything troublesome or areas you want to discuss today?
[16:32:36] <apergos>	 (I saw the mail, seems about right)
[16:32:54] <Svick>	 nothing today
[16:33:17] <apergos>	 ok... well I have nothing today either, and didn't get time to read the delta compression paper
[16:33:22] <apergos>	 that might be my weekend
[16:33:37] <apergos>	 in which case... have a good rest of your evening and see you here tomorrow!
[16:34:24] <Svick>	 yeah, i read it yesterday and it contained some pointers to existing implementations and interesting details about them (the multiple pointers part, when you get to it)
[16:34:59] <apergos>	 ok, I'll keep that in  mind, thanks
[16:35:25] <Svick>	 ok, see you
[16:35:51] <apergos>	 see ya
[17:21:54] <Nemo_bis>	 varnish on beta may be a bit too picky, even 1-revision import fails
[17:21:55] <Nemo_bis>	 Request: POST http://commons.wikimedia.beta.wmflabs.org/w/index.php?title=Special:Import&action=submit, from 93.50.129.38 via deployment-cache-text1 frontend ([10.4.1.133]:80), Varnish XID 69972620
[17:22:00] <Nemo_bis>	 Forwarded for: 93.50.129.38
[17:22:02] <Nemo_bis>	 Error: 503, Service Unavailable at Wed, 10 Jul 2013 17:21:06 GMT
[17:22:30] <Nemo_bis>	 though in the end http://commons.wikimedia.beta.wmflabs.org/wiki/France appeared
[18:50:34] <domas>	 ohi
[18:50:39] <domas>	 freenode being stupid today?
[18:50:43] <legoktm>	 yeah
[18:50:51] <legoktm>	 being ddos'd apparently
[18:51:13] <domas>	 now you know my IP!
[18:52:26] <paravoid>	 tfbnw.net? heh
[18:52:53] <apergos>	 the ddos thang has been going on for weeks and weeks off and on
[18:53:06] <apergos>	 I would hate to be one of their admins, it must have gotten really old
[18:54:08] * odder  mumbles something about him having sent an e-mail to domas in February

[18:54:23] <domas>	 oh yes, might have happened!
[18:54:27] <domas>	 I'm always on IRC
[18:54:29] <domas>	 why are you sending me emails?
[18:54:47] <odder>	 I don't think you were on IRC in February :)
[18:55:11] <Prodego>	 domas (~midom@127.0.0.1)
[18:55:18] <Prodego>	 :)
[18:55:58] <paravoid>	 maybe giving them a few hardware boxes isn't such a bad idea
[18:56:22] <domas>	 nah
[18:56:25] <domas>	 they're annoying
[18:56:43] <paravoid>	 with one gigabit how much damage can they do
[18:57:31] <apergos>	 we would want to make sure that was very isolated from everything else
[18:57:40] <apergos>	 but I'm not opposed in principle
[18:59:02] <Nemo_bis>	 this was discussed in Internal-l some years ago btw
[18:59:53] <odder>	 don't trust him, he got unsubscribed from that list in 2008
[19:00:41] <YuviPanda>	 A labs project was created, but then we noped out.
[19:02:16] <Nemo_bis>	 2010 actually, though I asked in 2009
[19:16:26] <Prodego>	 could always run your own irc network
[19:16:33] <Prodego>	 though that requires actually running the network
[19:18:51] <Reedy>	 We already do ;)
[19:19:47] <JD|cloud>	 Prodego: lol I suggested that a few weeks ago
[19:21:39] <Prodego>	 JD|cloud: yea well don't worry it will never happen :)
[19:22:09] <Prodego>	 Reedy: one beyond the recent changes one, or just the recent changes one
[19:27:36] <MatmaRex_>	 odder: https://meta.wikimedia.org/w/index.php?title=Tech/News/2013/29&diff=5642314&oldid=5642122
[19:28:14] <MatmaRex_>	 odder: i think what i wrote there is slightly too long, eh.
[19:29:52] <legoktm>	 MatmaRex_: :o so we need to remove all the "[[Special:Tags|Tag]]: " in front of the message?
[19:30:02] <odder>	 MatmaRex_: that's OK, we can work on it later
[19:30:09] <odder>	 thanks for adding this
[19:31:15] <MatmaRex_>	 legoktm: no – you *can* finally do that!:D
[19:32:45] <legoktm>	 er wait.
[19:32:49] <legoktm>	 so what needs to be done?
[19:33:07] <MatmaRex_>	 yeah, you probably need to do that, yes
[19:33:15] <legoktm>	 ok
[19:33:16] <MatmaRex_>	 unless you want to see "Tag: Tag:" everywhere
[19:33:28] <MatmaRex_>	 :)
[20:33:04] <Nemo_bis>	 James_F: speaking of tags, there are still some reports open about VE tag on TWN https://translatewiki.net/wiki/User:Jdforrester
[20:46:14] <greg-g>	 (ignore me for a moment)
[20:46:16] <greg-g>	 !semantic
[20:46:16] <wm-bot>	 Not many people around here use Semantic Mediawiki or the other Semantic extensions. You might try asking in #semantic-mediawiki
[20:46:28] <greg-g>	 oh, wrong channel
[20:46:44] <Technical_13>	 :0 greg-g!!!!
[20:47:00] <greg-g>	 ;)
[20:51:55] <James_F>	 Nemo_bis: Eurgh. Successful e-mail from TWN. Not. :-(
[20:54:02] <Nemo_bis_>	 James_F: I told you, RSS is only option for now :/
[20:55:18] <Nemo_bis_>	 you can help by finding reviewers for https://gerrit.wikimedia.org/r/#/c/58285/ or merging some enotif settings defaults changes :P
[20:55:29] <Nemo_bis_>	 though it would still not help your specific use case here
[20:56:36] <James_F>	 Nemo_bis: So… I /can't/ help? :-P
[20:57:03] <Nemo_bis>	 you can help others, or yourself with a decent workaround :P
[20:57:16] <Nemo_bis>	 is email really superior to feeds? :)
[20:58:15] <James_F>	 Nemo_bis: Given I read one and not the other, clearly. :-)
[20:58:39] <Nemo_bis>	 we need a RSS -> email bridge
[20:58:48] <Nemo_bis>	 I think they exist, hmm
[20:58:56] <MatmaRex_>	 you need a client that handles both
[20:59:09] <MatmaRex_>	 (by which i mean, Opera. :P)
[20:59:35] <Nemo_bis>	 I already have one
[20:59:41] <Nemo_bis>	 (by which I mean, Thunderbird)
[21:01:58] <James_F>	 MatmaRex_: Client-side software for reading e-mail? Wow.
[21:02:03] * James_F  doesn't live in the 18th Century.

[21:02:43] <MatmaRex_>	 James_F: it's more efficient.
[21:02:47] <mutante>	 RSS2Jabber gateway ftw
[21:02:53] <mutante>	 eh, s/RSS/Atom
[21:05:33] <Nemo_bis>	 I love Thunderbird's search
[21:06:02] <Nemo_bis>	 + http://identi.ca/notice/53181733
[21:06:39] <Nemo_bis>	 I just don't think one can survive foundation-l with Gmail
[22:55:36] <kaldari>	 greg-g: Do you know how to get Jenkins code verification added to a new extension?
[22:56:17] <greg-g>	 kaldari: not at all
[22:56:45] <mutante>	 kaldari: add a .gitreview file 
[22:57:10] <mutante>	 i think Reedy just did for a bunch who were missing it
[22:57:18] <kaldari>	 it's had a .gitreview file since the first check-in last year
[22:57:39] <kaldari>	 does it need anything special in the .gitreview file?
[22:58:18] <mutante>	 kaldari: what's the extension called?
[22:58:31] <kaldari>	 Disambiguator. See comments at https://gerrit.wikimedia.org/r/#/c/73008/
[22:58:50] <mutante>	 it should look kind of like this  https://gerrit.wikimedia.org/r/#/c/73109/1/.gitreview
[22:58:57] <mutante>	 just the right project name in it
[22:59:21] <kaldari>	 yep. looks identical
[22:59:52] <kaldari>	 https://gerrit.wikimedia.org/r/#/c/41380/1/.gitreview
[23:00:38] <mutante>	 hm,, looks good indeed
[23:00:46] <mutante>	 then i'd have to ask Hashar
[23:01:17] <kaldari>	 thanks, I'll bug hashar :)
[23:43:23] <Reedy>	 kaldari: integration/jenkins-job-builder-config
[23:45:05] * Reedy  checks out said reopo

[23:50:15] <Reedy>	 https://gerrit.wikimedia.org/r/73126 for anyone following along