[09:24:11] <snitch>	 [[Tech]]; Hugo.arg; /* Restore old edit buttons bar */; https://meta.wikimedia.org/w/index.php?diff=18600844&oldid=18593059&rcid=12752937
[10:19:18] <snitch>	 [[Tech]]; Hugo.arg; /* Restore old edit buttons bar */; https://meta.wikimedia.org/w/index.php?diff=18600937&oldid=18600844&rcid=12753140
[11:27:18] <bawolff>	 Amir1: sorry i havent been looking into the securepoll thing. Ill look into it today
[11:27:47] <Amir1>	 bawolff: thanks! I think it's more of false alarm but still 
[11:27:55] <Amir1>	 a double check would be better
[11:28:07] <bawolff>	 Its definitely false
[11:28:18] <bawolff>	 i actually think i even know why
[11:28:36] <bawolff>	 its because the cli scripts operate in global scope
[11:29:15] <bawolff>	 so the script gets confused about variables with same name all in global scope for different cli scripts
[11:30:00] <bawolff>	 Or at least that was what the last round of problems was
[12:18:48] <bawolff>	 Amir1: So interestingly enough, securepoll passes phan-taint-check locally for me
[12:19:30] <Amir1>	 That's weird :/
[12:20:16] <bawolff>	 But i'm running a different version of phan-taint-check
[12:20:53] <bawolff>	 And there's been issues in the past where things go wonky if files are checked in a different order (particularly one the same class is defined in multiple files)
[12:29:04] <bawolff>	 Hmm, still doesn't trigger even when using same version
[12:44:48] <bawolff>	 Amir1: It gets weirder: https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/SecurePoll/+/473726/
[12:45:18] <Amir1>	 What the
[12:45:49] <Amir1>	 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SecurePoll/+/471556
[12:45:51] <Amir1>	 let me recheck it
[12:46:55] <bawolff>	 Maybe its some sort of intermittent bug
[12:47:16] <bawolff>	 So far with the phan-taint-check project, when bugs do happen they've been really annoying to track down :S
[12:52:10] <Amir1>	 Maybe something got fixed yesterday
[12:52:16] <Amir1>	 I can't see anything though 
[13:19:42] <bawolff>	 Amir1: Well this is mysterious
[13:20:03] <bawolff>	 I still think we should put phan-taint-check as non-voting for that repo until we're sure its reliably fixed
[18:40:02] <dtm>	 hey guys, are the wikis or their CDN or whatever, being really slow at updating cached images lately?  i just cropped and reuploaded an image to a new aspect ratio.  none of the articles use hardcoded aspects but it still displays the new image at the old aspect on some browsers and not others.  and on some articles but not others.  even when i shift-reload.
[18:40:40] <dtm>	 it's been 45 minutes.  usually it's done long before this.  or usually it forcibly updates with a shift-reload.  i'm not complaining, just curious.
[18:44:54] <andre__>	 dtm: which browser? Chrome?
[18:45:02] <bawolff>	 Wrong aspect ratio probably means parser cache of those articles isnt purged
[18:45:46] <bawolff>	 its possible to force parser cache refresh by adding ?action=purge to end of article url
[18:49:57] <bawolff>	 dtm: there are pretty graphs at https://grafana.wikimedia.org/dashboard/db/jobqueue-eventbus?orgId=1 for this stuff
[18:52:53] <bawolff>	 Anyways nothing indicates that htmlCacheUpdate should take that long. Maybe job got lost (happens sometimes)
[19:13:06] <snitch>	 [[Tech]]; Tacsipacsi; /* Restore old edit buttons bar */ unnecessary “Gadget-” prefix; https://meta.wikimedia.org/w/index.php?diff=18603177&oldid=18600937&rcid=12756205
[19:45:10] <dtm>	 haha okay, shift-reload finally worked
[19:45:38] <dtm>	 bawolff: sometimes a job gets lost and then found?
[19:46:14] <dtm>	 shift-reload worked on the photo of the guy in the blue shirt at https://en.wikipedia.org/wiki/Yars%27_Revenge#Development  but not at wikidata
[19:46:23] <dtm>	 https://www.wikidata.org/wiki/Q377167
[19:46:29] <bawolff>	 Well sometimes things can be delayed randomly
[19:46:45] <bawolff>	 if a lot of pages need to be updated at once
[19:47:11] <dtm>	 and not on lots of others
[19:47:40] <bawolff>	 (Thats mostly a fancy way of me saying i dont know)
[19:48:28] <dtm>	 btw on my iphone, it was always correct on Chrome (which i haven't even launched in more than a year or two) but not on Safari (which i always use, but haven't loaded this article in a year)
[19:48:33] <dtm>	 today
[19:48:38] <dtm>	 on the same article
[19:48:51] <dtm>	 so that's weird too.  same article, same device, different apps.
[19:49:14] <dtm>	 but shift-reload on desktop chrome should absolutely invalidate the local cache, right?
[19:50:03] <dtm>	 what exactly is being cached?  none of these articles' wikicode specifies any images dimensions.  no pixels or  aspect.  it updated the new image but kept only the old aspect ratio.
[19:50:18] <dtm>	 the wikicode only says "thumb"
[19:52:26] <dtm>	 so i dont know how there's anything to cache.  even the resulting html code has no dimensions.
[19:52:30] <dtm>	 <meta property="og:image" content="https://upload.wikimedia.org/wikipedia/commons/a/a9/Classic_Game_Postmortem-_Yars%27_Revenge_-_Howard_Scott_Warshaw_-_Thursday%2C_March_5%2C_2015_GDC_%2816543702927%29.jpg"/>
[19:53:33] <dtm>	 just curious.  :3
[20:04:48] <bawolff>	 dtm: the width and height html attribute gets saved in parser cache
[20:05:09] <bawolff>	 i think to prevent page reflow when waiting for images to load
[20:05:45] <dtm>	 hm.  
[20:06:14] <dtm>	 bawolff: in what parser cache?  in chrome?  or in the server?  i guess in the server, because shift-reload wasn't working.
[20:06:28] <bawolff>	 ParserCache is on server
[20:06:44] <bawolff>	 Shift-reload wont affect it
[20:07:00] <bawolff>	 adding ?action=purge to url will clear it
[20:07:53] <bawolff>	 There are a lot of layers of caching
[20:08:31] <bawolff>	 the main ones are - browser cache, varnish cache (mostly logged out users only) and mediawiki parser cache
[20:09:11] <bawolff>	 browser cache is rarely an issue. Usually it is checked for validity on every load
[20:12:02] <dtm>	 i seeeeee.  interesting.
[20:16:05] <dtm>	 also, wow yes lots of pretty graphs.
[20:16:20] <dtm>	 it doesn't look particularly spiked :3
[20:16:35] <dtm>	 but i wouldn't know what's normal
[20:16:50] <dtm>	 1100 jobs per second?  notbad.jpeg
[21:02:08] <Ainali>	 I have 2FA activated and am logged in on svwiki. But when I go to Wikidata, I am not logged in, and I get "Verification failed" when entering the code from Authenticator. I relized my scratch codes are in a country I will not visit shortly. What to do?
[21:08:48] <Krenair>	 hm you should probably be logged in on wikidata if you're logged in on wikipedia? but that may depend on third-party cookies?
[21:08:57] <Krenair>	 your 2FA should work on both wikis so that's weird
[21:09:07] <Krenair>	 Ainali, can you open a private browsing session and try logged into svwiki there with 2FA?
[21:09:12] <Krenair>	 try logging*
[21:10:44] <Ainali>	 Krenair: I tried deactivating it in the settings on svwiki, which requires a code, which also failed
[21:11:24] <Ainali>	 I also tried logging in on mediawiki.org (which I am also not logged in to) and it failed as well
[21:13:27] <Ainali>	 And now I tried a private browsing session as well, it failed
[21:13:39] <Krenair>	 right
[21:13:52] <Krenair>	 and this 2FA device worked before?
[21:14:11] <Ainali>	 Yes, it is the only one I have, it have worked for years
[21:14:19] <Krenair>	 is the device a phone by any chance?
[21:14:23] <Ainali>	 yes
[21:14:36] <Krenair>	 is the clock accurate?
[21:14:47] <Ainali>	 no, it is two minutes off
[21:14:58] <Krenair>	 .... well try fixing that :p
[21:16:35] <Ainali>	 :)
[21:16:43] <Ainali>	 That worked, thanks!
[21:17:00] <Krenair>	 np
[21:17:26] <Krenair>	 it uses TOTP to having a broken clock will cause it to generate the wrong codes
[21:19:17] <Ainali>	 I just noticed the other day my clock was off. I thought it was set to sync automatically, but somehow that had got switched off and time had been adjusted. Now I set it it to sync again and: voilá
[21:19:35] <Krenair>	 cool
[21:20:07] <Krenair>	 this has got me wondering how my yubikey generates its 2FA codes
[21:20:45] <Krenair>	 maybe it just uses the clock from whatever device I'm connecting it to (my laptop or my phone)
[21:33:44] <bawolff>	 Krenair: i think cheaper yubikeys were known for having clock drift issues
[21:34:45] <bawolff>	 U2F is soo much cooler than TOTP. I wish we supported that :)
[21:37:34] <Krenair>	 bawolff, yeah there's a task and I sort of started working on it recently
[21:37:49] <Krenair>	 except it's webauthn but still
[21:37:57] <Krenair>	 ran into some problems and haven't had much time with all my uni stuff
[21:38:43] <bawolff>	 I think half the problem is one needs to implement all the logic about having multiple second factor types
[21:38:59] <Krenair>	 well sure but I was focusing on the basics
[21:39:18] <Krenair>	 just getting a setup/login process working
[21:39:51] <dtm>	 i didn't know or i forgot, that wikipedia supports 2FA.  i also haven't set up whatever identity feature we have.
[21:40:04] <dtm>	 dont we have some real-life identity feature in case of accuont and identity theft?
[21:40:20] <dtm>	 in response, whereas 2FA is proactive
[21:40:32] <bawolff>	 Some people put a hash on their user page containing personal data
[21:40:33] <Krenair>	 2FA is available for people with advanced rights
[21:40:47] <dtm>	 and you know what's crazy, is people mistrust facebook so much they wont input their mobile phone number for 2FA
[21:41:05] <Krenair>	 mobile phone number for 2FA?
[21:41:13] <dtm>	 Krenair: what advanced rights?  i am pretty sure i have them all for sub-admin level
[21:41:20] <bawolff>	 we're scared as to how we will handle everyone locking themselves out, so we havent let everyone do it
[21:41:39] <dtm>	 yeah every password login for yahoo.com, facebook.com, apple.com etc can be accompanied by an SMS text
[21:41:54] <dtm>	 bawolff: oh 2FA is a slow rollout?
[21:41:58] <dtm>	 well hook a brother up
[21:42:04] <dtm>	 passwords are b.s.
[21:42:11] <Krenair>	 I have a PGP key signed by a good chunk of WMF people
[21:42:19] <dtm>	 dude i want a usb fingerprint reader.  i have Touch ID on my iphone.
[21:42:44] <dtm>	 i have never used PGP in practical application but i think i made a key that went nowhere, years ago
[21:42:46] <bawolff>	 dtm: if you are not an admin/whatever the group is, you can ask a steward to add you to the 2fa test group
[21:42:48] <dtm>	 decades ago
[21:42:59] <dtm>	 bawolff: okay let's do that.  can an admin do that?
[21:43:14] <bawolff>	 Krenair: you should sign my key next time i see you!
[21:43:31] <dtm>	 it's like signing a cast
[21:43:40] <dtm>	 i just asked an admin
[21:43:48] <bawolff>	 dtm: its a global group so it needs steward i think
[21:44:17] <bawolff>	 dtm: i think i enjoy the nerdy ceremony of pgp more than anything else
[21:44:28] <dtm>	 :-o  lawl
[21:44:34] <Krenair>	 bawolff, will you be in stockholm in august?
[21:44:39] <dtm>	 well i dont live in silicon valley anymore sadly
[21:44:53] <bawolff>	 ive had like a total of 5 encrypted emails in 3 years
[21:44:58] <dtm>	 or else i would parade my PGP around
[21:45:01] <bawolff>	 Krenair: i plan to be
[21:45:04] <Krenair>	 cool
[21:45:08] <Krenair>	 am hoping to be too
[21:45:23] <dtm>	 wow five encrypted emails?  are you a spy or what?
[21:46:37] <Krenair>	 wat
[21:46:41] <bawolff>	 1 was from wmf legal when there was some big political push to use pgp for political reasons
[21:46:58] <bawolff>	 i think they have totally given up on it
[21:48:02] <bawolff>	 3 were from an external vendor who sent me encrypted status reports that i immediately decrypted and forwarded to the rest of the team i work on because more than just me needed to read it
[21:48:20] <bawolff>	 i think there was one other from legoktm because he likes pgp
[21:48:27] <Platonides>	 I can send you an encrypted email if you want to :P
[21:48:46] <Krenair>	 I sent one once containing a shared twitter password
[21:49:00] <Krenair>	 oh also I use it to sign .deb packages
[21:49:37] <legoktm>	 I dooo
[21:50:12] <dtm>	 :-o
[21:50:45] <Platonides>	 I have used PGP emails for real things that should be treated securely
[21:50:55] <Platonides>	 also for some trivial things, too :D
[21:51:15] <Platonides>	 the main issue is the lack of MUA support
[21:51:30] <Platonides>	 when you have a good one, it just works
[21:51:50] <Platonides>	 but then, it turns out your recipient is using Microsoft Outlook...
[21:53:30] <bawolff>	 Nobody i ever have to send sensitive personal data to actually supports pgp
[21:53:55] <bawolff>	 e.g. like when i had to give WMF my bank info. If there ever was a time to use pgp
[21:55:16] <Platonides>	 I recently sent a couple of CV encrypted with PGP
[22:30:22] <rtodox>	 Добрый вечер. Подскажите, как снять блокировку Информация о блокировке  Заблокирован 2A01:798:0:0:0:0:0:0/29 администратором QBA-bot в 14:24, 3 ноября 2017. Блокировка закончится 14:24, 3 ноября 2022 (по часовому поясу UTC).   технический номер блокировки — #9633618.
[22:32:22] <Krenair>	 rtodox, hi, do you speak english?
[22:32:34] <andre__>	 rtodox: Taky dobre vecer. Feel free to ask that on the wiki that you are referring to.
[22:32:36] <rtodox>	 yes
[22:32:37] <tgr>	 < bawolff> 1 was from wmf legal when there was some big political push to use pgp for political reasons
[22:32:44] <tgr>	 when was that?
[22:33:23] <bawolff>	 Like around daemon
[22:33:24] <rtodox>	 <Krenair> yes, I speak.
[22:33:29] * tgr is wondering whether he can get someone interested in his Echo notification PGP encoder extension
[22:33:34] <Krenair>	 I was going to say basically what andre__ said :)
[22:33:38] <Krenair>	 best ask the local wiki
[22:34:20] <Krenair>	 https://ru.wikipedia.org/wiki/%D0%A1%D0%BB%D1%83%D0%B6%D0%B5%D0%B1%D0%BD%D0%B0%D1%8F:%D0%A1%D0%BF%D0%B8%D1%81%D0%BE%D0%BA_%D0%B1%D0%BB%D0%BE%D0%BA%D0%B8%D1%80%D0%BE%D0%B2%D0%BE%D0%BA?wpTarget=2A01%3A798%3A0%3A0%3A0%3A0%3A0%3A0%2F29&limit=50&wpFormIdentifier=blocklist
[22:34:22] <bawolff>	 *damon
[22:34:28] <Krenair>	 {{BlockedHosting}}
[22:34:54] <bawolff>	 Krenair: see also the WMF identity key on the key servers
[22:35:07] <Krenair>	 hm?
[22:35:12] <Krenair>	 there's a shared WMF key bawolff?
[22:35:13] <rtodox>	 hm.. But I want to ask administration to unblock my IP. I dont know what happens... 
[22:35:42] <bawolff>	 Krenair: not shared, csteipp is the only one with access
[22:35:46] <Krenair>	 right
[22:35:56] <bawolff>	 but it signed a bunch of other foljs keys
[22:36:03] <bawolff>	 mostly in legal
[22:36:12] <Krenair>	 oh yeah I vaguely remember something about this
[22:36:37] <Krenair>	 rtodox, yes, you'll need to ask the local administration about it
[22:36:37] <andre__>	 rtodox: That administration is on ru.wikipedia.org and likely not in #wikimedia-tech here...
[22:36:53] <Krenair>	 rtodox, it seems one of their bots blocked it as a hosting provider?
[22:37:04] <Krenair>	 rtodox, I don't know how willing they'll be to unblock it but you'll have to ask them
[22:37:26] <tgr>	 try #wikipedia-ru maybe?
[22:37:47] <jeblad>	 "If you want some specific EventLogging data to make it into Druid, ask the analytics team for help." <- this is pretty descriptive for all the docs about statistics at Wikimedia…
[22:37:57] <bawolff>	 Krenair: https://phabricator.wikimedia.org/T109083
[22:38:05] * jeblad is frustrated over the docs
[22:38:31] <andre__>	 https://wikitech.wikimedia.org/wiki/Analytics/Systems/EventLogging welcomes your edits.
[22:38:32] <Krenair>	 jeblad, do you have access to Druid?
[22:38:33] <bawolff>	 jebald: your first mistake was reading the docs :P
[22:38:35] <rtodox>	 Krenair, I using the biggest provider in Norway and it does mint that all Norway is blocked to do something in Wiki!  
[22:38:41] <jeblad>	 Outdated, incomplete, and some places outright wrong.
[22:38:50] <bawolff>	 nothing good ever comes from rtfm at wikimedia
[22:39:21] <Krenair>	 except sometimes improved docs bawolff :)
[22:39:25] <bawolff>	 :P
[22:39:42] <Krenair>	 rtodox, well generally people should be editing from residential IPs rather than hosting providers
[22:40:03] <andre__>	 jeblad: just like a... wiki page? :)
[22:40:18] <tgr>	 jeblad: try #wikimedia-analytics?
[22:40:33] <jeblad>	 Following links to dead services… Endpoints that are there, but obviously does not use the claimed data as those became stale in 2016…
[22:40:36] <tgr>	 or the analytics/refinery repo, I think Druid jobs live there
[22:40:54] <jeblad>	 It is … difficult … :(
[22:41:03] <Krenair>	 rtodox, bots may be running from web hosts but that usually requires some amount of community approval that'd likely take care of any IP blocks - alternatively they may run from wikimedia's network which admins would have to be pretty crazy to block
[22:41:21] <tgr>	 which services are those?
[22:41:37] <jeblad>	 yeah yeah, I'll go to #wikimedia-analytics
[22:42:30] <Krenair>	 :/
[22:45:28] <jeblad>	 The comment from rtodox about ISPs in Norway; an admin at nowiki has the idea that blocking ISPs complete IP range is a good idea. I've told him several times to stop doing that. I guess he has done it again.
[22:46:53] <jeblad>	 I'm sort of agreeing with him on some of the very active vandals, but it is extremely unproductive to block major telecom providers.
[22:49:36] <Krenair>	 yeah
[22:49:44] <Krenair>	 though he was after an ruwiki block so
[22:49:45] <Krenair>	 idk
[22:50:45] <jeblad>	 I only see one comment about it, so only commenting about blocks in Norway
[22:51:44] <jeblad>	 Usually this admin blocks the network belonging to Tele2. It is the second larges telecom provider
[22:52:25] <Krenair>	 IIRC there is supposed to be a restriction on the sizes of networks admins are able to block
[22:52:48] <Krenair>	 wgBlockCIDRLimit
[22:53:19] <Krenair>	 up to /16 by default on IPv4, /19 on IPv6
[22:55:24] <jeblad>	 "complete range" should be "complete assigned blocks"
[22:55:34] <Krenair>	 hm?
[22:58:31] <Krenair>	 I don't understand jeblad :)
[23:24:12] <jeblad>	 Sorry, was away. My statement above. Tele2 has inherited a few assigned blocks from another telecom provider, and it is those the admin blocks.
[23:24:31] <Krenair>	 right sorry
[23:24:51] <Krenair>	 you were referring to address block assignments from RIPE
[23:25:02] <jeblad>	 In Norway the telecom providers use aggressive reassignments of IP addresses, so you get new addresses all the time.
[23:25:09] <Krenair>	 rather than wiki IP blocks
[23:25:11] <jeblad>	 Yes
[23:25:58] <jeblad>	 Yeah, the admin look up the assigned IP range and block the whole range
[23:26:11] <jeblad>	 Just to stop a single vandal
[23:26:20] <Krenair>	 how big a range are we talking?
[23:27:42] <jeblad>	 As I recall there are 12 (?) IP ranges assigned at RIPE for the old Netcom provider that is now part of Tele2
[23:28:27] <jeblad>	 I don't rememer their sizes, but I wonder if they are 16 bit or slightly larger.
[23:29:41] <Krenair>	 so the largest an admin can block in one go then
[23:29:52] <jeblad>	 Yes.
[23:30:36] <jeblad>	 Not sure how Tele2 can use so small IP ranges, they have a million or more customers.
[23:31:48] <jeblad>	 If you are a Tele2 customer and shakes your phone to heavilly you get an new IP address! =)
[23:32:16] <Krenair>	 heh