[04:19:47] If there are any phab admins aground, please delete the spam from https://phabricator.wikimedia.org/p/Darlenlgado/. I've already disabled the account. [04:27:44] ugh, really it requires a 2FA code to delete a comment [04:27:48] * bawolff hunts for his phone [04:28:54] Hi there, I need assistance to change a password for a role account on Enwiki [04:29:56] at this time of night on a Friday, probably best filing a Phab task and waiting for Monday [04:30:27] Wow, that's insane, i need a separate 2fa code for every comment i delete on phab [04:30:33] How do people possibly vandal fight? [04:31:05] * Risker sympathizes with bawolff [04:31:51] AntiComposite, I understand; however, it's to deal with the OTRS downtime that starts at 4 a.m. Monday at my end [04:31:52] JJMC89[m]: its deleted now. thankfully he only made 2 comments [04:32:04] bawolff: Thanks [04:32:07] * bawolff would offer to help Risker but i don't have shell access anymore [04:32:41] Thanks, bawolff [04:34:06] I'm just getting a very unexpected screen when following the usual steps, I have the temporary code and when I go to change the password, it says "The supplied credentials cannot be changed, as nothing would use them." That doesn't really make sense, it's a real "user account" that has an edit, and receives dozens of emails daily [04:34:49] That is weird, that sounds almost like its trying to change the local password instead of the CentralAuth password [04:35:14] looks like that's authmanager-change-not-supported [04:35:26] Risker: Which account is this, I could check to see if there is anything in the logs [04:35:28] ? [04:36:17] Ohh, you may be on to something there. It's User:Oversight, and the global account says it's not attached: https://en.wikipedia.org/wiki/Special:CentralAuth/Oversight [04:36:52] well that's odd [04:37:14] I didn't even know we had any non-attached accounts, unless the stewards manually detached them [04:37:33] I suppose they didn't want to have them all attached because each project has their User:Oversight feeding to different email addresses [04:38:01] (except DEWP, of course) [04:39:38] Doesn't look like anyone manually de-merged it [04:41:33] https://gerrit.wikimedia.org/g/mediawiki/core/+/d07cccadb45a3c2a4e9fb3fa1c37846c095a7044/includes/auth/AuthManager.php#867 [04:41:48] that's the only code that throws that error [04:42:01] Only thing i see in the logs is that a password reset was sent, and then there were several logins to the account [04:43:51] yeah, it accepts the temporary password, but then when it asks for the new password, it won't accept and gives me the error message [04:44:11] * Risker never has easy problems with MediaWiki [04:44:50] and we have: $wgAuthManagerAutoConfig['primaryauth'][\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class]['args'][0]['loginOnly'] = true; [04:45:14] in CommonSettings.php, which means that LocalPasswordPrimaryAuthenticationProvider will ignore password change requests [04:45:36] and if the account isn't global, central auth won't do anything [04:45:44] So we get this situation [04:46:40] Easiest solution would probably be to merge the account if that was acceptable to all the different groups that use it [04:46:58] Otherwise, i think you need someone with shell access to manually change the password [04:47:26] is account merging even still enabled? [04:48:03] https://en.wikipedia.org/wiki/Special:MergeAccount suggests yes [04:48:35] Although if the other accounts use different emails and passwords, would they even be merged? I forget how that works [04:51:17] I've just been looking at the other accounts, NLWP was apparently supposed to be changed to User:Oversight~nlwiki during the account merging in 2015, but it doesn't seem to have happened. [04:52:17] same with Simple Wiki (which apparently is "owned" by a user who left 7 years ago) [04:52:53] sounds like we just plain need a better system for contact emails than role accounts [04:53:15] He's probably not around now, but tgr|away would be a good person to ask about this issue as he knows a lot about this area of code base [04:53:29] We have those Contact forms [04:53:33] well, the email address is posted in a lot of places, but that role account is responsible for a good 75% of our edits because everyone knows where to find it [04:54:09] Extension:ContactPage still uses role accounts under the hood, it appears [04:55:46] But it doesn't have to be a well known user account since it isn't shown to the user [04:55:59] And it would probably be an easy change to hardcode an email address instead [04:56:02] this is true [04:58:27] I live a life of irony. Just today I was asked to take on an "editor advisor" role for some technical issues...looks like fate leads me to recognize the value of frontline user feedback. How could I refuse! [04:59:25] Thanks so much for your help, bawolff and AntiComposite, this has been educational. I'll try to catch up with tgr|away over the weekend, or perhaps check in again tomorrow [04:59:32] anyway, if you create a phab task, there's a better chance someone who can do something about it will see it before Monday [04:59:50] Risker: Run away! "Editor advisor" is code for fall-person when everything goes south :P [04:59:51] you've been really very helpful [05:00:31] bawolff: I'll probably never live down the legacy of that checklist... [05:00:53] I think the checklist has done a lot of good [05:01:39] The fact you had to write it though is a symptom of other failures [05:01:45] thanks, I'm glad to hear that from folks who work in your area of expertise. I was so tired of having to say the same thing over and over [05:03:45] but I think there's a very different philosophy amongst tech staff now, it's not "hey, let's just throw this idea together and stick it on the wiki" anymore [05:06:02] It seems like a real effort is being made with the talk page consultation thing [05:06:18] At least from the outside, don't have the inside scoop anymore now that I don't work here [05:07:38] I've been quite impressed with the stuff I've been following (mainly checkuser/IP masking). It's a really hard challenge to meet the needs of such a diverse group of communities [05:08:27] IP masking is a bit of a no-win situation [05:10:00] well, it does address the "OMG, I didn't know my IP would show!!!" issue, and probably addresses the GDPR [05:11:17] The two groups (vandal fighters vs privacy people) basically want contradictory things. At least one group will probably be unhappy with the result [05:11:29] I agree [05:13:06] I still remember being introduced to Eileen, we were at a table full of coders and checkusers, and she said "I've been told that there are technical reasons for not being able to mask IPs"....and all of us looked at each other, and almost in unison said "it is entirely technically possible. It's socially complicated, though" [05:17:53] lol [05:18:37] "Technially easy, socially impossible" should be the mantra of Wikimedia [05:19:38] https://phabricator.wikimedia.org/T261481 - Any sysadmin interested? [05:22:24] CptViraj: Certainly not going to happen on friday night [05:27:04] Ik but just for attention, maybe someone will add to their radar [05:27:43] * Risker is stunned that some people are saying a 20:6 vote isn't sufficient consensus... [05:27:59] Martin isn't going to decide so we need someone else to take a look. [05:29:58] Well I wrote a comment in support of doing it. No more shell access for me, so I don't know how much my weight carries there, but the consensus looks legit to me [05:32:01] That's helpful, Thanks :) [05:34:21] [[Tech]]; 182.0.167.65; [none]; https://meta.wikimedia.org/w/index.php?diff=20445458&oldid=20443404&rcid=16252991 [05:34:58] [[Tech]]; PiRSquared17; Unexplained removal; https://meta.wikimedia.org/w/index.php?diff=20445459&oldid=20445458&rcid=16252995 [05:47:24] bawolff: phab anti-vandal leaves a lot to be desired [05:47:52] lol, to put it mildly [05:48:21] I literally can only delete 1 comment per 30 seconds, because each one requires a unique 2FA code, and I cannot reuse the 2FA code within the 30 second window [05:49:08] Just for my knowledge, Is it possible to restore/undelete a deleted comment? [05:49:45] * bawolff has no idea, let me check [05:49:57] As you can tell, i use my admin rights basically never [05:50:48] There's no obvious button to undelete things, so probably no [05:51:50] Oh [06:08:11] bawolff, can I cut and paste some of what you said about central auth into the phab task? I don't want to presume [06:11:15] Risker: go ahead [06:13:04] thanks. I'll subscribe you and AntiComposite assuming you'll be interested in the end result. [06:14:52] what project should I put in? [06:15:46] mediawiki-extensions-centralauth ? [06:16:57] Probably that and maybe Wikimedia-Site-Requests [06:17:12] Since the ultimate answer is probably going to be, get someone to run a shell script [06:17:55] 22:48:21 I literally can only delete 1 comment per 30 seconds, because each one requires a unique 2FA code, and I cannot reuse the 2FA code within the 30 second window <-- I ran into that a month ago and filed a task for it [06:24:51] ugh, why can't i clone https://gerrit.wikimedia.org/g/mediawiki/services/poolcounter/ [06:25:20] Oh, well https://gerrit.wikimedia.org/r/mediawiki/services/poolcounter/ [06:40:05] yeah the /g/ URLs aren't clonable [06:40:31] The readme lead me astray, but it did say to view the repo not to clone the repo, so i guess that's my fault [18:03:25] [[Tech]]; Ruslik0; /* Trouble with Visual Editor */; https://meta.wikimedia.org/w/index.php?diff=20446868&oldid=20445459&rcid=16255800 [18:04:20] [[Tech]]; Ruslik0; /* Trouble with Visual Editor */; https://meta.wikimedia.org/w/index.php?diff=20446870&oldid=20446868&rcid=16255802 [22:17:55] [[Tech]]; 41.113.33.237; /* Maths */ new section; https://meta.wikimedia.org/w/index.php?diff=20447178&oldid=20446870&rcid=16256375 [22:18:14] [[Tech]]; Tegel; Reverted changes by [[Special:Contributions/41.113.33.237|41.113.33.237]] ([[User talk:41.113.33.237|talk]]) to last version by Ruslik0; https://meta.wikimedia.org/w/index.php?diff=20447179&oldid=20447178&rcid=16256380