User Details
- User Since
- Oct 26 2015, 4:00 PM (478 w, 3 d)
- Roles
- Administrator
- Availability
- Available
- IRC Nick
- Urbanecm
- LDAP User
- Urbanecm
- MediaWiki User
- Martin Urbanec [ Global Accounts ]
Mon, Dec 16
Tue, Dec 10
Mon, Dec 9
I don't think this is an (immediate) problem. As far as I understand things, unserialize only poses a problem when it is given an untrusted input (as it can construct objects, and that involves running code). ArticleFeedback reads logging.log_params, which should be (reasonably) trusted.
Sun, Dec 8
Thu, Dec 5
@Daimona Do you have any thoughts on this?
This was discussed during the December Stewards meeting. Stewards agreed on continuing this, We should also add a new global block option that would control whether emails are allowed to be sent (since sending an email from the wiki is the appeal process).
Mon, Dec 2
I just ran into this as well. For some reason, this works for me from Python 3.9, but not Python3.11.
Thu, Nov 28
I'm happy to help with setting this up, if someone grants me the permissions on that channel.
Wed, Nov 27
Thank you for the ping, @KColeman-WMF! Generally, the design seem like a step towards the right direction. I am wondering about a couple of things:
Nov 26 2024
Nov 25 2024
Note that prior to @Frostly 2023 changes, the tag was limited to configuration changes even more explicitly. It read:
Courtesy CC to @Xaosflux, who applied the tag on a feature task earlier today.
As of now, completing this task means submitting the block will always trigger two blocks: one global, one at meta-wiki. With the "also block locally" checkbox, this makes sense, but after this change, not so much. Can we whitelist blocks partially?
Thanks! Seems to work now :).
Nov 24 2024
@Tchanders FTR, this is fairly low priority, but it probably should be done at some point (I recall this being expressly requested during one of the Stewards consultations, but I'm not sure where exactly). That said, this probably doesn't need to block major pilots.
Nov 23 2024
Nov 22 2024
Nov 21 2024
Recreating from personal account.
Nov 20 2024
I'm highly suspicious of the mw.util.isIPv4Address( info.subject ) call in IPInfo. In this case, subject is the account name, not an IP address. Indeed, ~2024-14596 is not an IPv4 address, but it is not an IPv6 address either.
Nov 19 2024
With the introduction of Temporary accounts, this now becomes more important. Having Special:MassGlobalBlock would allow Stewards to easily block Temporary accounts created by a LTA (example).
@ArielGlenn asked me to take a look at the changes here. My understanding is that the backfilling would attempt to determine the IP for the creator via CheckUser, and that would work (per @JJMC89's request) for both self-created accounts and assisted-created accounts. Should this fail (due to a CU bug, for example), then the account would still be created, but using 127.0.0.1 as a placeholder IP.
I think IP Info should not pretend it is able to merge information about different IPs together. I think it would be reasonable to restrict ourselves to a link to Special:IPInfo, which can list all the different IPs and data for it. For some reason, Special:IPInfo contains far less details than IP Contributions itself.
Nov 18 2024
@kostajh I remember we talked about IPoid together. Do you have any thoughts on why it might do this?
At first, I thought this might be because IPoid takes time to ingest all data. However, for this IP in particular, this was first observed on November 15 (3 days ago). According to the quoted IPoid results, the data was last updated at 1731947776 Epoch time, which is Monday, November 18, 2024 4:36:16 PM GMT (aka 3 hours ago). So, updating seems to work, but we are getting different data for some reason. Why?
xref T380221: Allow authorised users to see IP Info for actors if the IP exists in the CheckUser or AbuseFilter tables, or has contributions (and especially T380221#10333285, where i suggest allowing queries for any IP)
xref T380221: Allow authorised users to see IP Info for actors if the IP exists in the CheckUser or AbuseFilter tables, or has contributions, where I suggest widening the restriction (and in T380221#10333285, removing it altogether).
Cross-linking a similar task: T332163: Ensure that IPInfo instrumentation is enabled on Special:DeletedContributions
Personally, I'd be open to removing the restriction for good, and allowing people to query IP Info for any IP (Temporary account), regardless of whether it actually edited. This might seem unnecessary, but IPs often make an action that is rejected prior to saving (by an AbuseFilter, spam filter or the like). When looking at those events, IP Info data can be useful, but cannot be generated natively. This is even more visible in the Temporary accounts world – there is always some reason for a Temporary account creation, and that reason always is "the user attempted to make a write action". Sometimes, that attempt is not successful, but that can be a valid reason to want to see IP Info data. Given this and the other is very similar to each other, I'm not filling a separate task for "allow data to be queried for any actor", but I do see a lot of usecases where that would be helpful.
Hi @Tchanders, I filled this task following feedback given in the checkuser mailing list. Fortunately, I do not see anything in the relevant policy that says IP Info can be only used on users with live edits. Is this something we can consider in the Temporary accounts line of work?
Nov 14 2024
...edit conflicts, sorry about that.
Nov 13 2024
Thanks!
Nov 12 2024
Thanks @SLyngshede-WMF. For the record, the urbanecmtest account looks to be disabled in practice, rather than just according to ldap.toolforge.org. For example,pwdPolicySubentry is currently checked by Wikimedia Cloud on SSH attempts, which means I'm currently not able to SSH in as urbanecmtest. This seems to be done via ssh-key-ldap-lookup.py.
Nov 11 2024
Thanks @SLyngshede-WMF. I tested again. The account in Phabricator seems unblocked, but https://ldap.toolforge.org/user/urbanecmtest continues to say "account disabled". Is it possible there are some issues that prevent the action from propagating down to LDAP?
Thanks @Dreamy_Jazz! Indeed, it does seem to be reproducible only at RecentChanges. I apparently got confused when testing by the buttons disappeared after the reveal, and misattributed the observations. Thanks for catching that!