|
2026-03-05 05:04:49
|
<snitch>
|
[[Tech]]; Z s zahid hossain; /* Wikimedia project I'm like this but my emotional moving Wikimedia pattern but I am humility advise instruction and also my take care another permanent regular set */ new section; https://meta.wikimedia.org/w/index.php?diff=30165585&oldid=30156412&rcid=38575800
|
|
2026-03-05 05:20:50
|
<snitch>
|
[[Tech]]; Z s zahid hossain; /* what is the meaning (UTC) */ new section; https://meta.wikimedia.org/w/index.php?diff=30165595&oldid=30165585&rcid=38575848
|
|
2026-03-05 12:12:08
|
<snitch>
|
[[Tech]]; NguoiDungKhongDinhDanh; Nonsense; https://meta.wikimedia.org/w/index.php?diff=30166605&oldid=30165739&rcid=38578090
|
|
2026-03-05 12:49:02
|
<Nemo_bis>
|
It now takes perhaps 5 attempts to load a page like https://en.wikipedia.org/wiki/Road_signs_in_Finland as most thumbnails return HTTP 429
|
|
2026-03-05 12:50:35
|
<Nemo_bis>
|
And that with defaults for <gallery>, loading 40px and 120px thumbs which should be fine https://www.mediawiki.org/wiki/Common_thumbnail_sizes
|
|
2026-03-05 12:50:56
|
<MatmaRex>
|
Nemo_bis: it's being tweaked now, see the latest at https://phabricator.wikimedia.org/T418323
|
|
2026-03-05 12:57:03
|
<Nemo_bis>
|
Thanks MatmaRex, how wonderful timing of you to post a chart 20 min before I even thought of asking ;) https://phabricator.wikimedia.org/T418323#11677267
|
|
2026-03-05 15:24:32
|
<snitch>
|
[[Tech]]; Lydia Pintscher (WMDE); Закрываем проект; https://meta.wikimedia.org/w/index.php?diff=30172466&oldid=30166605&rcid=38590804
|
|
2026-03-05 16:31:52
|
<Pumbpsi>
|
"Wikis in read only mode". Does anyone know the reason?
|
|
2026-03-05 16:32:10
|
<zuzak>
|
Pumbpsi: https://phabricator.wikimedia.org/T419143 https://wikimedia.statuspage.io/incidents/z7qjmqtrh8yq
|
|
2026-03-05 16:33:02
|
<Pumbpsi>
|
zuzak Thank you
|
|
2026-03-05 17:00:51
|
<Pumbpsi>
|
Is the outage related to those edits? https://meta.wikimedia.org/wiki/Special:RecentChanges
|
|
2026-03-05 17:01:48
|
<bawolff>
|
Pumbpsi: sort of, those are edits doing cleanup neccessary in order to fix the outage
|
|
2026-03-05 17:45:24
|
<snitch>
|
[[Tech]]; XXBlackburnXx; restore rev 30166605 (2026-03-05T12:12:06Z) by NguoiDungKhongDinhDanh; https://meta.wikimedia.org/w/index.php?diff=30179242&oldid=30172466&rcid=38605335
|
|
2026-03-05 19:57:02
|
<JJMC89>
|
!issync
|
|
2026-03-05 19:57:03
|
<ircservserv-wm>
|
Syncing #wikimedia-tech (requested by JJMC89)
|
|
2026-03-05 19:57:04
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech jbond +Aiotv
|
|
2026-03-05 19:57:06
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech claime +Aiotv
|
|
2026-03-05 19:57:08
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech taavi +Aiotv
|
|
2026-03-05 19:57:10
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech rzl +Aiotv
|
|
2026-03-05 19:57:12
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech vgutierrez +Aiotv
|
|
2026-03-05 19:57:14
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech Emperor +Aiotv
|
|
2026-03-05 19:57:16
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech kavitha +Aiotv
|
|
2026-03-05 19:57:18
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech sirenbot +AViotv
|
|
2026-03-05 19:57:20
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech Az1568 -AFRefiorstv
|
|
2026-03-05 19:57:22
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech akosiaris +Aiotv
|
|
2026-03-05 19:57:24
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech topranks +Aiotv
|
|
2026-03-05 19:57:26
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech JJMC89 +Aiotv
|
|
2026-03-05 19:57:28
|
<ircservserv-wm>
|
Set /cs flags #wikimedia-tech jynus +Aiotv
|
|
2026-03-05 19:57:30
|
<ircservserv-wm>
|
Set /mode #wikimedia-tech +b $j:#wikimedia-bans
|
|
2026-03-05 20:40:55
|
<A_smart_kitten>
|
re https://en.wikipedia.org/w/index.php?title=Wikipedia%3AVillage_pump_%28technical%29#c-FaviFake-20260305201400-Nardog-20260305153100, I don't know which staff member made the copied-over post in question (as I don't use the Discord); but just re "We have no reason to believe...that any...breach of personal information [occurred]" --
|
|
2026-03-05 20:41:04
|
<A_smart_kitten>
|
from the Wayback Machine's copy of the ruwiki userscript that (I believe) got loaded from metawiki's Common.js, FWICS, there is at least one <script> tag that gets added that points to a URL starting with `https://ajax.googleapis.com`.
|
|
2026-03-05 20:41:11
|
<A_smart_kitten>
|
i wouldn't say that i'm an expert on this... but given e.g. tasks like T172065 (that specific one being in the context of Toolforge), wouldn't that sort of thing be considered a leak of end-users' IP addresses/User-Agents/etc to third-party sites (and thus a type of personal-information breach)? /genq
|
|
2026-03-05 20:41:12
|
<stashbot>
|
T172065: Hunt for Toolforge tools that load resources from third party sites - https://phabricator.wikimedia.org/T172065
|
|
2026-03-05 20:41:56
|
<A_smart_kitten>
|
cc sbassett ^ (not because I think you're the staff member that made the Discord post in question - I have no idea who that would've been - but in case you know who might be able to answer that)
|
|
2026-03-05 20:45:05
|
<MatmaRex>
|
afaik ericmill has posted on discord
|
|
2026-03-05 21:50:25
|
<A_smart_kitten>
|
ericmill (and/or other WMF security folks): FWIW, I appreciate that my question above might require some internal discussion; but if possible, please could I have an acknowledgement that it's been seen by the relevant folks? TIA :)
|
|
2026-03-05 22:16:10
|
<ericmill>
|
@a_smart_kitten - yes, ajax.googleapis.com did get pinged in user sessions of those users who were affected here. It just is, in our judgment, very low severity (especially considering how likely it is that users would have connected to that site at some point in ordinary internet usage).
|
|
2026-03-05 22:18:30
|
<ericmill>
|
As a related side note, we're about to stabilize on a new enforcing CSP, which will include a bunch of commonly used hosts by user scripts but cuts out an immense amount of noise and shady hostnames. (It also omits ajax.googleapis.com, so that will not be usable going forward.)
|
|
2026-03-05 22:48:16
|
<A_smart_kitten>
|
Thanks for the reply ericmill :) [ FWIW, by my skim-reading of what the userscript edited into MediaWiki:Common.js, it seems like it may have also resulted in requests made to pages on e.g. cyclowiki.org - I just used ajax.googleapis.com as the first example. ]
|