Volunteer software engineer with MediaWiki +2. English Wikipedia interface administrator.
User Details
- User Since
- Feb 7 2021, 12:37 AM (283 w, 2 d)
- Availability
- Available
- IRC Nick
- NovemLinguae
- LDAP User
- Novem Linguae
- MediaWiki User
- Novem Linguae [ Global Accounts ]
Yesterday
Looks like the problem has fixed itself in the 3 years since I filed the ticket :)
Thu, Jul 9
My patch had a couple of quality of life things such as installing PHP Composer, installing Symfony CLI, installing XDebug and configuring it to allow VS Code step debugging, and allowing directory listings. I haven't checked if today's patch has those or not, but those might be good additions to add in a follow up.
Wed, Jul 8
Tue, Jul 7
Re-opening since I think there's a couple more in my screenshot we could add comments to.
Thanks for the patch!
Sun, Jul 5
Fri, Jul 3
I wrote the patch. Someone else test and backport please :)
Thu, Jun 25
Thanks for being flexible to feedback. I love how you're taking people's feedback into account and trying to release compromise versions of icons. I think this is great for community relations. Looking forward to further refinements.
Wed, Jun 24
Page loads in 0.9 seconds for me now. That's without backporting today's patch. Suggests it was fixed by something else.
QA - After the patch merges, will need to wait for train, then will need testing in production to see if the page load time improved below 4 seconds for the page https://en.wikipedia.org/w/index.php?title=Special:SecurePoll/list/821&sort=vote_id&limit=500&asc=&desc=1
Tue, Jun 23
The step to reproduce that we were missing was title = "2026年召集人任命选举". All that replica database, primary database, and cluster stuff was a red herring. Thank you PSI team for solving this!
Mon, Jun 22
Can we please consider improving the tray icon? I can no longer tell that it is a tray. And it's a highly visible icon that is shown on every page to logged in users.
Cross link for those looking for it: I think work on refining these icons moved to the ticket T427868: Icon refinement follow ups.
Changed ended up being intentional. Closing.
Sun, Jun 21
I don't have enough access to do that, but seems like a good idea. Maybe Product Safety and Integrity can add this ticket to one of their sprints? This is a local election held a month ago that still doesn't have its results, so seems kind of urgent to me. cc @Niharika
@ZhaoFJx, question above for you when you get a minute. STran suggests that you try tallying again (making a brand new tally). Have you tried that yet? What happens?
Thu, Jun 18
Also, the Community Tech team no longer exists, so that may not be the correct tag for this.
This was intended to be a task where we plan out those details. None of the acceptance criteria have been met yet (picking a date, marketing it). I would suggest reopening.
Mon, Jun 15
@ZhaoFJx, question above for you when you get a minute.
Sun, Jun 14
Jun 12 2026
Did you use the encryption setting for your election? Any other settings that might be relevant to your election that I might not be reproducing correctly in beta cluster?
Jun 11 2026
If you're thinking about adding strict_types to anything else, I would recommend against it. This ticket caused 6 production errors in SecurePoll. Not sure that's worth whatever benefit strict_types provides.
Jun 10 2026
A bit odd that there have been no edits using the tag. Could be a bug. Maybe ask your favorite interface administrator to make a test edit?
Jun 9 2026
T428584 is fixed now.
Stack trace on beta cluster has now changed to the following. Might need an additional patch.
Just now I went to go reproduce this bug on betawiki, but I am encountering a different error that probably needs to be fixed first: T428584: TypeError when tallying STV elections.
It's a tricky patch to review since it sounds like the bug is not reproducible in localhost. Someone will probably need to confirm the bug in beta cluster, merge the patch, wait for beta cluster to pick it up, then confirm the fix in beta cluster. If the patch doesn't fix the bug, then would probably want to revert it.
Jun 7 2026
Jun 5 2026
Jun 1 2026
I don't see the latest patch on https://www.wikinews.org/. Probably needs to be deployed.
May 31 2026
May 30 2026
May 28 2026
I am able to reproduce using the steps A_smart_kitten mentioned.
A small suggestion on the order of steps in Clement's comment. Perhaps the dump should occur after the wiki is set to read only. Edits -> freeze -> snapshot, instead of snapshot -> edits -> freeze.
We should probably let a WMF team close this one, since it is on the QA column of their kanban board, which is often a signal for their test engineer to manually test the fix.
May 26 2026
What happens if someone doesn't have 2FA after 2FA is turned on? Does the account become de facto disabled for doing everything until it's turned on?
May 24 2026
Looks like the code is fixed but the backport hasn't been deployed yet. Not really allowed to deploy backports on weekends, and it's a holiday in the US on Monday, so Tuesday maybe?
May 23 2026
I'm not sure taking SecurePoll maintenance scripts out of the SecurePoll repo is the best way to organize things. Would need some convincing.
Phab is usually for requesting changes to software. Just to clarify, are there any software changes being asked for here? If not it might make sense to close this, since the decision of whether to subpage a big discussion is usually handled onwiki.
May 21 2026
Reproducible in localhost. Git bisect says https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MultimediaViewer/+/1281824 is the cause. cc @simon04, @Jdforrester-WMF
T426960: Mediaviewer missing left/right arrows and X/Y counter is out of sync is a regression that I just noticed. Maybe caused by this week's train?
May 20 2026
Patch was reverted. Will need a different patch.
May 18 2026
Still happening. Example from today:
May 17 2026
I'm not an expert on tokens. I just know you should never post them. So please be careful. An unexpired token can be used to do things logged in as you.
@Gerges. Please log out and back in to reset your token. It is dangerous to post your token in screenshots since it can be used to impersonate you.
Are you running it on a non privileged account? If you run it on a sysop account or a bot account, that'll give you noratelimit and apihighlimits. Some combination of those user rights should probably turn off throttling.
May 16 2026
Good brainstorming. If you want to edit your original post with instructions on exactly what you want programmed, that'll make this more likely to get worked on. Due to discussion, I find the following things unclear and these need someone to decide on them before this can be easily worked on:
Another issue is that out of the box, the script grovels forever as it keeps hitting the anonymous API throttle.
The URL can be modified to do this: https://en.wikipedia.org/w/index.php?limit=5000&title=Special%3ASecurePoll%2Flist%2F893
OK, so you just want an unpaginated version of the /list page, with checkuser-ish columns included, and formatted in TSV.
What data do you need exactly? There's a link called "Dump" that lets you download anonymized votes. Do you instead need the voter metadata including checkuser ish stuff like IP? What fields does the python scriot need and what does the python script do with the data?
Thanks for taking previous feedback onboard and revising your plan.
May 15 2026
I think we can make this ticket public. The fact that securepoll can detect csrf abnormalities is not a secret and can be found in our public source code. And i don't think there's an exploit here, just a proposal to get rid of a not very helpful scrutineering signal by changing/improving the design.
Small correction to what I said above: arbcom_zh is in group 1, so will auto deploy on Wed 5/20.
Alright, I merged your patch. It will auto deploy to zhwiki on Thursday 5/21. If you need it sooner let us know and we can look into backporting it.
I'm able to reproduce. Might be a regression. Possibly caused by https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SecurePoll/+/1252573. Will take a look at your patch.
May 14 2026
Thanks for working on this and for the quick and thorough replies. I appreciate it.
Someone should probably check the times those accounts became qualified to vote. I wonder if they all fall near or within the couple hour window where the tools were running. For any tool that takes hours to run, and runs on 1000 wikis, tool A might check eligibility at 8AM, and tool B might check eligibility at 10AM, leading to slight differences in the results, without actually being a bug.
Please consider attaching the uploaded file to the ticket.
May 13 2026
Maybe the Corto IRC bot's create command should be split into create public and create private, and if create public is selected, the Phab ticket starts its life off public? create public could also write the Phab ticket link to https://wikitech.wikimedia.org/wiki/Incident_status.
I agree with the sentiments of this ticket. I am a trusted volunteer (I'm in the Phabricator groups acl*security and WMF-NDA), and I can't see much about public or private incidents. It seems like most of this has moved to Google Docs, which is out of sight of most volunteers. Maybe someday I will apply for access to the IRC channel #mediawiki_security, but it would be nice to be able to read more about incidents via Phabricator (private incidents) and via Wikitech (public incidents).