Hello,
In order to keep the community informed of threats against Wikimedia
projects and users, the Wikimedia Security team has some information to
share.
Malware installed via pirated contented downloaded from sites such as the
Pirate Bay can cause web browsers compromised by the malware to create a
fake donation banner for Wikipedia users. While the actual malware is not
installed or distributed via Wikipedia, unaware visitors may be confused or
tricked by it's activities.
The malware seeks to trick visitors to Wikipedia by looking like a
legitimate Wikipedia banner asking for donations. Once the user clicks on
the banner, they are then taken to a portal that leads them to transfer
money to a fraudulent bitcoin account that is not controlled by the
Foundation.
The current version of this malware is only infecting Microsoft Windows
users at the time of this notification. To date, the number of people
affected is small. The fraudulent accounts have taken approximately $700
from infected users. However, we strongly encourage all users to use and
update their antivirus software.
Additional details and a screenshot of the fake donation banner on can be
found at Bleepingcomputer.com. [0]
[0]
https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-t…
Thanks,
John Bennett
Horrifying!
Is there anything we can do from our side, e.g. include some Javascript
which can detect and disable the malware banner?
[[mw:Adamw]]
On Thu, Jan 24, 2019 at 10:11 AM Paulo Santos Perneta <
paulosperneta(a)gmail.com> wrote:
> Hi,
>
> I seem to recall some OTRS tickets recently sent warning about it. Should
> they be forward to any address in particular, in case they keep coming in?
>
> Paulo
>
> John Bennett <jbennett(a)wikimedia.org> escreveu no dia quinta, 24/01/2019
> à(s) 14:02:
>
> > Hello,
> >
> > In order to keep the community informed of threats against Wikimedia
> > projects and users, the Wikimedia Security team has some information to
> > share.
> >
> > Malware installed via pirated contented downloaded from sites such as the
> > Pirate Bay can cause web browsers compromised by the malware to create a
> > fake donation banner for Wikipedia users. While the actual malware is not
> > installed or distributed via Wikipedia, unaware visitors may be confused
> or
> > tricked by it's activities.
> >
> > The malware seeks to trick visitors to Wikipedia by looking like a
> > legitimate Wikipedia banner asking for donations. Once the user clicks on
> > the banner, they are then taken to a portal that leads them to transfer
> > money to a fraudulent bitcoin account that is not controlled by the
> > Foundation.
> >
> > The current version of this malware is only infecting Microsoft Windows
> > users at the time of this notification. To date, the number of people
> > affected is small. The fraudulent accounts have taken approximately $700
> > from infected users. However, we strongly encourage all users to use and
> > update their antivirus software.
> >
> >
> > Additional details and a screenshot of the fake donation banner on can be
> > found at Bleepingcomputer.com. [0]
> >
> > [0]
> >
> >
> https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-t…
> >
> > Thanks,
> >
> > John Bennett
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: Wikimedia-l(a)lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l(a)lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
The default autocomplete profile has been changed to include sub phrase
matching. Essentially this means the autocomplete matching can start at
various points within the page title, rather than only at the very start.
This has shown to be particularly useful on sites with long or nested page
titles like mw.org and wikitech.
This is only the default, if you don't enjoy the new behaviour it can be
changed back to the default profile (or other, stricter profiles) from the
Special:Preferences Search tab.
Related ticket: https://phabricator.wikimedia.org/T212788
Erik B.
Hi everyone,
It's been a long time, I'm back to work after a long holiday. I have one
question to ask. I have different usernames for Gerrit account and
Phabricator account . Will that create any trouble while contributing the
code?
Best,
K. Kaushik Reddy.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
It's still Tuesday in my timezone, so here's this week's thread.
Noticed something neat or cool that someone did? Or is someone just
being awesome in general? Say thanks!
* Thanks to Krinkle and Krenair for cleaning up user JavaScript across
Wikimedia wikis.
* Thanks to MusikAnimal for figuring out why signatures are typed
using four tiles (~~~~)[1].
* Thanks to Jjanes for helping to maintain Postgres support in MediaWiki
.
* And thanks to Quiddity for always staying positive. :-)
[1] https://twitter.com/MagnusManske/status/1083507467802365952
- -- Legoktm
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE2MtZ8F27ngU4xIGd8QX4EBsFJpsFAlxIHNkACgkQ8QX4EBsF
JpuDaQ//RLA/RsSGjU4sAKjJXNcE5d2Z+vUJCsHqjAYYC4K7xgdBQwYrIn0fXjUd
spuvRuJ7mi2kefDMEFQDX9r8odONzoyq0yyCaaq1+h6BCSVLcxSq/F1Pxuj7hZrz
lyjrtnVL39k13zGHHDzyVzQIig0ng91G2a5CuGrit8xaE25R1KGMgonWiWshn/B7
JOx2UYB0KHzBjfu388Jk9CgmuNiTVo2w5bfp1W+T0xmGpWoaodTCU3aUrRASjqeQ
A7OqUm6vRHvKrQ65iZuW14S28+OsQzJJWbd9+kjWDvnyf2oLzfgsxnzINvY0dWjC
d8FJcWjDyK3FKGI0FDLxaRiohFJlmajsvYhH9kuD1JuuxztYE/Qws5HkvhBD+FIw
oS0g6D/7avFhAC19ar0eH25VRvav1hr4cr63WXkdUUuaXF4pgEcgIv3ARmm1YF5g
8EsZS4UevBVv8TiNZOKjW1XJgMzFzkXdKuZdTfHWv2sZgdr5Wo4mo8WqEjJJJMcN
2vHUi/gSPz7PI1RGmve4JkFKHq/vThma53U8n5k9tfAKynhfqObo5vL7vXet8hZ/
eoN/58ruo/5Vat/4lxpQSV5ck1XxOXcPPYJUlhqUdOKNmTenqZYGxkk9uxjh3OOB
uiyE7emG89yC4wXqkosSTURCzsbiNqzdTQ1AS9cb3hE9nLlgQfQ=
=msV9
-----END PGP SIGNATURE-----
Hello,
Yesterday we (the Release Engineering team) enabled a Gerrit plugin that
will automatically add reviewers to your changes based on who previously
has committed changes to the file.
For more, please read the blog post at:
https://phabricator.wikimedia.org/phame/post/view/139/gerrit_now_automatica…
NOTE: There are a couple requests from us open upstream to improve the
plugin[0], we'll incorporate those improvements when they are released.
On behalf of the rest of the Release Engineering Team[1],
Greg
[0] https://phabricator.wikimedia.org/T101131#4890023
[1] As well as Paladox, a Wikimedia volunteer with strong ties to
upstream Gerrit.
--
| Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E |
| Release Team Manager A18D 1138 8E47 FAC8 1C7D |
I would like to announce the release of MediaWiki Language Extension
Bundle 2019.01. This bundle is The bundle is compatible with MediaWiki
1.31 and 1.32 or above and requires PHP 5.5.9 or above.
Next MLEB is expected to be released in 3 months. If there are major
changes or important bug fixes, we will do intermediate release.
Please give us your feedback at
[[Talk:MLEB|https://www.mediawiki.org/wiki/Talk:MLEB]].
* Download: https://translatewiki.net/mleb/MediaWikiLanguageExtensionBundle-2019.01.tar…
* sha256sum: 39f2e946e360ac868744dc8e6f62cb5723447415bd11bcbb4911eb0f3674360c
* Signature: https://translatewiki.net/mleb/MediaWikiLanguageExtensionBundle-2019.01.tar…
Quick links:
* Installation instructions are at https://www.mediawiki.org/wiki/MLEB
* Announcements of new releases will be posted to a mailing list:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-i18n
* Report bugs to https://phabricator.wikimedia.org
* Talk with us at #mediawiki-i18n @ freenode
Release notes for each extension are below.
-- Kartik Mistry
== Babel ==
=== Highlights ===
* Maintenance and localization updates only.
== cldr ==
=== Highlights ===
* Maintenance updates only.
== CleanChanges ==
=== Highlights ===
* Maintenance and localization updates only.
== LocalisationUpdate ==
=== Noteworthy changes ===
* Maintenance updates only.
== Translate ==
=== Noteworthy changes ===
* $wgTranslateCC is deprecated now. It should be replaced by
TranslatePostInitGroups hook. (T212836)
* Updated MicrosoftWebService to new API. (T46679)
* Added proofreading to (Language|MessageGroup)Stats. The statistics
table also has updated styling. (T41279)
* Fast proofreading is now possible with CTRL+Enter in the proofreading mode.
* Skipping messages Special:Translate's page mode no longer sometimes
marks the translation proofread. (T206748)
* Translatable subpages are no longer moved when moving parent. This
used to break those pages. Now they must be moved manually. (T114592)
* Message group stats updating was broken in multiple ways. Please
report if you still observe stale statistics. (T134252, T208521)
== UniversalLanguageSelector ==
=== Noteworthy changes ===
* Maintenance updates only.
==== Input Methods ====
* Added Tilde layouts for Hausa, Igbo, and Yoruba.
* Added Ewe layout.
* Fixed Fon tilde input method.
* Added a transliteration layout for the Ho language in the Warang
Citi alphabet.
* Enable the Palochka layout for Ingush.
* Fixed the Blin / Tigre / Tigrinya GeezIM layouts.
* Fixed the Santali Ol Chiki InScript 2 layout.
--
Kartik Mistry | કાર્તિક મિસ્ત્રી
kartikm.wordpress.com
Reminder: Technical Advice IRC meeting **today (Wednesday) 4-5 pm UTC** on
#wikimedia-tech.
Question can be asked in English, Spanish & German.
The Technical Advice IRC Meeting is a weekly support event for volunteer
developers. Every Wednesday, two full-time developers are available to help
you with all your questions about Mediawiki, gadgets, tools and more! This
can be anything from "how to get started" over "who would be the best
contact for X" to specific questions on your project.
If you know already what you would like to discuss or ask, please add your
topic to the next meeting:
https://www.mediawiki.org/wiki/Technical_Advice_IRC_Meeting
Hope to see you there!
Michi (for the Technical Advice IRC Meeting crew)
--
Michael F. Schönitzer
Wikimedia Deutschland e. V. | Tempelhofer Ufer 23-24 | 10963 Berlin
Tel. (030) 219 158 26-0
https://wikimedia.de
Unsere Vision ist eine Welt, in der alle Menschen am Wissens der Menschheit
teilhaben, es nutzen und mehren können. Helfen Sie uns dabei!
https://spenden.wikimedia.de
Wikimedia Deutschland - Gesellschaft zur Förderung Freien Wissens e. V.
Eingetragen im Vereinsregister des Amtsgerichts Berlin-Charlottenburg unter
der Nummer 23855 B. Als gemeinnützig anerkannt durch das Finanzamt für
Körperschaften I Berlin, Steuernummer 27/029/42207.
Hello,
This is the weekly update from the Search Platform team for the week
starting 2019-01-14.
As always, feedback and questions welcome.
== Discussions ==
=== Search ===
* Trey updated TextCat with models for detecting Russian typed on an
English keyboard and vice-versa, and UTF-8 Russian text improperly
encoded as Windows-1251, [0] as a precursor to providing
wrong-keyboard/encoding detection and suggestion. [1]
* Erik and the team did a lot of work on an epic ticket (with several
sub tasks) to explore and figure out next steps in using user click
data to tune Wikidata search parameters [2] and [3]. The team will
ship the newly tuned wbsearchentities profile for en soon with de, fr,
es afterward.
* The team also had lots of discussions and exploration on how to
transform Wikidata autocomplete click logs into a useful dataset. They
are now transformed: Relevance Forge now has a utility for taking in
the Wikidata completion search logs and tuning the parameters of
search based on those logs. [4]
* David fixed a minor regression where search request failures when
offset+limit is out of bounds (cirrussearch-backend-error) [5]
* Mathew discovered that the required metrics have been exposed by the
prometheus exporter but they are displaying and fixed the issue with
help from David and Gehel [6]
* David reconfigured the ElasticSearch crosscluster on production
search servers to have persistent configs [7]
=== WDQS ===
* Stas & Guillaume finished moving categories namespace into a
separate Blazegraph instance [8]
== Did you know? ==
English text, like many others, is written left-to-right (LTR), but
some languages—most notably Arabic, Hebrew, Persian, and Urdu, but
also many others [9]—are written right-to-left (RTL). To handle
different writing directions—especially in mixed LTR and RTL
texts—Unicode classifies characters as having "strong", "weak", or
"neutral" directionality. Strong characters definitely go in a
particular direction, like ABC or אבג. Weak characters have a "vague"
directionality, but can be changed in context, mostly numbers. Neutral
characters pick up their directionality from context, like punctuation
and whitespace characters used across scripts.
Mirrored characters change the way they display based on context. For
example "A>B>C" and "א>ב>ג" both only have the greater than character
(>) in them, but, if you are reading this somewhere that follows the
Unicode bidirectional algorithm, the ones between Latin letters point
to the right and those between Hebrew letters point to the left.
The algorithms are complicated [10], and when they don't work, there
are explicit characters that indicate things like "text should flow
left to right from here". The explicit formatting characters have the
most potential to cause trouble for search because they are usually
invisible, and you can pick one up without realizing it. For example,
when copying an Arabic word from a page in English, or a French word
from a page in Hebrew, the word that is "the other way around" from
the main text might have one of these marks at the beginning or end of
it. Fortunately, we can usually identify them and strip them out.
Finally, there are some scripts that have been written in other
interesting directions. Vertical text includes Chinese, Japanese, and
Korean, [11] and Mongolian. [12]. Hanunó'o [13] and Ogham [14] were
written bottom-to-top! My [Trey's] favorite "direction" is
"boustrophedon," [15] which means "like an ox ploughs" and alternates
left-to-right and right-to-left, and was used particularly in old
manuscripts and inscriptions in may writing systems. Why jump from one
side of the page to the other when you can just curve around where you
are or flip to mirrored letters and keep going?!
[0] https://phabricator.wikimedia.org/T213931
[1] https://phabricator.wikimedia.org/T138958
[2] https://phabricator.wikimedia.org/T193701
[3] https://phabricator.wikimedia.org/T213105
[4] https://phabricator.wikimedia.org/T205111
[5] https://phabricator.wikimedia.org/T213745
[6] https://phabricator.wikimedia.org/T210592
[7] https://phabricator.wikimedia.org/T213150
[8] https://phabricator.wikimedia.org/T213212
[9] https://en.wikipedia.org/wiki/Right-to-left#List_of_RTL_scripts
[10] https://www.w3.org/International/articles/inline-bidi-markup/uba-basics
[11] https://en.wikipedia.org/wiki/Horizontal_and_vertical_writing_in_East_Asian…
[12] https://en.wikipedia.org/wiki/Mongolian_script
[13] https://en.wikipedia.org/wiki/Hanun%C3%B3%27o_alphabet
[14] https://en.wikipedia.org/wiki/Ogham
[15] https://en.wikipedia.org/wiki/Boustrophedon
----
Subscribe to receive on-wiki (or opt-in email) notifications of the
Discovery weekly update.
https://www.mediawiki.org/wiki/Newsletter:Discovery_Weekly
The archive of all past updates can be found on MediaWiki.org:
https://www.mediawiki.org/wiki/Discovery/Status_updates
Interested in getting involved? See tasks marked as "Easy" or
"Volunteer needed" in Phabricator.
[1] https://phabricator.wikimedia.org/maniphest/query/qW51XhCCd8.7/#R
[2] https://phabricator.wikimedia.org/maniphest/query/5KEPuEJh9TPS/#R
Yours,
Chris Koerner (he/him)
Community Relations Specialist
Wikimedia Foundation