Page MenuHomeMiraheze

Max20091
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Feb 16 2018, 15:33 (302 w, 5 d)
Availability
Available
GitHub User
Unknown
Miraheze User
Max20091 [ Global Accounts ]

Recent Activity

Aug 21 2023

Max20091 added a comment to T11132: Video transcode broken.

T11139: Using Extension:Video, the height of the embedded mp4 player is incorrect
I mean it have incorrect resolution due to some sort of broken transcoding.
The bug affects EmbedVideo extension.

image.png (1×1 px, 115 KB)

Aug 21 2023, 00:03 · Extensions, MediaWiki (SRE)

Aug 9 2023

Max20091 created T11132: Video transcode broken.
Aug 9 2023, 01:58 · Extensions, MediaWiki (SRE)

Jul 18 2023

Max20091 created T11067: Requesting Extension:CategoryTests.
Jul 18 2023, 19:12 · Extensions

Jun 8 2023

Max20091 awarded T10935: [ACCESS REQUEST] New access for OrangeStar a Like token.
Jun 8 2023, 14:13 · Site Reliability Engineering

Feb 15 2023

Max20091 created T10505: Add Extension:WebP.
Feb 15 2023, 16:57 · BrandonWM , Extensions, MediaWiki (SRE)

Jan 22 2023

Max20091 added a comment to T10334: Citizen theme navigation button broken for logged in admins of the wiki after MW1.39 update.

I tried these things but didn't work:

  • Cleared browser cache
  • Purged pages
  • Edited sidebar
Jan 22 2023, 06:41 · Universal Omega, MediaWiki (SRE), MediaWiki
Max20091 created T10334: Citizen theme navigation button broken for logged in admins of the wiki after MW1.39 update.
Jan 22 2023, 06:37 · Universal Omega, MediaWiki (SRE), MediaWiki
Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

I've been taking a deeper look into the fingerprinter, just running it through a beautifier revealed part of what all the suspicious numbers are about.

Apart from all the already-know information, the script indeed performs canvas fingerprinting, attempts to detect browsers lying about user-agents (this can be the case if you installed an extension that allows setting custom user agent headers), retrieves the number of logical processors (aka: cores), performs audio fingerprinting (more about that here), attempts to retrieve the amount of memory, checks the available fonts, checks if indexedDB is available(? I don't know yet if it just checks if it exists or it's looking for something more, probably just checks if it exists), and much, much more. Pretty cool, huh?

I also found this:

throw new Error("'new Fingerprint()' is deprecated, see https://github.com/fingerprintjs/fingerprintjs#upgrade-guide-from-182-to-200")

So now we also know what fingerprint script they're running.

It is also pretty cool how the guys behind fingerprintjs (who also operate fingerprint.com) call this BS a "security measure". Rule nº1 of security: do not trust any third-party-provided values. They should know they are bullshitting and the only real use for this is tracking people.

More likely for fraud detection.
https://fingerprint.com/resources/frequently-asked-questions-faqs/

image.png (278×750 px, 53 KB)

image.png (154×750 px, 28 KB)

But again, as it is never reveal PII (personally identifiable information) in the first place, it does not require consent and is GDPR compliant

Jan 22 2023, 05:05 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

"Other sites got approved despite fingerprinting people" - which ones are those?

youtube.com
twitter.com
spotify.com
bing.com
google.com

Jan 22 2023, 05:00 · MediaWiki (SRE), CSP Review, Trust & Safety

Jan 21 2023

Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.
Jan 21 2023, 15:01 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

(a) we are able to confirm that there is strict GDPR compliance OR equivalent compliance

From reputable law comparision between Chinese PIPL and EU GDPR: https://iapp.org/news/a/analyzing-chinas-pipl-and-how-it-compares-to-the-eus-gdpr/
Likely equivalent compliance or stronger but with few edits here and there to fit 1.4 billion people.

Jan 21 2023, 14:29 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

That fingerprinting to build advertising profiles makes me think they do, so don't be so fast to say that they comply with the GDPR.

Chinese advertising profiles are very different than the "global" version one. I did test many years now and didn't see any non-Chinese ads on their Chinese platform.
They even block watching movies when not being Chinese users so it doesn't really make senses to them build advertising profiles for non-Chinese users.
And unless you can prove they did used your data for advertising purposes, GDPR can't help you to know if they ever sell your data to others. Chinese PIPL on the other hand requires company to prove themselves innocent so you can just sue them on the online court and they will spit out everything they do about your data.

Apparently Bilibili has 2 domains, bilibili.com, which is the Chinese version, and the worldwide bilibili.tv, according to Wikipedia. There seems to be an English version of the policy at https://web.archive.org/web/20230113020923/https://www.bilibili.com/blackboard/protocal/international_en_privacy.html, last updated September 29, 2021.

Interpreting it is not my work, but I just want to say 1 thing: In the fifth point of the 2nd section, "Who do we share your personal information with?", the third parties serving these targeted ads go unnamed, it says they exist, but doesn't say who they are. Article 13 of the GDPR requires disclosing to the data subject "the recipients or categories of recipients of the personal data, if any;".

The bilibili.tv website doesn't specifically target its services at individuals in the EU so it is not subject to the rules of the GDPR. Only bilibili.com which I'm request CSP here is subjected to the rules of GDPR.
This article 3 of gdpr.eu explains when GDPR applies to non-EU sites
And unlikely someone in MH would provide services using bilibili.tv anyway.

I can't for some reason. I've taken a look at the source: there's trivial inline scripts, open-source libraries like jQuery and an minified script with copyright Microsoft Corporation, Apache 2.0 license, without accompanying source code (it has a sourceMappingUrl comment, but it points nowhere). A quick look reveals that the script uses XMLHttpRequest, so it could very well pull in additional scripts, like the fingerprint script.

The last time you tested was some sort of "game event" website rather than watching videos so they might just collect WebGL data for fixing bug purposes.
The only one you can embed using bilibili.com website is their video player so that's why I'm request CSP for only that site.

Jan 21 2023, 05:40 · MediaWiki (SRE), CSP Review, Trust & Safety

Jan 20 2023

Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

Be aware that this is not Google or something that is highly invasive in the west, Chinese companies like Bilibili mostly don't share data with third parties so it does comply with GDPR easily.
You can read about their statement in "我们如何共享、转让、公开披露您的个人信息".

Jan 20 2023, 18:09 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

I tried navigating their Chinese website without NoScript and uBlock Origin. They're running a fingerprint script, I've attached a heavily redacted version of the report they're sending to their server. Redacted information includes WebGL fingerprint results, GPU driver name, screen and browser window resolutions, an UUID, part of the User-Agent header (this one though they already get without needing fingerprinting) and many suspicious-looking numbers. It is known that anonymized data ends up not being as anonymized as initially thought most of the time. Whether or not this gets approved is ultimately not my decision, but just on the fact that they're running a fingerprint script + no mention of the GDPR, if I were the one to decide this, I would decline this instantly.

Jan 20 2023, 16:15 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

Kinda unsurprising, given that this is a Chinese company. While the EU intended for the GDPR to apply worldwide to any company processing data of EU citizens, it would surprise me a lot if Chinese companies cared about what it said. Don't expect any straight answer from them.

Jan 20 2023, 12:19 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 awarded T10310: Add Extension:RemoveRedlinks a Like token.
Jan 20 2023, 08:17 · Universal Omega, Extensions, MediaWiki (SRE)
Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

Title: 关于隐私政策的询问 (Inquiries about the Privacy Policy)
Content: 你好,我可以问一下这个电子邮件是否有效吗? (Hello, may I ask if this email is valid?)

Jan 20 2023, 08:16 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

Hello, seems like security@bilibili.com isn't used anymore, contact through their customer support at help@bilibili.com is much faster.

Jan 20 2023, 06:59 · MediaWiki (SRE), CSP Review, Trust & Safety

Jan 11 2023

Max20091 reopened T10271: Revert to original domain houkai2nd.miraheze.org as "Open".
Jan 11 2023, 07:26 · MediaWiki (SRE), SSL
Max20091 added a comment to T10271: Revert to original domain houkai2nd.miraheze.org.

Reopen as the houkai2nd.miraheze.org still point to houkai2.cyou

Jan 11 2023, 07:26 · MediaWiki (SRE), SSL

Jan 10 2023

Max20091 triaged T10271: Revert to original domain houkai2nd.miraheze.org as Normal priority.
Jan 10 2023, 08:04 · MediaWiki (SRE), SSL

Jan 1 2023

Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

Updated CSP request to target specifically Chinese Bilibili, does not apply to global version of Bilibili.
The Chinese site is also not store oversea data as in their Privacy Policy.

Jan 1 2023, 08:08 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 updated the task description for T9953: player.bilibili.com (and sites related to it) CSP whitelist.
Jan 1 2023, 08:00 · MediaWiki (SRE), CSP Review, Trust & Safety

Dec 28 2022

Max20091 triaged T10198: Request rerun sitemap generator as Normal priority.
Dec 28 2022, 02:26 · Universal Omega, MediaWiki (SRE), MediaWiki

Nov 12 2022

Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

This real-time chat is only accessible if you have a verified Chinese account (if you don't verify then all data are anonymized) and if you specifically request data that require high security access (ie personal information), the chat bot will instead switch to a real person to handle the issue.

Nov 12 2022, 08:00 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 added a comment to T9953: player.bilibili.com (and sites related to it) CSP whitelist.

Testing pulling my own user data using direct CS chat.

image.png (914×807 px, 68 KB)

image.png (922×814 px, 64 KB)

Nov 12 2022, 07:39 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 triaged T9953: player.bilibili.com (and sites related to it) CSP whitelist as Normal priority.
Nov 12 2022, 07:10 · MediaWiki (SRE), CSP Review, Trust & Safety
Max20091 updated the task description for T9252: bilibili.com CSP whitelist.
Nov 12 2022, 07:06 · Trust & Safety, CSP Review, MediaWiki (SRE)
Max20091 updated the task description for T9252: bilibili.com CSP whitelist.
Nov 12 2022, 06:59 · Trust & Safety, CSP Review, MediaWiki (SRE)
Max20091 renamed T9252: bilibili.com CSP whitelist from bilibili.com CSP whitelist to player.bilibili.com (and sites related to it) CSP whitelist.
Nov 12 2022, 06:58 · Trust & Safety, CSP Review, MediaWiki (SRE)

Nov 11 2022

Max20091 created T9946: Missing files on https://houkai2.cyou/ after Swift migration.
Nov 11 2022, 03:48 · MediaWiki (SRE), Swift

Oct 2 2022

Max20091 renamed T9784: Request force redirect from houkai2nd.miraheze.org to houkai2.cyou from Force redirect from houkai2nd.miraheze.org to houkai2.cyou to Request force redirect from houkai2nd.miraheze.org to houkai2.cyou.
Oct 2 2022, 04:51 · Universal Omega, SSL, MediaWiki (SRE)
Max20091 created T9784: Request force redirect from houkai2nd.miraheze.org to houkai2.cyou.
Oct 2 2022, 04:46 · Universal Omega, SSL, MediaWiki (SRE)

Aug 27 2022

Max20091 closed T9551: Request adding settings for PageImages extension as Declined.
Aug 27 2022, 22:11 · Universal Omega, Configuration, MediaWiki (SRE)

Aug 16 2022

Max20091 added a comment to T9551: Request adding settings for PageImages extension.

What do you intend to do? What do you want to do exactly?

Aug 16 2022, 10:54 · Universal Omega, Configuration, MediaWiki (SRE)

Aug 15 2022

Max20091 added a comment to T9551: Request adding settings for PageImages extension.

Seems like not working as expected, can you replace the old one with this?

Aug 15 2022, 23:14 · Universal Omega, Configuration, MediaWiki (SRE)

Aug 14 2022

Max20091 added a comment to T9551: Request adding settings for PageImages extension.

http://houkai2.cyou/

Aug 14 2022, 16:23 · Universal Omega, Configuration, MediaWiki (SRE)
Max20091 added a comment to T9551: Request adding settings for PageImages extension.

and then run refreshLinks.php

Aug 14 2022, 06:35 · Universal Omega, Configuration, MediaWiki (SRE)
Max20091 reopened T9551: Request adding settings for PageImages extension as "Open".
Aug 14 2022, 06:24 · Universal Omega, Configuration, MediaWiki (SRE)
Max20091 closed T9551: Request adding settings for PageImages extension as Resolved.

I'm not even sure how to configure this extension unless testing it multiple times to get the expected result.

Aug 14 2022, 06:11 · Universal Omega, Configuration, MediaWiki (SRE)

Jul 30 2022

Max20091 reopened T9403: Cannot log in; get "No active login attempt is in progress for your session" error as "Open".

Sorry for necro this task but seems to happened on custom domain: https://houkai2.cyou/
Tested clearing cache and cookie, used Edge and Chrome.

Jul 30 2022, 15:55 · Configuration, Notice, MediaWiki (SRE)

Jul 29 2022

Max20091 added a comment to T9558: SSL for custom domain: houkai2nd.miraheze.org.

I have pointed the domain to only miraheze but not sure if there's something wrong.
Checked whois and indeed only ns2.miraheze.org and ns1.miraheze.org

Jul 29 2022, 04:53 · MediaWiki (SRE), SSL

Jul 24 2022

Max20091 moved T9558: SSL for custom domain: houkai2nd.miraheze.org from Waiting on response to Backlog on the SSL board.
Jul 24 2022, 06:10 · MediaWiki (SRE), SSL
Max20091 added a comment to T9558: SSL for custom domain: houkai2nd.miraheze.org.

already pointed to Miraheze, not sure if this is correct

image.png (441×695 px, 48 KB)

Jul 24 2022, 01:51 · MediaWiki (SRE), SSL

Jul 21 2022

Max20091 updated the task description for T9558: SSL for custom domain: houkai2nd.miraheze.org.
Jul 21 2022, 07:06 · MediaWiki (SRE), SSL
Max20091 created T9558: SSL for custom domain: houkai2nd.miraheze.org.
Jul 21 2022, 07:06 · MediaWiki (SRE), SSL
Max20091 updated the task description for T9252: bilibili.com CSP whitelist.
Jul 21 2022, 04:38 · Trust & Safety, CSP Review, MediaWiki (SRE)

Jul 19 2022

Max20091 triaged T9551: Request adding settings for PageImages extension as Normal priority.
Jul 19 2022, 09:21 · Universal Omega, Configuration, MediaWiki (SRE)
Max20091 reopened T9252: bilibili.com CSP whitelist as "Open".
In T9252#192883, @Owen wrote:

The concern I have with this website is we've had a number of Terms of Use-related issues, both pre-Trust and Safety and since then, with wikis posting unauthorized personally identifying information, usually involving the BiliBili website in some way. Given the length of time such information was allowed to remain on the BiliBili platform, I'm not terribly confident in the responsiveness of the BiliBili's Data Protection Officer together with BiliBili's legal jurisdiction in which they operate.

Is a concern that has been raised and given our previous experiences with it, unless evidence can be shown that this has drastically improved, I will side with Doug on this and not agree to approve.

Jul 19 2022, 05:04 · Trust & Safety, CSP Review, MediaWiki (SRE)

Jul 3 2022

Max20091 closed T9419: Special:UnusedFiles listed used files as unused as Resolved.

@Agent_Isai seems to work now.

Jul 3 2022, 19:30 · MediaWiki (SRE), MediaWiki

Jun 22 2022

Max20091 added a comment to T9437: File name with "?" symbol causing "Error generating thumbnail".

Are there anyway to handle that automatically with mediawiki?
The wikitext I used was

[[File:Who killed Cock Robin? 5 Stars.png|200px]]
Jun 22 2022, 08:11 · MediaWiki (SRE), MediaWiki
Max20091 triaged T9437: File name with "?" symbol causing "Error generating thumbnail" as Normal priority.
Jun 22 2022, 08:02 · MediaWiki (SRE), MediaWiki
Max20091 added a comment to T9419: Special:UnusedFiles listed used files as unused.

I checked around and noticed that pages that never got edited after imported (or after updated MW) seems to have this kind of issue.
Edit: Alright, I can fix the issue myself since there are very few pages needs to be fixed.

Jun 22 2022, 07:44 · MediaWiki (SRE), MediaWiki
Max20091 added a comment to T9419: Special:UnusedFiles listed used files as unused.

This is UnusedFiles, not WantedFiles.
The file https://houkai2nd.miraheze.org/wiki/File:Infinite_ammo_during_combat.png is used in https://houkai2nd.miraheze.org/wiki/Category:Infinite_ammo but was listed as unused which is kind of weird.

Jun 22 2022, 07:31 · MediaWiki (SRE), MediaWiki
Max20091 reopened T9419: Special:UnusedFiles listed used files as unused as "Open".

Definitely not infobox bug, checked another file that got the same issue
https://houkai2nd.miraheze.org/wiki/File:Infinite_ammo_during_combat.png
https://houkai2nd.miraheze.org/wiki/Category:Infinite_ammo

Jun 22 2022, 05:13 · MediaWiki (SRE), MediaWiki

Jun 19 2022

Max20091 triaged T9419: Special:UnusedFiles listed used files as unused as Normal priority.
Jun 19 2022, 10:16 · MediaWiki (SRE), MediaWiki

Jun 6 2022

Max20091 triaged T9349: $wmgWikiapiaryFooterPageName refuse to save if blank as Normal priority.
Jun 6 2022, 18:03 · MediaWiki (SRE), ManageWiki

May 31 2022

Max20091 closed T9315: CodeEditor refuse to load when VisualEditor is enabled as Invalid.

Seems like the wiki is working normal now

May 31 2022, 23:32 · MediaWiki (SRE), Extensions
Max20091 created T9316: Request disable matomo analytics from houkai2nd.miraheze.org.
May 31 2022, 10:38 · Configuration, MediaWiki (SRE)
Max20091 updated the task description for T9315: CodeEditor refuse to load when VisualEditor is enabled.
May 31 2022, 10:26 · MediaWiki (SRE), Extensions
Max20091 triaged T9315: CodeEditor refuse to load when VisualEditor is enabled as Normal priority.
May 31 2022, 10:24 · MediaWiki (SRE), Extensions
Max20091 created T9313: Request Citizen skin upgrade.
May 31 2022, 05:40 · MediaWiki (SRE), MediaWiki

May 26 2022

Max20091 added a comment to T9252: bilibili.com CSP whitelist.

! In T9252#187988, @Dmehus wrote:
Given the length of time such information was allowed to remain on the BiliBili platform, I'm not terribly confident in the responsiveness of the BiliBili's Data Protection Officer together with BiliBili's legal jurisdiction in which they operate.

Not sure when did you see those stuffs but recently, the Chinese's GDPR equivalent was launched and most of companies in CN are already comply the law.
And yes, the law doesn't have timescale required to process data but if the issue is big enough, the company's reputation will get ruined pretty fast (aka recorded in CN's Social Credit System and you may know how horrible it was).
It is also much faster to remove those by requesting to the gov in case of having serious issues (they do have pages to specifically handle these stuffs).

! In T9252#187988, @Dmehus wrote:
What's the specific need here, and, given my concern above, is there not a video sharing site the videos could be posted to and we could whitelist that? For example, YouTube, or, failing that, a site like Google Drive (if that is already whitelisted), the The Internet Archive, or similar.

There are stuffs that can't be posted outside of the requested page (both personal issues and since most videos on that site mostly have owner's signature embedded), attempting to post the video to other sites is basically breaking the ToS on both sides.
My best bet is to only whitelist player.bilibili.com (aka only video player) in case of security or privacy concerns.

May 26 2022, 10:49 · Trust & Safety, CSP Review, MediaWiki (SRE)

May 25 2022

Max20091 added a comment to T9252: bilibili.com CSP whitelist.
  • About GDPR, it mostly goes through the 2 third-parties and you can opt-out right on the appsflyer website. For the Firebase, it's probably for people who use Google account on the English platform to sign-in.
  • About privacy reputation from the above article (for the Chinese platform, not English one), it's the article is kinda wrong anyway as you can register account without entering any private information. The only thing that require verify private information is when uploading and commenting which is required by the Chinese government. And technically you can't verify account to upload as a foreign user unless explicit consent by sending an email, the automated verify system only accept Chinese info.
May 25 2022, 03:09 · Trust & Safety, CSP Review, MediaWiki (SRE)

May 24 2022

Max20091 triaged T9266: Portable Infobox extension horizontal layout bug with image inside as Normal priority.
May 24 2022, 11:12 · Upstream, Extensions, MediaWiki (SRE)

May 23 2022

Max20091 added a comment to T9238: Import request for: houkai2nd.miraheze.org.


(Full?) XML dump
Not sure if this file missing some history parts but I guess not.

May 23 2022, 15:45 · MediaWiki (SRE), MediaWiki

May 20 2022

Max20091 updated the task description for T9252: bilibili.com CSP whitelist.
May 20 2022, 09:08 · Trust & Safety, CSP Review, MediaWiki (SRE)
Max20091 updated the task description for T9252: bilibili.com CSP whitelist.
May 20 2022, 08:49 · Trust & Safety, CSP Review, MediaWiki (SRE)
Max20091 triaged T9252: bilibili.com CSP whitelist as Normal priority.
May 20 2022, 08:49 · Trust & Safety, CSP Review, MediaWiki (SRE)

May 17 2022

Max20091 renamed T9238: Import request for: houkai2nd.miraheze.org from Import request for: [subdomain].miraheze.org to Import request for: houkai2nd.miraheze.org.
May 17 2022, 14:32 · MediaWiki (SRE), MediaWiki
Max20091 created T9238: Import request for: houkai2nd.miraheze.org.
May 17 2022, 14:32 · MediaWiki (SRE), MediaWiki