Visibility into WordCamp.org mail failures

Right now I’m blind to any errors that occur with messages sent from the WordCamp.org web server. This week there was a Core bug that resulted in many (most?) messages being rejected by the receiving MTA, but I didn’t know for several days, until the reports started coming in from users and the Core bug was discovered.

I think two things would help resolve this, but I’m open to whatever suggestions you have.

1) Set the Envelope-FROM to bounce@wordcamp.org instead of bounce@wordpress.org. I’ve already setup the address.
2) Grant read access to mail.* in the logs directory

Thanks!

#wordcamp.org #email #logs

There are no cache instructions…

There are no cache instructions on mp4s on the CDN, could you please add some on?

curl -I https://s.w.org/images/core/4.6/streamlined-updates.mp4
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: video/mp4
Date: Tue, 16 Aug 2016 13:13:27 GMT
Last-Modified: Tue, 16 Aug 2016 12:58:26 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
X-nc: MISS lax 186
Content-Length: 225101

Looks like webm has them:

curl -I https://s.w.org/images/core/4.6/streamlined-updates.webm
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Content-Type: video/webm
Date: Tue, 16 Aug 2016 13:14:11 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Tue, 16 Aug 2016 12:58:26 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
X-nc: HIT lax 186
Content-Length: 449672

For 4.6 we don’t use ogv but 4.3 had one:

curl -I https://s.w.org/images/core/4.3/formatting.ogv
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/octet-stream
Date: Tue, 16 Aug 2016 13:09:55 GMT
Last-Modified: Wed, 29 Jul 2015 16:49:59 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
X-nc: MISS lax 186
Content-Length: 1939540

The content type should probably be video/ogg.

Low prio request: Can we…

Low prio request: Can we prevent direct access to PHP files in the wp-content directory?

I originally noticed this for wp-themes.com. @dd32 suggested to return “a 403 for ^http://wp-themes.com/wp-content/(.+).php$ but the rest of wordpress.org could benefit of the same restriction.

Hello, is it possible to…

Hello, is it possible to svn up the /home/wporg/public_html/ directory on all sandboxes?

There was a change in core to WP_Site which got reverted later. A sandbox which still has the old WP_Site will pollute the cache with a broken object which ends in a site_id = 0 entry in the database and making the site inaccessible.

See https://wordpress.slack.com/archives/core-multisite/p1467394608000460 for background.

Please create a sandbox for…

Please create a sandbox for @gibrown and give him commit to the meta repository. He will be assisting with Elasticsearch in the plugin directory. You can re-use his Automattic SSH key.

New table column for translate.wordpress.org

Hi, for an upcoming update of GlotPress I need a new column user_id_last_modified for the translations table.
Background: https://github.com/GlotPress/GlotPress-WP/issues/293

The query:
ALTER TABLE translate_translations ADD COLUMN user_id_last_modified bigint(20) DEFAULT NULL;
Running this query on my local dump took 9 min 32.67 sec (35207550 rows affected).

@barry: Can you run the query on each server like you did for the index change? Thank you!

There’s a virus message on…

There’s a virus message on the wp-testers mailing list archive.

http://lists.automattic.com/pipermail/wp-testers/2016-June/014659.html

502 Bad Gateway errors

The number of reports for 502 Bad Gateway errors is increasing recently.

My first report for 502 errors was for https://*.wordpress.org/?fetch-custom-header=/plugins/ requests on Jan 7th. This was solved by @barry, “some memory corruption probably caused by a bug in pecl-memcache that we are working on fixing“.

Around April 3rd I got a few reports for translate.wordpress.org but couldn’t confirm them.

On April 13th I reported that the https://*.wordpress.org/?fetch-custom-header=/plugins/ issue happens again. This issue is still there, see #dotorg-warnings.

Since this Monday we’re getting reports for 502 Bad Gateway errors on our make sites. For example  https://make.wordpress.org/polyglots/feed/p2.ajax returns a 502 which prevents adding new comments.

502

But there are also new reports for translate.wordpress.org (when submitting translations) and for localized sites:

Image 2016-06-07 at 9.56.15 am

The 502 errors do not happen on our sandboxes, only in production. Can someone please look into this? Thank you!

Low priority It looks like https security wordpress…

(Low-priority) It looks like https://security.wordpress.org doesn’t act the same as http://security.wordpress.org:

http: (note: p2 automatically https’s the below urls, edit post to see raw)
$ curl -IL https://security.wordpress.org/ | grep Location
Location: https://codex.wordpress.org/FAQ_Security
Location: https://make.wordpress.org/core/handbook/reporting-security-vulnerabilities/
Location: https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/

https:

  • invalid cert (multipattern)
  • redirect to default cpanel URL

The URL is used as a shorthand in some documentation AFAIK, mentioned to me by @netweb who uses HTTPS Everywhere which triggered this.

#1641meta has pointed out that plugins trac wordpress…

#1641meta has pointed out that plugins.trac.wordpress.org is missing ~8400 changesets.

Can we do something to import those missing changesets? As we’re running Trac with explicit synchronization, I think it might just be a case of running trac-admin changeset added for each of the missing revisions.

#plugins-trac, #trac