Daniel Zahn | 21 May 21:56 2015
Picon

sshd config: using newer ciphers and protocols

[x-post from labs-l to make sure all ssh users receive it]

Hi all,

recently we have been making some changes to global sshd config for
enhanced security.

Since there have been questions and user reports about this on IRC,
let me list them all in detail:

a) optimized symmetric cipher list:

https://gerrit.wikimedia.org/r/#/c/185325/

We prefer the better Chacha20-poly1305,AES-CGM ciphers here now where possible.

This has been merged on 04-27 already and the only problem report we
had was from a user of a really outdated putty version and that could
be solved by upgrading.

b) set Message Authentication Code ciphers

https://gerrit.wikimedia.org/r/#/c/185329/   (see commit message for
more details)

We stop using MD5 or SHA1 because they are insecure and use Encrypt-then-MAC.

This has been merged today and we have had 1 report on IRC so far from
a user who got "no matching MAC found" but apparently was able to fix
it by adjusting the client config.
(Continue reading)

Ricordisamoa | 21 May 09:01 2015

First impression with Differential

<review>
<rant>
Arcanist has to be manually cloned from Git and added to $PATH. Really?
"Test Plan" is required.
".arcconfig" should be automatically detected on git clone.
I can't review my own revisions.
"Lint" and "Unit" are shown as completely different processes.
Diffs all over the page clutter the UI.
No powerful plain-text Gerrit-like queries.
I have to click "Edit Revision" to add reviewers.
No -2/-1/+1/+2. WTF?
</rant>
<yay>
Tokens!
Comment preview!
Can paste raw diffs!
</yay>
<summary>
Some nice features aren't worth a change of workflow.
</summary>
</review>
_______________________________________________
Wikitech-l mailing list
Wikitech-l <at> lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Grace Gellerman | 21 May 00:29 2015
Picon

2015-05-20 Scrum of Scrum notes

https://www.mediawiki.org/wiki/Scrum_of_scrums/2015-05-20
_______________________________________________
Wikitech-l mailing list
Wikitech-l <at> lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Ricordisamoa | 20 May 23:57 2015

Publish your source!

219 tools <https://tools.wmflabs.org/hay/directory/> and only 146 with 
source available 
<https://tools.wmflabs.org/hay/directory/#/keyword/source%20available>?
WTF? Publish your f***ing source! ;-)
_______________________________________________
Wikitech-l mailing list
Wikitech-l <at> lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Moritz Schubotz | 20 May 14:56 2015
Picon

Re: math and deployment of node_modules

> Hi all,
>
> I'm happy to see progress on the node service template project and I'm
> proud that mathoid is one of the earliest adopters.
> I have tested the new mathoid version on
> (http://math-preview.wmflabs.org) with a custom puppet role
> https://gerrit.wikimedia.org/r/#/c/211957/ that is still based on my
> custom debian package.
> For me it's not completly what the strategy for the deployment of the
> node_modules is. Is there an example / guide on how to test the new
> node services on vagrant?
> However, once the new version is deployed, we could enable the new png
> images as default and users would not notice much of a difference.
> However, a change like that would need to be monitored carefully. And
> someone other than me would need to be prepared to fix potential
> problems within a short response time.
>
> Best
> Moritz

_______________________________________________
Wikitech-l mailing list
Wikitech-l <at> lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Chris Steipp | 20 May 00:08 2015
Picon

Welcome Darian Patrick

Hi all,

I'd like to introduce Darian Anthony Patrick, our new Application Security
Engineer for the foundation! Darian joins me as a member of the newly
formed Security Team. He comes from Aspect Security, where he provided
code/architecture reviews and pen testing to large national and
international financial institutions. Darian will be working remotely from
Portland, OR. You can find him on irc as dapatrick. Darian will focus on
maintaining and improving the security of MediaWiki and other software at
the WMF.

In his own words,

"I'm super excited to join the organization, and I look forward to working
with you all."

Welcome Darian!
_______________________________________________
Wikitech-l mailing list
Wikitech-l <at> lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Moushira Elamrawy | 19 May 14:34 2015
Picon

Community project ideas

Hello,

This is heads up that Kaldari has kindly started a page for community tech
projects ideas: https://meta.wikimedia.org/wiki/Community_Tech_project_ideas.
Feel free to check and add your wishlist :)

Cheers,
Moushira
_______________________________________________
Wikitech-l mailing list
Wikitech-l <at> lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Greg Grossmeier | 19 May 11:43 2015
Picon

MediaWiki 1.25 - Less than one week to release - PLEASE HELP!

The planned release date for MediaWiki 1.25 is this coming Monday, May
25th[0].

There are still 23 open tasks blocking the release[1] and not all of
them have assignees or clear owners.

PLEASE HELP!

There will be a sprint at the Wikimedia Hackathon in Lyon this coming
weekend, but there's only so much that can be done in 2 days. Your help
is needed.

Greg

[0] https://www.mediawiki.org/wiki/MediaWiki_1.25
[1] https://phabricator.wikimedia.org/tag/mw-1.25-release/

--

-- 
| Greg Grossmeier            GPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca:  <at> greg                A18D 1138 8E47 FAC8 1C7D |

_______________________________________________
Wikitech-l mailing list
Wikitech-l <at> lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Erik Bernhardson | 18 May 21:34 2015
Picon

Per-user search query limiting being deployed to wmf wikis

In a few hours a patch will be going out which limits the number of
concurrent searches a single user will be able to make to 5.  This applies
to logged in and anonymous users.  The failure message is `You have too
many concurrent searches running.  If you are sharing an IP address with
other users you can log in to get your own limits.` for anonymous users, or
just `You have too many concurrent searches running.` for logged in users.
These are the `cirrussearch-too-busy-for-you-anonymous-error` and
`cirrussearch-too-busy-for-you-logged-in-error` i18n messages.

I will be monitoring the logs when this goes out, and intermittently
throughout the week as well. If necessary we will whitelist certain ip
ranges that seem to be shared among large numbers of users.

Erik B.
_______________________________________________
Wikitech-l mailing list
Wikitech-l <at> lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Maximilian Klein | 18 May 18:38 2015
Picon

Tools: Best way to start-up procs after outages.

Hello,

I think that after one of the recent tools-labs outages my tools' process
and webserver was killed, but didn't come alive again after tools-labs was
rebooted. What is the best way to auto-run several commands on tools-labs
when it comes alive?

Make a great day,
Max Klein ‽ http://notconfusing.com/
_______________________________________________
Wikitech-l mailing list
Wikitech-l <at> lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
MZMcBride | 18 May 04:38 2015

Considering changing "pages-articles" XML dumps

Hi.

I just filed <https://phabricator.wikimedia.org/T99483> about
reconsidering the "pages-articles" XML dumps that we currently generate.
I'd be interested in any thoughts or feedback about the current setup and
ways to potentially improve it. I suggested one possible approach:
splitting by page.page_namespace instead.

If someone could forward this to the XML dumps mailing list and any other
mailing lists that seem relevant (wikitext-l?), that would be great.

MZMcBride

_______________________________________________
Wikitech-l mailing list
Wikitech-l <at> lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Gmane