Page MenuHomePhabricator

Dsharpe (Dsharpe)
UserAdministrator

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Jan 14 2019, 7:34 PM (93 w, 1 d)
Roles
Administrator
Availability
Available
LDAP User
Dsharpe
MediaWiki User
DSharpe (WMF) [ Global Accounts ]

Recent Activity

Sun, Oct 11

Dsharpe updated the task description for T265147: Offboard Chase Pettet from Security Team.
Sun, Oct 11, 3:47 AM · Operations, Security-Team
Dsharpe closed T265175: Remove Chase Pettet from security@ alias in Google, a subtask of T265147: Offboard Chase Pettet from Security Team, as Resolved.
Sun, Oct 11, 3:46 AM · Operations, Security-Team
Dsharpe closed T265175: Remove Chase Pettet from security@ alias in Google as Resolved.

I am able to make this change as an owner of that group in Google. Done.

Sun, Oct 11, 3:46 AM · Security-Team

Mon, Sep 28

Dsharpe closed T263791: Security Issue Access Request for Clarakosi as Resolved.

Thank you! The requested access has been configured for you.

Mon, Sep 28, 2:59 PM · Security-Team, Security
Dsharpe added a member for acl*security_developer: Clarakosi.
Mon, Sep 28, 2:58 PM
Dsharpe claimed T263791: Security Issue Access Request for Clarakosi.
Mon, Sep 28, 4:01 AM · Security-Team, Security
Dsharpe added a comment to T263791: Security Issue Access Request for Clarakosi.

Hi @Clarakosi ! There are two things that our process for granting this type of access calls for that don't appear to be set yet on you Phabricator account.

Mon, Sep 28, 4:01 AM · Security-Team, Security

Sep 22 2020

Dsharpe closed T262871: Requesting access to #wikimedia-security for razzi as Resolved.
Sep 22 2020, 10:31 PM · Security-Team

Sep 21 2020

Dsharpe added a comment to T262871: Requesting access to #wikimedia-security for razzi.

Hi @razzi ! Welcome aboard! Can you access #wikimedia-security now?

Sep 21 2020, 7:36 AM · Security-Team
Dsharpe claimed T262871: Requesting access to #wikimedia-security for razzi.
Sep 21 2020, 4:49 AM · Security-Team

Sep 18 2020

Dsharpe added a comment to T262871: Requesting access to #wikimedia-security for razzi.

Welcome aboard @razzi ! Would you mind going through the IRC nickname/cloak instructions at https://office.wikimedia.org/wiki/ITS/IRC#Register_your_nickname please? That provides a little more protection around your account.

Sep 18 2020, 5:18 AM · Security-Team

Sep 14 2020

Dsharpe closed T262307: Security Issue Access Request for dpifke as Resolved.

Access granted.

Sep 14 2020, 8:06 AM · Security-Team, Security
Dsharpe added a member for acl*security_developer: dpifke.
Sep 14 2020, 8:04 AM

Sep 13 2020

Dsharpe added a comment to T261765: Requesting access to #wikimedia-security for sobanski.

I just now invited you again. Please try again.

Sep 13 2020, 8:42 PM · Security-Team

Sep 11 2020

Dsharpe added a comment to T261765: Requesting access to #wikimedia-security for sobanski.

Hi @LSobanski I invited you to #wikimedia-security . Can you successfully access that channel now?

Sep 11 2020, 4:44 PM · Security-Team

Sep 4 2020

Dsharpe closed T262042: Security Issue Access Request for LSobanski as Resolved.

Done.

Sep 4 2020, 7:56 PM · Security-Team, Security

Sep 3 2020

Dsharpe added a comment to T261765: Requesting access to #wikimedia-security for sobanski.

@LSobanski I'll check every couple days to see when the cloak change goes into effect, but if you see it first, please update here. Thank you!

Sep 3 2020, 6:44 PM · Security-Team

Sep 2 2020

Dsharpe added a comment to T261765: Requesting access to #wikimedia-security for sobanski.

Welcome aboard @LSobanski ! Would you mind first going through the IRC nickname/cloak instructions at https://office.wikimedia.org/wiki/ITS/IRC#Register_your_nickname please? That provides a little more protection around your account.

Sep 2 2020, 4:17 AM · Security-Team

Jul 27 2020

Dsharpe closed T258830: Security Issue Access Request for nnikkhoui as Resolved.

Done.

Jul 27 2020, 2:37 PM · Security-Team, Security
Dsharpe triaged T258830: Security Issue Access Request for nnikkhoui as Medium priority.
Jul 27 2020, 2:36 PM · Security-Team, Security
Dsharpe moved T258830: Security Issue Access Request for nnikkhoui from In Progress to Our Part Is Done on the Security-Team board.
Jul 27 2020, 2:36 PM · Security-Team, Security
Dsharpe added a member for acl*security_developer: nnikkhoui.
Jul 27 2020, 2:35 PM
Dsharpe claimed T258830: Security Issue Access Request for nnikkhoui.
Jul 27 2020, 5:14 AM · Security-Team, Security
Dsharpe moved T258830: Security Issue Access Request for nnikkhoui from Incoming to In Progress on the Security-Team board.
Jul 27 2020, 5:11 AM · Security-Team, Security
Dsharpe added a comment to T258830: Security Issue Access Request for nnikkhoui.

Hello @AMooney ! Would you mind approving this request for @nnikkhoui please? We have to record that approval per https://office.wikimedia.org/wiki/Security/Procedures/Granting_Access_to_Security_Content_in_Phabricator here. Just reply "approved" here via a comment if that is the case. Thank you!!

Jul 27 2020, 5:10 AM · Security-Team, Security

Jul 10 2020

Quiddity awarded Blog Post: Addressing bug from 2019: information about private, security-related Phab tickets a Love token.
Jul 10 2020, 7:19 PM
Dsharpe closed T256451: Security Issue Access Request for Kormat as Resolved.

Done.

Jul 10 2020, 3:56 PM · User-Kormat, Security-Team, Security
Dsharpe triaged T256451: Security Issue Access Request for Kormat as Medium priority.
Jul 10 2020, 3:56 PM · User-Kormat, Security-Team, Security
Dsharpe moved T256451: Security Issue Access Request for Kormat from In Progress to Our Part Is Done on the Security-Team board.
Jul 10 2020, 3:55 PM · User-Kormat, Security-Team, Security
Dsharpe added a member for acl*security_sre: Kormat.
Jul 10 2020, 3:54 PM

Jul 6 2020

sbassett awarded Blog Post: Addressing bug from 2019: information about private, security-related Phab tickets a Like token.
Jul 6 2020, 7:42 PM
Dsharpe removed a member for acl*security_volunteer: Deskana.
Jul 6 2020, 5:31 PM
Dsharpe created Blog Post: Addressing bug from 2019: information about private, security-related Phab tickets.
Jul 6 2020, 5:04 PM
Dsharpe closed T256659: Security Issue Access Request for @dancy, a subtask of T256074: Onboard Ahmon Dancy - Software Engineer in RelEng, as Resolved.
Jul 6 2020, 3:29 AM · Release-Engineering-Team-TODO (2020-07-01 to 2020-09-30 (Q1)), Release-Engineering-Team (Onboarding), User-brennen
Dsharpe closed T256659: Security Issue Access Request for @dancy as Resolved.

The requested access has been granted.

Jul 6 2020, 3:29 AM · Security-Team, Security
Dsharpe added a member for acl*security_releng: dancy.
Jul 6 2020, 3:27 AM

Jul 3 2020

Dsharpe added a comment to T257066: Extension:Score / Lilypond is disabled on all wikis.

An issue is being diagnosed involving this extension, and it will likely remain down until at least Monday, 6 July 2020. We took the functionality down out of an abundance of caution after being made aware of a potential problem. More to come...

Jul 3 2020, 8:01 PM · User-notice, Patch-For-Review, Security-Team, Security, Wikimedia-General-or-Unknown, MediaWiki-extensions-Score, Operations

Jul 1 2020

Dsharpe claimed T256451: Security Issue Access Request for Kormat.
Jul 1 2020, 3:09 AM · User-Kormat, Security-Team, Security

Jun 29 2020

Dsharpe moved T256451: Security Issue Access Request for Kormat from Incoming to In Progress on the Security-Team board.
Jun 29 2020, 6:04 AM · User-Kormat, Security-Team, Security
Dsharpe updated subscribers of T256451: Security Issue Access Request for Kormat.

Hello @mark ! At your convenience, would you mind approving this request for @Kormat to be able to see security content in Phabricator please? I need to have that recorded here per https://office.wikimedia.org/wiki/Security/Procedures/Granting_Access_to_Security_Content_in_Phabricator.

Jun 29 2020, 6:02 AM · User-Kormat, Security-Team, Security

Jun 26 2020

Dsharpe closed T252789: Security Issue Access Request for (AMooney) as Resolved.

Done.

Jun 26 2020, 6:54 PM · Security-Team, Security
Dsharpe moved T252789: Security Issue Access Request for (AMooney) from Incoming to Our Part Is Done on the Security-Team board.
Jun 26 2020, 6:53 PM · Security-Team, Security
Dsharpe added a member for acl*security_developer: AMooney.
Jun 26 2020, 6:50 PM

Jun 22 2020

Dsharpe closed T255707: Security Issue Access Request for Jrogers-WMF as Resolved.

@Jrogers-WMF Please let me know if you have any problems. Thank you!

Jun 22 2020, 2:53 PM · Security-Team, Security
Dsharpe added a member for acl*security_legal: Jrogers-WMF.
Jun 22 2020, 2:51 PM

Jun 17 2020

Dsharpe moved T255370: Document best practices for user login if user is using 2FA from Incoming to Watching on the Security-Team board.
Jun 17 2020, 4:21 PM · MediaWiki-extensions-OATHAuth, Platform Team Initiatives (API Gateway), MediaWiki-Documentation, Documentation, MediaWiki-Authentication-and-authorization, Security-Team, Security
Dsharpe moved T254925: Bot passwords for officewiki from Incoming to In Progress on the Security-Team board.
Jun 17 2020, 4:20 PM · Security-Team, Wikimedia-Site-requests
Dsharpe assigned T254925: Bot passwords for officewiki to Reedy.

Assigning to Sam and moving to in-progress per Sam's advice in Clinic.

Jun 17 2020, 4:19 PM · Security-Team, Wikimedia-Site-requests

Jun 8 2020

Dsharpe removed a project from T254203: Proxied requests can change a header: Security-Team.

Discussed in Security team's Clinic meeting. untagging security-team

Jun 8 2020, 3:09 PM · User-RhinosF1, ContentSecurityPolicy, Security

Jun 1 2020

Dsharpe closed T253145: Security Issue Access Request for BPirkle as Resolved.
Jun 1 2020, 4:08 PM · Security-Team, Security
Dsharpe added a comment to T253145: Security Issue Access Request for BPirkle.

Requested access has been granted. Pinged requestor with the update.

Jun 1 2020, 4:08 PM · Security-Team, Security
Dsharpe triaged T253145: Security Issue Access Request for BPirkle as Medium priority.
Jun 1 2020, 4:06 PM · Security-Team, Security
Dsharpe moved T253145: Security Issue Access Request for BPirkle from Incoming to Our Part Is Done on the Security-Team board.
Jun 1 2020, 4:06 PM · Security-Team, Security
Dsharpe added a member for acl*security_sre: BPirkle.
Jun 1 2020, 4:06 PM

May 28 2020

Dsharpe closed T242682: Write SOP for incoming email workflow for security@ and security-help@ as Resolved.

Since this is purely internal to the team, I'll just track it in Asana alongside other Fusion Center documentation-related To-Dos

May 28 2020, 8:50 PM · PM, Security-Team
Dsharpe closed T242678: Configure security-help@ collab inbox group as Resolved.

I think Chase made all of the desirable edits. I think this is done now.

May 28 2020, 8:43 PM · PM, Security-Team

Apr 13 2020

Dsharpe removed a project from T250049: Drop data from Prefupdate schema that is older than 90 days: Security-Team.

reviewed in Clinic

Apr 13 2020, 3:13 PM · Analytics-Kanban, audits-data-retention, Analytics, Product-Analytics, Privacy Engineering, Privacy, Security

Apr 9 2020

Dsharpe closed T238547: Security issue access for darthmon_wmde as Resolved.

Completed.

Apr 9 2020, 8:34 PM · Security, Security-Team
Dsharpe added a member for acl*security_wmde: darthmon_wmde.
Apr 9 2020, 8:32 PM

Apr 8 2020

Dsharpe closed T249664: Security Issue Access Request for holger.knust as Resolved.

Done.

Apr 8 2020, 2:58 AM · Security-Team, Security
Dsharpe triaged T249664: Security Issue Access Request for holger.knust as Medium priority.
Apr 8 2020, 2:58 AM · Security-Team, Security
Dsharpe moved T249664: Security Issue Access Request for holger.knust from Incoming to Our Part Is Done on the Security-Team board.
Apr 8 2020, 2:58 AM · Security-Team, Security
Dsharpe added a member for acl*security_developer: holger.knust.
Apr 8 2020, 2:57 AM

Apr 7 2020

Dsharpe closed T249516: Add Phabricator user JMeybohm to acl*security, a subtask of T249081: Onboarding Janis Meybohm , as Resolved.
Apr 7 2020, 3:30 PM · Operations
Dsharpe closed T249516: Add Phabricator user JMeybohm to acl*security as Resolved.

Done

Apr 7 2020, 3:30 PM · Security-Team
Dsharpe closed T249517: Add jmeybohm@wikimedia.org to security@ Google group, a subtask of T249081: Onboarding Janis Meybohm , as Resolved.
Apr 7 2020, 3:28 PM · Operations
Dsharpe closed T249517: Add jmeybohm@wikimedia.org to security@ Google group as Resolved.

Done.

Apr 7 2020, 3:28 PM · Security-Team
Dsharpe updated subscribers of T249621: Security Issue Access Request for JMeybohm.
Apr 7 2020, 3:25 PM · Security-Team, Security
Dsharpe closed T249621: Security Issue Access Request for JMeybohm as Resolved.

Done.

Apr 7 2020, 3:08 PM · Security-Team, Security
Dsharpe created T249621: Security Issue Access Request for JMeybohm.
Apr 7 2020, 3:07 PM · Security-Team, Security
Dsharpe closed T249337: Security Issue Access Request for hnowlan as Resolved.

Done. Thank you!

Apr 7 2020, 3:03 PM · Security-Team, Security
Dsharpe added a member for acl*security_sre: JMeybohm.
Apr 7 2020, 3:02 PM
Dsharpe added a member for acl*security_sre: hnowlan.
Apr 7 2020, 3:01 PM

Apr 6 2020

Dsharpe claimed T249337: Security Issue Access Request for hnowlan.
Apr 6 2020, 3:25 PM · Security-Team, Security

Mar 30 2020

Dsharpe removed a project from T244931: Hash edit session ID in EditAttemptStep and VisualEditorFeatureUse whitelisting: Security-Team.
Mar 30 2020, 3:16 PM · Analytics-Radar, Product-Analytics (Kanban), Growth-Team
Dsharpe removed a project from T248546: Beta cluster: rules for permissions requiring confidentiality agreement: Security-Team.
Mar 30 2020, 3:06 PM · Privacy Engineering, Privacy, Beta-Cluster-Infrastructure, WMF-Legal, User-DannyS712, Security
Dsharpe added a project to T248546: Beta cluster: rules for permissions requiring confidentiality agreement: Privacy.

Discussed in 30 March 2020 Security team clinic meeting. Added Privacy tag.

Mar 30 2020, 3:06 PM · Privacy Engineering, Privacy, Beta-Cluster-Infrastructure, WMF-Legal, User-DannyS712, Security

Mar 21 2020

Wizkid49 awarded Blog Post: 14 January 2020 security incident on Phabricator a Like token.
Mar 21 2020, 9:20 PM
Wizkid49 awarded Blog Post: 14 January 2020 security incident on Phabricator a Mountain of Wealth token.
Mar 21 2020, 9:18 PM

Feb 3 2020

Dsharpe added a comment to T242857: ProdPasteBot uses deprecated certificate auth.

Is there any update on this one? I ask because it is blocking "Update WMF run
bots using certificate auth (Phaste Bot and bzimport) to use token auth" action item in incident https://docs.google.com/document/d/1tXV7eKaKPz4Qh5CH0VdVspeCvTef6jafVWkVrQt-lZQ/edit#, which is blocking "Invalidate / rotate credentials stored in phabricator". Is there anything that I can do to help move this one forward? Thank you!

Feb 3 2020, 3:21 PM · Operations

Jan 22 2020

Dsharpe added a comment to T243247: Need to force users to reset their phabricator TOTP auth factor.

Your planned schedule is far better. I just didn't want to rush anyone.

Jan 22 2020, 6:14 PM · Security, Phabricator (2020-01-23), Release-Engineering-Team (Development services), Release-Engineering-Team-TODO (2020-01 to 2020-03 (Q3)), Security-Team
Dsharpe added a comment to T243247: Need to force users to reset their phabricator TOTP auth factor.

I would suggest stepping around/over All Hands, in case anything goes wrong.

Jan 22 2020, 1:56 AM · Security, Phabricator (2020-01-23), Release-Engineering-Team (Development services), Release-Engineering-Team-TODO (2020-01 to 2020-03 (Q3)), Security-Team

Jan 20 2020

Dsharpe added a comment to T243247: Need to force users to reset their phabricator TOTP auth factor.

@MarcoAurelio Yes, you can do it on your own manually. The best way seems to be to first create a third auth factor in Phab, then delete the old one in Phab. If you leave both there, you will have 3FA and have to use both until the old one is removed. And please don't remove anything from your phone's authenticator app until you after are done in Phab.

Jan 20 2020, 10:32 PM · Security, Phabricator (2020-01-23), Release-Engineering-Team (Development services), Release-Engineering-Team-TODO (2020-01 to 2020-03 (Q3)), Security-Team

Jan 16 2020

Dsharpe created Blog Post: 14 January 2020 security incident on Phabricator.
Jan 16 2020, 10:20 PM

Jan 13 2020

Dsharpe added a comment to T242115: [Possible XSS vulnerability] HTML from messages rendered in Message group management - Translatewiki.net.

Triaged in Security team clinic on 13 Jan 2020.

Jan 13 2020, 4:37 PM · MW-1.35-notes (1.35.0-wmf.30; 2020-04-28), MediaWiki Language Extension Bundle, Security, Security-Team, Vuln-XSS, MediaWiki-extensions-Translate
Dsharpe triaged T242115: [Possible XSS vulnerability] HTML from messages rendered in Message group management - Translatewiki.net as Medium priority.
Jan 13 2020, 4:36 PM · MW-1.35-notes (1.35.0-wmf.30; 2020-04-28), MediaWiki Language Extension Bundle, Security, Security-Team, Vuln-XSS, MediaWiki-extensions-Translate

Jan 9 2020

Dsharpe added a comment to T242113: Please grant dsharpe temporary access to mendelevium.eqiad.wmnet.

The investigation is now 100% done. Please remove my (dsharpe) access from server mendelevium.eqiad.wmnet. Thank you so much!!!

Jan 9 2020, 12:49 AM · Security, Operations, SRE-Access-Requests

Jan 8 2020

Dsharpe closed T242236: Problem connecting to database from stat1007.eqiad.wmnet as Resolved.

I am all set now. Thanks!

Jan 8 2020, 5:46 PM · Analytics
Dsharpe created T242244: Kerberos credentials for dsharpe.
Jan 8 2020, 5:22 PM · Analytics
Dsharpe created T242236: Problem connecting to database from stat1007.eqiad.wmnet.
Jan 8 2020, 4:49 PM · Analytics

Jan 7 2020

Dsharpe added a watcher for Security Readiness Reviews: Dsharpe.
Jan 7 2020, 4:59 PM
Dsharpe created T242113: Please grant dsharpe temporary access to mendelevium.eqiad.wmnet.
Jan 7 2020, 2:59 PM · Security, Operations, SRE-Access-Requests
Dsharpe added a comment to T242049: Add security-team@wikimedia.org as recipient of any abuse@ emails.

@Dzahn - Perfect! Thank you!

Jan 7 2020, 2:16 AM · Mail, Operations

Jan 6 2020

Dsharpe renamed T242049: Add security-team@wikimedia.org as recipient of any abuse@ emails from Add security-team@wikimedia.org as recipient any abuse@ emails to Add security-team@wikimedia.org as recipient of any abuse@ emails.
Jan 6 2020, 11:11 PM · Mail, Operations
Dsharpe created T242049: Add security-team@wikimedia.org as recipient of any abuse@ emails.
Jan 6 2020, 11:04 PM · Mail, Operations

Dec 18 2019

Dsharpe added a comment to T241078: Add security-team@wikimedia.org as recipient of abuse@wikimedia.org emails.

I assume abuse@ is managed by SRE, so I was hoping this would magically get routed to the right person. What else do I need to add to move this along? Thank you!

Dec 18 2019, 6:06 PM · Mail, Operations
Dsharpe updated the task description for T241078: Add security-team@wikimedia.org as recipient of abuse@wikimedia.org emails.
Dec 18 2019, 5:49 PM · Mail, Operations
Dsharpe created T241078: Add security-team@wikimedia.org as recipient of abuse@wikimedia.org emails.
Dec 18 2019, 5:45 PM · Mail, Operations

Sep 23 2019

Dsharpe added a comment to T218109: Security Issue Access Request for EvanProdromou.

I added @eprodromou as a member of https://phabricator.wikimedia.org/project/members/30/. Is that all that needed to be done?

Sep 23 2019, 7:53 PM · Security, Security-Team
Dsharpe removed a member for acl*security: mmarble.
Sep 23 2019, 7:44 PM