chasemp (Chase)Administrator
security eng

Projects (34)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Sep 16 2014, 11:39 AM (221 w, 3 d)
Roles
Administrator
Availability
Available
IRC Nick
chasemp
LDAP User
Rush
MediaWiki User
CPettet (WMF) [ Global Accounts ]

Current: security person

Past: engineering manager, lead operations engineer, operations engineer

Local changes.
for upgrades

Recent Activity

Today

chasemp added a comment to T209972: Remove auto-fill/suggest of usernames from password reset forms.

Thank you @Tgr

Fri, Dec 14, 2:06 PM · MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Patch-For-Review, Trust-and-Safety, MediaWiki-Authentication-and-authorization, MediaWiki-Special-pages, Security-Team, Security
chasemp added a comment to T211714: #Security access for aezell.

I've included this in the Security-Team weekly meeting for the 18th

Fri, Dec 14, 2:05 PM · Security

Yesterday

chasemp added a comment to T209972: Remove auto-fill/suggest of usernames from password reset forms.

Seems like consensus is that https://gerrit.wikimedia.org/r/c/mediawiki/core/+/478395 is the sanest outcome here. @Tgr anything blocking?

Thu, Dec 13, 10:38 PM · MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Patch-For-Review, Trust-and-Safety, MediaWiki-Authentication-and-authorization, MediaWiki-Special-pages, Security-Team, Security
chasemp added a comment to T210329: CheckUsers have unlogged access to IP addresses via the AbuseFilter API.

@Bawolff can this task be closed now?

Thu, Dec 13, 10:36 PM · MW-1.33-notes (1.33.0-wmf.8; 2018-12-11), Patch-For-Review, Privacy, AbuseFilter, Security
chasemp added a comment to T211714: #Security access for aezell.

Typically, we ask that staff in the Security group associate their Phab account with their Foo (WMF) account onwiki.

Thu, Dec 13, 10:32 PM · Security
chasemp triaged T211714: #Security access for aezell as Normal priority.
Thu, Dec 13, 10:31 PM · Security
chasemp added a watcher for Wikimedia-Logstash: chasemp.
Thu, Dec 13, 9:52 PM
chasemp added a comment to T211822: public floating IPs for labtest?.

Part of my concern is T140369 but another part is the lack of real managed lifecycle/standards for labtest[n] instances.

Thu, Dec 13, 4:10 PM · cloud-services-team (Kanban)

Wed, Dec 12

chasemp added a comment to T211822: public floating IPs for labtest?.

There is a public range but to this point we made it through with using
private IPs as floating IPs which has been a fine test so far. Labtest
instances are not setup in a way that would be OK to expose them on public
IPs to my knowledge.

Wed, Dec 12, 9:27 PM · cloud-services-team (Kanban)

Tue, Dec 11

chasemp created P7906 (An Untitled Masterwork).
Tue, Dec 11, 7:13 PM
chasemp added a comment to T207900: Enable csp-report-only mode everywhere .

Talked about this briefly today in the weekly for Security-Team and @Bawolff will respond

Tue, Dec 11, 4:37 PM · Restricted Project, Operations, Wikimedia-Site-requests, Security-Team

Mon, Dec 10

chasemp added a comment to T101017: Early security release access for Lcawte (ShoutWiki).

small progress https://phabricator.wikimedia.org/T108360#4812282

Mon, Dec 10, 10:40 PM · Security-Team, ShoutWiki, WMF-Legal, WMF-NDA-Requests
chasemp closed T108360: Create "security pre-announce" group in Phab (to easier allow 3rd parties who get pre-release notifications to access Security tasks) as Resolved.

https://phabricator.wikimedia.org/project/view/3764/

Mon, Dec 10, 10:39 PM · Security-team-backlog, MediaWiki-Releasing, Project-Admins, Phabricator
chasemp created acl*release_security_pre_announce.
Mon, Dec 10, 10:39 PM
chasemp added a comment to T209972: Remove auto-fill/suggest of usernames from password reset forms.

If we're looking to abandon https://gerrit.wikimedia.org/r/475798/, my vote would be to instead go with https://gerrit.wikimedia.org/r/478395/, as it does a good job of balancing both security and usability IMO.

Mon, Dec 10, 4:29 PM · MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Patch-For-Review, Trust-and-Safety, MediaWiki-Authentication-and-authorization, MediaWiki-Special-pages, Security-Team, Security

Thu, Dec 6

chasemp added a comment to T207900: Enable csp-report-only mode everywhere .

Good points @Aklapper. I am not sure if this wording is ours or default. I am making a note to discuss with Security-Team. One question, I have done some testing of triggering our CSP policy and I don't see this language surface in the UI. Where are people seeing this?

Thu, Dec 6, 11:31 AM · Restricted Project, Operations, Wikimedia-Site-requests, Security-Team

Mon, Dec 3

chasemp updated subscribers of T210667: Can exfat be used in WMF production?.

I want to acknowledge a few things:

Mon, Dec 3, 5:45 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations

Fri, Nov 30

chasemp added a member for Security: CDanis.
Fri, Nov 30, 7:31 PM
chasemp updated subscribers of T189641: Service for checking the Pwned Passwords database.

Adding @JBennett as I see he raised concern with the ihaveibeenpwned work in related https://phabricator.wikimedia.org/T210192#4786955

Fri, Nov 30, 6:46 PM · Services (watching), User-Tgr, WMF-Legal, Patch-For-Review, Security, MediaWiki-User-login-and-signup, MediaWiki-Authentication-and-authorization, Security-General
chasemp added a comment to T210667: Can exfat be used in WMF production?.

In this case specifically, my thinking was that I had agreement and understanding with another Opsen, a manager in Tech, a director in Tech and a couple more knowledgeable and engaged parties in real time right before (as review of action). I installed the package with a !log so it would be recorded in the right place and a ping to one of the Opsen who works in that specific area.

Totally -- and I didn't mean to imply that this didn't happen!

To clarify, I'm trying to say: a) generally speaking those L3 responsibilities still exist and make sense and we're not saying -implicity or explicitly- that it's OK to bypass them (this isn't what happened here) and b) we should (collectively) strive to document these things in the future, for the benefit of others outside of the private email threads and Hangouts, to avoid the appearance that things have happened outside of those processes and/or without a good reason (when in fact they have been!). Does this make more sense?

Fri, Nov 30, 5:40 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations
chasemp added a comment to T210667: Can exfat be used in WMF production?.

Thanks @faidon for weighing in, I think you got right to the heart of it. Not responding to you necessarily but I'm going to steal the 3 point breakdown as it makes sense to me. I don't feel empowered to relate much of the detail for history here, but I do value this conversation and want to respond.

Fri, Nov 30, 5:25 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations

Thu, Nov 29

chasemp created security_assessment_mobile_2018.
Thu, Nov 29, 6:26 PM
chasemp updated subscribers of T210667: Can exfat be used in WMF production?.

Small bit of background from my perspective, I had discussed this on hangout with a few folks who I will let acknowledge their own level of approval. I used !log and pinged @elukey with the intention of uninstalling post work-at-hand. Nothing here was me intending to take unilateral action or circumvent process. I really am under the impression that Debian main has nothing which would be incompatible with WMF prod infrastructure. I have no particular affection for exfat, and would much prefer to be able to use ext[34] but have been assured that is not a possibility. If there are legal issues here I'm glad @Legoktm flagged it.

Thu, Nov 29, 1:18 AM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations

Wed, Nov 28

chasemp added a project to T210667: Can exfat be used in WMF production?: Security-Team.
Wed, Nov 28, 9:26 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations
chasemp updated subscribers of T210667: Can exfat be used in WMF production?.

@fgiunchedi I need to sync up with you here for other reasons, but if you could take a look at this that would be great

Wed, Nov 28, 9:21 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations
chasemp updated the task description for T210667: Can exfat be used in WMF production?.
Wed, Nov 28, 9:18 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations
chasemp added a project to T210667: Can exfat be used in WMF production?: Analytics.
Wed, Nov 28, 9:14 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations
chasemp renamed T210667: Can exfat be used in WMF production? from Non-free software installed on stat1004 outside of puppet to Can exfat be used in WMF production?.
Wed, Nov 28, 9:14 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations
chasemp lowered the priority of T210667: Can exfat be used in WMF production? from Unbreak Now! to Normal.

I am under the impression anything in Debian main is ok to install in prod, but this is based on adhoc conversations during the Ubuntu->Debian decision making process.

Wed, Nov 28, 9:13 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations
chasemp added a comment to T210614: Deprecate usage of hiera_include() in Labs.

If I'm not mistaken, this mechanism is how all classes are applied across Cloud to all instances?

Wed, Nov 28, 3:08 PM · cloud-services-team (Kanban)
chasemp added a comment to T210595: cloudvps: keystone extra services.

(I think probably those things could not be added meaningfully before keystone was moved to cloudcontrol* and then after it wasn't thought about)

Wed, Nov 28, 2:50 PM · Patch-For-Review, cloud-services-team (Kanban)
chasemp added a comment to T210595: cloudvps: keystone extra services.

Looking at https://phabricator.wikimedia.org/T210595 and https://phabricator.wikimedia.org/T201504, not sure why those things fell through the cracks during keystone merge, I think probably just bad handoff as it's right when I was leaving for vacation (I didn't actually do the keystone merge I think?), but def that's wanted afaik :)

Wed, Nov 28, 2:49 PM · Patch-For-Review, cloud-services-team (Kanban)

Tue, Nov 27

chasemp changed the status of T108360: Create "security pre-announce" group in Phab (to easier allow 3rd parties who get pre-release notifications to access Security tasks) from Stalled to Open.
Tue, Nov 27, 4:54 PM · Security-team-backlog, MediaWiki-Releasing, Project-Admins, Phabricator

Mon, Nov 26

chasemp updated the task description for T210401: www.wikipedia.org says 0+ articles for all languages.
Mon, Nov 26, 5:00 PM · Wikimedia-Portals

Wed, Nov 21

greg awarded T210018: Security Issue Access Request for @jeena a 100 token.
Wed, Nov 21, 8:14 PM · Security-Team, Security
chasemp closed T210018: Security Issue Access Request for @jeena as Resolved.
Wed, Nov 21, 8:11 PM · Security-Team, Security
chasemp closed T210018: Security Issue Access Request for @jeena, a subtask of T209722: Onboarding Jeena Huneidi, as Resolved.
Wed, Nov 21, 8:11 PM · User-greg, Release-Engineering-Team (Kanban)
chasemp added a comment to T210018: Security Issue Access Request for @jeena.

We have a doc page somewhere that says this but I can't find it :D but essentially Foo (WMF) account linked to phab and 2fa please and then this is a slam dunk :)

pretty sure both are done:

Wed, Nov 21, 8:11 PM · Security-Team, Security
chasemp added a member for Security: jeena.
Wed, Nov 21, 8:10 PM
chasemp added a comment to T209972: Remove auto-fill/suggest of usernames from password reset forms.

Ah! That's interesting yeah.

Wed, Nov 21, 7:16 PM · MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Patch-For-Review, Trust-and-Safety, MediaWiki-Authentication-and-authorization, MediaWiki-Special-pages, Security-Team, Security
chasemp added a comment to T209972: Remove auto-fill/suggest of usernames from password reset forms.

@Jdforrester-WMF can you help us understand the reasons for the change itself?

The change happened because James was helping me with a password reset and we were both surprised at the lack of username autocomplete since it does exist on other similar pages, which Anomie pointed out above.

Wed, Nov 21, 7:00 PM · MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Patch-For-Review, Trust-and-Safety, MediaWiki-Authentication-and-authorization, MediaWiki-Special-pages, Security-Team, Security
chasemp added a comment to T210018: Security Issue Access Request for @jeena.

We have a doc page somewhere that says this but I can't find it :D but essentially Foo (WMF) account linked to phab and 2fa please and then this is a slam dunk :)

Wed, Nov 21, 6:32 PM · Security-Team, Security
chasemp closed T209674: Fatal: Cannot block user at wikitech: Table 'labswiki.ipblocks_restrictions' doesn't exist as Resolved.

The best it might do would be to list the wikis for which the maintenance script exited with a non-zero exit code. Not all scripts do, although it looks like sql.php would have here. Anyway, it might be better to file a separate task for that if you want.

Wed, Nov 21, 4:12 PM · Anti-Harassment, MediaWiki-User-management, Wikimedia-production-error, wikitech.wikimedia.org, Security
chasemp added a comment to T209674: Fatal: Cannot block user at wikitech: Table 'labswiki.ipblocks_restrictions' doesn't exist.
Wed, Nov 21, 4:10 PM · Anti-Harassment, MediaWiki-User-management, Wikimedia-production-error, wikitech.wikimedia.org, Security
chasemp added a comment to T209972: Remove auto-fill/suggest of usernames from password reset forms.

@Jdforrester-WMF can you help us understand the reasons for the change itself?

Wed, Nov 21, 4:04 PM · MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Patch-For-Review, Trust-and-Safety, MediaWiki-Authentication-and-authorization, MediaWiki-Special-pages, Security-Team, Security
chasemp added a comment to T209972: Remove auto-fill/suggest of usernames from password reset forms.

A few divergent points have spawned here :)

Wed, Nov 21, 3:56 PM · MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Patch-For-Review, Trust-and-Safety, MediaWiki-Authentication-and-authorization, MediaWiki-Special-pages, Security-Team, Security

Tue, Nov 20

chasemp added a comment to T209887: issues running a ressource-intensive process.

It seems this needs to be scheduled in the grid.

Tue, Nov 20, 7:43 PM · Toolforge

Mon, Nov 19

chasemp placed T199532: Move 6 instances for general-k8s project each to a different physical host up for grabs.
Mon, Nov 19, 5:49 PM · cloud-services-team (Kanban), Cloud-VPS

Fri, Nov 16

chasemp updated subscribers of T209674: Fatal: Cannot block user at wikitech: Table 'labswiki.ipblocks_restrictions' doesn't exist.

@Reedy or @Andrew any idea why labswiki could be left behind here? @Bawolff and I were wondering if it could have had something to do with DC switchover things happening around the same time. Not sure if this should be held open to fix whatever caused this in the first place.

Fri, Nov 16, 3:58 PM · Anti-Harassment, MediaWiki-User-management, Wikimedia-production-error, wikitech.wikimedia.org, Security
chasemp added a project to T209674: Fatal: Cannot block user at wikitech: Table 'labswiki.ipblocks_restrictions' doesn't exist: DBA.
Fri, Nov 16, 2:47 PM · Anti-Harassment, MediaWiki-User-management, Wikimedia-production-error, wikitech.wikimedia.org, Security
chasemp added a comment to T209674: Fatal: Cannot block user at wikitech: Table 'labswiki.ipblocks_restrictions' doesn't exist.

Wikitech experiences periods of significant vandalism, and is a bit of an island with a small pool of patrollers. It wouldn't be unreasonable for this to be UBN.

Fri, Nov 16, 2:14 PM · Anti-Harassment, MediaWiki-User-management, Wikimedia-production-error, wikitech.wikimedia.org, Security

Thu, Nov 15

jijiki awarded T206784: Security Issue Access Request for Effie Mouzeli a Like token.
Thu, Nov 15, 12:36 AM · Security-Team, User-jijiki, Security

Wed, Nov 14

chasemp moved T204016: ArticleCreationWorkflow does not actually enforce enwp's autoconfirmed requirement for page creation in the permission system from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Wed, Nov 14, 8:26 PM · Restricted Project, MW-1.33-notes (1.33.0-wmf.2; 2018-10-30), Patch-For-Review, Security, Community-Tech-Sprint, Community-Tech, MediaWiki-extensions-ArticleCreationWorkflow
chasemp added a comment to T204016: ArticleCreationWorkflow does not actually enforce enwp's autoconfirmed requirement for page creation in the permission system.

@chasemp, I still can't close it.

Wed, Nov 14, 8:26 PM · Restricted Project, MW-1.33-notes (1.33.0-wmf.2; 2018-10-30), Patch-For-Review, Security, Community-Tech-Sprint, Community-Tech, MediaWiki-extensions-ArticleCreationWorkflow
chasemp closed T206784: Security Issue Access Request for Effie Mouzeli as Resolved.

Cheers everyone :) There is some amount of normal weekly review process in place here but as an aside there is a long standing policy of adding SRE members in good standing with 2fa and their linked WMF account so I'm went ahead and did this.

Wed, Nov 14, 3:23 PM · Security-Team, User-jijiki, Security
chasemp added a member for Security: jijiki.
Wed, Nov 14, 3:21 PM

Nov 13 2018

chasemp added a comment to T209031: Not able to scoop comment table in labs for mediawiki reconstruction process.

Makes sense, again sorry for the drive by comment. Let me know if I can be helpful :)

Nov 13 2018, 8:48 PM · Core Platform Team Backlog (Watching / External), Analytics-Kanban, DBA, Data-Services, Analytics
chasemp added a comment to T209031: Not able to scoop comment table in labs for mediawiki reconstruction process.

I don't want to muddy the waters as I have not been involved here :). But
worth noting there is more than the views at play for sanitization. To
mimic the end state of labsdb you would need the equivalent of triggers and
such on sanitarium at least as well.

Nov 13 2018, 8:01 PM · Core Platform Team Backlog (Watching / External), Analytics-Kanban, DBA, Data-Services, Analytics
chasemp reassigned T101017: Early security release access for Lcawte (ShoutWiki) from lcawte to JBennett.

@JBennett I am throwing your way since you'll be the person ...certifying? approving? the workflow here at the end of the WG session(s).

Nov 13 2018, 6:35 PM · Security-Team, ShoutWiki, WMF-Legal, WMF-NDA-Requests
chasemp added a comment to T101017: Early security release access for Lcawte (ShoutWiki).

I think this got shelved from our director's meeting due to more pressing matters and never ended up back on the agenda. Given that I'm the sole director now, I'd sign this if this access is something that's still possible (although I'm guessing the NDA may have been updated since June 2015?)

Nov 13 2018, 6:23 PM · Security-Team, ShoutWiki, WMF-Legal, WMF-NDA-Requests
chasemp added a comment to T204160: Create a security issue task type with additional attributes.

Subscribers are the most borderline - non-security-members who are more familiar with the relevant community inviting people knowing more about an issue is a good thing, OTOH it can result (even with good intentions) in the task being visible to too many people / potentially easily accessible to an attacker who can steal wiki accounts. Not sure about that one.

IIRC this was mainly just for the author, relevant developers, and other people who either need to know about the bug (as they need to fix it) or already knew about it anyway. People shouldn't be adding their friends to security tasks just because like what was suggested at T207323. I don't know the extent to which it makes sense to enforce extra controls on who can subscribe people however. Is there at least a warning notice about this?

Nov 13 2018, 2:49 PM · Release-Engineering-Team (Kanban), Security-Team, User-MModell, Phabricator
chasemp awarded T209361: Phase out Nodepool from production a Love token.
Nov 13 2018, 2:30 PM · cloud-services-team (Kanban), Patch-For-Review, Operations, Nodepool, Release-Engineering-Team (Kanban), Continuous-Integration-Infrastructure (shipyard)

Nov 8 2018

chasemp added a comment to T204160: Create a security issue task type with additional attributes.

@Tgr and @Anomie can you see if modifying those tasks as needed works out now to confirm? Thanks

Nov 8 2018, 5:08 PM · Release-Engineering-Team (Kanban), Security-Team, User-MModell, Phabricator
chasemp added a comment to T204160: Create a security issue task type with additional attributes.

Ok thanks @mmodell, I want to run the use cases / workflow by the rest of acl*security_team, and I'm learning about the form/task stuff on the fly so I appreciate your patience. I'll sync up with you sooner than later.

Nov 8 2018, 5:08 PM · Release-Engineering-Team (Kanban), Security-Team, User-MModell, Phabricator
chasemp added a comment to T204160: Create a security issue task type with additional attributes.

I would have figured the form would have a policy for changing the form itself (fields etc) and then tasks would have a policy for the forms implementation. It sounds like the task can be less permissive than the form (which allows edit for the actual form) but not more?

Nov 8 2018, 4:59 PM · Release-Engineering-Team (Kanban), Security-Team, User-MModell, Phabricator
chasemp reopened T204160: Create a security issue task type with additional attributes as "Open".

I'm reopening to keep the narrative on this subtype complete. We noticed that users who had edit perms on task were not able to modify the task. @mmodell changed some permission on the view I believe? I'm not sure if this has resolved the issue.

Nov 8 2018, 4:33 PM · Release-Engineering-Team (Kanban), Security-Team, User-MModell, Phabricator
chasemp reopened T204160: Create a security issue task type with additional attributes, a subtask of T93499: Add support for task types, as Open.
Nov 8 2018, 4:33 PM · User-MModell, Phabricator
chasemp renamed T204160: Create a security issue task type with additional attributes from Should security tasks be a custom type in maniphest? to Create a security issue task type with additional attributes.
Nov 8 2018, 4:29 PM · Release-Engineering-Team (Kanban), Security-Team, User-MModell, Phabricator

Nov 6 2018

chasemp added a comment to T204016: ArticleCreationWorkflow does not actually enforce enwp's autoconfirmed requirement for page creation in the permission system.

@MaxSem would you mind trying to resolve this now?

Nov 6 2018, 2:55 PM · Restricted Project, MW-1.33-notes (1.33.0-wmf.2; 2018-10-30), Patch-For-Review, Security, Community-Tech-Sprint, Community-Tech, MediaWiki-extensions-ArticleCreationWorkflow

Nov 2 2018

chasemp claimed T204016: ArticleCreationWorkflow does not actually enforce enwp's autoconfirmed requirement for page creation in the permission system.

@chasemp, please either close this or unassign me from it since I can't even do this myself anymore.

Nov 2 2018, 7:10 PM · Restricted Project, MW-1.33-notes (1.33.0-wmf.2; 2018-10-30), Patch-For-Review, Security, Community-Tech-Sprint, Community-Tech, MediaWiki-extensions-ArticleCreationWorkflow
chasemp added a member for Security-Team: chasemp.
Nov 2 2018, 6:35 PM
chasemp raised the priority of T207900: Enable csp-report-only mode everywhere from Normal to High.
Nov 2 2018, 3:43 PM · Restricted Project, Operations, Wikimedia-Site-requests, Security-Team
chasemp added a comment to T207321: Figure out networking details for new cloud-analytics-eqiad Hadoop/Presto cluster.

If row b is down then so is cloud vps so not much point in this hadoop cluster being up :D

Nov 2 2018, 3:02 PM · Analytics-Kanban, netops, Operations, Analytics

Nov 1 2018

chasemp edited Description on Security.
Nov 1 2018, 3:52 PM
chasemp added a member for security_assessment_analytics_2018: Ottomata.
Nov 1 2018, 3:40 PM
chasemp added a member for Security: Ottomata.
Nov 1 2018, 3:38 PM

Oct 31 2018

chasemp lowered the priority of T204016: ArticleCreationWorkflow does not actually enforce enwp's autoconfirmed requirement for page creation in the permission system from Unbreak Now! to High.

with https://phabricator.wikimedia.org/T204016#4693413 lowering this, maybe it can even be resolved?

Oct 31 2018, 7:50 PM · Restricted Project, MW-1.33-notes (1.33.0-wmf.2; 2018-10-30), Patch-For-Review, Security, Community-Tech-Sprint, Community-Tech, MediaWiki-extensions-ArticleCreationWorkflow
chasemp lowered the priority of T151010: Add logging to OATHAuth from Unbreak Now! to High.
Oct 31 2018, 7:49 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Restricted Project, Wikistorm, Patch-For-Review, MediaWiki-extensions-OATHAuth
chasemp added a comment to T207321: Figure out networking details for new cloud-analytics-eqiad Hadoop/Presto cluster.

My notes from the 2018-10-31 meeting:

Oct 31 2018, 3:53 PM · Analytics-Kanban, netops, Operations, Analytics
chasemp updated the task description for T206350: Onboard Michal Anna (to begin on Oct 9th).
Oct 31 2018, 3:51 PM · Security-Team

Oct 29 2018

chasemp changed the visibility for T208231: Issues with purgeUnusedProjects.php cron job on mwmaint1002 (Fri Oct 26).
Oct 29 2018, 4:29 PM · Community-Tech, Performance, MediaWiki-extensions-PageAssessments, User-Banyek, Operations
chasemp added a comment to T208231: Issues with purgeUnusedProjects.php cron job on mwmaint1002 (Fri Oct 26).

(meta note)

Oct 29 2018, 4:29 PM · Community-Tech, Performance, MediaWiki-extensions-PageAssessments, User-Banyek, Operations
chasemp removed a member for acl*sre-team: emailbot.
Oct 29 2018, 4:05 PM

Oct 26 2018

chasemp raised the priority of T151010: Add logging to OATHAuth from High to Unbreak Now!.
Oct 26 2018, 7:42 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Restricted Project, Wikistorm, Patch-For-Review, MediaWiki-extensions-OATHAuth
chasemp raised the priority of T204016: ArticleCreationWorkflow does not actually enforce enwp's autoconfirmed requirement for page creation in the permission system from High to Unbreak Now!.
Oct 26 2018, 7:20 PM · Restricted Project, MW-1.33-notes (1.33.0-wmf.2; 2018-10-30), Patch-For-Review, Security, Community-Tech-Sprint, Community-Tech, MediaWiki-extensions-ArticleCreationWorkflow
chasemp changed the subtype of T204016: ArticleCreationWorkflow does not actually enforce enwp's autoconfirmed requirement for page creation in the permission system from "Task" to "Security Issue".
Oct 26 2018, 7:13 PM · Restricted Project, MW-1.33-notes (1.33.0-wmf.2; 2018-10-30), Patch-For-Review, Security, Community-Tech-Sprint, Community-Tech, MediaWiki-extensions-ArticleCreationWorkflow
chasemp changed the subtype of T207900: Enable csp-report-only mode everywhere from "Task" to "Security Issue".
Oct 26 2018, 7:13 PM · Restricted Project, Operations, Wikimedia-Site-requests, Security-Team
chasemp changed the subtype of T151010: Add logging to OATHAuth from "Task" to "Security Issue".
Oct 26 2018, 7:13 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Restricted Project, Wikistorm, Patch-For-Review, MediaWiki-extensions-OATHAuth
chasemp moved T207900: Enable csp-report-only mode everywhere from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 26 2018, 7:06 PM · Restricted Project, Operations, Wikimedia-Site-requests, Security-Team
chasemp assigned T207900: Enable csp-report-only mode everywhere to Bawolff.

@Bawolff I have you as point person here from the relevant meeting so I'm going to go ahead and assign

Oct 26 2018, 6:59 PM · Unknown Object (Project), Operations, Wikimedia-Site-requests, Security-Team
chasemp removed a project from T207900: Enable csp-report-only mode everywhere : Patch-For-Review.
Oct 26 2018, 6:44 PM · Unknown Object (Project), Operations, Wikimedia-Site-requests, Security-Team
chasemp triaged T207900: Enable csp-report-only mode everywhere as Normal priority.
Oct 26 2018, 6:42 PM · Unknown Object (Project), Operations, Wikimedia-Site-requests, Security-Team
chasemp added a project to T151010: Add logging to OATHAuth: Restricted Project.
Oct 26 2018, 6:20 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Restricted Project, Wikistorm, Patch-For-Review, MediaWiki-extensions-OATHAuth
chasemp added a project to T204016: ArticleCreationWorkflow does not actually enforce enwp's autoconfirmed requirement for page creation in the permission system: Restricted Project.
Oct 26 2018, 6:16 PM · Restricted Project, MW-1.33-notes (1.33.0-wmf.2; 2018-10-30), Patch-For-Review, Security, Community-Tech-Sprint, Community-Tech, MediaWiki-extensions-ArticleCreationWorkflow
chasemp removed a parent task for T204016: ArticleCreationWorkflow does not actually enforce enwp's autoconfirmed requirement for page creation in the permission system: Unknown Object (Task).
Oct 26 2018, 6:11 PM · Restricted Project, MW-1.33-notes (1.33.0-wmf.2; 2018-10-30), Patch-For-Review, Security, Community-Tech-Sprint, Community-Tech, MediaWiki-extensions-ArticleCreationWorkflow
chasemp removed a member for Security: rtimport.
Oct 26 2018, 3:36 PM

Oct 22 2018

chasemp added a comment to T207663: Renumber cloud-instance-transport1-b-eqiad to public IPs.

No technical blockers to this VLAN having public IPs that I know of. Agreed that the switchover could be difficult to make transparent to users. It's possible adding an interface to the neutron router for a new subnet in the existing VLAN would allow cutover to be faster but its probably more trouble than it's worth -- would need to test it out a bit.

Oct 22 2018, 4:46 PM · cloud-services-team (Kanban), Patch-For-Review, netops, Operations

Oct 15 2018

chasemp set the image for security assessments to F26611632: profile.
Oct 15 2018, 9:32 PM
chasemp set the icon for security assessments to Umbrella.
Oct 15 2018, 9:31 PM

Oct 11 2018

chasemp closed T206628: Security Issue Access Request for LarsWirzenius as Resolved.

I've linked my new meta.wikimedia.org and mediawiki.org account to Phabricator now. @chasemp OK?

Oct 11 2018, 6:15 PM · Security-Team, Security