dpatrick (Darian Anthony Patrick)
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Tuesday

  • Clear sailing ahead.

User Details

User Since
May 19 2015, 9:05 PM (101 w, 4 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
DPatrick (WMF)

Recent Activity

Thu, Apr 27

dpatrick triaged T164000: ghostscript dSafer bypass as "High" priority.
Thu, Apr 27, 5:39 PM · Wikimedia-General-or-Unknown, Security
dpatrick added a comment to T164000: ghostscript dSafer bypass.

Thanks for the heads up @MoritzMuehlenhoff. While we're at it, I think it makes sense to set both pertinent PdfHandler config items to be firejailed:

  • PdfPostProcessor - /usr/local/bin/mediawiki-firejail-convert ($wgImageMagickConvertCommand)
  • PdfProcessor - /usr/local/bin/mediawiki-firejail-ghostscript
Thu, Apr 27, 5:38 PM · Wikimedia-General-or-Unknown, Security

Tue, Apr 25

dpatrick edited the description of T163827: Security review of Ex:JsonConfig/Ex:Kartographer interaction.
Tue, Apr 25, 9:00 PM · Maps (Kartographer), MediaWiki-extensions-JsonConfig, Security-Reviews
dpatrick edited the description of T163827: Security review of Ex:JsonConfig/Ex:Kartographer interaction.
Tue, Apr 25, 8:54 PM · Maps (Kartographer), MediaWiki-extensions-JsonConfig, Security-Reviews
dpatrick created T163827: Security review of Ex:JsonConfig/Ex:Kartographer interaction.
Tue, Apr 25, 8:49 PM · Maps (Kartographer), MediaWiki-extensions-JsonConfig, Security-Reviews
dpatrick removed a project from T163019: Allow tool's maintainers to force HTTPS for their tool: Security.

This seems to be a non-Security issue, and one which is best handled by another team, so I'm untagging the Security project.

Tue, Apr 25, 8:45 PM · User-Urbanecm, Labs, Tool-Labs
dpatrick added a member for Security: APalmer_WMF.
Tue, Apr 25, 8:31 PM
dpatrick closed T163820: Security Issue Access Request for (APalmer_WMF) as "Resolved".

Approved.

Tue, Apr 25, 8:31 PM · Security
dpatrick added a member for Security: Matanya.
Tue, Apr 25, 8:30 PM
dpatrick closed T163260: Security Issue Access Request for matanya as "Resolved".

Approved. Thanks for your patience!

Tue, Apr 25, 8:30 PM · Security
dpatrick closed T162621: Flow Nuke integration is broken for non-existent users as "Resolved".
Tue, Apr 25, 4:10 PM · Collaboration-Team-Triage (Collab-Team-Q4-Apr-Jun-2017), MediaWiki-extensions-Nuke, Flow, Security

Wed, Apr 12

dpatrick added a comment to T161356: Security review of Mailvelope.

@tstarling Thanks Tim.

Wed, Apr 12, 6:57 PM · Security-Reviews
dpatrick closed T161356: Security review of Mailvelope as "Resolved".
Wed, Apr 12, 6:57 PM · Security-Reviews
dpatrick closed T154695: Review 2FA login on iOS app as "Resolved".

@JMinor, no issues found. Thanks for submitting this for review.

Wed, Apr 12, 6:40 PM · Wikipedia-iOS-App-Backlog, Security-Reviews
dpatrick created E561: Security re-review of Ex:TemplateStyles.
Wed, Apr 12, 6:37 PM · Security-Reviews

Mon, Apr 10

dpatrick added a comment to T162621: Flow Nuke integration is broken for non-existent users.

22:45 dapatrick: Deployed patch for T162621 to wmf18 and wmf19

Mon, Apr 10, 10:45 PM · Collaboration-Team-Triage (Collab-Team-Q4-Apr-Jun-2017), MediaWiki-extensions-Nuke, Flow, Security

Wed, Apr 5

dpatrick moved T108687: Security review for CodeMirror extension branch master from Backlog to Scheduled on the Security-Reviews board.
Wed, Apr 5, 6:46 PM · Community-Tech, Security-Reviews, MediaWiki-extensions-CodeMirror
dpatrick moved T159709: Security review for WikibaseMediaInfo extension from Backlog to Scheduled on the Security-Reviews board.
Wed, Apr 5, 6:46 PM · Wikidata, Structured-Multimedia-Data, Security-Reviews
dpatrick moved T133408: Security review of TemplateStyles from Done to Scheduled on the Security-Reviews board.
Wed, Apr 5, 6:46 PM · Patch-For-Review, Reading-Admin, Security-Reviews, TemplateStyles
dpatrick created E553: Security review for WikibaseMediaInfo extension.
Wed, Apr 5, 6:46 PM · Security-Reviews

Mar 29 2017

dpatrick updated the invite list for E549: Security review for CodeMirror extension branch master, invited: Reedy; uninvited: dpatrick.
Mar 29 2017, 4:59 PM · Security-Reviews
dpatrick created E549: Security review for CodeMirror extension branch master.
Mar 29 2017, 4:59 PM · Security-Reviews
dpatrick added a comment to T159709: Security review for WikibaseMediaInfo extension.

@Lydia_Pintscher Ping.

Mar 29 2017, 4:42 PM · Wikidata, Structured-Multimedia-Data, Security-Reviews

Mar 28 2017

dpatrick added a project to T161453: Having LocalisationCache directory default to system tmp directory is insecure: Vuln-Infoleak.
Mar 28 2017, 8:41 PM · MW-1.27-release-notes, MW-1.28-release-notes, MW-1.29-release (WMF-deploy-2017-04-11_(1.29.0-wmf.20)), MW-1.29-release-notes, MediaWiki-Internationalization, Vuln-Infoleak, Security
dpatrick added a comment to T161356: Security review of Mailvelope.

To whom is WMF going to recommend Mailvelope? Is it for employees/contractors or the general public?

Mar 28 2017, 4:36 PM · Security-Reviews

Mar 24 2017

dpatrick moved T161356: Security review of Mailvelope from Backlog to In Progress on the Security-Reviews board.
Mar 24 2017, 10:59 PM · Security-Reviews
dpatrick added a comment to T161356: Security review of Mailvelope.

Created retroactively to capture content of e-mail response from @tstarling.

Mar 24 2017, 10:59 PM · Security-Reviews
dpatrick created T161356: Security review of Mailvelope.
Mar 24 2017, 10:58 PM · Security-Reviews

Mar 22 2017

dpatrick added a comment to T108687: Security review for CodeMirror extension branch master.

@kaldari, can you update the description of this ticket and add the info requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Once that's done, I'll get this scheduled.

Mar 22 2017, 5:43 PM · Community-Tech, Security-Reviews, MediaWiki-extensions-CodeMirror

Mar 21 2017

dpatrick moved T159519: Investigate security concerns on enabling OAuth or BotPasswords for stewardwiki from Backlog to Other WMF team on the Security board.
Mar 21 2017, 8:25 PM · Security-Extensions, Security-Team, Security
dpatrick added a comment to T154695: Review 2FA login on iOS app.

@JMinor, I just rescheduled this for this week and next. I'll contact you off-Phab to schedule a review commencement meeting.

Mar 21 2017, 7:40 PM · Wikipedia-iOS-App-Backlog, Security-Reviews
dpatrick changed the start date for E503: Security review of 2FA login on iOS app from Mar 13 2017 to Mar 20 2017.
Mar 21 2017, 7:39 PM · Security-Reviews
dpatrick added a comment to T99358: [Task] Security review of Wikibase-Quality-External-Validation branch master.

@Lydia_Pintscher, can you give us an update on this ticket?

Mar 21 2017, 7:37 PM · Patch-For-Review, Wikibase-Quality, Security-Team, Wikidata, Security-Reviews, Wikibase-Quality-External-Validation
dpatrick added a comment to T145966: Security review for Extension:DeleteBatch.

@Legoktm, @MarcoAurelio can you give an update on the status of the extension? Is it ready to review now? If now, I say we close this ticket as invalid and create another at a later date should the module prove ready for review and likely to be deployed.

Mar 21 2017, 7:36 PM · Security-Reviews
dpatrick added a comment to T149424: Security review the Extension:WikipediaExtracts.

@Sophivorus, @Dereckson, is this security review still needed?

Mar 21 2017, 7:31 PM · MediaWiki-extensions-WikipediaExtracts, Security-Reviews
dpatrick moved T160982: WIP Security review for FileImporter extension from Backlog to Waiting/Blocked on the Security-Reviews board.
Mar 21 2017, 7:29 PM · User-Addshore, WMDE-QWERTY-Team-Board, Security-Reviews
dpatrick added a comment to T159519: Investigate security concerns on enabling OAuth or BotPasswords for stewardwiki.

@MarcoAurelio, the Security team concurs with @Anomie. The main reason is not related to security concerns. We're okay with OAuth and BotPasswords on these wikis.

Mar 21 2017, 7:27 PM · Security-Extensions, Security-Team, Security
dpatrick added a comment to T159709: Security review for WikibaseMediaInfo extension.

@Lydia_Pintscher, can you update the description of this ticket with the information requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Thanks!

Mar 21 2017, 4:11 PM · Wikidata, Structured-Multimedia-Data, Security-Reviews

Feb 28 2017

dpatrick closed T158840: Security Issue Access Request for Nikerabbit as "Resolved".

Approved! Thanks for all of your attentiveness thus far, and we're glad to have in Security.

Feb 28 2017, 9:16 PM · Security
dpatrick added a member for Security: Nikerabbit.
Feb 28 2017, 9:15 PM

Feb 24 2017

dpatrick moved T151798: add subdomain for annual report 2016 from Backlog to Done on the Security-Reviews board.
Feb 24 2017, 8:39 PM · Patch-For-Review, Security-Reviews, Operations, Annual-Report
dpatrick added a comment to T151798: add subdomain for annual report 2016.

I've reviewed both content and technical implementation of the 2016 Annual Report and found no major security problems. Here are a few notes on minor things:

  • "amoritization" on 2016/financials.html may be misspelled
  • In the video at the bottom of 2016/what-we-stand-for.html, at approx. 1:21, is it okay to show the list of users who have visited the office?
  • Use of Katherine and Jimmy's signatures may be useful in instances an attacker requires a signature on a physical form as part of a further attack. (I say this realizing that we've probably published Katherine and Jimmy's signatures before.
  • X-Frame-Options header is not set on live site (https://annual.wikimedia.org/2016/)
Feb 24 2017, 8:39 PM · Patch-For-Review, Security-Reviews, Operations, Annual-Report
dpatrick added a project to T151798: add subdomain for annual report 2016: Security-Reviews.
Feb 24 2017, 12:55 AM · Patch-For-Review, Security-Reviews, Operations, Annual-Report

Feb 22 2017

dpatrick changed the start date for E505: Security review of NamespaceRelations from Mar 6 2017 to Mar 13 2017.
Feb 22 2017, 9:40 PM · Security-Reviews
dpatrick changed the start date for E504: Security review of Timeless skin from Mar 6 2017 to Mar 13 2017.
Feb 22 2017, 9:40 PM · Security-Reviews
dpatrick moved T158661: Security review for FileExporter extension from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 7:42 PM · Patch-For-Review, Security-Reviews, User-Addshore, WMDE-QWERTY-Team-Board
dpatrick updated subscribers of E506: Security review for Extension:FileExporter.
Feb 22 2017, 7:42 PM · Security-Reviews
dpatrick created E506: Security review for Extension:FileExporter.
Feb 22 2017, 7:42 PM · Security-Reviews
dpatrick moved T155087: Security review for NamespaceRelations from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 7:38 PM · Security-Reviews
dpatrick updated subscribers of E505: Security review of NamespaceRelations.
Feb 22 2017, 7:37 PM · Security-Reviews
dpatrick created E505: Security review of NamespaceRelations.
Feb 22 2017, 7:36 PM · Security-Reviews
dpatrick moved T158011: Security review for Timeless skin from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 7:35 PM · Patch-For-Review, Timeless, Security-Reviews
dpatrick updated subscribers of E504: Security review of Timeless skin.
Feb 22 2017, 7:34 PM · Security-Reviews
dpatrick removed invites for E504: Security review of Timeless skin: dpatrick.
Feb 22 2017, 7:34 PM · Security-Reviews
dpatrick removed invites for E500: Security review of StopForumSpam: dpatrick.
Feb 22 2017, 7:34 PM · Security-Reviews
dpatrick removed invites for E502: Security review of Anniversaries Endpoint: dpatrick.
Feb 22 2017, 7:34 PM · Security-Reviews
dpatrick changed the start date for E484: Security review of Extension:3d from Feb 6 2017 to Feb 20 2017.
Feb 22 2017, 7:33 PM · Security-Reviews
dpatrick removed invites for E485: Security review of Extension:PageForms: dpatrick.
Feb 22 2017, 7:33 PM · Security-Reviews
dpatrick removed invites for E484: Security review of Extension:3d: dpatrick.
Feb 22 2017, 7:32 PM · Security-Reviews
dpatrick updated the invite list for E486: Security Review of Trending Edits Endpoint, invited: Bawolff; uninvited: dpatrick.
Feb 22 2017, 7:32 PM · Security-Reviews
dpatrick created E504: Security review of Timeless skin.
Feb 22 2017, 7:29 PM · Security-Reviews
dpatrick updated subscribers of E486: Security Review of Trending Edits Endpoint.
Feb 22 2017, 7:10 PM · Security-Reviews
dpatrick updated subscribers of E484: Security review of Extension:3d.
Feb 22 2017, 7:10 PM · Security-Reviews
dpatrick added invites for E485: Security review of Extension:PageForms: Bawolff.
Feb 22 2017, 7:09 PM · Security-Reviews
dpatrick updated subscribers of E502: Security review of Anniversaries Endpoint.
Feb 22 2017, 7:09 PM · Security-Reviews
dpatrick updated subscribers of E501: Security review of CollaborationKit.
Feb 22 2017, 7:09 PM · Security-Reviews
dpatrick updated subscribers of E500: Security review of StopForumSpam.
Feb 22 2017, 7:09 PM · Security-Reviews
dpatrick updated subscribers of E503: Security review of 2FA login on iOS app.
Feb 22 2017, 7:08 PM · Security-Reviews
dpatrick moved T154695: Review 2FA login on iOS app from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 7:08 PM · Wikipedia-iOS-App-Backlog, Security-Reviews
dpatrick added a comment to T154695: Review 2FA login on iOS app.

@JMinor, this review has been scheduled for the week of March 13th. Does this work for your deployment schedule? Also, can you provide documentation of setting up a test environment?

Feb 22 2017, 7:07 PM · Wikipedia-iOS-App-Backlog, Security-Reviews
dpatrick created E503: Security review of 2FA login on iOS app.
Feb 22 2017, 7:06 PM · Security-Reviews
dpatrick added a comment to T155087: Security review for NamespaceRelations.

Hi @Nemo_bis, could you update the description of this ticket and add the information requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Thanks!

Feb 22 2017, 7:03 PM · Security-Reviews
dpatrick moved T153088: Security Review of On This Day Endpoint from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 6:58 PM · Reading Epics (New Feed Content), Mobile-Content-Service (Kanban), Security-Reviews
dpatrick changed the start date for E500: Security review of StopForumSpam from Feb 20 2017 to Feb 27 2017.
Feb 22 2017, 6:58 PM · Security-Reviews
dpatrick created E502: Security review of Anniversaries Endpoint.
Feb 22 2017, 6:56 PM · Security-Reviews
dpatrick added invites for E484: Security review of Extension:3d: Reedy.
Feb 22 2017, 6:50 PM · Security-Reviews
dpatrick added invites for E501: Security review of CollaborationKit: Reedy.
Feb 22 2017, 6:48 PM · Security-Reviews
dpatrick created E501: Security review of CollaborationKit.
Feb 22 2017, 6:46 PM · Security-Reviews
dpatrick created E500: Security review of StopForumSpam.
Feb 22 2017, 6:43 PM · Security-Reviews
dpatrick moved T155725: Security review for StopForumSpam from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 6:37 PM · MediaWiki-extensions-StopForumSpam, Stewards-and-global-tools, Security-Reviews
dpatrick moved T138324: Security review for CollaborationKit from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 6:37 PM · MediaWiki-extensions-CollaborationKit, Security-Reviews
dpatrick added a comment to T158689: Parameters injection in SyntaxHighlight results in multiple vulnerabilities.

Thanks @Reedy. Is there a SAL entry associated with this deployment?

Feb 22 2017, 4:26 AM · MW-1.29-release (WMF-deploy-2017-04-04_(1.29.0-wmf.19)), Patch-For-Review, Vuln-XSS, Security

Feb 21 2017

dpatrick edited the description of T158689: Parameters injection in SyntaxHighlight results in multiple vulnerabilities.
Feb 21 2017, 7:10 PM · MW-1.29-release (WMF-deploy-2017-04-04_(1.29.0-wmf.19)), Patch-For-Review, Vuln-XSS, Security
dpatrick added a project to T158689: Parameters injection in SyntaxHighlight results in multiple vulnerabilities: Vuln-XSS.
Feb 21 2017, 7:07 PM · MW-1.29-release (WMF-deploy-2017-04-04_(1.29.0-wmf.19)), Patch-For-Review, Vuln-XSS, Security
dpatrick created T158689: Parameters injection in SyntaxHighlight results in multiple vulnerabilities.
Feb 21 2017, 7:06 PM · MW-1.29-release (WMF-deploy-2017-04-04_(1.29.0-wmf.19)), Patch-For-Review, Vuln-XSS, Security

Feb 14 2017

dpatrick triaged T158119: Add Security.md to MediaWiki Core? as "Normal" priority.
Feb 14 2017, 9:41 PM · MediaWiki-Documentation, Documentation, Security-Team, Security
dpatrick added a comment to T158119: Add Security.md to MediaWiki Core?.

@Reedy, I think this is a good idea for people working with a local repo who are unfamiliar with our projects.

Feb 14 2017, 9:41 PM · MediaWiki-Documentation, Documentation, Security-Team, Security
dpatrick awarded T158119: Add Security.md to MediaWiki Core? a Like token.
Feb 14 2017, 9:36 PM · MediaWiki-Documentation, Documentation, Security-Team, Security
dpatrick moved T138324: Security review for CollaborationKit from Waiting/Blocked to Backlog on the Security-Reviews board.
Feb 14 2017, 9:21 PM · MediaWiki-extensions-CollaborationKit, Security-Reviews

Feb 8 2017

dpatrick changed the start date for E430: Security Review: Internal File Server configuration and access from Jan 30 2017 to Feb 13 2017.
Feb 8 2017, 6:36 PM · Security-Reviews

Feb 7 2017

dpatrick renamed E485: Security review of Extension:PageForms from Security review for Extension:PageForms to Security review of Extension:PageForms.
Feb 7 2017, 5:38 PM · Security-Reviews
dpatrick moved T157077: Security review of Extension:3d from Backlog to Scheduled on the Security-Reviews board.
Feb 7 2017, 5:35 PM · 3d, Security-Reviews
dpatrick moved T141474: Automatic start of authentication workflow for link provider (if it's the only available one) from Backlog to In Progress on the Security-Reviews board.
Feb 7 2017, 5:35 PM · Security-Reviews, Patch-For-Review, MediaWiki-Authentication-and-authorization
dpatrick moved T153087: Security Review of Trending Edits Endpoint from Backlog to Scheduled on the Security-Reviews board.
Feb 7 2017, 5:34 PM · Reading Epics (Trending Edits), Trending-Service, Security-Reviews
dpatrick created E486: Security Review of Trending Edits Endpoint.
Feb 7 2017, 5:33 PM · Security-Reviews
dpatrick created E485: Security review of Extension:PageForms.
Feb 7 2017, 5:24 PM · Security-Reviews
dpatrick created E484: Security review of Extension:3d.
Feb 7 2017, 5:13 PM · Security-Reviews

Feb 3 2017

dpatrick created E481: Security review of OIT LDAP User Management Tool.
Feb 3 2017, 12:41 AM · Security-Reviews
dpatrick closed T156958: Repository request: OIT-LDAP-Tools as "Resolved".

This has been completed. https://phabricator.wikimedia.org/source/OIT-LDAP-Tools/

Feb 3 2017, 12:30 AM · Repository-Admins

Feb 1 2017

dpatrick edited the description of T156958: Repository request: OIT-LDAP-Tools.
Feb 1 2017, 8:13 PM · Repository-Admins