Page MenuHomePhabricator

sguebo_WMF (Samuel Guebo)
User

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Wednesday

  • Clear sailing ahead.

User Details

User Since
Aug 10 2018, 4:17 PM (154 w, 2 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
Samuel (WMF) [ Global Accounts ]

Recent Activity

Jun 25 2021

sguebo_WMF added a comment to T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables.

@sguebo_WMF Is this a modification of the approval given in T150679: Some Labs DB user_properties view fields are sensitive to expose that preference?

Jun 25 2021, 7:09 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
sguebo_WMF added a comment to T284941: Remove geolocation metadata from Commons images.

For context, the privacy engineering audit regarding the wiki-replicas is part of a body of work that is being done internally by the Security team. But I concur that a parent public ticket would have made sense too. I’ll keep that in mind moving forward.

Jun 25 2021, 6:55 AM · cloud-services-team (Kanban), Privacy Engineering, Data-Services

Jun 14 2021

sguebo_WMF created T284948: Raw IPs of logged-out users disclosed in wiki-replicas.
Jun 14 2021, 5:43 PM · cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF created T284944: Increased visibility in wiki-replicas for volunteers fighting vandals.
Jun 14 2021, 5:26 PM · cloud-services-team (Kanban), Privacy Engineering, Data-Services
sguebo_WMF created T284943: User genders publicly disclosed in wiki-replicas global_preferences and user_properties tables.
Jun 14 2021, 5:19 PM · Privacy Engineering, Data-Services, cloud-services-team (Kanban)
sguebo_WMF created T284941: Remove geolocation metadata from Commons images.
Jun 14 2021, 5:11 PM · cloud-services-team (Kanban), Privacy Engineering, Data-Services

May 12 2021

sguebo_WMF added a comment to T259421: WordPress blogs load (unused) Twemoji.js which uses third-party service.

I had the chance to sync directly with @Varnent who's in charge of those platforms, and I surfaced the solutions proposed above. So far, applying the CSP change at the Nginx server level on WordPress VIP does not seem to be an option. Instead, disabling Twemoji.js through a WordPress plugin would be the applicable solution. The Security-Team is supportive of this approach, which was suggested earlier in this thread and has already been used on the techblog (Cf: 4447d8f).

May 12 2021, 4:55 PM · Diff-blog, Privacy, Privacy Engineering, Technical blog, wikimediafoundation.org

May 4 2021

sguebo_WMF closed T279140: Prototyping a vulnerability management dashboard as Resolved.
May 4 2021, 5:38 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF updated the task description for T279140: Prototyping a vulnerability management dashboard.
May 4 2021, 5:37 PM · SecTeam-Processed, Security-Team, Security

Apr 26 2021

sguebo_WMF added a comment to T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs.

Thanks for the ping. I have added a sentence to reflect the concern on the gadget description for zhwikinews where I am a sysop.

Indeed, @Xiplus , do you find it feasible if we move your script to the wiki so that the concern could be eliminated?

Apr 26 2021, 5:26 PM · Wikimedia-General-or-Unknown, Privacy, Privacy Engineering
sguebo_WMF updated the task description for T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs.
Apr 26 2021, 5:06 PM · Wikimedia-General-or-Unknown, Privacy, Privacy Engineering

Apr 23 2021

sguebo_WMF added a comment to T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs.

The Foundation’s Privacy Policy mentions the commitment of “never selling [user] information or sharing it with third parties for marketing purposes” and “[...]only sharing [user ]information in limited circumstances, such as to improve the Wikimedia Sites, to comply with the law, or to protect you and others.” In principle, gadgets that share user information with third parties do so in violation of this policy. However, it is worth noting that some of these scripts are used by thousands of contributors. Therefore, I think there should be a short-term and a long-term approach to tackling this issue.

Apr 23 2021, 3:59 PM · Wikimedia-General-or-Unknown, Privacy, Privacy Engineering

Apr 19 2021

sguebo_WMF added a comment to T275754: Fix (non-default) gadgets loading executable JavaScript from third-party URLs.

I would be grateful if you clarify what you are requesting/ expecting. Are you suggesting that those gadgets be taken down or that their authors be required to draft an on-wiki heads-up, for instance on the widget's talk page? Or is it totally something else you're asking for?

Apr 19 2021, 12:21 PM · Wikimedia-General-or-Unknown, Privacy, Privacy Engineering

Apr 15 2021

sguebo_WMF added a comment to T259421: WordPress blogs load (unused) Twemoji.js which uses third-party service.

Since the WordPress blogs have none of the MW legacy, I suppose it'd make sense to set the CSP rules at the server-level for the blogs, not from within PHP.

I'm not sure if we have access to nginx config settings at Auttomatic, but that would be the best approach, sure. I was more implying that we could copy the current Wikimedia prod CSP as a starting point and tighten it as appropriate for the various WP sites referenced within this task.

Apr 15 2021, 4:29 PM · Diff-blog, Privacy, Privacy Engineering, Technical blog, wikimediafoundation.org

Apr 9 2021

sguebo_WMF added a comment to T279690: Enable risk rating field in Phabricator's task form.

Originally I was interested in having the risk rating field being added to New Task. However, while looking at the tickets your referenced, I could see that the Security Type Advanced form (73) already has the Security rating field, although it seems to be locked at the moment.

Apr 9 2021, 6:02 PM · Phabricator, Security-Team

Apr 8 2021

sbassett awarded T279690: Enable risk rating field in Phabricator's task form a Like token.
Apr 8 2021, 4:34 PM · Phabricator, Security-Team
sguebo_WMF updated the task description for T279140: Prototyping a vulnerability management dashboard.
Apr 8 2021, 4:33 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF renamed T279690: Enable risk rating field in Phabricator's task form from Enable risk rating field in Phabricator's New task form to Enable risk rating field in Phabricator's task form.
Apr 8 2021, 4:31 PM · Phabricator, Security-Team
sguebo_WMF created T279690: Enable risk rating field in Phabricator's task form.
Apr 8 2021, 4:30 PM · Phabricator, Security-Team

Apr 6 2021

sguebo_WMF updated the task description for T279140: Prototyping a vulnerability management dashboard.
Apr 6 2021, 3:21 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF added a comment to T279140: Prototyping a vulnerability management dashboard.

I completed a prototype with basic filtering options. For now, one can filter by project (tag), year when the ticket was created, and severity. The code base is available at https://github.com/samuelguebo/vm-dashboard. It's public for now since there are no credentials or sensitive data there but I'm glad to make it private if there are any objections.

Apr 6 2021, 3:21 PM · SecTeam-Processed, Security-Team, Security

Apr 2 2021

sguebo_WMF added a comment to T279140: Prototyping a vulnerability management dashboard.

Thanks @Reedy, I intend to use the Phabricator's Python library since it's pretty straightforward.
I guess I can grab the token with you once you've gotten the chance to create it.

Apr 2 2021, 7:43 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF updated the task description for T279140: Prototyping a vulnerability management dashboard.
Apr 2 2021, 5:05 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF added a comment to T279140: Prototyping a vulnerability management dashboard.

I see, then it's fine since I was able to collect all the existing tags from the Conduit API as well using the Vuln- prefix.

Sounds good. Not sure if you're using personal API tokens for this, tied to your Phab account, but we probably shouldn't do that. We do have a bot though we'd likely need to recover credentials for that and add you and maybe @Reedy and myself as maintainers.

Apr 2 2021, 4:42 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF added a comment to T279140: Prototyping a vulnerability management dashboard.

For now, I think we can make this public. If it becomes necessary to include sensitive data here, directly within the task, we can always protect it again.

Apr 2 2021, 3:47 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF added a comment to T279140: Prototyping a vulnerability management dashboard.

Hey @sbassett,
Thanks for chiming in.

Apr 2 2021, 2:48 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF updated the task description for T279140: Prototyping a vulnerability management dashboard.
Apr 2 2021, 2:18 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF updated the task description for T279140: Prototyping a vulnerability management dashboard.
Apr 2 2021, 1:28 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF added a comment to T279140: Prototyping a vulnerability management dashboard.

Some initial tests with Conduit enpoints
Pulling the Phabricator ID (PHID) of all tags starting with the Vuln- keyword:

curl https://phabricator.wikimedia.org/api/project.search \
    -d api.token=api-token \
    -d constraints[name]=Vuln-
Apr 2 2021, 1:27 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF removed a project from T279140: Prototyping a vulnerability management dashboard: acl*security.
Apr 2 2021, 12:27 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF shifted T279140: Prototyping a vulnerability management dashboard from the S1 Public space to the Restricted Space space.
Apr 2 2021, 12:24 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF added a project to T279140: Prototyping a vulnerability management dashboard: acl*security.
Apr 2 2021, 12:23 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF created T279140: Prototyping a vulnerability management dashboard.
Apr 2 2021, 12:22 PM · SecTeam-Processed, Security-Team, Security

Mar 9 2021

sguebo_WMF added a member for Privacy Engineering: sguebo_WMF.
Mar 9 2021, 8:20 PM

Mar 8 2021

sguebo_WMF closed T276852: Onboarding Samuel Guebo to the Security Team as a Privacy Engineer as Resolved.
Mar 8 2021, 8:47 PM · Security-Team
sguebo_WMF added a comment to T276852: Onboarding Samuel Guebo to the Security Team as a Privacy Engineer.

I added you the acl*security_team group already.

Mar 8 2021, 8:44 PM · Security-Team
sguebo_WMF added a comment to T276852: Onboarding Samuel Guebo to the Security Team as a Privacy Engineer.

@sbassett , coolio. I guess once @Reedy has added me to the acl*security_team group, I can close this one.

Mar 8 2021, 7:22 PM · Security-Team
sguebo_WMF added a comment to T276852: Onboarding Samuel Guebo to the Security Team as a Privacy Engineer.

Hey @sbassett, thanks for creating this and having checked a bunch of boxes already.

Mar 8 2021, 7:11 PM · Security-Team
sguebo_WMF updated the task description for T276852: Onboarding Samuel Guebo to the Security Team as a Privacy Engineer.
Mar 8 2021, 7:02 PM · Security-Team

Nov 18 2020

sguebo_WMF added a comment to T264797: Update 2030.wikimedia.org redirect to new URI.

Hi. I have merged the gerrit change, but

  • i'm not sure how long it's going to take to take effect
  • the current redirect is a 301 (a 'permenant' redirect), so browsers that have visited the url before are likely to still go to the old location.
Nov 18 2020, 3:14 PM · Wikimedia-Apache-configuration, SRE

Nov 5 2020

sguebo_WMF created T267312: Requesting access to restricted production access and analytics-privatedata-users for Zxane Soo.
Nov 5 2020, 11:24 AM · Trust-and-Safety, SRE-Access-Requests, SRE

Oct 6 2020

sguebo_WMF created T264814: Add a column for the blocks in WikiStats.
Oct 6 2020, 10:26 PM · Patch-For-Review, VPS-project-Wikistats, Trust-and-Safety
sguebo_WMF created T264797: Update 2030.wikimedia.org redirect to new URI.
Oct 6 2020, 8:14 PM · Wikimedia-Apache-configuration, SRE
sguebo_WMF added a comment to T202498: Redirect 2030.wikimedia.org to the new movement strategy portal .

Hello @Dzahn, can the 2030.wikimedia.org subdomain redirect to the new url: https://meta.wikimedia.org/wiki/Wikimedia_2030 ?

Oct 6 2020, 5:31 PM · Patch-For-Review, Wikimedia-Apache-configuration, SRE

Sep 25 2020

sguebo_WMF added a comment to T263844: Reset 2FA for User:Satdeep Gill.

Handled through ca@

Sep 25 2020, 12:29 PM · Trust-and-Safety
sguebo_WMF closed T263844: Reset 2FA for User:Satdeep Gill as Resolved.
Sep 25 2020, 12:29 PM · Trust-and-Safety

Jul 27 2020

sguebo_WMF added a comment to T256971: Requesting access to restricted production access and analytics-privatedata-users for Nahid Sultan.

Thanks again for the patch. While he can access the stats server (stat1005.eqiad.wmnet), Nahid is not able to access the maintenance server.

Jul 27 2020, 4:14 PM · Patch-For-Review, Trust-and-Safety, SRE, SRE-Access-Requests

Jul 24 2020

sguebo_WMF claimed T258669: Reset 2FA for User:Nabin K. Sapkota on Nepali Wikipedia and SUL.
Jul 24 2020, 7:40 PM · Trust-and-Safety
sguebo_WMF added a comment to T258669: Reset 2FA for User:Nabin K. Sapkota on Nepali Wikipedia and SUL.

2FA is now removed from the account User:Nabin K. Sapkota

Jul 24 2020, 7:40 PM · Trust-and-Safety

Jul 6 2020

sguebo_WMF added a member for acl*access-policy-approvers: Nahid.
Jul 6 2020, 10:25 AM

Jul 3 2020

sguebo_WMF added a member for Security: Nahid.
Jul 3 2020, 1:06 PM
sguebo_WMF added a member for Trust-and-Safety: Nahid.
Jul 3 2020, 1:05 PM

Jul 2 2020

sguebo_WMF created T256971: Requesting access to restricted production access and analytics-privatedata-users for Nahid Sultan.
Jul 2 2020, 12:54 PM · Patch-For-Review, Trust-and-Safety, SRE, SRE-Access-Requests

Jun 30 2020

sguebo_WMF awarded rPHAB058b8df74f73: WIP: legalpad conduit method a Like token.
Jun 30 2020, 3:47 PM

Jun 11 2020

sguebo_WMF added a comment to T254035: Resetting Kerberos access for sguebo.
elukey@krb1001:~$ sudo manage_principals.py delete sguebo
elukey@krb1001:~$ sudo manage_principals.py create sguebo --email_address=sguebo@wikimedia.org
Principal successfully created. Make sure to update data.yaml in Puppet.
Successfully sent email to sguebo@wikimedia.org

Done! Sorry for the lag!

No worries, @elukey. Many thanks for your assistance!

Jun 11 2020, 1:34 PM · Analytics

May 29 2020

sguebo_WMF renamed T254035: Resetting Kerberos access for sguebo from Resetting a Kerberos access for sguebo to Resetting Kerberos access for sguebo.
May 29 2020, 7:23 PM · Analytics
sguebo_WMF renamed T254035: Resetting Kerberos access for sguebo from Reseting a Kerberos access for sguebo to Resetting a Kerberos access for sguebo.
May 29 2020, 7:22 PM · Analytics
sguebo_WMF renamed T254035: Resetting Kerberos access for sguebo from Resting a Kerberos access for sguebo to Reseting a Kerberos access for sguebo.
May 29 2020, 7:22 PM · Analytics
sguebo_WMF created T254035: Resetting Kerberos access for sguebo.
May 29 2020, 7:22 PM · Analytics

Feb 18 2020

sguebo_WMF awarded T244913: Create a Kerberos access for sguebo a Yellow Medal token.
Feb 18 2020, 9:28 PM · Analytics

Feb 11 2020

sguebo_WMF created T244913: Create a Kerberos access for sguebo.
Feb 11 2020, 7:28 PM · Analytics

Dec 17 2019

sguebo_WMF awarded T236921: Replies v1.0: conduct usability testing a Like token.
Dec 17 2019, 4:59 PM · Editing Design, Editing-team, OWC2020

Sep 20 2019

sguebo_WMF awarded T232379: MassMessage problems - multiple deliveries and missing deliveries a Like token.
Sep 20 2019, 1:27 PM · MW-1.34-notes (1.34.0-wmf.23; 2019-09-17), Platform Team Workboards (Clinic Duty Team), Wikimedia-JobQueue, MassMessage

Sep 19 2019

sguebo_WMF added a comment to T232379: MassMessage problems - multiple deliveries and missing deliveries.

Hey @Pchelolo, do we know whether the patch might be merged soon? Thanks for the work there.

Sep 19 2019, 5:19 PM · MW-1.34-notes (1.34.0-wmf.23; 2019-09-17), Platform Team Workboards (Clinic Duty Team), Wikimedia-JobQueue, MassMessage

Aug 29 2019

sguebo_WMF added a comment to T231526: Reset my 2FA on this Phab account.

Hello Cyberpower678,

Aug 29 2019, 5:46 PM · Security, Phabricator

Jul 26 2019

sguebo_WMF awarded T228927: Add sguebo_WMF to WMF LDAP group a Like token.
Jul 26 2019, 4:07 PM · LDAP-Access-Requests, Trust-and-Safety, Security-Team, SRE

Apr 11 2019

sguebo_WMF added a comment to T220683: Request to disable Two-factor Authentication.

Hey @Aklapper and @19.abbas.75, the email was received through ca@ and we've proceeded with disabling 2FA for User:Abbas dhothar on pnbwiki.

Apr 11 2019, 2:23 PM · Trust-and-Safety

Mar 4 2019

sguebo_WMF added a comment to T217476: 2FA reset for CentralAuth account 1997kB.

@Aklapper: Yes, I realized it shortly after my previous comment. I handled it myself. Sorry for the confusion :)

Mar 4 2019, 3:01 PM · Wikimedia-Site-requests, Trust-and-Safety
sguebo_WMF added a comment to T217476: 2FA reset for CentralAuth account 1997kB.
Mar 4 2019, 2:03 PM · Wikimedia-Site-requests, Trust-and-Safety

Dec 20 2018

sguebo_WMF added a comment to T208536: Support for new Access Policy/Confidentiality Agreement rollout.

Thanks very much for your invaluable support, @Quiddity!

Dec 20 2018, 1:37 PM · Trust-and-Safety, CommRel-Specialists-Support (Oct-Dec-2018)
sguebo_WMF closed T208536: Support for new Access Policy/Confidentiality Agreement rollout as Resolved.
Dec 20 2018, 1:36 PM · Trust-and-Safety, CommRel-Specialists-Support (Oct-Dec-2018)

Nov 7 2018

sguebo_WMF added a member for acl*access-policy-approvers: Quiddity.
Nov 7 2018, 12:06 PM

Aug 31 2018

sguebo_WMF added a comment to T202362: Requesting access to restricted production access and analytics-privatedata-users for Samuel Guebo.

Hi @ArielGlenn, the access works just fine. Thanks!

Aug 31 2018, 5:35 PM · Patch-For-Review, SRE, SRE-Access-Requests

Aug 22 2018

sguebo_WMF added a project to T202577: "Home" link of AWMD stats tool (sometimes) uses HTTP [Not Secure] protocol instead of HTTPS: good first task.
Aug 22 2018, 9:13 PM · Patch-For-Review, Google-Code-in-2018, good first task, Africa-Wikimedia-Developers
sguebo_WMF added a comment to T202362: Requesting access to restricted production access and analytics-privatedata-users for Samuel Guebo.

Hi @RobH, I hereby confirm that I am the one who generated the key below:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcAX6WTg1eISyLlAAfCB6JefHgZQFJRptkuj1ivLPHtOCvOFilAJFZRNlBwb5Mzrfucs6dMMPLg+UJLdJz2YM/g06Iwl1xYYW1pcLIl7mrrq5x54mQCFmacxLQLk1tqG5YvChJF8SbcH+Z1LvHhEy+ElBlQRnhBhi9YuTzLyy12aHVewnnGr+I+XPxG1Hg7gKZgbcsxT8L7XXcg0EGMNxhciPKUK0nK3PEmKWR0Xlx4hLnQ2hDYLqRmGAM7zj7uJ1tq1qKHW5DZvmlojdfdWFmFbVQDvP0HJHruwvudSs2re+5iwsztP3La4iXAj7c3fPIrYNgXjxMRKc4GgXHPZsCd3q6bVkTNRp0mcb3PWPaTIs/QdR9T6Z6M6fuUlEFRTjP9SqGHwCR5P//sS/aJSpf9HUjE8l88vVF0HW8m7ZVE1/xVERzw1fOhE+BAnO6qEjxnyqLnykdBIEVPsNy2MTIo98dxgzykmP5aMwcYnKPiUJ4nsDsaLoPct9iftJF8nNcbk+j5BHHNfiSM6V220rWox2IYM9M/OChaPuoRVIHQMTQ17ZaE7+JO93xosFigB0IpuMk4vwV+Z/vhk3NDoAjcw1gFSKnz8pKGrBI8CV2ls/32w8jcNAJgNdP1cjqLwksAbKvyk1TDZi6sXYW2L2Rr6YZ8Rb6g2SeBe/LPs44sw==

Aug 22 2018, 8:33 AM · Patch-For-Review, SRE, SRE-Access-Requests