Congrats @DivestBerlin as German capital votes to #divest from fossil fuels for the climate https://t.co/Z2LUqvEDs8pic.twitter.com/gdbx7FekOc— 350.org Europe (@350Europe) June 23, 2016
*
Interesting take on Brexit - awesome ... A de facto European "dictatorship" is falling with this British vote? https://t.co/LTtRXGOmLX— Open Band (Berkeley) (@TheOpenBand) June 24, 2016
*
Interesting take on Brexit - awesome ... A de facto European "dictatorship" is falling with this British vote? ... is this the dictatorship of a money-centric EU (and re Yonatan Zunger's post below) ... and re identity questions in an information technology world ...
https://twitter.com/TheOpenBand/status/746426005867233280 ...
*https://twitter.com/TheOpenBand/status/746426005867233280 ...
It's Brexit - awesome - now we need to engineer a basic democratic order in Europe as the dictatorial EU collapses https://t.co/ryFxtEymK3— Gerd Moe-Behrens (@GerdMoeBehrens) June 24, 2016
*
— Hank Greely (@HankGreelyLSJU) June 24, 2016
*
Brexit earthquake has happened, the rubble will take years to clear https://t.co/y8fh43A2t7— The Guardian (@guardian) June 24, 2016
*
how to look sad when you're secretly enjoying watching the UK destroy itself— Salmond Googling (@SalmondGoogling) June 24, 2016
*
is next thursday too soon for indyref— Salmond Googling (@SalmondGoogling) June 24, 2016
*
The UK decision to #Leave was largely motivated by fear of immigrants. Consequences will come #Pound#Brexitpic.twitter.com/8PuAvK4nRn— Eduardo Samaniego (@EduSamani) June 24, 2016
*
how can scotland deal with the impending flood of english migrants— Salmond Googling (@SalmondGoogling) June 24, 2016
*
https://twitter.com/GerdMoeBehrens/status/746245873680650240
*
European SUPERSTATE to be unveiled: EU nations 'to be morphed into one' post-Brexit
http://www.express.co.uk/news/politics/683739/EU-referendum-German-French-European-superstate-Brexit*
Angela Merkel surprised by massive protest march against TTIP in Berlin
http://www.businessinsider.com/r-hundreds-of-thousands-protest-in-berlin-against-eu-us-trade-deal-2015-10?r=UK&IR=T
*
Interesting take on Brexit - awesome ... A de facto European "dictatorship" is falling with this British vote? https://t.co/LTtRXGOmLX— Open Band (Berkeley) (@TheOpenBand) June 24, 2016
*
*Thanks @Vanguard_Group>previous Tweet> https://t.co/Ytr4lQXyBqhttps://t.co/C94hIvQ4pKhttps://t.co/yTWCpxHgVn Each a WUaS Univ in its Lang— scottmacleod (@scottmacleod) June 25, 2016
Brexit vote-significant economic impact-U.K.'s-forfeiture of favorable trade terms as E.U. member-Also increases concerns of viability of EU— scottmacleod (@scottmacleod) June 25, 2016
*
Build mutual aid networks, resist the coming austerity measures, protect minorities, engage in direct action. #Brexit— Colleen Morgan (@clmorgan) June 24, 2016
*
Angela Merkel surprised by massive protest march against TTIP in Berlin https://t.co/ZuTyh297r2— Gerd Moe-Behrens (@GerdMoeBehrens) June 27, 2016
*
The EU dictators do not sleep: German and French to unveil European superstate blueprint post-Brexit https://t.co/ZtQL1kEVUN— Gerd Moe-Behrens (@GerdMoeBehrens) June 27, 2016
*
https://twitter.com/jpalfrey/status/746192089805819910
John Palfrey *
Academics fear new Brexit – a brain exit – after referendum vote #BlackFriday4Unishttps://t.co/vhHwwHd0FN— Athina Karatzogianni (@_athinak_) June 24, 2016
https://twitter.com/_athinak_/status/746404081611202560
*
Thanks @Vanguard_Group>previous Tweet> https://t.co/eyylCpbQM9https://t.co/Z4eOjo31sUhttps://t.co/Q8sbgyUq4I Each a WUaS Univ in its Lang— WorldUnivandSch (@WorldUnivAndSch) June 25, 2016
*
Brexit vote-significant economic impact-U.K.'s-forfeiture of favorable trade terms as E.U. member-Also increases concerns of viability of EU— scottmacleod (@scottmacleod) June 25, 2016
*
My interview on @GMB this morning, where I discussed Scotland's position in the wake of the #EUref result: https://t.co/kXjqEUSejR— Alex Salmond (@AlexSalmond) June 27, 2016
*
***
<jzerebecki> these days https://coreos.com/blog/security-brief-coreos-linux-alpha-remote-ssh-issue.html has gone around
<jzerebecki> a retrospective on a grave security bug
<robla> gwicke felt like the first couple of steps of this RFC are really clear, but believes subsequent steps deserve more discussion (gwicke, please correct me if I have that right)
* robla looks at jzerebecki's link
<jzerebecki> "The issue went undetected during pre-merge review. To avoid situations like this in the future, we are concentrating on development of more comprehensive automated testing. Our verification tests now perform a series of additional security checks,"
== mhurd has changed nick to mhurd_afk
<jzerebecki> " We have also taken the opportunity to introduce stronger image validation during the system image build process, automatically flagging packages with reported security issues. We will also ensure that security-related changes are accompanied by appropriate tests."
<gwicke> the first steps of the CSP RFC are low consequence preparations / information gathering, which I think are pretty uncontroversial
<robla> jzerebecki: oops, I only just figured out you were talking about postmortems. Excellent, thank you! :-) I thought you were talking about the CSP one, and I suspect gwicke is commenting on that.
<jzerebecki> ah yes that CSP seems like a worthwhile thing on first look is pretty uncontroversial
<TimStarling> where should the reports go?
* robla gets his 6-digit numbers confused
== parent5446 [parent5446@mediawiki/parent5446] has joined #wikimedia-office
<bawolff> TimStarling: The CSP violation reports?
== Guest28362 [~Dstrine@tan2.corp.wikimedia.org] has joined #wikimedia-office
<TimStarling> sorry, I am one RFC behind, the retrospective reports for security incidents
<robla> TimStarling: I'm not sure. I could be convinced of either wikitech.wikimedia.org or mediawiki.org
<bd808> TimStarling: I think that's a good question. I'm a bit concerned that the current logging pipeline may melt with them being processed by an action api endpoint.
* bd808 is on the wrng topic
<TimStarling> yeah, I'm sure it was a good comment for any RFC
* robla fails at chairing
<robla> #topic T123753
== wm-labs-meetbot` changed the topic of #wikimedia-office to: T123753 (Meeting topic: ArchCom Security RFC meeting https://phabricator.wikimedia.org/E198)
<stashbot> T123753: Establish retrospective reports for #security and #performance incidents - https://phabricator.wikimedia.org/T123753
<brion> :)
<bawolff> I actually have a response to that question, but I'll wait until we get to that rfc
<robla> (we'll spend no more than 10-15 minutes on this one, and then move to the CSP one)
<brion> ok do we need things like: where do the reports go ;), how long before they get made, etc
<robla> #action robla propose a location for where reports go
<Platonides> I think wikitech
<brion> and if a report falls behind, do we need a fallback path?
<Platonides> some would be suited for mediawiki too, but others will be wmf-specific
<brion> eg who gets poked until it gets done ;)
<brion> or who does the poking, alternately
<jzerebecki> I think the most controversial thing on security incidents or even incidents reports in general is how to ensure that the actionables are done, as in being funded.
<robla> brion: I think it's sort of a percentage score thing. Some reports may never get done, and that's ok
<bawolff> What sort of actionables do you have in mind?
<brion> jzerebecki: ah for 'next steps to prevent this crap from getting worse' vs just 'and here's what we did to fix it so far'?
<jzerebecki> brion: yes
<bawolff> There's a big difference between - introduce automated testing for this type of security issue, vs fix the XSS in particular
<bawolff> *this particular xss
<bawolff> or whatever the issue is
<robla> I think postmortems are still useful even if we don't have anyone slavishly enforcing "strict adherance" to the process
<gwicke> the thing I keep wondering about when I look at this RFC is how security and performance post-mortems should differ from regular outage / incident post-mortems
<robla> gwicke: they should probably be more same than different
<Scott_WUaS> (@jzerebecki and security-oriented Wikidatans - what planning is occurring in terms of MIT-informed bitcoin and blockchain and in all countries' main and official languages - and re code security ... as well as, to re-construe the word "security" a kind of financial security for WMF and Wikdiata, for example?)
<bawolff> what?
<gwicke> robla: would it make sense to rephrase it as a refinement on post-mortem policies in general?
<jzerebecki> bawolff: robla i agree that postmortems are useful anyway
<gwicke> what works well / what doesn't, proposed changes etc
<robla> I think we've really handled as much of this topic as we should. Let's take further discussion back to Phab on T123753, and discuss CSP
<stashbot> T123753: Establish retrospective reports for #security and #performance incidents - https://phabricator.wikimedia.org/T123753
* robla goes to find the CSP task num
<robla> T135963
<stashbot> T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki - https://phabricator.wikimedia.org/T135963
<robla> #topic T135963
<Scott_WUaS> (@bawolff - Is there any planning with the WMF Foundation for possible engagement with MIT's Bitcoin and Blockchain - and re security?)
== wm-labs-meetbot` changed the topic of #wikimedia-office to: T135963 (Meeting topic: ArchCom Security RFC meeting https://phabricator.wikimedia.org/E198)
<stashbot> T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki - https://phabricator.wikimedia.org/T135963
== tarrow [uid11206@gateway/web/irccloud.com/x-wuiqgqkgbvqtzfui] has joined #wikimedia-office
<robla> Scott_WUaS: probably not a great topic for this meeting
<SMalyshev> re CSP, is this supposed to be configured somehow in wiki settings?
<Scott_WUaS> (@robla - thanks)
== wm-labs-meetbot` changed the topic of #wikimedia-office to: Wikimedia meeting channel | Please note: Channel is logged and publicly posted (DO NOT REMOVE THIS NOTE) | Logs: http://bots.wmflabs.org/~wm-bot/logs/%23wikimedia-office/
<wm-labs-meetbot`> Meeting ended Wed Jun 1 21:59:50 2016 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)
<wm-labs-meetbot`> Minutes: https://tools.wmflabs.org/meetbot/wikimedia-office/2016/wikimedia-office.2016-06-01-21.01.html
<wm-labs-meetbot`> Minutes (text): https://tools.wmflabs.org/meetbot/wikimedia-office/2016/wikimedia-office.2016-06-01-21.01.txt
<wm-labs-meetbot`> Minutes (wiki): https://tools.wmflabs.org/meetbot/wikimedia-office/2016/wikimedia-office.2016-06-01-21.01.wiki
<wm-labs-meetbot`> Log: https://tools.wmflabs.org/meetbot/wikimedia-office/2016/wikimedia-office.2016-06-01-21.01.log.html
*
![]()
![]()
![]()
![]()
![]()
![]()
.jpg)
...