Monday, June 27, 2016

Tilia: German capital votes to divest from fossil fuels for the climate, Brexit - A de facto European "dictatorship" is falling with this British vote?, Bitcoin and Wikidata / Wikimedia/Wikipedia/Wikidata and BitCoin and Blockchain beginnings ... possible implications for the above rumblings in Europe/Britain?, Thanks @Vanguard_Group >previous Tweet To http://worlduniversity.wikia.com/wiki/Europe & http://worlduniversity.wikia.com/wiki/Economics & http://worlduniversity.wikia.com/wiki/Nation_States … Each a WUaS University in its Language



*





*
Interesting take on Brexit - awesome ... A de facto European "dictatorship" is falling with this British vote? ... is this the dictatorship of a money-centric EU (and re Yonatan Zunger's post below) ... and re identity questions in an information technology world ...

https://twitter.com/TheOpenBand/status/746426005867233280 ...
*

*

*

*


*

*

*

*
https://twitter.com/GerdMoeBehrens/status/746245873680650240

*

European SUPERSTATE to be unveiled: EU nations 'to be morphed into one' post-Brexit

http://www.express.co.uk/news/politics/683739/EU-referendum-German-French-European-superstate-Brexit
*

Angela Merkel surprised by massive protest march against TTIP in Berlin


http://www.businessinsider.com/r-hundreds-of-thousands-protest-in-berlin-against-eu-us-trade-deal-2015-10?r=UK&IR=T
*

*


*
*

*

*

*

*
Britain Votes to Leave the European Union
https://twitter.com/jpalfrey/status/746192089805819910
*


https://twitter.com/_athinak_/status/746404081611202560

*

*

*



*








*

*






*
Hi B,
Here are some takes on the complexities of Brexit - http://scott-macleod.blogspot.com/2016/06/tilia-german-capital-votes-to-divest.html - re my interpreting ...
Thanks for the heads up about Brexit when we last met! :)
I hope WUaS can slip in with major online Universities in each of those Western European countries and languages even as these nation states seem to engage in a form of statism to the EU's federalism ... or is it all about Anglophone identity (English) .... with an England-Canada (among many) transatlantic song finding new trading form for example? :) And will Scotland be able to veto Brexit or will there be a new referendum soon turning Brexit on its head. Vanguard Mutual Funds' take was interesting as well (see my paraphrase on this in the blog:).

Cheers,
Scott



***

[14:04] <jzerebecki> a retrospective on a grave security bug
[14:04] <robla> gwicke felt like the first couple of steps of this RFC are really clear, but believes subsequent steps deserve more discussion (gwicke, please correct me if I have that right)
[14:05] robla looks at jzerebecki's link
[14:05] <jzerebecki> "The issue went undetected during pre-merge review. To avoid situations like this in the future, we are concentrating on development of more comprehensive automated testing. Our verification tests now perform a series of additional security checks,"
[14:05] == mhurd has changed nick to mhurd_afk
[14:05] <jzerebecki> " We have also taken the opportunity to introduce stronger image validation during the system image build process, automatically flagging packages with reported security issues. We will also ensure that security-related changes are accompanied by appropriate tests."
[14:06] <gwicke> the first steps of the CSP RFC are low consequence preparations / information gathering, which I think are pretty uncontroversial
[14:06] <robla> jzerebecki: oops, I only just figured out you were talking about postmortems.  Excellent, thank you!  :-)  I thought you were talking about the CSP one, and I suspect gwicke is commenting on that.
[14:07] <jzerebecki> ah yes that CSP seems like a worthwhile thing on first look is pretty uncontroversial
[14:07] <TimStarling> where should the reports go?
[14:07] robla gets his 6-digit numbers confused
[14:07] == parent5446 [parent5446@mediawiki/parent5446] has joined #wikimedia-office
[14:07] <bawolff> TimStarling: The CSP violation reports?
[14:08] == Guest28362 [~Dstrine@tan2.corp.wikimedia.org] has joined #wikimedia-office
[14:08] <TimStarling> sorry, I am one RFC behind, the retrospective reports for security incidents
[14:08] <robla> TimStarling: I'm not sure.  I could be convinced of either wikitech.wikimedia.org or mediawiki.org
[14:08] <bd808> TimStarling: I think that's a good question. I'm a bit concerned that the current logging pipeline may melt with them being processed by an action api endpoint.
[14:08] bd808 is on the wrng topic
[14:08] <TimStarling> yeah, I'm sure it was a good comment for any RFC
[14:08] robla fails at chairing
[14:09] <robla#topic T123753
[14:09] == wm-labs-meetbot` changed the topic of #wikimedia-office to: T123753 (Meeting topic: ArchCom Security RFC meeting https://phabricator.wikimedia.org/E198)
[14:09] <stashbot> T123753: Establish retrospective reports for #security and #performance incidents - https://phabricator.wikimedia.org/T123753
[14:09] <brion> :)
[14:09] <bawolff> I actually have a response to that question, but I'll wait until we get to that rfc
[14:09] <robla> (we'll spend no more than 10-15 minutes on this one, and then move to the CSP one)
[14:09] <brion> ok do we need things like: where do the reports go ;), how long before they get made, etc
[14:10] <robla#action robla propose a location for where reports go
[14:10] <Platonides> I think wikitech
[14:10] <brion> and if a report falls behind, do we need a fallback path?
[14:10] <Platonides> some would be suited for mediawiki too, but others will be wmf-specific
[14:10] <brion> eg who gets poked until it gets done ;)
[14:10] <brion> or who does the poking, alternately
[14:11] <jzerebecki> I think the most controversial thing on security incidents or even incidents reports in general is how to ensure that the actionables are done, as in being funded.
[14:11] <robla> brion: I think it's sort of a percentage score thing.  Some reports may never get done, and that's ok
[14:11] <bawolff> What sort of actionables do you have in mind?
[14:11] <brion> jzerebecki: ah for 'next steps to prevent this crap from getting worse' vs just 'and here's what we did to fix it so far'?
[14:12] <jzerebecki> brion: yes
[14:12] <bawolff> There's a big difference between - introduce automated testing for this type of security issue, vs fix the XSS in particular
[14:12] <bawolff> *this particular xss
[14:12] <bawolff> or whatever the issue is
[14:12] <robla> I think postmortems are still useful even if we don't have anyone slavishly enforcing "strict adherance" to the process
[14:13] <gwicke> the thing I keep wondering about when I look at this RFC is how security and performance post-mortems should differ from regular outage / incident post-mortems
[14:13] <robla> gwicke: they should probably be more same than different
[14:13] <Scott_WUaS> (@jzerebecki and security-oriented Wikidatans - what planning is occurring in terms of MIT-informed bitcoin and blockchain and in all countries' main and official languages - and re code security ... as well as, to re-construe the word "security" a kind of financial security for WMF and Wikdiata, for example?)
[14:14] <bawolff> what?
[14:14] <gwicke> robla: would it make sense to rephrase it as a refinement on post-mortem policies in general?
[14:14] <jzerebecki> bawolff: robla i agree that postmortems are useful anyway
[14:14] <gwicke> what works well / what doesn't, proposed changes etc
[14:14] <robla> I think we've really handled as much of this topic as we should.  Let's take further discussion back to Phab on T123753, and discuss CSP
[14:14] <stashbot> T123753: Establish retrospective reports for #security and #performance incidents - https://phabricator.wikimedia.org/T123753
[14:15] robla goes to find the CSP task num
[14:15] <robla> T135963
[14:15] <stashbot> T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki - https://phabricator.wikimedia.org/T135963
[14:15] <robla#topic T135963
[14:15] <Scott_WUaS> (@bawolff - Is there any planning with the WMF Foundation for possible engagement with MIT's Bitcoin and Blockchain - and re security?)
[14:15] == wm-labs-meetbot` changed the topic of #wikimedia-office to: T135963 (Meeting topic: ArchCom Security RFC meeting https://phabricator.wikimedia.org/E198)
[14:15] <stashbot> T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki - https://phabricator.wikimedia.org/T135963
[14:15] == tarrow [uid11206@gateway/web/irccloud.com/x-wuiqgqkgbvqtzfui] has joined #wikimedia-office
[14:15] <robla> Scott_WUaS: probably not a great topic for this meeting
[14:15] <SMalyshev> re CSP, is this supposed to be configured somehow in wiki settings?
[14:16] <Scott_WUaS> (@robla - thanks)




[14:59] == wm-labs-meetbot` changed the topic of #wikimedia-office to: Wikimedia meeting channel | Please note: Channel is logged and publicly posted (DO NOT REMOVE THIS NOTE) | Logs: http://bots.wmflabs.org/~wm-bot/logs/%23wikimedia-office/
[14:59] <wm-labs-meetbot`> Meeting ended Wed Jun  1 21:59:50 2016 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)


*








...



No comments: