Congrats @DivestBerlin as German capital votes to #divest from fossil fuels for the climate https://t.co/Z2LUqvEDs8 pic.twitter.com/gdbx7FekOc— 350.org Europe (@350Europe) June 23, 2016
*
Interesting take on Brexit - awesome ... A de facto European "dictatorship" is falling with this British vote? https://t.co/LTtRXGOmLX— Open Band (Berkeley) (@TheOpenBand) June 24, 2016
*
Interesting take on Brexit - awesome ... A de facto European "dictatorship" is falling with this British vote? ... is this the dictatorship of a money-centric EU (and re Yonatan Zunger's post below) ... and re identity questions in an information technology world ...
https://twitter.com/TheOpenBand/status/746426005867233280 ...
*https://twitter.com/TheOpenBand/status/746426005867233280 ...
It's Brexit - awesome - now we need to engineer a basic democratic order in Europe as the dictatorial EU collapses https://t.co/ryFxtEymK3— Gerd Moe-Behrens (@GerdMoeBehrens) June 24, 2016
*
— Hank Greely (@HankGreelyLSJU) June 24, 2016
*
Brexit earthquake has happened, the rubble will take years to clear https://t.co/y8fh43A2t7— The Guardian (@guardian) June 24, 2016
*
how to look sad when you're secretly enjoying watching the UK destroy itself— Salmond Googling (@SalmondGoogling) June 24, 2016
*
is next thursday too soon for indyref— Salmond Googling (@SalmondGoogling) June 24, 2016
*
The UK decision to #Leave was largely motivated by fear of immigrants. Consequences will come #Pound #Brexit pic.twitter.com/8PuAvK4nRn— Eduardo Samaniego (@EduSamani) June 24, 2016
*
how can scotland deal with the impending flood of english migrants— Salmond Googling (@SalmondGoogling) June 24, 2016
*
https://twitter.com/GerdMoeBehrens/status/746245873680650240
*
European SUPERSTATE to be unveiled: EU nations 'to be morphed into one' post-Brexit
http://www.express.co.uk/news/politics/683739/EU-referendum-German-French-European-superstate-Brexit*
Angela Merkel surprised by massive protest march against TTIP in Berlin
http://www.businessinsider.com/r-hundreds-of-thousands-protest-in-berlin-against-eu-us-trade-deal-2015-10?r=UK&IR=T
*
Interesting take on Brexit - awesome ... A de facto European "dictatorship" is falling with this British vote? https://t.co/LTtRXGOmLX— Open Band (Berkeley) (@TheOpenBand) June 24, 2016
*
HOW AGES VOTED— Ben Riley-Smith (@benrileysmith) June 23, 2016
(YouGov poll)
18-24: 75% Remain
25-49: 56% Remain
50-64: 44% Remain
65+: 39% Remain#EUref
*
*Thanks @Vanguard_Group >previous Tweet> https://t.co/Ytr4lQXyBq https://t.co/C94hIvQ4pK https://t.co/yTWCpxHgVn Each a WUaS Univ in its Lang— scottmacleod (@scottmacleod) June 25, 2016
Brexit vote-significant economic impact-U.K.'s-forfeiture of favorable trade terms as E.U. member-Also increases concerns of viability of EU— scottmacleod (@scottmacleod) June 25, 2016
*
Build mutual aid networks, resist the coming austerity measures, protect minorities, engage in direct action. #Brexit— Colleen Morgan (@clmorgan) June 24, 2016
*
Angela Merkel surprised by massive protest march against TTIP in Berlin https://t.co/ZuTyh297r2— Gerd Moe-Behrens (@GerdMoeBehrens) June 27, 2016
*
The EU dictators do not sleep: German and French to unveil European superstate blueprint post-Brexit https://t.co/ZtQL1kEVUN— Gerd Moe-Behrens (@GerdMoeBehrens) June 27, 2016
*
https://twitter.com/jpalfrey/status/746192089805819910
*
Academics fear new Brexit – a brain exit – after referendum vote #BlackFriday4Unis https://t.co/vhHwwHd0FN— Athina Karatzogianni (@_athinak_) June 24, 2016
https://twitter.com/_athinak_/status/746404081611202560
*
Thanks @Vanguard_Group >previous Tweet> https://t.co/eyylCpbQM9 https://t.co/Z4eOjo31sU https://t.co/Q8sbgyUq4I Each a WUaS Univ in its Lang— WorldUnivandSch (@WorldUnivAndSch) June 25, 2016
*
Brexit vote-significant economic impact-U.K.'s-forfeiture of favorable trade terms as E.U. member-Also increases concerns of viability of EU— scottmacleod (@scottmacleod) June 25, 2016
*
My interview on @GMB this morning, where I discussed Scotland's position in the wake of the #EUref result: https://t.co/kXjqEUSejR— Alex Salmond (@AlexSalmond) June 27, 2016
*
*
Brexit: Heartbroken, But Not Broken https://t.co/zKC1k3Z8bd via @zararah Europe and the British Isles are a big elephant to blind Americans— WorldUnivandSch (@WorldUnivAndSch) June 27, 2016
*
*
Hi B,
Here are some takes on the complexities of Brexit - http://scott-macleod.blogspot.
I
hope WUaS can slip in with major online Universities in each of those
Western European countries and languages even as these nation states
seem to engage in a form of statism to the EU's federalism ... or is it
all about Anglophone identity (English) .... with an England-Canada (among many)
transatlantic song finding new trading form for example? :) And will
Scotland be able to veto Brexit or will there be a new referendum soon
turning Brexit on its head. Vanguard Mutual Funds' take was interesting
as well (see my paraphrase on this in the blog:).
Cheers,
Scott***
jzerebecki> these days https://coreos.com/blog/security-brief-coreos-linux-alpha-remote-ssh-issue.html has gone around
<
jzerebecki> a retrospective on a grave security bug
<
robla> gwicke felt like the first couple of steps of this RFC are really clear, but believes subsequent steps deserve more discussion (gwicke, please correct me if I have that right)
<
robla looks at jzerebecki's link
*
jzerebecki> "The issue went undetected during pre-merge review. To avoid situations like this in the future, we are concentrating on development of more comprehensive automated testing. Our verification tests now perform a series of additional security checks,"
<
== mhurd has changed nick to mhurd_afk
jzerebecki> " We have also taken the opportunity to introduce stronger image validation during the system image build process, automatically flagging packages with reported security issues. We will also ensure that security-related changes are accompanied by appropriate tests."
<
gwicke> the first steps of the CSP RFC are low consequence preparations / information gathering, which I think are pretty uncontroversial
<
robla> jzerebecki: oops, I only just figured out you were talking about postmortems. Excellent, thank you! :-) I thought you were talking about the CSP one, and I suspect gwicke is commenting on that.
<
jzerebecki> ah yes that CSP seems like a worthwhile thing on first look is pretty uncontroversial
<
TimStarling> where should the reports go?
<
robla gets his 6-digit numbers confused
*
== parent5446 [parent5446@mediawiki/parent5446] has joined #wikimedia-office
bawolff> TimStarling: The CSP violation reports?
<
== Guest28362 [~Dstrine@tan2.corp.wikimedia.org] has joined #wikimedia-office
TimStarling> sorry, I am one RFC behind, the retrospective reports for security incidents
<
robla> TimStarling: I'm not sure. I could be convinced of either wikitech.wikimedia.org or mediawiki.org
<
bd808> TimStarling: I think that's a good question. I'm a bit concerned that the current logging pipeline may melt with them being processed by an action api endpoint.
<
bd808 is on the wrng topic
*
TimStarling> yeah, I'm sure it was a good comment for any RFC
<
robla fails at chairing
*
robla> #topic T123753
<
== wm-labs-meetbot` changed the topic of #wikimedia-office to: T123753 (Meeting topic: ArchCom Security RFC meeting https://phabricator.wikimedia.org/E198)
stashbot> T123753: Establish retrospective reports for #security and #performance incidents - https://phabricator.wikimedia.org/T123753
<
brion> :)
<
bawolff> I actually have a response to that question, but I'll wait until we get to that rfc
<
robla> (we'll spend no more than 10-15 minutes on this one, and then move to the CSP one)
<
brion> ok do we need things like: where do the reports go ;), how long before they get made, etc
<
robla> #action robla propose a location for where reports go
<
Platonides> I think wikitech
<
brion> and if a report falls behind, do we need a fallback path?
<
Platonides> some would be suited for mediawiki too, but others will be wmf-specific
<
brion> eg who gets poked until it gets done ;)
<
brion> or who does the poking, alternately
<
jzerebecki> I think the most controversial thing on security incidents or even incidents reports in general is how to ensure that the actionables are done, as in being funded.
<
robla> brion: I think it's sort of a percentage score thing. Some reports may never get done, and that's ok
<
bawolff> What sort of actionables do you have in mind?
<
brion> jzerebecki: ah for 'next steps to prevent this crap from getting worse' vs just 'and here's what we did to fix it so far'?
<
jzerebecki> brion: yes
<
bawolff> There's a big difference between - introduce automated testing for this type of security issue, vs fix the XSS in particular
<
bawolff> *this particular xss
<
bawolff> or whatever the issue is
<
robla> I think postmortems are still useful even if we don't have anyone slavishly enforcing "strict adherance" to the process
<
gwicke> the thing I keep wondering about when I look at this RFC is how security and performance post-mortems should differ from regular outage / incident post-mortems
<
robla> gwicke: they should probably be more same than different
<
Scott_WUaS> (@jzerebecki and security-oriented Wikidatans - what planning is occurring in terms of MIT-informed bitcoin and blockchain and in all countries' main and official languages - and re code security ... as well as, to re-construe the word "security" a kind of financial security for WMF and Wikdiata, for example?)
<
bawolff> what?
<
gwicke> robla: would it make sense to rephrase it as a refinement on post-mortem policies in general?
<
jzerebecki> bawolff: robla i agree that postmortems are useful anyway
<
gwicke> what works well / what doesn't, proposed changes etc
<
robla> I think we've really handled as much of this topic as we should. Let's take further discussion back to Phab on T123753, and discuss CSP
<
stashbot> T123753: Establish retrospective reports for #security and #performance incidents - https://phabricator.wikimedia.org/T123753
<
robla goes to find the CSP task num
*
robla> T135963
<
stashbot> T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki - https://phabricator.wikimedia.org/T135963
<
robla> #topic T135963
<
Scott_WUaS> (@bawolff - Is there any planning with the WMF Foundation for possible engagement with MIT's Bitcoin and Blockchain - and re security?)
<
== wm-labs-meetbot` changed the topic of #wikimedia-office to: T135963 (Meeting topic: ArchCom Security RFC meeting https://phabricator.wikimedia.org/E198)
stashbot> T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki - https://phabricator.wikimedia.org/T135963
<
== tarrow [uid11206@gateway/web/irccloud.com/x-wuiqgqkgbvqtzfui] has joined #wikimedia-office
robla> Scott_WUaS: probably not a great topic for this meeting
<
SMalyshev> re CSP, is this supposed to be configured somehow in wiki settings?
<
Scott_WUaS> (@robla - thanks)
<
== wm-labs-meetbot` changed the topic of #wikimedia-office to: Wikimedia meeting channel | Please note: Channel is logged and publicly posted (DO NOT REMOVE THIS NOTE) | Logs: http://bots.wmflabs.org/~wm-bot/logs/%23wikimedia-office/
wm-labs-meetbot`> Meeting ended Wed Jun 1 21:59:50 2016 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)
<
wm-labs-meetbot`> Minutes: https://tools.wmflabs.org/meetbot/wikimedia-office/2016/wikimedia-office.2016-06-01-21.01.html
<
wm-labs-meetbot`> Minutes (text): https://tools.wmflabs.org/meetbot/wikimedia-office/2016/wikimedia-office.2016-06-01-21.01.txt
<
wm-labs-meetbot`> Minutes (wiki): https://tools.wmflabs.org/meetbot/wikimedia-office/2016/wikimedia-office.2016-06-01-21.01.wiki
<
wm-labs-meetbot`> Log: https://tools.wmflabs.org/meetbot/wikimedia-office/2016/wikimedia-office.2016-06-01-21.01.log.html
<
...
No comments:
Post a Comment