[Wikitech-l] Fwd: Open Web Application Security Project presentation on January 10
Hi all, Just a reminder that the OWASP Top 10 <https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf> presentation by Dave Wichers <https://www.owasp.org/index.php/User:Wichers> is happening TODAY in about an hour, at 11:30am PT (19:30 UTC). This is a great opportunity to get more familiar with the security issues that surface the most in today's web applications, and what we can do to mitigate against them. Hope to see you there! - Erika ---- Erika Bjune Acting Director of Security & Engineering Manager - Search Platform Wikimedia Foundation -- Forwarded message -- From: Lani Goto <lg...@wikimedia.org> Date: Wed, Jan 3, 2018 at 9:40 AM Subject: [Wikitech-l] Open Web Application Security Project presentation on January 10 To: wikitech-l@lists.wikimedia.org Hi everyone - We're excited to have a special guest present on the Open Web Application Security Project <https://www.owasp.org/index.php/About_The_Open_Web_ Application_Security_Project> . Information security expert Dave Wichers <https://www.owasp.org/index.php/User:Wichers> will will discuss the new OWASP Top 10 - 2017 <https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf>, which encompasses the ten most serious web application security risks from last year. The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Please join us for this presentation on Wednesday, January 10 at 11:30am PT (19:30 UTC). You can join remotely via the following: Youtube: https://www.youtube.com/watch?v=wf1SfipLLzE Google Hangout: https://hangouts.google.com/hangouts/_/wikimedia. org/hold-owasp-talk Feel free to use the #wikimedia-office channel on IRC to ask any questions. Hope to see you then! -- Lani Goto Project Assistant, Engineering Admin ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Announcing MediaWiki code search
Fantastic! Great work, Kunal! Erika Bjune Acting Director of Security & Engineering Manager - Search Platform Wikimedia Foundation On Thu, Dec 21, 2017 at 7:08 AM, Volker E. <volke...@wikimedia.org> wrote: > Great, thanks Kunal! > Another time that you've addressed a major pain point with a convincingly > simple solution. > > On Thu, Dec 21, 2017 at 6:46 AM, Derick N. Alangi <alangider...@gmail.com> > wrote: > > > Hello Kunal, > > > > This tool is superb (i've tried some of it's functionalities out) and > it'll > > go a long way. Thank you very much. We are very much grateful for this > > solution :) > > > > *Kind regards* > > *Alangi Derick N* > > > > *[image: https://twitter.com/AlangiDerick] > > <https://twitter.com/AlangiDerick> > > <https://www.facebook.com/derick.alangi> * > > > > On Thu, Dec 21, 2017 at 3:32 PM, Andrew Otto <o...@wikimedia.org> wrote: > > > > > Super cool! > > > > > > On Thu, Dec 21, 2017 at 9:31 AM, zppix e <megadev44s.m...@gmail.com> > > > wrote: > > > > > > > Thank you very much Kunal! > > > > > > > > -- > > > > Zppix > > > > Volunteer Wikimedia Developer > > > > Volunteer Wikimedia GCI2017 Mentor > > > > enwp.org/User:Zppix > > > > **Note: I do not work for Wikimedia Foundation, or any of its > > chapters.** > > > > > > > > > On Dec 21, 2017, at 8:25 AM, Bahodir Mansurov < > > bmansu...@wikimedia.org > > > > > > > > wrote: > > > > > > > > > > It's very fast! > > > > > > > > > > Also, as far as I know, it's not easy to search all extensions at > > > > > once on Github, which makes this tool even more valuable. > > > > > > > > > > Thanks for sharing. > > > > > > > > > > Amir Ladsgroup <ladsgr...@gmail.com> writes: > > > > > > > > > >> Kunal, you rock! > > > > >> > > > > >> Best > > > > >> > > > > >> On Thu, Dec 21, 2017 at 1:50 PM יגאל חיטרון < > > > khit...@post.bgu.ac.il > > > > > > > > > >> wrote: > > > > >> > > > > >>> Wow, thanks a lot! > > > > >>> Igal (User:IKhitron) > > > > >>> > > > > >>> > > > > >>> 2017-12-21 14:09 GMT+02:00 Florian Schmidt < > > > > >>> florian.schmidt.wel...@t-online.de>: > > > > >>> > > > > >>>> Kunal….. that is simply awesome! Big thanks for this new tool, > > this > > > > will > > > > >>>> make us in finding usages of deprecated methods, we would like > to > > > > remove, > > > > >>>> much more easy! > > > > >>>> > > > > >>>> > > > > >>>> > > > > >>>> Best, > > > > >>>> > > > > >>>> Florian > > > > >>>> > > > > >>>> > > > > >>>> > > > > >>>> Von: Wikitech-l [mailto:wikitech-l-boun...@lists.wikimedia.org] > > Im > > > > >>>> Auftrag von Kunal Mehta > > > > >>>> Gesendet: Donnerstag, 21. Dezember 2017 05:15 > > > > >>>> An: wikitech-l <wikitech-l@lists.wikimedia.org> > > > > >>>> Betreff: [Wikitech-l] Announcing MediaWiki code search > > > > >>>> > > > > >>>> > > > > >>>> > > > > >>>> Hi, > > > > >>>> > > > > >>>> MediaWiki code search is a fully free software tool that lets > you > > > > >>>> easily search through all of MediaWiki core, extensions, and > skins > > > > >>>> that are hosted on Gerrit. You can limit your search to specific > > > > >>>> repositories, or types of repositories too. Regular expressions > > are > > > > >>>> supported in both the search string, and when filtering by path. > > > > >>>> > > > > >>>> Try it out: https://codesearch.wmflabs.org/search/ > > > > >>>> > > > > >>>> I started wor
Re: [Wikitech-l] Advice on Tuning Search?
Also, just FYI, the Search Platform team has started holding regular office hours on the first Wednesday of every month. Details for our next meeting were just sent out a couple of days ago: Date: Wednesday, November 7th, 2018 Time: 16:00 GMT / 08:00 PST / 11:00 EST / 17:00 CET Google Meet link: https://meet.google.com/vyc-jvgq-dww Our team will be glad to help you with specific questions in person :) Cheers, Erika Erika Bjune Director of Engineering - Search Platform & Fundraising Tech Wikimedia Foundation On Fri, Nov 2, 2018 at 1:19 PM Pine W wrote: > Hi Michael, > > If you're interested in subjects regarding search then I suggest that you > subscribe to the Discovery mailing list. Your question would be a great fit > for that list (not that it's bad to post it to Wikitech-l). See > https://lists.wikimedia.org/mailman/listinfo/discovery. > > Pine > ( https://meta.wikimedia.org/wiki/User:Pine ) > > > On Fri, Nov 2, 2018 at 2:51 AM Hogan (US), Michael C < > michael.c.hog...@boeing.com> wrote: > > > Can anyone point me to a starting point for learning about how to tune > > CirrusSearch (or examples)? I found the CirrusSearchScoreBuilder page > [1], > > which implies it is possible to modify how search results are ranked. > But, > > the documentation page hasn't been created yet. Thank you! > > > > [1]: > https://www.mediawiki.org/wiki/Manual:Hooks/CirrusSearchScoreBuilder > > ___ > > Wikitech-l mailing list > > Wikitech-l@lists.wikimedia.org > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] I wish I would understand the mediawiki architecture and components
You lost me at "Gentlemen" *Erika Bjune *(she/her) VP of Engineering Wikimedia Foundation <https://wikimediafoundation.org/> On Wed, Jan 29, 2020 at 10:14 AM Jefsey wrote: > Gentlemen, > I run around 290 small thematic citizen research wikis (nr being > developping) under an old mediawiki version (I fear an upgrading > hassle). In order to simplify their set-up I systemized them in using > a script to build the symbolic directories from a unique central one, > so I only have to build the LocalSettings.php, the images directories > mainly for the wikilogo.gif particular to the site and to enter the > templates manually. To be sure I can move them around without too > much pain and keep them under their own password, I use SQLite . > Round 20 minutes set-up each. > > With a friend we would like to transfer all this under MYSQL (or > MariaDB?) in order to share template and WikiDB. Possibly on several > machines. Possibly developping some extension on the middle range. > Possibly transfering further on under another database system (to mix > diffect entries and mail entries). I feel we would first need to > study a conceptual block map of the MediaWiki architecture, internal > exchanges and database requests. Does that exist ? > > Also, in order to manage the whole thing advisably I would need two tips: > 1. is there a secure/reliable method/extension to protect pages on a > per page basis ? > 2. how to get on a daily basis the access count of the wiki pages ? > > Thank you ! > jfc > > > ___ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] Engineering Productivity Quarterly Roundup for Q1 - 20/21
can address. Tyler noted that the number of new tasks tagged as “Production Error” are outpacing the number of tasks closed in a given week, which is clearly not sustainable. Please give Release Engineering a hand in wrangling these! And, if you’re not quite sure where to start, and/or digging into logs is a challenge for you, check out this presentation from Timo on How to Logstash <https://drive.google.com/file/d/1WzvqRNEpg9ndTq9RLHSzCH43vAOiQnUn/view> [12] for some guidance. A New Focus on an Old Problem: Local Development Environments Vagrant? Docker? Bare metal Mediawiki installs? Get involved in the evolution of local development environment improvements. Release Engineering has put a stake in the ground with a new local-dev mailing list <https://lists.wikimedia.org/mailman/listinfo/local-dev> [3] and Local Dev Updates wiki page <https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Local_Dev_Updates> [4] dedicated to updating and improving our local development environments, with a particular focus on Docker. In addition to being informed through these channels, you are invited to share your thoughts and contributions regarding this critical and complex tooling. Instead of giving in to your struggles and frustrations, step up and help make it better! Thanks to Jeena Huneidi and Brennen Bearnes on the Rel Eng team for spearheading the effort, and a special shout out to Adam Shoreland for his pioneering work on Mediawiki-Docker. Phabricator Video Tutorial Series Debut <https://commons.wikimedia.org/wiki/Category:Phabricator_Tutorial_Series> [5] Have you ever wondered who this mysterious “AKlapper” subscriber on every Phabricator ticket is? Why, it’s Developer Advocate Andre Klapper, of course! Without his tireless attention to Phab and it’s constant influx of tickets, well, we would have only chaos. In addition to scanning an insane number of tickets on a daily basis, Andre also works hard to educate users on how to use the system through the Phab Help Page <https://www.mediawiki.org/wiki/Phabricator/Help> [13] where folks can get answers to their questions <https://www.mediawiki.org/wiki/Talk:Phabricator/Help> [14], live Q sessions every other Tuesday for real-time help (look on the WMF Staff Calendar for these), and now, most recently, a set of tutorial videos <https://commons.wikimedia.org/wiki/Category:Phabricator_Tutorial_Series> [15] covering the basic concepts of Phabricator. Thank you, Andre, for maintaining order and consistency and teaching us all how to follow in your giant footsteps! Bits and Bobs Other informative things you may have missed: - CI now updates your deployment-charts <https://phabricator.wikimedia.org/phame/post/view/208/ci_now_updates_your_deployment-charts/> [6], a blog post by Jeena Huneidi from Release Engineering detailing “Another reason to migrate your service to the pipeline!” - Production Excellence #23: July & August 2020 <https://phabricator.wikimedia.org/phame/post/view/204/production_excellence_23_july_august_2020/> [16], Timo Tijof’s monthly summary of incidents, trends, and appreciations focused on striving for operational excellence. - Phabricator Monthly Statistics <https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093802.html> [17], an automated email from Phab Rick Aytor detailing the month’s Phabricator stats, including accounts created, tasks created, task statuses and other interesting productivity indicators. If you would like anything added to this roundup report in the future, please send your suggestions to Erika Bjune (ebj...@wikimedia.org). Thank you all for your hard work and attention to improving the effectiveness of our engineering foundations! [1] https://www.mediawiki.org/wiki/GitLab_consultation [2] https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093833.html [3] https://lists.wikimedia.org/mailman/listinfo/local-dev [4] https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Local_Dev_Updates [5] https://commons.wikimedia.org/wiki/Category:Phabricator_Tutorial_Series [6] https://phabricator.wikimedia.org/phame/post/view/208/ci_now_updates_your_deployment-charts/ [7] https://www.mediawiki.org/wiki/Developer_Satisfaction_Survey/2020 [8] https://www.mediawiki.org/wiki/Code_Health [9] https://www.mediawiki.org/wiki/Code_Health_Group [10] https://www.mediawiki.org/w/index.php?title=Code_Health_Group/projects/DevEd/Workshops#Test_Driven_Development_Bowling_Kata_Workshop [11] https://phabricator.wikimedia.org/tag/wikimedia-production-error/ [12] https://drive.google.com/file/d/1WzvqRNEpg9ndTq9RLHSzCH43vAOiQnUn/view [13] https://www.mediawiki.org/wiki/Phabricator/Help [14] https://www.mediawiki.org/wiki/Talk:Phabricator/Help [15] https://commons.wikimedia.org/wiki/Category:Phabricator_Tutorial_Series [16] https://phabricator.wikimedia.org/phame/post/view/204/pro
