I have been helping RhinosF1 for the past month or so so he can learn how Miraheze works and what needs to be done as a mw-admin, from what I have seen he has (and has acquired more) knowledge about MediaWiki, enough to be able to be mw-admin in my opinion. I have already given him some questions to see if he is ready, but here are some other ones for the purpose of this access request. I will give an official yes/no after the response to these questions.

1. What other servers have you previously worked with? What knowledge do you have of Linux CLI (command line interface) and MySQL?
2. What work do you plan on doing as a mw-admin? Will you continue to be active as you have currently demonstrated?
3. How would you determine who is logged in on a server? And how would you determine what processes are running on a server?
4. Which logs (exact location) would you check if you see an exception or someone reports an exception on a wiki? What about an HTTP 500 error code? Or a DBQuery error?
5. What would you do if you think you know the fix to something but aren't really sure about it?
6. A user complains about Special:Statistics displaying old numbers, what do you do?
7. How would you update an extension? (example: update CreateWiki) - use the exact commands you would use.
8. You see something like <system-message-1> appear on-wiki instead of an actual message, what script would you run to fix that?
9. How would you import images if a user requests an import on Phabricator of file examplewiki.xml for examplewiki? (include all steps including how you would get the file on the server)

In T4706#89540, @Reception123 wrote:

I have been helping RhinosF1 for the past month or so so he can learn how Miraheze works and what needs to be done as a mw-admin, from what I have seen he has (and has acquired more) knowledge about MediaWiki, enough to be able to be mw-admin in my opinion. I have already given him some questions to see if he is ready, but here are some other ones for the purpose of this access request. I will give an official yes/no after the response to these questions.

1. What other servers have you previously worked with? What knowledge do you have of Linux CLI (command line interface) and MySQL?

I have limited knowledge of MySQL but am picking it up reasonably well and I use both a Macbook and Raspberry Pi which use Linux terminal and when running my python scripts prefer to run it via terminal

2. What work do you plan on doing as a mw-admin?

Config requests, Extension upgrades/additions, improving translations, adding missing config to MW

Will you continue to be active as you have currently demonstrated?

I plan to be as active as I currently am apart from during exam season next year.

3. How would you determine who is logged in on a server?

query user (I think)

And how would you determine what processes are running on a server?

Not sure

4. Which logs (exact location) would you check if you see an exception or someone reports an exception on a wiki? What about an HTTP 500 error code? Or a DBQuery error?

Mediawiki logs are stored in /var/log/mediawiki/debug-{$wgDBname}.log

5. What would you do if you think you know the fix to something but aren't really sure about it?

Ask another staff member or use test1 to confirm

6. A user complains about Special:Statistics displaying old numbers, what do you do?

Run https://m.mediawiki.org/wiki/Special:MyLanguage/Manual:initSiteStats.php and https://m.mediawiki.org/wiki/Manual:UpdateArticleCount.php

7. How would you update an extension? (example: update CreateWiki) - use the exact commands you would use.

Follow https://meta.miraheze.org/wiki/Tech:Updating_an_extension (which I created)

8. You see something like <system-message-1> appear on-wiki instead of an actual message, what script would you run to fix that?

Check it's in the i18n files then run RebuildLC

9. How would you import images if a user requests an import on Phabricator of file examplewiki.xml for examplewiki ?

scp mydir/examplewiki.xml RhinosF1@*.Miraheze.org: home/RhinosF1
sudo -u www-data php importImages.php --wiki examplewiki home/RhinosF1/examplewiki.xml in srv/mediawiki/w/maintenance

Waiting until you expand/finish the answers before commenting :)

Some questions:

1. If you discover a security incident (wether it be a breach or a extension) what would you do? Would you tell operations first?

2. If operations asked you to stop doing something, would you stop?

3. If you made a mistake, would you tell operations at a time when you cannot look into fixing the mistake anymore? Would you tell us as soon as you made it?

In T4706#89543, @Paladox wrote:

Some questions:

1. If you discover a security incident (wether it be a breach or a extension) what would you do? Would you tell operations first?

Alert staff
Mitigate the issue if possible or assist in doing so
Report the security issue to upstream (if required)

2. If operations asked you to stop doing something, would you stop?

Of course

3. If you made a mistake, would you tell operations at a time when you cannot look into fixing the mistake anymore? Would you tell us as soon as you made it?

I would alert operations or at least a member of operations as soon as possible.

In T4706#89541, @RhinosF1 wrote:

3. How would you determine who is logged in on a server?

query user (I think) '

That would not work, it would be 'last'

And how would you determine what processes are running on a server?

Not sure

*' ps -aux' (or *'htop' or 'top')**

4. Which logs (exact location) would you check if you see an exception or someone reports an exception on a wiki? What about an HTTP 500 error code? Or a DBQuery error?

Mediawiki logs are stored in /var/log/mediawiki/debug-{$wgDBname}.log

Please check again, that does not exist

7. How would you update an extension? (example: update CreateWiki) - use the exact commands you would use.

Follow https://meta.miraheze.org/wiki/Tech:Updating_an_extension (which I created)

8. You see something like <system-message-1> appear on-wiki instead of an actual message, what script would you run to fix that?

Check it's in the i18n files then run RebuildLC

What about ExtensionMessageFiles?

These questions are to assess your technical capabilities. Some may be specific to MediaWiki administration, others may be used to determine if you would be a potential fit for Operations in the future. It is permitted to use search engines for your answers, however, bluntly copying commands without knowing what their parameters/arguments do is not good practice.

• I want to permanently delete all archived files for a wiki, however, the maintenance script puts a very high load on the MediaWiki server. Linux offers a way (for any command you execute) to reduce processing priority. What is the full command you would run?
• What is the cryptographic protocol we use for HTTPS? How do we enable encryption for HTTP traffic?
• Your access request has been approved. Since we are dealing with access to sensitive information, how would you mitigate the risk of your account (on-wiki, SSH, mail, etc) being compromised? What technologies could help to prevent malicious access to your account?
• Before a web request reaches the MediaWiki server, it goes through a cache proxy. Why do we have cache proxies and why are they located in multiple countries?
• What piece of software does Miraheze use for storing MediaWiki sessions? (hint: cache)
• How much experience do you have with mitigating XSS, CSRF and SQL injection vulnerabilties? Are you familiar with extension reviews?
• Miraheze's infrastructure is fully virtualised, however, various virtualisation types are used. What are mw[1-4] running on? Could you think about advantages for MediaWiki? For some reason php-fpm or nginx crashed or stopped. While backend servers are automatically depooled in order to keep the site running, loss of a backend means less capacity for serving traffic. How would you try to find out why the process crashed?
• On a scale of 1 till 5, rate your experience with:
  • Database (SQL, MariaDB, Postgres)
  • Frontend (Varnish/NGINX)
  • MediaWiki in enterprise/production environments
  • MediaWiki services (Electron/Proton, Restbase, etc)
  • Networking (routing / switchting)
  • SELinux / Security in Linux

@Reception123 Regarding logs, I saw that on the Mediawiki website but just seen our file locations are listed on https://github.com/miraheze/mw-config/blob/68647cf1534cc088b7ec6a43b2dd210dce4e139b/GlobalLogging.php

And ExtensionMessageLists of course

In T4706#89548, @RhinosF1 wrote:

@Reception123 Regarding logs, I saw that on the Mediawiki website but just seen our file locations are listed on https://github.com/miraheze/mw-config/blob/68647cf1534cc088b7ec6a43b2dd210dce4e139b/GlobalLogging.php

And ExtensionMessageLists of course

Yes, so there wouldn't be a hyphen, it would just be /var/log/mediawiki/debuglogs/[example].log

In T4706#89547, @Southparkfan wrote:

These questions are to assess your technical capabilities. Some may be specific to MediaWiki administration, others may be used to determine if you would be a potential fit for Operations in the future. It is permitted to use search engines for your answers, however, bluntly copying commands without knowing what their parameters/arguments do is not good practice.

cd srv/Mediawiki/w/maintenance
sudo -u www-data php deleteArchivedFiles.php --wiki dbname --delete --force
nice -5 sudo -u www-data php deleteArchivedFiles.php --wiki dbname --delete --force

• I want to permanently delete all archived files for a wiki, however, the maintenance script puts a very high load on the MediaWiki server. Linux offers a way (for any command you execute) to reduce processing priority. What is the full command you would run?
• What is the cryptographic protocol we use for HTTPS?

You can use TLS or SSL - I think we use TLS

How do we enable encryption for HTTP traffic?

You can force it via .htcaccess

• Your access request has been approved. Since we are dealing with access to sensitive information, how would you mitigate the risk of your account (on-wiki, SSH, mail, etc) being compromised? What technologies could help to prevent malicious access to your account?

SSH key generated using a strong, random password
2FA on all accounts that offer it
Strong passwords for all accounts

• Before a web request reaches the MediaWiki server, it goes through a cache proxy. Why do we have cache proxies and why are they located in multiple countries?

Having cache proxies reduces load times by storing the content before it is requested and we have them in multiple countries to reduce the time it takes for the proxy to serve the content

• What piece of software does Miraheze use for storing MediaWiki sessions? (hint: cache)

Varnish Cache

• How much experience do you have with mitigating XSS, CSRF and SQL injection vulnerabilties?

I have some experience in SQL injection but very little in XSS and CSRF.

Are you familiar with extension reviews?

I am aware of why we have to do them and who performs them but wouldn't be able to do one myself.

• Miraheze's infrastructure is fully virtualised, however, various virtualisation types are used. What are mw[1-4] running on? Could you think about advantages for MediaWiki?

Will answer later

For some reason php-fpm or nginx crashed or stopped. While backend servers are automatically depooled in order to keep the site running, loss of a backend means less capacity for serving traffic. How would you try to find out why the process crashed?

You could probably check a log or see if RamNode shows anything but I wouldn't know where exactly to look and don't believe mw-admins have RN access.

• On a scale of 1 till 5, rate your experience with:

1 little / 5 top

• Database (SQL, MariaDB, Postgres)

2-3 - I'm pretty new but am starting to pick it up

• Frontend (Varnish/NGINX)

1

• MediaWiki in enterprise/production environments

4 - I'm quite interested in setting up Mediawiki and it's configuration. You can see some of my history in Mediawiki Phabricator but Miraheze would be my first actual wiki I've been involved in the server admin side. My knowledge is mostly theory unless I've covered it before this request.

• MediaWiki services (Electron/Proton, Restbase, etc)

1 - I know a bit about what things do what but not very little

• Networking (routing / switchting)

3/4 - This is part of my current education level so I'm learning quite a bit about networks.

• SELinux / Security in Linux

1 - I am interested in IT Security but don't have amazing knowledge

In T4706#89550, @RhinosF1 wrote:

In T4706#89547, @Southparkfan wrote:

These questions are to assess your technical capabilities. Some may be specific to MediaWiki administration, others may be used to determine if you would be a potential fit for Operations in the future. It is permitted to use search engines for your answers, however, bluntly copying commands without knowing what their parameters/arguments do is not good practice.

cd srv/Mediawiki/w/maintenance
sudo -u www-data php deleteArchivedFiles.php --wiki dbname --delete --force
nice -5 sudo -u www-data php deleteArchivedFiles.php --wiki dbname --delete --force

• I want to permanently delete all archived files for a wiki, however, the maintenance script puts a very high load on the MediaWiki server. Linux offers a way (for any command you execute) to reduce processing priority. What is the full command you would run?

Yup, nice is the command I was looking for. Though, your solution only words for negative values, so try using sudo nice instead of nice sudo (also improves readability!).

• What is the cryptographic protocol we use for HTTPS?

You can use TLS or SSL - I think we use TLS

TLS indeed, we don't use SSL. SSL is horribly insecure.

How do we enable encryption for HTTP traffic?

You can force it via .htcaccess

You cannot enable TLS via .htaccess, nor do we use Apache, try again please.

For some reason php-fpm or nginx crashed or stopped. While backend servers are automatically depooled in order to keep the site running, loss of a backend means less capacity for serving traffic. How would you try to find out why the process crashed?

You could probably check a log or see if RamNode shows anything but I wouldn't know where exactly to look and don't believe mw-admins have RN access.

Please elaborate more, I am looking for in-depth answers. Which logs? Could you explain what kind of information RamNode could give us?

• On a scale of 1 till 5, rate your experience with:
  • Networking (routing / switchting)

3/4 - This is part of my current education level so I'm learning quite a bit about networks.

That sounds interesting, networking is very important but also difficult to understand. Can you give an example of the technologies/concepts you are studying?

In T4706#89556, @Southparkfan wrote:

In T4706#89550, @RhinosF1 wrote:

In T4706#89547, @Southparkfan wrote:

These questions are to assess your technical capabilities. Some may be specific to MediaWiki administration, others may be used to determine if you would be a potential fit for Operations in the future. It is permitted to use search engines for your answers, however, bluntly copying commands without knowing what their parameters/arguments do is not good practice.

cd srv/Mediawiki/w/maintenance
sudo -u www-data php deleteArchivedFiles.php --wiki dbname --delete --force
nice -5 sudo -u www-data php deleteArchivedFiles.php --wiki dbname --delete --force

• I want to permanently delete all archived files for a wiki, however, the maintenance script puts a very high load on the MediaWiki server. Linux offers a way (for any command you execute) to reduce processing priority. What is the full command you would run?

Yup, nice is the command I was looking for. Though, your solution only words for negative values, so try using sudo nice instead of nice sudo (also improves readability!).

Good catch!

• What is the cryptographic protocol we use for HTTPS?

You can use TLS or SSL - I think we use TLS

TLS indeed, we don't use SSL. SSL is horribly insecure.

How do we enable encryption for HTTP traffic?

You can force it via .htcaccess

You cannot enable TLS via .htaccess, nor do we use Apache, try again please.

I've tried looking into it but haven't found much yet

For some reason php-fpm or nginx crashed or stopped. While backend servers are automatically depooled in order to keep the site running, loss of a backend means less capacity for serving traffic. How would you try to find out why the process crashed?

You could probably check a log or see if RamNode shows anything but I wouldn't know where exactly to look and don't believe mw-admins have RN access.

Please elaborate more, I am looking for in-depth answers. Which logs?

I wouldn't be certain

Could you explain what kind of information RamNode could give us?

If the server has been suspended or if a config change may help like what was tried with the intermittent 503s

• On a scale of 1 till 5, rate your experience with:
  • Networking (routing / switchting)

3/4 - This is part of my current education level so I'm learning quite a bit about networks.

That sounds interesting, networking is very important but also difficult to understand. Can you give an example of the technologies/concepts you are studying?

Types of networks
Performance
Device roles
Required hardware
DNS/hosting and the cloud
Virtual networks
Topology
Wireless and ethernet
Protocols
Layers
Packet switching
Threats and forms of attacks
Identifying and preventing vulnerability

Per discussion, i approve this request!

In T4706#89557, @RhinosF1 wrote:

In T4706#89556, @Southparkfan wrote:

In T4706#89550, @RhinosF1 wrote:

In T4706#89547, @Southparkfan wrote:

These questions are to assess your technical capabilities. Some may be specific to MediaWiki administration, others may be used to determine if you would be a potential fit for Operations in the future. It is permitted to use search engines for your answers, however, bluntly copying commands without knowing what their parameters/arguments do is not good practice.
How do we enable encryption for HTTP traffic?

You can force it via .htcaccess

You cannot enable TLS via .htaccess, nor do we use Apache, try again please.

I've tried looking into it but haven't found much yet

See nginx.conf and mediawiki.conf.

For some reason php-fpm or nginx crashed or stopped. While backend servers are automatically depooled in order to keep the site running, loss of a backend means less capacity for serving traffic. How would you try to find out why the process crashed?

You could probably check a log or see if RamNode shows anything but I wouldn't know where exactly to look and don't believe mw-admins have RN access.

Please elaborate more, I am looking for in-depth answers. Which logs?

I wouldn't be certain

In the case I explained the server itself is still running, it's only a crash of certain processes. Using journalctl, dmesg and looking in /var/log/nginx/error.log or the MediaWiki logs (/var/log/mediawiki) you could get more information.

• On a scale of 1 till 5, rate your experience with:
  • Networking (routing / switchting)

3/4 - This is part of my current education level so I'm learning quite a bit about networks.

That sounds interesting, networking is very important but also difficult to understand. Can you give an example of the technologies/concepts you are studying?

Types of networks
Performance
Device roles
Required hardware
DNS/hosting and the cloud
Virtual networks
Topology
Wireless and ethernet
Protocols
Layers
Packet switching
Threats and forms of attacks
Identifying and preventing vulnerability

Some of these skills can be very useful!

Per discussions and after having worked with RhinosF1 for a while I am confident that as mw-admin he can learn more and would especially be able to help users and deal with tasks faster. I'd say that even though there were a few mistakes in the answers to the questions I am satisfied with them overall and am sure that Rhinos can learn fast. +1 from me

See nginx.conf and mediawiki.conf.

Ours seem to come from ssl_protocols in the nginx.conf so we'd have to add/remove whatever we are (dis)allowing to that

In the case I explained the server itself is still running, it's only a crash of certain processes. Using journalctl, dmesg and looking in /var/log/nginx/error.log or the MediaWiki logs (/var/log/mediawiki) you could get more information.

Ah I see

• On a scale of 1 till 5, rate your experience with:
  • Networking (routing / switchting)

3/4 - This is part of my current education level so I'm learning quite a bit about networks.

That sounds interesting, networking is very important but also difficult to understand. Can you give an example of the technologies/concepts you are studying?

Types of networks
Performance
Device roles
Required hardware
DNS/hosting and the cloud
Virtual networks
Topology
Wireless and ethernet
Protocols
Layers
Packet switching
Threats and forms of attacks
Identifying and preventing vulnerability

Some of these skills can be very useful!

:)

P224 for ssh key

In T4706#89565, @Southparkfan wrote:

This is waiting for your response.

@Southparkfan would this imply your approval of this request?

I don't think I've been nearly active enough to fully judge @RhinosF1 abilities, but I believe in the ability of the team as a whole to come to understandings in this regards.

Before commenting I did go over the entire history of this task and briefly looked at Rhinos' activity by-and-large, in addition to seeing how they interact with members of the team.

I have some reservations coming from answers here in regards to Rhinos' full understanding of our infrastructure and administration at large (ops duties), but this ticket is not requesting ops access.

I think they meet my personal expectation for someone to become mediawiki-admins, and possibly more in the future as long as they continue to expand their knowledge in safe ways. (Read: communicating with other team members and not bringing the site down :p)