Hello, i am again applying for access for mw-admin, I have been volunteer with Miraheze for multiple years now... I run multiple bots for miraheze, I now hold a Cisco Certified Entry Network Tech certification. I hope that you consider my request, i will answer any/all questions you may have.
From a PM between me and @Southparkfan :
I want to permanently delete all archived files for a wiki, however, the maintenance script puts a very high load on the MediaWiki server. Linux offers a way (for any command you execute) to reduce processing priority. What is the full command you would run?
Using the nice command for example sudo -u www-data nice -3 php /srv/Mediawiki/w/maintenance/deleteArchivedFiles.php --wiki wikidb --delete --force
What is the cryptographic protocol we use for HTTPS?
Your access request has been approved. Since we are dealing with access to sensitive information, how would you mitigate the risk of your account (on-wiki, SSH, mail, etc) being compromised? What technologies could help to prevent malicious access to your account?
2fa, and regular password changes, longer keypairs
Before a web request reaches the MediaWiki server, it goes through a cache proxy. Why do we have cache proxies and why are they located in multiple countries?
Cache proxies can help relieve stress off the webserver by caching certain pages and displaying the cached page to a user rather then a live page, we have them in multiple countries to help with potential latency issues
What piece of software does Miraheze use for storing MediaWiki sessions? (hint: cache)
How much experience do you have with mitigating XSS, CSRF and SQL injection vulnerabilties? Are you familiar with extension reviews?
I dont have much experience with this but I am working towards getting my CompTIA Security +
Miraheze's infrastructure is fully virtualised, however, various virtualisation types are used. What are mw[1-4] running on?
For some reason php-fpm or nginx crashed or stopped. While backend servers are automatically depooled in order to keep the site running, loss of a backend means less capacity for serving traffic. How would you try to find out why the process crashed?
I would check any available logs in /var/logs/nginx, journalctl, and/or systemctl status
On a scale of 1 till 5, rate your experience with:
Database (SQL, MariaDB, Postgres) 2
Frontend (Varnish/NGINX) 2
MediaWiki in enterprise/production environments 2
MediaWiki services (Electron/Proton, Restbase, etc) 2
Networking (routing / switchting) 3 (I have a CCENT)
SELinux / Security in Linux 3
I don't get a vote but if I could +1 from me for sure, we need more people to slowly fry (Erm, fix) the servers. (See if you can remember where I stole that from.)
I've worked with Zppix on quite a few things are they're excellent to work with and very trustworthy.
I've known and worked with Zppix on a few things (such as ZppixBot) in the past, so I don't think I'd have any issues with this request. Would like to ask some extra questions though, as I usually do.
- If you became mw-admin what would you mainly do?
- Do you see yourself as being active in your role?
- What would you do if there's an issue but you don't know how to handle it?
- How would you install a new MediaWiki extension? (detailed steps)
- What would you do if a user sends an email and asks that you remove the 2FA from their account because they lost their codes?
- How would you import images if a user requests an import on Phabricator of file examplewiki.xml for examplewiki ? (full command)
- How would you check what processes are running on a server?
If you became mw-admin what would you mainly do?
I would help imports, troubleshooting potiental issues
Do you see yourself as being active in your role?
What would you do if there's an issue but you don't know how to handle it?
Ask another sysadmin for help
How would you install a new MediaWiki extension? (detailed steps)
I'm not entirely sure but willing to learn
What would you do if a user sends an email and asks that you remove the 2FA from their account because they lost their codes?
Ask them to verify they are the account creator by using a committed identity or some other form of verification
How would you import images if a user requests an import on Phabricator of file examplewiki.xml for examplewiki ? (full command)
sudo -u www-data php importImages.php --wiki wikidb /path/to/file/ (NOTE: I edited it as i had a brain fart and reverse the order for the -u param.)
How would you check what processes are running on a server?
This is a side issue but pending other staff approval, could we bridge irc #miraheze-staff and discord #staff since the bot manager will be staff now, or are there objections to that?
Granted so far:
- Security access on Phabricator
- IRC flags
Can you provide your GitHub and on-wiki username? Please ensure your GitHub, on-wiki AND Phabricator accounts are all secured using 2FA.
southparkfan@mw1:~$ ssh-keygen -lf id_rsa 2048 SHA256:VTxY1tC92UDJC7t2fMBO2TGDvX0vPiQlLXaZUee6KnI email@example.com
Per our access policy, 2048 bit keys are prohibited. Please use at least 4096 bits or use an ed25519 key. It is up to you which one you choose, you don't need to have both either.
You will also get your own @miraheze.org mail address, please tell me which username you like (<username>@miraheze.org). Please also let me know if you want to be added to icinga/matomo/grafana and if you would like to receive icinga mails (if so, please state for which servers/services).