Hi! I am Southparkfan; co-founder and system administrator for Miraheze. I am responsible for the smooth operation of Miraheze's servers, which includes applying configuration changes, conducting maintenance and incident investigations, performance tuning, monitoring the servers and other miscellaneous tasks.
You can usually find me on IRC in the #miraheze channel on chat.freenode.net.
https://wiki.kali-team.cn/ works now.
@Exile I can't reproduce this, the wiki works fine with me with that URL. Please let us know if you still experience issues.
tl.awiki.org works now.
The only relevant CVE here is the SecureBoot one, which doesn't matter at Miraheze (due to our configuration). Making the task public now. I don't see other fixes important for us either, don't see the need for quickly upgrading (which requires reboots of cloud servers as well).
Nimbus approved, Aether not sure about one thing (P340). Discourse is declined since it's not maintained and I have some doubts about certain strategies used for the skin templating.
Approved.
Looks fine to me as well. Approved.
@Paladox, what was the reason this extension was declined as 'hard/impossible to install'?
Give me a few days to think about it.
One potential finding: https://phabricator.miraheze.org/P339
The bundled version of TinyMCE has various vulnerabilities: https://snyk.io/test/npm/tinymce/4.6.4
Setting to priority to low, since it seems like this is expected behavior.
Approved.
Don't we already have many security reviewed extensions providing these features?
Extension seems fine now.
Per T5543#114782. We're now using salt-ssh.
In favor of T5537
Would like to get this done in Q3 or Q4.
Perhaps not the most realistic goal.
@Paladox Let's replace Salt with Cumin. Not necessarily because we can't secure Salt (as long as we don't open the ports to the internet anymore, we're fine), but since Cumin offers functionality we can benefit from. Goal for Q3/Q4?
Fine with me.
I have moved the SHM log to RAM, so we should have reduced the I/O on most of the cache proxies. Is the result satisfactory?
Status updates will be given via Twitter and the Discord announcements channel.
@Paladox can this task be made public?
For testing, @Paladox has enabled AES-NI on the MediaWiki servers and test2.