[15:00:09] Somewhat finished the first part of [[User:PixDeVl/TC 101]] [15:00:10]

[16:18:42] Hah, love that intro 😄 [16:22:20] Thank you I’m quite proud of it [18:44:59] Welcome @evalprime to SRE-Infra [18:45:36] щш [18:45:38] oi [18:46:25] https://tenor.com/view/pokemon-pikachu-clap-clapping-clapping-gif-gif-13465728489229726846 [18:46:39] Welcome Eval! :Partyheze: [18:48:09] (I’m planning to add extension PRs, please tell me if you have any suggestions or feedback [18:48:25] If there’s anything you don’t understand I’ll do my be at to clarify [18:54:32] ugh how do I create a new ldap user again lol its been so long... [18:55:44] [[Tech:Ldap]]? [18:55:45]

[18:56:16] lol yeah [18:56:52] I hate ldap [18:57:13] good time to remind you of my suggestion to replace it with OIDC [18:57:28] most of our internal services using LDAP are web-based anyways [18:57:42] I looked into it, Graylog doesn't support that unless you buy Graylog Enterprise or I would. [18:57:46] yeah [18:57:54] very cringe move from them tbh [18:58:02] do we have funds? [18:58:07] good on having documentation, perhaps create a directory page with all the links. that way you don't have to dig through special:allpages under tech namespace [18:58:07] No [18:58:14] Also hi to our new teammate! [18:58:18] That is a great idea [18:58:33] Hi @evalprime [18:58:49] We do but it isn't necessary when I want to replace Graylog with ELK anyway [18:58:52] https://cdn.discordapp.com/attachments/1006789349498699827/1233492510706368634/image.png?ex=662d4aeb&is=662bf96b&hm=9a13fbb620bb9f16f5b638bc7679be93665d802b692f8c7537583859b36cc17d& [18:58:54] Ah [18:58:59] not feasible [18:59:05] 😂 [18:59:06] oh lol [18:59:10] guess not [18:59:12] the sso tax is very real [18:59:58] this page apparently uses a wikitide subdomain, is that accurate? [19:00:21] All internal services and hostnames use wikitide.net [19:00:25] ok [19:00:36] To keep it off production domains [19:00:52] that makes sense, just ensure auto renewal and domain lock is set [19:00:54] WHOOP WHOOP 🥳 [19:01:21] only mentioning to ensure docs are up to date and can be followed without running into issues [19:01:21] Yep. If wikitide.net expired a lot of problems would happen. [19:01:48] Tech:Proxmox is completely outdated but a lot of other service related docs are up to date. [19:01:57] is proxmox being used? [19:02:09] Yes [19:02:15] better go update it then [19:02:33] bad if stuff were to break [19:02:41] Yeah it needs a complete rewrite though only a single sentence on the entire page is accurate [19:03:13] well then grab the single accurate sentence and blank the remainder of page [19:03:24] at the least mark page as needs rewrite [19:03:39] I think I marked it as outdated but I'm not sure for certain [19:04:02] you did [19:04:15] We could do that for like 3 months right? [19:04:21] Pffft [19:05:22] hello [19:05:31] hey [19:05:33] 👋 [19:05:37] you are joking, yes? [19:05:42] :nomChocoStrawberry: [19:06:07] I said we could do it. I never said do it and continue to operate afterwards [19:06:17] That’s just picky [19:06:31] So yea [19:07:08] CA, was Nickmcski considered for cybersecurity? [19:07:36] Hey @evalprime [19:08:26] I'm not sure who that is, so no? [19:08:58] https://meta.miraheze.org/wiki/Talk:Miraheze_Volunteering_Opportunities#Call_for_volunteers_for_SRE_roles [19:09:10] Oh... right [19:09:12] that would help with reviewing extensions or skins [19:09:16] I'll review that [19:10:07] We have both Labster and Redmin authorized to review extensions and skins also in addition to myself btw so that isn't super urgent right now either. [19:10:56] alright, since you are handling might be best to delegate it away to reduce stacking too many roles [19:10:57] since under constant DDoS, perhaps it maybe wise to redact server information from pages that provide internal IP or subdomains. general public doesn't need to know this information, this should be considered confidential for SRE eyes only. [19:11:21] not a bad idea tbh [19:11:23] checked a few of the server pages, some do list that. without the actual information; much harder to launch network attachs [19:11:43] I don't think any of our denial of server attacks have directly targeted IPs [19:11:44] Since we've been on CF this has been less of a problem tbh [19:12:02] But once cf is on everything, we can just reject non cf IPs [19:12:11] On all except bast* [19:12:22] @cosmicalpha any plan for custom domains [19:12:30] don't know the type, just pointing out perhaps no need to reveal this infor in first place [19:12:45] Yes once I write a script to use CF API to automate this. [19:13:19] if documenting is important, move it to a private wiki for SRE [19:13:59] @m3w most servers should have adequate firewalls [19:14:17] stuff like our DNS config and the SAL system have been build with the assumption that there's no need to hide the existence of servers [19:14:20] I'm not sure anything over than cp/bast even allow IPs outside our network [19:14:22] that would be quite the change [19:14:45] And I've investigated many of our previous attacks, they've been entirely at the web layer [19:15:05] or internal services for that matter as well [19:15:25] There has never been any indication of anything other than http(s) requests to our cache proxies [19:15:32] ok [19:15:42] I haven't looked at the lastest attacks since WikiTide foundation took over [19:15:51] Although I've offered it to @cosmicalpha [19:23:02] that might be helpful to develop countermeasures [19:51:33] [1/3] IMPORTANT [19:51:33] [2/3] Heads up for people in this chat: https://www.mediawiki.org/wiki/Heading_HTML_changes [19:51:33] [3/3] MediaWiki [19:52:22] ???? [19:52:24] why?? [19:52:40] muh CSS ... [19:52:48] [1/2] This change will improve accessibility for people using screen readers. It's a common workflow to navigate around a page by the headings present on it, like an automatically generated table of contents. With the old markup, interface elements like section edit links were a part of each heading, causing them to be read out along with every heading's text. The problem was exacerbated [19:52:48] [2/2] by extensions that added further interface elements to headings, such as VisualEditor's "edit source" links and DiscussionTools's "subscribe" buttons. [19:52:53] hm [19:54:03] We're going to get so many questions [19:54:31] or just write an extension to reverse this [19:56:36] I just stick to "== header ==" [19:57:12] I mean, it's not wikitext change [19:57:23] it's frontend change [19:57:28] nope, therefor, for me nothing changes [19:57:46] it's gonna be a problem for CSS criminals like me and SKL lol [19:57:55] yup [20:21:08] Parsoid for reads is going to fantastic but hard work [21:26:16] if i had a nickel for each time forgetting PHP if's need (), id be able to fund the farm [21:29:23] I take it that you are more familiar with writing shell scripts? [21:29:34] I'm a pythonist [21:29:45] ok so script writer [21:29:59] python is scripting [21:29:59] mainly discord bots lol [21:30:03] but yeah [21:30:26] why is the minecraft music so good for dev work [21:30:29] speaking of python and discord, nearly lost that library. thankfully it continues [21:30:57] oh yeah discord.py was dis and recontinued wasn't it? [21:36:50] yes [21:44:25] You can do ternary [21:44:44] true but i forget those too [21:44:45] Or switch if its simple comparison [21:44:52] Also match but i hear thats really buggy [21:45:03] this is a does this user have x right if so do this thing [21:45:17] eeeeeek [21:45:29] Burn php headquarters down! [21:45:41] guh [21:46:05] also createwiki-error-subdomaintaken has no entry in qqq.json and it ticks me off [21:46:29] fix it heh [21:46:33] i think more as well [21:46:33] Ill merge [21:46:57] im already making a CW pr so ill just commit the new feature and then make a commit fixing those [21:47:07] this is gonna prob explode [21:47:18] cause i don't have a CreateWiki instance [21:48:02] I will dockerise one eventually [21:48:04] but using the wisdom imparted on me by the ever wise reception, I can just say not my problem and have someone else fix it KEK \j [21:48:40] mood [21:49:22] hm? [21:50:37] also can I ask ya a question [21:50:48] Go on [21:51:04] Do yall not say "mood" in the us of a [21:51:43] a what [21:51:46] It's around, but not in all quarters [21:52:20] The US-of-A the USA [21:53:15] anywho whats your q [21:53:36] anyways im trying to link to a page with url params in a wfMsg(Special:RequestWikiQueue?requester=$2&status=*), would the best option be to just go with external links or is there a way to pass info like that via wiki links [21:56:38] here in the us of a we say 'mid' instead [21:57:46] if there's not i could fallback onto using farmer logs(Special:Log/farmer/$2) [21:57:48] I don't know how it interacts with wfMsg, but there is LinkRenderer::makeLink, and you could generate the title with Title::newFromTitle, I think? or just `TitleValue( NS_SPECIAL, 'RequestWikiQueue')` but I don't know if either of those support appending queries to the url. [22:00:05] [1/5] so something like [22:00:06] [2/5] ```php [22:00:06] [3/5] $linkRenderer->makeLink( Title::newFromTitle( NS_SPECIAL, 'RequestWikiQueue') ) [22:00:06] [4/5] ``` [22:00:07] [5/5] should work, but you'd have to experiment whether you can append stuff to the end? [22:01:05] hm, yea not super sure how that would fit into messages [22:01:31] this is gonna be scuffed enough as is so may be better to just for with farmer lgos [22:01:41] i can revist later [22:01:52] [1/6] ```php [22:01:52] [2/6] public function makeLink( [22:01:53] [3/6] $target, $text = null, array $extraAttribs = [], array $query = [] [22:01:53] [4/6] ) [22:01:53] [5/6] ``` [22:01:53] [6/6] looks like it can be done yeah. [22:02:09] hm [22:02:23] Is this the wikifarm extension? [22:02:26] ig I coould maybe pass the whole url as a parameter [22:02:34] yeah CreateWiki [22:02:41] I'll add a TODO: [22:03:04] Was actually referring to a different by similar name [22:03:14] RequestWiki? [22:03:24] or CentralAuth [22:03:32] Theres a wiki farm extensuon out there called Farmer iirc [22:03:34] Farmer but it's archived [22:03:39] But its ages old [22:03:53] ah [22:05:08] considering CW is 2015 dang [22:05:41] `'''NOTE:''' [[User:$2|$2]] has already [[Special:Log/farmer/$2|requested]] $1 wikis` should work [22:05:47] (?) [22:06:20] those are message parameters [22:06:30] the $2 and $1 I mean [22:06:43] yeah [22:06:44] You pass them to your message function [22:07:10] $1 is how many wiki's they've requested and $2 is the username [22:07:31] what's the ? for then if you know how it works? [22:08:18] ahhh [22:08:25] I see, I'm just stoopid [22:08:47] I should go to sleep 😂 clearly I'm too tired [22:10:16] i mean im coding this without being able to run it [22:10:16] so [22:10:22] this whole thing is (????????) [22:10:24] it will as long as when outputting that message you use ->parse() so that the wikitext is parsed [22:10:37] yeah [22:10:52] i gtg now so will make a pr tonight or tmr [22:13:21] But yeah think I did that [22:16:59] It’s a decently small pr [22:17:23]