infrastructure Digest, Vol 93, Issue 21
dashcom
dashcom at alumni.iu.edu
Sat Feb 15 15:37:27 UTC 2014
Just wanted to touch base with everyone since I didn't make the meeting Thursday. I found a new job, am in the process of relocating to Chicago and am finishing up the semester, so time is short, but once I get moved things should quickly settle into a routine and I'll be able to more regularly contribute.
sart
-----Original Message-----
From: infrastructure-bounces at lists.fedoraproject.org [mailto:infrastructure-bounces at lists.fedoraproject.org] On Behalf Of infrastructure-request at lists.fedoraproject.org
Sent: Saturday, February 15, 2014 6:00 AM
To: infrastructure at lists.fedoraproject.org
Subject: infrastructure Digest, Vol 93, Issue 21
Send infrastructure mailing list submissions to
infrastructure at lists.fedoraproject.org
To subscribe or unsubscribe via the World Wide Web, visit
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
or, via email, send a message with subject or body 'help' to
infrastructure-request at lists.fedoraproject.org
You can reach the person managing the list at
infrastructure-owner at lists.fedoraproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of infrastructure digest..."
Today's Topics:
1. Re: Mailing-List Subscription Capta? (Michael Scherer)
2. Re: Mailing-List Subscription Capta? (Frank Murphy)
3. Re: ask.fp.o potential account hijacking with facebook oauth
(Achilleas Pipinellis)
4. Re: February status update for Fedora Infrastructure
Apprentices (Dan Mossor)
----------------------------------------------------------------------
Message: 1
Date: Fri, 14 Feb 2014 16:32:26 +0100
From: Michael Scherer <misc at zarb.org>
To: Fedora Infrastructure <infrastructure at lists.fedoraproject.org>
Subject: Re: Mailing-List Subscription Capta?
Message-ID: <1392391946.28162.15.camel at liliana.cdg.redhat.com>
Content-Type: text/plain; charset="UTF-8"
Le vendredi 14 février 2014 à 07:46 +0000, Frank Murphy a écrit :
> On Thu, 13 Feb 2014 23:38:56 +0100
> Michael Scherer <misc at zarb.org> wrote:
>
> > What is the issue that would be solved by it ?
>
> Script subscriptions, time wasting,
while I understand theses 2
> trying to find the real person.
I fail to understand this one.
--
Michael Scherer
------------------------------
Message: 2
Date: Fri, 14 Feb 2014 15:39:49 +0000
From: Frank Murphy <frankly3d at gmail.com>
To: infrastructure at lists.fedoraproject.org
Subject: Re: Mailing-List Subscription Capta?
Message-ID: <20140214153949.6bd0b259 at frank01.frankly3d.home>
Content-Type: text/plain; charset=US-ASCII
On Fri, 14 Feb 2014 16:32:26 +0100
Michael Scherer <misc at zarb.org> wrote:
> > trying to find the real person.
>
> I fail to understand this one.
>
Person applies to fas using:
john at doe.com
applies to ml using:
jd at gmail.com
same person,
doesn't always even use the same
"Real Name"
John aka Jonathan aka some other version of it.
but hard to spot with the
other stuff, which has to be cleared first,
and hope mistake is not made.
___
Regards
Frank
frankly3d.com
------------------------------
Message: 3
Date: Fri, 14 Feb 2014 17:42:11 +0200
From: Achilleas Pipinellis <axilleaspi at ymail.com>
To: infrastructure at lists.fedoraproject.org
Subject: Re: ask.fp.o potential account hijacking with facebook oauth
Message-ID: <52FE3953.4020405 at ymail.com>
Content-Type: text/plain; charset=UTF-8
On 13/02/2014 08:42 μμ, Kevin Fenzi wrote:
> On Sun, 09 Feb 2014 21:52:38 +0200
> Achilleas Pipinellis <axilleaspi at ymail.com> wrote:
>
>> Hello there!
>>
>> I bumped into a recent post that describes the way someone could get
>> access to your account using facebook oauth. According to the
>> vulnerability author:
>>
>>> Every website with "Connect Facebook account and log in with it" is
>>> vulnerable to account hijacking.
>>
>> Source:
>> http://homakov.blogspot.gr/2014/01/two-severe-wontfix-vulnerabilities-in.html
>>
>> Facebook will not fix this anytime soon. Should we disable facebook
>> login until this gets resolved?
>
> So, we discussed this some, and it seems like a pretty complex
> vulnerability. Additionally, ask isn't a particularly sensitive
> application for us.
>
> So, we are just going to wait and see right now I think, and if it's
> used against us, reevaluate.
>
> Thanks for bringing it up... I sure hope there's a fix at some point.
>
> kevin
Yeap, I thought so :)
I just reported it so that you know it's out there.
--
FAS : axilleas
GPG : 0xABF99BE5
Blog: http://axilleas.me
------------------------------
Message: 4
Date: Fri, 14 Feb 2014 14:17:00 -0600
From: Dan Mossor <dan.mossor at outlook.com>
To: Fedora Infrastructure <infrastructure at lists.fedoraproject.org>,
kevin at scrye.com
Subject: Re: February status update for Fedora Infrastructure
Apprentices
Message-ID: <BLU0-SMTP203BE302675D4D59CC5F52A869C0 at phx.gbl>
Content-Type: text/plain; charset="UTF-8"; format=flowed
On 02/03/2014 12:01 PM, Kevin Fenzi wrote:
> Greetings.
>
> You are getting this email because you are in the 'fi-apprentice' group
> in the fedora account system (or are reading this on the
> infrastructure list).
>
> When you reply, please include your fedora account system login.
>
> Additionally, I am CC'ing the infrastructure list. If you
> would like to send your feedback there as well everyone can see and
> comment on it. It's up to you.
>
> https://fedoraproject.org/wiki/Infrastructure_Apprentice
>
> At the first of every month(or so), I am going to be sending out an
> email like this one. I would like feedback on how things are going for
> you.
>
> I'd like to ask for everyone to send me a quick reply with the
> following data or anything related you can think of that might help us
> make the apprentice program more useful.
>
> 0. Whats your fedora account system login?
>
> 1. Have you logged in and used your fi-apprentice membership to look at
> our machines/setup in the last month? Do you plan to?
>
> 2. Has it helped you decide any area you wish to focus on or contribute
> to more?
>
> 3. Have you looked at or been able to work on any of the fi-apprentice
> 'easyfix' tickets?
> https://fedorahosted.org/fedora-infrastructure/report/14
>
> 4. Do you still wish to be a member of the group? If not (for whatever
> reason) could you provide any hints to help others down the road?
>
> 5. Is there any help or communication or ideas you have that would help
> you do any of the above?
>
> 6. What do you find to be the hardest part of getting involved?
> Finding things to work on? Getting attention from others to help you?
> Finding tickets in your interest area?
>
> 7. Have you been able to make any weekly irc meetings? Do you find them
> helpful or interesting?
>
> 8. What is your favorite soup? :)
>
> Any other general feedback is also quite welcome, including
> improvements to this email, the wiki page, etc.
>
> Any folks I do not hear from in the next week will be removed from the
> group. (Note that it's easy to be readded when you have time or
> whatever and it's nothing at all personal, we just want to keep the
> group up to date with active folks).
>
> Thanks, and looking forward to your feedback!
>
> kevin
>
>
>
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>
0. dmossor
1. Yes, I have looked at the network configuration on the Nagios machine.
2. Not really - I just haven't given thought to it.
3. I looked at the tickets (once, admittedly) , but didn't see any in my
area of expertise.
4. Yes, I do, but my time is in extremely short supply at the moment.
5. None at this time - my problems with the group are my own, not the
group's.
6. Most difficult: time, or lack thereof. Next most difficult: no
tickets needing my skill set.
7. I made one or two of them.
8. Garlic Potato-Leek soup at Jim's Restaurant in Bahrain.
Sorry I haven't been active since I requested membership - 18 credit
hours of school on top of a full time job has proven to be more
difficult than I first imagined. Now that I've been able to automate a
couple things at work, though, I should be able to carve out a few hours
a week if you'll still have me.
--
Dan Mossor
Systems Engineer at Large
Fedora QA Team Volunteer FAS: dmossor IRC: danofsatx
San Antonio, Texas, USA
------------------------------
_______________________________________________
infrastructure mailing list
infrastructure at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
End of infrastructure Digest, Vol 93, Issue 21
**********************************************
More information about the infrastructure
mailing list