<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">On that note, does Labs use any kind of sandboxing or similar strategy to separate instances? I know with WordPress the issues is no about the spread of vulnerabilities from one server instance to another, but I wonder how Labs is secured against the latter specifically.<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 12, 2016 at 4:10 PM, Tom Doolan <span dir="ltr"><<a href="mailto:tom29739onwiki@gmail.com" target="_blank">tom29739onwiki@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">I'd second this. It's also very unreliable in my experiences, so as YuviPanda says, you'd need a sysadmin to keep it up to date and working.</p>
<p dir="ltr">tom29739</p><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On 12 May 2016 8:55 p.m., "Yuvi Panda" <<a href="mailto:yuvipanda@gmail.com" target="_blank">yuvipanda@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Thu, May 12, 2016 at 3:41 PM, T Paris <<a href="mailto:tparis.wiki@gmail.com" target="_blank">tparis.wiki@gmail.com</a>> wrote:<br>
> If we didn't need access to any WMF databases and could even IP blacklist<br>
> the instance's IP, would that alleviate some concerns? Also, would the<br>
> auto-update feature help?<br>
<br>
The problem is more of serving your readers malware / accidentally<br>
becoming part of a botnet. The auto-update definitely helps but isn't<br>
enough, IMO - there's no cleanup afterwards that it does, you only<br>
need to be infected once for you to be compromised forever, etc.<br>
<br>
Wordpress is amazingly awesome and I reccomend it to everyone who<br>
wants to publish things on the web, I just want y'all to be also aware<br>
that it does require constant sysadmin help/lookout to keep it secure.<br>
<br>
Good luck! <3 Signpost :)<br>
<br>
--<br>
Yuvi Panda T<br>
<a href="http://yuvi.in/blog" rel="noreferrer" target="_blank">http://yuvi.in/blog</a><br>
<br>
_______________________________________________<br>
Labs-l mailing list<br>
<a href="mailto:Labs-l@lists.wikimedia.org" target="_blank">Labs-l@lists.wikimedia.org</a><br>
<a href="https://lists.wikimedia.org/mailman/listinfo/labs-l" rel="noreferrer" target="_blank">https://lists.wikimedia.org/mailman/listinfo/labs-l</a><br>
</blockquote></div>
</div></div><br>_______________________________________________<br>
Labs-l mailing list<br>
<a href="mailto:Labs-l@lists.wikimedia.org">Labs-l@lists.wikimedia.org</a><br>
<a href="https://lists.wikimedia.org/mailman/listinfo/labs-l" rel="noreferrer" target="_blank">https://lists.wikimedia.org/mailman/listinfo/labs-l</a><br>
<br></blockquote></div><br></div>