Difference between revisions of "Forum:Second board meeting: 7 June"

From Meta Wiki
Jump to: navigation, search
m (Discussion: +reply)
(Tags: Mobile edit, Mobile web edit)
 
Line 59: Line 59:
 
:Regarding the security review, we undertook this on 3 June 2019 and made several changes. On a number of sites and services, we were logging in as one root user account rather than having a user account for each person who has access (Cook, Gaz, Kitty, and I for most things), so we changed that where possible, including on AWS, our server provider, and Cloudflare. After doing this, the password for these "main" accounts was changed, and as far as I'm aware only Cook has these passwords. Another major step was that as we had been all signing into one account on the various different services, we didn't have two-factor authentication enabled. We have now enabled 2FA across the services that support it. We were already using individual Google accounts for our email addresses/G Suite, but we turned on 2FA enforcement for those that didn't have it enabled already. For our dedicated servers, we already had password login disabled, so connection to the servers is only possible with a valid SSH key that Cook, Kitty, and I have. Our domains are spread across a few different registrars, but with the exception of weirdgloop.org (which is registered through Google Domains), only Cook and Gaz have access to making changes at the root-level of these domains, such as being able to switch the DNS records to point away from Cloudflare. We have made no changes to accounts on GitLab, as we do not store any privileged information on there. Users are free, and encouraged, to enable 2FA on their GitLab accounts if they are working on Weird Gloop projects. No changes were made regarding Discord, as Cook, Gaz, Kitty, and I all have 2FA enabled. Access to reviewing and filing company documents via the UK's Companies House is limited to just Gaz and Cook, and the company bank account is currently only accessible by Gaz, and a physical device is required to access it. Hope this clears things up! {{Signatures/JaydenKieran}} 12:38, 11 July 2019 (UTC)
 
:Regarding the security review, we undertook this on 3 June 2019 and made several changes. On a number of sites and services, we were logging in as one root user account rather than having a user account for each person who has access (Cook, Gaz, Kitty, and I for most things), so we changed that where possible, including on AWS, our server provider, and Cloudflare. After doing this, the password for these "main" accounts was changed, and as far as I'm aware only Cook has these passwords. Another major step was that as we had been all signing into one account on the various different services, we didn't have two-factor authentication enabled. We have now enabled 2FA across the services that support it. We were already using individual Google accounts for our email addresses/G Suite, but we turned on 2FA enforcement for those that didn't have it enabled already. For our dedicated servers, we already had password login disabled, so connection to the servers is only possible with a valid SSH key that Cook, Kitty, and I have. Our domains are spread across a few different registrars, but with the exception of weirdgloop.org (which is registered through Google Domains), only Cook and Gaz have access to making changes at the root-level of these domains, such as being able to switch the DNS records to point away from Cloudflare. We have made no changes to accounts on GitLab, as we do not store any privileged information on there. Users are free, and encouraged, to enable 2FA on their GitLab accounts if they are working on Weird Gloop projects. No changes were made regarding Discord, as Cook, Gaz, Kitty, and I all have 2FA enabled. Access to reviewing and filing company documents via the UK's Companies House is limited to just Gaz and Cook, and the company bank account is currently only accessible by Gaz, and a physical device is required to access it. Hope this clears things up! {{Signatures/JaydenKieran}} 12:38, 11 July 2019 (UTC)
 
::There looks to be a bus factor of 1 for when Cook has the password for the main account for a number of accounts and Gaz has access to the bank account. Do we have alternative ways to access these things if one of them were hit by a bus tomorrow? If the personal accounts have similar permissions between them, then it's just the bank account that's a concern. [[User:Cqm|'''cqm''']] <sup>[[User talk:Cqm|'''talk''']]</sup> 18:02, 11 July 2019 (UTC)
 
::There looks to be a bus factor of 1 for when Cook has the password for the main account for a number of accounts and Gaz has access to the bank account. Do we have alternative ways to access these things if one of them were hit by a bus tomorrow? If the personal accounts have similar permissions between them, then it's just the bank account that's a concern. [[User:Cqm|'''cqm''']] <sup>[[User talk:Cqm|'''talk''']]</sup> 18:02, 11 July 2019 (UTC)
  +
:::I believe most of the personal accounts in the tech have similar permissions, but I'll defer to the others that interact with them more to confirm. What Jayden didn't mention was HMRC filing - I believe that Cook has all the details to file stuff with HMRC in paper, but I'm not entirely sure how multiple accounts operating one business account works (something to look into). Regardless, I use my account to manage that, which has 2FA attached too. Also, Companies House has paper filing disabled - it has to be filed online.
  +
:::Banking is an ongoing issue that we're trying to fix. You may or may not be aware of our issues in getting an account in the first place due to our multinational directors, and adding non-UK signatories (e.g. Cook) is an extension of this. In short, our bank (and most UK banks that we looked at) require the new signatory to present proof of identity and address documentation in person if they are not UK citzens living in the UK, which is obviously pretty expensive if the new signatory isn't already in the UK for something else. The most frustrating thing is that we did this in April when Cook was in the UK, but then the bank lost the documentation we provided. We're looking at ways around this, but the best chance is probably when Cook is next back in the UK (for RuneFest if nothing else earlier). Another option is to have one of the other UK directors added, which we will discuss. {{Signatures/Gaz Lloyd}} 20:35, 11 July 2019 (UTC)
   
 
'''Comment''' - "Tested backup validity: if wiki was lost we would be able to restore from back up within a couple of hours?" How come the question mark? Is the uncertainty the time length or whether we could actually restore from a backup or not? If it's the latter, that seems like a potential concern. Also, what does "lost" exactly entail? {{Signatures/Haidro}} 08:49, 14 June 2019 (UTC)
 
'''Comment''' - "Tested backup validity: if wiki was lost we would be able to restore from back up within a couple of hours?" How come the question mark? Is the uncertainty the time length or whether we could actually restore from a backup or not? If it's the latter, that seems like a potential concern. Also, what does "lost" exactly entail? {{Signatures/Haidro}} 08:49, 14 June 2019 (UTC)

Latest revision as of 20:37, 11 July 2019

Forums: Index > Second board meeting: 7 June

Hi wikians! It has now been over 6 months since we launched the wikis, and 4 months since our first board meeting back in January. You can read the report from that meeting here.

We will be having our second around 5AM UTC on Friday 7th June. We have an outline of the agenda below:

  • Scheduling for future meetings.
  • RuneFest hype
  • Status update
    • Traffic/Market share/SEO
    • Finances
    • Employment/contracts/insurance
    • VAT situation + schedule
  • Update on external communications
    • Jagex
    • RuneLite
  • Discussion on current status
  • Review longer-term goals
  • Direction for future third party partnerships
  • Options for expansion with Jagex and other ideas

However, the purpose of this thread is for editors to put forward any topics which they wish to be discussed or questions that they want answered. Please raise anything else in discussion below!

Update: Meeting report[edit source]

The second board meeting was held on 7th June 2019. All of the board members were in attendance, though Salix and Spine had to leave early due to the timing of the meeting. The meeting lasted around 2 hours.

Getting started[edit source]

The first topic of discussion was the difficulty of organising a board meeting due to differing timezones. There isn't really a way around this. We will aim to meet every 3 months, with discussion in group chat (outside voice call) if there are issues which need addressing in-between full meetings.

Cook also hyped up wikifest, following from the recent announcement of the dates for RuneFest: 4th & 5th October. As well as a chance to hang out with other wikians, this year we may have more opportunities to promote the wiki, such as possibly appearing on RuneFest livestreams/Q&As.

Status update[edit source]

At the time of our last meeting (January) we were at around 30% market share of wiki users, we are now at 77% market share (averaged from 66% of RS3 wiki users and 81% OSRS wiki users). The main factor which seem to drive readers to switch to our wiki are new content releases in-game, which are not being covered by Fandom. We expect our readership to continue to grow organically with Jagex releasing more substantial new content over the Summer. We may need to focus more on encouraging RS3 players to switch to our wiki.

Financially Weird Gloop is doing well; we are currently operating on 80% of our monthly budget and saving the remaining 20%. The sysadmins have used some of this surplus to try out a more expensive CloudFlare service which provides faster routing of traffic; however, it was felt that the service wasn’t worth the extra cost. Another option to try out may be use a more standard cloud-computing service, rather than OVH, to host the servers. A financial goal is for payments from Jagex to be invoiced and received more regularly. We are currently due a quarterly payment, which will be used to pay the sysadmins up to date once received.

Contracts have been set up with Jayden and Kitty for their sysadmin work. The company has indemnity insurance and employer’s liability insurance at acceptable levels to employ staff. Company accounts for the first year were filed and corporation tax filing is in progress.

Collaboration with Jagex has mainly revolved around getting the /wiki command in-game in RS3. This has proved popular, mainly with players who were already using our wiki. There around 12,000 uses of the command each day and this has remained fairly constant since release. Cook and Jayden have also been working with Mod Cam and Shauny on further integration, including possibly a button to click and then click on something in game to look it up on the wiki (similar to third party OSRS clients); no specific news to share on official OSRS client adoption of /wiki. Cook is still hoping to further integration with RuneLite though there hasn’t been much progress lately.

Discussion/goals[edit source]

Goals achieved since last meeting:

  • Conducted security review
  • Tested backup validity: if wiki was lost we would be able to restore from back up within a couple of hours?
  • Set up dedicated job runner
  • Launched anonymous pageview caching: Kitty has made it so that anonymous viewers’ pageviews are cached. Caching makes pages load faster and reduced load on the server.
  • Gaz worked on redoing the bestiary and this has now been launched.
  • Editing incentives programmes have been set up on both wikis. The site notice has been great for communicating with readers, especially for these programmes.

Our contract with Jagex is up for renewal in September 2019, which gives us an opportunity to think about how we might work more closely with Jagex in the future.

Discussion about OSWF: it has been going well so far on OSRS. RS3 initially saw some high quality contributions. We need better tasks on RS3 that will help achieve goals that readers want to see completed. Will do a survey to help decide where to focus our efforts. OSRS may need more policies/editing help guides to ensure that quality of contributions is up to scratch.

Discussion[edit source]

Comment - From a tech viewpoint, I'd like to see what the results of the recent security review are and if any changes were made or are planned as a result. Additionally, we have backups but I haven't seen anything to suggest we're confident that they can be restored from - can that be addressed somewhere as well? It could be grouped under long-term site stability to make it easier to digest. cqm talk 18:30, 7 June 2019 (UTC)

Regarding the security review, we undertook this on 3 June 2019 and made several changes. On a number of sites and services, we were logging in as one root user account rather than having a user account for each person who has access (Cook, Gaz, Kitty, and I for most things), so we changed that where possible, including on AWS, our server provider, and Cloudflare. After doing this, the password for these "main" accounts was changed, and as far as I'm aware only Cook has these passwords. Another major step was that as we had been all signing into one account on the various different services, we didn't have two-factor authentication enabled. We have now enabled 2FA across the services that support it. We were already using individual Google accounts for our email addresses/G Suite, but we turned on 2FA enforcement for those that didn't have it enabled already. For our dedicated servers, we already had password login disabled, so connection to the servers is only possible with a valid SSH key that Cook, Kitty, and I have. Our domains are spread across a few different registrars, but with the exception of weirdgloop.org (which is registered through Google Domains), only Cook and Gaz have access to making changes at the root-level of these domains, such as being able to switch the DNS records to point away from Cloudflare. We have made no changes to accounts on GitLab, as we do not store any privileged information on there. Users are free, and encouraged, to enable 2FA on their GitLab accounts if they are working on Weird Gloop projects. No changes were made regarding Discord, as Cook, Gaz, Kitty, and I all have 2FA enabled. Access to reviewing and filing company documents via the UK's Companies House is limited to just Gaz and Cook, and the company bank account is currently only accessible by Gaz, and a physical device is required to access it. Hope this clears things up! jayden 12:38, 11 July 2019 (UTC)
There looks to be a bus factor of 1 for when Cook has the password for the main account for a number of accounts and Gaz has access to the bank account. Do we have alternative ways to access these things if one of them were hit by a bus tomorrow? If the personal accounts have similar permissions between them, then it's just the bank account that's a concern. cqm talk 18:02, 11 July 2019 (UTC)
I believe most of the personal accounts in the tech have similar permissions, but I'll defer to the others that interact with them more to confirm. What Jayden didn't mention was HMRC filing - I believe that Cook has all the details to file stuff with HMRC in paper, but I'm not entirely sure how multiple accounts operating one business account works (something to look into). Regardless, I use my account to manage that, which has 2FA attached too. Also, Companies House has paper filing disabled - it has to be filed online.
Banking is an ongoing issue that we're trying to fix. You may or may not be aware of our issues in getting an account in the first place due to our multinational directors, and adding non-UK signatories (e.g. Cook) is an extension of this. In short, our bank (and most UK banks that we looked at) require the new signatory to present proof of identity and address documentation in person if they are not UK citzens living in the UK, which is obviously pretty expensive if the new signatory isn't already in the UK for something else. The most frustrating thing is that we did this in April when Cook was in the UK, but then the bank lost the documentation we provided. We're looking at ways around this, but the best chance is probably when Cook is next back in the UK (for RuneFest if nothing else earlier). Another option is to have one of the other UK directors added, which we will discuss. Gaz (talk) 20:35, 11 July 2019 (UTC)

Comment - "Tested backup validity: if wiki was lost we would be able to restore from back up within a couple of hours?" How come the question mark? Is the uncertainty the time length or whether we could actually restore from a backup or not? If it's the latter, that seems like a potential concern. Also, what does "lost" exactly entail? Haidro (talk) 08:49, 14 June 2019 (UTC)