[14:25:42] <MatmaRex>	 ori: fun performance-related read: https://www.reddit.com/r/lolphp/comments/47dqbf/metaexample_phpnet_local_storage/
[15:52:05] <robla>	 interesting, MatmaRex.  I wonder if "curbing local storage abuse" is going to become more of a developer hotbutton in the relative near term 
[16:16:46] <MatmaRex>	 hmm.
[16:19:12] <bd808>	 I disabled localstorage completely in firefox and a large part of the internet stopped working. It was pretty distrubing
[16:19:43] <bd808>	 I still see localstorage as the nastiest tracking cookie storage system ever
[16:20:30] <bd808>	 because of things like mobile safari allowing localstorage in incognito mode that never gets cleared
[16:54:39] <greg-g>	 bd808: I thought safari on ios was the browser you recommended as best for not tracking?
[16:55:02] <bd808>	 it's the most anon for device fingerprinting
[16:55:28] <bd808>	 and the localstorage is purgable, but you have to remember to do it yourself
[16:57:03] <greg-g>	 gotcha
[18:21:13] <Krinkle>	 Its handled quite differently in different browsers - localstorage in private mode - https://blog.whatwg.org/this-week-in-html-5-episode-30
[19:24:59] <ori>	 bd808: do you think you and your team might have cycles to spare for <https://phabricator.wikimedia.org/T128543> ("Hunt down duplicate memcached gets")? You are not in any way responsible for the dupes that I'm seeing, but since you guys fixed similar problems with auth-related memcached/redis usage, the knowledge is fresh
[19:26:01] <ori>	 it's pretty low-hanging and I suspect the impact would be substantial
[19:26:08] <ori>	 I know it's not really in scope but thought I'd ask anyhow
[19:28:56] <ori>	 the lowest-hanging ones seem to be WANCache:v:fawiki:file-djvu:dimensions:*, which is easy to associate with a specific code-path
[19:29:52] <ori>	 and WANCache:v:enwiki:revisiontext:textid:*; dupes of that type seem to mostly be Lua modules
[19:55:21] <tgr>	 ori: instead of hunting, why not just add an in-process tracking hashbag? set a flag on get, clear it when something else happens to the key, when trying to set an existing flag create an exception object and log it (which gives you a stack trace)
[20:04:08] <ori>	 tgr: Something like that could work, yeah. But the egregious offenders are few, and they have been in place for years, in some cases, so it could be viable (and potentially simple) to just carefully audit those code-paths and fix the worst offenders on a case-by-case basis.
[20:04:19] <ori>	 No strong feelings either way.
[20:15:41] <bd808>	 tracking down cache fetch dups is the point to https://gerrit.wikimedia.org/r/#/c/274333/ but that seems to have led into a dark tunnel of "doesn't meet arbitrary standards"
[20:18:21] <ori>	 well, I'm suggesting that the worst offenders are already known
[20:19:45] <ori>	 I didn't -1 https://gerrit.wikimedia.org/r/#/c/274333/ , I left it CR 0. I personally think it's too much complexity for the value, but you don't have to agree with me; I'm not blocking.
[20:23:51] <anomie>	 aude: Do you know if Wikidata is updated in wmf.16 so https://gerrit.wikimedia.org/r/#/c/273372/ can be merged without spamming warnings?
[20:24:36] <aude>	 i think so. we backported one of the patches
[20:26:39] * anomie tries rebasing https://gerrit.wikimedia.org/r/#/c/273373/, which will fail a unit test if the Wikidata fix is not merged yet.
[20:43:58] * anomie finds MFResourceLoaderParsedMessageModule, how'd that get missed.
[20:46:02] <Reedy>	 https://blogs.microsoft.com/blog/2016/03/07/announcing-sql-server-on-linux/
[21:45:26] <MaxSem>	 Reedy, armageddon
[21:56:01] <greg-g>	 Reedy: MaxSem from a Canonical friend of mine: "I think I'll fire up MSSQL on a ZFS-backed instance just to hear people's heads explode."
[21:56:12] <Reedy>	 ZFS on linux!?
[21:56:26] <greg-g>	 yep, Canonical is distributing compiled binaries... somehow
[21:57:04] <greg-g>	 you can build it yourself on Debian, but the incompatible licenses make it illegal to distributed pre-built kernels... but I guess Canonical is special somehow (I haven't read up on it much)
[22:02:01] <legoktm>	 greg-g: they're not special, they just found lawyers who claim it's not a GPL violation when everyone else (SFLC, SFC) says it is
[22:02:22] <greg-g>	 legoktm: gotcha, so yeah, they're breaking the law :)
[22:08:59] <csteipp>	 bd808 or tgr, is there a timeline documented somewhere for AuthManger's rollout? Brad said next week, but I wasn't entirely clear which pieces are going out when.
[22:10:04] <bd808>	 csteipp: yeah... well.no
[22:10:18] <bd808>	 we have a loose list of steps in a gdoc
[22:12:14] <csteipp>	 bd808: when (roughly) is code being deployed, and when are we flipping the "really use it now" switch?
[22:13:32] <bd808>	 csteipp: we'd like to merge the main patch as soon as it has security approval with the feature flag off. The next steps are dependent on subsequent testing and how much help we get coverting authplugins
[22:13:54] <bd808>	 the realy "goal" is to get it all in before 1.27 tarball is cut
[22:14:28] <csteipp>	 bd808: Cool