[00:16:26] d3r1ck: can you explain further? Not able to view any images? Are you connecting from a provider with wikipedia zero-rated? [00:37:21] twentyafterfour: I think that he might be zero-rated, yes [02:10:25] 10Project-Admins: Create project for me #User-Zoranzoki21 - https://phabricator.wikimedia.org/T172412#3626192 (10MacFan4000) [07:42:03] twentyafterfour: Maybe, I don't know. [07:42:10] bd808: How do I check that? [07:47:41] 10Phabricator, 10Operations, 10Release-Engineering-Team, 10Patch-For-Review: The aphlict systemd unit needs to be rewritten from scratch - https://phabricator.wikimedia.org/T176392#3626266 (10Paladox) The patch has stalled and dosent look like it will move along, I guess we should change the priority to no... [10:48:54] 10Phabricator, 10Operations, 10Release-Engineering-Team, 10Patch-For-Review: The aphlict systemd unit needs to be rewritten from scratch - https://phabricator.wikimedia.org/T176392#3626648 (10Joe) Thanks to @Paladox work on this, the aphlict service unit now handles correctly the software. I am going to m... [10:49:12] 10Phabricator, 10Patch-For-Review: Enable notification server (real-time pop-up notifications) in Phabricator - https://phabricator.wikimedia.org/T765#3626651 (10Joe) [10:49:16] 10Phabricator, 10Operations, 10Release-Engineering-Team, 10Patch-For-Review: The aphlict systemd unit needs to be rewritten from scratch - https://phabricator.wikimedia.org/T176392#3626649 (10Joe) 05Open>03Resolved a:03Paladox [11:50:40] 10Phabricator, 10Operations, 10Release-Engineering-Team, 10Patch-For-Review: The aphlict systemd unit needs to be rewritten from scratch - https://phabricator.wikimedia.org/T176392#3626762 (10Paladox) @Joe thanks :) Yeh we can remove Ubuntu / upstart support. [13:21:46] 10Phabricator, 10DBA, 10Operations, 10ops-eqiad: Decommission db1048 (was Move m3 slave to db1059) - https://phabricator.wikimedia.org/T175679#3626995 (10jcrespo) @mmodell This is still needed, but this and the next week are going to be problematic. As a heads up, we may need to merge some puppet changes s... [13:22:52] 10Phabricator, 10DBA, 10Operations, 10ops-eqiad: Decommission db1048 (was Move m3 slave to db1059) - https://phabricator.wikimedia.org/T175679#3626998 (10mmodell) @jcrespo: Thanks, I'll keep an eye out for it. [13:47:39] andre__: ping [13:47:59] http://blogs.gnome.org/markmc/2014/02/20/naked-pings/ [13:49:23] https://phabricator.wikimedia.org/project/manage/1615/ <-- I need an admin to add acl_releng there as alias, because #acl*releng gives no links. [13:50:08] How is that a problem? That is absolutely intentional, iirc [13:50:12] ie: https://phabricator.wikimedia.org/project/manage/2406/ [13:50:50] or https://phabricator.wikimedia.org/project/manage/1515/ [13:51:01] see my question :) [13:51:44] I cannot answer it, but I think the system adds the underscore now so I'm not sure if it is intentional [13:52:01] #release-engineering-team does use it on their description project page though [18:28:41] 10Phabricator, 10Anti-Harassment: Build a tool/system that makes it easier to show Phabricator updates on wiki pages - https://phabricator.wikimedia.org/T176511#3627987 (10TBolliger) [18:29:15] 10Phabricator, 10Anti-Harassment: Build a tool/system that makes it easier to show Phabricator updates on wiki pages - https://phabricator.wikimedia.org/T176511#3628000 (10TBolliger) [18:31:28] 10Phabricator, 10Anti-Harassment: Build a tool/system that makes it easier to show Phabricator updates on wiki pages - https://phabricator.wikimedia.org/T176511#3628005 (10TBolliger) These are just ideas, not sure if they'll feasible or worth spending too much time on. By 'embed' it could either be like an e... [19:05:27] 10Phabricator, 10Anti-Harassment: Build a tool/system that makes it easier to show Phabricator updates on wiki pages - https://phabricator.wikimedia.org/T176511#3627987 (10mmodell) Phabricator has an API, so it's certainly feasible. [19:10:17] 10Phabricator, 10Anti-Harassment: Build a tool/system that makes it easier to show Phabricator updates on wiki pages - https://phabricator.wikimedia.org/T176511#3628069 (10mmodell) I would be willing to work with someone to figure out the Phabricator side of this - including implementing custom API endpoints i... [19:41:05] 10Phabricator: Form 33 amendment request - https://phabricator.wikimedia.org/T176516#3628175 (10MarcoAurelio) [19:42:43] 10Phabricator: Amend acl*stewards policies - https://phabricator.wikimedia.org/T175583#3628188 (10MarcoAurelio) We also don't have an `acl*stewards_policy-admins` group either so none of us can alter the visibility policies of the tasks. I'm not sure why it was added there. Maybe @mmodell knows? [19:45:09] 10Phabricator: Amend acl*stewards policies - https://phabricator.wikimedia.org/T175583#3628196 (10mmodell) 05Open>03Resolved a:03mmodell Done. [19:46:47] 10Project-Admins: Create Phabricator project for mediawiki/extensions/Wigo3 - https://phabricator.wikimedia.org/T171441#3464972 (10MarcoAurelio) @hashar As Andre said we'd like to see a MediaWiki page for that extension. If the developers/mantainers of said extension are okay with using Phabricator as issue trac... [20:18:42] 10Phabricator, 10User-greg: Enable calendar in Basque Wikimedians User Group - https://phabricator.wikimedia.org/T176000#3610708 (10mmodell) You can also do a search for `Hosts(#wikimedia-user-group-basque)` to find all events hosted by any members of your group [20:22:31] 10Phabricator, 10LDAP: Having difficulty logging into Phabricator via LDAP when multiple accounts returned for username - https://phabricator.wikimedia.org/T138672#3628268 (10mmodell) @SMcCandlish This is not something that is under the control of phabricator so you'll need to get someone with LDAP admin right... [20:57:19] 10Phabricator, 10User-greg: Form 33 amendment request - https://phabricator.wikimedia.org/T176516#3628414 (10greg) 05Open>03Resolved a:03greg Done. [20:57:35] 10Phabricator, 10Release-Engineering-Team (Kanban), 10User-greg: Form 33 amendment request - https://phabricator.wikimedia.org/T176516#3628418 (10greg) [21:50:36] Howdy. I've been using keyholder prolifically since its public release, and I am suddenly encountering a very peculiar error during preauthentication to certain remote machines running CentOS 7.4. I have a stack trace: https://pastebin.com/B6nH3Z5M [21:51:32] I've never encountered this before. Traditional agent-based authentication to these same hosts proceeds without difficulty. [21:53:02] Does anyone have a clue as to what these "bad flags" actually are? [21:57:58] The ssh program reports: "sign_and_send_pubkey: signing failed: communication with agent failed"; with some verbosity turned on, it gets to the point where the remote server accepts the key and "debug3: sign_and_send_pubkey: RSA SHA256:123456ABCDEF..." is emitted, and then returns the agent communication error. [21:59:14] nethershaw: which wikimedia service does your issue relate to? [21:59:39] keyholder. [22:00:21] The only documentation with it is in the git repository, and the only support contact listed is this channel. [22:00:37] * zhuyifei1999_ must admit that it is the first time I see https://phabricator.wikimedia.org/source/keyholder/ [22:00:40] thcipriani or twentyafterfour (sorry for the ping) ^^ [22:01:26] I'm a sysadmin. Keyholder is how we're delegating secure access to private keys for an Ansible controller within my group's infrastructure. [22:01:40] 10Project-Admins: Create Phabricator project for mediawiki/extensions/Wigo3 - https://phabricator.wikimedia.org/T171441#3628668 (10hashar) 05Open>03declined [22:02:00] nethershaw: Hi, I'll take a look at your stack trace, one moment [22:02:39] Much appreciated -- no hurry, it's friday :) [22:05:16] I'm going to try to get some more debug information from the remote host, since the X factor seems to be something on that end. [22:07:46] nethershaw: Looks like flag 4 is SSH_AGENT_RSA_SHA2_512 [22:07:55] I suspect we only support sha2_256 [22:09:23] Hmm... I had a feeling it might have something to do with tighter crypto thresholds in Cent 7.4. We've only just begun experimenting with it. [22:09:58] It shouldn't be too difficult to add support for sha2_512 [22:10:19] since it's really just proxying the protocol, it might be as simple as adding 4 as a valid value to avoid throwing that exception [22:14:49] Reading the ssh-agent-proxy python; I think I see where that's done [22:15:09] yeah ... [22:15:12] If I'm understanding correctly flag 1 is 256 [22:15:29] nethershaw: I'm uploading a revision to differential, link incoming [22:15:58] Many thanks; I'll be happy to give that a quick spin in my environment [22:16:00] do you have an account on our phabricator instance? [22:16:15] I do not, but I can try to register [22:16:21] https://phabricator.wikimedia.org/D792 [22:16:35] you don't need an account to download the diff but if you had an account you could review the patch ;) [22:16:50] Oh, I already have a mediawiki account, duh [22:16:52] it's totally untested, I don't have a centos box to test with. We are using debian jessie [22:17:25] Just doing the federated auth setup now [22:18:22] Okay, I'm in, and I see your diff -- I will give this a go. That looks exactly as I expected it would. [22:18:54] Incidentally I've been building rpms in my fork on github, and I'd like to contribute that back to you guys [22:19:25] it's a fairly naieve change - according to https://tools.ietf.org/id/draft-miller-ssh-agent-00.txt the flags is a bitmask'd field so the flags should properly be evaluated with a bitwise OR but this should do the trick for now [22:19:37] (until they implement more flags in a future version) [22:20:02] it might be best to just assume to flags are ok instead of validating the values in the proxy, at least that would be future proof [22:21:12] Understood [22:22:19] meh, checking that flags are in the range of expected values seems sane ¯\_(ツ)_/¯ [22:23:09] thcipriani: yeah, it's sane and fine for now but there could theoretically be more than one flag OR'd together so we'd need to check each one bitwise instead of just treating it as an integer [22:23:48] * thcipriani nods [22:23:57] I think right now it'll only ever have one flag [22:27:18] Those are the only two values for RSA I see in the specification [22:27:45] nethershaw: right, I'm only imagining a future revision adding more flags [22:28:13] it's not important yet, I suspect it'll be a while at least until there are more revisions [22:29:19] Yep. I'd be speculating just as much as to what other values in that bitfield might someday represent... SHA512 seems to be the hash algorithm of the day [22:34:03] testing now [22:37:51] Yep, it works [22:40:00] I'm going to clean up my rpmbuild fork for you, in case that's of interest to anyone; I saw you have a debian packaging branch, so I followed your example [22:40:09] nice :) [22:40:36] should the final solution here bitwise & check for these flags? [22:42:55] I defer to you; bitwise is probably the most future-proof. I would have some trepidation about not checking the flags at all [22:43:22] ^ [22:47:09] (copy and paste code review) [23:05:22] Incidentally, here's that rpmbuild spec file: https://github.com/nethershaw/keyholder/blob/rpmbuild/rpmbuild/SPECS/keyholder.spec (it makes an assumption that the unit files are checked in at etc/system/systemd/) [23:07:26] It also still points at my own repository... so I have some cleaning up to do [23:10:05] Somewhat unfamiliar with arcanist [23:13:42] 10Project-Admins: Create user-MacFan4000 project for personal tracking - https://phabricator.wikimedia.org/T175633#3628801 (10MacFan4000) 05Open>03Invalid [23:14:53] Thank you for the assistance, twentyafterfour, thcipriani :) [23:15:43] absotively, thanks for the error report [23:15:55] * thcipriani is playing with bitwise functions :) [23:16:14] My pleasure; I use this literally on a daily basis to help me manage hundreds of machines [23:17:36] nice to know we're not the only ones :) [23:18:17] Haha I'm sure [23:49:13] 10Diffusion, 10GitHub-Mirrors, 10Cleanup, 10Continuous-Integration-Config, 10Gerrit: Tool to archive extensions (and do related stuff)? - https://phabricator.wikimedia.org/T175499#3628842 (10Liuxinyu970226) Note: a "template" for requesting archive is provided by @mmodell: T174410. But it would be love t... [23:57:45] 10Diffusion, 10GitHub-Mirrors, 10Cleanup, 10Continuous-Integration-Config, 10Gerrit: Tool to archive extensions (and do related stuff)? - https://phabricator.wikimedia.org/T175499#3628859 (10demon) >>! In T175499#3628842, @Liuxinyu970226 wrote: > Note: a "template" for requesting archive is provided by @...