[01:38:48] <PixDeVl>	 apparently gdnsd has us as the second entry on their users page https://gdnsd.org/users.html
[01:40:27] <BlankEclair>	 soon won't be >:D
[01:43:49] <PixDeVl>	 huh
[01:44:32] <BlankEclair>	 or idk
[01:44:44] <BlankEclair>	 isn't mh planning to use another dns server?
[01:45:00] <CosmicAlpha>	 We will be using cloudflare rather than gdnsd
[01:45:05] <PixDeVl>	 I think we may go with the 'fuck it cloud-
[01:45:06] <PixDeVl>	 yea
[01:45:17] <PixDeVl>	 who wants to tell the maintainer
[01:45:23] <CosmicAlpha>	 So both Varnish and GDNSD will be gone (two less things to maintain us nice)
[01:45:23] <BlankEclair>	 i could
[01:45:39] <CosmicAlpha>	 Can wait till we finish migrating
[01:45:51] <MirahezeRelay>	 <tali64, replying to PixDeVl> I wonder how many people have found out about Miraheze from that page
[01:45:51] <tax>	 Cloudflare is replacing both load balancing AND caching? Nice
[01:45:53] <PixDeVl>	 can or can't
[01:46:03] <CosmicAlpha>	 tax: yep
[01:46:05] <BlankEclair>	 can probably
[01:46:21] <BlankEclair>	 meanwhile i'm here like "nooo my -X PURGErinos"
[01:46:38] <PixDeVl>	 oh btw tax i saw you triggered one of the abuse filters earlier today lmao. random but funny
[01:46:44] <BlankEclair>	 oh?
[01:47:35] <tax>	 I cheated and made the edit with my staff account https://login.miraheze.org/wiki/User:Harej?diff=15676&oldid=14449
[01:47:39] <tax>	 There's an external link
[01:47:54] <BlankEclair>	 yeah that's annoying >_>
[01:48:02] <PixDeVl>	 wait did it block you?
[01:48:03] <BlankEclair>	 when does the filter trigger? when not autoconfirmed on the wiki?
[01:48:09] <PixDeVl>	 I thought it was log only
[01:48:21] <tax>	 It did block me
[01:48:31] <BlankEclair>	 not a warn either
[01:48:38] <PixDeVl>	 autoconfirmed
[01:48:40] <PixDeVl>	 well
[01:48:45] <BlankEclair>	 virtually all of the rainverse wiki editors have experience lol
[01:48:45] <PixDeVl>	 skipcaptcha right
[01:50:12] <PixDeVl>	 what the hell is firejail
[01:50:52] <CosmicAlpha>	 Sandboxing for security
[01:50:53] <BlankEclair>	 thing to prevent certain syscalls iirc
[01:50:53] <PixDeVl>	 this is the wackiest filter syntax ive seen
[01:54:08] <PixDeVl>	 why are cp* redlinks https://meta.miraheze.org/wiki/Tech:Server_usage
[01:54:21] <CosmicAlpha>	 No pages
[01:54:24] <BlankEclair>	 no one made articles for them
[01:54:58] <CosmicAlpha>	 I will be heading off for a few hours this morning. I'll be back this afternoon
[01:55:01] <PixDeVl>	 well ye
[01:55:08] <PixDeVl>	 wow he sleeps?
[01:55:21] <BlankEclair>	 https://mis.thecomicseries.com/comics/190/#comment-3770787; heh
[01:55:26] <CosmicAlpha>	 No, I have things to do lol. it is 10AM
[01:55:34] <PixDeVl>	 of course
[01:55:38] <PixDeVl>	 did you sleep?
[01:55:42] <BlankEclair>	 probably
[01:55:58] <CosmicAlpha>	 Not much, I went to sleep at 5 and woke up at 6:45 or so
[01:56:15] <BlankEclair>	 god i gotta step up my insomnia game
[01:56:24] <PixDeVl>	 also why is icinga restricted to tech, does it show internal stuff?
[01:56:28] <BlankEclair>	 i felt drowsy at only 12! 12!!
[01:56:30] <PixDeVl>	 BlankEclair no no
[01:57:18] <CosmicAlpha>	 Yes icinga shows restricted private stuff sometimes. Which is redacted when sent events but not on icinga itself.
[01:57:36] <Agent>	 bring back guest account 2024
[01:57:49] <Agent>	 and guest ldap account email spam as well
[01:57:50] <BlankEclair>	 how many things could the guest account do?
[01:58:58] <PixDeVl>	 oh
[01:59:02] <Agent>	 It used to be an ldap account... which just so happened to have email access
[01:59:20] <BlankEclair>	 yeah i knew that (i looked through closed security tasks out of boredom)
[01:59:39] <PixDeVl>	 like it had a guest@miraheze.org email or other emails, well emails
[01:59:44] <Agent>	 bring back email spam :<
[01:59:46] <PixDeVl>	 BlankEclair that checks
[01:59:47] <BlankEclair>	 but like, what could you do with ldap
[02:00:16] <Agent>	 you can't really do much with ldap access other than email, at least by default
[02:00:21] <Agent>	 maybe spam ldapwikiwiki
[02:00:35] <BlankEclair>	 rickroll someone using email access :3
[02:00:37] <Agent>	 Matomo needs additional flags to grant you access, as does Graylog
[02:00:57] <Agent>	 maybe spamming Grafana?
[02:00:58] <BlankEclair>	 what's the guest account in ldap for then? or was it accidentally enabled
[02:01:03] <PixDeVl>	 Agent: reminding me of an old DEF CON talk I watched where some guys talk about profiting off stock pum n dumb scams
[02:01:20] <Agent>	 BlankEclair: it was used to grant public access to icinga
[02:01:28] <BlankEclair>	 oh
[02:01:33] <Agent>	 PixDeVl: heh
[02:02:20] <PixDeVl>	 im still not entirely sure what icinga is
[02:02:29] <BlankEclair>	 same
[02:02:41] <PixDeVl>	 in my head its just the thing that screams in #miraheze-tech-ops ngl
[02:03:11] <PixDeVl>	 then again i still dont understand ldap either, though NOT for lack of trying
[02:03:15] <Agent>	 basically what -tech-ops is or whatever it is that replaced our beloved -sre
[02:03:43] <BlankEclair>	 -sre became -tech, -sre-ops became -tech-ops iirc
[02:03:44] <Agent>	 i.e. load alerts, pretty much and a few SSL cert issues every so often
[02:03:50] <BlankEclair>	 (-sre-ops was a thing, right?)
[02:04:00] <Agent>	 oh, was -sre finally split into a further channel?
[02:04:03] <Agent>	 finally 
[02:04:09] <Agent>	 I had always wanted an -sre-bots
[02:04:47] <BlankEclair>	 oh neat
[02:05:25] <PixDeVl>	 iirc we had a general tech channel and a tech team ops channel since i joined discord
[02:05:31] <PixDeVl>	 https://youtu.be/fQPspL_VuD8 found it
[02:06:12] <PixDeVl>	 defcon 17 dang
[02:06:17] <PixDeVl>	 this year was 32
[02:07:02] <PixDeVl>	 Agent so it's job is to see and yell
[02:07:36] <PixDeVl>	 13sounds bout right13
[02:07:38] <Agent>	 Icinga is useless 
[02:07:46] <Agent>	 especially when we have a far better error reporting system
[02:07:59] <BlankEclair>	 it screams at us when mh is down i guess
[02:08:00] <Agent>	 users screaming in #general about 502s or whatever the latest and greatest error is
[02:08:10] <PixDeVl>	 13I mean13
[02:08:13] <BlankEclair>	 yeah but i wanna be early in the riide
[02:08:14] <PixDeVl>	 13He's not wrong?13
[02:08:35] <BlankEclair>	 it can also be funny at times
[02:08:47] <Agent>	 I miss this error https://usercontent.irccloud-cdn.com/file/jO3ZhQzv/1725156516777.png
[02:09:03] <Agent>	 now it's all just about 502s :(
[02:09:09] <PixDeVl>	 13looking at tech ops can be a good indicator how fucked we are13
[02:09:09] <BlankEclair>	 > <icinga-miraheze> RECOVERY - wiki.moores.tech - LetsEncrypt on sslhost is OK: OK - Certificate '*.sakura.ne.jp' will expire on Sun 18 May 2025 11:59:59 PM GMT +0000.
[02:09:10] <BlankEclair>	 > <RhinosF1> Eh
[02:09:12] <BlankEclair>	 > <RhinosF1> That is not OK icinga
[02:09:13] <BlankEclair>	 > <RhinosF1> Why on earth do you think that's ok
[02:09:28] <PixDeVl>	 13lmao13
[02:09:41] <BlankEclair>	 ngl i kinda dig the peachy pink
[02:09:57] <PixDeVl>	 13Agent we never get vanlla 500s though13
[02:09:59] <PixDeVl>	 13ty13
[02:10:14] <PixDeVl>	 13i was debating betwee this and 1306this one06
[02:10:21] <PixDeVl>	 13but i like this more13
[02:10:35] <PixDeVl>	 13im a purple and black color scheme enjoyer13
[02:10:35] <Agent>	 I forgot about dark mode in error pages
[02:10:37] <BlankEclair>	 purple is my favorite color (fun fact ig), but ngl i kinda like the pink a bit more
[02:10:39] <Agent>	 very high tech
[02:10:44] <PixDeVl>	 13same13
[02:10:57] <PixDeVl>	 13the new error pages are always dark13
[02:11:00] <PixDeVl>	 13as god intended13
[02:11:05] <BlankEclair>	 PixDeVl: bet you'd like my laptop color scheme then
[02:11:44] <BlankEclair>	 https://files.catbox.moe/i9fhf0.png
[02:11:51] <PixDeVl>	 13although boring at times. someone suggested putting xena's drawing of a robotic bee with a glitch face on the error page13
[02:12:04] <PixDeVl>	 13konversation13
[02:12:16] <PixDeVl>	 13oh13
[02:12:24] <PixDeVl>	 13the color is different for you then me13
[02:12:30] <BlankEclair>	 yeah i made it lighter
[02:13:08] <PixDeVl>	 13oh13
[02:13:32] <PixDeVl>	 13ill send you a screenshot of my wallpaper tmr13
[02:13:45] <PixDeVl>	 13not like i ever see it13
[02:13:56] <BlankEclair>	 i'm sorry, is this a personal attack?
[02:15:15] <PixDeVl>	 13no13
[02:15:24] <PixDeVl>	 13i just am never on my wall paper13
[02:15:30] <PixDeVl>	 13i always have a window open13
[02:15:32] <BlankEclair>	 me neither
[02:15:48] <BlankEclair>	 (i probably should've added a /j)
[02:15:48] <PixDeVl>	 13also youtube ads just reminded me zenless zone zero existed13
[02:16:03] <PixDeVl>	 13should get back to playing that at some point13
[02:16:05] <PixDeVl>	 13was fun13
[02:16:11] <BlankEclair>	 btw i sent you the wallpaper i use privately if you haven't notied
[02:16:18] <PixDeVl>	 13a13
[02:16:23] <BlankEclair>	 w
[02:33:55] <PixDeVl>	 https://meta.miraheze.org/wiki/Tech:Salt so you connect to puppet to use salt to use puppet
[02:34:54] <Agent>	 yum
[02:34:56] <Agent>	 salt
[02:35:41] <PixDeVl>	 spice of life
[02:36:52] <PixDeVl>	 someone needs to update ldapwiki's main page
[02:39:00] <PixDeVl>	 MacFan4000 do the stewards cvt etc ldap groups still exist since moving email to google?
[02:39:02] <PixDeVl>	 https://meta.miraheze.org/wiki/Tech:Ldap#Existing_LDAP_groups
[02:42:35] <CosmicAlpha>	 They exist since I didn't remove them yet but don't do anything. I should probably remove them.
[02:43:03] <PixDeVl>	 maybe
[02:43:18] <PixDeVl>	 also is the bot server not documented on wiki
[02:43:53] <Agent>	 i think bots171 is a late addition to the original server blueprint
[02:44:05] <Agent>	 hence why there's no info on it
[02:44:28] <PixDeVl>	 makes sense
[02:44:39] <PixDeVl>	 did we always have a dedicated bot server
[02:45:01] <CosmicAlpha>	 no
[02:45:11] <CosmicAlpha>	 it used to be combined with mon server
[02:45:32] <PixDeVl>	 is there any private info access on bots?
[02:46:52] <Agent>	 I suppose just the PWB password maybe
[02:46:58] <Agent>	 and the IRC passwords
[02:47:09] <PixDeVl>	 which is PWB again
[02:47:19] <PixDeVl>	 too many acryonums
[02:47:23] <Agent>	 PyWikiBot
[02:47:25] <PixDeVl>	 spelling 100
[02:47:28] <PixDeVl>	 oh ya
[02:47:29] <Agent>	 aka the bot that does the archiving 
[02:47:52] <PixDeVl>	 I think we named it BeeBot now
[02:47:56] <Agent>	 aka whatever AgentBot's successor is since Miraheze maintenance script was axed
[02:48:02] <PixDeVl>	 [[User:BeeBot]]
[02:48:03] <Agent>	 ah yes, BeeBot
[02:48:10] <Agent>	 even though this isn't WikiApiary
[02:48:14] <PixDeVl>	 wm-bot2 is eepy
[02:48:19] <CosmicAlpha>	 Wait what happened to Miraheze maintenance script?
[02:48:20] <PixDeVl>	 I have a discord bot named BEe
[02:48:24] <PixDeVl>	 totally differeny
[02:48:52] <Agent>	 CosmicAlpha: the account used for PWB was changed from the Miraheze maintenance script user to BeeBot
[02:49:18] <CosmicAlpha>	 Oh I thought you meant Miraheze maintenance script account itself vanished lol
[02:49:24] <CosmicAlpha>	 I didn't know that though
[02:50:16] <Agent>	 I thought the DT (or whatever acronym is used for DSRE's new name) was the one who spearheaded this
[02:50:43] <PixDeVl>	 CosmicAlpha is it worth adding pages for undocumented servers like bots and such on wiki
[02:51:19] <CosmicAlpha>	 I had nothing to do with any change to pywikibot and was not even aware of it
[02:51:54] <Agent>	 :thonk:
[02:56:08] <CosmicAlpha>	 Also yes replying to an earlier conversation, #miraheze-sre basically became #miraheze-tech-ops, but both this channel and that one repurposed so this channel is used for what #miraheze-sre used to be while #miraheze-tech-ops became more bots.
[02:56:43] <PixDeVl>	 that don't relay to discord
[02:56:58] <Agent>	 having them relay to discord would be nice
[02:57:33] <CosmicAlpha>	 I thought I enabled bots to the Discord relay after seperation but realized yesterday I didn't. I will at least relay icinga now lol
[02:59:46] <Agent>	 hopefully icinga has calmed down now 
[02:59:57] <CosmicAlpha>	 I removed all but wm-bot fron relay ignore list
[03:00:37] <CosmicAlpha>	 It has yes
[03:00:48] <PixDeVl>	 why wm-bot
[03:01:02] <PixDeVl>	 it's a pain to not be able to see irc links sometimes
[03:01:09] <PixDeVl>	 not that he works
[03:01:21] <PixDeVl>	 wonder whats with that
[03:01:37] <PixDeVl>	 oh
[03:01:41] <PixDeVl>	 relay died
[03:01:51] <PixDeVl>	 we're in our on-
[03:01:57] <PixDeVl>	 nevermind relays back
[03:01:59] <CosmicAlpha>	 Because I forgot if the bot will handle no Ignore configure so I needed to leave one for now lol
[03:02:04] <CosmicAlpha>	 It restarts when config is changes
[03:02:08] <CosmicAlpha>	 *changed
[03:03:05] <CosmicAlpha>	 ping
[03:03:11] <MirahezeRelay>	 <cosmicalpha> pong
[03:03:45] <Agent>	 ping
[03:04:39] <MirahezeRelay>	 <cosmicalpha> pong
[03:04:59] <CosmicAlpha>	 I should add a ping pong auto bot response to the relay lol
[03:05:18] <CosmicAlpha>	 or a !test or something
[03:05:38] <CosmicAlpha>	 but it is to much work for a minor thing 
[03:14:09] <Agent>	 heh
[03:35:28] <PixDeVl>	 CF free includes DDoS protection but not DDoS alerts
[03:35:30] <PixDeVl>	 silly
[03:37:01] <Agent>	 does MH have free Business or did they leave us with free Enterprise?
[03:37:20] <Agent>	 that is, referring to CloudFlare plans
[03:37:29] <MacFan4000>	 We have enterprise on the miraheze.org domain right now
[03:37:34] <MacFan4000>	 (It’s per domain)
[03:37:49] <MacFan4000>	 We have an open ticket to get it for wikitide.org
[03:37:58] <MacFan4000>	 All other domains are on free
[03:38:33] <Agent>	 interesting
[03:38:39] <Agent>	 it's nice that they never corrected it
[03:38:49] <PixDeVl>	 corrected?
[03:40:11] <Agent>	 I was checking my old WikiTide email when I found an email from CF explaining that they couldn't give us the Business plan due to a technical error so we could get Enterprise until they fixed the issue
[03:40:26] <Agent>	 If they haven't downgraded us then they probably haven't fixed the issue :p
[03:41:14] <PixDeVl>	 let's hope they don't rhinos has been having a field day bitch slapping naughty bots
[03:41:45] <Agent>	 Account wide Enterprise access would be soooo nice
[03:42:23] <PixDeVl>	 im rechecking the differences between business and enterprise
[03:42:54] <PixDeVl>	 Cache Purge - By Tag
[03:42:55] <PixDeVl>	 Cache Purge - By Host
[03:42:55] <PixDeVl>	 Custom Cache Keys
[03:42:56] <PixDeVl>	 Prioritized IP Ranges
[03:42:56] <PixDeVl>	 Prefetching URLs
[03:43:43] <PixDeVl>	 smt called subdomain zones
[03:43:50] <PixDeVl>	 hopefully not important
[03:44:18] <PixDeVl>	 Enterprise DDoS Mitigation is its own thing
[03:44:41] <PixDeVl>	 https://www.cloudflare.com/plans/
[03:46:51] <Agent>	 I'm surprised things like Argo and load balancing aren't included 
[03:47:17] <Agent>	 CosmicAlpha: did we ever look into having CF cover R2 for us?
[03:47:29] <Agent>	 It's something they do for other projects 
[03:48:02] <PixDeVl>	 R2?
[03:48:14] <Agent>	 CloudFlare's answer to S3
[03:48:18] <Agent>	 aka file storage
[03:52:11] <PixDeVl>	 hey PTW is mentioned on test wikipedia lol
[03:52:33] <PixDeVl>	 https://test.wikipedia.org/wiki/Wikipedia:Requests/Tools
[03:52:46] <PixDeVl>	 not sure why it says restricted
[03:53:03] <PixDeVl>	 maybe that means full no but didnt wanna use red cause its not a bad thing
[03:55:13] <CosmicAlpha>	 Not yet depeneds on if the performance issues of it can be resolved if we will use it or not.
[03:57:33] <MacFan4000>	 PixDeVl: hmm, well we still don’t have enough notable sources to have a Miraheze page on WP
[03:57:37] <CosmicAlpha>	 Agent: it is still enterprise yeah. We also have account wide load balancer, and a ton of other services we have requested also.
[03:58:24] <MacFan4000>	 Also it says CheckUser is restricted, because it is
[03:58:52] <PixDeVl>	 Restricted and yellow implies limited access but access
[03:59:04] <MacFan4000>	 A couple of the others have a modified version that allows users to run CU only on themselves or their own IP
[03:59:20] <CosmicAlpha>	 What is the point?
[03:59:24] <PixDeVl>	 to me
[03:59:30] <PixDeVl>	 testing
[03:59:49] <MacFan4000>	 Privileges users can still have full access
[04:00:07] <MacFan4000>	 checkuser vs checkuser-limited permission
[04:00:48] <MirahezeRelay>	 <paladox> Why are we stopping using gdnsd? Miraheze speed issue should be looked into per us noticing that it was faster connecting directly to cp3* indicating there was some problem with connections.
[04:03:06] <MacFan4000>	 (And one of the listed wikis is run and maintained by me)
[04:03:28] <PixDeVl>	 all is macfan
[04:47:40] <PixDeVl>	 @paladox interesting though, when was it you tested out directly to cp
[04:48:32] <PixDeVl>	 (also how do you directly connect to a proxy and tell it which wiki huh)
[05:19:08] <CosmicAlpha>	 @paladox because it doesn't work for cloudflare, everything will go through cloudflare.
[05:20:43] <MirahezeRelay>	 <cosmicalpha> cloudflare protects us against all the DDOSes is the primary reason for switching, but it will also be used for load balancing and CDN since we get it all completely free.
[05:21:08] <BlankEclair>	 i wonder, what happens if the bastion hosts are offline
[05:21:43] <CosmicAlpha>	 It has happened and causes quite a mess due to firewall. We will be launching a backup bastion external to DC to prevent it in the future.
[08:01:01] <BlankEclair>	 (sending questions here that i initially asked elsewhere just in case i could get a response)
[08:01:03] <BlankEclair>	 > [Saturday, 31 August 2024] [11.58.05 GMT+10] <BlankEclair> where do i ask for more info about why a thing in a commit was done that way? the linked task doesn't give any clues either
[08:01:04] <BlankEclair>	 > [Saturday, 31 August 2024] [11.58.08 GMT+10] <BlankEclair> here's the commit: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/5265579c0f9a11254811b50b3e72cbd8fbd83ede%5E%21/
[08:01:06] <BlankEclair>	 > [Saturday, 31 August 2024] [11.58.16 GMT+10] <BlankEclair> no idea why it's done in javascript and not in php...
[08:01:07] <BlankEclair>	 > [Saturday, 31 August 2024] [12.03.25 GMT+10] <BlankEclair> doesn't look like anything else uses the new "magnify-resource" parameter that the commit introduced either: https://codesearch.wmcloud.org/search/?q=magnify-resource
[08:46:45] <MirahezeRelay>	 <owenrb> It's such a shame Miraheze is taking such a big step back from free and open source software. Guess that's one of the key principles WTF have gotten rid of
[08:54:29] <MirahezeRelay>	 <cosmicalpha> [1/2] Why do we need open source DNS anyway? Most everything is still using open source, and cloudflare is free for us? Why not take advantage of what we can as a nonprofit? Yeah its definitely a shame we are prioritizing user ended performance instead rather than OSS for just DNS/CDN.
[08:54:29] <MirahezeRelay>	 <cosmicalpha> [2/2] If this is the view point I get as a volunteer who puts effort into things. I honestly don't know why I even do this. I don't intend to quit, but I just can't seem to understand some view points here but you're entitled to your opinion and I respect that.
[08:54:52] <MirahezeRelay>	 <theoneandonlylegroom> [1/2] do we have our own resources for protection against aggressive scraping and ddos? we aren't even wmf
[08:54:52] <MirahezeRelay>	 <theoneandonlylegroom> [2/2] I don't trust cf that much myself, but it looked like the best solution against having the entire farm down or being slow like we are back to WD servers, or blocking a whole region
[08:56:27] <MirahezeRelay>	 <owenrb> Because Miraheze was founded on a commitment which has been the same until WikiTide took over - there's a legacy that has been binned that's managed to survive a lot.
[08:57:06] <MirahezeRelay>	 <owenrb> The FAQ needs updating as it mentions a commitment which has been the same for 7 years, which is a) no longer true and b) not even on the wiki anymore
[08:57:27] <MirahezeRelay>	 <owenrb, replying to theoneandonlylegroom> So we did with MHL
[08:58:07] <MirahezeRelay>	 <theoneandonlylegroom> like we were down for a whole day or more?
[08:58:19] <MirahezeRelay>	 <owenrb> That was resourcing constraints - nothing to do with DDoS
[08:58:41] <MirahezeRelay>	 <cosmicalpha> Things change as the need arises. We are still open source for 99% of services. You can't think technological things are the same now as they were 7 years ago.
[08:59:23] <MirahezeRelay>	 <cosmicalpha> I will refrain from arguing about it right now. I respect your point of view, while I disagree, you are entitled to it.
[09:00:15] <MirahezeRelay>	 <owenrb> I'm not saying technology is the same, it's just clear the commitment from WikiTide Foundation isn't, and two different orgs would have sought to protect two different things.
[09:01:11] <MirahezeRelay>	 <owenrb> I'd be curious to see what process was undertaken when selecting CloudFlare and what alternative OSS options were considered
[09:01:51] <MirahezeRelay>	 <owenrb> If the answer is none, then you can't argue the commitment was maintained, it was a jump from private, closed and proprietary paid software
[09:03:53] <MirahezeRelay>	 <owenrb> Also the argument of "we get it for free so might as well use it" does not sit right with me as justification for moving away from open source software. Open source software is also free, so why not just keeping using it?
[09:07:01] <BlankEclair>	 removing varnish feels a bit :/ to me, but it is what it is
[09:09:37] <MirahezeRelay>	 <cosmicalpha> [1/2] We will likely be keeping open sourced DNS using bind rather than gdnsd but using Cloudflare for CDN to avoid so many outages with DDOSing, cache filling up etc...
[09:09:37] <MirahezeRelay>	 <cosmicalpha> [2/2] At least its the current plan.
[09:10:52] <MirahezeRelay>	 <owenrb> Why the change away from GDNSD? It's worked for 9 years and powers one of the largest websites in the world
[09:11:28] <BlankEclair>	 question: how would you use cloudflare without pointing your nameservers over to them?
[09:11:39] <MirahezeRelay>	 <cosmicalpha> Because it doesn't support apex cname or alias records we need
[09:11:59] <MirahezeRelay>	 <cosmicalpha, replying to BlankEclair> We would use our dns using bind and then apex alias records.
[09:12:24] <BlankEclair>	 cf lets you do that?
[09:12:40] <MirahezeRelay>	 <cosmicalpha> Yes
[09:12:43] <BlankEclair>	 huh, til
[09:12:46] <MirahezeRelay>	 <owenrb> You need because of closed source software? Mkay
[09:12:55] <MirahezeRelay>	 <owenrb> Won't argue that point any furtjer
[09:14:43] <MirahezeRelay>	 <owenrb> To be honest, I don't blame the move away from all the existing software. I guess it makes sense when the tech team doesn't understand the existing infrastructure
[09:14:55] <MirahezeRelay>	 <owenrb> Probably easier to build from fresh
[09:38:53] <RhinosF1>	 There is a valid argument tbh for cloudflare
[09:38:58] <RhinosF1>	 We need ddos protection
[09:39:18] <RhinosF1>	 We have seen ddos attacks that we simply can't fight off on our own
[09:39:35] <RhinosF1>	 The WMF use cloudflare too (just in a different manner)
[09:41:02] <RhinosF1>	 And regarding GDNSD, we are considering the move to bind cause it seems to be the best option for the features we need
[09:41:17] <RhinosF1>	 GDNSD is too slow to support what we need
[09:41:23] <RhinosF1>	 Bind has a copy left license
[09:41:45] <RhinosF1>	 It is open source
[09:41:47] <RhinosF1>	 @owenrb
[09:42:28] <MirahezeRelay>	 <rhinosf1, replying to owenrb> The DDoS protections we had were about as good as a chocolate teacup
[09:42:43] <BlankEclair>	 i want chocolate now...
[09:43:00] <RhinosF1>	 BlankEclair: not a chocolate teacup though
[09:43:38] <MirahezeRelay>	 <owenrb, replying to RhinosF1> I didn't say bind wasn't, the comment was originally in relation to the comment of using CloudFlare for DNS management
[09:44:29] <CosmicAlpha>	 That was originally the plan that has since changed as we realized it wouldn't work. I like the new plan of using bind, which is still OSS better
[09:44:50] <MirahezeRelay>	 <rhinosf1, replying to owenrb> We only have cloudflare for the 10 domains we own
[09:45:10] <BlankEclair>	 how does wmf use cf?
[09:45:11] <MirahezeRelay>	 <rhinosf1> All other ones are staying in the dns repo
[09:45:22] <RhinosF1>	 BlankEclair: it's called spectrum I think
[09:45:43] <RhinosF1>	 It sits in the path the ip takes rather than proxying through them
[09:46:20] <RhinosF1>	 BlankEclair: https://www.cloudflare.com/en-gb/case-studies/wikimedia-foundation/
[09:46:22] <RhinosF1>	 Magic transit
[09:46:54] <RhinosF1>	 I remember that ddos
[09:47:07] <CosmicAlpha>	 That is what I originally wanted us to use but we couldn't it was way to expensive and we couldn't get it free.
[09:47:38] <RhinosF1>	 That WMF attack was a very large one
[09:47:43] <RhinosF1>	 It actually took us down too
[09:47:46] <RhinosF1>	 Cause instant commons
[09:47:51] <RhinosF1>	 But that was poor config
[09:48:52] <CosmicAlpha>	 That was in 2019 or 2020 wasn't it?
[09:49:13] <RhinosF1>	 2019 according to the article
[09:49:19] <CosmicAlpha>	 It was before I joined Miraheze but I think I remember it also.
[09:49:20] <BlankEclair>	 huh interesting
[09:50:04] <CosmicAlpha>	 Oh yeah, September 7, 2019
[09:50:06] <RhinosF1>	 BlankEclair: the guy was tweeting about it that supposedly did it
[09:50:22] <RhinosF1>	 It went on quite a while in waves
[09:50:29] <RhinosF1>	 The fact it took us down was funny
[09:50:37] <RhinosF1>	 Instant commons didn't have a timeout in our config
[09:50:47] <RhinosF1>	 And connections to WMF were taking forever
[09:50:51] <BlankEclair>	 hehe the funny no timeout cause miraheze to die 🥰
[09:50:56] <BlankEclair>	 (i have no idea how my mind works)
[09:51:06] <RhinosF1>	 So it used up all php workers
[09:51:11] <RhinosF1>	 I set a timeout eventually
[09:53:53] <RhinosF1>	 BlankEclair: we used to have a lot of preventable outages
[09:54:04] <BlankEclair>	 *gets popcorn*
[09:57:26] <RhinosF1>	 BlankEclair: we do make a lot up as we go along
[09:57:38] <RhinosF1>	 And have mostly people who lack actual experience
[09:57:42] <BlankEclair>	 make a lot of what up?
[09:57:50] <RhinosF1>	 BlankEclair: everything
[10:00:48] <MirahezeRelay>	 <theoneandonlylegroom> wow
[10:01:49] <RhinosF1>	 Why is relay so laggy
[10:02:21] <MirahezeRelay>	 <rhinosf1, replying to theoneandonlylegroom> To which bit?
[10:02:44] <MirahezeRelay>	 <theoneandonlylegroom> how wmf ddos took miraheze down
[10:02:52] <MirahezeRelay>	 <rhinosf1> Ah
[10:02:58] <MirahezeRelay>	 <theoneandonlylegroom> the more you know
[10:04:05] <MirahezeRelay>	 <rhinosf1> It makes sense
[10:04:27] <MirahezeRelay>	 <rhinosf1> We rely on Wikimedia to render any page with instant commons
[10:04:31] <MirahezeRelay>	 <rhinosf1> So every single file
[10:04:54] <MirahezeRelay>	 <rhinosf1> If all of them requests starting running until php times out
[10:05:03] <MirahezeRelay>	 <rhinosf1> You quickly run out of workers
[10:05:19] <MirahezeRelay>	 <rhinosf1> That's like a 15x increase in request times or something
[10:05:30] <MirahezeRelay>	 <rhinosf1> We use way more than 1/15th capacity
[10:07:51] <MirahezeRelay>	 <bluemoon0332, replying to owenrb> IMO it was never true: ever since I've been here we've used propietary CAPTCHA software
[10:08:02] <MirahezeRelay>	 <bluemoon0332> but you're right in that this is a big step back
[10:20:00] <MirahezeRelay>	 <bluemoon0332, replying to CosmicAlpha> I was the one who did the rename. I didn't think that account had a good name in the first place, but never really bothered to change it to another account. Then while chatting with Rhinos and Legroom about it the latter came up with the name BeeBot, and that's how BeeBot came to exist
[10:20:41] <MirahezeRelay>	 <rhinosf1> Pywikibot required a real account
[10:20:57] <MirahezeRelay>	 <rhinosf1> MH Maint Script didn't ever need to be account that could be logged into
[10:21:04] <MirahezeRelay>	 <rhinosf1> And quite a few usages will steal it
[10:21:14] <MirahezeRelay>	 <rhinosf1> So actually that could have prevented login at times
[10:23:23] <MirahezeRelay>	 <bluemoon0332, replying to Agent> name has no relation with WikiApiary
[10:24:11] <RhinosF1>	 we've blocked nearly 5 million amazonbot requests in a day
[10:24:45] <RhinosF1>	 that's like 60 a second
[10:24:47] <RhinosF1>	 i think
[10:25:26] <RhinosF1>	 they are only 3 UAs at higher than 100k mitigations
[10:26:08] <RhinosF1>	 one is being used by 2 banned IPs
[10:26:17] <RhinosF1>	 one is a scraper on loginwiki
[10:26:21] <RhinosF1>	 one is amazonbot
[10:26:36] <MirahezeRelay>	 <bluemoon0332> yes loginwiki, that wiki full of content
[10:26:56] <MirahezeRelay>	 <bluemoon0332> there's a lot to scrape there 😂
[10:27:14] <BlankEclair>	 send compression bombs to scrapers :3
[10:28:45] <BlankEclair>	 https://artemislena.eu/posts/2024/07/zipbombing.html
[10:29:00] <RhinosF1>	 @bluemoon0332: it's mostly checkLoggedIn
[10:29:28] <RhinosF1>	 a lot of automated bots follow linsk towards it
[10:29:53] <RhinosF1>	 it always shows up abnormally high
[10:31:34] <RhinosF1>	 loginwiki and static i generally look at seperately to everything else
[10:31:41] <RhinosF1>	 cause they got very different traffic patterns
[10:42:40] <MirahezeRelay>	 <raidarr, replying to owenrb> As OS already noted, being dependent on google captcha means we failed on this since the start and frankly it wad only a fussy minority, say 1 or 2 at most in a given period who put any real focus on it.
[10:43:13] <MirahezeRelay>	 <raidarr> This is alsoas someone who finds cloudflarean wvil on principle, but for now a necessary one
[10:45:41] <MirahezeRelay>	 <raidarr> From my prior experience previous mitigations were next to useless. Trying to divorce 'resourcing constraints' as nothing to do with DDoS is disingenuous if a proper DDoS killed our performance, that's the crux of the issue.
[10:46:47] <MirahezeRelay>	 <raidarr> I do hope we can supplant/remove cloudflare as a trap even though they are cozy with us now or for the immediate future
[10:48:22] <MirahezeRelay>	 <raidarr> Apologies for spelling errors, hate this keyboard but it's what I've got right now
[10:51:07] <MirahezeRelay>	 <owenrb, replying to raidarr> So precious DDoS mitigation was had did a lot to prevent them, we had a general resource issue that meant the site barely worked without a DDoS ongoing.
[10:51:53] <MirahezeRelay>	 <rhinosf1> We were using the old infra for last September's DDoS'
[10:52:06] <MirahezeRelay>	 <rhinosf1> they were not anything particularly special and it was useless
[10:52:10] <MirahezeRelay>	 <owenrb> I never said it stopped them all
[10:52:29] <MirahezeRelay>	 <rhinosf1> any useful DDoS protection should have been able to stop them
[10:52:31] <MirahezeRelay>	 <owenrb> It seemed since moving to this new infra, the level of DDoS impacts had increased
[10:52:47] <MirahezeRelay>	 <rhinosf1> they were extremely basic DDoSes targetting single URLs
[10:52:54] <MirahezeRelay>	 <rhinosf1> I can assure you that it hasn't
[10:53:15] <MirahezeRelay>	 <rhinosf1> Cloudflare has succesfully defended against a number of fairly large ddos attacks
[10:53:25] <MirahezeRelay>	 <rhinosf1> the last one being around 11 million requests
[10:53:27] <MirahezeRelay>	 <owenrb> I can assure you, it has - you only saw a basic picture, the ones where it was successful
[10:54:44] <MirahezeRelay>	 <rhinosf1> what ddos attack do you think cloudflare failed to mitigate against?
[10:54:56] <MirahezeRelay>	 <owenrb> I didn't say CF has
[10:55:07] <MirahezeRelay>	 <owenrb> CF wasn't an immediate migration over
[10:55:28] <MirahezeRelay>	 <owenrb> I'm talking back in Jan/Feb prior to CF even being part of the conversation here
[10:55:55] <MirahezeRelay>	 <rhinosf1> but what evidence do you have that our old infra's protection would have defended against it
[10:56:37] <MirahezeRelay>	 <rhinosf1> I suspect the ones earlier this year were poorly investigated to be honest and ruled a ddos against us too quick
[10:57:21] <MirahezeRelay>	 <owenrb> Your missing the point
[10:58:19] <MirahezeRelay>	 <owenrb> The point is MHL didn't suffer regular DDoS' due to mitigations
[10:58:31] <MirahezeRelay>	 <owenrb> But everyone seems to think it did
[10:59:18] <MirahezeRelay>	 <owenrb> The point is everyone seems to think MHL was poor at what it did - I'm getting sick of this narrative
[10:59:58] <MirahezeRelay>	 <rhinosf1> Our problem wasn't regular DDoS attacks
[11:00:10] <MirahezeRelay>	 <rhinosf1> we had a few large ones that still took the old infra out
[11:02:15] <MirahezeRelay>	 <owenrb> Indeed, but we had something that stopped some. Until CF was introduced here, there seemed to be zero mitigation against them - that's the point I'm making. It's not like suddenly here an issue is fixed, a regression is fixed
[11:10:04] <MirahezeRelay>	 <wernerderchamp> why tf are people even DDoSing Miraheze?
[11:10:23] <MirahezeRelay>	 <rhinosf1, replying to wernerderchamp> generally pissed off minecraft users
[11:10:29] <MirahezeRelay>	 <rhinosf1> sometimes pissed off general users
[11:10:35] <BlankEclair>	 why mc specifically
[11:11:28] <RhinosF1>	 BlankEclair: ask them
[11:11:30] <RhinosF1>	 i dunno
[11:11:30] <MirahezeRelay>	 <wernerderchamp> the people from fandom who got forked?
[11:11:46] <RhinosF1>	 i just know most of our ddoses have been blamed on minecraft users
[11:11:47] <BlankEclair>	 they forked to weird gloop though?
[11:12:03] <RhinosF1>	 BlankEclair: no because all of them in my tests were broken
[11:12:19] <BlankEclair>	 context? #miraheze?
[11:12:26] <RhinosF1>	 BlankEclair: oh ye
[11:12:46] <MirahezeRelay>	 <wernerderchamp> yes to weird gloop
[11:13:30] <MirahezeRelay>	 <theoneandonlylegroom, replying to wernerderchamp> no no, it's usually around specific mc servers
[11:14:18] <MirahezeRelay>	 <theoneandonlylegroom> it was even before mcw forked to weird gloop
[11:15:49] <MirahezeRelay>	 <wernerderchamp> I forgot that some people have no live...
[11:16:02] <BlankEclair>	 yeah that happens
[12:49:12] <MirahezeRelay>	 <pixldev, replying to wernerderchamp> 2b2t is one
[12:50:19] <BlankEclair>	 icinga is lighting up again
[12:50:47] <MirahezeRelay>	 <pixldev> Yup
[12:53:29] <BlankEclair>	 do you relate to procrastinating on work due tomorrow even tho you know it's due tomorrow?
[12:55:20] <MirahezeRelay>	 <pixldev, replying to BlankEclair> https://cdn.discordapp.com/attachments/1006789349498699827/1279786672149499925/IMG_5899.jpg?ex=66d5b5b7&is=66d46437&hm=5e4ea8fa3c37328dbfedb00a929575533de67c6f7cf12928c0bd19d086ec873f&
[12:55:40] <BlankEclair>	 SHE IS MOOD
[12:57:01] <BlankEclair>	 source spotted: https://www.pixiv.net/artworks/71059287
[13:02:22] <RhinosF1>	 BlankEclair: work gets completed in time for it to be due
[13:33:02] <MirahezeRelay>	 <pixldev, replying to owenrb> If I may ask since I’m genuinely curious about this and don’t intend this in a well actually way, do you know of any OSS alternatives to CloudFlare? Obviously I don’t expect you to have an encyclopedic knowledge of every alternative, and I do agree with that we should have at least tried to look for another option
[13:34:29] <MirahezeRelay>	 <owenrb, replying to pixldev> There was pre-existing OSS software that has been/will be removed to be replaced for CloudFlare.
[13:35:02] <MirahezeRelay>	 <pixldev> Namely varnish?
[13:35:04] <MirahezeRelay>	 <owenrb> For a list, there's Varnish, Squid, Nginx, Haproxy to name a few
[13:35:36] <MirahezeRelay>	 <pixldev> We’re not replacing NGINX i thought?
[13:35:41] <MirahezeRelay>	 <pixldev> I haven’t heard a word of it
[13:35:53] <MirahezeRelay>	 <owenrb> Nginx can be used for loadbalancing
[13:35:55] <MirahezeRelay>	 <pixldev> Also what in the hell is squid and haproxy..
[13:35:59] <MirahezeRelay>	 <owenrb> So it's an alternative
[13:36:08] <MirahezeRelay>	 <pixldev> Oh, so use case not the whole software
[13:36:11] <MirahezeRelay>	 <pixldev> My bad
[13:36:56] <MirahezeRelay>	 <owenrb> Haproxy is used for load balancing and Squid for caching
[13:37:43] <MirahezeRelay>	 <owenrb> I believe all software has been used at some point in Miraheze's history - obviously each one has benefits/limitations though
[13:37:54] <BlankEclair>	 i don't see why we needed to switch from varnish?
[13:38:12] <MirahezeRelay>	 <paladox> squid is a http proxy
[13:38:23] <MirahezeRelay>	 <pixldev> In the sense of using it with CF or not needing CF?
[13:38:38] <MirahezeRelay>	 <paladox> Wait why are we replacing varnish.
[13:39:06] <MirahezeRelay>	 <owenrb, replying to paladox> CloudFlare is doing the caching now
[13:40:00] <MirahezeRelay>	 <paladox> And it just loads balances requests through all the mw?
[13:40:13] <MirahezeRelay>	 <paladox> Do we really want cf to be able to directly connect to mw
[13:40:55] <RhinosF1>	 Yes that's how we're doing it
[13:41:22] <RhinosF1>	 BlankEclair: cloudflare is doing the caching
[13:41:29] <MirahezeRelay>	 <pixldev, replying to owenrb> Also: seems silly to me to think that a company that maintained miraheze for close to a decade didn’t know what it was doing
[13:41:51] <RhinosF1>	 Miraheze limited didn't maintain it for a decade
[13:41:54] <RhinosF1>	 The people did
[13:42:02] <MirahezeRelay>	 <paladox> There’s also the fact that we set requests to do different things in varnish
[13:42:25] <MirahezeRelay>	 <pixldev> Fair enough, although I’m referring to MHL as the people. The name miraheze limited didn’t keep the site running
[13:42:39] <MirahezeRelay>	 <paladox> CF looks like it’s quite limited
[13:42:55] <RhinosF1>	 Paladox was probably one of the longest and most consistent infra members of SRE
[13:43:01] <MirahezeRelay>	 <paladox> You have to select options, you can’t just code like in varnish
[13:43:02] <RhinosF1>	 Cause John had a few breaks
[13:43:37] <MirahezeRelay>	 <owenrb> The native since the start has just been negative towards the predecessor company - which is unfair
[13:43:50] <MirahezeRelay>	 <paladox> Clicking on desktop on mobile breaks when you reload the main page
[13:43:56] <MirahezeRelay>	 <paladox> Just goes back to mobile view
[13:44:38] <RhinosF1>	 We were in a poor state when Miraheze limited decided to close operations
[13:44:51] <RhinosF1>	 I don't think assigning blame is the correct approach though
[13:45:20] <MirahezeRelay>	 <pixldev, replying to owenrb> The only significant failing I can personally think of off the top of my head was infrastructural issues later on. MHL did a good job, they made mistakes. WTF is doing a good job, they also make mistakes. That’s my view rn
[13:45:24] <RhinosF1>	 I don't think the foundation has been everything it claimed to be though and it could and should be doing more from an organisational perspective
[13:46:56] <MirahezeRelay>	 <owenrb, replying to pixldev> And the infrastructure issues were a byproduct of finances and volunteer availability
[13:47:11] <MirahezeRelay>	 <pixldev> Exactly
[13:47:39] <RhinosF1>	 Which is a problem we haven't really solved
[13:47:55] <MirahezeRelay>	 <pixldev> I mean finances seem good
[13:48:04] <MirahezeRelay>	 <pixldev> Volunteers we always need more
[13:48:24] <MirahezeRelay>	 <owenrb> Finances are good because there was a big push at the start and some pre existing good deals to reduce capital expense
[13:48:40] <MirahezeRelay>	 <owenrb> MHL was in a good financial position at the start
[13:49:12] <MirahezeRelay>	 <owenrb> And actually continued to be until the beginning of last year when volunteer capacity issues began surfacing
[13:49:15] <RhinosF1>	 There are two types of expenditure pixl
[13:49:25] <RhinosF1>	 One is capital expenditure 
[13:49:31] <RhinosF1>	 And I forgot the name for the other one
[13:49:41] <MirahezeRelay>	 <owenrb> Operational Expenditure
[13:49:51] <RhinosF1>	 Thank you
[13:51:15] <RhinosF1>	 I've said in private that I think we need to have a better organisational layer than understand operating a proper business
[13:51:30] <MirahezeRelay>	 <pixldev> How so
[13:51:35] <RhinosF1>	 To do budgets and stuff
[13:51:43] <RhinosF1>	 And understand how to plan a business
[13:51:58] <RhinosF1>	 Because we don't have any strategy or long term planning
[13:52:12] <RhinosF1>	 We are very much managed like someone's side project
[13:52:19] <MirahezeRelay>	 <pixldev> I’ll go study business management in college and go run for board in say 7 years
[13:52:21] <RhinosF1>	 Cause we are for all our volunteers
[13:52:49] <RhinosF1>	 Owen was quite a good appointment to MHL's board
[13:52:57] <RhinosF1>	 And so was Rob while he was on the board
[13:53:20] <MirahezeRelay>	 <pixldev> Don’t believe I know about Rob
[13:53:25] <RhinosF1>	 I don't think the foundation has an equivalent of Owen
[13:53:35] <RhinosF1>	 Rob Lanphier from Electowiki
[13:53:45] <RhinosF1>	 He did a year on MHL board I think towards the start
[13:53:53] <RhinosF1>	 (@owenrb)
[13:54:24] <MirahezeRelay>	 <rhinosf1> @owenrb
[13:54:25] <MirahezeRelay>	 <pixldev> @owenrb
[13:54:29] <MirahezeRelay>	 <pixldev> Oops
[13:54:30] <MirahezeRelay>	 <pixldev> Sorry
[13:55:06] <BlankEclair>	 > [01/09/2024 23:52] <MirahezeRelay> <pixldev> I’ll go study business management in college and go run for board in say 7 years
[13:55:08] <BlankEclair>	 dedication
[13:55:45] <MirahezeRelay>	 <owenrb> Yeah Rob did a year and brought some good WMF experience at the start - I think he did Dec 2019 - Dec 2020
[13:56:38] <MirahezeRelay>	 <pixldev> Owen, if I may ask, what are your objections with CF, besides being proprietary
[13:58:20] <MirahezeRelay>	 <owenrb> That's the main objection -  I think a project that prides itself on utilising as much open source technology as possible is good and was one of the big draws to me joining and will to support. It's why I then when to build TSPortal over just using another piece of closed source software to achieve what was needed
[13:58:45] <MirahezeRelay>	 <pixldev> Okay, that’s a fair and logical objection
[13:59:16] <MirahezeRelay>	 <pixldev> Although the proposed replacement for TSP is OSS so sticking to that part at least
[13:59:32] <MirahezeRelay>	 <rhinosf1, replying to pixldev> Isn't it email the inbox?
[13:59:49] <MirahezeRelay>	 <pixldev> Harej was trying UVDesk I Vel
[13:59:50] <MirahezeRelay>	 <pixldev> Believe
[13:59:58] <MirahezeRelay>	 <rhinosf1> Not heard of that
[14:00:12] <MirahezeRelay>	 <pixldev> https://uvdesk.con
[14:00:23] <MirahezeRelay>	 <owenrb> My plan with TSPortal was also cross platform integration with all software we used
[14:00:37] <MirahezeRelay>	 <owenrb> So TSPortal could in the end, manage the workflows end to end
[14:00:50] <MirahezeRelay>	 <pixldev> Would be pretty cool
[14:00:55] <MirahezeRelay>	 <rhinosf1> I am really not convinced by uvdesk
[14:01:01] <MirahezeRelay>	 <rhinosf1> It's generic helpdesk software
[14:01:08] <MirahezeRelay>	 <rhinosf1> T&S is not a generic helpdesk
[14:01:09] <MirahezeRelay>	 <pixldev> It’s in the consideration stage still
[14:01:28] <MirahezeRelay>	 <rhinosf1> Managing T&S like it's a customer service function is a bad idea
[14:01:29] <MirahezeRelay>	 <pixldev> I’d agree I’d prefer something specific to our usecase
[14:01:36] <MirahezeRelay>	 <rhinosf1> It's not, it's legal & compliance
[14:02:13] <MirahezeRelay>	 <pixldev> Help desk software is flexible so
[14:03:12] <MirahezeRelay>	 <rhinosf1> I'm very firmly of the opinion that T&S should be done properly
[14:03:19] <MirahezeRelay>	 <pixldev> Getting someone to actively maintain and expand TSP would be the best case I think
[14:03:22] <MirahezeRelay>	 <rhinosf1> Because of its seriousness
[14:03:29] <MirahezeRelay>	 <pixldev> But we just don’t have anybody to do so I think
[14:03:31] <MirahezeRelay>	 <rhinosf1> I'm sure @owenrb agrees
[14:03:37] <MirahezeRelay>	 <pixldev, replying to rhinosf1> That’s logical
[14:03:54] <MirahezeRelay>	 <owenrb, replying to pixldev> I offered and was turned down
[14:04:01] <MirahezeRelay>	 <rhinosf1> T&S should be dealing with stuff that has a legal consequence
[14:04:16] <MirahezeRelay>	 <rhinosf1> If it can have a community resolution, it should do
[14:04:16] <MirahezeRelay>	 <pixldev> Really?
[14:04:20] <MirahezeRelay>	 <pixldev> Huh
[14:04:29] <MirahezeRelay>	 <pixldev> I’d be curious to hear the reasoning
[14:04:53] <MirahezeRelay>	 <owenrb> Reasoning I was given was that they didn't want to use it
[14:05:04] <MirahezeRelay>	 <rhinosf1> And if you're going to court (civil or criminal, defendant or complainant ), you should have your ducks in a row
[14:05:37] <MirahezeRelay>	 <pixldev, replying to owenrb> I mean the reasoning why a new option is considered more effective
[14:05:43] <MirahezeRelay>	 <pixldev> CC @serverlessharej
[14:06:00] <MirahezeRelay>	 <owenrb> Oh, no idea
[14:07:02] <MirahezeRelay>	 <pixldev> I won’t object if there are logical good reasons behind the decision I just personally disagree with it with my current knowledge
[14:16:32] <MirahezeRelay>	 <serverlessharej> I recommend adding your comments to the ticket
[14:23:39] <MirahezeRelay>	 <pixldev, replying to serverlessharej> Will do later
[14:24:53] <MirahezeRelay>	 <rhinosf1> Surely open discussion is better
[14:30:08] <MirahezeRelay>	 <serverlessharej> If you have objections to UVdesk I want them to be logged somewhere that isn’t going to just disappear into the buffer
[14:31:20] <MirahezeRelay>	 <rhinosf1> I think it would be easier to have a conversation and then log a summary
[14:42:11] <MirahezeRelay>	 <serverlessharej> I’m about to leave for the airport
[14:46:20] <MirahezeRelay>	 <pixldev, replying to serverlessharej> Have a safe flight
[15:05:41] <MirahezeRelay>	 <pixldev> @owenrb @rhinosf1 added a comment and subbed you both
[15:16:57] <MirahezeRelay>	 <paladox> You can’t code in cf like you can in varnish
[15:17:04] <MirahezeRelay>	 <paladox> See https://github.com/miraheze/puppet/blob/master/modules/varnish/templates/default.vcl
[15:17:21] <MirahezeRelay>	 <paladox> Clicking desktop on mobile is brokennish
[15:24:02] <MirahezeRelay>	 <pixldev, replying to paladox> Servers are confusing
[15:36:47] <MirahezeRelay>	 <originalauthority, replying to paladox> Yes you can using workers
[15:37:48] <MirahezeRelay>	 <paladox, replying to originalauthority> How so
[15:38:12] <MirahezeRelay>	 <originalauthority> ? The same way it's done in varnish but using javascript
[15:39:08] <MirahezeRelay>	 <originalauthority> it's evaluated at the edge before cloudflare passes the response back to the client
[15:42:28] <MirahezeRelay>	 <bluemoon0332> it's one of those serverless things
[15:42:35] <MirahezeRelay>	 <originalauthority> its neaaaaat
[15:42:38] <MirahezeRelay>	 <bluemoon0332> but if it's serverless...
[15:42:43] <MirahezeRelay>	 <bluemoon0332> where is it running?
[15:43:00] <MirahezeRelay>	 <bluemoon0332> Surely some computer somewhere must be executing the script
[15:43:02] <MirahezeRelay>	 <pixldev> The edge
[15:43:06] <MirahezeRelay>	 <originalauthority> it runs on cloudflare's server at the edge
[15:43:15] <MirahezeRelay>	 <bluemoon0332> I was joking people
[15:43:31] <MirahezeRelay>	 <originalauthority> i like it tbf
[15:43:34] <MirahezeRelay>	 <originalauthority> it can also interact with redis
[15:43:36] <MirahezeRelay>	 <originalauthority> which is nice
[15:43:42] <MirahezeRelay>	 <originalauthority> but not sure why anyone would do that
[16:54:01] <MirahezeRelay>	 <paladox, replying to originalauthority> Oh
[16:55:43] <MirahezeRelay>	 <originalauthority> [1/11] I think its pretty much similar syntax, ie I do
[16:55:43] <MirahezeRelay>	 <originalauthority> [2/11] ```js
[16:55:43] <MirahezeRelay>	 <originalauthority> [3/11] if ( cacheUrl.pathname.includes('/rest.php') || cacheUrl.pathname.includes('/api.php') ) {
[16:55:43] <MirahezeRelay>	 <originalauthority> [4/11]           shouldBypassCache = true;
[16:55:44] <MirahezeRelay>	 <originalauthority> [5/11]         }
[16:55:44] <MirahezeRelay>	 <originalauthority> [6/11] ....
[16:55:44] <MirahezeRelay>	 <originalauthority> [7/11] if (shouldBypassCache) {
[16:55:45] <MirahezeRelay>	 <originalauthority> [8/11]             return fetch(request);
[16:55:45] <MirahezeRelay>	 <originalauthority> [9/11]         }
[16:55:45] <MirahezeRelay>	 <originalauthority> [10/11] ```
[16:55:46] <MirahezeRelay>	 <originalauthority> [11/11] which fetches it from the server insetad of cloudflare, which is 100% easier to read and understand that vcl_miss and vcl_pass and all that stuff
[16:56:10] <MirahezeRelay>	 <paladox> Nice
[16:56:29] <MirahezeRelay>	 <paladox> Can we publish our version in a public repository
[16:56:40] <MirahezeRelay>	 <paladox> And copy it when changes are made
[16:56:52] <MirahezeRelay>	 <originalauthority> miraheze doesn't use workers
[16:56:54] <MirahezeRelay>	 <originalauthority> just cache rules
[16:58:02] <MirahezeRelay>	 <paladox> Oh, maybe it should use workers?
[16:58:44] <MirahezeRelay>	 <originalauthority> 100% should, but idk if they give out workers for free to companies like they do with the other stuff (since they are a different product that costs)
[16:59:39] <MirahezeRelay>	 <bluemoon0332> we _have_ workers, although our free plan won't do for replacing cache rules
[17:00:01] <MirahezeRelay>	 <originalauthority> i assume thats due to cost?
[17:00:04] <MirahezeRelay>	 <paladox> So you have to pay for it? So not really the same as varnish?
[17:00:20] <MirahezeRelay>	 <originalauthority> I was speaking technologically, not in monetary terms
[17:00:35] <MirahezeRelay>	 <pixldev, replying to originalauthority> We could ask very nicely and bring muffins to their office
[17:01:03] <MirahezeRelay>	 <bluemoon0332, replying to originalauthority> it's because of our max 100.000 requests per day with workers
[17:01:04] <MirahezeRelay>	 <paladox> Yeh but we can’t use it unless we pay. Using varnish means it’s free and we have control.
[17:02:35] <MirahezeRelay>	 <bluemoon0332> and just miraheze.org has over 60 million requests per day
[17:05:03] <MirahezeRelay>	 <bluemoon0332> also even their standard paid plan for workers has 10 million included per month +$0.30 per additional million.
[17:05:14] <MirahezeRelay>	 <bluemoon0332> looks like it'd be crazy expensive
[17:06:01] <MirahezeRelay>	 <pixldev, replying to bluemoon0332> How much is the standard plan
[17:07:00] <MirahezeRelay>	 <pixldev, replying to bluemoon0332> ~$537 a month I think
[17:07:03] <MirahezeRelay>	 <pixldev> Plus the base plan
[17:07:37] <MirahezeRelay>	 <bluemoon0332, replying to pixldev> just the plan is 5$ + all the extra for going over 10 million requests
[17:09:08] <MirahezeRelay>	 <pixldev, replying to bluemoon0332> So 542 dollars a month
[17:09:13] <MirahezeRelay>	 <pixldev> My napkin math
[17:09:42] <MirahezeRelay>	 <bluemoon0332> there's also "Workers for Platforms" which is $25.00 + additional usage per month but I don't know what's different from normal workers
[17:11:36] <MirahezeRelay>	 <pixldev> Also 10mm a month?
[17:11:45] <MirahezeRelay>	 <bluemoon0332, replying to pixldev> for comparison, according to the Finance page,  $4700.70 were paid to fiberstate for colocation for the February 2024 - February 2025 period
[17:12:23] <MirahezeRelay>	 <bluemoon0332> it'd literally be more expensive to use workers this way than to host the servers.
[17:15:42] <MirahezeRelay>	 <pixldev> Uh huh
[17:15:48] <MirahezeRelay>	 <pixldev> So let’s not
[17:15:59] <MirahezeRelay>	 <pixldev, replying to pixldev> Unless someone here is a very good banker
[19:18:55] <MirahezeRelay>	 <originalauthority, replying to bluemoon0332> iirc thats just bare metal isn't it? I thought miraheze stopped with the colocation stuff
[21:13:03] <MirahezeRelay>	 <cosmicalpha, replying to bluemoon0332> I think can request Cloudflare Workers increase for free. It is something that can be requested as part of Project Galileo according to docs, not sure to which extent though.
[21:36:39] <MirahezeRelay>	 <notaracham> Worth exploring, at the very least
[22:51:31] <MirahezeRelay>	 <pixldev, replying to cosmicalpha> project galileo?
[22:51:57] <MirahezeRelay>	 <cosmicalpha, replying to pixldev> It's what we were accepted into for free Cloudflare
[22:52:08] <MirahezeRelay>	 <pixldev> ah
[22:52:15] <MirahezeRelay>	 <pixldev> what are the terms/requirements
[23:17:54] <Agent>	 we can get most of CF features for free via Galileo
[23:18:10] <Agent>	 but it seems the response wait times are brutal
[23:18:27] <PixDeVl>	 The internet DMV