[03:25:15] <MirahezeRelay>	 <cosmicalpha, replying to originalauthority> Yep, that is why we are using mattermost for this reason.
[03:25:40] <MirahezeRelay>	 <cosmicalpha> Plus it is open source.
[05:02:11] <MacFan4000>	 Ofc it will go on a VM outside of the fiberstate DC so that it stays available during outages
[05:05:15] <MirahezeRelay>	 <cosmicalpha> It will probably go on more than one VM (maybe one FS and one outside) with load balancing so if one goes down it fallbacks to the other. Will see though...
[05:06:38] <MacFan4000>	 BTW if we can merge the two open DNS prs at some point that would be great :)
[05:07:26] <MirahezeRelay>	 <cosmicalpha> Done
[12:03:28] <MacFan4000>	 Hmm, looks like mattermost requires a PostgreSQL db, so not sure how we’d want to handle that with loaf balancing
[12:17:22] <RhinosF1>	 MacFan4000: what you mean?
[12:26:38] <MacFan4000>	 01:05 <MirahezeRelay> <cosmicalpha> It will probably go on more than one VM (maybe one FS and one outside) with load balancing so if one goes down it fallbacks to the other. Will see though...
[12:26:54] <MacFan4000>	 RhinosF1 ^
[12:27:24] <MacFan4000>	 (We want to switch to mattermost for internal communication)
[12:32:37] <RhinosF1>	 MacFan4000: ah
[12:32:48] <RhinosF1>	 i guess you have to have replicated 
[12:33:04] <RhinosF1>	 we can setup an auto failover psql-primary or something
[12:40:58] <RhinosF1>	 MacFan4000: you seen the ddos alert
[12:45:31] <RhinosF1>	 anyway auto failover is easy
[12:45:36] <RhinosF1>	 should set a low ttl though
[13:00:10] <MirahezeRelay>	 <pixldev, replying to agentisai> I set up google chats for my Boy Scout troop communication
[13:00:14] <MirahezeRelay>	 <pixldev> My recommendation
[13:00:16] <MirahezeRelay>	 <pixldev> Please don’t
[13:00:20] <MirahezeRelay>	 <pixldev> It’s worse then discord
[13:00:36] <MirahezeRelay>	 <pixldev> (Yea I pushed for my troop to use discord)
[13:00:44] <MirahezeRelay>	 <pixldev> U13 clause in TOS killed it
[13:01:26] <BlankEclair>	 imagine pushing them to use irc
[13:02:04] <MirahezeRelay>	 <pixldev> These kids? I’d have a better chance convincing them to use carrier pigeons
[13:02:24] <MirahezeRelay>	 <pixldev> Although in hind sight I wish we had considered matrix
[13:02:30] <MirahezeRelay>	 <pixldev> Although I’m not sure if it would have worked
[13:02:42] <BlankEclair>	 why not matrix?
[13:02:50] <BlankEclair>	 i mean, i shit constantly about it, but still?
[13:02:53] <MirahezeRelay>	 <pixldev> It took a year to get G Chats set up and approved by committee so the scout master cores do not wanna change
[13:02:59] <BlankEclair>	 oh jesus christ
[13:03:10] <MirahezeRelay>	 <pixldev> It was a back burner priority
[13:03:23] <RhinosF1>	 You could use fax
[13:03:27] <MirahezeRelay>	 <pixldev> I was the scout who set everything up though
[13:03:30] <MirahezeRelay>	 <pixldev> lmao
[13:07:21] <MirahezeRelay>	 <agentisai> IRCheze when?
[13:10:38] <BlankEclair>	 meanwhile a rainverse wiki contributor: "inb4 Miraheze hosts a Fedi :3"
[13:10:50] <BlankEclair>	 (my response: "the ~400 open phorge tasks are currently doing a 'bruh' face as we speak")
[13:13:35] <RhinosF1>	 BlankEclair: heh
[13:16:53] <MirahezeRelay>	 <agentisai> We have better things to do
[13:16:54] <MirahezeRelay>	 <agentisai> like move Miraheze to be entirely Web3-based
[13:17:51] <BlankEclair>	 web3?
[13:17:56] <BlankEclair>	 c'mon, we can make web4!
[13:18:01] <RhinosF1>	 Cloudflare has web 3 features
[13:18:04] <BlankEclair>	 why
[13:18:18] <BlankEclair>	 and what are they
[13:18:55] <RhinosF1>	 BlankEclair: https://www.cloudflare.com/en-gb/application-services/products/web3/
[13:19:41] <BlankEclair>	 okay thank god they're just gateways
[13:19:48] <BlankEclair>	 i thought they actually added web3 features on your site
[13:21:29] <RhinosF1>	 You should be able to access Miraheze over Tor too
[13:21:42] <RhinosF1>	 That's also a cloudflare thing
[13:21:56] <RhinosF1>	 But ye we don't use anything web3 related
[13:22:41] <MirahezeRelay>	 <theoneandonlylegroom> but I already could access Miraheze via Tor ...
[13:23:02] <MirahezeRelay>	 <theoneandonlylegroom> unless I'm confusing w/ something else
[13:24:02] <MirahezeRelay>	 <rhinosf1> Should have onion routing though now
[13:24:10] <BlankEclair>	 wdym?
[13:27:40] <RhinosF1>	 BlankEclair: cloudflare should send a header that allows the tor browser to switch to a .onion address
[13:27:47] <BlankEclair>	 oh okay
[13:31:02] <BlankEclair>	 RhinosF1: i don't see it on meta.miraheze.org and rainverse.miraheze.org
[13:32:32] <RhinosF1>	 BlankEclair: the url won't show
[13:32:39] <BlankEclair>	 >
[13:32:40] <BlankEclair>	 ?
[13:32:48] <RhinosF1>	 Click the think next to the padlock
[13:32:55] <RhinosF1>	 https://tb-manual.torproject.org/managing-identities/#managing-identities
[13:34:44] <RhinosF1>	 https://developers.cloudflare.com/network/onion-routing/
[13:34:48] <BlankEclair>	 going through the standard three nodes
[13:35:14] <BlankEclair>	 https://files.catbox.moe/4xle9k.png
[13:39:12] <RhinosF1>	 BlankEclair: compare that to a legacy custom domain
[13:39:22] <RhinosF1>	 Like publictestwiki.com
[13:39:42] <RhinosF1>	 Not actually
[13:39:47] <BlankEclair>	 https://files.catbox.moe/2yqn7z.png
[13:39:54] <RhinosF1>	 allthetropes.org BlankEclair
[13:39:55] <RhinosF1>	 Try art
[13:39:58] <RhinosF1>	 ATT
[13:40:31] <BlankEclair>	 https://files.catbox.moe/25fxg7.png
[13:40:44] <RhinosF1>	 Weird
[13:41:16] <BlankEclair>	 https://tb-manual.torproject.org also gives me an .onion available button
[13:41:34] <BlankEclair>	 https://files.catbox.moe/4aoysl.png
[13:44:49] <RhinosF1>	 You should see that for mh
[13:44:57] <BlankEclair>	 nope :D
[13:45:08] <RhinosF1>	 Hmm
[13:45:13] <BlankEclair>	 it's the Onion-Location response header
[13:45:14] <BlankEclair>	 not there for mh
[14:01:43] <RhinosF1>	 Cloudflare sends it as alt-svc or something
[14:06:18] <BlankEclair>	 > alt-svc: h3=":443"; ma=86400
[14:13:39] <RhinosF1>	 Hmm
[18:35:23] <MirahezeRelay>	 <rhinosf1> @bluemoon0332 thank you for sorting BIND
[18:35:39] <MirahezeRelay>	 <rhinosf1> Just to let you know, tomorrow is my last day before I go on holiday until 18th
[18:35:57] <MirahezeRelay>	 <rhinosf1> I will be back online evening of the 18th
[18:36:07] <MirahezeRelay>	 <pixldev> Enjoy!
[18:36:20] <MirahezeRelay>	 <rhinosf1> @pixldev I will
[18:36:35] <MirahezeRelay>	 <rhinosf1> Try not to break absolutely everything
[18:36:56] <MirahezeRelay>	 <pixldev, replying to rhinosf1> I’ll try
[18:37:19] <MirahezeRelay>	 <rhinosf1> I'll still have my phone
[18:37:35] <MirahezeRelay>	 <rhinosf1> But I intend to enjoy my holiday and get some peace
[18:37:51] <MirahezeRelay>	 <rhinosf1> I guess it's between Miraheze and work on who breaks the peace
[18:38:07] <MirahezeRelay>	 <songngu.xyz> that got me hard
[19:25:17] <MirahezeRelay>	 <rhinosf1> @bluemoon0332 do you want my script for uploading domains into cloudflare
[19:25:43] <MirahezeRelay>	 <rhinosf1> You should run it just before the switch as otherwise it'll start backing off and checking less often
[19:25:57] <MirahezeRelay>	 <bluemoon0332> might come in handy, yeah
[19:26:35] <MirahezeRelay>	 <bluemoon0332> especially since there are quite a few domains to move
[19:26:37] <MirahezeRelay>	 <rhinosf1> I will upload to a phab paste tomorrow
[19:26:54] <MirahezeRelay>	 <rhinosf1> @bluemoon0332 circa 200
[19:45:11] <MirahezeRelay>	 <bluemoon0332> @rhinosf1 ummm, we may have a bit of an issue with this plan. The RFC itself was finalized on November 2023, and AliasMode is not yet implemented on Chromium and Firefox, only ServiceMode is apparently supported (Chromium: https://issues.chromium.org/issues/40257146, Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1869075).
[19:45:38] <MirahezeRelay>	 <bluemoon0332> It seems I'm trying to be a little _too_ bleeding edge here
[19:46:11] <MirahezeRelay>	 <rhinosf1> Oh
[19:46:22] <MirahezeRelay>	 <bluemoon0332> I'll see what ServiceMode is about, maybe it can save us
[19:48:57] <MirahezeRelay>	 <bluemoon0332> this whole no CNAMEs alongside other records stuff is so stupid
[19:49:22] <MirahezeRelay>	 <bluemoon0332> I can't believe it has taken until just very recently for a standard solution to be made
[19:50:20] <MirahezeRelay>	 <bluemoon0332> if only the ANAME RFC didn't die back in 2020
[19:53:33] <MirahezeRelay>	 <rhinosf1> Ye it is
[20:04:59] <MirahezeRelay>	 <bluemoon0332> not hosting DNS _is_ an option, just saying, in case we want to keep the CF migration rolling
[20:06:44] <MirahezeRelay>	 <bluemoon0332> even if Chromium and Firefox implement this in the real future, it will be only on the very latest versions, bots, to give an example, may take even longer to implement RFC 9460.
[20:09:32] <MirahezeRelay>	 <agentisai> I suggested setting up vanity NS servers at CloudFlare and then setting up those domains pointing to ns1/ns2 on CloudFlare but CA said it might be too much work to do
[20:09:49] <MirahezeRelay>	 <bluemoon0332> at least is something I can do
[20:10:02] <MirahezeRelay>	 <bluemoon0332> rather than sit on my ass waiting for browsers to implement this
[20:10:04] <MirahezeRelay>	 <rhinosf1> I suggest we see if cloudflare have any ideas
[20:10:12] <MirahezeRelay>	 <rhinosf1> i did open a ticket
[20:10:29] <MirahezeRelay>	 <bluemoon0332> let's hope they bring good news
[20:11:34] <MirahezeRelay>	 <rhinosf1> @bluemoon0332 do we still log failed logins in graylog
[20:11:39] <MirahezeRelay>	 <bluemoon0332> yes
[20:12:58] <MirahezeRelay>	 <rhinosf1> @bluemoon0332 can you get the ip that just tried to login in as me
[20:14:02] <MirahezeRelay>	 <bluemoon0332> you should ask someone else @rhinosf1
[20:14:10] <MirahezeRelay>	 <bluemoon0332> It's pretty late for me and I'm going to sleep
[20:15:21] <MirahezeRelay>	 <rhinosf1> @evalprime you actually about?
[20:15:24] <MirahezeRelay>	 <rhinosf1> or @orduin
[20:15:32] <MirahezeRelay>	 <songngu.xyz, replying to rhinosf1> that feels wrong :whipped_look:
[20:15:39] <MacFan4000>	 Searching google brings up https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/apex-proxying/
[20:15:50] <MirahezeRelay>	 <rhinosf1, replying to songngu.xyz> I have an NDA
[20:16:05] <MirahezeRelay>	 <songngu.xyz> ah right...
[20:16:20] <MacFan4000>	 (Would have to have support set it up, but it is an option)
[20:16:23] <MirahezeRelay>	 <rhinosf1, replying to MacFan4000> I suggest they'll suggest that
[20:19:52] <RhinosF1>	 MacFan4000: what about you? can you see the ip for the failed login on meta for me?
[20:32:14] <MacFan4000>	 RhinosF1: I’m not seeing it
[20:32:37] <RhinosF1>	 MacFan4000: anything in graylog for failed logins on meta?
[20:32:45] <RhinosF1>	 the echo emails says meta
[20:32:55] <RhinosF1>	 I can see 5 jobs generated around the same time
[20:33:10] <RhinosF1>	 so I'd expect a few failed login messages in graylog
[20:40:10] <RhinosF1>	 MacFan4000: anything from LoginNotify
[20:40:26] * RhinosF1 wonders if https://github.com/miraheze/mw-config/commit/3a987cb1cf1b7cbc11cdd19b13008c3661ee1ca0 is to blame
[20:47:13] <MacFan4000>	 I don’t see anything for LoginNotify
[20:52:19] <RhinosF1>	 MacFan4000: can you move that back to debug
[20:52:27] <RhinosF1>	 we really should be logging failed logins
[20:52:46] <MirahezeRelay>	 <pixldev> That shouldn’t be debug probably
[20:53:52] <MirahezeRelay>	 <rhinosf1> https://issue-tracker.miraheze.org/T8834#196973 kinda worries me
[20:59:25] <RhinosF1>	 MirahezeRelay: https://github.com/wikimedia/mediawiki-extensions-LoginNotify/blob/master/includes/LoginNotify.php#L1091
[20:59:28] <RhinosF1>	 MacFan4000: *
[20:59:33] <RhinosF1>	 info should generate something
[20:59:46] <MirahezeRelay>	 <bluemoon0332> I'll check
[21:00:16] <MirahezeRelay>	 <bluemoon0332> I saw LoginNotify messages regarding failed logins, so that commit's not at fault
[21:00:59] <MirahezeRelay>	 <rhinosf1> debug might be a bit too verbose
[21:01:06] <MirahezeRelay>	 <rhinosf1> but ye something must be there
[21:10:44] <MacFan4000>	 found it
[21:11:04] <MacFan4000>	 RhinosF1: see PM
[21:41:51] <MirahezeRelay>	 <rhinosf1> @bluemoon0332 @cosmicalpha fyi https://issue-tracker.miraheze.org/T12551