[09:33:15] bblack: sukhe: cdanis: didn;t read all the back log but an unquoted yaml value starting with a colon causes isses for the parser. in the past i have just used 0::/0 and 0::1 to get round the ipv6 specific case (although enforcing quoted values seems like a better option) [09:37:08] volans: what's your opinion on nose vs pytest? (i know you must have one :) [09:38:42] kormat: nowadays pytest as nose has lost that battle because they took too long to make nose2 and nose was kinda abandoned for too long [09:39:13] and still not very active [09:39:20] so definitely pytest if you ask me [09:39:27] ok :) [09:39:29] if you have very simple tests then unittest might be enough [09:39:43] also some of the pytest features are quite nice [09:39:50] i'm looking at a case where i want to mock an env variable, and pytest has direct support for this [09:40:12] yeah [09:40:36] alright. i think i'll convert wmfmariadbpy from nose/unittest to pytest. there isn't a huge amount of tests to begin with, so it's not a lot of effort. [09:42:00] feel free to ping me in pvt if you need pointers on how to convert something specific [09:42:06] it's pretty straightforward [09:42:07] cheers :) [09:42:32] and pytest understand nose format too (but you need to convert to take advantage of the features) [09:45:19] lucky me - i've just been informed this is my first clinic duty week. i note that there isn't anyone in the schedule to show me the ropes. should i be checking the history of the page to see who silently removed themselves? ;) [09:51:31] https://wikitech.wikimedia.org/wiki/SRE_Clinic_Duty is a good first intro, and you can use #wikimedia-clinic for questions on the process [09:52:01] ok cool. reading currently. [11:39:40] jbond42: thanks! we ended up quoting it [11:43:13] yes i think thats the better approche tbh [12:46:34] jbond42: question for you: can/should mod_auth_cas be configured to set SameSite=Lax on its cookies? it's the default in most browsers anyway, just not Safari and FF for Android and a few others [12:47:14] it's a bit of free defense against CSRF [12:49:53] cdanis: im not familure with that cookie setting but looking at the mod_auth_cas docs we have https://github.com/apereo/mod_auth_cas/blob/cdd25260d71faa1e54610a0bb4fada7809762fe3/README#L278-L281 [12:49:57] CASCookieSameSite [12:50:11] by default it is set to null but we can set it to LAX or Strict [12:50:14] oh cool [12:51:02] so in Chrome and FF, SameSite=Lax has been the default since July this year [12:51:21] but there are a few other browsers where it isn't yet the default, and it adds some safety [12:51:23] https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/ [12:51:26] has a decent explanation [12:52:50] https://web.dev/samesite-cookies-explained/#explicitly-state-cookie-usage-with-the-samesite-attribute [12:53:54] cool thanks i have created https://phabricator.wikimedia.org/T264605 and will take a look later in the week. should be fairly easy to add [12:54:08] awesome thanks! [12:54:28] no probs :) [19:03:57] There is no more difference between bastion hosts now. Instead of having "general" and "pop" and "opsonly".. all of them are just one thing now: role(bastionhost) and that's it. [19:04:10] (and we have them in the POPs) [19:05:01] \o/ [19:05:43] \o/ [19:05:58] (them = install servers).. just need to deploy one router config change [19:06:55] nice! [19:07:52] also expect re-installs with buster soon [19:08:06] but that should not change the numbers this time i think [22:28:17] deleted shinken entirely [22:32:41] mutante: you are the hero that the world needed :) [22:35:22] bd808: aww, thank you