#archlinux32 | Logs for 2018-04-23
Back
[00:06:50] -!- belanthor has quit [Quit: Leaving]
[00:07:05] -!- AndrevS has quit [Quit: umount /dev/irc]
[00:57:13] -!- belanthor has joined #archlinux32
[01:10:56] -!- belanthor has quit [Ping timeout: 265 seconds]
[01:27:49] -!- belanthor has joined #archlinux32
[02:27:31] -!- davor has quit [Ping timeout: 268 seconds]
[02:34:02] -!- davor has joined #archlinux32
[02:49:34] <tyzoid> deep42thought: That would be correct :/ I'll add that as a valid char
[02:52:43] <tyzoid> deep42thought: hmm, I must have added it already
[02:52:51] <tyzoid> `/^([a-z-]+:)?[a-zA-Z0-9@+._-]+$/` is the regex
[02:53:40] <tyzoid> A quick search of package names gives the following charset
[02:53:40] <tyzoid> $ pacman -Ssq | sed 's/./&\n/g' | sort -u | tr -d '\n'; echo
[02:53:41] <tyzoid> _-.@+0123456789aAbBcCdefgGhijklmnopqrsStuUvwxyz
[04:23:43] -!- belanthor has quit [Quit: Leaving]
[04:33:44] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.unimportant_query.stdin.2018-04-23T04:33:43.ZIDQEj"?.
[04:42:28] -!- isacdaavid has quit [Quit: Leaving.]
[05:25:49] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.unimportant_query.stdin.2018-04-23T05:25:47.jxD3e0"?.
[05:25:49] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.unimportant_query.stdin.2018-04-23T05:25:47.AdmiYp"?.
[05:41:47] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.unimportant_query.stdin.2018-04-23T05:41:40.d5q1Sc"?.
[05:41:47] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.unimportant_query.stdin.2018-04-23T05:41:40.wQmfhH"?.
[06:14:45] -!- deep42thought has joined #archlinux32
[06:14:47] <buildmaster> Hi deep42thought!
[06:15:06] <deep42thought> tyzoid: well, I can just tell you, that it does not work: https://pkgapi.arch32.tyzoid.com
[06:15:17] <deep42thought> maybe it's some encoding issue?
[06:15:31] <deep42thought> what does http (or your backend) do to the "+"?
[06:35:13] -!- titus_livius has joined #archlinux32
[06:52:20] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.unimportant_query.stdin.2018-04-23T06:52:18.0dldVb"?.
[07:25:57] -!- buildmaster has quit [Remote host closed the connection]
[07:28:50] -!- buildmaster has joined #archlinux32
[07:29:10] -!- eduardoeae has quit [Ping timeout: 264 seconds]
[07:34:25] -!- deep42thought has quit [Quit: Leaving.]
[08:08:27] -!- davor has quit [Ping timeout: 240 seconds]
[08:14:59] -!- davor has joined #archlinux32
[08:25:19] -!- oaken-source has joined #archlinux32
[08:32:14] -!- deep42thought has joined #archlinux32
[08:32:14] <buildmaster> Hi deep42thought!
[09:24:50] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.unimportant_query.stdin.2018-04-23T09:24:46.ICR3P2"?.
[09:24:52] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.unimportant_query.stdin.2018-04-23T09:24:46.RT5zxK"?.
[09:24:52] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.unimportant_query.stdin.2018-04-23T09:24:50.UE44i3"?.
[09:57:58] -!- oaken-source has quit [Ping timeout: 264 seconds]
[10:16:44] -!- wiseacre has joined #archlinux32
[10:39:08] -!- oaken-source has joined #archlinux32
[11:25:12] -!- wiseacre has quit [Changing host]
[11:25:12] -!- wiseacre has joined #archlinux32
[11:35:29] -!- eduardoeae has joined #archlinux32
[11:40:35] -!- wiseacre has quit [Quit: wiseacre]
[12:27:04] -!- davor has quit [Ping timeout: 260 seconds]
[12:33:13] -!- davor has joined #archlinux32
[13:27:14] <tyzoid> hey deep42thought: Did you mean to send the key email again?
[13:27:38] <deep42thought> umm, I think, I didn't mean to
[13:27:49] <tyzoid> Also, plusses need to be urlencoded.
[13:28:28] <deep42thought> urlencoding does not work either
[13:28:41] <tyzoid> huh
[13:29:38] <deep42thought> https://pkgapi.arch32.tyzoid.com
[13:29:57] <deep42thought> or https://pkgapi.arch32.tyzoid.com
[13:31:00] <tyzoid> :/
[13:31:13] <tyzoid> https://pkgapi.arch32.tyzoid.com
[13:31:18] <tyzoid> https://pkgapi.arch32.tyzoid.com
[13:31:22] <tyzoid> https://pkgapi.arch32.tyzoid.com
[13:31:34] <tyzoid> seems to be interpreting the urlencoded string as spaces as well :/
[13:32:01] <deep42thought> you'll sort it out :-)
[13:35:10] <tyzoid> deep42thought: Works without needing to urlencode now
[13:35:14] <tyzoid> let me know if this breaks anything
[13:35:23] <deep42thought> I'm urlencoding now :-D
[13:35:43] <deep42thought> looks good :-)
[13:40:07] <tyzoid> https://github.com
[13:40:09] <phrik> Title:Requests with '+' are converted to ' ', even when urlencoded as '%2b' · Issue #111 · jacwright/RestServer · GitHub (at github.com)
[13:40:30] <tyzoid> anyway, I'm off to work. see you in ~1hr
[13:40:54] <deep42thought> cu
[15:37:07] -!- oaken-source has quit [Ping timeout: 256 seconds]
[16:25:18] <tyzoid> deep42thought: can we move archiso-dual and archiso32 into [build-support] on arch32, instead of in archlinuxewe?
[16:25:40] <deep42thought> these are x86_64 packages
[16:25:44] <deep42thought> formally
[16:25:58] <tyzoid> I'd rather have an x86_64 arch in build-support on a system that's mirrored, than in one place
[16:26:42] <deep42thought> putting x86_64 packages into build-support (as it is right now) will break the buildmaster
[16:26:46] <tyzoid> Up to you, but they're pretty much official arch32 packages, so why not put them in our repo
[16:26:50] <tyzoid> oh, interesting
[16:26:50] <deep42thought> but we could add x86_64/build-support
[16:26:55] <deep42thought> just for these packages
[16:26:58] <tyzoid> That's what I meant
[16:27:03] <tyzoid> add an x86_64 arch
[16:27:23] <tyzoid> or x86_64/releng
[16:27:44] <deep42thought> there's also asp32
[16:27:46] <deep42thought> devtools32
[16:27:58] <deep42thought> archlinux32-keyring
[16:28:04] <deep42thought> pacman-mirrorlist32
[16:28:09] <tyzoid> archlinux32-keyring is an -any package
[16:28:13] <deep42thought> so it's probably worth the effort
[16:28:34] <deep42thought> which is installed _how_ on an x86_64 host (e.g. the build-slaves)?
[16:29:04] <tyzoid> pacman -U/
[16:29:05] <tyzoid> ?
[16:29:14] <deep42thought> this does not keep it up to date
[16:29:26] <deep42thought> e.g. you want to really install a package from a repository
[16:29:32] <deep42thought> not just a downloaded file
[16:30:21] <deep42thought> I think, x86_64/releng is fine
[16:30:32] <deep42thought> build-support is meant to be something different
[16:30:43] <deep42thought> e.g. some builds may need it, others won't
[16:30:47] <tyzoid> yeah, hence the different name
[16:31:14] <deep42thought> I just need to think a minute about how I want to integrate with my current scripts
[16:31:22] <deep42thought> *integrate this
[16:31:25] <tyzoid> no rush, just an idea
[16:31:32] <deep42thought> it's a good idea :-)
[16:31:44] <tyzoid> Now that I've virtualized my infra, vagrant won't run as easily
[16:31:47] <deep42thought> except: you could start mirroring archlinuxewe ;-)
[16:32:02] <tyzoid> so my build-dual script which launches vagrant won't work quite as well
[16:34:11] <deep42thought> hmm, the integration with my current scripts will be either tedious or a hack ...
[16:34:17] <deep42thought> I think, I'll chose the hack :-D
[16:34:38] <tyzoid> any idea what's going on here?
[16:34:40] <tyzoid> https://ptpb.pw
[16:35:00] <deep42thought> run the proposed command
[16:35:13] <deep42thought> you upgraded gpg and didn't restart the agent in the meantime
[16:35:22] <tyzoid> same issue
[16:35:53] <deep42thought> maybe, the pacman-key gpg-agent has a different name
[16:35:56] <deep42thought> I'm not sure
[16:36:04] <deep42thought> but usually you can just ignore that warning
[16:36:12] <tyzoid> 364 ? Ss 0:00 gpg-agent --homedir /etc/pacman.d/gnupg --use-standard-socket --daemon
[16:36:13] <tyzoid> 2197 ? SLs 0:00 /usr/bin/gpg-agent --supervised
[16:36:19] <tyzoid> seems like it's using gpg-agent
[16:36:23] <deep42thought> ok
[16:36:58] <tyzoid> manually killing those processes made the warning go away
[16:36:59] <deep42thought> or: pacman is updated with new libgnupg (or how it's called), but gpg (and thus gpg-agent) itself is not
[16:37:01] <tyzoid> but still fails
[16:37:49] <deep42thought> can you run the gpg commands manually with --homedir=/etc/pacman.d/gnupg?
[16:38:04] <deep42thought> or rather: what is the error when you try to do so?
[16:38:17] <tyzoid> works if I grab new key ids from your README file
[16:38:24] <tyzoid> the keys probably rotated
[16:38:26] <deep42thought> ah, crap
[16:38:30] <deep42thought> right
[16:38:33] <deep42thought> forgot about that
[16:38:36] <deep42thought> my key expired
[16:38:58] <deep42thought> run 'curl https://arch.eckner.net | sudo -s'
[16:39:01] <deep42thought> :-D
[16:39:33] <tyzoid> https://github.com is what I was going from :P
[16:39:34] <phrik> Title:releng/build-dual.sh at master · archlinux32/releng · GitHub (at github.com)
[16:42:52] * buildmaster failed to execute a mysql query - can you have a look at "tmp.mysql-functions.query.stdin.2018-04-23T16:42:52.mrqrK6"?.
[16:43:18] <deep42thought> ...
[16:43:44] <deep42thought> I thought, I tested that one
[16:43:50] <tyzoid> deep42thought: I really think the insert ... select is causing the problems
[16:44:42] <deep42thought> but it works well 98% of the time
[16:44:46] <deep42thought> this seems odd to me
[16:44:49] <tyzoid> In all honesty, as much as I dislike python, I think we should migrate our collection of bash scripts over to it. It'll make things like sql queries easier
[16:45:02] <tyzoid> It's an issue of the transaction touching more tables than it needs
[16:45:13] <tyzoid> a select puts a read lock on the table for the duration of the transaction
[16:45:25] <deep42thought> hmm
[16:45:28] <deep42thought> yeah
[16:45:44] <deep42thought> my hope is to get as much as possible done inside the database
[16:45:46] <tyzoid> not usually an issue, but we're also replicating these across the atlantic
[16:45:53] <deep42thought> then switching from bash to whatever should be more simple
[16:46:05] <deep42thought> the lock is not replicated
[16:46:23] <tyzoid> IIRC that's correct, but the replication slows things down in general
[16:47:34] <deep42thought> btw: I asked polichronucci if it's possible to set up mysql and php on archlinux32.org, so we could display some dynamic infos from the db there
[16:47:39] <deep42thought> e.g. new packages
[16:48:49] <tyzoid> Sounds good. You could always create a new host on my server too. Throwing cloudflare in front of it would make it fast worldwide
[16:49:18] <deep42thought> hmm, yeah, but I think, it's also a good idea to distribute it a little ;-)
[16:49:33] <tyzoid> either way works
[16:49:48] <tyzoid> I wonder if cloudflare has load balancing support
[16:50:00] <deep42thought> no, I meant the maintenance effort
[16:50:04] <deep42thought> not the traffix
[16:50:13] <deep42thought> s/x/c/
[16:50:13] <tyzoid> No, I get that
[16:50:20] <tyzoid> but I'm saying if we mirror some of the more static sites
[16:50:21] <deep42thought> ah, ok
[16:50:28] <tyzoid> than we can get more uptime by load balancing them / failover
[16:51:06] <deep42thought> when we replicate the database to multiple locations, we could even mirror the dynamic content
[16:51:06] <tyzoid> i.e. if we wanted to do sql replication from the bbs over to your side of the pond, then we could have geographically distributed failover
[16:51:12] <deep42thought> but I'm not sure it's worth it
[16:51:36] <tyzoid> True. I do like my uptime, though :P
[16:51:50] <deep42thought> :-D
[16:54:38] <tyzoid> Ah, it's a paid extra on cloudflare's free plan
[16:54:49] <tyzoid> $5/mo for two servers.
[16:54:54] <deep42thought> hmm, probably not worth it right now
[16:55:00] <tyzoid> agreed
[16:55:03] <deep42thought> anyway, I need to go now
[16:55:09] <tyzoid> ok. see ya
[16:55:14] -!- deep42thought has quit [Quit: Leaving.]
[17:25:10] -!- oaken-source has joined #archlinux32
[19:06:20] -!- AndrevS has joined #archlinux32
[19:11:28] -!- deep42thought has joined #archlinux32
[19:11:28] <buildmaster> Hi deep42thought!
[19:11:37] <deep42thought> Hi buildmaster what's up?
[19:11:37] <buildmaster> up? I'm up for 11 hours, 44 minutes, load average: 0.26, 0.49, 0.49
[19:11:53] <tyzoid> wb
[19:12:02] <deep42thought> hi tyzoid
[19:13:24] <tyzoid> let's see if vagrant works inside kvm :P
[19:14:28] <deep42thought> anyway, I'll go afk for dinner :-)
[19:14:33] <tyzoid> ok
[19:32:13] <tyzoid> answer: nope
[20:03:46] <deep42thought> btw, tyzoid: we're getting a new category of spam in the forums (in case you haven't noticed yet)
[20:28:58] <tyzoid> deep42thought: Yeah, I blocked one of the IPs
[20:29:03] <tyzoid> they're all coming from proxies
[20:29:12] <deep42thought> one was from a tor exit node
[20:29:18] <deep42thought> I don't really like blocking those
[20:29:23] <tyzoid> `dedic1096.hidehost.net`
[20:29:40] <tyzoid> from `178.159.37.161`
[20:30:25] <tyzoid> It might just be we need to block everything that allows an http connection back to it
[20:30:34] <tyzoid> that'll include some tor nodes, but not all
[20:30:59] <tyzoid> I didn't search very hard, but it might be possible to block the ip ranges for hidehost
[20:31:08] <tyzoid> that seemed to be where most of our traffic came from
[20:32:22] <tyzoid> also: deep42thought: Anything we need to worry about for gdpr?
[20:39:23] <buildmaster> gitlab-runner is broken (says rechenknecht).
[20:41:19] <deep42thought> what's gdpr?
[20:41:57] * deep42thought is reading about it on wikipedia right now
[20:45:35] <deep42thought> well, as far as I've heard so far, the main goal we should have is to reduce the amount of collected personal data to a required minimum
[20:45:41] <deep42thought> which we do already
[20:45:50] <deep42thought> so there's not much to worry IMHO
[20:47:04] <tyzoid> IP Addresses are technically part of it
[20:47:11] <tyzoid> though IIRC it's targeted at companies
[20:47:20] <deep42thought> no, not only
[20:47:35] <tyzoid> right, but the fines are as a percentage of global revenue
[20:47:46] <tyzoid> no revenue = no fines?
[20:47:55] <deep42thought> no :-D
[20:48:02] <deep42thought> that's not how it works
[20:48:12] <tyzoid> they gonna pay us, since we have negative revenue?
[20:48:22] <tyzoid> net* revenue
[20:48:49] <deep42thought> well, we can record ip addresses as long as it's necessary to run the services we provide
[20:49:00] <deep42thought> and I think "blocking spammers via ip" is a valid reason
[20:49:18] <deep42thought> we might need to remove ips of "valid posts" thoudh
[20:49:23] <tyzoid> I'm thinking of the mirrors too
[20:49:29] <tyzoid> my mirror logs ips
[20:49:46] <deep42thought> well, that's not archlinux32's problem
[20:49:49] <tyzoid> I used to use it to generate stats of requested packages on a unique basis
[20:49:49] <deep42thought> it's yours
[20:49:53] <tyzoid> lol
[20:50:02] <deep42thought> and you are a us citicen
[20:50:21] <tyzoid> They're trying to make it apply to US-only companies too
[20:50:24] <deep42thought> and if a eu citicen downloads from a us server, I think, you are allowed to do whatever us laws allow you
[20:50:31] <tyzoid> though I have no idea how they're going to get that to pass muster
[20:50:34] <deep42thought> if they operate in the eu
[20:51:10] <deep42thought> e.g. "facebook collecting data from eu users storing it in the us" is also under this law
[20:51:26] <deep42thought> but on the other hand, I'm not a lawyer :-)
[20:52:13] <deep42thought> tyzoid: regarding your application of the ip addresses: just hash them and you should be safe
[20:52:40] <tyzoid> Right. I'll have to see if there's an apache module to do that
[20:53:18] <tyzoid> btw, I'm going to restart the forum vm here in a minute to finish some upgrades
[20:53:22] <tyzoid> total downtime should be ~1min
[20:54:04] <tyzoid> problem is that apache isn't logging the real IPs, but they're being forwarded to fluxbb
[21:00:11] <tyzoid> updates still going. Btw, deep42thought: Did you want direct ipv6 access to any of your containers?
[21:02:40] <deep42thought> any of my? How many do I have?
[21:03:33] <deep42thought> no, I'm unfortunately on ipv4-only on work
[21:04:01] <tyzoid> You've got access to srv1-bbs-arch32, srv1-bugtracker, and srv1-sql-tests
[21:04:24] <deep42thought> ah, I thought, I had only sftp access to the former 2
[21:04:48] <deep42thought> but still: the current mode is sufficient for me :-)
[21:14:22] -!- oaken-source has quit [Quit: bedtime]
[21:15:30] <tyzoid> deep42thought: You've got root access to all three
[21:15:46] <tyzoid> btw, planning on changing the 'human verification' questions
[21:15:49] <tyzoid> any ideas?
[21:16:01] <deep42thought> more complex math?
[21:16:13] <tyzoid> More like 'Who is president of the United States',
[21:16:19] <tyzoid> 'Who is chancellor of Germany'
[21:16:47] <deep42thought> click on the image of Albert Einstein
[21:16:54] <deep42thought> ah no, that's bad for screen readers
[21:18:20] <deep42thought> you think they circumvent this verification?
[21:18:40] <tyzoid> It's possible they're circumventing entirely
[21:18:49] <tyzoid> but I think they've just got a table of correct answers
[21:19:00] <deep42thought> I doubt it, because it's actually a few new users with a lot spam posts
[21:19:23] <tyzoid> the logs show mass automated sign-up
[21:19:33] <tyzoid> though I suspect email verification handles most of the brunt of that
[21:19:38] <deep42thought> well, increase the pool of questions massively (100-1000 questions) and block ips for ~1h after 5 failures
[21:19:53] <tyzoid> I'll just add one to every answer and see if that blocks regs temporarily
[21:20:12] <deep42thought> auto-generate the answers
[21:20:59] <tyzoid> "What is one plus six plus three"
[21:21:04] <tyzoid> just added one to each
[21:21:13] <deep42thought> ok
[21:21:20] <tyzoid> seems like it's worked?!?
[21:21:38] <deep42thought> whatß
[21:21:39] <deep42thought> ?
[21:22:56] <tyzoid> yeah, before there was a bunch that were hitting an accept request
[21:23:01] <tyzoid> but now that's not happening
[21:23:10] <deep42thought> ah, good
[21:23:10] <tyzoid> only one has registered since I changed the questions
[21:23:46] <deep42thought> I would totally auto-generate the questions and answers
[21:24:09] <tyzoid> well, looks like it's hitting 'Agree' again
[21:24:11] <deep42thought> "what is six plus three plus $day-of-week" -> 6+3+$day_of_week
[21:24:12] <tyzoid> but not sure what's up there
[21:24:26] <tyzoid> but still only one new user
[21:25:20] <tyzoid> The other thing that characterizes these requests is that the registration request directly follows (within a second) of loading the reg page
[21:25:48] <deep42thought> well, that's a pretty good discriminator
[21:25:49] <tyzoid> and a bunch are hitting the nonexistant profile /profile.php?id=121390
[21:26:05] <tyzoid> I'm thinking of putting a 5s timeout on registration per IP
[21:26:42] <deep42thought> I once read an error message (upon installing a software) which was like "you claimed to have read our tos within 3 seconds which is impossible ..."
[21:26:45] <tyzoid> btw, you've got access to this box, so you could tail the logs too, if you wanted
[21:26:52] <tyzoid> lol, that's a pretty sweet one
[21:27:17] <tyzoid> fluxbb has an option for custom terms, which would put an additional agree box in the middle of registration
[21:27:20] <tyzoid> not sure if that'd help any
[21:27:34] <tyzoid> though we'll see if these new questions stop the spam for long
[21:28:03] <deep42thought> can you let the users pass registration but block them from posting if registration was within 5 seconds?
[21:29:28] <tyzoid> not sure why that'd be helpful
[21:29:46] <tyzoid> you mean more so that if a spammer tries to figure out why it's not working, they don't have an error message?
[21:29:46] <deep42thought> because they would not change procedure of registration, then
[21:29:55] <deep42thought> e.g. insert a wait > 5 sec
[21:30:17] <tyzoid> or just not send an email if the timeout was not passed?
[21:30:37] <deep42thought> yeah
[21:30:44] <tyzoid> I've gotten a few emails from real users when they're having trouble registering, so if any get caught in that, I can fix it manually
[21:30:58] <tyzoid> (since it gives my email in the "if you're having trouble" message)
[21:31:19] <deep42thought> yes
[21:31:22] <deep42thought> good idea
[21:31:47] <tyzoid> I'll see if this holds for now, and then we can look at timeout / autogeneration coming up soon.
[21:32:05] <deep42thought> ok :-)
[21:38:55] <tyzoid> deep42thought: Hmm, doesn't actually seem to have had an effect: https://ptpb.pw
[21:39:02] <tyzoid> I was only looking at requests
[21:39:11] <tyzoid> but it seems like it's still going at the same rate as before
[21:40:16] <tyzoid> I added the change right after FeritVah registered
[21:41:15] <deep42thought> yeah, looks like nothing changed
[21:41:28] <deep42thought> so I'm totally in for the 5 seconds :-)
[21:41:32] <deep42thought> but I'll go to bed now
[21:41:36] <deep42thought> good night!
[21:41:40] <tyzoid> night
[21:41:56] -!- deep42thought has quit [Quit: Leaving.]
[22:12:17] <tyzoid> btw, added the 5s timeout
[22:12:26] <tyzoid> I'll probably make a mod for it eventually, but ehh
[22:12:28] <tyzoid> it's live patched
[22:53:02] <buildmaster> gitlab-runner is broken (says buildknecht2).