Okay, I see no good reason to restrict to one date per country at the database level
2013-03-13 07249, 2013
Leftmost
I'll give a weak +.5. It's not something I deal with, but I feel like people would misuse it.
2013-03-13 07213, 2013
Leftmost
Or maybe I misunderstood.
2013-03-13 07222, 2013
ocharles
Burrito time
2013-03-13 07207, 2013
warp
hello!
2013-03-13 07211, 2013
ocharles
ahoi warp
2013-03-13 07217, 2013
djce joined the channel
2013-03-13 07203, 2013
djce joined the channel
2013-03-13 07219, 2013
warp
bitbucket shippits are pretty.
2013-03-13 07237, 2013
reosarevok
Did search just die?
2013-03-13 07251, 2013
warp
reosarevok: hm, nothing obvious in nagios.
2013-03-13 07249, 2013
Leftmost
Speaking of nagios, any object to me copying over the check_last_replication_date update to freedb?
2013-03-13 07205, 2013
warp
what is "copying over" ?
2013-03-13 07217, 2013
Leftmost
scp
2013-03-13 07220, 2013
warp
and with freedb you mean freedb.musicbrainz.org?
2013-03-13 07228, 2013
Leftmost
Yes.
2013-03-13 07214, 2013
warp
ok, I don't object to you copying that file to that server. but it is a strange question to ask :)
2013-03-13 07208, 2013
warp
do you want to get that check in nagios?
2013-03-13 07234, 2013
Leftmost
Well, it will mean git will need a bit more prodding the next time freedb needs an update to musicbrainz-server.
2013-03-13 07205, 2013
warp
Leftmost: sorry, I just don't have enough context to know what you're talking about.
2013-03-13 07218, 2013
Leftmost
Oh, sorry.
2013-03-13 07237, 2013
Leftmost
So there's a check_last_replication_date script in bin/ in the musicbrainz-server repo. It's not working in its current state, but I updated it and it's got a couple approves in review. However, rather than merging it and pulling master on freedb.musicbrainz.org immediately, I was just going to copy the updated script to the appropriate place and get the check running.
2013-03-13 07214, 2013
Leftmost
I'm not really sure of the procedure for updating freedb's MBS instance, though, so I'm not sure what's best.
2013-03-13 07223, 2013
warp
oh in that case I would just checkout the branch with that script on freedb.musicbrainz.org
2013-03-13 07244, 2013
warp
then someone doing "git status" knows immediatly what's going on.
2013-03-13 07212, 2013
warp
I've never logged into freedb.musicbrainz.org, and my usual passwords don't work. so I don't anything about that server either.
2013-03-13 07221, 2013
Leftmost
Well, I imagine it will get merged into master any time now. Two approvals means it's ready to ship, right? I could even do it myself. I'm just a little afraid of pulling MBS on a production server with no real clue of what will happen. Especially since it looks like it hasn't been pulled since October.
2013-03-13 07232, 2013
Leftmost
I guess I should wait for ianmcorvidae to wake up and poke him.
2013-03-13 07254, 2013
warp
Leftmost: shipits should normally go in beta, not master.
2013-03-13 07237, 2013
warp
(and it's not a freeze week, so you can do that now if you want)
2013-03-13 07255, 2013
Leftmost
Yeah. I'm also not sure of the procedure there. There should be absolutely nothing using it, especially since it's in an utterly unusable state, but I also don't want to subvert process without knowing what I'm doing.
2013-03-13 07229, 2013
warp
sure, probably nothing will break if you merge it into master now. but _I_ don't know that.
2013-03-13 07217, 2013
warp
but it a hot sunny merge everything with shippits into beta week. if you have shippits, the process is to merge those into beta this week :)
2013-03-13 07253, 2013
warp
+is
2013-03-13 07254, 2013
Leftmost
Okay. Well, I don't have access to push to github, so I'll probably just let others do that.
2013-03-13 07214, 2013
warp
ok, which branch is this? then I'll merge it into beta.
warp: it looks like scrypt can be used for encryption, not just one way hashing
2013-03-13 07201, 2013
ocharles
so it would appear that we could actually store encrypted passwords and still use digest
2013-03-13 07258, 2013
warp
ocharles: for what purpose?
2013-03-13 07208, 2013
ocharles
what for what purpose?
2013-03-13 07244, 2013
warp
what are you trying to accomplish by storing encrypted passwords instead of plaintext passwords?
2013-03-13 07220, 2013
ocharles
you know what we're trying to accomplish, not having plain text passwords leaked if the database is compromised
2013-03-13 07232, 2013
warp
hashes are good because you cannot get the password back
2013-03-13 07236, 2013
ocharles
i know
2013-03-13 07254, 2013
warp
encrypted passwords are equivalent to plaintext because you can get the password back.
2013-03-13 07203, 2013
ocharles
not equivilent, because you need the key
2013-03-13 07209, 2013
ocharles
encrypted means we don't have to have plain text or a weak md5 in the db.
2013-03-13 07214, 2013
ocharles
but it does mean that yes, there is a key security issue
2013-03-13 07223, 2013
warp
sure, and the servers need the key.
2013-03-13 07249, 2013
ocharles
bcrypt is probably the way to go then, because the scrypt on CPAN is for encryption and decryption
2013-03-13 07243, 2013
warp
if our security is compromised enough for an attacker to grab the user table it is likely compromised enough to grab the key as well. especially because reading the key is done by open source code, so following the trail to where the key is stored should be easy.
2013-03-13 07258, 2013
ocharles
right
2013-03-13 07211, 2013
ruaok joined the channel
2013-03-13 07231, 2013
JonnyJD
encrypted passwords are better than plaintext in terms of "we don't have to be that careful about the DB, only about the key"
2013-03-13 07251, 2013
ocharles
that and not accidently dumping passwords in the website too
2013-03-13 07200, 2013
JonnyJD
Not really against an attacking situation, but in terms of "I don't want others to see my password by chance"
2013-03-13 07205, 2013
ocharles
Dumper.dump(edit.editor) in /edits is all it takes to leak a lot of passwords
2013-03-13 07206, 2013
JonnyJD
yes
2013-03-13 07259, 2013
warp
if edit.editor has a password in it that already seems dodgy :)
2013-03-13 07240, 2013
ocharles
yes, I think all that auth stuff should be very separate
2013-03-13 07243, 2013
ocharles
but that's another story
2013-03-13 07215, 2013
warp
I don't think it is another story
2013-03-13 07240, 2013
ocharles
bcrypt needs a salt - are you meant to use a constant salt?
2013-03-13 07241, 2013
ruaok love the smell of bickering in the morning
2013-03-13 07204, 2013
warp
buenos dias señor ruaok
2013-03-13 07206, 2013
kepstin-work
ocharles: salt should be random per-user, and is stored with the password hash
2013-03-13 07212, 2013
ocharles
oh wait, bcrypt stores the salt
2013-03-13 07216, 2013
ocharles
kepstin-work: thanks
2013-03-13 07222, 2013
ruaok
buenos tardes, warp!
2013-03-13 07236, 2013
kepstin-work
purpose of salt is to make it so rainbow tables are less feasible
2013-03-13 07243, 2013
ocharles
I know what salts are for :)
2013-03-13 07205, 2013
kepstin-work
so constant would be bad, since then you can just generate a rainbow table with constant salt :)
2013-03-13 07220, 2013
ocharles
generally you don't generate rainbow tables though, you download them
I was briefly confused why my name was coming up...
2013-03-13 07216, 2013
Leftmost
I need sleep.
2013-03-13 07226, 2013
ocharles
"See Crypt::Eksblowfish::Bcrypt for a detailed description of cost in the context of the bcrypt algorithm." *goes to that module "Non-negative integer controlling the cost of the hash function"
2013-03-13 07227, 2013
ocharles
ಠ_ಠ
2013-03-13 07236, 2013
ocharles
CPAN, we have different definitions of 'detailed'
2013-03-13 07222, 2013
Leftmost
What, you wanted the detailed description to include details?
alastair.porter: fix browsing works by artist if artist id doesn't exist
2013-03-13 07207, 2013
Leftmost
alastairp, sometime in the next couple months I'd like to talk with you about community-managed collections for October, as it seems you have a stake in that.
2013-03-13 07233, 2013
alastairp
hmm, sure. we could probably come up with some ideas about that
2013-03-13 07249, 2013
Leftmost
Might be worth creating a wiki page to hack on some ideas about what it should look like.
2013-03-13 07257, 2013
Leftmost
I'll create one and ping you.
2013-03-13 07258, 2013
Leftmost
For now, I really ought to try to get some sleep.
2013-03-13 07258, 2013
reosarevok
ocharles, warp: 500 and 502 again...
2013-03-13 07220, 2013
reosarevok
ocharles - warp? Or can anyone else look into it? Having people in twitter telling us about 500 errors in the homepage doesn't look very good :p
2013-03-13 07259, 2013
ocharles
I have to leave in a few minutes to drop something off at the post office but I can look after... warp is a better person to prod
2013-03-13 07209, 2013
djce joined the channel
2013-03-13 07244, 2013
ruaok joined the channel
2013-03-13 07254, 2013
ijabz_ joined the channel
2013-03-13 07224, 2013
ruaok joined the channel
2013-03-13 07240, 2013
voiceinsideyou1 joined the channel
2013-03-13 07201, 2013
warp
reosarevok: did it resolve itself?
2013-03-13 07215, 2013
warp
reosarevok: the home page loads fine for me now
2013-03-13 07235, 2013
voiceinsideyou2 joined the channel
2013-03-13 07223, 2013
reosarevok
warp, probbaly
2013-03-13 07247, 2013
reosarevok
But we can't really keep having several periods of 500/502 per day, whether they solve themselves or don't
2013-03-13 07253, 2013
reosarevok
:(
2013-03-13 07259, 2013
reosarevok
*probably even
2013-03-13 07259, 2013
warp
I agree.
2013-03-13 07209, 2013
ianmcorvidae awakes
2013-03-13 07225, 2013
ianmcorvidae
ocharles: what did I screw up, heh?
2013-03-13 07229, 2013
ianmcorvidae
Leftmost: what did you need?
2013-03-13 07258, 2013
reosarevok
ianmcorvidae: apparently the upgrade.sh isn't the same in github and bitbucket
2013-03-13 07202, 2013
reosarevok
(for the schema change stuff)
2013-03-13 07232, 2013
warp
goodmorning mr McEwen!
2013-03-13 07243, 2013
ianmcorvidae
that is odd, I should have pushed it both places :/ unless I pushed the wrong branch to one or the other at some point
2013-03-13 07213, 2013
reosarevok
Yeah, we know you should have :)
2013-03-13 07209, 2013
ianmcorvidae
:P
2013-03-13 07255, 2013
ianmcorvidae
oh, it's your fault, that's right
2013-03-13 07204, 2013
ianmcorvidae
you asked me to update the bitbucket one by pulling in master :P
2013-03-13 07209, 2013
reosarevok
hahaha
2013-03-13 07216, 2013
reosarevok
Ok
2013-03-13 07219, 2013
reosarevok
Can we fix it? :)
2013-03-13 07228, 2013
ianmcorvidae
yes, it is now
2013-03-13 07258, 2013
reosarevok
ianmcorvidae: hmm. Should I merge the branch agan then?
