#metabrainz

/

      • BrainzGit
        [listenbrainz-server] 14mayhem opened pull request #1779 (03year-in-music…year-in-music-playlists): Year in music: Add playlists https://github.com/metabrainz/listenbrainz-server…

        • 2021-12-13 34711, 2021

      • ShivamAwasthi joined the channel

        • 2021-12-13 34718, 2021

      • ShivamAwasthi
        Hello! I am trying to setup LB server on my local machine. When I try to connect to Spotify, I get 'INVALID_CLIENT: Invalid redirect URI' . I used 'https://localhost:7000/profile/music-services/spotify/callback/ ' as the callback url while registering the spotify app

        • 2021-12-13 34738, 2021

      • ShivamAwasthi
        Have also tried 'https://localhost/profile/music-services/spotify/callback/ ' as the callback uri

        • 2021-12-13 34717, 2021

      • alastairp
        ShivamAwasthi: you'll need 'http', not https

        • 2021-12-13 34731, 2021

      • ShivamAwasthi
        ah okay

        • 2021-12-13 34752, 2021

      • BrainzGit
        [listenbrainz-server] 14mayhem closed pull request #1779 (03year-in-music…year-in-music-playlists): Year in music: Add playlists https://github.com/metabrainz/listenbrainz-server…

        • 2021-12-13 34706, 2021

      • BrainzGit
        [listenbrainz-server] 14mayhem opened pull request #1780 (03year-in-music…year-in-music-add-playlists): Add support for importing troi generated playlist excerpts https://github.com/metabrainz/listenbrainz-server…

        • 2021-12-13 34718, 2021

      • ShivamAwasthi
        alastairp Now when I try to connect, it shows 'Unable to connect'

        • 2021-12-13 34759, 2021

      • alastairp
        that sounds like a good start - now spotify is happy, but it seems that maybe something is wrong with your local server

        • 2021-12-13 34721, 2021

      • alastairp
        we did just make some changes here recently - one moment, I'm setting it up again myself to verify that there's not an unexpected error that we introduced

        • 2021-12-13 34736, 2021

      • alastairp
        the unable to connect error - is that an error from your browser?

        • 2021-12-13 34742, 2021

      • ShivamAwasthi
        yes

        • 2021-12-13 34744, 2021

      • mayhem
        lucifer: ping

        • 2021-12-13 34751, 2021

      • alastairp
        and what is the URL in the address bar?

        • 2021-12-13 34703, 2021

      • ShivamAwasthi
        it returns a callback

        • 2021-12-13 34710, 2021

      • ShivamAwasthi
        https://localhost/profile/music-services/spotify/…......

        • 2021-12-13 34735, 2021

      • alastairp
        right - this url looks incorrect - see that it says https://localhost/ (https, and no port 7000)

        • 2021-12-13 34725, 2021

      • alastairp
        I'm just seeing if I can work out why this was sent to spotify

        • 2021-12-13 34722, 2021

      • alastairp
        mayhem: feh. here's something annoying: https://developer.apple.com/forums/thread/682332

        • 2021-12-13 34737, 2021

      • alastairp
        new macos by default listens on :7000 for AirPlay

        • 2021-12-13 34701, 2021

      • mayhem
        should we sue apple for stepping on our toes?

        • 2021-12-13 34711, 2021

      • mayhem
        or rather pick another range?

        • 2021-12-13 34712, 2021

      • ShivamAwasthi
        I think maybe there is some mixup because of documentation not up-to-date? Like the documentation asks us to go for port 80 by default, but it has been updated to port 7000

        • 2021-12-13 34742, 2021

      • alastairp
        ShivamAwasthi: right, we recently change to 7000, because 80 was giving us some problems during testing. Where did you find documentation that still talks about 80? We should update that if it still has the old values

        • 2021-12-13 34758, 2021

      • ShivamAwasthi
        the production document

        • 2021-12-13 34716, 2021

      • ShivamAwasthi
        https://listenbrainz.readthedocs.io/en/production…

        • 2021-12-13 34729, 2021

      • alastairp
        mayhem: by default this is going to cause problems on macos, so maybe choosing a new one is a good idea

        • 2021-12-13 34749, 2021

      • alastairp
        users can disable AirPlay to free up the port, but I don't think that's a suitable fix for everyone

        • 2021-12-13 34754, 2021

      • mayhem
        perhaps we should choose something less prone to conflict.

        • 2021-12-13 34728, 2021

      • mayhem
        7100? 4200? 6900? 8008?

        • 2021-12-13 34740, 2021

      • mayhem
        4004? 6502?

        • 2021-12-13 34754, 2021

      • mayhem
        8086? 7805?

        • 2021-12-13 34706, 2021

      • alastairp
        ShivamAwasthi: that's definitly a bug in our documentation, sorry. I'm fixing it now

        • 2021-12-13 34710, 2021

      • alastairp
        thanks for letting us know

        • 2021-12-13 34744, 2021

      • yvanzo
        To all: Updating Jira add-ons in 10min (15:15 UTC) will make tickets temporarily less available. Better avoid editing tickets at that time.

        • 2021-12-13 34753, 2021

      • ShivamAwasthi
        ok cool I'll try setting it up again after it gets fixed!

        • 2021-12-13 34731, 2021

      • alastairp
        ShivamAwasthi: in listenbrainz/config.py, change the value SPOTIFY_CALLBACK_URL (around line 136) to be http://localhost:7000/profile/music-services/spot…

        • 2021-12-13 34754, 2021

      • alastairp
        and make sure that you delete the https://localhost/ and http://localhost/ callbacks from the spotify dashboard if you still have them there

        • 2021-12-13 34756, 2021

      • ShivamAwasthi
        thanks! that fixed it

        • 2021-12-13 34754, 2021

      • alastairp
        mayhem: yeah, it seems annoying to have to keep jumping around. it turns out that port 7000 _is_ actually reserved in iana, but not by apple anyway: https://www.iana.org/assignments/service-names-po…

        • 2021-12-13 34755, 2021

      • alastairp
        we decided to give each project 1000 ports for "future expansion", but maybe bunching them all together in blocks in 8xxx might be better

        • 2021-12-13 34723, 2021

      • mayhem
        8100 - 8199 lb

        • 2021-12-13 34734, 2021

      • mayhem
        8200 - 8299 cb

        • 2021-12-13 34737, 2021

      • mayhem
        . . .

        • 2021-12-13 34741, 2021

      • mayhem
        Like that?

        • 2021-12-13 34743, 2021

      • ShivamAwasthi has quit

        • 2021-12-13 34727, 2021

      • yvanzo
        To all: Tickets are back to normal for now. Will announce next maintenance step soon.

        • 2021-12-13 34750, 2021

      • alastairp
        mayhem: yeah, like that

        • 2021-12-13 34712, 2021

      • BrainzGit
        [listenbrainz-server] 14alastair merged pull request #1773 (03master…double-log-log): LB-296: Disable root logger configuration in listenstore causing duplicate messages https://github.com/metabrainz/listenbrainz-server…

        • 2021-12-13 34738, 2021

      • CatQuest
        wait i thoguht it was 8000

        • 2021-12-13 34749, 2021

      • reosarevok
        That's MB :)

        • 2021-12-13 34718, 2021

      • CatQuest
        uh

        • 2021-12-13 34724, 2021

      • CatQuest
        picard

        • 2021-12-13 34728, 2021

      • CatQuest
        yea what was 7000?

        • 2021-12-13 34718, 2021

      • BrainzGit
        [listenbrainz-server] 14alastair merged pull request #1765 (03master…test-permissions): Update test.sh commands to run as the local user https://github.com/metabrainz/listenbrainz-server…

        • 2021-12-13 34722, 2021

      • BrainzGit
        [listenbrainz-server] 14alastair opened pull request #1781 (03master…ports-again): Update LB public ports. again. https://github.com/metabrainz/listenbrainz-server…

        • 2021-12-13 34743, 2021

      • reosarevok
        CatQuest: LB :)

        • 2021-12-13 34758, 2021

      • CatQuest
        oh can we tag with LB now? :D

        • 2021-12-13 34700, 2021

      • CatQuest
        j/K

        • 2021-12-13 34721, 2021

      • mglubb joined the channel

        • 2021-12-13 34703, 2021

      • mglubb
        Hello, all. In this blog entry, https://blog.metabrainz.org/2021/12/13/musicbrain…, you mention a fix for CVE-2021-44228. However, I see that mb-solr is still vulnerable. Do you have a fix in flight? https://github.com/metabrainz/mb-solr/blob/master…

        • 2021-12-13 34714, 2021

      • mayhem
        yvanzo: ^^

        • 2021-12-13 34717, 2021

      • mayhem
        hi mglubb

        • 2021-12-13 34708, 2021

      • yvanzo
        Hi mglubb, this commit mitigated the issue for my musicbrainz-docker instance: https://github.com/metabrainz/musicbrainz-docker/…

        • 2021-12-13 34731, 2021

      • yvanzo
        It is included in the latest update.

        • 2021-12-13 34704, 2021

      • mglubb
        Thanks yvanzo. We're EC2 based so we don't use Docker. I'll see if I can't provide a PR to exclude log4j-api < 11.15.0 and include 11.15.0 as Solr don't seem to have patched it yet, if that's useful to you?

        • 2021-12-13 34716, 2021

      • mglubb
        Thanks yvanzo. We're EC2 based so we don't use Docker. I'll see if I can't provide a PR to exclude log4j-api < 2.15.0 and include 2.15.0 as Solr don't seem to have patched it yet, if that's useful to you?

        • 2021-12-13 34730, 2021

      • mglubb
        Sorry - got version numbers wrong. my memory is poor.

        • 2021-12-13 34735, 2021

      • yvanzo
        mglubb: you can also pass SOLR_OPTS="-Dlog4j.formatMsgNoLookups=true" for now

        • 2021-12-13 34704, 2021

      • mglubb
        I understand, yvanzo but that doesn't fix your declared deps and relies on educated users

        • 2021-12-13 34718, 2021

      • yvanzo
        Yes

        • 2021-12-13 34714, 2021

      • lucifer
        mayhem: around now

        • 2021-12-13 34759, 2021

      • mayhem
        hey. I added my playlist work to your yim branch: https://github.com/metabrainz/listenbrainz-server…

        • 2021-12-13 34716, 2021

      • mayhem
        but every time I run it, no data gets written to the DB.

        • 2021-12-13 34728, 2021

      • lucifer
        mglubb: fwiw, SOLR has now released official patched images and they use the same workaround to pass the system property.

        • 2021-12-13 34738, 2021

      • mayhem
        when it clearly should, imho. can you sanity check the query for me please.

        • 2021-12-13 34750, 2021

      • lucifer
        yes will do in a few mins.

        • 2021-12-13 34712, 2021

      • mayhem
        thx

        • 2021-12-13 34752, 2021

      • mglubb
        Thanks lucifer. We don't run under Docker though. s'ok, I'll set Solr opts for now.

        • 2021-12-13 34722, 2021

      • lucifer
        ah right, i didn't fully understand your issue at first 😅

        • 2021-12-13 34703, 2021

      • reosarevok
        yvanzo, lucifer: can we now update docker to use the official patched images then?

        • 2021-12-13 34722, 2021

      • yvanzo
        reosarevok: we don't use official images, and Solr 7 isn’t patched either.

        • 2021-12-13 34728, 2021

      • lucifer
        reosarevok: we probably can but its not straight forward. we have a fork of solr images repo and there are extra commits in our repo. will need to rebuild a couple of base images and update them if needed and then use that in mb docker.

        • 2021-12-13 34751, 2021

      • mglubb
        That's right. I'm surprised Apache haven't released an official version with the log4j dependency raised

        • 2021-12-13 34731, 2021

      • yvanzo
        We plan to move to Solr 8 eventually which is going to be fixed but has only mitigation steps for now.

        • 2021-12-13 34735, 2021

      • lucifer
        while log4j api doesn't change frequently, there are various changes in point version so some widely used projects are holding off updating version and instead setting the property or env var.

        • 2021-12-13 34722, 2021

      • lucifer
        also solr 7 is unmaintained so it won't receive an update. solr 8 will

        • 2021-12-13 34750, 2021

      • PopperBruda has left the channel

        • 2021-12-13 34753, 2021

      • lucifer
        mayhem: query looks correct so not sure whats wrong but i have seen this happen before where no error is logged but data isn't inserted either. where is the dump file available, i'll try to debug it.

        • 2021-12-13 34702, 2021

      • mayhem
        thanks, its very strange.

        • 2021-12-13 34722, 2021

      • BrainzGit
        [mb-solr] 14yvanzo opened pull request #47 (03master…mitigate-cve-2021-44228): Mitigation for CVE-2021-44228 https://github.com/metabrainz/mb-solr/pull/47

        • 2021-12-13 34756, 2021

      • yvanzo
        mglubb, lucifer: mitigation without trying to update deps ^

        • 2021-12-13 34725, 2021

      • lucifer
        👍

        • 2021-12-13 34715, 2021

      • mayhem
        MB team: are you aware of the constant stream of warnings on telegram?

        • 2021-12-13 34708, 2021

      • mayhem
        yvanzo: bitmap reosarevok

        • 2021-12-13 34739, 2021

      • mglubb has quit

        • 2021-12-13 34731, 2021

      • lucifer
        reosarevok: thanks for the last fm email. i'll take a look.

        • 2021-12-13 34752, 2021

      • lucifer
        importer seems to have broken down again :(

        • 2021-12-13 34722, 2021

      • TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | BookBrainz: #bookbrainz | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Agenda: Reviews, gravatar (MD5 adresses) (cat), upcoming meeting(s) (Freso), MB team ignoring telegram (ruaok)

        • 2021-12-13 34737, 2021

      • mayhem
        yvanzo: reosarevok bitmap : hello?

        • 2021-12-13 34717, 2021

      • lucifer
        monkey: https://test-api.listenbrainz.org/1/stats/user/am…

        • 2021-12-13 34736, 2021

      • reosarevok
        Hmm. Interesting - we released an MB release in the morning, but this doesn't seem to have started after it, but much later

        • 2021-12-13 34730, 2021

      • reosarevok
        wtf

        • 2021-12-13 34704, 2021

      • reosarevok
        [error] Tried to set invalid session ID 'http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg'

        • 2021-12-13 34736, 2021

      • reosarevok
        docker logs --tail 500 -f musicbrainz-website-prod in burnside is just a ton of vulnweb and weird stuff like that

        • 2021-12-13 34748, 2021

      • lucifer
        someone trying to find an exploit?

        • 2021-12-13 34750, 2021

      • reosarevok
        Is someone semi-ddosing us while trying to find vulns?

        • 2021-12-13 34701, 2021

      • reosarevok
        zas: can you see if some IPs need banning?

        • 2021-12-13 34740, 2021

      • zas
        on it

        • 2021-12-13 34745, 2021

      • monkey
        Thanks lucifer I see the listens_per_day

        • 2021-12-13 34748, 2021

      • monkey
        Will test.

        • 2021-12-13 34757, 2021

      • lucifer
        👍

        • 2021-12-13 34719, 2021

      • bitmap
        zas, reosarevok: I think so, I've seen that before and it was correlated with 502s

        • 2021-12-13 34747, 2021

      • zas
        I found the IP (from China) responsible of this

        • 2021-12-13 34707, 2021

      • zas
        but IMHO backend server should be more resistant to such scans

        • 2021-12-13 34718, 2021

      • mayhem
        agreed.

        • 2021-12-13 34718, 2021

      • Freso
        <BANG>

        • 2021-12-13 34718, 2021

      • Freso
        It’s Violin Monday! 🎻

        • 2021-12-13 34718, 2021

      • Freso
        https://www.youtube.com/watch?v=mdFrn89x74k

        • 2021-12-13 34718, 2021

      • Freso
        I’ve received one mailed in review, so…

        • 2021-12-13 34718, 2021

      • Freso
        CatQuest: Go!

        • 2021-12-13 34718, 2021

      • Freso
        """

        • 2021-12-13 34718, 2021

      • Freso
        :D

        • 2021-12-13 34719, 2021

      • Freso
        Meow!

        • 2021-12-13 34719, 2021

      • Freso
        //me has been afk

        • 2021-12-13 34720, 2021

      • Freso
        ( however see https://usercontent.irccloud-cdn.com/file/B0RaM9C… )

        • 2021-12-13 34720, 2021

      • Freso
        fin

        • 2021-12-13 34721, 2021

      • Freso
        """

        • 2021-12-13 34722, 2021

      • BrainzGit
        [mb-solr] 14yvanzo merged pull request #47 (03master…mitigate-cve-2021-44228): Mitigation for CVE-2021-44228 https://github.com/metabrainz/mb-solr/pull/47

        • 2021-12-13 34733, 2021

      • Freso
        Others up for review today: reosarevok, yvanzo, bitmap, akshat, zas, ruaok, monkey, lucifer, alastairp, Freso – anyone else who wants to give review, let me know ASAP.

        • 2021-12-13 34733, 2021

      • Freso
        reosarevok: Go!

        • 2021-12-13 34741, 2021

      • reosarevok
        Hi!

        • 2021-12-13 34758, 2021

      • zas
        bitmap, reosarevok : IP blocked

        • 2021-12-13 34722, 2021

      • reosarevok
        I worked on updating open PRs to the latest master and fixing eslint / Perl::Critic issues found by new rules

        • 2021-12-13 34741, 2021

      • TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | BookBrainz: #bookbrainz | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Agenda: Reviews, MB team ignoring telegram (ruaok), upcoming meeting(s) (Freso) [postponed: gravatar (MD5 adresses) (cat)]

        • 2021-12-13 34746, 2021

      • reosarevok
        And also worked a ton on MBS-11312

        • 2021-12-13 34747, 2021

      • BrainzBot
        MBS-11312: Allow admins to modify edit notes https://tickets.metabrainz.org/browse/MBS-11312

        • 2021-12-13 34758, 2021

      • reosarevok
        Which is now working, but needs eyes of course

        • 2021-12-13 34715, 2021

      • reosarevok
        Plus some more admin tools

        • 2021-12-13 34727, 2021

      • reosarevok
        Fin. mayhem?

        • 2021-12-13 34720, 2021

      • Freso
        ruaok? 😂

        • 2021-12-13 34725, 2021

      • mayhem
        sorry.

        • 2021-12-13 34742, 2021

      • mayhem
        last week was all about year in music and almost nothing else.

        • 2021-12-13 34755, 2021

      • mayhem
        I'v got 4 playlists being generated and I'm putting on the finishing touches now.

        • 2021-12-13 34721, 2021

      • mayhem
        I'll start generating data tomorrow, with the goal of releasing them on wednesday as planned.

        • 2021-12-13 34725, 2021

      • mayhem
        fin. alastairp?

        • 2021-12-13 34729, 2021

      • alastairp
        hi

        • 2021-12-13 34735, 2021

      • alastairp
        last week I fixed a few quality of life bugs in LB (double log messages, files owned by root on linux)

        • 2021-12-13 34758, 2021

      • alastairp
        I started to write a submitter for genres, but managed to delete it somehow :( redoing that now