Other than that, I worked on our docker containers dashboard, thanks to atj! I need to add some plugins to react bs datatable for which I was looking to connect with the actual dev and make PRs there
Plus the work on Design system, MB and LB revamp has been ongoing simultaneously
That's about it for me. Go mayhem!
TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | BookBrainz: #bookbrainz | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Agenda: Reviews, Congratulate GSoC students (alastair), MeB-wide Oauth (lucifer), Securing MeB infrastructure - part 4
mayhem
right-o.
last week I was mostly on vacation, except for being around for the schema change and having nothing at all to do.
!m MB team
BrainzBot
You're doing good work, MB team!
monkey
+1
Freso
(Others still up: alastairp, atj, lucifer, yvanzo, Freso – anyone else who to give review, let me know ASAP! :))
mayhem
thursday and friday I got back into the swing of things and looked over the gsoc situation and immediately acted on a suggestion on how to improve one tricky situation.
lucifer
Freso: i already went :)
mayhem
so, there is a seekrit project in the wings that we hope to unveil wednesday after the board meeting tomorrow.
akshaaatt likes seekrits
I also created a PR for adding release_tags to the mb metadata cache only to realize that that was pointless and that I should be returning release-group tags. lol. one step forward...
and today I spent most of the lining up the ducks for the board meeting, collecting financial data and writing up notes for the agenda for tomorrow.
ready to roll!
yvanzo: go!
yvanzo
Hi!
The two past weeks were mostly dedicated to the MB database schema change.
After that, search indexes have been rebuilt, setting recording’s first release date, and catching up with missed updates.
Unfortunately it made search to be barely usable for a long time.
Freso
(Only alastairp, atj, and myself (Freso) left on my list for reviews. Last call for anyone else who wish to give a review!)
Plus some maintenance tasks with sir, trille, and MB website 5xx.
Fin. Go alastairp!
alastairp
hi!
I helped with some LB functionality to keep it up during the musicbrainz schema update
mayhem
thank you!
alastairp
I reviewed some of Ansh's PRs for BB, and updated some missing functionality that I found (thanks lucifer for helping debug this). I also released a new version of the BU test database that uses the new schema release
I started to write some docs for LB for the data mapping and to answer some deployment questions that I had that I wanted to write down for future me
as monkey said, we made some improvements to brainzbot, and also broke some other things (sorry about that). We're going to have a pending task soon to upgrade this, as the server and dependencies are quite old and sad.
atj: next up?
atj
hi
last week I didn't get a great deal done due to work and life keeping me busy
I managed to progress the docker dashboard page a bit with akshaaatt, and anonymised the data to make it safe to publish on the internet
(for testing and development)
Freso
Thank you, alastairp and monkey :bowing:
atj
I fixed a minor issue with the netplan ansible role that zas uncovered when deploying aretha
I think that's about it, Freso?
Freso
🙋
I did a wee bit more of trying to coordinate about the tg/#mb bridge, other than that been dealing with flags, reports, and being around/about.
And this weekend I helped out with a 3-day fundraiser for three trans rights organisations actively fighting the on-going genocide of trans kids in the US and UK. Still recovering from that. :)
fin.
And that’s all for reviews! Thank you all for yours!
We have a few more topics on the agenda today, so let’s get to it:
lucifer
!m Freso
BrainzBot
You're doing good work, Freso!
Freso
alastair: Congratulate GSoC students
alastairp
I guess we've done this a few times over the last few days
but welcome skelly37, Ansh, yellowhatpro, riksucks , PrathameshG and Shubh to MeB for GSoC this year!
Freso
🙌
monkey
🎉🎉🎉 I see great potential this year !
alastairp
you're welcome to stick around for the meetings, that happen at this time every week. if you want to say anything, let Freso know
once gsoc starts properly, we can get you on the regular rotation for the meetings
that's it, thanks Freso
Freso
Thanks alastairp :) - and congrats to the students!
NExt up…
lucifer: MeB-wide Oauth
lucifer
hi all!
TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | BookBrainz: #bookbrainz | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Agenda: MeB-wide Oauth (lucifer), Securing MeB infrastructure - part 4
for the past few years, we have been discussing moving the Oauth stuff over to MeB from MB.
the intent is to move over both user accounts and oauth applications to MeB. users create an account on meb.org and then all other projects can then communicate with MeB Oauth to create that user's account inside that project.
the greater benefits are on the Oauth side though, as it allows us to implement OAuth once and add project specific scopes instead of implementing oauth in each project again and again.
alastairp
and also allow for someone to sign in once (for example on LB) and be able to add tags to MB or reviews to CB without logging in again
lucifer
yup that too, also to enable some BrainzPlayer use cases iirc.
monkey
Yes
lucifer
thoughts on how we should go about this?
we have 2 things to do: 1) implement OAuth apps on MeB.org 2) move users and oauth apps to MeB.org from MB.
mayhem
hmm. I think it might be best if alastair, you and I discuss this in a smaller group rather than the weekly meeting.
alastairp
mayhem mentioned that it would be a good idea to get everyone together (including MB team) after the schema change to see if this is something that we could all work on together to get done
although yes - maybe we require some more offline planning first?
Freso
We should probably also move Discourse auth (which is not OAuth) to MeB.o then, since users may have MeB accounts but not MB ones. I’ll try and jot down some thoughts on this in the document.
monkey
Similarly I can add BB use-cases
lucifer
planning more in a smaller group makes sense.
mayhem
I think so, we need to understand what we are doing -- its been too long for me to jump in and speak cogently about it.
monkey
(they'll most probably align to what I've seen in the document)
alastairp
if anyone else feels that they are knowledgeable in oauth then please let us know and join in these discussions, as I have a bunch of general ideas about how I think oauth works and how it could work for us, but I'm not sure if any of it is actually grounded in truth
lucifer
meanwhile all can add their suggestions to the document?
monkey
Similarly if anyone has good reading resources about oauth I'm a taker
yvanzo
It seems there is a need for more work on specification.
rdswift
Is this change to MeB accounts for oauth going to also impact Picard?
mayhem
if picard logs into MB, then very likely yes.
lucifer
yvanzo: yes indeed.
zas
it does
monkey
And also impacts DB replication packages and such?
mayhem
monkey: less likely.
alastairp
monkey: probably not much
monkey
Good
yvanzo
We should probably have each project to document their needs.
alastairp
so - let's some of us talk about this in more detail, and then potentially plan a month where we can all work on this feature together?
mayhem
yes.
yvanzo
It’s a good example of documenting projects’ external dependencies (as discussed recently).
mayhem
perhaps you I can take a first stab at getting up to speed next time you're in the office
monkey
I'd like to join
alastairp
yvanzo: I started writing some notes about needs in that document, though not directly as a list of requirements per prokect
zas
currently Picard users are logging in using MB account (token), we need to take care to ensure old versions of Picard still work, at least for a while
alastairp
zas: thanks, I added it to the doc
monkey
> AFAIK, OB is the only user of MeB OAuth
Is that the case?
(OfficeBrainz)
mayhem
could be
Freso
(We have about 13 min left. Do we want to talk OAuth for the rest of this and move Securing MeB infrastructure - part 4 to next week?)
mayhem
this convo is dying. lets close it.
Freso
Alright. My understanding is that the various projects document their OAuth etc. needs in that document and then we have a meeting later with more discussion?
mayhem
sure
Freso
Great. Moving on. :)
Securing MeB infrastructure - part 4
yvanzo
We were at “Reducing docker container capabilities”
Not “everything” run as root/root but those which still do (such as sir) should avoid it.
alastairp
LB does
yvanzo
I’m not sure which other projects are concerned.
(MBS doesn’t)
monkey
I think BB does too, but need to check the node base image
alastairp
I think that this item is kind of in two parts, is that right? one is running as a non-root user in the container
and the other is about reducing the capabilities of a docker container by only allowing a user to do certain things
I'm not certain, but I think that the first can also be achieved by the second? You can say "even if you're root in this container you can't do <certain thing>"?
zas, atj: Has this point been added by one of you?
alastairp
> This means that in most cases, containers do not need “real” root privileges at all. And therefore, containers can run with a reduced capability set; meaning that “root” within a container has much less privileges than the real “root”. For instance, it is possible to:
this part
Freso
(5 min left)
lucifer
i think this is more of a look into it thing? (we discussed it briefly as part of other stuff iirc)
alastairp
I think it makes sense to look into running all of our containers as non-root
lucifer
yup makes sense
alastairp
and perhaps the capabilities/rootless stuff can go on the "in the distant future" backburner
zas
yvanzo: I guess that's atj, but that's a good point. Though, capabilities aren't always easy to manage.
yvanzo
This should be discussed again with atj next time then.
alastairp
for now are we happy to have all contractors in a `docker`/`sudo` group to be able to run docker commands?
if so, I recommend that we shelve this idea for now
yvanzo
just postpone the discussion, we are running out of time and missing the main initiator.
mayhem
yeah, I am too fried for this.
alastairp
I remember that it was added as a "let's look at this and see if it makes sense for our case"
definitey not as a point that we absolutely need to implement
yvanzo
Thanks!
Freso
I think that’s as fine a place to end as any then… :)
Thank you all for your time! Stay safe, remember to wear a mask and remember to wear sunscreen!
</BANG>
monkey
👋
alastairp
thanks all
yvanzo
MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | BookBrainz: #bookbrainz | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Agenda: MeB infrastructure - part 4 with atj
TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | BookBrainz: #bookbrainz | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Agenda: MeB infrastructure - part 4 with atj
ansh
alastairp I was setting up BB on wolf and while building docker, I got the following error.
