#metabrainz

/

      • ultimateriff has left the channel

        • 2025-12-17 35130, 2025

      • _BrainzGit
        [listenbrainz-android] 14dependabot[bot] opened pull request #633 (03dev…dependabot/github_actions/dev/actions/upload-artifact-6): Bump actions/upload-artifact from 5 to 6 https://github.com/metabrainz/listenbrainz-androi…

        • 2025-12-17 35156, 2025

      • v6lur has quit

        • 2025-12-17 35128, 2025

      • _BrainzGit
        [listenbrainz-server] 14LullabiesAndAshes opened pull request #3453 (03master…jewelcase): Add Jewelcase to AddData.tsx https://github.com/metabrainz/listenbrainz-server…

        • 2025-12-17 35123, 2025

      • ultimateriff joined the channel

        • 2025-12-17 35117, 2025

      • ultimateriff has left the channel

        • 2025-12-17 35124, 2025

      • HemangMishra[m]
        <studggle[m]> "Hi everyone 👋..." <- Hello studggle,

        • 2025-12-17 35124, 2025

      • HemangMishra[m]
        Yes, u can open issues on GitHub issues itself in case you face any issues. You may ping us here in case of any doubts or queries.

        • 2025-12-17 35159, 2025

      • Kladky joined the channel

        • 2025-12-17 35131, 2025

      • anuj_ joined the channel

        • 2025-12-17 35152, 2025

      • ApeKattQuest joined the channel

        • 2025-12-17 35153, 2025

      • aerozol[m]
        Hey MB team ( I guess mainly yvanzo reosarevok bitmap ), I've been posting MB server updates to the socials when I see them. Would you like me to always do them 'officially'? I think I already asked and you said yes, but I'm thinking of adding a nice graphic like I do with LB, so I wanted to check again, and that an image would be OK with everyone :)

        • 2025-12-17 35131, 2025

      • reosarevok[m]
        Well, is the image going to have a graph like "LOOK HOW LITTLE THEY DID THIS TIME, LAZYASSES"?

        • 2025-12-17 35137, 2025

      • reosarevok[m]
        If not, I can't see why it would be a problem

        • 2025-12-17 35149, 2025

      • reosarevok[m]
        (if yes, it's also not a problem for me but it might be for others 😝)

        • 2025-12-17 35123, 2025

      • aerozol[m]
        Aw man I was just going to do a static image, but now I'm thinking about that graph

        • 2025-12-17 35144, 2025

      • aerozol[m] uploaded an image: (189KiB) < https://matrix.chatbrainz.org/_matrix/media/v3/download/matrix.org/VWOsgbDqhlPOyoykCRNsBZot/image.png >

        • 2025-12-17 35153, 2025

      • aerozol[m]
        That's is the LB one I do

        • 2025-12-17 35115, 2025

      • aerozol[m] uploaded an image: (251KiB) < https://matrix.chatbrainz.org/_matrix/media/v3/download/matrix.org/hWbCNbwJXRSSVNRvNWmEvcll/image.png >

        • 2025-12-17 35121, 2025

      • aerozol[m]
        Fancier for big or visual releases

        • 2025-12-17 35139, 2025

      • aerozol[m]
        I'd probably just do the same, maybe using a MB 'crate' pic from here: https://metabrainz.org/datasets

        • 2025-12-17 35157, 2025

      • aerozol[m]
        Not much more work, and sets it apart from other posts a bit

        • 2025-12-17 35156, 2025

      • reosarevok[m]
        Works for me

        • 2025-12-17 35113, 2025

      • anuj_ has quit

        • 2025-12-17 35145, 2025

      • op3kay[m]
        reosarevok: regarding the Areabot - currently almost everything is stored in notebooks. As of right now, the notebooks are able to fetch countries subdivisions and cities from wikidata and even able to compare them to the data in the musicbrainz to tell which ones are not present in the db yet.That being said, there is no single file that runs this code in sync and seem unorganized. And there seems to be no logic for linking

        • 2025-12-17 35145, 2025

      • op3kay[m]
        relationships. Im thinking we should first create a pipeline to see a list of diff between the mb db and the ones we get from querying wikidata along with some error handling for duplicates and so.

        • 2025-12-17 35115, 2025

      • ApeKattQuest has quit

        • 2025-12-17 35115, 2025

      • ApeKattQuest joined the channel

        • 2025-12-17 35103, 2025

      • ApeKattQuest has quit

        • 2025-12-17 35154, 2025

      • monkey[m]1
        lucifer: If you have time, can I ask to review ansh's PRs relating to YIM in priority, so we can recalculate the data and add the missing elements on the page and do more testing?

        • 2025-12-17 35113, 2025

      • lucifer[m]
        monkey: will do

        • 2025-12-17 35111, 2025

      • monkey[m]1
        I've been going over the design with aerozol, I think we're getting to a good point now with only minor improvements.

        • 2025-12-17 35138, 2025

      • monkey[m]1
        After adding those elements and calculating the data I'll ask for beta testers on the LB channel

        • 2025-12-17 35147, 2025

      • monkey[m]1
        I mean, I guess I could ask now

        • 2025-12-17 35107, 2025

      • lucifer[m]
        sounds good

        • 2025-12-17 35101, 2025

      • derat[m] has quit

        • 2025-12-17 35129, 2025

      • _BrainzGit
        [listenbrainz-server] 14anshg1214 opened pull request #3454 (03master…ansh/improve-yim-stat-calculation): feat: improve new release for top artist calculation https://github.com/metabrainz/listenbrainz-server…

        • 2025-12-17 35109, 2025

      • FaizanAkhtar[m] uploaded an image: (1890KiB) < https://matrix.chatbrainz.org/_matrix/media/v3/download/matrix.org/tqrkpWJzJfBPauvpbOqvWOrJ/Screenshot%202025-12-17%20at%208.04.42%E2%80%AFPM.png >

        • 2025-12-17 35129, 2025

      • FaizanAkhtar[m]
        monkey: Hi.... I have implemented all the improvements you suggested....the album page now shows the track count followed by the total duration on a single line uses humanize-duration handles singular/plural correctly and matches the existing style I have also manually verified the total duration by summing all track lengths ..........please let me know if this looks good now....

        • 2025-12-17 35110, 2025

      • monkey[m]1
        Thanks for working on that, I'll have another review when I can

        • 2025-12-17 35123, 2025

      • bitmap[m]
        aerozol: I don't have any problem with a graphic. that sound fine, thank you!

        • 2025-12-17 35136, 2025

      • bitmap[m]
        reosarevok: yvanzo: hi, around?

        • 2025-12-17 35143, 2025

      • yvanzo[m]
        Hi!

        • 2025-12-17 35145, 2025

      • reosarevok[m]
        Hi!

        • 2025-12-17 35151, 2025

      • monkey[m]1
        Hi! 🙈

        • 2025-12-17 35108, 2025

      • bitmap[m]
        I don't have much more to report on the oauth/meb account side since yesterday, but maybe we can discuss the digest auth changes I mentioned last week?

        • 2025-12-17 35158, 2025

      • reosarevok[m]
        I have nothing to report either else from what we already know

        • 2025-12-17 35139, 2025

      • reosarevok[m]
        yvanzo: anything from your side?

        • 2025-12-17 35102, 2025

      • reosarevok[m]
        If not (or after that) we can move on to the discussions

        • 2025-12-17 35106, 2025

      • yvanzo[m]
        bitmap: Just submitted a partial review of your PR.

        • 2025-12-17 35111, 2025

      • bitmap[m]
        re: digest auth, referring to https://chatlogs.metabrainz.org/libera/metabrainz…

        • 2025-12-17 35133, 2025

      • bitmap[m]
        yvanzo: cool, thank you, I'll take a look later

        • 2025-12-17 35105, 2025

      • reosarevok[m]
        bitmap: can you remind us when and how this was used?

        • 2025-12-17 35134, 2025

      • bitmap[m]
        it is/was used by clients to authenticate web service requests

        • 2025-12-17 35115, 2025

      • bitmap[m]
        prior to oauth, it was the only method available, and until recently, was still referenced as being required for authentication on the wiki

        • 2025-12-17 35123, 2025

      • reosarevok[m]
        So, for auth when checking your own collections and whatnot in the API?

        • 2025-12-17 35140, 2025

      • bitmap[m]
        for any request that requires authentication, yes

        • 2025-12-17 35138, 2025

      • bitmap[m]
        and there have been plans for deprecating it since 2013 or earlier - see MBS-9207 and MBS-9209 and MBS-9384

        • 2025-12-17 35138, 2025

      • BrainzBot
        MBS-9207: Disallow HTTP Digest authentication https://tickets.metabrainz.org/browse/MBS-9207

        • 2025-12-17 35138, 2025

      • BrainzBot
        MBS-9209: Allow individual users to opt out of HTTP Digest auth https://tickets.metabrainz.org/browse/MBS-9209

        • 2025-12-17 35138, 2025

      • BrainzBot
        MBS-9384: Digest authentication fails for accounts where the username has been changed https://tickets.metabrainz.org/browse/MBS-9384

        • 2025-12-17 35139, 2025

      • NOTICE: ● MBS-9207 (https://tickets.metabrainz.org/browse/MBS-9207): Disallow HTTP Digest authentication

        • 2025-12-17 35140, 2025

      • NOTICE: ● MBS-9209 (https://tickets.metabrainz.org/browse/MBS-9209): Allow individual users to opt out of HTTP Digest auth

        • 2025-12-17 35141, 2025

      • NOTICE: ● MBS-9384 (https://tickets.metabrainz.org/browse/MBS-9384): Digest authentication fails for accounts where the username has been changed

        • 2025-12-17 35105, 2025

      • reosarevok[m]
        Oh, wait, this is a third way, on top of oauth or just entering your username and password

        • 2025-12-17 35135, 2025

      • bitmap[m]
        nonetheless it's a breaking change and I don't have any statistics on how often it's being used

        • 2025-12-17 35150, 2025

      • reosarevok[m]
        Is this something zas can get stats on?

        • 2025-12-17 35100, 2025

      • bitmap[m]
        well, this also uses your username and password

        • 2025-12-17 35106, 2025

      • reosarevok[m]
        In any case, if MeB does not implement it, we clearly should drop it

        • 2025-12-17 35126, 2025

      • reosarevok[m]
        Yeah I mean "in addition to the one I know where the browser gives you a username + password form" :)

        • 2025-12-17 35157, 2025

      • bitmap[m]
        depending on how much usage it has we could consider allowing users to opt-in by supplying a separate password from their main account password to calculate the ha1 value

        • 2025-12-17 35144, 2025

      • reosarevok[m]
        I mean, potentially if it needs to avoid breakage

        • 2025-12-17 35156, 2025

      • reosarevok[m]
        But we probably want to eventually remove it anyway, right?

        • 2025-12-17 35157, 2025

      • yvanzo[m]
        right

        • 2025-12-17 35156, 2025

      • yvanzo[m]
        Implementing the opt-in solution would probably be much more work than gathering usage stats.

        • 2025-12-17 35124, 2025

      • bitmap[m]
        yes but we should likely keep some kind of compatibility option for /ws/2, since it was the only authentication method for a long time and likely used by a lot of libraries still

        • 2025-12-17 35155, 2025

      • yvanzo[m]
        That changes everything.

        • 2025-12-17 35158, 2025

      • bitmap[m]
        e.g. python-musicbrainzngs uses digest auth

        • 2025-12-17 35107, 2025

      • yvanzo[m]
        So usage is high anyway.

        • 2025-12-17 35141, 2025

      • bitmap[m]
        it could be. it sounds like we should collect stats first anyway

        • 2025-12-17 35141, 2025

      • reosarevok[m]
        but if we add an opt-in method, that's also a breaking option

        • 2025-12-17 35158, 2025

      • reosarevok[m]
        In the sense that the library won't work without the user doing extra unexpected things

        • 2025-12-17 35114, 2025

      • reosarevok[m]
        I guess if the user cannot choose to move to oauth, maybe we still need to support this though

        • 2025-12-17 35120, 2025

      • reosarevok[m]
        And deprecate it with ws/2

        • 2025-12-17 35124, 2025

      • bitmap[m]
        it would force the user to enter a different password, but it would allow the application to function without any changes

        • 2025-12-17 35123, 2025

      • yvanzo[m]
        Your plan is sound.

        • 2025-12-17 35102, 2025

      • reosarevok[m]
        Yeah, it doesn't seem ideal but it does seem like the least bad of all the available options given the situation

        • 2025-12-17 35100, 2025

      • reosarevok[m]
        The idea of a second password is that if that one got broken via ha1, the evildoer could only access the few things accessible via API?

        • 2025-12-17 35151, 2025

      • aereaux joined the channel

        • 2025-12-17 35118, 2025

      • bitmap[m]
        yes, and since it would be opt-in, the user would be made aware of the risks

        • 2025-12-17 35143, 2025

      • reosarevok[m]
        Not that they would have much of a choice depending on their library

        • 2025-12-17 35146, 2025

      • reosarevok[m]
        But yeah

        • 2025-12-17 35103, 2025

      • aereaux
        Is this the proper place to come for chatbrainz issues? When using the IRC bridge, I see `{"errcode":"M_NOT_FOUND","error":"Not found"}` for any attachments. I think that's related to something like this: https://mementomori.social/@rolle/113732824034474… . Is this something that can be fixed?

        • 2025-12-17 35118, 2025

      • bitmap[m]
        let's start with collection metrics, anyway, and see how many user agents are still requiring it

        • 2025-12-17 35122, 2025

      • reosarevok[m]
        Seems good :)

        • 2025-12-17 35145, 2025

      • reosarevok[m]
        I understand if we want to avoid breakage we'll need to have this alternative ready by the time MeB Oauth is released though?

        • 2025-12-17 35156, 2025

      • bitmap[m]
        technically we would still be storing the ha1 value associated with their current MB account password, and that won't break

        • 2025-12-17 35128, 2025

      • bitmap[m]
        at the same time it won't updated at all if they change their MeB username or password

        • 2025-12-17 35138, 2025

      • bitmap[m]
        * it won't be updated at

        • 2025-12-17 35157, 2025

      • yvanzo[m]
        Users should be informed about the MB separate password for ws/2 (and any other usage?) through the MeB username/password editing form.

        • 2025-12-17 35101, 2025

      • reosarevok[m]
        Oh. I kinda expected us to drop that ha1 to avoid issues in case of a leak

        • 2025-12-17 35124, 2025

      • bitmap[m]
        I mean we'll blank the field once the separate password can be set, but the risk of a leak isn't any greater than it has been before

        • 2025-12-17 35129, 2025

      • reosarevok[m]
        Fair

        • 2025-12-17 35103, 2025

      • reosarevok[m]
        So what happens if they change their pass before we can set a new one?

        • 2025-12-17 35110, 2025

      • reosarevok[m]
        (re: informing the user)

        • 2025-12-17 35116, 2025

      • yvanzo[m]
        (?)

        • 2025-12-17 35114, 2025

      • yvanzo[m]
        I don't understand your question, or I guess there is some misunderstanding that led to this question.

        • 2025-12-17 35112, 2025

      • reosarevok[m]
        "technically we would still be storing the ha1 value associated with their current MB account password, and that won't break. at the same time it won't be updated at all if they change their MeB username or password"

        • 2025-12-17 35119, 2025

      • Jade[m]
        <aereaux> "Is this the proper place to come..." <- https://github.com/spantaleev/matrix-docker-ansib…

        • 2025-12-17 35139, 2025

      • reosarevok[m]
        So if they change their MB password or username, I understand the log in option would break since we do not update the ha1 anymore?

        • 2025-12-17 35157, 2025

      • reosarevok[m]
        (until the time we allow them to set a separate pass for this)

        • 2025-12-17 35145, 2025

      • yvanzo[m]
        The MB ha1 should be valid at the time we move to MeB OAuth.

        • 2025-12-17 35154, 2025

      • bitmap[m]
        yes, but I'll aim to have something implemented that we can release at the same time

        • 2025-12-17 35121, 2025

      • bitmap[m]
        was just pointing out that the switchover won't immediately break every ha1 in case something isn't ready

        • 2025-12-17 35127, 2025

      • yvanzo[m]
        Absolutely, the solution must be implemented before the switchover.

        • 2025-12-17 35159, 2025

      • yvanzo[m]
        Does that answer your question reosarevok ?

        • 2025-12-17 35117, 2025

      • reosarevok[m]
        Sure, if we agree to postpone the switchover if needed until this is ready then I have no worries

        • 2025-12-17 35155, 2025

      • aereaux
        Jade[m], thanks! Is there anything I can do now to get the message by changing the URL, or is there nothing I can do but wait? Specifically for a DM I received that just said to go to a URL to see the full message

        • 2025-12-17 35145, 2025

      • v6lur joined the channel

        • 2025-12-17 35155, 2025

      • bitmap[m]
        zas: would it be trivial to have openresty log all /ws/2 requests using 'Digest' in the authorization header to a separate file?

        • 2025-12-17 35119, 2025

      • bitmap[m]
        alternatively I can implement something on the MBS side

        • 2025-12-17 35142, 2025

      • v6lur has quit

        • 2025-12-17 35117, 2025

      • v6lur joined the channel

        • 2025-12-17 35122, 2025

      • yvanzo[m]
        Anything else about digest auth?

        • 2025-12-17 35123, 2025

      • reosarevok[m]
        What is the level of use where we'd be willing to just drop it?

        • 2025-12-17 35148, 2025

      • v6lur has quit

        • 2025-12-17 35154, 2025

      • yvanzo[m]
        There is no doubt that it is used for the API.

        • 2025-12-17 35157, 2025

      • reosarevok[m]
        (I'm assuming if we want to know the usage is because it will potentially affect whether we implement this or not)

        • 2025-12-17 35117, 2025

      • reosarevok[m]
        (otherwise, we should just implement it anyway and knowing the usage is mostly just out of curiosity, right?)

        • 2025-12-17 35125, 2025

      • yvanzo[m]
        So it is out of question to just drop it.

        • 2025-12-17 35135, 2025

      • v6lur joined the channel

        • 2025-12-17 35142, 2025

      • v6lur has quit

        • 2025-12-17 35122, 2025

      • reosarevok[m]
        In that case I would just concentrate on implementing the alternative and I don't see them need to implement data collection at the moment

        • 2025-12-17 35127, 2025

      • yvanzo[m]
        See above (17:19) about compatibility option for /ws/2.

        • 2025-12-17 35130, 2025

      • reosarevok[m]
        (of course if it's trivial, sure, never hurts to know)

        • 2025-12-17 35157, 2025

      • v6lur joined the channel

        • 2025-12-17 35117, 2025

      • bitmap[m]
        reosarevok: I would like to find out what the major applications or user agents using it are so that perhaps we can see if they are still maintained and can be updated to use oauth. but I plan to implement these changes regardless

        • 2025-12-17 35137, 2025

      • yvanzo[m]
        As you said, we will discontinue it in the future with /ws/2, so it would be nice to see if there is more than /ws/2 usage for future deprecation.

        • 2025-12-17 35146, 2025

      • reosarevok[m]
        Ok, gotcha, so these are two things that can happen at the same time, not a prerequisite

        • 2025-12-17 35107, 2025

      • reosarevok[m]
        I just wanted to make sure we didn't wait too long for the data analysis before working on this

        • 2025-12-17 35119, 2025

      • v6lur has quit

        • 2025-12-17 35132, 2025

      • bitmap[m]
        nothing else from me on the digest auth topic :)

        • 2025-12-17 35110, 2025

      • reosarevok[m]
        Ok, thanks!

        • 2025-12-17 35119, 2025

      • reosarevok[m]
        No further topics from me at the time either

        • 2025-12-17 35122, 2025

      • reosarevok[m]
        yvanzo, you?

        • 2025-12-17 35136, 2025

      • yvanzo[m]
        Me neither.

        • 2025-12-17 35143, 2025

      • reosarevok[m]
        Then thanks all!

        • 2025-12-17 35149, 2025

      • yvanzo[m]
        Hi aerozol, I used to post to socials when releasing MBS updates. Thanks for having taken it over in my absence. It would be great to have identifiable graphic indeed, thank you.

        • 2025-12-17 35154, 2025

      • reosarevok[m]
        Next Wed is a bit too festive