Other than that, I worked on our docker containers dashboard, thanks to atj! I need to add some plugins to react bs datatable for which I was looking to connect with the actual dev and make PRs there
2022-05-23 14353, 2022
akshaaatt
Plus the work on Design system, MB and LB revamp has been ongoing simultaneously
2022-05-23 14308, 2022
akshaaatt
That's about it for me. Go mayhem!
2022-05-23 14312, 2022
TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | BookBrainz: #bookbrainz | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Agenda: Reviews, Congratulate GSoC students (alastair), MeB-wide Oauth (lucifer), Securing MeB infrastructure - part 4
2022-05-23 14317, 2022
mayhem
right-o.
2022-05-23 14341, 2022
mayhem
last week I was mostly on vacation, except for being around for the schema change and having nothing at all to do.
2022-05-23 14347, 2022
mayhem
!m MB team
2022-05-23 14347, 2022
BrainzBot
You're doing good work, MB team!
2022-05-23 14354, 2022
monkey
+1
2022-05-23 14320, 2022
Freso
(Others still up: alastairp, atj, lucifer, yvanzo, Freso – anyone else who to give review, let me know ASAP! :))
2022-05-23 14328, 2022
mayhem
thursday and friday I got back into the swing of things and looked over the gsoc situation and immediately acted on a suggestion on how to improve one tricky situation.
2022-05-23 14338, 2022
lucifer
Freso: i already went :)
2022-05-23 14357, 2022
mayhem
so, there is a seekrit project in the wings that we hope to unveil wednesday after the board meeting tomorrow.
2022-05-23 14334, 2022
akshaaatt likes seekrits
2022-05-23 14341, 2022
mayhem
I also created a PR for adding release_tags to the mb metadata cache only to realize that that was pointless and that I should be returning release-group tags. lol. one step forward...
2022-05-23 14312, 2022
mayhem
and today I spent most of the lining up the ducks for the board meeting, collecting financial data and writing up notes for the agenda for tomorrow.
2022-05-23 14318, 2022
mayhem
ready to roll!
2022-05-23 14323, 2022
mayhem
yvanzo: go!
2022-05-23 14331, 2022
yvanzo
Hi!
2022-05-23 14346, 2022
yvanzo
The two past weeks were mostly dedicated to the MB database schema change.
2022-05-23 14317, 2022
yvanzo
After that, search indexes have been rebuilt, setting recording’s first release date, and catching up with missed updates.
2022-05-23 14355, 2022
yvanzo
Unfortunately it made search to be barely usable for a long time.
2022-05-23 14301, 2022
Freso
(Only alastairp, atj, and myself (Freso) left on my list for reviews. Last call for anyone else who wish to give a review!)
Plus some maintenance tasks with sir, trille, and MB website 5xx.
2022-05-23 14341, 2022
yvanzo
Fin. Go alastairp!
2022-05-23 14345, 2022
alastairp
hi!
2022-05-23 14350, 2022
alastairp
I helped with some LB functionality to keep it up during the musicbrainz schema update
2022-05-23 14301, 2022
mayhem
thank you!
2022-05-23 14303, 2022
alastairp
I reviewed some of Ansh's PRs for BB, and updated some missing functionality that I found (thanks lucifer for helping debug this). I also released a new version of the BU test database that uses the new schema release
2022-05-23 14316, 2022
alastairp
I started to write some docs for LB for the data mapping and to answer some deployment questions that I had that I wanted to write down for future me
2022-05-23 14326, 2022
alastairp
as monkey said, we made some improvements to brainzbot, and also broke some other things (sorry about that). We're going to have a pending task soon to upgrade this, as the server and dependencies are quite old and sad.
2022-05-23 14332, 2022
alastairp
atj: next up?
2022-05-23 14338, 2022
atj
hi
2022-05-23 14355, 2022
atj
last week I didn't get a great deal done due to work and life keeping me busy
2022-05-23 14348, 2022
atj
I managed to progress the docker dashboard page a bit with akshaaatt, and anonymised the data to make it safe to publish on the internet
2022-05-23 14301, 2022
atj
(for testing and development)
2022-05-23 14309, 2022
Freso
Thank you, alastairp and monkey :bowing:
2022-05-23 14338, 2022
atj
I fixed a minor issue with the netplan ansible role that zas uncovered when deploying aretha
2022-05-23 14310, 2022
atj
I think that's about it, Freso?
2022-05-23 14315, 2022
Freso
🙋
2022-05-23 14358, 2022
Freso
I did a wee bit more of trying to coordinate about the tg/#mb bridge, other than that been dealing with flags, reports, and being around/about.
2022-05-23 14324, 2022
Freso
And this weekend I helped out with a 3-day fundraiser for three trans rights organisations actively fighting the on-going genocide of trans kids in the US and UK. Still recovering from that. :)
2022-05-23 14327, 2022
Freso
fin.
2022-05-23 14338, 2022
Freso
And that’s all for reviews! Thank you all for yours!
2022-05-23 14302, 2022
Freso
We have a few more topics on the agenda today, so let’s get to it:
2022-05-23 14306, 2022
lucifer
!m Freso
2022-05-23 14306, 2022
BrainzBot
You're doing good work, Freso!
2022-05-23 14307, 2022
Freso
alastair: Congratulate GSoC students
2022-05-23 14319, 2022
alastairp
I guess we've done this a few times over the last few days
2022-05-23 14333, 2022
alastairp
but welcome skelly37, Ansh, yellowhatpro, riksucks , PrathameshG and Shubh to MeB for GSoC this year!
2022-05-23 14342, 2022
Freso
🙌
2022-05-23 14347, 2022
monkey
🎉🎉🎉 I see great potential this year !
2022-05-23 14357, 2022
alastairp
you're welcome to stick around for the meetings, that happen at this time every week. if you want to say anything, let Freso know
2022-05-23 14310, 2022
alastairp
once gsoc starts properly, we can get you on the regular rotation for the meetings
2022-05-23 14313, 2022
alastairp
that's it, thanks Freso
2022-05-23 14343, 2022
Freso
Thanks alastairp :) - and congrats to the students!
2022-05-23 14350, 2022
Freso
NExt up…
2022-05-23 14351, 2022
Freso
lucifer: MeB-wide Oauth
2022-05-23 14338, 2022
lucifer
hi all!
2022-05-23 14316, 2022
TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | BookBrainz: #bookbrainz | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Agenda: MeB-wide Oauth (lucifer), Securing MeB infrastructure - part 4
2022-05-23 14325, 2022
lucifer
for the past few years, we have been discussing moving the Oauth stuff over to MeB from MB.
the intent is to move over both user accounts and oauth applications to MeB. users create an account on meb.org and then all other projects can then communicate with MeB Oauth to create that user's account inside that project.
2022-05-23 14335, 2022
lucifer
the greater benefits are on the Oauth side though, as it allows us to implement OAuth once and add project specific scopes instead of implementing oauth in each project again and again.
2022-05-23 14310, 2022
alastairp
and also allow for someone to sign in once (for example on LB) and be able to add tags to MB or reviews to CB without logging in again
2022-05-23 14344, 2022
lucifer
yup that too, also to enable some BrainzPlayer use cases iirc.
2022-05-23 14305, 2022
monkey
Yes
2022-05-23 14329, 2022
lucifer
thoughts on how we should go about this?
2022-05-23 14320, 2022
lucifer
we have 2 things to do: 1) implement OAuth apps on MeB.org 2) move users and oauth apps to MeB.org from MB.
2022-05-23 14321, 2022
mayhem
hmm. I think it might be best if alastair, you and I discuss this in a smaller group rather than the weekly meeting.
2022-05-23 14340, 2022
alastairp
mayhem mentioned that it would be a good idea to get everyone together (including MB team) after the schema change to see if this is something that we could all work on together to get done
2022-05-23 14352, 2022
alastairp
although yes - maybe we require some more offline planning first?
2022-05-23 14305, 2022
Freso
We should probably also move Discourse auth (which is not OAuth) to MeB.o then, since users may have MeB accounts but not MB ones. I’ll try and jot down some thoughts on this in the document.
2022-05-23 14330, 2022
monkey
Similarly I can add BB use-cases
2022-05-23 14335, 2022
lucifer
planning more in a smaller group makes sense.
2022-05-23 14336, 2022
mayhem
I think so, we need to understand what we are doing -- its been too long for me to jump in and speak cogently about it.
2022-05-23 14345, 2022
monkey
(they'll most probably align to what I've seen in the document)
2022-05-23 14359, 2022
alastairp
if anyone else feels that they are knowledgeable in oauth then please let us know and join in these discussions, as I have a bunch of general ideas about how I think oauth works and how it could work for us, but I'm not sure if any of it is actually grounded in truth
2022-05-23 14301, 2022
lucifer
meanwhile all can add their suggestions to the document?
2022-05-23 14326, 2022
monkey
Similarly if anyone has good reading resources about oauth I'm a taker
2022-05-23 14334, 2022
yvanzo
It seems there is a need for more work on specification.
2022-05-23 14348, 2022
rdswift
Is this change to MeB accounts for oauth going to also impact Picard?
2022-05-23 14311, 2022
mayhem
if picard logs into MB, then very likely yes.
2022-05-23 14313, 2022
lucifer
yvanzo: yes indeed.
2022-05-23 14319, 2022
zas
it does
2022-05-23 14355, 2022
monkey
And also impacts DB replication packages and such?
2022-05-23 14339, 2022
mayhem
monkey: less likely.
2022-05-23 14341, 2022
alastairp
monkey: probably not much
2022-05-23 14351, 2022
monkey
Good
2022-05-23 14311, 2022
yvanzo
We should probably have each project to document their needs.
2022-05-23 14350, 2022
alastairp
so - let's some of us talk about this in more detail, and then potentially plan a month where we can all work on this feature together?
2022-05-23 14305, 2022
mayhem
yes.
2022-05-23 14307, 2022
yvanzo
It’s a good example of documenting projects’ external dependencies (as discussed recently).
2022-05-23 14324, 2022
mayhem
perhaps you I can take a first stab at getting up to speed next time you're in the office
2022-05-23 14344, 2022
monkey
I'd like to join
2022-05-23 14346, 2022
alastairp
yvanzo: I started writing some notes about needs in that document, though not directly as a list of requirements per prokect
2022-05-23 14311, 2022
zas
currently Picard users are logging in using MB account (token), we need to take care to ensure old versions of Picard still work, at least for a while
2022-05-23 14330, 2022
alastairp
zas: thanks, I added it to the doc
2022-05-23 14351, 2022
monkey
> AFAIK, OB is the only user of MeB OAuth
2022-05-23 14351, 2022
monkey
Is that the case?
2022-05-23 14307, 2022
monkey
(OfficeBrainz)
2022-05-23 14312, 2022
mayhem
could be
2022-05-23 14327, 2022
Freso
(We have about 13 min left. Do we want to talk OAuth for the rest of this and move Securing MeB infrastructure - part 4 to next week?)
2022-05-23 14343, 2022
mayhem
this convo is dying. lets close it.
2022-05-23 14334, 2022
Freso
Alright. My understanding is that the various projects document their OAuth etc. needs in that document and then we have a meeting later with more discussion?
2022-05-23 14312, 2022
mayhem
sure
2022-05-23 14318, 2022
Freso
Great. Moving on. :)
2022-05-23 14321, 2022
Freso
Securing MeB infrastructure - part 4
2022-05-23 14348, 2022
yvanzo
We were at “Reducing docker container capabilities”
2022-05-23 14328, 2022
yvanzo
Not “everything” run as root/root but those which still do (such as sir) should avoid it.
2022-05-23 14351, 2022
alastairp
LB does
2022-05-23 14358, 2022
yvanzo
I’m not sure which other projects are concerned.
2022-05-23 14307, 2022
yvanzo
(MBS doesn’t)
2022-05-23 14325, 2022
monkey
I think BB does too, but need to check the node base image
2022-05-23 14331, 2022
alastairp
I think that this item is kind of in two parts, is that right? one is running as a non-root user in the container
2022-05-23 14350, 2022
alastairp
and the other is about reducing the capabilities of a docker container by only allowing a user to do certain things
2022-05-23 14324, 2022
alastairp
I'm not certain, but I think that the first can also be achieved by the second? You can say "even if you're root in this container you can't do <certain thing>"?
zas, atj: Has this point been added by one of you?
2022-05-23 14314, 2022
alastairp
> This means that in most cases, containers do not need “real” root privileges at all. And therefore, containers can run with a reduced capability set; meaning that “root” within a container has much less privileges than the real “root”. For instance, it is possible to:
2022-05-23 14316, 2022
alastairp
this part
2022-05-23 14313, 2022
Freso
(5 min left)
2022-05-23 14327, 2022
lucifer
i think this is more of a look into it thing? (we discussed it briefly as part of other stuff iirc)
2022-05-23 14342, 2022
alastairp
I think it makes sense to look into running all of our containers as non-root
2022-05-23 14351, 2022
lucifer
yup makes sense
2022-05-23 14359, 2022
alastairp
and perhaps the capabilities/rootless stuff can go on the "in the distant future" backburner
2022-05-23 14326, 2022
zas
yvanzo: I guess that's atj, but that's a good point. Though, capabilities aren't always easy to manage.
2022-05-23 14317, 2022
yvanzo
This should be discussed again with atj next time then.
2022-05-23 14339, 2022
alastairp
for now are we happy to have all contractors in a `docker`/`sudo` group to be able to run docker commands?
2022-05-23 14357, 2022
alastairp
if so, I recommend that we shelve this idea for now
2022-05-23 14336, 2022
yvanzo
just postpone the discussion, we are running out of time and missing the main initiator.
2022-05-23 14300, 2022
mayhem
yeah, I am too fried for this.
2022-05-23 14314, 2022
alastairp
I remember that it was added as a "let's look at this and see if it makes sense for our case"
2022-05-23 14327, 2022
alastairp
definitey not as a point that we absolutely need to implement
2022-05-23 14359, 2022
yvanzo
Thanks!
2022-05-23 14317, 2022
Freso
I think that’s as fine a place to end as any then… :)
2022-05-23 14351, 2022
Freso
Thank you all for your time! Stay safe, remember to wear a mask and remember to wear sunscreen!
2022-05-23 14353, 2022
Freso
</BANG>
2022-05-23 14304, 2022
monkey
👋
2022-05-23 14309, 2022
alastairp
thanks all
2022-05-23 14304, 2022
yvanzo
MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | BookBrainz: #bookbrainz | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Agenda: MeB infrastructure - part 4 with atj
2022-05-23 14309, 2022
TOPIC: MetaBrainz Community and Development channel | MusicBrainz non-development: #musicbrainz | BookBrainz: #bookbrainz | Channel is logged; see https://musicbrainz.org/doc/IRC for details | Agenda: MeB infrastructure - part 4 with atj
2022-05-23 14314, 2022
ansh
alastairp I was setting up BB on wolf and while building docker, I got the following error.
