ChanServ changed the topic of #freedesktop to: https://www.freedesktop.org infrastructure and online services || for questions about freedesktop.org projects, please see each project's contact || for discussions about specifications, please use https://gitlab.freedesktop.org/xdg or xdg@lists.freedesktop.org
ximion has quit []
danvet has joined #freedesktop
chomwitt has joined #freedesktop
chomwitt has quit [Remote host closed the connection]
chomwitt has joined #freedesktop
alanc has quit [Remote host closed the connection]
alanc has joined #freedesktop
vbenes has joined #freedesktop
pjakobsson has quit []
jani has quit []
chipxxx has joined #freedesktop
pjakobsson has joined #freedesktop
jani has joined #freedesktop
chip_x has quit [Ping timeout: 480 seconds]
mvlad has joined #freedesktop
pjakobsson has quit [Remote host closed the connection]
pjakobsson has joined #freedesktop
MrCooper_ has joined #freedesktop
MrCooper has quit [Ping timeout: 480 seconds]
MrCooper__ has joined #freedesktop
pendingchaos_ is now known as pendingchaos
MrCooper_ has quit [Ping timeout: 480 seconds]
[Ristovski] has left #freedesktop [#freedesktop]
Ristovski has joined #freedesktop
ximion has joined #freedesktop
ximion has quit []
fahien has joined #freedesktop
thaller is now known as Guest3846
thaller has joined #freedesktop
thaller is now known as Guest3848
thaller has joined #freedesktop
Guest3846 has quit [Ping timeout: 480 seconds]
Guest3848 has quit [Ping timeout: 480 seconds]
<thaller> Hi. As the gnome mailing lists migrate to discourse, I am wondering whether it would be possible to get a freedesktop.org mailing list of NetworkManager? If possible, how can we (NetworkManager) apply for that?
<thaller> daniels, ^
<daniels> thaller: can you please file an issue on freedesktop/freedesktop?
<thaller> daniels, will do. Thanks!
fahien has quit [Ping timeout: 480 seconds]
pkira has joined #freedesktop
fahien has joined #freedesktop
chomwitt has quit [Remote host closed the connection]
chomwitt has joined #freedesktop
<karolherbst> daniels: what's up with the gitlab account creation stuff btw? I got told by some that apparently admins hack to ack accounts?
MrCooper__ is now known as MrCooper
<MrCooper> I hope you mean "had to ack" :)
<zmike> admins=hackers confirmed
<karolherbst> ahh.. meant to write "have"
<mupuf> karolherbst: shouldn't be needed. but if you have a nick you want me to approve, I can try to do it
* mupuf approved the user, but there are some valid-looking users in the queue
<mupuf> and some date back from 2 days ago
<mupuf> bentiss, no emergency, but maybe we could have a look at it tomorrow?
<bentiss> mupuf: can you tell me which ones are "valid" and old?
<bentiss> the script validated at least one user 10 min ago, so it's more likely that people are not validating their emails, leading the script to believe they are spam
<mupuf> 0xOZ and chipunderfill appear valid. At least, they have a gravatar which makes sense for tech
<bentiss> mupuf: both have unverified email address
<bentiss> but having a gravatar could be a reason to automatically validate the user if you think it'll work
<mupuf> I see, so once they confirm their email address, then they can get approved
<mupuf> well... maybe, maybe not.
<mupuf> thanks! Will think about it :)
<bentiss> karolherbst: and yes, please ignore any gitlab account creation email, I can't make gitlab stop sending them, but they are automatically processed
<karolherbst> bentiss: the account creation page told the user that admins need to ack the account
<karolherbst> nothing about email validation
<bentiss> karolherbst: I know, but it's not something I can change without hacking gitlab, which I do not want to do
<karolherbst> well.. then maybe we shouldn't do it hten?
<karolherbst> this sounds like a really bad compromise
<bentiss> karolherbst: and have more spam accounts?
<karolherbst> blocking legit reqests is worse then not blocking spam
<karolherbst> *than
<karolherbst> so yes
<daniels> karolherbst: ... up to a certain magnitude of spam, sure
<daniels> it was getting really overwhelming before Ben put that script together
<bentiss> it's not blocking legit requests, if users open their mailbox and see that gitlab asks them to validate their account, and they do, the account is validated by a bot, which is an "admin"
<karolherbst> requiring approved emails to do things is okay, but the wording after account creationg has to be fixed
<karolherbst> this is more than confusing
kem has quit [Ping timeout: 480 seconds]
<daniels> karolherbst: 'has to' is a bit strong
<karolherbst> it was on purpose
<daniels> are you offering to do it?
<bentiss> karolherbst: not really. You get "an admin needs to validate", then you receive, "plese confirm your email", and once you confirm, you get "admin have validated your account"
<bentiss> which tecnically is correct, we need users to validate their email so we can validate their account
<bentiss> because 80% of spam accounts seem legit
<bentiss> because they learned to use fake names to create accounts and then sell anything
<karolherbst> nothing against requiring verified emails
<bentiss> karolherbst: also note that this is only for people using the create login form. If you use github or gmail, the address is automatically verified and you don't see that
<daniels> karolherbst: is this wording not clear enough when you sign up? https://usercontent.irccloud-cdn.com/file/hCzb3rpb/Screenshot%20from%202022-10-24%2016-35-58.png
<karolherbst> bentiss: yeah.. I was already assuming this was the case, but didn't check for myself
<karolherbst> daniels: well.. you might argue people should read what's written there, but some won't and then get confused about what happens after finishing the form
<karolherbst> I wouldn't have read it either
<daniels> but then why would they be more likely to read anything else we put up there?
<karolherbst> I guess it's fine keeping it this way, I am just surprised gitlab doesn't allow for a less painful approach here out of the box
ybogdano has joined #freedesktop
<bentiss> I honestly don't know how they cope with spam
<karolherbst> daniels: well.. they might try to login and see "waiting on admins approval" or something
<bentiss> karolherbst: and I am find if they find an admin to validate their account
<karolherbst> which makes sense, because at this point they really want to know why it doesn't work or why it hasn't been approved yet
<bentiss> *fine
<karolherbst> yeah.. well.. some might not ping people about this and move on
<karolherbst> which we could say is the price we pay for harsher spam control
<bentiss> the problem is we can not differentiate a legit account from a spam one when the account is created
<bentiss> and then spammers are really creative at dropping their spam
<bentiss> so this at least reduces the amount of spam we have to handle
<karolherbst> sure, but at a cost of driving away potential contributors or bug reports
kem has joined #freedesktop
<daniels> yeeeeesssss, but that's further balanced against falling off the internet if you become too prominent a source of spam
<daniels> send out spam emails? good luck being able to send anything to GMail/Outlook365
<karolherbst> so if I read the script right, it sends out the email after 30 minutes to verify?
<daniels> host spam content? good luck ever turning up on the first page of Google
<daniels> karolherbst: 10min
<karolherbst> mhhh...
<bentiss> no, karolherbst is right: 30 min
<karolherbst> well... if I can't file my bugs in minutes I won't file it at all...
<bentiss> user creation, 30 min delay, email is sent, email validated, within 10 minutes the account is validated
<karolherbst> yeah.. so there wouldn't be bugs from me then if I would be a user not using IRC
<bentiss> karolherbst: sure. I am fine with that personnaly
<karolherbst> being completely honest here
<karolherbst> yeah well.. I am obviously not, but if that's the compromise we want to have
<karolherbst> anyway, the method might not be the huge problem here if users would know exactly how that works out... maybe there is a way to make the info more obvious/apparant on the account creation page?
<bentiss> the problem I have with not delaying the verification email is I am sure the spammers have a script that creates a fake inbox, create the account, look for 5 minutes for the verification email if any, and then move one
<karolherbst> could be in bold or something
<daniels> force users to type out 'I understand that I'm going to have to wait for an email to arrive and click the link yes I have actually read the text on this page'
<karolherbst> yeah.. I totally get it on a technical level, just we have to balance it out for users with legitimate reasons to create accounts
<daniels> (though that's no guarantee either; people used to post their scores from running 'glxgears -iunderstandthatthistoolisnotabenchmark' and compare them between different GPUs/drivers/etc to see which one was better)
<karolherbst> could also say "please use social/third party logins to skip verification
<karolherbst> or change it in a way they rather use that by default
<karolherbst> how free are we about designing our gitlab account creation page anyway?
<bentiss> we can disable entirely password login, but then people won't be able to use their corporate account
<karolherbst> yeah....
<bentiss> otherwise I think we can just change the header above the form
<karolherbst> okay
<bentiss> oh, and there is the re-captcha we can disable, we often get requests about that one :)
<karolherbst> I think it we can make it bold it's more obvious for users so it's more likely they read it
<karolherbst> and pointing out no verification is needed with using github/twitter/whatever
<karolherbst> that's probably a way better compromise than what we have todya
<bentiss> hmmm... there is an "After sign-up text", but not sure when this is shown
<karolherbst> probably after you hit register, no?
<bentiss> not usre if this is when the account is validated or right after registering
<karolherbst> what does it currently way?
<karolherbst> *say
<bentiss> nothing the field is empty
<karolherbst> Ahh...
<karolherbst> anyway, If you want I can do all the rephrasing and write up. Just need to know if we have like full markdown support or not
<daniels> karolherbst: yep we do have markdown
<karolherbst> bentiss: do users have a way to delete their account before it got acked? Could also put a "if you want to skip verification delete your account $here and use github/whatever instead for account creation"
<bentiss> karolherbst: nope
<karolherbst> :(
<karolherbst> what would happen if they try it without deleting the account and it uses the same email?
<bentiss> no idea
<karolherbst> okay
<bentiss> just put the text in bold
<bentiss> 4 stars added :)
<karolherbst> okay
<bentiss> let me test the "sign-up text"
<karolherbst> Yeah, I'll think about the best phrasing here for the registering and post registering page
<karolherbst> yep
<karolherbst> if that works, we can put the info there as well, so it's more obvious on what needs to happen
<bentiss> the text field doesn't do much right after registering, but we are moving to the login page that shows the exact same message than daniels showed
<karolherbst> ahh
<karolherbst> sad
<karolherbst> Then we might want to put in there that users should use the "Sign in with" feature further below instead. "Please use the 'Sign in with' feature below, otherwise when...." or something?
* bentiss will let daniels work on the wording :)
<karolherbst> and we might also want to put in there, that it takes a bit of time until the email arrives
<karolherbst> "Please check your inbox (including spam) in roughtly 15 minutes to..."
<karolherbst> nothing more frustrating than getting told to check for emails if they arrive late
<karolherbst> *30
<karolherbst> bentiss: ohh.. what shows after login in with the new account?
<karolherbst> maybe that page shows up then?
<bentiss> karolherbst: maybe, but the test account I created (then deleted since) failed at login with too many redirects, so I gave up
<karolherbst> :(
<bentiss> and if it arrives after the validation, that's not helping us here
<karolherbst> apparently you can log in though and then the user got this "needs admin approval" message
<karolherbst> but maybe gitlab docs are documenting this.. let's see
kem has quit [Ping timeout: 480 seconds]
<karolherbst> ehh.. doesn't seem to be in the docs
kem has joined #freedesktop
fahien has quit [Quit: fahien]
eroux_ has quit [Read error: Connection reset by peer]
eroux has joined #freedesktop
ximion has joined #freedesktop
Haaninjo has joined #freedesktop
pkira has quit [Ping timeout: 480 seconds]
Kayden has quit [Quit: lunch, office]
ngcortes has joined #freedesktop
MajorBiscuit has joined #freedesktop
<gallo[m]> hi bentiss. Let me know if you need more help with the S3 migration. I reviewed your MR in piglit and tested it in Mesa.
<bentiss> gallo[m]: great, thanks a lot for all the help
<bentiss> if we can get piglit merged, having mesa done should be easier now, so I think we are almost set :)
<gallo[m]> nice! fingers crossed!
<bentiss> heh, it's not like mesa had a choice, on Nov 30 the server will be down :)
<gallo[m]> ooc, what happened with the server?
<bentiss> gallo[m]: it's not really us. We always meant to integrate that server with the rest of the gitlab deployment, but here, the server is located on a datacenter that is being decommissioned on Nov 30, and we can not spin up the exact same machine in the new DC
<bentiss> so it was either we migrate to a new system either we spin up an excessively overkilled machine for just a few TB of data
<gallo[m]> I see, that is unfortunate. Thanks for the info.
ngcortes has quit [Ping timeout: 480 seconds]
immibis has quit [Ping timeout: 480 seconds]
genpaku has quit [Remote host closed the connection]
genpaku has joined #freedesktop
ngcortes has joined #freedesktop
MajorBiscuit has quit [Read error: No route to host]
ybogdano has quit [Ping timeout: 480 seconds]
mvlad has quit [Remote host closed the connection]
ybogdano has joined #freedesktop
Kayden has joined #freedesktop
chomwitt has quit [Ping timeout: 480 seconds]
<DavidHeidelberg[m]> bentiss: Hey, can we get cross-origin allowed? `Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at` it impacts loading screenshots from traces artifacts html template
<DavidHeidelberg[m]> talking about the new s3 configuration (which replacing minio)
danvet has quit [Ping timeout: 480 seconds]
Haaninjo has quit [Quit: Ex-Chat]
ybogdano has quit [Ping timeout: 480 seconds]
ngcortes has quit [Ping timeout: 480 seconds]
ngcortes has joined #freedesktop