ChanServ changed the topic of #freedesktop to: infrastructure and online services || for questions about projects, please see each project's contact || for discussions about specifications, please use or
scrumplex_ has joined #freedesktop
scrumplex has quit [Ping timeout: 480 seconds]
gtristan has joined #freedesktop
ximion has quit []
gtristan_ has joined #freedesktop
gtristan has quit [Ping timeout: 480 seconds]
Leopold_ has quit [Ping timeout: 480 seconds]
lynxis has quit [Remote host closed the connection]
lynxis has joined #freedesktop
ybogdano1 has quit []
ybogdano has joined #freedesktop
ybogdano has quit [Remote host closed the connection]
ybogdano has joined #freedesktop
gtristan_ has quit [Ping timeout: 480 seconds]
<thaytan> mupuf, if they've built a bot that registers accounts and spams automatically I'm not sure they'll lose interest. It'll just keep plugging away
<mupuf> thaytan: the account registration looks manual. There are many usernames that look like they just mashed the keys. Something like asdasdasdfasd
<thaytan> Oh good. fingers crossed then
<mupuf> Here is an actual one "ututyuyt dsgsdg" :D
<thaytan> yeah, I reported that one earlier
<mupuf> and it's gone!
ybogdano is now known as Guest6029
ybogdano has joined #freedesktop
Guest6029 has quit [Ping timeout: 480 seconds]
ryanpavlik has quit []
ryanpavlik has joined #freedesktop
pjakobsson has quit [Remote host closed the connection]
gtristan has joined #freedesktop
miracolix has quit [Remote host closed the connection]
alanc has quit [Remote host closed the connection]
alanc has joined #freedesktop
Haaninjo has joined #freedesktop
<bentiss> doing the gitlab 15.9.1 update in a bit
gtristan_ has joined #freedesktop
gtristan has quit [Ping timeout: 480 seconds]
gtristan_ has quit [Ping timeout: 480 seconds]
danvet has joined #freedesktop
MajorBiscuit has joined #freedesktop
<bentiss> alright, this was done without any hiccups
<bentiss> daniels: do we want to enable gitlab-sshd instead of openssh?
<bentiss> the only think that is different is "gitlab-sshd does not support SSH certificates." and I don't think we have that enabled for us, no?
ximion has joined #freedesktop
MrCooper has quit [Remote host closed the connection]
MrCooper has joined #freedesktop
gtristan has joined #freedesktop
<bentiss> mupuf: -> new thing that might be of interest for the deactivation email
ximion has quit []
phasta has joined #freedesktop
<daniels> bentiss: I didn't realise anyone was using certs
<bentiss> daniels: k, then I guess we can enable gitlab-sshd. This is what uses, so better get close to them
<alatiera> do those fancy fido keys use ssh certs or do they create normal certs and normal keys to use?
<bentiss> alatiera: I think they are creating one ssh key per fido registration, so not cert.
alatiera4 has joined #freedesktop
alatiera has quit [Ping timeout: 480 seconds]
alatiera4 is now known as alatiera
<daniels> correct
<daniels> (well, they can do certs, but they can also just do regular keys - that's what I use with mine)
<daniels> bentiss: sounds good, thanks!
<daniels> bentiss: just fixed the banner notification
<emersion> can we remove the +M on this channel?
<emersion> to allow new users to request support more easily?
<daniels> sauce: akismet is enabled fwiw
<daniels> emersion: sure we can try it, we used to get absolutely smashed by spam however
<emersion> we've had an open channel in libera forever, had spam once only
<emersion> thanks!
<emersion> we can always switch it back if it's an issue
<pq> um, you didn't actually remove M, did you?
<pq> irssi thinking +M is still here
<daniels> pq: 'Channel mode set to +nt by ChanServ'
<pq> I see that, but [5:#freedesktop(+Mnt)]
<daniels> yeah, /mode #freedesktop shows the same here
* daniels shrugs
<pq> don't you need to -M instead of +nt?
DodoGTA has quit [Quit: DodoGTA]
DodoGTA has joined #freedesktop
DodoGTA has quit []
DodoGTA has joined #freedesktop
gtristan has quit [Remote host closed the connection]
gtristan has joined #freedesktop
gtristan has quit [Remote host closed the connection]
gtristan has joined #freedesktop
gtristan has quit [Remote host closed the connection]
gtristan has joined #freedesktop
gtristan has quit [Remote host closed the connection]
gtristan has joined #freedesktop
<karolherbst> daniels: do any spam accounts use social logins? Just saw the spam notice today and I was wondering if that's something we could rely on
gtristan has quit [Remote host closed the connection]
<karolherbst> like anybody signing up through github/whatever gets full access, everybody who still wants to do email + password has to do the annoying part
gtristan has joined #freedesktop
Haaninjo has quit [Ping timeout: 480 seconds]
gtristan has quit [Remote host closed the connection]
gtristan has joined #freedesktop
<emersion> and next we give out free R-b tags for people logging in via Twitter
<karolherbst> what does that have to do with anything?
<emersion> freedesktop promoting free platforms, nice
vkareh has joined #freedesktop
<karolherbst> ehhh.. I didn't come here to bikeshed, sorry
<pq> emersion, stop the sarcarm and just say what you think.
<pq> *sarcasm
<pq> Sarcasm only makes communication more difficult and agitating. It's not even funny.
<emersion> okay, sorry
<karolherbst> anyway, social logins are the best options for users already, not because we want to, just because fully open solutions suck
<pq> thanks - I have a hard time detecting sarcasm sometimes
<karolherbst> honestly.. we should just disable password logins 🙃
<emersion> what
<karolherbst> less strain on our admins
<emersion> i'll just go away and assume you're trolling
<karolherbst> I wouldn't be surprised if all spam comes in via email + password logins
<karolherbst> no, I'm dead serious
<karolherbst> if that means less work for our admins, and spam basically gone...
<emersion> if you're that serious, we should migrate to github and discord, then we don't need admins anymore
<karolherbst> if not, we have to seriously think about paying admins from foundation money
<karolherbst> yes, I am. our admins are heavily overworked and nobody seems to care and just "request everything even if it means more work". I'm at least try to be sensible here
<karolherbst> if password logins are a constant pain, we should consider ditching them
<karolherbst> or well.. _pay_ admins
gtristan has quit [Read error: Connection reset by peer]
gtristan_ has joined #freedesktop
<karolherbst> anyway.. not needing admins > demanding free work from admins
gtristan_ has quit [Remote host closed the connection]
gtristan_ has joined #freedesktop
gtristan_ has quit [Remote host closed the connection]
gtristan_ has joined #freedesktop
gtristan_ has quit [Ping timeout: 480 seconds]
gtristan has joined #freedesktop
<bentiss> karolherbst: the problem is that most spams are using google auth AFAICT, because they could create an account and immediately do their shit
<bentiss> it was relativcely hard for users+pass users to create their accounts, but it didn't stop the last wave of spam
<karolherbst> mhh
<karolherbst> I guess a lot of users are on google auth?
<bentiss> sigh... last spam user: -> no gauth ;(
gtristan has quit [Remote host closed the connection]
<karolherbst> so where is the most spam coming from? google + password?
<bentiss> same for -> not a google one
<karolherbst> how are other gitlab instances dealing with this problem?
gtristan has joined #freedesktop
<bentiss> karolherbst: in the backlog, IIRC alatiera said that gnome temporarily blocked new users entirely
<karolherbst> mhh
<karolherbst> maybe just block google then 🙃
<bentiss> and FWIW, at least with preventing users to create new projects, now the spam is way more visible to fdo maintainers, not just admins
<karolherbst> seems a lot of people are tired of their shit
<bentiss> karolherbst: again, the last 2 ones are not using google
<karolherbst> right...
<karolherbst> but in the end it's about what's the biggest source of spam
gtristan has quit [Remote host closed the connection]
<bentiss> well, too late to do stats now. When the users are nuked, we don't have a trace of them (unless digging in the db backups, which is a pain TBH)
<karolherbst> heh, fair
gtristan has joined #freedesktop
<karolherbst> I suspect you already have some IP checking stuff set up?
gtristan has quit [Remote host closed the connection]
gtristan has joined #freedesktop
<bentiss> so far, I think the best course would be to share the new users enboarding by all maintainers: a new user need to create a repo, it requests the project and the instance, then project maintainers answer a simple ack, and then a bot/sth mark the user as internal
<karolherbst> new project also means fork, no?
<bentiss> there are already limitations through akismet and reCaptcha, even if it means more people grumbling here
<bentiss> karolherbst: yeah
<karolherbst> :'(
<karolherbst> kind of don't like where this is going, because at some point nobody will bother anymore
gtristan has quit [Remote host closed the connection]
<bentiss> actually, one thing I haven't got to was work on the regex to automatically validate intel, collabora, red hat emails...
<karolherbst> yes.. but... that still doesn't address random new contributors coming in
gtristan has joined #freedesktop
<karolherbst> if you do it for your job, then you deal with the pain
<karolherbst> so it wouldn't really change anything
<bentiss> agree, and again before they were shouting in the void for help, now they can at least ask the projects to help them
<karolherbst> my point is, if I'd want to contribute patches and I'd have to request to be allowed to fork, I'd just go away
<karolherbst> and I suspect a lot of people will think the same
<alatiera> bentiss I think initially it was only gmail/outlook/otherfreemail that were blocked from registering but due to ongoing spam I think both google signin and new registrations were blocked for now
<karolherbst> maybe we should just put those restrictions for google + 🙃
<karolherbst> maybe we should also start collecting stats from where spam is comming from
<karolherbst> but what I hear is, that it's usually google where it's all coming from, either via email or other means
<karolherbst> and that google won't solve it, because nobody dares to block them
<bentiss> karolherbst: as you already said, we don't have paid admins... so getting those stas is *low* on my todo list
<karolherbst> yeah
<karolherbst> we should address it in the foundation
<karolherbst> can't continue like that
<karolherbst> and if some board member disagree, foundation members should reconsider _Strongly_ if those individuals actually act in the best interest for fdo
<karolherbst> I've heard stories where proposals like that were shot down
<bentiss> karolherbst: the new setting is live since last Friday. Do you have a lot of people complaining that they can not fork? Because all I hear was one user that wanted to have the setting back on
<karolherbst> my point is: most users won't complain and just move on
<bentiss> if we deal with 10 users a week, we can definitely have a manual process
<karolherbst> do you know how many users just move on?
<bentiss> neither do you I guess :)
<karolherbst> yeah, that's why we can't make any conclusions here
<karolherbst> sure, might be 1 who is willing to complain
<karolherbst> and we know that
<karolherbst> but maybe 50 or 100 just move on (unlikely), but we just don't know
agd5f_ has joined #freedesktop
<bentiss> TBH I think that fear of losing "contributors" who did not even bother to try to talk to the project members is rather worrying. Open Source is social by essence, so even when you want to submit a patch, you have to talk to someone, so if you can not fork but want to fix your bug, you can find a way by opening an issue on the project and saying "I've got this nice patch, how do I
<bentiss> submit it?"
agd5f has quit [Ping timeout: 480 seconds]
<bentiss> and also, I am past the point where I can take the arguments of "we should lower the entry bar so we get new contributors" because this is what we had for years, and the amount of valid users compared to spam account is really worrying, knowing that up to now, only a handful of admins were seeing them, and nobody cared really
<karolherbst> yeah.. spam is a problem and I wished I had a better solution here
<MrCooper> I agree, can't see drive-by contributions making up for the cost
<karolherbst> but without knowing where it's mostly coming from it's also hard to think about what to do.
agd5f has joined #freedesktop
<bentiss> over the week end I was thinking at an other way of entry for new contributors, but if I also think at the kernel move to gitlab, one thing that was a complain from other kernel developers was that they had to also create an account on gitlab.fd.o to be able to take part on the discussions
<karolherbst> yeah.. I'm not debating this on a "making up for the cost" ground. 1. nobody has the data and 2. nobody knows what drive-by contributor could become a strong future member. As I said, those restrictions would already have driven me away.
<karolherbst> not saying that we should keep the load for our admins
<karolherbst> and reducing the load is important
<karolherbst> it's just a twisted way to think about this
<karolherbst> yeah
<karolherbst> social logins are great here tho
<bentiss> so I wonder if we should not have a public inbox like for our projects, a bidirectional one, that drive by users could use the same old fashion as sending an email to send their patch
<karolherbst> but then you still need to fork and...
<karolherbst> yeah.. that might work
<bentiss> but I know *a lot* of developers are not happy with email patches :)
<karolherbst> might be something gitlab could also implement? dunno
<karolherbst> well
<karolherbst> could be something which turns patches into MRs
<karolherbst> but uhh
<karolherbst> the back channel would be annoying
<bentiss> we already had something like that internally, at Red Hat, but it was a pain to maintain
<karolherbst> yeah...
<karolherbst> well
<karolherbst> maybe the kernel should have its own gitlab instance instead...
<bentiss> that will never happen
<karolherbst> then we'll have to deal with having 100 gitlab instances for kernel devel
<bentiss> look at the kernel BZ, it was never meant to be official, and people still complain about it
<karolherbst> I mean.. it's under, no?
<karolherbst> (it's even linked there)
<bentiss> yes, and the fact that it is under makes it seems like it's the way to report bugs, when it's not
<karolherbst> well.. users see the "bugzilla" link on and go there
<bentiss> it was historically created to please a few maintainers, and was never said to be THE source for having bugs
agd5f_ has quit [Ping timeout: 480 seconds]
<karolherbst> anyway
<karolherbst> if there won't be a central gitlab instance for kernel devel, and people insisting on mailing lists, then the fragmentation will happen by choice
<bentiss> and now, all maintainers have to deal with the pain. There are a few threads on the LKML about retiring it, or having someone to redirect new bugs to their respective maintainers
<bentiss> Konstantin has a strong opinion against any forge, and in a way, he has a point when he says that email is the only way to have a distributed system that works for everybody
<karolherbst> but anyway, that's not doing anything for our spam problem. The biggest question in the end I think is, is the problem _that_ huge a full time admin couldn't deal with and it's just because all the admin work is voluntered time?
<daniels> pq: there we go
<pq> \o/
<emersion> thanks!
<bentiss> karolherbst: the other problem is that if you want to hire someone to deal with that sort of spam problem: I will not be that person and I doubt you'll find skilled enough persons who can deal with what we technically need for an admin and who is agreeing to review all users to check if they are spam or not
<karolherbst> ohh.. I didn't ask for a admin clicking the UI all the time
<daniels> emersion: np
<karolherbst> but more like, checking what's the source and just block it all or something
<karolherbst> or well.. do something sensible against spam
<karolherbst> like you said that it's low prio for you to do such analysis
<bentiss> karolherbst: since last Friday we had ~140 external accounts (pending approval), now the UI doesn't even want to give me the number, but it's more than 1000, over 3 days with a weekend
<bentiss> so there is no way we can manually check them, and doing stats is going to be interesting... because out of these people, I doubt we have a majority of actual users
<bentiss> not bots I mean
<karolherbst> yeah.. but I can also suspect there is some backend stuff which could be done.. like shared IP lists, whatever else there is t combat spam in a more sensible way. I don't know, but I can suspect that an expert on this topic might know what to do
<bentiss> honestly, I don't think IP blocklisting help: you can just use AWS and you have unlimitted IPs
<karolherbst> well.. but no user will use any IP AWS would ever use
<bentiss> replace with whatever cloud you want
<karolherbst> so you can just block the entire range
<karolherbst> block all clouds then
<bentiss> but then you'll have users complaining because they have to use the cloud to work around any protection of it fits their process
<karolherbst> VPN providers might be a more difficult thing to block
<karolherbst> mhh yeah.. probably
<bentiss> and we have valid users who think VPN is important
<karolherbst> could also only do the new restrictions on IPs coming from the cloud
<bentiss> same problem, people who believe it's important to be masked will do it from day 1 and will vocally complain that they have to use their true IP even once
<karolherbst> but the initial point still stands: we don't know the source of the spam
<karolherbst> so it's kind of mood to talk about it
<karolherbst> but anyway, what's the discussion about now? we shouldn't consider paying an admin, because.... there might be nothing to do to fight spam?
<bentiss> karolherbst: yeah, and furthermore gitlab doesn't have an ip blocklist in the sign-up settings. All we can do is block by domain
<karolherbst> I'd say we should consider it, because it would also fix other problems
<karolherbst> I'm not an admin and totally not an expert on fighting spam. If there is a chance to get somebody who knows what to do, even better
<bentiss> the discussion is more "as an admin, I'd like to share the burden of detrecting spam with every other maintainer involved in the community"
<karolherbst> yeah.. so we just spread around the initial problem of overworked admins
<karolherbst> doesn't sound like a sustainable solution
<karolherbst> something new will come up and the burden will only increase
<bentiss> agree, and as long as we don't consider that there is a minimum of social invovled to onboard occasional contributors, we can not win that fight IMO
<karolherbst> right
<bentiss> TBH, call me an old fart, but when I started working on opensource, the entry level was way higher: you had to find a way to clone the repo, work on it, then submit a patch by email without mangling it to even get the attention of maintainers. Now gitlab allows to fork and create MR in a few clicks, but sometime we got "drive-by" users who open a MR and never reply to the
<bentiss> maintainer questions
gtristan has quit [Remote host closed the connection]
<karolherbst> well. the way I started was my creating random PRs
<bentiss> so having people complaining that we are making it harder for contributors because they have to ask what they can do is very worrying to me
gtristan has joined #freedesktop
<karolherbst> ohh.. I compare with the baseline: github
<bentiss> github as an army of admins
<karolherbst> well
<karolherbst> but from a contributors pov it's kind of what you'd expect
<karolherbst> of course you can always compare against the one of the worst contenders, but....
<bentiss> when I was young, if you wanted to talk in a forum, you had to open a self presentation topic. This is no more what I'd like to have, just make sure we have a human in front of us
<karolherbst> heh
<karolherbst> never done that
<alatiera> chatgpt, write me an introductory post for for an opensource newcomer
<karolherbst> :3
<karolherbst> yes, chatgpt will rescue us against stuff like that
<karolherbst> chatgpt: talk to fdo maintainers to unluck my account :3
<karolherbst> (one should actually try that for ...)
<alatiera> would make for pubicity
<alatiera> no idea if it will be good or bad
<karolherbst> same
<karolherbst> but yeah.. chatgpt is probably the tool to get around the new restrictions
gtristan has quit [Remote host closed the connection]
gtristan has joined #freedesktop
<bentiss> daniels: -> looks like it accepted my push, so we are good to go? :)
<bentiss> I mean it's already deployed
Haaninjo has joined #freedesktop
<daniels> bentiss: hahaha nice :) sounds great
gtristan has quit [Ping timeout: 480 seconds]
<bentiss> daniels: I have the following regex for new internal users by default: @(||||, in feel free to extend it a bit
<daniels> bentiss: that's awesome, thanks - I don't expect to have time to look at much anything though
<bentiss> daniels: ok, then we'll see how many reports we get from people and adjust as it goes
Haaninjo has quit [Ping timeout: 480 seconds]
<jenatali> bentiss: Would be nice to add to that too :)
<bentiss> jenatali: sure
<bentiss> jenatali: done
<bentiss> FWIW, I also added previously
<jenatali> Thanks!
<bentiss> heh, I just realized what we should tell our users complaining that they can not fork: "just get a email address (it's easy, really), then register a new gitlab account" :) (just jocking)
<bentiss> joking
<bentiss> sorry, can't type today :/
<eric_engestrom> bentiss: too? :)
<bentiss> eric_engestrom: sure, and done :)
<eric_engestrom> thx :P
<robclark> bentiss: and (although I guess a lot of use other email addrs for upstream stuff)
<bentiss> robclark: sure, and done :)
<robclark> thx
<mupuf> bentiss: thanks for starting the regex for internal users!
Leopold_ has joined #freedesktop
<bentiss> mupuf: should I add or you don't expect people from this company to create an account?
<mupuf> I can add it, but I doubt this is gonna be a lot of people :D
<bentiss> heh, OK :)
<mupuf> done
<bentiss> thx
<ishitatsuyuki> I think it's fwiw
<Ford_Prefect> bentiss: sorry if I missed something, but what is this email domain allowlist for?
<bentiss> Ford_Prefect: if you are on tis allowlist, wen you create a new gitlab account on fd.o, you will be marked as internal and will allowed to create forks/projects without having to ask
<bentiss> Ford_Prefect: so no changes in current accounts, just future ones
<Ford_Prefect> bentiss: ah, and too then probably?
<bentiss> Ford_Prefect: sure, and done :)
<Ford_Prefect> thank you!
Haaninjo has joined #freedesktop
genpaku_ has quit [Read error: Connection reset by peer]
genpaku has joined #freedesktop
ximion has joined #freedesktop
jarthur has quit [Ping timeout: 480 seconds]
<Consolatis> I am just some random dude but if would have required any kind of "social" oauth login I would have never signed up in the first place. I still think that you can't combat spam without alienating users. So instead the incentives for spamming should be reduced as much as possible. (no public access to non-whitelisted repos, new issue limit for new users, no ability to post links in issues for new users)
MajorBiscuit has quit [Ping timeout: 480 seconds]
phasta has quit [Remote host closed the connection]
<alanc> is the banner supposed to appear on pushes by existing users to our own repos? I just got it on a push over ssh to
<daniels> alanc: if you dismiss it in the web UI, it should also no longer appear for SSH
<alanc> I had dismissed it in the web ui before that
ybogdano is now known as Guest6101
ybogdano has joined #freedesktop
vkareh has quit [Quit: Leaving]
<kj> Could be added in as well? Just had someone try fork mesa and didn't have permission
<kj> The account in question is JarredHDavies. Could he get internal user permissions? He's trying to create an MR in relation to the powervr driver in mesa
Haaninjo has quit [Quit: Ex-Chat]
<bentiss> kj: I made JarredHDavies internal, he can now fork/create projects
<kj> Thanks. I'll let him know
<bentiss> and added in the allowlist. Future users will be able to fork without asking permission
<kj> would make more sense but all the emails are for some reason. Sorry for bothering you again
<bentiss> well, if the email is without the 'h', then we can keep it that way :)
Leopold___ has joined #freedesktop
Leopold_ has quit [Ping timeout: 480 seconds]
feto_bastardo4 has quit []
ybogdano has quit [Ping timeout: 480 seconds]