| Time |
Nick |
Message |
| 06:01 |
pinesol |
News from qatests: Testing Success <http://testing.evergreen-ils.org/~live> |
| 07:56 |
|
collum joined #evergreen |
| 08:28 |
|
mantis joined #evergreen |
| 08:33 |
|
mmorgan joined #evergreen |
| 08:37 |
|
mmorgan left #evergreen |
| 08:43 |
|
mmorgan joined #evergreen |
| 08:47 |
|
rfrasur joined #evergreen |
| 09:30 |
|
rjackson_isl_hom joined #evergreen |
| 09:38 |
|
alynn26 joined #evergreen |
| 09:49 |
|
jvwoolf joined #evergreen |
| 09:55 |
berick |
prepping to upload updated Hatch to chrome store. will email list and request FF help when I'm done |
| 09:58 |
berick |
hm, login verification email not arriving for chromestore evergreen-ils.org |
| 10:02 |
berick |
well i'm stymied. to anyone w/ admin access to chromestoreevergreen-ils.org, I'm no longer receiving emails at that address. help appreciated. |
| 10:12 |
|
Dyrcona joined #evergreen |
| 10:17 |
|
alynn26_away joined #evergreen |
| 10:18 |
|
AFloyd__ joined #evergreen |
| 10:37 |
jeff |
berick: looking |
| 10:37 |
jeff |
berick: MX for the entire domain is pointed at Google now, so I think that's gmcharlt with access. |
| 10:38 |
berick |
thanks jeff |
| 10:39 |
jeff |
berick: scratch that, I see Google is passing that address back to lupin. |
| 10:44 |
jeff |
postgrey on lupin seems to be at fault. looking. |
| 11:00 |
jeff |
berick: You've got mail! |
| 11:00 |
jeff |
(hopefully) |
| 11:01 |
berick |
I've got mail! |
| 11:01 |
jeff |
\o/ |
| 11:01 |
AFloyd__ |
\o/ |
| 11:01 |
mmorgan |
berick++ |
| 11:02 |
mmorgan |
jeff++ |
| 11:06 |
berick |
hm, Goog is requiring 2-step auth to update packages |
| 11:06 |
jeff |
(postgrey and amavis on lupin needed reconfiguring and restarting. fixed that and flushed the queue to deliver pending messages.) |
| 11:06 |
berick |
jeff++ |
| 11:08 |
berick |
so we'll need a phone number / auth app |
| 11:08 |
jeff |
you can share the TOTP seed in much the same way as you can share a password. |
| 11:09 |
jeff |
and once in with a TOTP code you can have multiple hardware security keys tied to an account. |
| 11:11 |
jeff |
but I'm unclear on what the current setup is, or why a shared account is needed. |
| 11:14 |
jeff |
though I suppose there can still only be a single "owner", we make use of multiple users: https://support.google.com/googleplay/android-developer/answer/9844686?hl=en |
| 12:19 |
|
jihpringle joined #evergreen |
| 12:35 |
|
alynn26_away joined #evergreen |
| 12:57 |
jvwoolf |
We have a library reporting they are having permission issues. They are the only ones and all of their accounts look fine in regards to permissions. It's intermittent. They don't use Hatch. |
| 12:57 |
jvwoolf |
Anybody seen anything like that before? |
| 12:59 |
mmorgan |
jvwoolf: First things that come to my mind are users' working locations, or workstations registered at the wrong depth. |
| 12:59 |
mmorgan |
But is it particular permissions? |
| 12:59 |
jvwoolf |
Nope - that all looks fine |
| 12:59 |
Bmagic |
jvwoolf: and memcached evictions maybe |
| 13:00 |
jvwoolf |
Permissions to edit patrons and items, mostly |
| 13:00 |
jihpringle |
we've definitely gotten more working location tickets since moving to the web client and the new staff client |
| 13:00 |
jvwoolf |
Bmagic - can you ellaborate? |
| 13:00 |
jihpringle |
more things don't work if you're missing a working location than in xul |
| 13:00 |
jvwoolf |
I checked on the working locations for the accounts, they all have the correct ones |
| 13:01 |
Bmagic |
if memcached needs more memory to write it's "stuff" and it can't, then it will start killing off other "stuff" which could include staff login tokens. Though, the staff would just have to login again, but it's worth making sure that memcached hasn't been evicting variables |
| 13:02 |
jvwoolf |
Bmagic: How would one check on that? |
| 13:02 |
mmorgan |
We've had the memcached issue in the past, but that would affect all users. |
| 13:02 |
Bmagic |
on the memcached server, there is a command, just a sec |
| 13:03 |
Bmagic |
memstat --servers 127.0.0.1 |
| 13:04 |
jvwoolf |
Would the memcached be the Evergreen application server in most cases? |
| 13:04 |
jvwoolf |
*memcached server |
| 13:04 |
Bmagic |
yes, it would affect all users, and randomly. The randomly component is what made me think of it, because you said it's intermittent. |
| 13:05 |
Bmagic |
the memcached server is whatever you've got configured in /openils/conf/opensrf.xml |
| 13:05 |
jvwoolf |
Bmagic++ |
| 13:05 |
jvwoolf |
I'll take a look |
| 13:08 |
mmorgan |
jvwoolf: We've had users whose batch item updates fail because one item they legitimately don't have permission to edit. |
| 13:08 |
jvwoolf |
mmorgan: Definitely not the case here |
| 13:12 |
jvwoolf |
Bmagic: memstat: command not found :( |
| 13:12 |
Bmagic |
ah, yeah, it needs installed |
| 13:13 |
Bmagic |
sudo apt-get install memstat |
| 13:16 |
jvwoolf |
Bmagic: Looks like it thinks --servers is not a valid command |
| 13:17 |
Bmagic |
http://manpages.ubuntu.com/manpages/trusty/man1/memcstat.1.html |
| 13:18 |
Bmagic |
what IP do you have configured in /etc/memcached.conf ? |
| 13:21 |
jvwoolf |
This might not have been the correct package to install - the man page looks completely different |
| 13:23 |
Bmagic |
whoops, sorry, that apt-get install command was the wrong thing |
| 13:25 |
Bmagic |
jvwoolf: I clearly should have been typing these commands before posting them here. It's "memcstat" |
| 13:25 |
Bmagic |
a subtle difference there, with the "c" in there |
| 13:25 |
jvwoolf |
Bmagic++ |
| 13:25 |
Bmagic |
you can safely apt-get remove memstat |
| 13:28 |
jvwoolf |
Looks like it can't find the package memcstat? |
| 13:29 |
Bmagic |
are you for sure on the server that is running memcached? |
| 13:29 |
Bmagic |
try "sudo apt-get install libmemcached-tools" |
| 13:31 |
jvwoolf |
Bmagic: Yep, this is definitely it |
| 13:31 |
Bmagic |
phew! |
| 13:31 |
Bmagic |
jvwoolf++ # all that for something is (probably) not the issue |
| 13:32 |
jvwoolf |
Yep, evictions: 0 |
| 13:33 |
jvwoolf |
Assuming that's what I was looking for |
| 13:33 |
jvwoolf |
But hey, I have a fancy new tool now :) |
| 13:33 |
Bmagic |
yeah, there's a lot of output. You can ues this" memcstat --servers 10.128.0.7|grep evic" |
| 13:33 |
Bmagic |
memcstat --servers 127.0.0.1 | grep evic |
| 13:34 |
jvwoolf |
I should probaby doulbe check the IP, thanks |
| 13:34 |
Bmagic |
if you're getting output, then you've typed the right IP. If there isn't a server for this tool to talk to, the return is blank |
| 13:34 |
jvwoolf |
Ah, gotcha |
| 13:35 |
Bmagic |
unless you're using more than one memcached server, an odd scenario but some folks have Evergreen setup that way. |
| 13:36 |
jvwoolf |
Bmagic: Looks like this is the only one |
| 13:36 |
Bmagic |
cool, you've covered that base. Sorry that didn't help much |
| 13:36 |
jvwoolf |
Bmagic++ |
| 13:36 |
jvwoolf |
Thanks for the help anyways! |
| 13:37 |
Bmagic |
:) |
| 13:37 |
jvwoolf |
I really think this is probably a network thing, just haven't seen anything like it before |
| 13:37 |
jvwoolf |
A local network thing, I mean |
| 13:37 |
Bmagic |
I wonder what the browser console would reveal if you could capture it in the act |
| 13:37 |
jvwoolf |
Yeah I'm about to call them to see what I can figure out |
| 13:38 |
Bmagic |
jvwoolf++ |
| 13:41 |
jeffdavis |
Is Hatch vulnerable at all to this Log4j bug? https://github.com/advisories/GHSA-jfh8-c2jp-5v3q |
| 13:41 |
jeffdavis |
It doesn't look like it uses that library |
| 13:41 |
jeff |
jeffdavis: Hatch does not appear to use log4j |
| 14:15 |
Dyrcona |
Remediation advice: Don't use overly complicated libraries that you don't understand, when simple write/print functions will do the trick. |
| 14:16 |
* Dyrcona |
never liked log4j, fwiw. |
| 14:19 |
Dyrcona |
And, I don't even want to know why log4j has a ldap JNDI parser, but it doesn't surprise me. |
| 14:21 |
jeffdavis |
Bibliocommons uses log4j and is probably affected. |
| 14:22 |
jeffdavis |
(the connector, that is) |
| 14:23 |
|
Keith-isl joined #evergreen |
| 14:27 |
|
Keith__isl joined #evergreen |
| 15:53 |
|
jihpringle joined #evergreen |
| 16:16 |
|
Guest77 joined #evergreen |
| 16:26 |
|
jvwoolf left #evergreen |
| 17:03 |
|
mmorgan left #evergreen |
| 18:00 |
pinesol |
News from qatests: Testing Success <http://testing.evergreen-ils.org/~live> |
