| Time |
Nick |
Message |
| 08:47 |
|
Dyrcona joined #evergreen |
| 09:40 |
Dyrcona |
Trying to proxy the openapi_server through Apach without nginx isn't working so far. I'm getting a 404 on the /openapi/v0 location. |
| 09:42 |
Dyrcona |
I think the 404 is coming from Mojolicious, though. It doesn't look like the Apache 404 page. |
| 09:46 |
|
Rogan joined #evergreen |
| 10:11 |
csharp_ |
after going around in circles yesterday re: DB install I think the most sane approach is to run eg_db_config as postgres |
| 10:11 |
csharp_ |
now thinking out what needs to change for that to work |
| 10:15 |
Dyrcona |
sudo -D ./ -E -u postgres .... |
| 10:16 |
Dyrcona |
Of course -E doesn't always work depending on security policy. |
| 10:17 |
Dyrcona |
csharp_: There's a bug about eg_db_config needing to be run from the Evergreen source directory, so it should probably not get installed, and it does get installed to /openils/bin/ |
| 10:17 |
csharp_ |
also the script itself assumes it's running with the superuser evergreen |
| 10:18 |
csharp_ |
yeah - noticing several aspects of eg_db_config that we might want to change - hard to keep this in my original scope |
| 10:19 |
Dyrcona |
csharp_: it might be easier to start over with something intended to run as the postgres user rather than try to fix eg_db_config. |
| 10:20 |
csharp_ |
also thinking about that approach |
| 10:21 |
Dyrcona |
I'd start by trying a SQL-only approach. |
| 10:21 |
csharp_ |
researching other projects' ways of doing this too |
| 10:21 |
csharp_ |
SQL-only sounds good |
| 10:22 |
Dyrcona |
I still can't get the openapi proxy to work with Apache. I get getting a 404 from mojolicious. |
| 10:22 |
csharp_ |
that way we don't have to manually su - postgres and createuser |
| 10:23 |
Dyrcona |
I prefer sudo, see my previous comment... :) |
| 10:24 |
Dyrcona |
Also |
| 10:25 |
Dyrcona |
`su - postgres` is likely to break things like access to the SQL scripts. You need to preserve some of the environment and CWD with eg_db_config. If postgres doesn't have permission to read ~opensrf, you might be in trouble either way. |
| 10:26 |
Dyrcona |
Ideally, postgres user should create the user and the database, then let the evergreen user create the database. |
| 10:27 |
Dyrcona |
Well, maybe that isn't ideal, but I think it would work. |
| 10:31 |
Dyrcona |
Alright, I use curl to hit the openapi server url on the machine itself, I get the expected result, so my issue is something that Apache does. |
| 10:33 |
Dyrcona |
Hrm. Maybe doing it though a Location is the wrong approach. |
| 10:35 |
Bmagic |
we dumped Lastpass after their second successive hack exfiltration success back in 2022. Public reporting on the matter revealed that they weren't using even minimum standard security practices. So yeah... time to leave. |
| 10:39 |
Bmagic |
From what I read, only the password field was encrypted. The rest of the password entries were stored in clear text. Usernames, emails, anything in the notes, etc. were exposed. And the passwords, once exfiltrated, could be brute forced without much trouble. |
| 10:39 |
Dyrcona |
Well, this doesn't work either, and I don't want to resort to hypnotoad, but looks like I might. |
| 10:40 |
Dyrcona |
Bmagic: Yes, and they claim to have made improvements since then, but who knows.... |
| 10:40 |
* Dyrcona |
makes hand wavy gestures. |
| 10:42 |
Bmagic |
"we're better now". It's a thin claim considering what happened. |
| 10:51 |
csharp_ |
been using bitwarden for a couple of years now |
| 10:52 |
csharp_ |
before that I used a combination of KeePass* and a NextCloud instance I had running on AWS |
| 11:10 |
Dyrcona |
voodoo-- |
| 11:20 |
Dyrcona |
Well, that's different. Try http2 with the proxy and get service unavailable in Apache. Bet it's a certificate thing. |
| 11:40 |
Dyrcona |
OK. I got it working. I'll add something to documentation somewhere when I remember/get a chance. |
| 11:43 |
Dyrcona |
Also, I swear I tried this exact configuration 20 minutes ago and it didn't work. |
| 11:56 |
|
Christineb joined #evergreen |
| 12:00 |
|
jihpringle joined #evergreen |
| 12:07 |
Dyrcona |
Think I'll throw this in a gist for now. |
| 12:12 |
Dyrcona |
For the logs: https://gist.github.com/Dyrcona/d9a54e992f864606657ad469181235dc |
| 12:13 |
Dyrcona |
For my next trick, I'll attempt the same for websockets. |
| 12:13 |
Dyrcona |
But not today. |
| 13:20 |
jeff |
Dyrcona: why the aversion to using hypnotoad? |
| 13:20 |
jeff |
(with nginx/apache in front) |
| 13:23 |
csharp_ |
ALL GLORY TO THE HYPNOTOAD |
| 13:49 |
JBoyer |
Re: password managers, I'm currently a 1Password fan but may be considering ProtonPass in the near-ish future. |
| 13:50 |
JBoyer |
I like their "everything is encrypted and we don't sell ads, so we don't want to see your stuff" stance. |
| 14:21 |
|
jihpringle joined #evergreen |
| 14:39 |
Dyrcona |
jeff: I don't want to change the set up too much. I'm not really averse to hypnotoad. It would also be something new to learn, which is good and bad. :) |
| 14:43 |
* Dyrcona |
has a lot going on right now so the less new things, the better. |
| 14:54 |
csharp_ |
JBoyer: been looking at Proton stuff too - using Proton mail atm and pondering it replacing much of what I use Google for |
| 14:55 |
csharp_ |
stupid corporations and their stupid face |
| 14:55 |
Dyrcona |
Proton is a corporation, too. Headquartered in Switzerland, IIRC. |
| 14:55 |
csharp_ |
true |
| 14:55 |
csharp_ |
yeah, I'm about to embark on a project to divorce myself from as much corporate tech as possible |
| 14:56 |
csharp_ |
run my own email, media server, etc. |
| 14:56 |
csharp_ |
the hardest service to replace for me will be YouTube - I'm a voracious consumer of content on there |
| 14:56 |
Dyrcona |
I used to host my own email and website. Did so for nearly 30 years. |
| 14:57 |
Dyrcona |
Last year, I moved my email to my DNS provider, EasyDNS/EasyMail. Shut my web server down. |
| 14:57 |
Dyrcona |
Might have them host my website if I ever decide to have one again. |
| 14:58 |
Dyrcona |
They're in Ectobicoke, ON, CA. Think I spelled that correctly. |
| 14:59 |
csharp_ |
Canada++ |
| 15:02 |
Dyrcona |
Well, it's more complicated than "they're in Canada." I've been doing business with them for 25 years or more, and I like their principles, at least while the founder and current CEO run it. |
| 15:03 |
Dyrcona |
I just got tired of running the servers and figured I could save money by dropping the business Internet at home. |
| 15:04 |
Dyrcona |
Turns out that I also paid for 5 email addresses hosted by them per domain, so I decided to finally use that. |
| 15:05 |
JBoyer |
csharp_, high-five, that's why I'm looking at it too. |
| 15:06 |
Dyrcona |
I'm less in the free software bandwagon than I used to be. |
| 15:06 |
csharp_ |
Dyrcona: I wanna go back to it |
| 15:06 |
* csharp_ |
sobs loudly |
| 15:06 |
Dyrcona |
I mean if you really want to go all in while hosting your own email, you can set up OwnCloud and totally lose Google docs, etc. |
| 15:07 |
csharp_ |
yeah, used NextCloud for a while (which I believe is a rebranding or fork of OwnCloud) |
| 15:08 |
Dyrcona |
Oh, I have my days where I want to ditch anything that isn't F/OSS, and then there are days that I think raising goats with no electricity would suit me just fine. (I spent a couple years of my childhood on a farm with no electricity or indoor plumbing, except for a pump on the kitchen sink.) |
| 15:08 |
csharp_ |
wow |
| 15:08 |
csharp_ |
skillz |
| 15:09 |
Dyrcona |
Not sure that I really want to go back now at my age, though. I'm trying to simplify my life and in many ways that would be more complicated. |
| 15:10 |
csharp_ |
JBoyer: 🤜🤛 |
| 15:10 |
|
eglogbot_dev joined #evergreen |
| 15:12 |
Dyrcona |
I've considered Proton mail. Do you like it? |
| 15:15 |
csharp_ |
functionally very similar to Gmail |
| 15:16 |
csharp_ |
I'm still on the free version, which gives you maybe 1.5GB of storage? |
| 15:17 |
csharp_ |
mainly receiving mail forwarded from Gmail, which has really made me see how much email I've subscribed to without thinking over the years |
| 15:17 |
csharp_ |
it blocks all trackers, etc. |
| 15:18 |
Dyrcona |
I was thinking of maybe using it as a backup email account. |
| 15:18 |
csharp_ |
yeah, that's kind of what I'm doing at the moment |
| 15:19 |
csharp_ |
all my work tech is GSuite, so no real escaping that |
| 15:19 |
csharp_ |
and our parent agency is on MS stuff |
| 16:02 |
csharp_ |
this non-superuser DB user project is quickly getting messy - I might need to walk away from it and come back |
| 16:13 |
jeff |
checkpoint if you do, you and/or others will appreciate it later. :-) |
| 16:13 |
csharp_ |
yes, I will |
| 16:13 |
jeff |
csharp_++ |
| 16:13 |
jeff |
sorry if I'm stating the obvious. |
| 16:13 |
csharp_ |
it's a good reminder |
| 16:14 |
csharp_ |
jeff++ |
| 16:31 |
jeffdavis |
I can endorse EasyDNS/EasyMail too - been using them for email for years, no issues |
| 16:31 |
csharp_ |
jeffdavis++ |
| 16:35 |
Dyrcona |
csharp_ jeff: Maybe we should take a hard look at how we do installation things. Bmagic pointed me at bug 2086803. |
| 16:35 |
pinesol |
Launchpad bug 2086803 in Evergreen "Evergreen should be eaiser to install from scratch" [Undecided,Confirmed] https://launchpad.net/bugs/2086803 |
| 16:36 |
Dyrcona |
I've also filed bugs about fixing our autotools use and I think merging OpenSRF with Evergreen. At this point, I'd settle for it being added as a git submodule. |
| 16:37 |
Dyrcona |
While I don't think we could fix it all in one day, we could probably get started at the hackfest. It might make a good hack-away project for a couple of people to work on. |
| 16:37 |
Dyrcona |
Also, jeffdavis++ for the EasyDNS plug. :) |
| 16:38 |
Dyrcona |
Anyway, I'm signing out. Time to head home. I'll be back tomorrow. |
| 18:05 |
|
jihpringle joined #evergreen |
| 18:41 |
|
jihpringle joined #evergreen |
