IRC Logs of #freedesktop on irc.freenode.net for 2025-03-02

00:06 pinchartl: Consolatis: I find it hard to disagree
00:06 pinchartl: would it be worth warning people, when they register an account, to not reuse an existing password ?
00:08 pinchartl: even then, does this mean that in theory fastly could impersonate any user ?
00:26 psykose: reminds me of the funny 'tls added and removed here :-)' graphic
00:42 pinchartl: psykose: this one https://www.netresec.com/?page=Blog&month=2020-12&post=Capturing-Decrypted-TLS-Traffic-with-Arkime ?
00:42 psykose: the first image on https://blog.encrypt.me/2013/11/05/ssl-added-and-removed-here-nsa-smiley/
00:53 Consolatis: > even then, does this mean that in theory fastly could impersonate any user ?
00:53 Consolatis: i don't see why it shouldn't be able to
00:54 Consolatis: session cookie is available + fdo trusts the stated remote ip header of fastly
00:54 Consolatis: so it wouldn't even leave a login log entry anywhere
00:57 pinchartl: git should give us some protection against some malicious actions, but other features offered by gitlab can be more problematic
00:58 Consolatis: in my opinion, use of CDNs to speed up dynamic pages can mostly be better implemented with own caches in front, close to the actual target app server. the question also is if it *actually* speeds up dynamic pages, from memory most of the gitlab pages do a dozen of XHR requests anyway for everything "dynamic"
01:01 pinchartl: one of the reasons for using fastly is protection against AI bots
01:02 pinchartl: it's not just speeding up delivery of content
09:13 colinmarc: honestly, that's like saying "we shouldn't user hetzner because they will have root access to our servers". that logic could also be used to rule out hosted databases, managed certs (letsencrypt), and a host of other technologies that make it possible to run a website and also get some sleep sometimes. I'm a big fan of running owned hardware, but it's not practical for everyone
09:14 colinmarc: I don't know gitlab's query/web patterns, but rails/activerecord are extremely slow and usually expect you to do caching on top
09:19 dwfreed: every non-trivial webapp is slow as balls and needs a caching layer over it
09:19 dwfreed: "every" may be a little harsh, "most" might be better
09:20 colinmarc: every ruby on rails webapp is slow as balls :)
09:20 dwfreed: you're not wrong
09:21 colinmarc: lack of any real concurrency strategy outside "run a bunch of processes" is the real killer (my information might be out of date - I worked on a huge ruby deployment ten years ago)
09:22 dwfreed: what keeps fastly from stealing your login information: they'd like to continue to make money for shareholders
09:22 dwfreed: if anybody had any serious inkling that fastly was abusing their CDN to steal login information, fastly would be bankrupt by the end of the month
09:44 emersion: btw, we have a legal contract with fastly, it's not just yolo
09:45 emersion: stealing info would be a breach of contract
09:45 emersion: also pretty much all websites use fastly or similar
09:45 emersion: (not that I like this)
09:49 dwfreed: "sued into the ground" is not a state any public company wants to be in
14:26 pinchartl: another question on the same topic: does "handle TLS termination" mean traffic will be unencrypted between fastly and hetzner ?
15:13 Consolatis: based on !2076 its client->TLS->fastly->TLS->hetzner
15:13 Consolatis: > each of those services needs to have a let's encrypt certificate so we can have TLS between fastly and the service
18:52 daniels: yeah
18:53 daniels: the contract + reputation is why I’m personally very relaxed about fastly - as well as one of our long-term admins having previously worked there for years and having good things to say for it - even if you don’t trust their motives, pragmatically, spying on fd.o would be an utterly idiotic move in terms of risk:reward
19:25 mupuf: daniels, bentiss: How about: Gitlab.freedesktop.org will be unavailable for up to a week starting March 16th, due to our ongoing infrastructure move. You can follow our planning tracker at https://gitlab.freedesktop.org/freedesktop/freedesktop/-/issues/2076#prepare-the-connection-from-faslty-cdn
19:34 pinchartl: do you plan to report on the status of the migration somewhere ? I'm sure lots of people will be curious
19:46 mupuf: irc, mastodon
20:20 bentiss: pinchartl: I'll also try to set up a static HTML page with the status
20:20 bentiss: I did that in the last migration and it seemed appreciated
20:22 pinchartl: yes, kudos for that
20:22 pinchartl: it looked nice too :-)
21:22 sergi: Hi Mesa developers,
21:22 sergi: I forgot to mention by the end the week (the working days I mean). Tomorrow Monday, we have scheduled a Collabora farm maintenance. See https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/33595