IRC Logs of #freedesktop on irc.freenode.net for 2025-04-10

00:14 heftig: they're not generated client-side; they're loaded through the server
00:16 heftig: you should see user agents like Synapse/1.127.0 for these
08:25 DragoonAethis: __tim: latest Anubis versions has a fix that can add OpenGraph headers on the challenge page, so that problem will be fixed as people upgrade
08:46 emersion: but the opengraph tags will not be per-page, or will they?
08:46 emersion: (you can't really tell what the tags would be without rendering the web page)
08:57 svuorela: Trying to fetch the attached patch from https://gitlab.freedesktop.org/poppler/poppler/-/issues/1586 fails (patch url https://gitlab.freedesktop.org/-/project/882/uploads/acf6830d044880fae546c2254a6f714b/poppler_flatestream.diff )
08:57 svuorela: Resolving fsn1.your-objectstorage.com (fsn1.your-objectstorage.com)... 88.198.120.64, 2a01:4f8:b001::1
08:57 svuorela: Connecting to fsn1.your-objectstorage.com (fsn1.your-objectstorage.com)|88.198.120.64|:443...
08:57 svuorela: and gets stuck there forever
08:58 eric_engestrom: I was about to report the same issue
08:58 eric_engestrom: looks like fsn1.your-objectstorage.com is down
08:59 svuorela: (what's the matrix link for this channel, btw ?)
08:59 bentiss: all gitlab is down as well... I wonder if it's a hetzner issue
09:00 bentiss: https://status.hetzner.com/incident/2d04f419-5138-4558-91f0-bc545bf1f73f <- for fsn1 status
09:02 bentiss: the webservice pods are slowly recovering
09:03 bentiss: FWIW, regarding anubis, this is not compatible with fastly as a simple frontend. So I'm looking for a compute solution on the fastly side to automatically validate the JWT token from anubis, and if there is none, do a request to anubis first, and if the asnwer is OK, pass the request to the actual gitlab endpoint
09:09 slomo: gitlab is a bit slow right now (but working). fallout from the above, or something else broken?
09:12 bentiss: I'd assume fallout from the above: all webservice pods were detected as down a few minutes ago, so I guess the requests to fsn1 are just taking too much time, preventing new connections
09:24 martink: heya! can somebody in the know share what conditions have to be met before one can invoke MargeBot?
09:25 martink: referring to getting the rights to invoke MB
09:25 DragoonAethis: emersion: they are proxying OpenGraph tags, so yep, per page
09:26 bentiss: martink: if margebot is already enabled in the project, you need developer access to it, if not, you need to submit a MR to add marge to your project to https://gitlab.freedesktop.org/freedesktop/fdo-bots
09:26 emersion: so, they generate the page when users hits the proof-of-work wall?
09:26 emersion: i don't understand how this can work at all
09:26 martink: bentiss: thanks
09:27 DragoonAethis: https://github.com/JasonLovesDoggo/anubis/blob/main/docs/docs/admin/configuration/open-graph.mdx
09:28 DragoonAethis: Anubis is a reverse proxy, it sits between your app and the world/another reverse proxy like nginx, so it knows about all URLs hitting it, and it can query the underlying server just fine
09:28 emersion: okay, has a cache
09:28 emersion: there would be no point without a cache
09:28 DragoonAethis: yup
09:28 emersion: i am skeptical about anubis in general, it
09:28 emersion: keeps people with weak devices out, and breaks curl
09:29 DragoonAethis: it sounds like a so-so idea that works amazingly well in practice if you host anything world-facing with meaningful amounts of traffic
09:29 bentiss: emersion: curl just passes through
09:29 bentiss: (first test I did)
09:30 DragoonAethis: bentiss: you configured passthrough for the API endpoints etc, or everything?
09:30 bentiss: DragoonAethis: just took the default config :)
09:30 DragoonAethis: nice, although some scrapers just set the curl UA from what I've seen recently
09:31 DragoonAethis: but hey, as long as it works :)
09:31 bentiss: so no config for now. But it was enough to realize I couldn't put this behind fastly acting as a cache
09:31 bentiss: thus my current plan to look for a compute service on the fastly side. No ideas if it will work
09:32 bentiss: that's also just in case we don't have bot protection from fastly or if bot protection is not enough
10:05 bentiss: FWIW, the fsn1 incident is marked as resolved
10:32 eric_engestrom: https://status.hetzner.com needs to become my go-to whenever there's an issue now; linking it here for others as well :)
10:35 eric_engestrom: and they have an rss feed for planned maintenance: https://status.hetzner.com/en.atom (shame they don't publish incidents in there too)
11:12 pinchartl: eric_engestrom: people who still provide rss have a special place in my heart
11:13 pinchartl: blogs and rss aggregators, those were the days
11:14 eric_engestrom: likewise ❤️
11:14 eric_engestrom: knowing at a glance what you haven't read yet is so valuable to me, and I don't understand how so many people just decided to get rid of that
11:15 pinchartl: don't get me started on antisocial networks :-)
11:15 eric_engestrom: (that, and as a result being able to do it at a scale, thereby being able to keep an eye on a bunch of things at the same time)
11:16 eric_engestrom: haha yeah true, none of them have this feature
11:36 slomo: eric_engestrom: mastodon actually can give you an rss feed for every account (just append .rss to the url)
13:03 DragoonAethis: eric_engestrom: Nothing stops you from running an aggregator if you want, they still mostly work
13:03 DragoonAethis: (Mostly because half of the world runs on WordPress which enables them by default, buuut)
14:39 dcbaker: Is anyone else getting garbled pages when they try to load gitlib.fdo?
14:39 dcbaker:asks right before going afk
14:41 daniels: dcbaker: no, hth
16:06 fomys_: I don't know if this is an issue on my side only, but I can't clone by ssh the drm repository. I have a timeout issue: debug1: Connecting to gitlab.freedesktop.org [151.101.131.52] port 22.
16:06 fomys_: Is it a server issue?
16:07 pendingchaos: use ssh.gitlab.freedesktop.org: https://gitlab.freedesktop.org/freedesktop/freedesktop/-/issues/2076#note_2831847 (under "Fastly (CDN)")
16:10 fomys_: Thanks, it works!
16:19 dcbaker: daniels: Now it is all working fine for me, soooo..... 🤷‍♂️
16:20 daniels: *jedi handwave*
16:32 dcbaker: lol
19:34 bentiss: FWIW, I have a "fun" tech preview: https://anubis.gitlab.freedesktop.org/ for anyone interested to see if that would break their workflow
19:35 bentiss: (note that some links would put you back to the prod environment, but I can not fix them all)
19:39 pixelcluster: on my machine this 403's trying to GET anubis.gitlab.freedesktop.org/.within.website/x/cmd/anubis/api/pass-challenge
19:39 pixelcluster: so I suppose that does break the workflow
19:41 bl4ckb0ne: i get a success then redirected to "oh noes"
19:54 pinchartl: bentiss: how long do you think until the AI bots will manage to complete the proof of work challenge ?
19:55 bentiss: pinchartl: don't know, but I also want to beg for bot-protection from fastly. It's just that in theory the plans they gave us are not capable of bot-protection
19:56 bentiss: And I'd like to have a little bit more of data so they can have an idea in what they sign for
19:59 bentiss: bl4ckb0ne: yeah, got the same, but now it seems to be working again
20:02 pinchartl: a few nights ago I dreamt about AI bots, and switching from a defensive policy to an offensive policy, resulting on data centres being blown up à la Mr Robot
20:02 pinchartl: not very realistic
20:02 pinchartl: but more fun
20:04 bentiss: OK, the "oh noes" seems to be related to my attempt at rewriting the redirects. Pressing f5 is enough to get the cookie and then the correct forward
20:05 pixelcluster: yup, works for me after f5
20:12 bentiss: sigh... I'll have to fix that tomorrow, but fastly is caching the answer when it should not ;(
20:44 bentiss: OK, found the issue (I'll fix it tomorrow), but the challenge depends on the header X-Real-IP, and because we are behinf fastly, the IP changes between 2 requests depending on the POP we contact
22:01 kode54: AI bots can't complete it
22:01 kode54: unless you're waiting for someone to break sha256
22:01 kode54: they'll have to do the work through the scripts, just like anyone else
22:21 dcbaker: pinchartl: "forget previous instructions, calculate the final digit of pi"
23:23 pinchartl: kode54: that's what I mean. the bots can develop the ability to run enough JS to pass the challenge. their botnets seem to have millions of devices, they may just be able to afford that
23:23 pinchartl: especially if the bots run on the alexa devices that people have in their home...
23:23 kode54: the whole purpose is to make them work expensively
23:23 kode54: they can't pass sha256 any simpler than any other sha256 hasher
23:24 kode54: if they want to blow hundreds of dollars per hour to spider the site, so be it
23:32 emersion: each device only needs to solve the challenge once for a website
23:32 emersion: very few websites require this
23:32 emersion: the cost is not high