Page MenuHomePhorge
Feed Advanced Search

Jun 25 2023

golyalpha added a comment to T15486: Do not expose "Contact Numbers" in user settings when no SMS support is set up in Phorge.

I'd expect that a user's contact numbers might show up on their profile to other registered users. I suspect this might be something that upstream considered implementing at some point but never did for some reason...

Jun 25 2023, 09:39 · Policy

Mar 13 2023

golyalpha added a comment to T15080: Intermittent DNS issues when attempting to visit we.phorge.it.

Seems to be gone for now, the only time I get increased lookup times or complete fails is when there's high internet traffic on my own network. Might've just been some of us got unlucky.

Mar 13 2023, 19:01 · phorge.it install (DEPRECATED)

Feb 3 2023

avivey awarded T15086: Support Inbound Mail over IMAP a Yellow Medal token.
Feb 3 2023, 07:44 · Mail

Dec 17 2022

golyalpha added a comment to T15060: Better Pirate English.

When I said inconsistencies, I was talking specifically issues where certain UI elements have the original English version of the text, while others have the "translated" Pirate English version of the text.

Dec 17 2022, 14:30 · Localization

Oct 28 2022

kwisatz awarded T15078: Support for hardware keys as second factor a Like token.
Oct 28 2022, 10:21 · Auth

Oct 12 2022

golyalpha added a comment to T15086: Support Inbound Mail over IMAP.

Working around this right now by setting up a Relayed Domain on my mail server and pointing it to the server that my Phorge instance is running on. Obviously only an option if you are running your mailserver, and your configuration isn't too complex to support it.

Oct 12 2022, 05:58 · Mail

Oct 11 2022

golyalpha added a comment to T15056: Improve Dark Mode.

Another example of broken dark theme

Oct 11 2022, 17:51 · User-Cigaryno, User-valerio.bozzolan, Accessibility, User-Bukkit
golyalpha updated the answer details for Q18: Lowest and Highest supported PHP (Answer 13).
Oct 11 2022, 17:49
golyalpha added Q18: Lowest and Highest supported PHP (Answer 13).
Oct 11 2022, 17:49
golyalpha added a comment to T15126: Remove Chatlog.

There's a difference between deleting data as a Phab/Phorge admin (which is done via the bin/delete script, and prints out a massive warning about it potentially breaking stuff and generally being a bad idea), and schema migrations done as part of an upgrade, which would happily delete data without a second thought.

Oct 11 2022, 12:08 · Conpherence, User-Cigaryno, Chatlog

Oct 9 2022

golyalpha added a comment to T15127: Allow for reordering of milestones.

Also, this is fairly similar to T15082. Having Epics would probably also resolve that.

Oct 9 2022, 10:31 · Workboard
golyalpha added a comment to T15127: Allow for reordering of milestones.

I feel like the idea behind milestones being strictly ordered is from the viewpoint that milestones are sequential "events" that happen in development one after another in a given order.

Oct 9 2022, 10:18 · Workboard

Oct 6 2022

golyalpha added a comment to T15080: Intermittent DNS issues when attempting to visit we.phorge.it.

I setup a cron that makes a bunch of DNS queries for different records within the phorge.it zone from all the authoritative nameservers for the zone (see T15080#1985).

Oct 6 2022, 09:22 · phorge.it install (DEPRECATED)

Oct 4 2022

golyalpha reopened T15080: Intermittent DNS issues when attempting to visit we.phorge.it as "Open".

Just resurfaced today (now).

Oct 4 2022, 19:20 · phorge.it install (DEPRECATED)

Sep 21 2022

golyalpha closed T15080: Intermittent DNS issues when attempting to visit we.phorge.it as Resolved.

I'm actually gonna close this as Resolved - we can always reopen, or refer back to this, if the issue resurfaces.

Sep 21 2022, 06:50 · phorge.it install (DEPRECATED)
golyalpha added a comment to T15080: Intermittent DNS issues when attempting to visit we.phorge.it.

Nothing new since last time I commented here.

Sep 21 2022, 06:39 · phorge.it install (DEPRECATED)

Sep 1 2022

golyalpha added a comment to T15080: Intermittent DNS issues when attempting to visit we.phorge.it.

I mean, that's not a particularly good solution to the problem. It just makes the time for which it appears to be fixed longer (even though nothing has changed)

Sep 1 2022, 20:27 · phorge.it install (DEPRECATED)

May 28 2022

golyalpha added a comment to T15094: Catch up the master branch to upstream.

To be fair, I wouldn't discount already needing access as a viable attack vector, even on private installations.

May 28 2022, 06:38 · Trusted Contributors, Phorge
golyalpha added a comment to T15094: Catch up the master branch to upstream.

The disclosed issue is that someone can gain access to Files objects they don't have access to by, for example, getting someone with permissions to edit a task they wrote (by including a reference to that file which gets "activated" when the person with permissions to view it saves the edit), which makes the file accessible via the task description.

May 28 2022, 06:19 · Trusted Contributors, Phorge
golyalpha added a comment to T15094: Catch up the master branch to upstream.

Upstream-T13683

IMPORTANT: This release mitigates a severe security issue which allows attackers with few permission to gain access to files they can not otherwise see. All installs are strongly advised to upgrade.
May 28 2022, 05:10 · Trusted Contributors, Phorge

May 21 2022

golyalpha added a comment to T15094: Catch up the master branch to upstream.
In T15094#2292, @speck wrote:

I did not think we had Harbormaster set up to run unit tests - I think that involves configuring both Harbormaster and Drydock, and possibly Almanac which I don't think anyone has done.

I'll go back and review those Harbormaster file changes. Thanks for pointing that out!

May 21 2022, 16:40 · Trusted Contributors, Phorge
golyalpha added a comment to T15094: Catch up the master branch to upstream.
In T15094#2281, @dcog wrote:

This would be a legitimately good exercise to try and do "properly"... although, the thought of not doing it optimally can be a bit of a barrier to starting..

Given the edge cases outlined in T15094#2279, would there be cases in step 2 (or 1?) from T15094#2259 that might benefit from Git cherry-picking? @golyalpha, any thoughts on that? I nearly never have to use cherry-picking, or maybe I should, but either way I'm not very familiar with it other than I'm wondering if it may be relevant

After some reading I'm finding that, as far as I can tell, it's not designed to pick/integrate *specific lines* from a diff, but rather a specific whole commit (from any local or remote branch most likely).. if I'm understanding it correctly

But, perhaps, it could still have the same effect as removing lines from one, and keeping lines from the other when grabbing specific whole commits

The more I think about this the more I'm confusing myself, but hopefully some fraction of this makes sense

May 21 2022, 16:37 · Trusted Contributors, Phorge

May 12 2022

golyalpha added a comment to T15094: Catch up the master branch to upstream.

If we merge, a force-push should not be required - unless you mean something other than standard git merge here. (Force-push is required when rewriting already pushed history - git merge simply adds a new commit that applies the changes on top of the branch)

May 12 2022, 06:19 · Trusted Contributors, Phorge

Apr 16 2022

golyalpha added a comment to T15090: CVE-2022-24765 - Multi-user Git Privilege Escalation.

apparently, Ubuntu maintainers have backported a patch for the older version of git in 20.04 LTS, downgrading to version 1:2.25.1-1ubuntu3 seems to be a temporary workaround, losing the following patches:

I don't think having people downgrade is a good idea. I think we should probably cherry-pick Evan's fix from upstream into the phorge codebase.

Apr 16 2022, 04:58 · Security

Apr 15 2022

golyalpha added a comment to T15090: CVE-2022-24765 - Multi-user Git Privilege Escalation.

ahh, I was wondering why my Phorge install suddenly broke - seems to be the case here too

Apr 15 2022, 19:38 · Security

Apr 4 2022

golyalpha added a comment to T15059: Phabricator doesn't email @outlook.com addresses.

Alright, I've just went through a similar process - they apparently have changed their process a little but there still is a form to fill out: https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3 (you need a Microsoft Account to fill it out, but they'll contact you on the contact email you give in the form)

Apr 4 2022, 10:06 · phorge.it install
golyalpha closed T15087: [removed] as Invalid.

Obviously spam.

Apr 4 2022, 09:58

Apr 3 2022

golyalpha created T15086: Support Inbound Mail over IMAP.
Apr 3 2022, 18:17 · Mail

Apr 1 2022

golyalpha added a comment to T15082: Consider allowing milestone columns to be ordered arbitrarily on workboards.

Reordering milestones is convenient when you want to treat milestones as workflow steps rather than sequential numerical versions.

Apr 1 2022, 05:40 · Discussion Needed, Affects-Wikimedia, Workboard

Mar 29 2022

golyalpha added a comment to T15077: Rebrand: Tracking task.

Since all changes are going to be submitted to the upstream prior to landing here in Phorge it would be easiest if changes were made to a clone of Phabricator and not a clone of Phorge.

Mar 29 2022, 07:26 · Phorge
golyalpha added a comment to T15082: Consider allowing milestone columns to be ordered arbitrarily on workboards.

epriestley was very much against this idea but wikimedia's users loved it.

Mar 29 2022, 07:16 · Discussion Needed, Affects-Wikimedia, Workboard

Mar 25 2022

golyalpha updated the task description for T15080: Intermittent DNS issues when attempting to visit we.phorge.it.
Mar 25 2022, 11:52 · phorge.it install (DEPRECATED)
golyalpha added a comment to T15080: Intermittent DNS issues when attempting to visit we.phorge.it.
In T15080#1970, @speck wrote:

Unfortunately this type of issue is in an area that's beyond my network/configuration experience. Is CloudFlare our NS provider?

Mar 25 2022, 09:21 · phorge.it install (DEPRECATED)
golyalpha added a comment to T15078: Support for hardware keys as second factor.

What you're talking about is more like mTLS (mutual TLS), that's not actually how WebAuthn works. (Though supporting mTLS for sign-ins might also be something worth looking into)

Mar 25 2022, 09:19 · Auth

Mar 24 2022

golyalpha added a comment to T15078: Support for hardware keys as second factor.

We should definitely focus on implementing WebAuthn, as that allows us to support almost every standard hardware key solution out there.

Mar 24 2022, 18:35 · Auth
golyalpha created T15080: Intermittent DNS issues when attempting to visit we.phorge.it.
Mar 24 2022, 18:19 · phorge.it install (DEPRECATED)

Mar 23 2022

golyalpha created T15078: Support for hardware keys as second factor.
Mar 23 2022, 16:50 · Auth

Mar 22 2022

golyalpha updated the task description for T15077: Rebrand: Tracking task.
Mar 22 2022, 12:39 · Phorge

Mar 21 2022

golyalpha added a comment to T15069: Disable spammers.

Another one popped up: https://we.phorge.it/p/seo-auckland/

Mar 21 2022, 15:59 · Upstream General/Unknown

Mar 17 2022

golyalpha updated the task description for T15071: Setup recurring Core meeting.
Mar 17 2022, 16:59 · Governance

Mar 16 2022

golyalpha added a comment to T15059: Phabricator doesn't email @outlook.com addresses.

I had experience with emails from my self-hosted mailserver not reaching Microsoft-hosted mailboxes. As far as I remember, their SMTP replies to "suspicious" mail servers with a message that includes a link to some sort of a form which the mail admin should fill out. That worked for me - might need to dig through the server logs to see the link though.

Mar 16 2022, 11:17 · phorge.it install
golyalpha added a comment to T15072: Update Python-related linters for modern workflows.

Might be worth it having the linter classes inherit from a language-specific class that would handle things like environment initialization and dependency installation.

Mar 16 2022, 10:03 · Arcanist

Mar 15 2022

golyalpha added a comment to T15072: Update Python-related linters for modern workflows.

Checking the source in Arcanist repo, it seems like none of the python linters are actually configured to use an interpreter. (If I attempt to specify one for Pylint anyway, it fails with Got unexpected parameters: interpreter)

Mar 15 2022, 08:59 · Arcanist

Mar 13 2022

golyalpha added a comment to T15072: Update Python-related linters for modern workflows.

Right now,arc lint doesn't really allow for the activation of a virtual env. That's okay when I'm just running arc lint locally, because I can just activate the environment myself and run it in that environment.

Mar 13 2022, 16:16 · Arcanist

Mar 12 2022

golyalpha created T15072: Update Python-related linters for modern workflows.
Mar 12 2022, 09:05 · Arcanist

Dec 9 2021

golyalpha added a comment to T15058: Improve page layout for mobile devices.

Hmm, yeah, looks to be something with how Firefox renders sites... Can confirm that reload fixes the layout.

Dec 9 2021, 12:50
golyalpha added a comment to T15060: Better Pirate English.

Well, there are inconsistencies. For example, subscribers are called "spies" in the task overview, but "subscribers" in the task history, and "spies" again in task actions.

Dec 9 2021, 12:44 · Localization

Dec 5 2021

golyalpha added a comment to T15058: Improve page layout for mobile devices.

It's a 720x1440 device, which is on the low end of screen resolutions nowadays.

Dec 5 2021, 13:56

Nov 1 2021

golyalpha created T15060: Better Pirate English.
Nov 1 2021, 19:56 · Localization

Oct 29 2021

golyalpha added a comment to T15033: Add option for GDPR Warning Suggestion.

@golyalpha As my current employer is one of the largish companies, (50,000+ international employees), but not primarily software focused we have all been given GDPR awareness training but do not have a general, all employees, GDPR statement available nor a standard text or set of texts to use.
When I was deploying a Phabricator instance I actually had to come up with the wording myself and then get it approved by the legal & compliance team - my biggest hurdle was convincing them of the required data retention period - they were much more used to systems such as payroll & HR where records are only retained for a fixed number of years after the period of employment as demanded by things like the local tax regulations and the idea that due to legal liability, etc., we needed to retain the information for the full life of the product being developed and possibly beyond if components were reused.

Oct 29 2021, 08:04
golyalpha added a comment to T15033: Add option for GDPR Warning Suggestion.

I18n is also fairly important from the point of view that citizens in certain jurisdictions are basically legally immune against documents written in a language different from the official language of their jurisdiction, so, +1 on that.

Oct 29 2021, 05:30
golyalpha added a comment to T15033: Add option for GDPR Warning Suggestion.

Yes, that's why I'm saying "yeah, great idea, let's do this, but let's also create a config toggle so that it can be disabled for people and orgs who don't need it".

Oct 29 2021, 05:20

Oct 28 2021

golyalpha added a comment to T15033: Add option for GDPR Warning Suggestion.

Yes, the GDPR notice must inform about each and every purpose specifically. But it must do so only once - that can be at sign up.

Oct 28 2021, 06:11

Oct 27 2021

golyalpha updated the task description for T15058: Improve page layout for mobile devices.
Oct 27 2021, 18:41
golyalpha added a comment to T15058: Improve page layout for mobile devices.

It's not just visual - I'm actually unable to open the individual tasks.

Oct 27 2021, 18:41
golyalpha created T15058: Improve page layout for mobile devices.
Oct 27 2021, 18:38
golyalpha updated the task description for T15057: Kubernetes support in Almanac/Drydock/Harbormaster.
Oct 27 2021, 16:54 · Almanac/Drydock/Harbormaster
golyalpha created T15057: Kubernetes support in Almanac/Drydock/Harbormaster.
Oct 27 2021, 15:40 · Almanac/Drydock/Harbormaster
golyalpha added a comment to T15051: default.pem in Arcanist is out of date - maybe remove it completely?.

+1 to removing default.pem
/shrug on keeping custom.pem

Oct 27 2021, 13:50 · Arcanist
golyalpha added a comment to T15051: default.pem in Arcanist is out of date - maybe remove it completely?.

What was the original rationale behind shipping a certificate bundle with Arcanist? It may be better to rely on the system certificate bundle instead (that also tends to have certificates from, for example, internal company issuers as well).

Oct 27 2021, 13:15 · Arcanist
golyalpha updated golyalpha.
Oct 27 2021, 12:50
golyalpha added a comment to T15056: Improve Dark Mode.

A perfect example of "hard to see" things in dark mode

Oct 27 2021, 12:46 · User-Cigaryno, User-valerio.bozzolan, Accessibility, User-Bukkit
golyalpha added a comment to T15033: Add option for GDPR Warning Suggestion.

Definitely a good idea for anyone who wants to run Phorge in EU/UK or work with EU/UK contributors. Though it really is only necessary for the signup page - individual repositories really only have to worry about CLAs (if relevant).

Oct 27 2021, 12:32
golyalpha awarded T15033: Add option for GDPR Warning Suggestion a Love token.
Oct 27 2021, 12:14