Page MenuHomePhorge

avivey (Aviv Eyal)
UserAdministrator

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Monday

  • Clear sailing ahead.

User Details

User Since
Jun 10 2021, 05:36 (203 w, 2 d)
Roles
Administrator
Availability
Available
Timezone
UTC+2

Recent Activity

Today

avivey added a comment to T16050: Make it easier for CSS customization to apply to comments by specific users/bots.

To put it another way:
I think the described use-case is too narrow, and a naive expansion of the use-case isn't scalable.
The described use-case fails for at least one possible use-case ("some bots have something useful to say").

Sat, May 3, 09:21 · Feature Requests, Comments
avivey added a comment to T16050: Make it easier for CSS customization to apply to comments by specific users/bots.

Yes, this is where my first comment enters - I feel this is a rabbit-hole we shouldn't venture into, etc.
The current script appears to have 3 names, and referring to "legacy data" implies that there won't be any new names to add.

Sat, May 3, 08:56 · Feature Requests, Comments
avivey added a comment to T16050: Make it easier for CSS customization to apply to comments by specific users/bots.

the legacy data can be handled by the already-existing hard-coded names...

Sat, May 3, 08:46 · Feature Requests, Comments
avivey added a comment to T16050: Make it easier for CSS customization to apply to comments by specific users/bots.

I feel this is a rabbit-hole we shouldn't venture into.
The slippery-slope argument will make us adding a custom class for each individual user, so css extensions can be used to hide/highlight comments from boss/intern/etc.
It's also probably not enough to remove the hard-coded requirement either - in some environments, one "bot" user is copying comments from another platform, and another is making statistical updates about a jira ticket, so you'd still need a better filter.

Sat, May 3, 07:58 · Feature Requests, Comments

Yesterday

avivey added a comment to D25984: Catch exception when a renderer freaks out.

Should we phlog($e) in your opinion?

Fri, May 2, 15:28
avivey renamed 2025.18 from Next Up to 2025.18.
Fri, May 2, 15:19
avivey edited the content of Change Log.
Fri, May 2, 15:19
avivey requested review of D25984: Catch exception when a renderer freaks out.
Fri, May 2, 10:07

Thu, May 1

avivey updated the post content for Blog Post: DoS attack against Aphlict.
Thu, May 1, 19:02 · Aphlict
avivey edited the content of Next Up.
Thu, May 1, 18:58
avivey added a comment to T16047: Handle security issues in Aphlict.

Re "implement in php" - AFAICT, there's no built-in support for websockets in php, but I found at least 2 pure-php implementations out there that might work.

Thu, May 1, 18:57 · Aphlict, Security
avivey updated the task description for T16047: Handle security issues in Aphlict.
Thu, May 1, 18:56 · Aphlict, Security
avivey created T16047: Handle security issues in Aphlict.
Thu, May 1, 18:54 · Aphlict, Security
avivey updated the post content for Blog Post: DoS attack against Aphlict.
Thu, May 1, 18:43 · Aphlict
avivey added a comment to Blog Post: DoS attack against Aphlict.
In J6#66, @Cigaryno wrote:

Thanks for this! Is this any related to the security vulnerability warning I got with npm install last month, which prompted me to run npm audit fix?

Thu, May 1, 16:26 · Aphlict
Cigaryno awarded Blog Post: DoS attack against Aphlict a Like token.
Thu, May 1, 14:51 · Aphlict
avivey created Blog Post: DoS attack against Aphlict.
Thu, May 1, 08:04 · Aphlict
avivey triaged T16037: Bump ws npm package for Aphlict as High priority.

Possible ways to reduce risk for future issues:

  • add a Setup Check that runs npm audit
  • remove node, use php-based websocket implementation
Thu, May 1, 07:49 · Security, Aphlict
avivey added a comment to D25967: Aphlict: Bump NodeJS package ws from 7.5.0 to 7.5.10.

@aklapper want to land this?
I figure users need to just run npm audit fix to be safe, and then fix the mess it did on the git diff.

Thu, May 1, 07:20
avivey edited projects for Security Announcements, added: Security; removed phorge.it install.
Thu, May 1, 07:16 · Security

Wed, Apr 30

avivey added a comment to D25967: Aphlict: Bump NodeJS package ws from 7.5.0 to 7.5.10.
  1. Can we specify the .10 in packages.json itself?
  2. Do installs need upgrade instructions to complete the upgrade?
Wed, Apr 30, 09:01
avivey added a comment to T15671: Allow to import Picture from Gravatar.

As a general rule, I prefer the have the abstractions as much as possible, to allow extensions to do things.
In this case, an abstraction would also make this feature easier to enable/disable, which I think is desired.

Wed, Apr 30, 08:50 · User-valerio.bozzolan, People

Sun, Apr 27

avivey added a comment to T16035: Update embedded copy of Font Awesome 4.7.0.

All these options make me want to just go with Sprites (See "Tokens" and "Authentication" in https://we.phorge.it/uiexample/view/PHUIIconExample/).

Sun, Apr 27, 13:32

Wed, Apr 23

Daimona awarded T15048: Allow awarding Tokens to individual Comments a Love token.
Wed, Apr 23, 13:09 · Comments

Tue, Apr 22

avivey added a comment to Q178: What version of Phorge are we currently running on the community instance? (Answer 222).

That's almost a year old. Time to update.

Tue, Apr 22, 10:15
avivey closed Q178: What version of Phorge are we currently running on the community instance? as resolved.
Tue, Apr 22, 10:14 · Blessed Roots
avivey added Q178: What version of Phorge are we currently running on the community instance? (Answer 222).
Tue, Apr 22, 10:14

Thu, Apr 17

avivey added a comment to D25966: Add a Copy-to-Clipboard Button to code blocks.
In D25966#25739, @bekay wrote:

First of all: you should create the copy button server side. Ideally inside the remark rule for creating a code block. There you can attach the ressources too. And you can add sigils to the button. Javelin uses sigils to attach behaviors and listen to events.

I'm still creating the button via javascript because if I do if on server side I may break some remarkup unit tests ...

Thu, Apr 17, 06:33

Fri, Apr 11

avivey accepted D25873: Fix overlapping elements in Phame for >1791px width.
Fri, Apr 11, 07:55

Tue, Apr 8

avivey accepted D25937: PHPDoc: Make some parameter types match type in signatures.
Tue, Apr 8, 06:16
avivey accepted D25941: PhabricatorCustomField: Fix a typo in PHPDoc.
Tue, Apr 8, 06:15
avivey accepted D25867: Fix PHP 8.1 "strlen(null)" exception in Feed setting up MFA.
Tue, Apr 8, 06:15

Mon, Apr 7

avivey accepted D25947: Remove setup check for safe_mode removed in PHP 5.4.
Mon, Apr 7, 06:08

Sun, Apr 6

avivey accepted D25949: Complete session digest migration from SHA1 to SHA256.

Sure, 7 years is probably long enough to migrate cookies.

Sun, Apr 6, 06:53

Mar 31 2025

avivey accepted D25936: Mark Phorge.it Home as non-launchable.

Looks good, yeah.

Mar 31 2025, 06:51 · User-Cigaryno, phorge.it install

Mar 30 2025

avivey added a comment to T15036: Phorge upstream mail should not use @secure.phorge.dev addresses.

So, this turns out to be a lot harder than I thought.

Mar 30 2025, 19:15 · phorge.it install

Mar 26 2025

avivey added a comment to D25926: Make Diffusion repository management accessible to logged-out users.

There might be some security implications to this.
Why is this needed?

Mar 26 2025, 10:11 · User-Cigaryno, Diffusion

Mar 20 2025

avivey added a comment to T16016: Phantom notification.

I don't understand the problem described...

Mar 20 2025, 09:15 · Maniphest

Mar 19 2025

avivey added a comment to T16007: Discuss the policy for contributing to prototype applications.

I'm not familiar with MediaWiki's packages - the model I'm copying is VSCode.
My thought is that in the install manual we'll say "now run ./bin/extensions install phorge-recommended-extensions" (near the ./bin/storage) step, and phorge-recommended-extensions would be the equivalent of "extension pack" hosted on the default Extension Store, which is hosted here.
(VSCode also has "bundled extensions", which I think doesn't work for us because we use "clone the repo" as the primary distribution system).

Mar 19 2025, 09:10 · Discussion Needed, User-Cigaryno
avivey added a comment to T16007: Discuss the policy for contributing to prototype applications.

The "Prototype" concept was a way for Phacility to experiment with things without committing - but we have a different model today.

Really!? Phacility SaaS instances do not allow enabling prototypes and self-hosted Support (from the Support application on admin.phacility.com that was oddly marked as Prototype) likely wasn't even available for prototype applications.

Mar 19 2025, 07:54 · Discussion Needed, User-Cigaryno
avivey added a comment to T15203: Remarkup: allow to mention a Slowvote (without embedding).

On this server, we changed the config to /^(Q|V|M)\d$/ because we don't have P1 tickets.
I'm also not sure what M is short for.

Mar 19 2025, 07:40 · User-valerio.bozzolan, Remarkup
avivey added a comment to T15450: Configure another Ponder Question status "Closed, Graduated".

To me, "obsolete" manes "no longer appliable" - basically, "the information in this page doesn't apply any more".
Some (made up) examples:

  • "Can Phorge run on PHP 7.0?" (The answer is no, because of a specific bug in 7.0, which was EOL a long time ago)
  • "I have this problem in the Chatbot app" (We've deleted the chatbot app)
Mar 19 2025, 07:34 · Feature Requests, Ponder, phorge.it install
avivey added a comment to T15203: Remarkup: allow to mention a Slowvote (without embedding).

The V123 syntax is disabled by remarkup.ignored-object-names config by default; The default is /^(Q|V|M|P)\d$/ (basically anything starting with Q, V, M, or P), for "Q1" (biz-talk for April), "V1" (for versions), "M1" (for ?????) and "P1" (Jira for "important bug").

Mar 19 2025, 07:07 · User-valerio.bozzolan, Remarkup

Mar 17 2025

avivey updated the task description for T16007: Discuss the policy for contributing to prototype applications.
Mar 17 2025, 07:39 · Discussion Needed, User-Cigaryno
avivey added a comment to T16007: Discuss the policy for contributing to prototype applications.

My thought on this is that long term, we'll remove the concept of "prototype" completely in favor of Extensions.
The "Prototype" concept was a way for Phacility to experiment with things without committing - but we have a different model today.

Mar 17 2025, 07:39 · Discussion Needed, User-Cigaryno

Mar 15 2025

avivey added Q166: Support for request header and body in "Make HTTP Request" step in Harbormaster (Answer 214).
Mar 15 2025, 15:53

Mar 7 2025

avivey added a comment to D25905: Remove No Prototype Changes section from Contributing Code document.

@Cigaryno please create a task under Discussion Needed for this - I'm not sure we want to make this policy change.

Mar 7 2025, 08:08 · Documentation

Mar 6 2025

avivey added a comment to D25904: Update XHPast for Windows binary to 7.1.6.

Do we have a task to remove this file from source-control?

Mar 6 2025, 12:12

Mar 3 2025

avivey added inline comments to D25897: Added a Mentions tab to the Differential Revision View.
Mar 3 2025, 07:20
avivey awarded T16003: Differential Revision should show "Mentions" tab similar to how Maniphest Tasks do a Like token.
Mar 3 2025, 07:15 · Differential

Mar 2 2025

avivey added a comment to D25898: Add instructions to Create Repository form fields for Callsign and Short Name.

close enough for my taste; Just add . at the end of each sentence.

Mar 2 2025, 08:24

Feb 27 2025

avivey added a comment to D25898: Add instructions to Create Repository form fields for Callsign and Short Name.
  • There's already a "description" field on these, which I think was supposed to be displayed; We might have lost it at some point, which is concerning.
  • Use pht() for all human-visible text, to allow translation.
Feb 27 2025, 16:04
avivey added a comment to Q171: Is there a way to disable pushes to master except for arc land? (Answer 212).

Need to go over the relevant code for deciding if a commit has an approved Revision - I think it looks mostly on the commit message.

Feb 27 2025, 07:59

Feb 26 2025

avivey added Q171: Is there a way to disable pushes to master except for arc land? (Answer 212).
Feb 26 2025, 09:08

Feb 23 2025

avivey added a comment to Q170: Is there a way to unland a diff? (Answer 211).

See also https://secure.phabricator.com/T1751 and rARC3116d3656ad017783e75df7e863368053d753e7f - looks like we had arc backout at some point for this, but it's no longer there.

Feb 23 2025, 11:43
avivey added Q170: Is there a way to unland a diff? (Answer 211).
Feb 23 2025, 10:49

Feb 22 2025

avivey added a comment to T16001: Celerity unit test not triggered: mitigate thanks to Herald.

try now

Feb 22 2025, 15:01 · User-valerio.bozzolan, phorge.it install
avivey changed the Can Manage Global Rules policy for application Herald from Administrators to Blessed Committers (Project).
Feb 22 2025, 15:01
avivey added a comment to T16001: Celerity unit test not triggered: mitigate thanks to Herald.

@valerio.bozzolan go ahead and give it a try? I think you have access to create rules.

Feb 22 2025, 10:15 · User-valerio.bozzolan, phorge.it install

Feb 15 2025

avivey added a comment to D25877: Mention on landing page that Phorge is a community fork of Phabricator.

I've deployed it (https://www.phorge.it/)

image.png (545×540 px, 88 KB)

Feb 15 2025, 11:25
avivey accepted D25877: Mention on landing page that Phorge is a community fork of Phabricator.
Feb 15 2025, 09:45

Feb 14 2025

avivey accepted D25874: Update installation guide to point to GitHub mirrors.

I'd like people to clone from GH less for the bandwidth and more for the availability - GH is more likely to be up then us.
Technically I guess GH might have an issue with that, but they probably won't notice anyway.

Feb 14 2025, 14:15

Feb 3 2025

avivey added a comment to T15987: Preview for patch files.

https://secure.phabricator.com/T13105 is the relevant historical meta-task, I didn't find a matching one here.

Feb 3 2025, 08:14 · Files

Feb 2 2025

waldyrious awarded T15504: If registration is disabled, show the button as disabled a Like token.
Feb 2 2025, 20:25 · Auth, Good Starter Task, UX

Jan 21 2025

avivey added inline comments to D25862: Communicate max dimensions of profile images before upload.
Jan 21 2025, 08:33
avivey added a comment to T15984: Communicate maximum dimensions of avatar images.

Oh, I miss-understood the problem statement. The 4096 limit is on the size of the image that we can resize from...

Jan 21 2025, 08:26 · Projects

Jan 20 2025

avivey added a comment to T15984: Communicate maximum dimensions of avatar images.

I'd expect it to just resize the image as needed....

Jan 20 2025, 13:33 · Projects

Dec 29 2024

avivey accepted D25860: Fix typos etc..

two items re: phrasing, but otherwise LGTM.

Dec 29 2024, 12:23

Dec 24 2024

keithzg awarded T15233: Projects: add "Tasks", "Revisions" menu items a Like token.
Dec 24 2024, 20:45 · Feature Requests, Affects-Wikimedia
avivey added Q162: Custom searches attached to project menus that filter to current project? (Answer 203).
Dec 24 2024, 09:16
avivey created T15981: In feed story for "Edited Phriction doc", add link to diff.
Dec 24 2024, 09:09 · Feed, Good Starter Task, Phriction
avivey added Q163: Failure starting after upgrade from Phabricator (Answer 202).
Dec 24 2024, 09:04

Dec 23 2024

avivey added Q161: strange things (typo and other) in Phabricator (Answer 201).
Dec 23 2024, 07:44
avivey created T15980: Handle typos from Q161.
Dec 23 2024, 07:42 · Good Starter Task

Dec 22 2024

avivey added a comment to T15207: Legalpad restrictions on this install.

I've set can create to Trusted Contributors for now. I don't see a problem with people being able to create documents.

Dec 22 2024, 09:29 · Governance, User-Cigaryno
avivey changed the Can Create Documents policy for application Legalpad from All Users to Trusted Contributors (Project).
Dec 22 2024, 09:27

Dec 20 2024

avivey accepted D25858: Phriction: define an object creation title.
Dec 20 2024, 08:40

Dec 19 2024

avivey accepted D25857: Replace some Phabricator references in PhabricatorStartup.php on comments and errors.
Dec 19 2024, 14:00
avivey added a comment to T15643: Support marking text with <ins> in Remarkup.

If the goal is to make it denote "inserted text", I think it should be visually different to "underline" - something more similar to the green we use for actual diff views, maybe more subtle. Will need special handling in the color-blindness themes.

Dec 19 2024, 08:09 · Feature Requests, Remarkup

Dec 18 2024

avivey added a comment to T15979: Can't grant notification permission to browser.

The "Grant permission" button works for me on Chrome/Windows.

Dec 18 2024, 07:49 · User-Cigaryno, Bug Reports

Dec 17 2024

avivey added a comment to T15121: Contributor Agreement.

I think that for the "the name I use is not my legal name" use-case, I'm pretty sure it's fine to use the name that is actually used (because that's what the person is normally known as). It's probably easier to justify accepting a name that is used in real life then "internet handle", but ㄟ( ▔, ▔ )ㄏ

Dec 17 2024, 10:24 · Phorge

Dec 15 2024

avivey added a comment to T15121: Contributor Agreement.

Would the CLA have to be signed with one's legal name?

Dec 15 2024, 08:35 · Phorge

Dec 11 2024

avivey added a comment to T15972: Add config option for maximum file size.

(we can probably keep this ticket open, so that we have the 2nd part on the backlog. I'm pretty sure we want it to happen "eventually".)

Dec 11 2024, 07:20 · Feature Requests, Config, Discussion Needed, Files

Dec 9 2024

avivey added a comment to T15972: Add config option for maximum file size.

Sounds reasonable.

Dec 9 2024, 08:12 · Feature Requests, Config, Discussion Needed, Files
avivey added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

"Steal credit" might actually lead to a real issue: If a new user can get themselves identified as an old, trusted, user based on commit history, their changes might not be checked as rigorously by the rest of the team - similar to the XZ Utils backdoor issue, only faster.

Dec 9 2024, 07:56 · Spam mitigation, Diffusion, Security

Dec 8 2024

avivey accepted D25851: docs: Remove extra 'B' from PHP config value.
Dec 8 2024, 12:19

Dec 4 2024

valerio.bozzolan awarded T15036: Phorge upstream mail should not use @secure.phorge.dev addresses a Cup of Joe token.
Dec 4 2024, 08:06 · phorge.it install
avivey claimed T15036: Phorge upstream mail should not use @secure.phorge.dev addresses.

Please "remind" me about this ticket as often as possible, so I will fix it. I have everything I need to actually fix this, except the willpower.

Dec 4 2024, 08:05 · phorge.it install

Dec 3 2024

avivey changed the visibility for D25043: Upload compressed logo, update HTML.
Dec 3 2024, 16:22
avivey changed the visibility for D25041: Home Page.
Dec 3 2024, 16:21
avivey added a comment to D25839: Fix parsing of incoming mail with UTF-8 encoded headers.

@3tayesh Please don't do that again.

Dec 3 2024, 16:17
avivey changed the visibility for D25839: Fix parsing of incoming mail with UTF-8 encoded headers.
Dec 3 2024, 16:17

Dec 2 2024

avivey accepted D25843: Delete Repository button: disable if not admin, but show popup to all.

Since the button doesn't do anything in any case except say why it doesn't do anything, it might always be disabled? Do we have any other similar buttons?
I'm never sure if users discover that disabled buttons are actually clickable (and try to explain why they're disabled). It's a UI feature I really like, but I don't think I've seen it anywhere else.

Dec 2 2024, 21:24

Nov 26 2024

avivey awarded T15960: Incoming mail parsing fails if specific headers have UTF-8 encoded text in them a Burninate token.
Nov 26 2024, 13:08 · Bug Reports

Nov 24 2024

avivey accepted D25792: Fix PHP 8.3 "Usage of ldap_connect with two arguments is deprecated" exception.

It might be slightly safer to use PhutilURI, but this is in any case a potentially-unsafe configuration.

Nov 24 2024, 09:32

Nov 21 2024

avivey accepted D25837: Fix a typo in documentation.

Ah, the mythical Platypus Ornithopter!

Nov 21 2024, 07:16

Nov 2 2024

Rexogamer awarded T15048: Allow awarding Tokens to individual Comments a Love token.
Nov 2 2024, 12:58 · Comments

Oct 30 2024

nemoralis awarded T15048: Allow awarding Tokens to individual Comments a Love token.
Oct 30 2024, 07:21 · Comments

Oct 29 2024

avivey added Q158: Is there a way to create a task in Maniphest via a webhook? (Answer 198).
Oct 29 2024, 07:48

Oct 27 2024

avivey accepted D25833: APC: Set ttl to 0 when ttl is not given.
Oct 27 2024, 14:06