[08:18:05] <moritzm>	 FYI; I'm rolling out further expat security updates throughout the day (Python is a notable reverse dependency) and the latest security fix introduce a (necessary) breaking change
[08:19:02] <moritzm>	 there's an initial report of some library impacted by that: https://github.com/libwbxml/libwbxml/issues/76
[08:19:31] <moritzm>	 we don't use libwbxml anywhere, but there might be similar cases not yet discovered by the expat change
[08:20:08] <moritzm>	 I'll continue to roll this out with extra care, but if you notice anything strange, please ping me
[08:20:53] <moritzm>	 there's no alternative to the expat code change, it's necessary "bite the bullet" situation
[08:24:36] <moritzm>	 (the vulnerability was found as part of an existing exploit)
[12:06:04] <arturo>	 hnowlan: pending puppet patch, good to merge?
[12:06:13] <arturo>	 Hnowlan: restbase: disable redundant jmx config (510e13b267)
[12:06:20] <hnowlan>	 arturo: oops, yes please! 
[12:06:34] <arturo>	 hnowlan: done!
[12:08:39] <Emperor>	 sigh, see 52 emails in root, think "must check those, on clinic duty", they're all from reprepro...
[12:12:23] <Amir1>	 volans: the cookbook for downtime logs start and end, do you think it would be possible to make it just log for finish?
[12:12:55] <Amir1>	 for reimage cookbook make sense to have it start and finish, but downtime is instant 
[12:27:47] <volans>	 Amir1: downtime is instance unless you pass the option to force a puppet run on the icinga host, in that case it takes longer. That said at the moment no is not possible to have a cookbook skip it's SAL, it's embedded in the framework, but we can evaluate that, I totally agree that the downtime is a bit too spammy
[12:29:12] <volans>	 from the tech PoV it's easy to do
[12:35:42] <Amir1>	 noted, thanks
[12:36:38] <volans>	 *is instant
[12:36:41] <volans>	 noticed now the typo
[13:13:03] <Krinkle>	 What is the official source of apserver apache configuration now? Last I heard it is in puppet and the k8s/docker chart somehow gets it YAML-injected via Puppet from the host where the images are built.
[13:13:18] <Krinkle>	 but I'm unable to find e.g. the /static/current rewrite rule in Puppet
[13:14:41] <Krinkle>	 oh, I see. I am literally searching for the one rule that wouldn't be there
[13:14:52] <Krinkle>	 because in prod it's just a symlink that needs to rewrite
[13:15:01] <Krinkle>	 needs no*
[13:15:19] <Krinkle>	 alright so https://wikitech.wikimedia.org/wiki/Application_servers/Runbook#Deploying_config is still up to date
[13:15:24] <Krinkle>	 nvm!
[13:42:39] <kormat>	 nnngh. undocumented change in `black`'s behaviour between 21.5b0 and 21.5b1. 
[13:43:39] <arturo>	 kormat: document it here :-)
[13:49:53] <kormat>	 haha. so for whatever reason, 21.5b1 and later convert all single-quoted strings to double-quoted in wmfmariadbpy
[13:50:25] <kormat>	 what's weird is that if i do the conversion, earlier versions are happy with it
[13:50:51] <kormat>	 so it seems like there was maybe some autodetection of the convention being used, and it got broken/removed in 21.5b1
[13:52:25] <volans>	 did they change the default of --skip-string-normalization ?
[13:52:59] <kormat>	 the only thing listed: https://github.com/psf/black/blob/main/CHANGES.md#215b1
[13:53:02] <_joe_>	 kormat: since forever black did convert single quotes in double quotes if you don't add options, so I guess they changed the behaviour of one of your cli switches
[13:53:03] <volans>	 also latest is 22.1.0
[13:53:08] <kormat>	 is refactoring of one big file into lots of smaller ones
[13:53:19] <kormat>	 volans: i know. i did a manual bisceting to find where the change started.
[13:53:30] <kormat>	 _joe_: i'm not using any cli switches. that's why i'm confuse.
[13:53:47] <_joe_>	 kormat: then I am too, black used to convert everything to double quotes
[13:53:47] <volans>	 any setting in pyproject.toml?
[13:54:02] <volans>	 yes it converted by default, unless you disable that option
[13:54:11] <kormat>	 _joe_: and for a long time, too.
[13:54:29] <kormat>	 volans: this repo has a separate `.black.toml` file that's used
[13:54:35] <kormat>	 (black will only read from a single config file)
[13:56:46] <kormat>	 ".... Oh"
[13:57:37] * kormat mumbles something, waves everyone back to work
[15:09:29] <robh>	 codfw eliminating mask requirements
[15:09:38] <robh>	 all of california already did that
[15:09:41] <robh>	 =P
[15:09:50] * robh has strong views against this but he is a paranoid fucker
[15:58:07] <_joe_>	 robh: sorry so no mask mandate indoors?
[15:58:28] <apergos>	 sounds like an extremely bad idea
[16:04:53] <bd808>	 Idaho's legislature is trying to pass a law banning any mask mandates ever for any reason :/
[16:08:04] <bblack>	 yes I love the logic in so many related efforts lately: mandates are government intrusion on freedoms, but governments banning local mandates is somehow a pro-freedom move? :P
[16:08:33] <bblack>	 it's like saying you want to prevent the burning of books by burning all the books that mention fire
[16:08:56] <_joe_>	 lol
[16:09:35] <_joe_>	 bblack: a friend of mine landed in DFW for christmas, in the midst of the omicron surge, and he told me he was the only person wearing a mask in the whole airport, which was kinda shocking to me
[16:09:49] <_joe_>	 I would assume that people with a cold/cough would at the very least wear one
[16:10:12] <bblack>	 heh
[16:10:32] <bblack>	 in texas, for better or worse, most of the state is way past taking any reasonable precautions in public
[16:12:41] <bblack>	 it doesn't really matter what your individual opinion is on it here: in practice, the state is clearly well on their way to "herd immunity the hard way"
[16:25:34] <robh>	 _joe_: so California and other states are rolling back mask mandates to the honor system for those with vax
[16:26:05] <robh>	 sorry i went afk to walk the doggo
[16:26:29] <Reedy>	 London is removing the mask mandates from the underground and stuff...
[16:26:31] <robh>	 when i go shopping its about 50% mask rate for folks.
[16:26:33] <Reedy>	 >All customers should be assured that the public transport network is as safe as other similar settings, and that independent testing has found no trace of coronavirus on our network since September 2020.
[16:26:42] <robh>	 the folks with masks make eye contact with one another like 'i see you'
[16:27:05] <robh>	 also cyrusone is going to stop sending out covid infection notices
[16:27:06] <_joe_>	 Reedy: lol
[16:27:22] <robh>	 we're all depending on the shitty phone bluetooth tokens in america
[16:27:33] <robh>	 if folks turn it on in their phones at all.
[16:27:39] <Reedy>	 And/or install the app
[16:27:41] <Reedy>	 We know how good the UK Test and Trace has been...
[16:27:54] <robh>	 iphone built it in atleast for most us states
[16:27:58] <_joe_>	 none of those apps worked, and not for technical problems
[16:28:14] <robh>	 yeah my buddy has gotten dozens of notices cuz he lives in row housing
[16:28:16] <_joe_>	 it's mostly because it's hard to tell an infection chance by just contact
[16:28:19] <robh>	 so everyone 2 houes in each direction flag
[16:28:42] <_joe_>	 and because it requires actual humans to act on the info it provides
[16:28:47] <robh>	 he hasnt seen his neighbor 2 doors down ever, but his phone is convinced he has covid from him.
[16:29:15] <_joe_>	 and it makes sense only if you're trying to suppress the virus
[16:29:21] <_joe_>	 which... we've given up on
[16:29:39] <robh>	 I wear my n95 in all indoor settings
[16:29:53] <robh>	 and when i take it off afterwards and see large mask marks, i know i wore it properly ; D
[16:30:29] <robh>	 cuz yeah... i dont want even mild covid, who knows what the later effects will be, like chicken pox/shingles...
[16:30:43] <robh>	 and i love to eat, not having a sense of taste would be...  so depressing.
[19:46:44] <mutante>	 https://we.phorge.it/ - new community fork of Phabricator - because Phacility stopped maintaining Phabricator
[20:02:19] <moritzm>	 oh, that's great news!
[20:31:17] <James_F>	 Well, their git history is forked from upstream https://we.phorge.it/source/phorge/history/master/ as of 2021-06-01 which is slightly better than our https://phabricator.wikimedia.org/source/phabricator/history/wmf%252Fstable/ 2021-03-28, but they've not done much on top of it yet. It might be something RelEng could participate in?
[20:32:22] <James_F>	 Oh, and I see Mukunda engaging there via https://we.phorge.it/T15055 etc. so clearly they're aware. :-)
[20:32:41] <RhinosF1>	 It's been very slow with phorge
[20:32:58] <James_F>	 It's hard to get people hugely excited about taking on such a large amount of work, indeed.
[20:32:58] <RhinosF1>	 They're still in a lot of branding discussions and work
[20:33:13] <James_F>	 Yeah.
[20:33:25] <RhinosF1>	 It's not the most exciting bit of development too
[20:33:31] <RhinosF1>	 Renaming everything
[20:35:08] <James_F>	 I've created https://phabricator.wikimedia.org/T302528 so we have a task to point to if anyone asks.
[23:50:56] <razzi>	 Hi SREs, I'm looking for input on how to depool a host from haproxy in a cookbook. Currently the (manual) process is to make a patch to edit `hieradata/hosts/dbproxy1019.yaml` removing the host, then run puppet, which writes to `/etc/haproxy/conf.d/multi-db-replicas.cfg` and reloading haproxy to depool the host. Is there a way to do this without making a puppet patch? See https://phabricator.wikimedia.org/T297026#7697912