[09:36:54] <elukey>	 hello on-callers
[09:37:28] <elukey>	 I'd need to roll restart 4 pybals (lvs2010, lvs2009, lvs1020, lvs1019) to pick up a new VIP
[09:37:35] <elukey>	 will start in a few
[09:41:41] <elukey>	 of course I made a mistake
[09:47:15] <elukey>	 I am fixing it with  https://gerrit.wikimedia.org/r/c/operations/puppet/+/920649, puppet disabled on 3 lvses affected, only applied to 2010 (codfw low traffic standby)
[10:04:56] <elukey>	 {{done}}
[10:12:36] <_joe_>	 godog, jayme the evil plan worked
[10:12:48] <_joe_>	 the jobs are correctly relabeled and the dashboards all work 
[10:13:16] <godog>	 _joe_: sweet! 
[10:13:52] <_joe_>	 interestingly, there is a small reduction in the requests/s to the service because we send less useless probes https://grafana-rw.wikimedia.org/d/RKogW1m7z/shellbox?forceLogin&orgId=1&var-dc=codfw%20prometheus%2Fk8s&var-namespace=shellbox-syntaxhighlight&var-release=main&var-service=shellbox&from=now-15m&to=now&viewPanel=86
[10:35:40] <Emperor>	 https://www.memorysafety.org/blog/sudo-and-su/ attempt to rewrite sudo/su in rust
[10:40:08] <klausman>	 The security problems with sudo are not because it's C but because the sudoers syntax makes it very easy to accidentally give too much access
[10:40:36] <jayme>	 _joe_: nice!
[10:42:22] <Emperor>	 klausman: I'd pick a bit from both columns, to be honest :)
[10:42:43] * Emperor uses userv elsewhere
[10:42:44] <klausman>	 I mean, using C surely doesn't _help_
[10:54:30] <moritzm>	 skimming the 2022/2023 sudo CVEs it seems about half of them were moot with a rust-based implementation (double frees, OOB memory access), with the other half being logic errors or missing sanitising which would also apply to a rust code base
[12:55:00] <inflatador>	 interesting
[14:20:58] <elukey>	 hello folks, I am investigating an authdns-update issue with su*khe, please hold off to run dns updates for the moment
[14:52:55] <elukey>	 fixed, you can now proceed :)