Monday, 2026-06-15

« Sunday, 2026-06-14 Index Tuesday, 2026-06-16 »
eolivarehi there, any known issue? https://zuul.opendev.org/t/openstack/builds?result=POST_FAILURE&skip=010:52
sean-k-mooneybased on the faileure im also seeign i woudl have to assume one fo the swift provider we use has an issue11:29
opendevreviewStephen Finucane proposed openstack/openstack-zuul-jobs master: Add openstack-tox-py315 job  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/99277111:47
opendevreviewStephen Finucane proposed openstack/openstack-zuul-jobs master: Add openstack-python3-next-jobs template  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/99333711:47
opendevreviewStephen Finucane proposed openstack/openstack-zuul-jobs master: Add openstack-python3-client-library-jobs template  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/99276911:48
opendevreviewStephen Finucane proposed openstack/openstack-zuul-jobs master: Test python3.15 (non-voting) for clients, libraries in 2026.2  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/99277211:48
-opendevstatus- NOTICE: Recent POST_FAILURE job results with no logs were due to upload errors in one of our providers, which has been temporarily disabled now so rechecking those should be safe12:44
*** iurygregory_ is now known as iurygregory13:46
opendevreviewMonty Taylor proposed openstack/project-config master: Add repos for drizzle website and sysadmin automation  https://review.opendev.org/c/openstack/project-config/+/99321415:35
sean-k-mooneywas the docs site down brifly or was that perhas impacted by the swift issues in ovh?17:46
sean-k-mooneyhttps://docs.openstack.org/api-ref/network/v2/index.html seam to be workign fine now17:47
sean-k-mooneybut it took abotu 5 minutes for that to load before17:47
fungisean-k-mooney: it was down briefly, we're seeing a new army of crawkers making millions of requests, discussion is in #opendev:opendev.org matrix17:51
sean-k-mooneyfungi: no worries17:51
fungiit's been coming and going but i've proposed https://review.opendev.org/c/opendev/system-config/+/993428 to hopefully stop it17:51
sean-k-mooneyi was just wondering if it was related to the previous ovh issue or not17:51
funginah, the ovh swift issues were restricted to zuul log uploads/serving17:52
fungidocs.openstack.org (and most of the other static content sites we host) are in afs with a vm serving as an apache frontend to a read-only afs replica17:52
sean-k-mooneyspeakign of bot i swa that "Openstack server hack" mail you replied too but i did not see the orginal mail on the list17:53
fungis/crawkers/crawlers/ but maybe i invented a new word17:53
fungisean-k-mooney: looks like it's there in the archive at least... https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/ZMJJY4J73SAXWYH4C566BO7GF4XBQ5JB/17:54
sean-k-mooneythe first thing that came to midn for me was, if that vm is wan facign and you have not update you glance iamges with the mitgation for copy fail ectra its just as vulnerbale as anything else on the internet17:54
sean-k-mooneyi dont know if they confirm that it hapeps with --no-network or not17:55
fungiyes, though booting with networking disabled would in theory mitigate that17:55
fungiright17:55
fungithe report was somewhat vague17:55
fungithey also replied to the thread, which you might also not have received?17:55
sean-k-mooneyi got there reply17:56
fungiin this case, my mua states that the dkim signature in the initial e-mail validates successfully, so it's at least not a dmarc problem17:56
sean-k-mooneyi would not be surpsied if our IT has some filter on hacked and servers taht intercepted it17:56
fungiyeah, there's a ton of substrings in there which could appear in trojan malware17:57
fungii wouldn't be surprised either17:57
fungipeople who receive e-mail about security problems need a different kind of inbound message filtering than corporate executives17:58
sean-k-mooneythey have been very i was going t say paranoid but its not paranoia if the threat is real of late17:58
fungione-size-fits-all mail scanning doesn't really work for us17:58
fungithis is why i run a personal mailserver, so i have fine-grained control over what gets delivered to my inbox and an audit trail and quarantine for things that don't get to my inbox17:59
fungibut i've also been a mailserver admin since the 90s, so it's not that much of a lift for me18:00
sean-k-mooneyya i pay google to do that for me.. i shoudl use anything else btu the thign is that google also give you google auth18:01
fungii'm sure gmail's great until things don't get to your inbox that you're expecting (or worse, that you aren't expected but wanted to receive), and there's no mailserver log you can go to in order to figure out what happened and where it went instead18:02
sean-k-mooneyso i coudl move my personal email but i dont want to have to fix sign in with google on everywhere i currenly use that18:02
fungimmm, i have google accounts tied to non-gmail e-mail addresses, fwiw18:03
sean-k-mooneyoh i do too18:03
sean-k-mooneyi just dont knwo if i can move my personal buisness accont with a custom domain a18:04
sean-k-mooneyand honesly its cheap so i dont feel like it right now :)18:04
fungithough i've closed most of those down now that i'm involved with 3 different nonprofits that all host their e-mail on gmail and have an abundance of gmail-associated accounts to sign into things with if i need that18:05
fungimost of the old google accounts were not originally google, but for companies they acquired over the years and became google accounts whether i liked it or not18:05
* fungi is really not a google fanboy, in case that wasn't obvious18:06
sean-k-mooneyi think the only one that applies to is perhasp my youtube account18:07
fungii definitely had one of those that is now a google account, yes18:10
fungior had, i think i closed it18:10
TheJuliaSeeing the discussion from earlier, it seems a little weird when they talked about using ssh to login anyway...20:35
fungii tried to be generous with interpretation because it seemed like they were struggling to find how to express their situation in english20:37
fungii'm sure i'd do far worse attempting to find and ask for help in their primary language20:38
fungitheir response clarified that they're actually running a (personal/private?) openstack cloud, which wasn't obvious from the initial message... so maybe they're in a position to also look into outdated kvm/qemu and processor firmware related vulnerabilities that could result in one compromised guest infecting the host and other guests20:40
sean-k-mooneyfungi: yes they refered to them seleve as the cloud provier or soemthign along those lines21:02
sean-k-mooneynot sure how big or small but more operarotr trying to udner stand thing then enduser or developer was my impression21:03
fungiyes, if i was interpreting their initial message correctly it's a very small (personal or sandbox) deployment. if someone wanted to follow up, next questions might be how they deployed openstack on what platform, in order to determine if one of our deployment projects might have a supply-chain compromise e.g. in a dependency21:05
fungibut so far there's no real indication that's the problem21:05
sean-k-mooneyits cernly posible.21:10
sean-k-mooneyarch(AUR) and npm have had plenty of late21:11
sean-k-mooneythere have also been suply chain attach via gitub prs recently21:11
sean-k-mooneygithub does nto show large diffs by default21:11
sean-k-mooneyso attachekr have been mesisng with renovate pr or prs that have generated content adn injectign code into them21:12
sean-k-mooneyfungi: you linked ot a ui on github21:12
sean-k-mooneyso that could have a bad dep somewhere21:13
« Sunday, 2026-06-14 Index Tuesday, 2026-06-16 »

Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!