[07:03:03] <kibogol>	 I had a certificate for Wikipedia which was good until 2016. My browser just got a new one.
[07:03:49] <kibogol>	 There is no mention of a certificate change on the admin log.
[07:04:05] <kibogol>	 Is this a MITM?  mark
[07:08:57] <kibogol>	 qgil_?
[07:10:11] <qgil_>	 hi kibogol 
[07:10:52] <qgil_>	 If you are asking me about the certificate problem, I have no idea, sorry.
[07:11:19] <kibogol>	 Who is the right person to ask?
[07:23:15] <Nemo_bis>	 kibogol: were you used to seeing certificate updates on the server admin log?
[07:23:57] <kibogol>	 Nemo_bis: at least some of them appear there.
[07:24:41] <Nemo_bis>	 kibogol: I guess that's the exception rather than the rule; plus, SAL is being used less and less these days
[07:25:50] <Nemo_bis>	 Updating certificates for main services (such as wikipedia.org) is probably considered routine and may not be logged for that reason
[07:28:07] <kibogol>	 In this case, it doesn't look like something which would be a routine change.
[07:30:01] <_joe_>	 kibogol: I was told you had doubts regarding our SSL certs?
[07:30:26] <kibogol>	 I had a certificate for Wikipedia which was good until 2016. My browser just got a new one.
[07:30:48] <_joe_>	 kibogol: this has probably to do with the fact SNI has been activated on the wikimedia SSL terminators and so you're seeing the one for the specific host you're contacting
[07:31:11] <_joe_>	 so no cert has been changed, you've just been served the correct one probably
[07:31:24] <_joe_>	 but just to be sure, what's the site and what fingerprint are you seeing?
[07:31:40] <_joe_>	 (the cert fingerprint I mean)
[07:32:28] <kibogol>	 The SHA1 of the new certificate is D1:B3:F4:B9:EF:27:75:07:EE:DD:B5:61:75:15:3F:EA:B9:EF:85:C9
[07:33:25] <_joe_>	 which site?
[07:33:40] <_joe_>	 en.wikipedia.org?
[07:33:48] <kibogol>	 Sorry. Yes.
[07:34:03] <_joe_>	 eheh it didn't matter, until today :)
[07:34:09] <kibogol>	 Issued to *.wikipedia.org
[07:34:45] <_joe_>	 kibogol: yes, so before we had one big bowl of cert for *.wikipedia.org *.wikinews.org and so on
[07:35:01] <Nemo_bis>	 Grr, no herald yet 
[07:35:47] <_joe_>	 kibogol: and yes, we got new certs, that are luckily expiring in 1 year as most SSL best practices suggest
[07:36:07] <_joe_>	 so, your cert is legit, and SSL is going to be probably quite a bit faster fro you
[07:36:35] <_joe_>	 depending on your base latency; I expect mobile users having the biggest advantage here
[07:37:10] <_joe_>	 the reason you don't see this in the SAL is because this is the result of a series of puppet changes
[07:37:12] <ori>	 isn't the cert kibogol is referring to for *.wikipedia.org?
[07:37:21] <_joe_>	 ori: exactly
[07:38:02] <_joe_>	 ori: if you connect with an ssl client with no SNI support, you'll get the old unified cert
[07:38:30] <_joe_>	 so it matches *.wikipedia.org, *.wikinews.or, *.wikimedia.org,...
[07:38:39] <_joe_>	 if you connect with any sane browser
[07:38:48] <_joe_>	 even with most insane ones nowadays
[07:39:05] <ori>	 ah
[07:39:14] <_joe_>	 you'll get the cert for the site you're visiting (so *.wikipedia.org for wikipedias, etc)
[07:39:22] <_joe_>	 we still use wildcards
[07:39:30] <_joe_>	 they make sense 
[07:39:43] * ori nods
[07:41:55] <kibogol>	 _joe_ should get on the Channel Access list if he is a wikimedia administrator.
[07:43:25] <_joe_>	 kibogol: I am an ops engineer, if you need to speak with us we're usually in #wikimedia-operations
[07:43:57] <kibogol>	 Thanks for the replies.
[07:44:01] <_joe_>	 I try to keep the number of IRC channels I follow to a minimum, sorry
[07:44:12] <_joe_>	 I hope this clarified that for you
[07:44:44] <_joe_>	 no one is doing MITM, or at least if someone is, he has our private key
[08:18:34] <Glaisher>	 phab's linking is kinda messed up
[08:18:39] <Glaisher>	 there is no space before the link
[17:45:28] <MusikAnimal>	 Hello all, sorry if this is a repeat, anyone know about why Popups navigation aid is not working anymore? This is a commonly used gadget across all wikis, some are saying it may be related to lasted MediaWiki rollout: https://en.wikipedia.org/wiki/Wikipedia_talk:Tools/Navigation_popups#Did_popups_just_stop_working.3F
[17:45:53] <MusikAnimal>	 *latest, not lasted
[17:46:15] <Reedy>	 When did it break?
[17:46:29] <MusikAnimal>	 this morning, around 5 AM UTC
[17:46:38] <MusikAnimal>	 err, 5 AM EST
[17:47:10] <Glaisher>	 the script on enwiki was updated
[17:47:24] <Reedy>	 {{NotUs}}
[17:47:42] <Glaisher>	 https://en.wikipedia.org/wiki/MediaWiki:Gadget-popups.js?action=history
[17:47:55] <Glaisher>	 looks like it was reverted a while ago
[17:48:26] <MusikAnimal>	 aha! cleared my cache, all is well
[17:48:33] <MusikAnimal>	 I will let the others know. Thank you!
[18:28:53] <Superyetkin>	 we are getting "table does not exist" errors
[18:29:06] <Reedy>	 Superyetkin: What wiki? Doing what?
[18:29:20] <Superyetkin>	 trwiki
[18:29:25] <andre__>	 steps to reproduce?
[18:29:33] <Superyetkin>	 executing a simple select query
[18:29:54] <Superyetkin>	 using MySQL Workbench
[18:30:01] <Reedy>	 I don't see any
[18:30:04] <Reedy>	 Is this labs?
[18:30:08] <Superyetkin>	 also, my tools do not seem to work
[18:30:12] <Reedy>	 only thing I see for trwiki is Tue Nov 25 14:18:37 UTC 2014    mw1024  trwiki  Error connecting to 10.64.32.30: Can't connect to MySQL server on '10.64.32.30' (4)
[18:30:13] <Superyetkin>	 yes, Tool Labs
[18:30:14] <andre__>	 steps to reproduce. PLEASE.
[18:30:23] <Reedy>	 Superyetkin: #wikimedia-labs please
[18:30:47] <Superyetkin>	 ok, thanks
[18:30:51] <Superyetkin>	 see http://tools.wmflabs.org/superyetkin/index.html
[19:54:14] <Stevko>	 Cool I wanted to ask something but I already found answer in log (question was: did https certificate change recently? answer is yes (and new fingerprint is in log too)).
[20:07:26] <Nemo_bis>	 Ugh
[20:08:08] <Nemo_bis>	 Only now I realised that the feature I was eagerly waiting for, i.e. the "ignore" flag for individual bugs, will be shipped in bugzilla 5 but is not available in phabricator
[20:11:56] <andre__>	 that only refers to tickets you have reported, nothing else
[20:12:05] <andre__>	 so it's not a general "ignore" flag
[20:12:47] <andre__>	 or also CC? Uh. Nice.
[20:13:10] <andre__>	 Just a bit late, as many things with Bugzilla... especially seeing how they postponed again many other things that were planned for 5.0.
[20:24:55] <Nemo_bis>	 Bugzilla kept improving, though. :)
[20:25:34] <Nemo_bis>	 Not the same can be said of Thunderbird, for instance (IMHO; maybe it's just my email DB growing too much).
[20:32:29] <andre__>	 Nemo_bis, it kept improving with an extremely slow pace
[20:32:37] <andre__>	 when there was useful stuff it wasn't upstreamed
[20:33:01] <Nemo_bis>	 dunno
[20:33:07] <Nemo_bis>	 never felt the lack of anything
[20:33:13] <andre__>	 basically some Mozilla folks and one Red Hat person working on code. and that's it
[20:33:14] <Nemo_bis>	 Well, except the ignore flag
[20:33:49] <andre__>	 from my PoV it's just getting more complex in many areas where I don't see the need
[20:34:06] <andre__>	 instead of trying to work on some real problems (e.g. managing several branches vs Target Milestones)
[20:34:34] <andre__>	 or having a constant codebase when it comes to custom fields - platform and OS are still hardcoded - code cleanup
[20:34:42] <Nemo_bis>	 95 % of the unnecessary complexity was created by us
[20:34:53] <andre__>	 to some extend yeah :)
[20:35:19] <andre__>	 Mozilla ended up (ab)using flags instead of Target Milestones. and then extended flags downstream to have more than three statuses.
[20:35:21] <andre__>	 and so on.....
[20:35:47] <Nemo_bis>	 Anyway
[20:35:53] <andre__>	 or their Kanban extension uses the Whiteboard. Like Scrumbugs did. I don't know, it's all really.... weird.
[20:36:27] <andre__>	 and I was personally also disappointed to see plans for 5.0, good plans and things that needed to happen from my pov, postponed once again
[20:36:27] <Nemo_bis>	 I just have a free spot for a "certain hope of the future" light
[20:36:33] <andre__>	 which is a classic.
[20:37:03] <andre__>	 some stuff I still consider awkward. like when you change the Product dropdown value that the list of components isn'tupdate don the fly
[20:37:09] <Nemo_bis>	 The ignore flag is all I cared about 5 ;)
[20:37:13] <andre__>	 the code is there in another place
[20:37:17] <andre__>	 haha
[20:38:09] <andre__>	 I love their custom guided bug report first page with a nice list of products that looks also good to non-tech folks
[20:38:19] <andre__>	 but again, all downstream. I asked them 12 months ago at their conference what the plans are
[20:38:33] <andre__>	 but no resources in Mozilla for upstreaming. and hence no support promise.
[20:49:22] <Nemo_bis>	 _joe_: I think Init7 is misbehaving again
[20:52:36] <Nemo_bis>	 Sites completely down now
[20:53:56] <Nemo_bis>	 !log 100 % packet loss between esams and r1fra1.core.init7.net
[20:54:00] <morebots>	 Logged the message, Master
[21:02:53] <Nemo_bis>	 guillom: please tweet about Wikipedia being (partly) down in Italy due to ISP
[21:03:07] <Nemo_bis>	 cc greg-g ?
[21:03:30] <guillom>	 Nemo_bis: Err, I'd need a little more information
[21:04:00] <greg-g>	 bug report?
[21:07:04] <Nemo_bis>	 guillom: sites are unreachable from Fastweb users in Italy and probably some millions other Init7 users
[21:07:14] <Nemo_bis>	 they probably run out of bandwidth again
[21:10:15] <Nemo_bis>	 https://phabricator.wikimedia.org/T75924
[21:21:44] <guillom>	 Nemo_bis: I don't see anything at https://twitter.com/WikimediaItalia ; I was going to suggest that we retweet you
[21:22:41] <guillom>	 Oh, it's in replies
[21:22:57] <guillom>	 Nemo_bis: Can you tweet something that isn't a reply? Then we can retweet it and people will see it
[21:23:25] <Nemo_bis>	 yes, doing
[21:23:31] <guillom>	 ok! Thank you
[21:26:04] <Nemo_bis>	 guillom: https://twitter.com/WikimediaItalia/status/537356474209828864
[21:26:12] <guillom>	 Thanks
[21:38:40] <Nemo_bis>	 Oh well, now I'll go back to my 150 BC Roman history
[23:29:39] <Carmela>	 RoanKattouw: Happy birthday!
[23:32:16] <RoanKattouw>	 Thanks!
[23:36:43] <guillom>	 What Carmela said!