Page MenuHomePhabricator
Feed Advanced Search

Apr 20 2022

epriestley closed T13638: Investigate "AllowEncodedSlashes" Apache setting as Resolved.

I made this change and deployed it to secure, and this "critical security vulnerability" is now a proper Phabricator 404 page:

Apr 20 2022, 7:05 PM · Setup

May 14 2021

epriestley reopened T13638: Investigate "AllowEncodedSlashes" Apache setting as "Open".

A point against AllowEncodedSlashes Off which I hadn't connected the dots on is that "security researchers" from HackerOne will report URLs like this as "content injection vulnerabilities" for all time:

May 14 2021, 5:21 PM · Setup

Mar 17 2021

epriestley closed T13638: Investigate "AllowEncodedSlashes" Apache setting as Resolved.

Given the generally high degree of mootness here, I'm not planning to add a setup test or recommend installs adjust the setting.

Mar 17 2021, 10:40 PM · Setup
epriestley added a revision to T13638: Investigate "AllowEncodedSlashes" Apache setting: D21641: Correct minor "jump to symbol" behavior in Differential.
Mar 17 2021, 10:30 PM · Setup
epriestley added a comment to T13638: Investigate "AllowEncodedSlashes" Apache setting.

Previously, see T13437.

Mar 17 2021, 10:15 PM · Setup
epriestley added a comment to T13638: Investigate "AllowEncodedSlashes" Apache setting.

This reproduces locally.

Mar 17 2021, 10:11 PM · Setup
epriestley added a comment to T13638: Investigate "AllowEncodedSlashes" Apache setting.

See also T13644, which appears to be the origin of the particular requests observed in PHI2021.

Mar 17 2021, 9:38 PM · Setup

Mar 13 2021

epriestley triaged T13638: Investigate "AllowEncodedSlashes" Apache setting as Wishlist priority.
Mar 13 2021, 5:40 PM · Setup

Mar 5 2021

epriestley closed T13578: Provide `bin/user approve` to approve an account from the CLI as Resolved.

This is promoting to stable shortly and looks complete to me, thanks!

Mar 5 2021, 9:14 PM · Setup, Auth

Mar 3 2021

matthewrbowker added a revision to T13578: Provide `bin/user approve` to approve an account from the CLI: D21587: Provide new tool "bin/user approve" to approve an account..
Mar 3 2021, 2:22 AM · Setup, Auth

Jan 20 2021

epriestley updated the task description for T11860: Bot email addresses can't be edited.
Jan 20 2021, 8:25 PM · Setup, People

Sep 4 2020

epriestley triaged T13578: Provide `bin/user approve` to approve an account from the CLI as Wishlist priority.
Sep 4 2020, 5:52 PM · Setup, Auth

Feb 7 2020

epriestley added a comment to T2383: Run PHP environment checks from CLI.

https://discourse.phabricator-community.org/t/activities-notifications-spam/3286/ is likely a case where curl was not installed on the CLI, but was installed in the web SAPI.

Feb 7 2020, 8:52 PM · Setup

Nov 25 2019

epriestley added a comment to T11860: Bot email addresses can't be edited.

In D20927, I implemented a policy rule like this:

Nov 25 2019, 11:08 PM · Setup, People
epriestley added a revision to T11860: Bot email addresses can't be edited: D20927: Implement "PolicyInterface" on "UserEmail" so "EmailQuery" can load them properly.
Nov 25 2019, 11:06 PM · Setup, People

Sep 26 2019

epriestley updated the task description for T11860: Bot email addresses can't be edited.
Sep 26 2019, 4:03 AM · Setup, People

Sep 8 2019

epriestley closed T13406: When a user with no authentication providers configured tries to log out, warn them as Resolved by committing rPcaccbb69d20b: When users try to log out with no providers configured, warn them of the….
Sep 8 2019, 7:27 PM · Setup
epriestley added a revision to T13406: When a user with no authentication providers configured tries to log out, warn them: D20789: When users try to log out with no providers configured, warn them of the consequences.
Sep 8 2019, 4:48 PM · Setup
epriestley triaged T13406: When a user with no authentication providers configured tries to log out, warn them as Wishlist priority.
Sep 8 2019, 4:27 PM · Setup

Aug 12 2019

epriestley added a revision to T13373: Clarify some messaging in `bin/config`: D20711: Make the success message from "bin/config" more clear.
Aug 12 2019, 6:22 PM · Setup, Config

Aug 11 2019

epriestley triaged T13373: Clarify some messaging in `bin/config` as Low priority.
Aug 11 2019, 3:45 PM · Setup, Config

Dec 28 2018

epriestley closed T11937: GCloud SQL does not support configuring sql_mode as Wontfix.

...it is virtually inconceivable to me that this is something we would ever bring upstream in any form.

Dec 28 2018, 9:58 PM · Infrastructure, Setup, Feature Request

Dec 19 2018

epriestley added a revision to T13179: sshd with "ForceUser" does not compile on High Sierra: Restricted Differential Revision.
Dec 19 2018, 8:48 PM · Setup, Phacility
epriestley added a comment to T13179: sshd with "ForceUser" does not compile on High Sierra.

I'll get this actually landed, but here's the patch I'm using for ForceUser until I get there:

Dec 19 2018, 7:15 PM · Setup, Phacility
amckinley added a comment to T13179: sshd with "ForceUser" does not compile on High Sierra.

I was also able to get OpenSSH 7.9p1 to build cleanly on OS X Mojave 10.14.2. For posterity:

Dec 19 2018, 7:06 PM · Setup, Phacility
epriestley added a comment to T4200: Building OS packages and install scripts.

(Please use Discourse for this sort of discussion.)

Dec 19 2018, 3:50 PM · Guides, Setup
yaneurabeya added a comment to T4200: Building OS packages and install scripts.

It's been several year's since this task has been opened up, and it's not clear what the current progress on this. Is there a way that versioning please be added to GitHub, per the recommendations on https://github.com/Homebrew/homebrew-php/pull/3864 ? I'm not able to install arcanist currently using homebrew because there isn't a stable tagged version newer than one from 2012.

Dec 19 2018, 11:13 AM · Guides, Setup

Nov 15 2018

epriestley added a comment to T13179: sshd with "ForceUser" does not compile on High Sierra.

Good news: recent versions of sshd can pass the key fingerprint to the AuthorizedKeysCommand with %f: https://bugzilla.mindrot.org/show_bug.cgi?id=2081

Nov 15 2018, 5:28 PM · Setup, Phacility
epriestley added a comment to T13179: sshd with "ForceUser" does not compile on High Sierra.

OpenSSH 7.9p1 builds cleanly and does not segfault immediately if configured like this:

Nov 15 2018, 4:41 PM · Setup, Phacility
epriestley added a comment to T13179: sshd with "ForceUser" does not compile on High Sierra.

Yikes on rPe57bfbf421f4. Let me see if I can make this build.

Nov 15 2018, 4:21 PM · Setup, Phacility

Oct 2 2018

epriestley moved T4964: Windows installer for Arcanist from Backlog to Far Future on the Windows board.
Oct 2 2018, 1:00 PM · Windows, Arcanist, Wikimedia, Setup

Sep 24 2018

epriestley closed T5173: Provide man pages for Arcanist, a subtask of T4200: Building OS packages and install scripts, as Wontfix.
Sep 24 2018, 4:19 PM · Guides, Setup

Aug 10 2018

epriestley moved T13179: sshd with "ForceUser" does not compile on High Sierra from Backlog to Do Eventually on the Phacility board.
Aug 10 2018, 6:05 PM · Setup, Phacility

Jul 31 2018

epriestley triaged T13179: sshd with "ForceUser" does not compile on High Sierra as Low priority.
Jul 31 2018, 9:39 PM · Setup, Phacility

Jul 26 2018

epriestley closed T13174: Capitalization of "OPcache" during setup is inconsistent as Resolved by committing rP727bc2234c3a: Capitalize "OPcache" more consistently.
Jul 26 2018, 7:16 PM · Setup
epriestley added a revision to T13174: Capitalization of "OPcache" during setup is inconsistent: D19538: Capitalize "OPcache" more consistently.
Jul 26 2018, 4:53 PM · Setup

Jul 21 2018

epriestley triaged T13175: Language for similar "pygments" and "convert" binary checks is not consistent as Wishlist priority.
Jul 21 2018, 11:20 AM · Setup
epriestley triaged T13174: Capitalization of "OPcache" during setup is inconsistent as Wishlist priority.
Jul 21 2018, 11:17 AM · Setup
epriestley triaged T13173: PHP configuration value suggester could be more clear about what it wants you to do as Wishlist priority.
Jul 21 2018, 11:15 AM · Setup

Jul 20 2018

epriestley closed T13168: epriestley new laptop / not reading documentation setup issues as Resolved.

I made it as far as locala.phacility.com working right so maybe I got everything?

Jul 20 2018, 10:48 PM · Phacility, Setup
epriestley added a revision to T13141: MySQL 8.0.4+ uses "caching_sha2_password", which is incompatible with older clients and raises error 2054 ("The server requested authentication method unknown to the client") with virtually no setup guidance: Restricted Differential Revision.
Jul 20 2018, 9:44 PM · Setup
epriestley added a revision to T13168: epriestley new laptop / not reading documentation setup issues: D19526: When building a config stack, stop SiteSource objects from poisoning the cache.
Jul 20 2018, 9:39 PM · Phacility, Setup
epriestley added a comment to T13141: MySQL 8.0.4+ uses "caching_sha2_password", which is incompatible with older clients and raises error 2054 ("The server requested authentication method unknown to the client") with virtually no setup guidance.

The GRANT syntax also appears to have changed. We currently do this (in Phacility-specific code):

Jul 20 2018, 8:59 PM · Setup
epriestley renamed T13168: epriestley new laptop / not reading documentation setup issues from New laptop setup issues to epriestley new laptop / not reading documentation setup issues.
Jul 20 2018, 5:04 PM · Phacility, Setup

Jul 18 2018

jmeador added a comment to T13168: epriestley new laptop / not reading documentation setup issues.
  • Install XCode. Find the secret "Install Command Line Tools" option inside the Hidden Chamber of XCode and click it.

xcode-select --install should be possible without a full XCode installation.

Jul 18 2018, 5:37 PM · Phacility, Setup
epriestley added a comment to T13168: epriestley new laptop / not reading documentation setup issues.

Build just the extension from source?

Jul 18 2018, 12:48 AM · Phacility, Setup

Jul 17 2018

epriestley updated the task description for T13168: epriestley new laptop / not reading documentation setup issues.
Jul 17 2018, 11:17 PM · Phacility, Setup
epriestley updated the task description for T13168: epriestley new laptop / not reading documentation setup issues.
Jul 17 2018, 11:11 PM · Phacility, Setup
epriestley added a revision to T13168: epriestley new laptop / not reading documentation setup issues: D19516: Make the Conduit auth error for an unrecognized public key a little more useful.
Jul 17 2018, 11:06 PM · Phacility, Setup
epriestley added projects to T13168: epriestley new laptop / not reading documentation setup issues: Setup, Phacility.
Jul 17 2018, 11:04 PM · Phacility, Setup

May 18 2018

epriestley renamed T13141: MySQL 8.0.4+ uses "caching_sha2_password", which is incompatible with older clients and raises error 2054 ("The server requested authentication method unknown to the client") with virtually no setup guidance from Recent (?) MySQL may raise Error 2054 ("The server requested authentication method unknown to the client") with little setup guidance to MySQL 8.0.4+ uses "caching_sha2_password", which is incompatible with older clients and raises error 2054 ("The server requested authentication method unknown to the client") with virtually no setup guidance.
May 18 2018, 4:01 PM · Setup
epriestley added a comment to T13141: MySQL 8.0.4+ uses "caching_sha2_password", which is incompatible with older clients and raises error 2054 ("The server requested authentication method unknown to the client") with virtually no setup guidance.

The companion "provide more guidance" patch would be something like this:

May 18 2018, 3:57 PM · Setup
epriestley added a comment to T13141: MySQL 8.0.4+ uses "caching_sha2_password", which is incompatible with older clients and raises error 2054 ("The server requested authentication method unknown to the client") with virtually no setup guidance.

This is involved, and default_authentication_plugin=mysql_native_password doesn't fix it.

May 18 2018, 3:55 PM · Setup

May 17 2018

epriestley added a revision to T13141: MySQL 8.0.4+ uses "caching_sha2_password", which is incompatible with older clients and raises error 2054 ("The server requested authentication method unknown to the client") with virtually no setup guidance: D19454: When database connection exceptions occur, raise them to the setup layer.
May 17 2018, 1:03 PM · Setup

May 16 2018

epriestley added a comment to T13141: MySQL 8.0.4+ uses "caching_sha2_password", which is incompatible with older clients and raises error 2054 ("The server requested authentication method unknown to the client") with virtually no setup guidance.

An adjacent issue is that the actual connection exception doesn't make it up to setup guidance. It's somewhat tricky to raise it through the stack since the mechanics are substantially delegated to a bunch of cluster connection management, but we should make more of an effort to get it up to top level.

May 16 2018, 1:17 PM · Setup
epriestley added a comment to T13141: MySQL 8.0.4+ uses "caching_sha2_password", which is incompatible with older clients and raises error 2054 ("The server requested authentication method unknown to the client") with virtually no setup guidance.

In MySQL 8.0.4:

May 16 2018, 1:08 PM · Setup
epriestley triaged T13141: MySQL 8.0.4+ uses "caching_sha2_password", which is incompatible with older clients and raises error 2054 ("The server requested authentication method unknown to the client") with virtually no setup guidance as Normal priority.
May 16 2018, 1:02 PM · Setup

Apr 21 2018

avivey added a revision to T4200: Building OS packages and install scripts: D19394: Update install_ubuntu.sh to the new age.
Apr 21 2018, 4:49 AM · Guides, Setup

Apr 20 2018

epriestley added a comment to T4200: Building OS packages and install scripts.

I'm happy to bring either change upstream if you want to do the legwork. We could also move them to a wiki page or something. No option here feels particularly good to me.

Apr 20 2018, 2:07 AM · Guides, Setup
avivey added a comment to T4200: Building OS packages and install scripts.

install_ubuntu.sh seems to be completely broken for modern Ubuntu. I don't mind updating it, but I think we discussed dumping it completely?

Apr 20 2018, 1:37 AM · Guides, Setup

Nov 30 2017

epriestley added a revision to T10405: Phabricator should generally work properly even if "gd" is not installed: D18812: Don't require the "gd" extension be installed in order to run unit tests.
Nov 30 2017, 9:47 PM · Setup, Restricted Project
epriestley renamed T10405: Phabricator should generally work properly even if "gd" is not installed from New Project flow assumes gd is installed to Phabricator should generally work properly even if "gd" is not installed.
Nov 30 2017, 9:46 PM · Setup, Restricted Project
epriestley merged T12570: Installs without `gd` are unable to reach the setup warning telling them to install `gd` into T10405: Phabricator should generally work properly even if "gd" is not installed.
Nov 30 2017, 9:42 PM · Setup, Restricted Project
epriestley merged task T12570: Installs without `gd` are unable to reach the setup warning telling them to install `gd` into T10405: Phabricator should generally work properly even if "gd" is not installed.
Nov 30 2017, 9:42 PM · Setup, Bug Report

Nov 28 2017

epriestley added a comment to T11860: Bot email addresses can't be edited.

Another variation of this is that "Mailing List" users' addresses also can't be edited from the web UI.

Nov 28 2017, 7:20 PM · Setup, People

Aug 6 2017

joshuaspence added a comment to T12951: File transform regeneration should not rely on passing a query string to a CDN'able resource.

Yep, agreed that the re-targeted proposal is a better solution... I had just assumed that this was a documentation oversight.

Aug 6 2017, 12:15 AM · Bug Report, Files, Setup

Aug 3 2017

epriestley added a comment to T12951: File transform regeneration should not rely on passing a query string to a CDN'able resource.

I retargeted this; I think the proposed solution is not the best solution we can find to the problem.

Aug 3 2017, 2:53 PM · Bug Report, Files, Setup
epriestley renamed T12951: File transform regeneration should not rely on passing a query string to a CDN'able resource from CloudFront documentation should recommend forwarding query string to File transform regeneration should not rely on passing a query string to a CDN'able resource.
Aug 3 2017, 2:52 PM · Bug Report, Files, Setup

Aug 2 2017

joshuaspence created T12951: File transform regeneration should not rely on passing a query string to a CDN'able resource.
Aug 2 2017, 9:24 PM · Bug Report, Files, Setup

Jul 28 2017

epriestley added a comment to T2383: Run PHP environment checks from CLI.

T12941 is a third case of a user with no mysql or mysqli.

Jul 28 2017, 10:55 AM · Setup
epriestley merged T12941: missing mysql extension incredibly difficult to debug into T2383: Run PHP environment checks from CLI.
Jul 28 2017, 10:54 AM · Setup

Jul 18 2017

epriestley closed T12926: Document the existence of the LB `/status/` endpoint as Resolved by committing rP887ac740c648: Add a note about the `/status/` path for load balancers to setup docs.
Jul 18 2017, 4:08 PM · Infrastructure, Setup, Documentation
epriestley added a revision to T12926: Document the existence of the LB `/status/` endpoint: D18234: Add a note about the `/status/` path for load balancers to setup docs.
Jul 18 2017, 3:58 PM · Infrastructure, Setup, Documentation
epriestley created T12926: Document the existence of the LB `/status/` endpoint.
Jul 18 2017, 9:41 AM · Infrastructure, Setup, Documentation

Jul 9 2017

chad set the icon for Setup to Project.
Jul 9 2017, 7:42 PM
chad removed the image for Setup.
Jul 9 2017, 7:41 PM

Jun 11 2017

chad accepted rP5e423c5fe021: Provide a 'no dashboards' fallback state if you can't add any.
Jun 11 2017, 6:36 PM · Setup

Jun 8 2017

simevo added a comment to T4200: Building OS packages and install scripts.

There are debian and ubuntu packages for arcanist:

although popcon data (66) suggests that the debian one is not in wide use.

Jun 8 2017, 8:06 AM · Guides, Setup

May 30 2017

epriestley added a comment to T12729: CLI scripts do not detect execution with bad SAPI binary (like `fcgi` instead of `cli` under cPanel).

If you believe this is not an issue with a bad SAPI binary, please file a new bug report including reproduction steps I can follow to reproduce the issue (see Providing Reproduction Steps for guidance).

May 30 2017, 9:08 PM · Setup

May 29 2017

atul.agrawal9911 added a comment to T12729: CLI scripts do not detect execution with bad SAPI binary (like `fcgi` instead of `cli` under cPanel).

Now i have changed that

May 29 2017, 9:02 AM · Setup

May 20 2017

epriestley merged T12736: Missing function function_exists check leads to uncaught exception into T12570: Installs without `gd` are unable to reach the setup warning telling them to install `gd`.
May 20 2017, 11:00 AM · Setup, Bug Report

May 19 2017

epriestley renamed T12729: CLI scripts do not detect execution with bad SAPI binary (like `fcgi` instead of `cli` under cPanel) from Throwing error while running bin command to CLI scripts do not detect execution with bad SAPI binary (like `fcgi` instead of `cli` under cPanel).
May 19 2017, 12:35 PM · Setup

May 15 2017

joshuaspence asked Q617: Does `repository.default-local-path` need to exist if I am not storing repositories on the web server?.
May 15 2017, 9:34 PM · Setup

Apr 17 2017

epriestley added a project to T12570: Installs without `gd` are unable to reach the setup warning telling them to install `gd`: Setup.
Apr 17 2017, 1:45 PM · Setup, Bug Report

Mar 21 2017

imapsystem8 added 1 auditor(s) for rP5e423c5fe021: Provide a 'no dashboards' fallback state if you can't add any: imapsystem8.
Mar 21 2017, 11:23 PM · Setup
chad added a comment to T4200: Building OS packages and install scripts.

Once arc is installed, you can just run arc update. Given the plan to also distribute linters, etc, this would still be preferable for each individual installation vs. us.

Mar 21 2017, 5:54 PM · Guides, Setup
aleb added a comment to T4200: Building OS packages and install scripts.

Commenting here since you merged T12429. I find surprising you put Arcanist in the same bucket as Phabricator. I think you don't even have to do all the work to make Arcanist users happy. I might be wrong, but I think there will be people adding support for Arcanist to their favorite package manager (I'm ignoring Windows), if only they'd have tags or marked releases to work with?

Mar 21 2017, 5:52 PM · Guides, Setup
epriestley merged T12429: Make it easier to install and update arcanist on Mac into T4200: Building OS packages and install scripts.
Mar 21 2017, 12:20 PM · Guides, Setup

Mar 20 2017

epriestley merged T12424: Error with new hosted repository into T4947: SELinux / AppArmor ruin everything all the time.
Mar 20 2017, 11:42 PM · Setup

Mar 11 2017

epriestley added a comment to T12386: Delete this task.

Bug reports need complete reproduction instructions and complete version information. See Contributing Bug Reports, Providing Reproduction Steps, and Providing Version Information.

Mar 11 2017, 11:18 PM · Bug Report (Needs Information)
MagicInventor renamed T12386: Delete this task from Blank page on log to Blank page on log in.
Mar 11 2017, 11:07 PM · Bug Report (Needs Information)
MagicInventor updated the task description for T12386: Delete this task.
Mar 11 2017, 11:06 PM · Bug Report (Needs Information)
MagicInventor created T12386: Delete this task.
Mar 11 2017, 11:06 PM · Bug Report (Needs Information)

Jan 27 2017

avivey merged T12162: Releasing Phabricator OVA for Easy Installation into T4200: Building OS packages and install scripts.
Jan 27 2017, 12:46 PM · Guides, Setup

Jan 9 2017

joshma added a comment to T9186: CloudFront configuration is more involved than the documentation implies.

FWIW this affected us as well, we switched from cloudflare back to cloudfront and hit this snag. The default settings do not forward Host header, we had to add that ourselves. Didn't need to change anything else, though - it seems that cloudfront performs loose SSL validation and is OK with the certificate/host mismatch. (Maybe it at least requires the host to match the origin domain - not sure.)

Jan 9 2017, 5:11 PM · Setup

Dec 9 2016

epriestley closed T11553: Add various "make an HTTP call" setup checks, and run them in parallel as Resolved.

I think we now test everything we've seen except RocketLoader (which is hard to test and hasn't come up too much recently) and not serving .whatever paths (which we've only ever seen one instance of, and which is also somewhat hard to test). I'm going to consider this resolved for now until we see more issues.

Dec 9 2016, 4:33 PM · Setup
epriestley closed T11544: Add a setup warning about using "Burstable CPU" (T2) instance classes in AWS as Resolved by committing rP9017bb9925e8: Add a setup check for installation on a burstable instance type.
Dec 9 2016, 4:32 PM · Documentation, Setup
epriestley closed T11544: Add a setup warning about using "Burstable CPU" (T2) instance classes in AWS, a subtask of T11553: Add various "make an HTTP call" setup checks, and run them in parallel, as Resolved.
Dec 9 2016, 4:32 PM · Setup
epriestley added a revision to T11544: Add a setup warning about using "Burstable CPU" (T2) instance classes in AWS: D17014: Add a setup check for installation on a burstable instance type.
Dec 9 2016, 4:05 PM · Documentation, Setup
epriestley closed T6709: Update server requirements in docs, a subtask of T11553: Add various "make an HTTP call" setup checks, and run them in parallel, as Resolved.
Dec 9 2016, 1:52 PM · Setup