Page MenuHomePhabricator

epriestley (Evan Priestley)Administrator
Overengineer

Projects (73)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Feb 8 2011, 1:28 AM (414 w, 3 d)
Roles
Administrator
Availability
Available

Psyduck is the greatest pokemon of all time.

Recent Activity

Today

epriestley updated the diff for D19999: Add setup warnings for "local_infile" (MySQL Server) and "mysql[i].allow_local_infile" (PHP Client).
  • Wordsmithing: the query is "LOCAL INFILE", not "INFILE LOCAL".
Fri, Jan 18, 6:01 PM
epriestley updated the diff for D19998: Set MYSQLI_OPT_LOCAL_INFILE (which appears to have no effect) and raise unusual query errors more clearly.
  • Wordsmithing, the query is "LOCAL INFILE", not "INFILE LOCAL".
Fri, Jan 18, 6:00 PM
epriestley added a revision to T13238: Disallow MYSQLI_OPT_LOCAL_INFILE: Unknown Object (Differential Revision).
Fri, Jan 18, 5:40 PM · Infrastructure, Security
epriestley requested review of D19999: Add setup warnings for "local_infile" (MySQL Server) and "mysql[i].allow_local_infile" (PHP Client).
Fri, Jan 18, 5:39 PM
epriestley added a revision to T13238: Disallow MYSQLI_OPT_LOCAL_INFILE: D19999: Add setup warnings for "local_infile" (MySQL Server) and "mysql[i].allow_local_infile" (PHP Client).
Fri, Jan 18, 5:37 PM · Infrastructure, Security
epriestley updated the summary of D19998: Set MYSQLI_OPT_LOCAL_INFILE (which appears to have no effect) and raise unusual query errors more clearly.
Fri, Jan 18, 5:10 PM
epriestley updated the diff for D19998: Set MYSQLI_OPT_LOCAL_INFILE (which appears to have no effect) and raise unusual query errors more clearly.
  • I don't think MYSQLI_OPT_LOCAL_INFILE ever does anything, anywhere, ever.
  • Since I think I have a plausible explanation that this is a simple bug (value gets overwritten by config value) with at least a tiny bit of supporting evidence, and it's reasonable to imagine it may be fixed in some future version of PHP/MySQLi, leave the call in anyway.
  • Just document what's going on here more clearly.
Fri, Jan 18, 5:08 PM
epriestley added a comment to T13238: Disallow MYSQLI_OPT_LOCAL_INFILE.

Maybe another point in favor of this claim is that the option does not work is the behavior of this:

Fri, Jan 18, 5:02 PM · Infrastructure, Security
epriestley added a comment to T13238: Disallow MYSQLI_OPT_LOCAL_INFILE.

I think that maybe mysql_nonapi.c just overrides the conn->options() call? Near line 269 of PHP 7.2.3:

Fri, Jan 18, 4:57 PM · Infrastructure, Security
epriestley added a comment to T13238: Disallow MYSQLI_OPT_LOCAL_INFILE.

I can't get MYSQLI_OPT_LOCAL_INFILE to work on secure, either. I tried on secure001 and secure004 (where the database is not local). As far as I can tell, this option doesn't do anything, anywhere, ever? I'm going to look at the source and see if I can figure out what's going on, but I'll back it out of D19998 if I can't find some evidence that it's useful.

Fri, Jan 18, 4:49 PM · Infrastructure, Security
epriestley requested review of D19998: Set MYSQLI_OPT_LOCAL_INFILE (which appears to have no effect) and raise unusual query errors more clearly.
Fri, Jan 18, 4:38 PM
epriestley added a revision to T13238: Disallow MYSQLI_OPT_LOCAL_INFILE: D19998: Set MYSQLI_OPT_LOCAL_INFILE (which appears to have no effect) and raise unusual query errors more clearly.
Fri, Jan 18, 4:37 PM · Infrastructure, Security
epriestley added a comment to T13238: Disallow MYSQLI_OPT_LOCAL_INFILE.

I'm unable to get the MySQLi option MYSQLI_OPT_LOCAL_INFILE to actually work. Here's the script I'm using:

Fri, Jan 18, 4:15 PM · Infrastructure, Security
epriestley added a comment to T13238: Disallow MYSQLI_OPT_LOCAL_INFILE.

It looks like we don't need to do anything about mysql on the CLI since this option is, thankfully, not enabled by default:

Fri, Jan 18, 4:04 PM · Infrastructure, Security
epriestley triaged T13238: Disallow MYSQLI_OPT_LOCAL_INFILE as Low priority.
Fri, Jan 18, 4:01 PM · Infrastructure, Security
epriestley triaged T13237: Stripping MFA configs with `bin/auth strip` should disable, not delete, the factor configurations as Low priority.
Fri, Jan 18, 3:50 PM · Auth
epriestley requested review of D19976: Update `bin/auth` MFA commands for the new "MFA Provider" indirection layer.

I changed course a bit here, let me know if this feels like we're on firmer ground?

Fri, Jan 18, 3:49 PM
epriestley added a comment to D19976: Update `bin/auth` MFA commands for the new "MFA Provider" indirection layer.

They should [disable instead of delete], and I agree with your list of advantages ... I'll either do this in a followup or file a task for it depending on how ambitious I'm feeling.

Fri, Jan 18, 3:48 PM
epriestley created T13237: Stripping MFA configs with `bin/auth strip` should disable, not delete, the factor configurations.
Fri, Jan 18, 3:47 PM · Auth
epriestley updated the diff for D19976: Update `bin/auth` MFA commands for the new "MFA Provider" indirection layer.
  • Keep --type with the current meaning: --type sms means "every SMS config, regardless of provider".
  • Add --provider so you can kill one of your Duo providers or something, in a very complex world where your MFA setup is a big mess.
  • Keep bin/auth list-factors, which spits out sms, totp, etc.
  • Add bin/auth list-mfa-providers, which spits out PHID-FPRV-xxx Duo (Ops, DEPRECATED DO NOT USE), etc.
Fri, Jan 18, 3:44 PM
epriestley updated the summary of D19976: Update `bin/auth` MFA commands for the new "MFA Provider" indirection layer.
Fri, Jan 18, 3:41 PM
epriestley added a comment to D19976: Update `bin/auth` MFA commands for the new "MFA Provider" indirection layer.

My naive suggestion is to make providers provider a "shortname" like sms, totp, etc, but I'm sure there's an obvious reason not to do that.

Fri, Jan 18, 3:17 PM
epriestley requested review of D19988: Add "Contact Numbers" so we can send users SMS mesages.
Fri, Jan 18, 2:32 PM
epriestley updated the diff for D19995: Use the customizable "Welcome Mail" message in welcome mail.
  • When the mail body has a global default, make the reminder text link to it.
Fri, Jan 18, 2:13 PM
epriestley updated the diff for D19997: Put a hard limit on password login attempts from the same remote address.
  • Provide a hint that the way out for legitimate users is to do a password reset.
Fri, Jan 18, 2:09 PM
epriestley requested review of D19997: Put a hard limit on password login attempts from the same remote address.
Fri, Jan 18, 2:04 PM
epriestley added a revision to T13222: 2018 Week 48-51 Bonus Content: D19997: Put a hard limit on password login attempts from the same remote address.
Fri, Jan 18, 2:02 PM · Plans
epriestley requested review of D19996: Allow Conduit method call logs to be exported with the standard export pipeline.
Fri, Jan 18, 1:41 PM
epriestley committed rPc125ab7a42bf: Remove "metamta.*.subject-prefix" options (authored by epriestley).
Remove "metamta.*.subject-prefix" options
Fri, Jan 18, 3:19 AM
epriestley closed D19993: Remove "metamta.*.subject-prefix" options.
Fri, Jan 18, 3:19 AM
epriestley committed rPff220acae6a4: Don't bounce mail messages if any recipient was reserved (authored by epriestley).
Don't bounce mail messages if any recipient was reserved
Fri, Jan 18, 3:17 AM
epriestley added a commit to T13222: 2018 Week 48-51 Bonus Content: rPff220acae6a4: Don't bounce mail messages if any recipient was reserved.
Fri, Jan 18, 3:17 AM · Plans
epriestley closed D19987: Don't bounce mail messages if any recipient was reserved.
Fri, Jan 18, 3:17 AM
epriestley requested review of D19995: Use the customizable "Welcome Mail" message in welcome mail.
Fri, Jan 18, 3:10 AM
epriestley added a child revision for D19994: Show the customized "Login" message on the login screen: D19995: Use the customizable "Welcome Mail" message in welcome mail.
Fri, Jan 18, 3:08 AM
epriestley requested review of D19994: Show the customized "Login" message on the login screen.
Fri, Jan 18, 2:34 AM
epriestley added a child revision for D19992: Add "Auth Messages" to support customizing onboarding/welcome flows: D19994: Show the customized "Login" message on the login screen.
Fri, Jan 18, 2:32 AM
epriestley added a revision to T13222: 2018 Week 48-51 Bonus Content: D19994: Show the customized "Login" message on the login screen.
Fri, Jan 18, 2:32 AM · Plans

Yesterday

epriestley added inline comments to D19993: Remove "metamta.*.subject-prefix" options.
Thu, Jan 17, 9:58 PM
epriestley added inline comments to D19991: Allow administrators to provide custom welcome text when welcoming users on the profile workflow.
Thu, Jan 17, 9:51 PM
epriestley added a comment to D19993: Remove "metamta.*.subject-prefix" options.

someone who hates dogs

Thu, Jan 17, 8:23 PM
epriestley changed the visibility for D291: Allow email subject prefixes to be configured.
Thu, Jan 17, 8:17 PM
epriestley added a comment to D19993: Remove "metamta.*.subject-prefix" options.

I'm really going to miss this code:

Thu, Jan 17, 8:14 PM
epriestley requested review of D19993: Remove "metamta.*.subject-prefix" options.
Thu, Jan 17, 8:14 PM
epriestley awarded D19993: Remove "metamta.*.subject-prefix" options a Party Time token.
Thu, Jan 17, 8:13 PM
epriestley added a comment to T11760: Phacility Cluster: Ad-Hoc Query Log.

I ran a query against a subset of instances to see if any instances had configured metamta.*.subject-prefix options.

Thu, Jan 17, 8:00 PM · Phacility
epriestley requested review of D19992: Add "Auth Messages" to support customizing onboarding/welcome flows.
Thu, Jan 17, 7:45 PM
epriestley added a revision to T13222: 2018 Week 48-51 Bonus Content: D19992: Add "Auth Messages" to support customizing onboarding/welcome flows.
Thu, Jan 17, 7:43 PM · Plans
epriestley updated the summary of D19991: Allow administrators to provide custom welcome text when welcoming users on the profile workflow.
Thu, Jan 17, 6:32 PM
epriestley updated the summary of D19991: Allow administrators to provide custom welcome text when welcoming users on the profile workflow.
Thu, Jan 17, 6:32 PM
epriestley requested review of D19991: Allow administrators to provide custom welcome text when welcoming users on the profile workflow.
Thu, Jan 17, 6:28 PM
epriestley requested review of D19990: When password auth is not enabled, don't tell users to set a password in welcome email.
Thu, Jan 17, 6:08 PM
epriestley requested review of D19989: Move "Welcome" mail generation out of PhabricatorUser.
Thu, Jan 17, 5:55 PM
epriestley added a comment to T13115: Handle mail bounces inside Phabricator.

When the time comes, this should almost certainly also handle contact numbers for non-email media (T920 / D19988).

Thu, Jan 17, 3:55 PM · Mail
epriestley added a revision to T920: Provide SMS Support: D19988: Add "Contact Numbers" so we can send users SMS mesages.
Thu, Jan 17, 3:48 PM · Restricted Project, Herald
epriestley updated the summary of D19987: Don't bounce mail messages if any recipient was reserved.
Thu, Jan 17, 2:54 PM
epriestley updated the summary of D19987: Don't bounce mail messages if any recipient was reserved.
Thu, Jan 17, 2:53 PM
epriestley updated the diff for D19987: Don't bounce mail messages if any recipient was reserved.
  • "Them email" may not be entirely grammatical.
Thu, Jan 17, 2:53 PM
epriestley updated the summary of D19987: Don't bounce mail messages if any recipient was reserved.
Thu, Jan 17, 2:51 PM
epriestley updated the summary of D19987: Don't bounce mail messages if any recipient was reserved.
Thu, Jan 17, 2:51 PM
epriestley updated the summary of D19987: Don't bounce mail messages if any recipient was reserved.
Thu, Jan 17, 2:49 PM
epriestley requested review of D19987: Don't bounce mail messages if any recipient was reserved.
Thu, Jan 17, 2:49 PM
epriestley added a revision to T13222: 2018 Week 48-51 Bonus Content: D19987: Don't bounce mail messages if any recipient was reserved.
Thu, Jan 17, 2:47 PM · Plans
epriestley committed rP6b6c991ad498: Allow Phortune accounts to customize their billing address and name (authored by epriestley).
Allow Phortune accounts to customize their billing address and name
Thu, Jan 17, 12:16 AM
epriestley added a commit to T7607: Invoicing emails probably need some work: rP6b6c991ad498: Allow Phortune accounts to customize their billing address and name.
Thu, Jan 17, 12:16 AM · Phortune, Phacility
epriestley closed D19979: Allow Phortune accounts to customize their billing address and name.
Thu, Jan 17, 12:16 AM
epriestley committed rPa1516fefb67a: Fix an issue where "Import Columns" could fail on a board for a project with… (authored by epriestley).
Fix an issue where "Import Columns" could fail on a board for a project with…
Thu, Jan 17, 12:15 AM
epriestley closed D19978: Fix an issue where "Import Columns" could fail on a board for a project with milestones.
Thu, Jan 17, 12:15 AM
epriestley added inline comments to D19979: Allow Phortune accounts to customize their billing address and name.
Thu, Jan 17, 12:08 AM
epriestley updated the diff for D19978: Fix an issue where "Import Columns" could fail on a board for a project with milestones.
  • Use "Source" over "Target".
Thu, Jan 17, 12:05 AM
epriestley added inline comments to D19978: Fix an issue where "Import Columns" could fail on a board for a project with milestones.
Thu, Jan 17, 12:04 AM

Wed, Jan 16

epriestley added a comment to D19969: Apply inverse edge edits after committing primary object edits.

I'll probably hold this until after the release cut -- we have a lot of stuff in queue and the bug this fixes is very small/rare, I just have a personal vendetta against it.

Wed, Jan 16, 11:39 PM
epriestley added a comment to D19975: Convert user MFA factors to point at configurable "MFA Providers", not raw "MFA Factors".

Another possible thing is that sessions are long-lived and you only get force-MFA-gated at login, so an administrator might reconfigure MFA, think all the users are on the new stuff, and then learn that they a bunch weren't actually forced to switch to Duo or whatever yet since they're still on old sessions.

Wed, Jan 16, 10:52 PM
epriestley updated the diff for D19975: Convert user MFA factors to point at configurable "MFA Providers", not raw "MFA Factors".
  • Correct "factors types".
Wed, Jan 16, 10:48 PM
epriestley committed rP0a0afa489a5d: Wordsmith inbound mail documentation more thoroughly (authored by epriestley).
Wordsmith inbound mail documentation more thoroughly
Wed, Jan 16, 10:45 PM
epriestley closed D19986: Wordsmith inbound mail documentation more thoroughly.
Wed, Jan 16, 10:45 PM
epriestley added a comment to D19975: Convert user MFA factors to point at configurable "MFA Providers", not raw "MFA Factors".

These answers are somewhat-theory for now since you can't actually disable providers yet, but:

Wed, Jan 16, 10:44 PM
epriestley requested review of D19986: Wordsmith inbound mail documentation more thoroughly.
Wed, Jan 16, 10:30 PM
epriestley added a comment to D19973: Update inbound and outbound email documentation.

Oh, I totally missed that feedback, I'll followup.

Wed, Jan 16, 10:01 PM
epriestley committed rPbd077bfcb7ac: Update inbound and outbound email documentation (authored by epriestley).
Update inbound and outbound email documentation
Wed, Jan 16, 9:56 PM
epriestley closed T8636: Update "Configuring Inbound Email" to describe application email configuration in greater detail as Resolved by committing rPbd077bfcb7ac: Update inbound and outbound email documentation.
Wed, Jan 16, 9:56 PM · Documentation, Mail
epriestley closed D19973: Update inbound and outbound email documentation.
Wed, Jan 16, 9:56 PM
epriestley added a comment to D19969: Apply inverse edge edits after committing primary object edits.

Some additional context -- normally, when we apply a transaction, we populate only the "new" value. So we pass an object like this into the Editor:

Wed, Jan 16, 9:46 PM
epriestley committed rPc5f446defb52: Prevent application email addresses from shadowing user email addresses (authored by epriestley).
Prevent application email addresses from shadowing user email addresses
Wed, Jan 16, 9:28 PM
epriestley closed T13234: Application email addresses may shadow user email addresses as Resolved by committing rPc5f446defb52: Prevent application email addresses from shadowing user email addresses.
Wed, Jan 16, 9:28 PM · Mail, Security
epriestley closed D19974: Prevent application email addresses from shadowing user email addresses.
Wed, Jan 16, 9:28 PM
epriestley committed rPdc4d7f1f3e8d: Reorder "Merge" transaction to make "Close as Duplicate" produce a "[Merged]"… (authored by epriestley).
Reorder "Merge" transaction to make "Close as Duplicate" produce a "[Merged]"…
Wed, Jan 16, 9:27 PM
epriestley closed T11782: Inconsistent mail notification subject ([Updated] vs [Merged]) depending on from which task a duplicate task was merged as Resolved by committing rPdc4d7f1f3e8d: Reorder "Merge" transaction to make "Close as Duplicate" produce a "[Merged]"….
Wed, Jan 16, 9:27 PM · Mail, Maniphest, Bug Report
epriestley closed D19972: Reorder "Merge" transaction to make "Close as Duplicate" produce a "[Merged]" email subject.
Wed, Jan 16, 9:27 PM
epriestley committed rP35f0e31ed3b2: Add a Twilio SMS message adapter (authored by epriestley).
Add a Twilio SMS message adapter
Wed, Jan 16, 9:26 PM
epriestley added a commit to T920: Provide SMS Support: rP35f0e31ed3b2: Add a Twilio SMS message adapter.
Wed, Jan 16, 9:26 PM · Restricted Project, Herald
epriestley closed D19971: Add a Twilio SMS message adapter.
Wed, Jan 16, 9:26 PM
epriestley committed rP96d3e73eed64: Fix an issue where "CC"-only email improperly wiped CC addresses (authored by epriestley).
Fix an issue where "CC"-only email improperly wiped CC addresses
Wed, Jan 16, 9:23 PM
epriestley added a commit to T920: Provide SMS Support: rP96d3e73eed64: Fix an issue where "CC"-only email improperly wiped CC addresses.
Wed, Jan 16, 9:22 PM · Restricted Project, Herald
epriestley closed D19970: Fix an issue where "CC"-only email improperly wiped CC addresses.
Wed, Jan 16, 9:22 PM
epriestley added inline comments to D19965: Update the "SES" and "sendmail" mailers for the new API; remove "encoding".
Wed, Jan 16, 9:22 PM
epriestley committed rP0c0cbb1c09e4: Fix an issue where transactions in mail were always rendered as text (authored by epriestley).
Fix an issue where transactions in mail were always rendered as text
Wed, Jan 16, 9:21 PM
epriestley closed T12921: Link to referenced object in transaction emails as Resolved by committing rP0c0cbb1c09e4: Fix an issue where transactions in mail were always rendered as text.
Wed, Jan 16, 9:21 PM · Mail, Feature Request
epriestley closed D19968: Fix an issue where transactions in mail were always rendered as text.
Wed, Jan 16, 9:21 PM
epriestley committed rPc3cafffed726: Update the "SES" and "sendmail" mailers for the new API; remove "encoding" (authored by epriestley).
Update the "SES" and "sendmail" mailers for the new API; remove "encoding"
Wed, Jan 16, 9:19 PM