TPA issueshttps://gitlab.torproject.org/groups/tpo/tpa/-/issues2024-01-22T16:34:28Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40202can't send email to state.gov2024-01-22T16:34:28Zanarcatcan't send email to state.govwriting to USER@state.gov gives us this error:
```
<REDACTED@state.gov>: TLSA lookup error for christopher-ew.state.gov:25
```
it's actually from multiple endpoints, my home server and riseup also see this, so this is actually an error...writing to USER@state.gov gives us this error:
```
<REDACTED@state.gov>: TLSA lookup error for christopher-ew.state.gov:25
```
it's actually from multiple endpoints, my home server and riseup also see this, so this is actually an error with state.gov, i would argue... still worth taking a look.
/cc @gaba
battle plan:
* [x] <del>confirm with state.gov folks that emails are failing because they check the eugeni TLS cert</del> state.gov is unwilling to provide more information, but we'll just go with that assertion, as it seems fair that our MX should provide publicly verifiable certificates in the standard CA infrastructure (on top of DNSSEC checks)
* [ ] if so, establish a plan to rebuild a MX with "real" TLS certificates, which is now documented in the [roadmap](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/roadmap/2021)
* [ ] bypass DNSSEC checks for state.gov so *we* can send mail there
* [ ] bring up their misconfiguration on DNSSEC forums (optional)improve mail servicesanarcatanarcathttps://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/36Add link to gitlab issues from admin panel2021-05-03T13:41:11ZboklmAdd link to gitlab issues from admin panelWhen viewing an approved issue or note from the admin panel, I think it would be nice to have a link to the issue on gitlab, to make it easier to reply there.When viewing an approved issue or note from the admin panel, I think it would be nice to have a link to the issue on gitlab, to make it easier to reply there.https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/31Email alerts to moderators when there are tickets in the moderation queue2021-05-03T13:41:09ZCecylia BocovichEmail alerts to moderators when there are tickets in the moderation queueI just logged on for the first time since last Monday and noticed a lot of tickets in the queue. It's hard to remember to log in, especially now when the service is new.
Not sure what the most usable option is here to alert moderators t...I just logged on for the first time since last Monday and noticed a lot of tickets in the queue. It's hard to remember to log in, especially now when the service is new.
Not sure what the most usable option is here to alert moderators to pay attention. On option is to send an email alert when a ticket has been waiting for more than 1 day?https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/96setup CI caching (and dependency proxy?)2022-03-24T23:28:18Zjugasetup CI caching (and dependency proxy?)I'm used to configure a cache in `gitlab-ci.org`, but maybe tpo isn't configured for [that](https://docs.gitlab.com/ee/ci/caching/#where-the-caches-are-stored)?
The message i get in the pipeline job:
```
Creating cache default...
.cac...I'm used to configure a cache in `gitlab-ci.org`, but maybe tpo isn't configured for [that](https://docs.gitlab.com/ee/ci/caching/#where-the-caches-are-stored)?
The message i get in the pipeline job:
```
Creating cache default...
.cache/pip: found 417 matching files and directories
No URL provided, cache will be not uploaded to shared cache server. Cache will be stored only locally.
```https://gitlab.torproject.org/tpo/tpa/triage-ops/-/issues/3Perhaps, automatically unassign tickets that have had no activity for more th...2022-03-14T18:55:06ZNick MathewsonPerhaps, automatically unassign tickets that have had no activity for more than N days/weeks/months?It might be a good idea to automatically unassign any ticket that has been assigned but untouched for a very long time.It might be a good idea to automatically unassign any ticket that has been assigned but untouched for a very long time.Alexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/tpa/triage-ops/-/issues/2Don't assign reviewers to MRs that don't need review2022-09-21T08:39:31ZNick MathewsonDon't assign reviewers to MRs that don't need reviewSpecifically, MRs with the "Needs Revision" and "Merge Ready" labels do not need a reviewer, and therefore don't need to get a reviewer assigned.Specifically, MRs with the "Needs Revision" and "Merge Ready" labels do not need a reviewer, and therefore don't need to get a reviewer assigned.Alexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/30Tag closed issues as Closed on the landing page2021-05-03T13:41:07ZcypherpunksTag closed issues as Closed on the landing pageIssues are tagged/labeled as Open or Closed on the details page, but the landing list would be faster to review if closed issues were tagged as Closed or (closed) on the landing page.Issues are tagged/labeled as Open or Closed on the details page, but the landing list would be faster to review if closed issues were tagged as Closed or (closed) on the landing page.https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/29Enable GitLab's emojis to be used by cypherpunks2021-05-03T13:41:05ZcypherpunksEnable GitLab's emojis to be used by cypherpunksUpvote, downvote, etc.
https://docs.gitlab.com/ee/user/award_emojis.html
https://docs.gitlab.com/ee/api/award_emoji.htmlUpvote, downvote, etc.
https://docs.gitlab.com/ee/user/award_emojis.html
https://docs.gitlab.com/ee/api/award_emoji.htmlhttps://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/28Disable GitLab auto-reconnect looking for new comments on issue pages2021-09-08T18:51:25ZcypherpunksDisable GitLab auto-reconnect looking for new comments on issue pagesI, an anon-ticket cypherpunk, was on `safer` level in Tor Browser and visited a ticket on this GitLab. I changed to `safest` level, and a red floating box popped up on the page with the text, "Something went wrong while fetching latest c...I, an anon-ticket cypherpunk, was on `safer` level in Tor Browser and visited a ticket on this GitLab. I changed to `safest` level, and a red floating box popped up on the page with the text, "Something went wrong while fetching latest comments." The outermost HTML tag contained:
`div class="flash-container flash-container-page sticky" data-qa-selector="flash_container"`
A privacy-preserving GitLab should not auto-reconnect nor auto-refresh. A tab left open would periodically create new Tor circuits that could be analyzed to locate the browser.
Cypherpunks don't have permission to create this issue in tpa/gitlab, but I think that's where this issue is supposed to be.https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/25Implement previewing creation of issues and notes2021-05-03T13:40:59ZcypherpunksImplement previewing creation of issues and notesAnontickets and notes are submitted immediately. Make a Preview button for creating anontickets and notes.
(It's silly that the anonticktes portal has to reinvent a feature that GitLab probably already has.)Anontickets and notes are submitted immediately. Make a Preview button for creating anontickets and notes.
(It's silly that the anonticktes portal has to reinvent a feature that GitLab probably already has.)https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/22Hyperlink anonticket registration from email registration visit sequence2021-05-03T13:40:51ZcypherpunksHyperlink anonticket registration from email registration visit sequenceAdd a link to [anonticket registration](https://anonticket.onionize.space/) from GitLab [TPO's home page](https://gitlab.torproject.org/tpo) ("You can request new accounts for this instance at...") or from the page to [Request Account](h...Add a link to [anonticket registration](https://anonticket.onionize.space/) from GitLab [TPO's home page](https://gitlab.torproject.org/tpo) ("You can request new accounts for this instance at...") or from the page to [Request Account](https://gitlab.onionize.space/).https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/20user_landing.html should move issue URL generation from template to view2021-05-03T13:40:49Zcypherpunksuser_landing.html should move issue URL generation from template to viewCurrently, links for the issue detail pages are generated by the template. Recommended best practice is to move this code into the view.Currently, links for the issue detail pages are generated by the template. Recommended best practice is to move this code into the view.https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/19project object should have a get_absolute_url pointing to ProjectDetailView; ...2021-05-03T13:40:47Zcypherpunksproject object should have a get_absolute_url pointing to ProjectDetailView; templates do a lot of processing vs keeping processing in view/modelproject objects could leverage get_absolute_url method on project model. at current, urls are generated by the template, but this should be passed to the view itself as much as possible.project objects could leverage get_absolute_url method on project model. at current, urls are generated by the template, but this should be passed to the view itself as much as possible.https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/18Need to add pagination testing items for template2021-05-03T13:40:45ZcypherpunksNeed to add pagination testing items for templateTests have been created for response.context for testing of pagination functions, need to add more tests for template rendering.Tests have been created for response.context for testing of pagination functions, need to add more tests for template rendering.https://gitlab.torproject.org/tpo/tpa/team/-/issues/40168track and respond to email spam complaints systematically2022-04-06T21:00:58Zanarcattrack and respond to email spam complaints systematicallyRight now we get complaints about spam to postmaster@tpo but do not necessarily act on those. Worst, there might be places where we just don't get notifications because we do not register to other provider's interfaces.
Some ideas:
* ...Right now we get complaints about spam to postmaster@tpo but do not necessarily act on those. Worst, there might be places where we just don't get notifications because we do not register to other provider's interfaces.
Some ideas:
* subscribe to <https://fbl.returnpath.net/>
* register on [Google's postmaster tools](https://gmail.com/postmaster/)
* try to figure out whatever is going on with Outlook (see https://gitlab.torproject.org/tpo/tpa/team/-/issues/33037#note_2725160)
* use some automation to measure feedback, for example [feedback-loop](https://git.autistici.org/ai3/tools/feedback-loop)
We already have improved our Prometheus metrics and Grafana dashboards as part of #33037, so there's already that, but work remains to be done to ensure we have good delivery.
This is part of the 2021 roadmap.improve mail serviceshttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40163evaluate and reduce server's power usage2023-03-14T17:51:28Zanarcatevaluate and reduce server's power usageWhile we do not directly control our physical infrastructure, we still do use actual power, which has an environmental cost and, therefore, is part of the major existential threat facing humanity at the peak of its history. Reducing powe...While we do not directly control our physical infrastructure, we still do use actual power, which has an environmental cost and, therefore, is part of the major existential threat facing humanity at the peak of its history. Reducing power usage is not only an economic incentive, it's an existential necessity.
The first step is to do monitoring, however. I found out about a project call [scaphandre](https://github.com/hubblo-org/scaphandre) which provides Prometheus metrics and Grafana dashboards for actual power usage on physical servers. While that may not cover our machines "in the cloud", it may work on our physical hardware.https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/15Update Moderator View - Remove hard-coded links and update templates2021-05-03T13:40:44ZcypherpunksUpdate Moderator View - Remove hard-coded links and update templatesNeed to remove hard-coded links to admin on moderator view and replace template on admin actions for moderator view to custom templating so admin panel is not exposed. Should be able to use a method similar to the following: https://sta...Need to remove hard-coded links to admin on moderator view and replace template on admin actions for moderator view to custom templating so admin panel is not exposed. Should be able to use a method similar to the following: https://stackoverflow.com/questions/45176991/django-redirect-change-password-urlhttps://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/14Create Issue when in a specific project doesn't prepopulate form2021-05-03T13:40:43ZcypherpunksCreate Issue when in a specific project doesn't prepopulate formCurrently, the "Create issue" link on a project detail view links to the generic "create issue" view, and the user then needs to select the appropriate project from the dropdown. It would be nice to have it auto-select the dropdown objec...Currently, the "Create issue" link on a project detail view links to the generic "create issue" view, and the user then needs to select the appropriate project from the dropdown. It would be nice to have it auto-select the dropdown object for you.https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues/8Feature: MR Links and View2021-01-28T20:56:13ZcypherpunksFeature: MR Links and ViewIssue detail view currently shows all notes and indicates when a merge request was made, but does not have a link to MR. Although it's possible to link this without adding any new views/urls, by linking directly to gitlab, this would be ...Issue detail view currently shows all notes and indicates when a merge request was made, but does not have a link to MR. Although it's possible to link this without adding any new views/urls, by linking directly to gitlab, this would be a lot of API calls.
Rec instead creating a new view showing the project MR details with a structure like /project/project_name/merge-requests/# and connect the project detail view to the merge-request-detail-view. That way, only a single gitlab API call is made at the moment that the link is clicked on to get the MR details, which will be used to populate the view.https://gitlab.torproject.org/tpo/tpa/team/-/issues/40129user management procedures are poorly documented2023-10-20T18:57:06Zanarcatuser management procedures are poorly documentedas identified by @arma in https://gitlab.torproject.org/tpo/tpa/team/-/issues/40126#note_2721379, it's not really clear how to actually create and remove accounts. we do have https://gitlab.torproject.org/tpo/tpa/team/-/issues/32519 whic...as identified by @arma in https://gitlab.torproject.org/tpo/tpa/team/-/issues/40126#note_2721379, it's not really clear how to actually create and remove accounts. we do have https://gitlab.torproject.org/tpo/tpa/team/-/issues/32519 which concerns the overall onboarding/offboarding process, but the actually nitty-gritty details of *how* to do things for sysadmins is really badly documented. in https://gitlab.torproject.org/tpo/tpa/team/-/issues/40126#note_2721468, i noted:
> This documentation seems to be a total mess. There is:
>
> * [howto/new-person](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/new-person) which you have found and seems to document how to get a new *sysadmin* on board
> * [doc/accounts](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts) which documents "accounts" in general, and is more targeted at users
> * [howto/create-a-new-user](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/create-a-new-user) actually documents how to create a new user
> * [howto/ldap](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/ldap) which documents "LDAP" in general and has a rather poor user-facing documentation and is mostly targeted about running the service
> * and then of course userdir-ldap-cgi has [its own inline documentation](https://db.torproject.org/) maintained as HTML/Perl templates shipped with the debian package and managed through git.
>
> Someone(tm) needs to sit down and make sense of this. I kind of made matters worse myself by creating howto/ldap and howto/new-person of course... :( so I guess i'm probably that someone.
So the task here is to merge or split or cleanup those pages so that one doesn't get lost like @arma did. Here it's not a matter of policy, it's just about creating a cohesive documentation. I suspect the following should happen, but this is just a first brainstorm and i'm open to suggestions:
- [ ] [howto/new-person](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/new-person) - should be merged into another page, a special section in create-new-user maybe? or renamed to "new-admin"?
- [ ] [doc/accounts](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts) - merge with create-a-new-user?
- [ ] [howto/create-a-new-user](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/create-a-new-user) - merge with howto/ldap? but keep in mind there are things about sudo in there
- [ ] [howto/ldap](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/ldap) - should this take over the userdir-ldap-cgi documentation below and cover *everything*?
- [ ] userdir-ldap-cgi has [its own inline documentation](https://db.torproject.org/) - maybe deprecate this and point to the wiki?
TBD.
Also note that our [retirement procedures](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/retire-a-user) are *also* fairly inadequate and would need much love. this was supposed to be covered by #32519 but was somehow overlooked... :(anarcatanarcat