info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Phabricator/Lando update, November 2017
149 views
Skip to first unread message
Mark Côté
Nov 29, 2017, 11:35:05 AM11/29/17
to
I posted an update on Phabricator and Lando to my blog a couple weeks ago, but I figured I should share it here too: https://mrcote.info/blog/2017/11/17/phabricator-and-lando-november-update/
There are two important points:
1. Our Phabricator instance has been up and running for a few months now. Our team has been using it regularly, as has the NSS team and some Firefox devs. We were hesitant to advertise this too widely in order not to create any confusion around the Quantum release, but now that that has settled down I am told it should be fine for anyone to start using it. The instance is at https://phabricator.services.mozilla.com/ and there are docs at https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html. We will have some hands-on training in Austin as well.
Note that we are still technically in a pre-release state as we are making a few more changes to the underlying BMO-integration engine to ensure it remains rock solid.
2. For a few reasons, the release of Lando (the system tying Phabricator and Autoland together) is being pushed back to 2018Q1. There is more info on Lando, with screenshots, in my post.
Mark
There are two important points:
1. Our Phabricator instance has been up and running for a few months now. Our team has been using it regularly, as has the NSS team and some Firefox devs. We were hesitant to advertise this too widely in order not to create any confusion around the Quantum release, but now that that has settled down I am told it should be fine for anyone to start using it. The instance is at https://phabricator.services.mozilla.com/ and there are docs at https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html. We will have some hands-on training in Austin as well.
Note that we are still technically in a pre-release state as we are making a few more changes to the underlying BMO-integration engine to ensure it remains rock solid.
2. For a few reasons, the release of Lando (the system tying Phabricator and Autoland together) is being pushed back to 2018Q1. There is more info on Lando, with screenshots, in my post.
Mark
Andreas Tolfsen
Nov 29, 2017, 12:42:12 PM11/29/17
to dev-pl...@lists.mozilla.org, Mark Cote
Also sprach Mark Côté:
> We were hesitant to advertise this too widely in order not to create
> any confusion around the Quantum release, but now that that has
> settled down I am told it should be fine for anyone to start using
> it. The instance is at https://phabricator.services.mozilla.com/
> and there are docs at
> https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html.
I’ve been wanting to try out the new review tool, but the sign up
steps in the documentation fails to mention two-factor authentication.
The only option is ‘Mobile Phone App (TOTP)’ and if you, like me,
don’t have a smartphone it is seemingly impossible to create an
account.
I would’ve thought it would delegate the MFA bit to Bugzilla, or
am I doing something wrong?
> We were hesitant to advertise this too widely in order not to create
> any confusion around the Quantum release, but now that that has
> settled down I am told it should be fine for anyone to start using
> it. The instance is at https://phabricator.services.mozilla.com/
> and there are docs at
> https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html.
steps in the documentation fails to mention two-factor authentication.
The only option is ‘Mobile Phone App (TOTP)’ and if you, like me,
don’t have a smartphone it is seemingly impossible to create an
account.
I would’ve thought it would delegate the MFA bit to Bugzilla, or
am I doing something wrong?
Steve Fink
Nov 29, 2017, 12:43:58 PM11/29/17
to dev-pl...@lists.mozilla.org
On 11/29/2017 08:35 AM, Mark Côté wrote:
> I posted an update on Phabricator and Lando to my blog a couple weeks ago, but I figured I should share it here too: https://mrcote.info/blog/2017/11/17/phabricator-and-lando-november-update/
>
> There are two important points:
>
> 1. Our Phabricator instance has been up and running for a few months now. Our team has been using it regularly, as has the NSS team and some Firefox devs. We were hesitant to advertise this too widely in order not to create any confusion around the Quantum release, but now that that has settled down I am told it should be fine for anyone to start using it. The instance is at https://phabricator.services.mozilla.com/ and there are docs at https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html. We will have some hands-on training in Austin as well.
Where should we file bugs, and what sorts of bugs would be useful right now?
> I posted an update on Phabricator and Lando to my blog a couple weeks ago, but I figured I should share it here too: https://mrcote.info/blog/2017/11/17/phabricator-and-lando-november-update/
>
> There are two important points:
>
> 1. Our Phabricator instance has been up and running for a few months now. Our team has been using it regularly, as has the NSS team and some Firefox devs. We were hesitant to advertise this too widely in order not to create any confusion around the Quantum release, but now that that has settled down I am told it should be fine for anyone to start using it. The instance is at https://phabricator.services.mozilla.com/ and there are docs at https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html. We will have some hands-on training in Austin as well.
I see in bugzilla Conduit :: Phabricator (Upstream) and Conduit ::
Phabricator Extensions. I don't know what Conduit is. I checked Conduit
:: General, but it just says "General Conduit bugs." What terminology do
we need to know in order to be able to file bugs and find the right
documentation?
So for example, "recent commits" on the mozilla-central repo appears to
be backwards. It only shows stuff from 2007, and the related pages
(History, Graph) are the same. The Graph page, in particular, seems to
only allow advancing a page at a time, so there's no way you'd ever get
to the tip. But this is totally noncritical functionality right now, so
perhaps it would just add friction to file a bunch of obvious bugs?
Mark Côté
Nov 29, 2017, 1:05:44 PM11/29/17
to Andreas Tolfsen, dev-pl...@lists.mozilla.org
Right, I should have mentioned that. We are working right now on enforcing
MFA for Phabricator via BMO. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1393950. Should go out next
week.
Mark
On Nov 29, 2017 12:41 PM, "Andreas Tolfsen" <a...@sny.no> wrote:
> Also sprach Mark Côté:
MFA for Phabricator via BMO. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1393950. Should go out next
week.
Mark
On Nov 29, 2017 12:41 PM, "Andreas Tolfsen" <a...@sny.no> wrote:
> Also sprach Mark Côté:
>
> > We were hesitant to advertise this too widely in order not to create
> > any confusion around the Quantum release, but now that that has
> > settled down I am told it should be fine for anyone to start using
> > it. The instance is at https://phabricator.services.mozilla.com/
> > and there are docs at
> > https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html.
>
> > We were hesitant to advertise this too widely in order not to create
> > any confusion around the Quantum release, but now that that has
> > settled down I am told it should be fine for anyone to start using
> > it. The instance is at https://phabricator.services.mozilla.com/
> > and there are docs at
> > https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html.
>
Mark Côté
Nov 29, 2017, 2:40:04 PM11/29/17
to
Huh yeah I didn't notice that about the history & graphs. That is weird. To be honest, Diffusion is not the best source-code viewer for a repo the size of mozilla-central. I would still default to using hg.mozilla.org, despite it not having as fancy an interface. But feel free to file those bugs as I am curious why the behaviour is the way it is. Those would belong in Conduit :: Phabricator (Upstream), as we do not intend to heavily customize our instance and hence would like to work with upstream on these kinds of issues.
Mark
Gregory Szorc
Dec 4, 2017, 6:51:54 PM12/4/17
to Mark Côté, dev-platform
Repository does not use the Phabricator repository viewer because of
scaling and usability issues. My info may be a bit out of date though. But
I'm inclined to say we should steer people away from the Phabricator UI
(for better or worse).
Also, Mercurial has steadily been getting a slew of updates to the HTML
interface. There's a ton coming in the not-yet-released 4.5 release. But
we're still running 4.2 on hg.mozilla.org. You can run `hg serve` to run a
local server, which will get you the modern goodies (and it will be fast
since it avoids network round trips).
Masatoshi Kimura
Dec 5, 2017, 8:39:23 AM12/5/17
to dev-pl...@lists.mozilla.org
I went to the 2FA preference on BMO. For me, the only authentication
option was TOTP that requires a smartphone. I do not have a smartphone
like Mark.
How can I continue to contribute after we are forced to use Phabricator?
Mozilla no longer wants volunteer contributors?
On 2017/11/30 3:05, Mark Côté wrote:
> Right, I should have mentioned that. We are working right now on enforcing
> MFA for Phabricator via BMO. See
> https://bugzilla.mozilla.org/show_bug.cgi?id=1393950. Should go out next
> week.
>
> Mark
>
> On Nov 29, 2017 12:41 PM, "Andreas Tolfsen" <a...@sny.no> wrote:
>
>> Also sprach Mark Côté:
>>
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>
option was TOTP that requires a smartphone. I do not have a smartphone
like Mark.
How can I continue to contribute after we are forced to use Phabricator?
Mozilla no longer wants volunteer contributors?
On 2017/11/30 3:05, Mark Côté wrote:
> Right, I should have mentioned that. We are working right now on enforcing
> MFA for Phabricator via BMO. See
> https://bugzilla.mozilla.org/show_bug.cgi?id=1393950. Should go out next
> week.
>
> Mark
>
> On Nov 29, 2017 12:41 PM, "Andreas Tolfsen" <a...@sny.no> wrote:
>
>> Also sprach Mark Côté:
>>
>>> We were hesitant to advertise this too widely in order not to create
>>> any confusion around the Quantum release, but now that that has
>>> settled down I am told it should be fine for anyone to start using
>>> it. The instance is at https://phabricator.services.mozilla.com/
>>> and there are docs at
>>> https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html.
>>
>>> any confusion around the Quantum release, but now that that has
>>> settled down I am told it should be fine for anyone to start using
>>> it. The instance is at https://phabricator.services.mozilla.com/
>>> and there are docs at
>>> https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html.
>>
>> I’ve been wanting to try out the new review tool, but the sign up
>> steps in the documentation fails to mention two-factor authentication.
>> The only option is ‘Mobile Phone App (TOTP)’ and if you, like me,
>> don’t have a smartphone it is seemingly impossible to create an
>> account.
>>
>> I would’ve thought it would delegate the MFA bit to Bugzilla, or
>> am I doing something wrong?
>>
>>
> _______________________________________________
>> steps in the documentation fails to mention two-factor authentication.
>> The only option is ‘Mobile Phone App (TOTP)’ and if you, like me,
>> don’t have a smartphone it is seemingly impossible to create an
>> account.
>>
>> I would’ve thought it would delegate the MFA bit to Bugzilla, or
>> am I doing something wrong?
>>
>>
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>
Dylan Hardison
Dec 5, 2017, 9:02:13 AM12/5/17
to Masatoshi Kimura, dev-pl...@lists.mozilla.org
> On Dec 5, 2017, at 08:38, Masatoshi Kimura <VYV0...@nifty.ne.jp> wrote:
>
> I went to the 2FA preference on BMO. For me, the only authentication
> option was TOTP that requires a smartphone. I do not have a smartphone
> like Mark.
See https://superuser.com/questions/462478/is-there-a-google-authenticator-desktop-client
Though, you must be careful -- if I were to use a desktop/laptop for this, I'd dedicate it to this sole function
and ensure it had no network access. (But I'd rather get an old phone or tablet.)
> How can I continue to contribute after we are forced to use Phabricator?
The people working on unifying auth across our systems care very much about volunteers.
It's a non-negotiable feature.
Dirkjan Ochtman
Dec 5, 2017, 9:03:46 AM12/5/17
to Masatoshi Kimura, dev-platform
On Tue, Dec 5, 2017 at 2:38 PM, Masatoshi Kimura <VYV0...@nifty.ne.jp>
people use it.
Here's a minimal Python implementation that, given a base32-encoded secret,
will give you the TOTP authentication code:
https://github.com/djc/persona-totp/blob/master/persona.py#L85
Regards,
Dirkjan
wrote:
> I went to the 2FA preference on BMO. For me, the only authentication
> option was TOTP that requires a smartphone. I do not have a smartphone
> like Mark.
>
TOTP doesn't require a smartphone at all, even though that is how many
> I went to the 2FA preference on BMO. For me, the only authentication
> option was TOTP that requires a smartphone. I do not have a smartphone
> like Mark.
>
people use it.
Here's a minimal Python implementation that, given a base32-encoded secret,
will give you the TOTP authentication code:
https://github.com/djc/persona-totp/blob/master/persona.py#L85
Regards,
Dirkjan
Byron Jones
Dec 5, 2017, 9:11:43 AM12/5/17
to Masatoshi Kimura, dev-pl...@lists.mozilla.org
TOTP does not require a smartphone.
there's software TOTP clients that can be run on your desktop, and i'm
also seeing TOTP support baked into some password managers. that
clearly isn't as secure as the second factor implemented on a second
device, however desktop TOTP does provide better security than
password-only authentication.
if you care about security and shun smartphones there are also plenty of
"one time password token" hardware devices that perform the same
function. i have a yubikey for my 2fa needs, mostly because it's more
convenient than reaching for my phone.
-glob
--
glob — engineering productivity — moz://a
there's software TOTP clients that can be run on your desktop, and i'm
also seeing TOTP support baked into some password managers. that
clearly isn't as secure as the second factor implemented on a second
device, however desktop TOTP does provide better security than
password-only authentication.
if you care about security and shun smartphones there are also plenty of
"one time password token" hardware devices that perform the same
function. i have a yubikey for my 2fa needs, mostly because it's more
convenient than reaching for my phone.
-glob
glob — engineering productivity — moz://a
Tom Schuster
Dec 5, 2017, 1:21:55 PM12/5/17
to Byron Jones, Masatoshi Kimura, dev-pl...@lists.mozilla.org
There are also various Firefox extensions that can manage 2 factor accounts
for you.
On Tue, Dec 5, 2017 at 3:10 PM, Byron Jones <gl...@mozilla.com> wrote:
> TOTP does not require a smartphone.
>
> there's software TOTP clients that can be run on your desktop, and i'm
> also seeing TOTP support baked into some password managers. that clearly
> isn't as secure as the second factor implemented on a second device,
> however desktop TOTP does provide better security than password-only
> authentication.
>
> if you care about security and shun smartphones there are also plenty of
> "one time password token" hardware devices that perform the same function.
> i have a yubikey for my 2fa needs, mostly because it's more convenient than
> reaching for my phone.
>
>
> -glob
>
>
> Masatoshi Kimura wrote:
>
for you.
On Tue, Dec 5, 2017 at 3:10 PM, Byron Jones <gl...@mozilla.com> wrote:
> TOTP does not require a smartphone.
>
> there's software TOTP clients that can be run on your desktop, and i'm
> also seeing TOTP support baked into some password managers. that clearly
> isn't as secure as the second factor implemented on a second device,
> however desktop TOTP does provide better security than password-only
> authentication.
>
> if you care about security and shun smartphones there are also plenty of
> "one time password token" hardware devices that perform the same function.
> i have a yubikey for my 2fa needs, mostly because it's more convenient than
> reaching for my phone.
>
>
> -glob
>
>
> Masatoshi Kimura wrote:
>
> --
> glob — engineering productivity — moz://a
>
>
> glob — engineering productivity — moz://a
>
>
Mark Côté
Dec 7, 2017, 12:00:51 PM12/7/17
to
Update: As of a few minutes ago, the change to Phabricator to enforce 2FA at Bugzilla login was deployed to production. The requirement for 2FA inside of Phabricator has been disabled.
To be clear, you will still need 2FA enabled in Bugzilla to log into Phabricator, but you will not need to enable a separate 2FA in Phabricator itself.
Mark
To be clear, you will still need 2FA enabled in Bugzilla to log into Phabricator, but you will not need to enable a separate 2FA in Phabricator itself.
Mark
0 new messages