Config
Log for #openttd on 30th November 2021:
Times are UTC Toggle Colours
11:15:21  *** Wuzzy has joined #openttd
11:36:21  *** tokai has quit IRC
11:37:27  *** tokai has joined #openttd
11:37:27  *** ChanServ sets mode: +v tokai
12:57:09  <DorpsGek> [OpenTTD/OpenTTD] hshs1115 opened pull request #9724: Korean https://git.io/JMg0I
12:58:50  <LordAro> now there's an interesting question
12:58:57  <LordAro> (probably no, all the same)
13:27:34  *** glx has joined #openttd
13:27:34  *** ChanServ sets mode: +v glx
14:42:35  <nielsm> imo put that kind of translated documentation on the wiki
14:46:57  <DorpsGek> [OpenTTD/OpenTTD] nielsmh commented on pull request #9724: Translation: I added the translated file: README.md file, knock-bugs.txt file. https://git.io/JMgNx
15:28:30  *** Etua has joined #openttd
15:50:41  *** Etua has quit IRC
15:57:59  <TrueBrain> haha, just imagine if we change something in a README, we get tons of these PRs .. no, that will be dramatic :P
15:58:37  <TrueBrain> glx: no, that shouldn't be the case. Especially the edit page is never cached. So it should show your name. Screenshot? Can you reproduce it?
16:03:37  <TrueBrain> ah, seems Cloudflare caches pages that have no Cache-Control; that is not optimal
16:04:16  <TrueBrain> bit weird, as cookies should cause the caching to be skipped
16:05:56  <glx> well it was showing another username
16:06:16  <TrueBrain> that was rather unclear from your report :P
16:06:29  <TrueBrain> there is a bit of a difference between "not showing my name" and "showing another name" :D
16:06:33  <glx> yeah didn't think about screenshots
16:08:41  <TrueBrain> I changed some Cloudflare settings; it should listen to caching a bit better now
16:12:55  <TrueBrain> purged the full cache, just to be sure :)
16:13:03  * andythenorth shades of the past
16:13:19  <andythenorth> "failure to specify cache control caused PII breach"
16:13:24  <andythenorth> early days of my career
16:13:27  <andythenorth> let's not :P
16:13:34  * andythenorth shivers
16:13:36  <TrueBrain> strictly seen that was a security incident, but all it did was show others your username .. pretty sure there is no impact :D
16:14:02  <TrueBrain> I love that the wiki is very very restricted in the amount of information it retrieves :P
16:14:18  <andythenorth> well I hope you have recorded it in the incident log
16:14:34  <TrueBrain> isn't this that log?
16:14:36  <TrueBrain> hmm
16:14:38  <andythenorth> obviously you have already considered if you need to notify supervisory authorities in all territories
16:14:57  <TrueBrain> is a public username PII I wonder?
16:15:07  <glx> yes, the links themselves were pointing to me, like the "review access" one
16:16:00  <TrueBrain> the "worst" part of it was that 404s were cached too, for an hour
16:16:02  <TrueBrain> so that is just shitty UX
16:16:10  <TrueBrain> but .. yeah .. that seems to be about the scope of the issue :)
16:16:30  <andythenorth> a username in isolation is not PII in this case
16:16:52  <andythenorth> we can't assume it's 100% public because there might be registered users who by choice never post or edit
16:16:53  <TrueBrain> \o/
16:17:12  <andythenorth> but we can assume that we're not going to meet the needs of every privacy obsessive also
16:17:31  <andythenorth> and that the risk of harm would be hard to demonstrate
16:36:57  *** iSoSyS has joined #openttd
16:48:04  *** frosch123 has joined #openttd
16:59:07  *** Flygon has quit IRC
18:30:14  *** jottyfan has joined #openttd
18:31:01  *** Wormnest has joined #openttd
18:38:32  *** andythenorth has quit IRC
18:45:02  **

Powered by YARRSTE version: svn-trunk