Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 15:08

    kyostiebi on EnvAndResponseChanges

    backup save only (compare)

  • 10:57

    kyostiebi on EnvAndResponseChanges

    work in progress (compare)

  • Jan 19 17:17

    garrettjstevens on main

    Add local test data Remove unused files Authenticate -> Authentication and 13 more (compare)

  • Jan 19 16:08

    garrettjstevens on Issues22_23_24

    (compare)

  • Jan 19 16:08

    garrettjstevens on main

    Issues 13 and 14 ready. Issue 1… The test version for issues 13,… Merge branch 'main' into Issues… and 18 more (compare)

  • Jan 19 16:08
    garrettjstevens closed #25
  • Jan 19 16:08
    garrettjstevens synchronize #25
  • Jan 19 16:08

    garrettjstevens on Issues22_23_24

    Merge branch 'main' into Issues… (compare)

  • Jan 19 16:07

    garrettjstevens on issues22_23_24_GS

    (compare)

  • Jan 19 16:07
    garrettjstevens synchronize #25
  • Jan 19 16:07

    garrettjstevens on Issues22_23_24

    Add local test data Remove unused files Authenticate -> Authentication and 13 more (compare)

  • Jan 19 16:07
    garrettjstevens closed #33
  • Jan 19 00:38

    garrettjstevens on peter_plugin_apollo

    Lint and consistency updates (compare)

  • Jan 18 21:07

    peterkxie on peter_plugin_apollo

    formatting (compare)

  • Jan 18 21:07

    peterkxie on peter_plugin_apollo

    move code over (compare)

  • Jan 18 21:03

    peterkxie on peter_plugin_apollo

    (compare)

  • Jan 18 20:40
    garrettjstevens assigned #33
  • Jan 18 20:40
    garrettjstevens review_requested #33
  • Jan 18 20:40
    garrettjstevens opened #33
  • Jan 18 20:31

    garrettjstevens on issues22_23_24_GS

    Import instead of require fs, c… (compare)

Garrett Stevens
@garrettjstevens
That would be nice.
Scott Cain
@scottcain
Oh, heck, and that’s not even that easy a thing for us to fix, since the docker file depends on sdkman, which I know nothing about.
Nathan Dunn
@nathandunn
Gradle and groovy also depend on it so I’m pretty sure it’ll get fixed
Scott Cain
@scottcain
OK, still working on getting the Apollo container to build. I switched to pulling from the develop branch for Apollo, and it felt like it was working, because the build ran longer, but it ended up dying at the same place as above, trying to get odfdom-java. I thought the problem was a failure to gracefully redirect (since there is a 308 error thrown), and that may still be the most current problem, but when I go in a browser to http://repo.grails.org/grails/core and get redirected to https://repo.grails.org/artifactory/core/, I see that there is no listing for odfdom-java there, so even if the redirect were successful, I don’t think the build would complete successfully. So, I’m left wondering if we can/should try to get odfdom-java from somewhere else, or I am misinterpreting what’s going on? @garrettjstevens @nathandunn
(or can we pitch odfdom for the AGR build of apollo? No clue)
Nathan Dunn
@nathandunn
@garrettjstevens I would push to dev and see if its fixed there
its in maven central, so it should be getting picked up: https://mvnrepository.com/artifact/org.odftoolkit/odfdom-java
Garrett Stevens
@garrettjstevens
@scottcain looks like it's a problem with grails: grails/grails-core#11825. I realized it wasn't just docker, I couldn't build Apollo locally, either. Hopefully I'll have a fix in develop soon: GMOD/Apollo#2624.
Scott Cain
@scottcain
I figured it was something like that (ie, updating a repo url) but I didn’t know where to do it.
Garrett Stevens
@garrettjstevens
Just merged. Should be able to try again now.
Scott Cain
@scottcain
Yep, worked on my local apollo docker file; now I’ll try with the AGR container. Thanks!
Nathan Dunn
@nathandunn
Sorry, just put this on the twitters. Building a genome browser from neo4j: https://twitter.com/precogincog/status/1405612735077908481 . Not sure if the title is misleading, but its still kind of interesting.
childers
@childers
Hey all, is there any thought on adding two factor auth for apollo?
Robert Buels
@rbuels
Not the current one, no. Next gen one that we are currently working on might support external authn that could provide that
childers
@childers
@rbuels Cool. Thanks for the update
Nathan Dunn
@nathandunn
childers
@childers
@nathandunn Thanks! I'll check that out.
Does Apollo support java 17? I know the docs say 8+ but that is a pretty big jump
Curtis Ross
@cross12tamu
Hello, is there an easy way to prune/delete organisms (as an admin?)
Helena Rasche
@hexylena:matrix.org
[m]
If you've got a list of of organism common names or so, use arrow
https://github.com/galaxy-genome-annotation/python-apollo you can pretty quickly write a loop in bash to call the delete organism function
Curtis Ross
@cross12tamu
Thanks
Scott Cain
@scottcain
When I’m running the apollo container that we use at AGR, I see several sql errors when running the launch script and then the message Not using chado!. Given that the container isn’t working (tomcat is returning 500 errors), is this likely the problem, and what should I do.
(and of course, our devops guy says to me again: “ you should really create a base container that has a chado database already in it”. yeah, yeah, I know.)
2 replies
Nathan Dunn
@nathandunn
@scottcain the base docker container of Apollo has docker in it
so, just need to merge that in
probably a few other places as well
Helena Rasche
@hexylena:matrix.org
[m]

Oh yeah no worries, didn't know if you knew, and yeah new moving parts is always more work, totally get it.

Hour and a half to rebuild

Oof yeah that's a mood.

Scott Cain
@scottcain
It was something stupid (isn’t it always): I changed a set of urls and forgot to tell apollo
Scott Cain
@scottcain
Hi Apollo peeps! Has there been any thought to log4j and Apollo? I see that the version of grails I’m using is too old to be affected by the vulnerability (yay(?)). Are there other components that perhaps use a newer version of log4j?
Garrett Stevens
@garrettjstevens
I think we're safe (from that at least), see a bit of discussion here: GMOD/Apollo#2640
Scott Cain
@scottcain
Sounds good. Thanks!
Curtis Ross
@cross12tamu

I did not see the issue before, thanks for the post.

"Upper IT" at aTm is very involved right now, and some of it is about 1.X. However, I just got out of a meeting and I'll know over the next few days about how much they want to treat it as an actual problem. I'll keep y'all posted on what is found out.

childers
@childers
There are 2 other critical security issues with the log4j version in apollo2. It might be too old for the current crisis, but it is still vulnerable to other exploits
Helena
@hexylena:matrix.org
[m]
Yeah, the latest one applies under non standard configuration with something related to JMS toggled. I added it to that GitHub issue, but probably not affecting most folks
childers
@childers
Once we've seen that there are many critical and high issues, we can't ignore it. I am really unqualified in terms of Java development, but am tryin to slog through updating components. Is there anyone on the JBrowse/Apollo dev team or other developers that are interested in coming together to help update test these updates?
Nathan Dunn
@nathandunn
@childers it is using 1.2.17 . . . not sure all of the risks, but here: https://logging.apache.org/log4j/2.x/security.html . . mostly log4j 1 isn't affected for most of these.
Helena
@hexylena:matrix.org
[m]
No, not suggesting ignoring it, just that the exploit not applying to most users means it's a lot lower of a priority. The list Colin posted was definitely full of things to address, but for a lot we shouldn't discard that the exploits simply don't work for many instances, that should factor in the "panic patching" calculation a bit.
childers
@childers
@hexylena:matrix.org Apologies for my language there, I didn't think that the list of errors was being ignored, it's good to see that there is interest to bring the dependencies up to date. I am concerned because I read the earlier statements as dismissive of the critical and high vulnerabilities. Just because the log4j is not impacted by this critical vulnerability, there is another critical vulnerability that affects the version that is being used.
Helena
@hexylena:matrix.org
[m]
Oh no worries, apologies for coming across dismissive, I can see that interpretation for sure. I wish I had bandwidth to work on any of these myself
I think I personally am stuck with defense in depth and locking it down as much as possible, not sure what else we can do, it's such a long list
And worse it looks like less than half have a fix available which is not great
Helena
@hexylena:matrix.org
[m]
I can't remember if we posted it or not, but for other large Apollo users, we built this to work around slow loading of large large organism lists. For hundreds of organisms it can take load times from 10 minutes to 30 seconds. https://github.com/galaxy-genome-annotation/apolpi/
Curtis Ross
@cross12tamu
^ can confirm :)
Nathan Dunn
@nathandunn
yikes @hexylena:matrix.org . Looks like the current method collects organisms correctly but then instead of doing a join in a single query to get counts (as you do) it performs a separate query. Wish I had time to fix.
2 replies
Helena
@hexylena:matrix.org
[m]
There aren't that many routes with this issue that a shim works fine
Scott Cain
@scottcain
I’m going to create an Apollo instance for AGR that has the NIH origanisms in it (human, rat, mouse, zebrafish, worm, fly and yeast) in it, and (presumably) back it with Chado as a demonstration with the idea of promoting it as the tool to be used by sequence curators at the respective MODs to use. Can I just fire up docker-compose with Apollo and Chado and I’m off to the races?
(actually, the only organisms in it might be yeast, worm and fly, at least to start)