Camelia, the Perl 6 bug

IRC log for #darcs, 2013-06-06

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:33 intripoon_ joined #darcs
01:38 mizu_no_oto joined #darcs
02:27 dixie_ joined #darcs
03:12 favonia joined #darcs
03:18 preflex_ joined #darcs
03:22 mizu_no_oto joined #darcs
03:35 konundra joined #darcs
04:36 carter joined #darcs
04:48 edwardk joined #darcs
06:52 lelit joined #darcs
06:54 edwardk joined #darcs
07:20 raichoo joined #darcs
08:31 gal_bolle joined #darcs
08:39 gal_bolle joined #darcs
09:41 dcoutts joined #darcs
09:41 dcoutts joined #darcs
09:48 alexei joined #darcs
10:08 donri joined #darcs
11:01 delamonpansie joined #darcs
11:22 donri joined #darcs
12:01 mizu_no_oto joined #darcs
12:14 favonia joined #darcs
12:39 konundra joined #darcs
13:10 konundra joined #darcs
13:12 edwardk joined #darcs
13:12 favonia joined #darcs
13:20 mizu_no_oto joined #darcs
13:22 raichoo joined #darcs
13:40 uniquenick joined #darcs
13:52 lpsmith joined #darcs
14:21 mizu_no_oto joined #darcs
14:52 bsrk joined #darcs
14:52 bsrk joined #darcs
15:20 dolio joined #darcs
16:03 bsrk_ joined #darcs
16:07 raichoo joined #darcs
16:08 javier_rooster joined #darcs
16:10 konundra joined #darcs
16:31 donri joined #darcs
16:31 whaletechno joined #darcs
16:46 mizu_no_oto joined #darcs
16:56 dixie joined #darcs
17:02 * Heffalump appears - sorry I didn't make it at 17:30 as intended
17:05 Heffalump bsrk_: so how's it going? I'm just trying to build darcsden again after a while, cabal is proving fun as usual
17:09 bsrk_ Hi
17:10 bsrk_ I have implemented recovery of password
17:10 bsrk_ try it out from the login page
17:11 bsrk_ http://106.187.94.254:8900/login
17:11 haasn joined #darcs
17:18 * Heffalump tries it
17:21 Heffalump does following the reset link also log you in?
17:22 * Heffalump tests more - looks like it does
17:22 Heffalump is that intentional?
17:22 Heffalump it doesn't appear that one is logged in on the actual reset form, but if I have another page open and refresh that after visiting the reset link, I seem to be logged in
17:23 favonia joined #darcs
17:27 bsrk_ Yes, it is intentional
17:28 Heffalump ok, then the reset link page iself should indicate that
17:28 Heffalump also, how are reset links invalidated etc?
17:28 bsrk_ They expire in a day
17:29 bsrk_ also they are deleted after 1 use
17:30 Heffalump 1 use being where the user actually does reset the password/
17:30 Heffalump ?
17:30 bsrk_ yes
17:31 Heffalump have you had any ideas about how to write security tests? It all adds up to being complicated enough that having _something_ in that area would be valuable.
17:31 bsrk_ actually, no it is just access. :-)
17:32 Heffalump I've visted it several times and it still seems to work
17:32 bsrk_ heffalump: No, I don't know. On the other hand, I don't mind learning.
17:33 bsrk_ really? It is not working for me.
17:33 Heffalump I don't know either. Broadly, I can see two options.
17:33 bsrk_ what is the link?
17:33 Heffalump I've got the link frmo the email open in two tabs and both apparently would allow me to enter a new password
17:33 bsrk_ ah.
17:33 Heffalump msged you the link
17:34 Heffalump security testing options. (1) spin up a server, and use a web testing framework like Selenium to actually test as if a real client
17:34 Heffalump (2) abstract the code sufficiently that you can test inside a single process just by calling the core code directly.
17:36 bsrk_ hmm, (1) seems simpler and more robust to me.
17:36 bsrk_ Heffalump: I found out the error
17:38 Heffalump I'm not sure that (1) is simpler. Actually running the tests will be difficult, involving lots of extra software and also things like finding an appropriate port on the machine to run the tests through.
17:39 Heffalump On the other hand, the tests will be much more valid as a result.
17:41 bsrk_ As I understand it, is Selenium not a way to script the browser? If so I would say it runs on the client side.
17:41 bsrk_ Yeah, I guess the tests will not really be a part of the code, so it does mean extra configuration
17:41 bsrk_ Also, about the recover password bit, it should no longer work twice
17:42 Heffalump I guess there's a middle option where you run a server but use a programmatic client library to do the actual fetching.
17:42 Heffalump That probably makes more sense than (1)
17:42 bsrk_ Yeah, that is how I envisioned it.
17:43 Heffalump that's less heavy to install btu still has the general machine state problems of (1)
17:43 Heffalump imagine runnign two instances of the harness in parallel, for example
17:43 bsrk_ harness?
17:43 Heffalump the Haskell HTTP package actually has a test harness that does roughly this, although there the testing is for the client library with a mock server.
17:44 Heffalump the test harness
17:45 bsrk_ Ah, you mean the test server listens on a different port, maitain's different databases, etc?
17:45 Heffalump yes, that kind of thing
17:46 Heffalump the HTTP test harness doesn't solve the port number thing, you just can't run it twice in parallel on the same machine
17:47 bsrk_ I see. Then we can simply avoid running it on the same machine.
17:48 javier_rooster joined #darcs
17:48 bsrk_ It is not just the port numbers, but also the databases that are being used
17:48 bsrk_ darcsden is using couchdb, redis
17:49 bsrk_ and I am pretty sure that there is no simple way of changing database names
17:49 bsrk_ being used
17:49 bsrk_ sm?
17:49 Heffalump ah, good point
17:50 Heffalump it's in general bad to have tests that aren't properly isolated, because it makes it hard to run them in continuous integration etc, and for casual users to run them
17:50 Heffalump train ariving, biab (or see you next time)
17:50 bsrk_ It is getting late here, so how about monday?
17:55 edwardk joined #darcs
18:00 * Heffalump reappears - Monday is fine
18:08 bsrk_ See you then!
18:14 konundra joined #darcs
18:46 lelit joined #darcs
18:52 mulander joined #darcs
18:57 carter joined #darcs
18:58 alexei joined #darcs
20:04 alexei joined #darcs
20:05 favonia joined #darcs
20:22 javier_rooster joined #darcs
20:50 favonia joined #darcs
20:55 edwardk joined #darcs

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary