Camelia, the Perl 6 bug

IRC log for #darcs, 2013-08-27

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:32 mizu_no_oto joined #darcs
01:47 intripoon_ joined #darcs
01:48 kofno joined #darcs
02:24 burp_ joined #darcs
02:30 arpunk joined #darcs
02:41 kofno joined #darcs
02:53 favonia joined #darcs
03:17 preflex_ joined #darcs
03:40 kofno joined #darcs
04:12 thorkilnaur joined #darcs
05:00 kofno joined #darcs
06:01 kofno joined #darcs
07:01 raichoo joined #darcs
07:01 kofno joined #darcs
07:25 arpunk joined #darcs
07:35 lelit joined #darcs
07:38 alexei_ joined #darcs
08:02 kofno joined #darcs
08:10 ManateeLazyCat joined #darcs
08:14 ManateeLazyCat joined #darcs
08:45 donri joined #darcs
08:46 MasseR joined #darcs
09:02 kofno joined #darcs
10:03 kofno joined #darcs
10:59 owst joined #darcs
11:03 kofno joined #darcs
11:28 kofno joined #darcs
11:40 mizu_no_oto joined #darcs
12:24 arpunk joined #darcs
13:18 uniquenick joined #darcs
13:21 kofno left #darcs
13:22 mizu_no_oto joined #darcs
13:27 burp joined #darcs
13:58 bfrank joined #darcs
14:05 sm morning all
14:16 bfrank hi
14:50 byorgey_ joined #darcs
15:09 raichoo joined #darcs
15:24 byorgey joined #darcs
15:26 dolio joined #darcs
15:28 mizu_no_oto joined #darcs
15:51 srinup joined #darcs
16:08 alexei_ joined #darcs
16:09 srinup joined #darcs
16:21 srinup_ joined #darcs
16:28 srinup joined #darcs
16:35 * Heffalump appears
16:37 notdan howdy
17:00 bsrk joined #darcs
17:05 * Heffalump appears again
17:05 bsrk Hi
17:05 Heffalump bsrk: how's it going?
17:05 * Heffalump checks the blog posts and todo list as usual :-)
17:06 bsrk I have god "darcs send" to just work
17:06 bsrk and I have started implemeting hakyll feature.
17:06 bsrk I think we should discuss the UI for hakyll a little.
17:06 Heffalump have you got anywhere with getting a merge started for the existing featuers?
17:06 Heffalump good news about darcs send
17:07 Heffalump what changes are needed for that?
17:07 Heffalump and yes, hakyll UI is definitely worth discussing.
17:08 bsrk Oh, and there is also the small patch in darcs for posting even without --mail
17:08 Heffalump ok, you should get that submitted
17:08 bsrk I think I submitted it?
17:09 bsrk http://bugs.darcs.net/patch1099
17:09 Heffalump so you did
17:09 * Heffalump pokes his email client
17:10 bsrk I have not talked about the merge with simon yet;
17:11 mizu_no_oto joined #darcs
17:11 Heffalump sm: you around now?
17:11 Heffalump if not you should get a conversation started by email
17:13 bsrk Okay, I will ask for feedback.
17:13 Heffalump what else was there to do with darcs send/bundles?
17:13 bsrk I think the only part left is authentication
17:15 bsrk I have put that on the backburner for now; in favor of hakyll
17:16 Heffalump so what would the behaviour be if your project finished now (and was merged as-is)?
17:17 bsrk Any user who has registered an account at darcsden will be able to seamlessly upload issue-bundles to any repository
17:18 bsrk (in darcsden)
17:21 bsrk If you email address do not match a registered account, then you will fail to upload the bundle.
17:24 arpunk joined #darcs
17:25 Heffalump so if they use darcs send with the "right" email address, the patch will get associated with the account?
17:25 Heffalump That seems like a security hole, though perhaps in practice it isn't too serious.
17:29 bsrk yes
17:31 Heffalump so do you consider it would be ok for this feature to be left as-is? If not I think you should focus on finishing it before you start something new.
17:31 Heffalump (If you do then time to start discussing it with sm)
17:32 Heffalump anyway, we can start discussing the Hakyll design now whether you start work immediately or not
17:33 bsrk I think it is okay as-is.
17:34 bsrk I have not used hakyll before; So I may be wrong about how it works :-)
17:35 bsrk There is a file site.hs for every hakyll project
17:35 bsrk when this file is run with the argument build
17:36 bsrk it will generate a folder _site
17:36 bsrk with all the html generated
17:37 bsrk our job is to find the hakyll sites in the repo, generate all the sites
17:37 bsrk and provide links to the generated files
17:38 notdan sorry for interupting, just wondering, what's the hakyll feature are you guys talking about? generating sites for darcsden hosted projects that are also happen to be Hakyll projects?
17:38 bsrk yes, that is the feature
17:39 Heffalump http://darcs.net/GSoC/2013-Darcsden , http://bsrkaditya.blogspot.co.uk/ are the project URLs
17:40 bsrk the blog location is bsrkaditya.blogspot.in
17:40 bsrk just checked, but co.uk is working too?
17:41 bsrk So the first point of choice is how we identify the sites:
17:41 Heffalump hmm, weird. I'm not sure where I got the .co.uk link from. Maybe some localisation setting redirected me
17:42 alexei_ joined #darcs
17:42 bsrk 1) we could ask the user to define the locations of all the sites to be compiled
17:43 bsrk 2) we could automatically flag all site.hs files as hakyll sites
17:44 Heffalump I would be inclined owards 1
17:44 Heffalump would the configuration be in-repo or via the web-ui
17:44 Heffalump ?
17:44 bsrk I prefer that too
17:45 bsrk Hmm, I have not thought about it from the web-ui point of view. I think web-ui is the better way.
17:46 bsrk The web-ui will be able to give back links to the generated sites too.
17:49 bsrk Should this option be on the repo main page or the repo settings page?
17:50 Heffalump repo settings I guess
17:50 epta joined #darcs
17:51 bsrk Okay, does it make sense to restrict one repository to one site?
17:53 notdan I think I am subscribed to bsrk's blog, just haven't checked my RSS reader for a while :)
17:53 notdan cool, great stuff you are doing
17:54 notdan Also Hakyll's project don't have to contain the site.hs file. It can be named anything since it's basically just a Main module
17:54 Heffalump bsrk: not sure - one repo might contain multiple sites
17:55 Heffalump where are you planning on actually putting the generated site?
17:55 Heffalump also, have you thought about security?
17:56 bsrk We don't have to put it anywhere, as darcsden can access files directly using raw
17:56 bsrk so if the site is at foo/_site/index.html
17:56 bsrk the darcsden link will be raw/foo/_site/index.html
17:57 Heffalump is that a good URL
17:57 bsrk what do you mean by security?
17:57 Heffalump ?
17:57 Heffalump well, I can think of at least two possible routes for privilege escalation if someone deploys a public darcsden with this feature
17:58 Heffalump but perhaps you should think security through from end to end and come up with your own list before we discuss it in detail :-)
17:58 bsrk you mean the user will be able to access files because of raw?
17:59 bsrk raw access is disabled if you are a private repo, so that will not be a problem.
18:01 Heffalump by privilege escalation, I mean that an actor - e.g. anonymous person, person with a darcsden account, some other category I haven't thought of - can get access to things that the owner of those things didn't intend to give them access to
18:02 Heffalump this is not exactly intended as a test, but it's worth thinking through this kind of issue for yourself from as many angles as possible
18:02 Heffalump because security issues can come up in surprising contexts and the more people thinking about it the better
18:04 Heffalump perhaps if you make a list of the possible attack vectors and we discuss next meeting? I'll let you know the ones I've thought of then :-)
18:04 bsrk Other than private repos, I can't think of anything. :-)
18:04 Heffalump well, take some time over it
18:04 bsrk Okay
18:05 Heffalump private repos are a good thing to be thinking about because if someone unauthorised can get access to their content it's definitely bad
18:06 Heffalump but there are other things associated with darcsden that people also shouldn't be able to get access to without authorisation. For example why does darcsden have a private ssh server instead of using a normal sshd?
18:07 Heffalump is there anything else to discuss? If not when shall we meet next?
18:07 bsrk Ah, the end user should not be able to run arbitrary code on the server.
18:07 bsrk So, we really can't be running any haskell file the user specifies.
18:08 Heffalump oh, I'd actually missed that the code gets run directly :-) I was thinking of more subtle things than that.
18:12 bsrk Okay, lets meet next monday?
18:14 Heffalump if we only meet every week that's not going to give many opportunities for feed back
18:14 Heffalump especially since there's this merge to make progress with sm asap
18:15 bsrk Allright, then how about Friday?
18:15 Heffalump ok
18:16 bsrk Is it possible to begin the meeting a little earlier?
18:17 bsrk Say at 15:30 GMT?
18:17 Heffalump sorry, I'm still at work then
18:17 Heffalump I can do first thing in the morning - e.g. 0600BST
18:18 * Heffalump checks on the BST/GMT relationship, I should know this!
18:18 Heffalump ok, so 0500GMT
18:19 bsrk 05:00 is more agreeable to me
18:19 Heffalump ok. It might be more like 05:05, depending on my trains.
18:19 bsrk That's fine
18:20 Heffalump I'll probably appear online at 04:30 but be a bit sleepy initially, and have to fit in things like shower and possibly going to catch a train, but whichever train I get I should b around from about 0505 to 0545.
18:21 bsrk Okay, 0505 it is
18:23 bsrk Okay, I will go to sleep now. :-)
18:51 javier_rooster joined #darcs
18:57 javier_rooster joined #darcs
19:01 lelit joined #darcs
19:02 konundra joined #darcs
19:02 javier_rooster joined #darcs
19:08 javier_rooster joined #darcs
19:13 javier_rooster joined #darcs
19:19 javier_rooster joined #darcs
19:19 favonia joined #darcs
19:24 javier_rooster joined #darcs
19:29 javier_rooster joined #darcs
19:35 javier_rooster joined #darcs
19:40 javier_rooster joined #darcs
19:44 favonia joined #darcs
19:45 javier_rooster joined #darcs
19:51 javier_rooster joined #darcs
19:56 javier_rooster joined #darcs
20:02 javier_rooster joined #darcs
20:07 javier_rooster joined #darcs
20:13 javier_rooster joined #darcs
20:18 javier_rooster joined #darcs
20:23 javier_rooster joined #darcs
20:29 javier_rooster joined #darcs
20:34 javier_rooster joined #darcs
20:39 javier_rooster joined #darcs
20:44 javier_rooster joined #darcs
20:50 javier_rooster joined #darcs
20:55 javier_rooster joined #darcs
20:58 xymox joined #darcs
21:00 javier_rooster joined #darcs
21:23 mizu_no_oto joined #darcs
22:06 favonia joined #darcs
22:24 arpunk joined #darcs
22:52 mizu_no_oto joined #darcs
23:21 mizu_no_oto joined #darcs
23:29 notdan I have $EDITOR set to emacs (and other editor variables like $VISUAL or $DARCSEDITOR unset), but darcs still opens vi when I try to record a long commit message :(
23:57 mizu_no_oto joined #darcs

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary