Camelia, the Perl 6 bug

IRC log for #mojo, 2010-10-07

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:13 perlrocks Twitter: "RT @kraih: #mojolicious has reached 20000 lines of code, and 10000 of those are tests. :) #perl" --insurgentsoft http://twitter.com/insurge​ntsoft/status/26600361338
00:15 a|newkirk[assoc] joined #mojo
00:16 alnewkirk|com left #mojo
01:27 sri DaTa: sure
01:28 sri DaTa: next time tests and pod entry please
01:42 GitHub129 joined #mojo
01:42 GitHub129 mojo: master Sebastian Riedel * aa8b115 (4 files in 4 dirs): added x function to ojo and made Mojo::DOM smarter - http://bit.ly/cPmtfv
01:42 GitHub129 left #mojo
02:10 perlrocks left #mojo
02:14 perlrocks joined #mojo
02:15 perlrocks left #mojo
02:16 perlrocks joined #mojo
02:28 stereonaut left #mojo
02:31 stereonaut joined #mojo
02:35 janus left #mojo
02:48 janus joined #mojo
03:06 stereonaut left #mojo
03:15 yakudzo joined #mojo
03:16 GabrielVieira2 left #mojo
03:17 GabrielVieira2 joined #mojo
03:24 stereonaut joined #mojo
03:26 Foxcool joined #mojo
03:37 polvo heh. the manual says 'just make sure not to use ^, $ and ()' for placeholder checks. then how do i workaround qr/(white|black)/ ?
03:38 perlrocks Twitter: "RT @kraih #mojolicious has reached 20000 lines of code, and 10000 of those are tests. :) #perl" --xomaa http://twitter.com/xomaa/status/26616281995
03:38 stereonaut left #mojo
04:03 tholen42 joined #mojo
04:05 sri polvo: qr/white|black/ should just work
04:05 tl left #mojo
04:05 sri you can always look at the compiled regex via "myapp.pl routes"
04:06 polvo sri, thanks
04:20 polvo 'Mamma Mia! The cruel meatball of war has rolled onto our laps and ruined our white pants of peace!' lol
04:33 perlrocks left #mojo
04:39 yakudzo how do I check if hash ref exists in epRenderer ?
04:40 yakudzo <% if (exists $uptime->{error}) {%> not working
04:41 polvo yakudzo, "defined"? just a guess
04:41 yakudzo same think as in exists case ):
04:44 baton8 left #mojo
04:54 baton8 joined #mojo
05:13 ysyrota joined #mojo
05:18 su-bzero_ left #mojo
05:38 stereonaut joined #mojo
06:12 kvorg left #mojo
06:13 yakudzo How do I add mojo log to controller, if i dont want to create my $log = Mojo::Log->new; in each controller ?
06:27 kvorg joined #mojo
06:27 koban joined #mojo
06:28 ltriant left #mojo
06:30 marcus_ sri: my sysadmin is begging you to release.
07:01 tholen42 left #mojo
07:15 tholen42 joined #mojo
07:16 yakudzo can anyone tell how to add Mojo::Log to helper to use it like $self->log->info('some thing')
07:16 yakudzo ?
07:26 koban yakudzo: $self->app->helper(log => sub { shift->app->log->debug( @_ ) });
07:27 yakudzo koban, in sub statup ?
07:27 koban yep
07:27 yakudzo many thanks (:
07:28 koban wait - it should be "$self->app->helper(log => sub { shift->app->log });"
07:35 yakudzo koban, in sub startup it is $self->helper.
07:35 yakudzo thanks
07:35 yakudzo (^
07:35 yakudzo Can I add JSON and DOM helpers like this ?
07:36 yakudzo I mean Mojo::JSON and Mojo::DOM
07:36 koban dummit - helper deprecated
07:36 koban http://github.com/kraih/mojo/blob/mas​ter/lib/Mojolicious/Controller.pm#L50
07:37 yakudzo wow
07:37 yakudzo (:
07:37 yakudzo so it will be removed soon ?
07:37 gabb should be removed with next release, as we havent hit major release yet and deprecation policy does not kick in yet
07:38 gabb otherwise it would stay in one release cycle
07:38 gabb *for one
07:39 yakudzo so is there any other not deprecated way ?
07:39 koban $self->app->add_helper(log => sub { shift->app->log }) ;)
07:39 koban http://github.com/kraih/mojo/blo​b/master/lib/Mojolicious.pm#L213
07:40 yakudzo (:
07:40 yakudzo cool
07:41 gabb when looking for stuff like that you can do a git-log | grep and find out usually rather easily
07:41 gabb git-log | grep helper shows deprecated helper method in Mojolicious::Controller
07:41 marcus_ nice
07:41 marcus_ my presentation is featured in the technology section of slideshare
07:42 gabb and then a dozen other and newer helper related information, like "added app helper"
07:42 gabb nice marcus_ :)
07:42 gabb more comments for you :P
07:42 gabb I really really start to like mojo client and ioloop
07:43 gabb saves me from using python for fast prototyping and writing of network POCs
07:44 arthas joined #mojo
07:44 yakudzo marcus_, "mojolicious web in the box" presentation ?
07:45 marcus_ yakudzo: no, mojo as a http client
07:47 yakudzo can you give a link ?(:
07:48 marcus_ http://www.slideshare.net/ma​rcusramberg/mojo-as-aclient
08:27 arpadszasz joined #mojo
08:48 Foxcool left #mojo
09:06 gabb guys, are any good recent perl / webdev related books out?
09:06 gabb im on my bimonthly amazon shopping spree and need food for thought
09:17 marcus_ enokindle?
09:19 gabb enowhat?
09:19 marcus_ http://www.amazon.com/HTML5-Up-Running-Mar​k-Pilgrim/dp/0596806027/ref=sr_1_1?s=books​&amp;ie=UTF8&amp;qid=1286443174&amp;sr=1-1
09:19 marcus_ kindle?
09:20 gabb ah, nah - good ol' tree-chopping paperback
09:20 marcus_ I'm getting my second kindle in 2 weeks
09:21 gabb which one?
09:23 spleenjack joined #mojo
09:23 gabb humm
09:23 gabb kindle books cost roughly 50% less than paperback?
09:24 gabb just saw the new black kindle with wifi ... and considering how much I read it may even economically be the better choice
09:27 Rhaen marcus_: ?
09:27 Rhaen marcus_: you should add a link to the wiki on your last slide
09:27 Rhaen marcus_: or even mention it that there is one.
09:27 Rhaen like:
09:28 Rhaen github.com/kraih/mojo & wiki
09:30 marcus_ too late
09:30 marcus_ :p
09:30 marcus_ I'll do it for the LPW talk
09:33 gabb hm, some books for kindle are even more expensive than paperback ... thats weird
09:38 yakudzo I have XML from which I get some values and paste it on the page. I parse XML using Mojo::DOM; is following paste is the best way to do this or maybe it would be better to just use find and then pass referense to DOM::_Collection object in template ?
09:38 yakudzo http://paste.scsys.co.uk/52606
09:39 yakudzo I ask this because looking to $self->dom->find.... string is frightening me. I think it would be difficult for others to understans what I have done(:
09:45 marcus_ yakudzo: not coding for job security, eh?
09:45 yakudzo not security
09:45 yakudzo ((:
09:46 marcus_ I would just use $self->dom("property")
09:46 yakudzo without find it will work the same ?
09:46 marcus_ it does with github master
09:47 * marcus_ nags about 030 release again
09:48 yakudzo yesterday I made latest clone from github is it already old one ?(:
09:48 gabb coding for job security, heh - that reminds me of http://freeworld.thc.org/root/phun/unmaintain.html
09:50 yakudzo gabb, Connection refused (:
09:50 gabb maybe thats better, the ideas there are quite destructive :P
09:51 yakudzo (:
09:51 marcus_ http://webcache.googleusercontent.c​om/search?q=cache:http://freeworld.​thc.org/root/phun/unmaintain.html
09:51 gabb excerpt: Hungarian Notation is the tactical nuclear weapon of source code obfuscation techniques; use it! Due to the sheer volume of source code contaminated by this idiom nothing can kill a maintenance engineer faster than a well planned Hungarian Notation attack. The following tips will help you corrupt the original intent of Hungarian Notation:
09:52 gabb I especially like:
09:52 gabb Look Busy
09:52 gabb use define statements to make made up functions that simply comment out their arguments, e.g.:
09:52 gabb #define fastcopy(x,y,z) /*xyz*/ ... fastcopy(array1, array2, size); /* does nothing */
09:52 * gabb ends multi-line-copy-paste-session
09:55 yakudzo I think I did not understood meaning of 'coding for job security' (:
09:55 marcus_ yakudzo: making sure nobody can take over your code.
09:55 gabb heh, I think marcus basically meant the style of coding where you make yourself indispensable because only you understand your own code
09:57 yakudzo heh (:
10:02 gabb marcus_: ever used xslate?
10:03 marcus_ gabb: no
10:19 yakudzo http://www.dudalibre.com/gnulinuxcounter?lang=en
10:20 yakudzo hehe
10:20 marcus_ http://www.thefuntheory.com/
10:51 dotan joined #mojo
10:55 gabb left #mojo
10:59 gabb joined #mojo
11:10 yakudzo left #mojo
11:16 baton8 left #mojo
11:21 baton8 joined #mojo
11:45 koban left #mojo
11:45 koban joined #mojo
11:57 DaTa perl -CSD -Mojo -E 'x(do{local$/;<>})->find("jdbcc​onnectionpool")->each(sub{$,=" "; say @{ shift->attrs }{qw(Name DriverName TestConnectionsOnReserve TestFrequencySeconds)}})' < config.xml ♥
12:02 dotan DaTa: sweet. Didn't know about ojo x() or -C options until now
12:06 DaTa dotan: x() is brand new :)
12:10 dotan Yep, just did git pull and perldoc to see what it does. Of course it just does what all the other ojo functions do: saves typing.
12:25 Rhaen MongoDB is web scale
12:30 gabb stop that Rhaen - I keep breaking out in laughter when I remember that
12:32 Rhaen yep - same here. Think I'll convert it to an audio podcast
12:32 Rhaen for personal motivations
12:32 gabb heh
12:51 marcus_ gabb is web scales
12:51 * marcus_ STABS memory management
12:56 fhelmber_ joined #mojo
13:07 zamolxes joined #mojo
13:07 zamolxes Yea baby!
13:22 a|newkirk[assoc] left #mojo
13:28 sri koban: you are misunderstanding something
13:29 sri the controller method helper is deprecated, not the app method
13:29 sri they are not the same
13:29 sri app->helper(log => sub { shift->app->log->debug( @_ ) });
13:30 sri thats perfectly fine
13:34 koban damn, i'm very sorry for giving bad advice for yakudzo
13:34 perlrocks joined #mojo
13:35 koban I'm confused Mojolicious with Mojolicious::Controller
13:37 sri just remember their scope, app is persistent, controller gets reinitialized for every single request
13:42 gabb god I love sqlite
13:44 jawnsy left #mojo
13:45 sri Oo
13:49 sri haha, new romantically apocalyptic is good
13:50 sri but where is yko again?
13:53 jawnsy joined #mojo
14:11 und3f[A] is now known as und3f
14:12 gabb couchdb + futon looks like a better maypole CRUD
14:13 jamesw joined #mojo
14:27 Rhaen hm, I am thinking of submitting a talk to London PWS
14:27 gabb about things that are web scale?
14:27 Rhaen Titled something like "Documentation and Marketing Perl projects"
14:28 Rhaen haha!
14:28 Rhaen gabb: STOP IT!
14:28 gabb hm, the marketing aspect of (perl) projects is interesting
14:28 gabb and how documentation plays a role in it
14:28 Rhaen yep. That's what I think.
14:29 gabb as a matter of fact I have a project that dabbles in that area
14:29 Rhaen I have some ideas about it - and, yes - maybe we are not that bad right now
14:29 Rhaen we can improve - but hej, that would be good to just show it.
14:30 gabb well, we definetly can improve, esp. with a hands-on demo / tutorial kinda thing
14:30 Rhaen hm, what do you think. I that worth a talk?
14:30 Rhaen I never have been on a foreign  PM conference
14:30 gabb I definetly think so, but then again I have no say/stake in the perl community per se and dunno what the reception for this kinda talks is
14:31 Rhaen hm, THAT's the reason to submit one :
14:31 Rhaen :)
14:33 Rhaen let's see if I can find a cheap flight
14:35 Rhaen ok, this makes it easy. It's way too expensive. That's about 250 euros for the flights only
14:35 Rhaen no way!
14:36 zamolxes sri: is there something I need to know when trying to build a non-blocking app? (the app will only do: incoming request -> create request to slow remote server -> parse results -> return JSON response to browser)
14:37 zamolxes uhm, sorry for prefixing
14:37 zamolxes anyone :) ^^
14:37 zamolxes like, if there some' deployment limitations (i'm thinking it will only work with something like twiggy)
14:38 Rhaen brb!
14:38 Rhaen left #mojo
14:39 arpadszasz left #mojo
14:48 rhaen joined #mojo
14:49 rhaen left #mojo
14:51 rhaen joined #mojo
14:54 sri zamolxes: it only works with the built in servers
14:54 spleenjack left #mojo
14:54 spleenjack joined #mojo
14:55 sri but for fastcgi for example it wouldn't matter anyway
14:55 sri since one fastcgi process can't serve requests parallel
14:55 sri (the protocol allows it actually, but no server supports it)
14:57 rhaen left #mojo
14:58 sri actually, it might work with servers using other event loops too, but not out of the box
14:59 sri you would have to do Mojo::IOLoop->singleton->one_tick(0) manually from the other event loop
15:00 sri making multiple event loops play nice requires a little deeper understanding of event programming though
15:03 zamolxes sri: ok, so I don't mind using the built in server. Would you use it in production?
15:04 koban left #mojo
15:04 koban joined #mojo
15:04 sri yes, but we'll soon have an even better server for production setups
15:04 sri ALL GLORY TO THE HYPNOTOAD!
15:05 sri hypnotoad is basically a pool of built in servers, with clean support for hot deployment
15:08 sri it is almost finished, but i'm having a hard time fine tuning the graceful shutdown feature for persistent connections
15:09 gabb I hope you call the next project Nibbler or Nibblr :P
15:10 sri lol
15:10 gabb or Morbo (the annihilator) - the news anchor from futurama
15:11 sri that would have been a nice server name too
15:27 alnewkirk ehlo
15:27 fish_ joined #mojo
15:27 fish_ re
15:28 fish_ vti: btw, just merged my booylicious fork branch again...
15:34 rhaen joined #mojo
15:34 rhaen hep!
15:37 zamolxes sri: what do you think of Twiggy though?
15:38 rhaen getting twiggy with it?
15:38 * rhaen dances.
15:41 vti fish_: there are comments done as plugins
15:41 vti fish_: you could consider doing that too
15:41 sri zamolxes: it's anyevent, i don't care about anyevent
15:41 vti fish_: and not wait for me
15:41 sri anyevent is a lie :)
15:42 vti sri: why's that? :)
15:43 sri mlehmann says it is the DBI of event loops, everybody can just play happy together, while in fact it's just a trick to lure people to EV
15:43 sri if he truly wanted to unite event loops he would have built something else
15:43 sri like a Coro harness that actually runs all event loops happily together
15:44 sri i like EV, but AnyEvent is a lie :)
15:45 sri if i was going to invest heavily into a popular event loop it would surely be POE
15:46 sri POE has an EV mainloop too
15:47 sri basically all general purpose event loops have backends for each other
15:49 zamolxes sri: i understand. so i'll just use the default. Should it handle something like 10k simultaneous slow connections ?
15:49 zamolxes (i'll just test and see :) )
15:49 sri if the server is tuned right
15:50 zamolxes sri: where do I read on that?
15:50 sri thats operating system specific
15:50 zamolxes http://search.cpan.org/~kraih/Mojolicious-​0.999929/lib/Mojo/Server/Daemon/Prefork.pm
15:50 zamolxes oh, i thought your server :)
15:50 sri file descriptor limits and stuff
15:50 zamolxes oh, i can deal with that
15:51 zamolxes I run a lot of huge varnishes :)
15:51 zamolxes i'll probably run varnish in front of it anyways
15:51 zamolxes in order to cache the static files aand repeated requests
15:52 fish_ vti: damn.. thats the reason why I asked you before writing anything.
15:55 vti fish_: it wasn't possible at that time
15:56 zamolxes sri: what do you recommend for database access in a non-blocking mojo app?
15:56 zamolxes i'm probably not going to need it in this project, but just curious
15:56 sri with DBI you are pretty much screwed
15:57 sri only way to do that is an external worker pool
15:57 fish_ vti: *sigh* maybe i find some time to make a plugin out of it
15:57 sri DBD::Pg has async support these days though i heard
15:57 sri so with the rigth DBD it might work
15:58 fish_ but i get more and more pragmatic. maybe i'll just use some hosted blog provider
15:58 zamolxes i would be using Pg anyways, thanks for the tip.
15:59 zamolxes the external worker pool doesn't sound like a bad idea though. do you have other async clients implemented beside the HTTP one?
15:59 koban left #mojo
15:59 zamolxes i'll just let them talk over http if nothing else is available, doesn't matter
15:59 sri wonder why we have no good general purpose REST -> DBI gateway
16:00 zamolxes Catalyst::Controller::DBIC::API::REST :)
16:00 zamolxes ok, it's not general purpose, but still :)
16:00 sri i mean on the sql layer ;p
16:01 zamolxes well.. most modern nosql dbs have rest outofthebox
16:01 vti sri: there is dbslayer, but it sucks
16:01 sri vti: i know, thats why i said "no good" ;p
16:02 sri zamolxes: one of the main reasons i love couchdb so much
16:02 ysyrota left #mojo
16:02 sri couchdb + the new lucene support will prolly be my primary choice in the future
16:03 zamolxes sri: and just use your http client for dealing with everything. nice.
16:03 * sri nods
16:03 zamolxes someone should make a REST image-magick server :)
16:03 sri actually
16:04 sri all we would need is a worker pool server to do random blocking tasks
16:04 sri be it image magick or dbi
16:04 zamolxes well couldn't you use Server::Prefork for that?
16:04 zamolxes and just run another mojo instance
16:05 sri theoretically yes
16:05 sri i'll keep that in mind for hypnotoad
16:07 zamolxes :)
16:07 zamolxes this is fun, thank
16:07 zamolxes s
16:07 sri we could even use a websocket connection
16:07 sri to reduce overhead
16:08 zamolxes sounds good. but then you would need to have a single client instance  to be used for all requests
16:08 GitHub129 joined #mojo
16:08 GitHub129 mojo: master Sebastian Riedel * cb25062 (4 files in 3 dirs): removed request limit support for now, will return in a more sensible form with hypnotoad - http://bit.ly/a2jKQp
16:08 GitHub129 left #mojo
16:09 zamolxes s/used/reused/
16:31 sri http://redis.io/logocontest/index.php?desc # wow, thats a lot of logos
16:35 ash_ joined #mojo
16:35 gabb ye but most are really really  bad
16:36 sri #88 rocks
16:36 gabb prefered #84
16:37 sri NO WAY!
16:37 gabb lol
16:37 gabb #24 actually
16:38 sri wow
16:38 sri REDDIS
16:38 gabb dude has balls for submitting that :D
16:39 vti 24++
16:39 sri Justin C
16:39 sri no he didn't have the balls to show his name...
16:39 gabb Justin Cimberlake obviously
16:39 sri lets vote 24
16:40 gabb You voted entry ID #24
16:40 gabb Thanks for your vote!
16:40 sri 3 votes!
16:41 gabb im desperately looking for a problem to solve with GeoCouch :P
16:42 vti Thanks for your vote!
16:42 gabb then again there is already a great app based on geocouch I think
16:45 gabb anyone here used couchdb + mojolicious?
16:45 gabb in a real app?
16:46 sri judging by the number of couchdb bindings on github i'd say very likely
16:46 gabb how do you expose couchdb to mojo? do you simply deploy it alongside your app? no close binding?
16:47 sri ye
16:48 sri in the not so distant future you'll be able to run mojolicious apps *inside* couchdb :)
16:48 gabb hm, I will need to check whether or not you can use mod_rewrite or something, because the URLs for couchdb queries are too attractive for noobs to play around with params
16:53 kvorg left #mojo
16:57 sri wow, i guess we were not the only ones who like #24 :o
16:58 gabb lol
17:02 gabb redis looks interesting
17:02 sri it is
17:02 gabb perl module for it?
17:02 gabb if I undetstand it correctly you run redis as a daemon?
17:03 sri it uses the memcached protocol
17:03 sri just with more commands
17:03 sri yes you do
17:05 gabb seems the ruby folks got a dedicated module for events
17:06 sri eventmachine?
17:06 gabb ye
17:06 sri whats actually interesting is that they don't have many more
17:06 sri perl has dozens
17:06 gabb was wondering if the perl module covers that or if you can use IO::Kqueue
17:07 gabb oh, then I was reading old info I guess
17:07 gabb redis.pm however doesnt seem to be up2date?
17:07 sri dunno
17:08 gabb when I read up on redis I immeditely thought about session for my apps and looked around to find Plack::Session::Store::Redis, however the pod says its limited to a specific redis version, due to redis.pm
17:08 sri redis is changing a lot
17:08 marcus_ gabb: I'm using mongodb for a geoapp now
17:09 sri they just recently added virtual memory support
17:09 marcus_ becuase geocouch wasn't in the mainline couch
17:09 marcus_ because even
17:09 marcus_ also WEB SCALE
17:09 sri WEB SCALE!
17:10 gabb WEB SCALE!
17:10 gabb marcus_: I was intrigued by geocouch because of http://pollen.nymphormation.org/afg​war/_design/afgwardiary/index.html
17:11 gabb extracting and mapping the geo spatial data from 75k+ documents along with date is no small feat and it seems to be a couchapp basically
17:11 marcus_ neat
17:12 marcus_ I just need a few hundred pubs
17:12 marcus_ at least for starters
17:12 GabrielVieira2 is now known as GabrielVieira
17:12 gabb tracking santa this xmas with gps so he doesn't forget you again? :P
17:12 marcus_ nah, making a beer prices app
17:12 gabb everyone knows he lives somewhere in norway :P
17:12 marcus_ for iphone
17:12 gabb oh, sweet, even better
17:13 marcus_ with a mojo+mongodb backend
17:13 sri mmmm....beer
17:13 sri this is exactly what mojo was made for!
17:14 gabb ye, to track down cheap beer, I agree
17:15 marcus_ It's the app I was born to make!
17:17 Htbaa joined #mojo
17:20 fhelmber_ left #mojo
17:48 spleenjack left #mojo
17:55 dotan left #mojo
17:55 * gabb already abandons couchdb and switches to neo4j
18:12 stephen left #mojo
18:13 arthas left #mojo
18:14 diegok wow, #24 is going to win the redis logo contest!
18:16 sri that would be hilarious
18:17 gabb no way lol, the devs will spend the entire night voting for others :P
18:17 gabb or simply cheat with a db query
18:18 sri my bet is on 84 to win
18:18 gabb :P
18:18 gabb yes
18:18 gabb thou #88 would be good too without the pacman
18:19 sri yea, the developer will simply change the data and pick what he likes
18:19 stephen joined #mojo
18:19 gabb problem with it right now (with pacman) is you can have b/w or monochrome versions, which are a must-have
18:19 gabb *can't
18:21 sri 82 and 83 are not too bad actually
18:21 sri somehow seem familiar though
18:22 gabb 82 = rollo
18:22 gabb 83 = some ruby module/project
18:22 gabb erm, not rollo ... what was it?
18:22 gabb hmm
18:23 sri adobe something?
18:23 gabb but yes, those are similiar to existing logos
18:23 gabb ye, probably
18:23 sri i like the red and grey
18:23 gabb but its so standard ruby-project style
18:24 gabb i'd go for #88, but only the font with the red dot
18:24 sri 84 needs a different typeface
18:24 gabb ye
18:25 sri 107 is also too familiar
18:25 gabb some of these guys must be in the possession of a time machine because some designs look like they are straight from 1970
18:26 kvorg joined #mojo
18:26 sri 105 is actually really good
18:26 gabb #70 has a bad bad type, but the icon is not bad
18:27 gabb i actually like #79 for its simplicity
18:27 sri agreed
18:27 sri the whole red-is idea is interesting
18:28 gabb vote for entry #24
18:28 gabb by Justin C
18:28 gabb 10020 vote(s)
18:28 gabb lol
18:28 sri also the red dot with the "is"
18:28 sri lol
18:28 gabb ye, the idea is good, but horribly executed
18:29 gabb he should have made a red dot like that, but then used a cursive typeface, enlarged to be 120% or so of the dot/circle
18:29 gabb since its white it would cut the circle in areas which would make it look abstract, until you focus and see the "is" written
18:34 sri oh, mythbusters is back
18:48 rhaen hep
18:54 spleenjack joined #mojo
19:18 kvorg
19:43 rhaen_ joined #mojo
19:43 rhaen left #mojo
19:43 rhaen_ is now known as Rhaen
19:47 arpadszasz joined #mojo
19:52 zamolxes sri: curious, any big site/app using mojo yet?
19:53 sri no alexa 500 yet, but some bigger sites yes
19:54 arpadszasz hello
19:54 zamolxes sri: example (if not covered by some nda)?
19:54 * sri waves
19:54 sri zamolxes: they've only been mentioned in private to me so far
19:54 arpadszasz is there a way to run a mojo app under taint mode?
19:54 sri arpadszasz: not yet
19:54 zamolxes sri: i have some huge catalyst projects not in alexa 500 , so that shouldn't matter much :)
19:54 zamolxes sri: i see, ok
19:55 sri there is no magical roadblock preventing big apps :)
19:56 sri if you can do something with catalyst you can prolly do it with mojolicious as well...possibly while having more fun
19:57 zamolxes ojo++ # heh
19:57 Rhaen because we are webscale.
19:57 sri WEB SCALE!
19:58 sri http://www.xtranormal.com/watch/6995033/ # for those that don't get the web scale joke
19:58 Rhaen haha. even close to be included inside a FAQ :)
19:58 sri :D
20:01 Rhaen does anyone is aware of a nice vector drawing application on MacOS X - like, hm, a good Visio?
20:04 zamolxes sri: how are you using it in production?
20:04 zamolxes sri: client projects? or some of your own?
20:04 sri Rhaen: omnigraffle
20:04 Rhaen oh, btw - does sri work at least for anyone except Mojolicious?
20:04 Rhaen sri: student?
20:04 sri zamolxes: clients, working on my own :)
20:05 zamolxes sri: all NDA? i would love a 'sites powered by mojo' page :)
20:05 zamolxes sri: i tell you, if this new project i'm doing with mojo takes off, you can put it there :)
20:05 sri i don't disclose my clients unless they allow it explicitly sorry
20:06 zamolxes sri: me neither, of course
20:07 Rhaen sri: professional or standard edition?
20:07 Rhaen suggestions?
20:07 sri Rhaen: if you like drawing yourself Sketch is pretty damn good too
20:07 sri standard
20:08 sri but omnigraffle for sweet looking diagrams
20:09 Rhaen really, I mean - hm. Well, ok, it's 99€
20:09 marcus_ startsiden.no/tvguide is using mojo :-)
20:09 marcus_ but only the client.
20:10 marcus_ the rest is catalyst and tt.
20:10 Rhaen catalys-tt?
20:11 Rhaen hm, sri - do you OmniG. for illustrating technical things like infrastructure of servers, etc?
20:11 Rhaen That's what I am looking for.
20:11 perlite left #mojo
20:11 perlite joined #mojo
20:11 sri seems like a good task for omnigraffle
20:12 Rhaen k, thx
20:12 marcus_ I've done that in omnigraffle
20:12 Rhaen marcus_: ok, now comes the question: will you do that again?
20:13 marcus_ sure
20:13 Rhaen k.
20:13 Rhaen marcus_: oh, standard or professional? What do you think?
20:14 sri can't you always upgrade?
20:14 marcus_ Rhaen: I own the standard version
20:14 Rhaen ah, I'll check - good point. Right now I am comparing those 2 on their website
20:14 marcus_ but not the latest one, and I'm too cheap to pay for an upgrade
20:14 sri i once had the pro, but downgraded 2 updates or so ago
20:15 Rhaen I warn you guys, if I buy Omnigraffle now, all the article which I am writing about Mojolicious will have those graphics in it!
20:15 sri thats good
20:15 sri omni diagrams tend to look sleek
20:16 marcus_ I think I have to preorder a glif
20:16 sri think i got omnigraffle for the very first catalyst flow diagram back in the days
20:16 Rhaen glif?
20:17 Rhaen glib?
20:17 Rhaen gif aka girls in files?
20:17 marcus_ http://www.kickstarter.com/projects/danpro​vost/glif-iphone-4-tripod-mount-and-stand
20:17 marcus_ sri: I think you did too.
20:17 marcus_ it looks veri omnious
20:17 marcus_ ;)
20:17 sri is it still around?
20:18 marcus_ I think it's in the wiki
20:18 marcus_ unfortunately mst is unable to keep that running
20:18 marcus_ and he doesn't want me to take over the hosting :-/
20:18 sri lol
20:19 marcus_ he'd rather just talk shit about mojomojo instead.
20:19 sri sounds familiar
20:19 sri glif looks cool
20:19 sri but iphone4 is like old!
20:19 marcus_ I <3 my iphone
20:19 sri they are about to start producing the iphone 5
20:20 marcus_ I doubt it will come out until july
20:20 sri to go on sale in january
20:20 ash_ left #mojo
20:20 marcus_ nah, that'll be a cdma version of the iphone 4
20:20 sri all the new networks want the iphone5 in january
20:20 sri rumors say they changed the antenna design too
20:20 marcus_ I really doubt apple will break their yearly cycle
20:21 sri new networks would be a good reason to do it
20:21 marcus_ "The phone would resemble the iPhone 4 currently sold by AT&T, but would be based on an alternative wireless technology used by Verizon,"
20:21 marcus_ http://online.wsj.com/article/SB1000142​4052748703735804575536191649347572.html
20:21 sri :/
20:21 marcus_ that's probably the most reliable source
20:22 marcus_ you'll probably just break down and get an iphone 4 in march, just before the iphone 5.
20:22 marcus_ :D
20:22 marcus_ What I'm waiting for is the retina display ipad
20:22 sri -.-
20:22 marcus_ that will be awesome
20:23 sri nonono...i can wait
20:24 marcus_ just bought Pro HDR for the iPhone - http://twitpic.com/2vferf
20:24 marcus_ will make nice results with the glif
20:27 sri looks great
20:37 arpadszasz sri: got it working under taint mode
20:37 sri arpadszasz: you won't gain much though
20:37 sri the http parser untaints incoming data
20:38 sri in fact it might even give you a false sense of security
20:38 sri so be careful :)
20:39 arpadszasz it untaints it based on what pattern?
20:39 sri http
20:39 sri we use a regex parser
20:41 arpadszasz i taught the hole reason for taint mode in Perl is to prevent outside data to be called in places where it might be a security risk (like system() calls)
20:41 sri thats a whole different use case
20:42 arpadszasz so it forces the developer to check this data manually for patterns they should allow
20:42 arpadszasz isn't it the default case when using -T on the shebang ?
20:42 sri thats the idea, doesn't work for us though
20:43 sri because we need to automatically parse the input
20:43 arpadszasz why not ?
20:43 sri as in parse http requests
20:43 arpadszasz ok
20:43 sri taint mode is pretty much useless for web apps
20:44 arpadszasz i need the "warn me if i'm about to put a security hole in my webapp" type of taint checking :)
20:44 * marcus_ warns arpadszasz
20:44 sri thats why i said it might give you a flase sense of security ;)
20:45 arpadszasz are you reffering to web apps in general or only to mojo web apps ?
20:45 sri we do other stuff to protect you though, like automatically html escape in templates
20:45 sri webapps in general
20:45 sri i guess it does work for cgi
20:46 sri since there the webserver does the parsing work
20:46 sri but in modern web frameworks like mojolicious and catalyst you have built in web servers written in perl too
20:47 arpadszasz so you get the protection from tainted data only when using the mojo daemon ?
20:47 sri the other way around
20:47 sri you migth get it with cgi
20:47 sri put even then only partial
20:48 sri since the url parser will too use regex
20:48 ltriant joined #mojo
20:49 arpadszasz i should research more on the subject of taint mode in Perl
20:50 arpadszasz but from what i've seen it is (or was) recommended
20:50 sri it only works on the lowest level
20:50 sri if you handle your own io
20:50 sri as soon as you have a higher level parser stuff gets automatically untainted
20:53 Rhaen marcus_: omnigraffle, right?
20:54 arpadszasz so let's say i have very simple mojo-lite with a silly security hole: my $date = qx</bin/date>
20:55 Rhaen yes
20:56 arpadszasz sorry, that's: my $date = qx</bin/date $self->param('date_format')>
20:56 sri arpadszasz: thats one of the few cases where taint mode would help you
20:56 sri that not
20:56 sri param is 100% untainted
20:56 fod joined #mojo
20:56 fod left #mojo
20:57 Htbaa left #mojo
20:57 arpadszasz i guess automatic untainting in the http parser would allow the character ';'
20:57 sri even worse
20:57 sri it would unescape unicode chars and stuff
20:59 arpadszasz sri: i don't want to waste your time here, so i'll try to come up with a paste :)
20:59 sri the topic might be worth an faq entry
20:59 sri or at least a mention in the wiki *hint hint*
21:00 Rhaen yes?
21:00 Rhaen my sensors detected wiki.
21:01 sri the usefulness (or lack thereof) of taint mode in mojolicious (and web apps in general)
21:02 sri the topic seems to come up every few months :)
21:02 Rhaen hm, why you shouldn't run mojo in -T?
21:02 Rhaen just because everything will get checked automatically?
21:03 sri or why it doesn't make sense
21:03 sri everything gets untainted anyway
21:03 sri it migth be harmful in that it gives a false sense of security
21:03 Rhaen hm, however, I can imagine some examples. *cough*
21:04 Rhaen Mojo has no datastore (as of now)
21:04 Rhaen this means someone can use a small model based on files.
21:04 Rhaen Taint mode ...well, hm. nah, forget it.
21:04 sri maybe read what i wrote above :)
21:05 sri the http parser use regex, taint bit doesn't survive
21:05 sri *+s
21:06 Rhaen hm, well - really? If you use data which is read by your model class can pull in unsafe data
21:06 arpadszasz sri: now i understand what you meant
21:06 Rhaen like using those old perl structures.
21:06 Rhaen by using taint you have to check at least the filehandle stuff.
21:07 sri Rhaen: on that end it might make sense of course
21:07 Rhaen I agree with you - with all those frontend stuff, right.
21:07 sri but what people think of at first is always ->param('foo')
21:07 Rhaen correct!
21:07 Rhaen yep, I guess there is another thing which might be confusing to people
21:08 Rhaen (as in my company)
21:08 Rhaen I have a god of perl programming, let's call him Mr. Hashref for now
21:08 Rhaen na, Mr. Reference - I am the hashref guy.
21:09 Rhaen He always uses taint mode - and he really had some problem when I told him, that he doesn't have to check everything
21:09 Rhaen however, checking for bad things is one thing, checking your input data for reasonable stuff is something completely differnt
21:09 Rhaen +e
21:10 Rhaen maybe we should point that out :)
21:10 sri there once was a module to retaint values
21:10 sri http://www.cpantesters.org/distro/T/Taint.html # but i have a feeling this might work anymore
21:10 Rhaen like: we do care if someone enters weird chars in the email address field of a form, _YOU_ have to check if that's valid date
21:11 Rhaen s/date/data/
21:13 Rhaen sri: bought!
21:15 sri happy diagramming
21:15 Rhaen thanks, will look forward to it.
21:38 Rhaen just drawing the have some cake graphics. Awesome tool!
21:46 kvorg you guys in the front lines, can you explain this to the peanut gallery?
21:48 kvorg do you conclude that somewhere in the docs it should be pointed out that while taint might perhaps warn you while doing something stupid with your application and your OS, it will not help by design with Mojolicious itself (since all will get untainted in the process of http and such). Mojolicious does, however, try to help by being DWIMMY and escape HTML, convert encodings etc. as much as possible.
21:48 kvorg sri: There, a wall of text, just as you like them.
21:48 Rhaen hahaha! Awesome :)
21:48 Rhaen kvorg++
21:48 * kvorg sprays on the wall and hides behind marcus_.
21:52 kvorg sri: No one expressed any interest in the extra tag helpers: http://github.com/kvorg/mojoli​cious-plugin-tag_helpers_extra
21:52 kvorg I was planning to wait for a week and put this on CPAN, but now it feels I will just be polluting the Mojolicious::Plugin namespace.
21:53 kvorg (I do think a least group behaviour for the check boxes should be in core, so that the same syntax can be used for radio buttons and check boxes. The rest is probably without general interest.)
21:54 kvorg i think i am falling down
21:55 kvorg but before i do, i have an app that will have to talk to a slow background application and display progres/results/its stdout basically.
21:55 kvorg i hope to do fancy ajax/websockets, but something more old time should be done for dumb web clients.
21:56 kvorg can anyone point me in the right direction if I want to mix incremental rendering (wrong term) and templates?
21:58 arpadszasz kvorg: wrt automatic untainting, currently ';' and '&&' (characters that might be unsafe when passed to the OS shell) are escaped
21:58 sri ajax is for dumb web clients these days
21:59 arpadszasz but '>' passes through
21:59 sri arpadszasz: everything is unescaped after ->param(...)
21:59 sri including ; and &
22:00 sri or i'm misunderstanding something
22:00 sri does system() escape something?
22:00 marcus_ status code 400 seems about right for invalid forms, right?
22:00 arpadszasz ; and & are split in Mojo::Parameters to get the params key pairs
22:00 kvorg there is no escape after system().
22:01 kvorg sri: sadly, in this particularly case, 5% of usage will be critical access from a terminal console in a server room, no graphical interface (lynx, basically)
22:01 arpadszasz i wan't to say that > will get passed to system
22:01 sri arpadszasz: both can be escaped too
22:01 kvorg but after some time with Mojolicious, it is really difficult to work with CGI.pm. So. I. Ask.
22:02 sri kvorg: i don't think many people noticed your taghelper plugin, you might want to blog about it for more attention :)
22:02 arpadszasz kvorg: how about writing and overwriting files that are owned by the user that the process runs as ?
22:02 arpadszasz that's a serious security risk
22:03 arpadszasz what if a silly developer runs the mojo daemon as root ?
22:03 sri arpadszasz: perl -Mojo -e 'b(";&")->url_escape->say'
22:03 sri a oneliner to demonstrate :)
22:04 arpadszasz i know that ; and & are escaped
22:04 arpadszasz i said that before :)
22:04 kvorg arpadszasz: i agree. but we are now mixing two problems: (a) taint technically will not help with Mojolicious, since things will get untainted in the process; (b) just taint is not sufficient if something comes from a form in a system call, just escaping . .. / < > & etc will not be enough, somebody has to think about that system() very hard.
22:04 sri ok then i don't know what you meant before
22:05 arpadszasz i mean that > gets passed on
22:05 arpadszasz to the shell
22:05 kvorg but you should not be stuffing your parameters in the shell, I guess.
22:05 sri just like ; and &
22:06 arpadszasz hm, perl -Mojo -e 'b(">")->url_escape->say' escapes it though
22:06 sri arpadszasz: oh you said "escaped"
22:06 sri it is in fact the other way around
22:06 sri ->param('foo') is entirely unescaped
22:06 sri no % sequences
22:07 sri it can even contain unicode characters
22:08 sri perl -Mojo -e 'b("%3B%26")->url_unescape->say'
22:08 sri better example :)
22:08 sri thats what you get
22:09 sri perl -Mojo -e 'b("%E2%99%A5%3B")->url_unescape->say'
22:09 sri for unicode fun
22:11 arpadszasz http://pastie.org/1206446
22:11 sri yea thats bad
22:11 sri very very bad
22:12 sri in even more ways that you can imagine
22:12 sri *than
22:12 sri format is even a reserved stash key xD
22:13 arpadszasz :)
22:14 arpadszasz changing format param name to f renders the same output, > gets through
22:14 sri yes, and nothing will automtically protct you from that
22:15 sri you can only manually filter
22:15 sri taint bit is long lost
22:15 arpadszasz how about, in the HTTP parser, checking if running under taint mode and saving the raw (before regex matched) string to a temp and pass that to Mojo::Parameters ?
22:16 sri can't work at all
22:16 sri param parser is regex based too
22:16 arpadszasz yeah
22:17 fod joined #mojo
22:17 sri and even if there was a way to hack around it
22:17 sri that would only be the start
22:18 sri there are like 1000 other values
22:18 arpadszasz from my understanding looking at the Mojo::Parameters source, the only place where taint bit might be lost by regex matching is in the parse method
22:18 sri next thing would be the path
22:18 arpadszasz that's a newbies understanding of the source :P
22:18 sri it's prolly lost right away in Mojo::URL
22:19 arpadszasz ok, but as a concept, we only need params to return tainted data, no ?
22:19 arpadszasz if running under -T
22:20 sri yes
22:20 arpadszasz i mean, in Mojo::URL it wouldn't matter if the tainted bit is or isn't lost
22:21 sri what are you trying to achieve here anyway?
22:21 arpadszasz make Mojo run under -T :)
22:22 sri thats a monstrous task, one that would require at least a few hundred additional test
22:22 sri *+s
22:23 sri and i doubt it could be done without a serious cost
22:23 marcus_ sri: would you accept a patch for $t->json_key_like('foo',qr/bar/); or something?
22:23 arpadszasz so careless developers like myself aren't let to shoot themselves in the foot
22:23 marcus_ sri: to check that json->{id} =~ /\d+/ for instance.
22:24 sri marcus_: doesn't look very sleek
22:24 arpadszasz sri: you mean performance cost if running under -T ?
22:24 sri marcus_: is there an equivalent in Test::More?
22:24 baton8 left #mojo
22:24 baton8 joined #mojo
22:25 arpadszasz or development cost to add this feature to Mojo?
22:25 marcus_ sri: seems not, only is_deeply
22:25 sri arpadszasz: you seem to want to change the parser, that costs performance or maintainability most likely
22:26 sri marcus_: we need css3 selectors for json :)
22:26 marcus_ that would be sleek :)
22:27 sri but in the end i think is $t->tx->res->json->{foo}... will be easier
22:28 marcus_ mm
22:31 arpadszasz sri: i understand that, but at least for now, the faq/wiki should have a warning regarding this (potential) issue
22:32 sri agreed
22:32 arpadszasz so developers are aware that they should filter > manually
22:33 marcus_ sri: doesn't form_ok support arrays?
22:33 marcus_ like      location         => [  37.0625, -95.677068 ],
22:34 sri dunno actually
22:34 sri it is based directly on the Mojo::Client method
22:35 marcus_ seems it does support it
22:35 sri don't scare me
22:36 arpadszasz left #mojo
22:36 marcus_ it's just $c->req->params doesn't return what I expected.
22:37 marcus_ how do I get a hashref?
22:37 marcus_ Trying to use MojoX::Validator
22:38 marcus_ ah, params->params
22:39 marcus_ to_hash even
22:41 marcus_ yay
22:44 marcus_ All tests successful.
22:44 marcus_ \o/
22:44 marcus_ bed time!
22:48 sri :)
22:49 sri yea, thing about params is that they are a list internally
22:49 sri preserving order
22:49 sri nn
22:55 perlrocks left #mojo
22:56 und3f is now known as und3f[A]
22:57 stephen left #mojo
23:07 forwardever joined #mojo
23:08 forwardever sri: are you still online?
23:11 forwardever okay, too late, will ask tomorrow :)
23:31 forwardever left #mojo
23:50 sri i'm here
23:50 sri hmm
23:55 polvo left #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary