Camelia, the Perl 6 bug

IRC log for #mojo, 2010-12-03

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:06 Akron joined #mojo
00:13 Akron Awesome exception pages are serious security risks! They provoke hackers!
00:13 Akron Make it less awesome, sri!
00:13 und3f is now known as und3f[A]
00:13 sri they are only awesome in development mode
00:15 Akron You mean a developer awesomeness - with lots of surfer awfulness?
00:15 Akron Great!
00:26 forwardever left #mojo
00:28 spleenjack left #mojo
00:36 Akron left #mojo
01:15 achromic left #mojo
02:11 arthas left #mojo
02:11 arthas joined #mojo
02:54 achromic joined #mojo
03:09 rich42 joined #mojo
03:14 Ned left #mojo
03:15 MojoGuest730 joined #mojo
03:15 MojoGuest730 cool, chrome 8 still uses draft 76 websockets
03:16 MojoGuest730 guess they are here to stay
03:16 MojoGuest730 left #mojo
03:17 achromic left #mojo
03:18 achromic joined #mojo
03:19 Ned joined #mojo
03:32 stephen left #mojo
04:03 tholen42 joined #mojo
04:05 tl left #mojo
04:30 rich42 left #mojo
05:52 perlrocks Twitter: "Mojolicious:: Plugin:: BasicAuth tried. Development server and I know it can be used in plackup Molilicious:: Lite for app-> start ('cgi') and run the apache basic authentication seems to receive from" (ja) --TokyoIncidents http://twitter.com/TokyoIncid​ents/status/10572042919219200
05:54 perlrocks Twitter: "MojoX:: Auth:: Simple is the latest version of the old Mojolicious they've changed the namespace is not useless like in Mojolicious Well" (ja) --TokyoIncidents http://twitter.com/TokyoIncid​ents/status/10572599415283712
06:27 ltriant left #mojo
06:48 kaare joined #mojo
06:54 arpadszasz left #mojo
06:55 kvorg left #mojo
07:26 koban joined #mojo
07:27 ysyrota joined #mojo
07:41 und3f[A] is now known as und3f
07:43 und3f is now known as und3f[A]
07:44 yko joined #mojo
07:50 Christian joined #mojo
07:50 Christian moin
07:51 su-bzero left #mojo
07:54 su-bzero joined #mojo
08:00 achromic left #mojo
08:00 achromic joined #mojo
08:08 su-bzero left #mojo
08:23 crab mooin'
08:29 yko coffeeee
08:31 marcus need more slides
08:31 * crab applies lubrication to make markus slide better
08:31 crab er, s/k/c/
09:33 gizzlon mace? ;)
09:34 gizzlon ok, that was cheap.. sorry :/
09:42 gizzlon will mojo move to 5.10 now that RedHat have updated?
09:53 baton8_ joined #mojo
09:53 baton8 left #mojo
10:04 baton8_ left #mojo
10:12 MojoGuest331 joined #mojo
10:12 MojoGuest331 From: http://news.ycombinator.com/item?id=1277067 (72 hits)
10:15 MojoGuest331 left #mojo
10:15 MojoGuest972 joined #mojo
10:15 MojoGuest972 From: http://news.ycombinator.com/item?id=1277067 (73 hits)
10:18 MojoGuest972 left #mojo
10:25 baton8 joined #mojo
10:47 kimoto joined #mojo
10:52 su-bzero joined #mojo
10:56 spleenjack joined #mojo
11:11 perlrocks Twitter: "mojolicious lite feeling of graduation. Nervous." (ja) --ruik http://twitter.com/ruik/status/10652364113444864
11:36 koban left #mojo
11:39 yko left #mojo
11:42 LoonyPandora joined #mojo
11:57 koban joined #mojo
12:04 crab sri?
12:07 MojoGuest700 joined #mojo
12:07 MojoGuest700 left #mojo
12:09 yko joined #mojo
12:12 MojoGuest79 joined #mojo
12:12 MojoGuest79 From: http://news.ycombinator.com/item?id=1277067 (76 hits)
12:13 MojoGuest79 left #mojo
12:30 toebu left #mojo
12:39 yko left #mojo
12:40 yko joined #mojo
12:44 crab ok, i have a "warm and fuzzy" question.
12:45 crab no, i don't. when i type the question, the answer is pretty obvious.
12:47 * marcus buys crab a rubber duck for christmas
12:58 LoonyPandora marcus - I'm looking forward to your Mojolicious talk at LPW tomorrow (it's my first perl conference - and I'm very excited ;) )
12:59 marcus LoonyPandora: Cool, hope I won't disappoint you.
13:00 LoonyPandora I'm sure it'll be great :)
13:01 marcus Well, for once I actually tried to make my slides entertaining... so it might not be a total loss.
13:01 marcus :)
13:02 marcus I just hope I won't be sued by George Lucas
13:02 marcus The new subtitle for my talk is 'A new hope'
13:04 Christian what are the topics at the LPW?
13:04 Christian ohh i found it
13:05 Christian http://conferences.yapceurope.org/lpw2010/schedule
13:05 crab i've never been to a perl conference.
13:05 Christian i too
13:05 marcus sri neither
13:05 marcus :)
13:06 moritz you should; it's quite a nice experience
13:07 crab if only there was one close by...
13:09 moritz isn't there a $national perl workshop in nearly every country?
13:09 moritz and a YAPC on most continents?
13:09 crab moritz: not in india.
13:10 crab and "not in india" pretty much means "on another continent" as far as my travelling there is concerned.
13:10 moritz crab: pity
13:10 Christian March 28th, 2010 at Tiruvalla, Kerala, India
13:16 crab seems that was just a barcamp, not a perl conference
13:16 daviddelikat left #mojo
13:18 marcus crab: YAPC::Asia is in Tokyo :)
13:18 Christian thats right but with perl introduction talk
13:18 moritz not quite the same
13:18 Christian asia to big
13:18 moritz I don't go to the conferences to hear the talks
13:18 marcus crab: Start Indian Perl Workshop and invite me ;)
13:18 moritz but mostly to meat the people
13:18 marcus need an excuse to go there.
13:19 marcus Almost got a consulting gig in india last year.
13:19 marcus doing a catalyst workshop
13:21 punytan just sent pull req ;)
13:23 sri gizzlon: sooner or later yes
13:24 marcus sri: what was that a response to?
13:24 marcus also, good morning :)
13:24 crab is there any way to "prove" that a particular foo#bar can be reached only through a particular route?
13:24 sri perl 5.10 switch
13:24 marcus ah
13:24 sri crab: all mappings are "lazy"
13:25 crab hmm. what does this mean?
13:25 sri routes don't know anything about the target usually
13:25 sri they just try
13:26 crab yes... but i'm thinking from a security perspective, not from a route-handling perspective
13:27 crab i have a foo#bar handler that is reached by a /foo/:foo_id/bar route, which assumes that a valid foo_id is in the stash when it's called
13:27 sri no matter what perspective, it's not possible
13:27 crab and i want to be sure that it's not reachable from some other path... but i don't think there's any way to do it sanely.
13:27 crab yeah.
13:27 moritz crab: by "falid foo_id" you mean "nearly any possible string", right?
13:28 crab moritz:     $admin->route('/users/:user_id/save', user_id => qr/[1-9][0-9]*/)->via('post')->to('users#save');
13:28 moritz ah :-)
13:29 sri i don't follow your thinking though, why would there magically pop up more possible paths?
13:31 crab sri: i was looking at my /:controller/:action match-more-than-one rules and thinking that my routing table has become really complex
13:31 crab i don't see any actual attack, i'm just wondering if i can do something to prevent future stupidity on my part
13:31 sri don't use :controller and :action of you want more control
13:31 sri *if
13:31 crab especially since i have just discovered that i've been abusing (or "misunderstanding", if you want to be polite) the routing tree a little.
13:32 sri i might remove the fallback route from the generated skeleton anyway
13:32 sri and replace if with a more specific one
13:37 GitHub138 joined #mojo
13:37 GitHub138 mojo: master Sebastian Riedel * a27c9c6 (2 files in 2 dirs): fixed typos - http://bit.ly/hyFeNo
13:37 GitHub138 left #mojo
13:41 GitHub181 joined #mojo
13:41 GitHub181 mojo: master Sebastian Riedel * 9d3e7f6 (1 files in 1 dirs): updated changes - http://bit.ly/eDeIns
13:41 GitHub181 left #mojo
13:57 daviddelikat joined #mojo
14:16 yko left #mojo
14:21 crab i don't mind the fallback route, it's useful
14:22 Christian why are cyrillic characters in Mojolicious::Plugin::Mail? either ... or ...! or what you think?
14:22 yko joined #mojo
14:23 yko left #mojo
14:24 und3f[A] is now known as und3f
14:28 yko joined #mojo
14:57 yakudzo left #mojo
15:24 koban left #mojo
15:24 a|newkirk[assoc] joined #mojo
15:34 kaare left #mojo
15:51 rhaen hello world
15:52 * sri waves
15:56 Christian i wish all a nice weekend
15:56 Christian left #mojo
16:23 perlrocks Twitter: "@gamefiend We use Catalyst here at work and we like it. I haven't used Mojolicious." --SarahDarkmagic http://twitter.com/SarahDarkm​agic/status/10730867697651714
16:39 kimoto left #mojo
16:53 ysyrota left #mojo
17:51 jfuller joined #mojo
17:51 jfuller Is there a decent plugin for server side sessions?
18:01 stephen joined #mojo
18:17 LoonyPandora left #mojo
18:33 sri http://benthebodyguard.com # wow
18:34 marcus sri: ben the bodyguard is pretty awesome
18:45 alnewkirk left #mojo
18:45 alnewkirk joined #mojo
18:55 sri so many ideas for the new exception/not_found pages
18:56 sri gonna go with minimalistic and classy for the design
18:56 sri but i still need the 3 gettign started steps
18:56 sri sooooo
18:57 sri what do you wish i had told you when you started with mojolicious?
18:57 sri imagine you are starting from zero, daemon started for the first time and a welcome page pops up
18:57 sri what should it say?
18:58 sri no wall of text, just 3 simple steps
18:58 sri 3 sentences
18:58 moritz 1) create a route for the index page: get '/' => sub { ... };
18:58 moritz dunno about steps 2 and 3
18:58 sri 3) pointers to followup resources
18:59 moritz probably, yes
18:59 moritz including IRC :-)
18:59 sri 2) ???
18:59 sri :D
18:59 sri underpants gnomes?
19:03 spleenjack left #mojo
19:05 moritz the docs for Mojolicious::Static uses a $static variable, without showing where it comes from
19:05 yko jfuller: you might want to look at https://github.com/vti/mojox-session
19:05 sri moritz: always an instance of the class
19:06 sri it's the same for every single class in mojolicious
19:07 moritz sri: still it would be nice to have runnable code in the Synopsis, or at least in the docs as such
19:07 sri synopsis would be a good please
19:07 sri *place
19:07 moritz aye
19:07 sri since ->new itself is covered by the base class
19:09 spleenjack joined #mojo
19:09 sri jfuller: server side session storage is going out of fashion though, people are starting to care about RESTfulness
19:15 sri the amelia perl logo will also be in the 1.0 release. finally gotten around to redrawing it properly :)
19:15 yko in romantically way? :)
19:17 sri oO
19:19 moritz do I have to integrate $static with my application somehow?
19:19 sri you shouldn't even have to look at it
19:20 moritz ...meaning?
19:20 sri it's in the lite tutorial
19:20 sri "Static files will be automatically served from the C<DATA> section
19:20 sri (even Base 64 encoded) or a C<public> directory if it exists."
19:21 moritz gives me "Page not fund"
19:22 moritz I have a public/jquery.jstree.js
19:22 moritz and I have a GET /public/jquery.jstree.js
19:22 yko sri: http://korshak.name/ra/romant_cameila.png
19:22 yko that way i mean :D
19:23 moritz ah, I don't need the /public/ in the URL
19:23 sri moritz: right
19:23 sri yko: ;p
19:24 * moritz finds that the documentation contains lots of "I know what I think, why don't you?" assumptions
19:24 sri moritz: patches welcome, i'm not a professional writer
20:06 spleenjack left #mojo
20:14 perlite_ joined #mojo
20:18 perlite left #mojo
20:18 perlite_ is now known as perlite
20:18 jamesw left #mojo
20:20 kvorg joined #mojo
20:22 jfuller yko: That's one of the modules I was looking into, seems pretty reasonable
20:23 yko it was implemented earlier than native mojo sessions :)
20:24 jfuller sri: I've pitched the idea of client side sessions, but that means we need to call up the lawyers to update the terms & conditions, so I'm sticking with server side for now
20:24 yko but it wasn't updated las time so i don't know if it work well with latest mojo changes
20:25 sri jfuller: why?
20:25 jfuller yko: That was my primary concern
20:25 yko jfuller: just try it :)
20:26 sri unless you are using session wrong i don't see much changing
20:26 sri *session
20:26 sri argh
20:26 sri *sessions
20:26 jfuller sri: If I recall correctly, they said the terms say that we only use the cookie to store nothing, or at most the session id
20:26 * yko giggles
20:26 sri ouch
20:27 jfuller sri: Yeah, half of our sites have the version where we cannot use cookies for anything
20:28 sri usually when i get that argument it's just people misusing sessions for caching :)
20:29 jfuller sri: Nope, financial services, we're regulated by the government! :-/
20:29 sri lawyers are indeed a good reason
20:31 fhelmber_ joined #mojo
20:31 fhelmber_ left #mojo
20:31 fhelmber_ joined #mojo
20:35 jamesw joined #mojo
20:41 a|newkirk[assoc] left #mojo
20:49 jfuller sri: If you get bored, this is more or less our session policy: http://www.owasp.org/index.php/Session_Management
20:56 gabiruh left #mojo
21:03 sri hope i never get that bored :)
21:04 spleenjack joined #mojo
21:05 jfuller sri: ;-)
21:05 perlrocks Twitter: "mojolicious or dancer? which side do you this? # Perl" (pt) --pac_man http://twitter.com/pac_man​/status/10801866837336064
21:19 gabiruh joined #mojo
21:42 spleenjack left #mojo
22:00 daviddelikat left #mojo
22:53 daviddelikat joined #mojo
23:20 spleenjack joined #mojo
23:59 spleenjack left #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary