Camelia, the Perl 6 bug

IRC log for #mojo, 2011-05-03

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:43 Alias joined #mojo
01:09 zamolxes left #mojo
01:09 zamolxes joined #mojo
01:14 k-man is anyone interested in feeback on the doco?
01:20 perlrocks Twitter: "CVE-2011-1589: mojolicious, mojolicious0.999940: Directory Traversal vulnerability and Path.pm and My ... http://dlvr.it/QQgX9" (sl) --pikipiki_net http://twitter.com/pikipiki_​net/status/65224080386834433
01:21 tempire What's the doco?
01:21 purl rumour has it the doco is documentation
01:21 k-man I'm testing out the final myapp.pl on http://mojolicio.us/perldoc?Mojolic​ious/Guides/Growing#Final_Prototype
01:21 k-man but I get this error:  Template "index.html.ep" not found.
01:21 k-man which is similar to the error I was getting yesterday - maybe something on my system does not like the inline files?
01:21 tempire it's there
01:22 tempire pastie.org your file
01:22 k-man its a direct copy/paste from the web site
01:22 k-man but I can pastebin it if required
01:23 tempire pastebin is too ugly
01:23 tempire cant...read...ugliness...
01:23 tempire :)
01:23 k-man ok, where would you like it?
01:23 k-man nopaste?
01:23 purl hmmm... nopaste is http://paste.scsys.co.uk/
01:23 tempire make sure everything is lined up to the leftmost column
01:23 k-man ok
01:23 tempire for example, the @@
01:23 tempire if you copy/paste, it's probably not in the first column
01:24 k-man yeah, thats probably it
01:24 tempire pastie.org is the paste hipness
01:24 tempire with the twilight theme
01:25 tempire it's like pretentious jeans...for the web!
01:28 k-man pastebinit does not know pastie.org *sigh*
01:29 k-man http://pastie.org/1858845
01:29 k-man ah
01:29 k-man one of the @@ was not in left most column
01:30 k-man duh, its working now
01:30 k-man thanks for your guidance tempire
01:31 k-man my suggestion is to have a link to raw code in the doco so copy paste does not give this problem
01:36 perlrocks Twitter: "CVE-2011-1589: mojolicious, mojolicious0.999940: Directory Traversal vulnerability and Path.pm and My ... http://dlvr.it/QQkFk" (sl) --pikipiki_net http://twitter.com/pikipiki_​net/status/65228137428025344
01:40 k-man ok, so at the end of this section, http://mojolicio.us/perldoc?Mojolici​ous/Guides/Growing#Simplified_Tests  you have rm myapp.pl but it does not tell you how to run the new script you created
01:41 k-man is there no way to provide feedback or edit this tutorial?
02:06 perlrocks Twitter: "Mojolicious in the cloud: Hello DotCloud! - Sebastian Riedel about Perl and the Web http://dlvr.it/QQp9z" (ja) --RtestR http://twitter.com/RtestR/status/65235819367108608
02:17 perlrocks Twitter: "Mojolicious in the cloud: Hello DotCloud! - Sebastian Riedel about Perl and the Web http://dlvr.it/QQrww" (ja) --hiraba_reader http://twitter.com/hiraba_rea​der/status/65238432775016448
02:29 Alias left #mojo
02:37 xaka left #mojo
02:57 tempire you're providing feedback right now
02:57 tempire the relevant people are asleep right now
02:57 tempire but they will arise with the rainbows
02:57 tempire and weigh your opinions with the grand unicorns in the sky
03:22 xaka joined #mojo
03:30 Foxcool joined #mojo
03:59 tempire k-man: to run the test script, use "prove t/login.t"
04:00 k-man thanks tempire
04:01 k-man I can usually work out what is meant - but I am left wondering if that is the approach desired. does the author want the user to work stuff out? ie, less hand holding?
04:01 tempire I'd say prove is pretty well known
04:01 tempire if you've ever written a perl test
04:01 k-man I have not unfortunately for me
04:01 tempire couldn't hurt to include a sentence specifying it, though
04:02 tempire you can also just run "perl t/login.t"
04:02 tempire would do the same thing
04:03 tempire here's a basic tutorial on perl testing, if you're interested: http://search.cpan.org/~mschwern/Tes​t-Simple-0.98/lib/Test/Tutorial.pod
04:03 tempire and the prove docs: http://search.cpan.org/~andya​/Test-Harness-3.23/bin/prove
04:04 tempire you don't need to worry about all of it, but know that it's there for your reference
04:21 tempire left #mojo
05:11 jwang left #mojo
05:16 koban joined #mojo
05:26 k-man thanks tempire
05:32 kaare joined #mojo
06:07 marcus hohohoho
06:15 tabbi joined #mojo
06:15 tabbi left #mojo
06:25 Foxcool left #mojo
06:30 Christian joined #mojo
06:30 Christian morning
06:31 xaka morning? 11:30pm :(
06:32 Christian :) 08:32
06:32 Christian am
06:33 stephanj good morning :)
06:33 koban hi ppl
06:36 Foxcool joined #mojo
06:49 marcus seems Christian shares my timezone
06:58 Christian UTC+01:00
07:01 GitHub105 joined #mojo
07:01 GitHub105 mojo: master Sebastian Riedel * bd70a3a (2 files in 2 dirs): added cookie tests - http://bit.ly/mkvwmB
07:01 GitHub105 left #mojo
07:02 fhelmber_ joined #mojo
07:06 sri k-man: if you've not written a perl script before i'm amazed how far you got already :D
07:06 sri k-man: the tutorial and guides absolutely expect good prior knowledge of perl though
07:07 sri i really don't want to teach perl basics, because i'm not good at it
07:07 Sugar joined #mojo
07:12 spleenjack joined #mojo
07:14 abra left #mojo
07:14 xaka left #mojo
07:26 abra joined #mojo
07:39 j3nnn1 left #mojo
07:51 metaperl left #mojo
08:02 tholen left #mojo
08:04 tholen joined #mojo
08:14 Foxcool left #mojo
08:18 AmeliePoulain joined #mojo
08:26 Foxcool joined #mojo
08:33 koban left #mojo
08:35 * sri yawns
08:49 sri looks like there's also a ietf-07 version of web-socket-js available now :)
08:51 stephanj aha?
08:51 purl aha is a different band
08:51 sri https://github.com/kanaka/web-socket-js
08:55 fhelmbe__ joined #mojo
08:57 sri http://www.cpantesters.org/cpan/report​/fef8db3c-7525-11e0-815d-832831e3b300 # what the hell is this?
08:57 sri json.t failing? Oo
08:57 moritz an early abort
08:59 fhelmber_ left #mojo
09:00 koban joined #mojo
09:00 sri makes no sense
09:00 Foxcool left #mojo
09:01 sri https://github.com/kraih/mojo/commit/fe​207fdc4ac23d070fea1b31b4d1a2a87e64d419 # only change i've made to json recently
09:01 moritz ask bingos for verbose output
09:02 sri don't have time ti track it down
09:02 sri s/i/o/
09:13 Foxcool joined #mojo
09:13 sri i bet the regex is not portable
09:14 sri would be nice if someon could check that
09:16 sri damn, i've just solved https://github.com/kraih/mojo/issues/127
09:16 sri turned out to be rather boring
09:21 zakame joined #mojo
09:21 zakame hola
09:21 zakame is MojoX::Renderer::YAML gone?
09:32 sri didn't even know it existed :)
09:32 zakame lol
09:33 zakame apparently gbarr maintains it on github
09:33 zakame I used it previously on my cpanmetadb fork (which I'm trying to use on dotcloud)
09:33 sri it should be named Mojolicious::Plugin::YamlRenderer anyway if it is up to date
09:33 zakame its been a while
09:33 zakame ah
09:33 zakame yeah
09:40 zakame so I take it that new plugins should not use the MojoX namespace anymore?
09:41 * sri nods
09:42 sri MojoX only if you're actually writing a Mojo specific extension
09:43 zakame ah
09:44 Debolaz Unlike MooseX. :-)
09:50 ajgb joined #mojo
09:50 bosphorus joined #mojo
09:53 sri quite sure MooseX is meant the same way
09:54 sri people just tend to misuse these extension namespaces
09:55 Debolaz Well, the problem was that there initially wasn't any consensus what MooseX:: was intended for. And when modules were put in there which had no obvious link to Moose apart from using it, nobody said anything. This went on for a very long time.. And now when people finally has started saying something about this being wrong, it's way too late.
09:56 yko people tend to misuse everything that could be misused
09:56 * moritz doesn't put modules that 'use strict;' into strictX::
09:57 yko and those things that couldn't be misused going to be shaked to condition and misused also
09:57 moritz it gets more fun when you have extentions for extensions
09:57 Debolaz And there seems to be a tendency to accept that modules using metaobjects directly still belong in MooseX, no matter how they are used.
09:57 moritz DBIx::Class is a DBI extension, how do you name extensions for it? :-)
09:57 Debolaz moritz: DBICx :)
09:58 sri hmmm
09:58 sri strictX::Mojolicious
09:58 * sri starts renaming
10:05 zakame eh, MojoXXX?
10:08 Sugar mojo - low level framework
10:08 Sugar mojolicious - web framework
10:08 sri mojolicious: the web in a box, mojo: the box
10:08 Sugar MojoX - extend Mojo
10:09 Sugar yes
10:09 Sugar Mojolicious::Plugin - extend Mojolicious
10:09 Sugar or i am wrong?
10:09 sri sounds right
10:10 Sugar okay
10:10 sh4 joined #mojo
10:18 arthas joined #mojo
10:25 koban left #mojo
10:34 sri hmm
10:34 sri looks like the regex only fails under perl 5.8 versions
10:35 yko omg... IOLoop->on_tick renamed?
10:36 sri omg?
10:36 purl oh my god.  Oh my God.  OH MY GOD!  O-H M-Y G-O-D!  YOU SURE SAVED A LOT OF TYPING THERE, DIDN'T YOU? or http://www.livejournal.com​/userpic/45898582/7043908 or Object Management Group to be blamed for UML or COURTNEY JUST TOOK HER SHIRT OFF
11:01 GitHub20 joined #mojo
11:01 GitHub20 mojo: master Sebastian Riedel * 301294b (3 files in 3 dirs): fixed 64bit WebSocket message bug - http://bit.ly/j5Q7sY
11:01 GitHub20 left #mojo
11:02 koban joined #mojo
11:15 sri damn
11:15 sri the json test actually makes perl 5.8.9 segfault :S
11:19 sri hmm
11:19 sri this sucks
11:19 sri incoming json messages can make perl5.8.9 segfault
11:22 Christian ohh that is not good
11:23 sri well, people using perl 5.8 kinda deserve it
11:23 Christian :D
11:25 zakame hehe
11:26 Christian set the requirement for mojolicious to perl 5.10 ;)
11:27 zakame hmm Mojo::UserAgent->test_server is experimental right?  I guess I shouldn't be using this for tests
11:27 perlrocks Twitter: "Quick reminder, don't use #perl 5.8.9 in production, we've found a regex in #mojolicious that makes it segfault." --kraih http://twitter.com/kraih/status/65377002529619968
11:28 perlrocks Twitter: "NA - CVE-2011-1841 - Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12... http://dlvr.it/QTDrh" --pikipiki_net http://twitter.com/pikipiki_​net/status/65377090836508672
11:28 perlrocks Twitter: "NA - CVE-2009-5074 - Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before... http://dlvr.it/QTDry" --pikipiki_net http://twitter.com/pikipiki_​net/status/65377095479599104
11:28 perlrocks Twitter: "NA - CVE-2010-4802 - Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection,... http://dlvr.it/QTDsW" --pikipiki_net http://twitter.com/pikipiki_​net/status/65377101397757952
11:28 perlrocks Twitter: "NA - CVE-2010-4803 - Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has... http://dlvr.it/QTDsk" --pikipiki_net http://twitter.com/pikipiki_​net/status/65377103008370688
11:28 sri eeep
11:28 sri Christian: good luck with that one!
11:30 Christian you with the last three Twitter messages?
11:31 Christian s/you/you mean/
11:31 Foxcool left #mojo
11:31 sri ye
11:32 Christian ok i see it under: http://web.nvd.nist.gov/view/vu​ln/detail?vulnId=CVE-2011-1841
11:32 sri wait what
11:32 purl Sure, I can wait. I've got plenty of time. It's you mortal meat bags that need to hurry
11:32 sri Christian: what are you talking about?
11:34 Foxcool joined #mojo
11:34 Christian you said good luck.... and i ask if you meaning the twitter messages, you said yes and i googled meanwhile and found that entry
11:35 sri i mean requiring perl 5.10 of course
11:35 sri i meant the tweets with "eeep"
11:36 Christian i don't know what "eeep" means
11:36 sri purl: eep?
11:36 purl eep, op, ork, ah-ah
11:39 ajgb left #mojo
11:40 Christian eep is a song ;)
11:42 ajgb joined #mojo
11:43 sri wonder if i should add a deprecation warning for Perl 5.8
11:45 moritz +1
11:45 purl 1
11:49 Foxcool left #mojo
11:51 GitHub162 joined #mojo
11:51 GitHub162 mojo: master Sebastian Riedel * 51145e4 (3 files in 3 dirs): deprecated Perl 5.8.x support - http://bit.ly/k80PY9
11:51 GitHub162 left #mojo
11:52 perlrocks Twitter: "Support for #perl 5.8.x is now officially deprecated in #mojolicious. http://t.co/JkRzMTX" --kraih http://twitter.com/kraih/status/65383179363684352
11:53 Christian the reason for the segfault is a regex right?
11:55 sri right
11:55 sri in the json parser
11:55 sri so any incoming json message can segfault your web app
11:55 sri in Perl 5.8.x
11:56 sri it's not a security risk, but restarting processes is costly, making this a cheap DoS target
11:57 baton8 joined #mojo
12:00 perlrocks Twitter: "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown... http://post.ly/1z4lh" --mushy99 http://twitter.com/mushy99​/status/65385316780998656
12:01 perlrocks Twitter: "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote ... http://post.ly/1z4mY" --mushy99 http://twitter.com/mushy99​/status/65385382572867584
12:01 perlrocks Twitter: "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecifie... http://post.ly/1z4mf" --mushy99 http://twitter.com/mushy99​/status/65385398028873729
12:01 sri funny, reports for files that don't even exist anymore
12:01 perlrocks Twitter: "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to... http://post.ly/1z4n9" --mushy99 http://twitter.com/mushy99​/status/65385437216251904
12:01 Foxcool joined #mojo
12:01 sri looks like someone went through our changelog
12:02 Christian ok then it makes sense for the warning and thx for the detailed answer
12:13 perlrocks Twitter: "♺ @kraih: Support for #perl 5.8.x is now officially deprecated in #mojolicious. http://t.co/JkRzMTX" --xomaa http://twitter.com/xomaa/status/65388415977394177
12:28 sri i should play the security card more often
12:28 sri people don't argue with it :D
12:37 sri think i'll release later today
12:37 sri time to get cpantesters all green again
12:37 stephanj no 5.8?!
12:37 sri see above
12:38 sri huge attack vector
12:38 stephanj just some people screaming...
12:38 sri nobody is screaming so far
12:40 sri i might even add a second warning to make people upgrade
12:42 sri "Using Perl 5.8.x allows everybody to kill your web application processes" or so
12:42 moritz can't you set a post size limit that stops the app from even receiving so much JSON?
12:42 sri no
12:43 sri 32k bytes are enough
12:43 moritz who needs more than 16k anyway? :-)
12:43 sri maybe even less, i don't know the details
12:43 sri you look wrong at the 5.8 regex engine and it segfaults
12:43 moritz 32k sounds like a plausible number for the regex engine upper limit
12:44 sri no it's not
12:44 sri try parsing xml documents with that limitation
12:45 moritz I didn't say "good"
12:45 sri the 5.10 engine is plausible
12:45 moritz sri: I think we have different ideas of what "plausible" means
12:45 sri segfault should never be an option
12:46 sri segfaults in a scripting language are not plausible to me ;p
12:46 sri limits sure...
12:48 sri i really wouldn't mind a die that could be catched
12:49 moritz or raising the limit from 15 bits to 63
12:51 sri it should simply not be possible to produce exceptions that can't be catched
12:53 moritz except for "memory corruption detected"
12:55 sri ok, outside factors are unpredictabel of course
12:56 sri "zomby apocalypse detected"
13:31 Foxcool left #mojo
13:32 kaare left #mojo
13:33 amoore joined #mojo
13:42 Foxcool joined #mojo
13:49 xaka joined #mojo
14:01 koban left #mojo
14:02 kaare joined #mojo
14:09 Foxcool left #mojo
14:17 metaperl joined #mojo
14:19 dotan joined #mojo
14:22 zakame left #mojo
14:28 gshank_ is now known as gshank
14:43 perlrocks Twitter: "@kraih Do you plan to update mojolicious to work around it or are you giving up on 5.8.9?" --obra http://twitter.com/obra/status/65426318937960448
14:44 perlrocks Twitter: "うへ Support for Perl 5.8.x is now deprecated! - Mojolicious | Google Groups http://j.mp/lmLwqa" --yunh http://twitter.com/yunh/status/65426582940041216
14:47 dotan sri: There isn't a "last 5.8x supported version" of mojolicious, right? The issue is that parsing json with Mojo::JSON can segfault perl 5.8x, in any version?
14:47 AmeliePoulain left #mojo
14:47 sri dotan: it's deprecated
14:49 sri and i doubt it's only the one regex that's affected
14:49 dotan deprecated usually means "don't use in new code". I'm asking if there's an earlier version of Mojolicious which doesn't trigger the regexp bug in 5.8.9
14:50 sri there are prolly more all over mojolicious that can trigger the segfault
14:50 sri urlencoded parsr, multipart parser, xml parser...
14:50 non joined #mojo
14:51 sri they could be everywhere
14:51 sri the real problem is that perl 5.10 has a whole new regex engine and nobody really cares about the old one
14:52 sri it is essentially unmaintained code
14:52 ph1g joined #mojo
14:52 xaka oh, about Mojo::JSON. I can use it to convert numbers/strings to JSON, but i can't use it for vice verse operation i mean it doesn't support simple JSON like a "10" or "\"Hello World\"", only arrays and hashes. Could it be fixed?
14:52 xaka "[10]" - works good, but "10" - returns undef
14:53 sri xaka: fixed implies that something doesn't work
14:53 sri "10" is not valid JSON
14:53 xaka it's valid, why not
14:53 moritz xaka: the root element of JSON must always be an object or array
14:53 dotan xaxa: http://www.json.org/
14:53 sri because of the rfc
14:53 moritz xaka: ie {} or []
14:54 sri what moritz said
14:54 xaka hm...really? :(
14:54 moritz yes, really
14:54 xaka because whay i saw in Python and other libs - they all support this format because it's supported by "eval" in js
14:55 sri if you want to support everythign eval does you need a js interpreter ;p
14:56 dotan http://www.ietf.org/rfc/rfc4627.txt: "A JSON text is a serialized object or array."
14:58 xaka the same page, 4. Parsers: A JSON parser MUST accept all texts that conform to the JSON grammar.
14:58 xaka there is no words about "it MUST be object or array"
14:58 moritz so look at the json grammar
14:58 Christian nice evening to you all
14:59 moritz JSON-text = object / array
14:59 moritz that's how the grammar starts
14:59 moritz how could it match a string like "10" ?
15:00 bosphorus left #mojo
15:01 Christian left #mojo
15:03 GitHub105 joined #mojo
15:03 GitHub105 mojo: master Sebastian Riedel * 009cc39 (4 files in 4 dirs): updated jQuery to version 1.6 - http://bit.ly/jWUd7j
15:03 GitHub105 left #mojo
15:04 xaka i saw it, but...if all other parsers support it and Mojo::JSON is not - is it the problem to implement it? From other point i still can use Mojo::JSON to serialize simple number or string, not an array or object. So if you do it in one way - why you dont in other?
15:04 perlrocks Twitter: "“@kraih: Support for #perl 5.8.x is now officially deprecated in #mojolicious. http://t.co/6CG3TJW” bad news :-/" --jjafuller http://twitter.com/jjafulle​r/status/65431461779607553
15:06 xaka when i use function which produces some result, i dont care about result type: number, string, array or object, but i want to be sure that decode(encode(result)) == result
15:06 jfuller joined #mojo
15:07 jfuller So...what's this I hear about deprecating 5.8.* support?
15:07 moritz jfuller: it is as you hear
15:08 sri jfuller: see also mailing list discussion
15:08 jfuller Ugh, well I guess I better get started porting our mojolicious projects to something else
15:09 xaka sri: moritz: not convicing? about mojo::json
15:09 sri xaka: nope
15:10 xaka nice guys
15:10 purl nice guys are nice guys  are  harder to fabricate that with
15:10 moritz jfuller: if that 'something else' can support >32k strings in regexes nicely on perl 5.8... go ahead
15:10 sri xaka: what matters is the rfc
15:10 dotan jfuller: this is the problematic commit: https://github.com/kraih/mojo/commit/fe​207fdc4ac23d070fea1b31b4d1a2a87e64d419
15:10 moritz xaka: not convincing. It's not Mojo::MostlyJSON, it's Mojo::JSON
15:10 moritz xaka: if it can serialize non-objects/arrays, that's a bug
15:11 xaka that's all about open source, everyone done everything on 50% and nothing more
15:11 xaka it's not a bug
15:11 xaka it's sitll valid JSON
15:11 sri right now we are at the point where Mojo::JSON is almost a validating parser, and i'm fine with that
15:11 moritz xaka: if you want an example of how non-spec behavior can cause long-time pain, look at IE 6
15:11 xaka you're, sure, whay about community?
15:11 xaka *what
15:12 sri xaka: and "10" is not valid json
15:12 cosmincx left #mojo
15:12 sri we implement the JSON spec 100%
15:12 xaka what jfuller alredy said "I guess I better get started porting our mojolicious projects to something else"
15:14 jfuller moritz: So, we're deprecating 5.8 because Mojo::JSON has a regex that segfaults?
15:14 sri jfuller: there is more to it
15:15 moritz jfuller: not me, but in essence, yes. But we don't know if other regexes could segfault too
15:15 j-v-e I don't understand people, when perl is too static, they complain the language is dead, when it moves on and deprecates old versions, they complain the same way......
15:15 xaka sri: i checked it twice, encode supports simple types. Bug?
15:15 moritz jfuller: what about regexes in routes? can they segfault? who knows?
15:15 dotan jfuller: sri is deprecating 5.8 because he can't trust it not to segfault whenever he writes a regex
15:15 sri 5.8 has a regex engine that can segfault, we prolly have multiple regular expressions that are vulnerable
15:16 sri the 5.8 regex engine is pretty much unmaintained and abandoned
15:16 xaka|2 joined #mojo
15:17 jfuller I am just not looking forward to the discussion with management where I make myself look like an ass, because I fought to get Mojolicious approved for development and now we cannot use it for now
15:17 sri and moritz is right, i'm very nervous about routes too
15:17 sri jfuller: it is only deprecated
15:18 sri you'll get warnings telling you that you'e using perl 5.8 at your own risk for now
15:18 jfuller sri: When are you planning on dropping support altogether? Presumably since 5.8 will no longer be targeted features for subsequent versions will creep in, right?
15:18 xaka|2 so, what i should expect in the next time - fix _encode_ or fix _decode_?
15:18 sri do you think your management would like it if random people could kill your app processes?
15:19 moritz xaka: decode don't get "fixed", because it's not broken. Which pretty much answers your question.
15:19 jfuller sri: The only thing they are more afraid of than that is upgrading ;-)
15:19 jfuller sri: We have the upgrade discussion, and it has been slotted for "eventually"
15:19 jfuller have had*
15:19 marcus jfuller: when are you planning on upgrading? 5.10 was released in 2007
15:19 moritz .oO( how "eventually" becomes "now" )
15:20 sri well, that's pretty much the decision, let random people on the internet segfault your server processes (repeatedly) or upgrade
15:20 tempire joined #mojo
15:20 j-v-e jfuller: make them watch that http://ontwik.com/perl/perl-​programming-best-practices/
15:20 xaka|2 moritz: because you dont want spend your time on "some unknnown guy point to problem"? I can spend my self and provide the patch. I mean WHY all other 99% libs do it and you dont
15:20 sh4 left #mojo
15:20 jfuller What's the best way to reproduce the segfault?
15:20 jfuller I'll see if I can reproduce it in another, unrelated project as incentive
15:21 sri run t/mojo/json.t with perl 5.8.x
15:21 marcus I for one applaud sri for having some backbone. this 'do not upgrade perl' thing keeps us in a rut language-wise.
15:21 sri and comment out the skip part
15:21 moritz xaka|2: as we've explained in sufficient detail, decode conforms to the spec. Maybe it's a problem for you, but it's not for us
15:21 xaka|2 moritz: i.e. problem for all other 99% libs?
15:21 ph1g j-v-e: People just like to hate on perl. -_-
15:21 sri marcus: i was naive enough to believe playing the security card would help xD
15:22 moritz xaka|2: I can't speak for the other libs
15:22 xaka left #mojo
15:22 moritz xaka|2: try JSON::XS
15:22 j-v-e ph1g: I believe people like to blame upgrade problems on languages changes when most of the time it's bad code that's the issue
15:23 moritz $ json-check test.json
15:23 moritz JSON text must be an object or array (but found number, string, true, false or null, use allow_nonref to allow this) at (eval 5) line 163.
15:23 ph1g j-v-e: there is a _lot_ of terrible perl code out there. mostly written by people who will turn around and say "perl is a read only language"
15:23 ph1g I hope they catch VD
15:23 moritz xaka|2: oh wait, that was JSON.pm, not JSON::XS
15:24 j-v-e I really like the talk by jacinta, it's fresh and full of nice advises
15:24 moritz $ perl -MJSON::XS -e 'decode_json("1")'
15:24 moritz JSON text must be an object or array (but found number, string, true, false or null, use allow_nonref to allow this) at -e line 1.
15:24 j-v-e makes me think, would perl5i and mojolicious be compatible ?
15:24 sri jfuller: i might even keep 5.8 compatibility for a few more years if i have to, but i couldn't clear concience not warning people about the consequences
15:24 moritz xaka|2: so all json libraries that I happen to use stick to the same spec
15:25 sri *+keep
15:25 * sri opens another beer
15:25 * marcus wants beer too
15:25 * sri throws a beer at marcus
15:25 * moritz intercepts it
15:26 sri \o/
15:26 moritz thanksk for that, sri :-)
15:26 jfuller sri: I think it would be reasonable to support it until the upcoming 5.14 release settles out
15:26 spleenjack left #mojo
15:29 marcus it's not like the 5.* upgrades breaks a lot of backwards compat either...
15:30 marcus why are you living the past, jfuller?
15:30 marcus don't like every current distro have 5.10+ now?
15:32 xaka|2 marcus: what about proudction and big money? do you believe it's easy just upgrade all from 5.8 to 5.10? why redhat still provides python 2.4 by default which is very old...
15:33 j-v-e even debian lenny has 5.10 !
15:33 moritz xaka|2: nothing stops you from using old software on top of other old software
15:34 moritz xaka|2: it's just that you can't expect bleading edge to support ancient versions forever
15:34 moritz "you know, I don't want to upgrade, BUT I NEED THE LATEST MOJOLICIOUS ON IT NOW!!!"
15:35 marcus xaka|2: given my hate for both redhat and python, it's hard for me to answer that.
15:35 moritz it's a bit like complaining that your old phone with dial plate doesn't talk to the sattelite directly
15:35 marcus I'm guessing it's because 2.6 required some code changes, but I really have no idea.
15:38 sri what really worries me is that people are more afraid of upgrading perl than giving their users on the internet a remote kill switch
15:39 sri which this really can be
15:39 marcus ah, found the answer - "The big problem seems to be that "cPanel" and "yum" still use older versions
15:39 marcus of Python, and those programs are more important to distro builders than Python
15:39 marcus itself."
15:39 sri that sounds familiar
15:39 moritz and they don't support installing multiple python versions at the same time
15:39 moritz (why not?)
15:40 moritz (same question for multiple perl versions)
15:41 xaka|2 left #mojo
15:41 jfuller marcus: lol, because my job depends on it ;-)
15:41 marcus 'nobody ever got fired for using perl 5.8'? ;)
15:42 sri until some stranger on the internet shut down their entire website making 5 requests per second
15:42 marcus jfuller: sounds like you need to bother your sysadmins more =)
15:42 marcus sri: yeah ok, that might get you fired.
15:43 marcus but only if it's like an important site =)
15:44 jfuller marcus: What could possibly be more important than not upgrading perl! ;-)
15:47 marcus jfuller: I can't come up with anything.
15:53 j-v-e jfuller: it's only a matter on number of powerpoints, make the prettiest one and bring croissants to the meeting and your upgrade will get approved ;)
15:55 sri jfuller: perl5.8.9 -e'("a" x 15000) =~ m/\G(((?:[^\x00-\x1F\\"]|\\(?:[\\\/bfnrt])))*)/gc'
15:55 sri that oneliner segfaults
15:56 sri lower the 15000 value and it works
15:56 sri it's a recursion limit exploding
15:56 sri (i think)
15:57 Sugar left #mojo
16:03 xaka joined #mojo
16:10 sri hmm
16:10 sri think i'll add a before_render hook
16:16 perlrocks Twitter: "Mojolicious defanicious, make the girls go loca." --mojoCvogel http://twitter.com/mojoCvog​el/status/65449609270542336
16:17 xaka left #mojo
16:17 sh4 joined #mojo
16:17 tempire "zombie apocalypse detected"
16:18 tempire sounds like a good idea for a new plugin
16:18 tempire segfault when ?demand=brains received
16:19 tempire It will support 5.8, 5.10 and all future versions of perl
16:25 vel joined #mojo
16:30 ajgb left #mojo
16:32 sri i would use that
16:33 jfuller sri: Checked out your script, it faults at 6199 under 5.8.8
16:34 jfuller At least on the machine I tested it on
16:34 sri interesting, and scary
16:34 sri 6199 is way below the http header line limit
16:35 sri so it could reach almost all regexes in mojolicious
16:35 xaka joined #mojo
16:45 ph1g left #mojo
16:48 dotan left #mojo
16:48 jfuller Yup, that's what I'm thinking too
17:01 Foxcool joined #mojo
17:06 tabbi joined #mojo
17:06 tabbi left #mojo
17:24 metaperl_ joined #mojo
17:27 metaperl_ left #mojo
17:28 metaperl left #mojo
17:39 perlrocks Twitter: "@ ContagiousKills remember to $ ha = numero uno! U still get a mojolicious * slap *" (ms) --mojo_jojo_rox http://twitter.com/mojo_jojo_​rox/status/65470629167628289
17:43 fhelmbe__ left #mojo
17:46 tabbi joined #mojo
17:46 tabbi left #mojo
17:46 fhelmber_ joined #mojo
17:47 fhelmber_ left #mojo
17:47 fhelmber_ joined #mojo
17:58 GitHub65 joined #mojo
17:58 GitHub65 mojo: master Sebastian Riedel * 3af2a80 (5 files in 4 dirs): added experimental before_render hook - http://bit.ly/mRquSl
17:58 GitHub65 left #mojo
17:58 sri :)
18:06 elb0w sri, ever use gandi.net?
18:07 perlrocks Twitter: "Added new experimental hook to #mojolicious, please send feedback, also looking for ideas for more hooks. http://t.co/MeskF51 #perl" --kraih http://twitter.com/kraih/status/65477516453871616
18:07 sri elb0w: not yet
18:09 GitHub113 joined #mojo
18:09 GitHub113 mojo: master Sebastian Riedel * dca582c (1 files in 1 dirs): fixed teh typo - http://bit.ly/kk66Xc
18:09 GitHub113 left #mojo
18:20 arthas left #mojo
18:21 GitHub24 joined #mojo
18:21 GitHub24 mojo: master Sebastian Riedel * 8b652a3 (3 files in 3 dirs): added experimental hook function to Mojolicious::Lite - http://bit.ly/moREhN
18:21 GitHub24 left #mojo
18:22 vel left #mojo
18:34 GitHub151 joined #mojo
18:34 GitHub151 mojo: master Sebastian Riedel * 8a56e2d (1 files in 1 dirs): pod tweaks - http://bit.ly/ifvgDJ
18:34 GitHub151 left #mojo
18:37 Foxcool left #mojo
18:37 sri i think the next release will be a major one again
18:37 sri gonna need a new codename :)
18:38 sh4 left #mojo
18:41 xaka i'm talking to JSON RFC author so i believe we will know very soon the truth very soon about encode/decode rules! :-P
18:42 metaperl joined #mojo
18:42 metaperl jQuery made some serious breaks in compatibility with 1.6 - http://www.reddit.com/r/programming​/comments/h36p9/jquery_16_released/
18:46 metaperl left #mojo
18:49 j-v-e elb0w: gandi.net rocks !
18:49 elb0w yeah started using it
18:49 elb0w Hey does dev.elbowrage.com/gui/whereami work?
18:49 elb0w I am trying to change the dns
18:50 j-v-e Server not found
18:50 elb0w ok cool ty
18:50 elb0w Wish my router would propagate
18:50 elb0w :
18:50 j-v-e dig +trace dev.elbowrage.com @8.8.8.8 ;)
18:51 elb0w wha
18:51 elb0w ?
18:51 j-v-e 8.8.8.8 is the dns resolver from google, usually when you want to check your propagation
18:51 elb0w yeah
18:51 elb0w Is there a bot here?
18:52 j-v-e who ? purl  ?
18:52 elb0w dig?
18:52 purl groovy
18:52 elb0w oh
18:52 elb0w its a linux command?
18:52 j-v-e yep
18:52 elb0w ahhh
18:52 elb0w never used it
18:52 j-v-e I wonder if purl can do dns resolution
18:52 j-v-e purl: dig ?
18:52 purl groovy
18:53 sri real men use Mojo::IOLoop->resolve()
18:53 elb0w lol
18:53 j-v-e 0_0
18:53 elb0w Make some mojo shell tools
18:53 sri https://github.com/kraih/mojo/blob​/master/t/mojo/ioloop_online.t#L26
18:54 j-v-e sri: how do you check a dns propagation with mojo ? :)
18:54 elb0w A records are the right ones to use for ip right?
18:55 sri ipv4
18:55 elb0w lol?
18:55 purl lol is a much better acronym though. or a verb in dutch
18:55 j-v-e AAAA for ipv6
18:55 elb0w Ah
18:55 elb0w thought u meant ipv34
18:55 elb0w er
18:55 elb0w ipv4
18:55 elb0w for the type
18:55 elb0w :P
18:56 sri i hate the dns protocol with a passion
18:56 elb0w does it work now?
18:56 sri damn compression is so annoying
18:56 elb0w http://dev.elbowrage.com
18:56 j-v-e that is a very disturbing statement sri
18:57 * sri is disturbed
18:57 j-v-e elb0w: if you don't like dig or sri's solution, you can still test with http://network-tools.com/nslook/
18:58 elb0w ok
18:58 elb0w Do you happen to know what @ means in dns?
18:58 elb0w Is that the root site?
18:59 j-v-e it's the default record
18:59 sri you mean zone file
19:00 sri @ is the zone origin
19:00 elb0w ya
19:00 elb0w ok
19:00 elb0w so elbowrage.com would be @
19:00 sri ye
19:01 j-v-e careful: @ must point to an IP address, it can't be pointed to an alias or another record
19:02 elb0w yeah
19:02 elb0w it is
19:03 elb0w hmm I totally need gandi's NS in my zone file dont I
19:03 elb0w haha
19:03 elb0w shouldnt of deleted that
19:04 j-v-e {a,b,c}.dns.gandi.net
19:05 elb0w Wish they had chat support.
19:05 j-v-e do you use gandi's servers or your own ?
19:05 elb0w I have 3 boxes
19:06 elb0w a dreamhost, ec2 and a prgmr
19:06 elb0w well 4 if you could ventrilo
19:06 elb0w count*
19:07 j-v-e you use bind on those ?
19:11 elb0w I do A records
19:11 elb0w should I not?
19:11 elb0w dev 10800 IN A 50.17.234.147
19:11 elb0w is that incorrect?
19:12 j-v-e this is correct
19:12 elb0w guess its just slow
19:12 elb0w :(
19:13 elb0w j-v-e, you use gandi for your dns?
19:13 j-v-e yep, I've been using gandi since 2005
19:13 sugar joined #mojo
19:15 j-v-e dig tells me that your NS servers are the ones from gandi, did you make any changes to that ? are you using gandi interface or did you try to route everything to your own DNS server ?
19:15 elb0w It should be gandi
19:15 elb0w Im using their ns
19:16 j-v-e ]$ dig dev.elbowrage.com @a.dns.gandi.net
19:16 j-v-e dev.elbowrage.com.10800INA50.17.234.147
19:16 j-v-e seems correct
19:16 elb0w ah did it work now?
19:16 elb0w L*
19:16 elb0w wtf
19:17 elb0w http://www.downforeveryoneor​justme.com/dev.elbowrage.com
19:17 j-v-e you need to learn dig, it's indispensable when you work with dns
19:17 elb0w yeah never used it
19:17 elb0w is why im avoiding it haha
19:17 j-v-e dig dev.elbowrage.com @a.dns.gandi.net send the DNS request to a.dns.gandi.net directly
19:17 j-v-e so you can check that the record is properly set on gandi's server
19:17 j-v-e which it is
19:18 elb0w ok cool
19:18 j-v-e the rest is propagation
19:18 elb0w So it just needs to prop through all the routers then
19:18 j-v-e what operating system do you use ?
19:18 elb0w ubuntu
19:18 j-v-e install unbound, it's a DNS resolver that will listen on 127.0.0.1 on your local machine
19:19 j-v-e then do "dig dev.elbowrage.com @127.0.0.1" and unbound will perform the DNS resolution and send you the result
19:21 elb0w I have to be careful with that
19:21 elb0w Have to follow compliance rules
19:21 elb0w we have a restricted dns here
19:21 elb0w playing with dig now
19:21 elb0w its cool
19:23 j-v-e I use stuff like that when I'm watching a DNS propagation
19:23 j-v-e while [ 1 ];do dig +short dev.elbowrage.com @8.8.8.8;sleep 5;done
19:28 * elb0w wonders if its a bad idea to run his own mailserver
19:28 elb0w Mojo::SMTP
19:28 elb0w :o
19:28 elb0w I think im gonna go read up on dns, should probably learn it rofl
19:29 sri learning dns is very well worth it
19:29 elb0w yeah
19:32 vel joined #mojo
19:33 j-v-e I run my own DNS, SMTP, HTTP, XMPP, ....
19:33 j-v-e you learn a lot
19:34 elb0w Dont even know what XMPP is
19:34 * elb0w googles
19:35 elb0w oh
19:35 elb0w What smtp server do you use
19:35 elb0w postfix?
19:35 purl hmmm... postfix is pretty much a "drop on top" sendmail replacement, that works much the same way, but simplifies configuration, however, it's not entirely as configurable as sendmail. or (now included with Mac OS X Mac OS X 10.3!) or the DEFAULT MTA under 10.3 or like qmail, but without the hassle and nazi ideology
19:35 elb0w purl who made you
19:35 purl elb0w: i haven't a clue
19:36 elb0w purl who is your daddy?
19:36 purl Lenzo's my daddy!
19:36 elb0w purl delete
19:36 purl i heard delete was a built-in on any hash
19:37 elb0w I like this bot better then the one in #perl on freenode
19:37 non left #mojo
19:55 vel left #mojo
20:12 j-v-e elb0w: postfix cyrus-imap openldap postgrey dspam+postgresql nginx roundcube
20:13 j-v-e humm, davical also for the calendar
20:15 sri maybe more details on the list will help
20:16 * sri pats purl
20:16 * purl stabs
20:16 sri :/
20:18 j-v-e sri: I've been wanting to detail that architecture for some time now, but didn't find  the time/courage to clean the setup and write about it
20:23 sri still looking for a new codename btw.
20:23 sri something summer related maybe
20:27 j-v-e becks's bikini ? :)
20:27 sri that's a unicode symbol? Oo
20:27 j-v-e becks'n'bikini sound better
20:28 sri http://unicode.org/charts/PDF/U1F300.pdf # lots of good ones
20:30 j-v-e how do you display that in a terminal ?
20:31 sri you don't, unless you have a font that supports those symbols
20:32 * moritz likes 1f4ad "thought balloon"
20:35 sri HAIRCUT
20:45 sugar left #mojo
21:04 kaare left #mojo
21:09 mattastrophe joined #mojo
21:20 xaka moritz: are you there?
21:20 purl yes!
21:20 * xaka pushed purl...
21:20 moritz xaka: yes
21:23 xaka moritz: i've talked to Douglas Crockford and he said "Parsers MAY recognize additional forms." so....i don't know. I would be very happy to see that decode("10") == 10, not undef.
21:24 xaka but actually it depends on you, because you may, not must
21:25 * moritz doesn't get to the same conclusion after reading the RFC
21:26 xaka moritz: Douglas Crockford is the author of this RFC
21:26 sri he gave you his opinion
21:26 moritz xaka: that doesn't make him any more authorotative.
21:26 sri not his interpretation of his spec
21:27 moritz xaka: the spec has a grammar. If you follow that grammar, you don't parse non-object/array literals
21:27 moritz xaka: if it's Mr. Crockford's opinion that a JSON parser MAY accept non-JSON input, that's fine
21:27 sri right, the grammar doesn't leave much room for interpretation
21:27 xaka there is nto only grammar, but parser part of rfc and it says "JSON parser MUST accept all texts that conform to the JSON grammar."
21:28 sri i'm sure that phrase has context
21:28 xaka so "10" conform to grammar, is not?
21:29 sri not on its own
21:29 moritz xaka: no
21:29 moritz xaka: show me a path of productions that parese "10", starting form json-text
21:29 moritz *parse
21:30 sri "A JSON parser MAY accept non-JSON forms or extensions."
21:31 sri that's what crockford told you i guess
21:33 sri anyway, to end this discussion, i'm fine with the parser being strict and i have no interest in parsing non-JSON forms
21:35 xaka sri: i think so, but "10" is a still JSON form of number, just out of object or array. Actually it's the same as "[10]". I belive that part of rfc points to dates or times. Take a look at start of  JSON Grammar section: "A JSON text is a sequence of tokens.  The set of tokens includes six
21:35 xaka structural characters, strings, numbers, and three literal names." Yes, after that we also see "A JSON text is a serialized object or array." but it doesn't mean that your text must be object or array because grammar allows you string and numbers too.
21:36 sri i think the discussion is over
21:36 xaka sure, you're welcome
21:37 sri hmm, dunno why marcus likes breaking bad so much, it's kinda boring
21:50 marcus sri: how much did you watch?
21:50 sri season 2
21:50 purl season 2 is between 1 and 3.
21:50 * sri hugs purl
21:50 * purl nibbles sri's elbow
21:53 j-v-e sri: did you finish season 2 ?
21:53 j-v-e I remember it being quite slow in the middle and excellent at the end
21:54 sri not yet
21:55 j-v-e well, keep going, breaking is probably the best show of the last 3/4 years
21:55 * j-v-e hopes you watch it in english
21:55 sri of course :)
21:59 amoore left #mojo
22:04 ispy__ joined #mojo
22:06 ispy_ left #mojo
22:07 j-v-e rhaaaaa !!! end of the day, my turn to go home and drink
22:07 karamorf joined #mojo
22:08 * j-v-e is all the way into the fridge
22:09 karamorf I'm posting an array and it seems weird getting it on the server side, why do I need the brackets in my key like this: $self->param('settle_ids[]')
22:09 karamorf shouldn't I be able to just $self->param('settle_ids') and get my posted array?
22:10 sri urlencoded has no concept of array
22:10 sri what are you talking about?
22:12 karamorf right, so my query is "settle_ids%5B%5D=9&settle_ids%5B%5D=0", why can't I get that by accessing 'settle_ids' instead of 'settle_ids[]'?
22:13 sri because you called it settleids[]
22:14 sri "settle_ids=9&settle_ids=0" could be retrieved with "my @ids = $self->param('settle_ids');" i suppose
22:14 karamorf I did not, I called it settle_ids. Then because its an array it gets changed to settle_ids[] for the request (by the browser, not by me)
22:15 xaka karamorf: what the JS framework do you use to make a request?
22:15 karamorf jquery
22:15 miyagawa browsers would never do such a thing. JS framework might
22:15 karamorf $.ajax(...)
22:15 xaka karamorf: starting from 1.4 it converts arrays to that names (with a [] suffix)
22:16 karamorf just to force you to acknowledge that your dealing with an array?
22:16 xaka karamorf: and there is some function (dont remember now which one) which can convert it to oldest format, without []
22:16 karamorf meh, if its jquery doing it then I should just get used to doing it with []
22:18 xaka http://api.jquery.com/jQuery.param/ (jQuery.ajaxSettings.traditional = true)
22:18 xaka you can read a lot about it there
22:18 karamorf ahh, well sorry I tried to blame Mojolicious for that one ;)
22:19 xaka karamorf: actually you already have [] in your query_string so somebody sent it, not mojo :)
22:28 perlrocks Twitter: "Just got my #dotcloud invitation! Many thanks @dot_cloud :) Now on to try some #mojolicious deployments." --kappataumu http://twitter.com/kappatau​mu/status/65543177284751360
22:33 ispy__ left #mojo
22:41 j3nnn1 joined #mojo
22:52 karamorf left #mojo
23:32 k-man morning
23:32 * mateu is having a unicorn for dinner
23:33 k-man sri, I have written perl before, in fact I did a software engineering degree many moons ago, but I do not work in software at the moment. I dabble in perl once every 6 months or so
23:33 k-man after which I promptly forget everything I learn until the next time I need perl. at which point I go through the rigours or trying to remember how to use perl again
23:51 metaperl joined #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary