Camelia, the Perl 6 bug

IRC log for #mojo, 2012-03-03

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 sri wow
00:09 xaka joined #mojo
00:14 Elraraniel wait, a web dev company that publishes books? as in, PAPER books?
00:52 phillipadsmith what books are we talking about here, boys?
01:03 sri http://www.fivesimplesteps.co​m/products/the-icon-handbook
01:12 tempire memowe++
01:12 tempire lulz http://memowe.github.com/contenticious/AWESOME.png
01:13 tempire this is an excellent site.
01:17 * sri loves the derptopus
01:17 sri http://memowe.github.com/contenticious/kraken.jpg
01:17 tempire derp!
01:18 sri purl: derptopus is http://memowe.github.com/contenticious/kraken.jpg
01:18 purl OK, sri.
01:18 sri herp derp
01:18 purl i think herp derp is at http://derper.com/images/derp/Herp_Derp_Horse.jpg
01:27 Elraraniel purl: I love the internet
01:27 purl Elraraniel: sorry...
01:27 Elraraniel lol
02:08 jnap joined #mojo
02:36 memowe tempire: glad you like it! :) (btw: screencast planned, but give me some ... months)
02:37 memowe sri: so, derptopus is arrowctopus?
02:56 jr joined #mojo
03:01 fibo joined #mojo
03:39 jnap joined #mojo
05:47 kaare joined #mojo
06:34 kaare joined #mojo
07:27 d4rkie joined #mojo
07:38 inokenty joined #mojo
07:49 marcus memowe: awesome site
07:51 marcus memowe: may I humbly suggest a link at the bottom of http://memowe.github.com/content​icious/first_steps/prepare.html to the cookbook guide for web server deployment?
08:03 marcus http://www.ratemyfunnypictures.com/wp-conte​nt/uploads/2011/02/herp-derp-searching.png
09:21 black joined #mojo
09:24 black joined #mojo
09:27 marcus robot swarms scare me.
10:53 black joined #mojo
12:38 jnap joined #mojo
12:52 inokenty joined #mojo
13:56 GabrielVieira joined #mojo
14:18 mire joined #mojo
14:31 pfig joined #mojo
16:00 SmokeMachine joined #mojo
16:19 pfig_ joined #mojo
16:20 sri oh, cholcolatapp apparently has a vim mode too now
16:47 Elraraniel joined #mojo
16:50 vel joined #mojo
16:54 kaare joined #mojo
17:04 GitHub49 joined #mojo
17:04 GitHub49 [mojo] kraih pushed 1 new commit to master: http://git.io/wnKi6w
17:04 GitHub49 [mojo/master] mention security feature in body_params description - Sebastian Riedel
17:04 GitHub49 left #mojo
17:12 Netfeed sri: still broken perl though :P
17:12 sri sadly
17:12 Netfeed yeah
17:22 mire joined #mojo
17:24 ruz sri: micro-optimizations in template.pm broke multiline blocks
17:24 ruz http://pastie.org/3512723
17:34 sri ruz: i'll look into it
17:35 mattastrophe joined #mojo
17:39 GitHub14 joined #mojo
17:39 GitHub14 [mojo] kraih pushed 1 new commit to master: http://git.io/EhXMCw
17:39 GitHub14 [mojo/master] fixed small multiline expression bug introduced by recent micro-optimizations in Mojo::Template - Sebastian Riedel
17:39 GitHub14 left #mojo
17:39 sri ruz: thanks, fixed
18:07 xaka joined #mojo
18:18 abra joined #mojo
18:22 dog_chocolate joined #mojo
18:22 d4rkie joined #mojo
18:23 Elraraniel1 joined #mojo
18:23 dog_chocolate HI, been looking and can't find much on this, mojolicious vs mojolicious::lite, when would you switch?  been reading the lite docs and it looks great, then discovered mojolicious and it seems more catalyst like losing a lot of thee neat syntactic shortcuts
18:24 vervain dog_chocolate: Whenever you feel like it.  For me it was nearly instant for the main app I'm building.
18:24 vervain but Lite is a great thing to have around still for quick examples and smaller sites I do.
18:25 vervain But... that's not to say that Lite is any less capable.
18:25 dog_chocolate been looking through the lite docs mainly but full mojolicious doesn;t seem to support the "get '/' =>" syntax does it?  Swithing means quite a bit of rewriting?
18:26 vervain tempire put together a great example of on app done in both: https://github.com/tempire/MojoExample
18:26 dog_chocolate vervain: nice ta
18:26 sri http://mojolicio.us/perldoc​/Mojolicious/Guides/Growing # there's also a whole guide about that
18:26 vervain You are correct... Lite does provide the syntactic sugar for the routers.
18:27 sri you'll be surprised by how much code can stay the same
18:27 vervain And yes... what sri said... was working up to that part.
18:28 vervain I can say that I don't really 'miss' the Lite syntax when I'm not using it.
18:29 dog_chocolate any thoughts on when you'd use lite and when you'd go for the full app? I'm going to put together a blog app for learning purposes, I'd presume lite would do it, but I'd be better off using full molicious
18:30 sri starting with a lite app is never wrong
18:30 sri when you start to feel it is getting harder to maintain, that's the point where most switch
18:33 vervain I can add that for learning purposes it helped me to learn the both... and then what/how Lite was doing to help.
18:35 dog_chocolate alrighty cheers, i shall read further
18:36 vervain Have fun :-)
18:38 sri hmm, the wiki could use some gardening
19:08 pfig joined #mojo
19:31 tempire dog_chocolate: also, http://blogs.perl.org/users/tempire/2​012/02/mojolicious-full-and-lite-apps​---understanding-the-difference.html
19:31 sri hmm
19:32 * sri wonders if http://groups.google.com/group/mojolicio​us/browse_thread/thread/a92e2272c9b1235f is the right strategy
19:32 * sri pokes marcus, tempire and crab
19:32 marcus Hi
19:32 purl hey, marcus.
19:33 sri strategy right now is not to parse anything if it's not already in memory
19:34 tempire a 1/4 of a meg is a huge amount of data
19:34 marcus Wouldnt it be better to store it to disk?
19:35 sri marcus: i don't think you're understanding the problem
19:35 marcus Sorry, just glanced.
19:35 marcus Watching my week with marilyn.
19:36 sri everything below 250kb is kept in memory, everything above written to disk
19:36 sri we don't parse data once it's written to disk, since the user already decided it's too big to be kept in memory
19:36 tempire so is there any way to access that request data manually?
19:36 sri no
19:36 marcus Sri: seems sensible, but maybe we could log a warning?
19:37 sri well, there is always a way
19:37 marcus Debug level or so.
19:37 sri but no pretty one
19:37 sri marcus: you're welcome to make a proposal
19:37 tempire I don't know about parsing, but I think there should be a way to access the disk data.
19:37 sri there is
19:37 sri it's just not pretty
19:38 sri just automatic parsing is disabled since it would trigger whenever someone uses $self->param() in a mojolicious app
19:38 sri no matter if the submitted form was a 1gb file upload
19:38 tempire gist?  or general explanation?  or line-o-code?
19:38 sri it's a very complicated problem, i would very much appreciate it if you could take a closer look
19:39 tempire give me some hints/place to look
19:39 marcus I need a better github browser for ipad.
19:39 sri https://github.com/kraih/mojo/blo​b/master/lib/Mojo/Message.pm#L444
19:39 sri https://github.com/kraih/mojo/blo​b/master/lib/Mojo/Message.pm#L66
19:40 sri https://github.com/kraih/mojo/bl​ob/master/t/mojo/request.t#L615 # and a test
19:41 sri https://github.com/kraih/mojo/bl​ob/master/t/mojo/request.t#L824 # multipart test
19:41 sri there might actually still be holes in the strategy, so it's kinda important that this gets a review
19:42 sri in fact, i have an idea for an exploit
19:46 sri afraid i have no ideas how to improve it though, so i'll leave it to you guys ;p
19:47 sri btw. the protection has not been in place for very long, so leaving it up to the user entirely is also still an option
19:47 tempire fyi: I added a link on mojoexample to the blog entry explaining full/lite differences
19:50 tempire hmm
19:50 tempire the new perlfind accepts plugins
19:50 tempire a plugin for mojolicious-related topics might be nice
19:50 tempire env variables maybe
19:58 sri perhaps we even have too many protections in place
19:58 sri it only makes the user think they are protected from everything
20:15 sri if there's no interest i'll remove the protection and leave it entirely up to the user
20:16 sri as far as i can see most frameworks just limit the maximum message body size
20:16 xaka joined #mojo
20:17 sri all we need in that case would be a tiny warning that incresing the value for file uploads and the like is risky
20:54 sri marcus, tempire, crab: i expect a yay or nay vote for the removal of the form value protection
20:54 marcus Sri: aye.
20:54 marcus Either remove or disable by default.
20:56 sri keeping and disabling seems like the worst option
20:57 sri i barely managed to explain it to you ;p
20:58 sri marcus: you do get it now right?
20:58 marcus Yes.
20:59 sri without the protection we would happily slurp a 10gb urlencoded form value into memory for parsing
20:59 sri someone just has to call $self->param('foo')
20:59 marcus Yeah.
20:59 sri ok
21:00 marcus I think ngnix has some request size protection by default.
21:00 sri and i suppose you're in favor of a small warning next to the max_message_size value?
21:00 sri we do too
21:01 sri but you have to increase the limit for file uploads
21:01 marcus Right, so I think that should be sufficent.
21:01 marcus Yeah, but not to 10gb, usually :)
21:02 Netfeed so, we can start sending movies to mojo apps if you change it for shits and giggles?
21:03 sri you can send movies to me
21:04 Netfeed try netflix, easier and leagal
21:04 sri no netflix in germany :,(
21:04 Netfeed http://unblock-us.com/
21:04 Netfeed seems kinda easy with that
21:04 sri isn't that illegal too?
21:05 sri i have to give a fake address after all
21:05 sri illegal and they have my payment info... seems worse than pirating
21:05 Netfeed no idea, i've not tried it as i don't have a tv yet, but a friend says that it works like charm
21:06 sri in fact, pirating is kinda legal in germany as long as i don't upload
21:06 Netfeed yeah, in sweden too
21:07 sri so doing "the right thing" is the only option that might make me a criminal :S
21:07 sri it's absurd
21:07 Netfeed but you get easily accesed hd tv/movies :P
21:12 tempire Um
21:12 tempire I thought it was already disabled.
21:12 tempire Oh, you mean not affected by the env variable?
21:14 sri tempire: ?
21:15 sri https://github.com/kraih/mojo/blo​b/master/lib/Mojo/Message.pm#L80
21:15 sri https://github.com/kraih/mojo/blo​b/master/lib/Mojo/Message.pm#L485
21:15 sri i'm talking about the removal of these two lines
21:17 jnap joined #mojo
21:22 pfig joined #mojo
21:33 GitHub17 joined #mojo
21:33 GitHub17 [mojo] kraih pushed 1 new commit to master: http://git.io/wj9woQ
21:33 GitHub17 [mojo/master] replaced protection from excessively large form values in Mojo::Message with documentation - Sebastian Riedel
21:33 GitHub17 left #mojo
21:34 sri it can still be undone should someone object
21:39 sri hope the warning is clear enough
21:40 sri oh, we ususally start warnings with "Note that..."
21:41 sri Note that increasing this value can also drastically increase memory usage, should you for example attempt to parse an excessively large message body with the C<body_params>, C<dom> or C<json> methods.
21:41 tempire so they'll be able to read any size, limited by the MOJO_MAX_MESSAGE_SIZE
21:42 tempire I think that's fine.  It's what I would have expected before.
21:42 GitHub66 joined #mojo
21:42 GitHub66 [mojo] kraih pushed 1 new commit to master: http://git.io/c3A-sQ
21:42 GitHub66 [mojo/master] slightly better warning - Sebastian Riedel
21:42 GitHub66 left #mojo
21:44 sri well, sending a huge form value to an file upload form is kinda trivial
21:44 tempire yeah, but they'll be forced to consider the issue when they adjust the env var
21:44 sri ye
21:46 sri think i'll upload a sneaky release without announcement to hide my mistakes :)
21:48 sri then again... how many will actually encounter the current behavior and expect it to be a feature
21:48 sri besides the guy on the list
21:48 sri even he thought it was a bug
21:52 sri any accomplice want to do the secret release for me? :D
21:54 * sri shrugs
21:57 * sri is just kidding btw. before today it wasn't even mentioned in the documentation
21:57 sri just thought it might be a good idea not to risk anyone else depend on the behavior
22:01 * tempire uploads sri without setting MAX_MESSAGE_SIZE
22:01 tempire *sri dissipates into the ether*
22:01 sri :(
22:08 GitHub43 joined #mojo
22:08 GitHub43 [mojo] kraih pushed 1 new commit to master: http://git.io/qApZnw
22:08 GitHub43 [mojo/master] MOAR DOTS - Sebastian Riedel
22:08 GitHub43 left #mojo
22:37 dog_chocolate is it possible to do a match all in a route?
22:37 dog_chocolate something like "my $auth = $r->bridge('all')->to(sub { warn 'AUTH CODE'; 1; } );"
22:38 dog_chocolate then obviously the rest of your routes go $auth->route etc...
22:39 tempire $r->bridge('/')
22:40 dog_chocolate ah right, i assumed that would just match a root request
22:44 sri $r->bridge() works too if that makes you feel better :)
22:45 dog_chocolate it's just clicked it's chained
22:45 dog_chocolate um nested
22:46 tempire or bridged :)
22:46 dog_chocolate yes bridged =)
22:48 vel joined #mojo
22:48 dog_chocolate doesn't seem to run on a 404 though, not that it matters in this case but you might think bridge() would match even the following path didn;t exist
22:49 dog_chocolate probably matching backwards then executing forwards or something

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary