Camelia, the Perl 6 bug

IRC log for #mojo, 2012-04-21

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:42 mire joined #mojo
01:57 jwang joined #mojo
02:13 crab joined #mojo
02:14 crab from Changes (for 2.69): "Removed X-Forwarded-Host support since it is redundant for well configured reverse proxies."
02:14 crab could someone please explain that to me?
02:14 crab (preferably in small words)
02:21 crab ah yes. here's a mailing list post from the same day as the commit, also with no explanation. :-(
02:33 asarch joined #mojo
02:41 jnap joined #mojo
02:51 crab ok, irc logs help.
02:53 crab but that was not a nice change.
03:11 marcus joined #mojo
03:15 SmokeMachine joined #mojo
03:32 inokenty joined #mojo
03:39 xaka joined #mojo
06:01 inokenty joined #mojo
06:07 inokenty joined #mojo
06:36 Vandal joined #mojo
07:10 fibo joined #mojo
07:10 fibo hi all
07:12 SShewale joined #mojo
08:25 Htbaa joined #mojo
08:46 d4rkie joined #mojo
08:53 * sri yawns
08:57 kmx joined #mojo
10:19 ryanc joined #mojo
10:21 perlite joined #mojo
10:27 athenot joined #mojo
10:43 tempire joined #mojo
10:44 pooka_pook joined #mojo
10:44 reyjrar joined #mojo
10:47 GabrielVieira joined #mojo
10:55 smpb joined #mojo
11:10 marcus oh hai
11:10 marcus I agree with crab
11:11 marcus why did we drop x-forwarded-host?
11:11 marcus it's a senseless change that is bound to fuck over someone's production system, imo.
11:19 sri should have said so a month ago, now it's too late
11:20 sri it has been removed because it was useless
11:20 sri all our examples already rewrote the Host header properly
11:21 sri please review commits more frequently, that's why you're core devs -.-
11:22 marcus sri: not sure what to say to that. Sorry I missed your policy-breaking commit.
11:22 marcus don't see why it's too late to revert it tho
11:23 sri umm, no i did not break policy
11:23 marcus it's absolutely not useless for people who depend on it for their own proxy setup.
11:23 marcus sri: so it's warning about deprecations now?
11:23 sri all our examples still work
11:24 sri if we change it now we will have a security risk
11:24 marcus I don't see that
11:24 sri since people using the current examples will not be able to handle x-forwarded-host, which allows users to send arbitraxy x-forwarded-host headers
11:26 marcus sri: Only if they've set MOJO_REVERSE_PROXY ?
11:27 athenot joined #mojo
11:27 sri how does that change anything?
11:27 marcus Because you'd expect x-forwarded-host to be handled then.
11:27 marcus if we reverted it, we'd revert the docs as well...
11:27 sri umm
11:27 sri they have been out for a month now
11:28 sri people have set up proxy servers during that time
11:28 marcus I'd love to hear what tempire thinks about this as well.
11:28 sri breakage is unfortunate, but a security risk is unacceptable imo
11:28 marcus he
11:28 marcus I don't see how this could cause a serious security problem
11:29 marcus people can set arbitary host: headers in their http requests as well.
11:30 sri whatever
11:30 purl whatever is going on there is going to be a bitch to figure out :)
11:30 * sri goes back to watching fringe
11:30 marcus I bet more people have not upgraded and been hit with this issue than there are people who have setup.
11:30 marcus sri: I'd like to hear what tempire thinks about this as well.
11:30 sri i'm gonna stay out of it
11:32 * marcus tries muevent on perl6 while waiting for tempire to wake up.
11:32 sri obviously crab doesn't care enough to stay around for an answer either
11:33 marcus sri: that is probably not why he left.
11:35 marcus sri: note that personally I use https://metacpan.org/module/Mo​jolicious::Plugin::RequestBase , so I am not affected by this issue.
11:36 sri you would have to configure your reverse proxy wrong to be bitten by this
11:40 marcus sri: mod_proxy documentation actually says that ProxyPreserveHost should usually be off ;)
11:41 sri reasoning?
11:41 marcus "This option should normally be turned Off. It is mostly useful in special configurations like proxied mass name-based virtual hosting, where the original Host header needs to be evaluated by the backend server."
11:42 sri that sounds just old
11:42 sri http1.0 old
11:44 sri they are not recommending x-forwarded-host, but relative urls obviously
11:44 marcus that's a patchy server for you
11:44 marcus they do document x-forwarded-host support tho
11:44 sri old
11:45 sri for nginx preserving the host header is recommended
11:45 nicolasbd joined #mojo
11:45 marcus so legacy setups will be affected, not just incorrect ones.
11:45 sri i don't care about legacy
11:46 sri we've been documenting good setups forever
11:47 nicolasbd hi .. i'm new to mojolicious and i can't figure out how i should name my packages .. i've a "lib" folder that contains "MyApplication.pm" and a Subfolder "MyApplication" where i put my controllers.. what sould be their package name ? "MyApplication::MyController" ? or just "MyController" ?
11:47 nicolasbd and when a controller calls another one, sould it call "MyApplication::MyController" ? or just "MyController" ?
11:48 sri marcus: if you want to deprecate X-Forwarded-Host support please work out a plan and patch
11:48 sri and have a vote
11:49 sri if you can get ahold of crab...
11:54 nicolasbd any idea ?
11:54 purl i heard any idea was welcomed.
11:59 sri wow, fringe is awesome
12:19 d4rkie joined #mojo
12:25 mire joined #mojo
12:40 baton8 joined #mojo
12:48 marcus wow, perl6 is far from ready
12:48 * marcus is preparing a pull request to make perl6 --help output something useful.
12:50 sri does perl6doc exist yet?
12:51 sri i think the only chance for perl6 to ever truly happen would be a slowly evolving perl6 to perl5 compiler
12:51 sri possibly using a source filter
12:52 sri CoffeePerl6
13:04 Psyche^ joined #mojo
13:19 marcus sri: there is one
13:20 marcus Perlito
13:26 sri seen it, but it appears to lack focus
13:27 marcus I was a bit surprised when I found out rakudo doesn't support heredocs or __DATA__ sections
13:27 marcus it would make a port challenging :)
13:39 sri bet there is a lot more missing ;)
13:40 sri features that once existed also get lost with every rewrite of rakudo
14:26 GitHub169 joined #mojo
14:26 GitHub169 [mojo] kraih pushed 1 new commit to master: http://git.io/zXmTqg
14:26 GitHub169 [mojo/master] added support for TO_JSON method to Mojo::JSON (closes #289) - Sebastian Riedel
14:26 GitHub169 left #mojo
14:32 SmokeMachine joined #mojo
14:38 sri http://grep.cpan.me/?q=TO_JSON # apparently it's already a convention, even though it's very ugly
14:50 marcus sri++ # sucumbing to group pressure
14:51 sri that's how i roll
14:52 vel joined #mojo
14:57 GabrielVieira2 joined #mojo
15:07 Leandr joined #mojo
15:24 d4rkie joined #mojo
15:25 GitHub11 joined #mojo
15:25 GitHub11 [mojo] kraih pushed 1 new commit to master: http://git.io/9dvdMw
15:25 GitHub11 [mojo/master] small optimizations - Sebastian Riedel
15:25 GitHub11 left #mojo
15:48 Psyche^ joined #mojo
15:49 michale joined #mojo
15:54 Foxcool joined #mojo
16:02 Leandr joined #mojo
16:17 vel joined #mojo
16:34 SmokeMachine joined #mojo
16:38 mire joined #mojo
16:47 xaka joined #mojo
16:48 fod joined #mojo
16:50 fod left #mojo
17:02 asarch joined #mojo
17:02 batman joined #mojo
17:23 tempire grep.cpan.me is a neat service
17:23 sri indeed
17:34 fibo joined #mojo
17:40 tempire it might be a good idea to have a convention where deprecations are explained somewhere.
17:40 tempire actually, let me revise that - it is a good idea
17:41 sri logical choice would be Changes
17:42 tempire some changes aren't sufficiently explained in one or two lines, though.  cluttering up the changes file would limit its  usefulness
17:43 sri blog them ;p
17:44 tempire marcus: I don't see the problem with the removal of x-forwarded-host.  Though I admit, I haven't used it in so long, I might be missing something.
17:46 * sri thinks marcus is busy making perl6doc pretty :o
17:47 marcus tempire: if you're using it, your app will stop working when you upgrade mojo.
17:47 marcus sri: I'm done with it, am planning to bike home now
17:47 marcus sri: I also gave perl6 a somewhat useful --help
17:47 sri marcus: i've not seen your deprecation plan yet
17:47 tempire I understand that...but do you propose it to be kept forever?
17:48 marcus tempire: I suggest a warn about deprecation when we see X-forwarded-host.
17:48 sri a) all out example configs keep working after the change b) it's not like we could show a deprecation warning here, so it will prolly just delay breakage
17:48 sri lol
17:48 sri i'm certain someone will see that warning going to /dev/null!
17:49 marcus to the error log, surely?
17:49 sri spamming the error log, that will end well
17:50 tempire hmm
17:50 marcus it would only spam people who depend on this functionality
17:50 marcus which is better than suddenly making their app stop
17:50 marcus which is likely what happened to crab last night, although who knows, since he just logged off :-/
17:50 sri it's been a month and no app stopped so far
17:51 tempire that seems sensible to me.  the point is for them to change how the reverse proxy is configured.  so spamming the log will encourage that, and give them a direction to go in.
17:51 marcus sri: a month is not long in sysadmin-world
17:51 tempire a month assumes that everyone is upgrading continually.  I don't think that's the case
17:51 sri well, make it clean and simple and i won't object
17:51 * tempire agrees with marcus on that last point
17:52 tempire go go marcus!
17:52 * tempire pictures marcus coding on his bicycle
17:52 marcus I'll get to it tonight when I get back home.
17:52 marcus have to finish this code review of my perl6 pull request first
17:53 sri http://www.bikerumor.com/wp-content/uploads/2​009/08/instructables-eee-pc-bicycle-mount.jpg
17:53 tempire those crazy vikings
17:54 tempire or, I guess that's from finland
17:55 Foxcool_ joined #mojo
17:57 * tempire has spent entirely too much time reading dotsies
17:58 * sri bets that deprecation warning will cause more trouble than the removal
17:58 inokenty My applications work fine with the latest version of Mojolicious. I use Apache mod_proxy
17:58 tempire why?
17:59 sri it will turn out that most of our users do use the recommended configuration and would have to do nothing after the removal, but the log spam will force them to change their configs
18:00 tempire because it would warn on reception of the x-forwarded-host header, even if they didn't depend on it
18:00 sri yea, which is not really a problem
18:00 sri all our examples pass along Host headers just fine, so it would just keep working
18:00 sri the deprecation error message makes it a problem
18:01 tempire that is reasonable
18:01 * tempire throws the gauntlet in marcus' direction
18:02 sri i'm also not sure X-Forwarded-Host can be disabled in apache
18:02 sri that's another problem, those headers might come bundled with sensible ones
18:02 sri which would result in error messages that can't be disabled
18:03 sri this is a wayyy bigger can of worms than the removal :)
19:09 ispy_ joined #mojo
19:25 SmokeMachine_ joined #mojo
19:45 SmokeMachine joined #mojo
20:17 mire joined #mojo
20:20 marcus If x-forwarded-host is still set when PreserveHost is set, then I agree we cannot do it.
20:26 tempire ding!
20:26 tempire the match is over!
20:26 tempire points assigned
20:28 marcus I cannot be bothered to setup apache to check if it's the case, so I guess I don't care enough.
20:28 perlite joined #mojo
20:29 tempire I find myself not caring enough for anything regarding apache
20:31 marcus I realized osx ships with apache, and tested the cookbook setup.
20:31 marcus http://www.evernote.com/shard/s22/sh​/ce644c63-12d4-4c39-95eb-9822a36baa1​4/5509225b64bc662116b98be52969d019 - sri is right
20:32 tempire I find that to usually be the case.
20:32 tempire Does that make me a fan?
20:33 marcus fanboi
20:33 marcus ;)
20:34 tempire how did you get that pretty evernote/skitch page?
20:34 marcus tempire: evernote bought skitch
20:34 tempire yeah, but I still get this: https://skitch.com/e-tempir​e/8whjd/attachment-468x585
20:35 tempire unless I post to my own server
20:35 marcus just go to preferences and choose evernote in share
20:35 marcus ssh posting broke for me with this update actually
20:35 tempire my ssh server died a while ago, and I haven't taken the time to fix it
20:36 tempire I don't mind that evernote page, though
20:36 marcus it's not bad
20:36 * marcus installs octogit
20:37 marcus (http://myusuf3.github.com/octogit/)
20:37 tempire I'm biased against python cli tools
20:38 tempire but I'll try it
20:42 marcus http://www.evernote.com/shard/s22/sh​/1901e1f4-e77a-4298-9f65-5ec30ba7806​e/5ea87d2040cf9b083d2d0024024636b3
20:51 sri purple apples seriously?
20:52 sri font rendering looks pretty awful too
20:52 sri is that iterm?
20:54 marcus It is.
20:58 tempire super cool.
20:58 purl hmmm... super cool is overrated.
20:58 SmokeMachine joined #mojo
21:04 sri reminds me to check the css list again for spec discussions
21:06 sri hmm, no interesting discussions
23:06 xaka joined #mojo
23:10 GitHub61 joined #mojo
23:10 GitHub61 [mojo] kraih pushed 1 new commit to master: http://git.io/EuBong
23:10 GitHub61 [mojo/master] mention why multiple MIME types are ignored - Sebastian Riedel
23:10 GitHub61 left #mojo
23:55 * tempire is an interesting discussion
23:56 * sri wants to discuss tempires beard

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary