Camelia, the Perl 6 bug

IRC log for #mojo, 2013-10-30

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:18 good_news_everyone joined #mojo
00:18 good_news_everyone [mojo] kraih pushed 1 new commit to master: http://git.io/Fsq4Sw
00:18 good_news_everyone mojo/master c6ddf11 Sebastian Riedel: a few more small optimizations
00:18 good_news_everyone left #mojo
00:20 good_news_everyone joined #mojo
00:20 good_news_everyone [mojo] kraih tagged v4.53 at b4aa6f1: http://git.io/lcODXg
00:20 good_news_everyone left #mojo
00:25 sri jberger: me too!
01:04 laouji joined #mojo
01:10 forke joined #mojo
01:27 marty mango question: does anyone know if there is an easy way to turn an ISO date into a objectID?  something like bson_oid_from_date("2013-10-11T07:00:00.000Z")
01:33 laouji_ joined #mojo
01:37 lestrrat joined #mojo
02:00 d4rkie joined #mojo
02:09 beyondcreed joined #mojo
02:12 asarch joined #mojo
02:13 jberger_ marty, why not just use the string? Append some random number of you need to
02:13 marty I need to convert it to an ObjectID so I can do a date range query in Mongo using the _id field.
02:15 marty Right now I use a helper that I created and it looks like Frankenstien.
02:15 marty It's almost halloween. I could scare the kids with my mojo helper!  mwahhhahahah
02:19 laouji joined #mojo
02:20 * tempire rolls
02:34 johnny5_ joined #mojo
02:41 sri marty: and added :) https://github.com/kraih/mango/commit/2​dba4883f5f9b419449241d7e31a52b3a3b6f57d
02:46 duncanthrax joined #mojo
03:15 KindTwo joined #mojo
03:36 johnny5_ joined #mojo
03:43 johnny5_ joined #mojo
04:05 johnny5_ joined #mojo
04:07 johnny5_ joined #mojo
04:17 asarch joined #mojo
04:32 dqw112 joined #mojo
04:38 asarch joined #mojo
04:46 franz joined #mojo
04:50 franz Do any of you all know what I would search for if I am interested in keeping a database and website in synch for all users.
04:50 franz As the database changes those changes are immediately displayed on the website.
04:55 preflex_ joined #mojo
05:07 bpmedley franz: WebSockets and/or EventSource?
05:14 johnny5_ joined #mojo
05:23 franz bpmedley, EventSource.
05:24 johnny5_ joined #mojo
05:37 marcos i think that was an answer, not a question.
05:37 marcos as in, "search for websockets and/or eventsource"
05:38 marcos i often get confused when answers are phrased as questions (i.e. with a question mark), but i tend to do it too.
05:39 dotandimet joined #mojo
05:41 franz :)
05:41 franz ok
05:43 marcos i think the basic idea is just to detect database changes on the server and broadcast events which the clients subscribe to and act upon.
05:43 marcos or, depending on what your database is, maybe you don't have to "detect" changes because you're the only code that can change it anyway, in which case you just send an event when you change something.
05:44 marcos otherwise you poll, or better still use something like postgres's LISTEN/NOTIFY.
05:44 marcos i don't know how familiar you are with eventsource already, so i don't know if all this is useful to you.
05:44 marcos but if you have more specific questions, maybe i can help
05:44 franz I am trying to figure out how to do it with sqlite. I kinda get the eventsource thing so far.
05:46 franz Basically I have a process that goes out to about 50 servers, grabs a bunch of information and updates a database. This is done every minute or so. The information is presented in a table on the page. I also have a few columns in that table that are editable, and those changes are also written to the database. So, when said process updates the database...
05:46 franz the latest data would be pushed to everyone viewing the table, and when a user edits a column (which updates the database as well), that is push immediately to all users viewing the page.
05:46 marcos if it's only once a minute, you can just broadcast a "refresh" event when that happens and let the clients reload everything?
05:47 franz I have an idea how to do it, since I have a "chat area" on the site that sends a broadcast message when someone does an edit.
05:47 marcos and if someone changes some specific data, then you can broadcast just that change.
05:47 franz yeah, that's a good way to do it. I think I am just at a point where I need to step back for a bit and really try to figure out what I am trying to accomplish :)
05:48 johnny5_ joined #mojo
05:48 franz But most definitely I will be using an EventSource (websockets is not supported for people viewing the page).
05:48 franz i.e., their browser does not support websockets (FF 10)
05:49 marcos i tell thee straight, you're lucky that you can rely on eventsource.
05:49 franz Why is that? Is it not a very reliable method?
05:49 marcos when i did something like this, i had to rely on an ordinary http connection that was never closed, and just keep sending snippets of html over it.
05:50 marcos franz: no, eventsource is reliable, i just meant that you're lucky that you don't have to worry about browsers that don't support it.
05:50 franz ohh, haha... yeah I am glad I am dealing with something at least semi-modern.
05:50 franz I'm also very lucky that I am doing this in an environment with Perl 5.16 :)
05:50 franz I'm used to developing in Solaris 9 running Perl 5.8.4
05:50 franz so this is quite nice
05:51 franz Fortunately every person using this site is using the same browser/version, and their browsers support EventSource. We are not always so lucky, that's for sure.
05:55 marcos i had an ie8+ requirement, and one client's "it department" sent an angry letter written in the style of a "show cause" notice from some court asking why.
05:56 marcos i sent them back a link to some page that explained how broken and insecure ie6 was, and that was the last i ever heard from them.
05:56 franz I'm amazed that an IT department would even have to ask that question.
06:17 Vandal joined #mojo
06:25 d4rkie joined #mojo
06:46 lizzin joined #mojo
07:01 dotandimet joined #mojo
07:02 dpetrov_ joined #mojo
07:08 johnny5_ joined #mojo
07:57 kanishka joined #mojo
08:03 dod joined #mojo
08:13 gtodd joined #mojo
08:14 maxhq joined #mojo
08:16 trone joined #mojo
08:17 maxhq1 joined #mojo
08:19 hrupp joined #mojo
08:19 gedge joined #mojo
08:30 dod joined #mojo
08:33 dotandimet joined #mojo
08:35 iSlug joined #mojo
08:44 martin joined #mojo
08:46 martin brain melt again...how do I define a route that points  mysite.com/   to mysite.com/index.html   where index.html is in the public area ?
08:46 Jonis joined #mojo
08:50 batman echo "yay!" > public/index.html
08:54 martin I've got the public/index.html in place , if I call   mysite/index.html it works , but how do I route mysite.com to point to that file ?
08:55 bpmedley_ joined #mojo
08:58 alnewkirk joined #mojo
09:01 nicolaas joined #mojo
09:02 themage joined #mojo
09:06 batman https://metacpan.org/pod/Mojoli​cious::Plugin::HeaderCondition ?
09:06 batman martin ^
09:06 marcos what?
09:07 marcos why HeaderConddition?
09:07 odc yeah, why not use render_static('index.html')
09:08 batman because you're talking about mysite.com
09:08 martin I'm not using a lite app,  and the routes are setup with  $r->route('/') ....
09:08 batman but maybe you're just asking about get('/')->to(cb => sub { shift->render_static('index.html') }); ?
09:09 martin yeah, that sounds about right !
09:09 Jonis joined #mojo
09:09 batman the plugin does not care about lite/full app
09:09 odc yup! something like that (i never used the full mojolicious)
09:10 martin Can't locate object method "render_static" via package "Mojolicious::Routes::Route
09:10 martin sorry .. stupidity myside, had old code there
09:10 mire_ joined #mojo
09:11 martin all working, thanks very much for pointing me at that.
09:12 dotandimet joined #mojo
09:18 marcos batman: oh, you were thinking of something like virtual hosting with HeaderCondition?
09:18 batman s/hosting/host/ yes
09:24 basic6 joined #mojo
09:45 Jonis I don't think I'm supposed to be able to crash my linode with a replace command in vim, am I? :s/\n//g ate all the memory and oom-killer did the rest it seems.
09:46 Jonis it's a 14k-ish line file that I ran a badly thought through replace on
09:50 Jonis oh, wrong channel. sorry
09:51 marcos good job.
09:53 arthas joined #mojo
10:39 dqw112 joined #mojo
10:51 kanishka left #mojo
10:58 mire_ joined #mojo
11:38 fhelmber_ joined #mojo
11:44 rem_lex joined #mojo
11:44 maxhq joined #mojo
11:45 fhelmber_ joined #mojo
11:58 bowtie_ joined #mojo
12:15 lizzin joined #mojo
12:23 dotandimet joined #mojo
12:47 marty bson_oid->from_epoch! sri++
12:47 marty That is a very useful feature, sri.   Thanks!
12:50 markus joined #mojo
12:50 markus Hello
12:53 markus Can someone explain me, what "my $config = plugin JSONConfig => {file => '/etc/myapp.conf'};" this is for an syntax? I read this in the documentation, but got an syntax error for that line. :-/
12:54 moritz it's a subroutine call.
12:54 markus When i write "my $config = $self->plugin('JSONConfig');" it's working perfectly
12:54 markus yeah, but why do i get a syntax error?
12:54 moritz markus: are you in a ::Lite app?
12:55 markus no, im in use Mojo::Base "Mojolicious";
12:55 markus if you mean that
12:55 moritz then that's likely the explanation
12:55 markus ahh okay
12:55 moritz the 'plugin JSONConfig =>  ...' requires that a subroutine 'plugin' is available
12:55 moritz and that's only in Lite apps
12:56 markus hmm
12:56 markus thats bad
12:56 markus but why is the other kind of notation working?
12:57 moritz the $self->plugin() ?
12:57 markus yes
12:57 moritz because it's a method call, and method calls are late bound
12:57 markus okay
12:57 moritz (ie don't depend on the existence of a pre-declared routine)
12:57 markus okay
12:58 markus so i have to use this kind of notation and tell it, which file i want to read. Where my next problem is :)
12:59 markus in the documentation its only explained for the "Lite version"
12:59 moritz just do it as $self->plugin(JSONConfig => {file => '/etc/myapp.conf'})
13:01 markus yeah thanks! Thats what i was looking for. I think its hard to me, to find everything in the docu :/
13:01 moritz well, knowing a bit Perl also helps :-)
13:03 markus hmmmm yeah, thats right, but i don't saw a list with parameters for this plugin
13:03 markus I tried to find it on http://mojolicio.us/perldoc/Mojol​icious/Plugin/JSONConfig#template
13:05 markus but perhaps i was looking on the wrong place, i dont know ;)
13:07 punter joined #mojo
13:27 dec_ joined #mojo
13:29 sri \o\
13:29 sri /o/
13:39 btyler joined #mojo
13:40 marty sri:   ->query({_id => {'$gte' => bson_oid->from_epoch(str2time($start)), '$lte' => bson_oid->from_epoch(str2time($end))}})  works wonderfully!!!
13:41 sri \o/
13:41 marty \o/
13:48 tba_ joined #mojo
13:54 bluescreen joined #mojo
13:57 mfung joined #mojo
13:58 mfung Good day everyone.
13:59 mfung How to specify TLS key and cert in single http server mode?
14:03 dqw112 joined #mojo
14:07 mfung There is no "--tls_key key.pem --tls_cert cert.pem" options for ./scripts/myapp daemon :(
14:08 mfung googled for an hour with no clue.
14:09 gryphon joined #mojo
14:10 dod joined #mojo
14:11 mfung although $daemon->listen(['https://*:3000?cert​=/x/server.crt&key=/y/server.key']);  But I can't find access to  Mojo::Server::Daemon of my app. Any hints?
14:14 basiliscos Hello. I can't find, how it is possible to get an IP-address of the host, from which the request has been performed
14:14 batman script/myapp daemon --listen https://*:3000?cert=/x/ser​ver.crt&key=/y/server.key ?
14:14 batman ^ mfung
14:15 good_news_everyone joined #mojo
14:15 good_news_everyone [mojo] kraih pushed 1 new commit to master: http://git.io/tib0Wg
14:15 good_news_everyone mojo/master 113649b Sebastian Riedel: link to supported listen locations
14:15 good_news_everyone left #mojo
14:15 batman basiliscos: $c->tx->remote_address; # https://metacpan.org/pod/Mojo::Transaction
14:16 basiliscos batman: Ah, thanks! I have looked it in Request... and in Headers
14:22 mfung many thanks batman ! If only the doc is more specific.
14:24 mfung Would save newbie time if written in the daemon help output.
14:26 sri http://mojolicio.us/perldoc/Mojoliciou​s/Guides/Cookbook#Built-in_web_server
14:27 mfung Mojolicious is really great tool. Would be good if doc more newbie friendly.
14:30 mfung Hello sri, get the idea first hand from doc at "http://mojolicio.us/perldoc/Mojoliciou​s/Guides/Cookbook#Built-in_web_server" ?  Probably need a genius like you.
14:31 sri perhaps language barrier might be an issue too
14:32 mfung Possible. I am not a native english speaker.
14:33 mfung And I am used to read examples like in the help output.
14:34 mfung "--tls-key yourkey.pem" , things like that.
14:37 kanishka joined #mojo
14:38 sh4 joined #mojo
14:56 dqw112 joined #mojo
14:58 highflying joined #mojo
15:10 asarch joined #mojo
15:12 denisboyun joined #mojo
15:16 cfedde Does anyone have thoughts they can share on adding security to a REST API?  Are there any best practices to consider?
15:19 denisboyun joined #mojo
15:20 cfedde ssl and basic auth don't seem like enough.
15:36 cfedde joined #mojo
15:40 bpmedley_ joined #mojo
15:42 denis_boyun joined #mojo
15:51 asarch joined #mojo
15:53 beyondcreed joined #mojo
16:13 asarch joined #mojo
16:14 dod joined #mojo
16:26 fhelmber_ joined #mojo
16:32 d4rkie joined #mojo
16:33 lizzin joined #mojo
16:39 fhelmbe__ joined #mojo
16:46 d4rkie joined #mojo
17:11 dvinciguerra joined #mojo
17:13 jzawodn if, due to installation constraints, I have to have my templates dir in a non-standard place, how to I tell mojo about that?
17:14 sri http://mojolicio.us/perldoc/Mojolicious#renderer
17:15 beyondcreed joined #mojo
17:16 sri http://mojolicio.us/perldoc/Mojolicious/Guides​/Cookbook#Making_your_application_installable
17:18 jzawodn ah ha!
17:31 jzawodn woot!  all working now
17:47 rem_lex|pivo joined #mojo
18:02 batman ubic <3
18:02 fontardion joined #mojo
18:03 batman just released toadfarm with Ubic::Service::Toadfarm
18:05 batman https://metacpan.org/pod/release/JHTHORSEN/​Toadfarm-0.15/lib/Ubic/Service/Toadfarm.pm
18:15 inokenty joined #mojo
18:24 dotandimet joined #mojo
18:24 sri haha, a happy accident just made me implement cursor support for aggregation in mango :) https://github.com/kraih/mango/commit/9​d558882c92b35f9126ab683dc276a3a135f3b3e
18:25 sri mongodb 2.4 wouldn't install on mavericks... so i installed 2.5.3 and got to play with new dev features
18:28 marty sri: that is sweet.   sri++
18:35 sri still wonder if it should be a separate cursor class, since you can't do stuff like ->count
18:35 sri fun fact, the aggregation explain feature now also works, since i'm merging in all extra arguments
18:45 dod joined #mojo
19:02 punter joined #mojo
19:04 basiliscos joined #mojo
19:08 mire_ joined #mojo
19:15 Mike-PerlRecruiter_ joined #mojo
19:20 odc joined #mojo
19:27 fhelmber_ joined #mojo
19:39 KindTwo joined #mojo
19:45 dotandimet joined #mojo
19:47 fhelmber_ joined #mojo
19:48 nic left #mojo
19:50 fhelmber_ joined #mojo
19:53 lizzin joined #mojo
19:53 bc547 joined #mojo
19:53 fhelmber_ joined #mojo
19:54 jberger_ joined #mojo
19:55 jberger_ garu: around?
20:07 markus joined #mojo
20:07 markus Hello!
20:09 markus can someone explain me, whats the best way to run my application in a existing perl programm? The webinterface should run parallel to the original application
20:09 markus at the moment I start my application with Mojolicious::Commands->start_app("YAFProto", "daemon", "-l", "http://*:8080");
20:10 markus the problem is, that the original application doesn't nswer after i start this
20:20 denis_boyun_ joined #mojo
20:26 fhelmber_ joined #mojo
20:27 phillipadsmith So, just to clarify, there *is* or _is not_ way to get debug level logging if MOJO_MODE='production' ? I've been trying MOJO_MODE='production' MOJO_LOG_LEVEL='debug' … but I'm only seeing [info] messages
20:37 batman mojo won't read MOJO_LOG_LEVEL when MOJO_MODE != 'development'
20:42 markus joined #mojo
20:44 fhelmbe__ joined #mojo
20:54 dvinciguerra joined #mojo
20:56 sri and collections are now also supported for aggregation https://github.com/kraih/mango/commit/b​d26312862b1c49259dac2b571b3af393fbb5b9d
21:10 gtodd joined #mojo
21:11 sri think mango is mostly 2.6 ready now, the insert/update/delete changes should be trivial and mostly just result in the removal of low level code that's no longer required
21:19 martin joined #mojo
21:21 martin is there a way in a template to access the is_user_authenticated() method from Mojolicious::Plugin::Authentication ?  rather than put anything extra into the stash ?  I saw some slides somewhere that mentioned you could access "app" directly from an .ep template, but no examples
21:21 martin I'd like to have a boilerplate layout with menus which appear if you're logged in, and don't if not.
21:35 zackiv31 joined #mojo
21:40 jberger_ martin it is a helper, so it is available I'm the template in the usual helper style
21:44 * sri releases mango 0.17
21:46 powerman left #mojo
21:46 powerman joined #mojo
21:51 gryphon joined #mojo
21:52 jberger_ sri++
21:57 bpmedley phillipadsmith: $self->log->level("debug")
22:00 marty joined #mojo
22:01 bpmedley cfedde: Did you decide on a design?
22:01 cfedde on that redirect thing?
22:01 cfedde or on the REST Security thing?
22:02 bpmedley The REST api thing.
22:02 cfedde I've been reading the OAUTH stuff.
22:02 bpmedley You could role your own.
22:03 cfedde I'm in the camp of not wanting to invent something that will get me laughed at when the cool kids take notice.
22:03 cfedde one approach would be to just use say github public keys.
22:04 cfedde or even real self signed certs.
22:04 bpmedley Some services just generate a private key and say don't share this.
22:05 cfedde yeah.
22:05 cfedde there is strong auth of clients in https.  It's just not used much.
22:06 cfedde authn anyway  authz is another ball of wax
22:24 bpmedley cfedde: What you could do is used public and private keys.
22:24 bpmedley *use
22:27 cfedde I like leveraging the standard.  Using real certs is starting to look more attractve.  Of course this means that I'll be using a webserver in front of the mojo app.  It appears that hypnotoad does not support https directly.
22:28 bpmedley cfedde: You could give your users a string like `MCIwDQYJKoZIhvcNAQEBBQADE​QAwDgIHAMa2ZsnMuQIDAQAB`.  That is their personal key.  You then store their private key in the db.  When you get a request, then encrypt something with their key.  If you can decrypt with the private, then it's gold.
22:29 cfedde bpmedley: that means decorating the request/response with extra payload to do this work.
22:29 cfedde not a bad idea.  And most people seem to have done things like that.
22:29 bpmedley Yes, it's common.  You could use an extra header.  Which mechanim requires no extra payload?
22:30 cfedde no application layer payload.  true.  Also most of the client environments support that kind of approach.
22:31 cfedde there seems to be no standard.  And that bothers me. :-)
22:31 cfedde ad hoc security is not.
22:31 cfedde secure that is.
22:31 bpmedley OAuth is too complicated to be widespread.
22:31 cfedde yeah,
22:32 bpmedley I was thinking of making keys with something like: $ openssl genrsa -out private.key 48.
22:32 cfedde sure. I could use ssh-keygen to create them too.
22:33 cfedde in either case I'd have lots of infrastructure to support key handling.
22:33 bpmedley I'm not sure.  I think openssl people suggest using the openssl tools.  I'm not sure if ssh-keygen toolchain would work.
22:33 cfedde openssl if Im going to be using client certs.
22:34 cfedde if I'm going to be using an X-My-Silly-Auth: header then it's up to me.
22:34 bpmedley Hrmm.  I'm just talking about rsa encryption.  Not related to https.
22:34 cfedde sure.  both openssl and ssh support key exchange.
22:35 cfedde and I need somethign that is easy enough for web client designers to use.
22:36 bpmedley Your urls could be: //domain.com/MCIwDQYJKoZIhvcNAQEBBQADEQAw​DgIHAMa2ZsnMuQIDAQAB/v1/get/widget/12345
22:36 cfedde a bit of JS code that implements a timeout, replay and third party attacks.
22:36 cfedde bpmedley: sure.
22:37 cfedde s/attacks/attack protection/
22:38 cfedde i've not seen too many people make use of the http digest authentication scheme.
22:39 bpmedley Neither have I.
22:39 cfedde I'm not sure mojo supports it.
22:40 cfedde basic auth is pretty safe inside the ssl wraper.
22:40 cfedde maybe I'll just do that.
22:40 martin joined #mojo
22:41 cfedde The requirement passed from the "Security team" is no clear text passwords.
22:41 cfedde But many of the implementations I've seen use password equivelents.
22:45 sri https and two-legged oauth
22:48 * cfedde googles
22:51 martin_ joined #mojo
22:52 phillipadsmith bpmedley: but then I've got it set *in* the app vs. in a environmental variable… not as easy to turn on/off that way
22:53 bpmedley phillipadsmith: You could always cue the logic off of an env var.
22:53 bpmedley sri: What's your opinion on the two-legged oauth v.s. a single set of public/private keys?
22:54 phillipadsmith bpmedley: just make one up? Hmmm...
22:54 sri bpmedley: don't reinvent shit unless you're serious about it
22:54 bpmedley Reinvent?  It uses openssl toolchain.
22:56 sri that's still reinventing a security protocol
22:58 cfedde which is most of what I want to avoid.
22:59 sri just get the oauth2 book and be done with it
22:59 bpmedley It's just an application of public and private keys.  What is reinvinted?
23:00 sri sorry, i'm not interested in a discussion, you asked for my opinion and got it
23:00 bpmedley No issues.  Understood.
23:01 cfedde everyone who does it will naturaly come up with a different set of details.  Maybe they are using secure keys and the rest but they may make some mistake in implementation that has a flaw.
23:02 lizzin joined #mojo
23:03 bpmedley cfedde: Like you said, doesn't seem to be an easy standard that can be implemented in an hour of coding.
23:05 cfedde And assuming that some lazy dilettante programmer like me could craft something as good as oauth in a couple hours is also problematic.
23:09 bjoernfan joined #mojo
23:10 bpmedley marcus: Did you ever get an answer?
23:49 dotandimet joined #mojo
23:58 lizzin joined #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary