The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2014-08-27

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:19 sujithm joined #mojo
00:33 d4rkie joined #mojo
00:53 d4rkie joined #mojo
01:05 laouji joined #mojo
01:09 Averna joined #mojo
01:30 davido___ joined #mojo
01:31 klapperl joined #mojo
01:31 davido___ joined #mojo
01:32 davido__ joined #mojo
01:34 lipizzan joined #mojo
01:37 woz joined #mojo
02:00 sri hmm, i think that convos shows the actual number of unread messages really annoys me
02:01 sri it's really obtrusive, i like it more when there's only a hint at new messages, like the channel name changing color
02:02 sri and then in the channel a dotted line that shows you where the new messages start
02:05 d4rkie_ joined #mojo
02:06 sri might also be the red color... that keep tripping me up and think there were mentions of my name
02:33 woz joined #mojo
02:37 noganex joined #mojo
02:48 woz joined #mojo
03:00 davido_ joined #mojo
03:18 woz joined #mojo
04:23 woz joined #mojo
04:28 irq joined #mojo
04:41 d4rkie joined #mojo
04:47 zivester joined #mojo
05:25 woz joined #mojo
06:11 preaction joined #mojo
06:22 mr-foobar joined #mojo
06:26 woz joined #mojo
06:26 Vandal joined #mojo
06:33 marcus sri: I also think it's the red color. It's way to aggresive for 'there was some traffic in a channel'.
06:33 marcus I think we should start by just graying that out, and then bring it back when we can track mentions separately.
06:34 laouji joined #mojo
06:42 KCL_ joined #mojo
06:46 trone joined #mojo
06:47 preaction joined #mojo
06:50 Dandre joined #mojo
06:59 batman yeah, i'm on that.
06:59 batman but i like to know to see how many unread messages there is.
07:03 trone joined #mojo
07:14 rawler joined #mojo
07:23 dod joined #mojo
07:27 woz joined #mojo
07:48 neyasov_ joined #mojo
07:52 dotan left #mojo
07:56 dotan_ joined #mojo
08:01 basiliscos joined #mojo
08:02 irq joined #mojo
08:03 dotan joined #mojo
08:04 dp_ joined #mojo
08:28 woz joined #mojo
08:30 Jonis but for an active IRC channel the amount of unread messages is going to be _really_ annoying
08:34 marcus Jonis: it cuts off at 999+ now
08:34 marcus We might actually consider cutting off at 99+ instead
08:40 edestler joined #mojo
08:54 ilbot2 joined #mojo
08:54 Topic for #mojo is now ūüźĮ hear me roar | http://mojolicio.us | http://irclog.perlgeek.de/mojo/today
08:54 Lee joined #mojo
08:54 nic joined #mojo
08:55 lb joined #mojo
08:55 jojo joined #mojo
08:57 dp_ joined #mojo
08:58 genio joined #mojo
08:58 da5id joined #mojo
08:59 batman i don't get why it's annoying to see how many messages that you haven't seen :/
08:59 batman i do get that it should only be read if someone has spoken to you.
08:59 batman s!read!red!
09:00 fhelmber_ joined #mojo
09:02 marcus batman: a lot of people have badge anxiety. Like, if your phone has a lot of apps with red badges on it.
09:07 batman Oh. I got "did i miss anything" anxiety, so I would need to change between channels all the time if didn't have the count
09:07 batman But I do agree on making it grey.
09:08 batman marcus: sounds like we need more user settings
09:08 batman "disable badges" and "disable embed expand"...
09:08 marcus batman: this seems like a bad thing to make an user setting.
09:09 marcus batman: let's start by making them gray, I think that will really help
09:09 batman I agree. I don't like settings...
09:09 batman Settings anxiety..? :)
09:16 sujithm joined #mojo
09:29 woz joined #mojo
09:42 basiliscos joined #mojo
09:47 arthas joined #mojo
09:57 dotan I want to submit mojolicio.us to http://beautifulopen.com/ . Should I wait to take a screenshot on a Mac? Should I just wait? sri?
10:20 ryozi joined #mojo
10:31 woz joined #mojo
10:37 neilhwatson joined #mojo
11:09 ghandi|work joined #mojo
11:33 _eugen joined #mojo
11:33 Kripton joined #mojo
11:35 woz joined #mojo
11:47 sujithm joined #mojo
11:52 d4rkie joined #mojo
12:11 Averna joined #mojo
12:37 woz joined #mojo
12:38 sh4 joined #mojo
12:42 lipizzan joined #mojo
12:43 sri yes, take the screenshot on a mac
12:47 nic I like that in chatzilla the channel name goes from black to green if there's been activity in the channel since I last looked
12:54 howitdo joined #mojo
12:58 batman nic: is this that convos feeback..?
12:59 batman s/this//
12:59 nic just in case it was relevant to your thoughts on convos
13:03 batman not for me. i don't have badge anxiety... marcus will have to give a killer vote for this to be any different than changing badge color from red to grey, and maybe modifying the max number of messages to show...
13:03 batman thanks anyway. any feedback is educational, so i appreciate it :)
13:07 Dandre joined #mojo
13:09 zivester joined #mojo
13:12 basiliscos joined #mojo
13:13 ver joined #mojo
13:19 zivester joined #mojo
13:30 sri marcus: yea, badge anxiety describes it very well
13:31 batman maybe we could remove the badge, and just have the text in light grey...
13:32 sri try changing colors first
13:33 sri cap at 99 sounds sensible too... who would want to know they have 999 messages to catch up on?
13:33 batman http://home.thorsen.pm/private/raw/notverysecret/convos/minimal-badge.png
13:33 batman and then make it red if you have a mention ^^^
13:35 sri i have 558 messages to catch up on in #perl... and i'm so not gonna do that
13:35 sri oh, 642 in #perl6... nooooope
13:35 rwf joined #mojo
13:41 woz joined #mojo
13:45 basiliscos joined #mojo
14:02 sri left #mojo
14:06 dvinciguerra joined #mojo
14:11 sri joined #mojo
14:12 sri hmm... convos somehow left #mojo :S
14:13 sri i'm almost certain i did not hit "Close chat" by accident
14:25 dotan_ left #mojo
14:34 ekenny joined #mojo
14:42 woz joined #mojo
14:50 nikita joined #mojo
14:56 nikita hm, when i load rss into Mojo::DOM and try to extract text from $dom->at("channel > link") it returns nothing
14:56 nikita is that a bug
14:56 nikita &
14:56 nikita ?
14:56 nikita this test fails: is($dom->at("channel > link")->text, 'http://host.example', 'correct link');
14:56 crab joined #mojo
14:58 cfedde you can demonstrate that $dom contains what you think it contains?
14:58 nikita yup, and found a bug
14:58 dotan nikita: that depends on the specific RSS feed format. Some have text, others have an href attribute
14:58 nikita "<channel> <link>http://host.example/</link> <encoding>UTF-8</encoding> <description>Lorem ipsum dolor sit amet</description> <title>RSS Channel Title</title> <language>ru-ru</language>
14:59 nikita </channel>
14:59 nikita "
14:59 nikita "<channel> <link>http://host.example/ <encoding>UTF-8</encoding> <description>Lorem ipsum dolor sit amet</description> <title>RSS Channel Title</title> <language>ru-ru</language>
14:59 nikita </channel>
14:59 nikita "
14:59 sri STOP!!!
14:59 nikita the first one is input to Mojo::DOM, and the second is its contents
14:59 sri batman: see, this is why i want /kick!!!1
14:59 nikita sri ?
14:59 purl sri is probably A PONIE!!1! and a  or no more a javascript noob or evil or a spelling guerilla or the temporary channelclown or a snob now or the perl guerilla or a small mouse with a big head aiming for world domination or the evil sith or has no clue about fuzzy logic or no longer a real hacker :/ or a copycat or pimp to many children or a holy man or looks a lot like pitr or puny or making Mojolicious delicious
14:59 sri nikita: consider yourself lucky that my irc client doesn't support /kick yet
14:59 dotan nikita: use a paste site, don't put gobs of code in the channel
15:00 nikita ok, sorry
15:00 dotan gist.github.com or something.
15:00 sri what dotan said
15:01 nikita https://gist.github.com/anonymous/8e6da1683690454f6467
15:04 cfedde nikita: paste a complete example that demonstrates the problem.
15:04 cfedde using gist
15:04 sri marcus: i thought you committed /kick support already?
15:09 nikita https://gist.github.com/nikita-d/3add4eb523b6269ac0b8
15:09 nikita is that good?
15:11 nikita i'm using Mojolicious 5.33 btw
15:12 cfedde ideal!
15:12 nikita looks like Mojo::DOM eats closing link tag
15:13 dotan nikita: If you "force XML semantics" by calling $dom->xml(1), it will work.
15:14 dotan But I have no idea why.
15:14 jnbek joined #mojo
15:15 nikita dotan: no, it does not work, see updated gist
15:16 nikita it now fails different way
15:17 dotan nikita: I set it before calling parse() in my oneliner.
15:18 nikita dotan: now it works
15:18 fhelmber_ joined #mojo
15:21 D4RK-PH0ENiX joined #mojo
15:22 nikita shouldn't it work either way?
15:23 nikita i do not see anything xml-specific in this chunk except nonhtml tags
15:23 dotan No. The link element gets treated specially in HTML context.
15:23 GabrielV_ joined #mojo
15:26 nikita dotan: looked at sourse of Mojo::DOM::HTML, link element defined in %EMPTY. Yes, it should not work either way
15:26 dotan Specifically, it's something you stick in the <head> and it doesn't have content, so it can't have a closing tag.
15:26 nikita ok, thanks
15:26 dotan :)
15:28 dotan I wonder if Mojo::DOM::HTML is the one parser that is stricter with HTML than XML ...
15:34 sri dotan: most html parsers can't handle xml at all, and you'd use an entirely different parser
15:35 sri fully spec compliant parsers look somewhat like this, and are way stricter https://github.com/html5lib/html5lib-python/blob/master/html5lib/html5parser.py
15:41 batman sri: we haven't restarted the backend yet (regarding kick)
15:41 sri :O
15:43 sri batman: btw. there seems to be a scrolling problem when a buffer shows a gist preview
15:43 batman you mean the gist preview capture the scroll event?
15:44 sri no, if you switch to a different channel now, and come back to #mojo you end up in the middle of the buffer
15:44 woz joined #mojo
15:44 dotan_ joined #mojo
15:44 batman ah! right
15:45 batman i forget to fix it all the time :(
15:45 batman i will do it now.
15:45 batman don't bother making an issue
15:45 sri i would open an issue but don't know how to describe it
15:45 sri heh ;p
15:45 batman ;)
15:48 lipizzan joined #mojo
15:50 basiliscos joined #mojo
15:52 batman sri: https://github.com/Nordaaker/convos/pull/154
15:53 batman marcus: should we restart the backend or do you have more backend changes in the loop?
16:28 sri batman++
16:28 sri so can't wait for that
16:29 batman sri: i doubt it works like you (anyone) wants it to though...
16:29 batman it's super basic
16:29 batman sri: https://github.com/Nordaaker/convos/issues/149 <-- got any comments on the way i want to style it?
16:29 irq joined #mojo
16:29 batman style = visualize
16:30 sri seems fine
16:32 sri my first thought was "maybe a different color to differentiate it from join/part messages"... but so high up i guess you won't see those in the buffer
16:33 sri i guess it fits the current theme
16:35 batman cool
16:36 batman i'm just waiting for #154, so i can continue working on #149
16:40 sri batman: why won't it work like we want it to?
16:41 batman because it probably forgets the last-read-position too soon :(
16:41 batman or at a point when you don't expect...
16:41 batman but i want to try it out anyway
16:41 sri ah
16:44 sri I WANT TO TRY IT!
16:45 batman :D
16:47 woz joined #mojo
16:48 sri funny thing, if you open a second convos window it does a /names in the first window
16:49 sri i guess the second window does it to get the list of participants, and the first has no idea
16:50 disputin joined #mojo
16:51 rofl_ does the reverse_proxy setting in Mojolicious support multiple XFF entries?
16:51 rofl_ aka client,proxy1,proxy2?
17:07 batman haha. oh you english words... "Sidebar has a flatter design, #146"
17:07 batman s/flatter/more flat/ :)
17:17 disputin joined #mojo
17:26 jnbek joined #mojo
17:31 sri omg red line after reload!
17:31 batman sounds like a bug :/
17:31 batman yeah.
17:31 batman need to fix that...
17:32 batman or maybe not...
17:32 * batman is confused
17:32 sri oh, i didn't mean it as a complaint :o
17:32 sri more like... YAY RED LINE!!1
17:32 sri it actually works pretty much like i hoped
17:33 sri oh wait
17:33 sri when the buffer is too small there are multiple red lines
17:33 sri every time it loads more messages
17:34 batman yeah, i need to add the line -after- the timestamp, not before
17:34 batman *fixing*
17:34 sri i mean everytime it loads more messages from the backlog there's another red line
17:34 sri not just before message 153
17:35 batman can you take a screenshot?
17:36 marcus hehe
17:38 sri batman: http://imgur.com/a/L9Jj8
17:38 sri i can take multiple screenshots... you get the idea
17:38 marcus seems when I scroll back, I get another red line every time it loads more data.
17:38 batman marcus: *duplicate*
17:39 batman sri just mentioned it ;)
17:39 marcus ah yes.
17:39 sri it's awesome when it works though :)
17:39 marcus agree
17:39 batman haha :D
17:40 batman can someone say something?
17:40 sri i guess
17:40 sri i can
17:40 sri something
17:40 batman thanks
17:42 basiliscos joined #mojo
17:42 batman it's so strange :(
17:42 batman i don't see it
17:42 sri it needs to load more data
17:42 batman yeah, i'm scrolling back like a mad scientist :)
17:42 sri you need a high volume channel, like #perl6 on freenode
17:43 marcus it only happens when you already have a red line afaict
17:43 sri then wait until it reaches something like 50 messages
17:43 berov joined #mojo
17:43 sri right
17:43 sri you need more unread messages than fit into one buffer
17:43 batman ah! that is indeed a high volume chat
17:43 batman crazy
17:43 batman is there any like that on irc.perl.org?
17:44 sri #toolchain is at 99+ for me atm
17:44 batman sri: how do you like my "flat" modifications? better or worse?
17:44 sri but otherwise i only have #perl and #perl6 on freenode that are constantly active
17:44 marcus btw, I wonder if it should be a tad more subtle #bikeshedding. Maybe a dotted line?
17:45 * batman is not a fan of dotted lines
17:45 sri didn't notice they are flat, but they don't annoy me anymore, so that's good i guess :)
17:45 batman sri: the sidebar on a big screen..? no shadow crap?
17:45 sri marcus: and maybe make it reach the actual edge of the window </bikeshed>
17:46 sri batman: OOOH
17:46 sri i didn't notice, but i like it :D
17:46 marcus sri: that would probably be a part of the whole making the messages go to the edge and have margin instead of padding.
17:46 sri marcus: i suppose so
17:46 batman sri: close https://github.com/Nordaaker/convos/issues/146 if you like it *a lot* :)
17:47 sri ooh, the badges get red when there are mentions?
17:47 sri AWESOME!
17:47 sri batman++
17:47 batman sri: not if you hit F5. only done in javascript code
17:47 sri ah
17:48 woz joined #mojo
17:49 sri closed #146
17:49 marcus Well, I actually think the javascript bit is a huge improvement in itself.
17:50 sri much easier on the eyes without two layers of shadows
17:50 batman marcus :)
17:51 marcus rofl is too shy to speak up, but he thinks we should discuss convos details in #convos :D
17:51 rofl_ hah
17:51 rofl_ nah, just everytime i check the channel its about convos
17:51 rofl_ and a couple of my mojolicious questions are easily ignored
17:51 rofl_ ;)
17:51 sri this is #convos now
17:53 marcus rofl_: rest assured, it's not because we don't like you.
17:53 batman ah! now i get it... it adds the red line too soon
17:53 marcus it's because your questions are dumb. :D
17:53 rofl_ marcus: so you like me but you think im dumb
17:53 batman rofl_: and he's joking ^
17:53 rofl_ how kind
17:53 rofl_ :D
17:53 marcus j/k <3
17:53 sri rofl_: you might want to define "support"
17:53 batman marcus: is a lovable guy. i know. i've been embraced by his loving arms many times.
17:53 batman s/://
17:54 marcus batman: rofl works for startsiden, so he knows me rather well.
17:54 sri lol
17:54 rofl_ good guy marcus
17:54 sri i mean
17:54 sri rofl
17:54 rofl_ no worries
17:54 batman marcus: ah. i tend to forget :/
17:54 batman sri++ # hehe
17:54 sri batman: should we be worried?
17:55 batman about marcus' loving arms..?
17:55 sri you tend to forget a lot!
17:56 batman ah. yeah... or... no, don't be worried, just remember it --- i'm doomed
17:56 sri allright then
17:56 marcus Too meta for me
17:57 rofl_ marcus "loving" hands and batman being doomed
17:57 rofl_ this is meta
17:57 sri <3 red lines
17:57 batman marcus: please go crazy on the styling of the red line, but i'm pretty sure i don't want anything that is dotted...
17:57 batman rofl_: haha
17:57 marcus think red lines.
17:57 marcus thin
17:58 batman i actually didn't know how much i had missed the red line...
17:58 batman ALL THIS TIME!!!!
17:58 sri i think a more thin line needs to reach the edge to work well
17:58 batman red_line++
17:58 batman sri: the issue is padding on .row instead of ... something else :/
17:58 batman not sure what "something else" is
17:59 sri i thought marcus had a proof of concept
17:59 rofl_ marcus: we made a Hypnotoad server_class to FCGI::Engine :)
17:59 marcus batman: yeah, it needs margin on the float left.
17:59 marcus rofl_: sounds like an abomination..
17:59 batman how does that solve anything? do you mean .row { margin: x} ?
17:59 rofl_ marcus: hell yeah!
17:59 purl Woooo!
18:00 marcus rofl: margin-right on the timestamp
18:00 marcus batman even
18:00 rofl_ ill give you a margin-right on your timestamp
18:00 batman i don't get it. can you make a branch?
18:00 rofl_ bite my shiny metal ass
18:00 batman i need to hang up my clothes... *brb* (not sure what the english word is)
18:00 marcus batman: yeah I can. I just had some trouble regenerating the css when I tried earlier.
18:00 marcus shouldn't that happen automatically in dev?
18:01 marcus btw I managed this neat trick by writing a message and tabbing away: https://www.evernote.com/shard/s22/sh/92ab00f9-0005-4134-b81c-124c4eb87df4/036927c19193832766f29655bf064b7c/deep/0/Nordaaker-demo----p5p-on-perlorg---oh-hai!.png
18:01 marcus which is probably why you get badges on channels you've just written something in and switched away as well.
18:02 sri batman: sooo this just happened ;p http://i.imgur.com/zS6KYJg.png
18:02 cpan_mojo Mojolicious-Plugin-AttributeMaker 0.01 by HAMMER - http://metacpan.org/release/HAMMER/Mojolicious-Plugin-AttributeMaker-0.01
18:03 sri marcus: looks nice
18:04 * batman fear the dotted red line
18:04 batman the only dots i like is probably 1px dotted #ddd;
18:06 marcus batman: that's 2px dotted #FAA
18:06 batman i don't like anything more than 1px because it looks messed up in different browsers
18:07 marcus oh fuck did brew upgrade and my vim segfaults again. Atom it is I guess.
18:07 batman sri: that screenshot happened when you scrolled back?
18:08 sri yea, it was one new message over the buffer limit i suppose
18:08 batman thanks
18:08 * batman is working on it...
18:08 sri not a new bug, just the old bug showing in a funny way
18:08 batman :)
18:08 marcus making a branch for the margins
18:09 batman marcus: remember to test the setting pages and one narrow/wide screens
18:09 marcus will do
18:10 * batman will too :)
18:12 marcus batman: so how do I force sass to recompile?
18:12 batman can't you just use bash script/test-convos-frontend.sh ?
18:13 marcus I can, I forgot that existed.
18:14 jamesaxl joined #mojo
18:17 cpan_mojo Mojolicious-Plugin-AttributeMaker 0.02 by HAMMER - http://metacpan.org/release/HAMMER/Mojolicious-Plugin-AttributeMaker-0.02
18:23 berov HAMMER could use Mojo::Loader instead of Module::Find I think. I would try to use Mojo features before recurring to other dependencies
18:23 batman this is super annoying. i don't get the red line bug :)
18:23 batman s/:\)/:(/
18:24 rofl_ Red line problem #mojo
18:25 marcus rofl_: are you struggling to find the thin red line?
18:25 rofl_ locating red tape
18:26 sri batman: just join a high activity channel and wait for 31+ messages
18:26 sri 30 is the buffer limit?
18:26 batman yes
18:27 sri yea, then that's how you trigger it
18:27 batman should i be inside that channel or in another channel?
18:27 sri another
18:27 sri you wait until the badge hits 31
18:27 batman ok
18:30 batman sri: do you know of the shift+enter shortcut?
18:31 sri i did not
18:32 batman go_to_anything++
18:33 batman marcus: i think we need to inform about shift+enter when people start convos the first time
18:33 batman or at least tell about it in some obvious way
18:35 sri hmm, shift+enter and then arrow up/down would be nice too for lazy channel switching
18:37 sri anyway, don't get distracted! red dotted line is the most important feature ever!
18:37 rofl_ marcus: seriously, no SaaS which would kickass slack?
18:42 KCL joined #mojo
18:43 doby can we get 7 red lines, all perpendicular?
18:44 mikegrb yes
18:44 doby and a kitten?
18:44 purl kitten has a karma of 212893
18:44 mikegrb but some of them have to be blue
18:45 rofl_ ship it
18:45 batman sri: https://github.com/Nordaaker/convos/issues/107
18:45 sri :D
18:46 batman for now, you need to use tab/shift+tab like for any other focus behavior in the browser
18:46 sri i get the impression some of you are not taking this seriously
18:46 sri *serious face*
18:47 batman now i have to do the dishes...
18:48 sri life is unfair
18:48 marcus sri-bane
18:49 batman but.. i guess the bug happens when convos.chat.js sends last-read-time=$timestamp back to the server...
18:49 batman https://github.com/Nordaaker/convos/blob/master/lib/Convos/Controller/Client.pm#L75
18:49 batman https://github.com/Nordaaker/convos/blob/master/templates/client/conversation.html.ep
18:49 marcus batman: did you look at my branch? I tested by making the browser narrower.
18:49 batman https://github.com/Nordaaker/convos/blob/master/templates/event/message.html.ep
18:50 batman marcus: haven't had time :(
18:50 batman too many dishes, socks and red lines
18:50 batman i really hate socks.
18:50 marcus socks proxies?
18:50 marcus Or unpaired socks?
18:50 woz joined #mojo
18:51 batman i wish the scientist could stop worrying about electric cars, cure for cancer and fusion energy. just get me some machine that can clean and dry my socks
18:51 batman or just invent socks that never need to be washed
18:51 marcus batman: Just cut off your feet. Problem solved.
18:51 batman i think i will have other problems then...
18:52 marcus Always with the negativity.
18:52 batman can you have a peak on the three files i posted?
18:53 sri sri-bane says, calm down batman, now is not the time for negativity, that comes later.
18:53 batman i don't get why https://github.com/Nordaaker/convos/blob/master/templates/event/message.html.ep#L4 happens
18:53 batman hehe
18:53 batman now is the time for red line
18:54 sri now i really need an avatar with a bane mask
18:55 marcus batman: looking .
18:59 doby http://www.redbubble.com/people/carldeaves/works/10598330-tyrannosaurus-bane?p=sticker
19:01 marcus doby: that *is* sri.
19:02 doby :)
19:09 disputin joined #mojo
19:11 batman "Zero downtime software upgrade failed."
19:11 batman so next time, it will be a backend restart as well for demo.convos.by
19:12 batman it's almost like i can only restart convos x times...
19:12 jhthorsen joined #mojo
19:14 batman could be a toadfarm bug or even convos
19:20 marcus batman: Maybe it's out of memory?
19:21 marcus batman: and unable to start another instance until the old one is dead...
19:21 batman marcus: i don't think so, but i could be wrong
19:21 marcus batman: well, it def. means that the new app dies as soon as it's started
19:22 batman i guess so
19:22 marcus (it's emitted from hypnotoad)
19:23 batman yeah, i know
19:25 disputin joined #mojo
19:29 batman yeah, i understand the multi redline now i think
19:29 batman unittesting to the rescue :)
19:38 batman https://github.com/Nordaaker/convos/pull/156 # got failing test
19:38 batman now i need to relax
19:38 batman too tired :/
19:39 batman sri: i'm actually not going to join freenode before i fix https://github.com/Nordaaker/convos/issues/121 :-)
19:40 basiliscos joined #mojo
19:40 GabrielVieira joined #mojo
19:41 batman jberger: https://metacpan.org/source/JBERGER/Mojolicious-Command-nopaste-0.03/lib/Mojolicious/Command/nopaste/Service planning gist support?
19:41 batman anyone got input on this one: https://github.com/Nordaaker/convos/issues/90 ?
19:45 preaction joined #mojo
19:51 woz joined #mojo
20:13 nicomen is the setting of remote_address based on X-Forwarded-For really implemented correctly in mojo?
20:13 nicomen the regexp seems to simply pick out the last address, instead of the first client address
20:17 marcus nicomen: did you look at the unit test?
20:24 marcus nicomen: https://github.com/kraih/mojo/blob/master/t/mojolicious/lite_app.t#L758 seems to indicate that it doesn't pick the last.
20:31 preaction i've got something weird going on in my app that uses Mojolicious: doing 'require Mojolicious' seems to remove any "-h" or "--help" in @ARGV
20:34 preaction oh. i see. because GetOptions is called no matter what
20:35 preaction via Mojolicious::Commands, which Mojolicious pulls in
20:35 woz joined #mojo
20:50 nicomen marcus: yes
20:51 sri preaction: patches welcome if you have a better solution
20:52 nicomen marcus: or, not the lite one actually
20:52 sri preaction: problematic case is "mojo eval -m production -v 'app->mode'"
20:52 preaction sri: thanks, i'll try to poke around if i can. i've got a few workarounds i can do in my own stuff to prevent this, and for some odd reason i decided to choose the worst one because i don't want to break out the mojo app into its own module file
20:53 preaction if i made it into its own file, and required it, it would be required only _after_ i've done all the @ARGV stuff i need to
20:53 nicomen marcus: this is sooo werid
20:54 sri basically, things get tricky because MOJO_MODE and MOJO_HOME need to be set before the app gets instatiated
20:54 preaction ahh, right
20:54 sri left #mojo
20:54 sri joined #mojo
20:55 preaction HOME to find the modules and files and such, but why MODE? set up logging early? i'll poke around either way
20:55 sri batman: and that was me accidentally clicking on "Close chat"!!!1
20:55 preaction config
20:55 preaction MODE to load the right config file?
20:55 sri yes, and set log file and stuff
20:56 marcus nicomen: What is weird?
20:56 purl i heard weird was When the going gets tough, the weird turn pro. or http://www.sloshspot.com/photos/blog/full/photo_1230743892.png
20:56 sri preaction: basically anything in startup... which gets called by new
20:58 sri batman: did you downgrade? i see 1xx badges again
20:59 sri #perl6 [117]
20:59 sri lol
20:59 marcus batman: he kept the javascript increase on purpose.
21:00 marcus sri even
21:00 sri i just reloaded, it changed to 99+, and then 100
21:00 sri oh
21:00 marcus so that you could see things are happening in real time.
21:00 marcus I'm not sure about that tho, it seems a bit wonky
21:01 nicomen marcus: https://github.com/kraih/mojo/blob/master/t/mojolicious/lite_app.t#L739
21:01 marcus s/seems/feels/
21:01 nicomen (that's the test, and it expects the last address?
21:02 mishantil What kind of flags do you guys compile perl with when installing through perlbrew?
21:02 preaction most of the time, none
21:03 mishantil preaction: Really? And that works out fine?
21:03 preaction once in a while i have to drag out the 32-bit-only flags, and that's always a paina
21:03 mishantil Ah. I see.
21:03 preaction yeah, pretty much
21:03 preaction sometimes threads, but not usually
21:04 mishantil How about 64bit, largefiles and those?
21:04 preaction never had to set any of them. the defaults for my OS usually work fine
21:06 mishantil So perlbrew has some defaults stashed away somewhere? *keeps looking*
21:06 marcus nicomen: hmm, seems you're right. sri, it probably should pick the first ip (the actual client) rather than the last one if there's multiple ones?
21:07 mishantil At least getting 64bit support compiled in could be useful.
21:07 preaction mishantil: no, perl's OS detection sets sane defaults for your OS
21:07 sri marcus: no, we've talked about this like a dozen times
21:07 preaction mishantil: 64bit support _is_ in by default, it's only some other esoteric 64-bit things that are not
21:07 sri think about how XFF works, and the security implications
21:07 mishantil preaction: Ah. Figures. *facepalm* Thanks for the input. :)
21:07 preaction as i mentioned, if you want actual 32-bit binaries, you have to work for it
21:08 preaction (or be on a box with only a 32-bit OS)
21:09 mishantil marcus: mojo does the right thing with client addresses. XFF works just perfect.
21:09 mishantil Or at least we have not been able to trip it up. Yet.
21:09 marcus mishantil: it works just perfect for me, because I don't have a chain of proxies.
21:09 * sri waits for the facepalm from marcus
21:09 nicomen marcus: what I find weird, is how this has been working for people for so long
21:10 marcus nicomen: I never see      X-Forwarded-For: client, proxy1, proxy2  - I just set X-Fowarded-For: client in my frontend.
21:10 mishantil marcus: We have proxies chained.
21:11 nicomen marcus: varnish + nginx => mojo is quite common, you would end up with "client, proxy1" and the proxy1 ip as the remote_address
21:11 mishantil What is most common is people mess up the xff-setup in the proxies / stops along the way. Pound, varnish etc.
21:11 nicomen (also, I think proper XFF modules allow you to set which proxy you actually trust, so that you don't end up trusting XFF fields set directly from a client)
21:12 sri and i'm out, not going down that road with nicomen
21:12 marcus sri: I don't see the facepalm. If you trust your frontend to set X-Forwarded-For (with the ENV), you should probably trust it to get http://en.wikipedia.org/wiki/X-Forwarded-For right?
21:12 mishantil nicomen: we make sure that the webserver (mojo in our case) is unreachable to the world, and do trust-management in the layers before it. Works great
21:14 nicomen sri: I'm not interested in starting a fight. This is just behaviour I'm not familiar with (and it is not convinient either), so I just wanted to make sure I wasn't doing something wrong, and perhaps warn about it being wrong
21:15 sri nicomen: discuss it with marcus, if you two reach consensus please make a formal proposal
21:16 nicomen sri: sure
21:17 sri but i want the security aspect 100% covered, if there is any chance of a new attack vector i will veto
21:17 marcus I frankly don't care so much. I think you could always just set/forward the header without the chain to your app server.
21:17 nicomen mishantil: right, that's kind of what we do now, we will set the real ip directly
21:17 nicomen marcus: ^
21:19 marcus sri: I don't see how there's a new security issue by choosing the first as speced. Either you trust X-F-F or you don't.
21:21 marcus but then again, I don't really care much. nicomen: Either setting it directly or just setting the client in x-f-f should be fine.
21:21 marcus the other information isn't really useful to the app server.
21:21 nicomen but how is last safer?
21:21 sri marcus: BOOM! your servers have been owned
21:21 marcus I don't understand either.
21:21 nicomen I would understanf if one said, it has to only be one address
21:22 marcus sri: all your security is belong to us?
21:23 marcus http://search.cpan.org/~gbarr/Plack-Middleware-XForwardedFor-0.103060/lib/Plack/Middleware/XForwardedFor.pm the plack middleware uses the first address.
21:24 sri marcus: i'm critisizing that you've certainly not checked how the most common reverse proxy servers and appliances handle XFF
21:25 sri marcus: the gbarr is crazy
21:25 sri *then
21:26 sri miyagawa knows better https://metacpan.org/pod/Plack::Middleware::ReverseProxy
21:29 sri to end this madness... https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-CloudFlare-handle-HTTP-Request-headers-
21:29 sri read carefully
21:30 marcus sri: Thanks for the enlightenment - I also found https://www.varnish-cache.org/trac/browser/bin/varnishd/default.vcl?rev=3.0#L44 interesting.
21:32 sri sorry for being a bit grumpy... but this discussion happened before... a few times
21:33 sri all i read now is "can we add this vulnerability to mojo"
21:33 sri but maybe if i yell folks will remember it better :)
21:34 sri nicomen: consider yourself yelled at ;p
21:35 sri should this rfc go mainstream we need to remember again http://tools.ietf.org/html/rfc7239
21:36 woz joined #mojo
21:37 nicomen marcus: that's correct. that's why you would only trust anything up the chain that you know about, everything else is untrusted
21:37 marcus nicomen: Seems to me using the last one is always the best alternative now, after careful rereading.
21:38 nicomen if it's only one adress, it should not be the first one, and you should also say that the request has to come from a trusted source somewhere to match with the real remote_address
21:38 nicomen marcus: just blindly using the last one is bad
21:38 marcus Even wikipedia states 'The last IP address is always the IP address that connects to the last proxy, which means it is the most reliable source of information. X-Forwarded-For data can be used in a forward or reverse proxy scenario.'
21:38 nicomen that's why you need to match it against one or more trusted adresses
21:39 marcus nicomen: I think sri has given rather convincing evidence that what you're saying isn't right.
21:39 preaction joined #mojo
21:39 nicomen miyagawa is right, and agrees with me ;)
21:40 marcus No, miayaga uses the last one in his plack module.
21:40 nicomen http://search.cpan.org/~gbarr/Plack-Middleware-XForwardedFor-0.103060/lib/Plack/Middleware/XForwardedFor.pm
21:40 nicomen bah
21:40 marcus nicomen: that's gbarr, we just discussed that.
21:40 nicomen If not spcified then all addressed are trusted and REMOTE_ADDR will be set to the first IP in the X-Forwarded-For header.
21:40 nicomen ah
21:40 marcus please try to keep up ;)
21:43 nicomen so, myagawa is breaking the whole chain like mojo, which of the URLs state that this is good?
21:43 marcus The cloudflare article for one.
21:44 nicomen also, I'm not saying you should use the first, I'm saying you should use the first untrusted as the remote_address
21:44 marcus nicomen: with default configurations of real world software, that will leave many mojo apps open to attack.
21:45 neilhwatson joined #mojo
21:45 nicomen the clouflare article is correct too
21:45 nicomen marcus: how?
21:45 nicomen first untrusted is the only real way to go
21:46 marcus nicomen: because if you put varnish or cloudflare in front, they will trust whatever the client sends in, and append their knowledge of the client at the end.
21:46 marcus nicomen: there's no way mojo can know what the first untrusted is tho
21:46 nicomen not automatically no
21:46 nicomen just like now
21:47 nicomen if I turn on proxy support now, but there is no proxy in front, bam! same issue
21:47 nicomen so I would only allow it to work if you list the allowed ip's
21:47 marcus nicomen: the point is, choosing the last one won't put you in trouble if you have a proxy in front, but choosing the first one is likely to be a security vector.
21:47 nicomen allowed=trusted
21:48 nicomen marcus: last one and first one is the same if I set X-Forwarded-For to an unproxied server
21:48 marcus if you turn on proxy support without having a proxy in front, you seem to have brought it upon yourself...
21:48 nicomen but it's possible now, it's even less of a hole to have to explicitly say which servers you trust
21:50 nicomen ok, at least I know that it is the intended feature
21:51 marcus nicomen: Well, I do think picking the last one is better than picking the first one, which was the original discussion.
21:51 marcus nicomen: I guess if you require some more advanced functionality you could either submit a pull request for dicussion, or make a plugin.
21:54 * sri just realized that we might have a problem though, we do not preserve the actual remote_address anywhere if reverse proxy support is activated
21:57 sri a separate method to remote_address would have been better
21:58 marcus sri: why would you care what the ip of your proxy is tho?
22:01 mishantil marcus: when you have several proxies horizontally, and you see requests acting up it is _very_ useful seeing the whole chain.
22:02 mishantil marcus: in case it is a wonky config in a proxy, eg. something messing with headers it shouldn't.
22:03 mishantil And I just discovered that putting the bowl of candy right next to a big cup of tea is bad.
22:03 * mishantil has a wet hand
22:03 marcus mishantil: yeah I guess. But you could probably fix more practically by adding an identifying header in the proxies.
22:04 marcus (if the question is which of these proxies did that request actually hit).
22:05 marcus But yeah, I see how that could be useful information to the app server as well.
22:07 marcus ok, I've done nothing useful for an hour, and I'm unable to make any headway on the red line bug. Time to go to bed I guess.
22:08 cpan_mojo Statocles 0.021 by Doug Bell - http://metacpan.org/release/PREACTION/Statocles-0.021 (depends on Mojolicious)
22:13 sri marcus: hah, says the one who has written a proxy plugin :)
22:13 sri of course in case we are a proxy server
22:14 sri and happen to care about the client ip as well as upstream proxy
22:15 marcus sri: :D
22:15 sri perhaps also for logging
22:16 sri $c->tx->real_remote_address it will be i suppose
22:17 marcus original_ ?
22:17 marcus real_ seems a little diffuse in this case.
22:17 * sri shrugs
22:17 sri neither prefix is present in mojo yet
22:18 marcus ok. Really going to bed. Not feeling that this is something that needs immediate attention anyways.
22:18 marcus it's not like any users have complained yet, right?
22:19 sri worst case, they can't activate proxy support and have to handle those headers themselves ;p
22:20 sri lets see which prefix is more popular on cpan grep
22:20 sri real_ wins there
22:37 woz joined #mojo
22:43 good_news_everyon joined #mojo
22:43 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/GZvBYQ
22:43 good_news_everyon mojo/master 9614de4 Sebastian Riedel: added original_remote_address attribute to Mojo::Transaction
22:43 good_news_everyon left #mojo
22:44 * jnbek spies the commit... starts paying attn to MetaCPAN recent...
22:45 sri :D
22:45 sri it's not such an important commit
22:46 sri more "meh... for correctness sake"
22:46 jnbek hehe, alright
22:48 good_news_everyon joined #mojo
22:48 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/76UiDA
22:48 good_news_everyon mojo/master a8aec73 Sebastian Riedel: better description for remote_address method
22:48 good_news_everyon left #mojo
23:20 disputin joined #mojo
23:28 disputin joined #mojo
23:33 dvinciguerra joined #mojo
23:42 woz joined #mojo
23:54 * jberger catches up on the backlog
23:54 * jberger wishes his local convos had a red line!
23:54 jberger that was a pretty funny read btw
23:54 jberger batman: I would love gist support for my nopaste command, but gist is hard because of the auth stuff
23:55 jberger its on my todo list for some hack day sometime
23:58 Averna joined #mojo
23:59 d4rkie joined #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary