The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2014-12-29

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:09 alnewkirk joined #mojo
00:59 mst Grinnz: oh, yeah
00:59 mst Grinnz: "has foo => (is => 'ro');" should be impossible
01:00 mst Grinnz: "honestly, I see no reason why Moose or DBIx::Class could ever work"
01:00 Grinnz mst, we've already discussed that, ( can be an exemption and iirc already is
01:00 mst Grinnz: nah, sorry, welcome to perl. we like letting people make stuff :)
01:00 mst ok, sure, now, given perl's list flattening, how exactly do you exempt it?
01:00 Grinnz rather, in that case the () don't really do anything
01:00 mst sorry. "I see no reason" is ... naive
01:01 mst I can see lots of things that => making the RHS scalar would help
01:01 mst and lots of things it'd break
01:01 Grinnz hence "impossible to change now though"
01:01 mst I could see an argument it'd help more things than it'd break
01:01 mst but "I see no reason" is nothing to do with impossible to change now and everything to do with not bothering to think
01:02 Grinnz i've thought, and not come up with anything
01:02 mst "honestly, I wish the choice had been made the other way, in spite of the disadvantages" would be a much more reasonable statement
01:02 mst yeah, obviously not
01:02 mst __PACKAGE__->belongs_to(foo => 'Bar', ...);
01:02 mst would break under your proposal
01:02 Grinnz it doesn't affect the syntax you're talking about, only functions returning list context, and if you put like an array on the right side
01:02 Grinnz how?
01:03 mst because you're enforcing scalar context on the RHS
01:03 Grinnz which is a string.
01:03 mst which is a list
01:03 mst the first element of which is a string
01:03 Grinnz no, enforcing scalar context on the thing on the RHS
01:04 Grinnz if it scalarified the entire list on the right that would break any hash construction, so that would obviously be unwise
01:04 mst but that's how it would work
01:04 mst given the definition of the comma operator
01:04 mst which perl inherits from C
01:04 Grinnz then it couldn't work that way
01:05 Grinnz moot discussion either way...
01:05 mst exactly my point
01:05 mst you're not trying to change the behaviour of =>
01:05 mst you're trying to change the behaviour of ,
01:05 Grinnz no, only =>
01:05 mst yes
01:05 mst because otherwise what I said applies
01:05 Grinnz , does not imply that the thing that follows is scalar
01:05 mst if you don't change the behaviour of , to be incompatible with C first
01:06 mst then your proposed behaviour change for => has exactly the consequences I describe
01:06 Grinnz => is already not a comma
01:06 mst please stop insulting me and think
01:07 mst I've read the source code to the perl compiler, repeatedly
01:07 sri $ua->get('mojolicio.us' => {'Accept' => '*/*'} => sub {...});
01:08 Grinnz mst, i'm not really interested in whatever you're trying to argue about since as i said, it's moot
01:08 Grinnz sri, those are already scalar references
01:08 mst for => to forcibly scalarify its RHS and not break hash construction
01:08 mst , would need to be redefined
01:08 mst that's how the grammar and compilation works
01:08 Grinnz ok
01:09 mst I'm not arguing. I'm claiming that your "I see no reason" is naive, and indicates a lack of understanding of how perl's compiled, and I'm trying to help you understand
01:09 mst you keep reacting like I shot your puppy
01:09 Grinnz I see no reason from a user point of view
01:09 mst try listening instead, please, you're smart and I'm trying to teach you something
01:14 sri $pg->db->query('insert into foo values (?, ?, ?)' => @values => sub {...});
01:15 mst Grinnz: basically: the grammar and the language don't work that way, and the problems are far, far deeper than you think
01:15 Grinnz sri, yes, that would break, which i would consider "useless use of fat comma"
01:16 sri anyway, i believe the problem is simply that wantarray is the devil
01:17 sri of course it doesn't help that return us magical too
01:17 sri s/us/is/
02:03 sri it was never about hash rockets, foo('bar', $c->param('baz'), 'yada') is just as dangerous
02:05 Grinnz sure, but i think the main problem is most people have some expectation of lists flattening in that instance, but when you see a generic hash constructor, you don't think of it that way
02:06 Grinnz s/you/they/
02:08 Adurah Fat commas confuse?
02:09 Grinnz they give the appearance of "this thing => this other thing" which doesn't make sense when this other thing is a list
02:09 Grinnz or rather, isn't expected
02:10 Grinnz i guess it creates a visual relationship in a way that commas don't
02:15 Grinnz i think sri is right though and beyond that, returning lists for anything other than simple, focused functions, is usually just unnecessary and makes checking return values more complex
02:32 sri returning lists *or* scalar values consistently is perfectly fine
02:32 sri you just get in trouble when your method/function is context sensitive
02:33 mst right, context sensitivity is useful like 1% of the time and a footgun the other 99%
02:33 sri as in wantarray or bare "return;"
02:33 mst bare 'return;' makes me want to punch people.
02:35 sri makes me want to punch perlcritic for complaining about "return undef;"
02:35 mst it's shit like that that's why I refuse to run it
02:35 Grinnz yeah i saw that when i tried perlcritic briefly
02:35 mst maybe I should yell about that
02:36 * mst plans a "don't do that" series of blog posts called mstpain later
02:36 Grinnz i'm checking for undef, therefore, i return undef
02:36 Grinnz hahaha
02:37 sri lets see if the 31c3 talk tomorrow makes some noise
02:40 sri (i've not found any information about it yet though)
02:42 sri ah, found it https://events.ccc.de/congress/2014/Fahrplan/events/6243.html
02:45 Grinnz that's a rather hostile description
02:45 sri clearly a security professional :o
02:46 sri maybe i was just very unlucky... but every "security researcher" i've interacted with so far has been obnoxious
02:47 Grinnz i have similar experiences
02:47 sri maybe we should start giving all bugs cutesy names and logos :)
02:52 klapperl joined #mojo
02:59 sri some very entertaining talks though https://media.ccc.de/browse/congress/2014/
03:43 inokenty-w joined #mojo
03:46 noganex_ joined #mojo
03:49 Eke- joined #mojo
04:36 hshong joined #mojo
04:53 jberger this security conference has an insecure cert?
04:53 jberger mst: will mstpan articles resume?
04:54 * jberger much enjoy, way nice, so mst
04:58 Grinnz jberger, i was going to comment on that... funny how many sites cant be bothered to get a proper/up to date cert, even i have one and i dont even do anything except store files
04:58 jberger sri: the tor browser came with a script blocker plugin that it recommended enabling
04:58 jberger Grinnz: IT'S A SECURITY CONFERENCE FOR GODS SAKE
04:59 jberger not that I love how cert signing makes kings of the cert guys, but still it's the system we have
04:59 Grinnz yeah thats probably the reason, SSL cert signing is really not any indication of security
05:00 Grinnz i wonder why their cert is considered untrusted, it doesn't look self signed
05:00 jberger then again we learned today that the nsa can get through that
05:00 jberger I didn't even look :-P
05:01 Grinnz "CAcert Class 3 Root"
05:01 Grinnz hell i use startSSL and everything trusts that
05:03 Grinnz oh yeah there was one other issue with SSL certs someone brought up... whoever you get it from then gets notified of any web traffic you get, or something like that
05:04 meredith yeah the CRL or OCSP gets hit, if the client is checking
05:40 sri jberger: that's a statement
05:40 sri Grinnz: startSSL is only free until there's a problem, then you pay
05:44 Grinnz what sort of problem?
06:00 sri Grinnz: revocation after the next heartbleed hits
06:01 Grinnz ah
06:02 Grinnz true you can't do that with the free cert, luckily mine were expiring at that time
06:05 Grinnz and hopefully there won't be a next heartbleed, because man, that was embarassing
06:09 Grinnz mst, i see you're behind Devel::REPL; i'm kind of surprised something like that isn't core and a switch to the perl binary, to go with all the other languages you can just type "languagename" and get a shell
06:10 Grinnz (was just messing around with python's, man i am such a python noob)
06:13 Grinnz hell even php has php -a, but all it does is remind me how silly php is about semicolons
06:14 sri https://twitter.com/kraih/status/511947151925346304
06:16 Grinnz nice
06:17 sri or just
06:17 sri ./myapp.pl eval 'use Reply::App; Reply::App->new->run'
06:19 sri i'm actually surprised nobody has made a repl command yet
06:19 Grinnz not a bad idea
06:20 sri btw.
06:20 sri i'm still looking for a way to make IO::Handle->new_from_fd(23, 'r') not close the file descriptor on destruction
06:21 sri it's not a DESTROY method in the class, but a perl feature that closes it when the underlying glob created by IO::Handle is not referenced anymore
06:22 sri https://metacpan.org/source/GBARR/IO-1.25/lib/IO/Handle.pm#L327
06:23 Grinnz doesn't sound like there is any way other than keeping a reference around or patching perl :/
06:24 sri this is perl, there tend to be ways
06:48 bobkare joined #mojo
07:14 Eke- joined #mojo
07:19 Eke|| joined #mojo
08:03 buu joined #mojo
08:13 Vandal joined #mojo
08:16 trone joined #mojo
08:23 eseyman joined #mojo
08:24 o3u joined #mojo
08:25 o3u is there a method documented somewhere i can use to debug/watch my nonblocking code?
08:25 o3u like nested delays ..
08:39 trone_ joined #mojo
09:07 sugar joined #mojo
09:09 franck34 joined #mojo
09:13 denis_boyun joined #mojo
09:16 vytas joined #mojo
09:28 amon joined #mojo
09:33 dod joined #mojo
09:37 ver joined #mojo
09:42 odc joined #mojo
09:56 basiliscos joined #mojo
10:03 sugar_ joined #mojo
10:16 ZadYree joined #mojo
10:19 ZadYree ping franck34
10:43 franck34 ZadYree: pong
10:44 espent joined #mojo
10:44 ZadYree franck34, pv?
10:52 franck34 yes
10:57 ZadYree Guys, I am using Mojolicious to code a webapp and wonder which Mongo DB driver would be the most interesting for me. Mango seemed nice as it is pure-perl but I saw somewhere it would be hard to maintain. Any comment?
11:01 nicomen try it?
11:01 purl Perl is an empirical art.  Don't ask us if something works, perl -wle 'YOURCODEHERE'
11:01 odc ZadYree, yeah, i'm supposed to take care of Mango, but i've been very busy with other stuff these days. But don't worry, sooner or later i'll get back to it
11:02 odc at least to support the new mongodb release
11:03 ZadYree Hehe, I see. :)
11:03 odc hopefully one day i'll implement replicaSet management
11:04 odc if only my stupid boss could understand why it's important ...
11:06 ZadYree So for a big commercial project I should rather pick a standard module like MongoDB right? I would personally pick a pure-perl module but I couldn't afford much implementation bugs :/
11:08 odc ZadYree, i guess it would be the "wize" choice, but remember that MangoDB.pm with its dependencies is HUGE and is not asynchronous like Mango
11:08 odc me and other people here have been using Mango in commercial apps with no problem so far
11:09 ZadYree I see :)
11:09 odc you need to see if you _really_ need the extra features
11:15 denis_boyun joined #mojo
11:17 ZadYree Well, afaik my further DB uses will be quite basic, but I feel I will need some support, etc
11:18 dotan joined #mojo
11:18 odc well, MongoDB.pm is developed by a MongoDB Inc. employee :(
11:21 ZadYree Aha
11:22 Kripton joined #mojo
11:22 ZadYree For sure I can't really trust non-free software for such usage but I can't really complain as I'm doing something similar right now ^^
11:36 buu Or you could just use pg
11:51 jegade joined #mojo
11:58 moritz people also seem to trust oracle and mssql, even though it's not free software
11:58 moritz (not saying that's good, just that it is)
12:06 cosimo joined #mojo
12:10 nicomen or a big commercial project you are already failing by using mongodb imho
12:10 nicomen *for
12:14 cosimo nicomen: why is that?
12:14 cosimo nicomen: and hello :)
12:34 nicomen cosimo: hello ;)
12:34 nicomen beucase of all the uncertainties
12:54 doby joined #mojo
12:56 neilhwatson joined #mojo
13:14 ZadYree Btw in Mojolicious, when trying to store parameters in a variable, perl can't locate the $self->params method while $self->param('foo') works fine. Any thought?
13:17 ZadYree $self->req->body_params->params seems to be kind of valid though
13:22 buu Because $self->params isn't a method?
13:26 dod joined #mojo
13:27 ZadYree Obviously. I was just wondering why Mojo::Parameters->param was inherited by Mojolicious::Controller when Mojo::Parameters->params is not. However, I found a nice solution instead. Thanks anyway!
13:38 dod joined #mojo
13:42 trone_ joined #mojo
13:48 ignacio_ joined #mojo
14:07 asarch joined #mojo
14:17 tencendur joined #mojo
14:24 sattellite joined #mojo
14:25 sattellite hi
14:25 purl que tal, sattellite.
14:26 sattellite_ joined #mojo
14:28 d4rkie joined #mojo
14:29 sattellite_ NICK sattellite
14:41 d4rkie joined #mojo
14:48 neyasov joined #mojo
14:53 sattellite_ i have one plugin MyApp::Files that provides 4 connectors and i have second plugin MyApp::Misc that provides misc functions with that connectors.
14:54 sattellite_ all works if i connect first plugin then second like this: http://pastebin.com/6LpKsmTg
14:54 sattellite_ nothing works after move plugins from lib/MyApp to lib/MyApp/Plugin: http://pastebin.com/tQ4TiN4y
14:54 sattellite_ ERROR: Can't locate object method "reload" via package "0" (perhaps you forgot to load "0"?)
14:54 sattellite_ In last paste line 90. $self->{app}->sub1->reload;
14:54 sattellite_ What it can be?
14:55 neyasov joined #mojo
14:55 sattellite_ cannot find error
14:58 Grinnz ZadYree, $c->param and $c->req->param are different, check the docs for each
14:58 ZadYree ok Grinnz
14:59 trone joined #mojo
15:03 Grinnz sattellite_, defining an attribute of your application and defining a subroutine in your plugin are two completely different things...
15:04 Grinnz this logic seems very strange, i need caffeine
15:04 trone_ joined #mojo
15:06 Grinnz your plugin packages don't match the namespace you set
15:06 sattellite_ Grinnz, what are the lines strange? I will try explain.
15:06 sattellite_ Grinnz, match. I forgot fix that in pastebin
15:09 Grinnz your app's attribute "sub1_handler" got set to 0 somehow
15:11 Grinnz are you changing these attributes somewhere? or why have this handler abstraction?
15:11 sri in case anyone here feels like spec lawyering https://github.com/kraih/mojo/issues/725
15:13 Grinnz from quick googling, URL-encoding seems like the proper way to handle such characters
15:13 muraiki_ joined #mojo
15:13 sattellite_ Grinnz, no, attributes never change
15:14 Grinnz sattellite_, then why have an attribute at all? just have the helper return the value directly
15:15 Grinnz also are you intending to create this object whenever you call that handler?
15:16 sattellite_ Grinnz, no. This object must be created at first time
15:16 sattellite_ first start*
15:16 Grinnz sattellite_, well then your logic seems incorrect
15:17 sattellite_ $app->helper(sub1 => sub {MyApp::ConfigReader->new({sub1 => $path})->sub1 }) ?
15:17 Grinnz these anonymous subs won't be run until they are called in the hlper
15:18 Grinnz sure that seems reasonable
15:18 sattellite_ his code will not create every time a new object?
15:18 sattellite_ this*
15:18 Grinnz it will, that is a different problem
15:22 sattellite_ but code with attr don't create a new object every time
15:22 Grinnz both do
15:23 sattellite_ was it made in my case?
15:23 sattellite_ with attr
15:23 Grinnz don't understand the question
15:24 sattellite_ in pastebins new object created once?
15:25 Grinnz in your pastebins, a new object is created every time you call those helpers, the change to the helper doesn't fix that, just avoids the unnecessary attributes
15:26 sattellite_ wow O_O
15:26 Grinnz if you want to create an object once, say, when you create the helpers in startup, then create it outside the anonymous subroutine
15:26 Grinnz and then call it from within the anonymous subroutine, as a closure
15:27 sattellite_ $app->helper(sub1 => MyApp::ConfigReader->new({sub1 => $path})->sub1 )
15:27 Grinnz no, that still needs to be a sub
15:27 sattellite_ $app->helper(sub1 => sub {MyApp::ConfigReader->new({sub1 => $path})->sub1 })
15:27 Grinnz the MyApp::ConfigReader is being created only when that sub is called though
15:28 Grinnz you can create it before, then inside the sub, call $obj->sub1
15:29 Grinnz if that is the logic you want
15:29 sattellite_ sub register {$obj=MyApp::ConfigRea... ; $self->helper(sub1 => sub{$obj->sub1})}?
15:30 sattellite_ if i correctly understand
15:30 Grinnz sure but you will need different objects for each, still, since they are constructed differently
15:31 sattellite_ yes, ofcourse
15:31 sattellite_ thank. i will try now
15:37 marty joined #mojo
15:37 mst Grinnz: I'm actually not a heavy repl user
15:38 mst Grinnz: people asking for a built-in tend to get told 'perl -de0'
15:38 Grinnz neither am i, but i can't say if i would be if there was a builtin one
15:38 Grinnz i certainly use it when dicking around in other languages heh
15:38 mst Grinnz: I'd look at Reply for a newer pluggable repl, or the tinyrepl that comes with my Eval::WithLexicals for a trivial example
15:38 mst I use tinyrepl a fair bit for quick experiments
15:38 Grinnz i did see Reply, it looks nice
15:39 mst right, it's just a shame that it relies on a bunch of XS modules when I've already written pure perl replacements
15:39 Grinnz the reason i say it should be a builtin switch is not for my sake, but for people who are as experienced in perl as i am in python, and want to dick around like i was doing yesterday :P
15:40 mst but the author thinks everybody should have a recent perl and a compiler, and ease of installation is pandering to stupid people
15:40 Grinnz heh
15:41 mst not kidding. he kept trying to take parts of Moo's dep chain XS-only under me and then got really pissy when I started doing releases to fix it
15:41 mst "THIS IS MAKING IT HARDER FOR ME TO MAINTAIN"
15:41 mst "Ok, I'll maintain it then"
15:41 mst "YOU'RE STEALING MY DIST"
15:41 mst "Pick one of the two to complain about or fuck off"
15:41 Grinnz lol
15:41 sugar__ joined #mojo
15:41 mst (this may also be a reason why Reply doesn't depend on my code, of course :)
15:41 Grinnz on the bright side, it's not mlehmann
15:42 Grinnz i can see a bugtracker!
15:42 mst oh, sure, other than his tendency to ignore hostile/old deployment environments, doy's fucking excellent
15:43 mst and honestly he's one of those people where we really, horrifically, don't get on ... but I can never actually work out why
15:43 mst we just both have a talent for rubbing each other the wrong way
15:43 * mst shrugs
15:43 mst basically, "if you really want pure perl, start with Eval::WithLexicals, otherwise start with Reply"
15:45 mst oh, yeah, Object::Remote also comes with a script called remoterepl
15:45 mst which starts a repl with the Eval::WithLexicals half on a remote host over ssh :)
15:49 Grinnz interesting
15:51 jberger I've never really understood why typing `python` and getting a repl is so nice
15:51 jberger you make one little typo as you do it and you have to type it all in again
15:52 * jberger prefers a good one-liner
15:52 * jberger is probably biased
15:53 buu jberger: ... press the up arrow?
15:54 sri re #725, i'm not opposed to doing something like this, but i'd like to be sure it's the right thing to do https://gist.github.com/anonymous/589722ab8b361769e9f1
15:58 neyasov joined #mojo
16:02 sh4 joined #mojo
16:06 jberger buu: line by line? bah
16:06 Grinnz_ jberger: less unwieldy than putting 5 lines into a oneliner command, less permanent than making a script, i guess
16:06 Grinnz_ jberger: also lets you "adapt" to what you see
16:06 Grinnz_ so for learning, it can be nice
16:07 Grinnz_ i "learned" ruby in essentailly an online repl
16:08 jberger I suppose
16:08 jberger any time I needed more than one line, I go to my test.pl script and use it
16:09 mst jberger: I do it a fair bit to set up some variables/subs/etc.
16:09 mst then run a bunch of side effect free tests
16:09 mst the *setup* I do all in one line so I can copy-paste if I need it again
16:09 jberger I'm not arguing against it, I just never saw the need
16:10 Grinnz_ so i guess the next question is, how hard would it be to write a REPL that only depends on core? :)
16:10 jberger Grinnz_: why
16:10 jberger Eval::WithLexicals is going to save you a lot of heartache
16:10 Grinnz_ for the "include as a core switch to the perl binary" part
16:11 mst if you're already inside the perl5 VM you'd probably be better starting from Lexical::Persistence
16:11 Grinnz_ mostly hypothetical question, i have no plan on delving into it atm :P
16:11 jberger Grinnz_: I guess for the same reason as most CPAN modules: because we have CPAN
16:11 jberger :-P
16:11 Grinnz_ jberger: i didn't ask a "why" question
16:12 sri heh https://github.com/dex4er/Pyjo
16:13 mst btw, http://sherlock.scsys.co.uk/~matthewt/tinyrepl # fatpacked
16:13 jberger sri: now you know you are doing something right
16:13 sri that actually seems like a sensible way to start a port (if anyone wants to start a perl6 port...)
16:16 jberger I was almost thinking about starting such a port, mostly as a way to learn p6, then I discovered the abject lack of documentation of the Supplies class
16:16 jberger Supply
16:17 sri http://doc.perl6.org/type/Supply
16:18 sri but yea, docs are not great
16:19 Grinnz_ docs are hard!
16:19 Grinnz_ code is easy!
16:19 Grinnz_ :)
16:21 Grinnz_ sri: from https://url.spec.whatwg.org/, A username must be zero or more URL units, excluding "/", ":, "?", and "@".
16:21 Grinnz_ A password must be zero or more URL units, excluding "/", "?", and "@".
16:21 Grinnz_ and URL units are URL code points or percent encoded bytes... thats as much as it specifies there
16:23 Grinnz_ "Sequences of percent-encoded bytes, after conversion to bytes, should not cause a utf-8 decoder to run into any errors." so i guess that's a roundabout way of saying it should be UTF-8 encoded :)
16:23 sri Grinnz_: comment on the issue
16:25 sri Grinnz_: is the whatwg url spec authoritative yet?
16:26 Grinnz_ i have no idea on that... its just what i came across
16:26 sri that's kinda important
16:30 jberger sri: I think even those must be new in the last few weeks
16:31 jberger I looked for such a page and couldn't find it
16:31 irq joined #mojo
16:32 Kripton joined #mojo
16:33 Grinnz_ hrm, the RFC says that non-ASCII characters must be encoded to UTF-8 then percent-encoded in a domain name, but it doesn't say that specifically for the userinfo
16:37 trone joined #mojo
16:37 genio I see that non-ascii must be percent-encoded, but both rfc1738 and the w3c spec seem vague about what to do with it before percent-encoding
16:39 sri Grinnz_: ironically that's incorrect, and the domain name needs to be punycode encoded instead
16:40 sri (in the real world we are only dealing with IRIs really, not URIs anymore)
16:41 trone_ joined #mojo
16:42 sri of course IRIs are a mess... of course
16:42 Grinnz_ :)
16:42 genio http://tools.ietf.org/html/rfc3987#section-6.4
16:42 sri https://annevankesteren.nl/2012/11/idna-hell
16:43 sri oooh
16:44 sri i think i remember why i made userinfo work that way
16:44 sri because of the :
16:44 sri wait a minute
16:44 sri hmm
16:44 sri nope
16:44 jberger TIL: IDN homograph phishing attack
16:47 sri allright, should this patch be applied or not? https://gist.github.com/anonymous/719c8a667e46a228631c
16:47 * sri pokes jberger, tempire, marcus, batman and crab
16:49 jberger sri: I'm a little curious, the change to the documentation example for userinfo
16:50 sri it's a backwards incompatible change
16:50 jberger indeed
16:50 sri no wait
16:50 sri :S
16:51 sri it was already url_decoded, so the doc example was wrong
16:51 sri ;p
16:51 sri just not decoded from bytes to characters
16:51 sri sooo, you had to put bytes into $url->userinfo(...)
16:51 sri now it's characters
17:00 disputin joined #mojo
17:01 sri jberger: so the doc change has no significance
17:01 jberger ok
17:01 jberger just making sure
17:02 jberger in that case, it seems fine by me
17:02 sri do we want to reference the whatwg url spec in the docs?
17:05 sri guess we do
17:06 good_news_everyon joined #mojo
17:06 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/GBLxQg
17:06 good_news_everyon mojo/master 2c5d2d0 Sebastian Riedel: fixed userinfo normalization bugs in Mojo::URL (closes #725)
17:06 good_news_everyon left #mojo
17:07 sri look at the tests especially, and make sure that's how we want it to behave
17:19 linagee Is there a way to not have "mojo.secrets" hanging around in people's browsers? :(
17:19 jberger sri: I did, and yes, that's what I would expect
17:19 linagee (It seems like this would be a PR, no such customization in Mojolicious::Controller->_signed_cookie()
17:19 linagee )
17:20 jberger linagee: mojo.secrets in people's browser?
17:20 Grinnz_ in browsers? how?
17:20 linagee hard coded "mojo.secrets". I'd rather call this "anything.whatever"
17:20 linagee in their browser / in their cookies
17:20 jberger the secrets are not in their cookies
17:20 jberger by definition that would be bad
17:21 Grinnz_ indeed...
17:21 purl indubitably
17:21 jberger the only way it would be in their browser is if you were running your prod site in dev mode
17:21 jberger it would be in the dev error page, I would assume
17:35 sri jberger: wrong
17:36 linagee jberger: you're right, I was wrong. nothing in their browser. (was logging $c->stash and $c->params before, I've made things more specific now.)
17:37 neyasov joined #mojo
17:39 inokenty joined #mojo
17:44 jberger sri: that's good, I admit I hadn't tested it out yet
18:04 linagee is kraih/mojo the official repo for mojolicious?
18:08 tempire linagee: yes
18:09 linagee I'm trying to improve my Qualys SSL Labs score. It shows "TLS compression: Yes (INSECURE!)"
18:09 linagee is this a known thing? (Is it within Mojolicious or my IO::Socket::something? library?)
18:10 Grinnz_ linagee: is this when using a Mojo server directly?
18:10 Grinnz_ no proxy?
18:11 Grinnz_ it should elaborate on why it's considered insecure hopefully (probably the protocols allowed)
18:12 Grinnz_ if you need to customize the ciphers used in hypnotoad, see "ciphers" under https://metacpan.org/pod/Mojo::Server::Daemon#listen
18:13 sri these days we use the IO::Socket::SSL defaults, so you might want to open a ticket there if the defaults are not good enough
18:14 tempire ooh
18:14 tempire snowman passwords
18:14 good_news_everyon joined #mojo
18:14 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/uweR7g
18:14 good_news_everyon mojo/master bdd3e3c Sebastian Riedel: a few more Mojo::URL examples
18:14 good_news_everyon left #mojo
18:15 Grinnz_ hmm it would be nice if IO::Socket::SSL listed what their current default is, rather than just saying "it's secure"
18:15 Grinnz_ :)
18:16 sri i also wonder about the ecc defaults
18:16 Grinnz_ linagee: also, make sure your IO::Socket::SSL is up to date, otherwise it may be still allowing SSLv3
18:16 Grinnz_ i'm not sure if it did, but something to check
18:18 Eke- joined #mojo
18:28 genio why not front it with nginx and get your high SSL Labs score?
18:29 irq joined #mojo
18:38 neyasov joined #mojo
18:39 dod joined #mojo
18:44 denis_boyun joined #mojo
18:52 denis_boyun_ joined #mojo
18:55 Eddy joined #mojo
18:57 sri hmmmmmm
18:57 sri fragment is even more complicated
18:58 sri that NOTE :S https://url.spec.whatwg.org/#fragment-state
19:00 sri we do actually percent encode https://github.com/kraih/mojo/blob/master/lib/Mojo/URL.pm#L187
19:00 sri wonder if that shouldn't be the case
19:02 neyasov joined #mojo
19:12 * sri pokes jberger, tempire, marcus, batman and crab
19:13 Grinnz fragments... man
19:13 tempire I support percent encoding
19:13 sri tempire: why?
19:15 tempire My answer makes me question my stance.
19:15 * tempire considers
19:16 Grinnz sri, doesn't the implementation of parsing just above that support percent encoding though?
19:16 Grinnz (just above that note)
19:16 tempire Well, for to_string, how often to you need what you originally put in, and how often do you need something that will just work?
19:16 tempire I feel like the latter is more common.
19:16 sri Grinnz: it does not decode
19:16 Grinnz the fragment is for the javascript, not the web server
19:17 Grinnz sri, you mean to unicode?
19:17 sri to anything, it checks for integrity and leaves the fragment verbatim
19:17 Grinnz aha
19:18 Grinnz thus leaving it up to the javascript whether to percent decode
19:18 Grinnz i think it is still valid to percent encode in the fragment
19:18 Grinnz and expected
19:18 purl expected is undef
19:18 Grinnz wat
19:19 Grinnz i can ask our js team
19:22 sri tempire: so you are arguing for not percent encoding?
19:24 sri thing is, verbatim utf-8 is what just works in browsers
19:24 sri here's a shitty one-liner
19:24 sri perl -Ilib -Mojo -E 'a({inline => "<a href=\"#\x{10346}\">Faihu</a><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><a id=\"\x{10346}\">Target</a>"})->start' daemon
19:25 sri tested in latest chrome and firefox
19:25 tempire hmm
19:26 sri you make urls with fragments to put them in html
19:26 Grinnz ah, for that use case right, it is not the javascript
19:27 tempire I was thinking *for* percent encoding, but I wasn't thinking about utf8 as much as dealing with spaces.
19:27 tempire Mostly because I ran into a situation recently where blank spaces in my url killed the intention.
19:28 sri actually
19:28 sri perl -Ilib -Mojo -E 'a({inline => "<a href=\"#\x{10346} test\">Faihu</a><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><a id=\"\x{10346} test\">Target</a>"})->start' daemon
19:29 sri shitty one-liner with whitespace
19:29 sri verbatim fragment works
19:29 Grinnz what about percent encoded?
19:30 sri does mostly not work and differs between browsers
19:30 Grinnz interesting
19:30 sri make your own shitty one-liner and try
19:31 sri the url you see when you hover is also different from browser to browser
19:31 genio Tested correctly in IE 9 as well
19:31 sri \o/
19:31 Grinnz now what if you encode the id with html entities?
19:31 genio although it can't display the character for shit
19:31 sri then it's verbatim fragment for both again
19:32 Grinnz isn't it great how standardized this all is
19:32 genio ooops.  i lied.  it was IE 10 I was testing in.
19:33 genio I didn't realize this testing VM machine had been updated to IE 10
19:33 Grinnz genio, so an almost supported browser?
19:34 genio I'll have to search around for something with IE 8/9
19:34 sri i think no percent encoding clearly wins
19:35 genio It worked properly in IE 8, but the display of the character is even more broken than in IE 10 :)
19:35 Grinnz sri, it is not working on my chrome
19:36 Grinnz oh, it works with a regular space, nvm
19:36 * Grinnz brain stuck on &nbsp;
19:37 genio Chrome and Safari worked and display an accurate looking character, firefox and IE work but can't properly display the character
19:38 Grinnz sri, it works in my chrome with percent encoding
19:39 Grinnz and firefox
19:39 sri perl -Ilib -Mojo -E 'a({inline => "<a href=\"#%F0%90%8D%86%20test\">Faihu</a><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><a id=\"\x{10346} test\">Target</a>"})->start' daemon
19:39 sri for good measures, shitty one-liner with percent encoding
19:40 sri seems to work in latest chrome and firefox
19:40 Grinnz yep, or with escaped html, both work
19:40 Grinnz dont have other browsers to try here
19:41 sri ie9 would be interesting
19:41 sri safari works too
19:41 stephan48 g39
19:43 genio I can only find IE 8, 10, and 11.  I can't find a 9 to test on
19:44 sri i wonder if that means we are better off normalizing the fragment too
19:44 sri genio: i meant ie in general
19:44 sri 8 and 10 results are perfect
19:45 Grinnz sri, i think if this functionality works in major browsers, the next question will be what does javascript do
19:46 sri i would guess it depends on how you access the fragment
19:46 sri the attribute is prolly raw, while .hash is normalized
19:47 sugar joined #mojo
19:52 genio perl -Ilib -Mojo -E 'a({inline => "<a href=\"#\x{10346}\">Faihu</a>&nbsp;<a href=\"#%F0%90%8D%86%20test\">Faihu2</a><div style=\"height:800px;\">&nbsp;</div><a id=\"\x{10346}\">Target</a><div style=\"height:800px;\">&nbsp;</div><a id=\"\x{10346} test\">Target2</a>"})->start' daemon
19:52 genio It doesn't work properly on IE 8, but it does on IE 10
19:53 genio Target works across the board, but Target2 fails on IE 8
19:54 sri interesting
19:54 sri so normalizing fragments is new-ish
19:56 denny joined #mojo
19:59 sri this patch would normalize the fragment https://gist.github.com/anonymous/802182e942fe7e46269e
19:59 sri take a look at the ridiculous snowman test case :)
20:00 sri http://☃:☃@☃.net/☃?☃#☃
20:00 sri for that test alone i want to apply the patch ;p
20:01 jberger <3 soo <3
20:01 genio hahaha
20:03 Grinnz_ a lot of things don't work on IE 8 for the record ;)
20:03 Grinnz_ a lot of things don't work on IE 9 even
20:04 Grinnz_ let it snowman~
20:04 genio noted, but a lot of people still use those stupid browsers
20:04 Grinnz_ not with the support of microsoft they don't
20:05 Grinnz_ luckily our app is in a position to say "upgrade or gtfo"
20:05 Grinnz_ mostly because there are a lot of javascript things that would break in IE 9 and below before anyone even thought about utf-8 in fragments ;)
20:06 genio The world would be better if IE < 11 would cease to exist.  but, "enterprise"
20:07 Grinnz_ we'll see how enterprise hodls up once support for RHEL stops next may
20:07 Grinnz_ RHEL5 *
20:07 mishantil genio: ...and .gov which we target.
20:07 genio well, anything "enterprise" that requires IE 8/9 doesn't give two shits about RHEL
20:07 good_news_everyon joined #mojo
20:07 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/c0Q3tg
20:07 good_news_everyon mojo/master 1679faf Sebastian Riedel: fixed fragment normalization bugs in Mojo::URL
20:07 good_news_everyon left #mojo
20:08 * genio glares at lots of our software (Epicor is the devil)
20:08 Grinnz_ genio: if it's being paid for then it should get maintained, or stop paying for it, right? ;)
20:09 linagee Grinnz_: yes no proxy. tried messing with ciphers, no success in making Qualys happy.
20:09 genio one doesn't lightly toss away $1M+ USD software
20:09 linagee Grinnz_: (I probably just don't know what I'm doing with ciphers. I tried to copy our server that does pass. no success.)
20:09 * sri tends towards normalizing the fragment for web scraping
20:10 Grinnz_ linagee: did you find any more specific reason why it's not happy?
20:10 sri looking for a link target seems to be easier this way
20:11 Grinnz_ linagee: fwiw this one works for my servers (i don't use hypnotoad without a proxy though): HIGH:!aNULL:!MD5
20:12 Grinnz_ let me recheck my hosting
20:13 sri this repo has some examples https://github.com/ioerror/duraconf
20:13 Grinnz_ yep mine passes
20:13 sri oh, it's outdated now :/
20:14 sri no wait, 3 months is not so bad
20:14 Grinnz_ sri: that includes SSLv3, so it is out of date :P
20:14 Grinnz_ at least in the nginx conf
20:14 sri yea, that one is oooooooooold
20:15 genio https://gist.github.com/genio/6405b785fc763270c262
20:16 genio A+ on SSL Test
20:16 Grinnz_ mine failed on EI 6 / XP, :P
20:16 Grinnz_ IE*
20:18 Grinnz_ "The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the handshake format is compatible to SSL2.0 and higher, but that the successful handshake is limited to TLS1.0 and higher" from IO::Socket::SSL
20:18 Grinnz_ so that should be fine if your IO::Socket::SSL is up to date
20:18 sri i for one can't wait for all the exciting new attacks on spdy and http/2 once those protocols get popular enough
20:18 linagee Grinnz_: is it generally recommended to run nginx in front of Mojolicious? (and/or good reasons to do so?)
20:19 linagee (or does it just add latency/complexity?)
20:19 Grinnz_ linagee: it's not the worst idea, but there's no reason to if you're not serving anything other than the mojolicious app
20:19 sri http://mojolicio.us/perldoc/Mojolicious/Guides/Cookbook#Nginx
20:19 genio linagee: Hypnotoad is a great web server.  I run nginx because I also have modsecurity installed, etc.
20:19 linagee Grinnz_: IO::Socket::SSL is up to date. (well, was up to date as of a week or so ago)
20:20 Grinnz_ linagee: so... can you share the report or find what part failed?
20:20 Grinnz_ otherwise i'm just guessing here, and i'm out of guesses :)
20:20 linagee Grinnz_: I can copy/paste/replace stuff. :)
20:20 jberger btw: live stream for "HACK ALL THE PERLS" talk: http://streaming.media.ccc.de/
20:20 jberger will be in room 1 at the top of the hour
20:20 linagee pastebin?
20:20 purl pastebin is see nopaste. or see shadowpaste
20:21 sri jberger: in 30 mins
20:21 linagee modsecurity looks interesting. I see they even have an OWASP page. hah. :)
20:21 preaction do we really need to watch another sensational part of the biased narrative that Perl is the worst language ever devised?
20:21 linagee nopaste.info?
20:21 jberger I want to be able to respond
20:21 jberger I'm fairly sure I know what they are going to talk about tho
20:22 jberger linagee: I mostly still use pastie
20:22 sri about bugzilla mostly i would assume
20:22 Grinnz_ just keep working on things that make perl better (like mojo) and talk about them, its all we can do
20:22 jberger see also Mojolicious::Command::nopaste </selfpromotion>
20:23 Grinnz_ i mostly use fpaste, because it's convenient from any fedora or centos box
20:23 genio gist.github.com as well
20:23 Grinnz_ at the end of the day, whatever is the least effort for you and doesn't screw up the output or show ads is good
20:24 linagee Grinnz_: not necessarily.
20:25 linagee Grinnz_: I'd also tack onto there "and doesn't use the info for malicious purposes" (probably not a huge deal if you censor everything anyway=)
20:25 Grinnz_ well, true... fpaste posts are private to whoever has the link by default
20:25 Grinnz_ most of them probably are
20:25 linagee more obscure than pastebin.com is probably a good start in that regard
20:26 linagee ack. I don't want this to look like crap. copy/paste of the text = crap. :(
20:26 linagee (ssllabs)
20:27 Grinnz_ odd that they don't have a text export format or something
20:27 linagee hrm... pastethingy that allows HTML paste?
20:27 Grinnz_ haha
20:27 Grinnz_ good luck with that
20:27 purl SOL loser!
20:27 linagee (wouldn't they essentially be serving pages at that point? lol.)
20:27 Grinnz_ purl: thats not very nice
20:27 purl Grinnz_: huh?
20:28 preaction jsfiddle? codepen?
20:28 linagee true
20:28 jberger sri: aren't you in/close to Hamburg?
20:29 marmez joined #mojo
20:29 jberger is the 31c3 thingy there?
20:43 dotandimet joined #mojo
20:50 punter joined #mojo
20:58 sugar_ joined #mojo
21:00 dotandimet joined #mojo
21:02 sri jberger: yes, i can still drive over and punch the guy :)
21:02 jberger man, he's smug
21:02 jberger why are they laughing, that's a common language feature?
21:02 jberger I'm sure I could make them laugh at anything they hadn't used
21:04 * sri heads to the car
21:06 sri and there's the sexist slide
21:06 genio This guy makes me want to slap him
21:10 jberger why would you expect that?
21:10 Eke- joined #mojo
21:10 jberger GODDAMN dude, this is how Perl works
21:10 meredith are you all reading/watching somewhere?
21:11 genio http://streaming.media.ccc.de/saal1/
21:11 tempire Because you have no concept of lists, because he's never had education
21:11 genio live talk ^^
21:11 jberger http://streaming.media.ccc.de/saal1/
21:11 meredith ty
21:11 jberger he shouldn't expect these results
21:11 jberger he expects these results based on what?
21:12 tempire because other languages only have array references, and they call them arrays
21:12 tempire so he's angry because he doesn't have any concept of lisp, or functional programming.
21:12 sri "DBI is a core module"
21:13 meredith wow
21:13 Nemix__ oh man
21:13 meredith clueless
21:13 purl well, clueless is If that's somehow not clear enough, you're lacking essential human survival clues, and are beyond our help. NEXT.. or (see clueball)#
21:13 sri he's just making up shit now
21:13 preaction listening to #mojo and #p5p is better than watching that presentation
21:14 mishantil He could do with less profanities.
21:15 tempire This is the trouble with tearing something/someone down.
21:16 tempire You've got to have your delivery down.
21:17 mishantil Ok help me out here; the things he is talking about, do they in fact work the way he claims? I have not yet seen DBI mess up quoting.
21:18 tempire Don't know.
21:18 purl somebody said don't know was it proper place, but who cares? https://rt.perl.org/Public/Bug/Display.html?id=122906
21:18 tempire Who uses ->quote directly?
21:18 sri nobody
21:18 Grinnz_ ^
21:18 Nemix__ He makes me feel like a perl and info sec master
21:18 genio wasn't that CGI's fault, not Perl's?
21:18 preaction perl didn't prevent it, so it must be a bad language
21:18 tempire Dear god
21:19 sri muhahahaha
21:19 genio wow
21:19 tempire The first and the last statements of that summary
21:19 genio the last sentence he said should get him bitch slapped
21:19 tempire just can't
21:20 sri KNOW YOUR LANGUAGE FEATURES!
21:20 * Grinnz_ wishes for a transcript
21:20 mishantil Who is this guy? O_o
21:26 genio bwahaha
21:26 tempire This is pointless now.
21:26 * tempire closes
21:26 mishantil "How to make an ass of yourself; the A-B-C"
21:28 jberger well that was "fun"
21:29 jberger I would annotate that talk continually by starting at his "expected" and ask "why is that what you expect"? sigh
21:30 tempire The whole thing was dumb.
21:30 jb360 joined #mojo
21:30 tempire But
21:30 tempire Let's reintroduce an example of how to make fun of languages properly, without being a jerk
21:30 tempire https://www.destroyallsoftware.com/talks/wat
21:31 sri re no other language is affected... this one comes to mind http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
21:31 sri OMG A METHOD THAT NORMALLY RETURNS A STRING OBJECT CAN ALSO RETURN A HASH OBJECT
21:32 mst METHODS? RETURNING THINGS? LIES AND CALUMNY!
21:32 mst CLEARLY PASCAL STYLE OUT PARAMETERS ARE THE ANSWER
21:32 jberger right everything has vulnerablilities, and most of them are because the programmer was an idiot, not because the language allowed the programmer to be an idiot
21:32 tempire no one understands the value of returning multiple values except for lisp and perl people
21:33 tempire so they just get angry at their ignorance
21:33 sri the world would be a lot safer if we all just used strongly typed languages... like... C
21:33 Kripton joined #mojo
21:33 preaction that's funny. python can do that, but i never see it being done in python...
21:33 tempire blame the programmer
21:33 tempire I guess
21:34 mst sri++
21:34 preaction obviously the only good language is Ada
21:35 mishantil preaction: Surely you mean VB?
21:35 jberger pass-by-value is a lost art
21:35 preaction mishantil: no. vb and ada are leagues apart
21:38 preaction ada was designed for easier verification, for safety-critical applications. the US Department of Defense mandated it for a while
21:40 meredith a few of us were talking sense in the conf room irc channel
21:41 sri allright, fun time is over, get back to work!
21:54 Nemix__ I am having problems getting morbo to load my local jquery stuff.  So I started with the basics by putting the genterated html referenced here (http://stackoverflow.com/questions/15088206/mojolicious-layouts-and-positioning-of-javascript) into a file in an empty directory and loaded it into my browser.  I do not get the alert and would expect to.  Yes, this is not a mojo question but I am working up to that!
22:07 * sri uses the opportunity :) https://twitter.com/kraih/status/549687989723742208
22:08 linagee Grinnz_: sorry so delayed. can you help me get an A please? :( http://jsfiddle.net/6v7syg0q/
22:08 sri oh shit i forgot a link
22:09 dotandimet joined #mojo
22:09 linagee and... I see that it has completely erased all grades and such... hah. It says Certificate: 100%, Protocol Support: 70%, Key Exchange: 90%, Cipher Strength: 90%, Overall Rating: B
22:09 sri i know it's uncool
22:10 sri but i'll redo the tweet! :o https://twitter.com/kraih/status/549688722388951040
22:10 sri eeeep, that did cost me 3 followers
22:11 linagee sri: are you kraih?
22:11 sri ye
22:11 jberger sri: srsly, people unfollowed?
22:11 linagee ahhh..... explains so much now. :-D (j/k, nice to meet you.)
22:11 sri o/
22:12 linagee sri: so you're saying CRIME is not a problem? (the vunerability, not crime itself, hah.)
22:12 sri when did i say anything about CRIME?
22:13 linagee ah, n/m.
22:13 linagee for the report I pasted in that jsfiddle, cipher is not defined. (using all defaults)
22:14 linagee IO::Socket::SSL was 2.008
22:15 linagee Probably more importantly, Mojolicious was 5.70
22:17 linagee The things that scare me most are "Secure Client-Initiated Renogotiation - Supported, DoS DANGER" and "TLS compression - Yes INSECURE"
22:17 sri jberger: i wonder if we should just make is a rule to disallow context sensitivity
22:17 jberger I think we would do that de-facto anyway at this point
22:18 jberger I typically build all my apis to handle list context sensitivity, but I can't remember the last time I actually used it to accomplish anything
22:20 jberger just github searched my repos, the only meaningful one is this: https://github.com/jberger/Text-AsciiTeX/blob/c1d10b6d7518ba70e70b0785b44399b6d5af6f06/lib/Text/AsciiTeX.pm#L25-L39
22:23 linagee geez, this gives me 76 ciphers... openssl ciphers -v 'HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH'   (also, is this a good cipher string to use to appease Qualys?)
22:37 neyasov_ joined #mojo
22:41 basiliscos joined #mojo
22:48 * sri should have known better than to edit a tweet
22:48 sri first one had 4 RTs almost instantly, the new one is dead
22:51 sri hope we at least got fragment and userinfo normalization right this time
22:52 Grinnz_ linagee: linagee try HIGH:!aNULL:!MD5
22:52 Grinnz_ oops
22:52 Grinnz_ -linagee
22:54 Grinnz_ linagee: a few of those may not be simple to fix, you may be better off reverse proxying from nginx after all :)
22:55 Grinnz_ and i just refactored some heavily used functions in our code to kill context sensitivity, heh
22:55 Grinnz_ in doing so, they're easier to check for errors as well
22:57 Grinnz_ I know that I had to add: ssl_session_timeout 5m; and ssl_prefer_server_ciphers on; to my nginx conf to satisfy SSL Labs
22:57 Grinnz_ i'm not sure if these features could be easily replicated in hypnotoad
22:57 Grinnz_ or maybe they are already, i dont remember which tests they were for
22:58 sri if you want more IO::Socket::SSL features exposed as configurations settings, pull requests are welcome
22:58 sri (just don't forget to include tests)
22:59 sri s/s//
22:59 Grinnz_ i'd have to figure out which IO::Socket::SSL features would even affect it first heh... i might play around with hypnotoad for a bit sometime
23:00 Grinnz_ ah! this one was important too: ssl_session_cache shared:SSL:10m;
23:01 Grinnz_ but here is what i get under nginx with that and these settings http://ur1.ca/j9j7z
23:01 Grinnz_ https://www.ssllabs.com/ssltest/analyze.html?d=grinnz.com
23:02 Grinnz_ (the ssl_session_cache setting i have globally, outside the virtual server context, i don't remember why)
23:12 sri npn/alpn support is also still on the todo list
23:39 skittles joined #mojo
23:43 skittles I am using the mojo user agent package. I have a dom structure like this... <p><strong>title</strong>also;dkfasl;dfkal;sdfk</p> I am getting the text inside of the strong and then using $strong->next_sibling and need the text.... but adding ->text to next_sibling does not work. :\
23:43 skittles Hopefully not a dumb question... I just can't get it to work.
23:47 Grinnz_ define "does not work"
23:47 skittles It returns a blank string.
23:47 Grinnz_ the strong tag in your example does not have any siblings
23:47 skittles If I "say $node->next_sibling" it prints the text.
23:47 Grinnz_ <p> is a parent of it
23:48 skittles so it would be better to go $obj->parent->text?
23:48 Grinnz_ sure, that should work for that example
23:48 skittles i was just over thinking it.
23:48 skittles Thanks!
23:57 linagee Grinnz_: so if I wanted an A+ on Qualys, the suggestion would be to go with nginx and play with options there? (There doesn't seem like a lot of settings for hypnotoad other than the cipher string)
23:57 linagee (or an A or whatever)

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary