The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2015-05-14

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:21 _dave_ would it be too much to clarify the distinction between "children" and "descendants" with a parenthetical quick reference? :)
00:35 mattastrophe joined #mojo
00:57 zivester joined #mojo
01:03 klapperl joined #mojo
01:27 absolut_todd joined #mojo
01:29 timhtheos joined #mojo
01:37 hshong joined #mojo
01:59 disputin joined #mojo
02:06 noganex_ joined #mojo
02:47 jberger you know, I didn't mention it here because I assume that everyone else is reading reddit and bpo, but maybe I should say that I wrote a blog post about my recent cpan binge http://blogs.perl.org/users/joel_berger/2015/05/new-cpan-modules.html
02:47 jberger most of it is mojo
03:02 Grinnz you've been busy!
03:37 asarch joined #mojo
03:38 elik joined #mojo
04:06 Oleg joined #mojo
04:59 elik joined #mojo
06:05 dod joined #mojo
06:09 kaare_ joined #mojo
06:10 dod joined #mojo
06:23 bramirez joined #mojo
06:59 trone joined #mojo
07:07 AndrewIsh joined #mojo
07:40 Vandal31341 joined #mojo
08:07 bramirez joined #mojo
08:25 bramirez joined #mojo
08:30 amon joined #mojo
08:34 mattastrophe joined #mojo
08:36 polettix joined #mojo
08:49 bramirez joined #mojo
08:54 nf joined #mojo
08:55 misty_g3ar joined #mojo
09:01 bjakubski joined #mojo
09:42 stephan joined #mojo
09:59 nf joined #mojo
10:38 oliver joined #mojo
11:08 kyshtynbai joined #mojo
11:32 good_news_everyon joined #mojo
11:32 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/vUyh1
11:32 good_news_everyon mojo/master 46b076f Sebastian Riedel: a little more consistency
11:32 good_news_everyon left #mojo
11:41 Kripton joined #mojo
12:26 nf joined #mojo
12:34 ashimema silly question..
12:34 ashimema is there an alterntiave to ->render one should use when sending a 204 no content response?
12:35 ashimema I've found a ->render( status => 204 ); actually results in a 404 as mojo's still looking for somthing to render..
12:36 ashimema Though if I do for instance ->render( json => undef, status => 204 ); it all works as expected..
12:36 ashimema anyone?
12:36 purl Somewhere, someplace, in some universe, somebody uses whatever you just asked about.
12:40 jberger ashimema: rendered
12:40 jberger $c->rendered(204)
12:41 ashimema oh man.. how did I miss that!
12:41 ashimema thanks jberger
12:41 jberger np
12:41 jberger I had to learn that one the hard way myself
12:41 jberger :-P
12:41 ashimema :)
12:50 bramirez joined #mojo
12:53 _dave_ joined #mojo
12:55 Rallias joined #mojo
13:00 human39 joined #mojo
13:00 polettix joined #mojo
13:08 AirDisa joined #mojo
13:12 oliver left #mojo
13:16 gryphon joined #mojo
13:25 Adura_ joined #mojo
13:26 jberger https://gist.github.com/jberger/8e6bc065011a6fed9d15
13:27 asarch joined #mojo
13:27 bwf joined #mojo
13:32 bramirez joined #mojo
13:36 vytas joined #mojo
13:50 amon joined #mojo
13:55 dod joined #mojo
13:58 mattastrophe joined #mojo
14:12 zackiv31 joined #mojo
14:16 amon1 joined #mojo
14:23 mattastrophe joined #mojo
14:33 Adura joined #mojo
14:51 go|dfish joined #mojo
15:16 kopekru joined #mojo
15:21 kopekru hello, I have a problem with Heroku when i use DBI and DBD::SQLite modules. Deploy Log: http://pastebin.com/Fzq3p8hr My Makefile.PL: http://pastebin.com/hMK38Yae
15:21 Repaster Repasted text from kopekru: http://fpaste.org/221947/31616897/
15:22 Grinnz_ Repaster: http://pastebin.com/hMK38Yae
15:22 Repaster Repasted text from Grinnz_: http://fpaste.org/221951/16939143/
15:23 Grinnz_ kopekru: can you paste the build.log it references?
15:25 Grinnz_ i don't know much about heroku, but that's where i'd start
15:25 kopekru Grinnz_: yes i pasted it http://fpaste.org/221947/31616897/
15:26 Grinnz_ kopekru: that's not the build.log
15:26 Grinnz_ "See /app/.cpanm/work/1431616577.180/build.log for details."
15:28 kopekru Grinnz_: I have no idea where it is?  in the heroku cloud or it i have locally?
15:29 Grinnz_ kopekru: sorry, i'm not familiar enough with how it works
15:30 lluad joined #mojo
15:32 AirDisa joined #mojo
15:34 disputin joined #mojo
15:38 tadegenban joined #mojo
15:39 Oleg joined #mojo
15:42 jberger heroku has an ephemeral filesystem
15:42 jberger your table vanishes
15:42 mattastrophe joined #mojo
15:42 kyshtynbai Guys, should I try to follow MVC model when using Mojolicious Lite? I'm starting to have a plenty of chuncks of code in main application file, so I moved all the helpers and other logic to an external .pl files and require them, but maybe there are some kind of guidlines of 'good practice of follwoing mvc paradigm' for Mojoliciois?
15:43 Grinnz_ kyshtynbai: if you want to separate code, just make it a full app
15:43 Grinnz_ kyshtynbai: see the Growing guide, it's not too complicated
15:43 kyshtynbai tnx
15:44 Grinnz_ kyshtynbai: stuff like helpers you can easily put in a custom plugin, for either type of app
15:44 Grinnz_ kyshtynbai: but to separate controllers and their action methods, you should make it a full app
15:45 kyshtynbai I see. Thanks.
15:45 ashimema Whilst there's advice going on about structuring an app I was just about ask for some advice myself.. :)
15:46 ashimema my app is mostly a restful api and thus far there's been pretty much an obvious one to one mapping between controllers and groups of routes..
15:47 ashimema for instance.. get, post, put and delete for a /users route in one User.pm controller class
15:47 ashimema and simliar for a 'List.pm' class..
15:48 ashimema but I'm now getting into the territory and wanting to do things like get /lists/id/users to get a list of users filtered by the list their associated with..
15:48 Grinnz_ ashimema: what i do is make a e.g. /users route, with ->to(controller => 'user'), and then pass that route to a function which populates ->get('/'), ->post('/') etc actions
15:48 ashimema where would people recommend the code for that live?
15:48 Grinnz_ maybe not a function if its only a few
15:49 ashimema so you handle the second elvel of routing in the controller class itself.. did I read that right?
15:50 Grinnz_ no, this is all still in the function i call from the startup method
15:50 jberger ashimema: routing is a tree
15:50 Grinnz_ the controllers aren't involved in routing
15:50 Adurah joined #mojo
15:50 ashimema So I have code like: $r->post('/api/lists')->over( is => 'librarian' )->to('api-list#create');
15:50 ashimema for example..
15:51 ashimema all in the startup..
15:51 kopekru jberger: what type DB i can use on heroku? postgres, couchdb? or i must have DB on another place?
15:51 jberger they have services
15:52 jberger for the Galileo demo I actually rely on the ephemeral filesystem to prevent spam
15:52 kopekru jberger: service free or paid?
15:52 jberger I committed the sqlite db file
15:52 jberger you're going to have to look
15:52 jberger I don't know
15:53 Grinnz_ ashimema: yeah you can split the routes into functions, and use sub-routes to make it easier to manage
15:53 Grinnz_ ashimema: i actually put all the route definitions in another module which i just load from startup, for organization
15:53 kopekru jberger: thanks
15:53 ashimema cool.. I sort of following.. any example code I could take a gander at?
15:54 ashimema just to make sure I'm actually following.. and not just imagning I am ;)
15:54 Grinnz_ ashimema: i don't have any public code with complex enough routing unfortunately...
15:55 ashimema No worries.. I tend to do a github search before asking such questions.. but it seems most of the code on there with mojo used is fairly straight forward.. not many people seem to spread into the more complex bits ;)
15:56 Grinnz_ $r->post('/api/lists')->over( is => 'librarian' )->to('api-list#create'); # could be my $lists = $r->any('/api/lists')->to(controller => 'api-list'); $lists->post('/')->over(...)->to(action => 'create')
15:56 Grinnz_ etc...
15:56 ashimema (not in an open source way at least).. hopefully I'll be able tot alk the boss into letting me open source this piece at some point (then you lot can point out all my mistakes ;))
15:56 ashimema cheers Grinzz_
15:57 Grinnz_ that is what i mean by subroutes
15:57 Grinnz_ just remember any route which has subroutes that is not "under" will not trigger an action itself
15:58 Grinnz_ but if you remove the subroutes or make it "under" then it will
15:58 Grinnz_ and under is sometimes useful in the same context, for common code between the actions
15:59 Grinnz_ https://metacpan.org/pod/Mojolicious::Guides::Routing#Nested-routes and https://metacpan.org/pod/Mojolicious::Guides::Routing#Under
16:00 ashimema :).. was just reading the Nested routes docs as it happens :)
16:00 ashimema thanks again
16:10 jberger marcus: https://metacpan.org/source/MRAMBERG/Mojolicious-Plugin-MountPSGI-0.02/lib/Mojolicious/Plugin/MountPSGI/Proxy.pm#L12
16:11 jberger if the plugin is installed, then the home directory for the Proxy app is inside site_perl
16:12 jberger probably it should attach the original app's home to the Proxy app
16:12 jberger but also, since load_psgi can load a class, shouldn't it check if the rel_file exists and if so use it, but if not, then pass forward the original string?
16:12 jberger and let load_psgi try to work it out?
16:20 tadegenban joined #mojo
16:24 gtodd joined #mojo
16:45 disputin joined #mojo
16:48 zackiv31 joined #mojo
16:50 disputin joined #mojo
16:53 tadegenb` joined #mojo
16:56 marcus hey
16:57 marcus i am drinking in baden baden. make an issue? jberger
17:04 absolut_todd joined #mojo
17:16 kaare joined #mojo
17:21 jberger will do
17:21 jberger actually I see a few other things, I'll probably just open a PR once I get to it
17:21 timhtheos joined #mojo
17:21 jberger marcus: drink one for me too
17:22 sh4 joined #mojo
17:27 mattastrophe joined #mojo
17:54 zackiv31 joined #mojo
17:57 punter joined #mojo
18:05 amon joined #mojo
18:17 polettix joined #mojo
18:21 berov joined #mojo
18:25 nf joined #mojo
18:38 kopekru joined #mojo
19:11 trone joined #mojo
19:21 mattastrophe joined #mojo
19:26 nf joined #mojo
19:32 mishantil joined #mojo
19:36 disputin joined #mojo
19:37 mishanti1 joined #mojo
20:22 AirDisa joined #mojo
20:26 nf joined #mojo
20:35 _dave_ Oh look...zend is claiming php 7 is an order of magnitude faster than perl
20:36 Grinnz_ faster at what is the question
20:36 _dave_ it's obviously specious
20:36 _dave_ https://www.zend.com/en/resources/php7_infographic
20:36 _dave_ they claim "the mandelbrot set"
20:36 * _dave_ sighs
20:38 Grinnz_ rofl
20:39 Grinnz_ i wonder what algorithm they used
20:39 Grinnz_ i don't want to hear about php 7 being fast, i want to hear about it breaking compatibility with the entire internet so as not to be completely shit
20:42 _dave_ I wish I could stop hearing about PHP, but there's these things called "clients" :/
20:42 _dave_ it's pretty clear you need a language for those lesser skilled at thinking so the management drones can have their minimum wage coders
20:43 Grinnz_ i'm just glad when people hire cheap work it's usually PHP coders, it means less perl4 being created every day
20:43 _dave_ less perl4?
20:43 Grinnz_ cheap contractors writing perl
20:43 _dave_ ahh
20:43 _dave_ well that is the major reason php is so popular
20:43 _dave_ you can get a min wage php coder
20:44 Grinnz_ and they can make a 5000 line php script with 17 security vulnerabilities pretty quickly
20:44 _dave_ It's sad because there are such better tools (e.g. Mojo) to do things with
20:44 misty_g3ar joined #mojo
20:45 _dave_ I tell clients that using php to design your huge facebook project is like asking a construction worker to build a skyscraper with a hammer
20:45 lluad That facebook is written in PHP is doubly ironic.
20:45 Grinnz_ i would say it's more like asking them to build a skyscraper with a banana
20:46 Grinnz_ the monty python knights of ni scene was really just a retelling of writing a website in php 3
20:48 _dave_ lol
20:53 genio http://rosettacode.org/wiki/Mandelbrot_set#Perl
21:02 _dave_ we don't even know if zend used that code or knew to find a cpan module Math::BigFloat (for example) or what
21:07 timhtheos joined #mojo
21:09 disputin joined #mojo
21:09 cfedde joined #mojo
21:16 zackiv31 joined #mojo
21:25 leont joined #mojo
21:27 mattastrophe joined #mojo
21:27 nf joined #mojo
21:31 jberger _dave_: http://i.kinja-img.com/gawker-media/image/upload/s--P0s74tpt--/c_fit,fl_progressive,q_80,w_636/q8qbuiwhfesvnitnae9i.jpg
21:31 punter joined #mojo
21:33 leont jberger: please read the «RSA or HMAC?» and «Recommendations for Library Developers» of https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/, Mojo::JWT only escapes being exploitable because most of the time the public and secret attributes aren't defined at the same time (but that may not always be true at the same time). You should not let an attacker pick the signing algorithm.
21:34 jberger leont: I did read that btw
21:34 jberger and its a little tighter than that
21:36 jberger https://github.com/jberger/Mojo-JWT/commit/bcbf6c16707cc4de77e23fbb2eec3c64266f6f98
21:37 jberger I specifically added the public attribute so that asymmetric encryption would require it
21:38 jberger the common fix of whitelisting algos during decryption is ugly IMO
21:39 jberger and since this is an OO solution, you can as easily check that the requested algo is what you expect as you would whitelist certain ones
21:40 leont The current design feels fragile to me. I don't think it's exploitable, but I can easily see how adding functionality to this can lead to something that is.
21:40 leont This is crypto, is ought to be designed more defensive than that IMO.
21:43 _dave_ jberger: lol? is that your reaction :)
21:45 jberger leont: https://twitter.com/joelaberger/status/590550975947153409?cn=cmVwbHk%3D
21:45 jberger your reaction is about the same as the author of that article, whom I contacted
21:47 mst jberger: however, people -won't- check, because they're people
21:47 kyshtynbai joined #mojo
21:47 mst I would argue that it should default to maximum defensiveness
21:47 leont Yeah, what mst said.
21:47 mst and offer an attribute if you want to risk goatseing yourself
21:47 mst right now you've written code that defaults to 'no strict;'
21:47 leont The only way to make people use crypto correctly is to make the correct way the easiest way.
21:47 mst this makes me sad when security code is involved
21:49 jberger hmmmmm, perhaps "secret" and "public" should not be strings but hashes where the key is the algo and the value is the related key
21:52 mst that ... sounds sufficient to me, unless I'm misunderstanding
21:52 leont Not sure how that is simpler than having separate arguments (or a two member array for that matter), but it would be safe at least
21:52 mst leont: thoughts?
21:52 purl i like cheese
21:52 jberger as I've been saying to mst privately (should have done it here)
21:53 jberger if someone can construct an asymmetric key for which the public key is also the public key for a different algorithm then both algos are already broken and everyone is vulnerable
21:53 jberger the distinction really is making sure that an attacker can't trick the library into using a symmetric algo in place of an asymmetric, which I prevent
21:54 jberger I don't really think you buy any actual additional safety but complicating things in either of the proposed ways
21:54 Grinnz_ and overcomplication is how you get people to say "screw it" and set their password to aaaaaa
21:55 Grinnz_ (figuratively speaking... usually)
21:55 jberger Grinnz_: a slightly different situation, but yeah
21:57 leont I agree it's unlikely, but crypto
21:58 leont And it's not true both algos need to be broken, only one of them.
21:59 jberger fine, but if they break the algo that my public key is for then you've already got it
22:00 absolut_todd joined #mojo
22:00 leont That's the point, breaking the other is enough. They can choose the broken one even if you don't use it.
22:01 jberger so the use case there would be: you have two public keys in storage somewhere, you see that the user is using one in the JWT, but it turns out that that one is cracked
22:02 jberger the fact that you still accept the cracked algo is the problem, not that the malicious attacker is providing it
22:03 jberger that's no different than the whitelisting scheme that that article author proposes
22:09 absolut_todd joined #mojo
22:15 absolut_todd joined #mojo
22:21 LordVorp joined #mojo
22:21 cfedde $s->host->list returns an array of BCV::HostItem objects. but $s->render(json => $s->host->list) returns an array of "BCV::HostItem=HASH(0x6397868)" strings.  do I need to override a serialize method somewhere?
22:22 Grinnz_ what is $s?
22:22 purl well, $s is undefined, and that is run in an eval and fails?
22:22 Grinnz_ purl: forget $s
22:22 purl Grinnz_: I forgot $s
22:23 cfedde %s is the self in this Mojolicious::Lite app.
22:23 cfedde er $s even
22:24 Grinnz_ Mojolicious::Lite doesn't have a $self, that's why it's usually called $c by convention there
22:24 Grinnz_ not that it's a big deal
22:24 Grinnz_ (it's a controller object, not the app object)
22:24 jberger the invocant passed to a controller action is a controller
22:26 cfedde cool.
22:26 Grinnz_ now... what is BCV::HostItem?
22:26 cfedde thanks
22:26 cfedde I';ll go back to fixing this myself.
22:26 jberger cfedde, TO_JSON is the method you want to provide in your  BCV::HostItem
22:26 Grinnz_ yes, you can either do that or overload stringification
22:26 cfedde jberger: thanks!
22:26 zackiv31 joined #mojo
22:26 jberger np
22:26 Grinnz_ TO_JSON will work even if you use Mojo::JSON::MaybeXS
22:27 jberger its a fairly common convention
22:28 cfedde perfect.
22:28 purl perfect is the enemy of good enough.
22:28 * cfedde pets purl
22:28 * purl pets cfedde back, harder
22:28 Grinnz_ purl: get a room
22:28 purl Or get thee to a nunnery!
22:28 Grinnz_ haha
22:28 * cfedde pushes purl downthe stairs
22:28 * cfedde pushes purl down the stairs
22:28 * purl attaches herself to cfedde using suction and a ham straw
22:29 Grinnz_ cfedde: sorry for the roundabout questions to start, but i didn't know it was a Mojo app you were talking about
22:30 nf joined #mojo
22:37 cfedde Grinnz_: no worries.
22:37 purl Ha!
22:37 cfedde and thanks for the help.
22:37 cfedde work keeps getting in the way of my IRC time.
22:38 mattastrophe joined #mojo
22:38 cfedde I'm not sure where I started using $s for the variable in the controler objects.
22:38 cfedde It just adds to the confusion.
22:39 Grinnz_ cfedde: in a full app, it's usually $self, since it refers to an instance of the class it's inside
22:40 Grinnz_ that's just the general perl convention
22:41 Grinnz_ they're actual methods whereas in Lite, they're all anonymous subs
22:41 Grinnz_ or references to subs in main, or whatever
22:44 cfedde at least sub refs.  though occasionaly they get complex enough that I break them out into named subs and put a subref in the route.
22:44 cfedde what you said!
22:44 cfedde :-)
22:50 kopekru joined #mojo
22:52 jberger Grinnz_: that's exactly why I always use $c even in anonymous actions
22:52 jberger otherwise its too easy to think that you are getting an app instance
22:52 asarch joined #mojo
22:53 cfedde $c->app gets you to the app from the controler though?
22:54 jberger correct
22:54 jberger but say $c->log is an error
22:55 jberger so if you only see $self and aren't sure
22:55 cfedde yeah.
22:55 Grinnz_ well, $self is dependent on knowing what file you're editing :P
22:55 Grinnz_ i don't usually have a problem with that, but which git branch i'm on, that i screw up plenty
22:55 jberger Grinnz_: sure, its just something I do, since Lite might be confusing in that way
22:56 jberger airline ftw
22:56 Grinnz_ git stash ftw :P
22:56 cfedde as always it's about making sure you and the computer agree on what you want the computer to do.
22:58 jberger http://i.imgur.com/N6PNmRp.png
22:58 jberger Grinnz_: ^^
22:59 Grinnz_ jberger: heh
22:59 jberger cfedde: yes the computer has that nasty habit of doing exactly what you tell it to do :p
22:59 stephan48 wasn't there a full crud example somewhere?
22:59 Grinnz_ it's good to figure out what you're telling the computer to do.
23:00 Grinnz_ stephan48: the one added to Mojo::Pg?
23:00 Grinnz_ or was it a route crud example... i forget
23:01 Grinnz_ https://metacpan.org/release/Mojo-Pg has a blog example, i think that's it
23:01 stephan48 ah it was in Mojo::Pg
23:01 stephan48 thank you!
23:06 mattastrophe joined #mojo
23:09 AirDisa joined #mojo
23:09 absolut_todd joined #mojo
23:12 AirDisa joined #mojo
23:29 mattastrophe joined #mojo
23:30 nf joined #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary