The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2015-06-11

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 ningu any idea what's up there?
00:04 ningu aha, I see the issue. kinda.
00:05 ningu so if I do ->find('*') it finds nothing, but if I do ->descandant_nodes it finds the text node, but then I have to do ->content rather than ->text on it.
00:07 ningu maybe if I do: $ex->descendant_nodes->grep(sub { $_->type eq 'text' })->map('content')->join;
00:09 ningu yep that seems to do it.
00:17 Zoffix joined #mojo
00:21 mattastrophe joined #mojo
00:39 panshin joined #mojo
01:26 klapperl_ joined #mojo
01:51 frederic_ joined #mojo
02:29 noganex joined #mojo
03:27 zivester joined #mojo
03:35 disputin joined #mojo
03:38 kaare joined #mojo
03:57 gatitskiy joined #mojo
05:35 berov joined #mojo
05:37 Adurah joined #mojo
05:40 dotandimet joined #mojo
05:58 dod joined #mojo
06:03 dod joined #mojo
06:07 panshin joined #mojo
06:55 AndrewIsh joined #mojo
07:03 eseyman joined #mojo
07:09 al joined #mojo
07:10 trone joined #mojo
07:12 ans joined #mojo
07:14 firnsy joined #mojo
07:24 jzawodn joined #mojo
07:35 gatitskiy joined #mojo
07:42 gatitskiy joined #mojo
07:45 marmez joined #mojo
07:53 absolut_todd joined #mojo
07:56 dotandimet joined #mojo
07:58 absolut_todd joined #mojo
08:01 woz joined #mojo
08:04 gatitskiy joined #mojo
08:04 woz joined #mojo
08:07 gatitskiy joined #mojo
08:09 jkramer left #mojo
08:10 gatitskiy joined #mojo
08:11 Vandal joined #mojo
08:13 gatitskiy joined #mojo
08:38 gatitski_ joined #mojo
08:40 bin_005 joined #mojo
08:46 sri o/
08:48 gatitskiy joined #mojo
09:08 gatitski_ joined #mojo
09:10 gatitskiy joined #mojo
09:13 gatitski_ joined #mojo
09:16 gatitskiy joined #mojo
09:18 gatitski_ joined #mojo
09:21 gatitskiy joined #mojo
10:09 panshin joined #mojo
10:11 panshin joined #mojo
10:16 irq joined #mojo
10:21 gatitskiy joined #mojo
10:38 gatitski_ joined #mojo
10:52 gatitskiy joined #mojo
10:55 gatitski_ joined #mojo
11:02 gatitskiy joined #mojo
11:05 gatitski_ joined #mojo
11:12 panshin joined #mojo
11:29 gatitskiy joined #mojo
11:31 gatitski_ joined #mojo
11:34 gatitskiy joined #mojo
11:37 gatitskiy joined #mojo
11:43 cpan_mojo Mojolicious-Plugin-DebugDumperHelper-0.01 by LDIDRY https://metacpan.org/release/LDIDRY/Mojolicious-Plugin-DebugDumperHelper-0.01
11:57 mattastrophe joined #mojo
12:04 gatitski_ joined #mojo
12:06 gatitskiy joined #mojo
12:08 gatitski_ joined #mojo
12:11 gatitskiy joined #mojo
12:12 aggrolite joined #mojo
12:13 panshin joined #mojo
12:17 cpan_mojo Mojo-Snoo-0.12 by CURTIS https://metacpan.org/release/CURTIS/Mojo-Snoo-0.12
12:18 punter joined #mojo
12:19 pink_mist "WHY SNOO? [...] Reddit's licensing changes prohibit the word "reddit" from being used in the name of reddit API clients" <-- what the hell, how do they expect people to find API clients then? what a load of horse manure
12:19 aggrolite heh
12:20 neilhwatson joined #mojo
12:20 coolo pink_mist: the clients need to have a description then? :)
12:20 pink_mist usually one goes by name
12:20 aggrolite all of the current client wrappers have silly names now
12:20 coolo pink_mist: I sympathize with the goal of python bindings to the API not competing for python-reddit, but come up with something more clever :)
12:21 aggrolite i personally like snoo, but the go library is now called “geddit” which i’m not a fan of
12:21 coolo pink_mist: just see what happened in the XML namespace of cpan - it's a mess
12:21 pink_mist if I were trying to find a Mojo interface to reddit, I'd start by looking at Mojo::Plugin::Reddit, and second Mojo::Reddit ... but ...
12:21 coolo (not even talking about Test: ;)
12:23 aggrolite see also https://github.com/trevorsenior/snoocore
12:23 aggrolite and this one will have to change https://github.com/sahilm/reddit.js
12:23 coolo pink_mist: like the neat Mojo::mysql vs Mojo::MySQL libraries? :)
12:24 coolo oh, it's MySQL5
12:25 coolo pink_mist: my point is that generic terms are bad names - and I guess reddit wants to be a generic term
12:25 pink_mist coolo: why should Reddit impose such things on cpan? let us have our namespaces =(
12:25 pink_mist reddit isn't a generic term though
12:25 pink_mist neither is mysql
12:25 pink_mist it's quite specific
12:25 coolo pink_mist: because it's their trademark
12:26 pink_mist that's not how trademark works
12:26 pink_mist *trademarks work
12:28 coolo pink_mist: actually I just read their license. All they require is: You may not use "reddit" without "for" preceding it.
12:28 coolo pink_mist: so Mojo::Plugin::ForReddit and you're done
12:28 coolo and note it's about the title not about the name
12:29 aggrolite interesting
12:29 coolo So http://search.cpan.org/~jeffober/Reddit-Client/lib/Reddit/Client.pm says "perl wrapper for Reddit" - complying to their lcense
12:29 aggrolite oops, my flight is boarding
12:31 pink_mist coolo: that doesn't look like he's complying with the license. "Reddit-Client" is already a violation, that the description is compliant doesn't mean the name is
12:32 coolo pink_mist: you confuse title and name IMO
12:33 pink_mist Reddit-Client is the name of that one. and it is the name they care about.
12:33 pink_mist "(1) we're asking API clients to not use the word "reddit" in their name" <-- name.
12:33 coolo pink_mist: https://www.reddit.com/wiki/licensing talks about title
12:34 pink_mist and this is meant to clarify things: https://www.reddit.com/r/redditdev/comments/2ujhkr/important_api_licensing_terms_clarified/
12:35 coolo I see
12:36 coolo but again, it's their trademark so they have to defend it - or the trademark is gone
12:37 pink_mist trademarks apply very strictly to specifically the thing they registered it for -- a library for accessing its api is not something they need to defend against.
12:39 sri just let reddit die
12:39 sri we need a better site for memes and cat pictures
12:40 mattastrophe joined #mojo
12:47 Zoffix pink_mist, where are you seeing that tripe?
12:47 pink_mist which specific tripe are you referring to?
12:48 Zoffix pink_mist, that redit prohibits use of "reddit" in API clients
12:48 Zoffix never mind, I see two links above
12:52 good_news_everyon joined #mojo
12:52 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/vIynr
12:52 good_news_everyon mojo/master ff76c8d Sebastian Riedel: test template names
12:52 good_news_everyon left #mojo
12:53 Zoffix Well, the purpose is clearly to make it obvious whether an implementation is something official from Reddit or a 3rd party code. The module name that includes namespaces as well as JS filenames mentioned above are just not reasonable to have 'for' in them. The ABSTRACT needs to make the clarification that the code is a 3rd party.
12:53 Zoffix So we don't need to rename module names. Just abstracts need a clarification where one is absent.
12:55 Zoffix Renaming would break code and still leave all code on BackPAN and if they want to sue, I think a reasoned argument against that can be easily brought forward. They *want* their API implemented after all.
12:55 gatitskiy joined #mojo
13:14 panshin joined #mojo
13:22 gatitskiy joined #mojo
13:23 gryphon joined #mojo
13:36 sri i guess ->scope() would work as an alternative name for ->under()
13:36 * sri just stumbled over that while reading up on phoenix
13:55 jberger We could use the term "scope" and still call it under
13:56 jberger Create a scope using "under"
13:56 jberger I just have been looking for a noun to use
13:56 jberger As a description
13:58 batman i don't see the big win.
13:59 jberger batman: it's not one really, it's just awkward to describe
13:59 jberger But not so much that I would want to change the method name
13:59 batman is it less awkward with scope() ?
13:59 batman if "yes", then i think it's a big win :)
14:00 batman i think it's a bit hard to explain either way
14:00 batman (but i'm not a native speaker)
14:00 jberger Under is a preposition
14:01 jberger You can't think of an instance of a preposition
14:01 jberger But scope is a noun
14:01 Grinnz_ and a verb :)
14:01 batman i think i would like a verb then? and i guess... yeah, what Grinnz_ said
14:01 jberger However, a preposition is fine as a method name, as long as you call what it creates a noun
14:02 jberger Subroute would be fine too
14:02 batman but route() also creates a subroute
14:03 batman restrict()...? filter() ?
14:03 Grinnz_ i think the problem with any of these is that it's not specific to under, you can also say routes that are created with just any() are subroutes or scoped
14:03 batman i agree
14:03 Grinnz_ the words don't have any meaning that indicates the intermediate step (under doesn't really either)
14:04 hahainternet so
14:04 hahainternet one of my users just put his use Mojo::Base
14:04 hahainternet above his package definition
14:04 hahainternet and it took me forever to spot it, a good 15 mins
14:04 Grinnz_ hah
14:04 pink_mist re under ... /me kindof likes the way you do it in lite-apps where it's called grouping
14:04 hahainternet secondly, he put his controller under MyApp::Controller::Name
14:04 hahainternet but did ->to(Name#thingy)
14:04 hahainternet so i suggest both of these elicit warnings when run under morbo at the least
14:05 hahainternet because they're both easy mistakes to make, and i watched a guy make them
14:05 Grinnz_ the first case isn't really something mojo can figure out
14:05 hahainternet but as i don't write enough mojo, it took me a while to figure it out
14:05 sri what is wrong with ->to(Name#thingy)?
14:05 hahainternet Grinnz_: it can check what package it's being imported into i believe, not sure how helpful that would be as he had the wrong address so it wouldn't have loaded
14:05 batman hahainternet: can you show me the code where use Mojo::Base was above package?
14:06 hahainternet sri: nothing except that it was "Controller::Name"
14:06 Grinnz_ it could be any package, if you put it before the package definition
14:06 hahainternet and so it rendered the template just fine
14:06 sri hahainternet: nothing wrong with it then
14:06 batman Grinnz_: no. it would be "main"
14:06 hahainternet Grinnz_: hmm, yeah i suppose it wouldn't be main
14:06 hahainternet sri: didn't say there was anything wrong with it, just saying it might be worthy of a casual warning through morbo
14:06 batman Grinnz_: any part of a file outside or before package is tied to "main"
14:06 sri hahainternet: huh?
14:06 hahainternet 'routing to a controller with only a template'
14:06 hahainternet or similar
14:06 Grinnz_ batman: oh.
14:07 sri hahainternet: THERE IS NOTHING WRONG!
14:07 batman hahainternet: ->to("Name#") and ->to("name#") is the exact same thing.
14:07 sri what would you warn about if there is nothing wrong?
14:07 batman sri: UNICORNS!!!!
14:07 purl somebody said unicorns was http://xrl.us/2dn5
14:07 batman :)
14:07 hahainternet batman: it was nothing to do with case
14:08 hahainternet unless i'm mistaken and mojo will skip over the ::Controller:: in the middle
14:08 hahainternet let me check
14:08 batman hahainternet: huh? do you mean that the user forgot quotes?
14:08 hahainternet no no, let me say it in one line to make it easier
14:08 sri that's literally how all our examples do it
14:08 batman if so, it would've been picked up by use Mojo::Base "Mojolicious";
14:08 hahainternet my user was routing ->to("Name#example")
14:08 hahainternet but his package was called "MyApp"
14:09 hahainternet and his example was in "MyApp::Controller::Name"
14:09 hahainternet his template was in the correct place
14:09 hahainternet so mojo proceeded to render it
14:09 sri ok, i'm out, this is too confusing for me
14:09 * batman gives up. i don't see the issue.
14:09 hahainternet but didn't run his controller, so using stash values for example gives a semi cryptic error
14:09 batman hahainternet: show code.
14:10 hahainternet i thought it just typed it out, but fine fine, what paste site is preferred?
14:10 batman hahainternet: from what you're saying, it's the same. so you're not telling us the whole truth or i'm just too dump to see it.
14:10 hahainternet batman: the "::Controller::" in the middle
14:10 batman i'm pretty sure it's the first.
14:10 hahainternet is the problem
14:10 batman no it's not.
14:10 hahainternet yes, it is
14:10 hahainternet i just moved it there
14:10 hahainternet to test
14:10 hahainternet it fails to render as a result
14:10 hahainternet as the template is in the correct place
14:10 hahainternet but the controller package is not
14:11 * batman out
14:11 hahainternet well that's an impressive level of denial
14:11 hahainternet i'll just paste code, gimmie a min then
14:11 batman i'm not in denial. i don't have anything to deny because i don't understand the case.
14:12 Grinnz_ https://metacpan.org/pod/Mojolicious::Guides::Routing#Namespaces
14:12 hahainternet Grinnz_: no i understand that he did it wrong, i corrected his code
14:12 hahainternet my point is that the errors given when a template is there, and a controller is not are cryptic
14:12 Grinnz_ why shouldn't they be? it's perfectly valid to have a route that doesn't use a controller action
14:12 hahainternet why shouldn't errors be cryptic?
14:13 hahainternet i'm not sure i know what you're asking
14:13 batman hahainternet: show us some code :)
14:13 hahainternet batman: willdo, gotta take out a bunch of business specific stuff first
14:14 hahainternet might as well give you a minimal test case
14:14 batman yes. as minimal as possible. with cryptic errors embedded in the code.
14:14 hahainternet is there a nice multi file paste site? i end up using the crap ones
14:15 pink_mist use a gist?
14:15 hahainternet good point
14:15 purl nice and sharp
14:21 jberger sri: I can't remember, what is the state of fat packing mojo?
14:21 jberger marcus, perhaps you know too
14:22 batman jberger: i don't think that works
14:22 batman pretty sure
14:22 purl pretty sure is probably the case, I did one of the early versions of ->populate and as I recall it was like that
14:22 batman jberger: https://github.com/kraih/mojo/pull/707
14:22 hahainternet well interesting, while reproducing this it does correctly look up the package under the ::Controller:: namespace
14:23 hahainternet so i can only assume he put the wrong package name in his file
14:23 hahainternet [Thu Jun 11 15:22:34 2015] [debug] Routing to controller "MyApp::Controller::Example" and action "list"
14:23 hahainternet this is what i'd expect to happen
14:23 hahainternet but previously i was getting "Is not a controller" errors
14:23 batman jberger: oh! the pr actually got merged :)
14:23 batman ignore me.
14:24 good_news_everyon joined #mojo
14:24 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/vIyFZ
14:24 good_news_everyon mojo/master 8b79e62 Sebastian Riedel: mention more details
14:24 good_news_everyon left #mojo
14:24 batman jberger: if it can't be fatpacked, then you might try implode
14:24 batman https://metacpan.org/pod/App::Implode
14:24 hahainternet so, yeah i don't know what the heck was wrong with his code then
14:24 hahainternet as i can't reproduce this with a simple test case
14:24 sri jberger: it works
14:24 Grinnz_ hahainternet: was it setting the route namespace anywhere?
14:25 hahainternet Grinnz_: i'm not sure, i'll grab his old code and have a look
14:26 hahainternet it would explain why the errors were cryptic though if he named something inconsistently with its path
14:26 hahainternet or something like that
14:26 purl something like that is totally possible
14:28 Grinnz_ https://metacpan.org/source/SRI/Mojolicious-6.11/lib/Mojolicious.pm#L151
14:28 hahainternet ok yeah confirmed it
14:28 Grinnz_ unless the namespace is overridden, this should be the default
14:28 hahainternet it wasn't a namespace problem
14:28 hahainternet he had named the package incorrectly
14:28 Grinnz_ heh
14:28 Grinnz_ that would do it
14:29 good_news_everyon joined #mojo
14:29 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/vIyNk
14:29 good_news_everyon mojo/master d03a28b Sebastian Riedel: more realistic example
14:29 good_news_everyon left #mojo
14:31 hahainternet yep Grinnz_ that is it
14:32 hahainternet i'm glad it's my/his fault
14:32 hahainternet because now the errors do make sense, as before it appeared it was saying the module was not a controller, when it was, but it doesn't help when it's in an unloadable path
14:33 jberger sri: thanks
14:34 Grinnz_ well, it says it's "not a controller" because after loading that module, the package name it was expecting still doesn't exist
14:34 hahainternet yep, that now makes perfect sense
14:34 hahainternet and i have committed changes to correct things and pushed to his repo
14:34 hahainternet so my job here is done
14:35 hahainternet thanks for your help batman; sri et al, sorry i was a bit aggressive but i'm glad it worked out that it was me missing something obvious :D
14:36 sri oh, next week t-shirts are 15% off on spreadshirt
14:41 ToApolytoXaos joined #mojo
14:43 batman hahainternet: i will forgive you if you buy a 15% off t-shirt next week ;)
14:43 batman Hehe
14:44 frederic_ joined #mojo
14:49 dvinciguerra joined #mojo
14:53 hahainternet fuck nah
14:53 hahainternet i'll buy it this week
14:54 hahainternet the question is, will large be large enough
14:54 hahainternet i find 'large' often to be kinda pathetic in the chest and shoulders
14:57 sri the european shirts are a little small
14:58 sri but it's hard to say, they seem to be switching shirt vendors all the time
14:58 hahainternet yeah i'm UK
14:58 hahainternet and that's why i have frustrations
15:00 hahainternet god i love the error page one
15:00 hahainternet especially as that error page is well known as an error inside our business
15:00 hahainternet that i have been too busy to debug
15:02 Kogurr joined #mojo
15:04 abracadaniel is it possible to utf8 decode the content when doing $c->render(json => $something); ?
15:04 abracadaniel in mojolicious lite
15:05 Grinnz_ why?
15:05 Grinnz_ JSON must always be utf8-encoded
15:05 abracadaniel because the charset looks weird when recieving it
15:06 abracadaniel or the content
15:06 purl somebody said the content was actually pretty useful there though
15:06 Grinnz_ are you putting data into the json that's already utf8-encoded?
15:06 abracadaniel probably
15:06 Grinnz_ fix that then ;)
15:06 abracadaniel well i get the data directly from a database
15:06 Grinnz_ hmm, usually that manages to handle utf8 decoding itself
15:06 Grinnz_ unless it's double-encodd in the database too...
15:07 Grinnz_ what kind of database?
15:07 abracadaniel mysql
15:07 Grinnz_ yeah that should take care of it for you...
15:08 Grinnz_ with utf-8 encoded content you have to be careful how you check if it's "correct", because printing data also has to use encoding, so you could see issues where there aren't any
15:08 Grinnz_ so; what's receiving this json?
15:09 abracadaniel im receiving it with a jquery get request
15:09 PryMar56 joined #mojo
15:10 abracadaniel but it also looks wrong if i just open it in the browser
15:10 Grinnz_ what version of mojolicious?
15:11 Grinnz_ https://metacpan.org/source/SRI/Mojolicious-6.11/Changes#L24 could affect whether it shows up right in the browser
15:12 rich42 joined #mojo
15:14 rich42 The home url http://mojolicio.us/ has this 'curl -L https://cpanmin.us' which will not work for https. I think it should be http instead of https. Can someone fix it?
15:15 abracadaniel ah okay
15:15 abracadaniel how do i check the version ?
15:15 Grinnz_ mojo version
15:15 abracadaniel Perl        (v5.10.1, linux)
15:15 abracadaniel Mojolicious (5.77, Tiger Face)
15:16 Grinnz_ try putting this in startup: $self->types->type(json => 'application/json; charset=UTF-8');
15:16 Grinnz_ (to emulate that change)
15:17 abracadaniel hmm
15:17 abracadaniel Can't locate object method "types" via package "Mojolicious::Controller"
15:17 Grinnz_ in startup, not in the controller
15:17 Grinnz_ oh, in lite...
15:17 abracadaniel yea its lite
15:17 Grinnz_ "app" instead of "$self"
15:18 Grinnz_ just put it before your routes
15:18 abracadaniel it still looks wrong
15:19 Grinnz_ hmm
15:19 abracadaniel i tried to utf8::decode the return string before it gets to mojolicious
15:19 * abracadaniel in the class, then it looked correct when receiving it with json
15:20 abracadaniel but now when using the class normally
15:20 abracadaniel not*
15:20 abracadaniel so its pretty weird
15:24 Grinnz_ if you can utf-8 decode it after you get it back from the database, then either the database is reutrning it wrong or it's stored double-encoded
15:24 abracadaniel i think the database might be returning it wrong
15:25 abracadaniel its some pretty big codebase, so i think there is going some funky character encoding on somewhere, which seems to be messing it up
15:26 abracadaniel but it seems like utf8 decoding it before returning it as json is fixing when using mojolicious
15:26 Grinnz_ "when using the class normally" -- perhaps you're depending on it already being utf-8 encoded in whatever you're doing here
15:27 Grinnz_ which you shouldn't; you should always work with unencoded characters until outputting
15:33 dotan joined #mojo
15:35 abracadaniel its getting weeird
15:35 abracadaniel going home from work now, i have to continue trying to solve it tomorrow
15:36 abracadaniel but thanks for the support Grinnz_ :)
15:36 sri rich42: fix what?
15:36 purl fix is slowly in the works
15:37 Grinnz_ whatever cpanmin.us is using for SSL does not allow connections from the versions of curl in any of my fedora or centos boxes :/
15:37 Grinnz_ -k doesn't even help anymore
15:37 Grinnz_ wget works though..
15:39 sri works on os x
15:40 Grinnz_ wget -qO - https://cpanmin.us | perl - App::cpanminus
15:40 Grinnz_ that works on both fedora 22 and centos 6, maybe thats a better one to use
15:42 Grinnz_ i dont know what's up with curl lately
15:52 rich42 sri: On redhat/centos based linux machine, that curl command does not work, period.
15:53 rich42 sri: you do not want something that does not work show up on mojo's home page.
15:56 Grinnz_ apparently curl in the latest fedora uses NSS and not openSSL...
16:00 sri wget does not ship with os x
16:00 sri rich42: you don't know what i want
16:00 sri redhat has always been a shitty platform, so i don't actually care all that much
16:01 * Grinnz_ would say the same, about curl
16:02 sri everybody uses curl and is used to seeing it in examples, so it's the right choice
16:04 Grinnz_ what about including both options?
16:04 sri works on ubuntu btw.
16:05 sri i'd rather change the text to "On any sensible operating system, all you need is a one-liner, it takes less than a minute."
16:05 Grinnz_ :/
16:06 * sri is very much opposed to complexity on the frontpage
16:07 Grinnz_ i don't mind the current example since i know i can just use http:// or wget instead, but it will turn people off from mojo
16:07 Grinnz_ but i could say the same about cpanminus or perl-build
16:08 sri and they will turn to?
16:08 sri which project has better installation instructions on the frontpage?
16:08 Grinnz_ true
16:08 sri "Oh, this one-liner doesn't work, maybe i should rethink my career choices..."
16:08 pink_mist why not change to http:// as default instead, and as an aside mention you can probably use https unless you're on redhat
16:09 rich42 sri: I am trying to be helpful here. I just visited this site and I am turned off by this and the attitude about fixing things.
16:09 Grinnz_ i don't like recommending http:// to be executed on a system
16:10 sri rich42: what attitude would you prefer?
16:11 sri i mean, i can also go and play some more hearthstone instead of finding a solution here
16:12 rich42 sri: whether you like it or not. many people use redhat/centos and its derivatives. If your instruction on the home page does not work, it will turn away many potential users. So fixing it is a better choice. Why not provide two different lines of choices? Does adding a line hurt that much?
16:12 sri who else does that?
16:13 sri i'm sure there's like dozens of unixes that don't ship with either, curl or wget, do they get special instructions too?
16:13 sri what about windows?
16:14 rich42 sri: dancer is more practically minded:
16:14 rich42 curl -L http://cpanmin.us | perl - --sudo Dancer2
16:14 Grinnz_ how is that different?
16:14 sri you mean insecure
16:14 Grinnz_ oh, http
16:14 rich42 I mean it works
16:14 sri until you're part of a botnet
16:14 Grinnz_ recommending someone execute code retrieved of http is a terrible precedent
16:15 rich42 security is important, but if it does not work, what's it for?
16:15 Grinnz_ making sure you don't actually install a virus instead of use cpanminus
16:15 sri of course i don't know you, maybe you like being part of a botnet... not judging
16:16 wingfold joined #mojo
16:17 sri just to be clear, making it insecure is not an option
16:18 rich42 then provide another line using wget.
16:19 sri and what about windows?
16:19 sri and other platforms?
16:19 sri like, say, solaris
16:20 Grinnz_ "curl/wget is not installed" is pretty easy to diagnose. "curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s)." makes someone think that your command is broken
16:20 sri perhaps you would like to start a wiki page with instructions for many different operating systems, we could link to that for alternatives
16:20 Grinnz_ that's an idea
16:26 dod joined #mojo
16:27 sh4 joined #mojo
16:32 rich42 left #mojo
16:39 sri so, ios9 supports http/2
16:43 disputin joined #mojo
16:57 batman oh. my. god. are we really going into the curl discussion on the frontpage again?
16:58 batman that's so funny if you manage to install redhat/centos, but you don't get how bad an idea it is to use http.
16:58 batman i find that kind of contradicting.
17:00 sri i wonder if maybe we should just abondon the whole secure by default thing
17:00 sri users don't care about security
17:01 sri as this fine gentleman just demonstrated
17:01 batman that is true.
17:01 batman i still want to keep it as is.
17:02 asarch joined #mojo
17:07 Adurah It'd be no different than perlbrew and cpanm.
17:09 sh4 joined #mojo
17:09 dave omg I did not see someone piping internet data to perl did I?
17:11 dave sri: please do not abandon security... I do not want to abandon your fine framework :)
17:11 sri i think there are only two choices... 1) get yelled at by angry "security researchers", or 2) get yelled at by newbies trying to install mojolicious for the first time
17:11 Grinnz pretty much :)
17:11 dave well you don't have to listen to anyone yelling :)
17:12 Grinnz have to strike a balance between security and convenience, it's the only practical way
17:12 pink_mist I'd rather get yelled at by newbies; it shows I'm doing something right
17:12 dave security = 1 / convenience
17:13 tempire Indeed. n00b rage is temporary.
17:14 sri if they rage, some might just not say anything and move on to something less secure
17:14 Adurah https://cpanmin.us Doesn't seem to use an https mirror itself.
17:14 dave and about "yelling" ... most of us geeks do that in the name of truth ... if we are to be enlightened geeks then we must realize that the yelling is good intentioned and not take offense
17:14 Grinnz well, sometimes.
17:14 tempire sri does have a point, it's not about us, it's about those who walk away.
17:14 Adurah $self->{mirrors}=['http://cpan.metacpan.org' ]
17:14 * sri is not actually worried about those yelling, just those that don't say anything
17:15 dave Sri, are you after market share?
17:15 sri of course
17:15 dave ah
17:15 dave have you noticed the worst tools are the most popular?
17:15 tempire We could have both. Offer the curl command as a secondary option, maybe even behind a click.
17:15 sri Adurah: that's why i added the -M switch to cpanminus
17:16 Adurah Oh...? hm.
17:16 Grinnz yeah using the metacpan mirror is easily solved
17:16 sri using our one-liner is literally more secure than using your installed cpanm most of the time
17:17 sri that one-liner is really good security wise
17:17 Adurah Now to poke around perlbrew.
17:18 sri cpanm, the index, and tarballs come from servers we actually trust via https
17:19 Grinnz tempire, do you mean the wget command as secondary?
17:19 sri dave: worse is often better, i'm well aware of that, and not afraid to embrace it
17:19 tempire Grinnz_: yes - the insecure one as secondary
17:19 dave s/better/popular/?
17:19 sri tempire: like i said, if someone writes a good install guide for the wiki we can link to it
17:19 trone joined #mojo
17:20 Grinnz tempire, neither is insecure
17:20 Adurah https://raw.githubusercontent.com/miyagawa/cpanminus/master/cpanm is likely more palatable to wget.
17:20 dave wow even you guys do the curl | perl thing ... I could never do that
17:20 sri but once you have alternatives on the frontpage, where do you draw the line?
17:20 sri what about windows? solaris?
17:21 sri dave: we trust the servers
17:21 Grinnz wget -qO - https://cpanmin.us | perl - -M https://cpan.metacpan.org -n Mojolicious # equivalent to the line on the front page now
17:21 dave do you trust your dns cache? :)
17:21 Grinnz haha, well i'd hope so
17:21 Grinnz Adurah, wget follows the redirect fine by default
17:21 sri dave: it actually only loads cpanm from a secure server, and installs mojolicious from a secure cpan mirror
17:22 Adurah curl, rather.
17:22 Grinnz Adurah, that's what the -L option there is for i believe
17:22 dave sri: yeah but that's still subject to dns cache poisoning attacks ... just sayin
17:22 sri dave: and normal cpanm is not?
17:22 Adurah I remember having similar issues on my Debian 6 LTS box and using the long url.
17:23 sri dave: what cpan mirror is your cpanm using right now?
17:23 sri if you roll with the defaults like everyone else, you've been using plain http this whole time
17:23 dave I don't use cpanm ;) I use the FreeBSD ports system and a hardened dns cache.
17:24 Grinnz Adurah, i'll try
17:24 dave occasionally I'll use perl -MCPAN -e shell ... I'm old school I know
17:24 sri -MCPAN is insecure
17:24 sri see, you lost! ;p
17:24 dave that's believable
17:24 dave and I wasn't trying to win =P
17:25 dave ya gamer
17:25 dave (pot kettle black, yes)
17:25 Grinnz Adurah, that actually works. i think it is the SSL cert for cpanmin.us that is the problem
17:25 berov joined #mojo
17:25 dave but...back to reality...*why* is -MCPAN insecure?
17:26 D4RK-PH0ENiX joined #mojo
17:26 Grinnz that still uses the insecure CPAN mirrors
17:26 Adurah Yeah, the cert or issuer or something.
17:27 dave you mean "http" over "https"?
17:27 Grinnz yes
17:28 dave so cpanm is considered more secure because it uses https?
17:29 Grinnz cpanm doesn't, the metacpan mirror does
17:29 dave both mechanisms check tarball signatures right?
17:29 Grinnz it is easier to tell cpanm to only use the metacpan mirror
17:30 Grinnz where does it get the signatures to check for?
17:31 dave hm, devs "should be" creating a distribution by some method (e.g. tarball) ... then it's easy to get an SHA-256 signature of said archive or something
17:31 dave not absolutely sure whether that's done or not in CPAN, that's why I trust FreeBSD ports (when they work)
17:31 Grinnz the answer is "from the index", which is also downloaded from the mirror it uses
17:32 dave ah
17:32 d4rkie joined #mojo
17:32 Grinnz also i dont remember if thats actually something every dist has to do
17:33 dave the FreeBSD ports system is not perfectly secure either ... nor is https :)
17:33 dave it is better than http though
17:34 Grinnz https is perfectly secure provided you trust the cert
17:34 dave that's a mighty big provision ... as paranoid as I am, I don't even trust verisign
17:34 Grinnz indeed, but it's all we have
17:34 dave right, so it's "secure enough"
17:36 dave actually I got my mojolicious a third way, through github
17:36 Grinnz anyway, so the other option is replacing https://cpanmin.us with https://raw.githubusercontent.com/miyagawa/cpanminus/master/cpanm on the front page, but that's quite verbose :P
17:36 Grinnz let me just verify that works in centos too
17:37 Grinnz it does
17:40 sri the dark secret of cpan is that signatures don't work
17:40 sri like at all
17:41 Grinnz heh
17:41 dave wat?
17:41 purl Watt?  Watt?  I can't hear you, there's this buzzing noise where my brain should be. or https://www.destroyallsoftware.com/talks/wat
17:42 sri yea, just don't use signatures
17:42 sri luckily we do have a good https mirror now
17:43 aggrolite joined #mojo
17:43 dave you serious? :(
17:44 sri yes
17:46 dave you should file a bug report eh?
17:46 sri i've actually put some thought into the frontpage one-liner, and looked into the code of cpan clients
17:47 sri it's not just a bug, the system for signatire validation is more of a proof of concept so far
17:51 amon joined #mojo
17:53 dave so it's never worked
17:53 dave lol
17:55 good_news_everyon joined #mojo
17:55 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/vI9Bc
17:55 good_news_everyon mojo/master 4f9bcd2 Sebastian Riedel: mention that classes need to be loaded (closes #810)
17:55 good_news_everyon left #mojo
17:58 sri backpan for example doesn't even have signatures
17:58 sri so even if it worked, you could only verify the signature of the very latest release
17:59 dave now there's an opportunity for black hats
17:59 sri really, just forget about it, the metacpan https mirror is at least a backpan
18:01 jabberwok i was looking at prepan.org but i'm not sure how exactly it fits into the whole cpan workflow.  nor is it searchable.
18:01 sri so, yea... not sure if we really should be having a secure one-liner on the frontpage
18:01 sri even people who think they care, don't really ;p
18:03 dave we can't care these days
18:03 batman how about an onmousedown event on the oneliner that display a disclaimer?
18:03 sri the one-liner is also in the markdown readme
18:03 purl okay, sri.
18:04 batman true...
18:04 sri whatever we do needs to work here too https://github.com/kraih/mojo
18:04 * batman drinks some more beer
18:05 sri you know, when i added "curl -L https://cpanmin.us | perl - -M https://cpan.metacpan.org -n Mojolicious", i was hoping other perl people would start to wonder why i did it... and assimilate it into their projects...
18:05 dave perhaps if you explain your reasoning? :D
18:06 batman i really don't care much if curl is weird on redhat.
18:06 sri it will cost us a few users
18:06 batman redhat could have been named weirdhat :P
18:06 dave actually I'm wondering why you want to pipe output from anywhere on the internet into perl directly
18:06 dave I'd do "curl -L https://cpanmin.us >check_this_out_first"
18:06 sri because users want that
18:06 sri simple as that
18:08 dave good lord, minified perl
18:09 Grinnz that's what fatpacking is
18:09 Grinnz lots of things do it
18:09 dave I assume there's a fatunpacker?
18:10 sri perltidy?
18:10 purl i heard perltidy was a Perl source code reformatter written in Perl, at http://perltidy.sourceforge.net/ or
18:10 dave that'd work too
18:10 mattastrophe joined #mojo
18:10 Grinnz fatpacking isn't for installing, it's for running
18:11 Grinnz so that you can run code with lots of dependencies just by downloading a single script
18:11 Grinnz nice for deployment as well
18:11 dave yeah I'm pretty damn old school, never even looked at these things
18:12 Grinnz it doesn't work for XS which is the kicker for most things
18:12 dave now that's even more dangerous lol
18:12 Grinnz dangerous?
18:12 purl dangerous is, like, a pretty awesome space sim, but "game" is a bit much at this point
18:12 Grinnz i mean if you had XS dependencies those can't be packed
18:13 dave yeah, plenty of opportunity to put your rootkit code in minified XS ;)
18:13 Grinnz i think PAR or something can do it with XS code though
18:13 batman dave: you can put your rootkit anywhere.
18:13 batman nothing special about fatpacking
18:13 dave easier with XS tho
18:13 Grinnz not really
18:13 Grinnz the source is still there
18:14 dave well I can perltidy something fatpacked and see the perl
18:14 batman but you don't.
18:14 Grinnz it's already perl
18:14 dave XS could contain assembly theoretically
18:14 batman that's the point. no-one reads all the code that run.
18:14 Grinnz no it can't
18:14 dave it's C code
18:14 sri you can disassemble binaries too
18:14 Grinnz it's built when you install it
18:14 Grinnz for your arch
18:14 batman sharing code is all about trust.
18:15 dave batman: I never heard of fatpacking until today
18:15 batman dave: that doesn't change anything. i bet you haven't read all the perl code you run.
18:15 dave I read most source code, not all tho
18:16 dave and of course, I read less of modules with XS in them
18:16 batman right. so you have no control if there's a rootkit at all. fatpacking does not have anything to do with it.
18:16 dave not completely, it's not so black and white
18:16 batman ok?
18:16 dave fatpacking raises the bar on reading the source
18:16 dave just a bit
18:17 dave if you raise the bar a bit enough times, the bar gets pretty high
18:17 batman well... i have no idea where my ubuntu packages come from or it's source code.
18:17 dave and I haven't read all the FreeBSD source code
18:17 batman i just trust the people who created them
18:17 dave I don't :)
18:17 dave but I've no choice
18:17 sri all about trust
18:18 dave I don't even trust myself
18:18 batman i don't use anything which i don't trust, unless someone tells me to.
18:18 sri doesn't matter if it's a freebsd port, cpan module, or script you downloaded with curl
18:18 batman (i also have some weak moments of "i don't care")
18:18 dave it's forced trust (or you can't really get any work done)
18:18 batman dave: it's real trust to me.
18:19 dave ah ok...not "trust" but "experience" for me
18:19 dave so in Mojo's case, I didn't trust sri at all
18:19 dave I read his code
18:19 dave when i saw things like Mojo::Base
18:19 batman yeah... you're right. it was full of rootkits in the beginning...
18:19 batman ;)
18:19 dave I came to experience his code and the experience became positive
18:19 dave lol
18:20 jabberwok "…grasshopper"
18:20 dave I use "trust" in a different way than most I guess
18:20 batman i might use it wrong. i'm not a native speaker.
18:21 Grinnz at least mojo has never caused something like these: https://github.com/MrMEEE/bumblebee-Old-and-abbandoned/issues/123 http://community.eveonline.com/news/dev-blogs/about-the-boot.ini-issue/ https://github.com/valvesoftware/steam-for-linux/issues/3671
18:21 dod joined #mojo
18:21 Grinnz fun bugs.
18:22 batman awesome
18:22 dave eek
18:24 dave ya know, concerned about market share and all ... you need a technical evangelist to explain (in detail) why Mojo code is better
18:24 Grinnz there's a few buzzwords on mojolicio.us don't worry
18:25 Grinnz maybe we need to add more
18:25 dave lol "buzzwords"
18:25 dave just say "cloud" enough times and every manager on the planet will force people to use Mojolicious ;)
18:25 jabberwok to increase your ranking with enterprise level synergies derived from leveraged teamwork?
18:26 Grinnz exactly
18:26 dave aaa! *swat*
18:26 jabberwok the last office i worked in had a Swear Jar.  not for 4-letter words but for enterprise, synergy, leverage,...
18:27 jabberwok 25 cents a pop
18:27 dave nice
18:27 Grinnz lol
18:27 dave "trending" would be another
18:28 dave but seriously, I've started using Mojo::Base a lot...that's a great little module...it'd be nice if people understood why :)
18:28 pink_mist <dave> just say "cloud" enough times and every manager on the planet will force people to use Mojolicious ;) <-- isn't this the reason the logo is a cloud? :P
18:29 batman i don't get the header sizes for material... http://materializecss.com/typography.html
18:29 dave I never noticed the cloud lol
18:29 batman they seem so big
18:29 dave I just read words
18:29 zackiv31 joined #mojo
18:30 dave actually, my first intro to mojo was on jberger's site after googling "non-blocking perl web framework"
18:32 absolut_todd joined #mojo
18:39 bin_005 joined #mojo
18:40 panshin joined #mojo
18:55 zackiv31 joined #mojo
19:08 mattastrophe joined #mojo
19:25 dod joined #mojo
19:45 absolut_todd joined #mojo
19:58 cpan_mojo Mojolicious-Plugin-DebugDumperHelper-0.02 by LDIDRY https://metacpan.org/release/LDIDRY/Mojolicious-Plugin-DebugDumperHelper-0.02
20:16 aggrolite joined #mojo
20:38 mattastrophe joined #mojo
20:44 doby joined #mojo
20:54 jberger dave: I hope it helped and didn't just add questions
21:02 irq joined #mojo
21:06 KimmoNO joined #mojo
21:10 hummeleBop joined #mojo
21:12 dave it did both :)
21:13 jberger ah, nice
21:13 jberger so does anyone understand what charlie is trying to do here? https://github.com/jberger/Mojolicious-Plugin-RevealJS/issues/2
21:16 bin_005 joined #mojo
21:21 woz joined #mojo
21:29 jberger ah, missing prereq
21:35 cpan_mojo Mojolicious-Plugin-RevealJS-0.05 by JBERGER https://metacpan.org/release/JBERGER/Mojolicious-Plugin-RevealJS-0.05
21:39 cpan_mojo Mojolicious-Plugin-Kavorka-0.01 by JBERGER https://metacpan.org/release/JBERGER/Mojolicious-Plugin-Kavorka-0.01
21:39 * jberger RELEASES ALL THE THINGS!!!
21:43 sri i guess we could load those classes automatically... but meh https://github.com/kraih/mojo/issues/810
21:44 punter joined #mojo
21:44 jberger I can see that being useful, but remember that require is not necessarily the same thing as having a package available
22:00 bin_005 joined #mojo
22:19 wingfold joined #mojo
22:23 woz joined #mojo
22:30 mattastrophe joined #mojo
22:57 sri nice overview of the nginx architecture http://nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/
23:02 Grinnz_ cant wait to be able to switch off apache
23:03 Grinnz_ at least, thats more feasible than switching off mysql
23:06 jberger We might be able to switch off mysql once upsert happens
23:22 frederic_ joined #mojo
23:29 Grinnz there's a hell of a lot of reasons we won't be switching off mysql
23:30 Grinnz 1. the other projects with ancient codebases that nobody touches anymore, 2. they're doing all this clustering shit now
23:30 Grinnz 3. getting the other developers to actually want to switch
23:32 woz joined #mojo
23:34 punter joined #mojo
23:59 sivoais joined #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary