The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2015-12-02

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 disputin joined #mojo
00:39 itaipu joined #mojo
01:10 ajr_ joined #mojo
01:38 asarch joined #mojo
01:50 Averna joined #mojo
02:14 kaare joined #mojo
02:27 Zoffix joined #mojo
03:10 noganex joined #mojo
04:09 voldemortensen joined #mojo
05:03 melo1 joined #mojo
05:03 crux joined #mojo
05:23 carneirao joined #mojo
05:57 jberger hmmm, implementing a redis backend for minion while considering both priority and delay (and queue) using BLPUSHRPOP is not going to be easy
06:14 cpan_mojo Mojo-Webqq-1.6.3 by SJDY https://metacpan.org/release/SJDY/Mojo-Webqq-1.6.3
06:24 Grinnz at least the redis docs are nice and explicit about those things
07:23 sugar joined #mojo
07:34 dod joined #mojo
07:40 dod joined #mojo
08:09 Vandal joined #mojo
08:10 osfabibisi joined #mojo
08:17 sugar joined #mojo
08:19 eseyman joined #mojo
08:27 sugar joined #mojo
08:56 sugar joined #mojo
09:05 D4RK-PH0ENiX joined #mojo
09:08 d4rkie_ joined #mojo
09:09 jzawodn_ joined #mojo
09:53 n16gel joined #mojo
10:01 jontaylor joined #mojo
10:03 * CandyAngel flops into the right channel
10:03 CandyAngel I'm sure I've asked this before but.. is there a recommended way of handling connections to other sites (that require authentication) in Mojolicious? I'm 120% sure the way I'm doing it is not good!
10:07 dod joined #mojo
10:11 berov joined #mojo
10:12 trone joined #mojo
10:16 stephen joined #mojo
10:33 pink_mist usually you hope the site in question has an api for you to use
10:34 nic What do you mean by "handling connections"?
10:35 nic Handling the credentials?  Managing a connection pool?  ...?
10:38 CandyAngel Well, my current situation is I want a Mojo app to connect to several other services to pull data from (to check consistency, scrape data)
10:39 CandyAngel One of these is website I have to log into (where my "API" is scraping HTML and such)
10:40 CandyAngel At the moment, I have it log in with the UA when the Mojo app starts, so it would break if it ever got logged out (e.g. serverside timeout)
10:40 asarch joined #mojo
10:42 nic It's often easy to catch when that happens.  In my situation yesterday if it returned 200 I just needed to check if it contained the string 'Login'
10:44 nic If you do do catch-and-retry, be sure to limit the rate of retries.  If your app is trying to login more than, say 1/min, something is going wrong
10:46 CandyAngel Yeah, I can do that
10:46 CandyAngel Then I need to figure out how to do Mojolicious+Expect :D
10:46 CandyAngel One of our other systems runs over telnet :|
10:47 nic ah, I need to do a telnet app this week+next
10:47 nic Users have 60 barcode-scanning guns and I need to write an app that helps them capture the correct codes :/
10:48 * nic has abs no idea how to do that  :D
10:51 pink_mist as I understand it, barcode scanners usually register as a usb keyboard or something of that ilk ... and the barcodes they scan are just translated into keycodes that they "type" out into whatever the operating system thinks is the focused window
10:52 nic yes, the guns at workstations are exactly like that, so a web app will do nicely
10:53 nic But most of them are mobile.  They talk telnet and have a small screen that I'm guessing is talking curses
10:53 nic I might find out tomorrow when I get my hands on a gun
10:54 nic One approach would be to find a 'telnet proxy' that lets me eavesdrop on a standard communication (that I'm supposed to replace)
10:57 melo joined #mojo
11:05 pink_mist wireshark?
11:05 pink_mist (they named it that again didn't they?)
11:08 CandyAngel I believe so
11:11 melo joined #mojo
11:16 CandyAngel Yeah, I can't find any examples of people using Mojolicious and Expect(.pm?) together, which isn't surprising. Hmm..
11:17 borkur joined #mojo
11:20 CandyAngel It's not helped that I have to log into this terminal thing and you can only log in once
11:20 CandyAngel So maybe I need a separate Mojo thing that I can request against
11:20 CandyAngel Which just handles that aspect and returns JSON to queries
11:20 marcus sri: boom is super easy to install with go
11:21 CandyAngel And perhaps making a request to that app just adds something to Minion and defers rendering to the task being completed, if that is possible
11:24 CandyAngel That way, I can group related requests (so I don't need to do a full reset every request) and if I only have 1 worker, it won't be logged in more than once
11:27 kaare joined #mojo
11:31 CandyAngel Which would have the added benefit of allowing me to provide a web UI for that system without it being tied to the one I'm trying to make
11:42 CandyAngel This project is made much more difficult by the lack of wireshark to intercept the protocol >.<
11:51 good_news_everyon joined #mojo
11:51 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/vRTEF
11:51 good_news_everyon mojo/master d4c81de Sebastian Riedel: remove deprecated collecting method from Mojo::UserAgent::CookieJar
11:51 good_news_everyon left #mojo
11:51 sri finding ways to abstract out more code from Mojo::UserAgent would also be nice
11:55 CandyAngel Anything in particular that you think needs to go?
11:56 sri tough to say, every now and then i get the feeling that connection management stuff could be moved somehow
11:57 sri or at least parts of it, like the part that establishes new connections, or the part that caches keep-alive connections
11:58 CandyAngel Oh.. to be honest, I thought that was in IOLoop anyway >.<
11:59 sri maybe fresh eyeballs would spot something i've missed
11:59 sri half of it is in ioloop
11:59 sri perhaps more could be moved :)
11:59 * sri shrugs
12:01 CandyAngel I'd have a go but I don't have a good idea how Mojo works in my mind
12:02 CandyAngel And most of the time, I'm not using it how it is supposed to be used anyway :)
12:15 CandyAngel Yeah, I'm at a totally loss to how (and indeed if) I can achieve what I want.. -.-
12:17 CandyAngel I might just make something with Minion where it requests it and the data will be available in a cache at some point and other apps just have to try again later
12:19 neilhwatson joined #mojo
12:21 CandyAngel A Mojo command line app will do for now :P
12:23 itaipu joined #mojo
12:28 sri hehe, here i am thinking that maybe the Mojo::UserAgent code got a big unwieldy, and when i check how implementations from other languages handle the problem, i see methods that are about as long as the entire Mojo::UserAgent module... https://github.com/visionmedia/superagent/blob/master/lib/node/index.js#L810
12:28 sri s/g/t/
12:38 CandyAngel :|
12:39 CandyAngel "visionmedia" and "superagent" are far too similar to "virgin media" and "superhub" for my liking
12:39 CandyAngel (in case you don't know, Virgin Media is an ISP and their router/modem is called the SuperHub.. and it sucks)
12:40 sri i have yet to hear something positive about a us isp ;p
12:40 sri aside from google fiber
12:41 CandyAngel When we first got it, attempting to browse the web instantly resulted in no web access.. because the SuperHub immediately blocked all connections due to thinking it was being attacked
12:41 CandyAngel Not. even. kidding. >.<
12:43 sri haha
12:44 CandyAngel You had to disable all the flood protection and stuff to get it to work.. and it didn't have modem-only mode.. so I got my own ISP (Be Broadband.. 12mbps ADSL)
12:44 CandyAngel 12mbps all the time vs 50mbps with the superhub and their throttling.. no competition :P
12:50 CandyAngel And then they got bought by Sky, who have really aggressive things on their bill (i.e. charge on internet connection for not using their other services.. not sure how that is legal), so I switch back but on my own connection so I don't get hit by the throttling (so QoS actually works)
12:51 CandyAngel And this is offtopic so I will shut up before sri tells me off again :P
12:53 sri more like sri tells himself off
12:54 sri sri: stay on topic!
12:54 CandyAngel :P
12:54 CandyAngel Resist the banter!
12:54 CandyAngel You can do it sri!
12:54 CandyAngel \o/ I believe in youuuuuuuu
12:57 * marcus is attending a full day kubernetes workshop
12:59 sri jberger: oh, i just remembered that i wanted to tell you something :)
12:59 sri a few days ago...
12:59 sri re this http://irclog.perlgeek.de/mojo/2015-11-29#i_11623236
13:00 sri it's not scary at all, just happens that the resume event in Mojo::Transaction triggers a call to _write, and the resume event can be called again while the write is in progress due to other events, so $self->{writing} protects from recursion
13:01 sri we throw around the resume event a lot, for $c->write/write_chunk for example
13:02 sri so just gotta protect from recursion
13:03 good_news_everyon joined #mojo
13:03 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/vRTFZ
13:03 good_news_everyon mojo/master 8a4622c Sebastian Riedel: no need to check the value
13:03 good_news_everyon left #mojo
13:05 sri hmm, php 7 is out
13:11 sri anonymous class support is kinda neat
13:12 sri "$object = new class { ... }" to create an object of an anonymous class
13:14 sri oh, and they added "yield from" from python
13:14 moritz I hope not in the weird form that python has?
13:14 ajr_ joined #mojo
13:15 moritz I always find it weird that using yield suddenly makes a routine return an iterator, without any up-front declaration
13:15 sri dunno, but the examples make it look identical to the python version
13:18 jberger sri: yeah I had figured that one out
13:19 jberger CandyAngel: do you just need to use Mojo::IOLoop::Client?
13:20 jberger Shelling out to telnet with Expect seems like overkill
13:33 dod1 joined #mojo
13:37 kes joined #mojo
13:37 hummeleBop joined #mojo
13:39 CandyAngel jberger: I wouldn't be shelling to telnet, I was refering to Expect on CPAN: http://search.cpan.org/~rgiersig/Expect-1.15/
13:40 kes Is there a way to run mojolicious application to debug with perl debugger like it can be done with apache: httpd -X -f ./conf/httpd.conf
13:40 kes ?
13:40 CandyAngel jberger: The main problem is I can only have one connection to the server at a time (due to once-only login)
13:42 CandyAngel if I get it working, I'll write an article and post it somewhere
13:42 CandyAngel Seems like no-one else has done this
13:45 marty joined #mojo
13:48 hummeleBop Hey there, how can I start a process with mojolicious and wait (in an async way)  for its end
13:49 CandyAngel hummeleBop: Have you looked into using Mojo::IOLoop::Delay for that? It might be suitable
13:50 jberger hummeleBop: Mojo::IOLoop::(ForkCall|ReadWriteFork) depending on needs
13:50 hummeleBop thanks
13:51 jberger CandyAngel: Expect would spawn a telnet process to watch, no?
13:51 CandyAngel As far as I am aware, you pass it the filehandle you want it to look into
13:52 jberger Oh, yeah I suppose it can do that
13:52 CandyAngel I don't *have* to use Expect
13:52 jberger So what handle would you give it?
13:52 jberger Expect might be right, now I'm just curious
13:53 CandyAngel Errr, the socket filehandle, though that would prevent Mojo handling it with IOLoop::Client
13:55 CandyAngel Maybe an Expect plugin would be possible, where you do something like.. umm.. $c->expect(regex => $renderingcallback, regex2 => ...)..
13:56 jberger The telnet sessions give you a prompt?
13:57 CandyAngel And implement whatever Expect.pm does, but looking at arbitary strings, prompted by the err.. whatever event when the socket recieves something
13:57 CandyAngel Yeah, when you first connect, you have to tell it what system you want, then username/pass
13:57 CandyAngel Then you put in a transaction code to get info
13:58 CandyAngel After that, it can be a little weird (resetting it to put in a new transaction doesn't give you a prompt that it is ready, as far as I can recall)
13:58 jberger Ok yeah probably better to stick with Expect than to try to reimplement it with Client
13:59 CandyAngel I didn't use Expect on the scraper I wrote :)
13:59 CandyAngel I've already done it, I just don't know how to fit it into Mojo
14:00 CandyAngel if that makes sense?
14:01 jberger Mojo::IOLoop::Client I would think
14:02 jberger It's just a basic tcp client analogous to telnet
14:03 sri $expect->expect(0, ...) in a readable io watcher should do just fine
14:04 sri just call ->expect(0, ...) whenever the handle becomes readable
14:04 sri Mojo::IOLoop::Expect should be pretty easy to write
14:05 sri my $expect = Mojo::IOLoop::Expect->new($handle); $expect->expect('match me exactly','-re','match\s+me\s+exactly', sub {...});
14:05 sri that's how i would design the api i guess
14:08 CandyAngel So if you were dealing with responding to a request (to provide the data in JSON format, for example), would you use render_later and let the callback render it?
14:09 sri yes
14:09 CandyAngel Okie. I'll give writing an Expect module a go. Might be useful even if it is just a starting point
14:11 sri https://api.metacpan.org/source/BPMEDLEY/Mojo-IOLoop-Tail-0.02/lib/Mojo/IOLoop/Tail.pm
14:11 sri this one got the readable watcher
14:11 sri little primitive, but points at the right direction
14:13 sri actually, Mojo::Pg works the same :) https://metacpan.org/source/SRI/Mojo-Pg-2.16/lib/Mojo/Pg/Database.pm#L126
14:13 sri just wait for readable events until what you're waiting for arrived
14:16 CandyAngel Okay
14:17 CandyAngel Oh right! So when I create the client, I log in and then send requests and then in each callback, I'm just listening for the specific response
14:17 CandyAngel SO it would work concurrently, providing it can tell which response it to which request
14:17 sri every request would have its own Mojo::IOLoop::Expect instance
14:18 CandyAngel Yeah, but I can't connect to the same server more than once
14:18 CandyAngel The second would have its login rejected due to already being connected
14:18 sri that is a bit of a problem
14:18 sri then you need a queue for requests
14:19 sri perhaps minion is a better fit for this after all ;p
14:23 CandyAngel Then I'd need a way of delaying rendering until a specific Minion job is finished
14:23 CandyAngel Hm... when you use the delay thing, can you "redo" the current step?
14:24 sri not intentionally
14:25 CandyAngel Hmm
14:28 * sri wonders if Mojo::UserAgent could be split up into two modules, one that performs a single http request, and one that manages the active requests
14:32 CandyAngel As far as I can tell, I'd need a way of either adding a callback after the current one or be able to redo the current callback (if I use IOLoop::Delay) to have a Minion do the work
14:38 jberger CandyAngel: redoing the current callback isn't hard
14:38 jberger https://metacpan.org/source/JBERGER/Mojo-FriendFeed-0.05/lib/Mojo/FriendFeed.pm#L57
14:39 CandyAngel Or, if recurring can remove itself, I could use that :P
14:39 jberger possibly my favorite mojo code ever
14:39 jberger rip friendfeed :(
14:39 * jberger weeps
14:41 CandyAngel Oh, I know I can use __SUB__, but I didn't see anything that let me add it after the current sub in IOLoop::Delay
14:43 CandyAngel I could use ->timer and let it reschedule itself though?
14:43 CandyAngel But if I can do that, may as well use recurring
14:51 voldemortensen joined #mojo
14:54 CandyAngel >.>
14:54 CandyAngel <.<
14:55 CandyAngel I can't use wireshark to intercept this, but I can loop it to my home computer and back and intercept it with wireshark there
14:55 CandyAngel The things I do to make everyone's job easier -.-
14:55 hummeleBop Is Mojo::IOoop::ForkCall compatible with mojolicious 6 ?
14:56 hummeleBop IOLoop*
14:57 batman jberger: ^^
14:59 batman hummeleBop: worked for me last time i checked...
14:59 batman hummeleBop: what is your real question?
14:59 hummeleBop "Can't call method "res" on an undefined value at Controller.pm line 222"
15:00 batman forkcall doesn't do anything with the controller, so i think that means that your code is acting up :/
15:00 batman can you show some code?
15:01 batman could it be that you're not calling delay() or render_later() ?
15:09 jberger hummeleBop: keep a strong reference to your transaction somewhere
15:09 dod joined #mojo
15:14 hummeleBop same error :|
15:16 hummeleBop and Minion crashes in my windows system
15:18 jberger hummeleBop: are you using the delay helper?
15:18 hummeleBop No
15:18 jberger $c->delay(sub{$fc->run(...)}, sub{ $c->render(...) })
15:18 jberger do that
15:18 hummeleBop ok
15:18 jberger it hides a lot of the complexity of keeping your transaction alive
15:19 hummeleBop it is still noblocking?
15:19 jberger yes
15:20 jberger I guess if you are asking that question you might need a more complete example tho
15:20 jberger $c->delay(sub{$fc->run(..., shift->begin)}, sub{ $c->render(...) })
15:21 jberger that begin is part of the architecture of delay and has to be done or it wont work either
15:40 cpan_mojo Mojolicious-Plugin-AssetPack-0.69 by JHTHORSEN https://metacpan.org/release/JHTHORSEN/Mojolicious-Plugin-AssetPack-0.69
15:43 jb360 joined #mojo
15:49 disputin joined #mojo
15:57 hummeleBop tanks a lot jberger, it works well :)
15:57 jberger cool
16:14 mgrimes joined #mojo
16:18 voldemortensen1 joined #mojo
16:25 orev joined #mojo
16:31 cpan_mojo Clustericious-1.07 by PLICEASE https://metacpan.org/release/PLICEASE/Clustericious-1.07
16:31 orev joined #mojo
16:37 gryphon joined #mojo
16:41 sh4 joined #mojo
16:41 disputin joined #mojo
16:47 sri jberger: perhaps Mojo::Protocol would be a better name than Mojo::Channel
16:47 sri judging by how things are evolving
16:47 sri not sure if $tx->protocol->... would be odd
16:49 jberger protocol kinda feels like it might be just a name
16:49 sri hmm
16:49 jberger like return unless $tx->protocol eq 'http'
16:49 sri true
16:49 jberger transport?
16:49 jberger I don't hate channel
16:50 sri transport is not bad, but not necessarily better than channel
16:53 disputin joined #mojo
16:54 disputin joined #mojo
17:00 disputin joined #mojo
17:05 marcusr transport marketing
17:07 PryMar56 joined #mojo
17:15 batman channel++
17:15 marcusr batmoin
17:16 batman could potentially be "tunnel" ..?
17:16 batman from a network perspective, i would say i transmit data inside a a tunnel or channel
17:16 jberger tunnel implies channels that use other channels, does it not?
17:17 batman yeah, i'm not +1 on tunnel. just brainstorming :)
17:21 sri -1 on tunnel
17:22 sri batman should get involved in the refactoring though, since that part of the code also matters for the stuff he wants to add in the future
17:22 sri (unix domain sockets)
17:23 * sri considers the refactoring a prereq for all new protocol work
17:24 batman that would be awesome, but i don't think i can find time
17:24 batman i even dreamt about the refactoring yesterday...
17:25 jberger I could barely sleep with my brain trying to figure out how to implement a Redis backend for Minion
17:25 jberger what's wrong with us!?!
17:25 marcusr batman: I noticed I didn't end up owing you a burger even tho I prioritized advent calendar over a last minute blog post
17:25 sri jberger: i think i've seen a partial redis backend on github once
17:25 batman jberger: hehe... not sure :P
17:25 marcusr damnit, trelane, I could have had a burger...
17:26 batman but i hope you used Mojo::Redis2 for the minion backend
17:26 jberger sri: yes I found it
17:26 jberger https://github.com/ravengerUA/minion/blob/master/lib/Minion/Backend/Redis.pm
17:26 batman marcusr: hehe. yeah! i tried to write another deployment blog post, but didn't make it in time.
17:26 batman too bad you didn't make it :)
17:33 jberger sri: this seems very likely to be fragile: https://github.com/ravengerUA/minion/blob/master/lib/Minion/Backend/Redis.pm#L300-L336
17:34 jberger I really would like to just use BLPOPRPUSH, but then you can do hardly any other the other things, like delay or priority etc
17:34 jberger priority can be binary, like adding jobs is RPUSH if priority 0 and LPUSH if 1
17:35 jberger delay is super hard without some manager process
17:35 sri jberger: yea, no idea if it's any good
17:36 jberger you could make a list per-queue, but then its hard for a single worker to watch multiple queues
17:36 sri jberger: take a look at sidekiq, it has many minion features
17:36 jberger will do
17:36 jberger I was planning on looking at other redis based queues
17:36 jberger I know they exist
17:37 jberger I'm going to guess that there is some housekeeper process though
17:37 jberger maybe there could be a housekeeping job
17:37 sri jberger: you could also leave out priority to get started
17:39 sri jberger: some implementations seem to append the priority to the queue name
17:39 jberger that makes sense I suppose
17:39 sri you know, we could limit the priority value to 0 - 10 or so
17:39 jberger I still need an effective way to watch multiple queues without accidentally starting too many jobs
17:40 sri jberger: blpop
17:40 sri you can blpop on multiple lists
17:40 jberger oh really?
17:41 jberger but not blpoprpush though?
17:41 jberger I guess I could just blpop and rely on minion's own repair mechanism
17:43 jberger I guess that's a compelling enough reason to not pop/push
17:43 n16gel joined #mojo
17:43 Grinnz_ i remember blpop on multiple lists being a really nice way to manage queues
17:43 Grinnz_ or brpop
17:44 batman jberger: why is it hard for a single worker to watch multiple queues?
17:44 sri but seriously, what about limiting the priority values in minion?
17:44 batman sorry. sri already told you that :)
17:44 * batman goes away
17:45 jberger batman: its hard to do brpoplpush since it only takes a single source, not a list of sources
17:45 jberger but since minion has a repair mechanism perhaps I should just use blpop and be done with it
17:45 jberger sri: I don't think it needs to be defined as such
17:46 jberger different backends might just document the limitations they impose on it
17:46 jberger for a SQL backed redis, there's no reason to have artificial limitations
17:46 * sri shrugs
17:46 jberger sorry, SQL backend minion
17:49 jberger for example if there was queue_priority style queue names for redis I would just document that all priorities > 9 are truncated to 9 on insertion
17:49 sri guess that's reasonable
17:50 stuart joined #mojo
17:52 jberger I had a fun idea for implementing delay as a set of all jobs and a set of delayed jobs, and the delayed jobs would have TTL set, then ready jobs is just the difference of the first and second sets
17:52 jberger but you can't push/pop on the result of that
17:53 jberger well, pop I suppose
17:53 jberger you can't pop on the result of that
18:03 dod1 joined #mojo
18:15 asarch joined #mojo
18:18 stuart joined #mojo
18:19 good_news_everyon joined #mojo
18:19 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/vRL17
18:19 good_news_everyon mojo/master 6ba2bcb Sebastian Riedel: return a true value to signal an error
18:19 good_news_everyon left #mojo
18:19 sri guess this is more future proof, a true value can be replaced with actual error messages if we decide to have more than one
18:19 disputin joined #mojo
18:20 sri calling ->finish directly is not good, since frame handling will be extracted from the class
18:43 hummeleBop joined #mojo
18:44 hummeleBop Mojo::Redis2 doesn't work if I use Mojo::IOLoop::ForkCall in same time :|
18:48 trone joined #mojo
18:49 hummeleBop How cud I run external commands from Perl with Mojo::IOLoop for the async behavior
18:49 hummeleBop How could*
18:53 disputin joined #mojo
18:57 Grinnz_ can you be more specific? what isn't working?
18:58 hummeleBop Probably a conflict somewhere..
18:58 hummeleBop it doesn"t matter I found a better way to o
18:58 hummeleBop go
19:13 da5id joined #mojo
19:14 preaction you could use IPC::Open3 and watch the filehandles
19:19 sivoais joined #mojo
19:21 batman sounds rather complicated when you have ForkCall and ReadWriteFork
19:21 lluad joined #mojo
19:21 batman RWF doesn't provide a STDERR event, but still...
19:21 kyshtynbai joined #mojo
19:22 hummeleBop then I will use a thread, and I will check each second if it has finished its work
19:24 batman hummeleBop: it's very difficult to help you without any information
19:24 hummeleBop I need to make zip file at runtime
19:25 batman telling us that something doesn't work, that we know do work isn't setting off a constructive conversation :/
19:25 hummeleBop I can't do that in a blocking way, it will be a bottleneck
19:25 hummeleBop I know batman and I'm sorry for that but my english is approximate I cannot give you a lot of details
19:26 batman hummeleBop: yeah... sorry i can't help you :(
19:32 batman hummeleBop: i would start off by trying to write a ::Lite app and reproduce the issue with as little code as possible.
19:33 batman afterwards (if you must) search and replace then application names and such that you don't want us to see
19:33 batman use a pastebin and pass us the link
19:35 dod joined #mojo
19:45 jberger hummeleBop: are you using Redis in the forked child?
19:46 jberger if so, the IOLoop is reset in the child
19:46 jberger you'd have to start a new loop
19:57 cpan_mojo Mojo-JSON-MaybeXS-0.010 by DBOOK https://metacpan.org/release/DBOOK/Mojo-JSON-MaybeXS-0.010
19:59 woz joined #mojo
20:01 woz_ joined #mojo
20:02 phillipadsmith joined #mojo
20:02 CandyAngel Is it unusual to run a Mojo app when you're not in the apps directory?
20:04 jberger CandyAngel: you just have to be sure that your script knows how to load the correct libraries and that your app class knows how to point to the correct templates/static files etc
20:04 jberger galileo is an example
20:05 chansen joined #mojo
20:05 kes joined #mojo
20:05 CandyAngel Thought so, thankies
20:05 SmokeMachine joined #mojo
20:05 CandyAngel Mojo is really nice for command line applications :P
20:14 Lucas1 joined #mojo
20:26 orev hi, I'm getting started with mojo.  one thing I'm concerned about is the docs say that session storage is secure because it is signed with the secret.  this doesn't prevent viewing the data, so "secure" is not really accurate
20:27 Grinnz orev, that's correct. it's secure from being modified by anyone else
20:27 Grinnz it's not private
20:28 orev I think the docs are misleading in that respect since it's easy to think that "secure" means you can store sensitive information in there
20:28 moritz it preserves integrity, not confidentiality
20:28 moritz orev: propose a doc patch?
20:29 Grinnz in most cases is says "to prevent tampering" or "protected from unwanted changes"
20:31 jberger orev: do you have a link?
20:33 jberger places where it doesn't say like Grinnz says might do we to do so
20:34 good_news_everyon joined #mojo
20:34 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/vRtPJ
20:34 good_news_everyon mojo/master e1f1e06 Sebastian Riedel: just call it tamper resistant
20:34 good_news_everyon left #mojo
20:35 orev jberger: the final prototype in the growing guide is a pretty good example of how it is misleading.  first it says "make cookies secure" when it sets the secret, then the protected area only checks for a username.  I know an example like that is just meant as an example, but it's a pretty good blueprint of what not to do
20:36 lluad How so?
20:36 orev as it is part of a getting started guide, it's easy to think that users would use that structure as a template to build from
20:37 orev lluad: allowing eavesdroppers to see the username is an information leak
20:37 lluad Well, if the cookie has been signed, and has a username in it, that's the username of the logged-in user.
20:37 orev yeah, and no one should be able to see that in the session
20:37 lluad Oh, that's your concern. Never mind. I tend to ignore that, because SSL.
20:38 sri eavesdroppers as in observed in transit?
20:38 orev lluad: then you should read the OWASP session guides and then go fix all your apps https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
20:38 disputin joined #mojo
20:38 sri if someone can see your requests and responses you're compromised anyway
20:39 orev cookies can also exist in other places, like disk
20:39 sri that's not eavesdropping
20:39 lluad Right. So if the end-users system is compromised ... you're screwed.
20:39 orev I'm not going to argue with all of you about it.  read that guide and then fix your apps or don't
20:39 lluad There are several other issues with using a simple signed cookie, but that is not one of them.
20:40 orev lluad: if you're in a corp environment others may have legitimate access to your system and that doesn't mean you grant them access to login to all your apps
20:40 lluad Sure it does. If they have access to your hardware, they have access to everything you log in to. Politeness, and the threat of being fired, is the only thing stopping them.
20:41 orev the point is that the mojo docs should be presenting that as a template on how to handle user sessions
20:41 orev shouldn't
20:41 orev and the various other places where it says that sessions are "secure"
20:41 sri what is your point again?
20:41 orev most people will read "secure" as it is suitable for storing sensitive information
20:42 sri i changed "secure" to "tamper resistant" like 10 minutes ago in the docs, what are you arguing for?
20:43 lluad Did you see the commit pushed up-channel changing that to "tamper-resistant" in the docs?
20:43 sri is there some deeper problem left?
20:43 n16gel joined #mojo
20:43 orev I'm pretty sure I saw a yapc presentation discussing how this channel was supposed to be friendly.  if you want to pile on because you'd rather be defensive than rethink some of your approach that's fine
20:44 orev if you made a change, that's great.  obviously this is still part of the ongoing discussion that spurred that change, so thanks
20:44 sri i was genuinely curious, your aggression is not appreciated
20:44 orev I'm not being aggressive at all
20:45 lluad Well, people took your concerns, decided they were perfectly reasonable, then patched the docs to fix. I was interested in what your additional concerns were too.
20:45 orev maybe you take my fast typing as being aggressive
20:45 sri what exactly is this supposed to mean then? http://irclog.perlgeek.de/mojo/2015-12-02#i_11646232
20:46 batman orev: calm down. no-one is out to get you.
20:46 orev sri: response to your comment here, which was clearly the aggressor: http://irclog.perlgeek.de/mojo/2015-12-02#i_11646217
20:48 sri orev: yes, because you were implying that we were giving bad advice in the docs here http://irclog.perlgeek.de/mojo/2015-12-02#i_11646203
20:48 sri and didn't elaborate on what you mean
20:49 bpmedley joined #mojo
20:49 sri changing "secure" to "tamper resistant" doesn't really change the information we are presenting there
20:49 lluad It's a good clarification, though.
20:50 batman yeah. +1 on the change.
20:52 sri no disagreement here at all, just wanted to find out if the comment was meant to imply that there's more
20:53 sri this looks interesting http://perladvent.org/2015/2015-12-02.html
20:54 sri although i'm curious why Catalyst was used in the beginning, but not for actual timing results :)
20:55 lluad Deadline to get the article up, probably. :)
20:55 sri lol
20:59 bjakubski joined #mojo
21:10 sri talking about ssl, now that countries start to mitm all https traffic the future sure looks bright
21:11 lluad I wonder whether it's possible (javascript?) to identify when a connection has been compromised in a vanilla browser.
21:11 lluad It'd be easy enough to do with a plugin or passive monitor, but having webpages pop up and say "Hey! Your connection is completely compromised!" would be interesting.
21:12 orev you couldn't rely on the javascript working if it was compromised.  they could just modify or remove it
21:12 sri well, if you install one of those "national security certificates", you know you're screwed
21:13 lluad Likely, yeah, orev.
21:13 * sri is referring to the kazakhstan thing
21:14 CandyAngel Could you do it with Greasemonkey, where the script can be gotten in various ways?
21:15 sri for chinese firewall type of mitm you'd notice it because of pinned certs for google and stuff anyway
21:16 sri kazakhstan is going to require every citizen to install a special cert on their devices
21:17 sri which bypasses pinning
21:17 orev wow, that's bad
21:19 lluad Yeah. And they'll be blocking any traffic they can't MITM.
21:22 punter joined #mojo
21:43 punter joined #mojo
21:45 dod joined #mojo
21:49 neilhwatson joined #mojo
21:53 woz joined #mojo
22:02 jberger :o
22:02 Zoffix :O
22:22 jb360 joined #mojo
23:22 CandyAngel joined #mojo
23:22 Quai joined #mojo
23:27 neilhwatson joined #mojo
23:32 Zoffix left #mojo
23:35 berov1 joined #mojo
23:37 * sri is thinking about making an anti perl6 shirt :)
23:40 nic I still feel very conflicted about the name thing.  I want them to succeed, but I feel bitter about the impact on perl5.
23:42 nic Apparently they had to use 'perl' because it still has value, but it only has value thanks to the perl5 community who invested in it for more than 15 yrs
23:42 nic And then...
23:42 Grinnz_ based on reddit threads, i'm not sure what value they expect from the name
23:46 lluad I think the people most likely to be potential Perl6 convertees are going to be turned off by the "perl" bit of the name.
23:47 nic I can't help feeling that if perl5 doesn't find a new name by the end of 2016, the squeeze on user base is going to be terminal
23:47 sri yea, i'm pretty sure perl6 doesn't really has a chance
23:47 lluad Non-perl-coder: "Perl 6? That means it's going to have lots of inscrutable syntax crap, right?". Perl-5-coder: "Perl 6? Yeah, come back to me once you have an ecosystem."
23:47 sri nic: naah, it's never going to reach critical mass
23:48 sri honestly, i'm totally relaxed about it now, just a little annoyed with the anti perl5 vibe from #perl6, so i might make a shirt :p
23:49 sri but i might not know the language good enough yet to really make fun of it
23:50 sri ideas so far are mostly about ridiculing the style of the logo
23:51 sri perhaps something along the lines of "5 > 6"
23:51 sri and the 6 side needs paint style iconography and comic sans
23:53 sri kitchen sink language is also a possible theme
23:54 sri this was great https://hbfs.files.wordpress.com/2009/11/perl6book-parody.jpg
23:56 sri oh, didn't know this one :) https://hbfs.files.wordpress.com/2009/11/perl6-orly.png
23:57 pink_mist batman is one of the authors!
23:58 sri Oo
23:58 nicomen pumpkin perl ftw ;)

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary