The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2016-02-07

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 jberger Mojo::IOLoop->delay(sub{ my $delay = shift; $ua->get(shift @queue, $delay->begin); Mojo::IOLoop->timer(1 => $delay->begin) })->wait;
00:03 jberger well, I guess there'd be a second step in there
00:03 jberger but it means you do at most one request per second
00:04 jberger probably need () on shift too
00:36 CandyAngel Ah okies, thank you :)
01:00 jontaylor joined #mojo
01:33 jontaylor joined #mojo
02:02 jontaylor joined #mojo
02:15 CandyAngel Well that's confusing.. that code doesn't actually work
02:15 CandyAngel Maybe I shouldn't code at 2am :(
02:31 CandyAngel Ohhh wait, I did a goof
02:32 CandyAngel It's filtering out ids it has fetched, not ones it has *ever* seen
02:41 CandyAngel It works now, and the code is neat ^_^
02:56 deserted joined #mojo
03:27 noganex joined #mojo
03:39 mcsnolte joined #mojo
04:17 kaare joined #mojo
04:47 c--__ joined #mojo
05:30 deserted hey all quick question on serving static files, would this be the correct way to add a dynamic static path? https://gist.github.com/deserted/0bc3c99e67a9232303d5
05:43 meredith i may be a little sleepy so i'm not thinking 100% but it "feels" potentially flimsy.  another option might be to make a subclass of Mojolicious::Static that does the magic you're looking for and set your $app->static attribute to an instance of it
05:45 preaction are you serving multiple sites with one app? why?
05:59 Grinnz deserted, why not just update paths in the startup method?
06:00 Grinnz oh, i'm guessing getSiteID does something based on the path?
06:01 bc547 joined #mojo
06:01 deserted preaction, yes I am
06:01 preaction why?
06:02 deserted preaction, partly as an intellectual exercise, looking at some options for whitelabel services
06:03 Grinnz consider splitting it into multiple apps, you can then mount them together https://metacpan.org/pod/Mojolicious::Guides::Routing#Mount-applications
06:03 Grinnz alternatively, you could just add a route where the static files should be served and use reply->static manually https://metacpan.org/pod/Mojolicious::Guides::Rendering#Serving-static-files
06:04 Grinnz using hooks for this seems fragile and inflexible
06:04 preaction also, i suspect for async reasons, completely broken
06:04 deserted Grinnz, yeah that was the feeling I was getting doing it, hence feeling I should pose the question :)
06:05 deserted getSiteID works on domain, so shouldn't be an issue for async
06:05 deserted more concerned with overhead
06:07 deserted thanks for the feedback anyway, will look into scripted deployment and toadfarm or mounted apps as preferred option :)
06:07 Grinnz if you're managing multiple domains, nginx is really better suited to that sort of thing. if they were split into multiple apps you could just have nginx proxy to each app from different server blocks
06:08 Grinnz or toadfarm, yes
06:15 csson joined #mojo
06:54 dod joined #mojo
06:59 dod joined #mojo
07:09 jontaylor joined #mojo
07:14 ilbot2 joined #mojo
07:14 Topic for #mojo is now 🍻 cheers | http://mojolicio.us | http://irclog.mojolicio.us | http://code-of-conduct.mojolicio.us
08:33 Vandal joined #mojo
09:27 Mattjes joined #mojo
09:27 Mattjes Hello
09:27 Mattjes I need older version from Mojo
09:27 Mattjes cpan SAMV/Mojolicious-5.27.tar.gz
09:27 Mattjes give error
09:28 Mattjes Warning: no success downloading '/root/.cpan/sources/authors/id/S/SA/SAMV/Mojolicious-5.27.tar.gz.tmp24032'. Giving up on it.
09:28 Mattjes can anyone help me?
09:31 Mattjes Autor SRI dont work too
09:31 Mattjes Could not fetch authors/id/S/SR/SRI/Mojolicious-5.27.tar.gz
09:43 dabudabu Mattjes: https://cpan.metacpan.org/authors/id/S/SR/SRI/Mojolicious-5.27.tar.gz ?
09:48 Mattjes dabudabu: thx - yes i know this path but io cant install it over CPAN
09:48 Mattjes i dont understand it
09:49 Mattjes perl -MCPAN -e 'install Mojolicious-5.27'
09:49 Mattjes dont work
09:49 Mattjes cpan SRI/Mojolicious-5.27
09:49 Mattjes dont work too
09:49 Mattjes what i make wrong?
10:08 bjakubski most of older Mojolicious versions are removed from cpan
10:09 bjakubski on http://search.cpan.org/~sri/Mojolicious-6.44/ you can see available versions in "other releases"
10:09 bjakubski they are available frmo backpan, but I do not know how to install something from url with "cpan"
10:09 bjakubski try cpanminus?
10:10 bjakubski cpanm will gladly accept full url to specific distribution to install
10:19 Mattjes bjakubski: ty - i test with cpanm
11:07 batman Mattjes: you can install any version from github using cpanm:
11:07 batman cpanm https://github.com/kraih/mojo/archive/v5.27.tar.gz
11:47 mcsnolte joined #mojo
11:49 abra joined #mojo
11:51 Mattjes batman: ty - cpanm works perfect
11:52 batman \o/
12:08 haarg cpanm Mojolicious@5.27 should also work
12:31 batman haarg: don't so, when the version doesn't exist on cpan
12:33 haarg cpanm uses metacpan to find old versions, and metacpan indexes backpan
12:33 batman ah. cool :)
12:33 batman thanks
13:11 sugar joined #mojo
13:44 Topic for #mojo is now 🍻 cheers | http://mojolicious.org | http://irclog.mojolicious.org | http://code-of-conduct.mojolicious.org
14:05 abra joined #mojo
14:10 marcus magic
14:19 asarch joined #mojo
14:37 HtbaaPi joined #mojo
14:39 CandyAngel Wow, I get blocked even with a 5 second delay between each request. Seems harsh
14:39 CandyAngel Maybe they need to recode their site using Mojolicious :P
14:58 ipunter joined #mojo
15:29 sri so, any more ideas for a one sentence description for Mojo::IOLoop::Delay?
15:29 sri "Build L<Mojo::IOLoop::Delay> object to manage callbacks and control the flow of events for this event loop, which can help you avoid deep nested closures that often result from continuation-passing style."
15:30 sri that's the description for Mojo::IOLoop->delay
15:30 sri "...to manage callbacks and control the flow of events..." is the part i'd like to be better
15:42 jontaylor joined #mojo
16:02 sri damn, it's 2016 and this shit still exists in the wild... http://www.agarri.fr/kom/archives/2016/02/06/deserialization_in_perl_v5_8/index.html
16:13 jberger wow
16:13 jberger just wow
16:15 jberger don't anyone tell Netanel Rubin
16:15 jberger Storable had an eval for insecure data?
16:16 jberger even with a warning that's insane
16:17 jberger so in researching for my upcoming block post on my acme client I came across this
16:18 jberger its something I've always personally believed but its nice to see it in writing
16:18 jberger https://technet.microsoft.com/library/cc722488.aspx#EJAA
16:18 jberger I'd even go further to "doing things the correct only works if the correct way also happens to be the easy way"
16:19 jberger s/correct/secure/ is true too
16:22 jberger also note that its a great example of why you don't send errors to the browser in production
16:34 sri then our way of csrf protection is wrong
16:45 jberger because people have to check it
16:45 jberger ?
16:46 jberger we've made it easy-ish, I don't know how to make it automatic
16:46 sri yes, it has to be added manually
16:46 sri most frameworks add it automatically
16:46 jberger using form_for?
16:46 sri yes, and in the router
16:47 jberger I'd entertain that idea
17:05 sri lets be realistic, it's a hard problem, nobody is going to do anything about it until some "security researcher" makes a lot of noise :)
17:27 sri or someone throws money at the problem
17:27 sri that's how security works
17:31 jberger Yeah
17:32 jberger But we also can't just reject a form payload without a csrf token can we?
17:34 punter joined #mojo
17:34 mspo joined #mojo
17:35 mspo is a login session really safe without a server-side storage to validate it?
17:38 jberger mspo: it is hmac signed
17:38 jberger You can trust that it hasn't been tampered with
17:38 jberger Though it isn't private, keep that in mind
17:38 jberger It's signed not encrypted
17:39 Grinnz and assuming you use and rotate secrets properly
17:40 mspo I guess I will just have to trust
17:41 jberger mspo: read about hmac
17:47 sri jberger: sure we can
17:48 jberger so we dictate that people must use form_for?
17:49 sri we could check for an active session and reject every get/post without the correct token
17:50 jberger what about api-style calls
17:50 jberger ?
17:51 PryMar56 joined #mojo
17:51 sri rails seems to handle it pretty reasonably http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf
17:52 sri well, i'm not particularly interested in the topic... you were the one who brought up that security only works if it's easy ;p
17:52 jberger true
17:53 jberger and I'd argue that we have already made it easy, we haven't gone further and made it madatory
17:54 sri thing is, so far i've not seen anyone actually use csrf tokens
17:54 jberger for example I'm working on an acme client, to make ssl easier, but we wouldn't make mojo only serve ssl requests
18:08 good_news_everyon joined #mojo
18:08 good_news_everyon [mojo] kraih pushed 1 new commit to master: https://git.io/vg87K
18:08 good_news_everyon mojo/master c881b68 Sebastian Riedel: also mention the csrf_token helper
18:08 good_news_everyon left #mojo
18:10 mspo I'm already using csrf in my login form
18:13 sri oh look, it's like Mojo::Pg :) https://github.com/kennethreitz/records
19:16 jberger man letsencrypt users get really angry about the challenge being on port 80
19:17 jberger there's a ton of bug reports and feature requests on anything that is even close to acme asking to let the challenge be served from an alternate port
19:18 jberger this plugin is going to address that for mojo users nicely (I hope)
19:24 punter joined #mojo
19:48 jberger woah, I hadn't heard about this! https://developers.google.com/web/updates/2016/02/css-variables-why-should-you-care
19:53 jberger http://caniuse.com/#feat=css-variables
20:16 mib_zm52a7 joined #mojo
20:18 mib_zm52a7 I'm making a whole bunch of changes to many files contained in ~/pmfiles/ (there are a lot of .pm files in there). How do I run mojolicious so that I don't have to keep restarting it every time I make a change to one of those .pm files? I tried this: morbo -w script/test_app ~/pmfiles but it's coming back with ....
20:19 mib_zm52a7 Cannot find current script '/home/web/pmfiles' at /usr/local/share/perl/5.18.2/Mojo/Server.pm line 48.
20:19 preaction you need to do `-w ~/pmfiles`
20:19 preaction -w is an option that takes an argument of the directory to watch
20:20 mib_zm52a7 by default, I am using this: morbo script/test_app
20:21 mib_zm52a7 It is watching everything under script/test_app/lib
20:21 mib_zm52a7 so now I want to keep that, but I want to add everything under ~/pmfiles
20:21 mib_zm52a7 So you are saying to do this?
20:21 mib_zm52a7 morbo script/test_app -w ~/pmfiles
20:21 mib_zm52a7 ?
20:22 mib_zm52a7 sorry, I made a mistake
20:23 mib_zm52a7 I should have said that it is watching everything under test_app/lib
20:23 mib_zm52a7 whereas script is at test_app/script/test_app
20:25 mib_zm52a7 hey thanks for your help as that seems to be working
20:56 Grinnz he meant specify the -w option twice, once for each directory
20:56 Grinnz (in the longshot anyone that cares watches the log)
21:00 sugar joined #mojo
21:03 sugar_ joined #mojo
22:31 bowtie_ joined #mojo
22:51 crux joined #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary