The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2018-02-09

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:09 jberger TIL about the QOTD protocol, RFC865
00:09 jberger and well, I couldn't help myself
00:09 jberger https://gist.github.com/jberger/91e39455f77a077baa2e30f4b51d2ca5
00:10 pink_mist is line 13 really needed when you do ->server?
00:10 jberger I think so?
00:11 pink_mist hmm, I thought that was only needed when you did ::Server->new
00:11 jberger I'll try it without
00:11 pink_mist https://metacpan.org/source/SRI/Mojolicious-7.64/lib/Mojo/IOLoop.pm#L128
00:11 jberger I took it from the example here but that might just be ONLY to get the port http://mojolicious.org/perldoc/Mojo/IOLoop#server
00:13 jberger yes indeed, no necessary
00:13 jberger it took in on seeing it from the example and by analogy with creating a stream
00:13 jberger but as you say, that's when I've created a stream from ->new
00:13 pink_mist yeah =)
00:18 sri huh, it is necessary
00:18 sri the loop doesn't start itself
00:20 pink_mist he has changed line 13 since my comment
00:20 sri heh
00:20 pink_mist it used to read Mojo::IOLoop->acceptor($server);
00:23 jberger sri: yeah sorry, changed it on you
00:25 jberger https://gist.github.com/jberger/91e39455f77a077baa2e30f4b51d2ca5/revisions#diff-4b7329fed691a823c39a790a01febb9dL13
00:25 jberger I can't figure out how to link to a previous version of a gist, I thought you could do that
00:25 jberger diff is good enough for this anyway though
00:27 Grinnz jberger: click 'View' on the revisions page
00:27 Grinnz https://gist.github.com/jberger/91e39455f77a077baa2e30f4b51d2ca5/c8d4d1b947c59b6fabb23a416d8b9978ea8c9f0a
00:52 tchaves joined #mojo
01:04 [1]mohawk joined #mojo
01:53 jstevens joined #mojo
03:07 karjala_ joined #mojo
03:21 aborazmeh joined #mojo
03:32 jstevens_ joined #mojo
03:33 nefarious joined #mojo
03:48 nefarious joined #mojo
05:04 dboehmer joined #mojo
05:08 bouncy joined #mojo
05:13 nefarious joined #mojo
05:24 hrupp joined #mojo
06:33 nefarious joined #mojo
06:44 polettix joined #mojo
07:08 Vandal joined #mojo
07:17 inokenty-w joined #mojo
07:42 AndrewIsh joined #mojo
07:49 nefarious joined #mojo
07:52 dod joined #mojo
07:56 dod joined #mojo
08:11 McA joined #mojo
08:31 nefarious joined #mojo
08:35 berov joined #mojo
08:40 trone joined #mojo
09:03 Edward joined #mojo
09:51 nefarious joined #mojo
10:09 Dandre joined #mojo
10:11 Dandre Hello,
10:11 Dandre What do you recommend to use a MongoDb database with Mojolicious? Mango? Official perl MongoDB driver? other?
10:12 * sri recommends not using MongoDB (no troll, i've written Mango and learned the hard way just how bad it is)
10:14 Dandre ok but I have read that you don't use Mango. Am I right?
10:14 sri i'm a Postgres user now
10:15 Dandre ah ok
10:15 Dandre Mango asn't been active for 2 years
10:17 sri you might have misunderstood me, i did not mean the pelr module MongoDB, i mean just don't use the "database" MongoDB
10:17 sri s/pelr/perl/
10:18 sri if you have a choice
10:18 Dandre Ah ok, I didn't understood
10:20 Dandre I must use a noSql database ATM
10:21 sri "must"?
10:21 purl well, "must" is a strong word.  But that's a solution.
10:22 sri postgres is full of non-traditional sql features like native json, arrays and full-text indexing
10:24 Dandre Ok I'll read about postgres but I have lots of installs on top of Mongo
10:26 Lee Dandre: to answer your original question - when i was using MongoDB, seven years ago with v1.6, the official driver from CPAN worked fine for our use case
10:26 Lee but if you're high traffic, scaling to many nodes, have a specific use case, maybe it's not a good solution
10:30 Dandre ok thanks
10:49 tyldis Dandre: We replaced Mongo with Postgres, granted we had very little usage to begin with
10:51 tchaves joined #mojo
11:08 jamesaxl joined #mojo
11:15 polettix joined #mojo
11:37 nefarious joined #mojo
11:54 sri joined #mojo
12:51 aborazmeh joined #mojo
12:53 nefarious joined #mojo
12:57 mrallen1 joined #mojo
13:02 tcohen joined #mojo
13:11 sri what the hell, my irccloud is banned from freenode :O
13:12 sri "Your irc client is broken and spamming lots of chanels."
13:12 sri Oo
13:13 sri s/spamming/flooding/
13:15 marcus ayayay
13:16 coolo sri: I can see that
13:16 coolo 12:55 -!- kraih [sid17075@gateway/web/irccloud.com/x-bcpctkztxnrmqmmy] has quit [Max SendQ exceeded]
13:16 coolo 12:56 -!- kraih [sid17075@gateway/web/irccloud.com/x-upwxsivegbxvwmme] has quit [Max SendQ exceeded]
13:16 coolo 12:57 -!- kraih [sid17075@gateway/web/irccloud.com/x-jiadjkajkzzcbhdo] has quit [Max SendQ exceeded]
13:17 coolo that was obviously only the last lines
13:18 sri i guess something is borked at irccloud then
13:20 coolo ouch - https://www.kde.org/info/security/advisory-20180208-2.txt
13:20 sri lol, that's a bad one
13:22 coolo math teacher: 'did you really call the stick with your homework $(rm -rf ~)'?
13:31 marcus going to call all my volumes that from now on
13:43 pink_mist holy cow that's a bad bug
14:02 stephan48 you would guess that by now humans have figured out that it would probably make sense to validate each and every user or external device input. but alas, theres always some new joy to be found
14:03 pink_mist the real problem is they're clearly shelling out instead of properly calling whatever program they're calling
14:04 stephan48 yea, thats another of these things. thats a well known thing by now. and i would dare to say a security hole every software steps into atleast once
14:04 stephan48 while it would break hell of a lot of stuff, it might even make sense to per default forbid this kind of "shell execution" without explicitly stating that this parameter extension is what you want.
14:04 pink_mist nah, not every software - maybe every programmer, but I've been bitten by that kind of thing before so I never do it in any new projects I start
14:05 nefarious joined #mojo
14:12 nefarious joined #mojo
14:17 gryphon joined #mojo
14:34 skaji joined #mojo
14:38 gizmomathboy joined #mojo
14:38 Grinnz joined #mojo
14:47 dantti_laptop|2 joined #mojo
14:51 maschine joined #mojo
14:56 polettix is there a way to get the contents of the server certificate file (e.g. the default one shipped with every installation) from within a Mojolicious application?
15:00 pink_mist "default one shipped with every installation"?
15:09 raisin joined #mojo
15:13 raisin Hi there, I'm relatively new to Mojo & I've got small issue : I'd like to sub-divide a controller Package (say App::Controller::Something)  into smaller pieces. To this end I create a sub folder and create a new package (App::Controller::Something::Else)
15:13 raisin this is, however, not loaded from the main Controller despite a use App::Controller::Something::Else statement...
15:14 raisin I'm probably missing something very simple....any help would be very appreciated !
15:16 maschine on my app I'm using 'use FindBin;' and the line: use lib "$FindBin::Bin/lib";
15:17 raisin into the parent Controller class ?
15:17 maschine your other modules would go under the 'lib' folder of your Mojolicious project, /lib/Controller, /lib/Model, etc
15:18 maschine err, sorry - /lib/App/Controller
15:18 maschine or MyApp if that's what you've called it
15:20 raisin ok, I'm gonna give it a try & check this FindBin thing... thanks
15:38 ChmEarl joined #mojo
15:50 polettix pink_mist: the one that today is installed in Mojo/IOLoop/resources/server.crt
15:50 polettix "a development certificate for testing purposes is built right in" https://metacpan.org/pod/distribution/Mojolicious/lib/Mojolicious/Guides/Cookbook.pod
15:58 polettix I could look for Mojo/IOLoop/resources/server.crt and load it of course, I'm just wondering if 1. there is some api-level way of doing this and 2. is it future proof enough
15:59 sri no, that will break at some point, and there is no way
16:01 sh14 joined #mojo
16:02 polettix OK. I want to work on a blog post with an example where I need to load it, so I'll include also a test certificate to be on the safe side
16:02 jberger polettix get a cert from LetEncrypt, I have a plugin, there are lots of other easy tools
16:03 jberger ah, gotcha
16:03 jberger recommend that to your readers then
16:03 polettix yep
16:03 jberger I still need to update my plugin for acme v2
16:03 jberger sigh too much to do
16:04 jberger v1 isn't deprecated (yet) but it would be nice to offer wildcard certs
16:04 maschine jberger, what's your plugin called?
16:04 jberger Mojolicious::Plugin::ACME
16:05 jberger its only benefit over the other mechanisms is that it can run right in your existing application
16:05 polettix {wildcard certs}++ although I still haven't been able to figure out security implications of the whole thing
16:05 jberger that said, now that I have a bunch of applications using ssl and doing ssl termination in nginx, I actually don't even use that feature myself :s
16:05 maschine that would be nice - I always end up doing it manually..
16:06 polettix jberger: me too, that's why I made such a fuss with reverse proxies :)
16:07 jberger hmmm, another thing I want to do, use unix sockets between my proxy server and my application servers
16:12 Grinnz a wildcard cert would simplify my process quite a bit
16:13 jberger Grinnz: I'm curious why that would be (ie, how you setup is different than mine)
16:13 Grinnz only have to get one cert for all my subdomains?
16:13 jberger I have several subdomains but once I've configured them once it really doesn't matter how many I have
16:14 Grinnz i mean, yeah
16:14 Grinnz but i dont have to configure new ones when i add a new subdomain
16:14 jberger right, that's true
16:14 purl i think right, that's true is better to not scatter the info
16:14 genio wildcard certs are nice, yea. but if you have that semi-automated with AWS cert manager or letsencrypt, it's not much extra effort
16:14 genio wildcard certs from, eg, DigiCert, are expensive. There's the downside
16:15 polettix jberger: for me, wildcard certs would allow my toy installation of sandstorm to be useable from every browser
16:15 jberger my favorite move was issuing myself a demo.jberger.pl cert and virtual hosting that under nginx on localhost:3000
16:15 Grinnz plus i assume the wildcard cert would only require me to verify the main domain, so i could remove all the crap nginx setup for every subdomain
16:15 jberger so easy to fire up a quick app to show someone something
16:16 jberger Grinnz: I assume that's how it works too
16:16 jberger I haven't read the v2 spec
16:16 jberger but it kinda has to be right?
16:19 berov joined #mojo
16:33 berov joined #mojo
16:34 nefarious joined #mojo
16:46 jberger reminded me, it was time to renew my certs
16:46 tcohen joined #mojo
16:46 jberger <3 LE, so damn easy
16:48 Grinnz i have them renew in my homedir each month and then bug me to update nginx
16:49 Grinnz i'm glad i havent had it do it automatically because last month one of them was having a random issue and generated a null cert
16:53 jberger I have it down to just a few commands
16:53 jberger LE sends emails when your certs are running down so I haven't forgotten yet
16:53 Grinnz thats far too much for me, i wrote one script :P
16:53 Grinnz it does? i've never gotten those
16:54 jberger yeah, I could probably cron parts of it but I like having be manual for that same safety valve
16:54 jberger yeah, I get them
16:54 jberger did you use your email address as part of your LE account creation?
16:54 * jberger realizes my LE account was created by acme_tiny
16:54 jberger I wonder if my plugin doesn't let people do that!
16:55 Grinnz no idea
16:55 Grinnz i'm using acme_tiny.py for everything
16:55 jberger my plugin was just acme_tiny.py ported to perl/mojo
16:55 jberger its nice
17:02 maschine I get emails when mine is about to expire..  then I usually put it off until the day before :p
17:19 saorge joined #mojo
17:39 dod joined #mojo
17:41 anony joined #mojo
18:11 gryphon joined #mojo
18:22 karjala_ joined #mojo
18:36 nefarious joined #mojo
18:47 Seth joined #mojo
18:50 Seth joined #mojo
18:51 Pyritic joined #mojo
19:13 polettix_ joined #mojo
19:17 ghenry joined #mojo
19:21 gryphon joined #mojo
19:25 tyldis Wildcards will be neat to avoid leaking hostnames when using LE
19:25 tyldis At least if you want to keep things simple
19:41 Seth joined #mojo
19:46 gryphon joined #mojo
20:17 ghenry joined #mojo
20:27 jamesaxl tyldis: what does LE mean ?
20:32 Grinnz lawful evil?
20:32 purl well, lawful evil is still lawful!
20:32 Grinnz purl: high five
20:32 purl well, high five is not a hug or http://theinternetisterrible.com/wp-content/things/high-five.jpg or http://i.imgur.com/kjTNh.gif
20:33 Grinnz (but actually, Lets Encrypt)
20:40 ghenry joined #mojo
21:07 ghenry joined #mojo
21:09 mohawk high five is also http://web.archive.org/web/20131109031117/http://theinternetisterrible.com/wp-content/things/high-five.jpg
21:09 purl okay, mohawk.
21:09 mohawk high five?
21:09 purl high five is not a hug or http://theinternetisterrible.com/wp-content/things/high-five.jpg or http://i.imgur.com/kjTNh.gif or http://web.archive.org/web/20131109031117/http://theinternetisterrible.com/wp-content/things/high-five.jpg
21:38 berov joined #mojo
21:39 marty joined #mojo
21:46 Leffe joined #mojo
21:47 Leffe I need to read a structure from a mojolicious server
21:48 Leffe using another perl program.
21:48 Leffe Im wondering if I can use pure perl for this.
21:48 pink_mist sure
21:49 pink_mist expose it in your api, and connect to your api from the other perl script
21:49 Leffe that is, no json data, no xml. just perl
21:49 pink_mist that's just silly
21:49 Leffe Ok.
21:50 Leffe Thanks.
21:51 Leffe Is there any serializer for this in mojo? I was thinking about using Data::Dumper.
21:52 pink_mist there's a json serialiser
21:52 pink_mist Mojo::JSON
21:52 purl Mojo::JSON is about 3 times faster than json::pp
21:52 pink_mist using Data::Dumper is crazy
21:52 pink_mist there are so many problems with that
21:53 pink_mist one of which is that to deserialise you'll need to use string eval
21:53 pink_mist others are that it's not designed for that
21:53 pink_mist and it won't work well by default
21:55 Leffe Fine. I'm going to use Mojo:UserAgent for client.
21:55 pink_mist right, it has a very convenient json deserialise you can use
21:55 pink_mist *deserialiser
21:56 Leffe json?
21:56 purl json is Javascript Object Notation, at http://www.json.org/ or a good carrier for data in ajax or an obscenity, and its existence is an affront to the will of Allah or hateful because obj.toSource() doesn't generate compliant JSON data. or unicode or not the greatest format to type on the command line ;p
21:56 pink_mist yes json
21:56 pink_mist using anything else is just effort for no reason
21:56 Leffe I was thinking about using pure perl syntax
21:56 pink_mist and I'm telling you that's insane
21:56 jberger Leffe: let me say, you can't even move perl data between forks/threads without serializing to something
21:56 pink_mist PLEASE READ WHAT I WRITE
21:56 jberger pink_mist: no need to yell
21:57 marty joined #mojo
21:57 pink_mist I've been going on and on about how insane that is for many lines now
21:57 pink_mist him clearly not having read even one of them makes me want to yell
21:57 pink_mist there was definitely a need for me to yell.
21:57 Leffe thanks pink_mist, read what i've just said to: no json, no perl
21:57 jberger Leffe: what are your constraints
21:58 Leffe sorry no json, no xml
21:58 jberger there is no memory to memory way to transfer perl data
21:58 berov1 joined #mojo
21:58 pink_mist Leffe: you _need_ to serialise it
21:58 Leffe just need to serialize perl to perl
21:58 jberger data dumper is possible, but no better than json
21:58 pink_mist that's not possible
21:58 pink_mist well, not entirely
21:58 jberger and data dumper has lots of caveats
21:59 Leffe ok
21:59 jberger that json does not
21:59 Leffe So, there is an easy way out of the box to parse json into perl? right?
22:00 jberger mojolicious includes a json parser and emitter yes
22:00 jberger Perl also does come with one since some version but it isn't the best choice
22:00 Leffe Ok, I've just used the emitter, I'll have a look at the parser.
22:01 Leffe thanks again.
22:01 jberger Mojo::JSON::decode_json
22:01 pink_mist Mojo::UserAgent also does it for you with the ->json method of the result
22:06 Leffe pink_mist: relax man, I really appreciate your help, but you If you read carefully the thread there is room for misunderstanding. I stated early in the thread (not thousands of lines long by the way) that I was planning to use pure perl syntax, no json neither xml.  That's way I got puzzled you suggesting me using json. That's fine.
22:07 pink_mist yes, but "pure perl syntax" only makes sense when writing code, not for serialising data
22:07 pink_mist so I thought you meant you only wanted modules that didn't use XS
22:07 pink_mist which the Mojo::JSON module doesn't do
22:08 pink_mist and as I said when you said no json: that's just silly
22:08 pink_mist there's hardly a better serialisation format
22:08 pink_mist for perl
22:09 sri pink_mist: what pink_mist was trying to tell you (in an admittedly rude way) was that serializing perl data structures to perl code will result in very serious security holes in your code and make you look foolish
22:09 sri (to anyone remotely familiar with the subject)
22:09 Grinnz i think you meant to tag Leffe
22:09 sri umm
22:09 sri yea
22:10 sri Leffe: ^^
22:10 Grinnz Leffe: pink_mist addressed that in the first things he said. your constraints weren't reasonable, so he gave you suggestions for an easy and reasonable alternative
22:13 Grinnz maybe it wasn't clear why things were talked about, but now hopefully it is
22:15 Leffe That's why I'm asking. I came here to ask and learn, and I really appreciate your help. I read carefully your advices with respect. Yes loading pure perl is dangerous if you don't know the source, but this is not the case, all servers involved in this use case are mine.
22:15 Grinnz that's not the only reason it's dangerous
22:15 mohawk Leffe, i'm quite curious why you think json isn't a suitable format
22:16 Leffe no, no. It's ok.
22:16 Leffe I didn't know it can be parsed back.
22:16 Leffe out of the box I mean.
22:16 Grinnz the more 'perlish-data' serialization formats are Storable and Sereal, these are what things like Mojo::IOLoop::Subprocess use
22:17 Grinnz but these are binary formats not suitable for text transmission
22:17 mohawk it would be a remarkable web framework in 2018 that didn't handle json in a smooth easy way
22:17 Grinnz best used between processes on the same server
22:17 Grinnz or servers running the same software
22:17 pink_mist JSON::PP is even a part of core perl
22:17 pink_mist (but it's much slower than Mojo::JSON)
22:30 Leffe joined #mojo
22:49 nefarious joined #mojo
23:08 nefarious joined #mojo
23:16 karjala_ joined #mojo
23:18 anon joined #mojo
23:19 dikim joined #mojo
23:32 ghenry joined #mojo
23:36 Eke joined #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary