|↑back Search ←Prev date Next date→ Show only urls||(Click on time to select a line by its url)|
|***||flexibeast has left||[00:08]|
|........................... (idle for 2h10mn)|
the final resting place for builds : http://fosiki.com/Foswiki_Release01x01/
and that says all was good til the 13th
that my build server has been dead?
SvenDowideit potters off to find out
yup, all vm's on that server were off - had a power outage a few days ago, and clearly havn't been watching
|i've started them, but i think they're fsckin||[02:26]|
pharvey checks ReleaseBlockers
|SvenDowideit||last night i found one reason erp is busted
it looks like the html has been converted to POST, but the code isn't
so lots of things result in cancel
i will probly work on that next week :(
oh, i like this implementation of a table of contents
useful, but not using up the first page
whereas ours is so totally in the way
|pharvey||Ooooh DBD::SQLite::db do failed: database is locked at /usr/home/trunk.foswiki.org/core/lib/Foswiki/PageCache/DBI.pm line 451.||[02:33]|
|gac410||SvenDowideit: yeah. I have been putting it in a float right, so at least it doesn't make you scroll down to find anything.||[02:34]|
|SvenDowideit||its really terrible what we do :)||[02:35]|
Did you see Timothe's "Configuration Audit" page. Looks like it added the run all the checkers function you wanted.
|pharvey||is it just a matter of making a new div.class and asking Arthur to style it?||[02:37]|
|SvenDowideit||gac410 i never got to it
i get an enter passwd page
and no input box to do so
emailed you guys about it, but i presume its something simple
pharvey na, that url i sent is much nicer
|gac410||If you pseudo-install make sure all the stale gz files are removed.||[02:38]|
|SvenDowideit||'make sure' == do what?||[02:38]|
|gac410||pi creates them but doesn't remove them.||[02:38]|
|SvenDowideit||it should update them if the source has changed
else its a bug...
find lib -iname *.gz | xargs rm
|pharvey||pseudo has *never* updated them.||[02:40]|
|gac410||it just creates them||[02:40]|
|pharvey||ok. I'm in there today. I'll think about how to do this without reproducing half of configure and half of BuildContrib||[02:40]|
|gac410||Configure is quite happy using the uncompressed if you just remove the gz files.||[02:41]|
|pharvey||I actually wish pseudo didn't bother creating compressed .gz in the first place||[02:41]|
|gac410||yeah. or at least if it was optional.||[02:42]|
|pharvey||if we're using ACG apache configs, the .gz only gets served if the rewrite rule finds an .gz version of the requested js/css file
OTOH, some people (like me) are running pseudo-installed sites, because we're utterly utterly mad
|gac410||configure has it's own file server since it can't count on apache. Always has. But it never did gz before.||[02:43]|
|pharvey||in the past if just run ./build.pl on contribs first, then pseudo-install
I just run*
SvenDowideit: can we make pseudo-install depend on core *and* BuildContrib? :P
|SvenDowideit||so you are saying, yes, pseudo-install is buggy
not news, but harumpf.
|pharvey||pseudo works as designed. It's designed to be stupid. We're only expecting more of it because we've been making it less stupid.||[02:45]|
i expect it to update out of date files
thats very simple
|pharvey||how very user-centric of you!||[02:45]|
|SvenDowideit||if it does not, then its just hiding bugs
and the point of it is to help us find bugs before we build a release
|pharvey||which is why I've always cleaned down first, so I assumed everybody else did that too.||[02:46]|
there should be no need to run more than one command
|gac410||yeah. that's become my mode to esp. switching branches.||[02:46]|
|SvenDowideit||especially when that command is a script||[02:46]|
|gac410||IMO it's a developer tool. it isn't intended to be all things for all users.||[02:47]|
|SvenDowideit||SvenDowideit find it frightening how many people write scripts to run srcipts that are supposed to help us
did you notice.... I am a developer
i refute the sensibility that i shoudl type 6 commands
when one of those exists only to be a developer helpr script
|pharvey||I don't want to maintain another implementation of BuildContrib. So, SvenDowideit, as 1.2 RM and gac410 as 1.1 RM, are you happy for both core and BuildContrib to become dependencies for pseudo-install?||[02:48]|
|gac410||The use case has changed. It used to sit in an svn checkout. Extension and js versions seldom change. Now with git, we from from release to release, and the extensions ALL change.||[02:48]|
the use case, and the gz issue existed in svn land too
we just didn't change the files as much
|gac410||right, but it was not as frequent to encounter.||[02:48]|
|SvenDowideit||so the use case is the same
its just the bug is more important than it was
it has always been a bug
pharvey i don't really like it no
what is in build contrib that you need
|gac410||pharvey, I have no objection to use of buildcontrib.||[02:49]|
|SvenDowideit||and does it perhaps belong in F::Configure?||[02:49]|
|gac410||compress, minify, why should pi duplicate it.||[02:49]|
|SvenDowideit||i do not ask for duplication
i'm asking why there are 3 separate tools
and if there is scope to move the components around
BuildContrib requires core
|gac410||only 2. Configure does not *build* extensions. It only copies files per manifest.
PI and Build have to build zipped / compressed files from the manifest.
|SvenDowideit||3 tools - core (as shipped)
and the weird bastard pseudo-install
i wonder for eg
if the zip/compress/append js / css code might not eventually need to be in configure
|gac410||sigh... core does not build. never has. I can't see why it would.||[02:51]|
|SvenDowideit||to implement the network optimisation feat req
|pharvey||SvenDowideit: I am of course talking about deleting code and moving it around to where it belongs, but I don't feel I have the time to make configure magically replace pseudo-install.pl this very day. Perhaps if I give BuildContrib a symlink-install capability, and make pseudo-install lean on BuildContrib for doing symlink/copy installs, this effort isn't wasted if/when we get to a magical configure-does-everything future.||[02:52]|
|SvenDowideit||the other approach that could make sense||[02:52]|
|pharvey||gac410: I'm adding some dependency to Foswiki::Configure so that pseudo doesn't have to parse or manipulate LocalSite on its own.||[02:53]|
|SvenDowideit||is to pretend that pseudo-install is _in_ BuildContrib (notionally, not really)
which might be more the current reality
|pharvey||We rely on BuildContrib conventions, but there's no code re-use AFAICT||[02:53]|
|SvenDowideit||y - notional
wait - pharvey thats why i asked
|gac410||thb, as dev tools, I don't care a bit about what depends upon what. So cross-dep between pi, & bc is perfectly fine with me.||[02:54]|
|SvenDowideit||what parts of BuildContrib are you wanting
as symlink installatoin is somewhat paralell to the extension installation code
|pharvey||I want to lean on BuildContrib to do the build||[02:54]|
|SvenDowideit||that is in configure||[02:54]|
|pharvey||i don't want to see MANIFEST parsing, faking gz/minified files, and pretending to know about dependencies||[02:55]|
|gac410||as far as depending on configure. ah... true. good pont.||[02:55]|
|gac410||yes. +1 build "builds the package" and configure::Package installs it with symlinks.||[02:55]|
|SvenDowideit||and a git/svn checkout doesn't 'build a package' is just installs using symlinks?
so pesudo-install code already makes sense to have in configure
|pharvey||we have had bugs in the past that were masked from pseudo-install setups due to the difference in how /bin/configure treats LocalSite.cfg||[02:56]|
|SvenDowideit||SvenDowideit turns everything upside down
y - no arument there
but that is not part of why you're wanting pseudo-install to depend on BuildContrib
|pharvey||No. I want BuildContrib to build the derived files||[02:57]|
|SvenDowideit||which i'm not sure i understand||[02:57]|
|gac410||having pi leverage BC's build (zipping, minifying, etc) and using Package to install||[02:57]|
|SvenDowideit||y, and i'm suggesting that we invert that||[02:58]|
|pharvey||And if BuildContrib is smart enough, it will update derived files that have become stale||[02:58]|
|SvenDowideit||zipping and minifying is _very_ likely t be pulled into core in the future||[02:58]|
|pharvey||Am I stupid? I .. am having trouble thinking of why||[02:58]|
|SvenDowideit||as it will be needed to optimse js and css as per 'i can't recal the feat req'||[02:58]|
|pharvey||oh. The auto-concat-static-css/js thingy?||[02:59]|
|gac410||If CSS contains dynamic content, then you need to compress after render.||[02:59]|
|SvenDowideit||because building SlideShowPlugin will not optimise the css/js sent when you view a pattern view topic that has a slideshow and tabs and other magic
y, that too
|pharvey||Apache already does gzipping. And I seem to recall google's mod_autowhatever apache module did minification too||[03:00]|
|SvenDowideit||i'm less interested in the gz bit, as i like it when the web server does that
but building it to something useful is important to me
especially when using 30 different jquery plugins
and allowing them to order themselves
|pharvey||Ok. But I don't have time to boil the ocean today. I want to leave BuildContrib building derived files. I just want to delete a bunch of code from pseudo-install||[03:01]|
|gac410||so anyway, pharvey, using buildcontrib to run the compress target makes a lot of sense. I||[03:02]|
|pharvey||ah, bugger. Even if I smarten up configure, I can't rely on the checkout having any new Foswiki::Configure API.||[03:02]|
|pharvey||We might be running pseudo on an old version of Foswiki.||[03:02]|
|gac410||yes. .. so the symlink code needs to stay in pi for now.||[03:03]|
|pharvey||I think I can make it if (new) else (dodgy-install)||[03:03]|
|gac410||I *think* Configure::Package installs from a tmp directory. (unzip then install). So two tweaks needed. Tell it to use the existing unzip. (might already be there), and the move/copy code needs to have symlink option.
Sven.. With the new health check I was thinking we could have a "Stale file checker" which reports on files that *should be removed* and a button to *yes do it*.
|SvenDowideit||just electrodes on the arms
totally virtual twitch
deleting the gz files
|pharvey||well, first thing's first. Need to finish deleting the LocalSite code.||[03:07]|
|SvenDowideit||didn't fix it||[03:08]|
as per email
|gac410||'Invalid opcode in feedback response' is DEFINITELY a stale resources/scripts.js or scripts.js.gz||[03:09]|
|SvenDowideit||mmm, on other box, its a tad weird
but has something
|gac410||(Spent 4 hours on that issue. yesterday. tunrned out it was the gz file.||[03:09]|
|SvenDowideit||course, i use non-js for some configure admining
i wonder if that works still :/
oh ffs, on the other computer it just pops up a log dialog
telling me that my session is too old
but still - configure used to work with lynx
with no js
does it still?
|SvenDowideit||then that will need fixing||[03:11]|
|gac410||well... I can't say that for sure. But the login and save are js dialogs.||[03:11]|
|SvenDowideit||what a quite un-necessary complexity
(i use lynx when the server is behind a stack of firewalls and tunneling makes the BW disgusting)
ok, on this server i'm in a recursive 'Your session has been inactive for too long.' loop
and i can't understand why i would want a popup to login to configure
SvenDowideit contemplates if he might just drop things for a week or 2 to work out why he cares either way
|gac410||SvenDowideit: can you restart your browser,
as for bandwidth, it should be much better. with configure supporting the 302 for browser cached files.
The popups are MUCH better in that the huge configure page doesn't have to be repainted.
|SvenDowideit||gac410 no, i can't
i have way too many things open, and my interweb BW is crud atm
|gac410||Can you try a diff browser temporarily.||[03:18]|
|SvenDowideit||popups are a pointless waste if that means i have to have js to log in
as you're not saving if you goto configure, and then making a popup req
|gac410||If you use apache auth, you will not get a popup.||[03:18]|
|SvenDowideit||i don't need a popup to log in - as the first screen i'm presented with can.... have an enter pwd input in it
as i said in email - i give up, i don't like it, and atm, i don't feel i can release it
mmm, actually, the 'AUTO' thing needs a tweak, i'll have to suggest it later
|gac410||To me it seems like a HUGE step forward. But I never knew you could config without js. I think I tried lynx once and it was not an experience I'd repeat. You can get logged in without js, but save will be an issue I suspect.||[03:23]|
|SvenDowideit||it is a huge step forward
but we want _all_ users to use configure
not just those that happen to have all the wizzbang on
|gac410||hm... lynx seems to be working ... at least I got a plain old login screen||[03:24]|
|SvenDowideit||then why do i not get that when i use chrome and turn off js||[03:25]|
|gac410||no idea. I use lynx about onece in an eon.||[03:25]|
um, you might have js on
i think they added it at some stage recently
|gac410||I get a cookie error on lynx: Accept invalid cookie path=/bin/configure as a prefix of '/bin'? (n)||[03:26]|
|SvenDowideit||re-requesting configure from a new tab
means it still retains the previously changed values?
thats not what i'd expect as a user :/
|gac410||probably ... he added a shopping cart and session.||[03:27]|
|SvenDowideit||thats not good||[03:27]|
|gac410||so if the new tab has the same session, ...||[03:27]|
|SvenDowideit||when i much with configure, then close that window, and then open elsewhere
i'm expecting to have reset those changes
yes - this might just be a retrain and highlight issue
but atm, its a risky surprise isn't it
especally when someone that has used configure for ages is in a hurry?
|gac410||well if you open elsewhere (different site) you should definitely not have the same changes.||[03:29]|
|gac410||same url? same session id?||[03:30]|
|SvenDowideit||i did not enter session id
that has zip to do with me
|gac410||CGI Session ID establised by the browser when authenticated.||[03:30]|
|SvenDowideit||i goto url, i click some options
then i close that tab
open a new tab to sem url
i expect to see configure as it is in cfg file
|gac410||Ah... you might have to click logout||[03:30]|
|SvenDowideit||configure is not a shopping site!
i've never had that before
as i said, thats a pretty major change in how it works
so it needs to highlight that change upfront in big red annoying flashing lights
|gac410||yes. Also it's designed to work without an admin pw.||[03:31]|
|SvenDowideit||assuming that its even vaguely a good idea
which i'm not that conviced of
|gac410||configure. If you choose to remove the admin pw, (disabling sudo) and have http auth for configure, it will be happy.||[03:32]|
|SvenDowideit||we made configure _require_ you to set the admin pwd before you did anything for a very very good reason
and that also needs to be there before /I/ would release
no, i go back to where i was, i'm going to go have lunch and find somethig else to wrk on for a little
|gac410||I've had that argument, and he convinced me. It will be a strongly encouraged, but there are some enterprise sites who would not tolerate a shared pw.||[03:33]|
|SvenDowideit||cos atm, i'm not at all likeing the hidden changes that go with the 'huge improvement'
'some enterprise' are totally irrelevant to the much more divers whole
and can be catered for by another solution that is not insecure by default
SvenDowideit goes - back anon
|gac410||It will work both ways.||[03:34]|
|pharvey||wait. We still force some sort of auth right? out of the gox?
If you have apache auth, then configure will trust it, and setting a su password is optional. if you don't set it, you make enterprise security admins happy
|pharvey||Sounds like we need a big section on configure in the UpgradeGuide||[03:43]|
|pharvey||could make the out-of-the-box behaviour make use of a su password?
so we haven't lost any functionality. Just some more config settings.
|gac410||if configure is not authenticated, then you must set a configure password. If you enter configure with a valid httpauth then configure will trust it.||[03:44]|
|pharvey||so if I use Http auth for Foswiki, and I forget to lock down /bin/configure script in Apache, then any of my users can make updates to configure?
Is there any harm in keeping the old behaviour as default?
|gac410||The configure "change password" dialog has a "rmove password" checkbox, so you can clear the su password. If the su password is set, then I think it still wants it validated
gac410 goes to tweak t.f.o to check
|pharvey||Hmmmm. I'll reserve judgement until I see the UpgradeGuide advice :)||[03:47]|
|gac410||I think we need to write it. Maybe I should start on it.
pharvey. If configure password is set, you must enter it to save, regardless of auth.
So that has not changed.
|pharvey||my other thought is to see "what would wordpress do"||[03:50]|
|gac410||It basically works exactly like it did before. except, it trusts the session authentication, and *if* you choose to remove the configure password, then you can. I think that's a good thing.||[03:53]|
|pharvey||do you get a configure password when setting up from new?||[03:59]|
|gac410||The functions are separated. Password Set is a different button from Save.
He was going to work on that a bit. I'lll clear my config and try it again.,
it's not urgent
I just want to understand
I guess I should run through it myself again
|gac410||No I agree with you ... I need to go through the scenarios as well.
Timothe and I have been arguing a bit.
You get a red box: Warning: You are not using browser (webserver) authentication to access configure, and you have not set a configure password. To protect your wiki, we strongly recommend that you use at least one of these methods to secure your site. You can set a configure password with the Change password button on the configure task bar.
But it doesn't *force* you... you can still save.
I'd still prefer that if you are not authenticated, save be inhibited until you hit change password.
|pharvey||I agree - in fact, is there any reason to allow saves under this condition?||[04:03]|
|gac410||Not that I can think of. And I found a bug. Initial save doesn't re-paint the main window, so none of the other tabs appear.
Timothe said: Perhaps I should make that last case pop-up the Change Password dialog? That would help guide our users. I'll take a stab at that while I'm still thinking about that code.
That's the save with no password and no auth.
So stay tuned.
|gac410||The main screen with all tabs, and the post, are 100k+ iirc. Changing to ajax to only send changed settings, and not re-draw the page has a huge benefit.||[04:08]|
|SvenDowideit||can i be really really clear (as i work to organise a doctor for me
there is absolutly no way i'm releaseing with a configure that will allow a user to see, let along save without there being a pwd set
that tiny gorup that he's using as a reason can have a non-shared pwd implemented properly
|gac410||That is not the case today on 1.1||[04:11]|
|SvenDowideit||without opening up the lazy or incompetent to security breaches
we are idiots, and you made it better
this makes it worse again
|gac410||No... I didn't prompt for password if the session was authenticated. Only it was intermittent/broken.
Okay. if you "logout" clearing your session, then you are forced to enter your password. So your case is covered.
It does not make it worse. it implements cgi sessions correctly. I had botched it. I just verified. Logged out, entered configure, was forced to enter password.
If I do the same thing on trunk.foswiki.org, I am prompted for http password, and go to configure without password popup. Save still requires a password.
That is *exactly* how my code was supposed to work. but it was broken.
It adds a feature that some enterprises will like. You can *choose* to remove the su password, and only set it from configure if you need it. And for some anal security admins, that's a huge thing.
He has not removed any behavior, he added more possibilities.
It's a big change. I was really pretty direct to him that I wasn't happy. But we stepped through the scenarios. Hosted site, windows kick tire user, enterprise ... he has them all covered.
I'll try to write up something in the release notes for you if you want. (Though if you are going to revert it all tell me so I won't waste time :) )
|........ (idle for 37mn)|
|SvenDowideit: made an initial start on rel. notes. Probably needs de-geeking. I'll be offline till tomorrow night
|***||gac410 has left||[04:57]|
|GithubBot||[foswiki] FoswikiBot pushed 1 new commit to master: http://git.io/V2Oo-A
foswiki/master 79e65b7 GeorgeClark: Item9693: Add rel notes on new configure...
|***||GithubBot has left||[05:08]|
|FoswikiBot||http://foswiki.org/Tasks/Item9693 [ Item9693: Documentation updates for Foswiki 2.0 ]||[05:08]|
|.................................................................................................................................................................................. (idle for 14h46mn)|
|GithubBot||[foswiki] FoswikiBot pushed 1 new commit to master: http://git.io/mz1V-Q
foswiki/master e7ed867 TimotheLitt: Item12180: Add more user-friendly version checking for scripts; restructure client feedback. NB: Does not solve all possible version skew errors!...
|***||GithubBot has left||[19:54]|
|FoswikiBot||http://foswiki.org/Tasks/Item12180 [ Item12180: Implementation for AJAXOnDemandCheckersForConfigure ]||[19:54]|
|.................... (idle for 1h38mn)|
|..... (idle for 24mn)|
|hello again :-)
well, I solved my problem with Pootle
indeed, I was doing something wrong :-)
I was straight away clicking on core.po to translate
from the "Overview"
instead of clinking on Translate - Quick translate
to get only the untranslated/fuzzy strings
|↑back Search ←Prev date Next date→ Show only urls||(Click on time to select a line by its url)|