#foswiki 2012-11-17,Sat

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***flexibeast has left [00:08]
........................... (idle for 2h10mn)
SvenDowideitgac410
the final resting place for builds : http://fosiki.com/Foswiki_Release01x01/
and that says all was good til the 13th
which means.....
that my build server has been dead?
SvenDowideit potters off to find out
yup, all vm's on that server were off - had a power outage a few days ago, and clearly havn't been watching
[02:18]
i've started them, but i think they're fsckin [02:26]
pharveyoOOoo
pharvey checks ReleaseBlockers
[02:27]
SvenDowideitlast night i found one reason erp is busted
it looks like the html has been converted to POST, but the code isn't
so lots of things result in cancel
i will probly work on that next week :(
oh, i like this implementation of a table of contents
https://httpkit.com/resources/HTTP-from-the-Command-Line/?utm_source=statuscode&utm_medium=email
useful, but not using up the first page
whereas ours is so totally in the way
[02:29]
pharveyOoooh DBD::SQLite::db do failed: database is locked at /usr/home/trunk.foswiki.org/core/lib/Foswiki/PageCache/DBI.pm line 451. [02:33]
gac410SvenDowideit: yeah. I have been putting it in a float right, so at least it doesn't make you scroll down to find anything. [02:34]
SvenDowideitits really terrible what we do :) [02:35]
gac410yes.
Did you see Timothe's "Configuration Audit" page. Looks like it added the run all the checkers function you wanted.
[02:35]
pharveyis it just a matter of making a new div.class and asking Arthur to style it? [02:37]
SvenDowideitgac410 i never got to it
i get an enter passwd page
and no input box to do so
emailed you guys about it, but i presume its something simple
pharvey na, that url i sent is much nicer
[02:37]
gac410If you pseudo-install make sure all the stale gz files are removed. [02:38]
SvenDowideit'make sure' == do what? [02:38]
gac410pi creates them but doesn't remove them. [02:38]
SvenDowideitit should update them if the source has changed
else its a bug...
[02:38]
gac410pseudo-install bug
find lib -iname *.gz | xargs rm
[02:39]
pharveypseudo has *never* updated them. [02:40]
gac410it just creates them [02:40]
pharveyok. I'm in there today. I'll think about how to do this without reproducing half of configure and half of BuildContrib [02:40]
gac410Configure is quite happy using the uncompressed if you just remove the gz files. [02:41]
pharveyI actually wish pseudo didn't bother creating compressed .gz in the first place [02:41]
gac410yeah. or at least if it was optional. [02:42]
pharveyif we're using ACG apache configs, the .gz only gets served if the rewrite rule finds an .gz version of the requested js/css file
OTOH, some people (like me) are running pseudo-installed sites, because we're utterly utterly mad
[02:42]
gac410configure has it's own file server since it can't count on apache. Always has. But it never did gz before. [02:43]
pharveyin the past if just run ./build.pl on contribs first, then pseudo-install
I just run*
hmmmm
SvenDowideit: can we make pseudo-install depend on core *and* BuildContrib? :P
[02:43]
SvenDowideitso you are saying, yes, pseudo-install is buggy
not news, but harumpf.
[02:44]
pharveypseudo works as designed. It's designed to be stupid. We're only expecting more of it because we've been making it less stupid. [02:45]
SvenDowideitno
i expect it to update out of date files
thats very simple
[02:45]
pharveyhow very user-centric of you! [02:45]
SvenDowideitif it does not, then its just hiding bugs
and the point of it is to help us find bugs before we build a release
so....
[02:46]
pharveywhich is why I've always cleaned down first, so I assumed everybody else did that too. [02:46]
SvenDowideitno
there should be no need to run more than one command
[02:46]
gac410yeah. that's become my mode to esp. switching branches. [02:46]
SvenDowideitespecially when that command is a script [02:46]
gac410IMO it's a developer tool. it isn't intended to be all things for all users. [02:47]
SvenDowideitSvenDowideit find it frightening how many people write scripts to run srcipts that are supposed to help us
did you notice.... I am a developer
i refute the sensibility that i shoudl type 6 commands
when one of those exists only to be a developer helpr script
[02:47]
pharveyI don't want to maintain another implementation of BuildContrib. So, SvenDowideit, as 1.2 RM and gac410 as 1.1 RM, are you happy for both core and BuildContrib to become dependencies for pseudo-install? [02:48]
gac410The use case has changed. It used to sit in an svn checkout. Extension and js versions seldom change. Now with git, we from from release to release, and the extensions ALL change. [02:48]
SvenDowideitgac410 no
the use case, and the gz issue existed in svn land too
we just didn't change the files as much
[02:48]
gac410right, but it was not as frequent to encounter. [02:48]
SvenDowideitso the use case is the same
its just the bug is more important than it was
it has always been a bug
pharvey i don't really like it no
what is in build contrib that you need
[02:48]
gac410pharvey, I have no objection to use of buildcontrib. [02:49]
SvenDowideitand does it perhaps belong in F::Configure? [02:49]
gac410compress, minify, why should pi duplicate it. [02:49]
SvenDowideiti do not ask for duplication
i'm asking why there are 3 separate tools
and if there is scope to move the components around
BuildContrib requires core
[02:50]
gac410only 2. Configure does not *build* extensions. It only copies files per manifest.
PI and Build have to build zipped / compressed files from the manifest.
[02:50]
SvenDowideit3 tools - core (as shipped)
buildcontrib
and the weird bastard pseudo-install
i wonder for eg
if the zip/compress/append js / css code might not eventually need to be in configure
[02:50]
gac410sigh... core does not build. never has. I can't see why it would. [02:51]
SvenDowideitto implement the network optimisation feat req
for eg
[02:52]
pharveySvenDowideit: I am of course talking about deleting code and moving it around to where it belongs, but I don't feel I have the time to make configure magically replace pseudo-install.pl this very day. Perhaps if I give BuildContrib a symlink-install capability, and make pseudo-install lean on BuildContrib for doing symlink/copy installs, this effort isn't wasted if/when we get to a magical configure-does-everything future. [02:52]
SvenDowideitthe other approach that could make sense [02:52]
pharveygac410: I'm adding some dependency to Foswiki::Configure so that pseudo doesn't have to parse or manipulate LocalSite on its own. [02:53]
FoswikiBothttp://trunk.foswiki.org/System/PerlDoc?module=Foswiki::Configure [02:53]
SvenDowideitis to pretend that pseudo-install is _in_ BuildContrib (notionally, not really)
which might be more the current reality
[02:53]
pharveyWe rely on BuildContrib conventions, but there's no code re-use AFAICT [02:53]
SvenDowideity - notional
wait - pharvey thats why i asked
[02:54]
gac410thb, as dev tools, I don't care a bit about what depends upon what. So cross-dep between pi, & bc is perfectly fine with me. [02:54]
SvenDowideitwhat parts of BuildContrib are you wanting
as symlink installatoin is somewhat paralell to the extension installation code
[02:54]
pharveyI want to lean on BuildContrib to do the build [02:54]
SvenDowideitthat is in configure [02:54]
pharveyi don't want to see MANIFEST parsing, faking gz/minified files, and pretending to know about dependencies [02:55]
gac410as far as depending on configure. ah... true. good pont. [02:55]
pharveyin pesudo-install [02:55]
gac410yes. +1 build "builds the package" and configure::Package installs it with symlinks. [02:55]
SvenDowideitand a git/svn checkout doesn't 'build a package' is just installs using symlinks?
so pesudo-install code already makes sense to have in configure
[02:56]
pharveywe have had bugs in the past that were masked from pseudo-install setups due to the difference in how /bin/configure treats LocalSite.cfg [02:56]
SvenDowideitSvenDowideit turns everything upside down
y - no arument there
but that is not part of why you're wanting pseudo-install to depend on BuildContrib
[02:56]
pharveyNo. I want BuildContrib to build the derived files [02:57]
SvenDowideitwhich i'm not sure i understand [02:57]
gac410having pi leverage BC's build (zipping, minifying, etc) and using Package to install [02:57]
SvenDowideity, and i'm suggesting that we invert that [02:58]
pharveyAnd if BuildContrib is smart enough, it will update derived files that have become stale [02:58]
SvenDowideitzipping and minifying is _very_ likely t be pulled into core in the future [02:58]
pharveyAm I stupid? I .. am having trouble thinking of why [02:58]
SvenDowideitas it will be needed to optimse js and css as per 'i can't recal the feat req' [02:58]
pharveyoh. The auto-concat-static-css/js thingy? [02:59]
gac410If CSS contains dynamic content, then you need to compress after render. [02:59]
SvenDowideitbecause building SlideShowPlugin will not optimise the css/js sent when you view a pattern view topic that has a slideshow and tabs and other magic
y, that too
[02:59]
pharveyApache already does gzipping. And I seem to recall google's mod_autowhatever apache module did minification too [03:00]
SvenDowideiti'm less interested in the gz bit, as i like it when the web server does that
but building it to something useful is important to me
especially when using 30 different jquery plugins
and allowing them to order themselves
[03:00]
pharveyOk. But I don't have time to boil the ocean today. I want to leave BuildContrib building derived files. I just want to delete a bunch of code from pseudo-install [03:01]
gac410so anyway, pharvey, using buildcontrib to run the compress target makes a lot of sense. I [03:02]
pharveyah, bugger. Even if I smarten up configure, I can't rely on the checkout having any new Foswiki::Configure API. [03:02]
gac410right. [03:02]
pharveyWe might be running pseudo on an old version of Foswiki. [03:02]
gac410yes. .. so the symlink code needs to stay in pi for now. [03:03]
pharveyI think I can make it if (new) else (dodgy-install) [03:03]
gac410I *think* Configure::Package installs from a tmp directory. (unzip then install). So two tweaks needed. Tell it to use the existing unzip. (might already be there), and the move/copy code needs to have symlink option.
Sven.. With the new health check I was thinking we could have a "Stale file checker" which reports on files that *should be removed* and a button to *yes do it*.
[03:04]
SvenDowideitjust electrodes on the arms
totally virtual twitch
mmm
deleting the gz files
[03:06]
pharveywell, first thing's first. Need to finish deleting the LocalSite code. [03:07]
SvenDowideitdidn't fix it [03:08]
gac410browser cache? [03:08]
SvenDowideitoff
as per email
[03:08]
gac410'Invalid opcode in feedback response' is DEFINITELY a stale resources/scripts.js or scripts.js.gz [03:09]
SvenDowideitmmm, on other box, its a tad weird
but has something
[03:09]
gac410(Spent 4 hours on that issue. yesterday. tunrned out it was the gz file. [03:09]
SvenDowideitcourse, i use non-js for some configure admining
i wonder if that works still :/
oh ffs, on the other computer it just pops up a log dialog
repeatedly
telling me that my session is too old
but still - configure used to work with lynx
with no js
does it still?
[03:09]
gac410nope. [03:10]
SvenDowideitthen that will need fixing [03:11]
gac410well... I can't say that for sure. But the login and save are js dialogs. [03:11]
SvenDowideitwhat a quite un-necessary complexity
(i use lynx when the server is behind a stack of firewalls and tunneling makes the BW disgusting)
ok, on this server i'm in a recursive 'Your session has been inactive for too long.' loop
and i can't understand why i would want a popup to login to configure
SvenDowideit contemplates if he might just drop things for a week or 2 to work out why he cares either way
[03:11]
gac410SvenDowideit: can you restart your browser,
as for bandwidth, it should be much better. with configure supporting the 302 for browser cached files.
The popups are MUCH better in that the huge configure page doesn't have to be repainted.
[03:15]
SvenDowideitgac410 no, i can't
i have way too many things open, and my interweb BW is crud atm
[03:17]
gac410Can you try a diff browser temporarily. [03:18]
SvenDowideitpopups are a pointless waste if that means i have to have js to log in
as you're not saving if you goto configure, and then making a popup req
[03:18]
gac410If you use apache auth, you will not get a popup. [03:18]
SvenDowideiti don't need a popup to log in - as the first screen i'm presented with can.... have an enter pwd input in it
as i said in email - i give up, i don't like it, and atm, i don't feel i can release it
mmm, actually, the 'AUTO' thing needs a tweak, i'll have to suggest it later
[03:19]
gac410To me it seems like a HUGE step forward. But I never knew you could config without js. I think I tried lynx once and it was not an experience I'd repeat. You can get logged in without js, but save will be an issue I suspect. [03:23]
SvenDowideitit is a huge step forward
but we want _all_ users to use configure
not just those that happen to have all the wizzbang on
[03:24]
gac410hm... lynx seems to be working ... at least I got a plain old login screen [03:24]
SvenDowideitthen why do i not get that when i use chrome and turn off js [03:25]
gac410no idea. I use lynx about onece in an eon. [03:25]
SvenDowideitoh huh?
um, you might have js on
i think they added it at some stage recently
mmm
interesting
[03:25]
gac410I get a cookie error on lynx: Accept invalid cookie path=/bin/configure as a prefix of '/bin'? (n) [03:26]
SvenDowideitre-requesting configure from a new tab
means it still retains the previously changed values?
thats not what i'd expect as a user :/
[03:26]
gac410probably ... he added a shopping cart and session. [03:27]
SvenDowideitthats not good [03:27]
gac410so if the new tab has the same session, ... [03:27]
SvenDowideitwhen i much with configure, then close that window, and then open elsewhere
i'm expecting to have reset those changes
yes - this might just be a retrain and highlight issue
but atm, its a risky surprise isn't it
especally when someone that has used configure for ages is in a hurry?
[03:28]
gac410well if you open elsewhere (different site) you should definitely not have the same changes. [03:29]
SvenDowideitsame foswiki
new tab
[03:29]
gac410same url? same session id? [03:30]
SvenDowideiti did not enter session id
that has zip to do with me
[03:30]
gac410CGI Session ID establised by the browser when authenticated. [03:30]
SvenDowideiti goto url, i click some options
then i close that tab
open a new tab to sem url
i expect to see configure as it is in cfg file
[03:30]
gac410Ah... you might have to click logout [03:30]
SvenDowideitconfigure is not a shopping site!
i've never had that before
as i said, thats a pretty major change in how it works
so it needs to highlight that change upfront in big red annoying flashing lights
[03:30]
gac410yes. Also it's designed to work without an admin pw. [03:31]
SvenDowideitassuming that its even vaguely a good idea
which i'm not that conviced of
what is?
[03:31]
gac410configure. If you choose to remove the admin pw, (disabling sudo) and have http auth for configure, it will be happy. [03:32]
SvenDowideitwe made configure _require_ you to set the admin pwd before you did anything for a very very good reason
and that also needs to be there before /I/ would release
no, i go back to where i was, i'm going to go have lunch and find somethig else to wrk on for a little
[03:32]
gac410I've had that argument, and he convinced me. It will be a strongly encouraged, but there are some enterprise sites who would not tolerate a shared pw. [03:33]
SvenDowideitcos atm, i'm not at all likeing the hidden changes that go with the 'huge improvement'
'some enterprise' are totally irrelevant to the much more divers whole
and can be catered for by another solution that is not insecure by default
SvenDowideit goes - back anon
[03:33]
gac410It will work both ways. [03:34]
pharveywait. We still force some sort of auth right? out of the gox?
argh, box*
[03:42]
gac410yes.
If you have apache auth, then configure will trust it, and setting a su password is optional. if you don't set it, you make enterprise security admins happy
[03:42]
pharveySounds like we need a big section on configure in the UpgradeGuide [03:43]
gac410yes [03:43]
pharveycould make the out-of-the-box behaviour make use of a su password?
so we haven't lost any functionality. Just some more config settings.
[03:43]
gac410if configure is not authenticated, then you must set a configure password. If you enter configure with a valid httpauth then configure will trust it. [03:44]
pharveyso if I use Http auth for Foswiki, and I forget to lock down /bin/configure script in Apache, then any of my users can make updates to configure?
Is there any harm in keeping the old behaviour as default?
[03:46]
gac410The configure "change password" dialog has a "rmove password" checkbox, so you can clear the su password. If the su password is set, then I think it still wants it validated
gac410 goes to tweak t.f.o to check
[03:46]
pharveyHmmmm. I'll reserve judgement until I see the UpgradeGuide advice :) [03:47]
gac410I think we need to write it. Maybe I should start on it.
pharvey. If configure password is set, you must enter it to save, regardless of auth.
So that has not changed.
[03:48]
pharveymy other thought is to see "what would wordpress do" [03:50]
gac410It basically works exactly like it did before. except, it trusts the session authentication, and *if* you choose to remove the configure password, then you can. I think that's a good thing. [03:53]
pharveydo you get a configure password when setting up from new? [03:59]
gac410The functions are separated. Password Set is a different button from Save.
He was going to work on that a bit. I'lll clear my config and try it again.,
[03:59]
pharveyok
it's not urgent
I just want to understand
I guess I should run through it myself again
[04:00]
gac410No I agree with you ... I need to go through the scenarios as well.
Timothe and I have been arguing a bit.
You get a red box: Warning: You are not using browser (webserver) authentication to access configure, and you have not set a configure password. To protect your wiki, we strongly recommend that you use at least one of these methods to secure your site. You can set a configure password with the Change password button on the configure task bar.
But it doesn't *force* you... you can still save.
I'd still prefer that if you are not authenticated, save be inhibited until you hit change password.
[04:00]
pharveyI agree - in fact, is there any reason to allow saves under this condition? [04:03]
gac410Not that I can think of. And I found a bug. Initial save doesn't re-paint the main window, so none of the other tabs appear.
Timothe said: Perhaps I should make that last case pop-up the Change Password dialog?  That would help guide our users.  I'll take a stab at that while I'm still thinking about that code.

That's the save with no password and no auth.
So stay tuned.
[04:04]
pharveygreat :) [04:05]
gac410The main screen with all tabs, and the post, are 100k+ iirc. Changing to ajax to only send changed settings, and not re-draw the page has a huge benefit. [04:08]
SvenDowideitcan i be really really clear (as i work to organise a doctor for me
there is absolutly no way i'm releaseing with a configure that will allow a user to see, let along save without there being a pwd set
that tiny gorup that he's using as a reason can have a non-shared pwd implemented properly
[04:10]
gac410That is not the case today on 1.1 [04:11]
SvenDowideitwithout opening up the lazy or incompetent to security breaches
correct
we are idiots, and you made it better
this makes it worse again
[04:11]
gac410No... I didn't prompt for password if the session was authenticated. Only it was intermittent/broken.
Okay. if you "logout" clearing your session, then you are forced to enter your password. So your case is covered.
It does not make it worse. it implements cgi sessions correctly. I had botched it. I just verified. Logged out, entered configure, was forced to enter password.
If I do the same thing on trunk.foswiki.org, I am prompted for http password, and go to configure without password popup. Save still requires a password.
That is *exactly* how my code was supposed to work. but it was broken.
It adds a feature that some enterprises will like. You can *choose* to remove the su password, and only set it from configure if you need it. And for some anal security admins, that's a huge thing.
He has not removed any behavior, he added more possibilities.
It's a big change. I was really pretty direct to him that I wasn't happy. But we stepped through the scenarios. Hosted site, windows kick tire user, enterprise ... he has them all covered.
I'll try to write up something in the release notes for you if you want. (Though if you are going to revert it all tell me so I won't waste time :) )
[04:12]
........ (idle for 37mn)
SvenDowideit: made an initial start on rel. notes. Probably needs de-geeking. I'll be offline till tomorrow night
g'night all
[04:57]
***gac410 has left [04:57]
pharveyg'night [04:57]
GithubBot[foswiki] FoswikiBot pushed 1 new commit to master: http://git.io/V2Oo-A
foswiki/master 79e65b7 GeorgeClark: Item9693: Add rel notes on new configure...
[05:08]
***GithubBot has left [05:08]
FoswikiBothttp://foswiki.org/Tasks/Item9693 [ Item9693: Documentation updates for Foswiki 2.0 ] [05:08]
.................................................................................................................................................................................. (idle for 14h46mn)
GithubBot[foswiki] FoswikiBot pushed 1 new commit to master: http://git.io/mz1V-Q
foswiki/master e7ed867 TimotheLitt: Item12180: Add more user-friendly version checking for scripts; restructure client feedback. NB: Does not solve all possible version skew errors!...
[19:54]
***GithubBot has left [19:54]
FoswikiBothttp://foswiki.org/Tasks/Item12180 [ Item12180: Implementation for AJAXOnDemandCheckersForConfigure ] [19:54]
.................... (idle for 1h38mn)
RaulFRhello :-) [21:32]
..... (idle for 24mn)
hello again :-)
well, I solved my problem with Pootle
indeed, I was doing something wrong :-)
I was straight away clicking on core.po to translate
from the "Overview"
instead of clinking on Translate - Quick translate
to get only the untranslated/fuzzy strings
[21:56]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)