#dev | Logs for 2017-06-06
« return
[23:31:40] -!- Talos [Talos!Talos@Soylent/BotArmy] has joined #dev
[23:27:34] -!- Talos has quit [Quit: SPOON!]
[14:47:09] <paulej72> really need to change the way that page is built
[14:46:40] <paulej72> fucking utf8 bening mangeled by someone's editor
[14:45:52] <paulej72> org_rehash_site_soylent_2dmainpage_htdocs_users_2epl:/srv/soylentnews.org/rehash/site/soylent-mainpage/htdocs/users.pl:492
[14:45:52] <paulej72> [Tue Jun 06 14:45:38 2017] [error] /users.pl:ModPerl::ROOT::ModPerl::Registry::srv_soylentnews_2eorg_rehash_site_soylent_2dmainpage_htdocs_users_2epl:/srv/soylentnews.org/rehash/site/soylent-mainpage/htdocs/users.pl:2146:ID 26, editComm;users;default : file error - parse error - 26 line 167: unexpected token (\xc2\xa9)\n [% reason_select.Touch\xc3\x83\xc2\xa9 %] ;; Which was called by:ModPerl::ROOT::ModPerl::Registry::srv_soylentnews_2e
[14:44:04] <paulej72> someone broke somethin :)
[12:36:27] <FatPhil> I presume it's crapped out, and would hope there's a log
[12:36:16] <FatPhil> It just stops abruptly mid-generation, just after the headers
[12:34:34] <FatPhil> Hmmm, https://dev.soylentnews.org is blank
[12:32:16] <FatPhil> thanks - appreciated!
[12:05:14] <TheMightyBuzzard> figured you might want the code current before i left
[12:04:08] <TheMightyBuzzard> merging, pulling, and deploying to dev
[11:59:39] <TheMightyBuzzard> or you can if you feel like wrapping your head around the slightly odd way we do them
[11:59:11] <TheMightyBuzzard> aight, i gotta bail for the morning. remind me later and i'll write up the proper strip subs for ya.
[11:57:01] <TheMightyBuzzard> more likely we'd just throw up an ad slashbox on the side though and pull a text ad from the db
[11:55:27] <TheMightyBuzzard> not by us, though i suppose it may be in the future if subs ever start drying up too much.
[11:55:01] <FatPhil> I noticed some Ad-related stuff in the code, is that even used any more?
[11:54:27] <TheMightyBuzzard> where $reason may be true, false, or no longer even exist
[11:54:19] <FatPhil> It could also be used to help with the <h4 id="$CID" case too - if it detects /^[^a-zA-Z]/ it prepends a prefix.
[11:53:48] <TheMightyBuzzard> rehash is a massive collection of "optimization is not optimal because of $reason"
[11:53:02] <TheMightyBuzzard> yar, em is easy to write
[11:52:50] <FatPhil> best option would be a new strip_...() helper function then.
[11:52:42] <TheMightyBuzzard> prolly just use a strip_for_id sub and change the applicable bits outside the templates
[11:51:29] <TheMightyBuzzard> newp. we dislike exposing numeric ids so that folks can't just crawl the entire site starting at stoid=1
[11:51:05] <FatPhil> in fact, *anything* could be used as a substitute for that reason, even a random number!
[11:50:36] <FatPhil> yeah, I was wondering if .stoid could be a substitude, the id's only used in the <input> and the <label>
[11:49:57] <TheMightyBuzzard> yeah, sid and stoid get very confused in our code but it'd be a huge mess to fix properly
[11:49:29] <TheMightyBuzzard> mostly though it's best to look at the creation of the story object if you really wanna know
[11:49:28] <FatPhil> it looks like a form.sid is different from a story.sid
[11:49:00] <TheMightyBuzzard> ya, we generally just dump an example for ourselves if necessary
[11:48:07] <FatPhil> because I couldn't find any docmentation when hunting down "dispStory"
[11:47:30] <FatPhil> this comment was a little frustrating: "* story = story data structure (includes story.sid, see dispStory)"
[11:47:12] <TheMightyBuzzard> just s#/#-#g or something
[11:46:46] <TheMightyBuzzard> ya, that could work
[11:46:30] <FatPhil> [% story.sid | strip_for_id %] or something?
[11:46:26] <TheMightyBuzzard> i could do a Data::Dumper of an example $story but there's no documentation aside from reading the code that creates it.
[11:45:29] <TheMightyBuzzard> FatPhil, no, not really. we could modify the value for rendering purposes but taking the slash out of story.sid is not an option.
[11:32:32] <FatPhil> <input type="checkbox" id="more_[% story.sid %]" class="story_...
[11:32:02] <FatPhil> character "/" is not allowed in the value of attribute "ID"
[11:31:50] <FatPhil> as there's more barfing from teh validator at : <input type="checkbox" id="more_17/03/20/1435250" class="story_more" autoco
[11:28:21] <FatPhil> Is there documentation for the 'story' data structure anywhere?
[11:25:53] <FatPhil> getting one mailed to me (but there's a greylist on my server)
[11:22:41] <TheMightyBuzzard> can change it for you if that presents a serious problem
[11:22:27] * TheMightyBuzzard chuckles
[11:20:16] <FatPhil> ah, OK, that requires logging in, which requires remembering my password...
[11:18:38] <TheMightyBuzzard> just adds more options to the one editors get
[11:18:20] <TheMightyBuzzard> not a link, a bar at the top
[11:18:11] <TheMightyBuzzard> FatPhil, top of the page
[11:12:25] <FatPhil> where's the web admin ingress?
[09:56:25] <TheMightyBuzzard> need nicotine
[09:55:28] <TheMightyBuzzard> if you can't find what you're looking for in there i dunno.
[09:54:41] <TheMightyBuzzard> CONFIG->Blocks
[09:54:24] <TheMightyBuzzard> okay, now where do we put those...
[09:53:59] <TheMightyBuzzard> it's just dev privs. you break that it's no biggie.
[09:53:33] <FatPhil> I'm a firm believer in the use of the lowest possible privileges
[09:52:53] <TheMightyBuzzard> just web admin access for the moment. no ssh or anything cause i really don't wanna break our dns for the whole site trying to do it without caffeine.
[09:52:12] <TheMightyBuzzard> or i can give you admin access on dev and you can fix em
[09:51:56] <TheMightyBuzzard> bytram can fix those bits on both prod and dev if you catch him when he has time. so can i but i'd bugger something up right now as evidenced by it taking me two days to write a twelve line pull request.
[09:51:17] <FatPhil> Can someone with DB access fix those URLs, then?
[09:48:58] <FatPhil> ok
[09:48:26] <TheMightyBuzzard> a lot of the sidebar stuff doesn't exist as source since it's going to be site-specific
[09:47:36] <TheMightyBuzzard> oh, that's in an loaded-from-the-db template i believe
[09:46:26] <FatPhil> home fixing chores aren't properly complete until you've glued yourself to the kitchen table.
[09:44:39] <FatPhil> where's the source for the "Featured Articles"? There is some broken html in that block (href's without quotes around the urls)
[09:16:56] <FatPhil> moving into a descendent I can imagine having the potential to go weird, but not moving it into such an ancestor.
[09:14:32] <TheMightyBuzzard> FatPhil, would need testing. might have issues with collapsed states.
[09:12:38] -!- MrPlow [MrPlow!MrPlow@nsa.gov] has joined #dev
[09:12:38] -!- MrPlow has quit [Changing host]
[09:12:38] -!- MrPlow [MrPlow!MrPlow@Soylent/BotArmy] has joined #dev
[09:12:14] <FatPhil> However, I'll not look at that today, I'll go back to the original & cleanup, as there's still loads of them dotted around the place.
[09:11:32] <FatPhil> regarding c$CID or cid_$CID, I still think I prefer just using the comment_$CID which already exists on great-greeat-grandparent, and scrapping the id on the h4 itself.
[09:05:58] -!- MrPlow has quit [Quit: Powered by Rust.]
[01:58:06] -!- MrPlow [MrPlow!MrPlow@nsa.gov] has joined #dev
[01:58:06] -!- MrPlow has quit [Changing host]
[01:58:06] -!- MrPlow [MrPlow!MrPlow@Soylent/BotArmy] has joined #dev
[01:57:01] -!- MrPlow has quit [Read error: Connection reset by peer]
[01:53:40] -!- MrPlow [MrPlow!MrPlow@nsa.gov] has joined #dev
[01:53:40] -!- MrPlow has quit [Changing host]
[01:53:39] -!- MrPlow [MrPlow!MrPlow@Soylent/BotArmy] has joined #dev
[01:53:27] -!- MrPlow has quit [Quit: Powered by Rust.]
[00:53:53] <Bytram> on input, IIUC, we save it in the DB as '&' and when we retrieve it to display it on the site, it translates to a literal '&' glyph...
[00:52:45] <Bytram> and, btw, my prior comments were strictly wrt an '&' appearing in a URI.
[00:52:19] <Bytram> I was talking about lynx.exe on windows -- text only output in a cmd.exe window.
[00:37:58] <TheMightyBuzzard> yar
[00:37:53] <TheMightyBuzzard> lynx supports unicode. you'd have to go older than ie6 to find one that doesn't.
[00:37:47] <Bytram> afk
[00:37:43] <Bytram> hope you're feeling better SOOOOOON!!!!
[00:37:36] <Bytram> and sorry to hear about the coffee withdrawals... those suck!!
[00:37:22] <Bytram> Oh
[00:37:18] <Bytram> okay... I *really* need to get some food... thanks for the chat, I'll continue to ponder, and I'll be biab
[00:37:10] <Bytram> think Lynx or some other text-mode browser.
[00:36:45] <Bytram> newer browsers support unicode, NCEs are still supported in older browsers where unicode might not be.
[00:36:00] <TheMightyBuzzard> they're a relic of a bygone era
[00:35:48] <TheMightyBuzzard> nah, i'd prefer not allowing entities at all now that most everything supports unicode.
[00:35:10] <Bytram> s/7/&/
[00:34:59] <Bytram> if anything, putting out a URI with a 'naked' ampersand is, to me, even MORE prone to being manipulated than if we ALWAYS convert a bare '7' to '&' on input.
[00:34:48] <TheMightyBuzzard> attack ain't specifically necessary. nuisance would be plenty.
[00:34:15] <Bytram> still cannot think of an 'attack vector' with that.
[00:33:49] <Bytram> I've been chewing on the possible interactions for a couple days now
[00:33:11] <Bender> Added quote 9
[00:33:11] <Bytram> !grab TheMightyBuzzard
[00:33:07] <Bytram> ~grab TheMightyBuzzard
[00:32:56] <Bytram> it was not so much all the particular instances of things that I tested, but the various 'strata' of where things were presented in what ways, and were they self-consistent at that strata, and would/could they lead to misinterpretation at upper or lower strata of translation.
[00:31:58] <TheMightyBuzzard> legal or not, i don't want anyone getting funky with the cheeze whiz and using us to do so.
[00:31:28] <Bytram> I tested that =)
[00:31:22] <TheMightyBuzzard> nod nod
[00:31:21] <TheMightyBuzzard> i consider that a flaw.
[00:31:19] <Bytram> we short-circuit that at 5 or 6, IIRC
[00:31:11] <Bytram> yes, I am aware.
[00:31:03] <TheMightyBuzzard> the unicode standard lets you put 500 diacritics on a letter if you want.
[00:31:02] <Bytram> if the browser reads your proposed URI and comes up with a poop emoji, I believe that means there is a bug in the browser.
[00:30:43] <TheMightyBuzzard> not just that, browsers following the standard and the standard being flawed.
[00:30:35] <Bytram> on not being an attack vector.
[00:30:27] <Bytram> agreed.
[00:30:20] <TheMightyBuzzard> and i very much desire that we not be an attack vector for jack or shit.
[00:30:18] <Bytram> are you talking about browser bugs?
[00:29:44] <TheMightyBuzzard> Bytram, WE have nothing to do with if a browser properly parses a url or how many times it does.
[00:29:40] <Bytram> yep
[00:29:16] <TheMightyBuzzard> which is why we don't allow many unicode glyphs or any entities in user supplied urls
[00:29:07] <Bytram> there be dragons, or turtles, all the way down.
[00:28:58] <Bytram> we should NOT be redundantly / recursively interpretting URIs...
[00:28:33] <Bytram> yeah, I see what you are doing there, but...
[00:28:22] <Bytram> party poo-per
[00:27:54] <Bytram> ahh, what is THIS?
[00:27:51] <TheMightyBuzzard> two passes of the parser would produce the poo glyph without an ampersand at all
[00:27:49] <Bytram> I see '&'...
[00:27:42] <Bytram> Ima browser...
[00:27:27] <TheMightyBuzzard> look again
[00:27:11] <Bytram> it will create the translated glyph '&' and follow that with the glyphs for 'x1f4a9;'
[00:27:02] <TheMightyBuzzard> not to mention rtl marks and diacritics and lookalike letters
[00:26:21] <TheMightyBuzzard> Bytram, how about &x1f4a9; ? how should a browser parse that and do all of them parse it the same?
[00:26:07] <Bytram> ahh, okay.
[00:25:36] <Bytram> IOW: changing '&' to '&' in a URI -- should always be a good thing... and should help a page get processed a tiny tad faster, as welll.
[00:25:23] <TheMightyBuzzard> Bytram, all eds have that
[00:23:38] <Bytram> I cannot in ANY way, think of how changing '&' to '&s;' in a URL can cause a problem... if anything, it serves to shortcut the browser from trying to find out if there might be a named character entity (NCE) that followed a 'naked' ampersand.
[00:22:35] <Bytram> oh, and I've been pondering since it was first mentioned...
[00:22:22] * Bytram needs to take a break, make supper, and other stuff... biab
[00:21:46] <Bytram> I suspect he might already have some things set up on dev!
[00:21:26] <Bytram> TheMightyBuzzard: FYI, I thought so... FP already has 100 level privs on https://dev.soylentnews.org
[00:20:36] * Bytram has FB blocked in many incantations in his HOSTS file... cannot view video.
[00:20:01] * TheMightyBuzzard reads the toddler in barbie jeep story and cackles
[00:19:23] <Bytram> hmmm
[00:19:02] <TheMightyBuzzard> i've done the stuff before to set someone up on dev but only the once so it'll take a bit
[00:18:15] <Bytram> and... I second TMB's suggestion about your getting set up with all the gee gaws and doo dads of developerdom here on SN.
[00:17:30] <Bytram> in general, I agree, but would prefer something more descriptive... seeing as c1233456 could be viewed as a valid hex number, for example. better would be: #cid_123456
[00:15:20] <TheMightyBuzzard> FatPhil, if you're going to be doing more than a couple pull requests we should get you set up with a staff login and dev perms so you can test stuff out without having to have wait on me or pj
[00:13:19] <TheMightyBuzzard> it may be redundant but it will be the least likely adjustment to break anything
[00:12:34] <TheMightyBuzzard> FatPhil, Bytram, I think in this case it'd be the least amount of effort to change #123456 to #c123456
[00:08:49] <Bytram> break time
[00:08:45] <Bytram> Lastly, I apologize if I misunderstood what you wrote and you already grok all this... if nothing else, it helped ME to better understand how it all pulls together.
[00:07:55] <Bytram> Compared to PJ and TMB, I'm still getting started, but just getting so far as to really understand and internalize the forgoing made understanding the rest of the selectors and ways to apply them make sense.
[00:06:29] <Bytram> and for an excellent explanation, with examples, of specificity, see: https://css-tricks.com
[00:01:40] <Bytram> If there is a 'conflict' as to whether an id, a class, or an element name should be selected, assuming all are specified at the same level, the id will win out over a conflicting class, which will, in turn, win out over a conflicting style for an element.