Wednesday, 26 September 2012< ^ >
arjan has set the subject to: Zotonic - the Erlang Content Management Framework
Room title: "Zotonic"
Allow users to change subject
Allow users to send private messages
Allow users to query other users
Allow users to send invites
Make room semianonymous
Default users as participants
Make room members-only
Make room moderated
Make room password protected
Make room persistent
Make room public searchable
Make participants list public
[06:53:50] andreas.stenius joins the room
[08:56:59] arjan joins the room
[09:11:34] Ilya Rezvov joins the room
[09:15:54] maas.maarten.zeeman joins the room
[10:35:40] <arjan> tweaked the docs style a bit
[10:36:15] <arjan> fixed-width is easier to read
[10:58:44] <Marc Worrell> how are they on your tablet? In portrait?
[11:00:44] <arjan> lets see
[11:02:23] <arjan> like this: http://dl.dropbox.com/u/5400369/zotonic-docs-nexus7.png
[11:02:44] <Marc Worrell> and vertical?
[11:03:04] <arjan> oh, that's what portrait means
[11:03:04] <arjan> :P
[11:03:17] <Marc Worrell> you tablet newby ;-)
[11:03:58] <arjan> http://dl.dropbox.com/u/5400369/device-2012-09-26-110336.png
[11:04:31] <Marc Worrell> ver readable :)
[11:04:34] <Marc Worrell> good
[11:04:37] <Marc Worrell> very
[11:07:49] <arjan> yep
[11:38:47] <andreas.stenius> nice :)
[11:40:00] maas.maarten.zeeman leaves the room
[11:42:45] maas.maarten.zeeman joins the room
[12:33:44] arjan leaves the room
[12:34:45] arjan joins the room
[13:28:09] <andreas.stenius> is MIT license compatible with the APL? Found this: http://createjs.org/ Anyone familiar with it??
[13:29:58] <Marc Worrell> MIT and BSD are compatible (afaik), they allow even more than the APL
[13:30:42] <andreas.stenius> just reading the first few pages, but it seems like a nice lib...
"This way the DOM will automatically stay in sync when data changes, whether that happens by user interaction like editing, or through some server communications (we’ve done collaborative editing demos <https://github.com/bergie/ViePalsu> over WebSockets, for instance)."
[13:31:55] <maas.maarten.zeeman> That looks cool. Have played with content-editable only. It is pretty handy
[13:32:23] <maas.maarten.zeeman> Pasting text with markup will work too.
[13:32:39] <andreas.stenius> Yeah, it's like an editor on steroids :P
[13:40:59] <andreas.stenius> on the note of editors: http://hallojs.org/demo/markdown/
[13:42:31] <andreas.stenius> ah, that was based on contentEditable... :)
[13:45:29] <maas.maarten.zeeman> I have made a sort of pinboard site where you could paste web-snippets on index-cards. It worked with content editable. Was a toy site. With this i can easily make it work much better.
[13:47:23] <Marc Worrell> still uses contenteditable indeed - so a bit of a hell to keep things in sync between browsers
[13:47:45] <Marc Worrell> click & popup a markdown editor works better, I think
[13:48:17] <arjan> on a related note, seen this? http://jetstrap.com/
[13:48:24] <arjan> might be nice for creating admin screens / forms
[13:48:26] <arjan> :)
[13:48:55] <maas.maarten.zeeman> @marc You mean two people editing the same page at the same time?
[13:49:46] <Marc Worrell> yep
[13:50:20] <Marc Worrell> @arjan jetstrap could be handy for creating templates & static pages
[13:50:40] <Marc Worrell> a more visual kind of editor for simple page layouts could be nice
[13:51:03] <Marc Worrell> you might even want to drag&drop resource properties :p
[13:58:17] <maas.maarten.zeeman> That's easier than working with wordpress :-)
[16:13:54] <Marc Worrell> Should we have a SSL 'secure' version of all the postbacks?
[16:14:32] <Marc Worrell> Maybe always use wss and https for all server side communication, even from a normal http page… just an idea
[16:14:40] <maas.maarten.zeeman> For a ssl site. Yes. Otherwise you get mixed content.
[16:15:38] <Marc Worrell> in the admin we have the problem that you also have movies (youtube, yandex etc), which are generally not delivered over SSL
[16:15:41] <maas.maarten.zeeman> Wanted to start with that couple of weeks ago. Unfortunately it is not a prio anymore.
[16:16:22] <Marc Worrell> is wss a problem? I think it should work "out of the box"
[16:16:53] <Marc Worrell> (as we use the same port/host as for the rest of the site)
[16:17:06] <Marc Worrell> only comet long poll on alternative URLs is a problem for SSL
[16:17:07] <maas.maarten.zeeman> Hmm dunno really. Haven't looked at it in much detail
[16:17:29] <maas.maarten.zeeman> is it? you mean for certificate
[16:17:39] <maas.maarten.zeeman> you need wildcard certs i think
[16:17:56] <Marc Worrell> for comet long poll on IE, I am afraid so
[16:18:33] <Marc Worrell> and on mobile, I guess - not all mobile browsers support Websockets
[16:18:45] <maas.maarten.zeeman> Does IE support wildcard certs or not?
[16:19:18] <maas.maarten.zeeman> We need both. Websockets won't work in corporate environments. Proxies....
[16:24:13] <Marc Worrell> "However, in most web browsers (including Internet Explorer) SSL Wildcard Certificates won't work for multiple levels"
[16:24:46] <Marc Worrell> so only "*.example.com" and not "*.comet.example.com"
[16:24:50] <maas.maarten.zeeman> Huh. I was just reading something else which says the opposite.
[16:24:53] <maas.maarten.zeeman> :-)
[16:25:20] <Marc Worrell> This quote comes from a site selling those certs
[16:25:27] <maas.maarten.zeeman> Sigh.
[16:25:31] <Marc Worrell> http://www.sslshopper.com/best-ssl-wildcard-certificate.html (via Google)
[16:26:01] <maas.maarten.zeeman> I was reading this one: http://www.digicert.com/ssl-support/wildcard-compatibility.htm
[16:26:16] <Marc Worrell> These people are super cheap: http://www.startssl.com/?app=40
[16:26:39] <maas.maarten.zeeman> Nice handing over security to the lowest bidder.
[16:26:48] <Marc Worrell> of course
[16:26:56] <Marc Worrell> cheaper is better :p
[16:27:19] <Marc Worrell> you can also take a reseller: http://www.namecheap.com/ssl-certificates/geotrust-ssl-certificates.aspx
[16:27:30] <Marc Worrell> cheaper than the source (RapidSSL)
[16:27:52] <maas.maarten.zeeman> Nice $5000 warrenty.
[16:28:37] <Marc Worrell> http://www.namecheap.com/ssl-certificates/comodo.aspx has your wildcard for 85 US$
[16:30:04] <maas.maarten.zeeman> I tested locally with a self-signed wildcard cert. Only with chrome though.
[16:30:23] <Marc Worrell> that is even cheaper :p
[16:30:24] <maas.maarten.zeeman> It seemed to be the most picky browser regarding mixed content. Other browsers just didn't care
[16:30:32] <maas.maarten.zeeman> Just press ok
[16:30:54] <Marc Worrell> BTW https://github.com/zotonic/mod_vault
[16:31:11] <Marc Worrell> in what way was Chrome complaining?
[16:31:34] <maas.maarten.zeeman> If you have a ssl site and show non-ssl content (or scripts)
[16:31:56] <maas.maarten.zeeman> It just blocks and shows nothing.
[16:33:06] <Marc Worrell> yuck - that happens when we have an embedded youtube video
[16:34:13] <maas.maarten.zeeman> Will take a peek at your code. Looks ok, but will have to check the password thing. I remember I had to do something special before you could stick it in de decrypt functions.
[16:34:39] <maas.maarten.zeeman> password to key or something
[16:34:43] <Marc Worrell> a security audit is welcome
[16:34:52] <Marc Worrell> I use blowfish to secure the private key
[16:35:09] <maas.maarten.zeeman> blowfish is ok, as is aes, 3des
[16:35:36] <Marc Worrell> and also to encode data, the blowfish key is then encoded using the public key and combined with the encrypted data.
[16:35:49] <maas.maarten.zeeman> Some security export told me to always use cfb so that is fine too.
[16:36:10] <Marc Worrell> I use blowfish_cfb64_encrypt
[16:36:51] <Marc Worrell> is nice I have now a secure storage of uploaded credit card forms.
[16:37:08] <Marc Worrell> of course, when somebody hacks the server and then starts listening then they can still decode it.
[16:37:29] <maas.maarten.zeeman> Yes.
[16:37:55] <Marc Worrell> at least this mod_vault is quite generic.
[16:38:30] <Marc Worrell> adds a menu item to the Auth admin menu, where you can create keys, copy keys between users and change passwords of private keys.
[16:38:50] <maas.maarten.zeeman> That is really nice.
[16:39:04] <Marc Worrell> of course, that screen is protected with the 'vault' key, which is stored in the vault. :p
[16:39:19] <maas.maarten.zeeman> password 123456
[16:39:31] <Marc Worrell> of course, what else?
[16:39:57] <maas.maarten.zeeman> You have to start somewhere. :-)
[16:40:29] <Marc Worrell> idea is that you can remove someone's access (or change the password) when that person's laptop is stolen.
[16:41:00] <Marc Worrell> or when that person is stuck at the US border, which is the same as having your laptop stolen.
[16:45:13] <maas.maarten.zeeman> Sigh. That was even the case pre 9/11
[16:45:43] <Marc Worrell> yep, and now worse.
[16:46:23] <Marc Worrell> And I have this customer… women on waves… they are a prime target for overzealous "law" enforcement.
[16:47:20] <maas.maarten.zeeman> Better to be safe for them and remove access prior to flights than.
[16:47:35] <Marc Worrell> But… SSL and "media". Shall we just ignore generating media when on a SSL connection and generate the 'still' image instead?
[16:47:48] <Marc Worrell> Might be a solution to get the admin on SSL.
[16:48:26] <maas.maarten.zeeman> Or proxy insecure media.
[16:48:58] <Marc Worrell> hmmm, that is a whole lot of work - and I don't want to have an open proxy for youtube movies...
[16:49:10] <maas.maarten.zeeman> Thumbnail will work fine for the admin :-)
[16:49:17] <Marc Worrell> indeed
[16:50:08] <maas.maarten.zeeman> This vault surely needs ssl
[16:51:39] <maas.maarten.zeeman> Tss. can't spot this stupid syntax error here. Error before '->'
[16:52:02] <maas.maarten.zeeman> Time to jump on my bike and head home I guess.
[16:52:31] <Marc Worrell> compile error?
[16:53:10] <maas.maarten.zeeman> Sigh missing of in a case.
[16:53:23] <Marc Worrell> in your code? or in mod_vault?
[16:53:31] <maas.maarten.zeeman> Sorry, my code here.
[16:53:35] <Marc Worrell> ok :p
[16:53:47] <Marc Worrell> I often miss some ) -> of ;
[16:54:22] <maas.maarten.zeeman> Ja of dit <<"test>>"
[16:54:40] <Marc Worrell> X =<<"aaa">>,
[16:54:42] <Marc Worrell> also fun
[16:55:27] <arjan> yes
[16:55:33] <arjan> that sucks :)
[16:55:56] <maas.maarten.zeeman> eeks
[16:58:10] <maas.maarten.zeeman> Really nice things after some hours of coding.
[16:59:35] <Marc Worrell> :)
[17:33:30] maas.maarten.zeeman leaves the room
[17:36:04] Ilya Rezvov leaves the room
[17:36:32] Ilya Rezvov joins the room
[17:52:38] Ilya Rezvov leaves the room
[18:00:35] arjan leaves the room
[18:28:44] arjan joins the room
[19:32:44] arjan leaves the room
[21:05:10] <Marc Worrell> Looks like the lager parse transform in the Emakefile doesn't work, should we specify it differently?
[22:15:47] maas.maarten.zeeman joins the room
[22:46:46] andreas.stenius leaves the room
[22:59:20] maas.maarten.zeeman leaves the room