Wednesday, 27 March 2013< ^ >
arjan has set the subject to: Zotonic - the Erlang Content Management Framework
Room Configuration

[06:21:38] Kaos joins the room
[07:27:45] Maas joins the room
[08:01:48] Arjan joins the room
[08:02:55] Maas leaves the room
[08:06:13] Maas joins the room
[08:06:15] Maas leaves the room
[08:16:10] Arjan leaves the room
[08:36:41] Arjan joins the room
[09:15:46] simon.smithies joins the room
[09:27:46] Marc Worrell joins the room
[09:27:54] <Marc Worrell> Nice presentation: http://www.erlang-factory.com/upload/presentations/791/HuffingtonPost.pdf
[09:27:54] Andreas Stenius leaves the room
[09:28:08] <Marc Worrell> They use SockJS - anybody used it?
[09:41:48] Maas joins the room
[09:43:13] Maas leaves the room
[10:23:19] simon.smithies leaves the room
[11:13:04] arcusfelis joins the room
[13:43:00] maas.maarten.zeeman joins the room
[13:47:21] <maas.maarten.zeeman> No, sounds like a nice lib. For channel I have made something myself. websocket + comet fallback mechanism
[13:54:13] <maas.maarten.zeeman> Made it into a bus like api on the other end. Each end-point has a bus_handler module which processes incoming and outgoing messages. The handlers are placed in a process pool.
[13:54:55] <maas.maarten.zeeman> Maybe it would be nice to attach it to sockjs instead of the js code I rolled myself.
[15:14:11] arcusfelis leaves the room
[15:39:36] arcusfelis joins the room
[16:04:04] Arjan leaves the room
[16:14:31] Arjan joins the room
[17:18:14] maas.maarten.zeeman leaves the room
[20:07:53] Maas joins the room
[20:45:09] <Maas> Reading that huffington post thingy.... Tempted to write something about mod_signal. It already does all that, but a bit easier. It is a multi-topic pub/sub system. One thing I would like to do is move the pub/sub core to a separate application.
[20:45:33] Maas leaves the room
[20:48:22] Maas joins the room
[20:48:42] arcusfelis leaves the room
[20:59:10] <Marc Worrell> Yes, and then with UBF as transport :p
[20:59:30] <Marc Worrell> I was thinking how we could add some security to mod_signal pub/sub
[21:00:01] <Marc Worrell> might be a more generic pub/sub all the way - kind of user-insecure-pubsub channel, next to the system-secure-z_notifier
[21:00:23] <Maas> Which I also have :) ubf over bus (ws or comet)
[21:00:32] <Marc Worrell> and security as in: can only subscribe to a certain topic iff the user has certain right
[21:01:08] <Maas> O yeah, the security is now kind of regulated by the app.
[21:01:27] <Marc Worrell> just debugged an hour because a notifier was changing stuff in parallel to my transaction....
[21:01:49] <Maas> ahhhrch
[21:02:17] <Marc Worrell> For pubsub I would like something generic - ideal for chat systems, but also pushing updates to/from browsers
[21:02:35] <Maas> For me it was a full day of debugging too.
[21:02:46] <Marc Worrell> poor us :p
[21:03:05] <Maas> lot of not so compliant web stuff combined
[21:03:19] <Marc Worrell> wp sucks....
[21:04:19] <Maas> Yeah, but still. Also made new friends with a new html5 api. :-)
[21:04:24] <Maas> history...
[21:04:38] <Marc Worrell> new aapje?
[21:05:05] <Maas> So you can change the url in your location bar without actually changing the underlying resource
[21:05:41] <Marc Worrell> oh yes, that thing
[21:05:45] <Marc Worrell> nice for javascript apps
[21:05:48] <Maas> Really nice for one-page weird mobile sites.
[21:05:55] <Marc Worrell> yep
[21:06:21] <Marc Worrell> though your server still needs to be able to handle the page load if someone clicks reload (or bookmarks)
[21:06:27] <Maas> luckily people seem to like bootstrap fluent more than jquery mobile these days.
[21:07:14] <Maas> It also seems this can lead to security problems too.
[21:07:46] <Maas> If you can change it you can spoof things.
[21:09:51] <Maas> Interesting times with all these new devices and ways of interacting on the web.
[21:11:25] <Maas> I now mostly use the data bus end-point process as a place to connect the mod-signal signals. This is more robust in case of reconnects.
[21:20:02] <Marc Worrell> and then with webrtc you get p2p within the browser :-s
[21:20:25] <Marc Worrell> a whole new load of security issues ….
[21:20:52] <Maas> Then chrome will be the new flash :p
[21:21:01] <Marc Worrell> almost
[21:21:15] <Marc Worrell> you can send all kinds of garbage over those rtc channels
[21:21:35] <Maas> Advertisers are going to love it.
[21:21:37] <Marc Worrell> in essence your browser becomes a server… am not sure that is a good idea
[21:23:02] <Maas> No indeed, I think it will be unavoidable though. So very handy.
[21:24:02] <Marc Worrell> passing a pickled erlang term via the callback uris of facebook oauth back to the server....
[21:24:03] <Marc Worrell> :p
[21:24:22] <Maas> erlang term injection
[21:24:40] <Maas> Do they really do that?
[21:24:44] <Marc Worrell> yes - it will happen - and we will be busy coding in those browsers to make the communication secure....
[21:25:08] <Marc Worrell> no - I do it - I can't trust that my session is still alive after the user comes back from facebook auth
[21:25:19] <Maas> Ms and the others are still fighting on what things should look like
[21:25:26] <Marc Worrell> so the continuation data is in a signed pickled erlang term :p
[21:26:01] <Marc Worrell> (there is an user_id in there that signifies to which user you are authenticating… so some security is needed)
[21:26:18] <Maas> ms has a way better api for developers.
[21:26:54] <Marc Worrell> guess so - and webrtc tries to push the google video/audio formats
[21:27:07] <Marc Worrell> for which there is no hardware decoders/encoders
[21:27:32] <Maas> probably because ms has the skype stuff on board
[21:28:01] <Marc Worrell> guess they want to use skype then :p
[21:28:12] <Maas> They of course left out the signalling from the api... how to connect two users.
[21:29:57] <Maas> the google webrtc apis are a bit limited.
[21:31:29] <Maas> We will see what will happen. It would probably mean that a lot of companies can change the way they do business when this is ready.
[21:34:15] <Maas> No more physical house calls. Explain complex stuff with a video chat.
[21:59:39] <Marc Worrell> Chrome does strange things with my FB redirects....
[22:01:10] <Maas> ? normal 302 redirects or js location.href
[22:01:32] <Marc Worrell> location.href
[22:01:40] <Marc Worrell> seems something mixes up
[22:01:53] <Marc Worrell> as if it not always does the log on
[22:02:02] <Marc Worrell> and not always the redirect….
[22:03:06] <Marc Worrell> hmmmm, indeed - it seems to "remember" the redirects....
[22:03:12] <Marc Worrell> doesn't always do them
[22:03:24] <Marc Worrell> only goes to the last spot
[22:03:53] <Maas> chrome does a lot of dirty tricks to speed up navigation.
[22:04:12] <Maas> also pre fetching while you are typing the url.
[22:04:34] <Marc Worrell> seems to be a timing issue - with the inspector on it works better than without
[22:05:43] <Marc Worrell> indeed - with the inspector on it always works :-s
[22:05:55] <Marc Worrell> aaaaaaarrgghhhhhhh
[22:05:57] <Maas> Ow no...
[22:06:31] <Marc Worrell> maybe that stupid prefetch overtaking the cookies on the redirect pages....
[22:06:41] <Maas> Maybe they switch off the dirty tricks when the inspector is on
[22:06:55] <Marc Worrell> looks like it
[22:08:20] <Maas> Not sure how the dirty tricks works though. It sort of looks like they have an off screen browser window, which they then swap with the one you have.
[22:08:59] <Maas> Then they also have to blend in the cookies in your session somehow.
[22:09:48] <Maas> Today I could crash safari.. mobile and desktop. I still don't have a clue what it is.
[22:10:24] <Maas> I think it is the history api.
[22:13:27] <Maas> fb also has iframes everywhere.
[22:19:09] <Marc Worrell> nah, they seem to loose my session cookies
[22:19:45] <Marc Worrell> the updated cookies are not set, as in "not always"
[22:20:47] Arjan leaves the room
[22:22:06] <Marc Worrell> http://code.google.com/p/chromium/issues/detail?id=150066
[22:23:34] <Maas> also fun for wp logins then :p
[22:24:19] <Marc Worrell> yep, big FAIL with that test php script
[22:24:25] <Marc Worrell> http://www.idea7.pl/chbug-2.php
[22:25:57] <Maas> That is weird
[22:26:49] <Marc Worrell> very weird - also FAIL on that script in Safari - but there my redirects work
[22:26:51] <Maas> indeed...
[22:27:17] <Maas> Fails one time on safari, reload then works
[22:27:43] <Marc Worrell> also FAIL on firefox
[22:28:42] <Marc Worrell> http://www.idea7.pl/chbug.php
[22:28:45] <Marc Worrell> corrected link
[22:28:59] <Maas> :-) was wondering
[22:29:28] <Marc Worrell> correct one works on Safari + FF but not on Chrome
[22:29:40] <Marc Worrell> stupid Chrome - this is such a silly bug
[22:30:23] <Maas> Very silly, and old too looking at the chromium incident
[22:32:19] <Maas> Have v26 here.
[22:33:13] <Marc Worrell> v26 here as well
[22:36:11] <Marc Worrell> I hate this….
[22:36:36] <Maas> chrome already is the new flash
[22:36:46] <Marc Worrell> In some old system we had a special redirect handler, if some old crappy browser, do redirect by refresh in the HTML HEAD
[22:36:54] <Marc Worrell> Chrome is falling apart
[22:37:24] <Maas> next project scrapped?
[22:37:41] <Marc Worrell> which one?
[22:38:05] <Maas> chrome by google? the next reader
[22:38:21] <Marc Worrell> ahahah, looks like it
[22:38:33] <Marc Worrell> I guess the next one being killed is feedburner
[22:38:58] <Maas> did you ever try to compile chromium?
[22:39:46] <Marc Worrell> no, I don't dare to
[22:39:50] <Marc Worrell> did you?
[22:40:13] <Maas> Yes, on windows.
[22:40:50] <Maas> That took quite some time. Pointless exercise in the end.
[22:40:51] <Marc Worrell> and? explosions?
[22:41:45] <Maas> Lot and lots of dependencies. Did it with a very experienced windows developer. He was totally chocked with the amount of "stuff" involved.
[22:42:11] <Marc Worrell> I am not surprised
[22:42:30] <Marc Worrell> Server software is something different than pc software
[22:42:41] <Maas> And that was 3 years ago. So the amount of stuff has piled it seems.
[22:43:13] <Marc Worrell> yep, back then it was still working
[22:43:34] <Marc Worrell> Amazing how fast Chrome is falling apart - other browsers lasted longer
[22:45:15] <Marc Worrell> This is an old issue indeed: http://code.google.com/p/chromium/issues/detail?id=176496&q=cookie%20redirect&colspec=ID%20Pri%20M%20Iteration%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20Modified
[22:46:53] <Maas> Ha. more smoking stuff. This is quite worrying people do connect to their banks on this.
[22:47:19] <Marc Worrell> Arrgggg, they are caching 303s
[22:47:20] <Marc Worrell> http://code.google.com/p/chromium/issues/detail?id=49574&q=cookie%20redirect&colspec=ID%20Pri%20M%20Iteration%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20Modified
[22:49:17] <Maas> Also fun, try to intercept a 307 from ajax...
[22:49:27] <Maas> You will never get it.
[22:50:55] <Maas> Also existing, a 308?
[22:53:49] <Marc Worrell> I think the same issue, already in 2010: http://code.google.com/p/chromium/issues/detail?can=2&start=0&num=100&q=&colspec=ID%20Pri%20M%20Iteration%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20Modified&groupby=&sort=&id=64531
[22:54:49] <Maas> I've seen the please enable cookies more often...
[22:55:09] <Maas> didn't pay attention to it.
[22:57:55] <Maas> You just linked it nice :-)
[22:58:13] <Marc Worrell> Let's see if I can try it with a 307 or something, see if the result is different
[22:59:15] <Maas> Funny. I was just investigating something similar with inets http on a wp login. sets 3 cookies in a 302. After the redirect I have 1
[22:59:39] <Maas> coincidence.
[22:59:43] <Marc Worrell> arggg
[22:59:55] <Marc Worrell> seems to be hard - do something before you redirect....
[23:00:55] <Maas> Erlang code looked ok.. just sends to cookies to a cookie manager process.
[23:04:26] <Maas> browsers are concurrent as hell and all build in languages which do not handle that well.
[23:08:17] <Maas> Writing client side http is hard. The server is easy.
[23:08:20] <Marc Worrell> trying 307….
[23:08:28] <Maas> with zotonic?
[23:08:47] <Marc Worrell> with buggy Chrome
[23:08:56] <Marc Worrell> doesn't help - really buggy
[23:10:37] <Marc Worrell> How can we fix this
[23:10:48] <Marc Worrell> just remove facebook logon on Chrome, maybe :p
[23:10:55] <Maas> haha
[23:11:52] <Maas> and for all androids
[23:12:36] <Marc Worrell> with a big popup
[23:12:40] <Maas> https://groups.google.com/forum/#!msg/asynchttpclient/TZ4cMlx5Vxs/mKF76duynWEJ
[23:13:35] <Maas> Lots of people already stepped on this issue.
[23:16:15] <Maas> Looks like safari had this same bug once too. http://stackoverflow.com/questions/1144894/safari-doesnt-set-cookie-but-ie-ff-does
[23:17:11] <Marc Worrell> IE also had it at one time
[23:17:37] <Marc Worrell> Almost need a low level work around in webmachine
[23:18:15] <Marc Worrell> if 302 + cookies and Chrome then send 200 with document and refresh link in head
[23:18:24] <Marc Worrell> ugly, but might work
[23:18:41] <Marc Worrell> guess it needs it for any redirect
[23:19:10] <Maas> Like in the pre http redirect days.
[23:20:04] <Marc Worrell> indeed
[23:20:20] <Marc Worrell> I think we will see this kind of bugs more often
[23:21:45] <Maas> Everything is going to be more js-y. Mobile browsers also have gaps in the way they handle http. Remember the 204 response?
[23:21:56] <Marc Worrell> haha
[23:22:02] <Marc Worrell> total chaos on that one
[23:23:01] <Maas> rfc compliancy is optional
[23:25:44] <Maas> The postback logon already does that. :-)
[23:27:19] <Maas> Battery of laptop is almost done.
[23:27:29] <Marc Worrell> time to sleep
[23:27:35] <Maas> Indeed
[23:28:59] <Maas> good night.
[23:29:05] <Marc Worrell> sleep well :)
[23:35:40] Maas leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!