*** Joins: dhx1 (~dhx1@60-241-62-124.tpgi.com.au) | 00:09 | |
dregad | @dhx1 greetings | 00:19 |
---|---|---|
dregad | do you know if oss-sec have assigned CVE's to the remaining 2 issues ? | 00:19 |
dhx1 | dregad, hi | 00:37 |
dhx1 | dregad, they haven't yet... it probably got forgotten/no one was interested | 00:38 |
dhx1 | I wouldn't wait on them to release the new version of MantisBT... just remove the CVEs from the announcement | 00:38 |
dregad | dhx1 i was going to do exactly that, just checking before working on preparing the release | 01:34 |
dhx1 | thanks :) | 01:38 |
dregad | so all we needed to get you back to mantis was a few good security issues, eh ? ;-) | 01:39 |
dhx1 | haha | 01:40 |
dhx1 | I haven't been coding anything lately... | 01:40 |
dregad | slacker :P | 01:40 |
dregad | busy life ? | 01:41 |
dhx1 | I was playing with PostgreSQL and trying to implement RBAC security/etc | 01:41 |
dhx1 | more uninterested | 01:41 |
dhx1 | you've been doing a great job keeping MantisBT going though! | 01:41 |
dregad | it does feel lonely sometimes | 01:41 |
dregad | i can hear the echo of my commits for days after they're pushed | 01:42 |
dhx1 | I've been happy to see GitHub send me patch request notifications constantly from random people :) | 01:42 |
dregad | you can switch off the notifications, you know that ? | 01:42 |
dhx1 | I actually like receiving them even if I don't read any... lots of random committers is a sign of a healthy project | 01:43 |
dhx1 | the reason I was playing with PostgreSQL is that I think most web apps are !CRAP! | 01:44 |
dhx1 | mostly because they use a relational database server without ever defining any relations/constraints/triggers/etc | 01:45 |
dhx1 | thus they end up being high non-consistent (and hard to manage) because they reimplement (poorly) the logic that relational database servers are designed to provide (at high levels of performance/scalability) | 01:46 |
dregad | its always the same story | 01:46 |
dregad | and the same goes for large, enterprise-class commercial applications too, by the way | 01:46 |
dregad | e.g. Siebel | 01:46 |
dhx1 | oh yes, even worse... they abstract a database on top of a database :o | 01:47 |
dregad | it's often driven by the needs to support several RDBMS | 01:47 |
dhx1 | a bad idea IMO | 01:47 |
dhx1 | support the SQL standard and handle quirks separately for weird implementations that don't follow the standard | 01:48 |
dhx1 | my attempts are stuck because row-based security within PostgreSQL is not implemented | 01:50 |
dhx1 | it's a very difficult problem to solve as well (other database servers seem to implement RLS to lower standards that PostgreSQL won't drop to) | 01:51 |
dregad | you're right on principle, but the problem is you can't force people to use a given RDBMS | 01:53 |
dhx1 | you can if you're the only user haha :P | 01:54 |
dregad | or an RDBMS vendor (even OSS) to strictly adhere to the standard | 01:54 |
dregad | speaking of which - have you noticed that the SQL standard is not freely available on www (at least i was not able to find it) | 01:54 |
dhx1 | yeah, thank ISO for that | 01:54 |
dregad | bastard$$$$ | 01:55 |
dhx1 | I did find it somewhere before... let me see | 01:55 |
dhx1 | the latest standard has a few drafts online: https://www.google.com/search?q=intitle%3A%22final+committee+draft+%22+intitle%3A9075+site%3Ajtc1sc32.org+2011 | 01:56 |
dhx1 | https://en.wikipedia.org/wiki/SQL:2011 for more | 01:57 |
dregad | but if you need SQL92, you're out of luck | 01:58 |
dregad | cheers for the link anywa | 01:58 |
dregad | *y | 01:58 |
dhx1 | SQL92 is fairly old... | 01:58 |
dregad | yes but still in use | 01:58 |
dhx1 | it'll mostly be rolled up in the new standards though | 01:59 |
dregad | and sql2011 will be available in major rdbms in a bastardized version in about 2020 ;) | 02:00 |
dhx1 | it's like HTML/C++11 though... implementations slowly add features over the years and may never fully adhere to the standard (some parts of the standard may be wrong/cannot be practically implemented/no one cares about those features) | 02:01 |
dhx1 | http://www.postgresql.org/docs/9.2/static/features-sql-standard.html | 02:03 |
dregad | postgres is good with standards compliance even though there are a few disgressions | 02:05 |
*** Quits: dhx1 (~dhx1@60-241-62-124.tpgi.com.au) (Quit: Leaving) | 03:34 | |
GitHub84 | [mantisbt] dregad pushed 18 new commits to master-1.2.x: http://git.io/sNVr9A | 05:43 |
GitHub84 | mantisbt/master-1.2.x f8a81a3 Lapinkiller: fix #14559 - Filter for adm_report_config.php... | 05:43 |
GitHub84 | mantisbt/master-1.2.x 259f95c Damien Regad: Issue #14559: improve adm_report_config.php filter... | 05:43 |
GitHub84 | mantisbt/master-1.2.x 8890b21 Damien Regad: Make it possible to edit config options in adm_config_report.php... | 05:43 |
GitHub134 | [mantisbt] dregad tagged release-1.2.13 at ff8d72a: http://git.io/rE3Sbg | 05:43 |
*** Quits: Amgine (~Amgine@wikinews/Amgine) (Ping timeout: 246 seconds) | 06:24 | |
*** Joins: Amgine (~Amgine@wikinews/Amgine) | 06:38 | |
*** Joins: giallu (~giallu@fedora/giallu) | 06:46 | |
*** Joins: giallu_ (~giallu@fedora/giallu) | 06:48 | |
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 272 seconds) | 06:52 | |
* dregad is now away - Reason : away | 06:56 | |
* dregad is no longer away - Gone for 8 secs | 06:56 | |
*** Quits: kirillka (~Miranda@195.242.142.17) (Quit: kirillka) | 07:13 | |
*** Quits: Amgine (~Amgine@wikinews/Amgine) (Ping timeout: 240 seconds) | 09:36 | |
*** Joins: Amgine (~Amgine@wikinews/Amgine) | 09:36 | |
*** Joins: Paul_46 (~IceChat09@cpc1-enfi15-2-0-cust580.hari.cable.virginmedia.com) | 11:06 | |
*** giallu_ is now known as giallu | 12:57 | |
*** Joins: BD-- (BD-@78-20-186-15.access.telenet.be) | 13:23 | |
*** Quits: BD-- (BD-@78-20-186-15.access.telenet.be) () | 13:29 | |
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 272 seconds) | 14:52 | |
dregad | hi jreese | 16:05 |
jreese | howdy | 16:05 |
dregad | how are things | 16:05 |
jreese | doing well | 16:05 |
dregad | good to hear | 16:05 |
jreese | how are things on your end? | 16:06 |
dregad | question: have you ever used the adm_config_report.php page on mantisbt.org ? | 16:06 |
jreese | I think so, but not sure | 16:06 |
dregad | it's getting hard to keep motivated @work with the site closure looming on the horizon. | 16:07 |
jreese | I can imagine | 16:07 |
dregad | so i spend time on mantis ;) | 16:07 |
jreese | and yes, just visited that page, and I have used it | 16:07 |
dregad | wait, does it load now ? | 16:08 |
jreese | http://www.mantisbt.org/bugs/adm_config_report.php loads for me | 16:08 |
dregad | dammit | 16:08 |
dregad | it was breaking this morning | 16:08 |
dregad | been spending hours to figure out why | 16:09 |
dregad | not for nothing as it turns out as there was indeed an issue with the updated code | 16:09 |
dregad | but still, don't understand why it was not loading for me | 16:09 |
jreese | when in doubt, login from incognito mode or private browsing session :P | 16:10 |
dregad | shit, it's still not loading here | 16:10 |
dregad | i get a blank page | 16:10 |
dregad | and nothing in the error log !? | 16:10 |
dregad | what do you mean, incognito mode ? | 16:10 |
jreese | PHP fatal error | 16:10 |
jreese | that's the only way it won't show up in logs | 16:11 |
dregad | well it's a memory issue for sure | 16:11 |
jreese | in Chrome and Firefox, there is a way to start a private browsing mode (Chrome calls it incognito mode) | 16:11 |
dregad | i tested with a dump of 'bugs' db locally | 16:11 |
dregad | ah i'm on firefox, maybe it works on chrome (don't have it installed) | 16:11 |
dregad | anyway, in 1.2.12 this page would load, requiring ~160M memory (the bulk of which is to load the user selection list at the bottom) | 16:12 |
jreese | lol | 16:13 |
dregad | and with 1.2.13 updates, the memory footprint increases to nearly 700M (!) | 16:13 |
jreese | sounds like the issues we were having with the edit issue page, which is why the user dropdown is now async | 16:13 |
jreese | wow | 16:13 |
dregad | thanks to several calls to our good friend array_merge() | 16:13 |
dregad | and having 20K+ users in the system | 16:13 |
dregad | anyway, i wanted to find out if it had ever worked for you | 16:15 |
dregad | as on my test box, with memory_limit = 128M (same as mantisbt.org), it fails to load even with 1.2.12 code | 16:15 |
jreese | yeah, it's always worked just fine on my own installations | 16:15 |
dregad | i get PHP Fatal error: Allowed memory size of 134217728 bytes exhausted | 16:15 |
jreese | I can't remember the last time I tried running it on mantisbt.org before today, but maybe the issue is related to your own permission level | 16:16 |
jreese | ie, if you're not an admin | 16:16 |
dregad | nah | 16:16 |
jreese | because it seemed to load relatively quickly for me | 16:16 |
Paul_46 | oh just the person | 16:16 |
dregad | you can't access that page if you're not admin | 16:16 |
jreese | ah | 16:17 |
Paul_46 | dregad: i'm starting to think that it'll be easier to work on mantis2 as a new project | 16:17 |
Paul_46 | people keep doing retarded things in mantis1 | 16:17 |
Paul_46 | apart from adm_config_* being something that we do need to replace for various reasons | 16:19 |
Paul_46 | (so i'm not quite sure why we working on updating it) | 16:19 |
dregad | jreese: can you confirm the memory usage and time to load on your browser | 16:19 |
dregad | Paul_46 because people use it and need it fixed | 16:19 |
Paul_46 | we do a commit to master-1.2.x 20 minutes before a release | 16:19 |
Paul_46 | dregad: what was *broken* with it? | 16:20 |
jreese | Time: 1.7684 seconds. | 16:20 |
jreese | memory usage: 79,904 KB | 16:20 |
Paul_46 | it looked like new functionality to me | 16:20 |
dregad | Paul_46 check the related issues on the tracker - major performance issues if you have a large config table | 16:20 |
dregad | and the filter is indeed new functinality, but extremely helpful in the above case | 16:21 |
Paul_46 | anyway | 16:21 |
dregad | jreese - i don't get it | 16:21 |
dregad | why won't it load for me here !? | 16:21 |
Paul_46 | I'm going to leave it to others to port those patches | 16:21 |
Paul_46 | I have language strings converted | 16:22 |
jreese | dregad: no idea | 16:22 |
Paul_46 | and some free time | 16:22 |
Paul_46 | so back to mantis2 | 16:22 |
Paul_46 | over the next week or so | 16:22 |
Paul_46 | and we need to get it into an alpha state | 16:22 |
dregad | jreese: you are talking about http://www.mantisbt.org/bugs/adm_config_report.php right ? | 16:23 |
Paul_46 | personally, i'd rather we undid the 1.2.13 addition for the adm_config stuff | 16:23 |
Paul_46 | as it changes cookies | 16:23 |
jreese | dregad: yes | 16:23 |
Paul_46 | and i'd rather not see that change in master/2.x at least not in that way | 16:24 |
Paul_46 | but then people just release what they feel like so who cares | 16:24 |
Paul_46 | :) | 16:24 |
dregad | Paul_46 - I asked about this nearly 1 week ago on the mailing list | 16:25 |
Paul_46 | hidden away in a thread about a security issue in a feature we added in a .12 release | 16:25 |
dregad | well that's not the point | 16:26 |
dregad | you could (should) have responded then and there | 16:26 |
dregad | now is a bit late isn't it | 16:26 |
Paul_46 | can you port some of your patches to 2.x? | 16:27 |
Paul_46 | once i do locale/lang_get commits which gets rid of next | 16:27 |
Paul_46 | or more, pulls everything that dhx/myself thought was left in next | 16:27 |
dregad | once 2.x becomes something more tangible, i'll gladly stop working on 1.2 | 16:28 |
Paul_46 | http://piratepad.net/5pfh2ikYa8 was the list I had from talking to dhx at end of october | 16:28 |
dregad | and port whatever | 16:29 |
Paul_46 | as soon as i'm happy those are clear, it means there's nothing left in next we need | 16:29 |
dregad | your branch has been forked so long ago, do you have a record of everything you did (or did not) port | 16:32 |
Paul_46 | I was trying to find that earlier on | 16:32 |
Paul_46 | i think there's a 2nd pirate pad doc | 16:32 |
Paul_46 | I also had some printouts | 16:33 |
Paul_46 | it shouldn't be too hard to diff though | 16:33 |
dregad | you must be joking | 16:33 |
dregad | you ported some things not keeping the commit messages | 16:33 |
dregad | and there's no diffing the source, it's too different | 16:33 |
Paul_46 | yea, well the initial fork of the source was done at the point both dhx/myself stopped working on stuff on master for a bit | 16:35 |
Paul_46 | but then other new people came along and started | 16:36 |
Paul_46 | which I initially ignored as it was mainly rombert doing soap stuff which was 'ok' | 16:36 |
Paul_46 | but then effectively that was also a mistake | 16:36 |
Paul_46 | as you say, the source is now quite different | 16:36 |
Paul_46 | there's security "fixes" in the mantis-2.x branch that aren't in master | 16:37 |
Paul_46 | and security fixes in master that need porting | 16:37 |
Paul_46 | and stuff that's now been fixed in master that we'd gone 'best way to fix this is to rewrite X' or whatever | 16:38 |
Paul_46 | == lovely mess | 16:38 |
dregad | welcome to the real world | 16:38 |
Paul_46 | i'm hoping though it shouldn't be too hard to tdiy up | 16:39 |
Paul_46 | main thing is i need to try and get dhx's locale stuff sorted | 16:40 |
Paul_46 | which would be really useful if siebrand still came on here as he could generate the .po files dhx was planning on using | 16:40 |
dregad | you can get hold of siebrand on #mediawiki-i18n | 16:40 |
Paul_46 | does he not come here anymore? ;/ | 16:41 |
Paul_46 | mm, think he's said that before | 16:41 |
dregad | jreese, just installed chrome, it behaves a bit "cleaner" than firefox, in the sense that it reports an HTTP 500 instead of a f*ing blank page | 16:41 |
jreese | :) | 16:41 |
dregad | but adm_config_report.php still won't load | 16:42 |
jreese | works for me :D | 16:42 |
dregad | i don't understand how that is even possible | 16:42 |
jreese | I've always wanted to close a legitimate bug with that | 16:42 |
dregad | LOL | 16:42 |
Paul_46 | anyway, i'm off to bed | 16:42 |
Paul_46 | dregad: btw, i'm thinking mantis2 needs to be sync'd by 3rd weke of feb or it probably wont happen | 16:43 |
jreese | so IOW it's not going to happen? :P | 16:43 |
dregad | what do you mean | 16:43 |
Paul_46 | jreese: well, it'll happen | 16:44 |
Paul_46 | as I want to update mantis at work at some point | 16:44 |
Paul_46 | but more, if I spend some time between now and then | 16:44 |
Paul_46 | update work | 16:44 |
Paul_46 | i'll probably have a break for a month until april | 16:44 |
dregad | jreese, mind to PM me your IP so I can lookup in the apache logs | 16:44 |
Paul_46 | which means it would get more out of sync | 16:44 |
jreese | dregad: it's Facebook's public IP: 173.252.71.6 | 16:45 |
Paul_46 | anyway | 16:45 |
Paul_46 | nn | 16:45 |
Paul_46 | dregad: btw, you stopped going on skype? | 16:45 |
dregad | i don't start it up all the time | 16:46 |
dregad | eats too much memory | 16:46 |
jreese | I don't start skype either, because then people try to talk to me, or even worse, video chat.... | 16:46 |
Paul_46 | well, i'm gone i guess | 16:46 |
Paul_46 | but we do need to work out a time to go through things | 16:46 |
Paul_46 | as atm, whether we end up with a 1.3 releae or a 2.x release or giving up with mantis altogether | 16:48 |
Paul_46 | every time someone does a commit we generally add 2 days to the next non-security release | 16:49 |
Paul_46 | nn | 16:50 |
*** Quits: Paul_46 (~IceChat09@cpc1-enfi15-2-0-cust580.hari.cable.virginmedia.com) (Quit: If at first you don't succeed, skydiving is not for you) | 16:50 | |
dregad | jreese - i get it | 16:55 |
dregad | can you try to select 'all projects' and reload the page please ? | 16:55 |
jreese | ah ha | 16:56 |
jreese | 500 | 16:56 |
dregad | ok, i'm not crazy ;) | 16:56 |
dregad | at least its consistent | 16:56 |
jreese | dregad: this is why I said "when in doubt, use incognito mode" :P | 16:56 |
jreese | that was the first time I've ever logged into mantisbt.org from this machine | 16:57 |
dregad | but the default project is stored in user's preferences, not in a cookie | 16:58 |
dregad | so incognito does not help | 16:58 |
dregad | but anyway, at least now I know why it behaves like that | 16:58 |
dregad | so thanks :) | 16:59 |
dregad | and it turns out the culprit is not my changes to adm_config_report, but an older commit | 17:01 |
jreese | ah, forgot that was a user pref | 17:02 |
jreese | been too long | 17:02 |
jreese | or not long enough... | 17:02 |
dregad | 21746dd1 / fix for #10130 | 17:02 |
GitHub64 | [mantisbt] dregad pushed 2 new commits to master-1.2.x: http://git.io/Q9lDBQ | 17:38 |
GitHub64 | mantisbt/master-1.2.x ced463b Damien Regad: Changed version to 1.2.14dev | 17:38 |
GitHub64 | mantisbt/master-1.2.x e61e63c Damien Regad: Fix huge memory consumption for print_user_option_list()... | 17:38 |
*** Quits: dregad (~dregad@203-236.193-178.cust.bluewin.ch) (Quit: We be chillin - IceChat style) | 17:47 | |
*** Joins: intripoon (~quassel@manz-590c9c02.pool.mediaWays.net) | 18:02 | |
*** Quits: intripoon_ (~quassel@manz-590f0d68.pool.mediaWays.net) (Ping timeout: 256 seconds) | 18:05 | |
*** Joins: kirillka (~Miranda@195.242.142.17) | 21:15 | |
*** Joins: giallu (~giallu@fedora/giallu) | 23:46 |
Generated by irclog2html.py 2.10.0 by Marius Gedminas - find it at mg.pov.lt!