From jasonsantos at gmail.com Fri May 1 23:48:46 2009 From: jasonsantos at gmail.com (=?ISO-8859-1?Q?Lu=EDs_Eduardo_Jason_Santos?=) Date: Fri May 1 23:48:40 2009 Subject: [Sputnik-list] Problems on Sputnik Configuration Message-ID: Hi, I am using the cli interface on fenchurch to launch sputnik on xavante programatically (I have an init.lua that requires and launches everything), and I am having problems with the options table. In trying to turn on the SHOW_STACK_TRACE=true option I can see it is not being passed along to WSAPI. My impression is that the launcher is completely different for Xavante -- and I can't figure out where to insert the WSAPI configuration table. Am I doing this correctly? Did I miss something? Any advice? Thanks! Lu?s Eduardo Jason Santos -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.luaforge.net/pipermail/sputnik-list/attachments/20090501/81b4dcb8/attachment.html From yuri at sims.berkeley.edu Sat May 2 00:15:55 2009 From: yuri at sims.berkeley.edu (Yuri Takhteyev) Date: Sat May 2 00:16:46 2009 Subject: [Sputnik-list] Problems on Sputnik Configuration In-Reply-To: References: Message-ID: I am not sure what you mean by using the cli interface. You shouldn't be using sputnik.cli for this, but rather sputnik.xavante.start() (sputnik.cli.start-xavante just passes the request over to sputnik.xavante anyway.) sputnik.xavante.start() now expects as an argument a lua script that would return it a WSAPI handler function. E.g.: sputnik.xavante.start("/home/yuri/sputnik/sputnik.ws") All the configurations (such SHOW_STACK_TRACE=true) as should into sputnik.ws. You can generate a starter sputnik.ws using: sputnik.lua make-cgi If you want to avoid using an external function, we would need to make sputnik.xavante.start a little flexible. There is no reason why the first argument cannot be _either_ a script file or a ready handler function. I made this change and checked it in git. http://gitorious.org/projects/sputnik/repos/mainline/commits/060eb93a With this change, you can start Sputnik/Xavante programmatically like this: require('sputnik.wsapi_app') local handler = sputnik.wsapi_app.new{ VERSIUM_PARAMS = { '/home/yuri/sputnik/wiki-data/' }, BASE_URL = '/', PASSWORD_SALT = 'DATqfdC6WhlHfO5WPl3bRRdmlDEjy4i2u1iA5KwR', TOKEN_SALT = 'RIpXmkK1vD3cl6pwAUFYOOQ9FZzBzWihuy5HIFz4', SHOW_STACK_TRACE = true, } require('sputnik.xavante') sputnik.xavante.start(handler) - yuri 2009/5/1 Lu?s Eduardo Jason Santos : > Hi, > > I am using the cli interface on fenchurch to launch sputnik on xavante > programatically (I have an init.lua that requires and launches everything), > and I am having problems with the options table. > > In trying to turn on the SHOW_STACK_TRACE=true option I can see it is not > being passed along to WSAPI. > > My impression is that the launcher is completely different for Xavante -- > and I can't figure out where to insert the WSAPI configuration table. > > Am I doing this correctly? Did I miss something? Any advice? > > Thanks! > Lu?s Eduardo Jason Santos > > _______________________________________________ > Sputnik-list mailing list > Sputnik-list@lists.luaforge.net > http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list > > -- http://spu.tnik.org/ From jasonsantos at gmail.com Sat May 2 02:41:35 2009 From: jasonsantos at gmail.com (=?ISO-8859-1?Q?Lu=EDs_Eduardo_Jason_Santos?=) Date: Sat May 2 02:41:55 2009 Subject: [Sputnik-list] Problems on Sputnik Configuration In-Reply-To: References: Message-ID: That helped a lot, thanks! Lu?s Eduardo Jason Santos 2009/5/1 Yuri Takhteyev > I am not sure what you mean by using the cli interface. You shouldn't > be using sputnik.cli for this, but rather sputnik.xavante.start() > (sputnik.cli.start-xavante just passes the request over to > sputnik.xavante anyway.) > > sputnik.xavante.start() now expects as an argument a lua script that > would return it a WSAPI handler function. E.g.: > > sputnik.xavante.start("/home/yuri/sputnik/sputnik.ws") > > All the configurations (such SHOW_STACK_TRACE=true) as should into > sputnik.ws. You can generate a starter sputnik.ws using: > > sputnik.lua make-cgi > > If you want to avoid using an external function, we would need to make > sputnik.xavante.start a little flexible. There is no reason why the > first argument cannot be _either_ a script file or a ready handler > function. I made this change and checked it in git. > > http://gitorious.org/projects/sputnik/repos/mainline/commits/060eb93a > > With this change, you can start Sputnik/Xavante programmatically like this: > > require('sputnik.wsapi_app') > local handler = sputnik.wsapi_app.new{ > VERSIUM_PARAMS = { '/home/yuri/sputnik/wiki-data/' }, > BASE_URL = '/', > PASSWORD_SALT = 'DATqfdC6WhlHfO5WPl3bRRdmlDEjy4i2u1iA5KwR', > TOKEN_SALT = 'RIpXmkK1vD3cl6pwAUFYOOQ9FZzBzWihuy5HIFz4', > SHOW_STACK_TRACE = true, > } > require('sputnik.xavante') > sputnik.xavante.start(handler) > > - yuri > > > 2009/5/1 Lu?s Eduardo Jason Santos : > > Hi, > > > > I am using the cli interface on fenchurch to launch sputnik on xavante > > programatically (I have an init.lua that requires and launches > everything), > > and I am having problems with the options table. > > > > In trying to turn on the SHOW_STACK_TRACE=true option I can see it is not > > being passed along to WSAPI. > > > > My impression is that the launcher is completely different for Xavante -- > > and I can't figure out where to insert the WSAPI configuration table. > > > > Am I doing this correctly? Did I miss something? Any advice? > > > > Thanks! > > Lu?s Eduardo Jason Santos > > > > _______________________________________________ > > Sputnik-list mailing list > > Sputnik-list@lists.luaforge.net > > http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list > > > > > > > > -- > http://spu.tnik.org/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.luaforge.net/pipermail/sputnik-list/attachments/20090502/b4e561bf/attachment.htm From yuri at sims.berkeley.edu Sun May 3 15:38:58 2009 From: yuri at sims.berkeley.edu (Yuri Takhteyev) Date: Sun May 3 15:38:45 2009 Subject: [Sputnik-list] Problems on Sputnik Configuration In-Reply-To: References: Message-ID: Good. BTW, another thing we could do is allow the first parameter to sputnik.xavante.start to be a configuration table for wsapi_app.new. I.e.: local config = { VERSIUM_PARAMS = { '/home/yuri/sputnik/wiki-data/' }, BASE_URL = '/', PASSWORD_SALT = 'DATqfdC6WhlHfO5WPl3bRRdmlDEjy4i2u1iA5KwR', TOKEN_SALT = 'RIpXmkK1vD3cl6pwAUFYOOQ9FZzBzWihuy5HIFz4', SHOW_STACK_TRACE = true, } sputnik.xavante.start(config) (Right now you would need to use sputnik.xavante.start(sputnik.wsapi_app.new(config)) instead. Not sure if this makes enough of a difference to justify the proliferation of options.) - yuri 2009/5/1 Lu?s Eduardo Jason Santos : > That helped a lot, thanks! > > Lu?s Eduardo Jason Santos > > > 2009/5/1 Yuri Takhteyev >> >> I am not sure what you mean by using the cli interface. You shouldn't >> be using sputnik.cli for this, but rather sputnik.xavante.start() >> (sputnik.cli.start-xavante just passes the request over to >> sputnik.xavante anyway.) >> >> sputnik.xavante.start() now expects as an argument a lua script that >> would return it a WSAPI handler function. E.g.: >> >> sputnik.xavante.start("/home/yuri/sputnik/sputnik.ws") >> >> All the configurations (such SHOW_STACK_TRACE=true) as should into >> sputnik.ws. You can generate a starter sputnik.ws using: >> >> sputnik.lua make-cgi >> >> If you want to avoid using an external function, we would need to make >> sputnik.xavante.start a little flexible. There is no reason why the >> first argument cannot be _either_ a script file or a ready handler >> function. I made this change and checked it in git. >> >> http://gitorious.org/projects/sputnik/repos/mainline/commits/060eb93a >> >> With this change, you can start Sputnik/Xavante programmatically like >> this: >> >> require('sputnik.wsapi_app') >> local handler = sputnik.wsapi_app.new{ >> ? VERSIUM_PARAMS = { '/home/yuri/sputnik/wiki-data/' }, >> ? BASE_URL ? ? ? = '/', >> ? PASSWORD_SALT ?= 'DATqfdC6WhlHfO5WPl3bRRdmlDEjy4i2u1iA5KwR', >> ? TOKEN_SALT ? ? = 'RIpXmkK1vD3cl6pwAUFYOOQ9FZzBzWihuy5HIFz4', >> ? SHOW_STACK_TRACE = true, >> } >> require('sputnik.xavante') >> sputnik.xavante.start(handler) >> >> - yuri >> >> >> 2009/5/1 Lu?s Eduardo Jason Santos : >> > Hi, >> > >> > I am using the cli interface on fenchurch to launch sputnik on xavante >> > programatically (I have an init.lua that requires and launches >> > everything), >> > and I am having problems with the options table. >> > >> > In trying to turn on the SHOW_STACK_TRACE=true option I can see it is >> > not >> > being passed along to WSAPI. >> > >> > My impression is that the launcher is completely different for Xavante >> > -- >> > and I can't figure out where to insert the WSAPI configuration table. >> > >> > Am I doing this correctly? Did I miss something? Any advice? >> > >> > Thanks! >> > Lu?s Eduardo Jason Santos >> > >> > _______________________________________________ >> > Sputnik-list mailing list >> > Sputnik-list@lists.luaforge.net >> > http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list >> > >> > >> >> >> >> -- >> http://spu.tnik.org/ > > -- http://spu.tnik.org/ From phoenix at burninglabs.com Sat May 9 16:57:25 2009 From: phoenix at burninglabs.com (Phoenix Sol) Date: Sat May 9 16:57:13 2009 Subject: [Sputnik-list] disabling registration Message-ID: <8a25d01b0905091157g42caeca4qc7c380d2e0070397@mail.gmail.com> Hello, I am still very new to Lua and Sputnik, and all it's moving parts... I'm behind on a project, that I really ought to be doing in Python just to get it done... but I have fallen in love with Lua, and I'm determined to use it NOW ;-) So I apologize for not figuring this out myself; I'm sure it's very straightforward... But can you please tell me the best way to disable registration for new users? (Change the 'AUTH_MODULE' and edit the template? ...Much of this is still mysterious to me, but so far I love it - love it - love it ;) And is there any documentation I might not be finding about permissions (and the other 'advanced settings') ? I don't know what to throw into those 'advanced' edit boxes ;-) Thanks! Phoenix Sol P.S. When I figure out what I am doing, I think I'd like to kick down a Versium plugin for Tokyo Cabinet... if it makes sense; I'm not sure yet... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.luaforge.net/pipermail/sputnik-list/attachments/20090509/ef847657/attachment.html From yuri at sims.berkeley.edu Sat May 9 17:11:11 2009 From: yuri at sims.berkeley.edu (Yuri Takhteyev) Date: Sat May 9 17:11:20 2009 Subject: [Sputnik-list] disabling registration In-Reply-To: <8a25d01b0905091157g42caeca4qc7c380d2e0070397@mail.gmail.com> References: <8a25d01b0905091157g42caeca4qc7c380d2e0070397@mail.gmail.com> Message-ID: Hi, Phoenix, > get it done... but I have fallen in love with Lua, and I'm determined to use > it NOW ;-) Good! > So I apologize for not figuring this out myself; I'm sure it's very > straightforward... But can you please tell me the best way to disable > registration for new users? Please see http://spu.tnik.org/en/Permissions, search for "register". > And is there any documentation I might not be finding about permissions (and > the other 'advanced settings') ?? I don't know what to throw into those > 'advanced' edit boxes ;-) See above. The documentation could probably be organized in a more intuitive way. Suggestions are welcome. Did you manage to find "Security" under "Tweak"? Should there be a separate page on "Registration Options" rather than having this under "Permissions"? Or does Tweak > Security > Permissions make sense? Re edit boxes, try Fenchurch: http://spu.tnik.org/en/Fenchurch Fenchurch puts most of the advanced node configuration options in a separate form (.configure instead of .edit), which makes it all easier on the eye. In terms of documentation, most of what you would want at the moment would be under "Tweak". (Should we rename it to "Configure"?) Not all options are documented, but feel free to ask. > P.S.? When I figure out what I am doing, I think I'd like to kick down a > Versium plugin for Tokyo Cabinet... if it makes sense; I'm not sure yet... It would be a fun thing to do. It's been near the top of my "It would be great if someone did it" list. (Half the work would be building TC so that it would work with Sputnik's Lua installation.) Someone should also lobby the author of TC to add Lua binding to Tokyo Dystopia, then we would have a full-text search system too. - yuri -- http://spu.tnik.org/ From phoenix at burninglabs.com Mon May 11 13:08:30 2009 From: phoenix at burninglabs.com (Phoenix Sol) Date: Mon May 11 13:08:37 2009 Subject: [Sputnik-list] just curious, Yuri... Message-ID: <8a25d01b0905110808w6f21d3f6h50f4c6cdecc06ce1@mail.gmail.com> Is spu.tnik.org running on Fenchurch right now? Phoenix Sol -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.luaforge.net/pipermail/sputnik-list/attachments/20090511/57a758e9/attachment.htm From yuri at sims.berkeley.edu Mon May 11 17:20:17 2009 From: yuri at sims.berkeley.edu (Yuri Takhteyev) Date: Mon May 11 17:20:21 2009 Subject: [Sputnik-list] just curious, Yuri... In-Reply-To: <8a25d01b0905110808w6f21d3f6h50f4c6cdecc06ce1@mail.gmail.com> References: <8a25d01b0905110808w6f21d3f6h50f4c6cdecc06ce1@mail.gmail.com> Message-ID: It's running Fenchurch, but a later version than 9.03.16. It's running code straight from the git repository, though I don't update it after every commit. It's currently at commit e4f6089 (April 20), so, it doesn't have the most recent changes (about a dozen commits). I'll probably update it again in a few weeks. - yuri On Mon, May 11, 2009 at 8:08 AM, Phoenix Sol wrote: > Is spu.tnik.org running on Fenchurch right now? > > Phoenix Sol > > _______________________________________________ > Sputnik-list mailing list > Sputnik-list@lists.luaforge.net > http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list > > -- http://spu.tnik.org/ From mascarenhas at acm.org Tue May 12 23:45:42 2009 From: mascarenhas at acm.org (Fabio Mascarenhas) Date: Tue May 12 23:46:05 2009 Subject: [Sputnik-list] expressions in cosmo selector arguments Message-ID: <7913df4d0905121845u36ca4e0fr2f4b3bd9b565b096@mail.gmail.com> Hi, I added expressions to the syntax of template application arguments in the "cvs" version of Cosmo (luarocks install cosmo current --from=http://luarocks.luaforge.net/rocks-cvs). An example: template = "$if{ math.mod(x, 4) == 0, target = 'World' }[[ Hello $target! ]],[[ Hi $target! ]]" result = cosmo.fill(template, { math = math, x = 2, ["if"] = cosmo.cif }) assert(result == " Hi World! ") More examples under tests/test_cosmo.lua, at the end of the file. The syntax is basically the same syntax as Lua expressions, but without "function" (lambdas), so it is not turing-complete per se (all bets are off if you have loadstring accessible in the template's environment, of course). Variables are looked up in the template's environment. The old syntax for variables, mimicking the syntax used in the template selectors ($if{ $math|mod(x,4) == 0, target = 'World' }... in the previous example) is still available for backward compatibility, but consider if deprecated, so this version of Cosmo is 100% compatible with the existing templates. In particular, Sputnik is working without changes. I will wait for feedback from existing users before changing the documentation and making an official release. -- Fabio Mascarenhas From jasonsantos at gmail.com Thu May 28 11:49:58 2009 From: jasonsantos at gmail.com (=?ISO-8859-1?Q?Lu=EDs_Eduardo_Jason_Santos?=) Date: Thu May 28 11:49:53 2009 Subject: [Sputnik-list] [Sputnik] Adding JSON actions Message-ID: Hi, I am trying to use Fenchurch as a back-end for an Ajax RIA, and besides some strange problems with the authentication, I came up with several doubts. One in particular is bothering me now: how would I be able to add a .json action to my nodes, so they can generate field output in JSON format? Is there a node that I can edit to add an action or would I have to write it directly on the prototype? Att. Lu?s Eduardo Jason Santos From yuri at sims.berkeley.edu Thu May 28 15:33:26 2009 From: yuri at sims.berkeley.edu (Yuri Takhteyev) Date: Thu May 28 15:32:37 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: References: Message-ID: > I am trying to use Fenchurch as a back-end for an Ajax RIA, and Exciting. > besides some strange problems with the authentication, Please provide more details on this. > I came up with several doubts. I hope you mean "questions" :) > how would I be able to add a > .json action to my nodes, so they can generate field output in JSON > format? > > Is there a node that I can edit to add an action or would I have to > write it directly on the prototype? Let me start with the second question. For almost anything of that sort, you typically have three choices: 1. Edit directly the node that needs the desired behavior. 2. Create a new node, configure it and use it as a prototype for all nodes that need the behavior. 3. Edit @Root to make this behavior the default for all nodes. The procedure would be the same in all three questions, it's only the question of which node you edit. You can choose 1-3 depending on how widely you want to apply the new behavior. If you only need one JSON node, go with 1. If you want all nodes to be able to return JSON, go with 3. In the most likely scenario, though, you'll want a bunch of nodes - but not all - to be able to return JSON, so what you probably want is a new prototype "@JSON". However, let me explain it all in terms of editing directly a single node first. First, let's imagine that you just want some node ("Bob") to serve static JSON, edited by user directly: { "firstName": "Bob", "phoneNumbers": [ "212 555-1234", "646 555-4567" ] } Go to the node "Bob", edit it and paste the JSON into the content. Save, then click on "configure" (the gear icon), go under "Advanced fields" and edit permissions and actions: permissions: allow(all_users, "json") actions: json = "wiki.raw_content" Save and check that Bob.json gives you just the JSON code. (Alternatively you could change permissions and actions in @Root, but this would not be a wise move from security point of view, since you would then be allowing anyone to view the raw content of any of your nodes. Or you could set permissions and actions in some new node @JSON, then set Bob's prototype to JSON.) If you want to generate JSON dynamically based on fields, you'll need to write an action. That is, you'll want to create a module such as "sputnik.actions.my_json" and have it define a function actions.show_phonebook_json(). You can then set your actions field to : json = "my_json.show_phonebook_json" (Note that "my_json.show_phonebook_json" means "actions.show_phonebook_json() in sputnik.actions.my_json".) You action will then probably use cosmo to put node's fields into some sort of templates. Perhaps something like this: PHONEBOOK_TEMPLATE = [[{ "firstName": "$name", "phoneNumbers": [ $phone_numbers ] } ]] actions.show_phonebook_json = function(node, request, sputnik) return cosmo.c(PHONEBOOK_TEMPLATE){ name = node.title, phone_numbers = node.phone_numbers, } end - yuri From jasonsantos at gmail.com Thu May 28 16:27:33 2009 From: jasonsantos at gmail.com (=?ISO-8859-1?Q?Lu=EDs_Eduardo_Jason_Santos?=) Date: Thu May 28 16:27:17 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: References: Message-ID: > > Exciting. > Indeed! :-) >> besides some strange problems with the authentication, > > Please provide more details on this. I was running a Fenchurch, installed yesterday using KAIO, according to instructions, running under Xavante. While using the Wiki for about 20 minutes, my authentication has been dropped (i.e.: I've had to login again) a few times. I changed from Firefox to Epiphany, but got the same effect. I couldn't find a specific pattern to the problem. Besides, I have tried (even as an administrator) to view the 'raw' action of nodes, without success. I've had to add a specific permission (allowing all actions) to be able to see it. >> I came up with several doubts. > > I hope you mean "questions" :) Yes, I meant questions.. :-) I found it to be very difficult to add fields to the nodes.. (not counting the fact that I couldn't find the documentation about it) > >> how would I be able to add a >> .json action to my nodes, so they can generate field output in JSON >> format? > 1. Edit directly the node that needs the desired behavior. > 2. Create a new node, configure it and use it as a prototype for all > nodes that need the behavior. > 3. Edit @Root to make this behavior the default for all nodes. I am sticking to option 3. :-) My real doubt was 'how do I write an action and where'. is there any way I could write an action as an inline field on the Node itself? I believe you answered the question.. as far as I can tell, the text of an 'action' field will be resolved as a require/index and resolved to a function.. So, I'll have to define this in the back-end anyway. :-( I need to do the following: 'serialize' the node's fields to JSON -- or several nodes when the node in question is a Collection. Is there a way to access the collected items from the mother node? -- Lu?s Eduardo Jason Santos From yuri at sims.berkeley.edu Thu May 28 17:02:44 2009 From: yuri at sims.berkeley.edu (Yuri Takhteyev) Date: Thu May 28 17:01:55 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: References: Message-ID: >>> besides some strange problems with the authentication, I'll answer this one separately with a new subject. > I found it to be very difficult to add fields to the nodes.. (not > counting the fact that I couldn't find the documentation about it) You mean adding new fields? You need go to @Root.configure, open "Guru fields" then edit the "fields" field. Simply adding a new field "foo" could be as easy as adding: foo = {} The only catch is that the UI for editing fields is handled differently from the actual definition of fields. For that you will need to go and edit admin_edit_ui (the next field) and add an entry for "foo". > I am sticking to option 3. :-) Sure, but consider the security holes you might be opening by adding functionality to _all_ nodes. > My real doubt was 'how do I write an action and where'. is there any > way I could write an action as an inline field on the Node itself? This is a good question and Jim and I have discussed this a few weeks ago. This is not handled at the moment, but perhaps this would be a good feature to add. Obviously, such functions would be sandboxed and won't be able to rely on external modules. > I believe you answered the question.. as far as I can tell, the text > of an 'action' field will be resolved as a require/index and resolved > to a function.. So, I'll have to define this in the back-end anyway. > :-( Yes, but it is a trivial change to Sputnik to enable inline functions: --- a/sputnik/lua/sputnik/init.lua +++ b/sputnik/lua/sputnik/init.lua @@ -426,7 +426,9 @@ function Sputnik:activate_node(node) local action_loader = action_loader() for command, action_function in pairs(node.actions) do - if type(action_function) == "string" then + if type(action_function) == "function" then + node.actions[command] = action_function + elseif type(action_function) == "string" then local mod_name, dot_action = action_function:match("^(.+)%.([^%.]+)$") node.actions[command] = action_loader.load(mod_name)[dot_action] end Let's think a little about the security implications, but the implementation is trivial. > I need to do the following: 'serialize' the node's fields to JSON -- > or several nodes when the node in question is a Collection. This probably makes sense as a generic feature in collections. > Is there a way to access the collected items from the mother node? Of course. See the implementation of show() in sputnik/actions/collections.lua in the sputnik rock. - yuri -- http://spu.tnik.org/ From carregal at fabricadigital.com.br Thu May 28 17:27:15 2009 From: carregal at fabricadigital.com.br (Andre Carregal) Date: Thu May 28 17:26:25 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: References: Message-ID: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> 2009/5/28 Yuri Takhteyev : >> My real doubt was 'how do I write an action and where'. is there any >> way I could write an action as an inline field on the Node itself? > > This is a good question and Jim and I have discussed this a few weeks > ago. This is not handled at the moment, but perhaps this would be a > good feature to add. Obviously, such functions would be sandboxed and > won't be able to rely on external modules. If you decide to go for it please consider adding some protection for infinite loops too. While such a loop would be simply annoying in a CGI script, it would stall Xavante and everything else with it... The simplest solution (but probably not the best) when using Xavante would be to add some debug hook to check the execution time for the script and to abort it when necessary. Andr? From yuri at sims.berkeley.edu Thu May 28 20:37:15 2009 From: yuri at sims.berkeley.edu (Yuri Takhteyev) Date: Thu May 28 20:36:52 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> Message-ID: > If you decide to go for it please consider adding some protection for > infinite loops too. While such a loop would be simply annoying in a > CGI script, it would stall Xavante and everything else with it... This would be a good thing to do in general, but this is a separate problem. You already can cause an infinite loop in the action field. This patch gives you a somewhat different way of doing this, but doesn't change anything fundamentally. (In general, the assumption at the moment is that only the admin should be editing action fields, and the admin already has plenty of ways to cause trouble.) > The simplest solution (but probably not the best) when using Xavante > would be to add some debug hook to check the execution time for the > script and to abort it when necessary. What do you mean by "the script"? If you mean the code in fields like "action" then evaluation of this code surely shouldn't depend on the server used. If you mean sputnik.ws, then perhaps this should be addressed at the WSAPI or Xavante level. Perhaps when WSAPI/Xavante calls an app function, it should be able to kill it after some time? Another possibility perhaps is to filter the code for "for" and "while"? (Can one do an infinite loop in Lua without using "for" or "while"?) A yet another possibility is to properly parse the code the way Cosmo does, though I am wondering what the cost of that would be. - yuri -- http://spu.tnik.org/ From carregal at fabricadigital.com.br Thu May 28 20:46:52 2009 From: carregal at fabricadigital.com.br (Andre Carregal) Date: Thu May 28 20:46:30 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> Message-ID: <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> On Thu, May 28, 2009 at 7:37 PM, Yuri Takhteyev wrote: > What do you mean by "the script"? If you mean the code in fields like > "action" then evaluation of this code surely shouldn't depend on the > server used. If you mean sputnik.ws, then perhaps this should be > addressed at the WSAPI or Xavante level. Perhaps when WSAPI/Xavante > calls an app function, it should be able to kill it after some time? Makes sense. > Another possibility perhaps is to filter the code for "for" and > "while"? (Can one do an infinite loop in Lua without using "for" or > "while"?) A yet another possibility is to properly parse the code the > way Cosmo does, though I am wondering what the cost of that would be. Recursion + Proper Tail Calls... :o) Andr? From mascarenhas at gmail.com Thu May 28 23:59:35 2009 From: mascarenhas at gmail.com (Fabio Mascarenhas) Date: Thu May 28 23:59:14 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> Message-ID: <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> On Thu, May 28, 2009 at 7:46 PM, Andre Carregal wrote: > On Thu, May 28, 2009 at 7:37 PM, Yuri Takhteyev wrote: > >> Another possibility perhaps is to filter the code for "for" and >> "while"? (Can one do an infinite loop in Lua without using "for" or >> "while"?) A yet another possibility is to properly parse the code the >> way Cosmo does, though I am wondering what the cost of that would be. > > Recursion + Proper Tail Calls... :o) If you are already parsing then it is trivial to disable tail calls, just transform "return " to local res = { } return unpack(res) Heck, you don't even need a full parser to disable loops and tail calls, a simple token filter is enough. :-) A better idea, let the user do loops and tail calls but insert a "counter()" at the beginning of every block. "counter()" increments a counter and throws an error if the counter passes a set value. Of course the actual name would be generated randomly so an attack won't be able replace it with his own fake counter. :-) This is doable with a token filter too. By token filter I don't mean lhf's library, just some thing that parses Lua tokens. I think rules to do the above transformations would be a fairly simple LPEG grammar on top of leg's lexical layer. > Andr? > -- Fabio Mascarenhas From carregal at fabricadigital.com.br Fri May 29 10:39:21 2009 From: carregal at fabricadigital.com.br (Andre Carregal) Date: Fri May 29 10:38:29 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> Message-ID: <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> On Thu, May 28, 2009 at 10:59 PM, Fabio Mascarenhas wrote: > A better idea, let the user do loops and tail calls but insert a > "counter()" at the beginning of every block. "counter()" increments a > counter and throws an error if the counter passes a set value. Of > course the actual name would be generated randomly so an attack won't > be able replace it with his own fake counter. :-) This is doable with > a token filter too. Nice, I like this. I'd make counter() check for execution time though. > By token filter I don't mean lhf's library, just some thing that > parses Lua tokens. I think rules to do the above transformations would > be a fairly simple LPEG grammar on top of leg's lexical layer. Indeed, it would be nice to have LEG being used for this... :o) Andr? From jnwhiteh at gmail.com Fri May 29 11:20:37 2009 From: jnwhiteh at gmail.com (Jim Whitehead II) Date: Fri May 29 11:20:36 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> Message-ID: <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> On Fri, May 29, 2009 at 1:39 PM, Andre Carregal wrote: > On Thu, May 28, 2009 at 10:59 PM, Fabio Mascarenhas > wrote: >> A better idea, let the user do loops and tail calls but insert a >> "counter()" at the beginning of every block. "counter()" increments a >> counter and throws an error if the counter passes a set value. Of >> course the actual name would be generated randomly so an attack won't >> be able replace it with his own fake counter. :-) This is doable with >> a token filter too. > > Nice, I like this. I'd make counter() check for execution time though. > >> By token filter I don't mean lhf's library, just some thing that >> parses Lua tokens. I think rules to do the above transformations would >> be a fairly simple LPEG grammar on top of leg's lexical layer. > > Indeed, it would be nice to have LEG being used for this... :o) I've actually (in the past) done all of this for a World of Warcraft addon, using a lexer called For All Indents and Purposes [1], written by a member of the Lua community. The problem is you have to use it alongside debug hooks in order to ensure that the system doesn't soft-lock, for example with a backtracking match on a very large string. It's really about how much protection you want to add in the system. I would also like to see anonymous actions. - Jim [1]: http://www.wowinterface.com/downloads/info4895-ForAllIndentsAndPurposes.html From mascarenhas at gmail.com Fri May 29 11:49:47 2009 From: mascarenhas at gmail.com (Fabio Mascarenhas) Date: Fri May 29 11:49:24 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> Message-ID: <7913df4d0905290649p4f6e609bs401e5f050db1492a@mail.gmail.com> On Fri, May 29, 2009 at 9:39 AM, Andre Carregal < carregal@fabricadigital.com.br> wrote: > On Thu, May 28, 2009 at 10:59 PM, Fabio Mascarenhas > wrote: > > A better idea, let the user do loops and tail calls but insert a > > "counter()" at the beginning of every block. "counter()" increments a > > counter and throws an error if the counter passes a set value. Of > > course the actual name would be generated randomly so an attack won't > > be able replace it with his own fake counter. :-) This is doable with > > a token filter too. > > Nice, I like this. I'd make counter() check for execution time though. > os.clock has lousy resolution for that, though, you need non-portable clock functions. Counting loop/recursion cycles is not exact but is lightweight and portable if the number of cycles is a configuration parameter. You can even have separate counters for loops and recursion, for example, and treat how many cycles a script has as a user's privilege. > > > By token filter I don't mean lhf's library, just some thing that > > parses Lua tokens. I think rules to do the above transformations would > > be a fairly simple LPEG grammar on top of leg's lexical layer. > > Indeed, it would be nice to have LEG being used for this... :o) > Leg is an elephant gun for this mouse, a small lpeg grammar on top of its lexical analyser would be enough, as I said. :-) > > Andr? > -- Fabio -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.luaforge.net/pipermail/sputnik-list/attachments/20090529/947087d7/attachment.html From carregal at fabricadigital.com.br Fri May 29 11:59:00 2009 From: carregal at fabricadigital.com.br (Andre Carregal) Date: Fri May 29 11:58:37 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> Message-ID: <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> On Fri, May 29, 2009 at 10:20 AM, Jim Whitehead II wrote: > I've actually (in the past) done all of this for a World of Warcraft > addon, using a lexer called For All Indents and Purposes [1], written > by a member of the Lua community. ?The problem is you have to use it > alongside debug hooks in order to ensure that the system doesn't > soft-lock, for example with a backtracking match on a very large > string. ?It's really about how much protection you want to add in the > system. While I understand gsub like operations could stall a script, I don't get how debug hooks could help in this case. > I would also like to see anonymous actions. What would be those? Andr? From carregal at fabricadigital.com.br Fri May 29 12:01:35 2009 From: carregal at fabricadigital.com.br (Andre Carregal) Date: Fri May 29 12:01:16 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <7913df4d0905290649p4f6e609bs401e5f050db1492a@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <7913df4d0905290649p4f6e609bs401e5f050db1492a@mail.gmail.com> Message-ID: <92ab989c0905290701y1e3fb210r5fd3cdd2d90d8d38@mail.gmail.com> On Fri, May 29, 2009 at 10:49 AM, Fabio Mascarenhas wrote: > os.clock has lousy resolution for that, though, you need non-portable clock > functions. Counting loop/recursion cycles is not exact but is lightweight > and portable if the number of cycles is a configuration parameter. You can > even have separate counters for loops and recursion, for example, and treat > how many cycles a script has as a user's privilege. I may be missing something, but why would we need such high resolution for request timeouts? Most web servers could do fine with seconds resolution, no? > Leg is an elephant gun for this mouse, a small lpeg grammar on top of its > lexical analyser would be enough, as I said. :-) Point taken :o) Andr? From jnwhiteh at gmail.com Fri May 29 12:49:28 2009 From: jnwhiteh at gmail.com (Jim Whitehead II) Date: Fri May 29 12:49:25 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> Message-ID: <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> On Fri, May 29, 2009 at 2:59 PM, Andre Carregal wrote: > On Fri, May 29, 2009 at 10:20 AM, Jim Whitehead II wrote: >> I've actually (in the past) done all of this for a World of Warcraft >> addon, using a lexer called For All Indents and Purposes [1], written >> by a member of the Lua community. ?The problem is you have to use it >> alongside debug hooks in order to ensure that the system doesn't >> soft-lock, for example with a backtracking match on a very large >> string. ?It's really about how much protection you want to add in the >> system. > > While I understand gsub like operations could stall a script, I don't > get how debug hooks could help in this case. You're completely right, ignore me =). If the goal is to stop someone from accidentally hosing their installation, this would work well and I already have experience doing it. >> I would also like to see anonymous actions. > > What would be those? Being able to define actions inline, rather than having to edit and create a module. The type of thing that sparked this conversation in the first place. On a separate note, my goals as I work on Sputnik are the following: 1. The user should be able to accomplish their tasks without having to edit ANY of the files that are included in Sputnik's core. 2. Further to (1), the user should be able to upgrade their installation without needing to manually add changes. We have not been so good in this regard, just because of the current architecture. We expect the user to edit sputnik/config and most likely @Root. We've solved the problem with the first by applying sane defaults, but the second perhaps needs a bit more looking. I suspect in the end, we should suggest the user creates a new root prototype that inherits from @Root, rather than editing @Root directly. This ensures that changes trickle down. 3. When possible, make things possible without needing to write a new module for everything. We've got a way to go, but every release we make more progress! - Jim From mascarenhas at gmail.com Fri May 29 13:19:37 2009 From: mascarenhas at gmail.com (Fabio Mascarenhas) Date: Fri May 29 13:19:15 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <92ab989c0905290701y1e3fb210r5fd3cdd2d90d8d38@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <7913df4d0905290649p4f6e609bs401e5f050db1492a@mail.gmail.com> <92ab989c0905290701y1e3fb210r5fd3cdd2d90d8d38@mail.gmail.com> Message-ID: <7913df4d0905290819i34278fb5s4d71029591455c21@mail.gmail.com> On Fri, May 29, 2009 at 11:01 AM, Andre Carregal < carregal@fabricadigital.com.br> wrote: > On Fri, May 29, 2009 at 10:49 AM, Fabio Mascarenhas > wrote: > > os.clock has lousy resolution for that, though, you need non-portable > clock > > functions. Counting loop/recursion cycles is not exact but is lightweight > > and portable if the number of cycles is a configuration parameter. You > can > > even have separate counters for loops and recursion, for example, and > treat > > how many cycles a script has as a user's privilege. > > I may be missing something, but why would we need such high resolution > for request timeouts? Most web servers could do fine with seconds > resolution, no? > Not Xavante, if the script is blocking everyone else. If you aren't on Xavante I would put the outside the Lua process. BTW, the counter function could also call yield to let other Xavante threads do some processing, too (maybe this would need extensions to Copas, I'd have to check), so you'd get semi-preemptive threading in Xavante for free.. > > > Leg is an elephant gun for this mouse, a small lpeg grammar on top of its > > lexical analyser would be enough, as I said. :-) > > Point taken :o) > > Andr? > -- Fabio -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.luaforge.net/pipermail/sputnik-list/attachments/20090529/86d426e7/attachment.htm From carregal at fabricadigital.com.br Fri May 29 14:25:57 2009 From: carregal at fabricadigital.com.br (Andre Carregal) Date: Fri May 29 14:25:25 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> Message-ID: <92ab989c0905290925j2c36c623j8d3092f72981c6e9@mail.gmail.com> On Fri, May 29, 2009 at 11:49 AM, Jim Whitehead II wrote: >>> I would also like to see anonymous actions. >> What would be those? > > Being able to define actions inline, rather than having to edit and > create a module. ?The type of thing that sparked this conversation in > the first place. I see, but I'd prefer to call these something like "ad-hoc actions" or "instance actions" instead of "anonymous actions" then. I was thinking you were talking about authorization-free actions here. > On a separate note, my goals as I work on Sputnik are the following: > > 1. The user should be able to accomplish their tasks without having to > edit ANY of the files that are included in Sputnik's core. +1 > 2. Further to (1), the user should be able to upgrade their > installation without needing to manually add changes. ?We have not > been so good in this regard, just because of the current architecture. > ?We expect the user to edit sputnik/config and most likely @Root. > We've solved the problem with the first by applying sane defaults, but > the second perhaps needs a bit more looking. ?I suspect in the end, we > should suggest the user creates a new root prototype that inherits > from @Root, rather than editing @Root directly. ?This ensures that > changes trickle down. Makes sense, but this is not a simple problem indeed. > 3. When possible, make things possible without needing to write a new > module for everything. > > We've got a way to go, but every release we make more progress! Sure! OTOH, I've been having a lot of trouble following the changes, maybe due to the documentation lag, maybe because of the so called "paradigm overload"... :o) Andr? From carregal at fabricadigital.com.br Fri May 29 14:28:58 2009 From: carregal at fabricadigital.com.br (Andre Carregal) Date: Fri May 29 14:28:07 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <7913df4d0905290819i34278fb5s4d71029591455c21@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <7913df4d0905290649p4f6e609bs401e5f050db1492a@mail.gmail.com> <92ab989c0905290701y1e3fb210r5fd3cdd2d90d8d38@mail.gmail.com> <7913df4d0905290819i34278fb5s4d71029591455c21@mail.gmail.com> Message-ID: <92ab989c0905290928q69b6c6aah26d0b51999f815e9@mail.gmail.com> On Fri, May 29, 2009 at 12:19 PM, Fabio Mascarenhas wrote: >> I may be missing something, but why would we need such high resolution >> for request timeouts? Most web servers could do fine with seconds >> resolution, no? > > Not Xavante, if the script is blocking everyone else. If you aren't on > Xavante I would put the outside the Lua process. > BTW, the counter function could also call yield to let other Xavante threads > do some processing, too (maybe this would need extensions to Copas, I'd have > to check), so you'd get semi-preemptive threading in Xavante for free.. I'm not saying that we would call counter() every second or so, but that we would check os.time() (and yield) on every counter() call and then timeout with seconds resolution. My point is that request timeouts could be defined in seconds and have a full second of error and that wouldn't bother me. If the request times out in 4 or 5 seconds I'm OK as long as the rest of the system is operational. Andr? From yuri at sims.berkeley.edu Fri May 29 16:28:20 2009 From: yuri at sims.berkeley.edu (Yuri Takhteyev) Date: Fri May 29 16:28:06 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> Message-ID: > You're completely right, ignore me =). ?If the goal is to stop someone > from accidentally hosing their installation, this would work well and > I already have experience doing it. So, what exactly have we converged on? Pre-processing lua code and inserting counters? Does this make sense in Sputnik itself or should this be a general purpose library, perhaps working just like loadstring() but with an extra parameter specifying the max number of instructions? Any volunteers to actually implement it? > On a separate note, my goals as I work on Sputnik are the following: > > 1. The user should be able to accomplish their tasks without having to > edit ANY of the files that are included in Sputnik's core. This would depend on what the tasks are, right? I am sure someone will always find some task that would only be doable by hacking the core. That said, I agree that any task that appears to require changes to the core merits a discussion. First, many such tasks actually _can_ be done without editing the core files, it's just that the solution isn't documented properly. Second, if the task really requires changing the core, we should look into whether a more generic solution is possible. That said, it seems to me that this would need to be approached on a task-by-task base, no? > 2. Further to (1), the user should be able to upgrade their > installation without needing to manually add changes. ?We have not > been so good in this regard, just because of the current architecture. > ?We expect the user to edit sputnik/config and most likely @Root. > We've solved the problem with the first by applying sane defaults, but > the second perhaps needs a bit more looking. ?I suspect in the end, we > should suggest the user creates a new root prototype that inherits > from @Root, rather than editing @Root directly. ?This ensures that > changes trickle down. Yes, we need to do with @Root what we did with config. (Which is, we separated config into two nodes: config and config_defaults. The user should edit config but not config_defaults. This way, when new parameters are introduced, they automatically get default values.) > 3. When possible, make things possible without needing to write a new > module for everything. What do you mean? - yuri -- http://spu.tnik.org/ From carregal at fabricadigital.com.br Fri May 29 18:49:48 2009 From: carregal at fabricadigital.com.br (Andre Carregal) Date: Fri May 29 18:48:58 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> Message-ID: <92ab989c0905291349u7e5b80b4xf20fdc7d0a90a96f@mail.gmail.com> On Fri, May 29, 2009 at 3:28 PM, Yuri Takhteyev wrote: > So, what exactly have we converged on? Pre-processing lua code and > inserting counters? Does this make sense in Sputnik itself or should > this be a general purpose library, perhaps working just like > loadstring() but with an extra parameter specifying the max number of > instructions? Any volunteers to actually implement it? It would fit better in WSAPI itself. What about something like wsapi.util.make_timer(duration) returning a closure that, when called, would return true when duration has passed? With that in hands, Sputnik could inject calls to a private function in the untrusted code and that function could call the timer closure and handle the timeout in whatever way it wanted. Crude example: timeout = wsapi.util.make_timer(5) -- let's assume seconds precision for now ... function check() ... if timeout() then -- handle the timeout end ... end ... inject(source, "check") do(source) Andr? From yuri at sims.berkeley.edu Fri May 29 23:11:01 2009 From: yuri at sims.berkeley.edu (Yuri Takhteyev) Date: Fri May 29 23:10:47 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <92ab989c0905291349u7e5b80b4xf20fdc7d0a90a96f@mail.gmail.com> References: <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> <92ab989c0905291349u7e5b80b4xf20fdc7d0a90a96f@mail.gmail.com> Message-ID: > It would fit better in WSAPI itself. What about something like > wsapi.util.make_timer(duration) returning a closure that, when called, > would return true when duration has passed? I am not sure about this being in WSAPI. I see two possibilities: 1. WSAPI offers an option of timing out sputnik.ws in a way that is transparent to sputnik.ws 2. We write a module that Saci would use when processing Lua code in fields. We seem to be heading for #2 in general, but in this case, the module should not be a part of WSAPI, because Saci should not have any dependencies on WSAPI. In fact, at the moment Sputnik core has no dependencies on WSAPI, and I am not sure it's a good idea to add any. - yuri -- http://spu.tnik.org/ From carregal at fabricadigital.com.br Sat May 30 00:34:50 2009 From: carregal at fabricadigital.com.br (Andre Carregal) Date: Sat May 30 00:33:57 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: References: <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> <92ab989c0905291349u7e5b80b4xf20fdc7d0a90a96f@mail.gmail.com> Message-ID: <92ab989c0905291934s67cc80bg852efc4917a816da@mail.gmail.com> On Fri, May 29, 2009 at 10:11 PM, Yuri Takhteyev wrote: >> It would fit better in WSAPI itself. What about something like >> wsapi.util.make_timer(duration) returning a closure that, when called, >> would return true when duration has passed? > > I am not sure about this being in WSAPI. I see two possibilities: Note that we are indeed talking about two different things. > 1. WSAPI offers an option of timing out sputnik.ws in a way that is > transparent to sputnik.ws That's the function of wsapi.util.make_timer > 2. We write a module that Saci would use when processing Lua code in fields. > We seem to be heading for #2 in general, but in this case, the module > should not be a part of WSAPI, because Saci should not have any > dependencies on WSAPI. In fact, at the moment Sputnik core has no > dependencies on WSAPI, and I am not sure it's a good idea to add any. And that would be the function of "inject", but not part of WSAPI. I'm not sure where "inject" would go, but "make_timer" fits fine in WSAPI. Andr? From yuri at sims.berkeley.edu Sat May 30 00:50:47 2009 From: yuri at sims.berkeley.edu (Yuri Takhteyev) Date: Sat May 30 00:49:53 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: <92ab989c0905291934s67cc80bg852efc4917a816da@mail.gmail.com> References: <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> <92ab989c0905291349u7e5b80b4xf20fdc7d0a90a96f@mail.gmail.com> <92ab989c0905291934s67cc80bg852efc4917a816da@mail.gmail.com> Message-ID: In your proposal earlier, doesn't the use of inject assume the timer? I.e., if Saci has inject but not the timer, what will it inject? - yuri > And that would be the function of "inject", but not part of WSAPI. I'm > not sure where "inject" would go, but "make_timer" fits fine in WSAPI. -- http://spu.tnik.org/ From carregal at fabricadigital.com.br Sat May 30 01:23:45 2009 From: carregal at fabricadigital.com.br (Andre Carregal) Date: Sat May 30 01:22:51 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: References: <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> <92ab989c0905291349u7e5b80b4xf20fdc7d0a90a96f@mail.gmail.com> <92ab989c0905291934s67cc80bg852efc4917a816da@mail.gmail.com> Message-ID: <92ab989c0905292023r67c31be0w77d312662c980ca6@mail.gmail.com> On Fri, May 29, 2009 at 11:50 PM, Yuri Takhteyev wrote: > In your proposal earlier, doesn't the use of inject assume the timer? I.e., if Saci has inject but not the timer, what will it inject? It simply injects a function name and the parenthesis that will make the future call when executed. It's up to the application function (of the same name above) to call the timer (or whatever else it needs) and handle eventual errors. Andr? From jnwhiteh at gmail.com Sat May 30 11:53:17 2009 From: jnwhiteh at gmail.com (Jim Whitehead II) Date: Sat May 30 11:53:17 2009 Subject: [Sputnik-list] Re: [Sputnik] Adding JSON actions In-Reply-To: References: <92ab989c0905281227m22bd1079j459f183b469e4bc7@mail.gmail.com> <92ab989c0905281546k7317d591jb865b4d3e2b381ae@mail.gmail.com> <7913df4d0905281859w9c4ffd8g34e42197462989db@mail.gmail.com> <92ab989c0905290539t7488a0c3q2a22db3744ee3cb2@mail.gmail.com> <5fe281d40905290620k12ddd688j6a7083c0cd3921c2@mail.gmail.com> <92ab989c0905290659l548f06bcmabb8969a12cf6371@mail.gmail.com> <5fe281d40905290749w645d69a8j49a3b827c87c7270@mail.gmail.com> Message-ID: <5fe281d40905300653i5e064c4nc2c3c6447b0c2fb7@mail.gmail.com> On Fri, May 29, 2009 at 11:28 AM, Yuri Takhteyev wrote: >> You're completely right, ignore me =). ?If the goal is to stop someone >> from accidentally hosing their installation, this would work well and >> I already have experience doing it. > > So, what exactly have we converged on? Pre-processing lua code and > inserting counters? Does this make sense in Sputnik itself or should > this be a general purpose library, perhaps working just like > loadstring() but with an extra parameter specifying the max number of > instructions? Any volunteers to actually implement it? I think that the LEG and the code to implement the detection/changes should be more generally available, but the code can certainly go in WSAPI as Andre suggests. >> On a separate note, my goals as I work on Sputnik are the following: >> >> 1. The user should be able to accomplish their tasks without having to >> edit ANY of the files that are included in Sputnik's core. > > This would depend on what the tasks are, right? I am sure someone will > always find some task that would only be doable by hacking the core. > That said, I agree that any task that appears to require changes to > the core merits a discussion. First, many such tasks actually _can_ be > done without editing the core files, it's just that the solution isn't > documented properly. Second, if the task really requires changing the > core, we should look into whether a more generic solution is possible. > > That said, it seems to me that this would need to be approached on a > task-by-task base, no? Of course, that's just my motivation as I make changes to the core and we discuss changes.. to try and guide things using these principles. >> 2. Further to (1), the user should be able to upgrade their >> installation without needing to manually add changes. ?We have not >> been so good in this regard, just because of the current architecture. >> ?We expect the user to edit sputnik/config and most likely @Root. >> We've solved the problem with the first by applying sane defaults, but >> the second perhaps needs a bit more looking. ?I suspect in the end, we >> should suggest the user creates a new root prototype that inherits >> from @Root, rather than editing @Root directly. ?This ensures that >> changes trickle down. > > Yes, we need to do with @Root what we did with config. (Which is, we > separated config into two nodes: config and config_defaults. The user > should edit config but not config_defaults. This way, when new > parameters are introduced, they automatically get default values.) Perfect! >> 3. When possible, make things possible without needing to write a new >> module for everything. > > What do you mean? Allowing as much through the web edit form as reasonably possible. Not to an extreme, just a general principle. Editing template nodes rather than having to change the params being sent to cosmo, etc. - Jim