« Back to channel list

#ruby - 24 January 2019

« Back 1 day Forward 1 day »
[00:05:03] tdy: has joined #ruby
[00:13:01] zenspider: Scriptonaut: I'm only skimming the spec for JWT... but I'm not sure that's invalid yet.
[00:13:48] zenspider: it's not well written as specs go
[00:14:18] Scriptonaut: I'm confused, what do you mean not invalid, like it's supposed to produce different keys between ruby processes?
[00:14:29] Scriptonaut: or between console sessions, etc
[00:14:31] zenspider: do they decode properly?
[00:14:46] zenspider: if you notice, the payload (before the ".") is the same in both cases
[00:14:58] Scriptonaut: that's the header
[00:15:02] Scriptonaut: it goes header.payload.signature
[00:15:32] Scriptonaut: header has the meta info about the type of encryption, etc, payload is the actual data, then signature is an encrypted concatenation of the header, payload, and secret
[00:15:37] Scriptonaut: used to verify the payload/header
[00:15:50] Scriptonaut: I suppose I should try decoding it
[00:15:53] Scriptonaut: and see if it for some reason works
[00:15:57] zenspider: ah. I didn't see the second one... either way, they're the same
[00:16:03] Scriptonaut: the second one is the same too?
[00:16:34] Scriptonaut: oh I see, that's odd, it's not always the case
[00:16:40] zenspider: as long as they decode... I wouldn't worry about it
[00:16:54] Scriptonaut: I'll try decoding and see what I get, thanks
[00:17:25] zenspider: ruby has some stuff built in to seed hash values and the like so that each process is a little bit random from another. It bites me now and then, but makes the processes less attackable from the outside. It might be similar
[00:19:10] Scriptonaut: This will give me the perfect excuse to have this part of the codebase rewritten, I was saying we should decode rather than just comparing the encrypted strings
[00:21:17] Scriptonaut: zenspider: I don't know why I didn't think to do that
[00:21:39] zenspider: hrm... is there a better tool than diff3 for comparing 3 files? having `ed` output isn't the best
[00:22:02] ansraliant: has joined #ruby
[00:22:05] Scriptonaut: hmm, never had that need. I use git for diffs most of the time
[00:22:41] Scriptonaut: you could try diffuse
[00:22:49] Scriptonaut: http://diffuse.sourceforge.net/
[00:23:54] chouhoulis: has joined #ruby
[00:24:24] wnd: I use vim for less-than-trivial diffs. I also recall a co-worker using meldmerge, but that was years ago.
[00:31:48] skryking: has joined #ruby
[00:42:50] orbyt_: has joined #ruby
[00:58:57] perique: has joined #ruby
[01:19:25] blackmesa: has joined #ruby
[01:22:43] darix: zenspider: vimdiff?
[01:24:22] bmurt: has joined #ruby
[01:28:02] laaron-: has joined #ruby
[01:28:54] sagax: has joined #ruby
[01:45:18] Nicmavr: has joined #ruby
[01:45:55] Renich: has joined #ruby
[01:51:22] havenwood: Scriptonaut: Your payload stays the same. It's just the order of the headers that differs so you get a different mac. {"alg"=>"HS256", "typ"=>"JWT"} vs {"typ"=>"JWT", "alg"=>"HS256"}
[01:51:50] chouhoulis: has joined #ruby
[01:54:42] brandoncc: has joined #ruby
[01:55:25] havenwood: Scriptonaut: JSON hashes are unordered, unlike Ruby 1.9+ hashes.
[01:55:37] havenwood: https://www.ietf.org/rfc/rfc4627.txt
[01:55:53] havenwood: "An object is an unordered collection of zero or more name/value pairs..."
[01:56:41] havenwood: Scriptonaut: I suspect you're just losing the order of your headers in the JSON conversion step.
[01:56:56] blerrp: (ruby 2.6) hey, i'm trying to do something that sums nested hash values correctly. doesn't have to be *100%* generalizable, but you know.
[01:56:57] blerrp: https://dpaste.de/Vwuz
[01:57:30] blerrp: i added a hash method deep_merge_sum
[01:57:33] blerrp: and it works
[01:57:47] blerrp: but for some reason, it chokes when you use it with hashes with default values
[02:01:55] blerrp: it chokes on line 40
[02:07:48] cpruitt: has joined #ruby
[02:09:13] havenwood: blerrp: fwiw, with ActiveRecord or the deep_merge gem:
[02:09:14] havenwood: stats.reduce({}) { |acc, h| acc.deep_merge(h) { |_key, a, b| a + b } }
[02:09:31] Scriptonaut: havenwood: you're right
[02:09:33] Scriptonaut: that's what it was
[02:09:52] Scriptonaut: I'm surprised you were able to deduce that
[02:10:30] havenwood: you're welcome!
[02:10:45] Scriptonaut: the only part left that's bothering me, is that an existing dev built a system where he generated tokens like this, sent it to another service we have, and then used the token in a db query to lookup records.
[02:10:55] Scriptonaut: so somehow up until now, those hashes have always been in the same order
[02:11:02] Scriptonaut: but when I do it, I often get different ordered hashes
[02:11:44] Scriptonaut: no idea why when I do it, the key/value order changes regularly, but he managed to do it for months, on the same computer, and kept it in the same order
[02:11:59] Scriptonaut: I assume I will have to rewrite his lookup system that does lookups by the encrypted tokens, I don't see any other way around it
[02:12:14] Scriptonaut: not that it's a very good way of looking things up
[02:13:06] havenwood: Scriptonaut: Just to make sure, you're meaning these payloads to be signed so you can authenticate they haven't been tampered with, but no need for encryption?
[02:13:53] Scriptonaut: the payloads only hold a database record id
[02:14:03] Scriptonaut: but they're signed with a secret
[02:14:49] havenwood: Here's an example of encrypting the payload, for fun: https://gist.github.com/havenwood/5f8d3ae5f4d9d3963225d9ecd0864ec2
[02:15:57] Scriptonaut: oh, we're just signing it with a raw string, is that not a good idea?
[02:16:14] Scriptonaut: like ENV["JWT_SECRET"]
[02:17:17] havenwood: Scriptonaut: I'd think that should work if you just need data integrity and authentication, but the payload contents aren't secret.
[02:18:19] havenwood: If the contents are secret, use Ed25519 instead of an HMAC.
[02:19:27] Scriptonaut: ah ok, thanks for the example. While working on this feature I noticed this stuff was used in several other places, and it definitely wasn't encrypting the payload. I'll have to check it out to make sure it's nothing that should be secure
[02:19:52] cpruitt: has joined #ruby
[02:21:39] havenwood: Ed25519 is great when you really do want to keep a secret!
[02:21:41] havenwood: https://ed25519.cr.yp.to/
[02:21:59] blerrp: havenwood: deep_merge like you suggested isn't working right
[02:22:23] blerrp: https://dpaste.de/1RD7#L67,68
[02:23:34] havenwood: blerrp: I wrote it for the ActiveRecord variant: stat_sets.reduce({}) { |acc, h| acc.deep_merge(h) { |_key, a, b| a + b } }
[02:23:40] havenwood: blerrp: require 'active_support/core_ext/hash/deep_merge'
[02:24:24] havenwood: blerrp: #=> {:hp_max=>7, :attack=>{:normal=>12, :special=>3}, :defense=>{:normal=>8, :special=>10}}
[02:24:32] r29v: has joined #ruby
[02:24:42] blerrp: lemme try it out
[02:25:06] havenwood: blerrp: Or from the deep_merge gem, you can use the Rails-compat mode: require 'deep_merge/rails_compat'
[02:25:53] havenwood: blerrp: That ^ should work too. Or it's not much change to port to the deep_merge native varient.
[02:26:02] blerrp: require 'deep_merge/rails_compat'
[02:26:15] havenwood: blerrp: That should *just work*.
[02:26:16] blerrp: tried that and get undefined method `deep_merge' for {}:Hash (NoMethodError)
[02:26:40] blerrp: should i just install activerecord and try that one
[02:26:43] havenwood: blerrp: oh, oops - that just avoids stomping on Rails, it doesn't provide the same interface
[02:27:01] blerrp: what gem do i need to install? rails? activerecord?
[02:27:06] havenwood: blerrp: the activerecord one would work
[02:27:14] havenwood: blerrp: just activerecord
[02:27:14] blerrp: idk anything about rails
[02:27:19] salasrod: has joined #ruby
[02:27:20] blerrp: ok let's tr
[02:28:16] blerrp: yep you're right
[02:28:23] blerrp: activerecord's deep_merge works fine
[02:30:25] salasrod: has joined #ruby
[02:31:12] blerrp: havenwood: AND it also works with initial value
[02:31:14] blerrp: stat_sets.reduce(Hash.new(0)) { |acc, h| acc.deep_merge(h) { |_key, a, b| a + b } }
[02:33:23] blerrp: i have to read a little more to understand, but thanks
[02:33:26] blerrp: looks good
[02:35:05] salasrod: has joined #ruby
[02:35:50] salasrod: has joined #ruby
[03:12:49] esrse: has joined #ruby
[03:20:50] tdy: has joined #ruby
[03:23:54] krawchyk: has joined #ruby
[03:36:22] cpruitt: has joined #ruby
[03:37:26] chouhoulis: has joined #ruby
[03:39:05] salasrod: has joined #ruby
[03:46:45] salasrod: has joined #ruby
[03:52:00] bga57: has joined #ruby
[03:52:03] salasrod: has joined #ruby
[03:57:56] cpruitt: has joined #ruby
[04:00:06] \void: has joined #ruby
[04:03:09] tdy: has joined #ruby
[04:09:59] agent_white: has joined #ruby
[04:10:01] braincrash: has joined #ruby
[04:10:58] SirFunk: has joined #ruby
[04:19:39] sleetdrop: has joined #ruby
[04:36:56] cpruitt: has joined #ruby
[04:43:42] BTRE: has joined #ruby
[04:54:37] cpruitt: has joined #ruby
[05:34:06] jtperreault: has joined #ruby
[05:34:26] r29v: has joined #ruby
[05:40:36] cpruitt: has joined #ruby
[05:56:27] cpruitt: has joined #ruby
[06:10:20] skryking: has joined #ruby
[06:17:53] dionysus69: has joined #ruby
[06:24:23] kapil____: has joined #ruby
[06:34:28] tdy: has joined #ruby
[06:47:46] cpruitt: has joined #ruby
[06:54:38] dellavg_: has joined #ruby
[06:54:58] reber: has joined #ruby
[07:04:36] Renich: has joined #ruby
[07:05:34] aufi_: has joined #ruby
[07:13:21] lytol_: has joined #ruby
[07:18:31] Xeago_: has joined #ruby
[07:21:15] aupadhye: has joined #ruby
[07:23:12] jcarl43: has joined #ruby
[07:26:28] tdy: has joined #ruby
[07:28:58] salasrod: has joined #ruby
[07:42:49] venmx: has joined #ruby
[07:52:19] tdy: has joined #ruby
[08:00:37] sonofentropy: has joined #ruby
[08:06:17] cpruitt: has joined #ruby
[08:22:09] asphyxia: has joined #ruby
[08:23:25] Turnikov[m]: has joined #ruby
[08:33:11] Cthulu201: has joined #ruby
[08:36:26] clemens3: has joined #ruby
[08:37:47] tdy: has joined #ruby
[08:44:10] cpruitt: has joined #ruby
[09:02:41] nowhere_man: has joined #ruby
[09:24:02] jacksop: has joined #ruby
[09:25:37] Guest16678: has joined #ruby
[09:28:17] GodFather: has joined #ruby
[09:41:35] blackmesa: has joined #ruby
[09:42:12] schwad_: has joined #ruby
[09:44:20] cpruitt: has joined #ruby
[09:45:43] ellcs: has joined #ruby
[09:46:39] blackmesa1: has joined #ruby
[09:46:57] asphyxia: has joined #ruby
[10:06:19] blackmesa: has joined #ruby
[10:08:50] mikecmpbll: has joined #ruby
[10:11:10] sonofentropy: has joined #ruby
[10:25:06] sonofentropy: has joined #ruby
[10:33:26] mikecmpb_: has joined #ruby
[10:36:54] Paraxial: has joined #ruby
[10:37:54] cpruitt: has joined #ruby
[10:38:51] venmx: has joined #ruby
[10:44:22] [spoiler]: has joined #ruby
[11:34:00] DTZUZO_: has joined #ruby
[11:38:11] cpruitt: has joined #ruby
[11:42:07] AJA4350: has joined #ruby
[11:42:52] kidPalooma: has joined #ruby
[11:45:05] kidPalooma: Hello, I would like to perform these two operations on mp3 files: 1. strip all id3 metadata, 2. add silence at the start/end of a file. Are there any libraries that you know of that would help? I have found a few id3 libraries in ruby but they seem more oriented on reading id3 tags rather than modifying them
[11:47:25] elomatreb: kidPalooma: I was in a similar situation regarding metadata and I didn't really find anything enjoyable, switched to doing those scripts in Python with mutagen
[11:48:18] cpruitt: has joined #ruby
[12:00:25] nowhere_man: has joined #ruby
[12:02:22] fribmendes: has joined #ruby
[12:06:58] fribmendes: has joined #ruby
[12:17:56] blackmesa: has joined #ruby
[12:21:25] conta1: has joined #ruby
[12:25:38] Nicmavr: has joined #ruby
[12:33:29] lucasb: has joined #ruby
[12:34:05] blerrp: kidPalooma: +1 for mutagen. so for adding silence, idk, maybe look into ffmpeg
[12:34:27] blerrp: but for id3 mutagen is the best shit i've used
[12:46:32] mauro_oto: has joined #ruby
[12:50:03] cpruitt: has joined #ruby
[12:50:13] skryking: has joined #ruby
[12:51:56] Psy-Q: has joined #ruby
[12:52:28] Psy-Q: it looks like Slate was never updated to work with Bundler 2 and relies on Bundler 1. is there a way to have both available at the same time on a system?
[13:05:13] Psy-Q: it looks like it can fall back to the version that is specified under BUNDLED_WITH in the lockfile if that version is available, but what if there is no lockfile yet?
[13:09:11] cpruitt: has joined #ruby
[13:19:20] cpruitt: has joined #ruby
[13:24:42] sonofentropy: has joined #ruby
[13:25:29] sonofentropy: has joined #ruby
[13:26:33] bmurt: has joined #ruby
[13:41:11] Guest16678: has joined #ruby
[13:43:10] soyeomul^bionic: has joined #ruby
[13:49:16] cpruitt: has joined #ruby
[13:50:31] chouhoulis: has joined #ruby
[13:50:57] pythdasch: has joined #ruby
[13:51:02] pythdasch: has left #ruby: ()
[13:55:06] laaron: has joined #ruby
[14:00:07] Puffball: has joined #ruby
[14:12:36] laaron: has joined #ruby
[14:14:01] Renich: has joined #ruby
[14:21:33] laaron: has joined #ruby
[14:22:59] sonofentropy: has joined #ruby
[14:27:02] laaron: has joined #ruby
[14:40:26] matchaw: has joined #ruby
[14:48:36] Rapture: has joined #ruby
[14:55:36] laaron: has joined #ruby
[15:00:30] yokel: has joined #ruby
[15:05:38] rippa: has joined #ruby
[15:09:58] Leifr: has joined #ruby
[15:11:50] kapil____: has joined #ruby
[15:19:31] RiPuk: has joined #ruby
[15:35:27] krawchyk: has joined #ruby
[15:39:09] Dbugger: has joined #ruby
[15:55:28] polishdub: has joined #ruby
[15:57:04] status402: has joined #ruby
[16:05:25] krawchyk: has joined #ruby
[16:08:54] marz_d`ghostman: has joined #ruby
[16:08:59] marz_d`ghostman: anyone using concurrent-ruby gem here?
[16:09:24] marz_d`ghostman: How do you guys execute Futures in parallel? Concurrent::Promises.future(thread_pool) { Sync.run(mirror) }.rescue { |e| send_error_notification(mirror_name: mirror.name, error: e) }.result doesn't seem to work
[16:16:59] chouhoulis: has joined #ruby
[16:24:31] krawchyk: has joined #ruby
[16:29:57] davidw: has joined #ruby
[16:31:53] orbyt_: has joined #ruby
[16:39:55] akem: has joined #ruby
[16:42:46] krawchyk: has joined #ruby
[16:52:35] conta1: has joined #ruby
[16:55:17] nowhere_man: has joined #ruby
[16:59:04] krawchyk: has joined #ruby
[17:01:30] sonofentropy: has joined #ruby
[17:11:18] duderonomy: has joined #ruby
[17:21:37] Leifr: has joined #ruby
[17:23:45] \void: has joined #ruby
[17:24:33] Guest16678: has joined #ruby
[17:36:53] sticaz: has joined #ruby
[17:40:58] code_zombie: has joined #ruby
[17:41:11] jcarl43: has joined #ruby
[17:46:23] gix: has joined #ruby
[18:03:05] Eiam: has joined #ruby
[18:07:54] reber: has joined #ruby
[18:11:48] chouhoulis: has joined #ruby
[18:15:20] sonofentropy: has joined #ruby
[18:26:20] elcontrastador: has joined #ruby
[18:26:20] Aqo: has joined #ruby
[18:30:34] cagmz: has joined #ruby
[18:30:58] cagmz: how do I create a private class method if I'm using the `class << self` to define my public methods?
[18:32:48] cagmz: found the answer: https://stackoverflow.com/a/27866601/9670992
[18:39:45] Scriptonaut: has left #ruby: ()
[18:45:25] mikecmpbll: has joined #ruby
[18:45:35] orbyt_: has joined #ruby
[19:02:25] djdduty: has joined #ruby
[19:07:38] Creatornator: has joined #ruby
[19:11:10] duderonomy: has joined #ruby
[19:13:24] skryking: has joined #ruby
[19:15:26] ravenousmoose: has joined #ruby
[19:23:22] wildermind: has joined #ruby
[19:29:00] Creatornator: has joined #ruby
[19:35:21] xrexeon: has joined #ruby
[19:37:23] ravenousmoose: has joined #ruby
[19:37:32] xrexeon: has joined #ruby
[19:44:15] conta1: has joined #ruby
[19:45:12] sonofentropy: has joined #ruby
[19:54:07] clemens3: has joined #ruby
[19:55:24] Creatornator: has joined #ruby
[19:56:21] krawchyk: has joined #ruby
[20:03:10] tdy: has joined #ruby
[20:15:06] TheBloke: has joined #ruby
[20:18:03] blackmesa: has joined #ruby
[20:34:00] Inline: has joined #ruby
[20:38:57] baweaver: Anyone had a case where they needed xor for non-booleans in Ruby?: https://bugs.ruby-lang.org/issues/15559
[20:43:21] SeepingN: has joined #ruby
[20:48:10] orbyt_: has joined #ruby
[20:48:24] lyusternik: as others mention, there's nothing you can do with logical XOR that isn't already handled by !=
[20:48:54] lyusternik: I guess it could save you a bool casting
[20:51:31] TheBloke: has joined #ruby
[20:55:42] ur5us: has joined #ruby
[20:56:28] xrexeon: has joined #ruby
[20:56:46] ur5us: has joined #ruby
[21:02:47] krawchyk: has joined #ruby
[21:11:42] lxsameer: has joined #ruby
[21:18:00] blackmesa: has joined #ruby
[21:21:29] blackmesa: has joined #ruby
[21:55:19] bmurt: has joined #ruby
[22:04:15] Renich: has joined #ruby
[22:06:14] galaxie: has left #ruby: ()
[22:11:38] brandoncc: has joined #ruby
[22:35:11] bmurt: has joined #ruby
[23:05:18] Nicmavr: has joined #ruby
[23:42:10] _whitelogger: has joined #ruby
[23:45:23] akem: has joined #ruby
[23:46:44] akem: has joined #ruby
[23:48:09] akem: has joined #ruby