#munin log

20:02:27 <TheSnide> #startmeeting
20:02:27 <MeetBot> Meeting started Wed Jan 21 20:02:27 2015 UTC.  The chair is TheSnide. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:02:27 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
20:02:36 <TheSnide> #chair ss
20:02:36 <MeetBot> Current chairs: TheSnide ss
20:02:44 <TheSnide> #chair ssm
20:02:44 <MeetBot> Current chairs: TheSnide ss ssm
20:04:27 <TheSnide> chteuchteu, ssm: sorry to be late.
20:04:41 <chteuchteu> No problem!
20:04:57 <TheSnide> #topic 2.1
20:05:41 <TheSnide> well, chteuchteu proposed a new CSS, which is quite good. And even merged already in devel
20:06:19 <chteuchteu> As said before, this is open for discussion: if anyone has any idea about how to improve it, please don't hesitate!
20:06:34 <chteuchteu> Thank you for having merged!
20:07:37 <ssm> It's a very nice improvement.
20:08:14 <chteuchteu> Thank you! As said before too, I'd like to enhance the dynazoom report page as well (both HTML structure and CSS)
20:09:26 <TheSnide> yeah, i know chteuchteu from before the css, and he's quite nice. so please don't scare him off right now.
20:09:43 <chteuchteu> :D
20:09:50 <TheSnide> ... wait until he invested a substantial amount of time :-P
20:09:51 <ssm> . o O { do not scare away contributors, check }
20:09:56 <chteuchteu> :D :D
20:10:09 <chteuchteu> For those who don't know me, I'd like to introduce myself in two words
20:10:18 <chteuchteu> (or a bit more actually)
20:10:19 <TheSnide> ... specially since he's much more css gifted than us ;)
20:11:22 <chteuchteu> I'm a computing student from France, and begun Android development 3 years ago (by myself). I used Munin to check my home server and wanted to check the graphs on my phone, but the munin report page wasn't (and still is, // TODO) readable on mobiles
20:12:07 <chteuchteu> So I created Munin for Android, which was awful at the start but became better from update to update :P
20:12:30 <m-r-b> <Bushmills@freenode> yes, much less buggy now :)
20:12:44 <chteuchteu> There are still bugs, but less than before indeed :P
20:12:58 <chteuchteu> A few days ago, I decided to make it open-source so people could contribute: https://github.com/chteuchteu/Munin-for-Android
20:13:22 <chteuchteu> And also because after 3 month on cleaning code and refactoring, I'm finally proud of its code :D
20:14:07 <chteuchteu> I also decided that it would be cool to contribute to the main project (munin), so I started easy by writing some CSS
20:14:36 <chteuchteu> And here we are :)
20:14:42 * TheSnide thinks that CSS isn't the easy part. :)
20:14:53 <TheSnide> *clap* *clap* *clap*
20:14:58 <chteuchteu> It is for me! :) Thank you :)
20:14:58 <ssm> Welcome :D
20:15:07 <chteuchteu> Thanks :)
20:15:30 <micah> ssm: lol
20:15:57 * ssm is a sysadmin, who dabbles in perl, python, ruby.  More fond of writing tests and documentation than actual code, but gets something done from time to time.
20:16:00 <TheSnide> chteuchteu: i'd be more than happy if you want to contribute further. Even better if it's the UI!
20:16:44 <chteuchteu> ssm: Nobody wants to write tests and documentations usually, you must a hero or something? :D
20:17:07 * ssm is in hiding in #munin, don't tell anyone
20:17:07 <TheSnide> chteuchteu: he his. but don't tell him.
20:17:21 <chteuchteu> :D
20:17:46 <chteuchteu> TheSnide: Since I don't have any knowledge in Perl and some in HTML, CSS, JS (Jquery), I would be glad to enhance the UI! :)
20:18:22 * TheSnide is just a random guy with very crazy ideas. And some abilities to pass them to others :)
20:18:25 <chteuchteu> BTW, I know that this is out of topic, but I saw that vanilla JS is used in the dynazoom page. Wouldn't it be better to use Jquery? less code, more maintenability, better compatibility
20:18:40 <ssm> "there is room for improvement"
20:18:45 <TheSnide> ... *ehem* ...
20:18:52 <TheSnide> #topic UI
20:19:05 <TheSnide> ok, move on =)
20:19:30 <chteuchteu> Just wanted to know if there was a special reason to use vanilla JS instead of Jquery :) (avoiding loading jquery js file for example)
20:19:41 <TheSnide> "vanilla JS" is mine. And i have as much knowledge in JS as you in Perl. So.
20:20:19 <TheSnide> basically, if you want to depend on some well-known lib, i won't object.
20:20:24 <TheSnide> just be sure that:
20:20:41 <TheSnide> 1. it is allowed to do so (usually it is)
20:21:15 <TheSnide> 2. the lib is "well-known" (jquery is. bootstrap also. something random on github not really)
20:22:33 <ssm> …and that we are allowed to distribute it with munin?
20:22:34 <TheSnide> 3. it _does_ improve the code. here also, jquery is a no-brainer, but i try to avoid deps that only "looks" interesting.
20:22:51 <chteuchteu> I really think that we could benefit from using Jquery on this: less code, more browser compatibility, and even better performances (even if dynazoom-related JS isn't heavy)
20:23:06 <TheSnide> ssm: yes, that's basically the 1. (not lawyer-clear, but IANAL)
20:23:12 <chteuchteu> Also, we should indeed check that we can distribute it with munin. I think it is, but we have to check irst
20:23:39 <TheSnide> chteuchteu: i think we already use jquery anyway.
20:23:50 <ssm> Lots and lots of javascript libraries are packaged for Debian, so they will be symlinked when installed with a .deb package
20:23:58 <TheSnide> https://github.com/munin-monitoring/munin/blob/devel/master/static/jquery-1.8.3.js
20:24:31 <chteuchteu> It may be used somewhere, but dynazoom uses vanilla JS :) Good to hear that it is already included!
20:24:32 <TheSnide> oh, and 4. Do *not* use the .min.js of JS libs.
20:24:51 <chteuchteu> What's the reason? I'm curious :)
20:25:19 <TheSnide> chteuchteu: i care more about the source readability than serving a yahoo-sized audience.
20:25:28 <chteuchteu> You're right!
20:25:50 <chteuchteu> Also, the minified vs standard files don't have much difference in terms of file size
20:26:03 <chteuchteu> ... and those files are cached by the client anyway
20:26:22 <TheSnide> anyway, any yahoo-sized munin install will have a decent sysadm with an minify himself
20:26:31 <ssm> it is probably better to enable compression in the web server before rewriting scripts
20:26:38 <TheSnide> ssm: +1
20:27:23 <chteuchteu> My next PR will be about the dynazoom page, I will prepare something great :)
20:27:36 <TheSnide> so, chteuchteu, you just got the official title of "our UI guy" ? :)
20:27:47 <chteuchteu> I'm OK with this! :D
20:27:56 <chteuchteu> And quite glad :)
20:28:09 <chteuchteu> Has anybody special ideas about the dynazoom page V2?
20:28:34 <TheSnide> ssm: feeew. he's even glad. /me smiles :)
20:28:45 <ssm> It should probably  as the normal pages
20:28:52 <ssm> …look the same as…
20:29:02 <TheSnide> templated
20:29:11 <TheSnide> cause for now it's static
20:29:37 <TheSnide> chteuchteu: did you look at how the templates works ?
20:32:52 <chteuchteu> That's a good idea!
20:33:04 <chteuchteu> I didn't checked for now, but it doesn't looks too complicated
20:33:15 <chteuchteu> Is there any documentation here about how it works?
20:33:31 <TheSnide> http://search.cpan.org/~wonko/HTML-Template-2.95/lib/HTML/Template.pm
20:34:42 <TheSnide> but basically it's a very simple templating engine.
20:35:38 <TheSnide> the fact that it is quite simple is a good thing IMHO.
20:36:00 <ssm> the simplest one would be to include the "head" page template to get the page to look right, and then just write html/css/js as normal for the page content.
20:36:07 <ssm> I think...
20:36:24 <TheSnide> ssm: just reuse a existing template, yes.
20:36:55 <ssm> isn't https://github.com/munin-monitoring/munin/blob/devel/master/www/munin-dynazoom.tmpl used?
20:37:00 <TheSnide> nope.
20:37:29 <TheSnide> it should. but isn't. i don't remember why. maybe just lazyness from me.
20:37:58 <chteuchteu> Shouldn't it be deleted if not used then?
20:38:05 <ssm> or moved to a branch
20:38:06 <chteuchteu> Thank you for the link! :)
20:38:13 <chteuchteu> Yep
20:38:37 <TheSnide> chteuchteu: i do agree to "delete if not used".
20:38:56 <TheSnide> ... as with git it isn't lost forever
20:39:42 <chteuchteu> Haha just found a Google Plus post from TheSnide, that was a very old prototype of mine about a new Munin interface :P https://plus.google.com/+SteveSchnepp/posts/dcqdK6Woz7Y
20:39:49 <chteuchteu> (sorry for the off-topic...)
20:40:48 <TheSnide> yup.
20:41:27 <TheSnide> 1.5y != very old.
20:41:35 <TheSnide> ... well not in #munin time
20:41:38 <chteuchteu> It is for my in my contribution scale :P
20:42:06 <TheSnide> but the JSON API is here now.
20:42:37 <chteuchteu> OK so I'll work on the dynazoom page and give some feedback here! (screenshots)
20:42:37 <TheSnide> as in http://demo.munin-monitoring.org/munin/munin-monitoring.org/demo.munin-monitoring.org.json
20:43:00 <TheSnide> chteuchteu: as i said before, just create as many PR as you want.
20:43:54 <chteuchteu> I will!
20:44:26 <chteuchteu> Wait - in the SERVICES node, the "NAME" attribute has a null value
20:44:33 <TheSnide> (sidenote... the JSON api is randomly ordering the struct each call... just keep hitting refresh and enjoy!)
20:44:36 <chteuchteu> Isn't this the source of the issue I posted today?
20:45:08 <chteuchteu> (issue is https://github.com/munin-monitoring/munin/issues/332)
20:45:32 <TheSnide> oh, ALT not filled ?
20:45:46 <chteuchteu> Yes
20:46:07 <chteuchteu> The alt should contain the plugin's pretty name
20:48:17 <TheSnide> ssm: i created a new label for bugs "component: cgi-rewrite"
20:49:06 <TheSnide> ssm: it's obviously for bugs that were introduced by the whole cgi-sql rewrite;
20:49:32 <chteuchteu> Should I mention this as a comment in the issue on GitHub?
20:49:52 <TheSnide> nah, it's obvious enough
20:49:57 <chteuchteu> Ok :)
20:50:02 <TheSnide> ok, about the meeting... anything more to add ?
20:50:18 <ssm> yup
20:50:19 <chteuchteu> Nothing for me :)
20:50:26 <TheSnide> oh... sss, what about Buildpm ?
20:51:05 <TheSnide> ssm: go ahead
20:52:02 <ssm> first, we need some input sanitation, or html escaping, for graph_category, and other plugin attributes that are rendered on the web page.  "graph_category <script>alert("foo")</script>" works in a plugin, and an alert pops up on the web interface.
20:52:51 * ssm played with graph_category after a question just before the meeting
20:53:30 <TheSnide> ssm: html escaping seems much better to me than input sanitation.
20:54:01 * ssm would like both, but html escaping is probably a good first step
20:54:18 <TheSnide> ssm: i mean, i don't want to mangle user data, unless it isn't spec-ok.
20:55:13 <ssm> just make sure it is de-fanged?
20:55:21 <TheSnide> de-fanged ?
20:55:57 <ssm> old idiom. "fangs removed" → "venomous snake no longer dangerous to handle"
20:56:02 <TheSnide> graph_category <script>alert("foo")</script> <---- this should write <script>alert("foo")</script> in the web page
20:56:07 <ssm> yes
20:56:12 <TheSnide> i mean, the user should see <script>alert("foo")</script>
20:56:26 <TheSnide> the html code is left as exercise to the reader
20:57:06 <chteuchteu> Yes, if special chars (<) are translated to their HTML equivalent (&lt;), that would be perfect and won't be interpreted as JS client-side
20:57:07 <ssm> HTML::Template has an "escape" attribute
20:57:15 <TheSnide> [a-Z0-9_-] --> HTML entities.
20:57:16 <ssm> which will do that for variables
20:57:31 <TheSnide> [^a-Z0-9_-] --> HTML entities.
20:57:34 <ssm> search for "escape" at http://search.cpan.org/~wonko/HTML-Template-2.95/lib/HTML/Template.pm
20:58:03 <TheSnide> ssm: reusing some escaping code from HTML::Template seem a very valid strategy to me.
20:58:40 <ssm> <TMPL_VAR FOO> → <TMPL_VAR FOO ESCAPE=HTML> in the templates
20:58:54 <TheSnide> +1
21:01:32 * TheSnide thinks of many valid usecases for that buggy behavior :)
21:02:40 <ssm> regarding "build refactoring", it is where I left it in early December.  Perl module and most commands / perl scripts are handled by Build.PM.  @@MACROS@@ mostly removed, but have not renamed .in files yet.   Makefile rewritten from scratch, will re-add things as they are needed to build and support development.
21:03:01 <TheSnide> #agreed reusing escaping code from HTML::Template to avoid "graph_category <script>alert("foo")</script>"
21:03:09 <ssm> Looking forward to start working on that this week and the next.
21:03:27 <TheSnide> ssm: sounds like a plan.
21:03:58 <TheSnide> ... i'll be looking at a homebrew formula closely, since I'll need one next week.
21:04:06 <ssm> Found an interesting bug when building on a case insensitive file system, re "build" directory, and "Build" script generated from Build.PL :)
21:04:22 <TheSnide> case insensitive file system <-- OSX ?
21:04:25 <ssm> yup
21:04:37 <TheSnide> "you case insensitive clod" ! :D
21:04:47 <ssm> :P
21:05:12 <kjetilho> ssm: dind't you see Linus' rant about that (and its Unicode normalisation)?
21:05:29 <TheSnide> kjetilho: that's what i meant :D
21:05:38 <ssm> WTF-8?
21:05:49 <TheSnide> lol
21:06:11 <kjetilho> TheSnide: ah :)  (I didn't memorise it ;)
21:07:02 <ssm> kjetilho: http://www.itworld.com/article/2868393/linus-torvalds-apples-hfs-is-probably-the-worst-file-system-ever.html ?
21:07:05 * ssm will read that
21:07:32 <TheSnide> kjetilho: he didn't say that AFAIK. but it felt appropriate.
21:07:49 <kjetilho> yeah, or the direct source. https://plus.google.com/+JunioCHamano/posts/1Bpaj3e3Rru
21:10:01 <kjetilho> whoa, one of the comments in the thread: "Probably because of some original AZERTY screw-up, many French people (wrongly) think uppercase characters should not have accents. Microsoft Word has a special toggle so let each user pick his favorite side. Now I wonder which side HFS picked...?"
21:10:42 <kjetilho> ah, I misread, s/I wonder/guess/.  not necessarily so bad, then.
21:10:55 <kjetilho> but I'll shut up with my off-topic links :)
21:12:32 <TheSnide> kjetilho: actually, it's both officialy accepted. uppercase characters with or without accent. but accented uppercase is considered much more "pure" :)
21:13:47 * ssm has nothing more for the meeting
21:16:00 <chteuchteu> Nothing more neither :)
21:18:22 <TheSnide> ok, thx all
21:18:28 <TheSnide> see you next week
21:18:34 <TheSnide> #endmeeting