[12:23] thanks gmb. fwiw i had tried using person_logged_in and got other issues. i'll have a look at your branch. [12:26] gmb: my problem was i tried using person_logged_in and then passing the principal to create_initialized_view -- you must do both [12:37] bac, feature_flag issue is dealt with? danilos has OCR today, so if you are close to working on the client branch, we should maybe plan for a handoff on danilos' current task, at least if he is not finished by his EoD [12:41] gary_poster, hi, I hope I'll get this done before our meeting even with OCR [12:41] cool danilos, np then [12:43] gary_poster: yes, i understand now how to get the tests working. it is now a matter of replicating them across pillars [12:43] bac, awesome [12:43] several hours work, at least [12:43] bac, is there anything that we can share? [12:43] gary_poster: may be more trouble than worth [12:44] ok bac. Please keep it in mind in case you discover something that might change your mind [12:44] will do [12:44] cool [12:59] bac: Glad I could help. [13:16] benji, fwiw added another card to FW 2 that you can move to when done with your current bug [13:16] probably should be fixed before merging [13:16] k [13:16] I might take it myself if I get to it [13:28] bac, benji, danilos, gmb, mumble/kanban in 2 [13:28] ok [13:28] ack [13:29] someone, what is the easy way to get a url to an object in a differnt pillar than the one you are in now? There must be an easy way, and I may even have known it at some point... [13:30] gary_poster: You mean a different rootsite? (e.g. code, bugs, answers, etc.) [13:31] gary_poster: e.g. return urlappend(canonical_url(self.context, rootsite='feeds'), [13:44] thanks, gmb, btw [13:44] for answer :-) [13:44] np [13:54] "subscribe to bug mail" link on lp.dev/firefox has stopped working for me with latest accordionoverlay branch [13:54] is this known or not? [13:56] danilos: you need to turn on feature flag. one sec, will get detail... [13:56] aah [13:57] benji, I think that bug is just adding "escape" into a magic point within "render_filter_name" yeah? [13:57] advanced-structural-subscriptions.enabled default 10 on [13:57] danilos ^ [13:57] https://launchpad.dev/+feature-rules [13:57] gary_poster: yep; I bet http://developer.yahoo.com/yui/3/api/Escape.html will work [13:58] foo.bar@canonical.com has privs [13:58] gary_poster, cool, thanks [13:58] danilos, np [13:58] benji, cool. I wonder what the diff between that and javascript escape is [13:58] but anyway [13:58] run with the YUI version :-) [13:59] actually, Gavin just noted on a related bug (740096) that using Y.Node instead of strings of HTML would fix/avoid this class of problem, so I'm going to try that [14:00] ah cool [14:01] bug 740096 [14:01] oh mup, you're never there when I want you [14:01] xss vulnerability in new bug subscription overlay; https://bugs.launchpad.net/launchpad/+bug/740640 [14:01] oops, wrong one [14:01] when updating a code build recipe json returned isn't escaped; https://bugs.launchpad.net/launchpad/+bug/740096 [14:03] yeah, thank you. https://launchpad.net/bugs/BUG_NUMBER is almost but not quite as fast as mup. [14:06] I have a Firefox bookmarklet that lets me type "bug NUMBER" and it takes me to the bug. [14:13] ah, nicer [14:14] chrome really is noticeably faster for me though. :-/ FF 4 is better but still there's an appreciable difference. [14:14] as an aside about FF :-) [14:30] gary_poster: the XSS bug is a bit bigger than just description; it could come from any of the values (if we allow HTML-like values in those fields); should I just do description now and file another bug to determine the scope of the problem/fix the others? [14:31] benji, fix that bug, land a branch so I can adjust my code to deal with the change :-P , and add a new card for the other fields and start on that. [14:31] no need for a bug IMO [14:31] cool [14:31] lemme know when it is landed please [14:32] k [14:38] gary_poster: got a sec? [14:38] sure bac [14:39] gary_poster: mumbe [14:39] l [14:46] gary_poster: the XSS problem is even deeper than that, I believe this is really a bug in lazr.restful; investigating now. I've tried to come up with a hacky solution but can't think of one. On the other hand, the only change we should have to make to the branch is to use a newer lazr.restful once I fix this. [14:49] benji, sounds scary in terms of backwards compatibility [14:49] gary_poster: I take it back; the bug is definately in LP; I think I can have a fix shortly. [14:49] cool [14:49] bac, this is interesting from LEP: [14:49] bdmurray: gary_poster: looking again I think bug supervisors can structurally subscribe to distro bugs if a bug supervisor is set [14:49] bdmurray: gary_poster: at least that is the way it was when I wrote it [14:49] gary_poster: bdmurray, oh? I'm afraid I'm not even sure how bug supervisors fit into it [14:49] bdmurray: gary_poster: its only for distributions with bug supervisors set that structural subscriptions are restricted for and they are restricted to the members of the bug supervisor team [14:50] bac, so it seems that distributions do not generically enable this functionality, but it is enabled selectively for certain users [14:51] if you need more details we will probably have to turn to a bugs team expert [14:51] gary_poster: then we may be in good shape, sort of [14:51] ok cool [14:51] that explains why i don't see it on the bug page [14:51] it'll take some finagling to get it to show up properly on the overview page under those conditions [14:51] ok [15:07] * gary_poster has landed two small branches to ~yellow. I'd like to make another small change, but that will wait for the XSS work. [15:30] bac, did you want me to help? [15:30] gary_poster: i do. sorry for the delay. [15:30] np [15:34] If you are doing a punchlist item that is supposed to go into the mongo branch and therefore not go through the usual review/landing process, please feel free to use the new "completed punchlist items" column [15:34] I should have added that sooner; I forget how mutable the kanban board is [15:34] ok, I need a consult; I must be doing something wrong with 740640. What's happening is that the JSON representation of the bug filters is inserted into a script tag at the bottom of the page. If the description contains then bad things are done... [15:34] We'll remove those as soon as we land the mongo branches [15:35] ...I expected wrapping the JSON in a CDATA and/or HTML comment would fix that, but it doesn't. [15:35] ok, first thought [15:35] An we can't just escape the whole string because that will lead to HTML-escaped data getting into the DB (not the right thing to do). [15:36] we should disallow funky characters in the names [15:36] we do that elsewhere AFAIK [15:36] and should do it here for simplicity [15:36] that seems to solve the problem quickly and reasonably [15:38] gary_poster: yeah, it's reasonable for the short term, but I feel bad leaving it this way in general; we're going to keep getting outselves into this situation and there seems to be a central place to fix it [15:38] I wonder if the policy is the right way to fix it thoug [15:38] h [15:38] you bring up good concerns about escaping [15:39] I suppose you could say lazr.restful escapes on the way out and unescapes coming back in [15:39] but that's going to be pretty hairy to incorporate is my guess [15:39] because nothing expexts the unescaping ATM [15:39] expects [15:39] even if this were isolated to just the JS bits [15:40] right; I have a strong gut feeling that there is a right way to do this that won't affect existing code, but I don't know what it is right now [15:41] I don't see it either. Other problematic variations: [15:42] regarding disallowing funky characters: it seems to me that we need to do that at PATCH time, not in the JS (otherwise people can use the web service directly to inject their XSS attack) [15:42] lazr.restful (or whatever machinery does this thing for the response cache) pukes if it gets a string that is not safe to put in the browser, unless there is some gesture to escape it. [15:42] disallowing funky characters: this needs to be in the server [15:43] and then needs validation on the clientside of a similar sort to the thing that we need for tags [15:44] so I agree, the only thing in the JS is code to make the error friendly [15:44] disallowing funky characters happens in the DB for tags, I've heard [15:45] Going that deep is appropriate here too if there is precedence, in fact [15:45] Also note that we only render to the page what the server gives us. When we do a patch, the server gives us back the new representation, and that's what we render [15:46] How much time pressure are we under for this fix? I don't think adding a "be sure strings are browser-safe" to lazr.restful is the right thing to do, but don't know how long it will take to figure out the right thing. [15:46] yeah, doing tag-like, DB-level string safety checks might be the best short term thing we can do [15:47] benji, yes. This is what I'd like: [15:47] 1) DB-level string safety checks [15:47] 2) JS-level friendliness about it all [15:48] gary_poster: email sent [15:48] with tasks. let me know if it doesn't make sense [15:48] 3) A bug about the larger problem, if you like. As I said, my current feeling is that the answer is to typically not allow XSS-type charecters in fields. I suppose lazr.restful could try to enforce that, but I don't love it [15:48] benji, done. [15:48] bac, thanks, will read. [15:49] gary_poster: sounds good; I'll work on 1 and 2 now (well, and after lunch) [15:49] benji, cool [15:58] bac, gary_poster: error handling being pushed right now [15:59] bac, gary_poster: and now done, it should be in ~yellow/launchpad/accordionoverlay [16:02] danilos: great [16:02] awesome danilos, thanks [16:11] gary_poster: ping me before you tackle any of those items [16:11] bac, will do. Branch is built now, and I'm wrapping something else up. I might have questions for you in just a sec (though if you are going to lunch np) [16:11] eating in [16:12] k [16:15] (pushed another small branch) [16:16] gary_poster, I am looking into lowercase tags stuff, should I switch to something else to help out instead? [16:17] danilos, you have about 1:45 left, yeah? [16:17] or just :45? [16:17] gary_poster, something like 1h, yeah, but all of tomorrow morning as well :) [16:18] danilos, heh, sure. weellll...benji, you around, by chance? [16:18] gary_poster, there are also small bits like "Unsubscribe" not showing any progress UI and things like that [16:19] danilos, please add cards for stuff you see like that [16:19] gary_poster, right, I'll do that [16:19] gary_poster: kinda ;) [16:19] benji :-) is there anything danilos can do for your task, or should he and I find something else? [16:20] gary_poster: well, now that we've identified a course of action, he could persue it; I haven't yet done much discovery on how the tag spellings are enforced [16:22] ack benji. I'll give danilos some options and I'll include that as one of 'em. I'll let you know on the kanban board and here and stuff. Thanks [16:22] k [16:22] * benji returns to making patty melts. [16:22] :-) [16:23] So, danilos, here are good cards [16:23] 740640, FW 2. Task is to enforce no-scary-XSS-characters in the DB, and figure out a pretty way to display that [16:23] That fits in nicely with the tags one [16:23] because they are pretty similar [16:24] So you could take those two [16:24] Or... [16:24] You could take 739141 in Quick Jobs [16:24] Or... [16:25] you could take one of the two bottom cards in FW 1: [16:25] Team subscriptions should support a personal opt-out feature, exposed on edit page and unsub-in-anger page [16:25] or [16:25] gary_poster: r=me with a couple of tweaks. [16:25] \0\ [16:25] Hah. [16:25] It was so hard to review I broke my arm. [16:25] I thought it was [gmb covers his ears in pain] [16:25] :-) [16:25] :) [16:25] great thanks gmb! [16:25] np [16:25] danilos: last one: Structural subscription edit/delete page should also allow adds [16:26] I'm going to go and get a very large cup of tea now. [16:26] re 740640, "enforce no-scary-XSS-chars in the DB" means basically entire 740640? [16:26] * gmb knows this was just a warm up for the client-side work. [16:26] gmb, :-) [16:27] danilos, I don't understand question. 740640 means minimally the DB stuff, and I'd like to include JS-prettification too (of a similar sort to the tag approach, whatever that will be). [16:29] gary_poster, right, so my question is: should I consider it a single task, or two separate tasks? [16:30] danilos, ok. up to you. I won't consider it done (i.e., something we can forget about) until both aspects are done, but we can arrange that a variety of ways. [16:31] gary_poster, right, sounds good [16:31] benji, so it's ok to take the card away from you? :) [16:31] cool, danilos. benji is mking patty melts, don't bother him, it's a dangerous operation. ;-) He volunteered the idea, so I think it's alright [16:32] heh, ok [16:32] * benji runs away from the melted cheese explosion. [16:33] :-) [16:45] gary_poster, oh, on the topic of JS prettification, I don't really see what needs doing if we just want to escape stuff so it works [16:45] (works == avoids XSS) [16:47] danilos, here's the story. it's just like with tags. Let's say I want to make a name that has some unacceptable characters in it (e.g., "importance >= high") [16:47] should we communicate that nicely? [16:48] or will your new error handling be nice enough that everything will just work? I suspect that the error communication might need work, but maybe not [16:48] gary_poster, so do we have a rule that some characters are unacceptable? in cases like this (XSS attack protection), that's best done with a white list, but white listing means we also stop people from using all alphabets of the world [16:50] danilos, if I were doing it, I probably would have done it with a blacklist, excluding characters that are escaped for HTML. I agree that a whitelist would be safer. What do you think? [16:52] gary_poster, well, I wouldn't "exclude" anything, I'd just escape it where appropriate so it never gets executed; I agree that's the least safe of the options (iow, it's easiest to break it), but it does have the benefit of allowing people to have subscriptions named "" if they want to, which would make it much easier to filter on than say just "important" [16:52] gary_poster, or, your example [16:54] danilos, the problem is that the values are dumped into the page by lazr.restful with automation. Changing that behavior is not something that I want to commission right now. [16:54] Moreover, we have multiple examples of precedence in LP for this exclusion pattern [16:55] gary_poster, oh, that does sound sucky... [16:56] gary_poster, and did you mean a precedent? [16:56] yeah danilos. ...I actually don't know for sure if I can use precedence in that way :-P [16:57] I could have said "multiple precidents" I guess :-) [16:57] heh, yeah [16:57] precedents [16:57] presidents! [16:57] oh, we've got Putin in Belgrade today, it was a mess getting around the city, half of the streets closed [16:57] oh, I bet [16:58] just like it was 6 months ago when we had Hilary Clinton [16:58] it's especially nice since my office is right across the street from the national parliament [16:58] anywaaay [16:58] I guess it makes sense that she would get similar treatment [16:59] secretary of state is pretty high up [16:59] but not as much as pres, of course [16:59] Putin is a prime minister now, I think [17:00] though, not really sure what to do with the XSS stuff; so, basically, your suggestion is to *disallow* all HTML code and alert user of the fact? [17:00] yeah [17:00] just like with tags [17:03] gary_poster: https://bugs.launchpad.net/launchpad/+bug/412178 [17:03] <_mup_> Bug #412178: Link to subscribe to a project group's bugmail should be on the bugs facet < https://launchpad.net/bugs/412178 > [17:04] bac, so yay? [17:05] gary_poster: there is discussion in the bug about where to put the link [17:05] ah, k [17:05] it is confusing b/c someone put it there anyway: https://bugs.launchpad.net/bazaar [17:05] it is in an odd place [17:05] if i can make it work, i'll just keep it in the same odd place for now [17:06] * benji looks at the board for another task. [17:07] Oh, I was supposed to talk to Leonard again, I'll do that first. [17:07] benji, ok, then see the list of things I offered to danilos [17:07] k [17:08] Team subscriptions should support a personal opt-out feature, exposed on edit page and unsub-in-anger page is a good one, and... [17:08] Structural subscription edit/delete page should also allow adds [17:09] bac, putting it in a non-weird place is harder? I.e., like the main page? [17:09] Or just needs more thinking? [17:09] gary_poster: more thinking. probably should just create an actions portlet like other pages [17:10] but, that's the kind of thing that would possibly give curtis fits -- hard to tell [17:10] bac, actions portlet seemed like a reasonable/"obvious" solution to me. Maybe give Curtis the option, then? [17:10] we are on team lead call right now [17:11] and he is leader [17:11] ok [17:11] gary_poster: if i can make it work in the current place i'd like to defer any redesign until all other pillars work [17:11] bac, ok, will defer to you. [17:14] bac, I tried to look at the tests; I didn't quite understand how to do them yet, but I only stared at them briefly. I've had a lot of interruptions, and now I want to get the small changes to the server branch done and sent to ec2 (where I suspect there will be problems) after the team lead call before I restart trying to share the task with you. [17:35] gary_poster: unless you have another preference, I'll pick 739141 back up [17:35] benji, cool [18:03] gmb, I don't understand your last comment, actually. You want a newline somewhere around [18:03] 601 + required=False)) [18:03] 602 + @call_with(subscribed_by=REQUEST_USER) [18:03] but that kind of export annotation is all over the file without newlines [18:03] and they all are pertinent to the method that eventually shows up [18:04] so I'm not even quite sure which newline is pertinent. [18:05] (i.e., before the @call_with line or after) [18:05] I'm guessing before [18:09] I'm taking a late lunch. Back in a abit [18:31] gary_poster: here are the changes required to support project groups: http://pastebin.ubuntu.com/584427/ [18:31] i've pushed them to lp:~bac/launchpad/yellow-accordionoverlay [18:44] gary_poster: Ah, I've made the mistake of thinking that the @call_with is the start of a new decorator stack for a new method. So ignore that. === Ursinha is now known as Ursinha-lunch [19:00] cool gmb thanks [19:02] how much of that is boilerplate, bac? [19:03] gary_poster: 68% [19:03] :-) [19:03] ok [19:03] project group is oh so special [19:03] just like everything else [19:03] heh [19:03] gary_poster: we have a problem with some of the "hand constructed" links [19:04] they are wrapped as a . i had to mark the as the menu link so that both the text and icon are clickable [19:04] Ah I think I understand. [19:04] but in doing so, the js-action class is not being properly displayed as green [19:04] :-/ [19:04] can we change in CSS safely, or not so much? [19:05] i haven't looked yet. [19:05] k [19:06] gary_poster: i am going to work on productseries [19:08] ok [19:32] benji, I'd like to delegate to you :-P . On the team lead call, in the context of anoter XSS problem, I mentioned the issues you unearthed about lazr.restful and XSS. Francis asked me to write an email about the issues to start a conversation about the lazr.restful aspects of this. (Other people may be bringing up XSS but with a different focus.) [19:32] I think you'd be a better person to write that email, to be sent to launchpad-dev. Ideally it would be done before next Wednesday. You up for that? If so, I'll add a "quick job" card. [19:33] gary_poster: yep, sounds good [19:33] cool thank you [19:33] with any luck my pending_notifications will have figured it out by then [19:37] heh; pending_notifications was supposed to be my subconscious; maybe that means something [19:49] lol [19:50] bac, I am going to try distributionsourcepackage for lack of any better ideas [19:51] ok === Ursinha-lunch is now known as Ursinha [20:18] bac, is there a reason why you did """def xsubscribe(self):" instead of deleting the subscribe method? [20:18] Or, when should I do that? [20:18] gary_poster: debug issue. merge again [20:18] bac, ack thanks [20:22] gary_poster: i've hit a snag testing product series [20:23] it was done very similarly to the others. but in the page template the feature flag is never set. vexing. [20:23] :-/ [20:27] bac, I'd help if I could. If I get to the end of mine and you are still stuck I'll stare at it with you. [20:28] deal [20:40] bac, I have three menus that I changed in the code to conditionally show the new add form, but I can only find two of them throught the UI. Do you have any strategies to know what is being added where? [20:40] gary_poster: three? what are they? [20:40] usually there is just an overview menu and a bugs menu [20:41] DistributionSourcePackageOverviewMenu [20:41] DistributionSourcePackageBugsMenu [20:41] DistributionSourcePackageActionMenu [20:41] all three of them had "subscribe" [20:41] I guess I grep for the associated interfaces... [20:42] ok maybe not [20:43] gary_poster: congratulations. it looks like you found a non-standard one too! [20:43] :-) [20:45] gary_poster: a quick glance makes me think DistributionSourcePackageActionMenu and Bugs are the two you want [20:46] the OverviewMenu one is a NavigationMenu not an ApplicationMenu [20:46] bac, I have no clue about this stuff, but OverviewMenu had "subscribe" in it too... [20:46] not that it means anything [20:47] gary_poster: yeah, i see it [20:47] I don't know what the practical diff is between Nav menu and App menu [20:47] gary_poster: but looking at https://launchpad.net/ubuntu/+source/live-boot i don't see anything to do with that menu [20:47] This may be my first exposure to the menu system, in fact [20:47] other than believing that I've heard Curtis did it [20:50] gary_poster: the one you aren't using is used for the links following "This package has" [20:50] it should not have a subscribe link in it, i'll bet [20:51] gary_poster: does tal:condition="python:" do shortcutting? [20:51] can i do tal:condition="python: False and something_that_doesnot_exist" [20:51] yes, I am pretty sure so, bac [20:51] hmm [20:51] i would've thought so too [20:51] course you should also be able to do [20:52] tal:condition="something_that_doesnot_exist|nothing" [20:52] sure [20:52] shortcutting is not working? [20:52] i actually have another condition that i replaced with False for the example [20:52] gotcha [20:53] bac, you said, "the one you aren't using is used for the links following "This package has"". Teaching me to fish, how did you determine that? [20:53] by looking at the links it defined and then scouring the page template [20:54] heh [20:54] the template or the rendered version? [20:54] it is the one called view/overview. the other's use is hidden behind the @@/global-actions [20:54] it is WAY more confusing than is sane [20:55] menuing is so complicate that i can't ferret out the essential bits from the stuff there only to drive you crazy [20:56] i looked at the actual page template [20:56] gotcha [21:03] so I should try removing subscribe entirely and see what happens, maybe from DistributionSourcePackageActionMenu? No, that's the one that's used on the right of the main page. Ah, no it isn't, I see, it is registered against the view, and that's the view/menu you were talking about in the template! [21:03] ok...trying to understand where the overview is used now... [21:03] (So, yes, I think I should remove it from the ActionMenu, as you suggested initially) [21:04] argh! [21:04] except that doesn't make any sense! [21:05] the template is using open_questions and new_bugs for view:menu [21:05] oh, which are available off of DistributionSourcePackageLinksMixin, which is in fact mixed in... [21:06] so maybe the entire links collection on DistributionSourcePackageActionMenu is a red herring? [21:06] :-( [21:08] maybe used by ../templates/distributionsourcepackage-portlet-pub-details.pt ? [21:08] trying [21:09] no [21:09] I'm starting to think that all of the code on that menu class is a red herring [21:10] and the only thing it needs is the mixin and the interface declarations. Going to try it [21:12] nope, that removes it from the right hand side :-/ [21:21] gary_poster: :( [21:21] sorry, i wasn't following along at home. looks entertaining, though [21:21] so in my tests, if i get a view and render it to html and then print the html, i always see: [21:22] Features: {'malone.advanced-structural-subscriptions.enabled': None} [21:22] regardless of the state of the feature flag i've set. [21:22] i find this highly disconcerting [21:23] np. experimentation has proved that (1) DistributionSourcePackageActionMenu's subscribe menu option is the one that is rendered for the overview page; (2) deleting DistributionSourcePackageOverviewMenu's subscribe menu option does not break anything I can see; [21:23] (3) deleting *all* links from DistributionSourcePackageOverviewMenu's does break things; and (4) I don't know what's going on. [21:23] I'm going to try remove the other links that don't appear to be used in DistributionSourcePackageOverviewMenu. [21:24] well, on the bright side, for yours, you at least know that the feature flag is the problem, bac. I'd suspect a rogue request replacing the one you think you are using...or Something Else. Possibly alien in origin. [21:24] EXCEPT, the tests behave as expected but for two [21:25] :-/ [21:25] so even though the state is printed as None in the summary, the value appears to be correct when evaluated [21:25] figure that one out [21:26] * gary_poster whimpers [21:26] i wonder if that message is using the db feature flag value and not the one from the fixture? [21:26] how could that be? [21:26] it can't [21:26] * bac tests anyway [21:26] k, 'caue I dunno [21:26] s [21:31] for my mystery, I am changing DistributionSourcePackageOverviewMenu's links = ['subscribe', 'publishinghistory', 'edit', 'new_bugs', 'open_questions'] to links = ['new_bugs', 'open_questions']. That doesn't appear to change a darn thing. Then I only change two menus, as I'd expect. [21:32] and now for the tests... [21:33] gary, could you fix distributionsourcepackage-index.pt [21:34] it has malone.advanced-structural-subscriptions.enabled [21:34] no [21:34] ? [21:34] it has
tal:attributes="id string:pub${pubid}-container" /> [21:34] which is invalid html markup [21:34] div cannot be self-closing [21:34] safari just yelled at me [21:35] l [21:35] k [21:35] done [21:46] bac, if you have a second to glance over a diff, I will feel comfortable merging this. [21:46] http://pastebin.ubuntu.com/584506/ [21:46] I disabled two of the tests [21:46] Because distribution source packages do not have owners AFAICT [21:47] looks great gary [21:47] er, gary_poster [21:47] cool thanks bac [21:47] I am pinged by gary too [21:47] ok [21:48] thanks, will merge [21:48] gary_poster: are you merging to the yellow branch? [21:48] oh, right [21:48] there's that [21:48] what do you want to do? [21:48] gary_poster: why don't you push it and i'll merge into mine [21:49] ok [21:49] or we could make a new branch on ~yellow [21:49] just let me know [21:49] I suspect there will be a small conflict with your most recent changes; I'll merge that first [21:49] ok [21:49] I'm happy either way [21:50] ah, no, I was up-to-date [21:51] gary_poster: you should check this out from david siegel. it's a pretty nice reminder to get up and walk around [21:51] http://iamfutureproof.com/ [21:51] it shows i haven't taken a break in 2h29m [21:51] so, time for a lap around the yard [21:51] cool, bac, thanks! downloading [21:53] I pushed to lp:~yellow/launchpad/accordionoverlay-links bac [21:54] Then I did bzr pull --remember lp:~yellow/launchpad/accordionoverlay-links [21:54] so I'll pull from there from now on [21:54] bac, I'm sorry but I'm going to call it a day [21:55] I'll be ready to help out more tomorry morning [21:55] bye all