[01:30] <hhyhqyq> .
[01:38] <greg-g> jrwren: Acer B243PWL
[03:05] <_stink__> rick_h_: you implemented your own sessions in bookie, right?  didn't use some other session package?  looking at code now.
[03:13] <rick_h_> _stink__: well it's in pyramid
[03:13] <rick_h_> look for 'remember'
[03:14] <rick_h_> _stink__: in views/auth.py
[03:14] <_stink__> ok yep, just saw that
[03:14] <_stink__> trying to digest
[03:14] <_stink__> thanks
[03:15] <_stink__> so that tells the browser to set a cookie for itself
[03:15] <rick_h_> _stink__: rgr, adds it to the header
[03:16] <rick_h_> _stink__: but yea, farmed out to pyramid security
[03:17] <_stink__> and ReqAuthorize is what checks for good credentials for whatever view callable needs it?
[03:17] <rick_h_> well, request.username is populated by parsing out the header and finding who the user is
[03:18] <rick_h_> look in bookie/views/auth.py:
[03:18] <rick_h_> errr from bookie.lib.access import RequestWithUserAttribute
[03:19] <rick_h_> that thing reads the user back out of the encrypted header, and then the lib/access.py uses a bunch of stuff to figure out if a user is auth'd or not for the given request
[03:19] <rick_h_> e.g. your header can't authorize you to delete another user's account
[03:26] <_stink__> rick_h_: silly question - how can i tell from the code that the headers sent back (generated by remember(), i think) are encrypted?  i just don't see that in the code.
[03:26] <_stink__> i mean i obviously believe you just don't see it to understand it.
[03:26] <rick_h_> _stink__: so that's pyramid's job and the type of security you use in that. There's a key in the .ini file you use that is the key
[03:26] <rick_h_> auth.secret=PLEASECHANGEME
[03:28] <rick_h_> http://docs.pylonsproject.org/projects/pyramid/en/1.5-branch/quick_tutorial/authentication.html?highlight=remember%20secret
[03:28] <rick_h_> _stink__: see the auth policy setup in the bookie/__init__.py
[03:28] <rick_h_> http://docs.pylonsproject.org/projects/pyramid/en/1.5-branch/quick_tutorial/authentication.html?highlight=remember%20secret
[03:28] <rick_h_> errr crap
[03:28] <rick_h_> from pyramid.authentication import AuthTktAuthenticationPolicy
[03:28] <rick_h_> from pyramid.authorization import ACLAuthorizationPolicy
[03:28] <_stink__> ahhhhhhh great
[03:28] <_stink__> ok thanks so much
[03:29] <rick_h_> _stink__: np, thanks for the refresher :) but yea that built in code takes in the secret and uses it to encrypt so that only the server can decrypt
[03:29] <rick_h_> so obiously don't let that get out or people can build their own valid remember headers
[03:29] <_stink__> ok cool.  and nothing special about this for API vs. plain old web session use, right?
[03:29] <_stink__> i mean they look the same.
[03:30] <rick_h_> _stink__: yea, just I don't use it to store data really
[03:30] <_stink__> right ok
[03:30] <_stink__> just valid or not
[03:30] <rick_h_> so I've not messed with trying to keep track of extra stuff, it's either "You're a good person" or not
[03:30] <_stink__> haha
[03:38] <_stink__> wow this is a puzzle of many parts
[03:39] <rick_h_> _stink__: yea, I had to think a bit to get it figured out again
[03:39] <rick_h_> it's the kind of thing you setup once and then don't look at again for a while
[03:39] <rick_h_> but be careful, bookie is part pyramid, part custom
[03:39] <_stink__> yeah i needed an example badly
[03:39] <rick_h_> so not sure it's the best overall example
[03:39] <_stink__> that's ok
[03:39] <rick_h_> but it does work :/
[03:39] <_stink__> hah
[03:40]  * rick_h_ wishes he could rewrite all his code every year to avoid that 'oh wtf was that...hmmm years ago' stuff
[03:40] <_stink__> i see that the configurator is told to use RequestWithUserAttribute as request factory.  but i can't tell why user() in RequestWithUserAttribute gets called.
[03:40] <_stink__> i think if i understand that i will be in a good place.
[03:40] <rick_h_> looking
[03:41] <rick_h_> oh! ok, easy. It's that @reify decorator
[03:41] <_stink__> does that mean it gets run on instance init and substituted right away?
[03:41] <rick_h_> it's a caching decorator that turns request.user into a call to user() at first, and then the cached value after that
[03:41] <_stink__> i can't see how user() gets called at all.
[03:41] <rick_h_> so anywhere you see request.user, it's hiting that once and then remembering it after that
[03:42] <_stink__> OH
[03:42] <_stink__> ok
[03:42] <_stink__> the attribute is enough
[03:42] <_stink__> fantastic
[03:42] <_stink__> an explicit call to the method isn't needed
[03:42] <rick_h_> https://github.com/Pylons/pyramid/blob/master/pyramid/decorator.py#L1
[03:42] <rick_h_> yea
[03:42] <_stink__> haha, have that one open already
[03:43] <rick_h_> it's catching the __get__ (which is called when you do obj.property
[03:43] <_stink__> smart.  love it.
[03:45] <_stink__> ok, now to sleep and let this soak in.
[03:45] <_stink__> thanks again.
[03:46] <rick_h_> _stink__: cool, let me know if you need a hand or second set of eyes on some code
[14:26] <rick_h_> morning
[15:08] <cmaloney> Morning
[15:13] <rick_h_> cmaloney: added a show notes doc in the lococast folder fyi
[15:13] <rick_h_> cmaloney: sent the link to chris
[15:23] <cmaloney> Woo woo
[15:23] <cmaloney> We need more people bitching about OSS
[15:23] <cmaloney> Then we can sell ads and make BIG INTERNET MONEY
[15:31] <rick_h_> bwuhahahaha
[15:31] <rick_h_> cmaloney: did you listen to the last "In Beta" had some good OSS complaining :)
[15:32] <cmaloney> I haven't yet.
[19:15] <jrwren> omg, watching my wife and 6yo play super mario wii is hilarious! its a laurel and hardy routine
[19:15] <jrwren> i think i stopped listening to "In Beta" because of low signal to noise
[19:15] <cmaloney> jrwren: You have a Wii or Wii U?
[19:16] <jrwren> old wii
[19:16] <cmaloney> (We have the Wii too)
[19:16] <jrwren> you know how cheap i am, right? :)
[19:17] <cmaloney> I'd send you my friend code but it's not like it does much. :)
[19:17] <cmaloney> bbl
[19:21] <jrwren> right.
[19:21] <jrwren> i've never really used wii network internet or anything
[19:21] <jrwren> i actually forgot that it even had a net connection until someone mentioned it recently.
[20:36] <greg-g> rick_h_: what 2-3 sentences of info should I know before I buy a cross cut saw (I honestly only have a coping saw, actually two)
[20:36] <greg-g> huh, looked up saws on wikipedia, got this USDA Forest Service book: http://www.fhwa.dot.gov/environment/recreational_trails/publications/fs_publications/04232822/toc.cfm
[20:46] <rick_h_> greg-g: you should know the size of the material you're cutting. Are you using bench hooks for cutting. Larger is easier to keep cuts straight and level. I use http://www.badaxetoolworks.com/16-inch-large-tenon-back-saw.html
[22:19] <cmaloney> http://www.joyent.com/blog/the-power-of-a-pronoun
[22:19] <cmaloney> I think we're going to have a lot of fodder for tomorrow.
[22:25] <rick_h_> heh, I'm staying away from it
[22:25] <rick_h_> I'll only get into trouble
[22:29] <cmaloney> Now I'm really going to bring it up. ;)
[22:31] <jrwren> during our meeting?
[22:54] <cmaloney> During lococast.
[23:46] <rick_h_> I really like this thing http://antirez.com/news/64 and I asked Erica about it and my wife has set me straight