Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

[07:36:43 EDT(-0400)] * athena7 (n=athena7@lumina.its.yale.edu) has joined ##uportal
[09:16:43 EDT(-0400)] * anastasiac (n=team@142.150.154.105) has joined ##uportal
[09:52:00 EDT(-0400)] * michelled (n=team@142.150.154.197) has joined ##uportal
[09:57:11 EDT(-0400)] * EricDalquist (n=dalquist@bohemia.doit.wisc.edu) has joined ##uportal
[09:58:14 EDT(-0400)] * theclown (n=theclown@142.150.154.101) has joined ##uportal
[09:59:10 EDT(-0400)] * dstn (n=dstn@unaffiliated/dstn) has joined ##uportal
[10:25:53 EDT(-0400)] * colinclark (n=colin@142.150.154.101) has joined ##uportal
[11:35:25 EDT(-0400)] * anastasiac (n=team@142.150.154.105) has joined ##uportal
[11:50:08 EDT(-0400)] <athena7> EricDalquist: I think the Yale bookmarks portlet changes are mostly together
[11:50:16 EDT(-0400)] <EricDalquist> neat
[11:50:19 EDT(-0400)] <athena7> should i go ahead and commit them to the trunk?
[11:50:25 EDT(-0400)] <EricDalquist> sure
[11:50:50 EDT(-0400)] <athena7> ok
[11:51:04 EDT(-0400)] <athena7> do i need to update the portlet version in the pom.xml or anything?
[11:51:31 EDT(-0400)] <EricDalquist> it should be a -SNAPSHOT version in the trunk
[11:51:47 EDT(-0400)] <athena7> yeah, it is
[11:51:48 EDT(-0400)] <EricDalquist> so whenever the next release is cut the person doing so will update the version number for the release
[11:52:04 EDT(-0400)] <athena7> i just want to make sure nothing gets stepped on for the up3 release
[11:52:14 EDT(-0400)] <athena7> what's that pointing at?
[11:52:42 EDT(-0400)] * holdorph (n=holdorph@wsip-98-174-242-39.ph.ph.cox.net) has joined ##uportal
[11:53:02 EDT(-0400)] <EricDalquist> ah
[11:53:09 EDT(-0400)] <EricDalquist> no that is pointing to a released version
[11:53:13 EDT(-0400)] <athena7> ok, great
[11:53:23 EDT(-0400)] <EricDalquist> plus you would have to actually deploy it to the jasig maven repository
[11:53:24 EDT(-0400)] <athena7> i figured it probably was
[11:53:40 EDT(-0400)] <athena7> what would you get though if you'd been building the portlet locally?
[11:53:52 EDT(-0400)] <athena7> would the jasig version override it?
[11:54:08 EDT(-0400)] <EricDalquist> ah
[11:54:09 EDT(-0400)] <EricDalquist> no
[11:54:20 EDT(-0400)] <EricDalquist> in that case you could get the local version
[11:54:34 EDT(-0400)] <athena7> yeah
[11:54:37 EDT(-0400)] <EricDalquist> but that is also why the code that lives in SVN will always have a -SNAPSHOT suffix
[11:54:59 EDT(-0400)] <EricDalquist> and the repository is checked every day for new -SNAPSHOTs by maven
[11:54:59 EDT(-0400)] <athena7> (smile)
[11:55:02 EDT(-0400)] <athena7> yeah
[11:55:10 EDT(-0400)] <athena7> hard to get too broken
[11:55:15 EDT(-0400)] <EricDalquist> yup
[11:55:30 EDT(-0400)] <EricDalquist> as long as no-one makes changes to a tagged version
[11:56:29 EDT(-0400)] <EricDalquist> I realize you've already migrated but with our ugprade here we've been doing outage planning (we have to start a long way off) and were concerned with the import/export script speeds
[11:56:46 EDT(-0400)] <athena7> migrated what?
[11:56:52 EDT(-0400)] <EricDalquist> uPortal versions
[11:56:56 EDT(-0400)] <EricDalquist> well up to 2.6 for you
[11:57:01 EDT(-0400)] <athena7> ah
[11:57:02 EDT(-0400)] <athena7> yes
[11:57:02 EDT(-0400)] <EricDalquist> so this could help for 3.0 (smile)
[11:57:04 EDT(-0400)] <EricDalquist> to address it I think I've hacked up some CRN tasks that run sub-tasks in a thread pool
[11:57:07 EDT(-0400)] <athena7> yes, very much so
[11:57:15 EDT(-0400)] <athena7> we've yet to actually use the import/export tool in production
[11:57:25 EDT(-0400)] <athena7> sounds good
[11:57:36 EDT(-0400)] <athena7> i was a little worried about script running time as well
[11:57:48 EDT(-0400)] <athena7> although yale's just not that big of a school
[11:58:40 EDT(-0400)] <EricDalquist> how many people do you have in up_user ... if you happen to know
[11:59:24 EDT(-0400)] <athena7> no idea
[11:59:32 EDT(-0400)] <athena7> we've been running for a long time, so probably a lot
[11:59:43 EDT(-0400)] <athena7> but we don't have the student body size that you have
[12:00:02 EDT(-0400)] <EricDalquist> yeah, we're at about 120k right now
[12:00:16 EDT(-0400)] <EricDalquist> though we're looking into removing all the deactivated users before we migrate
[12:00:58 EDT(-0400)] <athena7> that makes sense
[12:01:19 EDT(-0400)] <athena7> looks like 27K
[12:11:41 EDT(-0400)] <EricDalquist> how not to write web applications: http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data.aspx
[12:21:01 EDT(-0400)] <dstn> eeek
[12:21:45 EDT(-0400)] <EricDalquist> yeah ... the app gives you pretty much direct SQL execution support, you don't even need to bother with anything fancy
[12:23:12 EDT(-0400)] <dstn> whhhhhhat the crap!!!!
[12:23:23 EDT(-0400)] <dstn> ?sqlString=
[12:23:25 EDT(-0400)] <dstn> ahahaha
[12:28:27 EDT(-0400)] <EricDalquist> yeah ...
[12:28:44 EDT(-0400)] <EricDalquist> for more fun ... go to google and search for:
[12:28:45 EDT(-0400)] <EricDalquist> inurl:SELECT inurl:FROM inurl:WHERE
[12:28:58 EDT(-0400)] <EricDalquist> you have to go down a ways before you start finding them .... but they are there
[12:29:00 EDT(-0400)] <EricDalquist> lots of them
[12:29:17 EDT(-0400)] <EricDalquist> I found one that was a US CoastGaurd Auxillary Q&A site
[12:34:41 EDT(-0400)] <athena7> the coast guard had sql injection problems?
[12:34:52 EDT(-0400)] <athena7> that's pretty excellent
[12:35:03 EDT(-0400)] <athena7> not in an actually excellent way
[12:35:03 EDT(-0400)] <EricDalquist> doing that search is scary
[12:35:09 EDT(-0400)] <athena7> yeah i bet . . .
[12:35:15 EDT(-0400)] <athena7> wow that wtf posting is pretty ba
[12:35:16 EDT(-0400)] <athena7> d
[12:35:16 EDT(-0400)] <EricDalquist> a co-worker just found a .edu with an alumni records site
[12:35:33 EDT(-0400)] <EricDalquist> and the SQL in the url pretty much describes the whole table
[12:36:01 EDT(-0400)] <EricDalquist> makes the password they ask for on their edit link kind of pointless when you can run arbitrary SQL via URL parameters
[12:36:13 EDT(-0400)] <EricDalquist> and this is why PreparedStatements are good (smile)
[12:36:22 EDT(-0400)] <athena7> no kidding
[12:36:36 EDT(-0400)] <athena7> in that posting, i wonder if other people could have added new people to the registry
[12:36:40 EDT(-0400)] <athena7> that'd be really bad
[12:37:10 EDT(-0400)] <EricDalquist> I would be supprised if insert/update/drop/delete/alter all didn't workl
[12:37:28 EDT(-0400)] <athena7> yeah
[13:22:51 EDT(-0400)] <EricDalquist> athena7: I'll have a commit in just a few that uses pags to ensure everyone is in the Everyone group
[13:22:59 EDT(-0400)] * athena7 cheers
[13:23:37 EDT(-0400)] <EricDalquist> I just had fun writing the 'AlwaysTrueTester;
[13:24:30 EDT(-0400)] <athena7> (smile)
[13:26:42 EDT(-0400)] <EricDalquist> all set
[13:27:51 EDT(-0400)] <athena7> great!
[13:27:58 EDT(-0400)] <athena7> i'll test out our dev server this afternoon
[13:28:02 EDT(-0400)] <EricDalquist> cool
[13:34:20 EDT(-0400)] <athena7> trying to get a better sense of what's breaking and what's not when multiple jquery libs are included
[13:35:22 EDT(-0400)] <EricDalquist> ah
[13:35:27 EDT(-0400)] <EricDalquist> https://mywebspace.wisc.edu/dalquist/web/crn/
[13:35:29 EDT(-0400)] <EricDalquist> oops
[13:35:37 EDT(-0400)] <EricDalquist> wrong chat window (smile)
[13:35:52 EDT(-0400)] <EricDalquist> though if you're interested those are the two tasks to enable concurrent execution in crn
[13:45:08 EDT(-0400)] <athena7> cool (smile)
[13:47:22 EDT(-0400)] * michelled (n=team@142.150.154.197) has left ##uportal