<zenspider>
Scriptonaut: I'm only skimming the spec for JWT... but I'm not sure that's invalid yet.
<zenspider>
it's not well written as specs go
<Scriptonaut>
I'm confused, what do you mean not invalid, like it's supposed to produce different keys between ruby processes?
<Scriptonaut>
or between console sessions, etc
<zenspider>
do they decode properly?
<zenspider>
if you notice, the payload (before the ".") is the same in both cases
<Scriptonaut>
that's the header
<Scriptonaut>
it goes header.payload.signature
<Scriptonaut>
header has the meta info about the type of encryption, etc, payload is the actual data, then signature is an encrypted concatenation of the header, payload, and secret
<Scriptonaut>
used to verify the payload/header
<Scriptonaut>
I suppose I should try decoding it
<Scriptonaut>
and see if it for some reason works
<zenspider>
ah. I didn't see the second one... either way, they're the same
<Scriptonaut>
the second one is the same too?
<Scriptonaut>
oh I see, that's odd, it's not always the case
<zenspider>
as long as they decode... I wouldn't worry about it
<Scriptonaut>
I'll try decoding and see what I get, thanks
<zenspider>
ruby has some stuff built in to seed hash values and the like so that each process is a little bit random from another. It bites me now and then, but makes the processes less attackable from the outside. It might be similar
<Scriptonaut>
This will give me the perfect excuse to have this part of the codebase rewritten, I was saying we should decode rather than just comparing the encrypted strings
<Scriptonaut>
it decoded
<Scriptonaut>
zenspider: I don't know why I didn't think to do that
<Scriptonaut>
thanks lol
<zenspider>
n/p
<zenspider>
hrm... is there a better tool than diff3 for comparing 3 files? having `ed` output isn't the best
ansraliant has joined #ruby
<Scriptonaut>
hmm, never had that need. I use git for diffs most of the time
bmurt has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
brandoncc has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
renich has quit [Ping timeout: 250 seconds]
Nicmavr has quit [Read error: Connection reset by peer]
Nicmavr has joined #ruby
renich has joined #ruby
r29v has quit [Quit: r29v]
<havenwood>
Scriptonaut: Your payload stays the same. It's just the order of the headers that differs so you get a different mac. {"alg"=>"HS256", "typ"=>"JWT"} vs {"typ"=>"JWT", "alg"=>"HS256"}
chouhoulis has joined #ruby
brandoncc has joined #ruby
<havenwood>
Scriptonaut: JSON hashes are unordered, unlike Ruby 1.9+ hashes.
<Scriptonaut>
I'm surprised you were able to deduce that
<Scriptonaut>
thanks
<havenwood>
you're welcome!
<Scriptonaut>
the only part left that's bothering me, is that an existing dev built a system where he generated tokens like this, sent it to another service we have, and then used the token in a db query to lookup records.
<Scriptonaut>
so somehow up until now, those hashes have always been in the same order
<Scriptonaut>
but when I do it, I often get different ordered hashes
<Scriptonaut>
no idea why when I do it, the key/value order changes regularly, but he managed to do it for months, on the same computer, and kept it in the same order
<Scriptonaut>
I assume I will have to rewrite his lookup system that does lookups by the encrypted tokens, I don't see any other way around it
<Scriptonaut>
not that it's a very good way of looking things up
<havenwood>
Scriptonaut: Just to make sure, you're meaning these payloads to be signed so you can authenticate they haven't been tampered with, but no need for encryption?
<Scriptonaut>
yes
<Scriptonaut>
the payloads only hold a database record id
<Scriptonaut>
oh, we're just signing it with a raw string, is that not a good idea?
cpruitt has quit [Ping timeout: 250 seconds]
<Scriptonaut>
like ENV["JWT_SECRET"]
blackmesa has quit [Ping timeout: 252 seconds]
<havenwood>
Scriptonaut: I'd think that should work if you just need data integrity and authentication, but the payload contents aren't secret.
<havenwood>
If the contents are secret, use Ed25519 instead of an HMAC.
<Scriptonaut>
ah ok, thanks for the example. While working on this feature I noticed this stuff was used in several other places, and it definitely wasn't encrypting the payload. I'll have to check it out to make sure it's nothing that should be secure
cpruitt has joined #ruby
<havenwood>
Ed25519 is great when you really do want to keep a secret!
duderonomy has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
DTZUZO_ has joined #ruby
cpruitt has joined #ruby
venmx has quit [Remote host closed the connection]
mikecmpb_ is now known as mikecmpbll
AJA4350 has joined #ruby
cpruitt has quit [Ping timeout: 245 seconds]
kidPalooma has joined #ruby
<kidPalooma>
Hello, I would like to perform these two operations on mp3 files: 1. strip all id3 metadata, 2. add silence at the start/end of a file. Are there any libraries that you know of that would help? I have found a few id3 libraries in ruby but they seem more oriented on reading id3 tags rather than modifying them
<elomatreb>
kidPalooma: I was in a similar situation regarding metadata and I didn't really find anything enjoyable, switched to doing those scripts in Python with mutagen
Nicmavr has quit [Read error: Connection reset by peer]
Nicmavr has joined #ruby
lucasb has joined #ruby
<blerrp>
kidPalooma: +1 for mutagen. so for adding silence, idk, maybe look into ffmpeg
<blerrp>
but for id3 mutagen is the best shit i've used
kidPalooma has quit [Ping timeout: 256 seconds]
phwelo has quit [Ping timeout: 245 seconds]
mauro_oto has joined #ruby
cpruitt has joined #ruby
skryking has joined #ruby
Psy-Q has joined #ruby
<Psy-Q>
it looks like Slate was never updated to work with Bundler 2 and relies on Bundler 1. is there a way to have both available at the same time on a system?
cpruitt has quit [Ping timeout: 240 seconds]
<Psy-Q>
it looks like it can fall back to the version that is specified under BUNDLED_WITH in the lockfile if that version is available, but what if there is no lockfile yet?
soyeomul^bionic has quit [Quit: ERC (IRC client for Emacs 26.1)]
laaron has joined #ruby
yokel has quit [Remote host closed the connection]
yokel has joined #ruby
sagax has quit [Ping timeout: 272 seconds]
jinie has quit [Ping timeout: 268 seconds]
rippa has joined #ruby
Leifr has joined #ruby
kapil____ has joined #ruby
RiPuk has joined #ruby
skryking has quit [Quit: Leaving]
lucasb has quit [Quit: Connection closed for inactivity]
krawchyk has joined #ruby
Dbugger has joined #ruby
sonofentropy has quit [Quit: sonofentropy]
chouhoulis has quit [Ping timeout: 240 seconds]
polishdub has joined #ruby
status402 has joined #ruby
ellcs has quit [Remote host closed the connection]
krawchyk has quit [Quit: krawchyk]
krawchyk has joined #ruby
krawchyk has quit [Client Quit]
marz_d`ghostman has joined #ruby
<marz_d`ghostman>
anyone using concurrent-ruby gem here?
<marz_d`ghostman>
How do you guys execute Futures in parallel? Concurrent::Promises.future(thread_pool) { Sync.run(mirror) }.rescue { |e| send_error_notification(mirror_name: mirror.name, error: e) }.result doesn't seem to work
chouhoulis has joined #ruby
status402 has quit [Quit: status402]
aupadhye has quit [Ping timeout: 250 seconds]
krawchyk has joined #ruby
davidw has joined #ruby
orbyt_ has joined #ruby
chouhoulis has quit [Ping timeout: 246 seconds]
krawchyk has quit [Quit: krawchyk]
akem has quit [Read error: Connection reset by peer]