IRC log of #zope3-dev for Wednesday, 2005-04-20

« Tuesday, 2005-04-19 Index Thursday, 2005-04-21 »
*** gintas has quit IRC00:11
*** srichter has quit IRC00:12
*** Aiste has joined #zope3-dev00:14
*** hazmat has quit IRC00:44
*** [apoirier] has joined #zope3-dev00:45
*** Theuni has quit IRC00:51
*** yota has quit IRC00:55
*** tvon has joined #zope3-dev00:57
*** hazmat has joined #zope3-dev01:04
*** srichter has joined #zope3-dev01:10
*** ChanServ sets mode: +o srichter01:11
*** hazmat has quit IRC01:17
*** tvon has quit IRC01:28
*** hazmat has joined #zope3-dev02:09
*** hazmat has quit IRC02:44
*** hazmat has joined #zope3-dev02:46
*** SteveA has joined #zope3-dev03:16
*** hazmat has quit IRC03:55
*** hazmat has joined #zope3-dev03:56
*** hazmat has quit IRC04:17
*** SteveA_ has joined #zope3-dev04:22
*** SteveA has quit IRC04:27
*** BjornT has quit IRC05:29
*** stub has joined #zope3-dev05:34
*** RaFromBRC has quit IRC05:47
*** BjornT has joined #zope3-dev05:56
*** hazmat has joined #zope3-dev06:19
*** tonico has quit IRC06:36
*** hazmat has quit IRC06:57
*** SteveA_ has quit IRC06:58
*** `anthony has quit IRC07:53
*** stub has quit IRC07:57
*** stub has joined #zope3-dev07:59
*** `anthony has joined #zope3-dev08:03
*** viyyer has joined #zope3-dev08:13
*** nisha_cgx has joined #zope3-dev08:14
*** nisha_cgx has quit IRC08:15
*** MacYET_ has joined #zope3-dev08:36
zagymoin08:42
Damasceneoh man09:10
Damasceneif i see zagy speak, i know im' in trouble.09:10
zagyha ha09:11
zagygo to bed man!09:11
Damasceneyou remembered!  hehe09:12
*** Theuni has joined #zope3-dev09:13
*** SteveA_ has joined #zope3-dev09:26
*** hdima has joined #zope3-dev09:28
*** Aiste has quit IRC09:29
*** yota has joined #zope3-dev09:44
*** sashav_ has joined #zope3-dev09:59
*** viyyer has quit IRC10:07
*** viyyer has joined #zope3-dev10:08
*** viyyer has joined #zope3-dev10:10
*** hazmat has joined #zope3-dev10:14
*** viyyer has quit IRC10:24
*** viyyer has joined #zope3-dev10:27
*** lunatik has joined #zope3-dev10:30
*** tarek_ has joined #zope3-dev10:33
*** viyyer is now known as viyyer|AFTERLUNC10:35
*** viyyer|AFTERLUNC is now known as viyyer11:02
*** hazmat has quit IRC11:06
*** `anthony has quit IRC11:19
*** mexiKON has joined #zope3-dev12:06
*** philiKON has quit IRC12:13
*** RaFromBRC has joined #zope3-dev12:18
*** tonico has joined #zope3-dev12:30
MacYET_z3con12:30
*** xenru has joined #zope3-dev12:48
*** mkerrin has joined #zope3-dev12:50
*** lunatik is now known as lunatik|pasla13:06
*** Aiste has joined #zope3-dev13:10
*** MacYET has joined #zope3-dev13:24
*** MacYET_ has quit IRC13:25
*** lunatik|pasla has left #zope3-dev13:30
*** efge has joined #zope3-dev13:32
*** RaFromBRC has quit IRC13:32
*** regebro has joined #zope3-dev13:34
MacYETthe french world is getting alive13:36
regebroWi is aalweez alive.13:39
*** srichter has quit IRC13:45
*** kaczordek has quit IRC14:20
*** projekt01 has joined #zope3-dev14:25
*** bskahan has joined #zope3-dev14:40
*** faassen has joined #zope3-dev14:44
*** projekt01 has left #zope3-dev14:44
*** srichter has joined #zope3-dev14:51
*** ChanServ sets mode: +o srichter14:51
*** mohsen-away is now known as mohsen14:53
*** bradb has joined #zope3-dev15:32
*** __gotcha has joined #zope3-dev15:43
*** bradb has quit IRC15:44
*** mooded has joined #zope3-dev15:47
*** ignas has joined #zope3-dev15:49
*** bradb has joined #zope3-dev15:55
*** mooded has quit IRC15:56
MacYETcan i configure a utility under multiple names?16:15
Theuniany reason you assume that you can't?16:22
MacYETi want a mass registration :)16:23
srichteryes you can, but there is nothing to help you do this efficiently16:25
srichteryou would have to write your own directive16:25
srichter(which is not hard btw)16:26
srichterMacYET: why would you want to register so many utilities?16:26
srichteri.e. something seems fishy here :-)16:26
MacYETin txng every converter is a utility16:26
MacYETso i register them as named utilities16:26
MacYETbut one converter can handle multiple mimetypes16:26
MacYETwrong way?16:27
srichteroh, I see16:27
srichterlet me think16:27
srichterwhat about adapters?16:27
MacYEToverkill16:27
MacYET:-O=)16:27
MacYETi must have a registry mimetype -> converter somewhere16:28
srichterok, but then you could save yourself from many utilities16:28
MacYETi am just moving the problem around :)16:28
Theunidon't we have some generic registry support around?16:28
srichterright, utilities is not a bad approach, but just by the look of "mimetype -> converter" it smells like an adapter16:29
srichter:-)16:29
MacYETutilites are fine16:29
srichterTheuni: no, all registries have been carefully removed16:29
MacYETregistries suck16:29
* Theuni shrugs16:29
srichterexactely16:29
srichterall registries can be implemented using utilities16:29
srichterthis decision was made ages ago16:29
srichterMacYET: do you have mimetype objects?16:30
MacYETmimetype objects?16:30
MacYETi have content with some mimetype16:31
MacYETthat I look up an utility with the correspodning converter interface *and* mimetpye et le voila: i have the converter16:31
MacYETworks fine16:31
srichtermmh, maybe named adapters are better, conceptually16:31
MacYETthat's beyond my today16:32
srichterIConverter(content, name="application/x-msoffice")16:32
MacYETs horizon16:32
srichterthis is very similar to the named utility approach, btw16:33
srichterthe nice thing is that you can register the adapter for classes16:33
MacYETjust have to read before...it's fine for me now16:34
MacYETjust trying things out..16:34
srichterok16:34
faassenI'm trying the widget for the schema LIst thing.16:41
faassenin Zope X3.0 the behavior is seriously broken.16:41
faassendo you know whether this got fixes later on?16:41
faassenit's broken in the sense that if you press 'add text' without filling in any text, you get a weird output which displays somekind of HTML list, and then when you go back to the page, all your previous entries have disappeared.16:42
srichterI am not sure, though some of those type of widgets got some work done on them16:55
faassenanyway, I guess I'll make my own widget, it can be simpler.16:55
*** niemeyer has joined #zope3-dev16:55
*** sashav_ has quit IRC16:58
*** vlado has joined #zope3-dev17:04
*** viyyer has quit IRC17:17
*** hdima has quit IRC17:28
*** mkerrin has quit IRC17:34
*** xenru has quit IRC17:54
*** `anthony has joined #zope3-dev17:55
*** BjornT has quit IRC18:06
*** th1a has joined #zope3-dev18:08
*** BjornT has joined #zope3-dev18:34
*** vlado has quit IRC18:36
regebroI've just beebn looking at the add form directive for X3.0, since it seems like it's permission setting is ignored in Five.18:41
*** [apoirier] has joined #zope3-dev18:41
regebroand...it looks ignored in Zope3 too. If that is the case, then should it be like that, and if so, why?18:41
*** gintas has joined #zope3-dev18:48
*** th1a is now known as th1a|PyUK18:49
srichterregebro: really? I am pretty sure it is not :-)18:50
srichter...but maybe it is18:50
regebrosrichter, Well, I haven't really *tried* it, I just can't see that it is handled anywhere. Maybe the idea is to get the permission somewhere else?18:51
regebroOr to only protect the actual adding (which I don't think is a good idea).18:51
srichtermmh, I can't remember18:51
regebroOr, I just didn't see it..18:52
bradbthe addform permission works fine for me.18:52
srichterno, the perm is applied18:52
srichtersee AddViewFactory18:52
srichtersee the checker that gets created there?18:52
srichterzope.app.form.browser.add18:53
*** tarek_ is now known as tarek_away19:02
*** SteveA_ has quit IRC19:05
*** Theuni has quit IRC19:11
*** __gotcha has quit IRC19:18
*** stub has quit IRC19:23
regebrosrichter, ah, the defineChecker thing, ok.... Great.  So, since I can't protect things in Five, this is a Five bug. Great! Thanks!19:24
srichteryes19:28
*** zagy has quit IRC19:32
*** hazmat has joined #zope3-dev19:46
*** gintas has quit IRC19:48
*** tvon has joined #zope3-dev19:50
*** d2m has joined #zope3-dev19:52
*** Damascene has quit IRC19:53
*** Damascene has joined #zope3-dev20:00
*** zagy has joined #zope3-dev20:02
*** stub has joined #zope3-dev20:05
*** tvon has quit IRC20:05
*** tvon has joined #zope3-dev20:15
*** mohsen is now known as mohsen|away20:33
*** Aiste has quit IRC20:36
*** stub has quit IRC20:40
mexiKONsrichter, i wonder, would x-zope-principal in the response header be a security risk since it would appear in what is sent to the browser...20:47
*** bskahan has quit IRC20:51
*** [apoirier] has quit IRC20:53
MacYETre21:22
*** faassen has quit IRC21:33
*** gintas has joined #zope3-dev21:38
* MacYET curses 21:45
MacYET+:r he21:47
*** vinsci has quit IRC21:51
*** vinsci has joined #zope3-dev21:52
*** tvon|x31 has joined #zope3-dev21:53
*** tvon has quit IRC21:54
*** vinsci has joined #zope3-dev21:54
*** vinsci has quit IRC21:55
*** gintas has quit IRC21:56
MacYETvim s:w21:58
*** regebro has quit IRC22:00
*** mohsen has joined #zope3-dev22:02
*** tvon|x31 has quit IRC22:04
*** alga has joined #zope3-dev22:07
*** ignas has quit IRC22:08
*** mohsen has quit IRC22:13
*** tarek_away is now known as tarek_22:37
MacYET:wq22:37
srichtermexiKON: I don't think so22:41
mexiKONsrichter, i like wsgi, and passing the application object various streams through request headers is fine, i think22:42
mexiKONhowever, i'm not sure whether the reverse way is good22:42
mexiKONi feel like wsgi should include a logging api22:42
mexiKONhave something like a "logging stream"22:42
srichterthat's not good enough22:43
mexiKONand pass that to the application in the request, like the error stream22:43
mexiKONwhy not?22:43
srichterbecause often the logging framework decides based on specially crafted objects which log to write to22:43
srichterthis is true for Python's logging and for twisted's logging22:44
srichter(and was true for ZServer's)22:44
mexiKONok, fair enough22:46
srichterhere is my take22:46
mexiKONi'm just guessing wildly here. all i know is that i have a bad feeling about passing sensible data through the response22:46
srichterit is not sensible22:46
srichternoone can do anything with the principal id22:46
srichtersince it is not even necessarily the login name22:47
srichter(depends on the adapter)22:47
mexiKONit's still application data22:47
mexiKONit might reveal sensible data... how do we know this now?22:48
srichterif someone is worried about security, they use HTTPS, in which case it is encrypted and only returned to the browser22:48
srichterhow will it reveal sensible data?22:48
mexiKONmaybe principal ids *are* sensible in some systems22:48
mexiKONbut anyway22:48
srichterif you really do not want to return anything, make a null adapter that returns no message22:48
srichterthen change the adapter to not return the id22:49
mexiKONah, a knob22:49
srichterbut a full name or nothing22:49
mexiKONwe need a knob22:49
srichterthere is one22:49
mexiKONcan we have a knob to turn it off completely?22:49
srichteryeah, create an adapter that always returns ''22:49
srichter(as in empty string)22:50
mexiKONk22:50
BjornTsrichter: i'd assume that even if you don't want the principal name in the response, you'd still want it to show up in the logs. is there a way to do that?22:51
srichtermexiKON: see revision 3006522:52
srichterBjornT: nope22:52
srichternot with WSGI22:52
MacYETx22:55
BjornTsrichter: what was the problem with letting zope.app handle the logging, as you said you would do?22:56
srichterBjornT: it felt wrong :-)22:56
srichterBjornT: and I would have needed a bunch of proprietary WSGI extensions22:56
srichtersuch as receiving a function that knows about the bytes sent in the response, the return status, etc., etc.22:57
BjornTsrichter: it feels really wrong adding some useless headers to the response....22:57
srichterand really, the access log is the responsibility of the server, not the app22:57
srichterI am much happier with what I have now22:58
srichterBjornT: I disagree and it is common practice22:58
srichterthere are so many X-Name headers sent, especially in E-mails, that it is not even funny22:58
BjornTcan you give some examples?22:58
srichteryes, hold on22:59
mexiKONX-Powered-By: Zope22:59
srichterexactely!22:59
mexiKONMacYET, trying to hook up vi as your IRC client?22:59
srichterthat was the one I was looking for22:59
*** mohsen has joined #zope3-dev22:59
mexiKONit's stupid and it should go22:59
MacYET:-)22:59
srichterbut it is an example of how X-name headers are used23:00
BjornTexactly, it shouldn't be there, or at least be optional. it shouldn't change any functionality by removing such headers23:00
MacYETutilities don't have arguments in the constructor?23:00
srichterlook, if you want to make your code ultra-secure and still have the name in the logs, just write your own twisted.iweb.IResponse object that removes the header before outputting it23:01
srichterMacYET: they can, if you instantiate them yourself in Python and use "component" in ZCML23:01
MacYETthat's not what i want :-)23:01
srichterMacYET: If you use "factory" in the ZCML, they cannot have arguments, but the factory could be a function instantiating the class using arguments23:01
*** ChrisW has joined #zope3-dev23:02
ChrisWhey hey happy people :-)23:02
MacYETindex instances have a set of splitter preferecnes. inside the index() method i want to create a splitter object with these preferences...what's the right pattern?23:02
MacYETmr withers23:02
ChrisWcan Zope 3's ZPT be used outside of Zope?23:02
srichterChrisW: yes23:03
ChrisWIf so, what package do I need and how do I use it?23:03
MacYETyes23:03
ChrisW(I need to do normal cgi's, yuck :-S)23:03
MacYETtal,pagetemplate23:03
MacYETstart with pagetemplate and see what imports are missing23:03
MacYET:)23:03
srichterI think you need i18nmessage and tales as well23:03
ChrisWi18nmessage?23:03
ChrisWis ther no way to turn that off?23:03
srichterChrisW: there is also a way of using zpkcgtools to create a ZPT release23:03
srichterit lists all dependencies23:04
srichterChrisW: no23:04
ChrisWsrichter: any ideas hwo to do that?23:04
srichterChrisW: I used to know, but not anymore :-)23:04
srichterask Fred23:04
ChrisWdamn23:04
ChrisWtimescales too short :-S23:04
srichtersee ZOPE3/releases/ZPT23:04
ChrisWokie dokie23:04
srichterwhich gives you at least the deps23:04
ChrisWwhat should I go for? trunk or a branch?23:05
srichterbranch23:05
srichternot much has happened23:05
mexiKONChrisW, yes, you need the i18n message stuff. you don't need to use i18n, though23:05
ChrisWwhich branch?23:05
BjornTsrichter: that's an ugly solution just to be able to remove some (for the client) useless header. don't care *that* much about it, though..., just seem like the wrong way to do it23:05
ChrisWor is there a specific tag?23:05
*** vinsci has joined #zope3-dev23:05
ChrisWmexiKON = Phil in disguise?23:06
mexiKONChrisW, you can use the ZopeX3-3.0 branch23:06
mexiKONyes23:06
*** mexiKON is now known as philiKON23:06
ChrisWheh23:06
ChrisWyou guys decided about codespeak for DCOracle2 yet?23:06
srichterBjornT: complain to the WSGI guys for not providing a way to send info back to the server23:06
ChrisWis there a tag I can use that will be constant for years?23:06
ChrisWhttp://svn.zope.org/Zope3/tags/ZopeX3-3.0.0/?23:07
srichteryep23:07
srichterthis one will be good for a long time23:07
ChrisWnope, that doesn't have the ZPT thing in releases :-(23:07
ChrisWI might just go for http://svn.zope.org/Zope3/trunk/releases/ZPT/?rev=3006523:08
ChrisWwhat do I do with those .cfg files to get something useful?23:08
ChrisWand what version fo python should I be using?23:08
BjornTsrichter: well, they'd probly say to define a custom extension ;-)23:08
*** RaFromBRC has joined #zope3-dev23:08
srichterBjornT: but that's not practical, as the point of WSGI is to play nice with all existing servers23:10
srichterChrisW: well, you can see what's needed23:10
srichterthey are used to build the ZPT release, though I do not know how23:11
ChrisWyeah, btu what machinery should I use to do something automatic with those config files?23:11
srichterChrisW: this might help, though it is for Zope 3, not ZPT: http://www.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/MakingARelease23:11
ChrisWthanks, I'll take a look23:12
philiKONChrisW, basically, you point zpkgtools to a release config and you end up with a tarball containing a setup.py and all dependencies23:12
philiKONsrichter, i don't think the response header thing is very extensible either. I mean, what if i want other information to appear in the log?23:13
BjornTsrichter: will the logging work no matter which server you plug in via WSGI?23:13
philiKONideally, we should have a CustomLog directive like apache has23:13
MacYETn823:13
srichterphiliKON: but I am only getting an access log going23:13
*** MacYET is now known as MacZzzZz23:13
srichteryou can still do other logging on the app side23:13
srichterBjornT: if the server does it, sure23:13
srichterBjornT: Twisted is responsible for logging, I just provide an observer23:14
srichterthat knows how to write to our access logs23:14
philiKONaha23:14
philiKONthis is what i just thought about23:14
philiKONhaving the app provide some object that the server can write its log to23:15
philiKONso, logging stays configurable on the app side23:15
srichterbut this is far too intrusive23:16
srichtercurrently nothing in twisted.web2 had to be changed to get this working23:16
philiKONwell, right now, for every server you need a compatability layer anyway23:16
srichterhow so?23:16
philiKONbecause no server supports wsgi out of the box23:16
srichtertwisted.web2 does23:17
philiKONonly the new ones, yes23:17
philiKONso, twisted.web2 could support a logging api23:17
philiKONif the logging api were part of wsgi23:17
srichteryep, but I am not going to rely on an extension that is not approved nor have I thought about a good way of doing it23:18
srichterlogging frameworks behave very differently on a low level23:18
srichterand you would have to agree on one way of doing it23:18
srichteralso, I might want to log info only the server has that the server author might consider private and does not want to expose23:19
srichter(the bytes written is one big example here)23:19
*** ChrisW has left #zope3-dev23:19
BjornTsrichter: now you assume that every WSGI server provides support for plugging into the logging as you do it now. if the don't, you're screwed, just like with an wsgi extension23:20
srichternope, all I say is that those other servers probably just have no means of getting to the user info23:21
srichterthat is a much weaker assertion than the other suggested ones23:21
philiKONyou said they all behave differently on the low level... that's ok, as long as there can be a high level interface23:21
BjornTsrichter: exactly my point! the same with the wsgi extension, if it doesn't exist you simple don't use it23:21
philiKONi mean, after all, that's what wsgi is all about23:21
srichterBjornT: but it is much, much heavier to do it via WSGI at this point23:22
*** MacZzzZz has quit IRC23:22
philiKONmy idea is: have the server write to a logging component which comes from the app and is configured through the app; it can decide what do log and what not to log23:22
srichteryou would have to provide icky callback functions via the wsgi namespace in the environment23:23
*** Aiste has joined #zope3-dev23:23
srichterphiliKON: but that's the point; WSGI does not allow us to send info to the app server23:23
srichterother than over soem icky wsgi callback function23:24
srichtersomething like:23:24
philiKONso maybe that needs to be changed in wsgi23:24
BjornTsrichter: but it's also a much cleaner solution when working with wsgi...23:24
srichterI disagree23:24
srichterit goes against anything WSGI says23:24
srichterWSGI specifically points out that it does not want to deal with complicated objects23:25
srichterthis would exactely introduce such a complicated object23:25
srichterhave you read the WSGI specs?23:25
philiKONthe error stream and input streams are objects and they're not complicated23:25
philiKONyes23:25
philiKONthose stream objects have a few required methods23:25
BjornTsrichter: how so? according to the wsgi guys it should be quite common to add extensions to it23:25
srichterright, but logging cannot be a simple stream23:25
srichterI pointed this out several times23:25
philiKONtrue. but the python logging api, for example, has a very simple api and still can be used for quite complex things23:26
srichterthe Python logging API is very, very complex23:27
srichteractually, several people have complained about it23:27
srichterincluding the Twisted guys23:27
philiKONi must be confusing this with zlog then23:27
philiKONi'll brianstorm a little more about this issue23:27
philiKONg'night23:28
srichterbye23:29
srichterbtw, the reason I had to think about this feature is that other people before me messed it up23:31
srichterI am providing something that I think is not intrusive, keeps component boundaries and does not create miscellaneous dependencies among packages.23:32
srichteranyone should feel free to implement something better23:32
*** bradb is now known as bradb|out23:32
BjornTit's intrusive in that way that you send the client a useless header. it also depends on the server knowing what to do with the header (or to provide a way of plugging into the logging)23:34
srichterfor (1): it is done all the time23:35
srichterfor (2): Any solution I will come up with will have this requirement23:35
BjornT(1): ok, let's remove x-powered-by, doesn't change any functionality23:36
BjornT(2): so, there's no reason not solving it in a cleaner way23:36
srichterI have looked into (a) writing logs on the app side, (2) sending info via WSGI callbacks to the server and (c) sending a response header23:37
srichter(a) this is just not the right palce and a lot of indo would need to be sent from the server, which convinced me it is the wrong place23:37
BjornTanyways, i'll think about it a bit more. you should send a mail to the list about this before you merge23:38
srichter(b) this is a lot of work and actually when looking at it from the server side seems very intrusive23:38
srichter(c) I have to make only a slight modification to the app and none to the server(!)23:38
srichterfeel free to send a mail to the list23:39
srichterby the time I merge this, I will have forgotten it (probably)23:39
BjornTok, just make sure you send a mail before you merge23:44
srichterI always do this; this change will be somewhat disruptive23:45
*** alga has quit IRC23:46
*** RaFromBRC has quit IRC23:48
*** mkerrin has joined #zope3-dev23:51
BjornTsrichter: btw, where's that log observer you talked about located?23:52
srichternot checked in yet23:52
srichterI still ahve to write tests23:52
srichterhold on, I check it in23:52
BjornTok, thanks. i want to see how it looks like23:53
srichteruuh, it might fail though :-)23:54
srichtersince I have made some changes to Twisted's server;23:54
srichterso that I can collect all information23:55
srichterI guess we should switch to a vendor import23:55
srichterdo you know how to do this?23:55
BjornTi thought one of your argument was that you *didn't* have to change anything in the server?23:57
BjornTno, sorry, don't know how to do that23:57
srichteryeah, it is due to the fact that twisted.web2 is not done23:57
srichterbut this has nothing to do with my argument23:58
BjornTso this would be a good time adding some logging extension to it...23:58
srichterbasically, from the request I could not get to the response inside twisted23:58
srichterit has its logging stuff already setup23:58
« Tuesday, 2005-04-19 Index Thursday, 2005-04-21 »

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!