IRC log of #zope for Friday, 2010-10-08

*** mcdonc has quit IRC00:21
*** mcdonc has joined #zope00:22
*** srichter has quit IRC00:23
*** jakke1 has quit IRC00:36
*** dunny has joined #zope00:51
*** redir has joined #zope00:53
*** d2m has quit IRC00:54
*** MJ has quit IRC01:08
*** alga has joined #zope01:12
*** dayne has quit IRC01:17
*** dayne has joined #zope01:18
*** dvschramm is now known as dvschramm|away01:20
*** dunny has quit IRC01:20
*** runyaga has quit IRC01:32
*** dayne has quit IRC01:37
*** yuvilio has quit IRC01:47
*** smita has quit IRC01:52
*** J1m has quit IRC01:55
*** webmaven has quit IRC01:59
*** alga has quit IRC02:25
*** MrTango has quit IRC02:27
*** MatthewWilkes has quit IRC02:29
*** TresEquis has quit IRC02:30
*** shastry_ has quit IRC02:31
*** ccomb has quit IRC02:33
*** fcanto has joined #zope02:47
*** gw has joined #zope02:51
*** srichter has joined #zope03:31
*** davisagli is now known as davisagli|away03:39
*** davisagli|away is now known as davisagli03:44
*** davisagli is now known as davisagli|away03:45
*** huajie has joined #zope03:58
planetzopebotTrying out Chameleon (Ross Patterson)
*** davisagli|away is now known as davisagli04:12
*** davisagli is now known as davisagli|away04:14
*** dunny has joined #zope04:27
*** davisagli|away is now known as davisagli04:43
*** mr_jolly has quit IRC04:50
*** davisagli is now known as davisagli|away04:51
*** alexpilz has joined #zope05:02
*** alexpilz1 has quit IRC05:04
*** davisagli|away is now known as davisagli05:04
*** alvaro_o has quit IRC05:07
*** MadRobot has joined #zope05:45
*** kleist has joined #zope06:09
*** dunny has quit IRC06:10
*** dunny has joined #zope06:10
*** dunny has quit IRC06:15
*** davisagli has quit IRC06:38
*** davisagli has joined #zope06:39
*** fcanto has quit IRC06:48
*** huajie has quit IRC07:10
*** huajie has joined #zope07:14
*** davisagli is now known as davisagli|away07:27
*** davisagli|away is now known as davisagli07:39
*** davisagli is now known as davisagli|away07:40
*** redir has quit IRC07:42
*** redir has joined #zope07:42
*** redir has quit IRC08:00
*** davisagli|away is now known as davisagli08:01
*** redir has joined #zope08:02
*** Theuni1 has joined #zope08:26
*** zagy has joined #zope08:29
*** __mac__ has joined #zope08:41
*** JaRoel|4D has quit IRC08:52
*** gw has quit IRC09:00
*** Theuni1 has quit IRC09:10
*** davisagli is now known as davisagli|away09:11
*** digitalmortician has quit IRC09:15
*** smita has joined #zope09:20
*** d2m has joined #zope09:24
*** MadRobot has quit IRC09:24
*** jakke has joined #zope09:27
*** webar7 has quit IRC09:30
*** alga has joined #zope09:31
*** webar7 has joined #zope09:32
*** Theuni1 has joined #zope09:37
*** alexpilz has quit IRC09:40
*** JaRoel|4D has joined #zope09:56
*** bigkevmcd_ is now known as bigkevmcd09:58
*** neo|4D has joined #zope10:03
*** huajie has quit IRC10:17
*** yvl has joined #zope10:27
*** menesis has joined #zope10:27
*** tralala has joined #zope10:30
tralalaI get this error ValueError: "unsupported format character '(' (0x28) at index 3" from this format string '%15(refundid)s %20(contractid)d %40(account)s % 75.2(amount)f'10:31
*** digitalmortician has joined #zope10:31
betabughey tralala!10:31
betabugyou were looking for me?10:31
tralalathe code is running from an external method10:32
tralalabetabug: hey there. It's been quite a while.10:32
*** planetzopebot has quit IRC10:33
betabugyeah! how's life?10:33
betabugstill so busy?10:33
tralalazope 2.12 and python 2.410:33
*** planetzopebot has joined #zope10:34
tralalathe same code works from inside the python (zopectl debug) but not from the external method10:34
betabugif you simplify it, does it work?10:35
tralalais there a way to fix it or it has to do with security restrictions?10:35
betabugin an external method there should be no security restrictions10:35
d2mi have never seen anything between % and () in formatting strings before10:37
tralalad2m:  do you reffer to the blank after the last %? It works fine in python10:39
d2mno, i think %15(...)s should be %(..)s1510:39
*** MrTango has joined #zope10:41
tralalad2m: you mean %(...)15s? 15 in justification, not literal10:43
*** nitrogenycs has quit IRC10:45
*** nitrogenycs has joined #zope10:45
*** MJ has joined #zope10:46
tralalad2m: okay, thanks. I'm changing the string now10:47
tralalad2m: yes, this was it. Thanks a lot! I wonder how I got the string messed up, given that I have it the right way in my unit tests...10:53
bigkevmcdare your tests actually passing?10:55
tralalaYes, but they had the correct format string10:56
*** sunew has joined #zope10:58
*** menesis has quit IRC11:02
*** menesis has joined #zope11:02
*** Gogo|tty has joined #zope11:03
tralalain an external method than creates a persistant object, do I need explicit commit or zodb will take care of it?11:05
*** yvl has left #zope11:05
betabugzope should take care of it11:06
betabugbut you really should make it into a zope product at this point11:06
betabugexternal methods are just for small hacks11:06
tralalabetabug: I'm not introducing a new persistent object, just generating an ZReST report11:07
*** ccomb has joined #zope11:07
betabugyou won't need a commit11:07
betabugbut I'd use external methods only for the smallest of tasks11:07
tralalaalthough I can benefit from a product I can't afford the effort at this point. And the task in really small and easily done with an external method11:09
koshbetabug: I tend to use external methods for single functions or sometimes 2 to 3 functions that won't exist in the database11:09
koshbetabug: like I have one for parsing a csv file so I did not have to expose the csv module, just had it a string and it hands a list of lists back that kind of thing11:09
koshtralala: don't run zope 2.12 on python 2.4, use zope 2.12 with python 2.611:10
*** milele has quit IRC11:11
betabugyeah, for really small stuff an external method might be acceptable11:11
*** agroszer has joined #zope11:11
kosha csv parsing function or csv creation function is only about 3 lines of code so trivial as an external method11:12
tralalakosh: my sad story is that I run it on windows and I have to interface sql server through ado11:12
koshI don't think that zope 2.12 has really been tested for python 2.411:13
koshI thought the min python required version was 2.5 and that was not suggested11:13
koshif you want to use python 2.4 you should use zope 2.11 max11:13
tralalaops sorry11:13
tralalaI have 2.1111:13
tralalaanyway I got what the installer delivered11:13
* kosh sets tralala on fire and hands out marshmallows11:14
* tralala blushes11:14
koshbetabug: so what evil are you up to?11:15
betabugisn't being in the office evil enough?11:15
tralalaI would love to swich it to linux, but I'm affraid I can't excuse the efford for the time being11:15
Theuni1betabug: if your office is with the salvation army then there's definitely room for improving the evilness11:16
*** milele has joined #zope11:17
*** gypsymauro has joined #zope11:18
gypsymaurosuppose I've a webservice in my lan, there is a way from zope to access to this webservice? or I've to write an external method?11:19
bigkevmcd<tralala> Yes, but they had the correct format string <- that means you don't have test coverage11:19
betabuggypsymauro: "external methods" are "from zope" too11:19
*** vipod_ has joined #zope11:24
*** vipod has quit IRC11:24
*** vipod_ is now known as vipod11:24
gypsymaurobetabug: I didn't understand, I need to connec to a webservice (not zope) from zope using soap or xmlrpc, there is a builtin way to connect or I need to write myself?11:24
betabugthere are python xmlrpc client modules that you can use11:26
betabugit's quite easy11:26
*** ccomb has quit IRC11:28
*** ccomb1 has joined #zope11:28
koshbetabug: RewriteRule \.(asp|aspx|php|jsp)$ - [F,L]   that rule seems to work fairly well so far11:28
betabuggypsymauro: look for the python xmlrpclib module11:28
koshbetabug: I will add other stuff to it later11:28
koshbut it does block out a LOT of garbage11:28
betabugwhat's "F"?11:28
betabugah, cool11:28
koshmaybe you could put that on the witch11:31
betabuggypsymauro: I have some sample code, but in my setup on both "sides" there is zope running11:32
koshthat will block a LOT of attacks against zope and really clean up the error log11:32
betabugso I don't know how well it would adapt11:32
betabugkosh: it sure will stop a lot of crap before it even reaches zope11:32
gypsymaurobetabug: and you create a product to use that webservices? I mean there is not a zope type for webservice11:34
betabugno, there is no built in zope type11:34
betabugI have all my code in zope products anyway11:35
betabugsince I have a life too11:35
tralalabigkevmcd: yes, it does. I only have unit tests and the report formatting is decoupled from zope so I test it with a mock object. I lack functional tests to cover the intergation part.11:36
*** MatthewWilkes has joined #zope11:37
gypsymaurobetabug: it's better to use soap or xmlrpc?11:39
betabugI use xmlrpc, because I use zope both as client and server... and zope "includes" the xmlrpc server automatically11:40
betabugin my poasted example, "timers_time_daterange" is a method on the server11:41
*** nitrogenycs has quit IRC11:42
betabugserver_url is obviously the base URL of the server, where all the interesting methods are11:42
betabugso you see it's easy11:42
*** menesis1 has joined #zope11:42
*** menesis has quit IRC11:42
betabugI'm logging any errors, to make finding problems easier11:42
*** sunew has quit IRC11:43
betabugthe password for the server is encoded in the URL... it's safer than it sounds, since python "intercepts" that and transmits them slighty more safe11:44
betabugso somewhere I have a line like that: server_url = protocol+'://'+user+':'+passw+'@'+ server+':'+port+'/'+url11:45
gypsymaurobetabug: it's possible to use https too?11:45
betabugyes, that's what I'm using11:46
gypsymaurotanx betabug11:53
koshbetabug: I wonder what other extensions I should add to that list later guess I will find out11:53
betabugno problem11:53
betabugkosh: yeah, just look through the logs from time to time11:54
kosheasiest is check the error_log11:54
koshbecause that will be stuff that made it through11:54
koshbetabug: it really is a pretty good idea as a default rewriterule to use with zope since that will block a lot of garbage11:58
*** eperez has joined #zope11:59
*** sunew has joined #zope12:00
gypsymaurobetabug: sorry, I'm stressing you but tell me if it's a good design: I've a website, and I've a db on the lan, I want to make some query on the internal db from the website, but 'cause there will be some "sensible" data on the db, I want to add a secure layer between, so I'm considering to implement a xmlrpc webservice that does 'secure queries' and then call methods from website, it's a good design or I'm just shooting to my ...? :)12:00
*** dunny has joined #zope12:01
*** eperez has quit IRC12:01
betabugit all depends on how much better you can secure the xmlrpc webservice than you can secure zope12:01
gypsymaurobetabug: well for example if someone can enter in my ZMI can see the user and password of the db connections, with an xmlrpc layer the cracker eventually can see the username and  password of the webservice12:05
betabugbut how much chance is it with a well secured zope that they will enter the ZMI?12:05
tralalahow do I redirect from external method?12:05
betabugzope has quite a good security track record [knocks on wood]12:05
betabugtralala: you have passed "context" to your method as an argument?12:06
betabugso you return context.REQUEST.RESPONSE.redirect(url)12:06
tralalathe method is defined as def m(self). I use self as a folder object. Is it a context?12:07
*** tisto has joined #zope12:07
betabughmmm, it's been some time since using external methods :-)12:08
tralalaalso I want to redirect to another zope object in the same folder, will do as a url@12:08
betabugmaybe you have to put './' in front12:09
betabugbut it might do12:09
tralalaI'm going to give it a try12:09
*** evilbungle has joined #zope12:13
tralalabetabug: works great, thanks!12:14
*** srichter has quit IRC12:16
*** alexpilz has joined #zope12:19
*** MJ has quit IRC12:23
*** menesis1 has quit IRC12:24
*** MJ has joined #zope12:24
*** ggozad has joined #zope12:30
*** huajie has joined #zope12:39
*** digitalmortician has quit IRC12:40
*** teix has joined #zope12:56
*** eperez has joined #zope12:58
*** fredvd has joined #zope13:04
*** mr_jolly has joined #zope13:08
*** janjaapdriessen has joined #zope13:08
*** hever has joined #zope13:09
*** hever has quit IRC13:10
*** huajie has quit IRC13:12
*** gypsymauro has quit IRC13:26
*** menesis has joined #zope13:30
*** tralala has quit IRC13:46
*** kamjel has joined #zope14:00
CIA-7janjaapdriessen * r117384 /Sandbox/janjaapdriessen/buildbot/buildout.cfg: the --distribute option is not available in all versions of, so stick with setuptools.14:01
CIA-7janjaapdriessen * r117385 / (1.2 1.2/ inlined zc.buildout 1.4.1 bootstrap.py14:01
janjaapdriessenagroszer: Are we going to support the ZTK on python2.7 on windows? If so, could you tweak the winbot to release 2.7 bdists of the packages with c-extensions? If not, I will remove them from the buildbot.14:08
agroszerhi janjaapdriessen14:08
agroszerI think ZTK after 1.0 should support python 2.714:09
agroszerso I got to tweak winbot14:09
janjaapdriessenOk cool. I will not adjust the buildbot then.14:10
agroszergonna do that soonish14:10
*** dayne has joined #zope14:10
*** kamjel has quit IRC14:53
*** dunny has quit IRC15:01
*** fredvd has quit IRC15:07
*** fredvd has joined #zope15:07
*** vipod has quit IRC15:08
*** vipod has joined #zope15:15
*** digitalmortician has joined #zope15:22
*** regebro has joined #zope15:24
*** digitalmortician has quit IRC15:28
*** touff has quit IRC15:32
*** tisto is now known as tisto|away15:33
*** touff has joined #zope15:44
*** huajie has joined #zope15:58
*** tisto|away is now known as tisto16:09
*** Theuni1 has quit IRC16:12
*** srichter has joined #zope16:15
*** regebro has quit IRC16:17
*** allisterb has quit IRC16:20
*** eperez has quit IRC16:21
*** regebro has joined #zope16:31
*** zenwryly has quit IRC16:34
*** dayne has quit IRC16:36
*** allisterb has joined #zope16:37
*** pepeu has joined #zope16:40
*** webmaven has joined #zope16:40
*** pepeu has left #zope16:41
*** sunew has quit IRC16:44
*** allisterb has quit IRC16:45
*** pwerneck has joined #zope16:52
*** ccomb1 is now known as ccomb16:52
*** alga has quit IRC16:53
*** cbcunc_ has joined #zope16:55
*** cbcunc has quit IRC16:57
*** J1m has joined #zope16:57
*** cbcunc_ is now known as cbcunc16:57
*** yuvilio has joined #zope16:57
*** dvschramm|away is now known as dvschramm17:00
*** dayne has joined #zope17:00
*** mcdonc has quit IRC17:08
*** __mac__ has quit IRC17:09
*** benji has quit IRC17:13
*** yuvilio has quit IRC17:14
*** benji has joined #zope17:17
*** webar7 has quit IRC17:18
*** mugwort13 has joined #zope17:19
*** yuvilio has joined #zope17:24
mugwort13Hi all, I have been reading about zope and considering it as a framework for a few sites I am building.   I have read some mixed opinions about zope's default security.    Compared to other frameworks, how secure is zope?   (I realize that standard server setups are not flaws in zope, -  php.ini, httpd.conf, firewall,etc. are the admin's task to setup)17:27
betabugmugwort13: what "mixed opinions" have you read? I've never seen any bad review of zope security17:28
betabugcan you give me a link?17:28
*** MrWu has joined #zope17:28
betabugalso, since this is 2010, which kind of zope are you considering? Zope 2? Grok? BlueBream (formerly Zope 3)? Repoze.BFG?17:29
betabug(yeah, it's been a sport to make new stuff it seems)17:30
MrWudid I miss something?17:30
betabughey MrWu17:30
*** huajie has quit IRC17:32
*** Theuni1 has joined #zope17:35
*** ggozad has quit IRC17:35
*** redir has quit IRC17:35
mugwort13The version I was looking is 2.10.5 (only because that is the latest version in the openbsd repo, and as far as site, I will have find them again.   .... so let me look17:36
betabugok, that is Zope 217:36
betabugnow what security concerns did you talk about?17:36
*** ggozad has joined #zope17:36
betabugthe newest of the Zope 2 series is 2.1217:37
MrWuand the latest version of the 2.10.x branch is 2.10.11 (IIRC)17:42
* mgedmin would not start a new project based on Zope these days17:44
mugwort13...funny, my google search now is only showing security fixes in zope, that's reassuring.17:44
betabugmugwort13: pretty old ones probably too17:44
betabugmgedmin: few people do, especially few newcomers it seems17:45
*** thetet has joined #zope17:46
mugwort13mgedmin:   Could you please explain why not?   I was researching secure cms systems and stumble on zope + plone, it sounds very promising to me.   I need something as close to un-hackable as I can get.17:47
mgedminplone is probably worth a look, I assumed you were talking pure Zope 217:48
mugwort13oh, I see17:49
betabugwell, I consider pure Zope 2 pretty good17:49
betabugbut newcomers consider it old fashioned and therefore cumbersome to build stuff17:50
betabugnew frameworks tend to have stuff that does more work for the programmer "out of the box"17:50
*** MJ has quit IRC17:50
MrWuwell, if mugwort13 needs something "as close to un-hackable as I can get"17:52
* mgedmin also tends to think about web applications and forget about CMSes17:52
MrWuI would recommend you to write plain html files17:52
*** lcpfnvc has quit IRC17:52
MrWuand serve them using openbsd's chroot apache17:52
MrWuand beware of the javascript!17:52
MatthewWilkesmugwort13: Plone and Zope's security records are very good.  Of course we do get the occasional problem reported, but we take it seriously and release fixes fast.17:54
MatthewWilkesmugwort13: We always register CVEs too, so you can just search through to see how many we've had in comparison to other systems17:54
*** lcpfnvc has joined #zope17:55
MrWuplone is much better in that aspect than the well-known ones (drupal, joomla, mambo, etc)17:55
*** alecm_ has joined #zope17:59
*** alecm_ has joined #zope17:59
mgedminthe biggest security issue I've encountered with Zope was an unprotected web form for sending email18:00
mgedmin(it had the recipient address hardcoded, so all the spam went directly to me)18:01
*** alecm_ has quit IRC18:01
*** runyaga has joined #zope18:02
*** alecm_ has joined #zope18:02
*** alecm_ has joined #zope18:02
runyagahow do you get svn credentials again?18:02
*** alecm has quit IRC18:02
*** alecm_ is now known as alecm18:02
mugwort13well, on, doing a search for zope or plone brings up almost no results.  That is very good.     A search on, only gives about 8 result over the past 3 years.   That's very good too.18:02
*** milele has quit IRC18:03
*** runyaga has quit IRC18:03
mugwort13Thanks all18:06
*** mugwort13 has left #zope18:06
*** ggozad has quit IRC18:07
*** daMaestro has joined #zope18:25
*** mr_jolly has left #zope18:25
*** runyaga has joined #zope18:31
*** jakke has left #zope18:33
CIA-7adamg * r117386 zope.wineggbuilder/rackspace.ini: do eggs for py2.718:34
*** J1m has quit IRC18:34
*** J1m has joined #zope18:34
*** MatthewWilkes has quit IRC18:44
*** zagy has quit IRC18:47
*** allisterb has joined #zope18:49
*** allisterb has quit IRC18:55
*** yuvilio has quit IRC18:59
*** davisagli|away is now known as davisagli19:03
*** redir has joined #zope19:07
janjaapdriessenagroszer: cool!19:07
*** thetet has quit IRC19:08
mgedminoh, buildbot, ...19:12
*** davisagli is now known as davisagli|away19:13
*** davisagli|away is now known as davisagli19:18
CIA-7janjaapdriessen * r117387 grokproject/ (/ .): Inlining bootstrap.py19:19
*** alvaro_o has joined #zope19:20
*** davisagli is now known as davisagli|away19:28
*** benji is now known as benji-lunch19:29
*** alecm has quit IRC19:30
*** allisterb has joined #zope19:38
*** runyaga has quit IRC19:42
*** runyaga has joined #zope19:43
*** zenwryly has joined #zope19:44
*** redir_ has joined #zope19:44
*** redir has quit IRC19:46
*** redir_ has quit IRC19:46
*** tisto has quit IRC19:46
*** tisto has joined #zope19:47
*** tisto has quit IRC19:52
*** yuvilio has joined #zope19:58
*** JaRoel|4D has quit IRC19:59
*** alexpilz has quit IRC20:01
*** alga has joined #zope20:02
*** MrWu has quit IRC20:07
*** evilbungle has quit IRC20:09
*** davisagli|away is now known as davisagli20:10
*** bigkevmcd has quit IRC20:11
*** daMaestro has quit IRC20:24
*** benji-lunch is now known as benji20:31
CIA-7jim * r117388 ZODB/ (HISTORY.txt src/CHANGES.txt):20:33
CIA-7Updated change logs in preparation for 3.10.0 release:20:33
CIA-7- Moved 3.9 changes to HISTORY.txt.20:33
CIA-7- Consolidated 3.10 pre-release entries.20:33
CIA-7- Removed 3.10 (bug fix) entries for fixes that were in 3.9, so the20:33
CIA-73.10 changes are from 3.9.20:33
*** smita has quit IRC20:39
*** JaRoel|4D has joined #zope20:42
*** redir has joined #zope20:47
*** menesis has quit IRC20:48
*** __mac__ has joined #zope20:55
*** binbrain has joined #zope20:59
*** janjaapdriessen has quit IRC21:10
*** redir has quit IRC21:23
*** alexpilz has joined #zope21:30
*** fredvd has quit IRC21:34
CIA-7jim * r117389 ZODB/ Added missing framework for ZODB.21:38
CIA-7jim * r117390 /ZODB/branches/3.10: release branch21:38
CIA-7jim * r117391 ZODB/ Now that there's a 3.10 release branch...21:38
CIA-7jim * r117392 /ZODB/tags/3.10.0: tag21:38
CIA-7jim 3.10.0 * r117393 ZODB/ *** empty log message ***21:38
*** runyaga has quit IRC21:40
*** evilbungle has joined #zope21:45
*** evilbungle has quit IRC21:46
*** binbrain has quit IRC21:48
*** davisagli is now known as davisagli|away21:48
*** agroszer has quit IRC21:50
*** redir has joined #zope21:52
*** redir has quit IRC21:54
*** daMaestro has joined #zope22:08
*** pepeu has joined #zope22:09
*** teix has quit IRC22:26
*** giampaolo has joined #zope22:28
*** redir has joined #zope22:41
*** pepeu has quit IRC22:48
*** daMaestro has quit IRC22:54
*** davisagli|away is now known as davisagli23:04
*** MrTango has quit IRC23:04
*** webmaven has quit IRC23:05
*** ccomb has quit IRC23:09
*** srichter has quit IRC23:11
*** ccomb has joined #zope23:11
*** webmaven has joined #zope23:13
*** __mac__ has quit IRC23:16
*** menesis has joined #zope23:19
*** tiwula has joined #zope23:25
*** dvschramm has quit IRC23:29
*** kleist has quit IRC23:46
*** tiwula has quit IRC23:53
*** daMaestro has joined #zope23:53
*** alecm has joined #zope23:56

Generated by 2.15.1 by Marius Gedminas - find it at!