IRC log of #zope for Wednesday, 2010-12-22

*** jim_SFU has quit IRC		00:04
CIA-78	achapman * r119039 /zc.monitorcache: - add zc.monitorcache	00:19
CIA-78	achapman * r119040 /zc.monitorcache/ (tags trunk branches): - project structure	00:19
*** ccomb has joined #zope		00:25
*** giampaolo__ has joined #zope		00:28
CIA-78	achapman * r119041 zc.monitorcache/ (11 files in 5 dirs): - Add files	00:33
CIA-78	achapman * r119042 zc.monitorcache/: - add more ignores	00:33
*** allisterb has quit IRC		00:59
*** J1m has quit IRC		01:05
*** m8 has quit IRC		01:05
*** Arfrever has quit IRC		01:15
*** neo\|4D has quit IRC		01:17
CIA-78	gotcha * r119043 gocept.selenium/CHANGES.txt: update changelog	01:18
CIA-78	gotcha * r119043 gocept.selenium/CHANGES.txt: update changelog	01:40
*** mr_jolly has joined #zope		01:48
*** menesis has left #zope		01:59
*** mr_jolly has left #zope		02:02
*** ccomb has quit IRC		02:16
*** mr_jolly has joined #zope		02:16
*** MrTango has quit IRC		02:30
CIA-78	ulif * r119044 /grok/branches/ulif-docs2sphinx: Create branch for complete docs update, including shift to newer sphinx (getting rid of grokdocs).	02:31
*** mr_jolly has quit IRC		02:36
*** alga has quit IRC		02:42
*** giampaolo__ has quit IRC		02:45
*** giampaolo_ has quit IRC		02:45
*** supton_ has joined #zope		02:45
*** supton has quit IRC		02:45
*** supton_ is now known as supton		02:45
CIA-78	ulif ulif-docs2sphinx * r119045 grok/setup.py: Declare dependencies for doc building.	02:46
CIA-78	ulif ulif-docs2sphinx * r119046 grok/buildout.cfg:	02:46
CIA-78	Use Sphinx directly to build the docs, deploying	02:46
CIA-78	`collective.recipe.sphinxbuilder`.	02:46
*** supton has quit IRC		02:50
*** astoon has quit IRC		02:54
CIA-78	ulif ulif-docs2sphinx * r119047 grok/grokdocs/src/grokdocs: Remove SVN external.	03:02
CIA-78	ulif ulif-docs2sphinx * r119048 grok/ (grokdocs buildout.cfg CHANGES.txt): Remove grokdocs subpackage. Docs are now created via a buildout recipe.	03:02
*** astoon has joined #zope		03:03
*** allisterb has joined #zope		03:11
CIA-78	ulif ulif-docs2sphinx * r119049 grok/doc/conf.py: Use `pkg_resources` to get version number.	03:17
CIA-78	ulif ulif-docs2sphinx * r119050 grok/doc/conf.py: Update year.	03:17
*** alvaro_o has quit IRC		03:17
*** davisagli is now known as davisagli\|away		03:19
*** tiwula has quit IRC		03:24
*** fredvd\|shop has quit IRC		03:34
*** davisagli\|away is now known as davisagli		03:43
*** daMaestro has quit IRC		03:46
*** davisagli is now known as davisagli\|away		03:47
*** davisagli\|away is now known as davisagli		04:00
*** davisagli is now known as davisagli\|away		04:02
*** davisagli\|away is now known as davisagli		04:25
*** shastry has quit IRC		04:27
*** astoon has quit IRC		05:29
*** davisagli is now known as davisagli\|away		05:32
*** davisagli\|away is now known as davisagli		05:36
*** davisagli is now known as davisagli\|away		05:46
*** davisagli\|away is now known as davisagli		05:52
*** benji has quit IRC		06:14
*** redir has quit IRC		06:26
*** davisagli is now known as davisagli\|away		06:34
*** astoon has joined #zope		06:38
*** __mac__ has joined #zope		06:50
*** davisagli\|away is now known as davisagli		06:55
*** sm has quit IRC		07:49
*** redir has joined #zope		07:55
*** davisagli is now known as davisagli\|away		08:07
*** astoon has quit IRC		08:11
*** davisagli\|away is now known as davisagli		08:17
*** indraveni has joined #zope		08:27
indraveni	hi all	08:27
indraveni	does zope server supports http methods , PUT, POST, GET, TRACE etc	08:28
indraveni	is so how to configure it securely so that all those are denied and allow only post, get and options	08:28
indraveni	as we do in apache server	08:28
indraveni	hello	08:33
indraveni	is this channel live?	08:33
*** tisto has joined #zope		08:38
*** zagy has joined #zope		08:40
xanalogica	indraveni, the channel is live; there are 44 other people here	08:40
xanalogica	your question is odd - yes, ZServer supports various HTTP methods but you don't enable/disable such low-level aspects. You define permissions/roles on the objects within Zope.	08:41
xanalogica	I know that Apache does that - but it does not match up with the way Zope works.	08:42
*** wosc has joined #zope		08:45
*** tisto is now known as tisto\|away		08:50
*** __mac__ has joined #zope		08:55
*** indraveni has left #zope		08:57
*** tisto\|away is now known as tisto		09:34
*** davisagli is now known as davisagli\|away		09:51
*** MrTango has joined #zope		09:57
*** eperez has joined #zope		10:00
*** goschtl has joined #zope		10:12
*** neo\|4D has joined #zope		10:16
*** digitalmortician has joined #zope		10:17
*** planetzopebot has quit IRC		10:33
*** planetzopebot has joined #zope		10:34
*** __mac__ has quit IRC		10:38
*** __mac__ has joined #zope		10:40
*** ccomb has joined #zope		10:41
*** alga has joined #zope		10:42
*** tisto is now known as tisto\|away		11:11
*** Theuni_ has joined #zope		11:20
*** Theuni_ is now known as Guest7403		11:20
*** Guest7403 has quit IRC		11:22
*** Theuni__ has joined #zope		11:22
*** tmassman has joined #zope		11:30
*** sunew has joined #zope		11:33
*** sylvain has joined #zope		11:34
*** menesis has joined #zope		11:40
*** RichardBarrell has quit IRC		12:01
CIA-78	ulif ulif-docs2sphinx * r119051 grok/doc/ (upgrade.txt reference/functions.rst): Fix markup.	12:03
CIA-78	ulif ulif-docs2sphinx * r119052 grok/doc/contents.rst: Add glossary in tree structure.	12:03
*** gwik has quit IRC		12:08
*** xanalogica has quit IRC		12:09
*** mr_jolly has joined #zope		12:10
*** alga has quit IRC		12:13
*** tmassman has quit IRC		12:14
*** xanalogica has joined #zope		12:23
*** alga has joined #zope		12:24
*** gwik has joined #zope		12:32
CIA-78	ulif ulif-docs2sphinx * r119053 grok/doc/index.rst: Anchor contents.rst in doctree structure and give index a name.	12:33
*** hever has joined #zope		12:33
*** teix has joined #zope		12:37
*** hever has quit IRC		12:38
*** drmarkafriedman has joined #zope		12:38
*** hever has joined #zope		12:40
CIA-78	ulif ulif-docs2sphinx * r119054 grok/doc/contents.rst: Include README.rst in toctree structure.	12:48
CIA-78	ulif ulif-docs2sphinx * r119055 grok/doc/README.rst: Update README to reflect changes.	12:48
CIA-78	ulif ulif-docs2sphinx * r119056 grok/CHANGES.txt: Tell more about the new documentation toolchain.	12:48
*** goschtl has quit IRC		13:03
*** mr_jolly has left #zope		13:21
*** mr_jolly has joined #zope		13:27
*** gayathri has joined #zope		13:37
gayathri	hi	13:37
gayathri	is there a way to hide the zope server signature	13:37
betabug	probably in apache setup	13:37
gayathri	apache setup is hiding apache signature but not zope signature	13:38
betabug	hu?	13:38
*** vipod has joined #zope		13:38
betabug	there's just one "Server" header IIRC	13:39
gayathri	I don't know, but in my apache conf, i have server signature off and servertokens prod, still I see the following	13:40
gayathri	Server: Zope/(unreleased version, python 2.4.6, linux2) ZServer/1.1 Plone/3.3.5	13:40
gayathri	when i see the http header information	13:40
betabug	http://httpd.apache.org/docs/1.3/misc/FAQ.html#serverheader	13:41
*** yvl has quit IRC		13:43
gayathri	the information given in that link is hiding apache information	13:43
gayathri	but the above information is still available	13:43
gayathri	i am sorry not in http header i should say	13:43
gayathri	actually, I am trying to connect to my server using	13:44
gayathri	telnetl localhost 80	13:44
betabug	in which header then?	13:44
gayathri	and then	13:44
gayathri	OPTIONS / HTTP/1.1	13:44
gayathri	Host:localhost	13:44
gayathri	in reply to this I see the above pasted Server:...	13:44
gayathri	can this be hided?	13:44
*** yvl has joined #zope		13:45
betabug	http://tech.groups.yahoo.com/group/zope/message/184344	13:46
gayathri	i have seen that post earlier, but din't get the monkey patch	13:47
gayathri	and how tht helps me in unclear	13:47
betabug	there is no monkey patch	13:47
betabug	you change it in the apache config	13:47
betabug	use mod_headers or something	13:48
gayathri	or where that medusa module i can get	13:48
betabug	or ServerTokens	13:48
*** __mac__ has quit IRC		13:52
*** drmarkafriedman has quit IRC		13:55
*** __mac__ has joined #zope		13:56
teix	gayathri: http://www.mydigitallife.info/2007/07/22/improve-apache-web-server-security-use-servertokens-and-serversignature-to-disable-header/	14:00
*** menesis has quit IRC		14:01
*** hever has quit IRC		14:01
*** menesis has joined #zope		14:02
gayathri	thankyou so much, mod_headers worked perfect	14:03
gayathri	even i see this, in my header	14:04
gayathri	Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK	14:04
gayathri	which means all my http methods are allowed,	14:04
gayathri	wherein in apache i added all Limit directives	14:04
gayathri	how do i deny all these methods, and i think they are of zope server and not of apache server	14:05
gayathri	and my vhost of apache of other directive shows that they are denied	14:05
gayathri	but vhost of zope configuration shows all these methods open	14:05
*** _baton_ has joined #zope		14:06
_baton_	Hi, is there any best practices for running zope virtual hosting with ssl ?	14:07
_baton_	I have a strange situation with login form, everuthing works fine only in firefox	14:07
*** gwik has quit IRC		14:08
*** gwik has joined #zope		14:09
*** ccomb has quit IRC		14:15
waldi	teix: evidence for that? for the attacker it is usualy much easier to launch all the attacks instead of selecting the correct ones. also this information may be incorrect	14:15
teix	waldi: right! following those steps doesn't mean site will be more secure	14:17
teix	waldi: as mentioned on apache docs: «Frequently, people want to remove this information, under the mistaken understanding that this will make the system more secure. This is probably not the case, as the same exploits will likely be attempted regardless of the header information you provide.»	14:18
teix	waldi: but i'm just trying to help gayathri anyway :)	14:18
gayathri	so how about disabling those http methods of the zope server	14:26
gayathri	is there any configuration to be done in zope configuration file?	14:27
waldi	gayathri: nope. this are all standard methods	14:32
*** fredvd has joined #zope		14:32
*** fredvd\|meeting has joined #zope		14:33
*** menesis has quit IRC		14:34
*** fredvd\|sport has joined #zope		14:35
*** menesis has joined #zope		14:35
*** benji has joined #zope		14:36
*** fredvd\|sport is now known as fredvd_		14:36
*** benji has quit IRC		14:36
gayathri	ok this also i was able to manage with mod_headers	14:36
gayathri	thanks to all	14:36
betabug	cool, glad it worked	14:37
*** fredvd has quit IRC		14:37
betabug	_baton_: check wiki.zope.org/Zope2/ZopeAndApache	14:38
*** fredvd\|meeting has quit IRC		14:38
_baton_	betabug, thanks for attention, but wiki.zope.org/Zope2/ZopeAndApache is broken	14:39
betabug	hmmm	14:39
*** gayathri has quit IRC		14:39
betabug	maybe I made a mistake in the link	14:39
_baton_	meanwhle, I am intersintg if I have running instance on http://localhost:8092/VirtualHostBase/https/testapp.localhost:443/portal/VirtualHostRoot/	14:40
betabug	_baton_: anyway, head over to betabug.ch/zope/witch for your rewrite rule	14:40
_baton_	do testapp.localhost works both http and https ?	14:40
betabug	do not try to debug rewriterules, just get a working one	14:41
betabug	hmmm, http://wiki.zope.org/zope2/ZopeAndApache	14:41
betabug	dunno what is different, but that works	14:41
teix	betabug: capital Z :)	14:42
betabug	oh, zope2 instead of Zope2, fun	14:42
betabug	yeah, just noticed	14:42
betabug	teix: how's life in .pt? everything fine?	14:42
teix	_baton_: witches give you working rewrite rules! :)	14:43
teix	betabug: fine thanks!	14:43
betabug	cool	14:43
teix	betabug: well almost... we are bombed all days with those crisis news on TVs and papers	14:45
teix	betabug: but real life is running well :)	14:45
betabug	haha, you ain't see nothing yet	14:45
betabug	teix: I sincerely hope your politicians will not f* up to the level of those criminals that they call "politicians" here	14:45
teix	betabug: let's see...	14:46
teix	betabug: but politicians popularity drops a lot on last few months	14:46
teix	but that is happening worldwide, i think...	14:47
*** thetet has joined #zope		14:47
*** vipod has quit IRC		14:53
*** vipod has joined #zope		14:54
betabug	well, the problem is that their popularity drops from all parties at once, so there is nobody that you honestly still can vote... result: the same bandits in government again	14:58
betabug	well, enough politics :-)	14:58
teix	betabug: I agree! with both sentences :)	15:01
*** alga has quit IRC		15:03
*** zagy1 has joined #zope		15:08
*** zagy has quit IRC		15:08
CIA-78	ulif * r119057 grokcore.content/src/grokcore/content/components.py: Extent documentation from grokdocs.	15:19
*** nitrogenycs has joined #zope		15:22
*** J1m has joined #zope		15:45
*** wosc has quit IRC		15:45
*** __mac__ has quit IRC		15:55
*** zagy1 has quit IRC		16:02
*** zagy has joined #zope		16:03
*** zagy has quit IRC		16:05
*** zagy has joined #zope		16:05
*** digitalmortician has quit IRC		16:05
*** tisto\|away is now known as tisto		16:20
*** Arfrever has joined #zope		16:21
*** alga has joined #zope		16:30
*** jim_SFU has joined #zope		16:44
*** jim_SFU has quit IRC		16:57
*** jim_SFU has joined #zope		16:57
*** chaoflow_ has quit IRC		16:58
*** chaoflow has joined #zope		16:58
giampaolo	http://pastebin.com/TycLMTZx this is an error I got in my zope log. Why is it compressed? Is there a way to get/log the original/complete traceback?	17:10
betabug	giampaolo: compressed? I seem to be seeing a complete traceback	17:11
giampaolo	no that's not	17:12
betabug	somehow it's trying to create a fax group 4 image?	17:12
betabug	giampaolo: what do you miss?	17:12
giampaolo	it does not tell the last call who caused the error, it only tells the method where that happened	17:13
giampaolo	which is create_jpg()	17:13
giampaolo	...but my create_jpg() is long... =)	17:13
betabug	Module PIL.ImageFile, line 180, in load called _getdecoder	17:13
betabug	and Module PIL.Image, line 376, in _getdecoder fails, with IOError: decoder group4 not available	17:13
betabug	line 234 in create_jpg is specific enough usually	17:14
betabug	but I don't know Products.INGBookService.bookservice_page :-)	17:14
mgedmin	do you need to?	17:14
mgedmin	PIL is unable to load that jpeg	17:15
giampaolo	I'm not interested in PIL.Image... I wanna know the last call of MY code who caused the error. And being that a compressed traceback message I can't	17:15
mgedmin	either that jpeg is broken, or PIL is broken (e.g. built without jpeg support)	17:15
mgedmin	isn't INGBookService your code?	17:16
betabug	giampaolo: well, what's on line 234 of bookservice_page ?	17:16
betabug	mgedmin: I don't think so, I think there is something telling PIL that a Fax image is asked for	17:17
mgedmin	(d'oh, jpg is the output format, not the input)	17:17
betabug	ah, so PIL is thinking that it is getting a fax image!	17:18
betabug	someone uploaded something with a strange extension I would guess!	17:18
*** dayne has joined #zope		17:18
*** digitalmortician has joined #zope		17:20
giampaolo	I'm not sure either, what annoys me is that that's NOT the original traceback message	17:25
*** zagy has quit IRC		17:27
*** zagy has joined #zope		17:28
betabug	you're not sure what's on line 234?	17:29
*** zagy has quit IRC		17:29
giampaolo	exactly, at line 234 I have a method, INSIDE that method a make a certain call which then causes the PIL error. In a standard python traceback message that part is expanded and shows exactly what call caused the error	17:33
betabug	hmm, I've never heard nor seen a "compressed traceback" in python	17:34
betabug	if it says 234, that's where my error is	17:35
giampaolo	betabug: if you take a look at that traceback message it's clear that is somewhat "compressed" as it's not indented	17:36
betabug	it is	17:36
betabug	all the lines starting with "Module" are indented	17:36
betabug	and in python docs I don't see anything that would "compress" a traceback	17:37
betabug	only "limit" to limit number of entries	17:38
giampaolo	https://bugs.launchpad.net/ubuntu/+source/python-imaging/+bug/234788	17:38
_mup_	Bug #234788: Phatch doesn't support decoder group4 TIF <Phatch:Fix Released by stani> <python-imaging (Ubuntu):New> < https://launchpad.net/bugs/234788 >	17:38
giampaolo	THAT is an actual traceback message	17:38
giampaolo	see? it contains the module paths	17:38
giampaolo	my traceback message don't	17:38
betabug	interesting	17:39
giampaolo	you can modify the traceback in python, for example by using a bare try/except clause and then use the traceback module	17:39
giampaolo	my best guess is that Zope does something like that	17:40
betabug	hmmm, let me check	17:40
betabug	probably yeah	17:41
giampaolo	yeha... :\	17:41
giampaolo	why the heck they did that I don't know	17:41
betabug	makes event.log neater	17:42
giampaolo	and developers life harder =)	17:42
betabug	I never even noticed, to tell the truth	17:42
giampaolo	and also, I have the impression that the traceback is compressed also when the server runs in foreground, in which case there's no even need to neat anything	17:43
mgedmin	zope uses its own exception formatter	17:43
mgedmin	for security reasons -- do not expose filesystem paths, do not expose source code	17:44
* mgedmin shrugs		17:44
mgedmin	I believe you can find the original Python traceback in the log file	17:44
mgedmin	but it won't tell you anything more: line 234 is it	17:44
betabug	yeah, I doubt that the line number is wrong	17:45
betabug	that would be really weird for a formatter to change	17:45
giampaolo	mgedmin: is there a way to tell Zope not to do that (have plain tracebacks)?	17:47
mgedmin	I don't remember	17:47
mgedmin	try poking in /Control_Panel/error_log or whatever it's called	17:47
CIA-78	menesis * r119058 zope.app.zopeappgenerations/ (CHANGES.txt setup.py): Preparing release 3.6.1	17:54
CIA-78	menesis * r119059 /zope.app.zopeappgenerations/tags/3.6.1: Tagging 3.6.1	17:54
CIA-78	menesis * r119060 zope.app.zopeappgenerations/ (CHANGES.txt setup.py): Back to development: 3.6.2	17:54
CIA-78	menesis 3.5 * r119061 zope.app.zopeappgenerations/ (CHANGES.txt setup.py): Preparing release 3.5.1	17:54
CIA-78	menesis * r119062 /zope.app.zopeappgenerations/tags/3.5.1: Tagging 3.5.1	17:54
CIA-78	menesis 3.5 * r119063 zope.app.zopeappgenerations/ (CHANGES.txt setup.py): Back to development: 3.5.2	17:54
*** digitalmortician has quit IRC		18:06
*** alvaro_o has joined #zope		18:08
*** davisagli\|away is now known as davisagli		18:08
*** supton has joined #zope		18:08
*** neo\|4D has quit IRC		18:14
*** davisagli is now known as davisagli\|away		18:15
*** sm has joined #zope		18:18
*** tiwula has joined #zope		18:22
*** alvaro_o has quit IRC		18:28
*** alvaro_o has joined #zope		18:28
*** dayne has quit IRC		18:29
*** menesis has quit IRC		18:42
*** sm_ has joined #zope		18:45
*** giampaolo has quit IRC		18:46
*** sm has quit IRC		18:48
*** sm_ is now known as sm		18:48
*** cwarner_ has joined #zope		18:52
*** redir has quit IRC		19:01
*** davisagli\|away is now known as davisagli		19:03
*** digitalmortician has joined #zope		19:05
*** tisto has quit IRC		19:08
*** alvaro_o has quit IRC		19:08
*** TomBlockley has joined #zope		19:10
*** alvaro_o has joined #zope		19:10
*** MrWu has joined #zope		19:14
*** vipod_ has joined #zope		19:22
*** hever has joined #zope		19:22
*** vipod has quit IRC		19:23
*** vipod_ is now known as vipod		19:23
*** supton has quit IRC		19:24
*** allisterb has quit IRC		19:28
*** Theuni__ has quit IRC		19:29
*** supton has joined #zope		19:29
*** thetet has left #zope		19:35
*** vipod_ has joined #zope		19:35
*** fredvd_ has quit IRC		19:36
*** RichardBarrell has joined #zope		19:38
*** vipod has quit IRC		19:38
*** vipod_ is now known as vipod		19:38
*** agroszer has joined #zope		19:43
*** allisterb has joined #zope		19:44
*** vipod has quit IRC		19:47
*** sunew has quit IRC		19:54
*** eperez has quit IRC		19:55
*** ccomb has joined #zope		19:58
*** MrWu has quit IRC		20:14
*** mcdonc has quit IRC		20:24
*** mcdonc has joined #zope		20:25
*** supton has quit IRC		20:25
*** sm has quit IRC		20:34
*** sm has joined #zope		20:36
*** alga has quit IRC		20:47
*** alga has joined #zope		20:48
*** redir has joined #zope		20:54
*** redir_ has joined #zope		20:54
*** alga_ has joined #zope		20:55
*** redir has quit IRC		20:58
*** alga has quit IRC		20:59
*** TomBlockley has quit IRC		21:01
*** RichardBarrell has left #zope		21:09
*** RaceCondition has joined #zope		21:10
*** hever has quit IRC		21:11
*** redir_ is now known as redir		21:25
*** agroszer has quit IRC		21:27
*** teix has quit IRC		21:44
*** hever has joined #zope		22:02
*** hever has quit IRC		22:03
*** sylvain has quit IRC		22:22
*** gwik has quit IRC		22:26
*** Theuni_ has joined #zope		22:30
*** Theuni_ is now known as Guest138		22:31
*** cwarner_ has quit IRC		22:34
*** snaffu has joined #zope		22:42
*** RaceCondition has quit IRC		22:46
*** xanalogica has quit IRC		22:49
*** RaceCondition has joined #zope		22:58
*** RaceCondition has quit IRC		22:58
*** gwik has joined #zope		23:06
*** Guest138 has quit IRC		23:44
*** chaoflow has quit IRC		23:53
*** chaoflow has joined #zope		23:56

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!