IRC log of #zope3-dev for Sunday, 2005-03-27

*** __gotcha has quit IRC00:24
*** Aiste has quit IRC00:42
* andrew_m is away: I'm away00:47
*** bradb_ has joined #zope3-dev00:48
*** d2m has joined #zope3-dev00:56
*** bradb has quit IRC00:56
*** bradb_ is now known as bradb00:59
*** d2m has quit IRC01:22
*** ChanServ sets mode: +o hazmat01:50
*** Arnia has joined #zope3-dev02:04
*** bskahan has joined #zope3-dev02:50
*** bskahan has quit IRC04:07
*** bskahan has joined #zope3-dev04:12
*** bskahan has quit IRC04:35
*** bskahan has joined #zope3-dev05:02
*** projekt01 has left #zope3-dev05:27
*** Arnia has left #zope3-dev05:29
*** bskahan has quit IRC06:31
*** tvon has quit IRC06:40
*** tvon has joined #zope3-dev06:52
*** BjornT has quit IRC08:17
*** ignas has joined #zope3-dev11:48
*** bradb has quit IRC11:57
*** bradb has joined #zope3-dev12:01
*** admp has joined #zope3-dev12:12
*** admp has quit IRC12:14
*** ignas has quit IRC12:33
*** hazmat has quit IRC13:28
*** hazmat has joined #zope3-dev14:42
*** philiKON has joined #zope3-dev14:53
*** Arnia has joined #zope3-dev15:17
*** admp has joined #zope3-dev15:30
*** philiKON has quit IRC15:44
* andrew_m is away: cycling16:00
* shapr is away: unicycling!16:00
Arniashapr: Juggle lions at the same time (but only in Kenya)16:02
shaprKenya is a bit far.16:03
shaprHey Arnia, have you seen House?16:03
shaprGHC RTS on the bare metal with tcp/ip stack!16:03
ArniaSounds very cool16:04
shaprit is quite nifty.16:04
ArniaSo its a haskell kernel?16:04
shaprI want to mix QuickCheck and that TCP/IP stack to see if I can find some really interesting network bugs.16:04
shaprSort of, it's the GHC RTS.16:05
ArniaYay :)16:06
*** efge has joined #zope3-dev16:12
*** admp has quit IRC16:22
*** admp has joined #zope3-dev16:27
*** stub has joined #zope3-dev16:48
* andrew_m is back (gone 01:10:16)17:10
*** bskahan has joined #zope3-dev17:17
*** Arnia has quit IRC17:37
*** stub has quit IRC17:41
*** Arnia has joined #zope3-dev17:41
*** stub has joined #zope3-dev17:49
*** insanekane has joined #zope3-dev17:49
insanekanehi, is it possible in the MessageBoard example (from the Content Object section in the Zope Book), to store the data on one ZODB Storage, and the views on a seperate ZODB Storage ?17:50
efgestore the views ? what do you mean ?17:52
insanekaneefge: well, im not entirely sure about this ... but im talking abt the DTML views/editors etc ...17:52
insanekaneefge: basically, i want access to the "data" objects/components to a PyQt GUI application using the ZEO ClientStorage ... just the data, not the DTML views17:53
insanekaneefge: in the case of Messageboard, i want access to the messages, etc but not the html-based GUI .... as i understand it, both the data and the view is stored in the same Storage ?17:54
insanekaneefge: currently, when i use a GUI to access the database, i need to have Zope in my python path, otherwise i may not be able to read the database ... so i want to reduce this dependence to just ZODB for my PyQt client17:56
*** projekt01 has joined #zope3-dev18:06
ArniaYou want to access the database directly? You could use a RESTful or XML-RPC view instead18:10
insanekaneArnia: no, my database is complex, i want to use ZODBs transperancy18:10
ArniaAre you using Zope3 or just the ZODB?18:11
insanekaneArnia: both18:11
ArniaWell, views in Zope3 are defined on the file-system (unless you're doing TTW development, which I'm not a big fan of...)18:12
insanekaneArnia: oh right ...18:13
insanekaneArnia: so the db that Zope3 uses ... it wont contain any DTML ?18:13
insanekaneArnia: it, only "data" objects ?18:14
ArniaWell... it can also include utilities and the like... but its all instance data18:14
insanekaneArnia: basically, when i connect my PyQt app, via ClientStorage to a Zeo server (which the Zope3 uses), then I can get away with my client not having Zope3 installed (atleast not in full) ?18:15
ArniaHmm... you can, but since much of Z3 is now just libraries for dealing with a component architecture and tools using a component architecture I'm not sure its that big a deal. Pick those libraries you use and their dependents18:16
insanekaneArnia: what abt Access control ? is it also implemented in this way ?18:17
*** Aiste has joined #zope3-dev18:17
insanekaneArnia: Zope3 is 28 MB ...18:17
insanekaneArnia: i dont need a 28MB client app :)18:17
ArniaThe full Z3 distro is 28 Mb, you won't need all of it though18:18
insanekaneArnia: aha ok ..18:18
ArniaAccess control is handled through and I believe18:18
insanekaneArnia: has there been any work done related to Zeo StorageServer, to allow authentication/authorization information to be used to restrict clients of ZEO ?18:19
insanekaneArnia: the acl in Zope ie ..18:19
ArniaI'm not aware of any work on ZEO with Zope318:19
ArniaZope3 is very very different18:19
insanekaneso ... Zope3 doesnt use ZODB ??18:20
insanekaneno, thats not possible ... it must use it ... sorry18:20
ArniaSorry, those two lines were responding to different things18:20
insanekaneArnia: basically, i want to use PyQt clients, to view/edit data in the ZODB (via ZEO), and also use Zope3 views to view and edit this data ...18:21
ArniaWhat I was saying was that Zope3's security model is different... more modular. I'm just not aware of whether that has an impact on any security mechanisms in ZEO18:22
ArniaZ3 uses the ZODB of course, but its not so much a be-all and end-all as it was in Z218:22
insanekaneoho ... so there is no connection between them >18:22
insanekaneat all ?18:22
insanekaneok ..18:22
insanekaneso, there is no connection between security in ZEO and security in ZODB at all ?18:22
ArniaI don't know. I'm not that well-versed. I do know that Zope3 makes a clear difference between security mechanisms and security policy18:23
insanekaneok ..18:23
ArniaIf you want to go delving..., and are the core of the security mechanisms18:23
insanekaneArnia: so what do you think would be a good way, to modify StorageServer to use the Zope3 security system to restrict clients ?18:23
insanekanehehe ok :)18:23
insanekanethanks .. i will look them up :)18:24
Arniainsanekane: I have to say I don't like the idea of having the database so exposed as it seems to be in your design. I like protecting my data sinks with immigration and customs and excise agents ;)18:25
ArniaBut that's a design choice :)18:25
insanekaneArnia: well, thats the point ..18:26
insanekaneArnia: currently, ZEO security is very weak ..18:26
ArniaUse Zope3's power then :)18:26
insanekaneand im looking for ways to use the Zope3 security system to restrict clients but also to do so transperantly, to a ZODB client18:26
insanekaneArnia: well, thats what i need to do apparently18:27
insanekaneArnia: to use Zope3's power .. although i only now have a clue thanks to you ;)18:27
ArniaWhat does your application do?18:27
insanekanewell, my application is irrelavant18:27
insanekanewhat i need to accomplish is to have PyQt as a client, instead of the webbrowser18:28
insanekaneie, an application in PyQt18:28
insanekanebut ZEO security is not tied into Zope ...18:28
insanekaneso i cannot reuse the wonderful security system Zope3 uses18:29
ArniaI wouldn't directly access the database personally... seems badly coupled18:29
insanekanewhy ? Zope should only handle the webbrowser view18:29
ArniaThe database has no idea as to the meaning of the objects (expressed by component architecture interfaces)18:29
ArniaZope3 is *not* a web-app server18:29
ArniaWell it is, but that's not its sole aim18:30
insanekaneyes i noticed :)18:30
ArniaIts a component architecture... its a means of developing modular applications18:30
ArniaThe web app server is just a nice demonstration18:30
ArniaThe ZODB is just one possible 'storage' component for the whole system :)18:32
insanekaneArnia: understood ... and i will be using (a part of) Zope3 on the client ..18:32
insanekanebut certainly not all of it18:32
insanekanesecond thing: i do need to use ZODB - to synchronise my clients easily18:32
ArniaAha... that changes things. What you really want is a small Z3 stack on each client then18:33
insanekanethird thing: ZEO security gives complete access to everyone if they get in with a username/password ... to remove it, we have to use the data in the objects themselves, to restrict client access18:33
insanekaneto remove it = to change that18:33
insanekaneArnia: no, not just running Zope3 on client ... but also, we have to implement security at the server18:34
insanekanethe server being ZEO18:34
ArniaWhat do you mean 'security at the server' what sort of security?18:34
insanekanewell, ZEO+Z3 .. a small part of Z318:34
insanekaneArnia: well, in Zope3, they use ACLs to restrict client access ...18:34
insanekanewhy cant ZEO reuse the ACLs (that it itself stores), to restrict other types of clients, other than the Zope3 itself (say for eg, a pyQt client)18:35
insanekaneobviosly, ZEO must be extended to recognize the extra info on each object ...18:36
ArniaZEO would have to become part of the component architecture18:36
Arnia(or understand it)18:36
insanekanewell, sort of18:36
insanekanesome part of it yes18:36
insanekanenot ZEO itself18:36
insanekanebut the ClientStorage protocol must understand it18:36
ArniaThe problem is, this seems like an edge case to me. I'm not sure how many people will use ZEO to perform end-user sync :)18:37
insanekanewell, whats the problem with using ZEO like that ?18:37
insanekaneArnia: wont it be able to handle that ?18:38
insanekaneArnia: isnt that the point of Zeo being scalable and all that ?18:39
ArniaWell, I'm not sure if ZEO's security model is that strong to deal with untrustworthy clients. Remember, its usually used for replication of a database for load-balancing.18:40
ArniaIt doesn't have any real knowledge of what's being replicated18:40
*** BjornT has joined #zope3-dev18:41
ArniaIt could be extended to have that ability I guess, but if you want it urgently I have a feeling you'd have to do it yourself18:41
insanekaneArnia: yes i agree with that :)18:43
ArniaHmm... if you want 'transparent' access to objects between Zope3 and python, use XML-RPC views in Z3 to proxy the objects across the internet (with full Z3 security)18:46
ArniaYou could probably cache the object proxies too18:47
ArniaThat's probably easier than unpicking ZEO :)18:47
*** tvon has quit IRC18:50
*** tvon has joined #zope3-dev18:50
*** stub has quit IRC18:52
insanekaneArnia: but i still have to write marshalling/unmarshalling code right ...18:53
insanekanei cant do that ... the number of classes i need is large18:54
*** stub has joined #zope3-dev18:55
Arniainsanekane: I think there is a python library which handles that18:56
insanekaneArnia: what do you mean ?18:59
*** bskahan has quit IRC18:59
insanekaneArnia: you mean xmlrpclib ?18:59
insanekaneArnia: it generates python proxies for objects ?19:00
insanekaneArnia: do you remember the name of such a library ?19:01
*** stub has left #zope3-dev19:04
*** tvon has quit IRC19:07
*** tvon has joined #zope3-dev19:11
Arniainsanekane: One moment... just searching19:12
Arniaxmlrpclib allows calling methods on remote objects (such as those defined by an xmlrpc:view in Z3)... do you need local caching of the objects as well? If so, I'd probably use interfaces to (as far as possible) automatically create the proxies19:15
insanekaneArnia: yes i need local caching as well20:07
insanekaneArnia: but will it automatically update when the instances are changed at the client/server ?20:07
*** palmTreex has joined #zope3-dev20:10
ArniaHmm... maybe ZEO is your best bet... but you'll probably have to fiddle :)20:13
insanekaneArnia: i guessed as much ..20:13
insanekaneArnia: does Zope use the __roles__ in each object to denote the acl ?20:13
insanekaneerr Zop320:13
ArniaErr... Zope3 doesn't have any notion of roles20:17
insanekanei mean in the default securitypolicy ..20:18
*** palmTreex has quit IRC20:18
insanekaneArnia: is there some registry mapping roles/users to permissions ?20:18
ArniaIPrinicipalRoleMap I think... haven't used it yet though20:19
ArniaBut I wouldn't rely on a single security policy really... you may wish to change it20:19
insanekaneyou mean, not use the concept of Roles ?20:20
insanekanebut using Roles makes things easier right ?20:20
ArniaIt makes it easier for the sysadmin20:21
ArniaThe actually code should only be thinking in terms of permissions20:21
insanekaneArnia: ah yes, of course :)20:24
* Arnia forces himself to stop repeatedly watching the "Movie Trailer" hitch-hiker's guide trailer20:35
ArniaI've watched it four times in the past quarter of an hour20:37
ArniaThis is becoming a bad habit :)20:37
ArniaHey, I've long been an h2g2 fan... I've been waiting for the next incarnation for ages20:38
insanekanehehe :) ive only read the book20:38
insanekaneand i liked it a lot20:39
ArniaThe great thing about h2g2 is that every incarnation is completely different... deliberately so :)20:40
insanekaneincarnation ??20:40
insanekaneur talking abt hitchikers guide to the galaxy right ?20:41
insanekaneright ...20:41
ArniaEach version is very different... and that's good. Means more new material in each :)20:41
ArniaWell, the radio series (the first version of the guide) and the TV series were similar I suppose (even much of the same cast)20:42
insanekanehmm ..20:44
insanekaneand the book was totally different ?>20:44
ArniaSame feel, same style, same humour, same starting point... the plot is pretty similar, but there are differences20:45
ArniaBut then the plot isn't really the point of h2g2 :)20:45
insanekaneindeed :)20:46
insanekaneArnia: would you say that Zope3 is production-grade ?20:46
insanekaneas of 3.0.020:46
ArniaHmm... yes, I would say its suitable for deployment in and of itself. You just have to learn the concepts properly so you produce a production grade solution yourself :)20:47
insanekanehmm ok20:48
ArniaBut yes... the strong focus on testing (unit and functional) and the powerful abstractions afforded by the component architecture definitely make Z3 production-grade to me20:50
ArniaBut definitely make maximum use of the testing frameworks in Z320:53
*** admp has quit IRC20:58
*** admp has joined #zope3-dev21:01
*** admp has quit IRC21:06
*** admp has joined #zope3-dev21:13
*** efge has quit IRC21:17
*** wfamy has joined #zope3-dev21:31
wfamyI try to install the psycopgda under zope3 instance fro cvn but i do not see it under the zmi. is it the right channel?21:35
*** admp has quit IRC21:41
*** admp has joined #zope3-dev21:49
wfamysee you22:07
*** projekt01 has quit IRC22:07
*** wfamy has quit IRC22:07
*** Arnia has quit IRC22:16
*** admp has joined #zope3-dev23:14
*** bskahan has joined #zope3-dev23:34
*** tvon has quit IRC23:45

Generated by 2.15.1 by Marius Gedminas - find it at!