MoinMoin: MoinMoinChat/Logs/moin-dev/2009-02-17

2009-02-17T00:00:00  * dreimark thinks about adding an underlay dir to extensions. So features can be described there
2009-02-17T03:04:05  *** moinBot` has joined #moin-dev
2009-02-17T03:04:51  *** moinBot has quit IRC
2009-02-17T03:44:18  *** moinBot has joined #moin-dev
2009-02-17T07:08:49  *** starGaming has quit IRC
2009-02-17T10:56:50  <dreimark> moin
2009-02-17T12:01:56  <ThomasWaldmann> moin
2009-02-17T12:02:21  <ThomasWaldmann> http basic auth done by moin works :)
2009-02-17T12:08:39  <TheSheep> \o/
2009-02-17T12:09:19  <ThomasWaldmann> i am just thinking about 2 options:
2009-02-17T12:09:55  <ThomasWaldmann> should there be an option for "shall moin emit 401 WWW-Authorize"?
2009-02-17T12:10:25  <ThomasWaldmann> should there be an option to enable login by invalid users?
2009-02-17T12:28:44  <dreimark> what is an invalid user there ?
2009-02-17T12:29:49  <TheSheep> dreimark: one that's not registered
2009-02-17T12:32:54  <dreimark> I think then it should not be possible otherwise you mix a welldefined auth with an undefined onw
2009-02-17T12:33:02  <dreimark> s/onw/one
2009-02-17T12:41:21  <ThomasWaldmann> for now, I'll just commit it without those options
2009-02-17T12:42:14  <dreimark> :)
2009-02-17T12:44:32  <ThomasWaldmann> the idea behind 1) was to have OPTIONAL http auth if somebody/something sends authorization headers without needing being asked for it
2009-02-17T12:44:49  <ThomasWaldmann> some of our old xmlrpc scripts worked like that
2009-02-17T12:45:02  <ThomasWaldmann> i don't know how rss feed readers supporting auth work
2009-02-17T12:46:07  <TheSheep> they just remember the password
2009-02-17T12:46:40  <ThomasWaldmann> and do they need to be asked via 401 header or do they just ever send authorization header?
2009-02-17T12:46:56  <TheSheep> ah, good question
2009-02-17T12:48:13  <ThomasWaldmann> the idea behind 2) was not to block completely for users without account and maybe even autocreate user profiles with the data they enter
2009-02-17T12:48:22  <ThomasWaldmann> so they would ad-hoc become valid users
2009-02-17T12:48:57  <ThomasWaldmann> that's similar to moin_login auth (everybody can become a valid user there, too, using the user creation form)
2009-02-17T12:49:12  <ThomasWaldmann> that doesn't mean he gets acl rights, though
2009-02-17T12:50:53  <ThomasWaldmann> otoh, we won't get the email of the user that way...
2009-02-17T12:54:14  <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4595:59728f08e040 1.9/MoinMoin/auth/http.py: HTTPAuthMoin: http basic auth done by moin
2009-02-17T13:08:08  <ThomasWaldmann> bbl
2009-02-17T16:32:31  *** coreyleong has joined #moin-dev
2009-02-17T16:55:21  <dreimark> bbl2
2009-02-17T17:47:10  *** xorAxAx has quit IRC
2009-02-17T17:47:52  *** xorAxAx has joined #moin-dev
2009-02-17T18:57:43  *** grzywacz has joined #moin-dev
2009-02-17T19:45:50  *** starGaming has joined #moin-dev
2009-02-17T20:10:49  <dreimark> http://www.sans.org/top25errors/
2009-02-17T20:12:58  <TheSheep> dreimark: the language of that text, and it's focus on who did it and what are the benefits, instead of what are the errors, is disturbing
2009-02-17T20:13:09  <TheSheep> s/it's/its
2009-02-17T20:13:34  <dreimark> see here scroll 60% downhttp://www.sans.org/top25errors/#s2
2009-02-17T20:16:05  <TheSheep> yes, I did, I just find the fact that they don't focus on it disturbing :)
2009-02-17T20:16:15  <TheSheep> like they are CEOs or something
2009-02-17T20:17:06  <dreimark> me too but seems they honor the people working for it
2009-02-17T20:18:34  * TheSheep honors the work
2009-02-17T20:21:48  <dreimark> :)
2009-02-17T20:33:04  <TheSheep> dreimark: especially when you contrast it with language used in the actual bug descriptions: Computers have a strange habit of doing what you say, not what you mean. Insufficient output encoding is the often-ignored sibling to poor input validation, but it is at the root of most injection-based attacks, which are all the rage these days...
2009-02-17T20:33:16  <ThomasWaldmann> that article could be significantly improved by stripping the top 50% blabla
2009-02-17T20:33:41  <TheSheep> ThomasWaldmann: then the ceos wouldn't read it
2009-02-17T20:38:40  <ThomasWaldmann> btw, what's "blabla" in english, polish, ...? :)
2009-02-17T20:38:58  <TheSheep> blabla
2009-02-17T20:39:03  <TheSheep> blah blah
2009-02-17T20:39:10  <TheSheep> ble ble
2009-02-17T20:39:19  <ThomasWaldmann> hehe
2009-02-17T20:39:32  <TheSheep> bełkot is the noun
2009-02-17T20:39:38  <TheSheep> blubbering
2009-02-17T20:42:06  <ThomasWaldmann> http://geekandpoke.typepad.com/ :)
2009-02-17T21:25:52  <ThomasWaldmann> btw, browser language detection is broken on mm 1.9
2009-02-17T22:33:14  <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4596:ea636cd71757 1.9/MoinMoin/auth/http.py: using public werkzeug api: rather use abort(x) than raise _ProxyException(x)
2009-02-17T23:11:48  <dreimark> currently the credits for mathtran is removed after the formular is saved as cache file. How can we solve that?
2009-02-17T23:35:41  *** coreyleong has quit IRC
2009-02-17T23:46:49  <CIA-38> Reimar Bauer <rb.proj AT googlemail DOT com> default * 360:f57de7994cf6 1.7-extensions/data/plugin/ (3 files in 2 dirs): mathtran, inline_latex, text_x_mathtran: fixed comments