MoinMoin: MoinMoinChat/Logs/moin-dev/2007-10-24

2007-10-24T01:03:48  <ThomasWaldmann> http://www.cofundos.org/
2007-10-24T01:13:14  <TheSheep> hmm... php, not moin
2007-10-24T01:14:28  <TheSheep> although seems to be using moin's markup rules
2007-10-24T01:14:44  <starshine> oh?
2007-10-24T01:17:37  <starshine> hrm
2007-10-24T01:17:46  <starshine> yet another 'source exchange' site afaict
2007-10-24T01:19:18  <TheSheep> you have to start these with a community, and *then* make the site, not the other way around :)
2007-10-24T09:08:16  <ThomasWaldmann> moin
2007-10-24T09:32:24  <ThomasWaldmann> 2007-10-23 12:36:36,451 INFO TextCha: failure (u='baobs521', a='', ... q='Enter a m
2007-10-24T09:32:27  <ThomasWaldmann> oin core team member's last name.')
2007-10-24T09:33:21  <ThomasWaldmann> gotcha :)
2007-10-24T09:34:37  * ThomasWaldmann is a bit unsure about the one who entered "drive license" as answer to "What license do we mainly use?" :)
2007-10-24T09:38:36  <xorAxAx> well, it only proves that the question is unsuitable :)
2007-10-24T09:39:51  * ThomasWaldmann improved it :)
2007-10-24T09:57:29  <TheSheep> boobs?
2007-10-24T09:59:42  <ThomasWaldmann> hm?
2007-10-24T10:02:17  <grzywacz> lol
2007-10-24T10:09:39  <TheSheep> ThomasWaldmann: I think we should give them a chance and have at least a single question that accepts 'viagra <a href="...">' as the response ;)
2007-10-24T10:12:48  <xorAxAx> also this prooves that spammers are not only bots but cheap chinese people in some cases
2007-10-24T13:54:26  <ThomasWaldmann> gna, much too much getText with formatted=True (wrong default)
2007-10-24T14:00:57  <TheSheep> ThomasWaldmann: what does it do actually?
2007-10-24T14:02:18  <ThomasWaldmann> it returns a translation that is wiki-parsed/formatted
2007-10-24T14:02:55  <ThomasWaldmann> (as I removed the cache for that currently, this is quite expensive)
2007-10-24T14:04:48  <ThomasWaldmann> otoh, it only does this for stuff that is not called with formatted=False (before, it was formatting all strings once and then caching them to disk)
2007-10-24T14:05:54  <ThomasWaldmann> brb
2007-10-24T15:04:38  <johill> ThomasWaldmann: yeah I agree, the default seems odd now looking back
2007-10-24T15:06:18  <ThomasWaldmann> looks like I'll have some work in 1.6 adding some more formatted=False
2007-10-24T15:06:54  <johill> btw I ported the xmlrpc token change to 1.6
2007-10-24T15:06:57  <ThomasWaldmann> (or changing the default, if it is the same amount of work)
2007-10-24T15:07:01  <johill> you wanted that, right?
2007-10-24T15:07:14  <ThomasWaldmann> johill: is that this todo item on 1.6.0 todo?
2007-10-24T15:07:29  <johill> let me check
2007-10-24T15:07:49  <ThomasWaldmann> (there are also quite some xmlrpc related issues with open bugs for 1.6)
2007-10-24T15:08:24  <johill> yes, that's the todo
2007-10-24T15:08:33  <johill> the cookie needs no fixing since after this the uid is useless to an attacker
2007-10-24T15:09:50  <johill> http://johannes.sipsolutions.net/patches/moin/xmlrpc-auth-token.patch
2007-10-24T15:09:51  <johill> please review
2007-10-24T15:10:04  <johill> xorAxAx: you too, I changed wikisync
2007-10-24T15:10:09  <johill> mostly a port from 1.7 though
2007-10-24T15:11:56  <xorAxAx> thats an incorrect patch
2007-10-24T15:12:00  <xorAxAx> layering violation
2007-10-24T15:12:11  <johill> huh
2007-10-24T15:12:14  <xorAxAx> and will likely not work
2007-10-24T15:12:32  <johill> explain
2007-10-24T15:12:48  <xorAxAx> because the syncpages interface is completly auth agnostic isnt it?
2007-10-24T15:12:57  <johill> and?
2007-10-24T15:13:04  <xorAxAx> i mean, it only passes them into the wikisync module
2007-10-24T15:13:08  <johill> it still has to handle auth tokens
2007-10-24T15:13:31  <xorAxAx> the auth tokens are handled by the async batcher
2007-10-24T15:13:52  <ThomasWaldmann> +        @type usr: MoinMoin.user   < @param ?
2007-10-24T15:14:33  <xorAxAx> johill: hmm
2007-10-24T15:14:40  <johill> ah I see what you mean
2007-10-24T15:14:42  <xorAxAx> johill: i would prefer some close op
2007-10-24T15:14:52  <xorAxAx> johill: that doesnt have "token" in the name :)
2007-10-24T15:14:55  <johill> yeah the token is created in __init__
2007-10-24T15:15:07  <johill> so it seems this is mostly a rename
2007-10-24T15:15:10  <xorAxAx> yes
2007-10-24T15:15:41  <johill> ThomasWaldmann: hm, yeah
2007-10-24T15:16:03  <johill> I'll do those changes to 1.7 too then
2007-10-24T15:17:15  <ThomasWaldmann> some of that token handling stuff - isn't that more or less common with what's done for user sessions?
2007-10-24T15:17:39  <johill> it's a bit similar, yes
2007-10-24T15:18:11  <johill> but the session code is mostly concerned with cookie handling etc
2007-10-24T15:18:55  <ThomasWaldmann> the farm scope of the caching might be a problem
2007-10-24T15:19:19  <xorAxAx> it was directly designed to use an existing session system
2007-10-24T15:19:21  <johill> I don't think so since the identifier is random anyway
2007-10-24T15:19:25  <ThomasWaldmann> (for the rare cases when wiki a uid x is not the same user as wiki b uid x)
2007-10-24T15:19:41  <johill> but the session system I did does all the cookie handling
2007-10-24T15:19:58  <xorAxAx> bad
2007-10-24T15:21:32  <johill> thanks for the kind words
2007-10-24T15:21:53  <johill> I'm sure that if I'd split it up you'd have talked of many layering violations though, so hey
2007-10-24T15:22:39  <johill> you have to get used to the fact that layering is a way to design, not implement things ;)
2007-10-24T15:22:48  <johill> anyhow
2007-10-24T15:22:52  <johill> feel free to rewrite the session system again
2007-10-24T15:23:02  <johill> I don't see much point in it
2007-10-24T15:23:17  <johill> without having the request state properly abstracted, I should add
2007-10-24T15:24:33  <xorAxAx> until then, its ok :)
2007-10-24T15:24:46  <johill> anyway
2007-10-24T15:24:56  <johill> the 'session' system we're talking of is only creating a dict and storing stuff
2007-10-24T15:25:00  <xorAxAx> yes
2007-10-24T15:25:21  <johill> since xmlrpc doesn't really require any session storage, I didn't try to tie that in
2007-10-24T15:25:28  <xorAxAx> which should be changed in 1.7 to use the backend
2007-10-24T15:25:36  <johill> also, it would be quite hard to split up cookie handling and session storage
2007-10-24T15:25:37  <ThomasWaldmann> johill: can you please do some testing before you merge that into 1.6
2007-10-24T15:25:41  <xorAxAx> because caching is still a bit limited in performance in 1.7
2007-10-24T15:25:51  <xorAxAx> johill: why?
2007-10-24T15:25:52  <ThomasWaldmann> at least the BadContent stuff should work as before :)
2007-10-24T15:25:54  <johill> yeah, I should test wikisync
2007-10-24T15:26:05  <johill> badcontent doesn't auth so nothing would happen to it
2007-10-24T15:26:07  <ThomasWaldmann> (moinmaster is running 1.6 and serving BadContent globally :)
2007-10-24T15:26:54  <johill> is there a command line tool for xmlrpc?
2007-10-24T15:27:11  <johill> grr what is it with the vpn here, it keeps disconnecdting me
2007-10-24T15:28:47  <johill> actually, it would be possible to implement with the session stuff, by creating a session handler data class
2007-10-24T15:29:02  <johill> but that'd be a layering violation because the session handler is responsible for that
2007-10-24T15:29:09  <johill> and the session handler we have only uses cookies
2007-10-24T16:12:33  <ThomasWaldmann> johill: if you do some testing anyway: we have some sample scripts under MoinMoin/script/... for xmlrpc usage - could you modify them so they show the current way of doing auth?
2007-10-24T16:13:02  <ThomasWaldmann> maybe this makes even some module under MoinMoin/support superfluous (the one for http auth)
2007-10-24T19:48:56  <dreimark> bbl