Re: [Zope] Does anyone care whether we deprecate ZClasses?

2005-04-01 Thread kosh
I vote we take off and nuke them from orbit it is the only way to be sure.

(+1 get rid of those dang things)

I have tried to help far too many people over the years on #zope that had 
problems with zclasses. They just seem fragile and should be removed.

On Friday 01 April 2005 5:22 am, Jim Fulton wrote:

 We could choose to deprecate ZClasses.  If we deprecated them in
 Zope 2.8, they would still work in Zope 2.8 and Zope 2.9, but
 their support would be removed in Zope 2.10.  Would anyone be upset
 if this happened?

Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Re: [Zope-dev] root ZServer

2005-01-18 Thread kosh
On Tuesday 18 January 2005 9:18 pm, Alan Milligan wrote:
 Hash: SHA1


 I have a requirement to run a root uid Z2 process and was most surprised
 to see that line 334 of Zope/Startup/ expressly forbids this,
 throwing a ZConfig.ConfigurationError

 While it's not a good idea to configure Zope to run as root by default,
 isn't it completely fascist to disallow it altogether?  Similarly, I'd
 now expect issues if I chose to attach a Z2 to a low port.

 As far as I'm concerned, the account policy (and port too) is clearly
 defined by directives in zope.conf and should be honoured - clearly
 someone's consciously made these configuration changes and is thus fully
 accepting of their potential consequences.

 How about relaxing this requirement?


Why would you need to run zope as root? You can start it as root so it can 
bind to a low numbered port and then it will switch to a less privelaged user 
for its normal operations. I can't think of a good reason right now for why a 
network service should be run as the root user.
Zope-Dev maillist  -
**  No cross posts or HTML encoding!  **
(Related lists - )

Re: [Zope-dev] Very severe memory leak

2003-08-24 Thread kosh
On Friday 22 August 2003 03:38 pm, Leonardo Rochael Almeida wrote:

 In trying to narrow down the causes of the leak, we detected what looks
 like a minor one. If you insert a very simple dtml method in Zope root
 and bang on it at a rate of, say, 100 requests per second, Zope will
 increase it's memory footprint very slowly, say, a couple hundred Ks
 every 10 minutes (both RSS and virtual size). I figure this has
 something to do with memory fragmentation or some other low level stuff.
 But this is definetly not our main concern, which is to find out how is
 it that Zope is leaking DateTimes so heavily in our site, and if it is
 really all those DateTimes that are hogging our memory. We need help,
 and we need it desperately. If anyone wants any other information we'd
 be happy to provide.

Okay here are a few things to try based on this information. 

1) Take the zclasses and burn them and do it as a python product instead. From 
items I have seen/done in the past this makes a fairly large difference for 
speed and a little in memory. However with it being faster speed you can have 
smaller caches.

2) Convert dtml objects to python scripts where feasible. Python scripts often 
run 10-40 times faster then dtml does and they seem to have a much better 
memory footprint. With them running a lot faster you can also cut down on 
your caching. You can write write scripts that are fairly complex that can 
generate ~ 200 req/s but I have not gotten even close to that with dtml.

3)If you still have problems use psyco on your python product that you use to 
replace the zclasses and bind it to the methods that make the most speed 
difference. Caching is good but having it run fast enough to not need caching 
is often better.

I have a fair number of sites now that range in size from 100M - 1GB that get 
a fair bit of usage with tens of thousands of objects and they have a memory 
usage of about 20-45M of ram under zope 2.6.1. They used to have a memory 
usage in the 80-400M range but that was before I fixed a number of things.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

[Zope-dev] ZopeCTL from debian sid could it be included?

2003-07-28 Thread kosh
I was chatting on irc with some people on #zope and some where interested in 
it because it does make managing many zope instances easy. You have config 
files for your instances and you can stop and start all instances from a 
single script. You can also create new instances, remove them, reset the 
access password etc. It makes it much easier to manage overall then a regular 
zope install however it still needs a little more work for some of its rough 

I would like to see something like this as part of zope since currently zope 
is a bit of a pain to manage many instances on one machine and so lots of 
things have been developed to deal with that and having a system that is just 
part of zope to address that would help a lot from a maintenance standpoint. 
This one has the advantage of being written in python, having a simple config 
file format and it already works however any such system would be an 
improvement and I am sure debian would switch if zope gained a built in way 
to do this.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

[Zope-dev] hard coded paths in pickles

2003-07-08 Thread kosh
I have been trying to clean up the structure in my python product and I find 
that if I move any file zope can no longer load the object associated with 
that file but new objects created work just fine. Unforunatley that is not an 
option since I have a lot of old data that I need to keep. Is there a 
solution to this problem that is feasible or with zope once you place a file 
at some location you can't ever move it. If it is true that once a file is at 
some location it can't be moved surely this needs to be fixed since it would 
make it very hard for long projects since they could not clean up the layout 
of the project over time as things change.


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Re: [Zope-dev] Possible security problem with DTML

2003-03-24 Thread kosh
On Monday 24 March 2003 09:05 am, Leonardo Rochael Almeida wrote:
 On Fri, 2003-03-21 at 20:08, kosh wrote:
  I am having a problem where DTML is allowing access to an attribute of an
  object that restrictedTraverse and regular . notation denies from a
  python script.

 This is pretty serious. You should post this as a bug in the collector.

   Cheers, Leo

Yeah I will report this to the collector I just wanted to see if anyone else 
had seen this or thought it was a bug or some really weird thing that is 
supposed to happen but not documented. It would not be the first time that 
zope had some really strange stuff in it. ;)

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

[Zope-dev] Possible security problem with DTML

2003-03-21 Thread kosh
I am having a problem where DTML is allowing access to an attribute of an 
object that restrictedTraverse and regular . notation denies from a python 

I have a python product and I have the securit.setDefaultAccess('deny') so 
that items inside there without security declarations can't be called and 
this works for url traversal, restrictedTraverse and getting to the object 
via python scripts in that access is denied but dtml can get right in which 
is a problem.

Lets say I have container foo with object bar in an and inside bar an object 
which should not be allowed accessed.

dtml-var gives the value of shouldnotwork


dtml-var restrictedTraverse('foo/bar/shouldnotwork')' gives access denied

and from a python script 

return gives an access denied also which is what 
I expect.

For a ZPT object I get the same result of access being denied for

span tal:replace=here/foo/bar/shouldnotwork/span

Thus I suspect the problem is with DTML somewhere but I am not sure where. 
However I could also be doing something wrong in my python product but 
currently I can no imagine what would allow that dtml to do it but nothing 

The variable shouldnotwork is just a string that is stored in object bar.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Re: [Zope-dev] A modest proposal: Replace medusa with Twisted

2001-10-10 Thread kosh

Designing the webpages of tomorrow
Designing the MMORPGS of tomorrow

On Wed, 10 Oct 2001, Itamar Shtull-Trauring wrote:

 Actually, this brings up this idea I had - Zope should replace medusa with
 Twisted. Why, you ask?

Any ideas what the performance would be compared to medusa?

 1) Twisted separates transport from protocols, and the event loop it uses is
   extendable and generic. That means:

- It can run on Jython (using threads, someday with java.nio), and it can
 be integrated with the Tk and GTK event loops.

- Your protocol doesn't have to worry about the transport - Twisted
 supports SSL, TCP and unix domain sockets right now, without having to make
 any change to the protocols.

SSL support out of the box would be a big deal. It really annoys me that
zope does not support https by default. It is another thing to hunt down
and merge in the config file for and it is necessary for any modern web

 2) Twisted is designed to run multiple servers and protocols at the same
 time, and these can be changed at runtime. It already includes pure python
 support for HTTP, FTP, LDAP, SMTP, POP3, DNS, telnet, AIM TOC, and IRC, all
 integrated with the main event loop (all have server support except DNS and
 LDAP). Adding new protocols to Zope is not easy, at the moment.

It would be really nice if it supported NNTP, SOAP, and XML-RPC also.
However the last two could probably be stuck in fairly rapidly since
python already supports those and they run over HTTP already.

 3) Twisted is being actively developed and extended. medusa less so.

Actively developed would definitely be an improvement.

 4) Good integration with threads - while event based, twisted has a very
 nice model for dealing with threaded apps.
What benefits would this really give? What drawbacks would we have to deal
with? Overall I have noticed that python does not seem to actually thread
very well since there is that global lock.

 5) Twisted has Perspective Broker, an async.ready remote-object protocol
 that supports caching, object migration, and remote messaging, with
 integrated authentication and authorization. And it ideologically meshes
 with the object publisher notion in Zope. No, really :)

This part sounds pretty cool I will definitely have to look at it some
more. I looked at it a little while ago and it looked very cool however
zope has some serious things that twisted does not. Mainly I really like
how the access control system works, the user folder system and the object

 Twisted already includes a high-level web framework, but Zope probably would
 not use it, and instead build its own on top of twisted's low-level http

We could essentially keep the ZMI however I do think the ZMI is due for a
large rewrite soon. The frames and a few other things have got to go.
Mostly because xhtml 1.0 is the last html version to even have frames and
zope will have to adapt as things progress. It would not surprise me if in
2 or 3 years most new browsers didn't support frames anymore.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

[Zope] DTML current namespace

2001-01-29 Thread kosh

How do you print out the current namespace you have access to in DTML? I
am trying to track down what I think is a namespace problem and I think
this would help solve the problem.


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

[Zope] PythonMethod problem

2000-12-10 Thread kosh

I know I am still using PythonMethods however I have not seen Python
Scripts out yet for 2.2.4.

Okay here is the problem. How do I call one PythonMethod from another


object foo is a python method and it takes a='',b='',c='',d=''

does stuff
returns a string

foo_spec takes parameters a1='',b1=''
it should return foo(a=a1,b=b1)

However trying to call that foo gives an error.

I get a NameError on foo when it is used in foo_spec. However using foo
directly does work however I want to make easier customized interfaces for


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

[Zope] ZClass

2000-11-10 Thread kosh

From inside what object should I inherit from to get a history option for
a zclass or what method would I need to write. I have looked at lots of
examples of zclasses and so far none of them have a history tab. 

I am working with the STX_Document type and made a new zclass based on
that which includes renderable and catalogaware as base classes. Those
were the instructions on the STX document page but that still did not give
me the option for a history tab but it did fix other things that I needed.


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

[Zope] dtml-if url type contruct

2000-10-24 Thread kosh

What would be the correct dtml-if contrstruct for this behavior?

I want to check and see if zope can resolve a url to a valid object.

Ie does get you to a valid page or is it not

I need something like dtml-if that way I can know
when to rewrite the url based on zope finding the object or not. 


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )