[Zope-dev] tortoise v. hare (was: BTrees strangeness)

2004-05-19 Thread Jamie Heilman
how they interact). Its been a year now since I offered that code and I haven't gotten so much as a comment on it. Maybe its time to wander over and give it a look? -- Jamie Heilman http://audible.transient.net/~jamie/ You came all this way, without saying squat, and now

Re: [Zope-dev] tortoise v. hare (was: BTrees strangeness)

2004-05-19 Thread Jamie Heilman
caching API. -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's not for you. She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway. -Holly [1] I'd love

Re: [Zope-dev] Announce: Reusable Zope Public License 2.1

2004-05-16 Thread Jamie Heilman
[EMAIL PROTECTED] wrote: The 5th is confusing. What's the situation with *BSD like ports where the source code is patched right before compiling? What is the date of change in that case? In that case the ZPL'd program isn't being redistributed modified, so the 5th clause doesn't apply.

Re: [Zope-dev] Re: [Collector] Strange reject policy

2004-05-06 Thread Jamie Heilman
Ken Manheimer wrote: All the actions are verbs, won't fix is not a verb. How about 'bikeshed' ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists -

Re: [Zope-dev] Subversion

2004-05-04 Thread Jamie Heilman
Chris Withers wrote: I suppose it's still one step up from CVS where you have to specify the binary-ness of each file you upload rather than being able to put a mapping i na config file... CVSROOT/cvswrappers ___ Zope-Dev maillist - [EMAIL

[Zope-dev] patch for #1074

2004-05-01 Thread Jamie Heilman
removes dependance on MessageDialog - that really had no bearing on the issue at hand and I only include that portion of the patch because in my fork I removed all reliance upon MessageDialog (a class I really loathed) and I'm too lazy to add it back for the purposes of this patch. -- Jamie

Re: [Zope-dev] Re: Policy for Collector-Issues 545 and 1217?

2004-04-27 Thread Jamie Heilman
here's the patch I'd have attached to http://zope.org/Collectors/Zope/1217 if the collector could collect -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear

Re: [Zope-dev] Re: Policy for Collector-Issues 545 and 1217?

2004-04-26 Thread Jamie Heilman
. The culprit in this case is likely in manage_tabs.dtml I've never been able to reproduce the content_type bug. -- Jamie Heilman http://audible.transient.net/~jamie/ Most people wouldn't know music if it came up and bit them on the ass

Re: [Zope-dev] Policy for Collector-Issues 545 and 1217?

2004-04-25 Thread Jamie Heilman
the relevant files and post followups to the bugs. -- Jamie Heilman http://audible.transient.net/~jamie/ ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding

Re: [Zope-dev] The bleak Future of Zope?

2004-04-23 Thread Jamie Heilman
, and thats exactly what happens in a lot of these large add-on frameworks. -- Jamie Heilman http://audible.transient.net/~jamie/ ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts

Re: [Zope-dev] Re: The bleak Future of Zope?

2004-04-21 Thread Jamie Heilman
over a year old aren't something the rest of the community can do anything about. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution

Re: [Zope-dev] Re: The bleak Future of Zope?

2004-04-21 Thread Jamie Heilman
the collector that puts the ball squarely in ZC's court. -- Jamie Heilman http://audible.transient.net/~jamie/ You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren't

Re: [Zope-dev] [patch] More secure cookie crumbler?

2004-04-12 Thread Jamie Heilman
know the risks. -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's not for you. She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway. -Holly

Re: [Zope-dev] [patch] More secure cookie crumbler?

2004-04-12 Thread Jamie Heilman
, so there's no harm in writing them. Its convincing people to actually use the damned things thats the problem. -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's not for you. She was cheap, she

Re: [Zope-dev] Proposal: Move to subversion for source code control of the Zope and ZODB projects

2004-04-11 Thread Jamie Heilman
as everybody is the mode of learning new a process. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution

Re: [Zope-dev] ZPT for CSS, anyone?

2004-03-30 Thread Jamie Heilman
, but the stylesheets themselves should remain static. As such, generating style in ZPT is a complete waste of time and effort. The File object is a much better fit. -- Jamie Heilman http://audible.transient.net/~jamie/ You came all this way, without saying squat, and now you're trying

Re: [Zope-dev] ZPT for CSS, anyone?

2004-03-30 Thread Jamie Heilman
it does open the dynamisim flood gates. Thats doing the work in the wrong place. If you have a one-time translation job, which is basically what you're asking for, then you should do it once before the object is placed into the zodb. -- Jamie Heilman http

[Zope-dev] Re: ZPT for CSS, anyone?

2004-03-30 Thread Jamie Heilman
Scripts are better for dynamic plain text, simply because they're less magical and don't have all the stupid namespace problems that DTML does. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next

Re: [Zope-dev] ZPT for CSS, anyone?

2004-03-27 Thread Jamie Heilman
and have the server use absolute urls without having to write expressions for every single reference? Isn't there some equivilent to the html base tag to specify what / means? Why are you bent on using absolute URLs for images in the first place? -- Jamie Heilman http

Re: [Zope-dev] PageTemplateFile vs. Bindings vs. Security

2004-03-25 Thread Jamie Heilman
or your product is worthless. -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's not for you. She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway. -Holly

Re: [Zope-dev] proposal: serving static content faster

2004-03-24 Thread Jamie Heilman
pretty awkward. But anyway, thats a digression from the main thrust of your let them eat producer proposal, which I think is a good idea in general. -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's

Re: [Zope-dev] PageTemplateFile vs. Bindings vs. Security

2004-03-24 Thread Jamie Heilman
Shane Hathaway wrote: On Wed, 24 Mar 2004, Chris Withers wrote: That sounds mighty handy. What needs to happen for that to happen? A voluntary volunteer needs to volunteer voluntarily. I'll probably tackle it, but not before next month due to more immediate fires. -- Jamie Heilman

Re: [Zope-dev] Re: ...but I want to access 'a particular tuple' in that context!

2004-03-23 Thread Jamie Heilman
a guarded interator is the Right thing, yes? -- Jamie Heilman http://audible.transient.net/~jamie/ Most people wouldn't know music if it came up and bit them on the ass. -Frank Zappa

Re: [Zope-dev] asyncore - twisted

2004-03-22 Thread Jamie Heilman
a prerequisite to getting any real work done, then you might as well do it. Nevertheless, you don't need everything that twisted brings just to serve a web page, and for the vast majority of Zope's users, serving web pages is the only service that anybody cares about. -- Jamie Heilman http

[Zope-dev] PageTemplateFile vs. Bindings vs. Security

2004-03-22 Thread Jamie Heilman
is a good thing... Shouldn't we fix PageTemplateFile to work like DTMLFile wrt security? How hard is it going to be to do that? -- Jamie Heilman http://audible.transient.net/~jamie/ ...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth

[Zope-dev] ...but I want to access 'a particular tuple' in that context!

2004-03-22 Thread Jamie Heilman
? -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's not for you. She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway. -Holly

Re: [Zope-dev] How to make Zope fail nicely under high load?

2004-02-11 Thread Jamie Heilman
in the backlog. You'd have to change ZServer so it handled those new requests instead, identified if they were part of a session, queued them up if they were, or spat out a 503 if they weren't. Frankly, I bet you'd have more fun just making your app faster. -- Jamie Heilman

Re: [Zope-dev] How to make Zope fail nicely under high load?

2004-02-11 Thread Jamie Heilman
anyway, it just makes more sense, but I digress. Find yourself an Apache module that can spit out 503s, then work on load balancing infrastructure, which is probably the most viable longterm solution (next to simply not using Zope for something it evidently isn't very good at). -- Jamie Heilman

Re: [Zope-dev] How to make Zope fail nicely under high load?

2004-02-11 Thread Jamie Heilman
. Before creating a session, check the size of the ZRendezvous backlog. might work. Yeah, thats a good plan in terms of where to instrument it, if you had to. If it were me, I'd sooner throw more hardware at it than use session identifiers though. -- Jamie Heilman http

Re: [Zope-dev] How to make Zope fail nicely under high load?

2004-02-11 Thread Jamie Heilman
. -- Jamie Heilman http://audible.transient.net/~jamie/ You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren't saying squat kid. -Buddy

Re: [Zope-dev] Re: Zope 2.7.0 rc2 + python 2.3.3 problem

2004-02-03 Thread Jamie Heilman
with __main__ too. Anyway, thats my thought. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution

Re: [Zope-dev] Resolved security-related collector issues for the public?

2004-01-22 Thread Jamie Heilman
by default. -- Jamie Heilman http://audible.transient.net/~jamie/ ...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity... -Rimmer

Re: [Zope-dev] Zope - SecurityFocus Newsletter #232 (fwd)

2004-01-21 Thread Jamie Heilman
you've quoted is a summary of Brian's announcement. ... Further analysis of these issues is currently underway. This BID will be separated into individual BIDs upon completion of analysis. Interesting. -- Jamie Heilman http://audible.transient.net/~jamie/ ...thats

Re: [Zope-dev] Resolved security-related collector issues for the public?

2004-01-21 Thread Jamie Heilman
the nature of the security flaws? Release an obsfucated binary distribution and say Trust Us? That doesn't sound very much like open source. -- Jamie Heilman http://audible.transient.net/~jamie/ You came all this way, without saying squat, and now you're trying to tell me

Re: [Zope-dev] Re: Resolved security-related collector issues for the public?

2004-01-21 Thread Jamie Heilman
, offer education, not censorship in the guise of protection. -- Jamie Heilman http://audible.transient.net/~jamie/ ...and no, I don't support the War On Terror. ___ Zope-Dev maillist - [EMAIL PROTECTED] http

Re: [Zope-dev] post security update analysis

2004-01-19 Thread Jamie Heilman
Jamie Heilman wrote: Now that we've reached closure on some of the outstanding security issues in Zope there's a lot of stuff in the Collector that needs to be revisited... Brian Lloyd wrote: ... - Proxy rights on DTMLMethods transferred via acquisition I believe this means issue #743

[Zope-dev] post security update analysis

2004-01-17 Thread Jamie Heilman
against HEAD for the xss holes that haven't been closed. I'll post an update to the collector when its ready. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear

Re: [Zope-dev] CVS Head: Error Value: iterable argument required when adding objects

2004-01-17 Thread Jamie Heilman
, and to have daemons change it after the fact because they think they know better causes no end of frustration. -- Jamie Heilman http://audible.transient.net/~jamie/ ...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds

Re: [Zope-dev] CVS Head: Error Value: iterable argument required when adding objects

2004-01-17 Thread Jamie Heilman
. -- Jamie Heilman http://audible.transient.net/~jamie/ ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman

Re: [Zope-dev] CVS Head: Error Value: iterable argument required when adding objects

2004-01-17 Thread Jamie Heilman
Jeremy Hylton wrote: On Sat, 2004-01-17 at 18:30, Jamie Heilman wrote: Its desirable in some circumstances, but not all. Part of the problem is people tend to blindly follow the traditional approach to daemon design without bothering to actually do any critical thinking. I expect you

Re: [Zope-dev] ZServer HTTP 1.1 support

2003-12-11 Thread Jamie Heilman
keep a single connection alive essentially forever (should you want to do that). Of course if you're keeping an HTTP session alive that long you're probably doing something completely sick and wrong and would be better off using a protocol more suited for long running task execution. -- Jamie

Re: [Zope-dev] Re: Zope 2.7.0 b3 regressions

2003-12-09 Thread Jamie Heilman
Toby Dickenson wrote: Because dtml-var BASEPATH1/dtml-var absolute_url(1) looks nicer than without the slash ? OT: Seeing as that would actually have to be written dtml-var REQUEST.BASEPATH1 html_quote/dtml-var absolute_url(1) html_quote to get anywhere close to reliable and secure

Re: [Zope-dev] DateTime stftime and TAI based timezone is broken or is it?

2003-12-02 Thread Jamie Heilman
. Its always bugged me that DateTime carried all its own zone information, but I guess even the datetime python modules punt in this regard. What I'm currious to know is how this caused problems for you, or your clients. I'd like to avoid those problems myself if I can help it. -- Jamie Heilman

Re: [Zope-dev] possible compromise

2003-10-14 Thread Jamie Heilman
from the outside? Well the Server header in the http response is the most obvious way, but certainly not the only one, zope's fingerprint is very distinct because of acquisition and its numerous management interfaces. -- Jamie Heilman http://audible.transient.net/~jamie/ Most

Re: [Zope-dev] possible compromise

2003-10-13 Thread Jamie Heilman
. -- Jamie Heilman http://audible.transient.net/~jamie/ You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren't saying squat kid. -Buddy

Re: [Zope-dev] Re: [Zope] Using 2.3.2 for Zope 2.7

2003-10-03 Thread Jamie Heilman
of __name__ attribute. I haven't really had the time to look into it closely, but it does effect the examples shipped with zope, and actually its just a very useful thing to be able to do. Whatever this problem stems from, there will probably be more because of it. -- Jamie Heilman

Re: [Zope-dev] Etag support in page templates

2003-09-16 Thread Jamie Heilman
to clutter the protocol to make their clients work then they should do so with another filter program. In zserver's case thats going to be the proxy HTTP daemon that it talks to. -- Jamie Heilman http://audible.transient.net/~jamie/ Most people wouldn't know music if it came up

Re: [Zope-dev] Etag support in page templates

2003-09-16 Thread Jamie Heilman
HTTP proxy to overcome Microsofts buggy DAV implementation, read doc/WebDAV.txt for more information. The user will respond, OK, thanks. Now... which of these scenarios do you think is in Zope's best interest? -- Jamie Heilman http

Re: [Zope-dev] Etag support in page templates

2003-09-15 Thread Jamie Heilman
is to use an external program that wraps the clean conversation and inserts this junk on the fly. I bet you could do it with apache's mod_headers for example. Same story for that MS-Author-Via junk. Poluting Zope's source code isn't the right answer. -- Jamie Heilman http

[Zope-dev] Re: [Zope] CacheManager missing in 2.6.2b4 :-(

2003-08-14 Thread Jamie Heilman
Chris Withers wrote: Jamie Heilman wrote: That depends on the cache replacement policy you need. If you're not tied to LFU then you can just switch to using my MemoryCache product. (With all the various caveats surrounding it, of course, python 2.2, patching Zope, etc.) Why Python 2.2

Re: [Zope-dev] Re: [Zope] CacheManager missing in 2.6.2b4 :-(

2003-08-14 Thread Jamie Heilman
Chris Withers wrote: Jamie Heilman wrote: 2.2 because 2.1 lacks ruthless efficiency. That, on its own, is not a very helpful statement ;-) What are the differences between 2.1 and 2.2 that you care about? 2.2 is installed on my machines, 2.1 isn't. It might work in 2.1 for all I know

Re: [Zope-dev] FileUpload questions

2003-08-14 Thread Jamie Heilman
as defined by the tempfile module. -- Jamie Heilman http://audible.transient.net/~jamie/ We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come bloodied and squalling with the knowledge that for all the compasses

Re: [Zope-dev] Mailinglists

2003-08-04 Thread Jamie Heilman
-- Jamie Heilman http://audible.transient.net/~jamie/ It's almost impossible to overestimate the unimportance of most things. -John Logue ___ Zope-Dev maillist - [EMAIL PROTECTED

[Zope-dev] don't forget to install new modules

2003-07-20 Thread Jamie Heilman
the goal of that was. -- Jamie Heilman http://audible.transient.net/~jamie/ ...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity... -Rimmer

Re: [Zope-dev] stopping the Version DoS

2003-07-16 Thread Jamie Heilman
think the issue can be considered closed. Personally I'm just removing version support entirely from my tree. -- Jamie Heilman http://audible.transient.net/~jamie/ ...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his

[Zope-dev] BoboPOS 2

2003-07-15 Thread Jamie Heilman
Whats the deal with all the code that refers to BoboPOS 2 in Zope. Why is it still there? -- Jamie Heilman http://audible.transient.net/~jamie/ We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come

[Zope-dev] broken dtml document security

2003-07-15 Thread Jamie Heilman
The security on DTML Documents seems to be hosed, see http://collector.zope.org/Zope/865 for way to reproduce it. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear

[Zope-dev] HelpSysectomy

2003-07-07 Thread Jamie Heilman
. Notes: I didn't bother patching Products/ZopeTutorial, I figure if you aren't going to bother with online help an online tutorial is earmarked for deletion as well. -- Jamie Heilman http://audible.transient.net/~jamie/ Most people wouldn't know music if it came up and bit them

Re: [Zope-dev] easy to fix bugs present in 2.7.0a1

2003-07-06 Thread Jamie Heilman
of the SCRIPT_NAME-BASEPATH1 changes happend for Zope 2.3.0 alpha 1, but this one got missed. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution

[Zope-dev] easy to fix bugs present in 2.7.0a1

2003-07-05 Thread Jamie Heilman
problem/fix, and really should be fixed in both 2.6.2 and 2.7 I'd also love to get some feedback on my queries re: Issue 28 ... Is there any reason that bug needs to remain deferred, list comprehensions certainly seem to work fine in 2.7.0a1 with python 2.2. -- Jamie Heilman http

[Zope-dev] raise_standardErrorMessage facilitates cross site scripting

2003-06-27 Thread Jamie Heilman
Jamie Heilman wrote: I have a feeling its atributable to either raise_standardErrorMessage's smart tag searching, or some other auto-magical aspect of the error handling framework. I finally got around to testing this hypothesis, and it seems to be true. raise_standardErrorMessage assumes

Re: [Zope-dev] Re: weak examples, weak exploits

2003-06-24 Thread Jamie Heilman
Chris McDonough wrote: Jamie Heilman came up with a reasonable way to do this. The Zope Quick Start page instructs the user to import the examples and gives him a link which does so by calling manage_import. Actually... /me points at Casey ...not my idea, I just implemented a good suggestion

Re: [Zope-dev] weak examples, weak exploits

2003-06-23 Thread Jamie Heilman
. I have a feeling its atributable to either raise_standardErrorMessage's smart tag searching, or some other auto-magical aspect of the error handling framework. (clues appreciated) In the mean time I suggest quoting error_msg. -- Jamie Heilman http://audible.transient.net/~jamie

Re: [Zope-dev] weak examples, weak exploits

2003-06-23 Thread Jamie Heilman
Jamie Heilman wrote: Then call it http://host/aww_shit_now_what=bold+flava' er, http://host/aww_shit_now_what?i=bold+flava' rather. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may

[Zope-dev] Re: funky side-effects, possible bug in HTTPRequest.py

2003-06-21 Thread Jamie Heilman
Jamie Heilman wrote: (the patches I spoke of should be ready sometime tomorrowish assuming I don't run into any other funkyness, I'll post them to the collector) These are done, there's a synopsis available at http://collector.zope.org/Zope/628 and the patches are available at http

[Zope-dev] funky side-effects, possible bug in HTTPRequest.py

2003-06-20 Thread Jamie Heilman
of should be ready sometime tomorrowish assuming I don't run into any other funkyness, I'll post them to the collector) -- Jamie Heilman http://audible.transient.net/~jamie/ We must be born with an intuition of mortality. Before we know the words for it, before we know

Re: [Zope-dev] funky side-effects, possible bug in HTTPRequest.py

2003-06-20 Thread Jamie Heilman
Oliver Bleutgen wrote: Jamie Heilman wrote: [major snippage] Hmmm, that means that this changes break exactly these applications, which, in order to be on the secure side, explicitly use REQUEST.form['bla'] more than once in a request, right. Naw, it doesn't break them, promotion doesn't

Re: [Zope-dev] funky side-effects, possible bug in HTTPRequest.py

2003-06-20 Thread Jamie Heilman
): immediately jumped out and said to me, promote bar and baz form vars and cookies to the other dictionary. Now that I have an appreciation for exactly how methods are published, I see things in a different light of course. -- Jamie Heilman http://audible.transient.net/~jamie

Re: [Zope-dev] ./configure on Zope27HEAD with Python 2.2.2

2003-06-19 Thread Jamie Heilman
Does anyone care enough to fix configure to work properly on BSD? i=$(($i+1)) -- Jamie Heilman http://audible.transient.net/~jamie/ You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked

Re: [Zope-dev] ./configure on Zope27HEAD with Python 2.2.2

2003-06-19 Thread Jamie Heilman
wouldn't worry about it. -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's not for you. She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway. -Holly

Re: [Zope-dev] version status

2003-06-17 Thread Jamie Heilman
Chris Withers wrote: Jamie Heilman wrote: 100% correct. Frankly I'm not entirely convinced anonymous users should ever be able to open a zodb connection, Well, without that, they would never be able to view a page from a Zope site. That would make it tricky to log in ;-) By which I

Re: [Zope-dev] version status

2003-06-16 Thread Jamie Heilman
, but that probably doesn't come as a surprise to anyone, IE is notoriously insecure. Toby Dickenson wrote: Ive not tested Jims code, but it looks to me like it *should* stop that attack. Have you tested it? Yes, you get a 401 now, but by that time the damage has been done. -- Jamie Heilman

[Zope-dev] version status

2003-06-15 Thread Jamie Heilman
Whats the status of versions for 2.6.2 and 2.7? Have there been any decisions reached? I saw Jim's code get checked in but it won't stop the DoS I posted. -- Jamie Heilman http://audible.transient.net/~jamie/ It's almost impossible to overestimate the unimportance of most

Re: [Zope-dev] Bug day?

2003-06-12 Thread Jamie Heilman
hopefully it will be a tad more successful than the last one -- Jamie Heilman http://audible.transient.net/~jamie/ You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when

Re: small summary and big plea was:(Re: [Zope-dev] Versions: should they die?)

2003-06-10 Thread Jamie Heilman
Toby Dickenson wrote: No criticism was implied public exploits are valuable part of the security process. Its nice to hear not everyone in the industry has lost their mind. /me glances at redmond -- Jamie Heilman http://audible.transient.net/~jamie/ We must be born

Re: small summary and big plea was:(Re: [Zope-dev] Versions: should they die?)

2003-06-06 Thread Jamie Heilman
the /Control_Panel/Database/manage_cacheParameters resource becomes unavailable due to memory constraints. Other side-effects from allowing anonymous clients to open additional zodb connections are as of yet unknown to me, anyone care to speculate on other vectors of abuse? -- Jamie Heilman

Re: [Zope-dev] Conflict Errors; how to track them down?

2003-06-04 Thread Jamie Heilman
Chris Withers wrote: Dieter Maurer wrote: The attached patch to Zope/App/startup.py provides this additional information. Where's the patch? http://marc.theaimsgroup.com/?l=zope-devm=105466926610469q=p3 -- Jamie Heilman http://audible.transient.net/~jamie/ I

Re: [Zope-dev] manage_addZClass* permission question

2003-05-29 Thread Jamie Heilman
.) -- Jamie Heilman http://audible.transient.net/~jamie/ We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come bloodied and squalling with the knowledge that for all the compasses in the world, there's only one

[Zope-dev] manage_addZClass* permission question

2003-05-28 Thread Jamie Heilman
requires one of the following roles: ['Manager']. Your roles in this context are ['Authenticated']. So it doesn't look like there is a named permission associated with those methods. I have to wonder if thats intentional. -- Jamie Heilman http://audible.transient.net/~jamie/ Most

[Zope-dev] App.Permission security hole

2003-05-27 Thread Jamie Heilman
) -- Jamie Heilman http://audible.transient.net/~jamie/ It's almost impossible to overestimate the unimportance of most things. -John Logue ___ Zope-Dev maillist - [EMAIL

Re: [Zope-dev] WebDAV File Descriptor Leak

2003-05-27 Thread Jamie Heilman
place to store Python 2.2.2 and earlier's insecure tempfile.py made files. Setting the TMPDIR variable for Zope to a directory which only the zope user may write to is recommended to avoid a potential DoS vulnerability. My understanding is that this is finally addressed in python 2.3. -- Jamie

Re: [Zope-dev] ZPublisher.Client and encrypted passwords

2003-03-25 Thread Jamie Heilman
Danny W. Adair wrote: At 10:23 AM 3/26/2003 +1100, Adrian van den Dries wrote: On March 26, Danny W. Adair wrote: Thanks. How would I do that? ZPublisher.Client.call() is very convenient but only takes url,username,pwd... import base64 user, pass = base64.decodestring(req._auth.split('

[Zope-dev] ch-ch-ch-changes (post-merge fallout)

2003-03-19 Thread Jamie Heilman
up a wall. It'd be cool if that one got fixed. -- Jamie Heilman http://audible.transient.net/~jamie/ ...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity

Re: [Zope-dev] How (in)secure is Zope?

2003-03-15 Thread Jamie Heilman
not enough people care about this, but if the hackers also don't care, why should I :-) I don't know, why should you? I care because it used to be my job to care, now I can't seem to let the mentality go. -- Jamie Heilman http://audible.transient.net/~jamie/ Most people wouldn't know

Re: [Zope-dev] How (in)secure is Zope?

2003-03-13 Thread Jamie Heilman
Lennart Regebro wrote: 5. Protecting yourself against denial of service: Zope does not seem to crash if you send random data to it, and I have in logs seen attemps to overflow buffers and the like that obviously are attempt to crash or break in to other (MS) servers, without this affecting

Re: [Zope-dev] How (in)secure is Zope?

2003-03-13 Thread Jamie Heilman
scripting or cache poisoning issues, and that can be attributed to, in part, my growing disastifaction with the system. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who

Re: [Zope-dev] How (in)secure is Zope?

2003-03-13 Thread Jamie Heilman
crashed, and gosh I think it might be a security problem in Z. without any analysis apart from random observation, which is sort of a pain in the ass to deal with, but they aren't visible, and thus I worry they aren't all like 493. (of which 494 is a public dupe g) -- Jamie Heilman

Re: [Zope] Re: [Zope-dev] Proposed installation changes for review

2003-03-12 Thread Jamie Heilman
timeline don't coincide. So unfortunately any opinons I could offer on Zope3's direction would be wholely uninformed. -- Jamie Heilman http://audible.transient.net/~jamie/ We must be born with an intuition of mortality. Before we know the words for it, before we know

Re: [Zope-dev] How (in)secure is Zope?

2003-03-12 Thread Jamie Heilman
will be taken care of. I will go on record as saying that, recently, response times to security related issues in the Zope2 tree have been disapointing. Construe from that what you will. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself

Re: [Zope-dev] How (in)secure is Zope?

2003-03-12 Thread Jamie Heilman
to discount IMO), then no, Zope doesn't increase the possiblity of obtaining root privileges. -- Jamie Heilman http://audible.transient.net/~jamie/ You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile

Re: [Zope] Re: [Zope-dev] Proposed installation changes for review

2003-03-11 Thread Jamie Heilman
along all the baggage of 2 zserver instances. Its a start, but there's still a ways to go. -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's not for you. She was cheap, she was stupid and she wouldn't

Re: [Zope] Re: [Zope-dev] Proposed installation changes for review

2003-03-11 Thread Jamie Heilman
. -- Jamie Heilman http://audible.transient.net/~jamie/ We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come bloodied and squalling with the knowledge that for all the compasses in the world, there's only one

Re: [Zope] Re: [Zope-dev] Proposed installation changes for review

2003-03-11 Thread Jamie Heilman
Chris McDonough wrote: On Tue, 2003-03-11 at 17:48, Jamie Heilman wrote: How about, a lot of code/documentation was removed, and a lot of new code/documentation was added. Don't get hung up on the exact numbers, my point was, a lot of work has gone into simplifying the configuration

Re: [Zope-dev] Proposed installation changes for review

2003-03-10 Thread Jamie Heilman
. Sound familiar? -- Jamie Heilman http://audible.transient.net/~jamie/ ...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity... -Rimmer [1

Re: [Zope] Re: [Zope-dev] Proposed installation changes for review

2003-03-10 Thread Jamie Heilman
nothing left to remove from code, you've won. Some of the breaks have already been made, like the separation of the storage from its front-end. Thats good, we need more action along those lines. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself

Re: [Zope-dev] Declaring Dependencies for XML documents (Was: How To Improve Cache Coherency for RAM/Disk Cache Manager...?)

2003-03-04 Thread Jamie Heilman
as an observation. That said I don't think a dependancy based caching strategy is a bad idea. It could obviate the need for time-based cache expiration in some circumstances. In the long run, it all depends on your usage patterns as to whether it would pay off or not. -- Jamie Heilman

Re: [Zope-dev] How To Improve Cache Coherency for RAM/Disk Cache Manager...?

2003-03-03 Thread Jamie Heilman
Why make the unlucky user pay the price? Because the unlucky user (which I read as: author) is the only one who knows the required behavior of their code. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev **

Re: [Zope-dev] AIX

2003-02-21 Thread Jamie Heilman
There never was an answer from anybody. Thats probably because nobody wants to admit to running AIX. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists -

Re: [Zope-dev] Re: [Zope] PCGI?

2003-02-14 Thread Jamie Heilman
the ^ or $, (.*) is greedy enough by itself) -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's not for you. She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway. -Holly

Re: [Zope-dev] Zope Server Control

2003-02-07 Thread Jamie Heilman
projects is adding more logging to zope so that I can cull server status information from my logs, which may to some extent, provide finer granularity with less overhead. -- Jamie Heilman http://audible.transient.net/~jamie/ ...thats the metaphorical equivalent of flopping your wedding

  1   2   >