Wiki source code of IRC Archive for channel #xwiki

Last modified by Vincent Massol on 2012/10/18 19:12

Show last authors
1 florinciu joined #xwiki at 00:04
2 florinciu left at 00:35 (Read error: Connection reset by peer
3 abusenius left at 00:51 (Quit: Konversation terminated!
4 lucaa left at 01:29 (Ping timeout: 258 seconds
5 sdumitriu left at 03:17 (Ping timeout: 240 seconds
6 mflorea joined #xwiki at 06:25
7 nuvolari left at 07:21 (Excess Flood
8 nuvolari joined #xwiki at 07:22
9 nuvolari left at 07:24 (Changing host
10 nuvolari joined #xwiki at 07:24
11 kibahop joined #xwiki at 08:00
12 vmassol joined #xwiki at 08:16
13 sburjan joined #xwiki at 08:26
14 plunden joined #xwiki at 08:30
15 vmassol left at 08:50 (Quit: Leaving.
16 vmassol joined #xwiki at 08:53
17 vmassol1 joined #xwiki at 08:53
18 vmassol left at 08:58 (Ping timeout: 265 seconds
19 vmassol joined #xwiki at 09:14
20 vmassol1 left at 09:14 (Read error: Connection reset by peer
21 SvenDowideit left at 09:15 (Ping timeout: 264 seconds
22 SvenDowideit joined #xwiki at 09:18
23 SvenDowideit_ joined #xwiki at 09:22
24 SvenDowideit left at 09:23 (Ping timeout: 258 seconds
25 SvenDowideit_ is now known as SvenDowideit ([email protected]
26 Enygma` joined #xwiki at 09:26
27 silviar joined #xwiki at 09:27
28 lucaa joined #xwiki at 09:28
29 mflorea left at 09:33 (Quit: Leaving.
30 arkub joined #xwiki at 09:33
31 evalica joined #xwiki at 09:43
32 florinciu joined #xwiki at 09:52
33 sburjan - (09:52): hello guys. Question.
34 sburjan - (09:53): when I try to import an Office Document, I get an error saying "This feature requires an active openoffice server which we could not locate, please contact your administrator to resolve this issue. "
35 sburjan - (09:54): Is this normal ?
36 vmassol - (09:54): hi sburjan
37 vmassol - (09:54): yes it's normal
38 sburjan - (09:54): okay
39 tmortagne joined #xwiki at 10:04
40 evalica1 joined #xwiki at 10:11
41 sdumitriu joined #xwiki at 10:12
42 Denis joined #xwiki at 10:13
43 evalica left at 10:13 (Ping timeout: 272 seconds
44 KermitTheFragger joined #xwiki at 10:18
45 abusenius joined #xwiki at 10:23
46 jvdrean joined #xwiki at 10:30
47 CalebJamesDeLisl - (10:36): Good morning. It's too bad we can't flip the order of the 1.0 renderers because IMO 5272 is a blocker.
48 evalica1 is now known as evalica ([email protected]
49 mflorea joined #xwiki at 10:40
50 abusenius - (10:42): CalebJamesDeLisl: why do you think it is worse than 5223?
51 abusenius - (10:42): the result is the same :)
52 CalebJamesDeLisl - (10:42): In 5223 you are restricted, (no <>"&)
53 CalebJamesDeLisl - (10:43): Not a good excuse though. They are related, I'd like to fix them both at the same time.
54 abusenius - (10:44): well, unless you want to do arithmetic its fine
55 abusenius - (10:44): " is not a problem
56 CalebJamesDeLisl - (10:44): These are both runious which is why I think it's worth it to break backward compatibility.
57 CalebJamesDeLisl - (10:44): *ruinous
58 abusenius - (10:45): I agree, those things should have never been allowed
59 CalebJamesDeLisl - (10:46): vmassol: What say you to adding a config param for breaking 1.0 renderer compatibility?
60 vmassol - (10:46): I don't understand why you want to touch the 1.0 rendernig engine, it shouldn't be touched
61 vmassol - (10:46): it's read only basically
62 vmassol - (10:46): and only there for backward compat
63 vmassol - (10:46): so we shoudn't touch it as much as possible
64 vmassol - (10:47): it's deprecated if you prefer
65 CalebJamesDeLisl - (10:47): To plug a _big_ hole.
66 vmassol - (10:47): the rendering 1.0 *IS* a big hole by itself
67 vmassol - (10:47): this is why we wrote the 2.0 one
68 CalebJamesDeLisl - (10:47): Well, XSS is not good but this hole is really bad.
69 abusenius - (10:47): there is no difference whether some insecure code is deprecated or not, as long as its is accessible, it can be exploitet
70 CalebJamesDeLisl - (10:48): see: 5272 and the list of documents.
71 vmassol - (10:48): well we do allow not making the 1.0 syntax avail
72 vmassol - (10:48): it's a config option
73 CalebJamesDeLisl - (10:49): Not sure that each of those has the hole but I can see that some do.
74 vmassol - (10:49): if you define a new config param you'll need to hav eit off by default so it won't help
75 abusenius - (10:49): this one should be on
76 CalebJamesDeLisl - (10:49): Why off by default? New installations won't need this.
77 vmassol - (10:49): then you break backward compat and you're going to hurt a lot of people
78 abusenius - (10:50): IMO there is no point in trying to make new code secure if there are still tons of old security holes kept for backward compatibility with old exploits
79 CalebJamesDeLisl - (10:50): Meaning upgrades?
80 vmassol - (10:50): hmm you're right, if people are caeful
81 vmassol - (10:50): they won't merge it
82 vmassol - (10:50): *careful
83 vmassol - (10:50): so it means off by default
84 CalebJamesDeLisl - (10:50): IMO people should merge it and only revert if there is a problem.
85 vmassol - (10:50): ie when it doesn't exist it's off
86 vmassol - (10:51): CalebJamesDeLisl: people won't know about it
87 CalebJamesDeLisl - (10:51): Also we are going to have to put out a bulletin for this IMO.
88 vmassol - (10:51): anywya needs to be discussed on the security list not here
89 abusenius - (10:51): true
90 CalebJamesDeLisl - (10:52): Well I'll send a proposal there.
91 sburjan left at 10:59 (Read error: Connection reset by peer
92 sburjan_ joined #xwiki at 10:59
93 jvelo joined #xwiki at 11:20
94 CalebJamesDeLisl - (11:28): Anyone (vmassol?) have a problem with me applying Alex's "no nested scripts" patch? http://jira.xwiki.org/jira/browse/XWIKI-5223
95 vmassol - (11:29): I can have a quick look to see if I spot anything wrong
96 vmassol - (11:30): tmortagne will want to review it too I'm sure
97 vmassol - (11:30): I can already see some things that need to be fixed before applying it
98 vmassol - (11:30): like:`
99 vmassol - (11:30): -.expect|event/1.0
100 vmassol - (11:30): +.# Skipped, since nested scripts are not allowed any more, but it is hard to match the error trace here
101 vmassol - (11:31): I don't like it FTM
102 vmassol - (11:31): wait I mis-read something
103 vmassol - (11:31): so I remove that last statement
104 vmassol - (11:31): ;)
105 vmassol - (11:31): stillr eading
106 vmassol - (11:32): thought alex had introduced the notion of script in abstractblock…. ;)
107 CalebJamesDeLisl - (11:32): But you have no problem with the basic idea that scripts shouldn't be nested?
108 vmassol - (11:32): ah yes he has
109 vmassol - (11:32): currentBlock.setIsScript(true);
110 vmassol - (11:32): I don't like that part FTM (I'd need to understand it better)
111 vmassol - (11:33): CalebJamesDeLisl: I have no idea, haven't thought about it
112 vmassol - (11:33): I don't like that the checks are done internally as a general rule
113 vmassol - (11:33): I would have thought about some external rules
114 vmassol - (11:33): applied to an xdom
115 tmortagne - (11:33): i'm still not 100% sure about and and having script noting at AbstractBlock level is bad for sure
116 vmassol - (11:33): if someone wants nested scripts he won't be able not to run the filter
117 vmassol - (11:34): I'm ?1 to apply it as is
118 vmassol - (11:34): (after a quick review)
119 vmassol - (11:34): it adds the notion of scripts in several places
120 vmassol - (11:34): which shouldn't be aware of that
121 CalebJamesDeLisl - (11:35): -1 to the concept of blocking script in script?
122 vmassol - (11:35): (MAcroMaarkerBlock for ex)
123 tmortagne - (11:35): i don't even understand why he needs that
124 vmassol - (11:36): CalebJamesDeLisl: no, ?1 to hard code stuff and especially in places that shouldn't know about it
125 tmortagne - (11:36): also the patch contains lot's of code unrelated to the nested script blocking thing
126 vmassol - (11:36): (we need to keep an extensible implementation)
127 abusenius - (11:37): the reason why I added isScript is that I didn't wanted to hardcode "groovy" "velocity" etc
128 tmortagne - (11:37): abusenius: you don't need that
129 abusenius - (11:37): how do I distinguish between script and not script?
130 tmortagne - (11:37): just get the macro component and check if it's a ScriptMacro
131 abusenius - (11:38): but it ist the script macro, its a macro block that was added after macro execution
132 abusenius - (11:38): s/ist/isnt/
133 vmassol - (11:39): could it be that you want generic markers?
134 tmortagne - (11:39): and ? you know the macro id and all macros have corresponding components
135 tmortagne - (11:39): just get the component based on it
136 vmassol - (11:39): (haven't really thought about your algo though)
137 abusenius - (11:40): vmassol, well I wanted to distinguish differen macro types
138 abusenius - (11:40): but I need to look at the way tmortagne is suggesting
139 vmassol - (11:40): ok
140 tmortagne - (11:40): for now there is only an abstract for script macro i think but we can introduce a interface to be cleaner
141 tmortagne - (11:41): i need to open Eclipse but that's the second time it crashes...
142 abusenius - (11:42): vmassol: re skipped tests, I could find an easy way to match arbitrary error trace in unit test, I wrote functional tests instead
143 abusenius - (11:42): (for those 2)
144 vmassol - (11:43): abusenius: what I meant is that skipping tests is not a solution
145 vmassol - (11:43): either the tests are removed for some reason or they are executed
146 vmassol - (11:43): skipping is like commenting out code
147 abusenius - (11:44): well, it was meant as a temporary measure
148 vmassol - (11:44): sure
149 vmassol - (11:44): but I was responding to caleb
150 vmassol - (11:45): that it needs to be fixed before applying the patch
151 tmortagne - (11:45): abusenius: checked, there is only AbstractScriptMacro but you can introduce a ScriptMacro interface (it was not needed before and check the type based on an abstract is not nice) in the same package (it's a public package)
152 CalebJamesDeLisl - (11:45): Hmm how about ScriptMacroMarkerBlock extends MacroMarkerBlock then just check what type of class it is?
153 tmortagne - (11:46): CalebJamesDeLisl: the MacroBlock is generated by the generic macro transformation
154 tmortagne - (11:46): it doe snot know anything about scripts
155 tmortagne - (11:46): s/MacroBlock/MacroMarkerBlock/
156 CalebJamesDeLisl - (11:46): Ok. I'm not very well versed in the renderer.
157 abusenius - (11:50): tmortagne: ok, I'll update the patch accordingly
158 Enygma`1 joined #xwiki at 11:53
159 mflorea1 joined #xwiki at 11:53
160 tmortagne - (11:54): abusenius, CalebJamesDeLisl: btw after some tough i'm ok with this blocking nested script things in theses use case since if you really need that for a valid use case you can use other ways like special macro or programatically which are less easy but it's maybe better to let only users that knows what they do support this
161 evalica1 joined #xwiki at 11:54
162 florinciu1 joined #xwiki at 11:54
163 lucaa1 joined #xwiki at 11:55
164 silviar1 joined #xwiki at 11:55
165 silviar1 left #xwiki at 11:55
166 lucaa left at 11:56 (Ping timeout: 240 seconds
167 silviar left at 11:56 (Ping timeout: 240 seconds
168 Enygma` left at 11:56 (Ping timeout: 240 seconds
169 mflorea left at 11:56 (Ping timeout: 264 seconds
170 florinciu left at 11:56 (Ping timeout: 252 seconds
171 evalica left at 11:56 (Ping timeout: 265 seconds
172 vmassol - (11:57): tmortagne: you mean putting the check by default in AbstractScript instead of doing it in a filter (in a Tx for ex)?
173 sburjan_ left at 11:57 (Ping timeout: 240 seconds
174 vmassol - (11:57): why couldn't it be done in a Tx btw?
175 mflorea joined #xwiki at 11:57
176 vmassol - (11:57): (it was meant for this kind of use cases)
177 CalebJamesDeLisl - (11:58): Tx? Transformation?
178 evalica joined #xwiki at 11:58
179 vmassol - (11:58): yes
180 CalebJamesDeLisl - (11:58): I asked the same, it's because you can hide a macro inside of an html macro.
181 Enygma`1 left at 11:58 (Ping timeout: 276 seconds
182 CalebJamesDeLisl - (11:59): {{velocity}} {{html wiki=true}} {{velocity}} ....
183 lucaa1 left at 11:59 (Ping timeout: 240 seconds
184 CalebJamesDeLisl - (11:59): {{html}} is a black box as I understand it.
185 florinciu1 left at 11:59 (Ping timeout: 276 seconds
186 vmassol - (11:59): yes macro content is a black box right now
187 vmassol - (11:59): but
188 evalica1 left at 12:00 (Ping timeout: 264 seconds
189 vmassol - (12:00): hmm thinking...
190 mflorea1 left at 12:00 (Ping timeout: 252 seconds
191 CalebJamesDeLisl - (12:00): Maybe evaluate all inner content recursively and blow up if it finds another script macro?
192 CalebJamesDeLisl - (12:00): Sure would be easier.
193 vmassol - (12:01): I need to understand what you're doing first. When you say froboding scripts inside scripts , wdym?
194 vmassol - (12:01): {{velocity}}{{groovy}}…{{/groovy}}{{/velocity}} is valid for ex
195 vmassol - (12:01): or do you mean <script> as in HTML?
196 CalebJamesDeLisl - (12:01): No I mean {{velocity}}{{groovy}} ...
197 vmassol - (12:02): hmm that solves use cases. What is wrong with it?
198 CalebJamesDeLisl - (12:02): http://jira.xwiki.org/jira/browse/XWIKI-5223
199 abusenius - (12:03): the problem is that the content of {{groovy}} is generated using velocity
200 vmassol - (12:03): yesthat's the point :)
201 CalebJamesDeLisl - (12:03): Are there use cases where that's the only answer?
202 abusenius - (12:03): well, you can actually generate the {{groovy}} tags
203 tmortagne - (12:04): vmassol: (11:37:57 AM) <moi>: just get the macro component and check if it's a ScriptMacro
204 abusenius - (12:04): so as soon as you have any kind of injection
205 abusenius - (12:04): youre dead
206 abusenius - (12:05): a better solution IMO is to first parse xwiki completely and then evaluate scripts
207 CalebJamesDeLisl - (12:05): It's a particular pain because our current best practices don't address this vector.
208 vmassol - (12:05): I don't like it
209 vmassol - (12:05): as a general rule
210 abusenius - (12:05): so that we know which macros were there and which were injected
211 vmassol - (12:05): maybe for nested scripts inside velocity but generally I'm not sure
212 vmassol - (12:05): (even for velocity I'm not sure)
213 abusenius - (12:06): I don't see any reason why people should be able to generate scripts with other scripts
214 abusenius - (12:06): if there are strange use cases - too bad
215 vmassol - (12:06): that's called scripting languages
216 vmassol - (12:06): :)
217 vmassol - (12:06): there are lots of uises cases for that
218 CalebJamesDeLisl - (12:06): Such as?
219 vmassol - (12:07): any use case where you want o generate anotehr script
220 CalebJamesDeLisl - (12:07): :D Example?
221 abusenius - (12:07): you shouldnt want it :)
222 vmassol - (12:07): for example in the class wizard
223 tmortagne - (12:07): vmassol: actually that's not really scripting thing, in script you generally call some eval method to do that, you don't print the script to execute later
224 abusenius - (12:08): you can workaround it, make a script that take parameters
225 vmassol - (12:08): I need to read the jira issue to understand the need. So far I've only been commenting from the POV of the use cases
226 vmassol - (12:09): it's a lot to read
227 CalebJamesDeLisl - (12:09): 5223 is what started it.
228 tmortagne - (12:09): i think the main point is that abusenius and CalebJamesDeLisl think it's too difficult to properly protect a script when it's manipulating user datas
229 vmassol - (12:09): since you're several to understand the problem it seems I'll let you handle it (I need to finish coding something first). I just want to make sure we hardcode the minimum in the rendering
230 sburjan_ joined #xwiki at 12:10
231 CalebJamesDeLisl - (12:10): Hmm, I have some stuff which will break. I will need to fix it but I think that for the best.
232 vmassol - (12:10): (harcoding logic that is)
233 tmortagne - (12:10): (which would make user able to inject a new script in its datas)
234 vmassol - (12:10): tmortagne: yes I gathered that
235 tmortagne - (12:10): i don't think there is much more
236 vmassol - (12:10): but it shouldnb't be done at the detriment of valid use cases so we need to be sure there are no valid use cases
237 vmassol - (12:10): because if you listen to security guys
238 vmassol - (12:11): they'll tell you you shouldn't put any script in pages
239 vmassol - (12:11): becuase it's a security hole
240 vmassol - (12:11): :)
241 vmassol - (12:11): so you end up with a tool that is worthless
242 vmassol - (12:11): ;)
243 abusenius - (12:11): well, they are right :)
244 tmortagne - (12:11): vmassol: i already say it was kinf of ok for me because there is ways to support it
245 tmortagne - (12:11): but when you use theses ways you know what you do basically
246 tmortagne - (12:12): so you don't permit user to inject script by mistake
247 vmassol - (12:12): I remember I used that strategy in 1.0
248 vmassol - (12:12): when I had to dynamically generate the XML for a mindmap
249 vmassol - (12:12): it was very handy
250 vmassol - (12:12): if I had to do it programmatically I wouldn't have done it
251 CalebJamesDeLisl - (12:13): vmassol: I believe in principled security systems where there are lots features and functions while some are blocked (such as pointers in java)
252 CalebJamesDeLisl - (12:13): No features == no security because nobody uses it.
253 vmassol - (12:13): note to all: I'm not against it
254 vmassol - (12:13): just saying we have to be careful and not hardcode it if we can
255 vmassol - (12:13): not hardcode = follow generic rendernig architecture
256 CalebJamesDeLisl - (12:14): Maybe another "safe or dead" config param?
257 vmassol - (12:14): right now that's: parser, tx, renderer. If we need something more we need to add it
258 vmassol - (12:14): no param please :)
259 vmassol - (12:14): I'm talking java api here anyway
260 tmortagne - (12:14): vmassol: with the solution I gave to abusenius the only code added is in AbstractScriptMacro
261 abusenius - (12:15): why are you agains parsing xwiki macros first?
262 vmassol - (12:15): me?
263 tmortagne - (12:15): abusenius: WDYM ?
264 abusenius - (12:15): well, everyone, nobody seems to like the idea
265 abusenius - (12:15): parse xwiki - parse scripts - execute scripts
266 CalebJamesDeLisl - (12:16): Scripts which generate xwiki2 content?
267 abusenius - (12:16): so we first build a tree of xwiki macros (I know the generic parser now does it differently)
268 tmortagne - (12:16): abusenius: what is the difference with now ?
269 vmassol - (12:16): maybe some notion of ProxyBlock
270 vmassol - (12:16): that a TX would add around MacroBlock when they are scripts
271 vmassol - (12:16): so that ProxyBlock would do some checks
272 tmortagne - (12:16): abusenius: finding nested macros is impossible
273 abusenius - (12:17): tmortagne, now each macro is first evaluated, then parsed again
274 abusenius - (12:17): why?
275 vmassol - (12:17): (at exeuction)
276 tmortagne - (12:17): abusenius: what ?
277 vmassol - (12:17): I like that actually
278 vmassol - (12:17): wdyt?
279 tmortagne - (12:17): only scrip macrio sare parsed
280 abusenius - (12:17): tmortagne: why impossible?
281 tmortagne - (12:17): because the produce wiki syntax
282 tmortagne - (12:17): so this is perfecty normal
283 tmortagne - (12:18): you can't parse something that doe snot already exists...
284 abusenius - (12:18): well, if the parser cant find it, it should not be alowed
285 CalebJamesDeLisl - (12:18): I think what abusenius is suggesting is see a macro, parse and render recursively until there are no macros left.
286 tmortagne - (12:18): abusenius: it's impossible because you can't support every posible syntaxes in the parser
287 abusenius - (12:18): normal use cases like nested groovy in velocity will be easy
288 abusenius - (12:18): and you shouldnt
289 tmortagne - (12:18): {{velocity}}
290 tmortagne - (12:18): {{include/}}
291 tmortagne - (12:18): {{/velocity}}
292 tmortagne - (12:18): is not some velocity with a macro inside
293 vmassol - (12:18): (the idea would be similar to the secure uberspector done in velocity but with a TX for script macros)
294 tmortagne - (12:19): it's a vlocity content
295 tmortagne - (12:19): and only that
296 abusenius - (12:19): it is not as nice as it is done now, where macros are completely independent extensions, but is much safer
297 tmortagne - (12:19): it just happen that in the end this script macro produce a xwiuki/2.0 content containing some macro in it
298 abusenius - (12:20): IMO exactly this "feature" is very very bad
299 CalebJamesDeLisl - (12:20): {{velocity}}{{include/}} Ut oh. The current patch will break these.
300 abusenius - (12:20): CalebJamesDeLisl: no
301 CalebJamesDeLisl - (12:20): Include resets it?
302 abusenius - (12:21): yes, but it doesnt fix the problem with includes
303 tmortagne - (12:21): CalebJamesDeLisl: indeed that will not work
304 CalebJamesDeLisl - (12:21): problem with includes?
305 tmortagne - (12:21): so this is one use case
306 abusenius - (12:21): include vs. pr
307 tmortagne - (12:22): unless you specifically test for include in AbstractScriptMAcro
308 vmassol - (12:22): TX: macroblock("velocity") —> macroblock("proxyscript", param: language="velocity")
309 tmortagne - (12:22): which make include macro pretty hardcoded
310 abusenius - (12:22): thats another reason why I wanted to distinguish macro types...
311 abusenius - (12:23): smth like: nestable - not nestable - reset nesting
312 tmortagne left at 12:23 (Quit: Leaving.
313 CalebJamesDeLisl - (12:24): he didn't like that idea ^^
314 vmassol - (12:24): :)
315 CalebJamesDeLisl - (12:25): Ok, an alternative for the moment would be to make escapetool.xml escape {
316 CalebJamesDeLisl - (12:26): Since it looks like we're going to have to add the concept of "can nest", "cannot nest" and "reset nesting".
317 abusenius - (12:28): btw the problem with {{include }} will remain in both cases
318 vmassol - (12:29): lunch time
319 arkub left at 12:34 (Ping timeout: 258 seconds
320 CalebJamesDeLisl - (12:56): "// included documents intercept the chain of nested script macros with XWiki syntax" K.
321 CalebJamesDeLisl - (12:57): Really ought to be more generic though.
322 tmortagne joined #xwiki at 13:01
323 xwikibot joined #xwiki at 13:52
324 mariusbutuc joined #xwiki at 13:59
325 mariusbutuc left #xwiki at 13:59
326 silviar joined #xwiki at 14:06
327 CalebJamesDeLisl - (14:07): abusenius: Are you working on the nested macro patch?
328 abusenius - (14:10): yes
329 abusenius - (14:11): (was away for a lunch tough)
330 CalebJamesDeLisl - (14:11): Ok. Ping me when you have some changes. I'll look at having a patch for the 1.0 renderer.
331 abusenius - (14:12): ok
332 vmassol - (14:23): hehe
333 vmassol - (14:23): at last we're identified as a rendering engine:
334 vmassol - (14:23): http://kvoges.wordpress.com/2010/06/14/which-java-wiki-engine-should-one-use-within-an-opensource-application-xwiki-vs-wikitext-mylyn/
335 vmassol - (14:23): :)
336 lucaa joined #xwiki at 14:38
337 jvelo - (14:38): cool
338 CalebJamesDeLisl - (14:42): :) That's really our strong point.
339 CalebJamesDeLisl - (14:43): One day (when I'm old and gray) I'll write a BBcode parser. That would be cool.
340 lucaa left at 14:43 (Quit: Leaving.
341 lucaa joined #xwiki at 14:43
342 jvelo left at 14:59 (Read error: Connection reset by peer
343 sburjan_ left at 15:00 (Ping timeout: 240 seconds
344 jvelo joined #xwiki at 15:03
345 abusenius - (15:07): now it exeeds max fan-out complexity -_-
346 lucaa - (15:08): hi guys
347 lucaa - (15:08): where is xwiki initializing the plugins?
348 lucaa - (15:09): the ones configured int xwiki.cfg
349 vmassol - (15:09): XWiki.java
350 vmassol - (15:09): (I think)
351 vmassol - (15:09): checking
352 lucaa - (15:10): xwiki.java has 5000 lines of code :)
353 vmassol - (15:10): preparePlugins
354 vmassol - (15:10): in XWiki.java
355 vmassol - (15:10): line 1127
356 lucaa - (15:11): ok. thanks
357 florinciu joined #xwiki at 15:13
358 vmassol - (15:21): tmortagne and all: wdy about removing all our remote repo definitions in our pom.xml and instead configuring our nexus instance to proxy them? It would have several benefits but one of them is speed and caching
359 vmassol - (15:22): (for ex rtight now the jboss remote repo isn't answering so it's a pain to wait for the timeout)
360 jvelo - (15:22): +1
361 vmassol - (15:23): the definition of remote repos shouldn't be in the pom.xml as a best practice
362 vmassol - (15:23): ok I'll try to configure this
363 tmortagne - (15:23): sounds good (when you don't have nexus you don't have much choice ;))
364 vmassol - (15:23): I've noticed the pb while in Algeria where the internet connection wasn't good
365 vmassol - (15:23): tmortagne: you edit your settigns.xml
366 tmortagne - (15:24): then it's a pain for users
367 tmortagne - (15:24): to build
368 vmassol - (15:24): well they need to do that nayway
369 vmassol - (15:24): anyway
370 vmassol - (15:24): to add the xwiki remote repo
371 vmassol - (15:24): and it's the maven way
372 tmortagne - (15:24): yep but these repo are used by every single maven module of Xwiki
373 vmassol - (15:24): did you know that projects that have repos defined in pom.xml are not allowed to be put in the central repo
374 vmassol - (15:24): ?
375 tmortagne - (15:25): vmassol: makes sense since they are supposed to have all there dependencies in the central repo
376 tmortagne - (15:25): but when we depends on something that is not on central repo anyway event if we don't put the repo in the pom it's not valid eiother
377 abusenius - (15:32): hmm, I need to split AbstractScriptMacro because max class fan-out check fails, is it ok to extract a AbstractNotNestableMacro superclass?
378 abusenius - (15:32): tmortagne?
379 tmortagne - (15:33): abusenius: you mean extends a AbstractNotNestableMacro in AbstractScriptMacro ?
380 abusenius - (15:33): yes
381 abusenius - (15:34): and AbstractNotNestableMacro extends AbstractMacro
382 tmortagne - (15:34): how AbstractNotNestableMacro knows what parent macro it's supposed to filter ?
383 tmortagne - (15:34): could be usefiull to have AbstractNotNestableMacro for other use case if it's clean and not not contains anything about script
384 tmortagne - (15:34): so yes that would make sense
385 abusenius - (15:35): it would just have the method to check for nested macros
386 abusenius - (15:35): use MAcroManager to get the macro by id
387 tmortagne - (15:35): now maybe you need a component instead of an abstract
388 tmortagne - (15:36): if it's only tool methods in it
389 abusenius - (15:36): hm
390 abusenius - (15:36): well, this would also work I guess
391 mariusbutuc joined #xwiki at 15:46
392 sburjan joined #xwiki at 16:14
393 plunden left #xwiki at 16:39
394 florinciu left at 16:45 (Quit: Leaving.
395 abusenius - (16:53): tmortagne, why a component and not just an internal util class? its not very useful elsewhere
396 evalica left at 16:54 (Quit: Leaving.
397 tmortagne - (16:55): abusenius: you choose :)
398 abusenius - (16:59): I choose to keep it simple :)
399 abusenius - (17:01): added updated patch to XWIKI-5223
400 abusenius - (17:02): CalebJamesDeLisl: ping
401 CalebJamesDeLisl - (17:02): Ok, looking...
402 CalebJamesDeLisl - (17:06): Maybe we should have a "public" issue for this a comment containing 5223 won't help lay code readers.
403 CalebJamesDeLisl - (17:07): Is this code tested?
404 abusenius - (17:08): probably, afair Sergiu was talking about adding a public version of issues some time ago
405 abusenius - (17:08): yes
406 abusenius - (17:08): there are even tests :)
407 CalebJamesDeLisl - (17:09): AFAIK @Requirement doesn't work when the class is instantiated with "new"
408 abusenius - (17:10): where does this happen?
409 CalebJamesDeLisl - (17:11): MacroUtils
410 CalebJamesDeLisl - (17:11): private ScriptMacroUtils scriptUtils = new ScriptMacroUtils();
411 abusenius - (17:11): (rerunning tests)
412 tmortagne - (17:11): yep no way @Requirement would work if not initialized by component manager
413 abusenius - (17:12): strange, it worked somehow last time I checked
414 abusenius - (17:12): maybe I again forgot to build something
415 CalebJamesDeLisl - (17:15): XWIKI-5275
416 CalebJamesDeLisl - (17:17): I like that design much better.
417 CalebJamesDeLisl - (17:18): :D
418 CalebJamesDeLisl - (17:19): Do you have an old computer kicking around?
419 abusenius - (17:19): and huge RAM disk please
420 abusenius - (17:19): no, its a core 2 duo actually
421 CalebJamesDeLisl - (17:20): Was going to say if you have an old computer which isn't doing anything you can set up a network, ssh in to it and compile there.
422 abusenius - (17:21): well, this wouldnt be much faster
423 abusenius - (17:21): actually even slower
424 CalebJamesDeLisl - (17:21): Did you do the test trick?
425 abusenius - (17:22): still recompiling
426 CalebJamesDeLisl - (17:23): In xwiki-core/pom.xml:
427 CalebJamesDeLisl - (17:23): - <forkMode>pertest</forkMode>
428 CalebJamesDeLisl - (17:23): + <argLine>-Xmx1024m</argLine>
429 CalebJamesDeLisl - (17:23): That speeds it up a couple of minutes.
430 abusenius - (17:25): my slow disk might be the cause (laptop)
431 CalebJamesDeLisl - (17:25): Disk shouldn't be any slower than others, is it solid state?
432 abusenius - (17:26): no
433 abusenius - (17:26): hm, ok NP exception
434 abusenius - (17:26): well its 5400
435 CalebJamesDeLisl - (17:27): All my disks are 5400 but their big.
436 mariusbutuc left #xwiki at 17:27
437 CalebJamesDeLisl - (17:28): You could instantiate ScriptMacroUtils with the dependency.
438 tmortagne - (17:28): or make it an internal component
439 tmortagne - (17:28): (O:-))
440 CalebJamesDeLisl - (17:29): There's a concept of internal components without public api?
441 tmortagne - (17:29): yep, just put the api in internal :)
442 tmortagne - (17:29): or you can alos have no api i think
443 tmortagne - (17:30): have the ^componenet and ^componenetRole in teh same place
444 tmortagne - (17:30): that should work
445 CalebJamesDeLisl - (17:30): That sounds like the best solution for this.
446 tmortagne - (17:30): i don't think @componentRole has to be an interface
447 abusenius - (17:34): trying...
448 silviar left at 17:35 (Read error: Connection reset by peer
449 vmassol - (17:36): tmortagne: hmm I can't find org.jboss.cache:jbosscache-core:jar:3.2.4.GA in remote repos. It's supposed to be in the jboss one I guess but I can't find it there. Any idea? http://repository.jboss.org/maven2/org/jboss/
450 tmortagne - (17:36): vmassol: yep it's supposed to be in jboss repository i think
451 tmortagne - (17:36): checking
452 vmassol - (17:36): http://repository.jboss.org/maven2/org/jboss/cache/jbosscache-core/
453 vmassol - (17:37): there are other versions but not this one
454 tmortagne - (17:41): vmassol: https://repository.jboss.org/nexus/content/groups/public/org/jboss/cache/jbosscache-core/3.2.4.GA/
455 tmortagne - (17:41): looks like that's not the sames repos after all
456 jvelo - (17:41): tmortagne, can you check your m2 repos size ?
457 vmassol - (17:41): tmortagne: indeed
458 jvelo - (17:41): (so we get an idea what we would need for nexus)
459 tmortagne - (17:42): https://repository.jboss.org/nexus/content/groups/public/ is the one documented on jbosscache website
460 tmortagne - (17:42): make me found theree is a 3.2.5 :)
461 vmassol - (17:42): I switched nexus to this one but it's still not working maybe it needs some time
462 vmassol - (17:42): yes saw that too
463 vmassol - (17:42): :)
464 tmortagne - (17:43): it's working well for me
465 tmortagne - (17:43): or i don't understand what you mean by it's not working
466 vmassol - (17:43): you're using the nexus as youre remote repo?
467 vmassol - (17:43): xwiki nexus
468 vmassol - (17:43): arf
469 tmortagne - (17:43): in the xwiki cache pom.xml yes
470 vmassol - (17:43): my bad, I put a wrong url
471 tmortagne - (17:44): i'm using what JBoss cache tell me to use actually
472 vmassol - (17:44): ok we're not talking about thr same thing
473 vmassol - (17:44): son't worry
474 vmassol - (17:44): s/son't/don't/
475 abusenius - (17:55): mixing Component and ComponentRole doesnt seem to work
476 abusenius - (18:05): ok, should work now ^^
477 CalebJamesDeLisl - (18:12): Looks good from here. Lunch time though.
478 vmassol - (18:13): sburjan: for copy you need to add a warning explaining that it currently requires PR
479 vmassol - (18:13): and link to the jira issue
480 sburjan - (18:13): PR ?
481 sburjan - (18:14): rights ?
482 vmassol - (18:14): http://jira.xwiki.org/jira/browse/XSCOLIBRI-209 and http://jira.xwiki.org/jira/browse/XWIKI-5081
483 vmassol - (18:14): PR = programming rights
484 sburjan - (18:14): okay.. I'll mention that
485 vmassol - (18:15): re Print it's in the Action menu for colibri
486 sburjan - (18:15): I don;t know exactly how or what PR is
487 sburjan - (18:15): just give me 5 minute
488 sburjan - (18:15): i hase still more 5 images to upload
489 vmassol - (18:15): IMO you should split Print section into 2: Print + Exports
490 vmassol - (18:15): ok
491 vmassol - (18:15): np
492 sburjan - (18:15): and the .. i'll tell when to take a looke
493 vmassol - (18:15): I'll read later
494 vmassol - (18:15): :)
495 vmassol - (18:16): thanks
496 sburjan - (18:16): okay.. so Print for Toucan and Explort for Colibri ?
497 vmassol - (18:16): for export yes
498 sburjan - (18:16): okay
499 vmassol - (18:16): for print no
500 sburjan - (18:16): stored
501 jvelo - (18:16): Hi CalebJamesDeLisl
502 mflorea left at 18:17 (Quit: Leaving.
503 jvelo - (18:18): ping me when you are back, I'd like to discuss couple of things re the invitation app
504 tmortagne - (18:18): vmassol: you have a non passing test, see http://hudson.xwiki.org/job/xwiki-platform-core/org.xwiki.platform$xwiki-core-velocity/6115/testReport/org.xwiki.velocity.internal.jmx/JMXVelocityEngineTest/testGetTemplates/
505 vmassol - (18:18): checking thanks
506 vmassol - (18:19): initially I thoguht it was because the mgmt module wasn't built
507 vmassol - (18:19): but it seems it's not for that reason
508 tmortagne left at 18:25 (Quit: Leaving.
509 sburjan - (18:33): vmassol : done with images
510 sburjan - (18:33): now moving to content
511 vmassol - (18:34): sburjan: "Simply click on the link to resolve the error.". It's not really an error. It's a wanted link
512 sburjan - (18:35): "Simply click on the link to add one:
513 sburjan - (18:35): "Simply click on the link to add one"
514 vmassol - (18:35): to create the page
515 sburjan - (18:35): "Simply click on the link to create the non-existing page"
516 vmassol - (18:36): "Simply click on the link to create the page."
517 vmassol - (18:36): I'll let you do the text
518 vmassol - (18:36): and I can review after
519 vmassol - (18:36): thanks
520 sburjan - (18:39): I didn't understand pretty well
521 sburjan - (18:39): when you said about spliting PRINT and EXPORT
522 vmassol - (18:39): they are 2 differnet features
523 vmassol - (18:39): right?
524 sburjan - (18:39): in Colibri it's called Export, in Toucan it's callen Print
525 sburjan - (18:39): nop
526 sburjan - (18:39): same action
527 vmassol - (18:39): no
528 vmassol - (18:40): think from a user point of view
529 vmassol - (18:40): printing is different from exporting
530 sburjan - (18:40): well they both export
531 sburjan - (18:40): even if in toucan it's written Print
532 vmassol - (18:40): grrrr
533 vmassol - (18:40): toucan was wrong
534 vmassol - (18:40): that's why it was fixed in colibri
535 vmassol - (18:40): :)
536 sburjan - (18:40): so what can I do :)
537 sburjan - (18:41): do you want the change the text from Toucan tfrom Print to Export ?
538 vmassol - (18:41): for printing:
539 vmassol - (18:41): let me start again
540 vmassol - (18:41): we need 2 sections
541 vmassol - (18:41): one for printing
542 vmassol - (18:41): one for exporting
543 vmassol - (18:41): same as we have sections for editing, renaming, etc
544 vmassol - (18:41): in the printing section you explain how to print using both skins
545 vmassol - (18:42): in the exporting section you explain how to export using both skins
546 sburjan - (18:42): you're refering more exactly to the Prin Preview Feature from both skins ?
547 sburjan - (18:42): *Print
548 vmassol - (18:42): I'm referrring to printing and exporting
549 vmassol - (18:43): for the printing part, yes I'm referring to print preview
550 sburjan - (18:43): okay, I see
551 sburjan - (18:43): in Toucan Export and Print are under the same menu, under Colibri they are not. and I will make 2 categories, describing for both skins
552 vmassol - (18:43): in toucan for the print feature, there are 2 actions:
553 vmassol - (18:43): - print
554 vmassol - (18:43): - print preview
555 vmassol - (18:43): in colibri for the print feautre, there's one action
556 vmassol - (18:43): - print preview
557 vmassol - (18:44): I'm not sure why we removed the print action in colibr, you'd need to ask sdumitriu
558 sburjan - (18:45): I will
559 sdumitriu - (18:45): Print as in print to a real printer?
560 vmassol - (18:45): yes, as in opens the print dialog box of the browser
561 sburjan - (18:45): I can't find normal print in toucan
562 sburjan - (18:45): only Print Preview
563 sburjan - (18:45): same as in Colibri
564 vmassol - (18:46): sburjan: http://platform.xwiki.org/xwiki/bin/download/Features/DocumentLifecycle/PrintToucan.PNG
565 vmassol - (18:46): ? Print: Calls you're browser's Print feature to print the current page
566 vmassol - (18:46): ? Print Preview: Generates a page which is formatted so that it can be easily printed using your browser's Print feature.
567 sburjan - (18:46): that's Print Preview
568 vmassol - (18:46): there are 2 links
569 vmassol - (18:46): check the image
570 sburjan - (18:46): but NOT user friendly to have to click on the parent button to print and on the child (Print Preview) button to preview
571 jvdrean left at 18:47 (Quit: Leaving.
572 sburjan - (18:47): it's not intuitive
573 sburjan - (18:47): IMO
574 vmassol - (18:47): you've lost me
575 sburjan - (18:47): on the link you gave me
576 sburjan - (18:48): you have next options: Print Preview, Exportas PDF, Export as RTF, Export as HTML, Export as XAR
577 sburjan - (18:48): true ?
578 sburjan - (18:49): and in order to actually PRINT the page, you have to click the PRINT button (the category button), aka the Father button of the menu
579 vmassol - (18:49): no
580 vmassol - (18:49): I see "Print", "Print preview", etc
581 sburjan - (18:49): I don't see Print
582 KermitTheFragger left at 18:50 (Quit: Leaving
583 CalebJamesDeLisl - (18:50): jvelo: Back
584 sburjan - (18:50): I see Prind .. and that is a drop-down menu. If I click on that, the Print Windows appears
585 sburjan - (18:51): it's not too suggestive to have them separated (one being parent, and previwes as child)
586 vmassol - (18:51): wait
587 sburjan - (18:51): do you understand what am I saying ?
588 vmassol - (18:51): I'm talking about sub menu items
589 sburjan - (18:51): i don;t have a mic.. if I had I would had skyped you
590 vmassol - (18:51): not the top level menu itself
591 sburjan - (18:51): yes.. i have NO Print submenu, ONLY Print Preview
592 vmassol - (18:52): there are 6 sub menu items
593 vmassol - (18:52): http://platform.xwiki.org/xwiki/bin/download/Features/DocumentLifecycle/PrintToucan.PNG
594 sburjan - (18:52): I have only 5
595 sburjan - (18:52): Yes .. only 5
596 vmassol - (18:52): we need someone else to look at that image :)
597 sburjan - (18:52): wail
598 sburjan - (18:53): I'll create a JPEG screenshot of what I see
599 jvelo - (18:53): CalebJamesDeLisl, cool. I've downloaded latest snapshot of XE to test the invitation app
600 jvelo - (18:54): my first remark is that the i18n resources appear missing
601 vmassol - (18:54): sburjan: I've tested in real and the latest toucan doesn't have the print menu item as shown on the image
602 CalebJamesDeLisl - (18:54): jvelo: They are in a document bundle.
603 jvelo - (18:55): ok. it means we need to add them automatically in XWiki.Preferences, or move them to xwiki-core resources.properties
604 CalebJamesDeLisl - (18:55): But now that you mention it, development seems to have slowed down enough that I can put them into the hard coded .properties file
605 jvelo - (18:55): yep
606 vmassol - (18:55): sburjan: so the toucan image is not up to date anyway
607 vmassol - (18:56): but in any case in toucan there are print actions: printing for real and print preview
608 vmassol - (18:56): while in colibri there's only one
609 jvelo - (18:56): besides that, I find it odd that nowhere in the Invitation.WebHome UI you explain what the application is about
610 CalebJamesDeLisl - (18:56): You can get them by putting Invitation.InvitationDocumentBundle into XWikiPreferences
611 sburjan - (18:57): vmassol : the picture you are seeing, It's created using LATEST snapshot from today ... 20 minutes ago
612 jvelo - (18:57): like a 1-line on top of the form that says "Use this to invite your friends or coworkers to use this wiki, etc etc."
613 abusenius left at 18:57 (Ping timeout: 252 seconds
614 sburjan - (18:57): XWiki Enterprise 2.4-SNAPSHOT.29458
615 vmassol - (18:57): sburjan: then it's a cache issue
616 CalebJamesDeLisl - (18:57): Ok, that makes sense. Maybe we should put it to a UI specialist.
617 vmassol - (18:57): yes it is
618 vmassol - (18:58): seems like you replaced the old image with a new one
619 sburjan - (18:58): yeas.. the new one is taken usingthe latest version
620 jvelo - (18:58): BTW how does it work when guest is not allow to register ?
621 sburjan - (18:58): i cleared the cache of my browser, and It looks the same as before
622 jvelo - (18:58): you can still invite people ?
623 jvelo - (18:59): can you "deactivate" the UI?
624 CalebJamesDeLisl - (18:59): jvelo: Yup, there's a test to prove it :)
625 CalebJamesDeLisl - (18:59): deactivate?
626 jvelo - (18:59): who can send invitations?
627 jvelo - (18:59): all users or only admins?
628 CalebJamesDeLisl - (19:00): Anyone who had view access on Invitation.WebHome (registered users)
629 jvelo - (19:00): ok
630 jvelo - (19:00): maybe it could be an Admin feature as a default setting (I don't know - just asking)
631 jvelo - (19:01): why is the SMTP settings duplicated from the general one BTW?
632 sburjan - (19:01): vmassol : i'll talk to sdumitriu when he will be around
633 CalebJamesDeLisl - (19:02): jvelo: Because 1. you might want to send through a different server, different username, etc. 2. xpmail7
634 jvelo - (19:03): ok. maybe we could provide a link from one to another, so that pple know there's more
635 vmassol - (19:03): CalebJamesDeLisl: so if the settings is not set it uses the default ones?
636 CalebJamesDeLisl - (19:03): Correct. I need to document this better.
637 jvelo - (19:04): CalebJamesDeLisl, I have a display issue on FF / ubuntu in the Invitation section of the Administration section
638 jvelo - (19:05): I'm uploading a screenshot
639 CalebJamesDeLisl - (19:05): What is it?
640 jvelo - (19:05): labels are not aligned with their inputs, at some point in the form
641 sburjan - (19:05): I'm going out .. see ya tomorrow. vmassol .. don't be angry, we'll clarify the situation tomorrow
642 vmassol - (19:06): np
643 CalebJamesDeLisl - (19:06): Ok, I have been working on the alignment issue. It's an administration app issue.
644 jvelo - (19:06): CalebJamesDeLisl, last thing for now:) It could be nice to intercept the clicks on links on the preview email
645 jvelo - (19:07): (in JS)
646 jvelo - (19:07): right now when you click the accept link, you land on an error page
647 jvelo - (19:07): ok, cool
648 jvelo - (19:07): no need for my screenshot then
649 CalebJamesDeLisl - (19:07): Ahh, I will pretty up a lot of things when I start js.
650 CalebJamesDeLisl - (19:07): For now it works in IE! (because it has no js) ;)
651 CalebJamesDeLisl - (19:08): jvelo: Feel free to report issues on the XAINVITATION project.
652 jvelo - (19:08): hehe
653 jvelo - (19:09): OK.
654 CalebJamesDeLisl - (19:11): Anyone have any comments on this: http://jira.xwiki.org/jira/secure/attachment/17394/XWIKI-5223-forbid-nested-scripts-fix-updated-working.patch
655 jvelo - (19:17): got to go for now. bbl
656 CalebJamesDeLisl - (19:17): see ya.
657 vmassol1 joined #xwiki at 19:18
658 lucaa left at 19:19 (Ping timeout: 265 seconds
659 vmassol left at 19:20 (Ping timeout: 240 seconds
660 abusenius joined #xwiki at 19:21
661 sburjan left at 19:24 (Ping timeout: 248 seconds
662 CalebJamesDeLisl - (19:27): I have a piece which allows us to set the order of the 1.0 renderers.
663 CalebJamesDeLisl - (19:27): xwiki.render.renderingorder=macromapping, groovy, velocity, plugin, wiki, wikiwiki
664 CalebJamesDeLisl - (19:27): Like that in the .cfg file.
665 jvelo left at 19:29 (Ping timeout: 276 seconds
666 arkub left at 19:48 (Ping timeout: 258 seconds
667 abusenius - (20:54): CalebJamesDeLisl: have tried to look whether this patch breaks something in the default installation of XE?
668 CalebJamesDeLisl - (20:54): Have I?
669 abusenius - (20:55): yes :)
670 CalebJamesDeLisl - (20:55): The syntax 1 patch?
671 abusenius - (20:55): yes
672 CalebJamesDeLisl - (20:55): I haven't but I don't think it will.
673 CalebJamesDeLisl - (20:55): The list of docs in syntax1 is pretty small and that's a very odd use case.
674 CalebJamesDeLisl - (20:58): There is a code snippet which it will break but whoever wrote that was an idiot http://code.xwiki.org/xwiki/bin/view/Snippets/ReplaceWordsWithLinksSnippet
675 abusenius - (21:00): only applications/workstream/src/main/resources/Workstream/Service.xml seems to contain <%
676 CalebJamesDeLisl - (21:00): hey good thinking.
677 abusenius - (21:00): grep rules :)
678 CalebJamesDeLisl - (21:02): find -exec grep.
679 abusenius - (21:02): is there any other way to use groovy in syntax 1?
680 CalebJamesDeLisl - (21:02): Nope. that was a good idea making the groovy char an xml entity.
681 CalebJamesDeLisl - (21:02): find ./wiki/ -name '*.xml' -exec grep '&lt;%' {} \; -print
682 abusenius - (21:02): nope, fgrep '&lt;%' ((*~target)/)#*
683 abusenius - (21:02): zsh rules too
684 CalebJamesDeLisl - (21:03): in enterprise, the only thing that shows up is XWikiSyntax which is snytax2
685 CalebJamesDeLisl - (21:04): Hah, same for manager. Looks like where good.
686 CalebJamesDeLisl - (21:04): *we're
687 CalebJamesDeLisl - (21:05): What's better about zsh than bash?
688 abusenius - (21:07): everything :)
689 abusenius - (21:07): it has e.g. interactive mode
690 abusenius - (21:07): for completion
691 CalebJamesDeLisl - (21:08): like hitting tab?
692 abusenius - (21:08): so if you type say /<TAB> you dont just see what directories are there, you can go throudh them with arrows or tab
693 abusenius - (21:08): yes
694 abusenius - (21:09): same for command line arguments etc.
695 abusenius - (21:09): kill -9 firefo<TAB>
696 abusenius - (21:09): transforms firefox into its pid
697 CalebJamesDeLisl - (21:09): ok that's nice.
698 abusenius - (21:10): also extended globbing, like **/*(#q.) for all files in all subdirectories
699 abusenius - (21:10): (just files)
700 abusenius - (21:10): #q/ are directores, #q@ symlinks
701 abusenius - (21:10): and it doesnt look into hidded dirs like .svn
702 abusenius - (21:11): *hidden
703 abusenius - (21:11): and everything is configurable
704 CalebJamesDeLisl - (21:11): I've been just discovering the ridiculous things you can do with `
705 abusenius - (21:11): I have current git branch displayed in prompt :)
706 CalebJamesDeLisl - (21:12): I have to get back to playing with git soon.
707 abusenius - (21:12): and part of the path that is in repository highlighted in the right prompt
708 CalebJamesDeLisl - (21:12): Sounds like emacs.
709 abusenius - (21:12): yea, or vim
710 abusenius - (21:13): I have vim mode in command line, you press escape and can use vim shortcuts
711 abusenius - (21:13): something like this is also possible in bash, but more limited
712 abusenius - (21:13): (and emacs mode works too)
713 CalebJamesDeLisl - (21:14): Well emacs has a shell of it's own.
714 abusenius - (21:14): its an operating system :)
715 CalebJamesDeLisl - (21:14): http://24.media.tumblr.com/3REj7E7az6jdx5ssrgpEzH8L_500.jpg
716 CalebJamesDeLisl - (21:15): I always thought that described emacs well.
717 abusenius - (21:15): :D
718 abusenius - (21:15): do you know this: http://xkcd.com/378/ ?
719 abusenius - (21:16): the've implemented this feature in emacs :)
720 CalebJamesDeLisl - (21:16): yup. I like this one http://xkcd.com/404/
721 abusenius - (21:17): xkcd is cool :)
722 CalebJamesDeLisl - (21:17): meh, it's ok.
723 abusenius left at 21:18 (Quit: Konversation terminated!
724 abusenius joined #xwiki at 21:18
725 CalebJamesDeLisl - (21:19): Nice reboot time.
726 abusenius - (21:21): no, my connection lives its own life
727 CalebJamesDeLisl - (21:22): Hmm that didn't look like a connection drop. Wifi?
728 abusenius - (21:22): yes
729 abusenius - (21:22): reconnects from time to time for no particular reson
730 CalebJamesDeLisl - (21:23): Did you hear about the latest wifi hack? You set up a router with internet access, people connect to it, sniff their data, MITM etc.
731 CalebJamesDeLisl - (21:24): It works great because windows, mac, ubuntu will connect to any wifi they find.
732 CalebJamesDeLisl - (21:25): Supposedly it works with security because nobody was thinking about authenticating the router.
733 abusenius - (21:25): hm, sounds more like social ingenering
734 abusenius - (21:26): if you find a free open wifi it doesnt mean you should do online banking over it :)
735 CalebJamesDeLisl - (21:28): Actually MITM is (sort of) blocked by the CA's sort of...
736 CalebJamesDeLisl - (21:29): The other attack though is if it's a windows box, check the infamous port 443.
737 CalebJamesDeLisl - (21:29): and attach PDF ruin to every webpage they load.
738 abusenius - (21:29): have you heard of a "cookie monster" attack?
739 CalebJamesDeLisl - (21:29): hah, nope.
740 abusenius - (21:30): its cool, if somebody is browsing over https and cookies doesnt have secure flag set
741 abusenius - (21:31): you can inject a fake image on http://bank.com/ and the browser will send cookies in plaintext
742 abusenius - (21:31): (into some other http responce)
743 abusenius - (21:32): then sniff cookies, impersonate
744 CalebJamesDeLisl - (21:32): I thought cookies would fail for domain if it was https instead of http.
745 CalebJamesDeLisl - (21:33): "inject a fake image" messing with dns?
746 abusenius - (21:33): seems to work for some reason
747 abusenius - (21:34): no, if youre in the same network, just answer faster than the server
748 CalebJamesDeLisl - (21:36): So you're answering a call to http://bank.com?
749 CalebJamesDeLisl - (21:36): The browser must then make a call to http:// and not https://
750 abusenius - (21:37): e.g. https://bank.com/ in one tab and google in another
751 CalebJamesDeLisl - (21:38): do you read rsnake's blog?
752 abusenius - (21:38): you inject http://bank into google responce, browser will try to load it - boom
753 abusenius - (21:39): no
754 abusenius - (21:39): hm, looks interesting
755 CalebJamesDeLisl - (21:45): Ok, got it, you're adding <img> tags to the http site which pull (nonexistant) images from the bank in http mode.
756 abusenius - (21:48): exactly
757 CalebJamesDeLisl - (21:48): Still you need to be in their network.
758 CalebJamesDeLisl - (21:49): The Kaminsky attack doesn't really work because everyone's looking for it and everyone pretty much knows that .org is not hosted on somebody's dsl line.
759 CalebJamesDeLisl - (21:50): And the cool kids use opendns.
760 abusenius - (21:51): yes, but many people do online banking over free unencrypted wifi
761 CalebJamesDeLisl - (21:54): Well, you can also attack their software and get their info that way.
762 CalebJamesDeLisl - (21:55): the ancient pdf buffer overflow comes to mind but there must be other stuff you can do to a browser.
763 CalebJamesDeLisl - (21:57): Something I've never figured out is what do people do with stolen bank information?
764 abusenius - (21:58): I guess fraud
765 abusenius - (21:58): buying something on the wrong name
766 abusenius - (21:59): or send a fake bill, with correct data it will look very convincing
767 CalebJamesDeLisl - (22:00): You never hear about anybody losing money and not getting it back though.
768 CalebJamesDeLisl - (22:00): I'm convinced they hold it for ransom in exchange for fat checks from the bank which had an unencrypted database ;)
769 abusenius - (22:01): probably :)
770 abusenius - (22:01): there was a nice talk about stuff like that on FOSDEM
771 CalebJamesDeLisl - (22:01): So look for banks which hired do-nothing security managers with high pay and low hours.
772 abusenius - (22:03): http://fosdem.org/2010/schedule/events/eviloninternet
773 CalebJamesDeLisl - (22:13): Hmm, interesting. We have to worry about the site getting hit and turned into phishing pages.
774 lucaa joined #xwiki at 22:35
775 vmassol1 left at 22:50 (Quit: Leaving.
776 mflorea joined #xwiki at 22:53
777 florinciu joined #xwiki at 22:53
778 mflorea left at 23:25 (Quit: Leaving.
779 Freud_ joined #xwiki at 23:41
780 Freud_ - (23:44): is $doc.getSpace and $doc.GetName variables from Xwiki core or a plugin? And if it's from core, is there a similar variable go $doc.GetUrl or someplace I can find these variables?
781 Freud_ - (23:45): I found them within the SendPageByEmail application, but i'd like to modify it to send only the link...
782 florinciu left at 23:50 (Read error: Connection reset by peer
783 CalebJamesDeLisl - (23:51): Freud_: Have a look at: http://platform.xwiki.org/xwiki/bin/view/DevGuide/Scripting
784 CalebJamesDeLisl - (23:51): $doc is a binding to the current document.
785 CalebJamesDeLisl - (23:52): Document is part of the core.
786 Freud_ - (23:58): cool

Get Connected