IRC log for #koha, 2013-11-26

All times shown according to UTC.

Time S Nick Message
00:14 jcamins Joel was right.
00:18 maximep left #koha
00:25 wizzyrea[…]nna-hate18-hi.png
00:28 trea joined #koha
00:28 trea also, Snape kills Dumbledore. that is all.
00:30 trea left #koha
00:46 dcook lol
00:46 dcook I just noticed trea left after that one
00:46 * dcook was not impressed with that spoiler when he originally heard it
00:48 NateC joined #koha
00:54 trea joined #koha
00:55 BobB joined #koha
00:57 papa joined #koha
01:01 wizzyrea Use the force, Harry. -- Love, Gandalf.
01:01 trea ^^
01:16 trea joined #koha
01:20 trea joined #koha
01:22 mtompset joined #koha
01:23 mtompset Greetings, #koha.
01:23 mtompset Silly VM causing networking issues.
01:30 eythian @wunder nzwn
01:30 huginn eythian: The current temperature in Wellington, New Zealand is 13.0°C (2:00 PM NZDT on November 26, 2013). Conditions: Light Rain Showers. Humidity: 94%. Dew Point: 12.0°C. Pressure: 29.74 in 1007 hPa (Steady).
02:06 wizzyrea does anyone remember a bug about item level holds not appearing on the hold queue?
02:07 wizzyrea I can't find it, and I am *sure* it was a bug.
02:08 rangi hmm
02:09 rangi @search item level holds
02:09 huginn rangi: (search <word>) -- Searches for <word> in the current configuration variables.
02:09 rangi @query item level holds
02:09 huginn rangi: Bug[…]w_bug.cgi?id=2894 major, P3, ---, paul.poulain, NEW , Routing list holds are broken
02:09 huginn rangi: Bug[…]w_bug.cgi?id=3060 major, P5 - low, ---, gmcharlt, NEW , item number not on holds to pull report
02:09 huginn rangi: Bug[…]_bug.cgi?id=10162 normal, P5 - low, ---, gmcharlt, NEW , holds shouldn't be allowed on the title level of analytics
02:09 huginn rangi: Bug[…]w_bug.cgi?id=8723 critical, P5 - low, ---, koha-bugs, NEW , holds don't transfer when moving items
02:09 huginn rangi: Bug[…]w_bug.cgi?id=8859 normal, P5 - low, ---, koha-bugs, NEW , Item level holds not trapped if circ rules for item type are set to 'no holds allowed'
02:09 eythian bug 3060 looks possibly likely
02:09 huginn Bug[…]w_bug.cgi?id=3060 major, P5 - low, ---, gmcharlt, NEW , item number not on holds to pull report
02:09 eythian no wait
02:09 eythian I misread it
02:10 wizzyrea mmmm
02:12 rambutan joined #koha
02:30 wizzyrea bug 10311
02:30 huginn Bug[…]_bug.cgi?id=10311 major, P5 - low, ---, kyle.m.hall, Pushed to Stable , Holds queue ignores item-level holds where only one items exists
02:30 rangi ah ha
03:10 pianohacker joined #koha
03:29 mtompset Greetings, pianohacker rambutan rangi.
03:30 mtompset Greetings, eythian too. :)
03:30 eythian hi
03:30 wahanui hola, eythian
04:38 * dcook seems to remember hearing about someone seeking to rewrite the circ rules...
04:38 dcook If they do a good job, I will buy them beer
04:38 dcook "Also, these policies are based on the patron's home library, not the library where the hold is being placed.."
04:38 dcook Umm, what?
04:39 pastebot "dcook" at pasted "holds? what?" (7 lines) at
04:40 dcook Wait...maybe I do understand it..
04:44 rangi yep it means what it says, if they place a hold at branch x, but their home library is branch y .. the rules from branch y are used
04:45 dcook What if the rule is that no items from branch x can be put on hold?
04:47 dcook Or does that just mean in regards to the syspref doing the override?
04:47 dcook If that's the case, that makes sense
04:47 dcook It just seems like "these policies" might be referring to two different sets of policies
04:49 dcook Must run though
04:49 dcook Thanks for answering, rangi :)(
04:49 dcook :)*
05:23 edveal joined #koha
05:24 edveal Darn I was hoping I would catch Larryb working late.
05:26 yhager joined #koha
05:55 WaylonR joined #koha
05:55 WaylonR hi all
06:14 mtompset Hello and goodbye.
06:14 mtompset Have a great day, #koha.
06:25 dpk1 joined #koha
06:28 busla joined #koha
06:32 cait joined #koha
06:40 dpk1 joined #koha
06:48 alexia joined #koha
06:51 alexia hello, we are new to koha and we have a problem with authorities, they do not display even though i have run the indexer through the command misc/migration_tools/ -b -r -v. Is there any other indexer i need to run? Also , how do we create punctuation in cataloguing?
06:51 WaylonR alexia, -a is authorities.
06:51 WaylonR so, -b -a -r
06:52 WaylonR -v if you really want verbose
06:52 alexia ok ill try this now and let you know, thanx!
07:03 laurence joined #koha
07:13 WaylonR okay, using straight koha-master, can't login, keep getting 'session timed out' after logging in and clicking something.
07:32 WaylonR is down?
07:32 cait seems a bit slow
07:33 cait WaylonR: try deleting your cache
07:33 WaylonR did that.
07:33 cait maybe it's a bad session cookie
07:33 cait also, did you change your timeout setting?
07:33 WaylonR and git pull/fetch isn't working.
07:33 cait yeah i can't access the page either
07:33 cait we might have to wait for US waking up to fix it
07:34 WaylonR welp... guess ill do koha another day.
07:37 reiveune joined #koha
07:38 reiveune hello
07:38 wahanui bonjour, reiveune
07:43 paul_p joined #koha
07:46 WaylonR gits back
07:50 WaylonR hmmmmm.
07:51 WaylonR i really have no idea why the system is kicking me out, cait.. i cleared cache. and timeout is set to 1800
07:51 cait hm confusing
07:51 cait maybe check if there is something in the logs?
07:52 WaylonR and git is being abit slow yeds.
07:52 WaylonR yes
07:53 cait ok, have to run
07:53 cait bbl
07:59 alex_a joined #koha
07:59 WaylonR gitweb / git. is being really slow...
08:01 gaetan_B joined #koha
08:01 gaetan_B hello
08:01 wahanui bidet, gaetan_B
08:06 sophie_m joined #koha
08:07 Joubu hi #koha
08:34 cait joined #koha
08:34 cait good morning #koha
09:32 cait ashimema++
09:33 cait gmcharlt: ping me when you have a few mins please?
09:59 trea joined #koha
10:01 trea joined #koha
10:03 rangi Joubu: why use a whitelist, not use reftype ?
10:05 Joubu rangi: I don't understand what you want to do with reftype :)
10:06 rangi right
10:06 rangi so an object is just a blessed array
10:06 rangi sorry blessed hash
10:06 rangi ref cant understand that
10:06 cait maybe give an example?
10:06 rangi reftype can
10:06 rangi reftype($object) eq 'HASH'
10:07 Joubu yes, it is what I do. But in fact I have to encode only some object
10:07 Joubu Koha::Schema and DateTime is too big
10:07 Joubu and it is useless to encode values
10:07 Joubu There is no string we want to display
10:08 Joubu Currently only C4::Category causes problems
10:09 rangi then i cant see how that is any better than just adding the html_entity filter
10:09 Joubu rangi: if I "parse" all objects and all members of these objects, the load will increase significantly
10:09 * cait wishes she would understand what you 2 are talking about - but i hope it can be solved
10:11 Joubu I think it is better to fix the issue into a pm rather than in all tt files displaying a member of a C4::Category object
10:11 cait i think there was also someone worried about html_entity having not all possible characters?
10:11 cait i only saw it on the bug
10:12 rangi they are both the wrong solution
10:12 Joubu rangi: yes :)
10:12 Joubu rangi: what is the good one ? :)
10:13 rangi store and retrieve the item properly
10:13 rangi we shouldnt be doing any encodes
10:13 rangi on display
10:16 fredericd cait: Is there a bug umbrella covering JavaScript translatable texts bad formating? => _(' rather than _("
10:17 * rangi goes to sleep
10:17 Joubu rangi: That is a big development, isnt it?
10:17 Joubu rangi: good night
10:17 wahanui I watch you sleep.
10:23 cait fredericd: there might, but i think easier to just open one that can then be lcosed
10:24 cait wahanui: you can think that, but not say it aloud - it's creepy ;)
10:24 wahanui cait: i'm not following you...
10:29 fredericd cait: seen bug 8942
10:29 wahanui bug was last seen on #koha 2 years, 88 days, 7 hours, 28 minutes and 15 seconds ago, saying: seneca: rangi is a man :P [Wed Aug 31 03:01:06 2011]
10:29 huginn Bug[…]w_bug.cgi?id=8942 normal, P5 - low, ---, frederic, RESOLVED FIXED, Translation process breaks javascript in
10:30 cait fredericd: hm yes - not sure I understand what you want to do
10:30 cait fredericd: if there is a new occurence i woudl put it on a new bug I think - it's just easier to track. The omnibus bugs arre getting really huge fast
10:30 cait fredericd: maybe could have linked bugs to an omnibus one, but I don't think we have one yet
10:31 fredericd cait: Ok. I will open a new bug. xt/single_quotes.t test has to be expanded to test Bootstrap theme also
10:31 cait aaah ok
10:31 cait that makes sense
10:31 fredericd There is something wrong on Bootstrap which break display in French when single quote is used
10:32 cait fredericd: that makes sense, expanding the test and fixing every problem pointed out would be good
10:37 sophie_m joined #koha
10:37 WaylonR okay, ive updated to current master.. and still its kicking me out of koha after logging in successfully, and doing something.
10:37 cait WaylonR: and you cleared your cache and cookies?
10:37 cait maybe try a different browser too?
10:38 WaylonR different browser worked..
10:38 WaylonR it.. works in IE.....
10:38 WaylonR Dum dum dummmmmm
10:41 ashimema joined #koha
10:42 cait eek :)
10:42 cait now i am really worried
10:42 cait hi ashimema :)
10:42 ashimema good morning cait
12:25 jwagner joined #koha
12:53 collum joined #koha
12:54 mjoven joined #koha
12:55 mjoven Hi all, can I post here a question about OPAC interface ?
12:55 WaylonR go ahed
13:00 meliss joined #koha
13:04 mjoven When I search a book in Adminitrator Page, in details I can see Location ; but when a user connect with OPAC and search for same book, he cannot see its location
13:04 mjoven I don't understand if I need to enable some permission
13:04 paul_p joined #koha
13:04 WaylonR paul_p, <mjoven> When I search a book in Adminitrator Page, in details I can see Location ; but when a user connect with OPAC and search for same book, he cannot see its location
13:05 WaylonR what can mjoven do?
13:05 WaylonR I think Marc structure .. visible needs toggling..
13:05 WaylonR somewhere.
13:08 mjoven WaylonR I confirm that books were imported from another program and converted to MARC
13:09 WaylonR not what i ment.
13:09 mjoven MARC define detail about book or permissions too ?
13:13 WaylonR gpto /cgi-bin/koha/admin/​p=add_form&tagfield=952&frameworkcode=#subbfield ... is koha link: items.holdingbranch? if so, check that Visibility: OPAC is turned on.
13:13 WaylonR err..
13:13 WaylonR first, goto that link, then click on b
13:13 WaylonR then the rest
13:13 wahanui hmmm... then the rest is easy peasy
13:13 WaylonR ah
13:14 WaylonR visibilty is under "Advanced constraints"
13:14 cait mjoven: does it show on the detail page? the location? I mean is the difference in results or in detail pages?
13:14 WaylonR oooooo
13:14 WaylonR good question
13:15 cait WaylonR: the marc frameworks will only limist it for the marc view - most people are not aware of that i think - the normal display is driven by xslt (if activated) or is hardcoded perl :)
13:17 cait mjoven: what do you mean by location? the library or a location (LOC)? 952 a/b or c?
13:18 mjoven @cait I'm refering to location (I think 952c), library is showed correctly
13:18 huginn mjoven: I suck
13:19 NateC joined #koha
13:22 WaylonR .... huginn's a bot, ignore him
13:22 cait mjoven: detail page or result list?
13:23 mjoven detail page
13:23 wahanui detail page is great
13:23 cait mjoven: which version of Koha? and are you using the XSLT displays?
13:23 cait is your opac accessible?
13:23 mjoven @cait unfortunately is not accessible
13:23 huginn mjoven: I've exhausted my database of quotes
13:23 cait hm
13:24 cait you do't need the @ here, it will show up for me without :)
13:24 mjoven cait, sorry
13:25 cait things to look out for
13:26 cait your location codes in the item (best visible maybe when you look at the marcxmk download) exactly match the code you have defined in authorized values > LOC
13:26 NateC left #koha
13:26 NateC joined #koha
13:26 cait lower/uppercase can matter
13:26 mjoven let me know if I understand; information about MARC is saved in database (items table, I think); Koha select different field to show book details fpr administrator or user, correct ?
13:28 cait not sure where to start here
13:28 cait :)
13:28 mjoven cait, yes, is same location; this information is saved in LOCATION field, ITEMS table
13:28 cait items has the item information, some is linked to other tables, so for example your locations have a description and that is saved in another table
13:28 cait you only have the code for a location in items
13:28 cait or you should have, but I don't know how you migrated
13:29 cait location is not really a free text field
13:29 cait it's a field for a code that is then looked up
13:30 cait to be resolved into a description
13:30 cait you can define those codes and descriptions under administration > authorised values > LOC
13:36 edveal joined #koha
13:38 mjoven but in LOCATION field there is the exact information about the book
13:38 mjoven I'll try see in administration > authorised values > LOC
13:39 edveal joined #koha
13:44 mjoven cait, thanks
13:45 ashimema joined #koha
13:48 oleonard joined #koha
13:50 oleonard Hi #koha
13:53 cait hi oleonard :)
13:56 khall joined #koha
13:57 druthb cait! oleonard!
14:02 sophie_m joined #koha
14:15 nengard joined #koha
14:19 cait druthb!
14:19 druthb :)
14:21 cait @later tell gmcharlt - ping me when you have a few minutes?
14:21 huginn cait: The operation succeeded.
14:40 cait magnuse++ :)
15:01 maximep joined #koha
15:05 cait hm could someone give the restriction patches a test?
15:05 cait looking for a sign off :)
15:05 cait bug 11282
15:05 huginn Bug[…]_bug.cgi?id=11282 blocker, P5 - low, ---, koha-bugs, Needs Signoff , Not possible to create multiple restrictions from patron details/new restriction overwrites existing
15:36 mtompset joined #koha
15:36 mtompset Greetings, #koha.
15:36 mtompset How about that dd/mm/yyyy format loving to blow up things? :)
15:40 rambutan We should take strong countermeasures.
15:40 oleonard ?
15:41 mtompset oleonard: given a date in an unknown format (which you as a human being knows it will be dd/mm/yyyy) convert it to YYYY-MM-DD.
15:41 mtompset I can't find a perl library that does this right.
15:42 oleonard Koha must be doing it somewhere
15:42 mtompset It fails.
15:42 oleonard ...since it accepts dd/mm/yyyy as a date format preference
15:42 mtompset Yes, and it blows up in the tools/
15:43 pastebot "mtompset" at pasted "The first line is me adding code." (6 lines) at
15:44 oleonard Well let's be specific then. "It fails" is unnecessarily broad. Koha most certainly handles dd/mm/yyyy correctly in most places
15:44 mtompset True ... it fails in tools/
15:44 mtompset There's the paste.
15:45 mtompset But it isn't a Koha bug. It's a perl library bug.
15:45 mtompset So, I've been trying to find something that does it right without knowing the format.
15:45 mtompset Because only the human will know the system preference value
15:46 oleonard I know nothing about it, but I can't help but think looking at other Koha code that handles dates correctly would be enlightening
15:46 cait mtompset: i am quite sure we do that in lots of places like oleonard said
15:47 mtompset I'll see if we do, but my gut is that we merely display it, and not try to convert it to YMD or some other format.
15:47 cait and koha does know the syspref value too - we show the hints and all that about how to enter a date
15:48 mtompset when I say "doesn't know"... functionX(parameter) is unaware of what parameter is, but it is expecting a particular range, and DMY doesn't seem to be in it.
15:49 cait oleonard: thx for testing 11282
15:49 cait khall: 11282 needs you! :P
15:49 oleonard Sure. Hopefully only a simply follow-up is required
15:50 cait oleonard: i really want to see that one fixed, it's a bit scary with the overwriting of data
15:50 khall cait: I'm on it!
15:50 cait khall++ :)
15:57 khall owen: I can't reproduce your problem!
16:01 khall cait: oleonard:
16:04 oleonard Sorry khall, it really doesn't work for me
16:05 khall are you testing on master?
16:05 khall have you tried it in a sandbox?
16:05 oleonard Testing on master, not in a sandbox
16:05 ashimema joined #koha
16:05 khall oleonard: anything show up in your error log?
16:06 khall does it save the restriction, just without the date?
16:07 oleonard The only error looks unrelated: Use of uninitialized value $_ in hash element at members/ line 825
16:07 oleonard It saves the restriction without the date
16:10 khall oleonard: it seems to be working fine in a sandbox as well:[…]borrowernumber=19
16:10 khall user/pass: test/test
16:11 khall oleonard: yes, that error is indeed unrelated. I'm not sure where to go from here. I can't reproduce your problem!
16:14 Barrc joined #koha
16:15 oleonard Wait here's something else: Use of uninitialized value in concatenation (.) or string at /intranet-tmpl/prog/en/inclu​des/ line 46
16:29 Shane-S joined #koha
16:31 Shane-S Hi all, weird issue, my server was down, and when I SSH'ed in, it was so slow it timed out my login, luckily its a VM, so I connected to the machine's terminal through VMWare, to be greeted with out of memory errors and in the ()
16:31 Shane-S any idea what could cause that? I just ran a sudo apt-get update / upgrade in the event of any patches fixing that
16:31 Shane-S I also upped the memory from 2Gb to 4Gb
16:32 Shane-S I had to hard-reboot, as the console wouldn't even give me a prompt to type at
16:33 cait oleonard: is it a new user? no previous restrictions? maybe there is some difference between the users you are both testing with?
16:33 cait dateformat syspref?
16:33 oleonard Tried multiple dateformat sysprefs
16:33 oleonard Did you test it successfully cait?
16:34 cait can't right now :(
16:34 cait only later, i was waiting for a sign off so i coudl do qa - but can only try to reproduce a little later
16:36 rambutan left #koha
16:40 rangi right since someone 0dayed us on the main koha list
16:40 cait 0dayed?
16:40 rangi can someone please sign off bug 11307
16:40 cait oh right,... the security thing :(
16:40 huginn Bug[…]_bug.cgi?id=11307 critical, P5 - low, ---, oleonard, Needs Signoff , Potential XSS attack vector in opac rss feed
16:40 cait why are you awake?
16:40 rangi its not as bad as it seems
16:40 rangi security mails make my computer beep
16:41 oleonard A bug so nice they reported it twice
16:41 rangi its only in the the rss
16:41 cait your computer wakes you up for security issues?
16:41 rangi and cant easily be exploited
16:41 rangi but its simple to stop so i have
16:41 rangi it should take you about 2 mins to test :)
16:45 rangi cait: if i left it on, yep it does on certain mailing lists
16:46 oleonard I must leave, so maybe someone can submit a follow-up for the Bootstrap theme?
16:46 reiveune bye
16:46 reiveune left #koha
16:51 Shane-S would adding "alt" text to the Koha link (where it says "Powered by Koha") like Koha v3.X.X work and be hard to do to check your version at a glance?
16:51 mtompset is someone signing it off, or shall I?
16:51 cait rangi: going to qa now
16:51 cait hope i can get search working on the dev env but it might work without
16:52 rangi mtompset: if you could that would be great
16:53 rangi bootstrap patch attached too
16:54 cait ah , thought oleonard had signed off, waiting for you mtompset
16:54 cait fixing my search
16:54 rangi @later tell gmcharlt bug 11307
16:54 huginn rangi: The operation succeeded.
16:55 gmcharlt rangi: noted
16:56 mtompset Hmmm...
16:56 mtompset I was only expecting one attachment.
16:57 * mtompset laughs.
16:58 mtompset Okay... patch works according to test plan.
16:58 mtompset Now to sign this sucker off.
16:59 nengard left #koha
16:59 mtompset This is the part that is annoyingly complex.
16:59 rangi im not sure that you can actually do xss with it
16:59 rangi but displaying unescaped user input is never a good idea
17:00 rangi so fixing it cant hurt
17:00 * mtompset agrees.
17:00 mtompset okay... so how do I attach the two patches and not just the one patch?
17:00 mtompset git so 2. done. git bz attach what?
17:01 rangi i attach a patch at a time
17:01 rangi so HEAD^
17:01 rangi and then HEAD
17:03 ashimema If I'd have spotted this a few minute earlier... was just testing that patch ;)  All your though mtopmset as seems your slightly ahead of me
17:04 cait ashimema: coudl you do qa?
17:05 cait i have really problems with apache and that installation i have here at work
17:05 ashimema sure
17:05 cait i have to sort that out first or go home and test there
17:05 mtompset Oops... need to test bootstrap.
17:07 gmcharlt rangi: yeah, I don't think it's worth cutting a special security release
17:07 rangi me either
17:07 rangi however
17:07 gmcharlt also, you can do ranges with git bz
17:07 rangi we should use this to write a responsible disclosure page
17:07 rangi and send that
17:07 gmcharlt git bz attach -e 12345 HEAD^^^..HEAD
17:07 rangi cos sending potential security issues to the main list = not the best
17:08 ashimema so mtompset.. did you test bootstrap in the end or not?
17:08 mtompset Just finished.
17:09 rangi thanks mtompset
17:09 ashimema brill.. I'll go ahead and qa it as requested
17:09 mtompset YUCK! It's much more visible in the bootstrap.
17:10 mtompset Don't even need to look at page source.
17:14 rangi i think the whole rss is kinda busted in bootstrap
17:14 rangi but thats a different problem
17:15 mtompset True.
17:17 rangi fixed that too now :)
17:20 rangi bug 11308
17:20 huginn Bug[…]_bug.cgi?id=11308 normal, P5 - low, ---, oleonard, Needs Signoff , RSS feed is slightly broken in bootstrap theme
17:24 ashimema I tihnk I can still see the security issue in the bootstrap patch rangi..
17:26 rangi i must admit i didnt test bootstrap side very thoroughly, its not escaping the html?
17:26 rangi i see <opensearch:itemsPerPage>50&quot;'&lt;h1&gt​;test&lt;/h1&gt;</opensearch:itemsPerPage>
17:27 ashimema one sec.. just rechecking the patch actually applied
17:28 ashimema ooh.. It's chrome being overly clever..
17:28 rangi make sure you check the source, cos without patch 11308 it does weird things anyway
17:29 rambutan joined #koha
17:29 rangi if you apply 11308 first, then it, it behaves more like prog theme :)
17:29 ashimema I was viewing the source but via chrome's developer panel.. if you view source manually then it works out fine.
17:29 rangi ah sweet
17:30 ashimema I'm hapy now.. will throw the qa scripts at it just for good habbit.. but I'm doubting they'll throw any nasties.
17:30 rangi thanks
17:30 rangi and now its time for me to actually wake up
17:30 rangi bbiab
17:31 rambutan do libraries that use patron images generally require them of all card holders, adults only, youth only, or something else?
17:32 Shane-S rambutan: cippa laws in the USA might restrict the youth photos
17:34 Shane-S sorry CIPA:[…]et-protection-act (not sure if it applies at all, but can't hurt to check)
17:34 rambutan well, I wouldn't think cipa would apply to the data the library holds on the child, after all, we have name, address, DOB, etc.
17:34 rambutan CIPA addresses Internet access
17:36 Shane-S Yeah...we also have other laws to consider here, as a school. We can't hold any student demographics on an unsecured server that is connected to the internet
17:36 * cait should be home already
17:36 cait bye all
17:36 cait left #koha
17:38 rambutan Shane-S: what constitutes "unsecured"? Where are you located?
17:40 rambutan Anybody know offhand if SIP can pull patron images? (I would guess not).
17:41 druthb I would think not; that would increase the size of the SIP message beyond its' limit, even for a small image.
17:41 laurence1 joined #koha
17:42 rambutan humm, pull via API?
17:43 druthb that, maybe, or put a link to it in the SIP message.  but it sounds like a @quote get 123 to me..  why would you want to?
17:43 rambutan OK, glad you asked!
17:44 rambutan So our staff has problems with kids using each other's library cards or their parents cards for internet access...
17:44 druthb ah…so when they come to reserve, you'd like to see the pic, like you can at the circ desk.
17:44 rambutan and we're writing our own PAC. So in doing so we're discussing how nice it would be for staff to be able to click on the library card of a logged in user....
17:45 rambutan and pull their ILS info, like name, age, etc, so see if a patron that appears to be 11 y.o. is using a card issued to a 41 y.o.
17:46 rambutan and the logic extension of that would be to pull their image from the ILS to help confirm their credentials
17:46 Shane-S rambutan: that we don't use SSL/HTTPS connections to the server. As I read the laws we have the server must carry a valid encryption certificate, which I don't do/need.
17:47 Shane-S I am located in NJ, and we have a Student Information Privacy & Protection Act
17:47 druthb That actually makes some sense, rambutan.  You'd have to do some sort of API treachery, since it's stored in the database, and not just a file you could link to.
17:48 rambutan yea, schools have lots of stuff they have to do. I probably couldn't put up with it.
17:48 druthb Shane-S:  Why on earth would you *not* spend the $20 or so to get a certificate?  It's really cheap protection for every patron you have.
17:49 Shane-S druthb: because the librarian doesn't even use the patron online access. Since you can't identify someone via a name (all we have in the system) no need for the expense.
17:49 Shane-S druthb: The server is also behind a Firewall and Reverse Proxy
17:49 wahanui okay, Shane-S.
17:50 laurence joined #koha
17:50 laurence left #koha
17:50 druthb Fair 'nuf.  If there's absolutely no way for anyone to access it —at all— that shouldn't be, then you're probably okay without a certificate.  But if I found a domain name, could I get to an OPAC or staff interface from where I am?
17:52 druthb (If the answer is yes, then more attention to security is needed.)
17:52 Barrc left #koha
17:52 Shane-S druthb: yep, and your login would not be encrypted
17:52 Shane-S so I could get it with wireshark or other tools
17:52 druthb *shudder*.  Then someone else could sniff my login, and get at my library records.  Not cool.
17:54 rambutan StartSSL offers free certificates for non-commercial use. I understand EFF uses them.
17:54 druthb I'll amend my prior statement, based on what I've learned about security on my current job.  If your Koha system is running, and the server has a wire plugged into the network interface, and COUNT(SELECT * FROM borrowers) > 0, then you need SSL, at least.
17:55 druthb (I'm not even the most-paranoid person associated with our security team.  Not even close.)
17:56 Shane-S druthb: I am not arguing the point, we just never has any "outside" log ins right now. I had planned on it, but it was too much for my 60yr old librarian used to 1 station to process/handle
17:58 Shane-S So I never persued securing it beyond only allowing 80/8080 and 23 access
17:58 druthb Just because the librarian doesn't log in from outside, doesn't mean that the bad guys aren't.  If they can, and they want to, they will.    And 23?  *shudder*
17:59 Shane-S sorry 22
17:59 druthb good.
18:01 Shane-S I also have to purchase a static IP for SSL do I not?
18:01 druthb Usually, yes.
18:01 Shane-S yeah, no static IP here, I just refresh the DNS record with the new IP as it is issued
18:02 jatara joined #koha
18:02 druthb ugh
18:09 yhager joined #koha
18:14 cait joined #koha
18:15 * cait waves
18:15 druthb hi, cait!
18:16 cait hi druthb :)
18:18 mtompset We use StartSSL certificates. :)
18:19 mtompset And I've made our Koha run on HTTPS via apache tweaks.
18:21 mtompset We used to have a proxy server which would map our HTTPS requests to HTTP requests when it sent it to the Koha VM, but since we are in the midst of switching providers, I've thrown out the proxy server part, and just done straight HTTPS.
18:21 druthb One less (insecure) moving part is a Good Thing.
18:21 fredy joined #koha
18:22 jenkins_koha Starting build #1525 for job Koha_master (previous build: SUCCESS)
18:22 rangi yeah, our default stance is https everything
18:23 rangi ashimema++
18:23 rangi mtompset++
18:23 rangi gmcharlt++
18:24 rangi 1 hour 20mins, from patch to pushed
18:24 cait all hours are https too, both staff and opac
18:24 cait all of our koha installations...
18:24 rangi yep, all our new ones are, and we are retrofitting our old ones
18:25 rangi no real reason not to these days
18:25 rangi for everything
18:25 mtompset So why don't we get Koha to install that way by default?
18:25 rangi pretty much cant
18:25 gmcharlt there's the little problem that proper certs cost money
18:26 rangi and that they can be anywhere
18:26 ebegin joined #koha
18:26 mtompset oh right. :(
18:26 rangi however we should strongly recommend
18:26 rangi that people do it
18:26 ebegin Hi everyone, Is down ?
18:26 huginn New commit(s) kohagit: Bug 11307: (follow-up) apply fix to bootstrap theme (master and 3.14.x only) <[…]a647e8fdaa2d20772> / Bug 11307: Fix potential XSS attack in public catalog RSS feed <[…]e2780d4171c00e4ee>
18:27 rambutan no
18:27 rangi ebegin: not for me
18:27 ebegin rangi, hmmm, mtompset, can you access ?
18:27 mtompset http://www.downforeveryoneorju[…]
18:28 mtompset
18:28 wahanui hmmm... is actually updated and right
18:29 rambutan wahanui: did you actually check, or are you just saying that?
18:29 wahanui i haven't a clue, rambutan
18:29 rambutan time for lunch
18:32 ebegin thanks guys. I'll check why
18:33 jenkins_koha Starting build #237 for job master_maria (previous build: SUCCESS)
18:37 cait rangi++ mtompset++ ashimema++ gmcharlt++
18:37 mtompset I'm looking at the followup bug 11308
18:37 cait and apache-- again
18:37 huginn Bug[…]_bug.cgi?id=11308 normal, P5 - low, ---, oleonard, Needs Signoff , RSS feed is slightly broken in bootstrap theme
18:40 yhager_ joined #koha
18:42 mtompset It is now signed off, if anyone wants to QA it. ;)
18:42 cait maybe later, i need to rest my head for a bit
18:47 Shane-S where does koha-dump dump the files?
18:48 rangi /var/spool/koha/instancename/
18:48 Shane-S ty
18:48 rangi there will be a .sql.gz which is the db
18:48 rangi and a tar
18:48 rangi which is the code and config
18:49 Shane-S alright, about time I got a backup :)
18:49 rangi (or just the config actually, the code is all in the .db :-))
18:53 rangi deb even
18:54 nengard joined #koha
18:56 druthb shhh…gotta quit talking about nengard..she's here.
18:56 nengard hmmmm
18:56 nengard :p
19:13 fredy joined #koha
19:27 jenkins_koha Project master_maria build #237: SUCCESS in 53 min: http://jenkins.koha-community.[…]master_maria/237/
19:27 jenkins_koha * Chris Cormack: Bug 11307: Fix potential XSS attack in public catalog RSS feed
19:27 jenkins_koha * Chris Cormack: Bug 11307: (follow-up) apply fix to bootstrap theme (master and 3.14.x only)
19:27 huginn Bug[…]_bug.cgi?id=11307 critical, P5 - low, ---, oleonard, Pushed to Master , Potential XSS attack vector in opac rss feed
19:28 rambutan joined #koha
19:32 nengard joined #koha
19:37 busla joined #koha
19:46 mtompset_ joined #koha
19:46 mtompset blip? Okay.
19:49 mtompset_ joined #koha
19:50 mtompset blip again? I blame Bell Canada. :P
19:53 mtompset_ joined #koha
19:53 mtompset Well, this is crazy. Off to hunt the problem down.
20:13 wizzyrea and actually, has been pretty quiet for days now.
20:21 jenkins_koha Project Koha_master build #1525: SUCCESS in 2 hr 1 min: http://jenkins.koha-community.[…]Koha_master/1525/
20:21 jenkins_koha * Chris Cormack: Bug 11307: Fix potential XSS attack in public catalog RSS feed
20:21 jenkins_koha * Chris Cormack: Bug 11307: (follow-up) apply fix to bootstrap theme (master and 3.14.x only)
20:21 huginn Bug[…]_bug.cgi?id=11307 critical, P5 - low, ---, oleonard, Pushed to Master , Potential XSS attack vector in opac rss feed
20:37 rangi oops
20:37 rangi i dont think that mail was supposed to go to the list
20:45 rambutan ^eyebrows^
20:46 nengard nope ... i think not
20:48 gmcharlt this is why I contract with the New York Times for my missives to be published on the front page every day
20:48 gmcharlt ;)
20:48 rangi heh
20:49 meliss joined #koha
20:51 gmcharlt just in one-point type up in the corner, which is why you've never noticed it
20:52 rangi apparently there was a full page add in the NYT about the nz rugby team
20:52 rangi ad even
20:52 wizzyrea \o/
20:58 mtompset joined #koha
20:59 mtompset Greetings, #koha.
20:59 mtompset date formatting and handling is a pain to trace.
21:04 nengard is there a way to do a marc export from the command line? for some reason the GUI tool isn't getting me everything
21:06 jcamins tools/ --format=marc --record-type=bibs --filename=/my/export/file
21:06 * magnuse pokes his head in - in german
21:07 nengard thanks jcamins
21:07 rangi heh
21:08 magnuse rangi: here's a tiny poc of converting marc to rdf with catmandu:
21:08 rangi awesome you could totally fork my repo and change it to do that :)
21:09 * cait waves at magnuse
21:09 rangi
21:09 cait magnuse: how is it going?
21:09 rangi :)
21:09 magnuse rangi: i'll see how exciting the talks tomorrow are :-)
21:10 magnuse cait: all good :-)
21:10 rangi :)
21:10 rangi
21:10 rangi ive almost got the claiming thing working (click on a bug)
21:11 magnuse looks like Catmandu::Importer::MARC can only read from a file, though. or i'm missing something
21:11 rangi ill finish that tonight i hope (thats all bugs needing signoff)
21:11 rangi magnuse: a file is just a special pipe :)
21:12 rangi Create a new MARC importer for $filename. Use STDIN when no filename is given
21:12 magnuse ah, ok
21:12 rangi i reckon we can get round that
21:13 rangi maybe we could even send a patch to allow file=> or blob=>
21:13 rangi then fall back to STDIN
21:13 rangi just to make it a bit nicer
21:13 magnuse yeah, please feel free to do that ;-)
21:14 rangi :)
21:15 magnuse sounds like that is a bit above my level of incompetence
21:16 rangi ill file an issue and offer to do a patch if its a feature they want to add
21:17 rangi sometime
21:17 rangi :)
21:17 magnuse yay!
21:19 magnuse weird, it looks like issues and comments are turned off on
21:20 magnuse metacpan seems to point to[…]ame=Catmandu-MARC
21:58 mtompset_ joined #koha
21:59 mtompset Well, I think that's the signal to go.
21:59 jcamins Huh. Apparently nginx's license changed, and they pulled an Oracle?
21:59 cait ugh?
21:59 cait and hi jcamins
22:00 magnuse oh noes?
22:00 mtompset Have a great day, #koha. I tested and signed off bug 11038 for you, rangi.
22:00 huginn Bug[…]_bug.cgi?id=11038 normal, P5 - low, ---, oleonard, ASSIGNED , Enable use of IntranetUserCSS and intranetcolorstylesheet on staff client login page
22:00 jcamins magnuse: yeah.
22:01 mtompset Oops.. bug 11308
22:01 huginn Bug[…]_bug.cgi?id=11308 normal, P5 - low, ---, oleonard, Signed Off , RSS feed is slightly broken in bootstrap theme
22:01 nengard left #koha
22:07 eythian hi
22:08 cait hi eythian :)
22:09 eythian hello cait
22:09 wahanui hello cait are you here?
22:17 cait good night all :)
22:17 eythian bye cait
22:18 cait left #koha
22:20 magnuse guten nacht, #koha
22:40 yhager joined #koha
23:04 papa joined #koha

| Channels | #koha index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary