IRC log for #koha, 2009-07-17

All times shown according to UTC.

Time S Nick Message
12:03 |Lupin| have to run
12:03 |Lupin| bye everybody
12:03 ebegin bye |Lupin|
12:03 chris by |Lupin|
12:03 Amit bye lupin
12:07 chris ok i should get some sleep
12:07 Amit good night chris
12:08 ebegin see you later chris...
12:08 marijana hello, I installe Koha accoridng instructions on opensuse 11.0. I caqnnot start web installer. hmm. where may be an issue?
12:09 ebegin marijana, can you descript what you get when you connect to your address?
12:09 ebegin descript = describe
12:10 marijana ebegin: when I type I got only bkank page. when I type I got: It works!
12:12 ebegin Did you use the Standard install mode?
12:12 ebegin what do you get when you type
12:14 marijana I got: It works!
12:14 ebegin So it works... :) kidding
12:15 Amit hi marijana
12:15 ebegin alright.  Is is your local machine?
12:16 marijana Amit: hi
12:16 marijana when I type my address now it says that it cannot find
12:17 marijana ebegin: I found out that my Ip is
12:17 ebegin Oh, that is something else.  There was a thread on that lately.  If you google on "Koha ZOOM", you should find something helpful.
12:17 marijana when I type: I got message that it cannot find
12:18 ebegin marijana, ok.  that is a great start.
12:18 marijana I am repeating now in cpan to install ZOOM, waiting for final output
12:20 marijana
12:22 ebegin did you got any error when you installed ZOOM?
12:23 marijana
12:23 marijana should I do force install?
12:24 ebegin marijana, ok, something went wrong during the install.  Do you have the full install log?
12:25 marijana I will putr it on pastebin
12:25 marijana
12:26 gmcharlt marijana: based on those messages, I think a force install should be safe
12:27 gmcharlt they have to do with connecting to remote servers during the test suite
12:28 marijana ok I will do force install now
12:35 marijana please check this now:
12:36 ebegin looks ok.  Can you access now?
12:36 marijana do I have to do again make install etc.?
12:36 ebegin nope
12:36 marijana production mode - trapped fatal error
12:37 marijana that is what I got after
12:39 ebegin Do you have something in koha's log file?
12:39 marijana ebegin: where I can find it?
12:40 ebegin /var/log/koha on the standard install
12:40 ebegin koha-error_log probably
12:41 marijana ebegin: file is empty 0 bytes
12:43 ebegin can you try to install CGI::Session::Serialize::yaml
12:44 ebegin Here is a thread that may help you
12:45 marijana ebegin I will do that now
12:48 marijana shoudl I install again Zoom...?
12:48 ebegin nope
12:48 marijana ebegin: should I try again to start web installer?
12:48 ebegin yes
12:50 ebegin marijana, is it working?
12:50 marijana ebegin: finishing CGI:... installation
12:50 ebegin ok :)
12:52 marijana production mode - trapped fatal error
12:52 marijana again
12:53 ebegin any error during the CGI::Session... install?
12:56 marijana
12:58 ebegin Ok.  There was problem with some test so it wasn't install, but again, it should be ok to force the install
12:58 marijana ok I will do force install
13:00 marijana should I do again ZOOM or something else before doing web install
13:00 marijana production mode - trapped fatal error
13:01 ebegin anything in your /var/log/koha/koha-error_log file?
13:02 ebegin Are you sure this is the right log?  You can check the log file in your /etc/koha-conf.xml file
13:03 marijana this is after force installing CGI...
13:03 marijana ebegin: error log files are still empty
13:05 ebegin looks like you didn't paste the whole log in your last pastebin
13:07 marijana ebegin: I will check again. I sthat regarding force install of CGI::Session...?
13:07 ebegin yes
13:09 marijana
13:13 ebegin marijana, I just read that you need to reinstall CGI::Session.
13:14 ebegin Actually, here is the message I just found that may help you[…]-2-p17307900.html
13:15 marijana should I install again CGI:Session::Serialize::yaml ?
13:15 ebegin No, just CGI::Session.
13:16 marijana should I try again web installer
13:17 marijana web installer started, I will complete web istallation now , you deserve a big cold beer :))
13:22 mahesh hello
13:23 mahesh i have small problem with koha
13:24 mahesh add item giving a blank page with out any data entry fields
13:24 marijana ebegin: it is 3.24PM here
13:24 ebegin marijana, where are you?
13:25 marijana ebegin: Belgrade, serbia
13:29 marijana ebegin: got this message during web install
13:30 ebegin which database are you using?
13:30 marijana mysql
13:30 marijana shoul I alwys login as kohaadmin during web install?\
13:31 ebegin yep
13:32 ebegin marijana, it seems that you hard drive partition is full...
13:33 marijana ebegin: OK, I will remove something now, wait a second
13:39 marijana ebegin:
13:39 marijana ebegin: again problem with space?
13:40 ebegin looks like this, yes.
13:47 marijana it is installed now
13:48 ebegin Congratulation marijana and welcome to the Koha community!
13:48 marijana ebegin: thanks :))
13:49 marijana brb
13:49 gmcharlt marijana: indeed, congrats and welcome
13:50 marijana :))
13:52 marijana brb
14:06 vedran ebegin: I am colleague of marijana., she is grateful for your help.  I helped her to install KOHA. I installed it on 2 more machines in our school
14:07 vedran ebegin: I have to go now. we shall be in touch
14:07 ebegin I'm glad that I was helpful!
14:07 vedran cya
14:07 ebegin bbye
14:07 vedran ebegin: indeed, very helpfu
14:07 vedran :)
14:07 vedran bye
15:01 cato Hello All; I'm trying to get Koha 3.x to run on CentOS - I was wondering if anyone knows of a guide to do this
15:03 jdavidb cato:  I've not done any CentOS work..I rather doubt others have done much, since there's not an install guide already in the kit.  Might be a good way to start one!  :)
15:04 cato Okay - thanks for letting me know!
15:05 jdavidb Sure thing!  Sorry I'm not more help.  :P
15:05 cato What does Koha use Zebra for? And is it needed?
15:07 jdavidb You don't strictly *have* to use Zebra, but if you're loading many records at all, it's a very good thing.  Zebra is a really good indexing engine.  If you try to let MySQL do that by loading without Zebra, performance suffers greatly.
15:07 jdavidb (For very small collections, works fine...but there is a very harsh scalability limit.)
15:09 cato Oh that makes sense - I was looking at Zerbra - the GNU routing software..
15:10 jdavidb heh.  Spelling counts.  :)
15:10 cato So does reading :)
15:10 cato Thanks for the help
15:12 jdavidb And on Debian, anyway, it's just about an idiot-proof install.  No need to compile from source or any of that rot.
15:12 cato Cool. Thanks for letting me know
15:12 ebegin And I'm also doubt about the level of maintenance of Koha no-zebra... maybe I'm wrong about that though...
15:14 ebegin If it's possible, switch to debian.  A lot of people run Koha on debian, this make the install and support easier.
15:14 ebegin :)
15:14 jdavidb ebegin: for the installs I've been involved with, I'm the idiot to protect against, so an idiot-proof install is important to me.
15:15 jdavidb Oh, absolutely!  Lots more on Debian than anything else.  Most on Etch, but there's a really good Lenny install guide out now.  
15:24 gmcharlt about to hit the road
15:24 gmcharlt talk to you all later
15:25 ebegin @wunder washington DC
15:25 munin ebegin: The current temperature in Eckington Pl, NE, Washington, District of Columbia is 29.7°C (11:24 AM EDT on July 16, 2009). Conditions: Mostly Cloudy. Humidity: 55%. Dew Point: 20.0°C. Pressure: 29.85 in 1010.7 hPa (Steady).
15:25 ebegin @wunder montreal quebec
15:25 munin ebegin: The current temperature in Montreal, Quebec is 18.0°C (11:00 AM EDT on July 16, 2009). Conditions: Light Rain Showers. Humidity: 83%. Dew Point: 15.0°C. Pressure: 29.75 in 1007 hPa (Falling).
15:25 kf @wunder Konstanz
15:25 munin kf: The current temperature in Konstanz, Germany is 28.0°C (5:00 PM CEST on July 16, 2009). Conditions: Scattered Clouds. Humidity: 40%. Dew Point: 17.0°C. Pressure: 30.06 in 1018 hPa (Falling).
15:26 jdavidb @wunder bethesda md
15:26 munin jdavidb: The current temperature in WRC-Tenlytown, Washington, District of Columbia is 30.0°C (11:26 AM EDT on July 16, 2009). Conditions: Mostly Cloudy. Humidity: 62%. Dew Point: 22.0°C. Pressure: 29.98 in 1015.1 hPa (Steady).
16:31 joetho @wunder kansas city kansas
16:31 munin joetho: The current temperature in N 18th and State (near), Kansas City, Kansas is 27.4°C (11:30 AM CDT on July 16, 2009). Conditions: Partly Cloudy. Humidity: 42%. Dew Point: 13.0°C. Pressure: 30.02 in 1016.5 hPa (Rising).
16:32 joetho @wunder iola kansas
16:32 munin joetho: The current temperature in Casa Bravo, Chanute, Kansas is 30.4°C (11:32 AM CDT on July 16, 2009). Conditions: Clear. Humidity: 54%. Dew Point: 20.0°C. Pressure: 30.03 in 1016.8 hPa (Rising).
16:32 jdavidb @wunder Abilene, TX
16:32 munin jdavidb: The current temperature in Heritage Parks, 3.7 Mi NE, Abilene, Texas is 35.6°C (11:31 AM CDT on July 16, 2009). Conditions: Clear. Humidity: 37%. Dew Point: 19.0°C. Pressure: 29.98 in 1015.1 hPa (Falling).
16:35 joetho @wunder my kitchen
16:35 munin joetho: Error: No such location could be found.
16:36 joetho @ wunder place where everyone loves me
16:36 munin joetho: Error: No such location could be found.
16:36 joetho ha ha ha ha
16:37 moodaepo @wunder 10036
16:37 munin moodaepo: The current temperature in Hunter College, Upper East Side, New York, New York is 28.0°C (12:36 PM EDT on July 16, 2009). Conditions: Clear. Humidity: 53%. Dew Point: 18.0°C. Pressure: 29.19 in 988.4 hPa (Falling).
16:37 moodaepo hmm I thought it was supposed to be Hell's Kitchen
16:38 moodaepo @wunder Hell's Kitchen
16:38 munin moodaepo: Error: No such location could be found.
16:38 jdavidb @wunder Black Rock City
16:38 munin jdavidb: The current temperature in APRSWXNET Gerlach NV US, Gerlach, Nevada is 26.1°C (9:13 AM PDT on July 16, 2009). Conditions: Clear. Humidity: 22%. Dew Point: 3.0°C. Pressure: 29.83 in 1010.0 hPa (Rising).
16:38 jdavidb I'll be switched.
16:39 ebegin @wunder neverland
16:39 munin ebegin: Error: No such location could be found.
16:40 ebegin @wunder where Kate, Jack, Lock, Saywer are...
16:40 munin ebegin: Error: No such location could be found.
16:40 ebegin ;)
16:41 moodaepo @wunder 99705
16:41 munin moodaepo: The current temperature in Tombur Subdivision, North Pole, Alaska is 9.2°C (8:41 AM AKDT on July 16, 2009). Conditions: Fog. Humidity: 90%. Dew Point: 8.0°C. Windchill: 9.0°C. Pressure: 30.06 in 1017.8 hPa (Rising). Dense fog advisory in effect until 8 am akdt this morning...
16:41 moodaepo @wunder North Pole
16:41 munin moodaepo: Error: No such location could be found.
16:42 moodaepo aargh enough playing around
16:42 moodaepo : )
16:42 ebegin @wunder H0H 0H0
16:42 munin ebegin: Error: No such location could be found.
16:42 ebegin @wunder H0H0H0
16:42 munin ebegin: Error: No such location could be found.
16:42 ebegin @wunder H1X3M1
16:42 munin ebegin: The current temperature in NDG, Montréal, Quebec is 23.5°C (12:41 PM EDT on July 16, 2009). Conditions: Light Rain. Humidity: 62%. Dew Point: 16.0°C. Pressure: 29.62 in 1002.9 hPa (Steady).
16:42 Snow_Fox RHCL: Look out another storm band is headingyour way, love Kansas
16:44 Snow_Fox heya Piano
16:44 pianohacker Hi, snow
16:47 jdavidb Howdy, pianohacker!  :)
16:52 pianohacker Hallo
19:48 dipanjan who is the CPAN owning user for koha 3.0.3?
19:49 pianohacker dipanjan: I don't think Koha is distributed as a CPAN module. There's a CPAN bundle, with all of Koha's dependencies, but I don't know if that's being actively maintained
19:50 owen dipanjan: Is your question about who is Release Manager for 3.0.3?
19:51 dipanjan pianohacker: when i run the file that came bundled in the koha 3.0.3 tar ball, it says:  Run this as the CPAN-owning user (usually root) with:
19:51 dipanjan   perl ./ path/to/koha.tgz
19:51 pianohacker Ahh, okay
19:51 pianohacker What that means, is "run this command as a user that has the rights to install CPAN modules"
19:51 pianohacker That will almost certainly be root
19:51 wizzyrea so, root
19:51 wizzyrea or sudo
19:51 dipanjan pianohacker: i tried root. it didn't run
19:51 pianohacker dipanjan: So you ran the above command with su or sudo at the front?
19:51 pianohacker What happened?
19:51 wizzyrea (dipanjan: I've had the same problem. never fixed it. installed by hand)
19:52 dipanjan pianohacker: i did su root
19:52 dipanjan pianohacker: keyed in my password
19:52 dipanjan pianohacker: and ./
19:52 dipanjan pianohacker: didn't work
19:52 pianohacker What error occurred?
19:53 dipanjan pianohacker: it displayed a message:
19:53 dipanjan Run this as the CPAN-owning user (usually root) with:
19:53 dipanjan   perl ./ path/to/koha.tgz
19:53 dipanjan i am using Fedora 10
19:54 pianohacker I think what it's asking for is for you to give the path to your koha tarball
19:54 pianohacker So, if your tarball is at ../koha-3.0.3.tar.gz
19:54 pianohacker You would run
19:55 pianohacker perl ./ ../koha-3.0.3.tar.gz
19:55 wizzyrea interesting, why the unzipped tarball?
19:55 wizzyrea (this part flummoxed me several times as well, I finally gave up on it)
19:55 dipanjan pianohacker: but the tarball is untarred
19:55 wizzyrea er, why not the unzipped tarball
19:55 dipanjan pianohacker: the was inside the packege
19:55 pianohacker dipanjan: <shrug> I think this step still wants your original zipped tarball
19:56 dipanjan pianohacker: i will try. and come back
19:56 wizzyrea :)
19:56 pianohacker From who? dipanjan, or me?
19:56 wizzyrea all of the above :)
19:56 dipanjan :)
19:57 paul_p hello world.
19:57 ebegin hi paul!
19:57 wizzyrea heya paul_p
19:57 pianohacker Heh. Installing Koha is my least favorite part of using it by far, and it's _improved_ since 2.2
19:57 pianohacker Heya, paul
19:57 paul_p hi pianohacker/jesse
19:57 paul_p hi ebegin
19:57 paul_p hello america in fact ;-)
19:57 pianohacker It's only 8:00 in your part of the world, what are you doing here?
19:57 pianohacker Too early
19:58 paul_p pianohacker: ??? it's not 8, it's 10PM !
19:58 owen paul_p: Dubbed?
19:58 paul_p (you're mixing with chris ;-) )
19:58 paul_p hello owen
19:58 pianohacker timezones--
19:59 pianohacker I guess for some reason I thought you were on GMT time
19:59 dipanjan pianohacker: something seems to have happened. i will get back when i figure out what :)
19:59 paul_p it's probably strange for an english speaking guy, I agree
20:00 pianohacker dipanjan: Famous last words, but good luck
20:00 dipanjan pianohacker: :)
20:01 wizzyrea @quote add <dipanjan>something seems to have happened. i will get back when i figure out what :)
20:01 munin wizzyrea: Error: You must be registered to use this command. If you are already registered, you must either identify (using the identify command) or add a hostmask matching your current hostmask (using the "hostmask add" command).
20:01 wizzyrea noooooo
20:01 wizzyrea identification fail!
20:05 owen What's @quote do?
20:06 pianohacker owen: Adds a quote (a la to munin's quote database
20:06 pianohacker @quote random
20:06 munin pianohacker: Quote #8: "< wizzyrea> in my experience the transition to koha is much harder for libraries that are already automated" (added by pianohacker at 05:57 PM, June 19, 2009)
20:07 owen I didn't realize I had to be pithy enough for posterity.
20:08 wizzyrea hey, being witty is hard work
20:09 pianohacker Talking in soundbites isn't as hard as you might think
20:15 wizzyrea owen++
20:15 wizzyrea love what you did with the items table
20:15 wizzyrea that is h a w t
20:16 owen Thanks!
20:17 owen Here's the example if anyone else is interested:[…]m-2009-07-15.html
20:17 owen Click any cell in the table of items to get a little edit/delete menu, useful when you've scrolled all the way to the right
20:17 owen I talk about it here:
20:18 wizzyrea yea that is sweeeeet
20:18 wizzyrea I approve
20:18 wizzyrea i see what you mean about the confusion though
20:19 pianohacker Oh-hoh, that's very nice. Perhaps change the links to "_Edit_ / _Delete_ item"?
20:20 wizzyrea or "Edit Item / Delete Item
20:20 wizzyrea "
20:20 wizzyrea so it's always right there
20:20 wizzyrea what you are doing
20:20 pianohacker wizzyrea: That is clearer, but you're working with pretty limited space
20:20 wizzyrea true
20:21 owen Although what the hell, once you're clicking it probably doesn't much matter if you take up a little more space
20:22 owen One thing I didn't mention in the blog post was how to handle making the menu go away completely. Right now my script doesn't handle it
20:22 joetho This is something we are considering sponsoring
20:22 joetho I mean, not you PERSONALLY,
20:23 wizzyrea it would be even MORE awesome if you could just edit the item there
20:23 joetho but adding a button here or there to reduce scrolloing
20:23 wizzyrea but harder I'm sure
20:23 pianohacker Click-to-edit?
20:23 wizzyrea yessir
20:23 owen Yeah, there's all kinds of Ajaxy stuff that'd be cool to do.
20:23 pianohacker I actually implemented something like that for Circulation and fines rules, but it's been stuck, along with ajaxcirc, in review purgatory for a while
20:24 joetho Never had this with sirsi dynix.
20:24 wizzyrea we'd make slef angry though
20:24 wizzyrea :P
20:24 wizzyrea re: ajax happiness
20:24 wizzyrea "angry..." we'd get a talking at
20:24 wizzyrea anyway
20:24 owen There's already been a complaint about the staff client being "littered" with Ajax calls.
20:24 pianohacker I don't think the page works without javascript
20:25 atz one i totally refuted, for the record
20:25 pianohacker This is 200_9_, for god's sake
20:25 owen Yeah, atz++
20:25 pianohacker My dinky little palm smartphone supports some javascript
20:25 wizzyrea I can appreciate that people with disabilities will need to be able to use it
20:25 wizzyrea but it might be better to have a separate template for that?
20:26 wizzyrea 1. for speed and 2. for accommodating people with disabilities
20:26 atz ppl who just see the web side don't really get how much mechanics there are underneath... how many template files have to get included, javascript files, css files
20:26 pianohacker Maybe. tbh, I think some library might have to get some legal rumblings before that gets sponsored though
20:26 wizzyrea I think you could probably sell it as the "super fast koha interface"
20:27 wizzyrea kind of minimalist
20:27 atz let alone the ornate process of H:T:P generation and authentication... autopopulation
20:27 owen I think that was the telnet interface in 1.0 ;)
20:27 pianohacker See? We just need to bring back the telnet interface
20:27 atz pianohacker: we already have it... it's called SIP
20:27 wizzyrea well there you go
20:27 wizzyrea all koha problems solved
20:28 wizzyrea actually...
20:28 wizzyrea atz, that's not a bad idea
20:28 atz all you have to do is learn 46 numerically coded messages and all their subfields
20:28 wizzyrea yay
20:28 pianohacker atz: Hell, that's difficult enough for a computer
20:28 atz yeah
20:28 pianohacker Wouldn't be much of an obstacle for a cataloger, though
20:28 atz lol
20:29 pianohacker see ya
20:31 wizzyrea sarcasm aside, the web interface isn't really the best interface for ppl with disabilities. And we could do more with the web interface if we'd alternately accommodate for disability.
20:32 wizzyrea (just being the devil's advocate here... I'd just as soon go full throttle AJAX and be done with it)
20:33 pianohacker Yes. I think it might be good to see how far ARIA and some basic accessibility improvements (including the much-discussed Skip to content link) will take us before we commit to maintaining a separate template set, but it's something to think about
20:33 pianohacker Hey, I'm with you
20:34 wizzyrea but I know there would be resistance >.<
20:36 richard hi
20:42 richard cya paul_p
20:48 wizzyrea gnite Paul
21:02 chris right at work now
21:04 Snow_Fox hey when it comes to images
21:04 Snow_Fox what would be the max size that koha can support
21:05 Snow_Fox or is it more webbased where i have to keep a certain size or itll mess with the layout
21:05 chris the latter
21:05 pianohacker Snow_Fox: Depends. What kind of image are you talking about?
21:05 Snow_Fox the Patron Images
21:05 pianohacker I'd go with chris's answer, then
21:05 Snow_Fox thats what i figured
21:15 atz the manual has concrete dimensions i think...
21:21 Snow_Fox anyone in here play with HP's Data Protection Express backup system?
21:22 Snow_Fox Data Protector Express
21:22 chris not me
21:40 joetho me neither. Sounds ominous
21:44 Snow_Fox Storage Works?
01:12 pianohacker /Koha's Oddly Enough/: The TemplateEncoding systempreference is used to define the _input_ encoding for an obsolete MARC Record processing function, and nowhere else
01:42 pianohacker 'gnight, #koha
03:58 Amit hi chris, galen
03:58 Amit good morning #koha
04:01 Amit hi ebegin
04:02 ebegin heya amit!  How are you?
04:02 Amit munin: @wunder New Delhi
04:02 munin Amit: downloading the Perl source
04:02 ebegin @wunder new delhi
04:02 munin ebegin: The current temperature in New Delhi, India is 32.0°C (9:00 AM IST on July 17, 2009). Conditions: Haze. Humidity: 66%. Dew Point: 25.0°C. Pressure: 29.50 in 999 hPa (Steady).
04:02 Amit ebegin:I m fine what about u? Sory today i m late
04:02 ebegin #wunder montreal, quebec
04:02 Amit @wunder Dehradun
04:02 munin Amit: The current temperature in Dehradun, India is 27.0°C (8:30 AM IST on July 17, 2009). Conditions: Haze. Humidity: 89%. Dew Point: 25.0°C. Pressure: 29.47 in 998 hPa.
04:02 ebegin @wunder montreal, quebec
04:02 munin ebegin: The current temperature in Montreal, Quebec is 18.0°C (11:50 PM EDT on July 16, 2009). Conditions: Mostly Cloudy. Humidity: N/A%. Pressure: (Rising).
04:05 ebegin bedtime... see you tomorow!
04:05 Amit good night ebegin
04:37 Amit hi thd
04:37 thd hello Amit
05:39 Amit hi indradg
05:40 indradg morning Amit
06:53 paul_p hello world
06:54 Amit hi paul_p
07:03 kf good morning #koha :)
07:05 Amit hi kf
07:25 nahuel hi all
07:26 kf hi nahuel
07:27 nahuel hi kf, what's up in germany ?
07:29 Amit hi nahuel
07:29 nahuel hi Amit
07:32 kf @wunder Konstanz
07:32 munin kf: The current temperature in Taegerwilen, Germany is 18.1°C (9:32 AM CEST on July 17, 2009). Conditions: Light Rain Showers. Humidity: 95%. Dew Point: 17.0°C. Pressure: 29.97 in 1014.8 hPa (Steady).
07:32 kf nahuel: rain, rain and rain
07:33 nahuel here... sun sun sun and sun and heat, heat heat heat heat
07:33 kf cant decide whats better g
07:35 nahuel I think none of both
07:35 greenmang0 hi indradg
07:35 indradg hi greenmang0
07:36 kf for working on my koha project rain isnt so bad, just coming to work is sometimes a little difficult on these days
07:36 Amit @wunder Bangalore
07:36 munin Amit: Error: No such location could be found.
07:37 Amit @wunder New Delhi
07:37 munin Amit: The current temperature in New Delhi, India is 35.0°C (12:30 PM IST on July 17, 2009). Conditions: Haze. Humidity: 53%. Dew Point: 24.0°C. Pressure: 29.44 in 997 hPa (Falling).
07:39 paul_p wow... 35°... and we complaint with our poor 32° here in marseille... (humidity probably higher than 53% in the evening those days I think)
07:39 paul_p @wunder Marseille, France
07:39 munin paul_p: The current temperature in Marseille, France is 24.0°C (9:30 AM CEST on July 17, 2009). Conditions: Scattered Clouds. Humidity: 78%. Dew Point: 20.0°C. Pressure: 29.95 in 1014 hPa (Steady).
07:40 paul_p yep, humidity 78%...
07:40 nahuel kf, it's hard here to come to work, too heat
07:40 paul_p (it's 10AM here)
07:40 nahuel to humid
07:40 nahuel you arrive sweaty
07:52 chris evening
07:53 paul_p @wunder wellington
07:53 munin paul_p: Error: No such location could be found.
07:53 paul_p @wunder wellington, new-zealand
07:53 munin paul_p: Error: No such location could be found.
07:54 paul_p NZ is too small... unknow for munin :(
07:54 kf @wunder wellington, nz
07:54 munin kf: The current temperature in Wellington, New Zealand is 10.0°C (7:00 PM NZST on July 17, 2009). Conditions: Scattered Clouds. Humidity: 87%. Dew Point: 8.0°C. Windchill: 8.0°C. Pressure: 29.65 in 1004 hPa (Steady).
07:54 kf :)
07:54 kf saw chris doing it
07:54 paul_p humidity 87% and 10°C. it's winter...
07:54 chris -i
07:54 chris yes, rainy
07:55 paul_p (couldn't miss this occasion to laugh a little...)
07:58 chris i think gary might have been at kohacon
07:58 Amit @wunder Bangalore, ind
07:58 munin Amit: Error: No such location could be found.
07:59 paul_p I was not sure. anyway, he did not introduce himself on koha-dev, so my mail is still relevant ;-)
07:59 chris yep :)
08:11 indradg @wunder Kolkata
08:11 munin indradg: The current temperature in Kolkata, India is 30.0°C (12:20 PM IST on July 17, 2009). Conditions: Mostly Cloudy. Humidity: 79%. Dew Point: 26.0°C. Pressure: 29.42 in 996 hPa (Steady).
08:12 Amit chris: where is Egmont National Park in NZ
08:13 nahuel hi chris
08:13 nahuel !
08:14 nahuel :)
08:16 chris near new plymouth, around mount taranaki .. west coast of the north island
08:17 Amit Mt. Egmont volcano last erupted in 1755 and is now situated at the centre of Egmont national park. park regulations have ensured the survival of a forest which extends at a 9.5 km radius from the summit of the volcano, the result of which can be seen from space in the form of huge dark green disc. this photo was taken during the sts-110 mission, april 2002.
08:17 Amit  
08:17 chris its actually called Mt. Taranaki
08:18 chris that must be old information :)
08:19 Amit i have seen this on email
08:20 chris http://www.makenewzealandhome.[…]serfiles/image/Mt Taranaki.jpg
08:21 Amit chris: Error The page cannot be found
08:23 chris try http://www.makenewzealandhome.[…]Mt%20Taranaki.jpg
08:23 chris (they both work for me)
08:23 Amit yes this will open
08:23 Amit chris; nice, beautiful
08:26 Amit[…]nal-parks/egmont/
08:32 chris mason used to work for a library near there amit
08:32 Amit ok
08:36 |Lupin| hello everybody !
08:37 kf guten morgen lupin!
08:39 Amit hi lupin
08:40 |Lupin| hallo kf wie geht es heute ?
08:40 |Lupin| hi Amit :)
08:40 |Lupin| is there any Perl programmer around please ?
08:41 |Lupin| I'd like o know whether Perl has somewhere a function that would cleanup user input so that it can be inserted safely in SQL requests
08:41 |Lupin| so biasically removing the special characters...
08:41 chris yep
08:41 chris use place holders
08:42 chris my $query = "INSERT INTO issues (borrowernumber,something) VALUES (?,?)";
08:42 chris my $sth = $dbh->prepare($query);
08:42 chris $sth->execute($variable1,$variable2);
08:42 kf Lupin: gut, ich hoffe dir auch
08:43 chris DBI will escape the input
08:44 |Lupin| kf: ja, viel mal danke !
08:44 |Lupin| chris: hmm, not sure I understand...
08:45 |Lupin| chris: I'm looking for a function to use on a user-submitted string, before it is used for a search in an sql query
08:45 chris yes, and the answer is to use placeholders in your query
08:45 chris and put the string in the execute call
08:46 chris and then DBI will escape it for you
08:46 |Lupin| chris: ok, excuse me. I'll try to nderstand what you have just said.
08:46 chris eg
08:46 chris my $user_input = "Some string";
08:47 chris my $sql = "INSERT into table (some_column) VALUES (?) ";
08:47 chris my $sth = $dbh->prepare($sql)l
08:47 chris my $sth = $dbh->prepare($sql)l; (typo before)
08:47 chris $sth->execute($user_input);
08:48 chris DBI takes the ? and puts the escaped $user_input in its place
08:49 |Lupin| chris: okay, got it, thanks a lot !
08:49 |Lupin| chris: and that works for select querys the same way I guess ?
08:50 chris yep
08:51 |Lupin| great
08:51 |Lupin| thanks very much chris
08:51 |Lupin| I don't think I would have found it out by myself
08:51 |Lupin| didn't even know where to look / what to ask for
08:51 |Lupin| (in Google, for instance)
08:54 chris DBI placeholders ... if you want to read more :)
08:57 |Lupin| chris: sure, thanks
08:57 |Lupin| any pointer about writing secure code in Perl, etc. ?
08:58 chris dont trust any input from users :)
08:58 chris using placeholders will protect you from sql injection attacks
09:00 |Lupin| chris: yep
09:00 |Lupin| chris: protection from injection attacks: god thing.
09:00 chris
09:00 |Lupin| are the known types of attacks listed somewhere ?
09:00 |Lupin| like XSS, injection...
09:01 chris for XSS you need to escape output
09:01 |Lupin| chris: ah, right, the perlsec manpage
09:01 |Lupin| certainly worth reading !!
09:01 chris quite different
09:01 chris never never never never ever
09:01 chris take user input, and then output it
09:01 chris untouched
09:02 chris (that includes input from a db)
09:02 |Lupin| chris: rright
09:02 |Lupin| chris: yep, I understand
09:02 chris that will protect your users
09:02 |Lupin| k
09:02 chris and never trusting input will protect you
09:03 |Lupin| ACK
09:03 chris 2 different types of attack, XSS attacks the person using the site
09:03 chris injection attacks the site
09:03 |Lupin| ok
09:03 chris usually, people use injection attacks to create XSS
09:03 chris to steal users cookies etc
09:04 |Lupin| difficult for me to see how that can be achieved, concretely
09:04 chris easily
09:05 chris if i can get you to store <script>someting something</script>
09:05 chris in your db
09:05 chris and then its output onto a page somewhere
09:05 |Lupin| chris: for cookies, for example, you have to put some code in the server tha will be sent to the user and then send its cookies to you ?
09:05 chris yeah very easy to do
09:05 chris eg
09:06 |Lupin| hm so this kind of attacks assumes the user has JS enabled ?
09:06 chris[…]<blink>test<%2Fblink>
09:07 chris (i have fixed this, so latest version of koha isnt susceptible)
09:07 chris yes, XSS = cross site scripting
09:07 chris doesnt work without js
09:07 chris so that lets me embed any html i want and its output unescaped
09:08 |Lupin| chris: ok, I see. So actually not using js may also have advantages sometimes ! :-)
09:08 chris i could do <script type="text/javascript" src="">
09:08 |Lupin| chris: but the content won't go in the db, will it ?
09:09 chris in this case it doesnt need to
09:09 chris all i need to do is trick someone into going to that page
09:09 |Lupin| chris: right.
09:09 chris now
09:09 |Lupin| like you give someone a link to your webpage, on which there is this link, and that's it.
09:09 chris yep
09:10 chris if i could get that into the db, say in the libraryname syspreference
09:10 chris then that would be on every single page in the opac
09:10 chris and no one would notice
09:10 |Lupin| ok
09:11 |Lupin| and this is avoided by the DBI placeholders you mentionned previously
09:11 chris no
09:11 |Lupin| no ?
09:11 chris that wont stop someone putting sql in your db
09:11 |Lupin| you meant HTML, didn't you ?
09:11 chris it will stop someone crashing your db and taking control of your server
09:11 chris yep i did
09:12 |Lupin| ok
09:12 chris you need to escape output
09:12 |Lupin| so do you have a protection against this ?
09:12 chris like
09:12 |Lupin| ah yes that was this part of what you were saying
09:12 chris if you are using HTML::Template like Koha does
09:13 chris ESCAPE="HTML"
09:13 chris so <TMPL_VAR NAME="something" ESCAPE="HTML">
09:13 |Lupin| ah ok I see
09:14 chris certainly do that for the search string, cos we output that without checking it
09:14 |Lupin| you mean when creating new templates ?
09:19 chris yep, and we should check our existing ones it never hurts to check when you are editing a template
09:19 chris 'is everything that should be escaped here, escaped?'
09:21 |Lupin| I see
09:21 |Lupin| very nice security lesson chris, thanks
09:23 chris one of the sysadmins at work spent a lot of time doing security work
09:23 |Lupin| yes ?
09:23 |Lupin| sounds wise
09:24 chris he is going to do an audit on koha for us
09:24 |Lupin| chris: do koha scripts run in tainted mode as perlsec suggests ?
09:24 |Lupin| oh wow
09:24 chris nope
09:24 |Lupin| sounds great and interesting
09:25 |Lupin| chris: is it the result of a design decision, or just that none took the time to do the modification so far ?
09:26 chris well it wouldnt make sense for the intranet, but we should probably run the opac with taint on
09:27 |Lupin| chris: why do you say it wouldn't make sesne for the intranet ? because you make the hypothesis that someone with a password is trustworthy, right ?
09:28 chris partly, also because we dont do anything that taint would protect us from
09:29 chris like opening files etc
09:29 chris the dbi placeholders protect the db
09:30 chris if we were to do system calls, or writing to files, or things like that, we should definitely run that script with taint
09:30 |Lupin| chris: I see. tainted seems to be more for inmut like files, environment variables, etc.
09:30 chris *nod*
09:31 |Lupin| chris: but in theopac you don't do such things either, do you ?
09:32 chris yep but if one crept into there it would be much worse than the intranet, so having a rule that the opac runs under taint would make it hard for us to accidentally sneak an untainted system call in
09:33 |Lupin| chris: ok
09:33 chris (we might one day allow users to upload their own patron images for example)
09:34 chris or an icon to show with their reviews
09:36 |Lupin| ah and that would make the opac tainted, definitely
09:36 |Lupin| (if the right measures are't taken, I mean)
09:36 chris *nod*
09:46 davi In what Koha table is the publisher or editorial kept?   It is not in biblio.
09:46 hdl_laptop biblioitems
09:49 davi thank hdl_laptop   Confirmed
11:31 Amit hi jwanger
11:31 jwagner Hi Amit
11:49 hdl_laptop hi. any Ller around ?
11:50 |Lupin| Ller ?
11:51 paul_p |Lupin|: LibLimer
11:51 |Lupin| quite cryptic ! :)
11:51 |Lupin| hi paul_p and thanks
11:51 paul_p (and we are BL (BibLibre) or BibLibrarian
11:54 |Lupin| paul_p: right

| Channels | #koha index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary