Time Nick Message 00:14 jcamins Joel was right. 00:25 wizzyrea http://www.clker.com/cliparts/0/5/8/4/13025645181433592567haters-gonna-hate18-hi.png 00:28 trea also, Snape kills Dumbledore. that is all. 00:46 dcook lol 00:46 dcook I just noticed trea left after that one 00:46 * dcook was not impressed with that spoiler when he originally heard it 01:01 wizzyrea Use the force, Harry. -- Love, Gandalf. 01:01 trea ^^ 01:23 mtompset Greetings, #koha. 01:23 mtompset Silly VM causing networking issues. 01:30 eythian @wunder nzwn 01:30 huginn eythian: The current temperature in Wellington, New Zealand is 13.0°C (2:00 PM NZDT on November 26, 2013). Conditions: Light Rain Showers. Humidity: 94%. Dew Point: 12.0°C. Pressure: 29.74 in 1007 hPa (Steady). 02:06 wizzyrea does anyone remember a bug about item level holds not appearing on the hold queue? 02:07 wizzyrea I can't find it, and I am *sure* it was a bug. 02:08 rangi hmm 02:09 rangi @search item level holds 02:09 huginn rangi: (search <word>) -- Searches for <word> in the current configuration variables. 02:09 rangi @query item level holds 02:09 huginn rangi: 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=2894 major, P3, ---, paul.poulain, NEW , Routing list holds are broken 02:09 huginn rangi: 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3060 major, P5 - low, ---, gmcharlt, NEW , item number not on holds to pull report 02:09 huginn rangi: 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10162 normal, P5 - low, ---, gmcharlt, NEW , holds shouldn't be allowed on the title level of analytics 02:09 huginn rangi: 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8723 critical, P5 - low, ---, koha-bugs, NEW , holds don't transfer when moving items 02:09 huginn rangi: 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8859 normal, P5 - low, ---, koha-bugs, NEW , Item level holds not trapped if circ rules for item type are set to 'no holds allowed' 02:09 eythian bug 3060 looks possibly likely 02:09 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3060 major, P5 - low, ---, gmcharlt, NEW , item number not on holds to pull report 02:09 eythian no wait 02:09 eythian I misread it 02:10 wizzyrea mmmm 02:30 wizzyrea bug 10311 02:30 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10311 major, P5 - low, ---, kyle.m.hall, Pushed to Stable , Holds queue ignores item-level holds where only one items exists 02:30 rangi ah ha 03:29 mtompset Greetings, pianohacker rambutan rangi. 03:30 mtompset Greetings, eythian too. :) 03:30 eythian hi 03:30 wahanui hola, eythian 04:38 * dcook seems to remember hearing about someone seeking to rewrite the circ rules... 04:38 dcook If they do a good job, I will buy them beer 04:38 dcook "Also, these policies are based on the patron's home library, not the library where the hold is being placed.." 04:38 dcook Umm, what? 04:39 pastebot "dcook" at 127.0.0.1 pasted "holds? what?" (7 lines) at http://paste.koha-community.org/6 04:40 dcook Wait...maybe I do understand it.. 04:44 rangi yep it means what it says, if they place a hold at branch x, but their home library is branch y .. the rules from branch y are used 04:45 dcook What if the rule is that no items from branch x can be put on hold? 04:47 dcook Or does that just mean in regards to the syspref doing the override? 04:47 dcook If that's the case, that makes sense 04:47 dcook It just seems like "these policies" might be referring to two different sets of policies 04:49 dcook Must run though 04:49 dcook Thanks for answering, rangi :)( 04:49 dcook :)* 05:24 edveal Darn I was hoping I would catch Larryb working late. 05:55 WaylonR hi all 06:14 mtompset Hello and goodbye. 06:14 mtompset Have a great day, #koha. 06:51 alexia hello, we are new to koha and we have a problem with authorities, they do not display even though i have run the indexer through the command misc/migration_tools/rebuild_zebra.pl -b -r -v. Is there any other indexer i need to run? Also , how do we create punctuation in cataloguing? 06:51 WaylonR alexia, -a is authorities. 06:51 WaylonR so, -b -a -r 06:52 WaylonR -v if you really want verbose 06:52 alexia ok ill try this now and let you know, thanx! 07:13 WaylonR okay, using straight koha-master, can't login, keep getting 'session timed out' after logging in and clicking something. 07:32 WaylonR is git.koha-community.org down? 07:32 cait seems a bit slow 07:33 cait WaylonR: try deleting your cache 07:33 WaylonR did that. 07:33 cait maybe it's a bad session cookie 07:33 cait also, did you change your timeout setting? 07:33 WaylonR and git pull/fetch isn't working. 07:33 cait yeah i can't access the page either 07:33 cait we might have to wait for US waking up to fix it 07:34 WaylonR welp... guess ill do koha another day. 07:38 reiveune hello 07:38 wahanui bonjour, reiveune 07:46 WaylonR gits back 07:50 WaylonR hmmmmm. 07:51 WaylonR i really have no idea why the system is kicking me out, cait.. i cleared cache. and timeout is set to 1800 07:51 cait hm confusing 07:51 cait maybe check if there is something in the logs? 07:52 WaylonR and git is being abit slow yeds. 07:52 WaylonR yes 07:53 cait ok, have to run 07:53 cait bbl 07:59 WaylonR gitweb / git. is being really slow... 08:01 gaetan_B hello 08:01 wahanui bidet, gaetan_B 08:07 Joubu hi #koha 08:34 cait good morning #koha 09:32 cait ashimema++ 09:33 cait gmcharlt: ping me when you have a few mins please? 10:03 rangi Joubu: why use a whitelist, not use reftype ? 10:05 Joubu rangi: I don't understand what you want to do with reftype :) 10:06 rangi right 10:06 rangi so an object is just a blessed array 10:06 rangi sorry blessed hash 10:06 rangi ref cant understand that 10:06 cait maybe give an example? 10:06 rangi reftype can 10:06 rangi reftype($object) eq 'HASH' 10:07 Joubu yes, it is what I do. But in fact I have to encode only some object 10:07 Joubu Koha::Schema and DateTime is too big 10:07 Joubu and it is useless to encode values 10:07 Joubu There is no string we want to display 10:08 Joubu Currently only C4::Category causes problems 10:09 rangi then i cant see how that is any better than just adding the html_entity filter 10:09 Joubu rangi: if I "parse" all objects and all members of these objects, the load will increase significantly 10:09 * cait wishes she would understand what you 2 are talking about - but i hope it can be solved 10:11 Joubu I think it is better to fix the issue into a pm rather than in all tt files displaying a member of a C4::Category object 10:11 cait i think there was also someone worried about html_entity having not all possible characters? 10:11 cait i only saw it on the bug 10:12 rangi they are both the wrong solution 10:12 Joubu rangi: yes :) 10:12 Joubu rangi: what is the good one ? :) 10:13 rangi store and retrieve the item properly 10:13 rangi we shouldnt be doing any encodes 10:13 rangi on display 10:16 fredericd cait: Is there a bug umbrella covering JavaScript translatable texts bad formating? => _(' rather than _(" 10:17 * rangi goes to sleep 10:17 Joubu rangi: That is a big development, isnt it? 10:17 Joubu rangi: good night 10:17 wahanui I watch you sleep. 10:23 cait fredericd: there might, but i think easier to just open one that can then be lcosed 10:24 cait wahanui: you can think that, but not say it aloud - it's creepy ;) 10:24 wahanui cait: i'm not following you... 10:29 fredericd cait: seen bug 8942 10:29 wahanui bug was last seen on #koha 2 years, 88 days, 7 hours, 28 minutes and 15 seconds ago, saying: seneca: rangi is a man :P [Wed Aug 31 03:01:06 2011] 10:29 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8942 normal, P5 - low, ---, frederic, RESOLVED FIXED, Translation process breaks javascript in calendar.inc 10:30 cait fredericd: hm yes - not sure I understand what you want to do 10:30 cait fredericd: if there is a new occurence i woudl put it on a new bug I think - it's just easier to track. The omnibus bugs arre getting really huge fast 10:30 cait fredericd: maybe could have linked bugs to an omnibus one, but I don't think we have one yet 10:31 fredericd cait: Ok. I will open a new bug. xt/single_quotes.t test has to be expanded to test Bootstrap theme also 10:31 cait aaah ok 10:31 cait that makes sense 10:31 fredericd There is something wrong on Bootstrap opac-detail.tt which break display in French when single quote is used 10:32 cait fredericd: that makes sense, expanding the test and fixing every problem pointed out would be good 10:37 WaylonR okay, ive updated to current master.. and still its kicking me out of koha after logging in successfully, and doing something. 10:37 cait WaylonR: and you cleared your cache and cookies? 10:37 cait maybe try a different browser too? 10:38 WaylonR different browser worked.. 10:38 WaylonR it.. works in IE..... 10:38 WaylonR Dum dum dummmmmm 10:42 cait eek :) 10:42 cait now i am really worried 10:42 cait hi ashimema :) 10:42 ashimema good morning cait 12:55 mjoven Hi all, can I post here a question about OPAC interface ? 12:55 WaylonR go ahed 13:04 mjoven When I search a book in Adminitrator Page, in details I can see Location ; but when a user connect with OPAC and search for same book, he cannot see its location 13:04 mjoven I don't understand if I need to enable some permission 13:04 WaylonR paul_p, <mjoven> When I search a book in Adminitrator Page, in details I can see Location ; but when a user connect with OPAC and search for same book, he cannot see its location 13:05 WaylonR what can mjoven do? 13:05 WaylonR I think Marc structure .. visible needs toggling.. 13:05 WaylonR somewhere. 13:08 mjoven WaylonR I confirm that books were imported from another program and converted to MARC 13:09 WaylonR not what i ment. 13:09 mjoven MARC define detail about book or permissions too ? 13:13 WaylonR gpto /cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=952&frameworkcode=#subbfield ... is koha link: items.holdingbranch? if so, check that Visibility: OPAC is turned on. 13:13 WaylonR err.. 13:13 WaylonR first, goto that link, then click on b 13:13 WaylonR then the rest 13:13 wahanui hmmm... then the rest is easy peasy 13:13 WaylonR ah 13:14 WaylonR visibilty is under "Advanced constraints" 13:14 cait mjoven: does it show on the detail page? the location? I mean is the difference in results or in detail pages? 13:14 WaylonR oooooo 13:14 WaylonR good question 13:15 cait WaylonR: the marc frameworks will only limist it for the marc view - most people are not aware of that i think - the normal display is driven by xslt (if activated) or is hardcoded perl :) 13:17 cait mjoven: what do you mean by location? the library or a location (LOC)? 952 a/b or c? 13:18 mjoven @cait I'm refering to location (I think 952c), library is showed correctly 13:18 huginn mjoven: I suck 13:22 WaylonR .... huginn's a bot, ignore him 13:22 cait mjoven: detail page or result list? 13:23 mjoven detail page 13:23 wahanui detail page is great 13:23 cait mjoven: which version of Koha? and are you using the XSLT displays? 13:23 cait is your opac accessible? 13:23 mjoven @cait unfortunately is not accessible 13:23 huginn mjoven: I've exhausted my database of quotes 13:23 cait hm 13:24 cait you do't need the @ here, it will show up for me without :) 13:24 mjoven cait, sorry 13:25 cait things to look out for 13:26 cait your location codes in the item (best visible maybe when you look at the marcxmk download) exactly match the code you have defined in authorized values > LOC 13:26 cait lower/uppercase can matter 13:26 mjoven let me know if I understand; information about MARC is saved in database (items table, I think); Koha select different field to show book details fpr administrator or user, correct ? 13:28 cait not sure where to start here 13:28 cait :) 13:28 mjoven cait, yes, is same location; this information is saved in LOCATION field, ITEMS table 13:28 cait items has the item information, some is linked to other tables, so for example your locations have a description and that is saved in another table 13:28 cait you only have the code for a location in items 13:28 cait or you should have, but I don't know how you migrated 13:29 cait location is not really a free text field 13:29 cait it's a field for a code that is then looked up 13:30 cait to be resolved into a description 13:30 cait you can define those codes and descriptions under administration > authorised values > LOC 13:38 mjoven but in LOCATION field there is the exact information about the book 13:38 mjoven I'll try see in administration > authorised values > LOC 13:44 mjoven cait, thanks 13:50 oleonard Hi #koha 13:53 cait hi oleonard :) 13:57 druthb cait! oleonard! 14:19 cait druthb! 14:19 druthb :) 14:21 cait @later tell gmcharlt - ping me when you have a few minutes? 14:21 huginn cait: The operation succeeded. 14:40 cait magnuse++ :) 15:05 cait hm could someone give the restriction patches a test? 15:05 cait looking for a sign off :) 15:05 cait bug 11282 15:05 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11282 blocker, P5 - low, ---, koha-bugs, Needs Signoff , Not possible to create multiple restrictions from patron details/new restriction overwrites existing 15:36 mtompset Greetings, #koha. 15:36 mtompset How about that dd/mm/yyyy format loving to blow up things? :) 15:40 rambutan We should take strong countermeasures. 15:40 oleonard ? 15:41 mtompset oleonard: given a date in an unknown format (which you as a human being knows it will be dd/mm/yyyy) convert it to YYYY-MM-DD. 15:41 mtompset I can't find a perl library that does this right. 15:42 oleonard Koha must be doing it somewhere 15:42 mtompset It fails. 15:42 oleonard ...since it accepts dd/mm/yyyy as a date format preference 15:42 mtompset Yes, and it blows up in the tools/inventory.pl 15:43 pastebot "mtompset" at 127.0.0.1 pasted "The first line is me adding code." (6 lines) at http://paste.koha-community.org/7 15:44 oleonard Well let's be specific then. "It fails" is unnecessarily broad. Koha most certainly handles dd/mm/yyyy correctly in most places 15:44 mtompset True ... it fails in tools/inventory.pl 15:44 mtompset There's the paste. 15:45 mtompset But it isn't a Koha bug. It's a perl library bug. 15:45 mtompset So, I've been trying to find something that does it right without knowing the format. 15:45 mtompset Because only the human will know the system preference value 15:46 oleonard I know nothing about it, but I can't help but think looking at other Koha code that handles dates correctly would be enlightening 15:46 cait mtompset: i am quite sure we do that in lots of places like oleonard said 15:47 mtompset I'll see if we do, but my gut is that we merely display it, and not try to convert it to YMD or some other format. 15:47 cait and koha does know the syspref value too - we show the hints and all that about how to enter a date 15:48 mtompset when I say "doesn't know"... functionX(parameter) is unaware of what parameter is, but it is expecting a particular range, and DMY doesn't seem to be in it. 15:49 cait oleonard: thx for testing 11282 15:49 cait khall: 11282 needs you! :P 15:49 oleonard Sure. Hopefully only a simply follow-up is required 15:50 cait oleonard: i really want to see that one fixed, it's a bit scary with the overwriting of data 15:50 khall cait: I'm on it! 15:50 cait khall++ :) 15:57 khall owen: I can't reproduce your problem! 16:01 khall cait: oleonard: http://screencast.com/t/LjSyPIsw 16:04 oleonard Sorry khall, it really doesn't work for me 16:05 khall are you testing on master? 16:05 khall have you tried it in a sandbox? 16:05 oleonard Testing on master, not in a sandbox 16:05 khall oleonard: anything show up in your error log? 16:06 khall does it save the restriction, just without the date? 16:07 oleonard The only error looks unrelated: Use of uninitialized value $_ in hash element at members/memberentry.pl line 825 16:07 oleonard It saves the restriction without the date 16:10 khall oleonard: it seems to be working fine in a sandbox as well: http://pro.test6.biblibre.com/cgi-bin/koha/circ/circulation.pl?borrowernumber=19 16:10 khall user/pass: test/test 16:11 khall oleonard: yes, that error is indeed unrelated. I'm not sure where to go from here. I can't reproduce your problem! 16:15 oleonard Wait here's something else: Use of uninitialized value in concatenation (.) or string at /intranet-tmpl/prog/en/includes/borrower_debarments.inc line 46 16:31 Shane-S Hi all, weird issue, my server was down, and when I SSH'ed in, it was so slow it timed out my login, luckily its a VM, so I connected to the machine's terminal through VMWare, to be greeted with out of memory errors and printslip.pl in the () 16:31 Shane-S any idea what could cause that? I just ran a sudo apt-get update / upgrade in the event of any patches fixing that 16:31 Shane-S I also upped the memory from 2Gb to 4Gb 16:32 Shane-S I had to hard-reboot, as the console wouldn't even give me a prompt to type at 16:33 cait oleonard: is it a new user? no previous restrictions? maybe there is some difference between the users you are both testing with? 16:33 cait dateformat syspref? 16:33 oleonard Tried multiple dateformat sysprefs 16:33 oleonard Did you test it successfully cait? 16:34 cait can't right now :( 16:34 cait only later, i was waiting for a sign off so i coudl do qa - but can only try to reproduce a little later 16:40 rangi right since someone 0dayed us on the main koha list 16:40 cait 0dayed? 16:40 rangi can someone please sign off bug 11307 16:40 cait oh right,... the security thing :( 16:40 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11307 critical, P5 - low, ---, oleonard, Needs Signoff , Potential XSS attack vector in opac rss feed 16:40 cait why are you awake? 16:40 rangi its not as bad as it seems 16:40 rangi security mails make my computer beep 16:41 oleonard A bug so nice they reported it twice 16:41 rangi its only in the the rss 16:41 cait your computer wakes you up for security issues? 16:41 rangi and cant easily be exploited 16:41 rangi but its simple to stop so i have 16:41 rangi it should take you about 2 mins to test :) 16:45 rangi cait: if i left it on, yep it does on certain mailing lists 16:46 oleonard I must leave, so maybe someone can submit a follow-up for the Bootstrap theme? 16:46 reiveune bye 16:51 Shane-S would adding "alt" text to the Koha link (where it says "Powered by Koha") like Koha v3.X.X work and be hard to do to check your version at a glance? 16:51 mtompset is someone signing it off, or shall I? 16:51 cait rangi: going to qa now 16:51 cait hope i can get search working on the dev env but it might work without 16:52 rangi mtompset: if you could that would be great 16:53 rangi bootstrap patch attached too 16:54 cait ah , thought oleonard had signed off, waiting for you mtompset 16:54 cait fixing my search 16:54 rangi @later tell gmcharlt bug 11307 16:54 huginn rangi: The operation succeeded. 16:55 gmcharlt rangi: noted 16:56 mtompset Hmmm... 16:56 mtompset I was only expecting one attachment. 16:57 * mtompset laughs. 16:58 mtompset Okay... patch works according to test plan. 16:58 mtompset Now to sign this sucker off. 16:59 mtompset This is the part that is annoyingly complex. 16:59 rangi im not sure that you can actually do xss with it 16:59 rangi but displaying unescaped user input is never a good idea 17:00 rangi so fixing it cant hurt 17:00 * mtompset agrees. 17:00 mtompset okay... so how do I attach the two patches and not just the one patch? 17:00 mtompset git so 2. done. git bz attach what? 17:01 rangi i attach a patch at a time 17:01 rangi so HEAD^ 17:01 rangi and then HEAD 17:03 ashimema If I'd have spotted this a few minute earlier... was just testing that patch ;) All your though mtopmset as seems your slightly ahead of me 17:04 cait ashimema: coudl you do qa? 17:05 cait i have really problems with apache and that installation i have here at work 17:05 ashimema sure 17:05 cait i have to sort that out first or go home and test there 17:05 mtompset Oops... need to test bootstrap. 17:07 gmcharlt rangi: yeah, I don't think it's worth cutting a special security release 17:07 rangi me either 17:07 rangi however 17:07 gmcharlt also, you can do ranges with git bz 17:07 rangi we should use this to write a responsible disclosure page 17:07 rangi and send that 17:07 gmcharlt git bz attach -e 12345 HEAD^^^..HEAD 17:07 rangi cos sending potential security issues to the main list = not the best 17:08 ashimema so mtompset.. did you test bootstrap in the end or not? 17:08 mtompset Just finished. 17:09 rangi thanks mtompset 17:09 ashimema brill.. I'll go ahead and qa it as requested 17:09 mtompset YUCK! It's much more visible in the bootstrap. 17:10 mtompset Don't even need to look at page source. 17:14 rangi i think the whole rss is kinda busted in bootstrap 17:14 rangi but thats a different problem 17:15 mtompset True. 17:17 rangi fixed that too now :) 17:20 rangi bug 11308 17:20 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11308 normal, P5 - low, ---, oleonard, Needs Signoff , RSS feed is slightly broken in bootstrap theme 17:24 ashimema I tihnk I can still see the security issue in the bootstrap patch rangi.. 17:26 rangi i must admit i didnt test bootstrap side very thoroughly, its not escaping the html? 17:26 rangi i see <opensearch:itemsPerPage>50"'<h1>test</h1></opensearch:itemsPerPage> 17:27 ashimema one sec.. just rechecking the patch actually applied 17:28 ashimema ooh.. It's chrome being overly clever.. 17:28 rangi make sure you check the source, cos without patch 11308 it does weird things anyway 17:29 rangi if you apply 11308 first, then it, it behaves more like prog theme :) 17:29 ashimema I was viewing the source but via chrome's developer panel.. if you view source manually then it works out fine. 17:29 rangi ah sweet 17:30 ashimema I'm hapy now.. will throw the qa scripts at it just for good habbit.. but I'm doubting they'll throw any nasties. 17:30 rangi thanks 17:30 rangi and now its time for me to actually wake up 17:30 rangi bbiab 17:31 rambutan do libraries that use patron images generally require them of all card holders, adults only, youth only, or something else? 17:32 Shane-S rambutan: cippa laws in the USA might restrict the youth photos 17:34 Shane-S sorry CIPA: http://www.fcc.gov/guides/childrens-internet-protection-act (not sure if it applies at all, but can't hurt to check) 17:34 rambutan well, I wouldn't think cipa would apply to the data the library holds on the child, after all, we have name, address, DOB, etc. 17:34 rambutan CIPA addresses Internet access 17:36 Shane-S Yeah...we also have other laws to consider here, as a school. We can't hold any student demographics on an unsecured server that is connected to the internet 17:36 * cait should be home already 17:36 cait bye all 17:38 rambutan Shane-S: what constitutes "unsecured"? Where are you located? 17:40 rambutan Anybody know offhand if SIP can pull patron images? (I would guess not). 17:41 druthb I would think not; that would increase the size of the SIP message beyond its' limit, even for a small image. 17:42 rambutan humm, pull via API? 17:43 druthb that, maybe, or put a link to it in the SIP message. but it sounds like a @quote get 123 to me.. why would you want to? 17:43 rambutan OK, glad you asked! 17:44 rambutan So our staff has problems with kids using each other's library cards or their parents cards for internet access... 17:44 druthb ah…so when they come to reserve, you'd like to see the pic, like you can at the circ desk. 17:44 rambutan and we're writing our own PAC. So in doing so we're discussing how nice it would be for staff to be able to click on the library card of a logged in user.... 17:45 rambutan and pull their ILS info, like name, age, etc, so see if a patron that appears to be 11 y.o. is using a card issued to a 41 y.o. 17:46 rambutan and the logic extension of that would be to pull their image from the ILS to help confirm their credentials 17:46 Shane-S rambutan: that we don't use SSL/HTTPS connections to the server. As I read the laws we have the server must carry a valid encryption certificate, which I don't do/need. 17:47 Shane-S I am located in NJ, and we have a Student Information Privacy & Protection Act 17:47 druthb That actually makes some sense, rambutan. You'd have to do some sort of API treachery, since it's stored in the database, and not just a file you could link to. 17:48 rambutan yea, schools have lots of stuff they have to do. I probably couldn't put up with it. 17:48 druthb Shane-S: Why on earth would you *not* spend the $20 or so to get a certificate? It's really cheap protection for every patron you have. 17:49 Shane-S druthb: because the librarian doesn't even use the patron online access. Since you can't identify someone via a name (all we have in the system) no need for the expense. 17:49 Shane-S druthb: The server is also behind a Firewall and Reverse Proxy 17:49 wahanui okay, Shane-S. 17:50 druthb Fair 'nuf. If there's absolutely no way for anyone to access it —at all— that shouldn't be, then you're probably okay without a certificate. But if I found a domain name, could I get to an OPAC or staff interface from where I am? 17:52 druthb (If the answer is yes, then more attention to security is needed.) 17:52 Shane-S druthb: yep, and your login would not be encrypted 17:52 Shane-S so I could get it with wireshark or other tools 17:52 druthb *shudder*. Then someone else could sniff my login, and get at my library records. Not cool. 17:54 rambutan StartSSL offers free certificates for non-commercial use. I understand EFF uses them. http://startssl.com 17:54 druthb I'll amend my prior statement, based on what I've learned about security on my current job. If your Koha system is running, and the server has a wire plugged into the network interface, and COUNT(SELECT * FROM borrowers) > 0, then you need SSL, at least. 17:55 druthb (I'm not even the most-paranoid person associated with our security team. Not even close.) 17:56 Shane-S druthb: I am not arguing the point, we just never has any "outside" log ins right now. I had planned on it, but it was too much for my 60yr old librarian used to 1 station to process/handle 17:58 Shane-S So I never persued securing it beyond only allowing 80/8080 and 23 access 17:58 druthb Just because the librarian doesn't log in from outside, doesn't mean that the bad guys aren't. If they can, and they want to, they will. And 23? *shudder* 17:59 Shane-S sorry 22 17:59 druthb good. 18:01 Shane-S I also have to purchase a static IP for SSL do I not? 18:01 druthb Usually, yes. 18:01 Shane-S yeah, no static IP here, I just refresh the DNS record with the new IP as it is issued 18:02 druthb ugh 18:15 * cait waves 18:15 druthb hi, cait! 18:16 cait hi druthb :) 18:18 mtompset We use StartSSL certificates. :) 18:19 mtompset And I've made our Koha run on HTTPS via apache tweaks. 18:21 mtompset We used to have a proxy server which would map our HTTPS requests to HTTP requests when it sent it to the Koha VM, but since we are in the midst of switching providers, I've thrown out the proxy server part, and just done straight HTTPS. 18:21 druthb One less (insecure) moving part is a Good Thing. 18:22 jenkins_koha Starting build #1525 for job Koha_master (previous build: SUCCESS) 18:22 rangi yeah, our default stance is https everything 18:23 rangi ashimema++ 18:23 rangi mtompset++ 18:23 rangi gmcharlt++ 18:24 rangi 1 hour 20mins, from patch to pushed 18:24 cait all hours are https too, both staff and opac 18:24 cait all of our koha installations... 18:24 rangi yep, all our new ones are, and we are retrofitting our old ones 18:25 rangi no real reason not to these days 18:25 rangi for everything 18:25 mtompset So why don't we get Koha to install that way by default? 18:25 rangi pretty much cant 18:25 gmcharlt there's the little problem that proper certs cost money 18:26 rangi and that they can be anywhere 18:26 mtompset oh right. :( 18:26 rangi however we should strongly recommend 18:26 rangi that people do it 18:26 ebegin Hi everyone, Is koha-community.org down ? 18:26 huginn New commit(s) kohagit: Bug 11307: (follow-up) apply fix to bootstrap theme (master and 3.14.x only) <http://git.koha-community.org/gitweb/?p=koha.git;a=commitdiff;h=803789f13b09fc3429f41f6a647e8fdaa2d20772> / Bug 11307: Fix potential XSS attack in public catalog RSS feed <http://git.koha-community.org/gitweb/?p=koha.git;a=commitdiff;h=6f0d4153dfb8f85ab2b41c1e2780d4171c00e4ee> 18:27 rambutan no 18:27 rangi ebegin: not for me 18:27 ebegin rangi, hmmm, mtompset, can you access koha-community.org ? 18:27 mtompset http://www.downforeveryoneorjustme.com/koha-community.org 18:28 mtompset koha-community.org? 18:28 wahanui hmmm... koha-community.org is actually updated and right 18:29 rambutan wahanui: did you actually check, or are you just saying that? 18:29 wahanui i haven't a clue, rambutan 18:29 rambutan time for lunch 18:32 ebegin thanks guys. I'll check why 18:33 jenkins_koha Starting build #237 for job master_maria (previous build: SUCCESS) 18:37 cait rangi++ mtompset++ ashimema++ gmcharlt++ 18:37 mtompset I'm looking at the followup bug 11308 18:37 cait and apache-- again 18:37 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11308 normal, P5 - low, ---, oleonard, Needs Signoff , RSS feed is slightly broken in bootstrap theme 18:42 mtompset It is now signed off, if anyone wants to QA it. ;) 18:42 cait maybe later, i need to rest my head for a bit 18:47 Shane-S where does koha-dump dump the files? 18:48 rangi /var/spool/koha/instancename/ 18:48 Shane-S ty 18:48 rangi there will be a .sql.gz which is the db 18:48 rangi and a tar 18:48 rangi which is the code and config 18:49 Shane-S alright, about time I got a backup :) 18:49 rangi (or just the config actually, the code is all in the .db :-)) 18:53 rangi deb even 18:56 druthb shhh…gotta quit talking about nengard..she's here. 18:56 nengard hmmmm 18:56 nengard :p 19:27 jenkins_koha Project master_maria build #237: SUCCESS in 53 min: http://jenkins.koha-community.org/job/master_maria/237/ 19:27 jenkins_koha * Chris Cormack: Bug 11307: Fix potential XSS attack in public catalog RSS feed 19:27 jenkins_koha * Chris Cormack: Bug 11307: (follow-up) apply fix to bootstrap theme (master and 3.14.x only) 19:27 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11307 critical, P5 - low, ---, oleonard, Pushed to Master , Potential XSS attack vector in opac rss feed 19:46 mtompset blip? Okay. 19:50 mtompset blip again? I blame Bell Canada. :P 19:53 mtompset Well, this is crazy. Off to hunt the problem down. 20:13 wizzyrea and actually, koha-community.org has been pretty quiet for days now. 20:21 jenkins_koha Project Koha_master build #1525: SUCCESS in 2 hr 1 min: http://jenkins.koha-community.org/job/Koha_master/1525/ 20:21 jenkins_koha * Chris Cormack: Bug 11307: Fix potential XSS attack in public catalog RSS feed 20:21 jenkins_koha * Chris Cormack: Bug 11307: (follow-up) apply fix to bootstrap theme (master and 3.14.x only) 20:21 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11307 critical, P5 - low, ---, oleonard, Pushed to Master , Potential XSS attack vector in opac rss feed 20:37 rangi oops 20:37 rangi i dont think that mail was supposed to go to the list 20:45 rambutan ^eyebrows^ 20:46 nengard nope ... i think not 20:48 gmcharlt this is why I contract with the New York Times for my missives to be published on the front page every day 20:48 gmcharlt ;) 20:48 rangi heh 20:51 gmcharlt just in one-point type up in the corner, which is why you've never noticed it 20:52 rangi apparently there was a full page add in the NYT about the nz rugby team 20:52 rangi ad even 20:52 wizzyrea \o/ 20:59 mtompset Greetings, #koha. 20:59 mtompset date formatting and handling is a pain to trace. 21:04 nengard is there a way to do a marc export from the command line? for some reason the GUI tool isn't getting me everything 21:06 jcamins tools/export.pl --format=marc --record-type=bibs --filename=/my/export/file 21:06 * magnuse pokes his head in - in german 21:07 nengard thanks jcamins 21:07 rangi heh 21:08 magnuse rangi: here's a tiny poc of converting marc to rdf with catmandu: https://gist.github.com/MagnusEnger/7658143 21:08 rangi awesome you could totally fork my repo and change it to do that :) 21:09 * cait waves at magnuse 21:09 rangi https://gitorious.org/koha-marc2rdf 21:09 cait magnuse: how is it going? 21:09 rangi :) 21:09 magnuse rangi: i'll see how exciting the talks tomorrow are :-) 21:10 magnuse cait: all good :-) 21:10 rangi :) 21:10 rangi http://dashboard.koha-community.org/taskboard# 21:10 rangi ive almost got the claiming thing working (click on a bug) 21:11 magnuse looks like Catmandu::Importer::MARC can only read from a file, though. or i'm missing something 21:11 rangi ill finish that tonight i hope (thats all bugs needing signoff) 21:11 rangi magnuse: a file is just a special pipe :) 21:12 rangi Create a new MARC importer for $filename. Use STDIN when no filename is given 21:12 magnuse ah, ok 21:12 rangi i reckon we can get round that 21:13 rangi maybe we could even send a patch to allow file=> or blob=> 21:13 rangi then fall back to STDIN 21:13 rangi just to make it a bit nicer 21:13 magnuse yeah, please feel free to do that ;-) 21:14 rangi :) 21:15 magnuse sounds like that is a bit above my level of incompetence 21:16 rangi ill file an issue and offer to do a patch if its a feature they want to add 21:17 rangi sometime 21:17 rangi :) 21:17 magnuse yay! 21:19 magnuse weird, it looks like issues and comments are turned off on https://github.com/LibreCat/Catmandu-MARC 21:20 magnuse metacpan seems to point to https://rt.cpan.org/Public/Dist/Display.html?Name=Catmandu-MARC 21:59 mtompset Well, I think that's the signal to go. 21:59 jcamins Huh. Apparently nginx's license changed, and they pulled an Oracle? 21:59 cait ugh? 21:59 cait and hi jcamins 22:00 magnuse oh noes? 22:00 mtompset Have a great day, #koha. I tested and signed off bug 11038 for you, rangi. 22:00 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11038 normal, P5 - low, ---, oleonard, ASSIGNED , Enable use of IntranetUserCSS and intranetcolorstylesheet on staff client login page 22:00 jcamins magnuse: yeah. 22:01 mtompset Oops.. bug 11308 22:01 huginn 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11308 normal, P5 - low, ---, oleonard, Signed Off , RSS feed is slightly broken in bootstrap theme 22:07 eythian hi 22:08 cait hi eythian :) 22:09 eythian hello cait 22:09 wahanui hello cait are you here? 22:17 cait good night all :) 22:17 eythian bye cait 22:20 magnuse guten nacht, #koha