IRC log of #schooltool for Wednesday, 2006-05-10

*** tiredbones has quit IRC00:00
*** tiredbones has joined #schooltool00:00
*** pcardune has joined #schooltool00:06
pcardunehi srichter, did you get that email from jeff?00:08
srichterpcardune: yes00:09
pcardunedid you have any comments about a possible timeline?00:09
srichternot yet00:10
srichterI am very busy, but I think most of it can be done during the summer00:10
srichterthe big thing is really all the javascript for the console stuff00:11
pcarduneok, well, the applications are due today so i thought I would ask00:11
srichteractually, the timeline is already past00:11
srichterit was 11 am pacific time today00:11
srichteras far as I remember, yes00:11
pcardunewell then nevermind i guess00:12
srichterit was due last night and they changed to 11 am today00:12
srichteryep, I just checked; I cannot add applications anymore00:12
srichterdid you not write an application earlier?00:13
pcardunei did, but i hadn't submitted it yet00:13
srichterthat sucks00:13
*** pcardune has quit IRC00:37
*** didymo has joined #schooltool00:43
*** lees93 has joined #schooltool05:44
*** didymo has quit IRC05:46
*** lees93 has left #schooltool05:46
*** jinty has joined #schooltool06:46
povbot/svn/commits: * jinty committed revision 6029:07:35
povbot/svn/commits: schooltool.generations depends on schooltool.demographics. This also un-breaks the nightly tarball build.07:35
th1aAh, jinty is awake for some reason.07:35
jintyth1a: yeah, I'm getting up at 5am these days;)07:35
th1aI was just trying to register the ST svn trunk in the 2006 series on LaunchPad & I don't seem to have permission.07:36
th1aOh, and it looks like our translations are in there.07:37
jintyth1a: cool, you uploaded the schoolbell translations to schooltool?07:42
th1a Jordi did.07:43
th1aAnd it looks like he moved the old translations over.07:43
th1aCan't cut and paste from my linux box to my mac.07:43
jintygreat, I was feeling a bit sorry for those translators...07:44
th1aI have received a battery for my new ThinkPad, but the rest of the computer will take a few more weeks.07:45
jintyand the makefile rules? anyone tried them out yet?07:45
th1aThen I'll be off the Mac.07:45
th1aI don't think so...07:45
jintyreally? I thought Mac's were meant to be even more ultra cool than thinkpads...07:46
th1aThe thing is my boss started a Linux distribution.07:46
th1aPlus I just want to be able to do more believable Linux advocacy at ed-tech conventions and such.07:47
th1aAnd I've had my share of problems with Mac hardware anyhow.07:47
jintyyou've got ubuntu mac?07:47
jintyyou've got ubuntu on the mac?07:48
th1aI couldn't really dual boot.07:48
th1aI can't stand rebooting a computer anymore.07:48
th1aI've got a big old PC running Linux.07:48
* jinty is sitting with an acer, and has already lost a few peripherals, may they RIP07:48
th1aI just bought a giant white box a few years ago and just replace components as the die.07:49
th1aI'm very happy with that approach.07:49
jintyworks for me as well, that 500Mhz cpu is still just fine07:50
jintythe most it needs to do is play movies07:50
jintyBut I will _*never*_ buy another acer laptop no matter how cheap they are.07:51
th1aOh, acer laptop.07:52
th1aYes, laptops come and go as units, unfortunately.07:52
th1aAnyhow, jinty, would you like to try registering the 2006 trunk, or should I just nag SteveA tomorrow?07:58
jintyah, I didn't realise you were asking me that...08:12
jintyhaving a look08:12
jintyhmm, th1a, as far as I can see we can't right now. At least not until we have a 2006 branch and ST 2006 packages in ubuntu.08:17
jintythough I did get the svn to point at the trunk. We should change it later08:18
th1aWell, the idea is that it'll be available via bzr soon?08:23
th1aOnce the Bazaar sucks it up?08:23
th1aThanks for doing that, jinty.08:26
jintyno worries09:56
*** jinty has quit IRC10:47
*** thisfred has joined #schooltool11:33
*** faassen has joined #schooltool11:33
*** Aiste has quit IRC11:37
*** jinty has joined #schooltool12:12
*** Aiste has joined #schooltool12:31
*** mgedmin has joined #schooltool12:53
*** alga has joined #SchoolTool13:16
povbot/svn/commits: * faassen committed revision 6030:13:56
povbot/svn/commits: Make CSV import of persons also use the demographics package.13:56
*** jinty has quit IRC14:38
*** ignas has joined #schooltool14:57
faassenwhat's the policy of using generations?15:01
faassenwhenever I do a checkin that changes the data format, do I need to add an evolution script?15:01
faassenbecause I fear that might end up being a lot of evolution scripts.15:02
mgedminthe official policy is that we support evolution between releases only15:03
faassenhm, ok.15:03
mgedminif you track the trunk, you're on your own15:03
faassenah, okay.15:03
faassenthat's good to know.15:03
mgedminon the other hand it is nice to not break people's sandboxes too often15:03
mgedminand small evolution scripts may be easier to unit-test than large ones15:03
faassenright, I'm currently not actually evolving anything *to* anything.15:03
faassenjust adding an attribute.15:04
faassenwhich means I'm evolving nothing into something.15:04
faassenanyway, I'll keep that in mind.15:04
faassenI may provide an evolution script.15:04
mgedminon the gripping hand if the final data structures are not stabilised and are likely to change, it may be better to not write evolution scripts for all the intermediate temporary formats15:04
faassenI did so for my last change, but that was rather a major pain. still, it had to be done.15:04
faassenthe data structures aren't exactly stable yet.15:04
faassenso I won't do evolution for the time being.15:04
mgedminoften it is easiest to avoid evolution script altogether by making new attributes class attributes etc15:04
faassenwell, this is one example of annotations. :)15:05
faassenthey just exist whenever you get them.15:05
* mgedmin has to go now15:05
faassenstill, I think that in part papers over the real issue: data models *are* changing.15:05
*** mgedmin has quit IRC15:05
faassenignas: do you have time to talk about security ideas? I just wanted to brainstorm a bit about permissions and data types.15:05
faassenignas: okay, let's talk then. :)15:06
ignaslet me just open up the new Acces control chart ;)15:06
faassenokay. :)15:06
faassenwhere is that?15:06
ignasin schooltool mailing list15:06
faassenoh here, a new one this morning.15:06
faassenanyway, what I was thinking about vaguely..15:07
faassenlet me try to come up with your strategy..15:07
faassenI mean, try to describe it.15:07
faassensee whether I'm right.15:07
faassenconcerning permissinos.15:08
faassenyou want to know which data types are in the system.15:08
faassenlike, Person15:08
faassenor Group15:08
faassenor Course15:08
faassenand then you define permissions for each: add Person, edit Person, view Person15:08
faassenadd Group, edit Group, etc15:08
ignaskind of15:08
ignasnot sure yet as i haven't started yet15:08
faassenyes, I know, I wanted to talk to you before you started.15:08
faassenanyway, you'll end up with an explosion of permissions.15:08
faassena number for each data type.15:09
faassenI'll skip the whole role story as that's irrelevant to what I want to discuss I think.15:09
ignasprobably, i think i'll need at least as much permissions as there are green/yellow cells in the table15:10
faassenanyway, I'll call this model the Document Library Model15:10
ignasmaybe less maybe a bit more15:10
faassenas we did approximately that for the doclib.15:10
faassenthere's also the Silva model for permissions.15:10
faassenwhere basically we have few permissions to care about.15:10
faassenbasically as many as we have roles, almost.15:10
faassenViewSilvaContent, ReadSilvaContent, ChangeSilvaContent, ApproveSilvaContent, ChangeSilvaAccess15:11
faassenthese map fairly straightforwardly to roles in Silva.15:11
faassenviewer, reader, author, editor, chief editor15:11
faassenwhere each increased role gets more of the permissions.15:11
faassenI just wanted to throw that in, even though right now I don't think it's applicable to Schooltool.15:12
faassenas you need a more fine-grained story.15:12
faassenbut I just wanted to posit the alternative model there.15:12
ignasi see15:12
faassenthe benefit is far less permissions to think about.15:12
faassenanyway, now I think there's a third model.15:12
faassenbut I'm not sure about it.15:12
faassenwhich is the Security Policy model.15:12
faassenthe idea is we stick to the basic schooltool.view and schooltool.edit permissions.15:12
faassen(what to do for add permissions I'm not sure :)15:12
faassenso we don't have an explosion of permissions.15:13
faasseninstead, a security policy basically receives an object and a permission.15:13
faassenand it says 'yes, this user has that permission on the object'15:13
faassenor 'no, the user doesn't have that permission on the object'15:13
faassenand we put the intelligence of figuring out whether someone may edit a person in a rule system.15:13
faassenI think that in some ways life will be easier.15:14
faassenas we *have* a centralized expression of permission rules.15:14
faassenwhich is the chart. :)15:14
faassenand we don't have to hunt through the entire codebase and change permissions around.15:14
faassenwhile I expect getting a sound policy up and running early on will be harder.15:15
faassenI think it might be easier on the medium term.15:15
faassenbecause of that.15:15
faassenokay, now I shall await you response. :)15:15
ignasthe downsides i can see are - extending the system - let's say adding something the size of timetables would require to add some rules for the new module15:15
faassenyou could make a model where extensions can subscribe into the rule base.15:16
ignaswhich will require to have a plugable security policy that  should be easily extendable through subscribers and stuff15:16
faassenthat's a downside.15:16
faassenyou could of course have a default policy for unknown objects.15:16
faassenanyway, benefits is: don't have to hunt everywhere and change permissions around.15:17
faassenso simpler to reason about for developer.15:17
faassencentralized rules in chart -> centralized rules in code.15:17
faassenor at least more centralized as when we scatter things like roles and permissions everywhere.15:18
ignaswell - chart is data so i would like to keep it in the data (zcml) land leaving the irregular/customizable parts to code15:19
faassenzcml isn't data land.15:19
faassenzcml is hooking things up land.15:19
faassenbut you're going to have to root through the entire codebase to add custom permissions everywhere.15:19
faassenand eveyrone is going to have to learn about this.15:19
faassenand that's yet one more thing that is going to make schooltool programming harder.15:19
faassenand you'll have to debug it in all places.15:20
ignasi'd say that cutom security policy you must plug in every time you add a content object is more difficult15:20
ignaswhile - just assigning it fooDataType (DataType probably being one of already described ones) is easier15:21
ignasthough i might be wrong15:21
ignasand no you won't have to debug it15:21
faassenwon't you have to basically review all permissions in the whole system?15:22
faassenand change them?15:22
faassenand pick one out of 20 new permissions and put in the right one?15:22
ignasi would need to do that both ways, even with edit/add model, though edit/add model would make the task more straightforward15:22
faassenand then test whether this actually is the proper behavior in the UI?15:22
faassenI mean, you'll have to test it obviously in any case.15:23
faassenanyway, I've also got the impression from Jim that people often try to model their app's security policy into Zope's.15:23
faassenand that they should consider more often new security policies where this isn't needed.15:23
faassenperhaps I shall talk to him and see what ideas he has for designing security in Zope 3.15:24
ignasat the moment i am thinking that it is easier to have a few "dumb" parts that plug into zope security policy rather than a smart know all do all security policy15:25
faassenignas: well, that's what I did with the document library, but I'm not sure it's a good idea. :)15:25
ignasas it might get complicated when considering permissions for Viewlets and simmilar components15:26
faassenwe modeled the application containership story so it would match the security requirements.15:26
faassenwell, it isn't complicated to select 'view' and 'edit' out of the list of 2 permissions. :015:26
faassenthe security system will check on the object the viewlet is working for.15:27
faassenso it'll say 'uh uh, no'15:27
faassenwhenever needed.15:27
faassenanyway, take a look at this file:15:27
ignasanyway - my plan (as suggested by mg) was to make a 2 hour (the time we spent on our last access control spike) spike15:29
ignastrying to implement a custom security policy15:29
ignasand see how it might work15:29
faassenright. I'd be unambitious and make everything public, and then try to restrict specific bits.15:29
ignashow often it is being called and stuff15:29
faassenit'll be called a lot.15:30
ignasIPrincipalRoleMap adapter is getting called like 10-20 times per view15:30
faassenanyway, I didn't know that custom policy spike was already planned.15:30
faassenso perhaps I'm just arguing for something that was already planned. :)15:31
faassenanyawy, look at that file for the doclib, that sort of demonstrates what it tends to look like. :)15:31
faassenthe non-security policy approach.15:31
faassendoclib is pure default security policy.15:31
faassenhm, I wonder why viewvc access is so slow right now.15:33
ignasfaassen: couldn't you like split that file into associated modules ? like having Document permissions and Document grants in the Document zcml file and only having Roles described in the main zcml file ?15:34
ignasas from my point of view - you either put the code that maps Principal -> canDo/can't Do in some subscriber in your code15:35
ignasor you add new permissions and add grants for appropriate roles in the zcml in the zcml of your module15:35
ignasone is as complex as the other i am afraid15:36
faassenignas: well, you don't have a permission explosion in the one case. :)15:36
ignasyou don't have all permissions in one file15:36
ignasand the ammount of logic/thinking required is the same15:37
faassenignas: anyway, about splitting up taht file, yeah, we can. we didn't yet as we were more concerned with getting it all to work properly.15:37
faassenignas: anyway, those are good points.15:37
faassenignas: the main nice thing about custom security policies is that you can for instance determine things on another basis than containment.15:38
faassenignas: but of course custom adapters can also help there.15:38
faassenignas: anyway, since you're going to try this anyway, I'll just stop this discussion. I think I made all the points I wanted to make and heard some useful counter arguments. :)15:38
ignasthank you15:38
ignasth1a: ping me ;)15:39
povbot/svn/commits: * faassen committed revision 6031:16:00
povbot/svn/commits: whitespace16:00
povbot/svn/commits: * faassen committed revision 6032:16:01
povbot/svn/commits: add 'demographics' screen.16:01
povbot/svn/commits: Note that the drop down boxes content is temporary.16:01
povbot/svn/commits: Note that this will break your content as a new demographics attribute is added.16:01
povbot/svn/commits: * faassen committed revision 6033:16:11
povbot/svn/commits: Remove security declaration moved to demographics package.16:11
*** jinty has joined #schooltool16:20
*** jinty has quit IRC17:00
*** alga has quit IRC17:41
*** alga has joined #SchoolTool17:48
povbot/svn/commits: * faassen committed revision 6034:18:00
povbot/svn/commits: Use multisubscribers instead of checks in the subscriber code itself where possible.18:00
povbot/svn/commits: This means that some conditional logic in the events could go away. Some tests have also been simplified, as they were verifying the conditional logic which would never occur in normal code-paths (where the subscribers get called).18:00
*** alga has quit IRC18:01
th1aignas: pong.18:01
ignasyou have collapsed administrator groups into one column because ?18:03
ignasi am not sure i understood the motive for that :/18:04
th1aI did it because they were all getting the same permissions and it would seem to simplify the process.18:05
th1aAnd arguably is more predictable for users.18:05
ignasi see18:05
th1aI can go through and say, well, a school administrator doesn't need to do *that*,18:06
th1abut inevitably a school administrator will expect to be able to do *that*, or a site manager will wonder why the administrator can't do *that*.18:07
ignasi was just asking18:07
ignasi just wanded you to know that we can support different roles for different groups with the upcomming access model18:07
ignasi mean - i wanted to be sure that you know that18:07
th1aWe'll probably want to in the long run.  Im trying to SIMPLIFY this process right now as much as possible.18:08
th1aMy new ThinkPad just arrived.18:09
ignaswelcome to ThinkPad family ;)18:10
th1aDo you guys keep the "Rescue and Recovery" partition around?18:10
ignaserr - my laptop was used - so it didn't have one already, marius managed to erasi his18:11
ignasby accident ;)18:11
ignasi can't remember whether alga still has his rescue partition18:11
th1aBut it is desirable?18:12
ignascan't tell i have missed mine that much, but if you are going to reinstall windows some time18:13
ignasand don't have an install CD18:13
ignasyou should probably keep it in case you manage to completely bork your laptop18:14
ignasIIRC install/rescue and recovery CD's cost money, but you can get them at any IBM support office18:15
th1aWhat sucks is they don't send you XP install disks anymore.18:15
th1aI'd like to just set up Windows on VMware, but I don't think I can.18:16
ignasi have a valid serial key, and can't get Windows XP OEM CD anywhere18:18
* ignas is too lazy to got to IBM and ask for one18:18
th1aAm I supposed to be able to tap the little red joystick for a click?18:33
ignasor maybe18:34
ignasnot on linux iir18:34
*** faassen has quit IRC19:41
*** jinty has joined #schooltool19:55
*** ignas has quit IRC20:03
*** mgedmin has joined #schooltool20:09
*** thisfred has left #schooltool20:53
*** Hwyvar has joined #schooltool21:28
*** knoppix has joined #schooltool21:56
knoppixdoes someone use Linux here? plz i need a bit pf help21:59
*** knoppix has left #schooltool22:01
*** mgedmin has quit IRC23:04
*** Aiste has quit IRC23:07
*** Aiste has joined #schooltool23:31

Generated by 2.15.1 by Marius Gedminas - find it at!