← Previous day | Today | Next day → | Search | Index
All times shown according to UTC.
Time | Nick | Message |
---|---|---|
00:00 | edveal left #koha | |
00:02 | rambutan left #koha | |
00:19 | asaurat left #koha | |
01:56 | BobB joined #koha | |
01:56 | wahanui joined #koha | |
01:56 | jenkins_koha joined #koha | |
01:56 | csharp joined #koha | |
01:56 | slef joined #koha | |
01:56 | tweetbot` joined #koha | |
01:56 | gmcharlt joined #koha | |
01:56 | bag joined #koha | |
01:56 | jajm joined #koha | |
01:56 | fredy joined #koha | |
01:56 | ibeardslee joined #koha | |
01:56 | thd-away joined #koha | |
01:56 | aquaghost joined #koha | |
01:56 | logbot joined #koha | |
01:56 | BigRig joined #koha | |
01:56 | eythian joined #koha | |
01:56 | barriers joined #koha | |
01:56 | senator joined #koha | |
01:56 | cjh joined #koha | |
01:56 | halcyonCorsair joined #koha | |
01:56 | libsysguy joined #koha | |
01:56 | dpavlin joined #koha | |
01:56 | moodaepo joined #koha | |
01:56 | liw joined #koha | |
01:56 | tater joined #koha | |
01:56 | sivoais joined #koha | |
01:56 | khall_away joined #koha | |
01:56 | rangi joined #koha | |
01:56 | craig_ joined #koha | |
01:56 | jeff joined #koha | |
01:56 | Manderson joined #koha | |
01:56 | Guest1805 joined #koha | |
01:56 | chris_n joined #koha | |
01:56 | Callender joined #koha | |
01:56 | bshum joined #koha | |
01:56 | matts_away joined #koha | |
01:56 | pastebot joined #koha | |
01:56 | alohabot joined #koha | |
01:56 | huginn joined #koha | |
05:10 | rangi | evening |
05:32 | appu1984 joined #koha | |
05:33 | appu1984 | message displayed when checkout 'Local Use Recorded'. cant check out . how to clear this, please |
05:34 | rangi | what version of koha appu1984 ? |
05:34 | ok then | |
05:35 | appu1984 joined #koha | |
05:48 | jenkins_koha | Starting build #65 for job Koha_3.10.x (previous build: SUCCESS) |
05:49 | appu1984 joined #koha | |
06:04 | mtj | hey chrissa -> http://www.stuff.co.nz/enterta[…]-Tour-video-diary |
06:04 | this is seriously funny! | |
06:28 | jenkins_koha | Project Koha_3.10.x build #65: SUCCESS in 40 min: http://jenkins.koha-community.[…]b/Koha_3.10.x/65/ |
06:28 | * Colin Campbell: Bug 9454: Use placeholders when adding basket | |
06:28 | * Jared Camins-Esakov: Bug 7608: Manual history should not always be enabled | |
06:28 | * Robin Sheat: Bug 9592 - update dependencies, allow blacklisting | |
06:28 | huginn | 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=9454 major, P5 - low, ---, colin.campbell, Pushed to Stable , NewBasket does not use placeholders in sql |
06:28 | 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=7608 normal, P5 - low, ---, jcamins, Pushed to Stable , Manual history is always 'enabled' | |
06:28 | 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=9592 minor, P3, ---, robin, Pushed to Master , Package dependency updates for master | |
06:51 | qu-bit joined #koha | |
07:04 | jenkins_koha | Starting build #66 for job Koha_3.10.x (previous build: SUCCESS) |
07:09 | rangi | lol i had registered koha with openhatch 2 years ago and forgot about it |
07:15 | or mtj set it up and i updated it then we both forgot :) | |
07:16 | cait joined #koha | |
07:17 | koyauni joined #koha | |
07:33 | sophie_m joined #koha | |
07:44 | jenkins_koha | Project Koha_3.10.x build #66: SUCCESS in 40 min: http://jenkins.koha-community.[…]b/Koha_3.10.x/66/ |
07:44 | Fridolyn SOMERS: Bug 9226: Wrong branch filter after suggestion creation | |
07:44 | huginn | 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=9226 minor, P5 - low, ---, fridolyn.somers, Pushed to Stable , Wrong branch filter after suggestion creation |
07:44 | jenkins_koha | Starting build #274 for job Koha_3.8.x (previous build: SUCCESS) |
08:15 | drojf joined #koha | |
08:18 | drojf joined #koha | |
08:19 | drojf | good morning #koha |
08:19 | rangi | hi drojf |
08:19 | drojf | hey rangi |
08:20 | +1°C, birds are going crazy on my balcony :D | |
08:21 | cait | hi rangi and drojf :) |
08:21 | drojf | hi cait |
08:21 | jenkins_koha | Project Koha_3.8.x build #274: SUCCESS in 37 min: http://jenkins.koha-community.[…]b/Koha_3.8.x/274/ |
08:21 | Fridolyn SOMERS: Bug 9226: Wrong branch filter after suggestion creation | |
08:21 | huginn | 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=9226 minor, P5 - low, ---, fridolyn.somers, Pushed to Stable , Wrong branch filter after suggestion creation |
08:52 | rangi | if they dont haee bibnumbers in the marc, you cant just add the tags back and expect it to fix itself, they are gonna have to do a bunch of stuff |
08:52 | it sounds like a total mess | |
08:52 | drojf | a bunch of stuff as in "set up a new instance" |
08:53 | rangi | hmm given how long it took to do the first one |
08:53 | i cant see that happening | |
08:53 | they'd have to write a script to run through every biblioitem row | |
08:53 | and fix the marcxml and marc | |
09:07 | cait left #koha | |
09:12 | cait joined #koha | |
09:34 | amb joined #koha | |
09:34 | amb | greetings |
09:34 | i've just setup koha, and am playing around with it | |
09:35 | one of the people accessing the staff site is experiencing this error: "IP address has changed, please log in again" | |
09:37 | i guess it's because she is on a flaky network connection | |
09:37 | but can i disable the ip address check somehow? | |
09:44 | francharb joined #koha | |
09:44 | francharb | hi |
09:45 | cait | amb: sorry no, it's a security thing |
09:46 | amb | i'm looking at /usr/share/koha/lib/C4/lib/Auth.pm |
09:47 | cait | hm yeah maybe in the code you can, but not sure how or where |
09:47 | amb | there are a couple of lines with " # IP address changed" |
09:47 | i guess this is where i could change the behavior | |
09:50 | drojf | amb: i think i would rather look into the connection problem first and see if that can be fixed |
09:51 | amb | drojf: i agree, i wish i could solve the problem at the client side, but they are an NGO with poor Internet connectivity |
09:51 | I don't think there' much I can do to change that | |
09:52 | I need to be able to support flaky or rapidly-changing DHCP addresses at koha-side | |
09:52 | drojf | maybe you could make them go through a vpn and assign fixed ip addresses to them |
09:52 | don't know if that would work, just a thought | |
09:53 | amb | hmmm |
09:54 | If they go through a VPN, will that guarantee a fixed public IP address? | |
09:56 | drojf | i think you can do that in openvpn configuration, on a per client basis |
09:57 | amb | cool, I'll give that a shot |
09:57 | drojf | good luck :) |
09:58 | amb | sorry for the n00b question, but does restarting Apache2 also restart Koha? |
09:58 | I mean, I've changed /usr/share/koha/lib/C4/lib/Auth.pm... will restarting Apache2 bring these changes into effect? | |
09:59 | cait | I think it should take effect immediately |
09:59 | you can't really restart koha | |
09:59 | maybe need to clear your cache/cookie | |
09:59 | s | |
10:00 | amb | okay... zebrasrv is running as a separate demon... that has nothing to do with my changes, right? |
10:00 | *daemon | |
10:04 | drojf | it shouldn't, zebra is just for indexing the records |
10:04 | TJGom joined #koha | |
10:05 | amb | great |
10:05 | btw, i'm new to open source and licensing and GPLv3 etc... so if I'm running a modified version of /usr/share/koha/lib/C4/lib/Auth.pm... is that permitted? | |
10:06 | drojf | sure |
10:06 | amb | oh ok :) |
10:06 | * amb | breathes a sigh of relief |
10:06 | drojf | :) |
10:07 | the problem is | |
10:07 | you will have trouble with upgrades | |
10:07 | if you do local changes | |
10:08 | amb | i understand... it may break on upgrade, and then it's basically my responsibility to fix it |
10:08 | cait | you got it :) |
10:08 | drojf | in the long run, the easiest way to maintain changes is to generalize your change so others might be able to use it, make it optional (with a syspref) and submit a patch to bugzilla |
10:08 | amb | since i made the unsupported change in the first place |
10:09 | drojf | not sure if that is applicable here if it opens a security problem. i'm not sure of the implications of disableing the ip check |
10:11 | * amb | nods |
10:12 | drojf | if you consider doing a patch it would probably be best in this case to ask about it on the developer mailing list first to see what people think about it |
10:15 | amb | cool |
10:16 | drojf | are you running koha froma package installation? |
10:19 | amb | yes, from the ubuntu packages |
10:26 | qu-bit_ joined #koha | |
10:27 | drojf | what some people do to maintain local changes is create their own packages. if you have not worked with git before it will take some time to learn how to do that though |
10:44 | amb | i see |
10:44 | well, my changes to Auth.pm don't seem to have helped... the client is still having the same problem | |
10:45 | its weird... my apache logs show connections over two ip addresses from her computer: http://mibpaste.com/KC7HI9 | |
10:49 | just spoke to the network admin... he says this is deliberate | |
10:49 | drojf | amb: have you done a whois on the ips? those are two different provider's address ranges. it seems unlikely that a bad connection would switch between ISPs?! |
10:50 | amb | they have two ISPs and the public IP can unpredictably change from one to the other depending upon load |
10:50 | drojf | ah! |
10:50 | interesting | |
10:50 | wahanui | i heard interesting was sometimes good and sometimes bad |
10:50 | amb | so this is definitely a use-case that I (and perhaps Koha too) should support |
10:51 | rangi | no |
10:51 | because there is no way to tell its the same person, or if someone has stolen their cookie | |
10:51 | drojf | i still think you should look into the vpn option |
10:51 | amb | rangi: true, but there should be a way to whitelist certain "good" or trusted IP addresses |
10:52 | because i think the client's network setup is perfectly valid | |
10:52 | rangi | if it switches continuosly there is something wrong |
10:53 | if it only switches occassionally, they just have to relogin occassionally | |
10:53 | amb | rangi, it's currently being a bit too erratic, it usually isn't... the public IP is usually much "stickier" to one ISP |
10:53 | rangi | yep so theres the problem then |
10:54 | amb | true, but i think there's still a good use-case for white-listing trusted IP addresses |
10:54 | drojf | do they have reserved ip ranges at the two ISPs? if you have to list all addresses of two ISPs that seems not very practical |
10:55 | amb | so that the client never encounters a perplexing "Your IP address has changed." message on some unfortunate days when the load is erratic |
10:55 | in my case, i just need to white-list two IP addresses | |
10:55 | rangi | i still think a vpn would be better |
10:55 | amb | right now the client can't get any work done |
10:56 | rangi | well asynchronous routing is gonna cause a whole pile of problems |
10:56 | not just with koha | |
10:57 | if its erratic enough that the person cant get anything done, its gonna be throwing packets all over the floor | |
10:57 | but you are welcome to submit a patch for whitelisting ips .. as long as it comes with a huge warning - potential security hole | |
10:59 | amb | cool... i have to get a working fix first :) |
10:59 | my current attempt at changing Auth.pm didn't seem to have the least effect | |
11:00 | rangi | its unlikely to be pushed upstream is what i was hinting |
11:01 | what i would do, is put a reverse proxy out in front of your koha, do that yourself, so that all connections appear to koha as from that ip | |
11:01 | and make that proxy only accept connections from the 2 ip numbers | |
11:01 | amb | rangi: excellent suggestion, thank you! |
11:01 | i'll put an nginx in front of apache | |
11:06 | rangi | cool |
11:08 | amb | are all the koha logs at /var/log/koha/library ? |
11:08 | rangi | if you called your instance library |
11:08 | then ye | |
11:08 | s | |
11:09 | amb | ok |
11:09 | uh, how can i change the loglevel for these logs? | |
11:10 | rangi | just edit the apache config |
11:10 | you want more detail in the access log? | |
11:11 | amb | in the koha lohs |
11:11 | *logs | |
11:11 | they're all [error] right now | |
11:13 | to be more specific, where will: warn "Checking Auth"; appear? | |
11:14 | rangi | if you switched debug on |
11:14 | * rangi | goes to sleep |
11:15 | drojf | night rangi |
11:15 | bgkriegel joined #koha | |
11:15 | amb | sleep well, rangi... thanks |
11:15 | cait | night rangi |
11:15 | * drojf | goes to the books |
11:16 | * amb | goes off to setup nginx |
11:18 | drojf | cait has to watch the channel so nobody steals anything :) |
11:18 | cait | huh? |
11:29 | francharb joined #koha | |
11:49 | bgkriegel joined #koha | |
12:20 | tcohen joined #koha | |
12:34 | * cait | waves |
12:37 | amb | ?? |
12:37 | cait | don't think this is about you |
12:37 | don' worry | |
12:37 | drojf | no, it is not of course |
12:37 | amb | ok :) |
12:38 | btw, i've setup nginx in front of apache2, and it's working great... i have yet to confim that it works for the client | |
12:38 | drojf | cool |
12:38 | amb | but an excellent idea that i'm sure will solve my problem |
12:38 | cait | good job :) |
12:38 | amb | yeah, you guys rock :) |
12:39 | drojf | bgkriegel is on a signoff spree |
12:39 | bgkriegel++ | |
12:39 | amb | thx, cait |
12:39 | jcamins_away | amb: there is a gotcha here to keep in mind... is your OPAC publicly accessible? |
12:39 | cait | amb++ :) |
12:39 | bgkriegel | :) |
12:39 | amb | jcamins, yes it is |
12:39 | cait | bgkriegel++ too :) |
12:40 | amb | what's the catch, jcamins_away? |
12:41 | jcamins_away | amb: public users are not going to have their sessions localized to IP either. |
12:42 | amb | i don't quite understand |
12:43 | yes, koha/apache only sees incoming requests from 'localhost' all the time now | |
12:43 | jcamins_away | Right. |
12:43 | drojf | jcamins_away: and by »not« you mean »now«? |
12:43 | amb | so? |
12:43 | wahanui | i heard so was a long road. |
12:44 | jcamins_away | amb: if a malicious user intercepts the HTTP cookie, it's very easy to impersonate someone elese. |
12:44 | And there is a much larger number of potential interceptors since the OPAC traffic could come from anywhere and be quite high. | |
12:45 | drojf: no, the IP will _not_ be user-specific. | |
12:45 | You may simply not care. | |
12:45 | Which would be good. :) | |
12:45 | amb | oh crap, right... so one way could be to force everything over ssl... so hopefully less chance of MITM |
12:45 | drojf | jcamins_away: i think i misunderstood your sentence then but we mean the same |
12:46 | jcamins | amb: right. With SSL you still have higher risk, but at least you don't make it easier for MITM. |
12:48 | amb | i know understand why the "Error: IP address has changed." logout was introduced as a security measure in the first place :) |
12:48 | *i now understand | |
12:49 | cait | :) |
12:49 | amb | And the fix should have been for the client to not toggle their public IP every alternate request... but I can't really influence their network setup that much :( |
12:50 | jcamins | Yeah, that sounds like IT screwing something up. Load balancers generally have the option for "sticky" sessions. |
12:50 | * amb | nods |
12:51 | amb | I guess it makes sense to have the nginx as a reverse proxy in front of the staff site... and white-list the 2/3 valid IP addresses |
12:51 | drojf | pardon my ignorance but can't you have the opac side connections done to apache directly and the staff client cia nginx reverse proxy for only your two ip addresses? |
12:51 | amb | And for the rest, well... how can I pass that on to Apache directly? I can't right? |
12:52 | drojf: exactly my point :) | |
12:53 | but i need to see how i could accomplish that configuration | |
12:53 | jcamins | drojf: I don't think so. |
12:54 | Well... you could if you were running Koha under nginx. | |
12:54 | amb | hmmm |
12:55 | jcamins | Oh. Or if you had two IPs. |
12:56 | amb | Right! 2 IPs works great... Apache listening on OPAC on one IP and nginx as a reverse proxy for Staff Site on the other |
12:56 | I think that would work. | |
12:56 | jcamins | You could even have everyone except your problematic site access the staff client directly. |
13:01 | bgkriegel | amb: do your patrons need to log-in in OPAC? |
13:01 | amb | Right, I just need to open up another random port like 8888 in my EC2 firewall for the problematic site... have nginx listen on 8888 and proxy_pass onto Apache |
13:01 | Apache continues to listen on 80 as usual for OPAC and also for staff site | |
13:02 | jcamins | Yes, that makes sense. |
13:02 | amb | bgkriegel: yes |
13:03 | bgkriegel: or rather, i don't know right now, but they probably will | |
13:03 | bgkriegel | you could face the same problems |
13:04 | amb | ? |
13:04 | bgkriegel | if they access from teh same place |
13:04 | or is a problem only for the staff? | |
13:05 | amb | it's a problem only for staff right now... |
13:05 | bgkriegel | ok |
13:29 | amb joined #koha | |
13:38 | amb joined #koha | |
13:54 | amb joined #koha | |
14:57 | amb joined #koha | |
15:33 | Oak joined #koha | |
15:34 | * Oak | waves |
15:49 | * jcamins | learns how to mess with the web browser's history. |
15:52 | jcamins | It's fun. |
15:52 | cait | bgkriegel++ |
15:52 | hi Oak | |
15:52 | :) | |
16:20 | Oak | he cait :) |
16:20 | bgkriegel++ | |
17:10 | NateC joined #koha | |
17:52 | Oak joined #koha | |
18:59 | wajasu joined #koha | |
19:13 | rangi joined #koha | |
19:26 | craig_ joined #koha | |
19:31 | * wajasu | slow kohaclone for me |
20:00 | drojf joined #koha | |
20:51 | drojf | return of the button replacer :) |
20:52 | cait | heh |
20:53 | jcamins | Heh. |
22:20 | qu-bit joined #koha | |
22:37 | bgkriegel joined #koha | |
23:11 | qu-bit joined #koha |
← Previous day | Today | Next day → | Search | Index