IRC log for #koha, 2013-02-16

← Previous day | Today | Next day → | Search | Index

All times shown according to UTC.

Time Nick Message
00:00 edveal left #koha
00:02 rambutan left #koha
00:19 asaurat left #koha
01:56 BobB joined #koha
01:56 wahanui joined #koha
01:56 jenkins_koha joined #koha
01:56 csharp joined #koha
01:56 slef joined #koha
01:56 tweetbot` joined #koha
01:56 gmcharlt joined #koha
01:56 bag joined #koha
01:56 jajm joined #koha
01:56 fredy joined #koha
01:56 ibeardslee joined #koha
01:56 thd-away joined #koha
01:56 aquaghost joined #koha
01:56 logbot joined #koha
01:56 BigRig joined #koha
01:56 eythian joined #koha
01:56 barriers joined #koha
01:56 senator joined #koha
01:56 cjh joined #koha
01:56 halcyonCorsair joined #koha
01:56 libsysguy joined #koha
01:56 dpavlin joined #koha
01:56 moodaepo joined #koha
01:56 liw joined #koha
01:56 tater joined #koha
01:56 sivoais joined #koha
01:56 khall_away joined #koha
01:56 rangi joined #koha
01:56 craig_ joined #koha
01:56 jeff joined #koha
01:56 Manderson joined #koha
01:56 Guest1805 joined #koha
01:56 chris_n joined #koha
01:56 Callender joined #koha
01:56 bshum joined #koha
01:56 matts_away joined #koha
01:56 pastebot joined #koha
01:56 alohabot joined #koha
01:56 huginn joined #koha
05:10 rangi evening
05:32 appu1984 joined #koha
05:33 appu1984 message displayed when checkout 'Local Use Recorded'. cant check out . how to clear this, please
05:34 rangi what version of koha appu1984 ?
05:34 ok then
05:35 appu1984 joined #koha
05:48 jenkins_koha Starting build #65 for job Koha_3.10.x (previous build: SUCCESS)
05:49 appu1984 joined #koha
06:04 mtj hey chrissa -> http://www.stuff.co.nz/enterta[…]-Tour-video-diary
06:04 this is seriously funny!
06:28 jenkins_koha Project Koha_3.10.x build #65: SUCCESS in 40 min: http://jenkins.koha-community.[…]b/Koha_3.10.x/65/
06:28 * Colin Campbell: Bug 9454: Use placeholders when adding basket
06:28 * Jared Camins-Esakov: Bug 7608: Manual history should not always be enabled
06:28 * Robin Sheat: Bug 9592 - update dependencies, allow blacklisting
06:28 huginn 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=9454 major, P5 - low, ---, colin.campbell, Pushed to Stable , NewBasket does not use placeholders in sql
06:28 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=7608 normal, P5 - low, ---, jcamins, Pushed to Stable , Manual history is always 'enabled'
06:28 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=9592 minor, P3, ---, robin, Pushed to Master , Package dependency updates for master
06:51 qu-bit joined #koha
07:04 jenkins_koha Starting build #66 for job Koha_3.10.x (previous build: SUCCESS)
07:09 rangi lol i had registered koha with openhatch 2 years ago and forgot about it
07:15 or mtj set it up and i updated it then we both forgot :)
07:16 cait joined #koha
07:17 koyauni joined #koha
07:33 sophie_m joined #koha
07:44 jenkins_koha Project Koha_3.10.x build #66: SUCCESS in 40 min: http://jenkins.koha-community.[…]b/Koha_3.10.x/66/
07:44 Fridolyn SOMERS: Bug 9226: Wrong branch filter after suggestion creation
07:44 huginn 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=9226 minor, P5 - low, ---, fridolyn.somers, Pushed to Stable , Wrong branch filter after suggestion creation
07:44 jenkins_koha Starting build #274 for job Koha_3.8.x (previous build: SUCCESS)
08:15 drojf joined #koha
08:18 drojf joined #koha
08:19 drojf good morning #koha
08:19 rangi hi drojf
08:19 drojf hey rangi
08:20 +1°C, birds are going crazy on my balcony :D
08:21 cait hi rangi and drojf :)
08:21 drojf hi cait
08:21 jenkins_koha Project Koha_3.8.x build #274: SUCCESS in 37 min: http://jenkins.koha-community.[…]b/Koha_3.8.x/274/
08:21 Fridolyn SOMERS: Bug 9226: Wrong branch filter after suggestion creation
08:21 huginn 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=9226 minor, P5 - low, ---, fridolyn.somers, Pushed to Stable , Wrong branch filter after suggestion creation
08:52 rangi if they dont haee bibnumbers in the marc, you cant just add the tags back and expect it to fix itself, they are gonna have to do a bunch of stuff
08:52 it sounds like a total mess
08:52 drojf a bunch of stuff as in "set up a new instance"
08:53 rangi hmm given how long it took to do the first one
08:53 i cant see that happening
08:53 they'd have to write a script to run through every biblioitem row
08:53 and fix the marcxml and marc
09:07 cait left #koha
09:12 cait joined #koha
09:34 amb joined #koha
09:34 amb greetings
09:34 i've just setup koha, and am playing around with it
09:35 one of the people accessing the staff site is experiencing this error: "IP address has changed, please log in again"
09:37 i guess it's because she is on a flaky network connection
09:37 but can i disable the ip address check somehow?
09:44 francharb joined #koha
09:44 francharb hi
09:45 cait amb: sorry no, it's a security thing
09:46 amb i'm looking at /usr/share/koha/lib/C4/lib/Auth.pm
09:47 cait hm yeah maybe in the code you can, but not sure how or where
09:47 amb there are a couple of lines with " # IP address changed"
09:47 i guess this is where i could change the behavior
09:50 drojf amb: i think i would rather look into the connection problem first and see if that can be fixed
09:51 amb drojf: i agree, i wish i could solve the problem at the client side, but they are an NGO with poor Internet connectivity
09:51 I don't think there' much I can do to change that
09:52 I need to be able to support flaky or rapidly-changing DHCP addresses at koha-side
09:52 drojf maybe you could make them go through a vpn and assign fixed ip addresses to them
09:52 don't know if that would work, just a thought
09:53 amb hmmm
09:54 If they go through a VPN, will that guarantee a fixed public IP address?
09:56 drojf i think you can do that in openvpn configuration, on a per client basis
09:57 amb cool, I'll give that a shot
09:57 drojf good luck :)
09:58 amb sorry for the n00b question, but does restarting Apache2 also restart Koha?
09:58 I mean, I've changed /usr/share/koha/lib/C4/lib/Auth.pm... will restarting Apache2 bring these changes into effect?
09:59 cait I think it should take effect immediately
09:59 you can't really restart koha
09:59 maybe need to clear your cache/cookie
09:59 s
10:00 amb okay... zebrasrv is running as a separate demon... that has nothing to do with my changes, right?
10:00 *daemon
10:04 drojf it shouldn't, zebra is just for indexing the records
10:04 TJGom joined #koha
10:05 amb great
10:05 btw, i'm new to open source and licensing and GPLv3 etc... so if I'm running a modified version of /usr/share/koha/lib/C4/lib/Auth.pm... is that permitted?
10:06 drojf sure
10:06 amb oh ok :)
10:06 * amb breathes a sigh of relief
10:06 drojf :)
10:07 the problem is
10:07 you will have trouble with upgrades
10:07 if you do local changes
10:08 amb i understand... it may break on upgrade, and then it's basically my responsibility to fix it
10:08 cait you got it :)
10:08 drojf in the long run, the easiest way to maintain changes is to generalize your change so others might be able to use it, make it optional (with a syspref) and submit a patch to bugzilla
10:08 amb since i made the unsupported change in the first place
10:09 drojf not sure if that is applicable here if it opens a security problem. i'm not sure of the implications of disableing the ip check
10:11 * amb nods
10:12 drojf if you consider doing a patch it would probably be best in this case to ask about it on the developer mailing list first to see what people think about it
10:15 amb cool
10:16 drojf are you running koha froma package installation?
10:19 amb yes, from the ubuntu packages
10:26 qu-bit_ joined #koha
10:27 drojf what some people do to maintain local changes is create their own packages. if you have not worked with git before it will take some time to learn how to do that though
10:44 amb i see
10:44 well, my changes to Auth.pm don't seem to have helped... the client is still having the same problem
10:45 its weird... my apache logs show connections over two ip addresses from her computer: http://mibpaste.com/KC7HI9
10:49 just spoke to the network admin... he says this is deliberate
10:49 drojf amb: have you done a whois on the ips? those are two different provider's address ranges. it seems unlikely that a bad connection would switch between ISPs?!
10:50 amb they have two ISPs and the public IP can unpredictably change from one to the other depending upon load
10:50 drojf ah!
10:50 interesting
10:50 wahanui i heard interesting was sometimes good and sometimes bad
10:50 amb so this is definitely a use-case that I (and perhaps Koha too) should support
10:51 rangi no
10:51 because there is no way to tell its the same person, or if someone has stolen their cookie
10:51 drojf i still think you should look into the vpn option
10:51 amb rangi: true, but there should be a way to whitelist certain "good" or trusted IP addresses
10:52 because i think the client's network setup is perfectly valid
10:52 rangi if it switches continuosly there is something wrong
10:53 if it only switches occassionally, they just have to relogin occassionally
10:53 amb rangi, it's currently being a bit too erratic, it usually isn't... the public IP is usually much "stickier" to one ISP
10:53 rangi yep so theres the problem then
10:54 amb true, but i think there's still a good use-case for white-listing trusted IP addresses
10:54 drojf do they have reserved ip ranges at the two ISPs? if you have to list all addresses of two ISPs that seems not very practical
10:55 amb so that the client never encounters a perplexing "Your IP address has changed." message on some unfortunate days when the load is erratic
10:55 in my case, i just need to white-list two IP addresses
10:55 rangi i still think a vpn would be better
10:55 amb right now the client can't get any work done
10:56 rangi well asynchronous routing is gonna cause a whole pile of problems
10:56 not just with koha
10:57 if its erratic enough that the person cant get anything done, its gonna be throwing packets all over the floor
10:57 but you are welcome to submit a patch for whitelisting ips .. as long as it comes with a huge warning - potential security hole
10:59 amb cool... i have to get a working fix first :)
10:59 my current attempt at changing Auth.pm didn't seem to have the least effect
11:00 rangi its unlikely to be pushed upstream is what i was hinting
11:01 what i would do, is put a reverse proxy out in front of your koha, do that yourself, so that all connections appear to koha as from that ip
11:01 and make that proxy only accept connections from the 2 ip numbers
11:01 amb rangi: excellent suggestion, thank you!
11:01 i'll put an nginx in front of apache
11:06 rangi cool
11:08 amb are all the koha logs at /var/log/koha/library ?
11:08 rangi if you called your instance library
11:08 then ye
11:08 s
11:09 amb ok
11:09 uh, how can i change the loglevel for these logs?
11:10 rangi just edit the apache config
11:10 you want more detail in the access log?
11:11 amb in the koha lohs
11:11 *logs
11:11 they're all [error] right now
11:13 to be more specific, where will:  warn "Checking Auth";  appear?
11:14 rangi if you switched debug on
11:14 * rangi goes to sleep
11:15 drojf night rangi
11:15 bgkriegel joined #koha
11:15 amb sleep well, rangi... thanks
11:15 cait night rangi
11:15 * drojf goes to the books
11:16 * amb goes off to setup nginx
11:18 drojf cait has to watch the channel so nobody steals anything :)
11:18 cait huh?
11:29 francharb joined #koha
11:49 bgkriegel joined #koha
12:20 tcohen joined #koha
12:34 * cait waves
12:37 amb ??
12:37 cait don't think this is about you
12:37 don' worry
12:37 drojf no, it is not of course
12:37 amb ok :)
12:38 btw, i've setup nginx in front of apache2, and it's working great... i have yet to confim that it works for the client
12:38 drojf cool
12:38 amb but an excellent idea that i'm sure will solve my problem
12:38 cait good job :)
12:38 amb yeah, you guys rock :)
12:39 drojf bgkriegel is on a signoff spree
12:39 bgkriegel++
12:39 amb thx, cait
12:39 jcamins_away amb: there is a gotcha here to keep in mind... is your OPAC publicly accessible?
12:39 cait amb++ :)
12:39 bgkriegel :)
12:39 amb jcamins, yes it is
12:39 cait bgkriegel++ too :)
12:40 amb what's the catch, jcamins_away?
12:41 jcamins_away amb: public users are not going to have their sessions localized to IP either.
12:42 amb i don't quite understand
12:43 yes, koha/apache only sees incoming requests from 'localhost' all the time now
12:43 jcamins_away Right.
12:43 drojf jcamins_away: and by »not« you mean »now«?
12:43 amb so?
12:43 wahanui i heard so was a long road.
12:44 jcamins_away amb: if a malicious user intercepts the HTTP cookie, it's very easy to impersonate someone elese.
12:44 And there is a much larger number of potential interceptors since the OPAC traffic could come from anywhere and be quite high.
12:45 drojf: no, the IP will _not_ be user-specific.
12:45 You may simply not care.
12:45 Which would be good. :)
12:45 amb oh crap, right... so one way could be to force everything over ssl... so hopefully less chance of MITM
12:45 drojf jcamins_away: i think i misunderstood your sentence then but we mean the same
12:46 jcamins amb: right. With SSL you still have higher risk, but at least you don't make it easier for MITM.
12:48 amb i know understand why the "Error: IP address has changed." logout was introduced as a security measure in the first place :)
12:48 *i now understand
12:49 cait :)
12:49 amb And the fix should have been for the client to not toggle their public IP every alternate request... but I can't really influence their network setup that much :(
12:50 jcamins Yeah, that sounds like IT screwing something up. Load balancers generally have the option for "sticky" sessions.
12:50 * amb nods
12:51 amb I guess it makes sense to have the nginx as a reverse proxy in front of the staff site... and white-list the 2/3 valid IP addresses
12:51 drojf pardon my ignorance but can't you have the opac side connections done to apache directly and the staff client cia nginx reverse proxy for only your two ip addresses?
12:51 amb And for the rest, well... how can I pass that on to Apache directly? I can't right?
12:52 drojf: exactly my point :)
12:53 but i need to see how i could accomplish that configuration
12:53 jcamins drojf: I don't think so.
12:54 Well... you could if you were running Koha under nginx.
12:54 amb hmmm
12:55 jcamins Oh. Or if you had two IPs.
12:56 amb Right! 2 IPs works great... Apache listening on OPAC on one IP and nginx as a reverse proxy for Staff Site on the other
12:56 I think that would work.
12:56 jcamins You could even have everyone except your problematic site access the staff client directly.
13:01 bgkriegel amb: do your patrons need to log-in in OPAC?
13:01 amb Right, I just need to open up another random port like 8888 in my EC2 firewall for the problematic site... have nginx listen on 8888 and proxy_pass onto Apache
13:01 Apache continues to listen on 80 as usual for OPAC and also for staff site
13:02 jcamins Yes, that makes sense.
13:02 amb bgkriegel: yes
13:03 bgkriegel: or rather, i don't know right now, but they probably will
13:03 bgkriegel you could face the same problems
13:04 amb ?
13:04 bgkriegel if they access from teh same place
13:04 or is a problem only for the staff?
13:05 amb it's a problem only for staff right now...
13:05 bgkriegel ok
13:29 amb joined #koha
13:38 amb joined #koha
13:54 amb joined #koha
14:57 amb joined #koha
15:33 Oak joined #koha
15:34 * Oak waves
15:49 * jcamins learns how to mess with the web browser's history.
15:52 jcamins It's fun.
15:52 cait bgkriegel++
15:52 hi Oak
15:52 :)
16:20 Oak he cait :)
16:20 bgkriegel++
17:10 NateC joined #koha
17:52 Oak joined #koha
18:59 wajasu joined #koha
19:13 rangi joined #koha
19:26 craig_ joined #koha
19:31 * wajasu slow kohaclone for me
20:00 drojf joined #koha
20:51 drojf return of the button replacer :)
20:52 cait heh
20:53 jcamins Heh.
22:20 qu-bit joined #koha
22:37 bgkriegel joined #koha
23:11 qu-bit joined #koha

← Previous day | Today | Next day → | Search | Index

koha1