Date: Wed, 11 Oct 2000 05:09:57 -0400 From: mindlace <mindlace@digicool.com> To: lwn@lwn.net Subject: zope weekly news for October 11th Zope Book reaches the alpha stage, session tracking and write locking in Zope, web security nirvana, Zope with Python 2.0, ZPatterns examples, and silencing leaks, all in this week's ZWN. The opinions expressed in Zope Weekly news are solely the authors', and not the opinions of Digital Creations, The Zope Community at-large, or the Spanish Inquisition. If you or your company are doing something cool with zope, "submit it to the Zope Weekly News", mailto:zope-web@zope.org for possible inclusion. And Now For Something Completely Different: --- Documentation by Michel Pelletier Amos and I are proud to announce the first alpha release of the O'Reilly Zope Book! This means that all the chapters are roughed out and there is no more outline material left. The book is far from done however; we have a whole mess of screenshots to take and lots of editing to do. Please bear with us and "keep reading":http://www.zope.org/Members/michel/ZB/. As always, you can "send us":mailto:docs@digicool.com your comments. --- Zope Status In a discussion about ZPatterns, Steve Spicklemire gives us a link to an example implementation of ZPatterns. If you've been wondering exactly what ZPatterns can do for you, "check it out", http://www.zope.org/Members/sspickle/DumbZPatternsExample There's been some interesting discussion about the security of the session tracking that is being implemented in zope. There were concerns about the duration of a browser ID cookie, addressed by it being managed by users, and questions about its possible interception. As ChrisM says: "But if you came up with a truly secure web identification mechanism that does not require any authentication/client certificate, doesn't rely largely on security through obscurity, and that's completely 100% transparent to any number of end users that may be using any number of stock browsers, I'm sure somebody at RSA would be willing to pay you hundreds of millions of dollars. I'd even give you a couple thousand!" "read the debate", http://lists.zope.org/pipermail/zope-dev/2000-October/007140.html and "comment on the proposal", http://dev.zope.org/Wikis/DevSite/Projects/CoreSessionTracking/ There's been some discussion of how to use Zope with python 2.0, and it looks like things are "pretty much there", http://lists.zope.org/pipermail/zope-dev/2000-October/007269.html Jeffery would like us to take a look at "write locking in zope", http://dev.zope.org/Wikis/DevSite/Proposals/WriteLocking so that all may edit freely, as long as they don't "interfere with a patent", http://slashdot.org/article.pl?sid=00/10/03/1523228 --- PTK Brief Albert mentioned that the folks at DataChannel have published a DTD aimed at letting portals "interchange content, users, groups, and more", http://lists.zope.org/pipermail/zope-ptk/2000-October/001773.html A new version of the PTK should be landing shortly: in the meantime, you might grab one of Jim Tittsler's "highly unofficial snapshots", http://starship.python.net/crew/jwt/zope/ZopePTK/ --- Zope Web -- by Ethan Fremen Tim has passed the categorization flag on to mindlace, who's working on it :) Shane Hathaway has stalked and killed a memory leak triggered by some odd dtml in zope.org, which will help in flattening out our otherwise "eccentric memory usage", http://www.zope.org/manual/mem.png -EOT-