Daily Log for #alfresco IRC Channel

Alfresco discussion and collaboration. Stick around a few hours after asking a question.

Official support for Enterprise subscribers: support.alfresco.com.

Joining the Channel:

Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.

More information about the channel is in the wiki.

Getting Help

More help is available in this list of resources.

Daily Log for #alfresco

2017-08-30 06:20:29 GMT <qwebirc68625> Hi all

2017-08-30 06:20:41 GMT <qwebirc68625> The application manager-windows.exe does not render property in high resolution monitors(4k)

2017-08-30 06:20:50 GMT <qwebirc68625> Is there any better application for managing the server and database services ?

2017-08-30 08:31:31 GMT <cDavid> Hi, are there special requirements to host a Global hackathon room?

2017-08-30 08:41:46 GMT <DarkStar1> Morning everyone

2017-08-30 11:16:37 GMT <fwu> hello all!

2017-08-30 11:16:42 GMT <MarkTielemans> hi

2017-08-30 11:48:32 GMT <douglascrp> good morning

2017-08-30 13:33:46 GMT <fwu> ppl, I need to overwrite the workflow.lib.ftl inside the remote api jar file. Can I do it using a jar file or a

2017-08-30 13:33:53 GMT <fwu> I need to use an amp file?

2017-08-30 13:34:35 GMT <fwu> in 4.2.f I use an amp file and it works. I just need to put my file in a specific path that then will be copied to the overwrite dir in Alfresco.

2017-08-30 13:35:03 GMT <fwu> but I dont know if I may achieve this using a jar file

2017-08-30 13:35:40 GMT <MarkTielemans> It might work with a JAR file, but due to inconsistent load order that won't be reliable.

2017-08-30 13:36:26 GMT <MarkTielemans> Unless you always just use one and the same machine, then it should be fine. Should be. Until it isn't.

2017-08-30 13:37:31 GMT <fwu> MarkTielemans, just use one jar with the smae file. So that I will not have conflits between my own jar files. Is this what you are saying?

2017-08-30 13:39:20 GMT <fwu> nevertheless, my jar will be loaded as the remote api jar will be loaded... so I may always have problems, right?

2017-08-30 14:14:16 GMT <fufler> Hello, everyone. I've just published AJCE — https://github.com/ITDSystems/alfresco-java-code-executer. This module provides a way to execute Java code on running Alfresco instance.So feel free to use it, if you're interested :)

2017-08-30 14:18:18 GMT <MTielemans> Looks cool! I can think of a use case or two.

2017-08-30 14:18:38 GMT <MTielemans> You really don't want to be running this on your average production system though

2017-08-30 14:19:55 GMT <fufler> That's why it's disabled by default :)

2017-08-30 14:21:00 GMT <MTielemans> Yeah, cool

2017-08-30 14:22:33 GMT <MTielemans> What would really make this complete is a Java console ;)

2017-08-30 14:26:03 GMT <fufler> Well, i think it's much easier to write code in IDE and run it using plugin.

2017-08-30 14:26:21 GMT <fufler> But anyway pull requests are welcome.

2017-08-30 14:26:23 GMT <fufler> :)

2017-08-30 14:26:51 GMT <MTielemans> Haha, of course.

2017-08-30 17:00:17 GMT <AFaust> ~later tell fufler: I have not yet encountered an instance where JavaScript Console wasn't able to do what I needed to do. You are aware that you can access any Java bean from JavaScript, right?

2017-08-30 17:00:17 GMT <alfbot> AFaust: The operation succeeded.

2017-08-30 17:01:42 GMT <alfbot> fufler: Sent 1 minute ago: <AFaust> I have not yet encountered an instance where JavaScript Console wasn't able to do what I needed to do. You are aware that you can access any Java bean from JavaScript, right?

2017-08-30 17:07:40 GMT <fufler> AxelFaust, you're talking about something like this https://community.alfresco.com/docs/DOC-5378-configuring-the-serviceregistry-as-a-javascript-root-object? Or about anything else?

2017-08-30 17:07:42 GMT <alfbot> Title: Configuring the ServiceRegistry as a Javascript... | Alfresco Community (at community.alfresco.com)

2017-08-30 17:08:13 GMT <AxelFaust> Oh didn't see you there (I also am on the train so my connection is spotty)

2017-08-30 17:08:53 GMT <AxelFaust> No - I mean the access to the ENTIRE Spring context and Java API you already have, see https://gist.github.com/AFaust/beaa309837397abf961f

2017-08-30 17:08:54 GMT <alfbot> Title: Useful Alfresco JavaScript console scripts · GitHub (at gist.github.com)

2017-08-30 17:09:27 GMT <AxelFaust> I don't need (and don't want) the service registry as a root scope object.

2017-08-30 17:10:42 GMT <AxelFaust> Remote bytecode execution is totally unacceptable for me - there is no way to restrict what gets send over the wire and deserialised. At least with JS Console we technically have the option to use the Rhino ClassShutter to avoid access to i.e. Reflection API to avoid the nastiest hacks...

2017-08-30 17:12:30 GMT <AxelFaust> The only place where I could see this addon being used is on a local dev machine - and then I would question why you are not using RAD tools in that case?

2017-08-30 17:13:24 GMT <AxelFaust> There are just too many deserialisation CVEs that have already been filed due to naive use of bytecode transfer and deserialisation, i.e. http://www.pcworld.com/article/3004633/business-security/thousands-of-java-applications-vulnerable-to-nine-month-old-remote-code-execution-exploit.html

2017-08-30 17:13:26 GMT <alfbot> Title: Thousands of Java applications vulnerable to nine-month-old remote code execution exploit | PCWorld (at www.pcworld.com)

2017-08-30 17:16:19 GMT <fufler> Actually it's supposed to be used in local development. I'm not going to use it in production.

2017-08-30 17:17:26 GMT <AxelFaust> I know and understand that. Just wondering why RAD tools didn't suffice for that...

2017-08-30 17:18:43 GMT <AxelFaust> The danger now is that someone (let's call them "an unqualified person") finds this and actually does use it in a system != production. Sure, it would be their fault, but we should probably not tempt them in the first place...

2017-08-30 17:18:58 GMT <AxelFaust> sorry, meant system != dev

2017-08-30 17:20:53 GMT <AxelFaust> Maybe at least put a BIG FAT NOTICE in the readme...

2017-08-30 17:21:15 GMT <fufler> Well, sometimes it may be useful to run some kind of job to perform some action. And code that does such a thing is not a part of a core project. Like a partial drop of data in repository. Or like deleting all workflows based on some criteria.

2017-08-30 17:21:34 GMT <fufler> >> Maybe at least put a BIG FAT NOTICE in the readme...

2017-08-30 17:21:37 GMT <fufler> Will do it.

2017-08-30 17:22:07 GMT <fufler> Considering RAD. Last time I've tried it something was broken. Do not remember what exactly it was.

2017-08-30 17:23:37 GMT <AxelFaust> I am not arguing the fact that you sometimes need complex logic. I'm merely giving my feedback that I never encountered a case where JS Console didn't to the job, just in the off-chance that you thought something wasn't possible when indeed it is/was ...

2017-08-30 17:24:13 GMT <AxelFaust> Don't know about the state of RAD - I am generally against that as well as part of my personal convictions, but accept that it is used in the community.

2017-08-30 17:26:04 GMT <fufler> The point it's much easier for me to write code in Java IDE with full auto-completion rather than using JS Console for this. Not saying that JS Console is bad, but I'm a bit more comfortable with IDE. That's it. Moreover it's a way to test some code without need to restart a server: just compile and run it using plugin.

2017-08-30 17:26:52 GMT <AxelFaust> If you feel more comfortable with Java and that is (another) one of the reasons, fine - understood.

2017-08-30 17:27:58 GMT <fufler> Of course I'm not forcing anyone to use this extension in production or instead of REST APIs — that would be insane :)

2017-08-30 17:28:20 GMT <fufler> That's just a tool I thought may be useful for someone else. Nothing more.

2017-08-30 17:28:56 GMT <AxelFaust> I read in the chat log that you had already discussed this "not safe for production" with MarkTielemans today.

2017-08-30 17:30:22 GMT <AxelFaust> again, just wanting to make sure you were also aware of alternatives and didn't pick the approach just because of not knowing them...

2017-08-30 17:30:59 GMT <AxelFaust> If you put the notice in, that would be great so others are also aware of what we discussed in terms of security

2017-08-30 17:31:16 GMT <AxelFaust> I'll have to switch trains anyway now / soon, so will be dropping off...

2017-08-30 17:31:31 GMT <fufler> I'm aware, but thanks for worrying :)

2017-08-30 19:05:07 GMT <fwu> hi all

End of Daily Log

The other logs are at http://esplins.org/hash_alfresco