Re: Web Clients (was Re: Monticello authentication methods?)

> There was discussion of replacing it within the IO team, but never any
> decision as to what to replace it with.  That was back in April and
> there's been no further discussion or action since then that I'm aware
> of.
>
> Ken
>
> On Thu, 2006-09-14 at 01:23 -0700, Todd Blanchard wrote:
>> I was under the impression we were going to deprecate that stuff in
>> favor of the  Steve Waring's http client package.
>>
>> Right Ken?
>>
>> -Todd Blanchard
>>
>> On Sep 13, 2006, at 11:21 PM, stephane ducasse wrote:
>>
>>> So why a group of guy start to fix it!
>>> Let's try to step by step little peeble by little peeble
>>> improve...No giant step just a tiny and simple one
>>>
>>>>> Note that this is not doing you any good security-wise, because
>>>>> MC will
>>>>> send the basic-auth user:password anyway, and only if that fails,
>>>>> digest
>>>>> is tried. HTTPSocket authentication needs to be completely  
>>>>> reworked.
>>>>
>>>> Not only authentication, everything. The whole class is just awful.
>>>>
>>>> Philippe
>>>>
>>>
>>>
>>
>>

> Oh, I thought we had decided on the HC client.   Although, I confess
> I've been looking at both.  Would the right thing to do be to just
> pick one and replace the existing HTTPSocket implementation with it?
>
> I really would like to see HTTPSocket die and I'm sorry I didn't
> follow through on that last spring.  For some reason I thought you
> were talking with the author of one or the other packages and getting
> clearance for inclusion.
>
> On Sep 14, 2006, at 8:58 AM, Ken Causey wrote:
>
> > There was discussion of replacing it within the IO team, but never any
> > decision as to what to replace it with.  That was back in April and
> > there's been no further discussion or action since then that I'm aware
> > of.
> >
> > Ken
> >
> > On Thu, 2006-09-14 at 01:23 -0700, Todd Blanchard wrote:
> >> I was under the impression we were going to deprecate that stuff in
> >> favor of the  Steve Waring's http client package.
> >>
> >> Right Ken?
> >>
> >> -Todd Blanchard
> >>
> >> On Sep 13, 2006, at 11:21 PM, stephane ducasse wrote:
> >>
> >>> So why a group of guy start to fix it!
> >>> Let's try to step by step little peeble by little peeble
> >>> improve...No giant step just a tiny and simple one
> >>>
> >>>>> Note that this is not doing you any good security-wise, because
> >>>>> MC will
> >>>>> send the basic-auth user:password anyway, and only if that fails,
> >>>>> digest
> >>>>> is tried. HTTPSocket authentication needs to be completely
> >>>>> reworked.
> >>>>
> >>>> Not only authentication, everything. The whole class is just awful.
> >>>>
> >>>> Philippe
> >>>>
> >>>
> >>>
> >>
> >>
>
> _______________________________________________
> Io mailing list
> Io@...
> http://lists.squeakfoundation.org/mailman/listinfo/io
>

> On Thu, 2006-09-14 at 16:16 -0700, Todd Blanchard wrote:
>> Oh, I thought we had decided on the HC client.   Although, I confess
>> I've been looking at both.  Would the right thing to do be to just
>> pick one and replace the existing HTTPSocket implementation with it?
>
> I think anyone who provides a finished solution that is any  
> appreciable
> amount better than the current solution will be welcomed.  If you have
> an interest in putting the time into it then I applaud you and will
> likely support any solution you come up with.
>
>> I really would like to see HTTPSocket die and I'm sorry I didn't
>> follow through on that last spring.  For some reason I thought you
>> were talking with the author of one or the other packages and getting
>> clearance for inclusion.
>
> No need to apologize, it doesn't appear that any of the rest of us  
> have
> put forth any more time or effort into this issue.  I think though if
> you go back to the discussion in April
>
> http://lists.squeakfoundation.org/pipermail/io/2006-April/date.html
>
> you will find that the clearance was provided
>
> http://lists.squeakfoundation.org/pipermail/io/2006-April/000105.html
>
> and if you drill down to the current release it lists SqueakL as the
> license
>
> http://map.squeak.org/package/8644a5ff-923c-438f-b5b0-a281de346040/ 
> autoversion/1
>
> Let me note however that I merely pursued this to remove that  
> particular
> impediment to it being considered along with the other options.  I
> didn't evaluate it any further and certainly did not mean to indicate
> that I preferred it above any of the other solutions.
>
> Ken
>
>>
>> On Sep 14, 2006, at 8:58 AM, Ken Causey wrote:
>>
>>> There was discussion of replacing it within the IO team, but  
>>> never any
>>> decision as to what to replace it with.  That was back in April and
>>> there's been no further discussion or action since then that I'm  
>>> aware
>>> of.
>>>
>>> Ken
>>>
>>> On Thu, 2006-09-14 at 01:23 -0700, Todd Blanchard wrote:
>>>> I was under the impression we were going to deprecate that stuff in
>>>> favor of the  Steve Waring's http client package.
>>>>
>>>> Right Ken?
>>>>
>>>> -Todd Blanchard
>>>>
>>>> On Sep 13, 2006, at 11:21 PM, stephane ducasse wrote:
>>>>
>>>>> So why a group of guy start to fix it!
>>>>> Let's try to step by step little peeble by little peeble
>>>>> improve...No giant step just a tiny and simple one
>>>>>
>>>>>>> Note that this is not doing you any good security-wise, because
>>>>>>> MC will
>>>>>>> send the basic-auth user:password anyway, and only if that  
>>>>>>> fails,
>>>>>>> digest
>>>>>>> is tried. HTTPSocket authentication needs to be completely
>>>>>>> reworked.
>>>>>>
>>>>>> Not only authentication, everything. The whole class is just  
>>>>>> awful.
>>>>>>
>>>>>> Philippe
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>
>>

> Hey, you mean mine? :)
>
> I'm still around, and if it's included I could go do a refactor and
> maybe implement more stuff one day.
>
>
> Colin
>
>
> On 9/14/06, Todd Blanchard <tblanchard@...> wrote:
>> Oh, I thought we had decided on the HC client.   Although, I confess
>> I've been looking at both.  Would the right thing to do be to just
>> pick one and replace the existing HTTPSocket implementation with it?
>>
>> I really would like to see HTTPSocket die and I'm sorry I didn't
>> follow through on that last spring.  For some reason I thought you
>> were talking with the author of one or the other packages and getting
>> clearance for inclusion.
>>
>> On Sep 14, 2006, at 8:58 AM, Ken Causey wrote:
>>
>> > There was discussion of replacing it within the IO team, but  
>> never any
>> > decision as to what to replace it with.  That was back in April and
>> > there's been no further discussion or action since then that I'm  
>> aware
>> > of.
>> >
>> > Ken
>> >
>> > On Thu, 2006-09-14 at 01:23 -0700, Todd Blanchard wrote:
>> >> I was under the impression we were going to deprecate that  
>> stuff in
>> >> favor of the  Steve Waring's http client package.
>> >>
>> >> Right Ken?
>> >>
>> >> -Todd Blanchard
>> >>
>> >> On Sep 13, 2006, at 11:21 PM, stephane ducasse wrote:
>> >>
>> >>> So why a group of guy start to fix it!
>> >>> Let's try to step by step little peeble by little peeble
>> >>> improve...No giant step just a tiny and simple one
>> >>>
>> >>>>> Note that this is not doing you any good security-wise, because
>> >>>>> MC will
>> >>>>> send the basic-auth user:password anyway, and only if that  
>> fails,
>> >>>>> digest
>> >>>>> is tried. HTTPSocket authentication needs to be completely
>> >>>>> reworked.
>> >>>>
>> >>>> Not only authentication, everything. The whole class is just  
>> awful.
>> >>>>
>> >>>> Philippe
>> >>>>
>> >>>
>> >>>
>> >>
>> >>
>>
>> _______________________________________________
>> Io mailing list
>> Io@...
>> http://lists.squeakfoundation.org/mailman/listinfo/io
>>

> Ah, well if you want to help make sure its in there - rewrite all
> users of HTTPSocket to use your stuff.  Sure way to make it happen. :-)
>
>
> On Sep 14, 2006, at 4:33 PM, Colin Curtin wrote:
>
> > Hey, you mean mine? :)
> >
> > I'm still around, and if it's included I could go do a refactor and
> > maybe implement more stuff one day.
> >
> >
> > Colin
> >
> >
> > On 9/14/06, Todd Blanchard <tblanchard@...> wrote:
> >> Oh, I thought we had decided on the HC client.   Although, I confess
> >> I've been looking at both.  Would the right thing to do be to just
> >> pick one and replace the existing HTTPSocket implementation with it?
> >>
> >> I really would like to see HTTPSocket die and I'm sorry I didn't
> >> follow through on that last spring.  For some reason I thought you
> >> were talking with the author of one or the other packages and getting
> >> clearance for inclusion.
> >>
> >> On Sep 14, 2006, at 8:58 AM, Ken Causey wrote:
> >>
> >> > There was discussion of replacing it within the IO team, but
> >> never any
> >> > decision as to what to replace it with.  That was back in April and
> >> > there's been no further discussion or action since then that I'm
> >> aware
> >> > of.
> >> >
> >> > Ken
> >> >
> >> > On Thu, 2006-09-14 at 01:23 -0700, Todd Blanchard wrote:
> >> >> I was under the impression we were going to deprecate that
> >> stuff in
> >> >> favor of the  Steve Waring's http client package.
> >> >>
> >> >> Right Ken?
> >> >>
> >> >> -Todd Blanchard
> >> >>
> >> >> On Sep 13, 2006, at 11:21 PM, stephane ducasse wrote:
> >> >>
> >> >>> So why a group of guy start to fix it!
> >> >>> Let's try to step by step little peeble by little peeble
> >> >>> improve...No giant step just a tiny and simple one
> >> >>>
> >> >>>>> Note that this is not doing you any good security-wise, because
> >> >>>>> MC will
> >> >>>>> send the basic-auth user:password anyway, and only if that
> >> fails,
> >> >>>>> digest
> >> >>>>> is tried. HTTPSocket authentication needs to be completely
> >> >>>>> reworked.
> >> >>>>
> >> >>>> Not only authentication, everything. The whole class is just
> >> awful.
> >> >>>>
> >> >>>> Philippe
> >> >>>>
> >> >>>
> >> >>>
> >> >>
> >> >>
> >>
> >> _______________________________________________
> >> Io mailing list
> >> Io@...
> >> http://lists.squeakfoundation.org/mailman/listinfo/io
> >>
>
>

> IIRC, I have facades for every part of HTTPSocket (#httpGet, etc).
> They just have to use "HCFacade" instead. In fact, that's part of the
> key to understanding my package - look at how I implemented the
> HTTPSocket stuff, then realize that life doesn't have to be so hard.
>
> If HTTPSocket has been upgraded since late 2003, then maybe I don't
> have everything.
>
> :D
>
>
> On 9/14/06, Todd Blanchard <tblanchard@...> wrote:
>> Ah, well if you want to help make sure its in there - rewrite all
>> users of HTTPSocket to use your stuff.  Sure way to make it  
>> happen. :-)
>>
>>
>> On Sep 14, 2006, at 4:33 PM, Colin Curtin wrote:
>>
>> > Hey, you mean mine? :)
>> >
>> > I'm still around, and if it's included I could go do a refactor and
>> > maybe implement more stuff one day.
>> >
>> >
>> > Colin
>> >
>> >
>> > On 9/14/06, Todd Blanchard <tblanchard@...> wrote:
>> >> Oh, I thought we had decided on the HC client.   Although, I  
>> confess
>> >> I've been looking at both.  Would the right thing to do be to just
>> >> pick one and replace the existing HTTPSocket implementation  
>> with it?
>> >>
>> >> I really would like to see HTTPSocket die and I'm sorry I didn't
>> >> follow through on that last spring.  For some reason I thought you
>> >> were talking with the author of one or the other packages and  
>> getting
>> >> clearance for inclusion.
>> >>
>> >> On Sep 14, 2006, at 8:58 AM, Ken Causey wrote:
>> >>
>> >> > There was discussion of replacing it within the IO team, but
>> >> never any
>> >> > decision as to what to replace it with.  That was back in  
>> April and
>> >> > there's been no further discussion or action since then that I'm
>> >> aware
>> >> > of.
>> >> >
>> >> > Ken
>> >> >
>> >> > On Thu, 2006-09-14 at 01:23 -0700, Todd Blanchard wrote:
>> >> >> I was under the impression we were going to deprecate that
>> >> stuff in
>> >> >> favor of the  Steve Waring's http client package.
>> >> >>
>> >> >> Right Ken?
>> >> >>
>> >> >> -Todd Blanchard
>> >> >>
>> >> >> On Sep 13, 2006, at 11:21 PM, stephane ducasse wrote:
>> >> >>
>> >> >>> So why a group of guy start to fix it!
>> >> >>> Let's try to step by step little peeble by little peeble
>> >> >>> improve...No giant step just a tiny and simple one
>> >> >>>
>> >> >>>>> Note that this is not doing you any good security-wise,  
>> because
>> >> >>>>> MC will
>> >> >>>>> send the basic-auth user:password anyway, and only if that
>> >> fails,
>> >> >>>>> digest
>> >> >>>>> is tried. HTTPSocket authentication needs to be completely
>> >> >>>>> reworked.
>> >> >>>>
>> >> >>>> Not only authentication, everything. The whole class is just
>> >> awful.
>> >> >>>>
>> >> >>>> Philippe
>> >> >>>>
>> >> >>>
>> >> >>>
>> >> >>
>> >> >>
>> >>
>> >> _______________________________________________
>> >> Io mailing list
>> >> Io@...
>> >> http://lists.squeakfoundation.org/mailman/listinfo/io
>> >>
>>
>>

> Does it work with proxies, cookies, http 1.1/chunked, and do
> authentication?
>
>
> On Sep 15, 2006, at 1:46 PM, Colin Curtin wrote:
>
> > IIRC, I have facades for every part of HTTPSocket (#httpGet, etc).
> > They just have to use "HCFacade" instead. In fact, that's part of the
> > key to understanding my package - look at how I implemented the
> > HTTPSocket stuff, then realize that life doesn't have to be so hard.
> >
> > If HTTPSocket has been upgraded since late 2003, then maybe I don't
> > have everything.
> >
> > :D
> >
> >
> > On 9/14/06, Todd Blanchard <tblanchard@...> wrote:
> >> Ah, well if you want to help make sure its in there - rewrite all
> >> users of HTTPSocket to use your stuff.  Sure way to make it
> >> happen. :-)
> >>
> >>
> >> On Sep 14, 2006, at 4:33 PM, Colin Curtin wrote:
> >>
> >> > Hey, you mean mine? :)
> >> >
> >> > I'm still around, and if it's included I could go do a refactor and
> >> > maybe implement more stuff one day.
> >> >
> >> >
> >> > Colin
> >> >
> >> >
> >> > On 9/14/06, Todd Blanchard <tblanchard@...> wrote:
> >> >> Oh, I thought we had decided on the HC client.   Although, I
> >> confess
> >> >> I've been looking at both.  Would the right thing to do be to just
> >> >> pick one and replace the existing HTTPSocket implementation
> >> with it?
> >> >>
> >> >> I really would like to see HTTPSocket die and I'm sorry I didn't
> >> >> follow through on that last spring.  For some reason I thought you
> >> >> were talking with the author of one or the other packages and
> >> getting
> >> >> clearance for inclusion.
> >> >>
> >> >> On Sep 14, 2006, at 8:58 AM, Ken Causey wrote:
> >> >>
> >> >> > There was discussion of replacing it within the IO team, but
> >> >> never any
> >> >> > decision as to what to replace it with.  That was back in
> >> April and
> >> >> > there's been no further discussion or action since then that I'm
> >> >> aware
> >> >> > of.
> >> >> >
> >> >> > Ken
> >> >> >
> >> >> > On Thu, 2006-09-14 at 01:23 -0700, Todd Blanchard wrote:
> >> >> >> I was under the impression we were going to deprecate that
> >> >> stuff in
> >> >> >> favor of the  Steve Waring's http client package.
> >> >> >>
> >> >> >> Right Ken?
> >> >> >>
> >> >> >> -Todd Blanchard
> >> >> >>
> >> >> >> On Sep 13, 2006, at 11:21 PM, stephane ducasse wrote:
> >> >> >>
> >> >> >>> So why a group of guy start to fix it!
> >> >> >>> Let's try to step by step little peeble by little peeble
> >> >> >>> improve...No giant step just a tiny and simple one
> >> >> >>>
> >> >> >>>>> Note that this is not doing you any good security-wise,
> >> because
> >> >> >>>>> MC will
> >> >> >>>>> send the basic-auth user:password anyway, and only if that
> >> >> fails,
> >> >> >>>>> digest
> >> >> >>>>> is tried. HTTPSocket authentication needs to be completely
> >> >> >>>>> reworked.
> >> >> >>>>
> >> >> >>>> Not only authentication, everything. The whole class is just
> >> >> awful.
> >> >> >>>>
> >> >> >>>> Philippe
> >> >> >>>>
> >> >> >>>
> >> >> >>>
> >> >> >>
> >> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> Io mailing list
> >> >> Io@...
> >> >> http://lists.squeakfoundation.org/mailman/listinfo/io
> >> >>
> >>
> >>
>
>