IRC log of #novawebdev for Thursday, 2018-01-18

*** replaceafill has joined #novawebdev08:47
*** jelkner has joined #novawebdev09:52
jelknerGood morning, replaceafill!09:55
replaceafillgood morning jelkner09:55
jelknershould i file the issue about having to copy and paste your login / password to vote?09:55
jelkneror did you get that on your list of todos already?09:55
jelknerbtw. we are making good progress with both our customer projects09:56
jelknerlelkneralfaro is getting to know the or arlington folks and the aea folks he needs to work with09:57
replaceafilljelkner, file it please09:57
jelknerwill do09:57
replaceafilljelkner, but i don't think we'll be able to do anything about it09:57
replaceafilljelkner, at least for the AEA election09:57
jelknerhow does the PSF do it?09:58
replaceafilljelkner, they don't09:58
replaceafilljelkner, according to the emails you shared with me09:58
*** mjsir911 has joined #novawebdev09:58
replaceafilljelkner, you got a username password when they used helios09:58
replaceafilljelkner, evote was able to do that09:58
replaceafilljelkner, and helios can, but you need to use a 3rd party auth provider09:58
replaceafilljelkner, like google or facebook, etc09:58
replaceafilljelkner, i explained lelkneralfaro that09:59
jelknerare there any free software ones?09:59
replaceafilljelkner, openid iirc09:59
replaceafilljelkner, but i haven't explored it fully yet09:59
replaceafilljelkner, lelkneralfaro is ok with the user/password approach09:59
replaceafilljelkner, i told him about the alternatives09:59
replaceafilljelkner, and that maybe we should ask AEA10:00
mjsir911replaceafill, is the voter id supposed to be secret?10:00
jelknerok replaceafill, but let me warn you10:00
jelkneri have a teacher here who doesn't have a personal email10:00
replaceafillmjsir911, voter id? you mean the username you receive?10:00
jelknersince she doesn't know how to set one up10:00
mjsir911no the very long string10:00
jelkneri am going to help her10:00
replaceafillmjsir911, i don't think so10:01
jelknerbut i can almost guarantee she will *not* know how to copy and paste a user name and password10:01
replaceafillmjsir911, you can view everybody's fingerprint in the election page after the voting is done10:01
replaceafilljelkner, yeah it's an usability problem10:01
mjsir911oh ok10:01
mjsir911are the passwords one time use?10:01
jelkneri'll file the bug10:02
mjsir911get regenerated every new election?10:02
jelknerand do whatever you say10:02
replaceafillmjsir911, yep10:02
replaceafilljelkner, we're doomed :(10:02
replaceafilljelkner, :)10:02
mjsir911hmmm I'm sure there are security problems with,password=qwerty10:02
replaceafillmjsir911, are you thinking alternatives to this "problem"?10:03
replaceafillmjsir911, yeah, the GET option is out of the table for sure10:03
replaceafilloff/out whatever :D10:03
mjsir911oh ok but how else would you embed authentication in a url?10:03
replaceafillmjsir911, you need to generate tokens10:03
replaceafillmjsir911, it's kind like the password10:04
mjsir911http://whatever/election3?token=asdfghjhfds ?10:04
replaceafillmjsir911, http://whatever/election/this-is-marcos-token-2342342310:04
mjsir911yea ok I think those are functionally the same, do we need a third party service for generating tokens?10:05
jelknerissue filed10:05
replaceafillmjsir911, no, currently helios uses third party services for auth10:05
replaceafillmjsir911, helios doesn't use tokens10:05
jelkneri assigned it to you, replaceafill, but perhaps if mjsir911 is willing, you could assign it to him?10:05
replaceafillmjsir911, relies on authentication to track who voted10:05
jelknerhe can bill for the time10:05
mjsir911what do you mean? When I put my username and password what does it do?10:06
replaceafilljelkner, sure10:06
replaceafilljelkner, i just asked mjsir911 about his availability to request some help from him10:06
jelkneri don't want to overextend you and we need to get our product polished and ready10:06
jelknerok, let me stop butting in where i'm not needed! ;-)10:06
mjsir911how does it do the authentication? When I put in my username/password, what does it do?10:07
replaceafillmjsir911, for your helios instance you set up auth systems10:07
replaceafillmjsir911, note the helios instance part10:07
mjsir911yea, thats the voting system and web server?10:07
replaceafillmjsir911, you say, i'll let users to log in with google/facebook/twitter accounts10:07
mjsir911Oh yea, but right now we're not doing that are we?10:08
replaceafillmjsir911, then, when you create an election, you decide if it's public or private10:08
replaceafilljelkner, if the election is public anyone can vote using those auth systems10:08
replaceafilloops, that was for you mjsir91110:08
mjsir911will aeava have to log in through a third party provider eg google?10:08
replaceafillmjsir911, that's the alternative if they don't want *our* username/passwords10:09
replaceafillmjsir911, but then users will need other user/password from these providers10:09
replaceafillmjsir911, right?10:09
replaceafillmjsir911, and at that point, the election is "public"10:10
replaceafillmjsir911, meaning anyone can vote10:10
mjsir911yea, I think it would be simpler to just give them our own generated ones unless they want to make it public10:10
replaceafillmjsir911, yep10:10
replaceafillmjsir911, the way we extend it is10:10
mjsir911BUT is the username/password used anywhere else other than logging in for one election? If so can you replace that process with generating a token?10:10
replaceafillmjsir911, you don't replace it10:11
replaceafillmjsir911, you extend it10:11
replaceafillmjsir911, you let helios create the same row in the database to identify user/password10:11
mjsir911is the username password only used for the one election?10:11
replaceafillmjsir911, yes10:11
replaceafillmjsir911, the password is *like* a token10:11
mjsir911if theres a token in the url, you don't even need a password & username10:12
replaceafillmjsir911, you just need something unique and hard to guess really10:12
mjsir911yea, same way the password is generated I would expect10:12
mjsir911but maybe longer10:12
replaceafillmjsir911, right10:12
replaceafillmjsir911, so instead of checking username/password in a post10:13
replaceafillmjsir911, you check the get data10:13
replaceafillmjsir911, extract the token and know who the user is10:13
mjsir911so the process would be 1) generate a token for each user in a new column in the db 2) embed that token in the emails sent out 3) authenticate when the url includes a valid token10:13
replaceafillmjsir911, yes, something like that10:13
mjsir911ok, how complicated is setting up a helios system?10:14
replaceafillmjsir911, proble with that approach is similar to what we just discussed10:14
replaceafillmjsir911, the token gets stored in the user's browser history for instance10:14
replaceafillmjsir911, so you need at some point to expire them10:15
replaceafillmjsir911, invalidate them10:15
mjsir911can users vote multiple times?10:15
replaceafillmjsir911, in default helios they can cast may ballots10:15
replaceafillmjsir911, and only the last one counts10:15
replaceafillmjsir911, i've changed it that a bit10:15
replaceafillmjsir911, i'm going to deploy that today10:16
replaceafillmjsir911, and ask the team to test it10:16
mjsir911Would it be reasonable to just have a single use key that only works once?10:16
replaceafillmjsir911, i think it should invalidate the token when you cast your ballot10:16
replaceafillmjsir911, but generate a new one to allow you to see the results10:16
mjsir911So not when you use it, but when you are done using it10:17
mjsir911do you need a user/password for viewing the results?10:17
replaceafillmjsir911, yes10:17
replaceafillmjsir911, it's a private election10:17
replaceafillmjsir911, results shouldn't be open10:17
mjsir911ohhh, would it be alright to expect a user/password for viewing the election?10:17
replaceafillmjsir911, well, it's the same principle of requiring a user/password in the first place10:18
mjsir911Jeff's argument is most people won't view the election, so It's less of usability issue10:18
mjsir911Jeff is hopping on now10:18
jelkneri'm using the principle that things everyone does should be easy10:19
replaceafilljelkner, transparency :)10:19
jelknerand things only some people will want to do should be possible10:19
replaceafilljelkner, i'm ok if we push for a feature like this, but i'm not sure we have time for Tuesday demo10:20
replaceafilljelkner, mjsir911 my goal is to have the voter side of things polished/tested  by Tuesday10:21
replaceafilljelkner, mjsir911 that's when Louie meet with them10:21
replaceafilljelkner, mjsir911 and shows the system10:21
mjsir911I think I might be able to get a prototype up by sunday10:21
mjsir911Although I would need instructions for setup10:22
replaceafillmjsir911, thank you ansible ;)10:22
replaceafillmjsir911, helios is simple to set up than tendenci10:22
mjsir911link to instructions?10:23
replaceafillmjsir911, i'm not sure if our instructions are harder than just following helios instructions10:24
replaceafillmjsir911, but in any case10:24
mjsir911for helios?10:24
replaceafillmjsir911, you can run that playbook passing only the "helios" tag10:24
mjsir911oh I see so it's part of the process10:25
replaceafillansible-playbook --tags "helios" --inventory $SERVER, site.yml10:25
mjsir911ok thanks I think thats all I need10:25
replaceafillmjsir911, i doubt it ;)10:25
replaceafillmjsir911, you will also need German's branch:
replaceafillmjsir911, well i think you can get started without it10:26
mjsir911yea what I'm changing he wouldn't have touched10:26
replaceafillmjsir911, but it's good to have all the parts we'll set in production10:26
replaceafillmjsir911, and the playbook allows you to customize that10:27
replaceafillmjsir911, helios_version can be a branch name10:27
mjsir911K, I think I got it10:28
replaceafillmjsir911, if you get stuck and decide the playbook doesn't work10:28
mjsir911I can look through the ansible playbooks if Im confused about anything else10:29
replaceafillmjsir911, i recommend our shared doc too:
replaceafillmjsir911, feedback on the playbook is highly appreciated10:29
replaceafillmjsir911, :)10:29
mjsir911ok, ill keep a look out10:29
replaceafillmjsir911, kk10:29
replaceafillmjsir911, i just uploaded a file i use for local development to the Helios shared doc:
replaceafillmjsir911, i use a virtualbox vm which i set in my laptop's /etc/hosts as replaceafill.com10:33
replaceafillok back to filing issues10:33
*** mr_german has joined #novawebdev10:51
*** mr_german has joined #novawebdev11:54
mr_germanreplaceafill, hi11:54
replaceafillhey mr_german11:57
replaceafillmr_german, i just sent an email about issue triaging11:58
mr_germanreplaceafill, yes.11:58
mr_germanreplaceafill, thx, I'll work in that11:58
replaceafillmr_german, could you please check read it11:58
replaceafillmr_german, and let me know if you have questions11:58
mr_germanreplaceafill, done11:58
replaceafillmr_german, what issue should you start with today?11:58
mr_germanreplaceafill, I'll start to work12:03
replaceafillmr_german, do you know what issue to start with?12:03
replaceafillmr_german, in case it's not clear it should be this:
mr_germanthat first that u sent12:03
replaceafillmr_german, most of your issues are due tomorrow12:04
replaceafillmr_german, so focus on their weight12:04
replaceafillmr_german, text wrapping is a "9"12:04
replaceafillmr_german, so start with that12:04
replaceafillmr_german, then this:
replaceafillmr_german, or this
replaceafillmr_german, and so on12:05
*** louisea has joined #novawebdev12:06
mr_germanreplaceafill,omg, I just received too many emails, its has too many issues12:06
replaceafillmr_german, how much do you plan to work today?12:06
replaceafillmr_german, i mean, how many hours?12:06
replaceafillmr_german, i can help if you don't think you'll make it12:06
replaceafillmr_german, some of them are really simple changes12:06
mr_germanreplaceafill, I plan to work 6 hours12:06
replaceafillmr_german, like changing the color of a button12:07
replaceafillmr_german, shouldn't take 2 hours12:07
mr_germanreplaceafill, but, what about admin interface12:07
mr_germani need to work on that12:07
replaceafillmr_german, no, this is still voter facing issues12:07
replaceafillmr_german, you're not done with it yet12:07
replaceafillmr_german, we can't move to the admin until all of these are sorted out12:08
mr_germanreplaceafill, ok, Im going to start12:09
replaceafillmr_german, cool12:09
replaceafillmr_german, ping me if you need me to check things12:10
mr_germanreplaceafill, ok12:12
*** mjsir911 has joined #novawebdev12:45
*** zOnny has joined #novawebdev12:48
zOnnyhey replaceafill12:49
replaceafillhey zOnny12:49
zOnnydo you want me to clean up the aea's templates directory, replaceafill12:52
replaceafillzOnny, no12:53
replaceafillzOnny, i just asked you what's the status of that12:53
replaceafillzOnny, your comment says *something* is fixed12:53
replaceafillzOnny, i want to understand what was fixed12:53
replaceafillzOnny, because i still see the /templates/ parts in the production site12:54
zOnnythe issue was that the php paths were broken because of the files were not responding. such as navigation.12:57
zOnnyhowever, jeff was sugesting that is a simple website and there is not the need of having others directories. replaceafill12:59
replaceafillzOnny, i remember, but the issue says "remove /templates/ from the AEA website URIs" 13:00
replaceafillzOnny, so that's not done, right?13:00
zOnnyyeah, it can be done in a short time, if you want me to remove the directory and keep all the files in the main directory, replaceafill 13:02
replaceafillzOnny, i think your other work has higher priority than this issue13:02
zOnnyyep, you right replaceafill13:03
replaceafillzOnny, so i'll remove you as assignee for now13:03
replaceafillzOnny, and we can get back to it once it becomes a top priority13:03
replaceafillzOnny, makes sense?13:03
zOnnyok, replaceafill13:03
replaceafillzOnny, thanks for the update13:03
replaceafillACTION goes to get lunch, bb in ~4514:13
replaceafillACTION is back14:39
*** mjsir911 has joined #novawebdev15:39
replaceafillmr_german, you around?15:51
*** mjsir911 has joined #novawebdev16:04
replaceafillmr_german, mjsir911 labels are set for the helios-ae project16:29
replaceafillmr_german, mjsir911 please use Needs Review when you want someone to check something16:29
replaceafillmr_german, ping17:01
replaceafillmr_german, could you push your fixes17:16
replaceafillmr_german, the ones you told me you worked on already17:16
mr_germanreplaceafill, but the "results page"17:17
mr_germanis not finish yet17:17
replaceafillmr_german, but you finished some of the others right?17:17
replaceafillmr_german, like the text wrapping one17:17
mr_germanreplaceafill, yes17:20
mr_germanreplaceafill, yes.17:20
replaceafillmr_german, do you think you'll finish the results page today?17:20
replaceafillmr_german, by today i mean, before 8 pm our time....17:20
mr_germanreplaceafill, yes, im on it17:20
replaceafillmr_german, ok, push your fixes after that one yet17:21
replaceafillmr_german, i'll wait17:21
mr_germanreplaceafill, :o17:21
mr_germanreplaceafill, 8pm *our time?17:21
replaceafillmr_german, yeah, i want people to have a new election with fixes by tomorrow morning17:21
replaceafillmr_german, when they wake up :)17:22
replaceafillmr_german, so i'll set that up tonight17:22
replaceafillmr_german, thanks!17:22
mr_germanreplaceafill, sure, thanks!17:23
mr_germanACTION goes out to pick up his brother brb 15 mins17:48
mr_germanACTION is back17:56
*** nrcerna has joined #novawebdev18:22
mr_germanreplaceafill, it should be mobile right?19:50
replaceafillmr_german, hm?19:51
mr_germanreplaceafill, the "results page" it should be mobile too?19:51
replaceafillmr_german, yes19:52
replaceafillmr_german, everything should be 19:52
*** zOnny has joined #novawebdev22:46

Generated by 2.17.2 by Marius Gedminas - find it at!