=== yml_ is now known as yml
* BUGabundo Ta na hora da Caminha, bamos la deitar.... \n bed time. cu tomorrow01:43
andrewOn the computers on your account page, how is one supposed to tell them apart?02:09
VK7HSEBug #39956403:42
ubottuLaunchpad bug 399564 in ubuntuone-client "ubuntuone-client-applet crashed with ImportError in <module>()" [Undecided,New] https://launchpad.net/bugs/39956403:42
binarymutantwhat do these tags mean: story-0079 and foundations+ ?05:15
binarymutantokay I found out the foundations+ but what about story-0079?05:20
=== yofel_ is now known as yofel
jan____hey, is somebody online or nearby who could answer questions on oauth that would normally go to aquarius?13:42
gnomefreaki cant find where i subscribe to ubuntuone bugs. it seems im not subscribed to ubuntuone-client bugs yet im getting all ubuntuone bugs.13:48
gnomefreakanyone give me an idea where i did this at?13:48
gnomefreakim guessing its a broad subscription just cant seem to find it13:54
dobeygnomefreak: http://bugs.launchpad.net/ubuntuone should get you that14:26
dobeyjan____: what's the issue?14:27
gnomefreakdobey: looking thanks14:27
jan____dobey: jasondavies might have a question14:27
jasondaviesdobey: hi :)14:28
dobeyhi jasondavies14:29
gnomefreakdobey: that doesnt give me the option to subscribe or unsubscribe. the overview page says im not subscribed but im getting a massive amount of bugs14:29
jasondaviesdobey: I'm working on OAuth for CouchDB, just wondering what the file containing OAuth tokens should look like14:30
jasondaviesdobey: SteveA tells me a file would be best so that tokens can be added when applications are installed14:30
dobeyoh. i don't know the answer to that one14:31
jasondaviesok, no problem14:31
dobeyin ubuntuone-client we store the oauth access token in gnome-keyring, though you probably don't want that14:31
jasondavieswell, I'm thinking of starting with a simple mapping from oauth access token to CouchDB username14:33
jasondaviesso that any client accessing with a given token will be given the roles of that user14:33
dobeythough there is some work to specify and get a cross-desktop keyring on freedesktop.org, which might be suitable once the implementation is ready to use14:33
jasondaviesthe cross-desktop keyring is for client apps?14:34
jan____dobey: I think that is out of scope for now14:36
dobeyjasondavies: yeah14:37
dobeyjan____: probably, yeah14:37
dobeyjan____: but worth mentioning, i think14:37
jan____totally :)14:37
dobeygnomefreak: lots of bugs for which projects exactly?14:42
dobeygnomefreak: i see you're subscribed to ubuntuone-storage-protocol bugs, but it only has 3 open...14:44
gnomefreakdobey: im not sure what bugs. it was a blanket subscribtion from what i can tell. i am getting all ubuntuone bugs by the looks of it14:45
dobeywell all the public bugs i guess, yeah... i see you are subscribed to ubuntuone-client as well now14:46
statikfile system was modified reboot linux14:48
dobeyhooray linux spam14:48
SteveAhi jan____, jasondavies, dobey14:48
statikhi gnomefreak, if you look at the mail headers of the bug mail i think there will be one that tells you what subscription caused you to get the mail sent14:48
dobeygnomefreak: i think you'll have to unsubscribe from each project's bugs individually14:49
gnomefreakdobey: maybe its a LP bug than because it only shows subscribe14:49
jan____hi steve14:49
jasondavieshi SteveA14:49
SteveAare there any things about OAuth I can help with?14:49
dobeygnomefreak: that could be too14:49
jasondaviesSteveA: yeah, just wondering how the file containing OAuth tokens should look like, would it suffice to have a simple mapping of oauth tokens to usernames?14:50
SteveAwhat does a username mean for couchdb?14:50
jasondaviesSteveA: and then any consumer using that token will have the roles of that user14:50
jasondaviesSteveA: well, this is still under development, but a username would just be an identifier pointing to a document in the uesr database that contains the roles of that user14:51
gnomefreakstatik: it shows Subscriber (Ubuntu One) but going to unsubscribe only asks me to subscribe14:51
jasondaviesSteveA: we might use UUIDs instead of usernames14:51
SteveAand the roles are primitives for access control?14:51
SteveAa common way to think of an oauth token is that it's like a capability14:52
jasondaviesSteveA: roles are essentially like groups, so there will be some built-in roles like _reader, _owner, _writer that do specific things14:52
gnomefreakstatik: dobey i think i found it still wondering why it didnt show up the last few times i was there14:52
SteveA(it's not as useful or complete as a real capability, but it's a bit like one)14:53
jasondaviesSteveA: right14:53
statikgnomefreak: so maybe you are part of a team that has gotten subscribed? yesterday i noticed i started getting a whole bunch of extra mail from launchpad on the PQM robot mail account, so something has changed somewhere. not sure whether it's a launchpad bug or a team subscription that gone wrong? i'll look at some of my mails in just a few minutes and see if i can find any clues about what is causing it to get sent14:53
jasondaviesSteveA: an OAuth token is basically something that lets a consumer do a particular thing that a user has approved for them to do14:53
jasondaviesSteveA: the most common one might be to delegate a user's permissions to the consumer14:54
SteveAright.  thinking more broadly than the use-cases that are important for ubuntu one, I can imagine saying "this token allows read access to this document"14:54
jasondaviesSteveA: yep, in CouchDB we plan on having "reader lists" that give us per-document ACLs14:54
jan____but not any time soon :)14:55
SteveAok, and would that be a reader-list of roles or of users?14:55
jasondaviesof roles14:55
jasondaviesso basically a document might contain a role called "photo-reader"14:55
jasondaviesand that role would only be set on photo documents14:55
jasondaviesso if the role was given to an OAuth access token, then the consumer could only read photo documents (with that role)14:56
SteveAso, in couchdb, we have permissions (read, write, delete, perhaps), roles (arbitrarily defined, to separate permissions from users), and users14:56
SteveAan ACL is a mapping of permissions to roles, for a particular context14:57
SteveAand, to say "I want Jan to be able to read Document_Foo", I'd need to make a unique role for Jan14:57
SteveAthe "Jan identity" role14:57
SteveAso I can make an ACL that says he can read that document14:57
jasondaviesyeah, I think that's probably the way we'd go to make it that fine-grained14:58
SteveAthe model we ended up with for Zope 3 is a layered model14:59
SteveAat the most basic level, there's permissions and principles14:59
SteveAand mappings from permissions to principals14:59
SteveA(sorry, mistyped as principles earlier there...)14:59
SteveAthen, things like groups and roles are built on top of the principals14:59
statikHi, everyone who is here for the ubuntu one developer standup, please say 'me'. The format for this meeting is to paste 3 lines: TODO, DONE, and BLOCKED. Then say the person that should go next - we can try going in 'me' order.15:00
SteveAjasondavies: let's continue after the U1 stand-up15:00
statikteknico, rodrigo_?15:01
jasondaviesSteveA: okie dokie15:01
statikDONE: xpi building branch for zac/bindwood. prototype branch for mobile web UI. code reviews for neat CouchWidget branch from rickspencer3. several 1:1 phone calls and weekly planning meeting.15:01
statikTODO: Publish desktop-contacts python module. Make an ubuntu package for lp:bindwood. Work with Rodrigo on Tomboy sync.15:01
statikBLCK: None. Next: urbanape15:01
urbanapeDONE: Got errors out of the new files UI - so re-encapsulation is working, still tackling it.15:01
urbanapeTODO: Expect to be back on solid ground this afternoon.15:01
urbanapeBLOCK: None15:01
urbanapeCardinalFang: The comfy chair!15:01
CardinalFangDONE: Added LAZR config and worked around eventlet weirdness15:01
CardinalFangTODO: Finish getting Spawning working.15:01
CardinalFangBLOCKED: Nope.15:01
CardinalFangdobey, dobey, dobey, dobey.15:02
dobeyDONE: Fixed quick desktopcouch bug, Fixed clientdefs build/install issue, Default to computer name for new oauth token requests, Quick fixes to proposed Tarmac branches, Helped a user with UnknownLoginError to get better debug info, poked design team about UI changes for Ubuntu One for karmic15:02
dobeyTODO: Finish setup.py removal, UL/DL status notifications, syncdaemon start-up error reporting, Fix UnknownLoginError silliness15:02
dobeyBLCK: None.15:02
dobeyjblount: your roll15:02
jblountDONE: Got payment funnel sorted15:02
jblountTODO: Download in new files ui15:02
jblountBLOCKED: Nope15:02
jblountvds: rocknroll15:02
vdsDONE: worked on funambol ds config NOT nearly done as I reported yesterday due to some funambol crap config stuff, need to swap from unix domani socket to tcp socket before I propose it, and it's not just that, I think I have an idea of what to do, is just taking longer than expected15:02
vdsTODO: finish this branch15:02
vdsBLOCKED: no15:02
rodrigo_DONE: submitted evo-couchdb packages and deps to beta PPA. Fought with 'make start' not working. Filed missing bugs for w13-karmic-alpha3 milestone15:02
statikteknico, just in time! you are next15:03
rodrigo_TODO: make 'make start' work and keep testing and fixing tomboy syncing. Submit tomboy 0.15.3 fixed package for jaunty (karmic in already)15:03
rodrigo_BLOCKED: make start15:03
statikoops, lag; sorry15:03
rodrigo_teknico: go15:03
teknicoDONE: reviews for ubuntuone and ubuntuone-client branches15:04
teknicoTODO: more reviews, fixing the contacts web UI tests, landing the createCouchContacts.py script refactoring branch15:04
teknicoBLOCKED: on the new couchdb version problem15:04
teknicoNEXT: noone15:04
statikMEETING ENDS15:05
statikthanks everyone!15:05
statikrodrigo_, i can help with make start15:05
statikdo you have any errors in tmp/ in logs that look related to rabbit?15:05
rodrigo_statik: .ERROR: RabbitMQ server did not start in time15:05
rodrigo_let me see the logs15:06
statikvds, which socket needs to change from unix to tcp, the postgres one?15:06
vdsstatik: yes15:06
CardinalFangDropbox news: They're expunging undo history after 30 days.15:06
CardinalFang...unless you pay.15:06
jblountCardinalFang: was it undo hsitory for forever before?15:06
CardinalFangI do not know, jblount.  I think it was, until cleared manually.  It ate your available space.15:07
vdsstatik: is it a problem?15:07
SteveAjasondavies: hi15:08
jasondaviesSteveA: hi15:09
SteveAjasondavies: so... many parts of the authorization and authentication systems can work using just parts of roles/permissions/users/principals/tokens15:09
jasondaviesSteveA: so in Zope 3 a role is a principal?15:09
SteveAwell, last I worked on it (quite a while ago), a principal maps to roles15:10
SteveAa useful separation of concepts is authorization and authentication and identification15:11
SteveAso, identification is "who is making this request?"15:11
jasondaviesso in CouchDB we have something called user_ctx15:11
SteveAauthentication is "who is this, and how do I trust who this is?"15:11
jasondavieswhich has a "name" and a list of roles15:11
jasondaviesthe name bit refers to who the user is15:11
SteveAand authorization is "what is the person with this identity allowed to do in this context?"15:11
jasondaviesthe roles helps work out the authorization part (this is handled either by reader lists or by update validation)15:12
SteveAso, in zope3 one can say things like "here is a principal that represents accessing using this token over https"15:12
gnomefreakSteveA: dobey thanks that seemed to work15:13
gnomefreakstatik: even15:13
jasondaviesSteveA: ok, so back to OAuth15:13
SteveAjasondavies: so, back to OAuth :-)15:13
jasondaviesSteveA: it seems the spec has quite a large part related to setting up the 3-legged auth i.e. where a consumer wants to access some resource, so it asks the user to grant it access, then it gets an access token to be able to access that resource15:14
SteveAin this kind of model, OAuth gives you a principal -- basically, the identification and authentication of a user15:14
SteveAand I'd think roles and permissions are more in the authorization part15:15
SteveAwhich is a bit more application-specific15:15
jasondaviesSteveA: but for our needs, we don't need the part with JavaScript frame-busting etc. as it's just a matter of Ubuntu's install scripts writing the oauth tokens to a file, is that right?15:15
jasondaviesso do you have some kind of library to generate the oauth token?15:16
SteveAthere are a bunch of libraries out there15:16
SteveAlinked from oauth.org15:17
SteveAyour original topic was, in the credentials file, what should an oauth token map to?15:17
SteveAif it maps to a couchdb user, that's a good start15:18
jasondavies(actually we need to map the token and the consumer key I think, from reading the spec)15:18
SteveAas it allows a token to represent using couchdb as that user15:18
SteveAit's a very simple user of couchdb, in that case15:19
jasondaviesthat's mainly what I needed to know, and I just wanted to double-check it was easy for you to generate the token etc. and write it to the file15:19
SteveAas it doesn't allow for saying "this oauth token represents Jason logging in with his _reader role"15:19
jasondavieswe could add support for realms in the future15:19
jasondaviesI think this is how Google does it15:20
SteveAwhat's a realm, in this context?15:20
jasondaviesI think it's basically a set of resources15:20
jasondaviesso you can say, Jason approves Steve's app to access his Google calendar15:20
jasondaviesbut not his Gmail contacts or anything else15:20
SteveAso, for a more complete representation of couchdb authentication, perhaps the credentials file should say:15:20
jasondaviesGoogle actually just use the URL prefix I think as a realm15:20
SteveA  token -> (user, role)15:21
SteveAso, realm is more like the context15:21
SteveAas in, which documents it applies to15:21
jasondaviesnice, thanks for your help15:21
SteveAso, yeah, I guess the most complete is15:22
SteveA token -> (user, role, realm)15:22
SteveAand that allows you to say "this token represents accessing couch as Jan in his _reader role for /recipe/* documents"15:22
SteveAnow, that's way more than we need for ubuntuone15:22
SteveAfor ubuntuone, simply token->user is fine15:23
jasondaviesdepending on how we develop things, we might not ever need realm, as we might say that the custom role "recipes" would act as a _reader role for /recipe/* documents15:23
SteveAbut, it's good to have the complete design / model in mind, of course15:23
SteveAdifferent ways to cut it up15:23
jasondavieswell, nearly there with this so hope to push the code and tests to github by tonight15:23
SteveAthat's one reason to try and codify things into a model15:23
jasondaviesyeah, so you make the important design decisions early before it's too late!15:24
SteveAthat has some kind of simple base level (like principal->permission)15:24
SteveAand builds on that in higher levels15:24
SteveAbut I don't know enough about the couchdb auth plans to offer an opinion15:24
jasondaviesapparently getting reader lists to actually work is a bit tricky15:25
jasondaviesas it involves digging deep into the internals for views etc.15:25
SteveAjasondavies: http://svn.zope.org/commoncriteria/trunk/system-overview.txt?rev=81608&view=auto15:25
SteveAthis is a document I wrote with Jim Fulton of Zope3 years ago15:25
SteveAit explains our thinking at the time about how a security system can be modeled15:25
jan____are the GCDS video online yet?15:29
SteveAI don't know15:29
SteveAmy talk wasn't recorded15:29
SteveAit went very well, though.  I kept the notes, so I'll write it up for the slides15:30
SteveAjan____: what should I do with the talk?15:30
jan____SteveA: put it on http://wiki.apache.org/couchdb/Presentations?15:32
jan____also blog'n stuff15:33
jan____also posting to the ML's cant hurt15:33
SteveAnice how it's still a valid URL for that page with the question mark on the end :-)15:34
=== jblount_ is now known as jblount
joshuahooveranyone seen the errors in this oauth-login.log where the add computer page doesn't open in firefox? http://launchpadlibrarian.net/28675925/oauth-login.log16:47
dobeyjoshuahoover: what bug is that from?16:49
joshuahooverdobey: bug #39537616:49
dobeyjoshuahoover: the problem in that bug is that ubuntuone-client is missing, presumably because they installed when we had a broken dependency, and haven't updated16:49
ubottuLaunchpad bug 395376 in configglue "Firefox does not open to "add this computer"" [Undecided,New] https://launchpad.net/bugs/39537616:49
dobeyoh, weird16:49
dobeywhy did that get filed there16:50
joshuahooverno idea16:50
joshuahooverdobey: so just doing an update should fix the problem or are there additional steps?16:50
dobeyan update should pull in ubuntuone-client also16:52
dobeyand he has probably done so already anyway16:52
joshuahooverok, thanks for the help!16:53
dobeyanyway, i moved the bug and commented on it, and set it to fix released16:53
dobeybbiab, must get food :)16:56
joshuahooverurbanape: can bugs #396184 #396183 & #396212 be tagged with a story from the product backlog?17:01
ubottuLaunchpad bug 396184 in bindwood "Make XPI" [Undecided,New] https://launchpad.net/bugs/39618417:01
urbanapethe first has already been merged. I'll update it. I'll tag the other two.17:02
joshuahooverurbanape: cool...thanks!17:03
urbanapehmmm, where do I find these stories?17:08
joshuahooverurbanape: good question! it's in the google docs "who's working on what" spreadsheet...i think you have access...if not & i'll resend the invite17:13
urbanapegot it17:14
urbanapewas way back in my inbox17:15
joshuahooverChipaca: do you know when/why users will get .conflict files? i've never had the problem but i'm looking at bug #396620 where two users are seeing .conflict files doing simple copy/paste and saving files from Firefox17:17
ubottuLaunchpad bug 396620 in ubuntuone-client "Adding a folder keeps resulting in .conflict" [Undecided,New] https://launchpad.net/bugs/39662017:17
Chipacajoshuahoover: yes17:17
Chipacajoshuahoover: I've been working on fixing that for what now seems like ages17:18
Chipacaeons, even17:18
joshuahooverChipaca: ahhh... :)17:18
Chipacajoshuahoover: do you want to know? :)17:18
joshuahooverChipaca: sure...learning helps me better help people out :)17:18
Chipacajoshuahoover: when you (usually an application; vim is particuarly good at it) create a file, unlink it or move it, and create it again, in quick succession, fast enough so that the unlink is still waiting for the first create to finish, the second create gets run out of order and creates a conflict17:20
Chipacajoshuahoover: if you edit a file with vim, you'll almost always end up with a .swp.conflcit file17:20
joshuahooverChipaca: got it...and this is something you've been working on fixing for some time now?17:21
Chipacajoshuahoover: yes17:22
Chipacajoshuahoover: finally reaching completion :)17:22
joshuahooverChipaca: great! is there a bug i can link this one too?17:22
joshuahooverChipaca: i'd like to let the users know it's being addressed and link it to a bug that you're working against if you have one17:22
Chipacayes, give me a second17:23
ChipacaI think there are several, in fact, all subtly different but due to the same issue17:23
Chipacaso not duplciates per se, but17:23
joshuahooverChipaca: i see bug #374887 which seems to be related17:28
ubottuLaunchpad bug 374887 in ubuntuone-client "syncadaemon generates too many conflicts" [Critical,Triaged] https://launchpad.net/bugs/37488717:28
Chipacajoshuahoover: 374887, 387956, 388268, 388270, 39675517:28
Chipacajoshuahoover: I've got to go over the logs with a fine comb to make sure they're the same, but chances are they are17:29
joshuahooverok...i'm going to link to 374887 since it looks like that is assigned to the w13 milestone...i'll let the users know that we're aware of the problem and working on it currently17:30
Chipacajoshuahoover: thanks17:31
joshuahooveranyone ever get in an endless login loop with launchpad.net login from ubuntuone.com? i see it off and on...not sure what i'm doing to recreate it...hmmm17:54
joshuahoovernevermind, think i found out how i did it...i clicked on the "Request an invitation" on ubuntone.com to try to reproduce a problem a user reported...that seems to put me in the endless login loop18:00
statikjoshuahoover, that openid login loop has been plaguing us and people on the launchpad team for over a year. we can't seem to get a handle on what is causing it, or how to reliably reproduce it18:32
statikbut it definitely keeps happening in the wild18:32
teknicostatik, it happened to me consistently when trying to access mailing list archives18:48
teknicobut lately I managed to access one18:48
statikteknico, if you can capture a livehttp log of the request stream when it happens, that would be useful18:59
teknicostatik, sure, is livehttp a specific tool?18:59
statikteknico, livehttpheaders is a firefox extension i use to capture client side traffic sometimes19:06
teknicostatik, nice, I'll look it up19:11
joshuahooverstatik: ahhh...good to know19:19
der_kj_is there  way to actually mount a ubuntu one directory?21:15
der_kj_ah, ok, got it...21:16
=== yml_ is now known as yml
VolkswagnerAnyone try web access via Symbian S60 device?  After login browser crashes.23:01

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!