=== yml_ is now known as yml [01:43] * BUGabundo Ta na hora da Caminha, bamos la deitar.... \n bed time. cu tomorrow [02:07] Evening [02:07] hi [02:09] On the computers on your account page, how is one supposed to tell them apart? [03:42] Bug #399564 [03:42] Launchpad bug 399564 in ubuntuone-client "ubuntuone-client-applet crashed with ImportError in ()" [Undecided,New] https://launchpad.net/bugs/399564 [05:15] what do these tags mean: story-0079 and foundations+ ? [05:20] okay I found out the foundations+ but what about story-0079? === yofel_ is now known as yofel [12:53] Hola! [12:57] Hola. [13:42] hey, is somebody online or nearby who could answer questions on oauth that would normally go to aquarius? [13:48] i cant find where i subscribe to ubuntuone bugs. it seems im not subscribed to ubuntuone-client bugs yet im getting all ubuntuone bugs. [13:48] anyone give me an idea where i did this at? [13:54] im guessing its a broad subscription just cant seem to find it [14:26] gnomefreak: http://bugs.launchpad.net/ubuntuone should get you that [14:27] jan____: what's the issue? [14:27] dobey: looking thanks [14:27] dobey: jasondavies might have a question [14:28] dobey: hi :) [14:29] hi jasondavies [14:29] dobey: that doesnt give me the option to subscribe or unsubscribe. the overview page says im not subscribed but im getting a massive amount of bugs [14:30] dobey: I'm working on OAuth for CouchDB, just wondering what the file containing OAuth tokens should look like [14:30] dobey: SteveA tells me a file would be best so that tokens can be added when applications are installed [14:31] oh. i don't know the answer to that one [14:31] ok, no problem [14:31] in ubuntuone-client we store the oauth access token in gnome-keyring, though you probably don't want that [14:32] ok [14:33] well, I'm thinking of starting with a simple mapping from oauth access token to CouchDB username [14:33] so that any client accessing with a given token will be given the roles of that user [14:33] though there is some work to specify and get a cross-desktop keyring on freedesktop.org, which might be suitable once the implementation is ready to use [14:34] the cross-desktop keyring is for client apps? [14:36] dobey: I think that is out of scope for now [14:37] jasondavies: yeah [14:37] jan____: probably, yeah [14:37] jan____: but worth mentioning, i think [14:37] totally :) [14:42] gnomefreak: lots of bugs for which projects exactly? [14:44] gnomefreak: i see you're subscribed to ubuntuone-storage-protocol bugs, but it only has 3 open... [14:45] dobey: im not sure what bugs. it was a blanket subscribtion from what i can tell. i am getting all ubuntuone bugs by the looks of it [14:46] well all the public bugs i guess, yeah... i see you are subscribed to ubuntuone-client as well now [14:48] file system was modified reboot linux [14:48] hooray linux spam [14:48] hi [14:48] hi jan____, jasondavies, dobey [14:48] hi gnomefreak, if you look at the mail headers of the bug mail i think there will be one that tells you what subscription caused you to get the mail sent [14:49] gnomefreak: i think you'll have to unsubscribe from each project's bugs individually [14:49] dobey: maybe its a LP bug than because it only shows subscribe [14:49] hi steve [14:49] hi SteveA [14:49] are there any things about OAuth I can help with? [14:49] gnomefreak: that could be too [14:50] SteveA: yeah, just wondering how the file containing OAuth tokens should look like, would it suffice to have a simple mapping of oauth tokens to usernames? [14:50] what does a username mean for couchdb? [14:50] SteveA: and then any consumer using that token will have the roles of that user [14:51] SteveA: well, this is still under development, but a username would just be an identifier pointing to a document in the uesr database that contains the roles of that user [14:51] statik: it shows Subscriber (Ubuntu One) but going to unsubscribe only asks me to subscribe [14:51] SteveA: we might use UUIDs instead of usernames [14:51] and the roles are primitives for access control? [14:52] a common way to think of an oauth token is that it's like a capability [14:52] SteveA: roles are essentially like groups, so there will be some built-in roles like _reader, _owner, _writer that do specific things [14:52] statik: dobey i think i found it still wondering why it didnt show up the last few times i was there [14:53] (it's not as useful or complete as a real capability, but it's a bit like one) [14:53] SteveA: right [14:53] gnomefreak: so maybe you are part of a team that has gotten subscribed? yesterday i noticed i started getting a whole bunch of extra mail from launchpad on the PQM robot mail account, so something has changed somewhere. not sure whether it's a launchpad bug or a team subscription that gone wrong? i'll look at some of my mails in just a few minutes and see if i can find any clues about what is causing it to get sent [14:53] SteveA: an OAuth token is basically something that lets a consumer do a particular thing that a user has approved for them to do [14:54] SteveA: the most common one might be to delegate a user's permissions to the consumer [14:54] right. thinking more broadly than the use-cases that are important for ubuntu one, I can imagine saying "this token allows read access to this document" [14:54] SteveA: yep, in CouchDB we plan on having "reader lists" that give us per-document ACLs [14:55] but not any time soon :) [14:55] ok, and would that be a reader-list of roles or of users? [14:55] of roles [14:55] so basically a document might contain a role called "photo-reader" [14:55] and that role would only be set on photo documents [14:56] so if the role was given to an OAuth access token, then the consumer could only read photo documents (with that role) [14:56] so, in couchdb, we have permissions (read, write, delete, perhaps), roles (arbitrarily defined, to separate permissions from users), and users [14:56] yep [14:57] an ACL is a mapping of permissions to roles, for a particular context [14:57] yep [14:57] and, to say "I want Jan to be able to read Document_Foo", I'd need to make a unique role for Jan [14:57] the "Jan identity" role [14:57] so I can make an ACL that says he can read that document [14:58] yeah, I think that's probably the way we'd go to make it that fine-grained [14:59] the model we ended up with for Zope 3 is a layered model [14:59] at the most basic level, there's permissions and principles [14:59] and mappings from permissions to principals [14:59] (sorry, mistyped as principles earlier there...) [14:59] then, things like groups and roles are built on top of the principals [14:59] :) [15:00] MEETING BEGINS [15:00] Hi, everyone who is here for the ubuntu one developer standup, please say 'me'. The format for this meeting is to paste 3 lines: TODO, DONE, and BLOCKED. Then say the person that should go next - we can try going in 'me' order. [15:00] me [15:00] me [15:00] me [15:00] me [15:00] me [15:00] me [15:00] jasondavies: let's continue after the U1 stand-up [15:01] teknico, rodrigo_? [15:01] SteveA: okie dokie [15:01] DONE: xpi building branch for zac/bindwood. prototype branch for mobile web UI. code reviews for neat CouchWidget branch from rickspencer3. several 1:1 phone calls and weekly planning meeting. [15:01] TODO: Publish desktop-contacts python module. Make an ubuntu package for lp:bindwood. Work with Rodrigo on Tomboy sync. [15:01] BLCK: None. Next: urbanape [15:01] me [15:01] DONE: Got errors out of the new files UI - so re-encapsulation is working, still tackling it. [15:01] TODO: Expect to be back on solid ground this afternoon. [15:01] BLOCK: None [15:01] CardinalFang: The comfy chair! [15:01] DONE: Added LAZR config and worked around eventlet weirdness [15:01] TODO: Finish getting Spawning working. [15:01] BLOCKED: Nope. [15:02] dobey, dobey, dobey, dobey. [15:02] DONE: Fixed quick desktopcouch bug, Fixed clientdefs build/install issue, Default to computer name for new oauth token requests, Quick fixes to proposed Tarmac branches, Helped a user with UnknownLoginError to get better debug info, poked design team about UI changes for Ubuntu One for karmic [15:02] TODO: Finish setup.py removal, UL/DL status notifications, syncdaemon start-up error reporting, Fix UnknownLoginError silliness [15:02] BLCK: None. [15:02] jblount: your roll [15:02] DONE: Got payment funnel sorted [15:02] TODO: Download in new files ui [15:02] BLOCKED: Nope [15:02] vds: rocknroll [15:02] DONE: worked on funambol ds config NOT nearly done as I reported yesterday due to some funambol crap config stuff, need to swap from unix domani socket to tcp socket before I propose it, and it's not just that, I think I have an idea of what to do, is just taking longer than expected [15:02] TODO: finish this branch [15:02] BLOCKED: no [15:02] rodrigo_ [15:02] go! [15:02] DONE: submitted evo-couchdb packages and deps to beta PPA. Fought with 'make start' not working. Filed missing bugs for w13-karmic-alpha3 milestone [15:03] me [15:03] teknico, just in time! you are next [15:03] TODO: make 'make start' work and keep testing and fixing tomboy syncing. Submit tomboy 0.15.3 fixed package for jaunty (karmic in already) [15:03] BLOCKED: make start [15:03] oops, lag; sorry [15:03] teknico: go [15:04] DONE: reviews for ubuntuone and ubuntuone-client branches [15:04] TODO: more reviews, fixing the contacts web UI tests, landing the createCouchContacts.py script refactoring branch [15:04] BLOCKED: on the new couchdb version problem [15:04] NEXT: noone [15:05] MEETING ENDS [15:05] thanks everyone! [15:05] rodrigo_, i can help with make start [15:05] do you have any errors in tmp/ in logs that look related to rabbit? [15:05] statik: .ERROR: RabbitMQ server did not start in time [15:06] let me see the logs [15:06] vds, which socket needs to change from unix to tcp, the postgres one? [15:06] statik: yes [15:06] Dropbox news: They're expunging undo history after 30 days. [15:06] ...unless you pay. [15:06] CardinalFang: was it undo hsitory for forever before? [15:07] I do not know, jblount. I think it was, until cleared manually. It ate your available space. [15:07] statik: is it a problem? [15:08] jasondavies: hi [15:09] SteveA: hi [15:09] jasondavies: so... many parts of the authorization and authentication systems can work using just parts of roles/permissions/users/principals/tokens [15:09] SteveA: so in Zope 3 a role is a principal? [15:09] no [15:10] ok [15:10] well, last I worked on it (quite a while ago), a principal maps to roles [15:11] a useful separation of concepts is authorization and authentication and identification [15:11] so, identification is "who is making this request?" [15:11] right [15:11] so in CouchDB we have something called user_ctx [15:11] authentication is "who is this, and how do I trust who this is?" [15:11] which has a "name" and a list of roles [15:11] the name bit refers to who the user is [15:11] and authorization is "what is the person with this identity allowed to do in this context?" [15:12] the roles helps work out the authorization part (this is handled either by reader lists or by update validation) [15:12] so, in zope3 one can say things like "here is a principal that represents accessing using this token over https" [15:13] SteveA: dobey thanks that seemed to work [15:13] statik: even [15:13] SteveA: ok, so back to OAuth [15:13] jasondavies: so, back to OAuth :-) [15:14] SteveA: it seems the spec has quite a large part related to setting up the 3-legged auth i.e. where a consumer wants to access some resource, so it asks the user to grant it access, then it gets an access token to be able to access that resource [15:14] in this kind of model, OAuth gives you a principal -- basically, the identification and authentication of a user [15:15] and I'd think roles and permissions are more in the authorization part [15:15] which is a bit more application-specific [15:15] SteveA: but for our needs, we don't need the part with JavaScript frame-busting etc. as it's just a matter of Ubuntu's install scripts writing the oauth tokens to a file, is that right? [15:15] right [15:16] so do you have some kind of library to generate the oauth token? [15:16] there are a bunch of libraries out there [15:17] cool [15:17] linked from oauth.org [15:17] your original topic was, in the credentials file, what should an oauth token map to? [15:17] yes [15:18] if it maps to a couchdb user, that's a good start [15:18] (actually we need to map the token and the consumer key I think, from reading the spec) [15:18] as it allows a token to represent using couchdb as that user [15:18] ok [15:18] great [15:19] it's a very simple user of couchdb, in that case [15:19] that's mainly what I needed to know, and I just wanted to double-check it was easy for you to generate the token etc. and write it to the file [15:19] yeah [15:19] as it doesn't allow for saying "this oauth token represents Jason logging in with his _reader role" [15:19] we could add support for realms in the future [15:20] I think this is how Google does it [15:20] what's a realm, in this context? [15:20] I think it's basically a set of resources [15:20] so you can say, Jason approves Steve's app to access his Google calendar [15:20] but not his Gmail contacts or anything else [15:20] so, for a more complete representation of couchdb authentication, perhaps the credentials file should say: [15:20] Google actually just use the URL prefix I think as a realm [15:21] token -> (user, role) [15:21] yep [15:21] so, realm is more like the context [15:21] as in, which documents it applies to [15:21] gotcha [15:21] nice, thanks for your help [15:22] so, yeah, I guess the most complete is [15:22] token -> (user, role, realm) [15:22] yeah [15:22] and that allows you to say "this token represents accessing couch as Jan in his _reader role for /recipe/* documents" [15:22] right [15:22] now, that's way more than we need for ubuntuone [15:23] for ubuntuone, simply token->user is fine [15:23] depending on how we develop things, we might not ever need realm, as we might say that the custom role "recipes" would act as a _reader role for /recipe/* documents [15:23] but, it's good to have the complete design / model in mind, of course [15:23] right [15:23] sure [15:23] different ways to cut it up [15:23] well, nearly there with this so hope to push the code and tests to github by tonight [15:23] that's one reason to try and codify things into a model [15:24] yeah, so you make the important design decisions early before it's too late! [15:24] that has some kind of simple base level (like principal->permission) [15:24] and builds on that in higher levels [15:24] but I don't know enough about the couchdb auth plans to offer an opinion [15:25] apparently getting reader lists to actually work is a bit tricky [15:25] as it involves digging deep into the internals for views etc. [15:25] jasondavies: http://svn.zope.org/commoncriteria/trunk/system-overview.txt?rev=81608&view=auto [15:25] this is a document I wrote with Jim Fulton of Zope3 years ago [15:25] thanks [15:25] it explains our thinking at the time about how a security system can be modeled [15:29] are the GCDS video online yet? [15:29] I don't know [15:29] my talk wasn't recorded [15:30] it went very well, though. I kept the notes, so I'll write it up for the slides [15:30] jan____: what should I do with the talk? [15:32] SteveA: put it on http://wiki.apache.org/couchdb/Presentations? [15:33] also blog'n stuff [15:33] also posting to the ML's cant hurt [15:34] nice how it's still a valid URL for that page with the question mark on the end :-) === jblount_ is now known as jblount [16:47] anyone seen the errors in this oauth-login.log where the add computer page doesn't open in firefox? http://launchpadlibrarian.net/28675925/oauth-login.log [16:49] joshuahoover: what bug is that from? [16:49] dobey: bug #395376 [16:49] joshuahoover: the problem in that bug is that ubuntuone-client is missing, presumably because they installed when we had a broken dependency, and haven't updated [16:49] Launchpad bug 395376 in configglue "Firefox does not open to "add this computer"" [Undecided,New] https://launchpad.net/bugs/395376 [16:49] oh, weird [16:50] why did that get filed there [16:50] no idea [16:50] dobey: so just doing an update should fix the problem or are there additional steps? [16:52] an update should pull in ubuntuone-client also [16:52] and he has probably done so already anyway [16:53] ok, thanks for the help! [16:53] anyway, i moved the bug and commented on it, and set it to fix released [16:56] bbiab, must get food :) [17:01] urbanape: can bugs #396184 #396183 & #396212 be tagged with a story from the product backlog? [17:01] Launchpad bug 396184 in bindwood "Make XPI" [Undecided,New] https://launchpad.net/bugs/396184 [17:02] the first has already been merged. I'll update it. I'll tag the other two. [17:03] urbanape: cool...thanks! [17:08] hmmm, where do I find these stories? [17:13] urbanape: good question! it's in the google docs "who's working on what" spreadsheet...i think you have access...if not & i'll resend the invite [17:14] got it [17:15] was way back in my inbox [17:17] Chipaca: do you know when/why users will get .conflict files? i've never had the problem but i'm looking at bug #396620 where two users are seeing .conflict files doing simple copy/paste and saving files from Firefox [17:17] Launchpad bug 396620 in ubuntuone-client "Adding a folder keeps resulting in .conflict" [Undecided,New] https://launchpad.net/bugs/396620 [17:17] joshuahoover: yes [17:18] joshuahoover: I've been working on fixing that for what now seems like ages [17:18] eons, even [17:18] Chipaca: ahhh... :) [17:18] joshuahoover: do you want to know? :) [17:18] Chipaca: sure...learning helps me better help people out :) [17:20] joshuahoover: when you (usually an application; vim is particuarly good at it) create a file, unlink it or move it, and create it again, in quick succession, fast enough so that the unlink is still waiting for the first create to finish, the second create gets run out of order and creates a conflict [17:20] joshuahoover: if you edit a file with vim, you'll almost always end up with a .swp.conflcit file [17:21] Chipaca: got it...and this is something you've been working on fixing for some time now? [17:22] joshuahoover: yes [17:22] joshuahoover: finally reaching completion :) [17:22] Chipaca: great! is there a bug i can link this one too? [17:22] Chipaca: i'd like to let the users know it's being addressed and link it to a bug that you're working against if you have one [17:23] yes, give me a second [17:23] I think there are several, in fact, all subtly different but due to the same issue [17:23] so not duplciates per se, but [17:28] Chipaca: i see bug #374887 which seems to be related [17:28] Launchpad bug 374887 in ubuntuone-client "syncadaemon generates too many conflicts" [Critical,Triaged] https://launchpad.net/bugs/374887 [17:28] joshuahoover: 374887, 387956, 388268, 388270, 396755 [17:29] joshuahoover: I've got to go over the logs with a fine comb to make sure they're the same, but chances are they are [17:30] ok...i'm going to link to 374887 since it looks like that is assigned to the w13 milestone...i'll let the users know that we're aware of the problem and working on it currently [17:31] joshuahoover: thanks [17:54] anyone ever get in an endless login loop with launchpad.net login from ubuntuone.com? i see it off and on...not sure what i'm doing to recreate it...hmmm [18:00] nevermind, think i found out how i did it...i clicked on the "Request an invitation" on ubuntone.com to try to reproduce a problem a user reported...that seems to put me in the endless login loop [18:32] joshuahoover, that openid login loop has been plaguing us and people on the launchpad team for over a year. we can't seem to get a handle on what is causing it, or how to reliably reproduce it [18:32] but it definitely keeps happening in the wild [18:48] statik, it happened to me consistently when trying to access mailing list archives [18:48] but lately I managed to access one [18:59] teknico, if you can capture a livehttp log of the request stream when it happens, that would be useful [18:59] statik, sure, is livehttp a specific tool? [19:06] teknico, livehttpheaders is a firefox extension i use to capture client side traffic sometimes [19:11] statik, nice, I'll look it up [19:19] statik: ahhh...good to know [21:14] hi [21:15] is there way to actually mount a ubuntu one directory? [21:16] ah, ok, got it... === yml_ is now known as yml [22:51] Hello [23:01] Anyone try web access via Symbian S60 device? After login browser crashes.