[opensuse-buildservice] OBS Webclient Redesing

Hi, as a few of you already noticed we work on a new OBS Webclient design. New design means roughly improved... ... workflow. ... usability. ... look &feel. We collect the results of our work at http://en.opensuse.org/Build_Service/WebClientIdeas . It's work in progress so there is still missing content. I would appreciate a good discussion during the design-process and many suggestions ;-) If you have functionality which is now missing in the Webclient please let me know. Some possible functionality is already listed unter http://en.opensuse.org/Build_Service/WebClientIdeas#Functionality . Also interesting would be some input about the things you mainly do with the Webclient or you would like to do. Best, Robert --- Robert Lihm, Webdesigner - Build Service Team SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg Tel: +49-911-74053-0 - rlihm@suse.de ____________________________________________________________ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) ____________________________________________________________ SUSE - a Novell business --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

Hi, On Thu, 24 Jul 2008 at 17:08, Robert Lihm wrote:
I would appreciate a good discussion during the design-process and many suggestions ;-)
I have two suggestions for improvement that should be easy to implement besides the general redesign: 1. Put the input fields for the login credentials directly on the front page, in place of the "Login" part of the current combind "Register | Login" link. Rationale: It is common among web services where most of the functionality is only accessible after login that they provide the input fields for the user name and password directly on the front page rather than requiring the user to click a link before he can enter his login data. Examples: Freemailers (e.g. http://www.gmx.net/) Web shops (e.g. http://www.pollin.de/) Web forums Counter examples would be Sourceforge and Bugzilla, but they don't require login for public read access. 2. Remove the "Search" link from the left side bar and add an input field either to the side bar or to the top menu below the "Watchlist | Home Project | Logout" links. Rationale: Web services which offer access to a huge amount of user-generated data tend to have an entry field for basic searching somewhere in the navigation area on every page. Only advanced searching is usually put on a separate page. Examples: Probably most news sites and web shops, Sourceforge, eBay, Google, Bugzilla, Amazon. cu Reinhard --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

Hi, my 3 cents: - I often click on 'trigger rebuild' thinking it's the refresh button: the icon design is a bit confusing. - I'd love to have a 'refresh' button on the 'monitor status' page. - Why should I re-authenticate on build.opensuse.org when I just did so at en.opensuse.org? thx. -Jb.G On Thu, 2008-07-24 at 18:02 +0200, Reinhard Max wrote:
Hi,
On Thu, 24 Jul 2008 at 17:08, Robert Lihm wrote:
I would appreciate a good discussion during the design-process and many suggestions ;-)
I have two suggestions for improvement that should be easy to implement besides the general redesign:
1. Put the input fields for the login credentials directly on the front page, in place of the "Login" part of the current combind "Register | Login" link.
Rationale: It is common among web services where most of the functionality is only accessible after login that they provide the input fields for the user name and password directly on the front page rather than requiring the user to click a link before he can enter his login data.
Examples: Freemailers (e.g. http://www.gmx.net/) Web shops (e.g. http://www.pollin.de/) Web forums
Counter examples would be Sourceforge and Bugzilla, but they don't require login for public read access.
2. Remove the "Search" link from the left side bar and add an input field either to the side bar or to the top menu below the "Watchlist | Home Project | Logout" links.
Rationale: Web services which offer access to a huge amount of user-generated data tend to have an entry field for basic searching somewhere in the navigation area on every page. Only advanced searching is usually put on a separate page.
Examples: Probably most news sites and web shops, Sourceforge, eBay, Google, Bugzilla, Amazon.
cu Reinhard --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

Am Donnerstag 24 Juli 2008 18:02:35 schrieb Reinhard Max:
Hi,
On Thu, 24 Jul 2008 at 17:08, Robert Lihm wrote:
I would appreciate a good discussion during the design-process and many suggestions ;-)
I have two suggestions for improvement that should be easy to implement besides the general redesign:
1. Put the input fields for the login credentials directly on the front page, in place of the "Login" part of the current combind "Register | Login" link.
For security reasons, the credentials are not handled by the same server. Actually, the server rendering build.o.o does never see the password. Therefore it would be not really easy/possible in secure way to implement this. bye adrian -- Adrian Schroeter SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) email: adrian@suse.de --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

On Fri, Jul 25, 2008 at 07:28:18AM +0200, Adrian Schröter wrote:
Am Donnerstag 24 Juli 2008 18:02:35 schrieb Reinhard Max:
I have two suggestions for improvement that should be easy to implement besides the general redesign:
1. Put the input fields for the login credentials directly on the front page, in place of the "Login" part of the current combind "Register | Login" link.
For security reasons, the credentials are not handled by the same server. Actually, the server rendering build.o.o does never see the password. Therefore it would be not really easy/possible in secure way to implement this.
I fail to see how this matters. The one that sends the password is always the client. If it gets the form from build.opensuse.org is irrelevant. Getting the form from there is as secure, as clicking on the tiny link in the top right corner is "securely" leading to the right login form on some ichain server. This is a big misunderstanding of "secure", if you ask me. Or what do I miss? :-) Peter -- Contact: admin@opensuse.org (a.k.a. ftpadmin@suse.com) #opensuse-mirrors on freenode.net Info: http://en.opensuse.org/Mirror_Infrastructure SUSE LINUX Products GmbH Research & Development

Peter Poeml schrieb:
On Fri, Jul 25, 2008 at 07:28:18AM +0200, Adrian Schröter wrote:
Am Donnerstag 24 Juli 2008 18:02:35 schrieb Reinhard Max:
I have two suggestions for improvement that should be easy to implement besides the general redesign:
1. Put the input fields for the login credentials directly on the front page, in place of the "Login" part of the current combind "Register | Login" link. For security reasons, the credentials are not handled by the same server. Actually, the server rendering build.o.o does never see the password. Therefore it would be not really easy/possible in secure way to implement this.
I fail to see how this matters. The one that sends the password is always the client. If it gets the form from build.opensuse.org is irrelevant. Getting the form from there is as secure, as clicking on the tiny link in the top right corner is "securely" leading to the right login form on some ichain server.
This is a big misunderstanding of "secure", if you ask me.
Or what do I miss? :-)
Neither build.opensuse.org nor api.opensuse.org ever get in touch with the password, it is handled by the ichain proxy. This means even if some evil person manages to infect the api/build source or the api/build server gets hacked, no passwords can be sniffed/retrieved. Andreas
Peter
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

On Fri, 25 Jul 2008, Andreas Bauer wrote:
This is a big misunderstanding of "secure", if you ask me.
Or what do I miss? :-)
Neither build.opensuse.org nor api.opensuse.org ever get in touch with the password, it is handled by the ichain proxy. This means even if some evil person manages to infect the api/build source or the api/build server gets hacked, no passwords can be sniffed/retrieved.
This assumes, that the user recognices, that the login-page is on an different system. I doubt that. I would recognice, because the automatic password entering of my system would not work, but I would not see this, when I type it by hand. Making an login/password form on obs and let it point to the same target as the current login points to would not change the security in a measurable degree. The servers involved would not see paswords as well. Only if webpages on the obs servers are hacked, the password fields could be used in a dangerous way and in this case a dangerous login redirector could do the same. Ciao -- http://www.dstoecker.eu/ (PGP key available) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

Dirk Stöcker schrieb:
On Fri, 25 Jul 2008, Andreas Bauer wrote:
This is a big misunderstanding of "secure", if you ask me.
Or what do I miss? :-)
Neither build.opensuse.org nor api.opensuse.org ever get in touch with the password, it is handled by the ichain proxy. This means even if some evil person manages to infect the api/build source or the api/build server gets hacked, no passwords can be sniffed/retrieved.
This assumes, that the user recognices, that the login-page is on an different system. I doubt that. I would recognice, because the automatic password entering of my system would not work, but I would not see this, when I type it by hand.
Making an login/password form on obs and let it point to the same target as the current login points to would not change the security in a measurable degree.
The servers involved would not see paswords as well. Only if webpages on the obs servers are hacked, the password fields could be used in a dangerous way and in this case a dangerous login redirector could do the same.
Hmm... you're right. Also, on every buildservice installation that don't use ichain the passwords are indeed handled by the buildservice, so at least for non-ichain auth the form should be available. For ichain auth however the form would break as soon as the ichain proxy changes the login form field names. I don't know if this will happen, fact is, we don't control it. And in case it happens, it probably does so at europe night time when no one is around to fix it on our side. There might also be cases where two buildservice instances run behind different versions of ichain proxies. The form works on one and not on the other. In any case, the form for ichain auth is a very fragile construct that I personally wouldn't like to maintain. For any other auth method, good idea. Andreas
Ciao
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

On Fri, Jul 25, 2008 at 01:35:37PM +0200, Andreas Bauer wrote:
Neither build.opensuse.org nor api.opensuse.org ever get in touch with the password, it is handled by the ichain proxy. This means even if some evil person manages to infect the api/build source or the api/build server gets hacked, no passwords can be sniffed/retrieved.
Exactly. And that doesn't depend on from where the client loads the form from. Neither does it matter. I find it also very inconvenient on the wiki that the link is far away (and actually named "Create or ..."), but of course the most annoying fact is that the extra request take AGES. Peter -- Contact: admin@opensuse.org (a.k.a. ftpadmin@suse.com) #opensuse-mirrors on freenode.net Info: http://en.opensuse.org/Mirror_Infrastructure SUSE LINUX Products GmbH Research & Development

Hello, on Freitag, 25. Juli 2008, Adrian Schröter wrote:
Am Donnerstag 24 Juli 2008 18:02:35 schrieb Reinhard Max:
1. Put the input fields for the login credentials directly on the front page, in place of the "Login" part of the current combind "Register | Login" link.
For security reasons, the credentials are not handled by the same server. Actually, the server rendering build.o.o does never see the password. Therefore it would be not really easy/possible in secure way to implement this.
There's always a way to do this. In this case, I can even offer two ways: - give the login form the correct target - I see no problems in sending form data to the auth server this way - embed the login form using an <iframe> Oh, and if everything else fails, there's still the option to deliver the whole start page directly from the login server... Regards, Christian Boltz --
Was haltet ihr von Lindows?? Tonne auf, Lindows rein, Lindows 'Erfinder' dazustopfen, Tonne zu, mit Stacheldraht umwickeln, in die Sonne schiessen. Problem gelöst.. [> Glenn Charpantier und Phillip Richdale in suse-linux]
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

Hello! We added a new topic to our Webclient-Idea-Collection-Page: "User and Task Analysis" (http://en.opensuse.org/Build_Service/WebClientIdeas#User_and_Task_Analysis ). We prepare a survey to get more information about Webclient usage, users, needs, hardware, etc. Please take a look on the result of our fist brain-storming and give us feedback if we missed something in your opinion. Thank you! Best, Robert --- Robert Lihm, Webdesigner - Build Service Team SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg Tel: +49-911-74053-0 - rlihm@suse.de ____________________________________________________________ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) ____________________________________________________________ SUSE - a Novell business --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

Hello, on Donnerstag, 24. Juli 2008, Robert Lihm wrote:
as a few of you already noticed we work on a new OBS Webclient design. ... Also interesting would be some input about the things you mainly do with the Webclient or you would like to do.
Some comments and ideas in random order: - the build status table is quite difficult to read when you build for many targets - it's too wide and the package names scroll away when you scroll to the right. Live example: https://build.opensuse.org/project/monitor?project=home%3Acboltz (notice and use the horicontal scrollbar at the bottom) Vertical scrolling is also problematic if you build lots of packages, live example on https://build.opensuse.org/project/monitor?project=server%3Aphp%3Aextensions Better solution: make the status columns narrower - shorten some texts if needed (for example "exp. error" instead of "expansion error") so that no horicontal scrolling is ever needed. Using colors or icons would allow even more visible columns. The perfect solution would be to make the targets and the package names non-scrolling. (Yes, I know it isn't that easy in HTML ;-) - I often check the server status page just to find out how many packages are in the build queue (to have a rough number about when I can expect my packages to be build). Having just these numbers (per arch or only in total) available as a dashboard[1] item would be useful - I'm not really interested in the list of currently running build jobs. - deleting already built RPMs should be possible with the webclient. I sometimes need to do this when the buildservice was too fast ;-) and compiled packages before I could disable the build on some targets I don't want to compile that package. Having a trashbin icon on the package page (in the section that shows the RPMs) would be useful. - the "link package" page [2] is hard to use because I have to type project and package name in the original project. Having a search (or list) available would be very helpful. Maybe the page needs to be splitted to multiple steps to make this possible: 1. choose the project (https://build.opensuse.org/project/list_public might be a good base, including the filter input field) 2. display the list of packages in that project, again with a filter field (will be very helpful if someone links a package in factory ;-) 2a (can be on the same page) input field for package name in the target project - what about providing some quick jump targets in the build log? When I check the log of a finished or failed build, I usually jump to one of these positions: - start of the "real" build (when the build system is set up) - first error - rpmlint report - end of the build log Having a set of <a href='#something'> links at the start of the build log would make scrolling easier ;-) - do _not_ show the "start refresh" and "start autoscroll" links in build logs of finished builds (they are useless in this case). Instead, replace them with "build has finished/failed/..." That's it for now - I hope you find some of my ideas useful ;-) Regards, Christian Boltz [1] the dashboard sounds like a very useful idea :-) [2] https://build.opensuse.org/package/new_link?project=whatever -- There are no bugs expected after Beta3, that's why it is called RC. [Jan Engelhardt] --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org

On Friday 25 July 2008, Christian Boltz wrote:
- what about providing some quick jump targets in the build log?
The build log should even be split up according to your suggestions. For a lot of packages, retrieving the whole build log takes an awful lot of time (kde4- l10n buildlog is 17.2MB (!)) and almost always the error is very near the end of the file (tail -n 1000). To be able to read the last 5 interesting lines of the build log (in case of a failure) I have to wait 3 minutes until the bits trickled over my DSL line. Greetings, Dirk --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (9)
-
Adrian Schröter
-
Andreas Bauer
-
Christian Boltz
-
Dirk Mueller
-
Dirk Stöcker
-
Jean-Baptiste Giraudeau
-
Peter Poeml
-
Reinhard Max
-
Robert Lihm