Revamping our internal systems

It sounds like what we want is to have, for example, separate “red users” and “red admins”.

“red users” can log in and use the machine. “red admins” can add hax0rs to “red users”, and perhaps perform other administrative tasks like take the machine offline in skedda, or modify other users’ bookings, or other miscellany as appropriate for the machine/area.

It’d be up to the board/ overall admin to add instructors or machine owners to the " admins" group. There should also be an administrative task to add a machine so haxors may be granted access to it.

As a hax0r, I’d like to be able to see my “transcript” - at least machines I’ve earned access too; nice-to-have some instruction metadata like class date, instructor. I’d also need the ability to find who “owns” (or instructs, or whatever) a machine I want to use or learn.

As a machine owner, I’d like to see who has access to my machine; nice-to-have some metrics on utilization, power users, took-class-but-never-logged-in, etc, etc.

As a board member (or education committee, or whatever) I might want to see how many instructors are teaching classes, how many students are taking them, how class attendance impacts badge-ins or member retention

As a facilities wonk I might want to see utilization of all the machines for utility budgeting or space planning or whatever.

As a prospective member, I might like to see a dashboard of machine uptime or utilization, or whatever. Something like the google maps average traffic histogram would be neat.

This is all stuff we could do manually on the website (and indeed, I’ve been updating on the wiki when I learn it) but having a single source of truth would be ideal. I’m coming to kind of like the idea of “BatPass” also being like a CV/resume for the space. Maybe we’ll award badges for participating in workdays, or donating to the space, or a dozen other things people might suggest. Maybe encourage people to tag photos of completed projects that we can share on ATXHS website or social media.

I’m getting ahead of the project, but thinking about long-term needs might help us make better short-term choices

I love the forward thinking @Jon and you’re totally right that keeping those longterm ideas fresh in the backs of our minds will help us in setting up a foundation now that can be built upon in that way in the future. There are some really wonderful community building pieces that you’re touching on here and I am all about having a single source of truth! That’s a motto I’ve been harping on a lot this past week actually

It’s a bit of a juggling act, as like you mentioned, nobody wants late-night maintenance calls due to their hobby hackerspace activity. At the same time though, with things like the door system, potential future machine auth systems, or sensor networks, having some things on-site is pretty much unavoidable.

Begin digression. This reminds me of working with the Debian Science Team. Someone there once said that the definition of a team is “waking up and realizing somebody else solved your problem from yesterday.” To me, that sounds like a recipe for a solution to the problem above. In other words, if you work in the open in a team-oriented way, your teammates are empowered to pick things up and help out. This can be difficult because in the short-term it can add more load to people already doing the heavy lifting. Addressing those sorts of cultural/structural problems is however way beyond the scope of this thread, but they are pretty clearly worth mentioning, so I will thus end digression.

Do Discourse and the wiki share an authentication mechanism right now?

I’ve been noodling in the past day or so what a ticketing system for the space might look like, and having to set up yet another set of user accounts with permissions would be such a high barrier to entry I doubt anyone would use it.

If discourse is its own thing, do we have the ability to slurp authorization data like group memberships into the new directory, or will we have to manually reconstruct the organization?

So far the wiki is a separate thing as well as the Discourse in its current form. A previous iteration of Discourse that @elrod was working on last fall which was internally hosted IIRC had Discourse authentication built into the LDAP. I’m thinking if we design this right and only make updates to membership status via the BatPass, then we should be able to keep Discourse groups and things like that up to date via API calls based on actions regardless of where authentication lies. A SSO type solution would be awesome, but I don’t want to bite off more than we can chew on this. Hopefully, we can add that in the future or if someone is well-versed in that and feels confident in their abilities to set that up now we can consider it.

In terms of a ticketing system, @wdnatx has experience setting up a free Freshdesk account for another organization and is checking that out for us now. For that, I believe end users would just email a set address to interact and not need any sort of account. On the admin side, board/committee members would have a login to view and respond to tickets in the Freshdesk system.

I’ve gotten side tracked with a few higher priority items the past several weeks, but I should be able to get back to this and have a repo with general tasks setup by this coming weekend. @elrod @kkremitzki @Jon @KrisCedron @mrflip - what do your weekend availabilities look like for July/August? I like the idea of trying to tackle this as a two day hackathon separated by about a week (i.e. long day Saturday weekend 1 and again the following weekend). I think a schedule like that would give us the ability to knock most of it out, then have some review time before finishing/ironing out any problem areas.

Maybe I’m playing everything-looks-like-nail here, but I’d think it’d be easier to set up and maintain a directory and have multiple apps authenticate against it (to be clear - I definitely consider single sign-on to be out of scope) than to implement an automation octopus that keeps different credential stores in sync.

That’s assuming all our apps support LDAP authentication… which on cursory investigation seems like not a sure bet. Looks like “SAML” is what we should be looking at for that? My knowledge of authentication systems lags state of the art by like 10 years at this point so maybe I should just shut up

Is BatPass going to sync passwords, or will users still have independent credentials in each system? What’s our helpdesk overhead on password resets like these days?

Currently, we don’t really do any password resets – they all happen through the related software. I believe @elrod’s original iteration of this was designed to be the kind of authentication hub you’re describing @Jon. That certainly sounds ideal, but I wouldn’t want to create something that wasn’t able to do automatic password resets (i.e. I don’t want to create work for anyone on having to do password resets).

I finally scrapped together some time to set up a repo and start throwing some stuff in it. You can check it out here. I started a kanban in the repo on some pre-hackathon tasks we should address in the Projects tab in GitHub. There’s a lot more that needs to be added, but thought I’d go ahead and share so people can add if they’d like.

@Jon @elrod @mrflip @kkremitzki @KrisCedron – what do your weekend availabilities look like for July/August? I like the idea of trying to tackle this as a two-day hackathon separated by about a week (i.e. long day Saturday weekend 1 and again the following weekend). I think a schedule like that would give us the ability to knock most of it out, then have some review time before finishing/ironing out any problem areas.

My availability for weekends coming up is sorta indeterminate, nothing strictly claiming them but yet not necessarily available. However I did recently get some work on my livestreaming setup done, and one of the things I was wanting to stream was a bit of a pre-work session on this topic, so I may be able to contribute that way.

Cool @kkremitzki that sounds interesting!

How are things looking for everyone else? @elrod @Jon @KrisCedron @mrflip

I apologize for not sending the message sooner, i seem to struggle clicking the reply button.

That being said I should be available all day on weekends for whats left of this month and the entirety of next.
I would also like to add that I do think the idea of developing this as a hackathon. However, I feel like that may lead to issues further down the road if the priority is put on knocking out code rather than writing a clean and manageable system.

Just my 2¢.
-K

I don’t have anything in particular scheduled for weekends until October.

No worries and thanks @KrisCedron. If we do this, I agree we definitely need to make sure we do it cleanly.

@elrod is our LDAP expert and has a good bit already created, so will want to make sure we find a time that works well for him.

We did also find a SaaS CRM platform (Neon) that may help with some of our needs in the interim to at least improve where we’re at. I haven’t looked through their API yet to see if we could link everything the way we’re envisioning with the BatPass, but they do offer a lot of solutions for the problems we’re trying to address.

Hello everyone, I recently became a member, and this work was mentioned as something I might be interested in. I am a professional software engineer, these days I generally get paid to to write React/JS fronted with Java back end, and I know enough python that I could be of assistance. I also have some sysadmin in my history, but that was AD/OpenLDAP. I would be available for a hackathon and hope I can help out!