A quick note from the Unhosted Basement

[Michiel de Jong]

Hi all,

In an attempt to be an open project, I'll tell you a bit about what's going on here on our side. Today, Javier (edokoa at unhosted dot org), Kenny (kenny at unhosted dot org) and I have moved into a basement in Kreuzberg (a popular zone for artists and hackers in Berlin). We will probably move somewhere else soon, but at least we have a nice place to live and work until the end of this month.

We plan to start accepting donations in April.

Apart from finding our way around Berlin, this week, we've made the following progress:

- Javier is finishing a motion graphic that explains why LibreOffice should use unhosted for document sharing and cooperation. I've seen parts of it and it's becoming a very funny video. You'll see it when it's finished! :)

- Kenny is working on a node.js program that can stream music and videos from your hard disk. This is part of what we call the "YouTube killer", and will allow artists to share their work on the web without using commercial web software like YouTube.

- With help of several people here on the list, and on IRC, I found out how an unhosted storage node can be accessed with OAuth2. I think I have this working now, which is great because I think it makes a lot more sense than the password-passing and PopShake we had been looking at so far.

- This afternoon, I found out how to configure apache to do DAV+CORS. Combined with OAuth2, this gives us pretty much everything we had in the KeyValue service (only migration has to be out-of-band still, but we'll see what we can do about that). I'll publish an installation script that sets up OAuth2+CORS+WebFinger+DAV on a debian server.

- I'm preparing a tutorial and an example unhosted web app (the tutorial explains the example app). I will publish the tutorial next week, and also set it up live so people can visit the app, use it, view the source code, open their firebug, etcetera. Hopefully, that will help web devs decide that now they can start developing their own unhosted web apps.

Cheers!

Michiel

[Peter Svensson]

Wow, you guys have really landed running!  Really looking forward to the tutorials and example app. And to be able to donate :)

Cheers,
PS

--

Groovy, Erlang, Clojure and more; http://swdc-central.com/dyncon2011/

Don't miss the Stockholm conference on dynamic languages 12-13/3

--
http://se.linkedin.com/in/petersvensson
--
http://twitter.com/psvensson

[Mario Scheliga]

Hi Michiel,

this is mario. How did you realize the OAuth2-Provider thing. I've
just a raw implementation
of a OAuth 2 Provider for node. (its not on git yet) - may you could
find this helpful?

how do you did it?

cheers
mario

ps.: is there a unhosted meet 'n greet plan the next couple of weeks?

[Charles-H. Schulz]

Hi,

What a great progress! I'm looking forward to the video and more :-)

Best,
Charles.

2011/3/20 Mario Scheliga <ma...@sourcegarden.de>

[Michiel de Jong]

Thanks Peter and Charles for the encouragements!!

Mario, for OAuth2 I used the example that Pierre pointed me to:

http://code.google.com/apis/accounts/docs/OAuth2.html#CS

On the provider side I just used a login screen of 5 lines of php, that has 1 user hardcoded. If you get the password right, it will redirect back to the app, with a token in the query string. The token will be the password set in the .htaccess file of the DAV server. In subsequent versions, the .htaccess file should point to something else (LDAP, or SQL or something), so we can give out session tokens without having to write the .htaccess file, and can support more than one user.

It would be good to see your node implementation though, are you planning on pushing it to a git repo? If so, please let me know the link.


Cheers!
Michiel

[Mario Scheliga]

Hi Michiel,

yes definitly i plan to. but its not capsulated enough, it depends on riak-js (riak) and some application specific thinks. 

i just implement the rfc-draft, but there is still a lot to do. basically it works the same. my module do this:

the user must be redirected to the authorization-server (oauth2-provider),

after entering username-password, he gets a authorization-screen (like the facebook one),

with confirming that an auth-code is generated and returned to the application. then the application

can call the auth-server again with that auth-code and get the access_code.

the access-code has to be transmitted with every call to the "resource-owner application" i guess it would be the

DAV-Server in your case. Then the DAV-Server need to validate the Token against the "auth"-Server. So tokens

can be easily unvalidated :-)

i think the next couple of days i should tidy up that implementation and push it to git :-)

what do you think? may be some like Authorization Server would be nice, or?

cheers

mario

--

Sourcegarden GmbH
HR: B-104357 Steuernummer: 37/167/21214USt-ID DE814784953
Geschäftsführer: Mario Scheliga, Rene Otto
Bank: Deutsche Bank, BLZ: 10070024, KTO: 0810929
Adresse: Schönhauser Allee 55, 10437 Berlin

[Michiel de Jong]

Sounds great! Let me finish what i'm working on as well, and then we can compare what we both have. As for a Berlin meet-up, it would definitely be nice to organize something. Maybe in a few weeks time, we'll chat about it.

Cheers!

Michiel

[Pierre Ruyssen]

Hello all,

If needed, here is another implementation of OAuth2 (dratf 10), but currently only implementing the web server schema: https://github.com/af83/auth_server (see also https://github.com/AF83/oauth2_server_node).

Cheers,

Pierre

[Mario Scheliga]

Hi Pierre,

looks not bad, but i've just got to far... to step back ;-)

thnks.

mario

[Michiel de Jong]

Another week, another bit of progress:

- First unhosted web app now live! :) This is a big milestone for us, and we're quite pleased to have reached it yesterday. Our demo of the unhosted "CORS+WebFinger+OAuth2+DAV" architecture: http://www.myfavouritesandwich.org/ - to try it out, log in using chromium or chrome (doesn't work in firefox yet), as de...@demo.redlibre.org, password: demo. Or if you are the administrator of a domain name, you can set up your own unhosted storage node using the instructions I sent to this mailing list earlier today, and log in to myfavouritesandwich as yourself@yourowndomain.

- YouTube killer progress: Kenny nearly has his content-addressable media server ready. It will be called 'playbox' and is written in node.js with libtorrent and ffmpeg. It will form the basis fo the unhosted youtube alternative that we will start designing soon.

- GoogleDocs killer progress: We published our vision on how LibreOffice could benefit from Unhosted (http://vimeo.com/21387223), basically moving the browser into LibreOffice instead of moving LibreOffice into the browser. We also talked to the UNG project about the possibility of collaboration. As a third possibility we're also still thinking about creating our own simple text editing application, possibly based on AbiWord's xmpp-based document sharing. 

Cheers!

Michiel

[Charles-H. Schulz]

Hello Michiel,

Good to see things are moving forward. As for TDF we're awaiting your
code now and are eager to see what it will be able to do. It could be
one major improvement for everyone in the future.

Best,

Charles.

Le Sat, 26 Mar 2011 23:52:37 +0100,
Michiel de Jong <mic...@unhosted.org> a écrit :

> Another week, another bit of progress:
>

> *- First unhosted web app now live! :) *This is a big milestone for

> us, and we're quite pleased to have reached it yesterday. Our demo of
> the unhosted "CORS+WebFinger+OAuth2+DAV" architecture:
> http://www.myfavouritesandwich.org/ - to try it out, log in using
> chromium or chrome (doesn't work in firefox yet), as
> de...@demo.redlibre.org, password: demo. Or if you are the
> administrator of a domain name, you can set up your own unhosted
> storage node using the instructions I sent to this mailing list
> earlier today, and log in to myfavouritesandwich as
> yourself@yourowndomain.
>

> *- YouTube killer progress: *Kenny nearly has his content-addressable

> media server ready. It will be called 'playbox' and is written in
> node.js with libtorrent and ffmpeg. It will form the basis fo the
> unhosted youtube alternative that we will start designing soon.
>

> *- GoogleDocs killer progress:* We published our vision on how

--
Charles-H. Schulz
Membre du Comité exécutif
The Document Foundation.