Published using Google Docs
RFA November-December 2012 Report
Updated automatically every 5 minutes

GlobaLeaks Reports

Radio Free Asia Project

November-December 2012

Alpha Release

Goal

Reporting

Alpha Release Summary

GLBackend

GLClient and GLBackend integration

Goal

This document provides a monthly report, updated weekly, detailing deliverables following Radio Free Asia Freedom 2 Connect grant agreed to Associazione Hermes for the development of part of GlobaLeaks Project Plan defined in a defined SOW.

Reporting

The reporting log will contain deliverables and activities conducted within the project goals.

Reporting will be done weekly in a lightwave form and at end of month including time-tracking reporting details.

In particular it will consider the following main activities:

Any activities defined should have an specific output, indicated in the report.

The report indicate aggregated project deliverables and single consultants activities.

Alpha Release Summary

We spent the months of November and December in consolidating the architecture of GLBackend and GLClient and implementing: the basic submission workflow, the administration interface for configuring the submission and the elements for visualizing the submission by the receiver and whistleblower, the email notification.

Strong focus was placed on making sure that the architecture and design of GLBackend and GLClient components are sufficiently modular to be expanded.

Both components are implemented following the design patterns of the frameworks that they use.

We produced a threat analysis of the different GlobaLeaks actors and their usage scenarios available on https://docs.google.com/document/d/1niYFyEar1FUmStC03OidYAIfVJf18ErUFwSWCmWBhcA/edit

We are still missing several features that will be implemented during the beta such as:

To see progress integrated interfaces development in realtime (it may be broken):

We started setting up our cross-platform (APAF based) build system over an Istambul server kindly provided by the LEAP team, with 3 of 12 different virtual machines (Windows, Linux, OSX under VirtualBox) already deployed.

We have setup a basic Continuous integration system on http://dev.globaleaks.org that when a new commit is pushed will: update the running GLBackend and GLClient version and run a set of integration tests (https://github.com/globaleaks/GLClient/blob/master/api/specification.js) and sends us an email if one of the test cases fails to pass.

For what’s related to Tor2web, even if outside current milestone (as it has been anticipated in 1st milestone), a separate report on progress will be provided separately along with a proposed roadmap.

We evaluated in better details roadmap and activities for Beta release by identifying main risks related to:

GLBackend

In GLBackend we developed a pluggable delivery and notification mechanism. This will allow us to easily support any delivery and notification method, for example remote SSH filesystem, FTP, or tahoe-lafs. It now support mail notification.

The features we reached in GLBackend development are:

The plugin system is designed to be expandable also by third party developers, exposing a simple API:

https://github.com/globaleaks/GLBackend/blob/master/globaleaks/plugins/base.py#L61

https://github.com/globaleaks/GLBackend/commit/8d9ce9e

Scheduler design to handle all the asynchronous operations of the backend:

https://github.com/globaleaks/GLBackend/commit/813150b03f7d2c9f6a179a041048136c73ea1148

Comments for Receiver and Whistleblowers have been implemented https://github.com/globaleaks/GLBackend/commit/ab4fd362e8f3d9fda0c53ab5b04049911dd3af5e and tested, we come out with a little idea about the system comments, comments performed by the GLB node to update Actors about the status of the Tip: https://github.com/globaleaks/GLBackend/issues/30 then expanded with the feature (not yet developed) of the system messages: https://github.com/globaleaks/GLBackend/issues/31 

Administrative interface was one of the most dedicated element, because providing an API able to manage powerfully the GL node, would help debug and testing during the beta process. So beside the Context, Receiver and Node configuration already provided, that APIs has been completed with: Task manager handler https://github.com/globaleaks/GLBackend/commit/c4b413fb5b64662f5e54a5e1918044cde7eaa4e3 

Definition of Profile for GLB plugins supports:https://github.com/globaleaks/GLBackend/commit/372e6b15d2737d1e7bc81276ef7400f3d629053a 

The API has been modifiy a bit, to better fit with CRUD expectation and working model, refactoring this struct, also the definition of the messages (requests and responses) and errors has been defined well: https://github.com/globaleaks/GLBackend/commit/dde6f754af8ff3710c5e7a5eab7515bf1d9fd978 https://github.com/globaleaks/GLBackend/commit/18dc976d2ca5210f4d2c1ef23000883e2539c68b 

We developed a client command line tool useful in testing and debugging of the globaleaks backend.

This tool will pre-populate the GLBackend database by simulating the interactions of a client.

Through the development of such tool we were able to identify and eliminate a lot of critical bugs and issues with GLBackend. https://github.com/globaleaks/GLBackend/commit/13ed10d9e7c38e19f507705b89f71abf6303298b

GLClient and GLBackend integration

With respect to GLClient the month of November was mainly spent on integrating GLClient with Angular.js framework http://angularjs.org/  that is specifically desgined for pure client side web applications.

This involved following the design patterns used by Angular.js and making some changes to it’s architecture to be more in line with it’s design principles.

By using a heavily opinionated framework and following it’s principles we are able to make sure that

Strong focus was placed on modularity allowing designers to then easily be able to replace the user interface elements with something more suited for the GlobaLeaks application.

Regarding GLBackend we spent time in developing testing tools and consolidating the architecture.

GLClient was refactored based on the design patterns of angular.js.

https://github.com/globaleaks/GLClient/commit/d54089005fc5d937ab106d2dfd97ccef13d755ac 

https://github.com/globaleaks/GLClient/commit/0e1a57d53cce0ee7f20a3d907164be2874eaa021 

We integrated a generic form building module to be used in all the pages that require

https://github.com/globaleaks/GLClient/commit/5f6c943b583629b4e98a94f267d5a552ee682223 

https://github.com/globaleaks/GLClient/commit/21556877e439676a6280a6c6ec66160352acd1b 7

We integrated a basic form building interface that allows a node administrator to populate the submission form presented to a whistleblower: https://github.com/globaleaks/GLClient/commit/21556877e439676a6280a6c6ec66160352acd1b7 

We implemented a mocked out API to facilitate backendless testing of the user interface:

https://github.com/globaleaks/GLClient/commit/f5736a04f004f2e49261254e50943e039a618b84 

We implemented a basic wizard module to be used in the UI when a step by step wizard is required.

https://github.com/globaleaks/GLClient/commit/5f4aaf8 

https://github.com/globaleaks/GLClient/commit/8e948c3 

https://github.com/globaleaks/GLClient/commit/d8a80c0 

We implemented a step by step submission form wizard with dynamic generation of submission fields:

https://github.com/globaleaks/GLClient/commit/f51011cea7ca139dee9d18105d5bd7c31b0d783f 

We implemented a first iteration ovpage used for the setup of receivers: https://github.com/globaleaks/GLClient/commit/b5930a941614e30daf955c814ae09cf537e5568a 

We started outlining the necessary structure for supporting multiple languages https://github.com/globaleaks/GLClient/commit/1c5d570 

https://github.com/globaleaks/GLClient/commit/70581d9 

Note: this multi language support is currently not fully integrated.

In GLClient focus was placed on getting all the UI elements in place and completing the integration of GLClient with the backend.

We integrated select2 via angular-ui to allow multiple selection forms to be searchable and graphically pleasing.

https://github.com/globaleaks/GLClient/commit/9e56f27

We added support for configuring of globaleaks contexts via the user interface:

https://github.com/globaleaks/GLClient/commit/3f2478c

https://github.com/globaleaks/GLBackend/commit/ccdb01c

We implemented backend integration tests based on mocha

https://github.com/globaleaks/GLClient/commit/3f2478c

We implemented the admin interface pages for adding receivers via email address:

https://github.com/globaleaks/GLClient/commit/3f2478c

https://github.com/globaleaks/GLBackend/commit/c70dc1d

https://github.com/globaleaks/GLBackend/commit/8e00ba2

We finished implementing the basic submission workflow that allows a whistleblower to select a context for their submission, upload some files, enter the submission fields and receive a receipt on completion of the submission:

https://github.com/globaleaks/GLClient/commit/4c7cecc

https://github.com/globaleaks/GLClient/commit/1455eac

https://github.com/globaleaks/GLBackend/commit/1724fc0

https://github.com/globaleaks/GLBackend/commit/ca5dd16

We implemented the status page to visualize the tip page (what has been submitted) for the whistleblower and the receivers.

https://github.com/globaleaks/GLClient/commit/87e11e4

We implemented a comment system that allows whistleblowers and receivers to exchange messages via the tip status page:

https://github.com/globaleaks/GLClient/commit/38d8cf4

https://github.com/globaleaks/GLBackend/commit/b0142d5

Thanks to the pluggable notification mechanism we implemented notifications via email of a new submission:

https://github.com/globaleaks/GLBackend/commit/8d9ce9e

We prepared GlobaLeaks Threat Model Document describing in an analytical and syntetic way the different threats and safety conditions available on https://docs.google.com/document/d/1niYFyEar1FUmStC03OidYAIfVJf18ErUFwSWCmWBhcA/edit

We implemented the admin interface pages and step by step wizard for configuring the node:

https://github.com/globaleaks/GLClient/commit/5f4aaf8b1681713194a970b7ee70702d42efaab2