[Labs-l] New-user experience on Wikimedia Labs

Ori Livneh ori at wikimedia.org
Sun Dec 30 07:06:53 UTC 2012


I'm glad many of these issues are resolved or on their way to getting resolved, but I worry that we're missing the bigger usability and security issue posed by having so many permission bits:

Not everyone with a Gerrit account has a Labs account; not everyone with a Labs account has shell access; not everyone with shell access has access to bastion; not everyone with access to bastion has access to Labs instances; not everyone with access to Labs instances is a sysadmin; not every sysadmin is a netadmin, and not every netadmin gets to have a public IP.

Some of the distinctions above have been identified as bugs and fixed, but I wonder if the distinctions could not be collapsed even further, so that new Labs users do not experience the process of getting set up with a comfortable development instance as a series of "gotchas". There are oodles of usability studies online that have reproduced what appears to be a universal truth: that hurdles and quirks in a site's on-boarding experience will frustrate users and drive them away. 

--
Ori Livneh


On Saturday, December 29, 2012 at 4:54 PM, Ryan Lane wrote:

> On Sat, Dec 29, 2012 at 4:37 PM, Fran McCrory <fran at dumetella.net (mailto:fran at dumetella.net)> wrote:
> > On Sat, Dec 29, 2012 at 5:13 PM, Ryan Lane <rlane at wikimedia.org (mailto:rlane at wikimedia.org)> wrote:
> > > You were added before <https://gerrit.wikimedia.org/r/#/c/25700/> was
> > > implemented. Now when a user is given shell they are automatically added to
> > > the bastion. We should likely run a maintenance script to add everyone in
> > > the shell group to the bastion project (added bug 43508), so that others
> > > users in your situation don't run into this problem.
> > 
> > How recently was this patch deployed? The patch was approved on
> > October 2; my shell account was created only a week ago (December 23).
> > 
> 
> Ah, I thought you meant the DC hackathon during Wikimania.
> 
> I remember looking at your account when you were saying you didn't have bastion access. I remember that your account was properly in the project.
> 
> Of course, without having a working authorized_keys file, you wouldn't have access to the project's instances via ssh. That issue was due to the ssh-key bot being broken.
> 
> - Ryan
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org (mailto:Labs-l at lists.wikimedia.org)
> https://lists.wikimedia.org/mailman/listinfo/labs-l
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20121229/af906c78/attachment.html>


More information about the Labs-l mailing list