Mobile friendly Web UI #58
Comments
|
I think the easiest way would be to just use a responsive web framework like Foundation or something similar. Makes it easy to write good-looking, easily modified, and responsive websites. I don't know if the current web frontend code is responsive or not, but that is definitely something to aim for. |
|
Guys, I think this is really important. One of the reasons gmail is winning right now is because of their great integration with Android. We need an Android-specific interface (I may or may not be volunteering..) but more importantly, we need privacy on the android.. which means gpg key sharing or some such. I would be very interested to hear your thoughts on how to do this (particularly the crypto aspect) and have it be usable. |
|
@ogunden Are you thinking about an Android-App or a web-interface for android? GMails Android App is very well done, yes. But, as far as I can tell, the primary aim of this project is not to write platform-specific applications, but one web-app that can be used by everyone. I agree that the web-app of Mailpile should work well on every platform, including mobile. But I am not sure why we need to think about privacy on Android (with GPG keys and all that) seperate from everywhere else, which you seem to imply. Can you elaborate a bit on what you meant with that? |
|
Maybe I don't understand mailpile all that well. Where are we storing the GPG private keys? The reason I say we need to think about privacy separately is because I have been assuming the client keeps his private keys on his computer or a usb drive, not on a web server. I think a native android app is going to be important to compete with gmail. As an example, I don't think you can do notifications with a web-based approach. |
|
As I understood it (I'm no member of the team, just a random guy trying to help out here), the idea is that you have an installation of Mailpile on some hardware you control (server in your house, USB stick, ...), if you want it to be really secure. And in that case, I think the key would be stored somewhere inside mailpile on that device. In general, I think the key management and -security is something that the devs should, at some point, elaborate on. But at the moment, I don't think there is a finalized idea for that. I think @smari would be the one to comment on this, but there is already an issue for that as well (#75). Concerning the Android Client: That is a seperate discussion. I think you may be right with that, but I would encourage you to open a new Issue for that discussion, as this one is about the WebGUI. Maybe we can hijack #92 for that, as it is going into the same direction. |
|
Thanks malexmave. I would very much like to learn / hear from the devs more about key management and security. |
|
Hey guys, willing to help out on the front end here. I am wondering why we are using python as the www server (Not that I am opposed, but there may be a better answer) Any thoughts on NodeJS and Express. With a mobile first framework like Bootstrap and Angular. These really seem to be the new ways to start any front end app now a days. I would love to get started, just wanted to get an ok to start off with these frameworks. Any thoughts? NodeJS - http://nodejs.org/ |
|
Node isn't as flexible to be installed on any Windows machine as something like Python I'd assume. |
|
I am not so sure I agree with that. Apart from the simple exe that is available you could build from source and install via python, or using some sort of package manager when one is decided on for the project. The flexibility of node is what makes it a perfect option for front end server software like this, I think. And it uses npm which allows for simple installs of plugins and such, via a package.json |
|
I wasn't questinging the ability to install from source for an advanced user, but what about Billy from Facebook who wants Mailpile? He's going to say '"node", what the hell is node, "build from source"? I'm out!'. Point being it's much simpler to instal Python than Node. N.B. I love Node, I don't code Python. |
|
So, maybe I was not a clear as I meant to be. lol I think I may have mis-wrote they response.. Let me try again. See if it makes sense. Our package installer would do the following:
This is just an example, not sure about hosts file and service/startup But you get the picture, Billy from Facebook would install this as a normal application. We would handle getting and installing the dependencies. This allows our project to depend on the technologies we want and build with the future in mind. Thus making something that can be used, hacked on, and developed for years to come. Thoughts? |
|
This would make the whole thing very hard to get portable (which is one of the major use cases, carrying it around on a USB stick and plugging it in at the library, where you don't have admin to install stuff)... Then again, it would probably be as hard to get portable without node. Also, make adding startup services optional, for exactly the same reason (I don't want to get an error every time I boot up my PC without having the thumb drive plugged in). |
|
A lot of answers to the discussions above can be summed up by pointing you towards the already existing codebase. We aren't using Node.js because we're not developing the app in JavaScript, we're developing it in Python. We're using Python's standard library as much as reasonable, and only pulling in outside modules and such when it makes a lot of sense. As examples of that making sense, we are referring to the GnuPG binary installed on the system, and using jQuery and D3 on the browser client side. None of these things makes it particularly difficult to carry around on a USB stick. For keys: You store your PGP keys in your local PGP keychain. Mailpile should never have direct access to your keychain, but rather interacts with the keychain through GnuPG. We will be integrating key management and various other things deeply into Mailpile - one example of that is rather than having a special "Key management" thing, the contact manager will understand PGP keys (and other types of keys!), and the entire key management experience should be seamlessly related to the contact management experience... because that's how sane applications would do it. We haven't decided exactly what we're going to do for mobile apps, but very likely what we'll do is build a mobile app that is fairly stateful and communicates with Mailpile through the JSON/RESTful API. |
|
If you carry it around on your USB drive, how are you going to decrypt encrypted mails if the keys are only stored in the local keychain? I am not fundamentally opposed to this design, I was just wondering if this wouldn't wreak havoc on the portability of encryption, as opposed to having a keychain integrated into the program (which would raise other issues, I know). Also, by using the locally installed GPG binary (which, again, makes sense in many ways), you once again require the user to install some form of GPG, which may not be installed on your friends PC that you are just quickly plugging your thumb drive into to find out if you have new mail. Don't take this as criticism, I was just wondering if you had thought about this and have an answer to those problems. |
|
I think that some of the conversation above is drifting a little from the initial idea of this issue. I'm responding to the issue title, not necessarily the thread. I'm a big fan of making the webUI mobile friendly with all that entails. I'd like to be able to install Mailpile on a machine at home and connect to it over an SSH tunnel. I do have some questions about how well this ends up working. Is everything going to break because I won't be able to see the server's GPG UI? |
|
Mobile responsive development is underway more will happen in the next few months, closing this for now! |
|
Any answers to questions about the GPG-usage implications of running the client and the server on different machines? I doubt folks will run a Mailpile instance on their phone. |
|
There is no real problem with running the server on a different machine, as long as you trust that machine. If you install the server on an untrusted device, your keymatter should not be considered safe, but we have no way to prevent this aside from simply advising against it. |
|
Does that mean that the Mailpile server will cache the GPG key or passphrase, so that interactive access to the server won't be necessary to use keys in the client? |
|
No. gpg-agent does that and controls all the policy around that, including timeouts and such. The passphrase may be passed to gpg-agent through the web interface in the case of remote access. TLS should make that kind-of okay, but if you're doing remote access you're already throwing away a chunk of the security model. |
are there plans to make the web ui mobile friendly so a user can manage his mails easily with his phone?
The text was updated successfully, but these errors were encountered: