00:44:06  * harthurquit (Remote host closed the connection)
01:36:05  * xaqjoined
05:05:14  <JasonSmith>isaacs: ping
05:05:32  <JasonSmith>nm, it's in email too :)
05:44:37  * isaacsquit (Remote host closed the connection)
07:20:41  * xaqquit (Remote host closed the connection)
09:10:48  * harthurjoined
10:27:25  * harthurquit (Remote host closed the connection)
10:35:55  * vmxjoined
13:24:27  * vmxquit (Quit: Leaving)
13:46:44  * harthurjoined
14:19:16  * isaacsjoined
16:31:35  * vmxjoined
16:42:20  <teslan>will there be a way of seeing "current cummulative bill" for current period as i think it would be great for monitoring and especially "rogue requests" in uses cases such as community sites, gaming, etc ... in fact, the coolest thing might be an API call, so we could automated such monitoring from out end ... I hit a URL and get back a JSON with all the usage details that billing is based on ;)
18:13:09  * isaacsquit (Remote host closed the connection)
18:49:45  * isaacsjoined
19:03:16  * triple_desjoined
19:03:20  <triple_des>lol
19:03:39  <triple_des>guys
19:03:44  <triple_des>a simple question
19:04:19  <vmx>good to see you found your way :)
19:04:41  <triple_des>I would like to make an android app that posts and retrieves data from iriscouchs database server. Do you have REST API for this?
19:04:43  <triple_des>:)
19:05:59  <vmx>triple_des: iriscouch is just a hosted CouchDB, hence the full CouchDB api is available
19:06:11  <triple_des>okey then the next problem
19:06:37  <triple_des>if someone sniffs the packets between the android app and couchdb, they can see the user password for the database
19:07:39  <vmx>you can use https
19:09:00  <triple_des>is there no token auth?
19:09:16  <triple_des>hardcoding the password is not the way to go. its a security concern
19:09:32  <triple_des>the app is distributed to thousands.
19:09:52  <vmx>triple_des: what do you want to do?
19:10:09  <triple_des>Amazon has token authentication
19:10:15  <triple_des>generates a session password
19:10:20  <triple_des>which expires afterwards.
19:10:43  <vmx>you already have a solution in mind, but what do you actually try to solve?
19:11:16  <triple_des>does this have a token server?
19:11:41  <triple_des>iriscouch have a token server?'
19:12:26  <vmx>what do you need the token server for?
19:12:36  <vmx>(sorry to bug you so much :)
19:12:43  <triple_des>to generate a temprorarily password (token)
19:13:12  <triple_des>look this is how amazons s3 works
19:13:34  <triple_des>clinet asks token server for "session password"
19:13:37  <triple_des>client*
19:13:49  <triple_des>amazon token server replies with "your password is 32432d2f24g"
19:14:10  <triple_des>client connects directly to amazon s3 with pw "32432d2f24g"
19:14:25  <triple_des>if someone sniffs the password, no worries. it expires soon.
19:14:55  <triple_des>OR i could just use the traditional method
19:14:59  <vmx>ic. i'm not aware of such a thing for couchdb
19:15:15  <triple_des>making php page as middleman between smartphone and iriscouchdb
19:15:24  <triple_des>ok
19:15:28  <triple_des>u from the staff?
19:15:42  <vmx>yes, normally you need something in between when you need more than just couch :)
19:15:44  <vmx>nope
19:15:53  <vmx>just a friend of the stuff
19:16:01  <triple_des>lol k
19:18:35  <triple_des>http://wiki.apache.org/couchdb/Security_Features_Overview#Authentication_database
19:18:53  <triple_des>it says something about oAuth so there may still be hope for my initial plan
19:19:08  <triple_des>I will just wait for someone from the staff comes by
19:21:18  <vmx>yes, there's oauth and also facebook auth
19:22:01  <vmx>and also browserid iirc
19:22:26  <vmx>when i was asking about your initial problem, i think this is what you name initial plan
19:24:51  <vmx>triple_des: but i guess you really want to wait for JasonSmith, he's the one to talk to :)
19:25:27  <triple_des>okey.
19:25:36  <triple_des>are they americans?
19:26:07  <triple_des>vmx
19:26:57  <vmx>JasonSmith is american but lives in thailand
19:28:11  <triple_des>:( then its porbaby night here when hes online
19:28:17  <triple_des>probably
19:50:26  <teslan>triple_des: i am a couchdb noob and not from staff but JasonSmith is an extremely technical CouchDB dude, so you will get your questions answered and if you are an evening person, when north america is in bars, you get his bandwidth and attention (: just like me :) ... in any case, I am under an impression that I will be able to log into my couchdb from a node.js session on Heroku and then hand that authorization token to the cl
19:50:26  <teslan>ient to log in with ... in my case, users will be logging in with Facebook and my app uses their fb id for logging their activity in my app but for the purposes of my app different types of users will be logging in with a single user/pass for that type of user ... hopefully this helps and welcome to the community :)
19:51:38  <triple_des>ok
19:51:40  <triple_des>:))
19:51:44  <triple_des>im doing node.js too
19:53:08  <triple_des>i was thinking about relaying my authentication through node.js but I want to improve the latency. Client --> heroku --> iriscouch is ok
19:53:14  <triple_des>but what about client --> iriscouch
19:53:17  <triple_des>even better?
19:53:27  <teslan>i am deving an ethnic community site, where i anticipate attempts to bring it down, just the nature of the beast, so i am "hiding" my couchdb behind heroku because they are bigger boys and do not want iriscouch to have to wrestle with such attacks
19:54:07  <triple_des>lol
19:54:25  <teslan>oh, i forgot to mention, i am also an old timer but a dev noob ... actually a Web 0.2 Fellow ;)
19:54:49  <triple_des>so u are relaying all kind of information through node.js server and not only the authentication info
19:55:01  <teslan>will each of your users have a unique couchdb id and login
19:55:05  <triple_des>no
19:55:10  <teslan>or what about along the lines of what i do
19:55:16  <triple_des>admin, Android_users, etc.
19:55:37  <triple_des>yeah but latency is the issue here
19:55:48  <teslan>then sounds like you and i could together explore "my impression" which goes like this (impression that is ;)
19:55:58  <triple_des>hehe
19:56:15  <triple_des>what kind of takedown attempts do u participate in anyway+
19:56:17  <triple_des>ddos?
19:56:25  <teslan>from client we log into facebook
19:56:42  <teslan>you may not even need that if you want nothing unique to track users by
19:56:51  <teslan>ok so far
19:56:55  <triple_des>yeah i dont need anything to track users
19:57:20  <triple_des>its massively-distributed app for android with the option of being anonymous.
19:57:50  <teslan>then node.js logs into couchdb with https? and a "hard coded" set of users and passowrds that you might even get from a well hidden and pass protected couchdb or some other place
19:57:54  <teslan>ok thus far
19:58:27  <teslan>so node.js does that at startup only, logs into your couchdb app and has a login token that it hands out to everyone
19:58:45  <teslan>does that sound stupid or possible ;?) lol
19:58:45  <triple_des>no forget node.js for now
19:59:01  <triple_des>i want to avoid using any middleware this time
19:59:20  <triple_des>i want a straight pure connection from Client (Android device) to Iriscouch
19:59:43  <triple_des>i want to remove the middleman (node.js) because it causes unncessary delay
19:59:47  <teslan>then https? into it?
19:59:49  <teslan>no?
20:00:00  <triple_des>https requires hardcoded pw on client
20:00:02  <teslan>is https not just for that
20:00:21  <triple_des>https secures that the information exchanged is crypted
20:00:43  <triple_des>but a hacker can crack the software on the android device and find the hardcoded password
20:00:54  <triple_des>when he has this, he can logonto my iriscouch and delete all
20:01:38  <teslan>ah
20:01:53  <teslan>what's your take on my approach for my use case
20:02:17  <triple_des>its good approach for all kind of things except for realtime communication
20:02:34  <triple_des>i am doing something similar with adifferent project
20:02:35  <teslan>not following
20:02:44  <triple_des>look,
20:02:49  <teslan>looking
20:02:51  <teslan>lol
20:02:59  <teslan>never mind my sense of humor
20:03:09  <teslan>its lot better than none
20:03:32  <triple_des>a packet that goes from client to heroku (usa) then to iriscouch (usa but can be different datacenter on the other side of country) then back to client again will take longer time than:
20:03:44  <triple_des>a packet that goes from client to iriscouch and back again.
20:03:51  <triple_des>agree?
20:04:01  <teslan>ok but what about this
20:04:17  <triple_des>it adds unneccessary 50 ms delay which i want to avoid
20:04:38  <teslan>you do that first time, go to heroku get the token and store it on android, till it expires then repeat and it might be , not sure a day or so between
20:04:54  <triple_des>yeah thats what i am here asking
20:05:03  <triple_des>does this iris support token
20:05:37  <triple_des>but anyway
20:05:42  <teslan>not sure on terminology but somewhat sure on what i am saying so hang on
20:05:45  <triple_des>the middleman approach is the most safe one
20:06:33  <teslan>so the middleman would "manufacture tokens" that are used not on each transaction but till they expired, say at least several hours
20:07:16  <teslan>now, since you sound technical enough ... #couchdb is excellent for these questions because like someone said #iriscouch is a standard couchdb
20:07:19  <triple_des>by middleman-approach i mean the node.js/php relaying all info. no tokens needed at all
20:07:31  <triple_des>i will go there
20:08:10  <teslan>i am pretty sure that tokens are supported but like i said ME ... WEB 0.2 FELLLOW ;)))
20:08:26  <triple_des>:))
20:08:29  <triple_des>teslan
20:08:35  <triple_des>your approach is good
20:08:38  <teslan>i will follow your discussion there as i need same info
20:08:42  <triple_des>easily scalable too
20:08:58  <teslan>you know the coolest thing i think
20:09:16  <teslan>tracert to most sites returns same ip
20:09:28  <triple_des>huh
20:09:30  <triple_des>most sites ?
20:09:31  <teslan>tracert to my site on heroku changes different ip
20:09:39  <triple_des>oh
20:09:43  <triple_des>its clouded?
20:09:54  <teslan>have no clue but here on pm
20:22:41  * harthurquit (Remote host closed the connection)
20:23:16  * vmxquit (Quit: Leaving)
21:29:21  * triple_desquit (Quit: ChatZilla [Firefox 11.0/20120312181643])
21:36:23  * harthurjoined
23:03:38  * harthurquit (Remote host closed the connection)
23:39:07  * harthurjoined