Report Errors should be adapted to Juris-M channels

[fbennett]

The simple thing would be to disable auto-submission, and provide instructions on how to report by email, pasting in the log from a test run.

[gracile-fr]

FWIW, Better BibTeX uses the same Report Errors UI menu/option but reports ID are sent directly to @retorquere

[fbennett]

Good to know. Do you know what sort of mechanism it uses for delivery? I can dig into the source, but if you know ...

[retorquere]

@fbennett it's a very, very simple mechanism that dumps stuff straight to an S3 bucket. If you're interested, I could look into spinning it off into a separate plugin you could hook into, or by creating a pull request against juris-m that does it directly.

The BBT version however also optionally dumps the selected references to S3, but for this it uses a bundled translator. If you want that, I could add hooks into BBT that allows picking where to send the logs (BBT or Juris-M bucket). Alternately, I could have it use Zotero-RDF when BBT is not present, but the RDF format is lossy (doesn't round-trip cleanly).

You wouldn't believe how much time this has saved me so far. Cost is about 1ct/month so far for me.

[retorquere]

I've thought about this for a bit, and it's probably much much better to have this baked in rather than an extra installable. Fortunately, this is very easy to do.

My sources:

https://github.com/ZotPlus/zotero-better-bibtex/blob/master/chrome/content/zotero-better-bibtex/errorReport.xul : a fairly simple adaptation of the Zotero error submission dialog. I've allowed users to choose which bits of data to submit per request of a privacy-conscious user, which makes it a tad more involved, but only just

https://github.com/ZotPlus/zotero-better-bibtex/blob/master/chrome/content/zotero-better-bibtex/errorReport.coffee : the backend code. Gathers the data, presents it (partially, as it could get big) to the user, and sends it off.

The form simply uses Amazon S3 anonymous post. This allows anyone in the world to dump data there, but not read it. You can limit by form policy how much data can be sent (I have disabled this for now in my own policy, but I've used it before an it works) and by bucket policy how long it is retained (I have amazon auto-delete logs after a week). For the form generation I use an npm module aws-s3-form; my form generation script can be found here: https://github.com/ZotPlus/zotero-better-bibtex/blob/master/resource/logs/s3.coffee#L18 (everything before line 18 is just fluff to find the key). I pick up the form data at runtime here: https://github.com/ZotPlus/zotero-better-bibtex/blob/master/chrome/content/zotero-better-bibtex/errorReport.coffee#L6

You could just generate this one time offline and bundle it with the plugin; after generation it doesn't contain any sensitive data. People will know the bucket if they look for it, and as said, can dump arbitrary amounts of data in the bucket; even if you can limit upload size, you cannot limit upload attempts. You could limit the form validity by expiration, but that mean you'd have to find a way to get a fresh and valid form to people wanting to submit errors.

I've just set a budget alarm on AWS; if someone wants to mess with me I get an email when the bucket costs more than $2; at that point I just trash the bucket, open a new one, and generate a new form to publish to it. Logging will likely tell met the IP address and I can exclude that by bucket policy, but honestly, I don't see this as a big risk. Zotero's own logging is similarly susceptible, BTW, and with the amazon post form I have a zero-maintenance, practically free (actually free for the first year) solution. My highest cost so far has been a whopping US$0.04; Amazon guesstimates my bills for the coming months may well rise to US$0.07. These are not figures you want to be running a server for.

[retorquere]

I've since found out that policies expire after a week if the expiration date you set yourself is further out. I've changed BBT to fetch the form data just before submitting an error report, and I have a cronjob that refreshes the form data into a place where it can be downloaded (GH releases, currently).

[fbennett]

Finally fixed this! Juris-M has its own Debug ID channel at last.