18f / pulse Goto Github PK

If we plan to heavily use the gh-pages branch, anyone have a problem with me porting over the material from master to gh-pages and killing the master branch?

[Note: I'd do this after the basic-frontend branch was merged.]

Hi folks -

The other github.com/gsa admins and I are surveying the private repos and trying to tighten our belt with private to postpone the need to upgrade our plan. I think this repo is fine (even will benefit from) being public. Can we confirm whether we have ay need to keep it private? If there are needs, can we confirm their timetable and see when they might change?

Had a quick discussion with @konklone this morning about possibly interviewing one of the CIO's we have been in contact with to talk about the dashboard. It would be great to get clarification on information that they would find useful.

Here are a few suggested questions:

• What agency are you overseeing?
• What are some of the challenges you face when making decisions?
• Is there a particular tool or website that you use for helping make those decisions?
• What kind of information do you find most useful when determining the security protocols used by your web properties?
• Is there a standard that you have in place that the websites you manage are required to take to comply with security standards?

Depends on #58.

• Create basic front end layout and structure
• Gather user data and information directed at the product
• Write archetypes for our users (e.g. CIO)
• Start developing various wireframe versions for the team to iterate over

The front-end should itself participate in the DAP, and possibly have its own Google Analytics account, with the proper privacy knobs on.

Currently, there are 126 agencies identified in the data as "federal agencies" in charge of websites. Several of them are agencies in charge of just one domain, others may only have one or two, and many are not what one would traditionally think of as federal agencies (Amtrak, for example). Single-site agencies won't make compelling data visualizations (everything will be 100% in either direction), so I would propose that we remove them from visualizations, while still making their data available in the table.

I generated analytics.csv by matching the federal (exec+leg+jud) .gov domain list to the 3800 sites the DAP says participate.

This is almost good enough, but the ~300 exec branch domains DAP says participate doesn't line up with this -- there are more domains there (and that's only exec branch).

Let's figure out why that is, so we can finalize the snapshot.

Add ideas here

Could we make the placeholder text at the top of the pulse page a little bit more official sounding in case someone who comes across the page is not technical? There has been some concern that the pre-alpha language might be confusing to non-technical folks. I know we're not publicizing anything yet, so no outside parties should get onto the site in theory, but some folks at OGP are uneasy about the language as it stands nonetheless. I'd suggest "This website is in a very early stage of development. No information or content found here should be considered definitive."

Thanks, and sorry for the nitpickiness of this issue.

cc: @juliaelman, @vzvenyach

Post ideas below...

Under proper HTTPS and participating in the DAP.

Depends on #17.

Letting them know this is happening, along with any data we plan on displaying.

Pulse.cio.gov currently runs on top of the list of federal .gov 2nd level domains (e.g. fbi.gov, irs.gov). The dataset of federal .gov subdomains (e.g. blog.trade.gov, calendar.nih.gov) is not currently made public but hopefully will be at some point. Publishing it would allow the pulse scans to gain another level of detail.

We need to:

• Create a developer project in the Google dashboard. Noah's working through the IT limitations here.
• Have DAP authorize the credentials associated with this developer project to access their data.

Ensure how this will be paid for and maintained in 6, 12, 18, 36 months, etc.

...that displays this snapshotted data, with whatever “under construction” caveats are necessary.

Building on #55

The .gov registrar has a field in one of their spreadsheets that tracks whether the site is up or down. We should compare this against our own dataset, based on site-inspector, to see if there are many major discrepancies.

cc @jtexnl - I think this would be a good one for you. (I can formally "assign" issues once you've joined the org.)

• Get delegated authority from OGP to use 18F's ATO process.
• Prepare template ATO for 18F DevOps.
• Have something up there besides the word "PULSE".
• Meet at scheduled time with DevOps to complete process and obtain the ATO.

• Have a new instance/org setup
• Add users to that instance/org
• Add manifest.yml and travis.yml, per instructions outlined here >> https://github.com/18F/cloud-foundry-notes/blob/static_site_instructions/content/apps/static.md

We need to get a modification to the SSL Labs API T&C.

We need some FAQ and documentation about what this is, what it's doing, how it's doing it, and why.

A project description, and some FAQ material. It can be the same page.

It should at least run the commands in our README (e.g. npm install and bower install and gulp [something]) to exercise them and make sure we're not breaking stuff. The default gulp command watch-es, which isn't what we want for CI.

Based off of #55 and #59, create v4 of the wireframes. This will be what we plan to end sprint 2 with.

The steps for this are:

• Get Feedback on wireframes v2
• Design Wireframes v3
• Gain external feedback on wireframes v3
• Design wireframes v4

Such as:

• More HTTPS detail, e.g. SHA-1, forward secrecy
• Does the site require “www”? Does it require not using “www”?
• Load time (server-side)
• Mobile friendliness
• Mixed content detection (linking to insecure resources)
• Use of third party services
• 508 compliance (poss. with http://pa11y.org/)

Add more ideas below.

Could be via webhooks, or using CF continuous deployment -- one of the two.