Re: [rainmap] RFC on UI mockups

[Fyodor <fyodor () insecure org>]

On Mon, May 24, 2010 at 09:26:48PM -0700, alexandru wrote:
> Hello all,
>
> I've created a few UI mockups for the hosted scanner to show the
> 'first contact' interaction process. The mockups and a scenario
> walkthrough are at http://rainmap.labs.hackd.net/ and I'm looking
> forward to your comments/ideas.
>
> I'll follow along in the coming days with more details on what
> happens once the user has logged in (review scan results; create more
> scans etc)

Thanks, Alexandru.  These look great, and really help us bring more
concreteness to this project.  I didn't have a lot of time to review
this today, but here are some comments on the individual mockup pages:

=Screen 1 - Home Page=

I think this page should be dominated with a description of the
service and what it has to offer rather than a login/sign-in form
taking up most of the page.  Of course there will still be prominant
links to the sign-up form page, and probably log-in fields embedded in
the page smoewhere.

I think the "self-host" button can be changed to "about".  Actually,
you might be able to move those buttons to the left side like on the
logged-in screen, except of course some of the logged-in buttons won't
be relevant at this (not logged in) point and can be omitted or
disabled.

=Screen 2 - Sign-up=

The sign up form will probably ahve a few more fields.  At a minimum
we will want a name.  At some point I think we'll want an account type
selector there too.  Some account types may require approval by an
admin.  For right now it is probably OK to make them all guest
accounts, and we'll provide a way for admins to upgrade accounts with
greater capabilities (e.g. to scan more hosts).

=Screen 4 - Dashboard=

I guess "Name" is an identifier assigned to a scan when the user
creates it, and the scan can be rerun/scheduled as desired?  I guess a
"name" describes a specific set of Nmap options and targets?

The "host" and "IP" columns might be confusing when people scan many
targets at once.  For example, a user could list 50 hostnames, or give
specifiers like scanme.nmap.org/26.

I'm not sure about the best way to show this information in the UI,
but here is some information which may or may not be worth putting in
the recent scans table:

   o Scan start/end time and date (maybe just the start time/date)

   o Nmap options specified for scan, and targets specified for scan.
     Maybe you could get these by hovering over or clicking on the
     scan name or small icons.  Like if you clicked on the scan name,
     maybe a modal dhtml box could appear which shows the full command
     line and targets.

   o You might want to show the most recent scans even if some of them
     have already been viewed/emailed/downloaded (the sticky note
     makes it sound like those would disappear from the dashboard).
     Perhaps there could be a way to identify whether scan results
     have been viewed before (maybe the HTML "followed links" tracking
     would be enough).  Perhaps the layout could be reused for the
     "results" list page (or maybe you won't even need that page).

The "faq" sidebar link should probably be "help" as it could link to
various documentation options, including the faq and the tutorial you
mentioned on screen #3.

The "skip" link in the Schedule "actions" should probably be labelled
"cancel" as that is more usual.  Maybe it would give you the choice to
cancel just that one scan, or all of the scans scheduled with the
given name.

If there are more than 5 scheduled scans, you might provide a
scrollbar like in the "recent scans" table.

Regarding these three buttons:
  scans - completed scans; lets users create new ones
  results - see scan results; email, download, run diffs
  schedule - edit upcoming scans; modify the schedule

I'm not sure that the "scans" button needs to include "completed
scans", as the "results" button will presumably give such a list.  I'd
suggest changing "scans" to "New Scan" and use it just for creating
and scheduling a new (possibly recurring) scan.

We should probably capitalize the labels on the left-sidebar buttons

For the one we host, we'll probably want a way to embed it in the
normal Insecure.Org chrome (like you see around the content of
nmap.org, insecure.org, sectools.org, seclists.org, etc.)

=General Notes=

It will be great to see the new scan screens and admin screens :).

For a first mockup, these are looking good!

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/