First Chicago's Vote-By-Net and Consent Gathering Systems

A Handoff Guide -- Kirk Israel [kisrael@alienbill.com]

History/Overview

FCTC's "Vote By Net" is a system that allows shareholders for various companies to vote their shares via proxy over the web. It was the first site to offer this service, although systems that permitted proxy voting over the phone set the precedent for it. The site also has a suite of web-based tools that allow non-technical users to customize proxy cards, including the company's issues, the look-and-feel, the logos, and the dates the proxy is available for voting. The project was started in late 1996 and opened for business in early 1997.

Later, a similar subsystem was added to Vote-By-Net that allowed shareholders to give their consent to being sent electronic (rather than printed) copies of the company's annual report. The Consent Gathering System contained much of the same functionality, and features were added to the original system that allowed endusers to easily go to the consent gathering portion after they had voted their shares. It was developed during late 1997.

Basics

Site:

The site's URL is http://www.vote-by-net.com/ It is a solaris server (aka web34a.bbnplanet.com) hosted by BBN-Planet. Their e-mail is ops@bbnplanet.com - currently I receive mail from them every so often on minor site issues, so we need to change the contact person from IDD's standpoint.

Logging in:

You need 3 bits of information and one piece of hardware to log in to the site. (Note that only certain IP addresses are allowed to connect via telnet, so you need to go through "proxy.iddis.com" to connect and not from some outside source.) To log into www.vote-by-net.com, use username "vbnadmin", password "tough100". You will then be asked for a passcode. To generate this, you need the SecurID that's been provided by BBN. Enter the number "781898" and press the diamond key (if you make a mistake, press the diamond key and start type it over.) It will then use its internal clock to generate the passcode. Enter this passcode at the prompt.

The vbnadmin account has some useful aliases defined upon login in the .alias file (sourced in the .cshrc) These aliases are:

home jump to /home/207.121.184.68 where a lot of data files are kept, as well as being the parent directory for both the secure and normal web servers (more on that later)
atd jump to insecure htdocs root, /home/207.121.184.68/http_80/htdocs
atsd jump to secure htdocs root, /home/207.121.184.68/https_443/htdocs
atb jump to insecure cgi-bin root for the admin section, /home/207.121.184.68/http_80/cgi-bin/admin
atsb jump to the secure cgi-bin root, /home/207.121.184.68/https_443/cgi-bin
cr edit the crontab file
vl view last entries of log for normal web server /bbn/logs/hterror_207.121.184.68_http_80
vsl view last entries of log for secure web server /bbn/logs/hterror_207.121.184.68_https_443
Anything file under /home/207.121.184.68/http_80/htdocs is accessed from the URL http://www.vote-by-net.com , anything under /home/207.121.184.68/https_443/htdocs is accessed via https://www.vote-by-net.com -- something similar applies to cgi-bin.

Admin Pages:

The main admin page is at http://www.vote-by-net.com/cgi-bin/admin/admin.pl Currently it's user: admin password: !firebrand

It has links for the following:

Create, Edit, Delete Proxy Forms
Create, Edit, Delete Consent Forms
Uploading and Manage Logos and Misc artwork. This link is to a non SSL port because of a historical bug in the Netscape SSL implementation that choked while uploading files over 16K or so. (At the time MSIE didn't even support the upload tag.)
Upload and Manage Info Pages. This is a facility added to let FAQs and the like be directly uploaded to the server. Instructions are provided on the page as to the correct URL for images that are independently loaded onto the server.
Links to Vote Viewers -- uses a seperate password, lets admins view the "hot" results of voting and consent recording. (i.e. quickly view the flat files the votes are being kept on)
Current Time - displays the current system time
checksum Generator - can generate checkdigits for shareholder id 1000000000 and PIN 1234 (flags a fake user on the FCTC end) for any issue (i.e. company) number -- the perl code for a more generic cgi script that can generate the checksum for ANY account can be found here

Likely Tasks

Nightly Proxy Vote Transfer The solution for transmitting files on a nightly basis is still kind of kludgey, but plans to change to some form of direct FTP never materialized. As it stands, a file in the cronjobs directory (off of /home/207.121.184.68, the server home directory) gathervotes.pl collates the proxy votes from the files in the directory 'vote', does some misc work (adding a specific fixed length header), translates the results into EBCDIC (!), and mails the result as a mime attachment to IDD, where another process listens for it and then passes it through IBM server mailboxes to FCTC. The files are then put into the directory 'votestorage' for archiving. A second process, resendvotes.pl, transmits the files again, and is run by another cronjob a few hours later.
Consent Transfer There is even less of a well-defined process for transmitting the results of the consent gathering. In general, the vbnadmin logs on and goes to the consentraw directory (off the server home directory) This directory contains files stamped with the issue number of the relevant company and the date the file represents. (Each line of each file represents one user offering their consent)
Each company's files should be moved to a temporary directory (in case new consents are coming in and being appended to the files you're working with) and then catted together (in order of date) into a single file for each company. (i.e. if the company's issue number was 09999, run 'cat 09999* > total_09999' or some such.)
To make life easier for them and more difficult for the vbnadmin, these total_xxxxx files should then be divided on a per record basis based on rather the last digit is an "A" or an "S". (this indicates whether the user came to the consent system directly, or skipped over from a link at the end of the proxy vote process.)
So in the end, you should send FCTC a zipped file containing two files for each company that has records in the consentraw directory, even if some of those files are zero length. The consentraw files should have been moved from the consentraw directory to a temporary space for working (since the site is almost always live, and entries appended to the end of the files you'd be working with) Afterwards, the original files should be moved to the consentbackup directory for safe keeping and archiving.
Password Updates Passwords and "allowed domains" are set in password http_80/cgi-bin/.nsconfig and https_443/cgi-bin/.nsconfig off of the home directory. These set up matching pattern regions of files that control what incoming domains can utilize files in those patterns and what username combinations are required (mostly used for admin functions.) The password file for those usernames is "passwd" in the home directory, simple "name:passwd" pairs. To generate new passwords, run the utility "wa_pass_encrypt" that's on the system.
More info on these files can be found on BBN's Configuring .nsconfig page, taken from http://www.bbn.com/products/webhosting/nsconfig.htm
Mass mailings At some point we needed to do a massmailing from the vote-by-net server, sending out the custom IDs for users. The program for doing so is cronjobs/massmail/runmail.pl - a rough script for taking in a \n deliminated list of email address (possibly with further custom info on each line) and sending out mail. This needs to be customized on a per job basis, since part of its function is to send out indivual ID numbers to each shareholder. Best run as runmail.pl > results.txt &, which will make sure the process doesn't die if the login session time-outs. (tail -f results.txt can then be used to view the results live.) Can handle on the order of a thousand e-mails per hour
Visual Demos At one point I was asked to make a mockup for the client IBM. At first I used pure html, then I added one script (the address confirmation script then bounced back the information that had actually been entered.) See the demo for IBM here.

home	jump to /home/207.121.184.68 where a lot of data files are kept, as well as being the parent directory for both the secure and normal web servers (more on that later)
atd	jump to insecure htdocs root, /home/207.121.184.68/http_80/htdocs
atsd	jump to secure htdocs root, /home/207.121.184.68/https_443/htdocs
atb	jump to insecure cgi-bin root for the admin section, /home/207.121.184.68/http_80/cgi-bin/admin
atsb	jump to the secure cgi-bin root, /home/207.121.184.68/https_443/cgi-bin
cr	edit the crontab file
vl	view last entries of log for normal web server /bbn/logs/hterror_207.121.184.68_http_80
vsl	view last entries of log for secure web server /bbn/logs/hterror_207.121.184.68_https_443