Loading ...
Sorry, an error occurred while loading the content.

Site structure anoyance.

Expand Messages
  • ubereng
    FFA is a great source for better stories, thanks. But the way it is structured is a major annoyance for those of us who use password managers to login (to
    Message 1 of 19 , Dec 18, 2010
    • 0 Attachment
      FFA is a great source for better stories, thanks.

      But the way it is structured is a major annoyance for those of us who use password managers to login (to leave a review or view M-rated stories).

      By giving each author his/her own subdomain, e.g. "http://viridian.fanficauthors.net/" and "http://jeconais.fanficauthors.net/", the password manager treats each as a separate site.

      This means we must dredge up and restore our account info for dozens of "sites" instead of one FFA account. Changing the password is a chore too.

      For future projects or improvements to FFA, please keep that in mind. It's better to structure the URL's like "http://fanficauthors.net/viridian/", "http://fanficauthors.net/jeconais/", etc.

      PS. Using subfolders instead of subdomains also plays much nicer with other tools, like Stylish or Greasemonkey scripts or form field, auto fillers, etc.
    • James Carter
      I had wondered why I had to give my password several different times. Would it not be easier to use one domain with with several subfolders? -Nuit Dark Lord
      Message 2 of 19 , Dec 18, 2010
      • 0 Attachment
        I had wondered why I had to give my password several different times.

        Would it not be easier to use one domain with with several subfolders?

        -Nuit




      • Chris P
        On the plus side, it s only once for each site, which can be taken care of in 5 minutes :)
        Message 3 of 19 , Dec 18, 2010
        • 0 Attachment
          On the plus side, it's only once for each site, which can be taken care of in 5 minutes :)

          On Sat, Dec 18, 2010 at 11:27 AM, ubereng <mryahell@...> wrote:
          But the way it is structured is a major annoyance for those of us who use password managers to login (to leave a review or view M-rated stories).

        • Ralph S.
          That s not the responsibility of a site author, now is it. Instead of telling Tim to build his site according to YOUR demands, how about configuring your
          Message 4 of 19 , Dec 18, 2010
          • 0 Attachment
            That's not the responsibility of a site author, now is it.

            Instead of telling Tim to build his site according to YOUR demands, how
            about configuring your password manager to work with
            $1.fanficauthors.net instead?



            On 12/18/2010 10:27 AM, ubereng wrote:
            > FFA is a great source for better stories, thanks.
            >
            > But the way it is structured is a major annoyance for those of us who use password managers to login (to leave a review or view M-rated stories).
            >
            > By giving each author his/her own subdomain, e.g. "http://viridian.fanficauthors.net/" and "http://jeconais.fanficauthors.net/", the password manager treats each as a separate site.
            >
            > This means we must dredge up and restore our account info for dozens of "sites" instead of one FFA account. Changing the password is a chore too.
            >
            > For future projects or improvements to FFA, please keep that in mind. It's better to structure the URL's like "http://fanficauthors.net/viridian/", "http://fanficauthors.net/jeconais/", etc.
            >
            > PS. Using subfolders instead of subdomains also plays much nicer with other tools, like Stylish or Greasemonkey scripts or form field, auto fillers, etc.
            >
            >
            >
            > ------------------------------------
            >
            > Yahoo! Groups Links
            >
            >
            >
          • pfeil
            ... No, it really isn t. The sites have different branding, so the subdomains is the best choice. FFA correctly sends the auth cookie for .fanficauthors.net,
            Message 5 of 19 , Dec 18, 2010
            • 0 Attachment
              On Sat, Dec 18, 2010 at 01:27, ubereng <mryahell@...> wrote:
              >
              > For future projects or improvements to FFA, please keep that in mind.  It's better to structure the URL's like "http://fanficauthors.net/viridian/", "http://fanficauthors.net/jeconais/", etc.
              >

              No, it really isn't. The sites have different branding, so the
              subdomains is the best choice. FFA correctly sends the auth cookie
              for .fanficauthors.net, not the subdomain, so you don't need to login
              to each of them separately.

              As Ralph said, fix your password manager.

              Now, because it's essentially a single-sign-on, we can debate whether
              it would be better to have the login requests as redirects to
              login.fanficauthors.net, rather than forms on the same url as the
              story, but that would be a DCR, not a bug.
            • ubereng
              ... (1) I made no demands, just passing on a suggestion -- which also happens to be a best-practice in the development house I manage in. (2) The password
              Message 6 of 19 , Dec 19, 2010
              • 0 Attachment
                --- In fanficauthors@yahoogroups.com, "Ralph S." <ralph.sch@...> wrote:
                >
                > That's not the responsibility of a site author, now is it.
                >
                > Instead of telling Tim to build his site according to YOUR demands, how
                > about configuring your password manager to work with
                > $1.fanficauthors.net instead?
                >

                (1) I made no demands, just passing on a suggestion -- which also happens to be a "best-practice" in the development house I manage in.

                (2) The password manager I use online, and a very popular one it is, does not have that capability. I suspect that many don't.
              • Ralph S.
                (1) I made no demands, just passing on a suggestion -- which also happens to be a best-practice in the development house I manage in. (2) The password
                Message 7 of 19 , Dec 19, 2010
                • 0 Attachment
                  (1) I made no demands, just passing on a suggestion -- which also
                  happens to be a "best-practice" in the development house I manage in.
                  (2) The password manager I use online, and a very popular one it is,
                  does not have that capability. I suspect that many don't.
                  Given that fanficauthors.net does SSO, I guess something like
                  www.fanficauthors.net/login?referer=$(referer) might work, but meh.

                  I thought there are more than a few pw-protected sites with lots of
                  subdomains, such as *.wikipedia.org, but no idea if they use a login.*.*
                  scheme or not.
                  Either way, any password manager that does URL matching should also do
                  regex matching, or at least support wildcards like *.fanficauthors.net.
                  If the one you use is open source, maybe its author could be talked into
                  adding such functionality?
                • ubereng
                  ... Wrong, wrong, and wrong. The sites do not have significant different branding and that s a completely ludicrous and spurious reason to say that
                  Message 8 of 19 , Dec 19, 2010
                  • 0 Attachment
                    --- In fanficauthors@yahoogroups.com, pfeil <pfeilspitze@...> wrote:
                    >
                    > On Sat, Dec 18, 2010 at 01:27, ubereng <mryahell@...> wrote:
                    > >
                    > > For future projects or improvements to FFA, please keep that in mind.  It's better to structure the URL's like "http://fanficauthors.net/viridian/", "http://fanficauthors.net/jeconais/", etc.
                    > >
                    >
                    > No, it really isn't. The sites have different branding, so the
                    > subdomains is the best choice. FFA correctly sends the auth cookie
                    > for .fanficauthors.net, not the subdomain, so you don't need to login
                    > to each of them separately.
                    >
                    > As Ralph said, fix your password manager.
                    >
                    > Now, because it's essentially a single-sign-on, we can debate whether
                    > it would be better to have the login requests as redirects to
                    > login.fanficauthors.net, rather than forms on the same url as the
                    > story, but that would be a DCR, not a bug.
                    >

                    Wrong, wrong, and wrong.

                    The sites do not have significant "different" branding and that's a completely ludicrous and spurious reason to say that subdomains are better than subfolders, anyway.

                    I never said that I had to relogin, once logged in. (Except when logins expire or cookies are deleted)
                    The problem comes with following a link to a story on subsite B, but the PW manager only has a record for subsite A. So every time we visit a new subsite, it either has to be within a few days of our last visit (not likely, given the activity level at FFA), or we must dredge up the account credentials and create yet another PW-manger entry for FFA.

                    As for fixing my password manager, there is nothing wrong with it, I didn't write it, and it's not the source of the problem -- and as already seen on this thread, others have the same issue.

                    Redirecting to login.fanficauthors.net would probably be an acceptable band-aid, but more work than just switching the structure -- which could be as easy as one redirect in the server config. (FFA appears to use Nginx, which I'm not too familiar with).
                  • pfeil
                    ... Cookies allow the specification of both a domain -- which may or may not be a *. domain -- and a path -- under which they apply -- for good reason. Any
                    Message 9 of 19 , Dec 19, 2010
                    • 0 Attachment
                      On Sun, Dec 19, 2010 at 01:22, ubereng <mryahell@...> wrote:
                      >
                      > I never said that I had to relogin, once logged in.  (Except when logins expire or cookies are deleted)
                      > The problem comes with following a link to a story on subsite B, but the PW manager only has a record for subsite A.  So every time we visit a new subsite, it either has to be within a few days of our last visit (not likely, given the activity level at FFA), or we must dredge up the account credentials and create yet another PW-manger entry for FFA.
                      >
                      > As for fixing my password manager, there is nothing wrong with it, I didn't write it, and it's not the source of the problem -- and as already seen on this thread, others have the same issue.
                      >

                      Cookies allow the specification of both a domain -- which may or may
                      not be a *. domain -- and a path -- under which they apply -- for good
                      reason. Any password manager that can't handle both those things in
                      fundamentally broken.

                      Different subdomains isn't just a quirk of FFA; It's how sites like
                      wikipedia work too. (<fr.wikipedia.org> and <en.wikipedia.org>.)

                      And if it doesn't handle paths, then you're just asking for phishing
                      attacks on free hosting sites where each hostee gets a different
                      subdirectory. If your password manager gives the username and
                      password for <hosting.com/goodsite> to <hosting.com/G00DSITE>, then
                      your password manager is a security hole.

                      >
                      > Redirecting to login.fanficauthors.net would probably be an acceptable band-aid, but more work than just switching the structure -- which could be as easy as one redirect in the server config. (FFA appears to use Nginx, which I'm not too familiar with).
                      >

                      Except that changing the structure also means that autocomplete for
                      URLs no longer works as well, and you don't want to have two different
                      links for the same thing for SEO reasons.

                      And the "different login domain" isn't a "band-aid", it's the right
                      way to solve the problem of auth across different sites. Note, for
                      example, that going to <gmail.com> takes you to
                      <www.google.com/accounts/ServiceLogin>, which then redirects you back
                      to <mail.google.com>.
                    • pfeil
                      ... That s the easy path. The hard part is making sure that all the absolute-path domainless links: Harry Potter Get updated
                      Message 10 of 19 , Dec 19, 2010
                      • 0 Attachment
                        On Sun, Dec 19, 2010 at 01:22, ubereng <mryahell@...> wrote:
                        >
                        > [...] which could be as easy as one redirect in the server config. (FFA appears to use Nginx, which I'm not too familiar with).
                        >

                        That's the easy path. The hard part is making sure that all the
                        absolute-path domainless links:

                        <a href="/Harry_Potter/">Harry Potter</a>

                        Get updated properly.

                        (And the image references in stories, and...)
                      • Tim Joy
                        Rule 1 of internet survival: If something gets a visceral reaction, never reply immediately. Subdomains: These are staying. They are the core feature of
                        Message 11 of 19 , Dec 20, 2010
                        • 0 Attachment
                          Rule 1 of internet survival: If something gets a visceral reaction, never reply immediately.

                          Subdomains:
                          These are staying.  They are the core feature of ffa.net that I "sold" the service to other authors as.  That everyone is equal and everyone has their own subdomain.  If I was told that it was changing to fanficauthors.net/jeconais/ I'd leave the site.  So I'm definitely not doing that.

                          Changing to a single login domain:
                          This half exists, as www.fanficauthors.net has the account settings as well.  

                          The problem comes with the per-domain logins.  As far as I'm aware, these password managers read the current domain, not the target domain, so changing the per-domain code to post to one place isn't going to win anything. 

                          Auto redirecting people might work, although I'd have to get around to implementing sessions (*) and storing original domain in there, so that I can always send people back to the right site.

                          If there's enough demand, I'll look at doing something like that when I start to write more code.  At the moment, I'm in "writing" mode, so am not looking at code.

                          Tim

                          * - why, no, I wouldn't use the default session stuff, it's horrid.
                        • Chris P
                          It takes 5-10 minutes to open all the individual author pages and log in, then whatever password manager you use will helpfully fill in the form when you next
                          Message 12 of 19 , Dec 20, 2010
                          • 0 Attachment
                            It takes 5-10 minutes to open all the individual author pages and log in, then whatever password manager you use will helpfully fill in the form when you next hit that author page. No reason to make changes :D

                            On Mon, Dec 20, 2010 at 11:45 AM, Tim Joy <jeconais@...> wrote:
                            The problem comes with the per-domain logins

                          • Mike Fairbanks
                            And, therefore, don t try to distract him. Tim, I think we all really appreciate the site you have created, both from a reader s point of view and from an
                            Message 13 of 19 , Dec 20, 2010
                            • 0 Attachment
                              And, therefore, don't try to distract him.

                              Tim, I think we all really appreciate the site you have created, both from a reader's point of view and from an author's point of view, I know I do.

                              Mike (MoA)


                              On Mon, Dec 20, 2010 at 1:45 AM, Tim Joy <jeconais@...> wrote:
                               


                              If there's enough demand, I'll look at doing something like that when I start to write more code.  At the moment, I'm in "writing" mode, so am not looking at code.

                              Tim


                            • pfeil
                              ... I think everyone here will take more of your fics over more FFA features every single time, so I m glad -- especially when the change requested is to fix
                              Message 14 of 19 , Dec 20, 2010
                              • 0 Attachment
                                On Mon, Dec 20, 2010 at 01:45, Tim Joy <jeconais@...> wrote:
                                >
                                > If there's enough demand, I'll look at doing something like that when I start to write more code.  At the moment, I'm in "writing" mode, so am not looking at code.
                                >

                                I think everyone here will take more of your fics over more FFA
                                features every single time, so I'm glad -- especially when the change
                                requested is to fix what's a minor nit at best.

                                Well, unless you found a way to add a feature to FFA that write
                                Tim-quality stories automatically, and won yourself a Noble prize and
                                a Turing award, but sadly that's unlikely :)
                              • ubereng
                                ... Thanks for the response. Only 2 of us complained about it, in print . So by the standard letters-to-the-editor-versus-victim ration that most
                                Message 15 of 19 , Dec 21, 2010
                                • 0 Attachment
                                  --- In fanficauthors@yahoogroups.com, Tim Joy <jeconais@...> wrote:
                                  >
                                  > If there's enough demand, I'll look at doing something like that when I
                                  > start to write more code. At the moment, I'm in "writing" mode, so am not
                                  > looking at code.
                                  >

                                  Thanks for the response.

                                  Only 2 of us complained about it, in "print". So by the standard letters-to-the-editor-versus-victim ration that most congress-creatures use, that's only 1000 people that mind this behavior -- out of however-many users. (^_^)

                                  But, I think we all agree that it's an annoyance at worst -- perhaps something to add as a low priority to whatever bug/feature tracker you use.

                                  "Writing mode" trumps coding mode every time. Thanks for the site and thanks for the stories.
                                • ubereng
                                  ... Not quite. You need to: (1) Erase the site cookies. (2) Load an author subdomain. (3) Copy and Paste the username and password into the PW manager and
                                  Message 16 of 19 , Dec 21, 2010
                                  • 0 Attachment
                                    --- In fanficauthors@yahoogroups.com, Chris P <chris050987@...> wrote:
                                    >
                                    > It takes 5-10 minutes to open all the individual author pages and log in,
                                    > then whatever password manager you use will helpfully fill in the form when
                                    > you next hit that author page. No reason to make changes :D
                                    >

                                    Not quite.

                                    You need to:
                                    (1) Erase the site cookies.
                                    (2) Load an author subdomain.
                                    (3) Copy and Paste the username and password into the PW manager and click login.
                                    (4) Repeat-all, for 22 authors (more reportedly on the way).

                                    That's about 30 seconds per author, for a total of at least 11 minutes of mindless clicking. Repeat for every different machine you use.

                                    Then do it all again, if/when you change your password.

                                    If you think that 11 minutes (times 3 main machines, for me) is not such a long time, Then get an acquaintance to punch you in the arm twice a minute for 11 minutes -- time slows way, the fark, down.

                                    I suppose I might gin up a Firefox extension to automate the process, but that's at the very bottom of my rainy-day, to-code list. (FFA's the only problem site and updated stories are rather infrequent these days.)
                                  • Mike Fairbanks
                                    Why not just know your login and password and enter it when the subject comes up? That I recall, FFA doesn t have the extreme username and password
                                    Message 17 of 19 , Dec 21, 2010
                                    • 0 Attachment
                                      Why not just know your login and password and enter it when the subject comes up?    That I recall, FFA doesn't have the extreme username and password restrictions that other sites have, meaning you can use your standard and not have a problem remembering it.  Can't say I have ever had a problem logging into FFA despite getting onto it from 4 different computers in the last year.

                                      Mike (MoA)


                                      On Tue, Dec 21, 2010 at 1:36 AM, ubereng <mryahell@...> wrote:
                                       


                                      --- In fanficauthors@yahoogroups.com, Chris P <chris050987@...> wrote:
                                      >
                                      > It takes 5-10 minutes to open all the individual author pages and log in,
                                      > then whatever password manager you use will helpfully fill in the form when
                                      > you next hit that author page. No reason to make changes :D
                                      >

                                      Not quite.

                                      You need to:
                                      (1) Erase the site cookies.
                                      (2) Load an author subdomain.
                                      (3) Copy and Paste the username and password into the PW manager and click login.
                                      (4) Repeat-all, for 22 authors (more reportedly on the way).

                                      That's about 30 seconds per author, for a total of at least 11 minutes of mindless clicking. Repeat for every different machine you use.

                                      Then do it all again, if/when you change your password.

                                      If you think that 11 minutes (times 3 main machines, for me) is not such a long time, Then get an acquaintance to punch you in the arm twice a minute for 11 minutes -- time slows way, the fark, down.

                                      I suppose I might gin up a Firefox extension to automate the process, but that's at the very bottom of my rainy-day, to-code list. (FFA's the only problem site and updated stories are rather infrequent these days.)

                                    • ubereng
                                      ... That is a very, very bad habit to have. Alas it is what I ended up doing with FFA -- since the consequences of my account getting hacked are limited to
                                      Message 18 of 19 , Dec 22, 2010
                                      • 0 Attachment
                                        --- In fanficauthors@yahoogroups.com, Mike Fairbanks <musingsofapathy@...> wrote:
                                        >
                                        > Why not just know your login and password and enter it when the subject
                                        > comes up?

                                        That is a very, very bad habit to have.
                                        Alas it is what I ended up doing with FFA -- since the consequences of my account getting hacked are limited to annoyances and perhaps (more) bad reviews. ;)

                                        I have a different username and password for every site. All of my passwords -- except for FFA's -- look like: "Mmfe(nM5gbFAxARiQqyaK*nHYC1pe@Yto"

                                        Not something I can memorize, times several hundred.
                                      • pfeil
                                        ... For sites with nothing really worth protecting, there s nothing wrong with some easy password (even just 123456) with @sitename at the end. That way it s
                                        Message 19 of 19 , Dec 22, 2010
                                        • 0 Attachment
                                          On Wed, Dec 22, 2010 at 01:01, ubereng <mryahell@...> wrote:
                                          >
                                          > --- In fanficauthors@yahoogroups.com, Mike Fairbanks <musingsofapathy@...> wrote:
                                          >>
                                          >> Why not just know your login and password and enter it when the subject
                                          >> comes up?
                                          >
                                          > That is a very, very bad habit to have.
                                          > Alas it is what I ended up doing with FFA -- since the consequences of my account getting hacked are limited to annoyances and perhaps (more) bad reviews. ;)
                                          >

                                          For sites with nothing really worth protecting, there's nothing wrong
                                          with some easy password (even just 123456) with @sitename at the end.
                                          That way it's too long to brute force, it's protected against
                                          automated attacks on other sites if one is broken, and it's easy to
                                          type.
                                        Your message has been successfully submitted and would be delivered to recipients shortly.