Loading ...
Sorry, an error occurred while loading the content.

Re: [fanficauthors] Site structure anoyance.

Expand Messages
  • pfeil
    ... No, it really isn t. The sites have different branding, so the subdomains is the best choice. FFA correctly sends the auth cookie for .fanficauthors.net,
    Message 1 of 19 , Dec 18, 2010
    • 0 Attachment
      On Sat, Dec 18, 2010 at 01:27, ubereng <mryahell@...> wrote:
      >
      > For future projects or improvements to FFA, please keep that in mind.  It's better to structure the URL's like "http://fanficauthors.net/viridian/", "http://fanficauthors.net/jeconais/", etc.
      >

      No, it really isn't. The sites have different branding, so the
      subdomains is the best choice. FFA correctly sends the auth cookie
      for .fanficauthors.net, not the subdomain, so you don't need to login
      to each of them separately.

      As Ralph said, fix your password manager.

      Now, because it's essentially a single-sign-on, we can debate whether
      it would be better to have the login requests as redirects to
      login.fanficauthors.net, rather than forms on the same url as the
      story, but that would be a DCR, not a bug.
    • ubereng
      ... (1) I made no demands, just passing on a suggestion -- which also happens to be a best-practice in the development house I manage in. (2) The password
      Message 2 of 19 , Dec 19, 2010
      • 0 Attachment
        --- In fanficauthors@yahoogroups.com, "Ralph S." <ralph.sch@...> wrote:
        >
        > That's not the responsibility of a site author, now is it.
        >
        > Instead of telling Tim to build his site according to YOUR demands, how
        > about configuring your password manager to work with
        > $1.fanficauthors.net instead?
        >

        (1) I made no demands, just passing on a suggestion -- which also happens to be a "best-practice" in the development house I manage in.

        (2) The password manager I use online, and a very popular one it is, does not have that capability. I suspect that many don't.
      • Ralph S.
        (1) I made no demands, just passing on a suggestion -- which also happens to be a best-practice in the development house I manage in. (2) The password
        Message 3 of 19 , Dec 19, 2010
        • 0 Attachment
          (1) I made no demands, just passing on a suggestion -- which also
          happens to be a "best-practice" in the development house I manage in.
          (2) The password manager I use online, and a very popular one it is,
          does not have that capability. I suspect that many don't.
          Given that fanficauthors.net does SSO, I guess something like
          www.fanficauthors.net/login?referer=$(referer) might work, but meh.

          I thought there are more than a few pw-protected sites with lots of
          subdomains, such as *.wikipedia.org, but no idea if they use a login.*.*
          scheme or not.
          Either way, any password manager that does URL matching should also do
          regex matching, or at least support wildcards like *.fanficauthors.net.
          If the one you use is open source, maybe its author could be talked into
          adding such functionality?
        • ubereng
          ... Wrong, wrong, and wrong. The sites do not have significant different branding and that s a completely ludicrous and spurious reason to say that
          Message 4 of 19 , Dec 19, 2010
          • 0 Attachment
            --- In fanficauthors@yahoogroups.com, pfeil <pfeilspitze@...> wrote:
            >
            > On Sat, Dec 18, 2010 at 01:27, ubereng <mryahell@...> wrote:
            > >
            > > For future projects or improvements to FFA, please keep that in mind.  It's better to structure the URL's like "http://fanficauthors.net/viridian/", "http://fanficauthors.net/jeconais/", etc.
            > >
            >
            > No, it really isn't. The sites have different branding, so the
            > subdomains is the best choice. FFA correctly sends the auth cookie
            > for .fanficauthors.net, not the subdomain, so you don't need to login
            > to each of them separately.
            >
            > As Ralph said, fix your password manager.
            >
            > Now, because it's essentially a single-sign-on, we can debate whether
            > it would be better to have the login requests as redirects to
            > login.fanficauthors.net, rather than forms on the same url as the
            > story, but that would be a DCR, not a bug.
            >

            Wrong, wrong, and wrong.

            The sites do not have significant "different" branding and that's a completely ludicrous and spurious reason to say that subdomains are better than subfolders, anyway.

            I never said that I had to relogin, once logged in. (Except when logins expire or cookies are deleted)
            The problem comes with following a link to a story on subsite B, but the PW manager only has a record for subsite A. So every time we visit a new subsite, it either has to be within a few days of our last visit (not likely, given the activity level at FFA), or we must dredge up the account credentials and create yet another PW-manger entry for FFA.

            As for fixing my password manager, there is nothing wrong with it, I didn't write it, and it's not the source of the problem -- and as already seen on this thread, others have the same issue.

            Redirecting to login.fanficauthors.net would probably be an acceptable band-aid, but more work than just switching the structure -- which could be as easy as one redirect in the server config. (FFA appears to use Nginx, which I'm not too familiar with).
          • pfeil
            ... Cookies allow the specification of both a domain -- which may or may not be a *. domain -- and a path -- under which they apply -- for good reason. Any
            Message 5 of 19 , Dec 19, 2010
            • 0 Attachment
              On Sun, Dec 19, 2010 at 01:22, ubereng <mryahell@...> wrote:
              >
              > I never said that I had to relogin, once logged in.  (Except when logins expire or cookies are deleted)
              > The problem comes with following a link to a story on subsite B, but the PW manager only has a record for subsite A.  So every time we visit a new subsite, it either has to be within a few days of our last visit (not likely, given the activity level at FFA), or we must dredge up the account credentials and create yet another PW-manger entry for FFA.
              >
              > As for fixing my password manager, there is nothing wrong with it, I didn't write it, and it's not the source of the problem -- and as already seen on this thread, others have the same issue.
              >

              Cookies allow the specification of both a domain -- which may or may
              not be a *. domain -- and a path -- under which they apply -- for good
              reason. Any password manager that can't handle both those things in
              fundamentally broken.

              Different subdomains isn't just a quirk of FFA; It's how sites like
              wikipedia work too. (<fr.wikipedia.org> and <en.wikipedia.org>.)

              And if it doesn't handle paths, then you're just asking for phishing
              attacks on free hosting sites where each hostee gets a different
              subdirectory. If your password manager gives the username and
              password for <hosting.com/goodsite> to <hosting.com/G00DSITE>, then
              your password manager is a security hole.

              >
              > Redirecting to login.fanficauthors.net would probably be an acceptable band-aid, but more work than just switching the structure -- which could be as easy as one redirect in the server config. (FFA appears to use Nginx, which I'm not too familiar with).
              >

              Except that changing the structure also means that autocomplete for
              URLs no longer works as well, and you don't want to have two different
              links for the same thing for SEO reasons.

              And the "different login domain" isn't a "band-aid", it's the right
              way to solve the problem of auth across different sites. Note, for
              example, that going to <gmail.com> takes you to
              <www.google.com/accounts/ServiceLogin>, which then redirects you back
              to <mail.google.com>.
            • pfeil
              ... That s the easy path. The hard part is making sure that all the absolute-path domainless links: Harry Potter Get updated
              Message 6 of 19 , Dec 19, 2010
              • 0 Attachment
                On Sun, Dec 19, 2010 at 01:22, ubereng <mryahell@...> wrote:
                >
                > [...] which could be as easy as one redirect in the server config. (FFA appears to use Nginx, which I'm not too familiar with).
                >

                That's the easy path. The hard part is making sure that all the
                absolute-path domainless links:

                <a href="/Harry_Potter/">Harry Potter</a>

                Get updated properly.

                (And the image references in stories, and...)
              • Tim Joy
                Rule 1 of internet survival: If something gets a visceral reaction, never reply immediately. Subdomains: These are staying. They are the core feature of
                Message 7 of 19 , Dec 20, 2010
                • 0 Attachment
                  Rule 1 of internet survival: If something gets a visceral reaction, never reply immediately.

                  Subdomains:
                  These are staying.  They are the core feature of ffa.net that I "sold" the service to other authors as.  That everyone is equal and everyone has their own subdomain.  If I was told that it was changing to fanficauthors.net/jeconais/ I'd leave the site.  So I'm definitely not doing that.

                  Changing to a single login domain:
                  This half exists, as www.fanficauthors.net has the account settings as well.  

                  The problem comes with the per-domain logins.  As far as I'm aware, these password managers read the current domain, not the target domain, so changing the per-domain code to post to one place isn't going to win anything. 

                  Auto redirecting people might work, although I'd have to get around to implementing sessions (*) and storing original domain in there, so that I can always send people back to the right site.

                  If there's enough demand, I'll look at doing something like that when I start to write more code.  At the moment, I'm in "writing" mode, so am not looking at code.

                  Tim

                  * - why, no, I wouldn't use the default session stuff, it's horrid.
                • Chris P
                  It takes 5-10 minutes to open all the individual author pages and log in, then whatever password manager you use will helpfully fill in the form when you next
                  Message 8 of 19 , Dec 20, 2010
                  • 0 Attachment
                    It takes 5-10 minutes to open all the individual author pages and log in, then whatever password manager you use will helpfully fill in the form when you next hit that author page. No reason to make changes :D

                    On Mon, Dec 20, 2010 at 11:45 AM, Tim Joy <jeconais@...> wrote:
                    The problem comes with the per-domain logins

                  • Mike Fairbanks
                    And, therefore, don t try to distract him. Tim, I think we all really appreciate the site you have created, both from a reader s point of view and from an
                    Message 9 of 19 , Dec 20, 2010
                    • 0 Attachment
                      And, therefore, don't try to distract him.

                      Tim, I think we all really appreciate the site you have created, both from a reader's point of view and from an author's point of view, I know I do.

                      Mike (MoA)


                      On Mon, Dec 20, 2010 at 1:45 AM, Tim Joy <jeconais@...> wrote:
                       


                      If there's enough demand, I'll look at doing something like that when I start to write more code.  At the moment, I'm in "writing" mode, so am not looking at code.

                      Tim


                    • pfeil
                      ... I think everyone here will take more of your fics over more FFA features every single time, so I m glad -- especially when the change requested is to fix
                      Message 10 of 19 , Dec 20, 2010
                      • 0 Attachment
                        On Mon, Dec 20, 2010 at 01:45, Tim Joy <jeconais@...> wrote:
                        >
                        > If there's enough demand, I'll look at doing something like that when I start to write more code.  At the moment, I'm in "writing" mode, so am not looking at code.
                        >

                        I think everyone here will take more of your fics over more FFA
                        features every single time, so I'm glad -- especially when the change
                        requested is to fix what's a minor nit at best.

                        Well, unless you found a way to add a feature to FFA that write
                        Tim-quality stories automatically, and won yourself a Noble prize and
                        a Turing award, but sadly that's unlikely :)
                      • ubereng
                        ... Thanks for the response. Only 2 of us complained about it, in print . So by the standard letters-to-the-editor-versus-victim ration that most
                        Message 11 of 19 , Dec 21, 2010
                        • 0 Attachment
                          --- In fanficauthors@yahoogroups.com, Tim Joy <jeconais@...> wrote:
                          >
                          > If there's enough demand, I'll look at doing something like that when I
                          > start to write more code. At the moment, I'm in "writing" mode, so am not
                          > looking at code.
                          >

                          Thanks for the response.

                          Only 2 of us complained about it, in "print". So by the standard letters-to-the-editor-versus-victim ration that most congress-creatures use, that's only 1000 people that mind this behavior -- out of however-many users. (^_^)

                          But, I think we all agree that it's an annoyance at worst -- perhaps something to add as a low priority to whatever bug/feature tracker you use.

                          "Writing mode" trumps coding mode every time. Thanks for the site and thanks for the stories.
                        • ubereng
                          ... Not quite. You need to: (1) Erase the site cookies. (2) Load an author subdomain. (3) Copy and Paste the username and password into the PW manager and
                          Message 12 of 19 , Dec 21, 2010
                          • 0 Attachment
                            --- In fanficauthors@yahoogroups.com, Chris P <chris050987@...> wrote:
                            >
                            > It takes 5-10 minutes to open all the individual author pages and log in,
                            > then whatever password manager you use will helpfully fill in the form when
                            > you next hit that author page. No reason to make changes :D
                            >

                            Not quite.

                            You need to:
                            (1) Erase the site cookies.
                            (2) Load an author subdomain.
                            (3) Copy and Paste the username and password into the PW manager and click login.
                            (4) Repeat-all, for 22 authors (more reportedly on the way).

                            That's about 30 seconds per author, for a total of at least 11 minutes of mindless clicking. Repeat for every different machine you use.

                            Then do it all again, if/when you change your password.

                            If you think that 11 minutes (times 3 main machines, for me) is not such a long time, Then get an acquaintance to punch you in the arm twice a minute for 11 minutes -- time slows way, the fark, down.

                            I suppose I might gin up a Firefox extension to automate the process, but that's at the very bottom of my rainy-day, to-code list. (FFA's the only problem site and updated stories are rather infrequent these days.)
                          • Mike Fairbanks
                            Why not just know your login and password and enter it when the subject comes up? That I recall, FFA doesn t have the extreme username and password
                            Message 13 of 19 , Dec 21, 2010
                            • 0 Attachment
                              Why not just know your login and password and enter it when the subject comes up?    That I recall, FFA doesn't have the extreme username and password restrictions that other sites have, meaning you can use your standard and not have a problem remembering it.  Can't say I have ever had a problem logging into FFA despite getting onto it from 4 different computers in the last year.

                              Mike (MoA)


                              On Tue, Dec 21, 2010 at 1:36 AM, ubereng <mryahell@...> wrote:
                               


                              --- In fanficauthors@yahoogroups.com, Chris P <chris050987@...> wrote:
                              >
                              > It takes 5-10 minutes to open all the individual author pages and log in,
                              > then whatever password manager you use will helpfully fill in the form when
                              > you next hit that author page. No reason to make changes :D
                              >

                              Not quite.

                              You need to:
                              (1) Erase the site cookies.
                              (2) Load an author subdomain.
                              (3) Copy and Paste the username and password into the PW manager and click login.
                              (4) Repeat-all, for 22 authors (more reportedly on the way).

                              That's about 30 seconds per author, for a total of at least 11 minutes of mindless clicking. Repeat for every different machine you use.

                              Then do it all again, if/when you change your password.

                              If you think that 11 minutes (times 3 main machines, for me) is not such a long time, Then get an acquaintance to punch you in the arm twice a minute for 11 minutes -- time slows way, the fark, down.

                              I suppose I might gin up a Firefox extension to automate the process, but that's at the very bottom of my rainy-day, to-code list. (FFA's the only problem site and updated stories are rather infrequent these days.)

                            • ubereng
                              ... That is a very, very bad habit to have. Alas it is what I ended up doing with FFA -- since the consequences of my account getting hacked are limited to
                              Message 14 of 19 , Dec 22, 2010
                              • 0 Attachment
                                --- In fanficauthors@yahoogroups.com, Mike Fairbanks <musingsofapathy@...> wrote:
                                >
                                > Why not just know your login and password and enter it when the subject
                                > comes up?

                                That is a very, very bad habit to have.
                                Alas it is what I ended up doing with FFA -- since the consequences of my account getting hacked are limited to annoyances and perhaps (more) bad reviews. ;)

                                I have a different username and password for every site. All of my passwords -- except for FFA's -- look like: "Mmfe(nM5gbFAxARiQqyaK*nHYC1pe@Yto"

                                Not something I can memorize, times several hundred.
                              • pfeil
                                ... For sites with nothing really worth protecting, there s nothing wrong with some easy password (even just 123456) with @sitename at the end. That way it s
                                Message 15 of 19 , Dec 22, 2010
                                • 0 Attachment
                                  On Wed, Dec 22, 2010 at 01:01, ubereng <mryahell@...> wrote:
                                  >
                                  > --- In fanficauthors@yahoogroups.com, Mike Fairbanks <musingsofapathy@...> wrote:
                                  >>
                                  >> Why not just know your login and password and enter it when the subject
                                  >> comes up?
                                  >
                                  > That is a very, very bad habit to have.
                                  > Alas it is what I ended up doing with FFA -- since the consequences of my account getting hacked are limited to annoyances and perhaps (more) bad reviews. ;)
                                  >

                                  For sites with nothing really worth protecting, there's nothing wrong
                                  with some easy password (even just 123456) with @sitename at the end.
                                  That way it's too long to brute force, it's protected against
                                  automated attacks on other sites if one is broken, and it's easy to
                                  type.
                                Your message has been successfully submitted and would be delivered to recipients shortly.