Loading ...
Sorry, an error occurred while loading the content.

Re: Site structure anoyance.

Expand Messages
  • ubereng
    ... Wrong, wrong, and wrong. The sites do not have significant different branding and that s a completely ludicrous and spurious reason to say that
    Message 1 of 19 , Dec 19, 2010
    • 0 Attachment
      --- In fanficauthors@yahoogroups.com, pfeil <pfeilspitze@...> wrote:
      >
      > On Sat, Dec 18, 2010 at 01:27, ubereng <mryahell@...> wrote:
      > >
      > > For future projects or improvements to FFA, please keep that in mind.  It's better to structure the URL's like "http://fanficauthors.net/viridian/", "http://fanficauthors.net/jeconais/", etc.
      > >
      >
      > No, it really isn't. The sites have different branding, so the
      > subdomains is the best choice. FFA correctly sends the auth cookie
      > for .fanficauthors.net, not the subdomain, so you don't need to login
      > to each of them separately.
      >
      > As Ralph said, fix your password manager.
      >
      > Now, because it's essentially a single-sign-on, we can debate whether
      > it would be better to have the login requests as redirects to
      > login.fanficauthors.net, rather than forms on the same url as the
      > story, but that would be a DCR, not a bug.
      >

      Wrong, wrong, and wrong.

      The sites do not have significant "different" branding and that's a completely ludicrous and spurious reason to say that subdomains are better than subfolders, anyway.

      I never said that I had to relogin, once logged in. (Except when logins expire or cookies are deleted)
      The problem comes with following a link to a story on subsite B, but the PW manager only has a record for subsite A. So every time we visit a new subsite, it either has to be within a few days of our last visit (not likely, given the activity level at FFA), or we must dredge up the account credentials and create yet another PW-manger entry for FFA.

      As for fixing my password manager, there is nothing wrong with it, I didn't write it, and it's not the source of the problem -- and as already seen on this thread, others have the same issue.

      Redirecting to login.fanficauthors.net would probably be an acceptable band-aid, but more work than just switching the structure -- which could be as easy as one redirect in the server config. (FFA appears to use Nginx, which I'm not too familiar with).
    • pfeil
      ... Cookies allow the specification of both a domain -- which may or may not be a *. domain -- and a path -- under which they apply -- for good reason. Any
      Message 2 of 19 , Dec 19, 2010
      • 0 Attachment
        On Sun, Dec 19, 2010 at 01:22, ubereng <mryahell@...> wrote:
        >
        > I never said that I had to relogin, once logged in.  (Except when logins expire or cookies are deleted)
        > The problem comes with following a link to a story on subsite B, but the PW manager only has a record for subsite A.  So every time we visit a new subsite, it either has to be within a few days of our last visit (not likely, given the activity level at FFA), or we must dredge up the account credentials and create yet another PW-manger entry for FFA.
        >
        > As for fixing my password manager, there is nothing wrong with it, I didn't write it, and it's not the source of the problem -- and as already seen on this thread, others have the same issue.
        >

        Cookies allow the specification of both a domain -- which may or may
        not be a *. domain -- and a path -- under which they apply -- for good
        reason. Any password manager that can't handle both those things in
        fundamentally broken.

        Different subdomains isn't just a quirk of FFA; It's how sites like
        wikipedia work too. (<fr.wikipedia.org> and <en.wikipedia.org>.)

        And if it doesn't handle paths, then you're just asking for phishing
        attacks on free hosting sites where each hostee gets a different
        subdirectory. If your password manager gives the username and
        password for <hosting.com/goodsite> to <hosting.com/G00DSITE>, then
        your password manager is a security hole.

        >
        > Redirecting to login.fanficauthors.net would probably be an acceptable band-aid, but more work than just switching the structure -- which could be as easy as one redirect in the server config. (FFA appears to use Nginx, which I'm not too familiar with).
        >

        Except that changing the structure also means that autocomplete for
        URLs no longer works as well, and you don't want to have two different
        links for the same thing for SEO reasons.

        And the "different login domain" isn't a "band-aid", it's the right
        way to solve the problem of auth across different sites. Note, for
        example, that going to <gmail.com> takes you to
        <www.google.com/accounts/ServiceLogin>, which then redirects you back
        to <mail.google.com>.
      • pfeil
        ... That s the easy path. The hard part is making sure that all the absolute-path domainless links: Harry Potter Get updated
        Message 3 of 19 , Dec 19, 2010
        • 0 Attachment
          On Sun, Dec 19, 2010 at 01:22, ubereng <mryahell@...> wrote:
          >
          > [...] which could be as easy as one redirect in the server config. (FFA appears to use Nginx, which I'm not too familiar with).
          >

          That's the easy path. The hard part is making sure that all the
          absolute-path domainless links:

          <a href="/Harry_Potter/">Harry Potter</a>

          Get updated properly.

          (And the image references in stories, and...)
        • Tim Joy
          Rule 1 of internet survival: If something gets a visceral reaction, never reply immediately. Subdomains: These are staying. They are the core feature of
          Message 4 of 19 , Dec 20, 2010
          • 0 Attachment
            Rule 1 of internet survival: If something gets a visceral reaction, never reply immediately.

            Subdomains:
            These are staying.  They are the core feature of ffa.net that I "sold" the service to other authors as.  That everyone is equal and everyone has their own subdomain.  If I was told that it was changing to fanficauthors.net/jeconais/ I'd leave the site.  So I'm definitely not doing that.

            Changing to a single login domain:
            This half exists, as www.fanficauthors.net has the account settings as well.  

            The problem comes with the per-domain logins.  As far as I'm aware, these password managers read the current domain, not the target domain, so changing the per-domain code to post to one place isn't going to win anything. 

            Auto redirecting people might work, although I'd have to get around to implementing sessions (*) and storing original domain in there, so that I can always send people back to the right site.

            If there's enough demand, I'll look at doing something like that when I start to write more code.  At the moment, I'm in "writing" mode, so am not looking at code.

            Tim

            * - why, no, I wouldn't use the default session stuff, it's horrid.
          • Chris P
            It takes 5-10 minutes to open all the individual author pages and log in, then whatever password manager you use will helpfully fill in the form when you next
            Message 5 of 19 , Dec 20, 2010
            • 0 Attachment
              It takes 5-10 minutes to open all the individual author pages and log in, then whatever password manager you use will helpfully fill in the form when you next hit that author page. No reason to make changes :D

              On Mon, Dec 20, 2010 at 11:45 AM, Tim Joy <jeconais@...> wrote:
              The problem comes with the per-domain logins

            • Mike Fairbanks
              And, therefore, don t try to distract him. Tim, I think we all really appreciate the site you have created, both from a reader s point of view and from an
              Message 6 of 19 , Dec 20, 2010
              • 0 Attachment
                And, therefore, don't try to distract him.

                Tim, I think we all really appreciate the site you have created, both from a reader's point of view and from an author's point of view, I know I do.

                Mike (MoA)


                On Mon, Dec 20, 2010 at 1:45 AM, Tim Joy <jeconais@...> wrote:
                 


                If there's enough demand, I'll look at doing something like that when I start to write more code.  At the moment, I'm in "writing" mode, so am not looking at code.

                Tim


              • pfeil
                ... I think everyone here will take more of your fics over more FFA features every single time, so I m glad -- especially when the change requested is to fix
                Message 7 of 19 , Dec 20, 2010
                • 0 Attachment
                  On Mon, Dec 20, 2010 at 01:45, Tim Joy <jeconais@...> wrote:
                  >
                  > If there's enough demand, I'll look at doing something like that when I start to write more code.  At the moment, I'm in "writing" mode, so am not looking at code.
                  >

                  I think everyone here will take more of your fics over more FFA
                  features every single time, so I'm glad -- especially when the change
                  requested is to fix what's a minor nit at best.

                  Well, unless you found a way to add a feature to FFA that write
                  Tim-quality stories automatically, and won yourself a Noble prize and
                  a Turing award, but sadly that's unlikely :)
                • ubereng
                  ... Thanks for the response. Only 2 of us complained about it, in print . So by the standard letters-to-the-editor-versus-victim ration that most
                  Message 8 of 19 , Dec 21, 2010
                  • 0 Attachment
                    --- In fanficauthors@yahoogroups.com, Tim Joy <jeconais@...> wrote:
                    >
                    > If there's enough demand, I'll look at doing something like that when I
                    > start to write more code. At the moment, I'm in "writing" mode, so am not
                    > looking at code.
                    >

                    Thanks for the response.

                    Only 2 of us complained about it, in "print". So by the standard letters-to-the-editor-versus-victim ration that most congress-creatures use, that's only 1000 people that mind this behavior -- out of however-many users. (^_^)

                    But, I think we all agree that it's an annoyance at worst -- perhaps something to add as a low priority to whatever bug/feature tracker you use.

                    "Writing mode" trumps coding mode every time. Thanks for the site and thanks for the stories.
                  • ubereng
                    ... Not quite. You need to: (1) Erase the site cookies. (2) Load an author subdomain. (3) Copy and Paste the username and password into the PW manager and
                    Message 9 of 19 , Dec 21, 2010
                    • 0 Attachment
                      --- In fanficauthors@yahoogroups.com, Chris P <chris050987@...> wrote:
                      >
                      > It takes 5-10 minutes to open all the individual author pages and log in,
                      > then whatever password manager you use will helpfully fill in the form when
                      > you next hit that author page. No reason to make changes :D
                      >

                      Not quite.

                      You need to:
                      (1) Erase the site cookies.
                      (2) Load an author subdomain.
                      (3) Copy and Paste the username and password into the PW manager and click login.
                      (4) Repeat-all, for 22 authors (more reportedly on the way).

                      That's about 30 seconds per author, for a total of at least 11 minutes of mindless clicking. Repeat for every different machine you use.

                      Then do it all again, if/when you change your password.

                      If you think that 11 minutes (times 3 main machines, for me) is not such a long time, Then get an acquaintance to punch you in the arm twice a minute for 11 minutes -- time slows way, the fark, down.

                      I suppose I might gin up a Firefox extension to automate the process, but that's at the very bottom of my rainy-day, to-code list. (FFA's the only problem site and updated stories are rather infrequent these days.)
                    • Mike Fairbanks
                      Why not just know your login and password and enter it when the subject comes up? That I recall, FFA doesn t have the extreme username and password
                      Message 10 of 19 , Dec 21, 2010
                      • 0 Attachment
                        Why not just know your login and password and enter it when the subject comes up?    That I recall, FFA doesn't have the extreme username and password restrictions that other sites have, meaning you can use your standard and not have a problem remembering it.  Can't say I have ever had a problem logging into FFA despite getting onto it from 4 different computers in the last year.

                        Mike (MoA)


                        On Tue, Dec 21, 2010 at 1:36 AM, ubereng <mryahell@...> wrote:
                         


                        --- In fanficauthors@yahoogroups.com, Chris P <chris050987@...> wrote:
                        >
                        > It takes 5-10 minutes to open all the individual author pages and log in,
                        > then whatever password manager you use will helpfully fill in the form when
                        > you next hit that author page. No reason to make changes :D
                        >

                        Not quite.

                        You need to:
                        (1) Erase the site cookies.
                        (2) Load an author subdomain.
                        (3) Copy and Paste the username and password into the PW manager and click login.
                        (4) Repeat-all, for 22 authors (more reportedly on the way).

                        That's about 30 seconds per author, for a total of at least 11 minutes of mindless clicking. Repeat for every different machine you use.

                        Then do it all again, if/when you change your password.

                        If you think that 11 minutes (times 3 main machines, for me) is not such a long time, Then get an acquaintance to punch you in the arm twice a minute for 11 minutes -- time slows way, the fark, down.

                        I suppose I might gin up a Firefox extension to automate the process, but that's at the very bottom of my rainy-day, to-code list. (FFA's the only problem site and updated stories are rather infrequent these days.)

                      • ubereng
                        ... That is a very, very bad habit to have. Alas it is what I ended up doing with FFA -- since the consequences of my account getting hacked are limited to
                        Message 11 of 19 , Dec 22, 2010
                        • 0 Attachment
                          --- In fanficauthors@yahoogroups.com, Mike Fairbanks <musingsofapathy@...> wrote:
                          >
                          > Why not just know your login and password and enter it when the subject
                          > comes up?

                          That is a very, very bad habit to have.
                          Alas it is what I ended up doing with FFA -- since the consequences of my account getting hacked are limited to annoyances and perhaps (more) bad reviews. ;)

                          I have a different username and password for every site. All of my passwords -- except for FFA's -- look like: "Mmfe(nM5gbFAxARiQqyaK*nHYC1pe@Yto"

                          Not something I can memorize, times several hundred.
                        • pfeil
                          ... For sites with nothing really worth protecting, there s nothing wrong with some easy password (even just 123456) with @sitename at the end. That way it s
                          Message 12 of 19 , Dec 22, 2010
                          • 0 Attachment
                            On Wed, Dec 22, 2010 at 01:01, ubereng <mryahell@...> wrote:
                            >
                            > --- In fanficauthors@yahoogroups.com, Mike Fairbanks <musingsofapathy@...> wrote:
                            >>
                            >> Why not just know your login and password and enter it when the subject
                            >> comes up?
                            >
                            > That is a very, very bad habit to have.
                            > Alas it is what I ended up doing with FFA -- since the consequences of my account getting hacked are limited to annoyances and perhaps (more) bad reviews. ;)
                            >

                            For sites with nothing really worth protecting, there's nothing wrong
                            with some easy password (even just 123456) with @sitename at the end.
                            That way it's too long to brute force, it's protected against
                            automated attacks on other sites if one is broken, and it's easy to
                            type.
                          Your message has been successfully submitted and would be delivered to recipients shortly.