denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_biz2010-10-21 02:18 am

RFC: Multiple Account Model

So, one of the things we want to do -- and it's a project that has gotten some developer interest lately -- is make it so that you can associate/link accounts together, so (for instance) you can switch to commenting or posting as your alternate/secondary/fic/RP/whatever journal more easily than logging out and logging back in. We've done some work to spec the problem, but I figured it would be time to toss it out to you guys here and see what other things we've forgotten to think of and what use cases we don't know about yet!

More discussion on the problem can be found at Bug 76. Here are two of the documents that have been written to try to "spec out" the project. Please read them over if you have a chance, and give your feedback.



Draft spec, written by cesy

From one of the manage settings pages, have "manage secondary accounts"

On new manage secondary accounts page, have:
Create a new secondary account - standard flow, but is automatically already connected, and gets created with all the same settings as your primary account
Link an existing account to this one (requires password to the other account)
Unlink one of the secondary accounts from the primary account (has a large and obvious "Are you sure about that?" message)
An option to show/hide links between accounts - can display list of secondary accounts on primary profile, and link to primary profile on secondary profiles
An option to select which account is the primary journal - the primary journal will be default on things like the update page and when commenting

Other pages that will need updating:

Shop - as well as "buy paid time for me" and "buy paid time for another user", need "buy paid time for my secondary account(s)" (which might be discounted)

Edit profile drop-down should list all secondary accounts, as should customize style, manage filters, edit userpics, etc.

Update.bml needs both "post to journal" drop-down (includes all comms and all accounts) and "post as" drop-down (which is disabled if the secondary account can't post to that comm, and defaults to match the journal selected). "Post as" doesn't display unless you have secondary journals.

All comment boxes would need a drop-down to choose who to work as. Ideally this would show normally, not require clicking the "Other"/"More options" button. This should also not display for people who don't have secondary journals.

On options/settings pages, at the bottom, instead of just "Save", have "Save for this journal" and "Save for all journals" (but only if the user has a secondary journal, otherwise leave it as just "Save".)

Other notes:

If someone has given access to any one of your accounts, and you go to their journal, you see the locked entries.
If someone has given access to only one of your accounts, and you subscribe to them from another account, what happens when you look at the reading page of that account? Do you see the locked entries or not?

If you click to subscribe, unsubscribe, grant or remove access or join or leave a community and you get the usual confirmation page, that should include a "Do this as which account?" thing.
The pop-up hover menus should behave as usual for the main account, and ignore secondary accounts.

Can secondary accounts have different email addresses?

Creating a secondary account should require an invite code?

Have a careful think about transferring a secondary account from one primary account to another.




Further considerations, written by tyggerjai


Goal: To streamline management of multiple journals and journal features for a single user account. Mostly involving addition of “Manage accounts” interface, but with implications for ban settings, reading pages, and access lists.


Background:
[A note on terminology: Part of the current issue is that there is a conflation of a “journal” with an “account”. An “account” represents a human being, but it has become obvious that many DW users want and have multiple journals. This entire project stems from the fact that accounts and journals, while historically identical, are de facto different things. Discussion of which things are “account” based (login, killfiles, subscription, access to someone else's journal) and which things are “journal” based (tags, entries, access to read one of my journals) are probably beyond scope for this bug (although see “Potential problems” at the end). I shall use the term “journal” in this document unless I wish to make a point about the distinction, because at the moment, journal is the paradigm we have to work with.]

Annabel has a Dreamwidth journal – dw_annabel – which she started when she first found Dreamwidth. It has mostly personal updates about her life, but she doesn't talk about her work. Mostly because her mother reads the dw_annabel journal, and rather than maintain access lists, or risk having her mother find out what she actually does for a living, Annabel maintains another journal for her work stories – work_annabel. Recently, Annabel has discovered the joy of writing speculative fiction, so she has started another journal, fic_annabel, for working on a novel. She's co-writing it with her friend Boris, so Boris also has the password for that journal. Annabel is growing increasingly weary of constantly logging in and out to post on various journals, and she would like the following:

1)When she is logged in as “dw_annabel”, which she considers her “primary” account, she'd like to be able to manage all her journals from the management interface. Everything she can do to dw_annabel (style, circle management, privacy management, etc), she wants to do from one central screen as dw_annabel. It'd even be nice if she could choose to apply to things like screenings to all her journals at once, although she'd need to be able to change settings per-journal as well.

2)She'd like to be able to subscribe to some other journals via her personal journal, and some via her work journal (so that her mother never knows about them!). But she'd like to read them on the same page – one central reading page. She'd still like to be able to filter, though – for her fiction, sometimes she just wants to read fic_annabel's reading page.

3)Similarly, when she's reading as dw_annabel, she would like to read any post that has given access to her work_annabel or fic_annabel journals.

4)She'd like a link to the fic_annabel journal to show up on the profile for dw_annabel, and vice versa, as being her journals. But under no circumstances should her mother be able to discover a connection between dw_annabel and work_annabel!

5)Recently, she had someone making unpleasant comments in fic_annabel, and has banned them. She'd like that ban to be applied across all her journals – fic_annabel, dw_annabel and work_annabel. Just in case. But she'd also like to be able to revoke that ban just on fic_annabel, in case it turns out she's banned Boris.

6)When she goes to make a post she definitely needs to be able to choose which journal to post to. When she goes to leave a comment in she needs to be able to choose whether it shows up as a post from dw_annabel, fic_annabel, or annabel_work. She doesn't want to “log in” as fic_annabel – fic_annabel isn't a person, and she can do everything she needs to do to manage the fic_annabel journal as dw_annabel.

7)She can see a day, possibly soon, when she will grow weary of the fic_annabel story. She'd like to know that when the time comes, she can hand it off to Boris and untangle herself from it.

8)When she does that, she'll probably want to start another journal for her own fiction. She should be able to do that as dw_annabel, give it a new name, and start using it, without ever having to log in, log out, or otherwise manually tell the DW system that she owns it.

That's about all Annabel wants to do, really....

Skillsets: Everything and then some. This is backend, frontend, graphical, UX, business, scalability, and some things I haven't thought of yet.

Requirements:
[Another note on terminology. “Link” is somewhat overloaded here, since it can refer either to a managerial connection between to accounts, or a visible “a href=” on a profile page. I'll reserve “link” for the visible connection, and use “associate” for the higher level managerial connection.]

1)The project MUST provide a method of associating journals, with a single signon to edit and maintain them. Whether we call it “primary/secondary”, or “one account, many journals”, the heart of this project is the ability to log in as dw_annabel and modify fic_annabel and work_annabel. That has two components:

a) Migration of existing journals. It MUST be possible for a user with multiple journals to declare one of them a “primary” journal, and associate other existing journals with it.

b) Creation of future journals. It SHOULD be possible, once this project is implemented, to create journals with automatic association to an existing primary. (NB. This is a should because migration is a must, and if we have that, users can create and then migrate. Realistically, though, it's a “really should”.)

2)The project MUST provide a method for managing linked journals from a single central interface. This interface MUST replicate the current management functionality for each associated journal without requiring log out/log in for that journal account, if the user is logged in with their primary account credentials. This interface SHOULD provide the ability to apply changes to multiple journals at once, but if it does so, it MUST retain the ability to override settings on a per-journal basis.

3)The project SHOULD provide a single central reading page for the primary account, which will incorporate all journals to which all associated journals are subscribed. Such an interface SHOULD include locked posts to which any associated journal has access. However, if such an interface is present, it MUST be possible to filter that reading page on a per journal basis (i.e., if a user should be able to remove a given journals subscriptions from that central page). The project MUST maintain individual journal reading lists [that's more for backwards compatibility and privacy – I can currently go to work_annabel and see that reading list. It shouldn't suddenly show me dw_annabel's reading list.]

4)The project SHOULD allow a user to declare associations between journals as “Public” or “Private”. For “Public” associations, links SHOULD be shown on the profile pages of associated journals. Whether this is implemented or not, the project MUST NOT allow other users to see evidence of association between journals UNLESS the owner has explicitly declared the association public.

5)The project SHOULD allow a user to implement bans that apply to all associated journals. If implemented, this feature MUST allow a user to then rescind any given ban on any individual journal.

6)The project SHOULD implement the ability to easily select a journal to post TO when updating. The project SHOULD implement the ability to easily choose a journal to past AS when commenting on a journal. [Note: These are only shoulds because we will almost certainly retain the account/journal conflation, and therefore in theory it's possible to log out and in again. I think the focus of this bug is really the management, and this posting interface is gravy, but it's important gravy]. If implemented, the commenting interface SHOULD restrict the choice to journal identities with commenting privileges, and MUST NOT allow journal identities to comment when they are not privileged to do so. That is, if journal annabels_friend has restricted commenting access, and allows comments only from dw_annabel, the interface MUST NOT allow annabel to comment as fic_annabel or work_annabel.

7)The project SHOULD implement a mechanism for removing an associated journal. Once removed, a journal will behave like any other non-associated journal.

8)The project MAY implement the ability to “sub-associate” journals with other users. That is, while ultimate control of the account rests with the creator, they can grant other users the ability to post to the journal, or post as the journal identity, change settings, etc, without giving the other user password access. The other user MUST NOT inherit access to posts that the journal identity has been granted. (i.e., Annabel gives Boris post and edit privs to fic_annabel. Boris's reading list still does not contain items from fic_annabel's subscriptions, nor can he see items to which fic_annabel has been granted. He can, however, post as fic_annabel ). See “Potential problems” :)


Potential Problems: Where do I start? On the bright side, I think most of our problems are social rather than technical.

1)Migrating accounts. I included the shared account with Boris for a reason. Let's say we're as restrictive as possible, and the following is required to migrate an account:

a) You must have access to both email addresses, to reply to “confirm” emails. You must know the password for both accounts.

Ok. But Boris has the password, and the email address for that account is a shared one. So even once Annabel has migrated, Boris can just remigrate it. This is a problem with the existing paradigm – because journals and accounts are the same, passwords are the only control mechanism. There's no way of knowing Annabel created the account. I think that for the moment we put this in the “too hard” basket, and say “Social problem, sort it out yourselves”. We lock it down so you can only migrate an account if you have both passwords, and can respond to emails sent to both accounts. There's really not much else we can do. ( as an aside, this is the classic example of why the “single account, multiple journals” is a better long-term paradigm, but this is almost a de facto implementation of that). After a journal has been migrated, do we have a complaints resolution process for Boris to say “Hey, she stole my journal”? I don't know that we need one – what's our current procedure for people sharing passwords and then one of them changing it to lock someone else out?

2)To be honest, everything else just looks like hard work. We really, really have to make sure that the commenting interface enforces identity restriction. If you have a locked post that tyggerjai can comment on, we DO NOT let tyggerdev comment on it, even though they're the same “person”. That's the ultimate UX nono, as far as I can see.

3)Oh. Sub-association. That's down the end as a “may” because although it's a huge, huge advantage that the “Association” paradigm has over the password paradigm, it's the biggest can of worms. It's almost a whole other specification on its own. But the main points, I think, are there. Give Boris edit/post access, but restrict privacy inheritance to the original owner. There's one massive thing preventing the implementation of subassociation, though, and that's what happens if Annabel then removes her association with fic_annabel. Does Boris then inherit the access as the new owner? Does dw_annabel keep the access, and if so, with which journal do we associate it? None of this is worse than our existing paradigm with passwords – in fact, it's a lot better, because if we do need to, we can suspend fic_annabel's access to everything, send emails out to people who have given fic_annabel access saying “This journal is changing owner! If you know the new owner and you're cool with it, click here to retain their access rights. If you don't know the new owner, click here to send an email to the old owner, so they can get in touch with you to arrange new access. Or, if this is freaking you out, click here to revoke the journal's access to your journal for good.”. But this is exactly the kind of thing that makes users nervous, and that we have to have a plan for. So at the moment, it's an itty bitty “may”, and if users want to hand a journal over to someone else, they can disassociate, give the new owner the email, and move on from there. But I think we may still need to handle the access notification in that case, simply because by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine! “

4)Actually, all of that, again, regardless of subassociation: by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine!”. Which, of course, we're not – journals will still have passwords, and other people may still know them. We could go all the way, and break the map between journals and accounts once and for all, so journals don't have passwords, but that's a much bigger project, I think.

5)Preselecting identities to comment as based on a post's access rules is going to suck. Just saying :)

Anyway. This section should probably be much longer, but I've left it as an Exercise For The Reader, since you know your community better than I do at the moment. I think the biggest problems are social – that associating journals with users sets up an interesting disconnect – if I give tyggerdev access because I've read it and I'm interested in the dev stuff, then if the owner of tyggerdev decides he's sick of coding, but gives the journal to someone else, I don't really care. I had no investment in the person. On the other hand, maybe I did – maybe I gave tyggerdev access to my journal because I know the owner. So then when he gives it away, I'm shattered! I don't know this person! What's going on!? Again, it's no worse than the existing password-sharing shenanigans in terms of actual security, only in terms of perception. And it's only a problem ever if we let people give journals away.


So! What thoughts does this inspire in you?
weaverbird: (OMG Squee)

[personal profile] weaverbird 2010-10-21 07:13 am (UTC)(link)
see icon. *g*

I can't think of anything to add to the points in your post, but I will definitely be daydreaming about it and will come back to add my two cents if I do.
somnolentblue: statue of a woman from the waist up (Default)

[personal profile] somnolentblue 2010-10-21 07:14 am (UTC)(link)
I haven't read this through closely, for I ought to be doing things that are not reading dw, but SO EXCITED!!!!! Especially since the question of sub-association is being looked at (although I could completely see this being excessively complicated and fraught with problems), since I have a some shared admin accounts.

Mostly, I'm doing the flappy hands of glee.
speedblitz: (Default)

[personal profile] speedblitz 2010-10-21 07:15 am (UTC)(link)
I have... at least thirteen Dreamwidth journals at the moment, most of them for the purpose of RP. The one thing that I would really need implemented in a multiple account feature like this would be the ability to choose a different account's various userpics when I comment. It does me no good to "post as this account" while still logged in to my main if I can't choose icons on my secondary... which is mostly the point of logging into those secondaries to post anyway. Otherwise I'd just use the "post as a different account" feature. :)
farasha: (Default)

[personal profile] farasha 2010-10-21 12:41 pm (UTC)(link)
I should have known you guys were already looking into this!

I wanted to thank you for always taking into consideration the varying needs of all the members of your service, including the fandom-y sector. Y'all really are the best.

(Still [personal profile] speedblitz, by the way.)
ilyena_sylph: picture of Labyrinth!faerie with 'careful, i bite' as text (Default)

[personal profile] ilyena_sylph 2010-10-21 05:00 pm (UTC)(link)
I ♥ you so much for being on top of that.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 02:22 pm (UTC)(link)
Yeah, that sounds important. If we can do it without cluttering the UI too much, here's my thinking:

The main "post as" selector lists your alternatives, and if you change who you're posting as, it assumes you want the default icon, etc. That way, we don't have to do much for what I suspect is a common case. But when you change, you also get the option to fetch icons/moods/etc for the new identity.

Preloading icons and moods for multiple identities would suck, resource-wise. This adds an extra step, but it doesn't need to be too intrusive, and it's still easier than switching to another account entirely.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 07:16 am (UTC)(link)
I don't understand any of the Boris stuff. I think for a collaboration, people should make a community. No giving away of passwords or journals. o.O

To me - and I have a feeling this may turn out to be an unpopular opinion - it's not important or necessary at all to be able to look at all of the associated journals' reading pages merged into one. If it's easy enough to switch to 'working as' one of your other journals (i.e., you don't have to log out and log in again), then you can just switch to another and look at that journal's own reading page. It's not that big of a deal and will even save on confusion as to which account you're working as/with/through/whatever at the moment.

I don't see much fiddling around required in terms of people giving/having access either... It's not really a time intensive process to grant access, subscribe, unsubscribe, or remove access. If the person has made it public on their profile that they have these other journals, too, then you can just choose to do that or not (from your primary account or all of your accounts, haha). If the person doesn't want it known that all of these journals belong to them, I don't see why they'd be multiply subscribed to the same journals and communities; but maybe that is just me. So, I guess, that is my way of saying: if you're looking at someone's journal while 'working as' a journal of your own that doesn't have access to their locked posts, then NO, you can't see those posts; scroll up to the top and switch to working as the journal that does have access. (They may not even like your alter ego. If they knew it was you, maybe you wouldn't have access on any journal. lol)

And I don't see why you would want to save a draft post for 'all journals'. Again, maybe that is just me. I'd expect 'save' and 'save to' and then you get to pick which journal to save the draft for... unless, as has become my theme here, it saves to whichever journal you are working as at the moment. Then there is no need for any new option at all.

I'm glad you're very clear that it needs to be optional whether there's any public association between accounts, at the discretion of the human who owns them. That's no less than I'd expect from you guys. :)

All of the stuff about it showing you only the options each journal has privileges for is very shiny. I'm confident you'll work it out well. (Sounds like a lot of work, too.)

I would hope there'd be an easy way (or faster way) to link journals created with the same email address, than for a person who used different email addresses for each journal. Like, once the changes were all implemented, people who'd created more than one journal with the same email address received an email/inbox notification from DW asking if they want to 'associate' them.

I'll be really curious to see what's developed as far as the shop (i.e., payment options) goes. Discounts would be great. A simple, clean way to take care of all your accounts at once (should you choose to do so) will be cool in its own right.

Thanks for working on this! You guys rock! :D
Edited (typo) 2010-10-21 07:21 (UTC)
speedblitz: (Silly happy face)

[personal profile] speedblitz 2010-10-21 07:26 am (UTC)(link)
Well, the Boris scenario is better explained with role-playing communities, where you have one NPC or mod journal that all the moderators need to access. So the option of associating a journal with multiple mains is really attractive for that purpose.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 07:51 am (UTC)(link)
Ohhhh. Yeah, I have no experience with that at all. lol (That's why I kept adding 'maybe it's me'. I figure other people use their journals in ways I can't imagine.)

Is there a reason that one mod journal is a single journal instead of a community (or all the mods having their own journals)?

[ Please note: I'm not even sure my question makes sense, since I don't really know how RP-ing works. lol ]
amadi: A bouquet of dark purple roses (Default)

[personal profile] amadi 2010-10-21 08:17 am (UTC)(link)
Simplest answer: because a community can't post comments. And while the names of the mods of a community are usually known, sometimes it's important to present the unified front of "the moderators are performing this action, as a body" under the mod account (with the understanding that none of the mods would use that account without accord) rather than as an individual mod, to avoid grudgewank or efforts to pit one against the other or other sticky political nonsense that sometimes arises when people's creative output is on the line and passions run high.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 09:22 am (UTC)(link)
Oh, I see! Yes, that does make sense now. Hmmm...

That does make things more complicated, doesn't it? (In terms of this discussion about associating journals.)

Have to say, I'm not surprised that the people working on implementing this are already taking this into consideration. We're all in good hands here. :D

Thanks for the explanation!
existence: tj+amal from the adventures of tj and amal (keep my balance)

[personal profile] existence 2010-10-21 09:17 am (UTC)(link)
Think of it this way: in some LJ codebased RP models, there are a great many players who are POSTERS in one community, each having their own account, and there are moderators. And in the LJ model, communities cannot mod communties, as far as I know, so...

If this is helpful, I'm sure I or someone else can keep explaining LJ journal rp structure stuff.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 09:26 am (UTC)(link)
Thank you so much for replying. Your comment and the one above made it clear. :)

I can see now why people would be so concerned, and I'm glad (but not surprised) people working on this are already thinking it through from that perspective. It is a bit tricky.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 09:33 am (UTC)(link)
lol I have complete faith it'll be stellar when it's all said and done and live on the site. This place is the collective 'well organized mind'. :D
amai_kaminari: minekura beer, icon by amai-kaminari (Default)

[personal profile] amai_kaminari 2010-10-21 12:39 pm (UTC)(link)
Hi Denise:

I run an RP community with multiple mods. I was wondering if there is a way we can have multiple mod accounts, but with a single "display" username? (I was thinking that you could create "display" username by concatenating the community name with the word "_mod"?)

1. Currently, in order for someone to be a mod for my community, I have to check the Administrator checkbox on the Community Members page.
2. Once someone has been identified as an Administrator, they are granted Admin level permissions.
3. Is there any way for Admins to get a "Post as Mod" checkbox as part of the "Post an Entry" functionality which changes the account username to a community mod "display" username?

For example:

1. Let's say I have a user account, DWFan1, who is an Administrator for a community called IHeartDW.
2. When DWFan1 posts to the IHeartDW, she can either post as herself or select the "Post as Mod" checkbox.
3. If she selects the "Post as Mod" checkbox, her username shows up as IHeartDW_mod in the post.

Thoughts?
amai_kaminari: minekura beer, icon by amai-kaminari (Default)

[personal profile] amai_kaminari 2010-10-21 01:10 pm (UTC)(link)
Thanks for your speed-of-light reply!

If I can change my username to Community Name_mod for specific posts, I think that would help a lot. :)

Thanks for the link. I like the idea of a "mod hat" icon a lot! :) I wonder if there is a way to override the header background color and header font color for admin posts... so as part of the css, there is a header background color and header font color for community posts and a separate one for mod posts?

Thank you for being willing to talk to us. :)

(And for the record, I do HEART DW! ^______^ )


stormy: ❪ 𝐍𝐎𝐓𝐈𝐂𝐄 ❫ 𝑫𝑶 𝑵𝑶𝑻 𝑻𝑨𝑲𝑬 𝑴𝒀 𝑰𝑪𝑶𝑵𝑺 ⊘ (Default)

Additional Comments Added

[personal profile] stormy 2010-10-21 03:36 pm (UTC)(link)
I wonder if there is a way to override the header background color and header font color for admin posts... so as part of the css, there is a header background color and header font color for community posts and a separate one for mod posts?

This would be nice to have on the site scheme as well for comments posted with the mod hat. It would be really simple to include a universal class that modifies how the comment looks - an actual border, different background, or some sort of MODERATOR graphic, on comment and entry pages displayed in the site schemes. Leaving everything up to the journal CSS is great - when you're viewing the journal in that journal style, but it'd be nice to make the distinction further and without needing people to know CSS, tie it into "post as moderator" etc.

I'm thinking of something very similar to the way the .active class works in http://www.dreamwidth.org/inbox/. You could even use the same colors that the site schemes use or something like a yellow highlight marker in a not blinding color. Something like a post it note's color wouldn't be too bad.

For example. say I had a mod hat for this community and replied to this entry with a moderator status. It'd be nice for the comment and collapsed comment to have a different background, a single lined border. Sort of like an entry highlight. I love the idea of the 'mod hat' not being tied to an account as a whole, but rather a posting status. There are times when people want to speak as a moderator, and times when their thoughts and feelings are separate.

Additional thoughts: Re: Mod Hat

You know, having an authenticated Anonymous or General Mod Hat would be excellent too. Something that shows the mod hat, but hides which moderator is making the announcement. It's still authenticated, but could be another check box when posting. Say, for instance [profile] community had [profile] user1 and [profile] user2 as moderators. User 1 could post an entry and select the General/Anonymous Mod Hat, and it'd be posted as Community Moderators (but I would highly encourage that a screened or invisible comment of posted by [profile] user1 be visible as footer in the post/comment so that other moderators would know who posted it. Another option, because I really don't love the format of [personal profile] community_mod as a combined automatic username - someone (somewhere!) mentioned having an automatic _mod ending and I cringed.

Really, anything that helps make sharing journals less common is A+ with me.
Edited (More info!) 2010-10-21 20:06 (UTC)
tyggerjai: (Default)

Re: Additional Comments Added

[personal profile] tyggerjai 2010-10-21 08:12 pm (UTC)(link)
I hadn't seen the mod hat suggestion before, but it's fascinating me. And yeah, there are two models - hat and mask. In one of them, you know it's user X but you also know they're posting as a moderator. In the other, you just know it's some moderator. It is orthogonal, but I'm quite intrigued by it.
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

Re: Additional Comments Added

[personal profile] azurelunatic 2010-10-22 12:21 am (UTC)(link)
It would probably be _admin, in any case, because "mod" is just commonly-understood terminology, rather than official. "Moderator" is "has powers over the moderation queue".
stormy: ❪ 𝐍𝐎𝐓𝐈𝐂𝐄 ❫ 𝑫𝑶 𝑵𝑶𝑻 𝑻𝑨𝑲𝑬 𝑴𝒀 𝑰𝑪𝑶𝑵𝑺 ⊘ (🆄 _____________________________)

[personal profile] stormy 2010-10-22 01:14 am (UTC)(link)
_admin seems like it could be confusing as well because per profile, the Moderators and Maintainers are both under Administration.

For aesthetic reasons, I don't prefer to have underscores in my own user names, so I would probably refrain from using the feature if I had to have that added, though I recognize it is definitely the easiest version to mask/add anonymity a community moderator, though I wouldn't have been beyond specifying an anonymous account name, either. I could see where that might fail considering it would 1) take up an additional name on the server, and 2) would have to have the ability to be deleted to free up said name, where a _mod/_admin tag is just like a _feed, and much easier to track and not to confuse.

Curiously, I wonder how the mod hat were to operate if, say, there were multiple communities and you wanted the same mod account to be able to respond to all of them?

Like say I have a roleplay community [profile] community, an ooc community for it [profile] community_ooc, and a logs community [profile] community_logs: It could get very tedious if I had to deal with [profile] community_ooc_admin, [profile] community_logs_admin, [profile] community_admin respectively. I wonder how those will be handled.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-22 01:28 am (UTC)(link)
@communityname

It's good enough for IRC....

Wait. Didn't someone say communities can't comment? Or, technically, post at all? So can the mod posting Id just be the community name? There's probably a good reason not to, I don't do communities much.
stormy: ❪ 𝐍𝐎𝐓𝐈𝐂𝐄 ❫ 𝑫𝑶 𝑵𝑶𝑻 𝑻𝑨𝑲𝑬 𝑴𝒀 𝑰𝑪𝑶𝑵𝑺 ⊘ (🇹 fuck google)

[personal profile] stormy 2010-10-22 01:33 am (UTC)(link)
I got confusing there, sorry. Communities can't comment, but I was vaguely referring to the mod hat feature.

If I was the moderator of a journal, but I wanted to show an anonymously moderated post or comment (a united front) - it would use the name of the journal I was a moderator of.

But those are like extensions of the same community set? The way those kind of communities are set up, there's one community for comment spam, one for out of character posts (introductions,etc), and one for logs of roleplay. Under a dubious shared normal username, the same person could moderate all three, but of course, they'd be visible.

It'd just be [personal profile] stormy posting in [profile] community.

Under the mod hat, anonymous, it feels like it would be confusing to have three different moderators for what is essentially a united game under three communities.

I hope that makes some sense?

@communityname

It's good enough for IRC....


And I'm not sure I got the reference? Could you explain further. I haven't been on IRC in years!




Additional thoughts: It seems like rather than adding _mod or _admin to the end of the anonymous mod hat, just treat it as an entity that can comment inside its own journal.

Instead of [personal profile] stormy with a mod hat, post [profile] community with a mod hat. There. Simple and anonymously united.

And sorry for the revision spam - I just noticed that is exactly what you said. /facepalm Commenting after work is never a good idea.
Edited (sorry for the spam!) 2010-10-22 01:40 (UTC)
musyc: Katherine Hepburn wearing a great big hat (B/W: Mod Hat)

[personal profile] musyc 2010-10-22 04:35 am (UTC)(link)
...

I love the very existence of this bug, regardless of whether it's being actively worked on or not. Love it like a loving thing. *puts on her bighugemodhat and swans about*
ephemera: celtic knotwork style sitting fox (Default)

[personal profile] ephemera 2010-10-21 10:27 am (UTC)(link)
while I sort of agree with you about the Boris usecase - sharing passwords for a journal makes me leery, and I've always used communities for that sort of thing - I have to say I do think it's important - almost necessary - to be able to look at all of the associated journals' reading pages merged into one

I am, basically, Annibel - I have a me-journal, a me-that-work-people-know-about journal, an original fic journal, and a fanfic journal. One of the major difficulties in interacting with the wider DW community with all four personas is *reading* as all four personas - they have a sort of ven diagram of reading / access circles, so reading my me-journal reading page, and then switching to reading my original fic journal reading page means picking through stuff I've already read to find the original-fic-reading-list specific reading material. Then switch to my work-me journal, and try and remember everything I've already read, where I read it, if I commented already or wanted to remember to comment under this ID. It's a pain, which means I mostly don't do it, which means I'm missing out on interacting with cool people, and occasionally giving offence. Having a combined reading page would, for me, be the second most awesome element of the whole plan, after being able to comment, with icons, as one of my other accounts!
ephemera: celtic knotwork style sitting fox (Default)

[personal profile] ephemera 2010-10-21 10:34 am (UTC)(link)
ps - the whole separation-and-plausible-deniability element of why I have multiple journals strongly argues against requiring the same email address be used for both/all accounts.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 10:59 am (UTC)(link)
Hey, there! :)

Do you use Firefox? There's a Greasemonkey extension that lets you collapse posts you've read before. It's the most wonderful thing, possibly ever. (Do you know about this already? If so, ignore. lol)

http://dw-nifty.dreamwidth.org/3415.html

I reread your comment a couple of times and I can easily imagine why entirely different people would be subscribed to your various journals (whether they know they're all yours or not), but I'm curious about why you (i.e., anyone, hypothetical or real) would subscribe to the same journal from more than one journal of your own. (I'm inferring that you do, because you said you have to wade through things you've already read.) I'm trying to put myself in your/Annibel's place and I'm having trouble coming up with an imaginary scenario for it... Probably simply because I don't do it now and we're all different! lol

The thing about remembering where you wanted to leave a comment was going to be solved by another feature, wasn't it? I forgot what they were calling it... It wasn't notes, because that was for making little notes by usernames that only you can see, but I seem to recall it's been brought up before elsewhere. I'll be so happy when/if we get that. There's so much more interesting stuff to read and respond to on here than I can keep up with in a timely fashion.

Anyway, I'm glad a lot of different user experiences are coming up here in the comments. It's kind of fascinating. :)
Edited (typo and i love the fact that we can fix them!) 2010-10-21 11:22 (UTC)
ephemera: celtic knotwork style sitting fox (Default)

[personal profile] ephemera 2010-10-21 11:58 am (UTC)(link)
I do use Firefox, but I've never really messed around with greasemonkey - I'll have to give that a try. Thank you.

Partly, I admit, the overlap on the reading circle is a hangover from LJ, where reading = granting access, but also because I want to interact with some of my core folks as more than one persona - as a concrete example, one of my best friends is also my orig fic beta reader - and I hers - and we co-mod a couple of fandom communities and channels, and - not everyone reading her posts knows that all the me's are me, so I want to comment on writing related posts in her journal as author-me, or fandom related posts as fandom-me, or in another friends case, on her professional posts with my work-me journal, and fandom posts with my fandom journal, and I want to be able to do that without having to log back in and out, and commenting as another journal a) involves remembering all my passwords and I'm miserable at that, and b) no icon control, and particularly in the fandom journal's part of the ven, icon choice generally plays a big part in the comment conversation.)

Also because experience has proved to me that I don't actually remember to log out, log back in, and read my reading page for all four journals on a regular basis, so if I often start off reading someone on author-me journal and then realise that I want to see their posts more regularly than the weekly or so I manage to have computer time at the computer with the four firefox profiles, so also add them to my primary journal's reading list ...

Also, thinking of someone who's following two of my journals without knowing they're related, because saying 'oh, by the way, I'm not following you back because I'm already reading you as this other account' is a very thorough way of outing myself as both parties, and while there's a social convention of following back people who follow you, which there is in a lot of circles, not joining in either looks like you're not really wanting to be part of the community.

(Most - but not all - of the people who subscribe to more than one of my journals know that they're all me - I'm fairly open in my locked primary journal about who the other me's are - on my public work-facing journal I don't ever mention that I have other journals though)

The convenience of having the system recognise that I'm *me* regardless of which journal I'm logged in, and giving me my consolidated reading page, and allowing me to fully interact moving more seamlessly between the journals, would make my life *so much easier*. I know most of the problems / situations have work arrounds, it just adds up to a ton of effort that makes things not-fun.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 12:21 pm (UTC)(link)
No problem! :) Thank you, yourself! You explained all of that so clearly. Got it now, why that would be much easier on you.

I was saying to someone else above, that the more journals you have, it seems like it would be worse to have everything on one page, not better. (Though that was in the context of having dozens of journals.) Do you think it's likely that you'd forget to change which username you're replying with if your different reading pages were all mixed in together?

Just curious. I'm terrible at remembering different passwords as well, but I also tend to get engrossed in what I'm reading. So, I'm imagining right now that if everything were on one page, and if I was following a lot of different people/communities on each journal, there'd be so many conversations going on that I might feel more rushed or pressured to respond to more things, sooner, and therefore I'd end up being less careful of who I was posting as. (Hopefully that makes sense. I'm tired and that seems like a very long sentence. lol)

Although, it just occurred to me that this might be the better situation in which to use those color codes. The colors that go around the border of other people's user icons, (What is that called? I don't actually use it.), to differentiate which journals' reading list the posts are from. Seems like they should be differentiated in some way... Or at least, it would be nice; maybe not 'should'.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 12:39 pm (UTC)(link)
*nod* The color thing is a good idea. Bear in mind, though, that you will always be able to read your journal reading lists separately. It's possible that for you, the only thing this project delivers is the ability to do that without having to log out and back in. Which is cool - it's all about flexibility and letting people use DW the way they want.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 12:47 pm (UTC)(link)
Thanks! Have you guys brainstormed yet about whether you want to mark posts from different reading lists in some way (and how) on the combined page - if there's a combined page?

Yes, that's very possible. Technically, I have more than one account, but I've only used one so far. lol Once this is implemented, I imagine I'll have more motivation. (Where the time and energy will come from though, remains a mystery. XD)

Thank you for working on this!
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 12:53 pm (UTC)(link)
We haven't really discussed it, but I certainly had some kind of marker in mind. It's probably easier to tag them with the name of the journal reading list it comes from, just because managing colors in one reading list is something I find hard enough. But I definitely foresee some kind of differentiation.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 01:03 pm (UTC)(link)
Ooh, yeah! Tagging!

As I was typing that bit about the colors, I thought: Oh, no, I've just suggested another huge load of work for someone. :/

I'm glad there are other possibilities. :)

opera_cat: (roses)

[personal profile] opera_cat 2010-10-21 02:13 pm (UTC)(link)
I love it so much that you guys keep this stuff in mind.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-22 08:01 pm (UTC)(link)
Anything like that would have to be both color flag and text flag, too, because color-only cues are inaccessible to the blind, low-vision users, and people who are colorblind!

Thanks for pointing this out, because it completely slipped my mind at the time.
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

[personal profile] azurelunatic 2010-10-22 12:28 am (UTC)(link)
Hmm. I was going to say "So wrap each entry in a style indicating which journal's reading list it's from, then, and let the individual styles/users sort out how exactly they want that displayed", but then I remembered that someone might be on the reading list of more than one journal. Woops.
pne: A picture of a plush toy, halfway between a duck and a platypus, with a green body and a yellow bill and feet. (Default)

[personal profile] pne 2010-10-22 04:07 am (UTC)(link)
Is that really a problem, though?

Then the entry would be marked with CSS classes "user-azurelunatic readby-dw-annabel readby-fic-annabel readby-work-annabel", and it's up to the user to do some creative CSS to prioritise such multi-readby people.
shadowspar: Pic of Kurama holding a rose (kurama - rose)

[personal profile] shadowspar 2010-10-21 10:45 am (UTC)(link)

To me - and I have a feeling this may turn out to be an unpopular opinion - it's not important or necessary at all to be able to look at all of the associated journals' reading pages merged into one. If it's easy enough to switch to 'working as' one of your other journals (i.e., you don't have to log out and log in again), then you can just switch to another and look at that journal's own reading page

Indeed, for my purposes a sort of "fast user switcher" would be perfectly adequate -- eg, a pulldown that lets you change which of your accounts you're logged into without having to reauthenticate. However, I've only two accounts on DW -- I'm more in favour of changes that make things easier for the folks who are managing dozens of them. =)

Edited 2010-10-21 10:45 (UTC)
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 11:19 am (UTC)(link)
Well, whatever's best for the most people, of course, but it's kind of hard to wrap my head around. I'd think the more journals you have, the worse it would be to have the reading lists all combined into one. Kind of... It seems similar to using reading list filters, to me. I get the impression most people do use them, (though I don't know it for a fact), to keep things organized and break the list into manageable pieces. Putting more and more reading lists in there seems a bit chaotic and likely to overload a person.

Clearly though, it's not going to seem like that to everyone. :)

(I'm easily overloaded, which is a personal issue. lol)
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Reading list: separate or smushed together? (And what about filters?)

[personal profile] helens78 2010-10-21 04:13 pm (UTC)(link)
To me - and I have a feeling this may turn out to be an unpopular opinion - it's not important or necessary at all to be able to look at all of the associated journals' reading pages merged into one. If it's easy enough to switch to 'working as' one of your other journals (i.e., you don't have to log out and log in again), then you can just switch to another and look at that journal's own reading page. It's not that big of a deal and will even save on confusion as to which account you're working as/with/through/whatever at the moment.

I'm actually with you here. I'm not the least bit interested in the ability to read all my reading lists on one page. (For one thing, it means I only get to look at one journal style, rather than the several I've painstakingly created. *g*)

I mean, if other people want it really really badly, I wouldn't say no to it, but I would definitely create filters that separate journal reading lists from each other, and it would be wonderful if DW would auto-create those for me, especially if they could be dynamically generated (if I add a journal as RL_helens, it's automatically added to the RL_helens filter).
tyggerjai: (Default)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] tyggerjai 2010-10-21 04:19 pm (UTC)(link)
It's absolutely essential to me that each journal still have it's own reading list that can be accessed via http://journal.dreamwidth.org/read, in that journal's style.

It's also important that the merged list have a simple control for "Actually, take these other journals off this list". And it's certainly by no means a given that the primary account reading list will default to a merged list - it may be that on the primary reading page we have another link to a reading page to view the merged list.
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] zvi 2010-10-21 04:52 pm (UTC)(link)
I like that solution, or having a canonical URL, like read/all, better than a default merged list.
tyggerjai: (Default)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] tyggerjai 2010-10-21 04:57 pm (UTC)(link)
Yeah. It's actually a totally orthogonal issue, but I'd really love to have http://tyggerjai.dw.org/read/custom, where I could add *other peoples* reading lists. Obviously I'd still only have my own access, but if I like someone elses reading list enough that I can't be bothered adding everyone on it to my own list by hand, why can't I just mush their list and my list together, regardless of who's journal the reading list "belongs" to? It's the next step in subscription models, I think :)
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] zvi 2010-10-21 05:38 pm (UTC)(link)
the problem that immediately comes to mind is that someone else's reading list means someone else deciding what to add and subtract. What do you do when that person you (made up vocabulary) re-followed drops all of the cooking/Japan/conservative people you were interested and instead follows model trains/France/communists.

Better to allow me to import a snapshot of what someone else was subscribed to when I got interested, probably using the OPML file

(In a less extreme version, when I first started using Pandora, I listened to Julie's Hip Hop station, which had a lot of east coast and old school and party rap, with a touch of R&B and little bit of concious rap. I stopped using Pandora at all for a while, but when I went back, Julie's Hip Hop station now had SO MUCH R&B and way too much electro/techno/dance music. I promptly built my own rap station, but I still haven't gotten the balance right ... too much gangsta rap.)
Edited (real life example) 2010-10-21 17:42 (UTC)
tyggerjai: (Default)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] tyggerjai 2010-10-21 05:44 pm (UTC)(link)
Yeah, but the unpredictability is half the fun. If there's something on there I really want to keep, I can add it myself.

But yeah, your way is a more broadly useful tool - "Build me a new reading list based on this one". Hmmm. Then you get a whole batch of management tools with that - X reading lists, cloned, implies a merge tool at the very least, a "move this journal from this list to another" tool .... Interesting.

How much of this sort of thing do we already do? Is there any support for custom reading lists? This to me seems like the obvious end purpose of splitting "friends" out into "WTF.". Apart from the fact that WTF sounds geekier.


tyggerjai: (Default)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] tyggerjai 2010-10-21 08:21 pm (UTC)(link)
Yeah. I think we're not even talking similarity algorithms, just bulk-cloning someone elses reading list, and making my own lists from those. Which is the joy of having separated "watch" from "Trust" - I can just go ahead and subscribe to everyone! So if I find someone new, and their reading list is full of neat stuff, rather than adding everyone on it by hand, I just say "Clone this for me", and it a) automatically subs me to everyone on the list, and b) creates a filter named something useful and intuitive. I mean I know I can just go to whoever.dw.org/read, but as zvi points out, that can change. And I want one /read/custom page where I can merge lists, read multiple lists, etc. Want want want!

sophie: A cartoon-like representation of a girl standing on a hill, with brown hair, blue eyes, a flowery top, and blue skirt. ☀ (Default)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] sophie 2010-10-22 01:26 am (UTC)(link)
I've built similarity algorithms for LJ, but I haven't put them on the Web at all because currently the way they're coded is... less than ideal, to put it diplomatically. I've been meaning to rewrite them for DW and put them online. :D
tyggerjai: (Default)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] tyggerjai 2010-10-21 05:48 pm (UTC)(link)
Yeah, you're totally right. If the goal is "I am interested in all of these things on a longterm basis", which is the normal case, then you want to snapshot it for yourself. The one I had in mind, though, was the jwz.livejournal.com/friends firehose, where I could really just go with the flow, and if he ditched it, it probably wasn't that interesting.
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] azurelunatic 2010-10-22 12:53 am (UTC)(link)
But the other side of the coin there is, if any of the individual bloggers on the reading list decide to switch from their investigation of Japanese alcohol to a heavy investment in French politics, the person managing the list may be way ahead of you and drop them, and find new and equally interesting people to replace them. I was surprised how many of my friends started using my bookmarking-these-fics-I-enjoyed habit as an actual recs list, and I visited my aunt's house to find that my cousin had a Pandora account too, and he had borrowed one of my stations. So if the tastes match well enough, and someone else is short on time/motivation...
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] zvi 2010-10-22 03:02 am (UTC)(link)
Well, yes, but you can always re-import that other person's subscription list. And, if you have imported their list instead of just reading over their shoulder, it's a lot easier for you to dump That One Journal About Teapots which you didn't care about anyway, and keep the rest of their interesting finds for yourself.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] lanterne_rouee 2010-10-22 06:44 pm (UTC)(link)
It's absolutely essential to me that each journal still have it's own reading list that can be accessed via http://journal.dreamwidth.org/read, in that journal's style.

It's also important that the merged list have a simple control for "Actually, take these other journals off this list". And it's certainly by no means a given that the primary account reading list will default to a merged list - it may be that on the primary reading page we have another link to a reading page to view the merged list.


That is great to know! :)
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

Re: Reading list: separate or smushed together? (And what about filters?)

[personal profile] lanterne_rouee 2010-10-22 08:04 pm (UTC)(link)
Thanks for this comment and all your other comments in the discussion here. It seems we've been thinking about all this quite similarly. :)

(Also, thank you for making that pumpkin dreamsheep icon. <3 I added it to my own stash a long time ago!)
vae: (books: imagination takes flight)

[personal profile] vae 2010-10-21 07:31 am (UTC)(link)
Replying to comments from email notifications - if Annabel is logged in as dw_annabel but has an email notification to fic_annabel and she replies to it, should it go through, or should she see the "cookie expired" message and need to log in as fic_annabel before the comment posts?

(I'll be honest, I'm firmly of the opinion of "the comment should post as fic_annabel while logged in as dw_annabel" - this is because I know a lot of people who will not use Dreamwidth for RP because they have multiple characters and want to be able to reply to comments from email notifications without having to switch logins. Being able to associate journals and let that authorise comments without switching their login would make DW a lot more RP-friendly.)
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 07:39 am (UTC)(link)
This! So much this!

I don't RP, but being able to know for sure which journal the comment is going to be from if I use the inbox reply form would be insanely awesome.

I'd imagine it would be difficult to implement though.
vae: (Default)

[personal profile] vae 2010-10-21 08:00 am (UTC)(link)
Oh, I'm not saying it's easy - the conditionals and filters on the code around security are not going to be fun, depending on how the journal association model is structured and how the security is passed from the email form to the DW databases - but a lot of that should be taken into consideration for simply being on the site and leaving a comment as an associated journal that you're not currently using as the primary login.

I hope.
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 08:07 am (UTC)(link)
But isn't some of that in place already? The login cookie expired page?

**knows nothing about code** Hardware and circuitry any day of the week, please and thank you.

Heck, I look at what I'm doing right now-- using my password to post this comment while logged into another journal and it seems to me that part of the architecture must already exist.
vae: (Default)

[personal profile] vae 2010-10-21 08:15 am (UTC)(link)
Dammit. I typed out a long comment about how this can happen and then swiped the wrong gesture on my track pad, gmail went back a page and I lost it.

More concisely - I'm a web developer by trade, hence the code references. I suspect that as long as you supply login details from some source, that's fine by DW - and if you use your logged in journal, then it comes from the cookie on your computer. If you use another, it comes from the information that you give the form on the page.
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 08:20 am (UTC)(link)
Hmm, that's not quite what I meant-- I was thinking about the part where it doesn't log me out when I do.

You would obviously know more about this than me. (which is totally cool, by the way.)

Don't mind me-- it's very early and I have yet to sleep.
vae: (Default)

[personal profile] vae 2010-10-21 08:22 am (UTC)(link)
*g* It doesn't log you out because you didn't tick the box to say "log in as this account" when you commented. So DW takes the login details for that comment from what you type in the form, but it leaves the cookie on your computer.

Next time you go to comment, it defaults to take login details from the stored cookie, unless you select "other DW account" when you're leaving the comment again and give it the details of theliterator.

And still, you have your cookie!

...I haven't had breakfast yet and must remind myself that login cookies are not edible.
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 08:31 am (UTC)(link)
Oh. Cookies.

I feel like I should have been able to guess this. **sigh**

(and even if you haven't worked on DW you know more than me.)

Login cookies, are, however, deletable. Thank goodness or alt+F4 wouldn't slow my brother down a bit.

I bring this up only because deletable is one letter away from delectable. **sage nod**
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 10:35 am (UTC)(link)
It's a fascinating discussion and I'll come back to it after coffee :) My initial thoughts are that if annabel is "logged in" as dw_annabel, she can still post as fic_annabel. So all we need to do is pass something from the email that says "post_as", that overrides the "logged_in_as", and we're done. Then we just need to check that the logged-in account can post as the post-as account.

But I hadn't thought about email notfications, so I'll have to think about it more.
vae: (books: imagination takes flight)

[personal profile] vae 2010-10-21 10:42 am (UTC)(link)
I'm giggling slightly here because you make it sound so simple (and really, I'm impressed by the code model that allows you to add that in such a clear and modular way) but I know damn well that the simplest sounding things can be the trickiest to code and test.

Email notifs and comments are kind of an add-on to the main product, I get that it's easy for them to slip through the net of consideration.

(Scope creep, welcome to project definition.)
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

[personal profile] azurelunatic 2010-10-21 06:55 pm (UTC)(link)
Put a drop-down in the email notification listing all the accounts that are currently associated. The default selection is the account for which the reply was sent; 2nd is the Main Account of the association (oo. and here's where shared things get into some fuckery. I think the answer to that is that there's a subscription for each account, not for the associated secondary user that All Share, so there's no question about who is getting the notif) and then the rest of the account's journals alphabetically.
vae: Brad Bell in black and white (glam: brad: watching you)

[personal profile] vae 2010-10-21 08:26 am (UTC)(link)
...disclaimer. I am not a DW developer. I am just a random web developer who has coded login systems for web sites. Anything I say about DW security may be ENTIRELY wrong.
lorax: Kings Jack & David (Kings - Jack & David "Kings")

[personal profile] lorax 2010-10-21 12:34 pm (UTC)(link)
This would make DW much more attractive to RPers if they had that functionality, since I RP over on IJ and you can just reply from email there, and it will post as whatever journal the reply came in to.

However, a HUGE bonus would be an ability to post from email or from one common "Main" account, but reply from a character journal, and still pick user icons for that character. I'm fairly sure that alone would tempt over a lot of RP comms.
sophie: A cartoon-like representation of a girl standing on a hill, with brown hair, blue eyes, a flowery top, and blue skirt. ☀ (Default)

[personal profile] sophie 2010-10-21 07:31 am (UTC)(link)
3)Similarly, when she's reading as dw_annabel, she would like to read any post that has given access to her work_annabel or fic_annabel journals.
I assume you ([personal profile] tyggerjai) mean that she'd be able to read journals on work_annabel's and fic_annabel's reading lists, including locked posts?

(Whether there should be the option to auto-read users who give you access is another discussion entirely, of course; I'm just commenting to make sure this means what I think it means.)
Edited (Oops, wrong tag.) 2010-10-21 07:32 (UTC)
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 10:07 am (UTC)(link)
This is a sub point to the combined reading list, yeah. The combined reading list (dw_, work_, and fic_ in one place) is much less useful if it doesn't have all the locked posts available.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 11:03 am (UTC)(link)
Now that I've had coffee ...

Yes, exactly, and I now see the ambiguity - it should read "she would like to _be able to_ read any post".

Being auto-subscribed to anyone who gives you access would be ... interesting, and I suspect undesirable for most people.
sophie: A cartoon-like representation of a girl standing on a hill, with brown hair, blue eyes, a flowery top, and blue skirt. ☀ (Default)

[personal profile] sophie 2010-10-22 01:30 am (UTC)(link)
Exactly, yes. :) Thanks for the replies!

[personal profile] puzzlement 2010-10-21 07:36 am (UTC)(link)
As far as sub-association goes, there's perhaps something going on here socially with regard to communities.

Generally speaking, users expect that a community has semi/occasionally-open membership. But since communities are currently the only official model for having a separate journal with the same login, the following happens:
1. some people make a community in order to have a de-facto second journal
2. some people make a community in order to have, essentially, a journal for postings by a small number of people (I do this with [community profile] incrementum, my parenting blog), but there's no way to distinguish this in the UX, so [community profile] incrementum for example shows up in interests pages with equal status to communities that people can actually join.

Model #2 is a separate problem, but perhaps Model #1 is overlapping this problem a fair bit. Will communities be able to be migrated to sub-accounts? Will all of the use cases of "I'm setting up a comm for my icons, I am the only poster" be catered for by subaccounts? Why/why not?

[personal profile] puzzlement 2010-10-21 07:38 am (UTC)(link)
And at the moment you can't grant communities access and so on. But shared sub-accounts would have this property, but otherwise look something like a community minus the bit where it points out which account is posting to the comm.

I'm just sort of picking up a compare/contrast here.

[personal profile] rho 2010-10-21 07:38 am (UTC)(link)
I like the paradigm of splitting accounts and journals better than I like the paradigm of primary and secondary accounts. I doubt it will make much difference in real terms, but I find it a much more intuitive and helpful way of looking at things.

One thing that I would like is the option of displaying the parent account on a journal. I know that a lot of people keep secondary accounts at the moment precisely because they're concerned about privacy and don't want people associating their accounts, but whenever I use multiple accounts, it's generally just because I want to keep content separate for organisational reasons, and I normally have a note along the lines of "my main journal is over at [personal profile] rho" in their profiles. While I wouldn't advocate having this be default behaviour, it would be useful to me if I could just tick a box and have it show up automatically.
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

[personal profile] azurelunatic 2010-10-21 06:57 pm (UTC)(link)
And it would lessen the temptation for an impostor to do this, if there's an Official Seal of Linkage of some sort.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 07:07 pm (UTC)(link)
I know there are plenty of sheep, but is there a DW seal icon?
sophie: A royal seal, of which in the centre is an overlaid image of a snow seal. (seal of approval)

[personal profile] sophie 2010-10-21 11:31 pm (UTC)(link)
This comment got me thinking what a DW Seal of Approval would look like.

See the icon for the result. :D (The seal was too cute to put a DW logo over it, though, so it's more my Seal of Approval than DW's, but.)
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

[personal profile] azurelunatic 2010-10-21 11:52 pm (UTC)(link)
Red wax seal with the embossed image of a seal, the same seal as on Sophie's icon except digitally altered to look embossed, in the center.
florahart: (writing)

[personal profile] florahart 2010-10-21 07:39 am (UTC)(link)
I don't have useful comments, but I do want to say that I appreciate how clear it is in this description that there is a baseline understanding about what it means to have multiple identities that may be shared or known to different people and that this is not a crime or a bad thing. That it's said repeatedly that where the user has not explicitly stated that she wants this connection to be apparent to other people, it's critical that the default be public. That it's understood that people compartmentalize in a hundred ways and that these compartments overlapping nondeliberately is a very bad thing. It's hardly news that you all are all over that, but I still appreciate it all over again any time I see it. Thanks.

Okay, wait, maybe I do have one useful comment; the circle management page is already unwieldy if one has very many people in any relationship (for me the crazymaker is all the imported openIDs to scroll through), and I think my brain just curled up in the corner sobbing at the notion of trying to cope with the potential for a whole other level of making it right for multiple journals on one account--which, it'd have to get worse, right? In order to account for allowing/subbing/unsubbing/whatever for just the primary or just a secondary? Uh, I think that page would need work, but I don't have any idea how to make it better.
ilyena_sylph: (Dreamwidth "d", rainbow-colored by Sophie) (Dreamwidth)

[personal profile] ilyena_sylph 2010-10-21 05:02 pm (UTC)(link)
+Infinity.

Seriously, +Infinity.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 05:14 pm (UTC)(link)
I don't think it has to change significantly.

The primary page would gain an extra step - either as a selector or as a second page - where once you've changed the relationahip, you can nominate to change it for all secondaries. That's about it.

Secondary accounts by definition can affect the primary circle, so if you just want to add someone to one secondary journal access list, you go to the circle management page, select "work as my_secondary", and it will just give you the page for that journal, as it has always been.

That's my hope, anyway :) I really like the idea of the secondary stuff staying exactly as it is, right now. The reading pages, the circle management, all that shouldn't change, because it should be as easy as possible to edit secondaries as standalone journals. The complexity is all in the primary, and hopefully it's as easy as adding "[]Primary only []Primary and all secondaries []Custom list of journals". Where only the custom list would then ask you to select the ones you want to affect.

Having said that, of course, It's Never That Easy. But our stated goal is to make admin easier. There's no point doing any of it if the interface changes make it harder than the current system :)
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 07:49 am (UTC)(link)
The thing the stuck out at me the most was the consideration about email addresses.

I use different emails for different identities-- it keeps the RL me that much further away from my online activity, which is very important to me.

So if this were implemented where I had to use the same email for both accounts, it would not work for me.

And the secondary consideration for me is then, of course, being able to select whether the associations for the accounts was public or private.

Also, the secondary writeup seemed to be more like my case, though it could just be from the details and the late hour.

lapillus: (curiosity by lapillus)

[personal profile] lapillus 2010-10-21 02:46 pm (UTC)(link)
As long as it were possible to still have multiple, unrelated journals would you have a problem or would it just be a feature that doesn't interest you?
theliterator: d20 (Default)

[personal profile] theliterator 2010-10-21 10:49 pm (UTC)(link)
Well, I'll always have bunches of unrelated email addresses, so it should always be possible to have unrelated journals.

I'd LOVE to have this option to make my two logins easier to manage, but since I do only have the two logins, I'm not going to raegquit if you make it so the link has to be public or so I have to have the same email address for both of them; I just won't link them. Which of course makes me less likely to pay for the service even if I ever do become gainfully employed and so on, but that's probably just pennies to everyone anyway.

I'm sure there are concerns about trolling or socks, so I'm not going to be pissy about any restrictions you put on this, I just won't use it if it doesn't work for me.
pne: A picture of a plush toy, halfway between a duck and a platypus, with a green body and a yellow bill and feet. (Default)

[personal profile] pne 2010-10-21 07:54 am (UTC)(link)
what's our current procedure for people sharing passwords

I thought that was forbidden?

[personal profile] ex_fathomless325 2010-10-21 08:06 am (UTC)(link)
This fantastic not just for RP but the small but growing population of multiples here as well. We have one main journal, this one, but each of us have separate journals as well. We don't use those as often because the log in/out process is a hassle. This would remove that boundary and allow more autonomy for individuals within our system. We're all for this!
raelynne: (Coffee Now!)

[personal profile] raelynne 2010-10-21 08:41 am (UTC)(link)
I love all the thought that's gone into this so far and I'm very excited about seeing this actually happen :D That said, I do have something to add:

For background, I have a fic journal that I consider my primary. I also have this journal that I can safely log into at work, that I would also like to use as the journal that my parents can read.

Something that's not mentioned above that would be a huge, huge deal for me, would be the ability to post to two of my linked accounts at the same time, and to be able to do this from either primary or secondary account.

Some of the RL posts I would make to this journal, I would also like to have in my fic journal, without having to go through any extra steps. I would also like the crossposting settings of my fic journal to be respected, even when I post from this journal.

I would never, ever want to see the Reading List from my fic journal while I'm logged in on my work account. That would be very bad indeed!

I know there have been discussions around crossposting and spam before, but I think that allowing crossposting between linked accounts is not at all the same as spamming multiple comms.
noxie: friendly girl smiling (Default)

[personal profile] noxie 2010-10-21 09:03 am (UTC)(link)
I love the idea of being able to crosspost to multiple journals!
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 10:43 am (UTC)(link)
Personally, I think crossposting to your own personal accounts is a fine idea, and a world away from spamming comms.
charamei: XKCD's map of online comunities - Dreamwidth Island (Dreamwidth Island!)

[personal profile] charamei 2010-10-21 08:49 am (UTC)(link)
Can secondary accounts have different email addresses?

Yes, please, if at all possible.

If Person A has a secondary professional account, for example, they should have the option to display a different email for the professional one.

My other question was about selecting icons when posting as a secondary account, but I see [staff profile] denise has already answered that :)
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 10:44 am (UTC)(link)
*nod* My own journals have separate email addresses, so you can be assured it's a model we'll respect :)
noxie: friendly girl smiling (Default)

[personal profile] noxie 2010-10-21 09:02 am (UTC)(link)
First off, I LOVE the idea of having an account with multiple associated journals. I'm currently using one-person communities because I can never be bothered to log in under a different user name. These communities are used solely for posting fan fic and fanart, while my primary journal is for everything else.

Now, if these weren't comms but associated journals, I

a) wouldn't want all subscriptions of all my journals to show up on my primary reading page by default. Perhaps this could be handled like reading filters work right now, via the drop-down box on the navigation bar? Then you could choose which journal's subscriptions you'd like to read.

b) wouldn't need the option to share a journal with someone else. That's what comms are for, in my opinion. I think this whole thing is a can of worms with a HUGE potential for drama and wank. If this were implemented, I'd always have to ask myself: Do I really want to give this journal access? What if it's handed over to someone else? I think giving a journal to someone else shouldn't be encouraged (or even allowed because of privacy issues).
I read above that people who RP seem to rely on being able to "share" a journal, though. Maybe there could be a third option for specifically creating a "shared" journal that shows which users control this journal on the profile? So that it's always perfectly clear to anyone subscribing to this journal. Does that make sense? *scratches head*

c) would LOVE the option to be able to decide whether my associated journals are displayed on the profile or not.

As for cesy's questions:

"If someone has given access to any one of your accounts, and you go to their journal, you see the locked entries."

Hm. I'm not sure why this kind of bothers me. Wouldn't it be better if you could only see these locked entries if you were using the journal they've given access to? I'm not sure I'm making sense here. But I think when looking at someone's locked entries, you should only be given the option to comment with the journal that has access.

"If someone has given access to only one of your accounts, and you subscribe to them from another account, what happens when you look at the reading page of that account? Do you see the locked entries or not?"

I would hope that you don't see the locked entries in that case. I can see why this would be useful for someone wanting to read everyone's entries from all their journals on one page, but wouldn't this cause so much confusion? You may not have access with the journal you're reading them from, but you can still read their entries and comment on them? Food for thought.

"If you click to subscribe, unsubscribe, grant or remove access or join or leave a community and you get the usual confirmation page, that should include a "Do this as which account?" thing."

Yes, that would be pretty awesome.

"Can secondary accounts have different email addresses?"

Good question. I think this might be useful for some people, but how would you make sure it's really the same person? A password can be stolen / hacked. This makes me a little uneasy, to be honest.

"Creating a secondary account should require an invite code?"

It would be more than awesome if it didn't require an invite code, but I can understand if you were opposed to this. Maybe this could be made a paid feature? So only those who have a paid account don't require invites for creating an associated journal?

"Have a careful think about transferring a secondary account from one primary account to another."

That sounds so complicated. I'm not sure I can even get my head around this. How would anyone giving this person access even handle that? Would they be notified that the journal they're given access/ have subscribed to is now controlled by a different account?
Should you be allowed to transfer journals from one account to another, or shouldn't you? My initial feeling is that this shouldn't be allowed, but I might have to think about it some more. I can see that this might become necessary.

Another thing I just thought of - should journals controlled by one account have a different icon, so that you can see at one glance that this is an associated journal, and not a "normal" one? This should only be the case if the person controlling these journals has decided to show this on their profile, though.

Those are my two cents for the moment. I'm sure there's lots more I could add, but I can't think of anything right now. :)

Anyway, I'm looking forward to this feature arriving! It's awesome that you're working on it. :D
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 11:22 am (UTC)(link)
"If someone has given access to any one of your accounts, and you go to their journal, you see the locked entries."

Hm. I'm not sure why this kind of bothers me. Wouldn't it be better if you could only see these locked entries if you were using the journal they've given access to? I'm not sure I'm making sense here. But I think when looking at someone's locked entries, you should only be given the option to comment with the journal that has access.


I'm writing a longer central response to this, because there have been a couple of comments about it. But the quick answer is that commenting should, absolutely, be limited to journals with access. It's the reading access that could be more general, I think.
noxie: friendly girl smiling (Default)

[personal profile] noxie 2010-10-21 01:18 pm (UTC)(link)
I guess you're right. It still feels a bit strange to me that I should be able to view entries via a journal that doesn't have access. Something about it just feels *wrong* to me. But I know in the end, since it'll always be me reading the locked entry, regardless if the other person knows I'm reading them via a journal they haven't granted access, doesn't really make a difference. It just makes me feel uneasy somehow. I can't quite put my finger on it, it just gives me a stalkery vibe.
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Shared access = massive security hole

[personal profile] helens78 2010-10-21 03:21 pm (UTC)(link)
Actually, this makes me uneasy, too, and I can tell you exactly why: because of the shared-journal possibility.

mybestfriend has access to every filter I use. She co-mods notmyfandom_kinkmeme with somebodyIdon'tknow, somebodyelse, somethirdperson, and myworstenemy, using notmyfandom_kinkmeme_mod.

For administrative reasons, notmyfandom_kinkmeme_mod is associated as a secondary journal with mybestfriend as the primary journal, and because it's important for that mod journal to be anonymous, it does not show which journal is its primary journal on the userinfo page, nor does mybestfriend list it on her userinfo page. And because it's not my fandom, or because she is the kind of mod who really doesn't talk about the fact that she co-mods the comm, or because she doesn't want to start drama by explaining that she co-mods a comm with myworstenemy, I do not know who the rest of the mods that can log in as that account are. And I certainly don't know that myworstenemy can log in as that account.

But if all accounts listed as secondary to a primary account have all the same reading access permissions that the primary account does, notmyfandom_kinkmeme_mod now has access to everything I have ever written, and there's no way for me to know that notmyfandom_kinkmeme_mod even has access to my journal. And because notmyfandom_kinkmeme_mod now has access to everything I have ever written, myworstenemy has access to everything I have ever written.

So do somebodyIdon'tknow, somebodyelse, and somethirdperson, for that matter. In short, a number of people I have not explicitly granted access to can now access my journal anyway, and most importantly, I have no way of finding out who they are or how many of them they are.

This is absolutely huge, and would pretty much make me dump almost everyone I currently have on my access lists right off my access lists, and I'd probably end up going back to InsaneJournal to post sensitive stuff, because honestly, some of my best friends do share mod journals with people I don't know (I mean, not actually myworstenemy, but I would just as soon not talk about $super_private_thing with someoneIdon'tknow, you know?). And this is not the end result I think Dreamwidth is looking for.
tyggerjai: (Default)

Re: Shared access = massive security hole

[personal profile] tyggerjai 2010-10-21 03:45 pm (UTC)(link)
Ah! You would be absolutely right, but I think I've been unclear :)

Access inherits the other way. If you grant access to notmyfandom_kinkmeme_mod, then anyone who is a primary of notmyfandom_kinkmeme_mod would be able to see those posts. Because they could just log in as notmyfandom_kinkmeme_mod anyway.

But if you grant access specifically to mybestfriend, then notmyfandom_kinkmeme_mod has *no* idea about that.

Secondary journals do not inherit the access privileges of other secondary journals or their primary. The primary journal reading list, if aggregated, shows all posts to which secondary accounts have access, because "you" have access to them anyway, just by logging out and in again.

Anyone with "privileges" on notmykink_meme_mod can see posts to which notmykink_meme_mod has specifically been given access, plus whatever access their own accounts have. Or at least that's how I envisage it :)

It's why the "shared journal" thing is a big can can of worms, though. I might draw up a chart of the inheritances as I see them, because certainly the scenario as you describe it would be horrible.
tyggerjai: (Default)

Re: Shared access = massive security hole

[personal profile] tyggerjai 2010-10-21 03:52 pm (UTC)(link)
The real problem, I agree, is that if you are unaware that it's a shared account, you might give access to notmyfandom_kinkmeme_mod, thinking it's your friend. That's a problem anyway with the shared password model, but I absolutely agree, there's a risk of people thinking a shared journal belongs solely to their friend, when in fact it has several primaries.

To be honest, shared journals are probably not going to make the cut for version 1, for this and other reasons.
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Re: Shared access = massive security hole

[personal profile] helens78 2010-10-21 03:57 pm (UTC)(link)
Hee, yes, that's exactly what I was going to bring up -- even with the access flow going the other way, shared journals still have lots of associated dangers. For instance, you might know that I have access to some_journal, but do you know that my husband also has access to some_journalstop people from sharing journals, and can never really know if it's happening) but explicitly granted access to multiple people (so far as DW is concerned, because DW knows how many accounts have access to that secondary journal).
tyggerjai: (Default)

Re: Shared access = massive security hole

[personal profile] tyggerjai 2010-10-21 04:10 pm (UTC)(link)
*nod* My thinking is that any model we move to is conceptually better than the current model - again, you may know that tyggerdev "is" really tyggerjai, but you don't know I've given the password to 3 other people. But the devil is in the details, for sure, and as the spec points out, we do run the risk of seeming to have closed a hole when we haven't - if we have associated journals - and not even shared - then people are going to think "Oh, tyggerdev is associated with tyggerjai, so only he has access, so it's *basically* the same as giving tyggerjai access", and not even think about the password sharing problem. But there's really no good answer to that if we still want to keep "logins" for associated journals. Which we do. So assuming we keep passwords for every journal, associated or not, and assuming people keep sharing journals by sharing passwords, the hole is still there. Because it's there now :)

I'm way open to ideas. What I'm trying to avoid here is making a user jump through hoops to get at data they have already "authenticated" for. If you're logged in as dw_annabel, and fic_annabel is associated with that, then by definition you can read posts to which fic_annabel has access. Because by definition you had to have full privileges on fic_annabel to associate them. So why does the system make you log out and in, or even switch identities, when it knows "you" have access rights?
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Re: Shared access = massive security hole

[personal profile] helens78 2010-10-21 04:33 pm (UTC)(link)
What I'm trying to avoid here is making a user jump through hoops to get at data they have already "authenticated" for. If you're logged in as dw_annabel, and fic_annabel is associated with that, then by definition you can read posts to which fic_annabel has access.

It makes sense from that end! And with a bunch of people granting access to a journal which I state in my userinfo I don't read from, and don't subscribe to anyone, I know a lot of people grant access to obviously not-being-used-as-a-personal-journal journals, and there's nothing to be done about that (in other words, someone who grants access to $really_personal_filter to some_mod_journal should be rethinking their access policy, not the policy of who can read what where).

On the other hand, I do wonder a bit about the promotion of and passing around of secondary accounts. Thinking about it some...

I start off with MY_JOURNAL, to which I post fiction, code, meta, personal stuff, and other things. But I decide I'm just going to use MY_JOURNAL for fiction, and I start MY_PERSONAL for personal stuff, and I make MY_PERSONAL my primary with MY_JOURNAL as my secondary. People may or may not revoke access on MY_JOURNAL (they should! but they probably don't!). Now MY_PERSONAL has access to anything that MY_JOURNAL still has access to.

A while later, I begin a cowriting relationship with someone who wishes to remain anonymous, and I end up sharing access to MY_JOURNAL with ANON_USER. Because he wishes to remain anonymous, I don't list it on the profile. If I'm a nice person, I might say "heads up -- I'm now going to share this journal with someone else, but I can't tell you who, because he wishes to remain anonymous." Hopefully everyone revokes access to that journal at that point! Hopefully! But probably not. And I might just not say anything at all (okay, I would say something, but many people wouldn't think it was necessary). Either way, now all those legacy people who granted access to MY_JOURNAL have also managed to grant access to ANON_USER, without knowing who he is or that he has access to those posts of theirs.

On one hand, I kind of feel like this is the sort of thing that people should be looking after themselves -- if you grant someone access, you should probably keep an eye on them to make sure they haven't changed the purpose of their journal, that they didn't make it a secondary journal, and so on. On the other hand, there's no reason in the world that people would ever know that the circumstances under which they granted access are now different (I assume that if a journal becomes a secondary, it doesn't send a message to all the accounts that grant it access that it is now a secondary, and if it becomes shared, it probably doesn't send a message to all the accounts that grant it access that it is now shared -- I mean, thank God my accounts don't tell everyone to whom I've granted access when I change my email address, because I would've spammed 70-odd people four times in one week at one point *g*), and that just plain still seems risky to me.

I'm not sure it's a risk DW needs to help mediate (unlike the leak where if PRIMARY1 has access to USER, then SECONDARY1 has access to USER, and if SECONDARY1 is shared with PRIMARY2, then PRIMARY2 has access to USER, which was a terrifying thought and one I'm glad isn't in the works!), but it's definitely a concern for me.

Ultimately, I think it is a good idea to make people explicitly change identities in order to access things that only one identity has access to, really, because it prevents DW from being in the very unfortunate position of automatically transferring access between accounts without alerting the access-granter that the transfer is occurring. DW may know that "you" are "you", but I'm just terribly uneasy with the notion that DW would be, behind the scenes, transferring a grant of access to journals that were not themselves explicitly granted access. (Yes, you'd be able to get them anyway -- and the hoop of an extra click to switch accounts is not a very big one -- but I really, really like the idea of a distinction between DW allowing you to change identies and DW transferring access around.)

But we'll see how this shakes down! I may be fixating on this because I have a security-oriented brain. ;)
tyggerjai: (Default)

Re: Shared access = massive security hole

[personal profile] tyggerjai 2010-10-21 04:50 pm (UTC)(link)
I think I actually address this in the spec. It's a huge wall of text at the moment, and I don't expect anyone to have read it all, but here:

"None of this is worse than our existing paradigm with passwords – in fact, it's a lot better, because if we do need to, we can suspend fic_annabel's access to everything, send emails out to people who have given fic_annabel access saying “This journal is changing owner! If you know the new owner and you're cool with it, click here to retain their access rights. If you don't know the new owner, click here to send an email to the old owner, so they can get in touch with you to arrange new access. Or, if this is freaking you out, click here to revoke the journal's access to your journal for good.”. But this is exactly the kind of thing that makes users nervous, and that we have to have a plan for. So at the moment, it's an itty bitty “may”, and if users want to hand a journal over to someone else, they can disassociate, give the new owner the email, and move on from there. But I think we may still need to handle the access notification in that case, simply because by implementing association, we give the impression that we're moving from “Anyone could have the password to this journal so be careful” to “No, your friend owns this journal, it's fine! “"

So with your example, we could totally temporarily suspend MY_JOURNAL's access to everything - we'd let you know about it before you share the journal, have a workflow that gives you a big popup saying "Once you do this, you will still be able to post to this journal, and read the journal reading list, but locked posts to which this journal used to have access will no longer be displayed. Are you ok with that!?". And then we could send out emails to people who've given it access, and work it out from there, preserving as much anonymity as people want. So that's actually a benefit from the new system that we just don't have at the moment.
tyggerjai: (Default)

Re: Shared access = massive security hole

[personal profile] tyggerjai 2010-10-21 04:11 pm (UTC)(link)
(btw, I think your html is broken in this post. But I think you make your point anyway)
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Re: Shared access = massive security hole

[personal profile] helens78 2010-10-21 04:16 pm (UTC)(link)
(Drat, yes, borked my HTML. *g* But yeah, I was just saying that there's a difference between having DW implictly allowing you to grant access to multiple people, some of whom you might not know about, and explicitly allowing you to grant access to multiple people, some of whom you almost certainly don't know about -- not that I expect DW to protect its users from this, but it seems like a dangerous road to be on!)
noxie: friendly girl smiling (Default)

Re: Shared access = massive security hole

[personal profile] noxie 2010-10-21 04:22 pm (UTC)(link)
Oh wow. Yeah. That is *scary*. Which is why I think shared journals absolutely must show on the profile that they're shared.

Maybe it shouldn't be an option to hide on your profile which associated journals you have then? And the people you have access to should also know that your associated journals have access to them.
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Re: Shared access = massive security hole

[personal profile] helens78 2010-10-21 04:46 pm (UTC)(link)
It is scary, but do read downthread -- the way I outlined it isn't what's in the works, and [personal profile] tyggerjai goes into some detail and clarifies a lot of stuff, which was very helpful!

Which is why I think shared journals absolutely must show on the profile that they're shared.

Unfortunately, I can't see any possible way this could be implemented. If multiple people have the password, multiple people can log in. There's just no way of stopping it. (If I leave myself logged in, my husband can always sit down at my computer! There's just no way to guard against all the possibilities here, nor would most people really like the results we'd get if we asked for more draconian security measures. :) )

Maybe it shouldn't be an option to hide on your profile which associated journals you have then? And the people you have access to should also know that your associated journals have access to them.

Well, I wouldn't go that far, because that would remove a whole awful lot of the utility of this service. Also, fixing borked privacy by borking more privacy just doesn't seem like the right response. *g* The right response, IMO, is to ensure that DW does not transfer granted access from one account to another, regardless of whether the owners of those accounts are the same person. In other words, if you are logged in as MY_JOURNAL, you will only see posts to which MY_JOURNAL has been granted access.

If you are viewing posts as MY_SECONDARY, you should only see posts to which MY_SECONDARY has been granted access, and not ones that MY_JOURNAL was granted access to.

If you are viewing posts as MY_SHARED, you should only see posts to which MY_SHARED has been granted access, and not ones that MY_JOURNAL or MY_SECONDARY or SECOND_JOURNAL or SECOND_SECONDARY or THIRD_JOURNAL (where SECOND and THIRD are separate users with SECOND_SECONDARY as a secondary for SECOND_JOURNAL) has access to.

The tricky part is for people who want to be able to read all posts that MY_JOURNAL and MY_SECONDARY and MY_SHARED all have access to at the same time, even though there may be totally different permissions for all three of those journals. That seems needlessly complicated to me and I would never ever use it, personally, but apparently there is some call for it.

But what bothers me isn't the fact that a person could log out as MY_JOURNAL and log in as MY_SECONDARY, and then have access to all of MY_SECONDARY's stuff, or even that a person could log out as MY_JOURNAL and log in as MY_SHARED, and then have access to all of MY_SHARED's stuff -- my concern is that, what this amounts to, behind the scenes, is DW transferring access between accounts, without alerting the access-granter. I'm much more okay with a system that has a dropdown menu that says "View as: [MY_JOURNAL] [MY_SECONDARY] [MY_SHARED]", because then the user is saying "I want to view this account of mine," and DW is pretty much functioning as normal.

We'll see how it shakes out! Sharing journals is a really complicated use-case, but I'm super-glad they brought it up in the first place, because guarding against stuff by saying "well, people shouldn't do that" just plain doesn't work in any situation. :)
noxie: friendly girl smiling (Default)

Re: Shared access = massive security hole

[personal profile] noxie 2010-10-21 04:54 pm (UTC)(link)
I'm all for the version that doesn't allow you to read all your circles combined on one page. I know some people want it, but I'd probably never use it either, and the privacy concerns are just too big this way.
intermezzo: (stock:pencils)

[personal profile] intermezzo 2010-10-21 04:09 pm (UTC)(link)
But the quick answer is that commenting should, absolutely, be limited to journals with access.

Oh thank God. I'm scatter-brained and it'd be oh so easy to comment on a post using the wrong journal.
lanterne_rouee: i believe in dreamwidth plus a typewriter (dw believe typewriter)

[personal profile] lanterne_rouee 2010-10-21 11:43 am (UTC)(link)
I read above that people who RP seem to rely on being able to "share" a journal, though. Maybe there could be a third option for specifically creating a "shared" journal that shows which users control this journal on the profile? So that it's always perfectly clear to anyone subscribing to this journal. Does that make sense? *scratches head*

I think that's a really good idea. After reading the responses to my comment above, I can see why individual mods wouldn't want to post, and that even creating usernames like modA, modB, modC wouldn't be ideal. Showing that it's a different type of account and listing the usernames that share it on the profile seems like a good idea though.

Either that or figuring out a way to let the 'community' post comments by allowing maintainers/admins/mods post under the community username when they feel it's appropriate.
Edited (fix tags; i am the typo queen today) 2010-10-21 12:35 (UTC)
farasha: ([Firefly] Inara: Totally Fell)

[personal profile] farasha 2010-10-21 12:50 pm (UTC)(link)
I read above that people who RP seem to rely on being able to "share" a journal, though. Maybe there could be a third option for specifically creating a "shared" journal that shows which users control this journal on the profile? So that it's always perfectly clear to anyone subscribing to this journal. Does that make sense? *scratches head*

That's a brilliant idea!

To give you a better idea of why us RPers need to share journals, I'll use an actual example: I run a game called Pokemon Bohren. This game uses three communities, [community profile] bohren_rpg for prose character interaction, [community profile] bohren_trainers as a sort of in-character posting forum and [community profile] bohren_ooc to talk to each other out of character. There is one mod journal, [personal profile] pokemonleague, for all these communities. Myself and the other mod share this journal, as well as the [personal profile] teamrocket journal and the [personal profile] npcmadeofnpc journal.

Sometimes we need to post an official plot announcement or something about the game mechanics changing, and we need it to look official, so one of us will post with [personal profile] pokemonleague. We also store all our rules, organizational lists and location information in the [personal profile] pokemonleague journal so it's easily accessible and easy to find. Naturally, we need to both be able to access these posts to edit them, and even as a maintainer, you can't edit other people's posts in a community.

I hope that helped you understand why sharing is a needed mechanic for us!
noxie: friendly girl smiling (Default)

[personal profile] noxie 2010-10-21 01:13 pm (UTC)(link)
Ah, that makes sense! I hope the aforementioned third option of a shared journal is doable, then.
ilyena_sylph: megatron from AHM, close up (Transformers: Megatron)

[personal profile] ilyena_sylph 2010-10-21 07:14 pm (UTC)(link)
This was a brilliant writeup, and I'm so glad I found this comment again!

This is exactly my situation in the RP comm I'm most often in and that my girls and I mod.

I would really love a 'shared journal' sub-section, it would be fabulous to be able to have [personal profile] primus be a different kind of journal than [personal profile] ilyena_sylph.

And yes, sharing is totally a needed mechanic, I hear you so hard.
sharpest_asp: Nate Ford sitting on a bench, Sophie Devereaux resting against his lap (Default)

[personal profile] sharpest_asp 2010-10-21 07:22 pm (UTC)(link)
It's easier in a situation where the sharers know each other and have a high trust built, but I agree that it would be very nice to have a shared account level for modding where two near-strangers-except-for-online choose to start a comm together.
fleurione: (Default)

[personal profile] fleurione 2010-10-23 02:26 pm (UTC)(link)
I read above that people who RP seem to rely on being able to "share" a journal, though. Maybe there could be a third option for specifically creating a "shared" journal that shows which users control this journal on the profile? So that it's always perfectly clear to anyone subscribing to this journal.
I like this idea a lot.
existence: metanoia (it's not an addiction. perse.)

[personal profile] existence 2010-10-21 09:14 am (UTC)(link)
The first level of thoughts that spring to mind are:

- Tagging off the secondary email adresses thing and the combined reading circles bit: I assume that what is said above about the one central page might also apply to the one centralized PM inbox? And still have filtering for subject matter (circle updates etc) on both? Because in that situation, that is a thing I would use.
- What if Annabelle uploads her icons to the wrong account? Does she have to delete and switch and reupload? In the same vein, can she tag as if she was the owner of said accounts at all times, even if the account is set to allowing owner-only tagging?
- I'm, wondering, on how people will and will not sign themselves, like if it's a shared secondary journal, are we going to see whose primary posted? Is this going to turn on and off? Be an option?
- Would there be maximums set on (primary and or secondary) journal links?
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 10:52 am (UTC)(link)
I assume that what is said above about the one central page might also apply to the one centralized PM inbox?

Ooh. Good question. Hadn't thought about it, will do so.

What if Annabelle uploads her icons to the wrong account?
Icon management is something we're still talking about. The joy of the central model is that it actually allows for a step further than that - if your *Account* has X icons, why would we care which *journal* uses them? So they could be available centrally to all your journals. But that's a way down the track, if we go that way at all. In the short term, she may have to delete and re-upload, but I would consider tagging as like any other admin function - the "primary" can tag any secondary icons.

[I]f it's a shared secondary journal, are we going to see whose primary posted?
Man, that shared journal thing does get complex, doesn't it? In theory, the model allows for exactly that kind of tracking in a way that the shared-password model doesn't. In practice, that certainly wouldn't be publicly visible info unless the journal admins made it so.

Would there be maximums set on (primary and or secondary) journal links?
At the moment, the obvious limit is that they all need invite codes. Beyond that, not something I'd thought about.

alixtii: (weather)

[personal profile] alixtii 2010-10-21 01:00 pm (UTC)(link)
The joy of the central model is that it actually allows for a step further than that - if your *Account* has X icons, why would we care which *journal* uses them?

Option 1. Everytime you associate an unpaid journal to a primary paid journal, you get 15 extra icons -- effectively giving everyone unlimited icons. Obviously, that's not tenable.

Option 2. If I have 75 (or 250) fannish icons for use at my primary journal, and I want fifteen icons which have pictures of me in them for use at my legal persona's journal, I have to delete 15 of my fannish icons, so that my primary journal only has 60 effective icon slots. I don't like that either.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 01:10 pm (UTC)(link)
Option 1 intrigues me. It hadn't occurred to me that people might create an unpaid journal just for the icon slots. It's "unlimited" only as far as your ability to create unpaid journals is unlimited - it still requires invite codes. But yes, that's a possible avenue of abuse. On the other hand, it reduces resource usage for people who are currently sharing icons by actually copying them between journals.

Option 2 is more clearly untenable to me, yes. If the paid account icon allowance is 75 and the unpaid is 15, then someone with one of each type should have 90 icon slots, however we handle it.
alixtii: Player from <i>Where on Earth Is Carmen Sandiego?</i> playing the game. (Default)

[personal profile] alixtii 2010-10-21 01:35 pm (UTC)(link)
It hadn't occurred to me that people might create an unpaid journal just for the icon slots.

Hee. I don't know what it says about me that it occurred to me so immediately--but I figured if it occurred to me it would occur to others, so it'd be best to have it come up before implementation. . . .
poulpette: (Dr Who -  odd Ood)

Possible solution against this?

[personal profile] poulpette 2010-10-21 11:09 pm (UTC)(link)
One solution could be that the 'account' centralize the icons which actually doesn't change the amount of total icons available to that account, and that use of one particular icon may be shared between multiple accounts but be counted against each journal's icon limit.
To give an example:

I have a seed journal, me_private, as my primary, and two other free journals, me_fic and me_public. Which brings me to a total of 280 icons possible at the max. If icons are shared between multiple journals, this numbers drop accordingly.

I love my starcat icon, and want to share it between me_private and me_fic:
I upload one icon, and can use the same icon in two of my journals but not in me_private.

Some time later, I have 42 icons in my account, 15 of which are used in me_public: 4 are shared with me_private and 2 across all my accounts. me_private and me_public share 3 other icons. me_fic has an aditional 5 icons and the remainder belong to me_private.

So, at the account level we have:
(2+2+2) icons used across all journals (6 slots, 2 icons)
+ (4+4) + (3+3) icons shared across two journals (14 slots, 7 icons)
+ (9) + (5) + (19) icons used in only one journal (33 slots, 33 icons)

= 53 slots used, 42 icons uploaded => max uploadable icons: 227 icons;

On the journal level:
me_public: 15 icons, maxed out
me_fic: 7 icons, can have more icons.
me_private: 25 icons, can have more icons.


I think this model effectively blocks people from cheating the system?
cesy: "Cesy" - An old-fashioned quill and ink (Default)

Re: Possible solution against this?

[personal profile] cesy 2010-10-22 07:19 am (UTC)(link)
No, it doesn't block cheating, because you can still add on a couple of unused blank secondaries in order to get more icons on your primary journal. It means an invite code is effectively a free extra 15 icons for life on your primary journal, and invite codes are freely available.
poulpette: cropped picture of an illustrated octopus (Misc - Starcat)

Re: Possible solution against this?

[personal profile] poulpette 2010-10-22 12:57 pm (UTC)(link)
I see I forgot one sentence, sorry, that's so embarrassing. I can see where it does work in that case.
What I meant is each icon use counts against the journal's in which it is in use. if you max the account limit you cannot add more icon for that icon.

If you share 15 icons between your primary and a free secondary, the 15 icons count for both limits. Effectively if both accounts are free accounts, you have 15 icons, not 30 (you still could have 30 if the icons were restricted to one journal, but that's already the case).

If the primary is paid, and you share all icons between primary and secondaries you wont be able to share the 6th journal icon slots unless you free them, just as we do now when we max out our limit.
alixtii: Ult!Kitty looks away sulkily as Ult!Spidey pays attention to Ult!MJ. From a cover of Ultimate Spiderman. (X-Men)

[personal profile] alixtii 2010-10-22 12:23 pm (UTC)(link)
Here's a workable solution, I think: make migratable icons a paid feature. That is to say, icons uploaded to a paid account would be accessible by all journals associated with that account, but icons uploaded to a free journal would be accessible by that journal only. So if I have two paid journals and three free journals, the two paid journal would each have 150 icons available (its own 75 plus another 75 from the other paid) while each of the free journals would have 165 available (the 150 from the two paid journals, plus its own 15). That way, the icon benefits from a free journal won't expand beyond itself.

It'd effectively be a la carte userpics, but since you'd have to pay for all the other paid features as well to get the icons hopefully that would be enough to support the site.

I can still imagine avenues of abuse, though; different users might be tempted to associate their journals with each other simply to gain access to each other's icons. Imagine if all of DW associated their journals with each other in order to achieve one massive communal pool of icons! (Okay, enough people have security concerns that that would never happen. But it could happen with some smaller subset.)

But then, I don't think I'm as sold on the overall concept. Right now someone might well pay for two paid journals just to keep the same set of 75 icons on two different journals. My attitude is sorta why give it to them for free if they'd be willing to pay for it (although admittedly going by what hypothetical people might be willing to do isn't all that useful) while you'd say they deserve to have to only have to pay for the one journal.
ilyena_sylph: picture of masked woman with bisexual-triangle colors in gradient background (Bi masked)

[personal profile] ilyena_sylph 2010-10-21 05:06 pm (UTC)(link)
The joy of the central model is that it actually allows for a step further than that - if your *Account* has X icons, why would we care which *journal* uses them?

Oh I LOVE Y'ALL!!!!! I mean, seriously, I love you SO MUCH for aiming y'all's thoughts that way, I don't care what it would cost to be able to have the icons on my various journals where I can GET TO THEM from any journal, I'd pay it!
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 05:16 pm (UTC)(link)
Lest I be accused of leading you on, I should re-iterate "if we go that way at all".
ilyena_sylph: picture of Labyrinth!faerie with 'careful, i bite' as text (Default)

[personal profile] ilyena_sylph 2010-10-21 05:18 pm (UTC)(link)
*laughs, grins* Oh, I get that. I know this is early development.

But consider me hopping up and down with pom-poms in favor of some version of the above.

I'm sure whatever you come up with to deal with it will be awesome, I just happen to really like that one.
emory: (Default)

[personal profile] emory 2010-10-21 06:01 pm (UTC)(link)
So they could be available centrally to all your journals.

Hmmm, but I look at people's icon pages all the time and I'm sure others do too, so would icons still be primarily associated with one account, which they would only show up on the icon page of? Or would every linked journal's icon page show the big pool? Could it be optional? And if the association is private, not public, would the icons be kept separate (at least by default)? Because another thing is, if I'm posting as 'sekritidentity,' and all my icons from everywhere are on the menu, I might accidentally pick one that was only to be used as 'othersekritidentity' and then people would know. ;D And if icons from one account are shown on the icon page of another account, likewise, people will ~know~ omg. (Potentially. Which is sufficient.)

So maybe only the publicly linked identities' icons could be added to a big pool, or one could pick which ones or something? (If this idea were to be used.) And if one could pick which journals shared icons, that would be nice for, say, two rp journals that you have who are the same character on different games. None of your other journals need those icons and vice versa, but it would be really handy not to have to upload them twice and have the combined number of slots for different expressions or whatever. (I'm not sure if they have a specific term for this *g* I don't actually rp, just followed The Leaky for a while once upon a time.)

Which makes me think of something else -- what if you do have these two other journals that you want associated with each other publicly, but you still don't want your primary journal to be publicly associated with either one? Can you do that?
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 06:36 pm (UTC)(link)
I had in mind that you would still associate icons with journals. To me, it's just a way of saying "I have one paid journal and 2 unpaid journals, therefore I have 105 icon slots [or whatever]." So you can have 3 on your primary journal and 100 on a secondary, and get the relevant choice when you switch "post as". Sharing would then be trickier, you're right, but perhaps in the icon selection there could be "show all linked", so it's just one more step. But yes, you could probably associate them with one journal, but have a "make available to" selection for other journals.
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

[personal profile] azurelunatic 2010-10-21 07:04 pm (UTC)(link)
Consider also the HOLY FUCK Y'ALL THAT'S A LOT OF TAGS problem, where on LJ there was massive clustersuck when one user opened her edit-tags-on-entry page, because she had several tens of thousands of tags. Probably a good idea to cap icons to a limit that won't kill anything, even if you never think anyone will reach it, and then document that somewhere that Support can find it.
existence: wires, circa 1985 (wired together)

[personal profile] existence 2010-10-21 08:19 pm (UTC)(link)
I can think of one other problem with the shared icon model, and it's semi-rp specific, which may be an minor issue, since some subsection of RP culture runs on icons?

Say every member that wants to in an RP community theworld has access to citizensoftheworld, a non-player character or NPC account. NPCS are used for characters that aren't important enough to merit an application or are world specific. Say Annabelle is a player of theworld, and so her her friends, Boris, Cathy, and Dan, each playing as different player characters who have access to the citizensoftheworld account from wherever they choose to hook up their accounts? And the account is basic and has icons that related to each of the 10 villagers and the 5 village cats, totalling 15. Now say Boris wants to upload kitten icons to citizensoftheworld, because the cats just had kittens in what is a fairly standard thing to cats (who doesn't love kittens!) but finds the NPC account is full of icons, but some of the other journals associated with the account have spaces left open on them. He also has space left for icons on his personal secondary account that he uses to post his daily photos, called boris_picspams.

What would be the error he'd get? Would he be told that he has space for icons in his boris_picspams account? Would he be told about the space on the other journals?

...i would also really like it in this shared icon scenario that there would be a option to have the icons displayed by journal first, then keyword. Thinking ahead some more, anyway. Or maybe choosing which accounts I want to be displayed by default in my icon keywords list (because oh man, I can just see three accounts worth of paid getting quite...lengthy... to scroll through.)
valentinite: Spock showing McCoy how to do the vulcan salute (vulcan salute)

[personal profile] valentinite 2010-10-23 03:20 am (UTC)(link)
So they could be available centrally to all your journals.

As much as I could see this being awesome, I can see it having some serious issues. I only have two DW journals; all of my RPs are entrenched on LJ and not going anywhere.

But I have RP icons tagged with fairly generic descriptors that may exactly overlap, or may just be way too similar. If I'm picking "smile" I want to be sure I'm getting the right character's smile, else it's nigh useless. And the menu is long enough as-is; if I had all of my journals on there I don't even want to think about how many icons that is.
cat_rood: (Default)

[personal profile] cat_rood 2010-10-21 11:30 am (UTC)(link)
... But this is why I have firefox and ljlogin?
cat_rood: (Default)

[personal profile] cat_rood 2010-10-21 12:19 pm (UTC)(link)
I think my biggest problems are
1) the security risk. Accounts can and DO get hacked. Or an email gets hacked. This can just screw up everything if the accounts are all connected through a website.
2) Connecting certain accounts. I know I'm not the only one who likes to keep RL, fandom and RP separate. If the accounts are all connected, then the crossover could connect. And, ya know, the last thing I want is my boss knowing I write blood-play-kink Nightcrawler/Byakuya Kuchiki porn.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 12:33 pm (UTC)(link)
1) is an eternal tradeoff - security vs convenience. Linking accounts will always be optional so the user can make their own decision about that tradeoff.

2) We want the "do not publicly link these accounts" to be watertight for that reason. It should never be possible for people to identify privately associated accounts as associated. Which said, it's still possible to maintain one set of linked accounts, and one totally unlinked account the way you can at the moment.
helens78: A sheep with the DW logo on it dreams of Dreamwidth. (dreamsheep: dw swirl)

Totally whimsical response, not actually meant as a suggestion

[personal profile] helens78 2010-10-21 04:57 pm (UTC)(link)
Okay, #1 just made me think "Short of DW offering second factor auth..."

And now I am having thoughts of little RSA tokens that are Dreamsheep-shaped. AND I WANT ONE LIKE BURNING. :DDDDDDDD

(This is a totally whimsical response not actually meant as a suggestion, which is probably only hilarious to other security nerds.)
cheyinka: A glowing blue sheep with green eyes (electric sheep)

Re: Totally whimsical response, not actually meant as a suggestion

[personal profile] cheyinka 2010-10-21 07:12 pm (UTC)(link)
I would use one of those! That'd be great. (And completely impractical, and aggravating when I inevitably put it in the washing machine, and I am not seriously suggesting this either, but still, awesome.)
helens78: A sheep with wool decorated with Matrix-style characters dreams of the Dreamsheep logo. (dreamsheep: matrix)

Re: Totally whimsical response, not actually meant as a suggestion

[personal profile] helens78 2010-10-21 07:16 pm (UTC)(link)
Heeeee, indeed, because unlike my Blizzard Authenticator, I can't just leave a DW authentisheep on my gaming rig and never worry about where it's gone. XD And inevitably, I would end up saying "Doing my Bo Peep impression here! Where has my authentisheep gone?"




Okay, I totally wrote that entire paragraph because the word "authentisheep" is so cute I can hardly stand it. I need someone to invent something that will give me the excuse to use the word "authentisheep", like, now. I may try to figure out a way to work "authentisheep" into my next story. XD
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

authentisheep

[personal profile] azurelunatic 2010-10-21 07:20 pm (UTC)(link)
... with a drawstring under the tail so you can secure it around the USB connector.
tyggerjai: (Default)

Re: authentisheep

[personal profile] tyggerjai 2010-10-21 07:21 pm (UTC)(link)
A fliptop head would be more tasteful, surely!
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

Re: Totally whimsical response, not actually meant as a suggestion

[personal profile] azurelunatic 2010-10-21 07:18 pm (UTC)(link)
... omg omg omg omgomgomgomgomgomgomgomgomg.

Staff's Official Tokens. :D :D :D :D :D :D :D

I'm not sure if I can scale down the crocheted dreamsheep build enough to make an RSA token cozy. Maybe with crochet-cotton?
tyggerjai: (Default)

Re: Totally whimsical response, not actually meant as a suggestion

[personal profile] tyggerjai 2010-10-21 07:20 pm (UTC)(link)
Could one knit it and felt it down? Does felting work that way?
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

Re: Totally whimsical response, not actually meant as a suggestion

[personal profile] azurelunatic 2010-10-21 07:24 pm (UTC)(link)
I believe that there's a certain amount of shrinking involved in felting, but considering the scale of the original crocheted dreamsheep, it would not shrink that much.
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Re: Totally whimsical response, not actually meant as a suggestion

[personal profile] helens78 2010-10-21 07:27 pm (UTC)(link)
Oh, DO EET!!! And take pictures!!! :D :D :D

(ETA: Does staff actually have tokens? Because that would be amazingly cool, if so. :D )
Edited 2010-10-21 19:28 (UTC)
lorax: Puppy Has World (Misc: Puppy "World Is Mine")

[personal profile] lorax 2010-10-21 12:41 pm (UTC)(link)
This has tremendous potential and I'm not gonna lie, I'm super excited about the idea of it showing up later on! It makes my RPing, multiple-journal-having heart happy.

I do really appreciate how much care it's obvious you're putting into making sure that linking won't be public without permission/desire, so that people maintaining separation of identities or privacy concerns can still make use of this, without "outing" themselves. It's that kind of concern for the user base that makes me so happy to be able to contribute my little paid account fees here!
ninetydegrees: Drawing: a girl's face, with a yellow and green stripe over one eye (Default)

[personal profile] ninetydegrees 2010-10-21 12:42 pm (UTC)(link)
Can secondary accounts have different email addresses?

Yes, please. I have several e-mail accounts and several DW accounts to keep things neatly organized and easier to manage. I would see no point in linking my accounts if it meant I had to give up on keeping my e-mails organized.

Creating a secondary account should require an invite code?

I don't see why not.

2)She'd like to be able to subscribe to some other journals via her personal journal, and some via her work journal (so that her mother never knows about them!). But she'd like to read them on the same page – one central reading page. She'd still like to be able to filter, though – for her fiction, sometimes she just wants to read fic_annabel's reading page.

I would hate to have the central reading page as a default. Again, I keep things separate because it makes it easier for me and would not link accounts if I couldn't decide how separated I wished them to remain.

4)She'd like a link to the fic_annabel journal to show up on the profile for dw_annabel, and vice versa, as being her journals. But under no circumstances should her mother be able to discover a connection between dw_annabel and work_annabel!

I'm not sure what's suggested here but I'd like to have the same privacy settings for this as for other profile elements (everybody, registered, access only, nobody).

When she goes to leave a comment in she needs to be able to choose whether it shows up as a post from dw_annabel, fic_annabel, or annabel_work.

Sure, but I don't think she should always have a choice. Let's say fic_annabel's on my Access List and I've posted a locked post. I only want comments from fic_annabel, not dw_annabel. I may not know who dw_annabel are and seeing a comment from this stranger on my Access Only post could scare me and make me go straight to Support... unless there's a way I've been made aware the two accounts were connected by fic_annabel and given them explicit permission to comment on my locked posts with either account (and have a way to remember who's who otherwise it could get hard real soon).
Edited (typo) 2010-10-21 12:45 (UTC)
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 12:50 pm (UTC)(link)
*nod* We should never allow a journal identity to post a comment when that identity doesn't have privs, regardless of the account "behind" it. If you've given access to fic_annabel, then even if dw_annabel can read locked posts, only fic_annabel should ever be able to comment.
sharpest_asp: Nate Ford sitting on a bench, Sophie Devereaux resting against his lap (Default)

[personal profile] sharpest_asp 2010-10-21 01:25 pm (UTC)(link)
This is a pile of programing, I think.

This is also one of the cases where it seems you will need to have a very detailed permissions page, where you maintain and edit the things that affecting one journal can do to the rest.

Personally, I hope this procedure is hashed out and added. I'm one of those with multiple accounts (and how! RP is addictive). So many times, I have been on one of my fic journals and wanted access to my main journal's settings.

One point, and this is pure aesthetics in the end. If a linked primary/secondary comments on one of its mates, will there be a way to get the system to understand not to send a copy of a comment made? For instance, I am forever commenting on [personal profile] double_trouble as [personal profile] sharpest_asp. I then get a copy of my own comment because it doesn't know it is me. And I can see where it might not be feasible to change that, but I'm throwing it out there as a further brainstorm point.
noxie: friendly girl smiling (Default)

[personal profile] noxie 2010-10-21 01:37 pm (UTC)(link)
If a linked primary/secondary comments on one of its mates, will there be a way to get the system to understand not to send a copy of a comment made?

Oh yes, that would be important to me too. It's one of the (many) reasons I don't like using multiple journals and go for one-person communities instead. I find getting my own comments emailed incredibly annoying.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 02:30 pm (UTC)(link)



This is also one of the cases where it seems you will need to have a very detailed permissions page, where you maintain and edit the things that affecting one journal can do to the rest.

In what sense? I haven't thought through the actual UI much yet, so I'm interested to hear thoughts. I have in mind really just that the primary account edit pages have a selector to choose other accounts to apply the changes to, and then if you want to rescind the changes one by one on other journals, you can edit them directly. Do you mean the linking and access stuff?


One point, and this is pure aesthetics in the end. If a linked primary/secondary comments on one of its mates, will there be a way to get the system to understand not to send a copy of a comment made? For instance, I am forever commenting on [personal profile] double_trouble as [personal profile] merfilly. I then get a copy of my own comment because it doesn't know it is me. And I can see where it might not be feasible to change that, but I'm throwing it out there as a further brainstorm point.

Oh, absolutely. I think making that sort of thing easy is one of the prime drivers for this. It all falls under the "Why does the stupid machine not know that I'm the same person!!" umbrella :)
sharpest_asp: Nate Ford sitting on a bench, Sophie Devereaux resting against his lap (Default)

[personal profile] sharpest_asp 2010-10-21 02:39 pm (UTC)(link)
I'm no programmer (seriously; I struggled in C++ for school). But I'm looking at it from the sense of how many variables are possible to be affected. Bans, access-lock accessibility, etc will all need to be options that you set as 'always do/never do/always ask' for each journal linked to one account. Will there be a limit on how many accounts can be linked? If not, what kind of stress-load does it place on the servers to manage the changing?

Maybe I'm thinking too hard, but it just looks like a lot of things to link in.
opera_cat: (arthurian)

[personal profile] opera_cat 2010-10-21 02:17 pm (UTC)(link)
That sounds really awesome.

[personal profile] desh 2010-10-21 02:43 pm (UTC)(link)
Would this let me connect this account to [identity profile] desh.livejournal.com? That's what I'd want to use it for...
kareila: (Default)

[personal profile] kareila 2010-10-21 04:41 pm (UTC)(link)
That's also planned but in a different bug: http://bugs.dwscoalition.org/show_bug.cgi?id=188
elysium_fic: (Default)

[personal profile] elysium_fic 2010-10-21 03:39 pm (UTC)(link)
As a "sockpuppet" with a main journal (I write fic I don't want associated with my "real" persona) I absolutely support this concept. It's been quite difficult having to manage my various logins, and I've had lots of times when I've failed and posted a comment while logged in from one account while intending to post it from another, thereby compromising the anonymity my sockpuppet identity.

The proposals both sounds great and I can't think of anything to add. It's a brilliant idea and I cannot wait to see it implemented.
tyggerjai: (Default)

[personal profile] tyggerjai 2010-10-21 03:45 pm (UTC)(link)
"DW: We even care about your sockpuppet"
lanterne_rouee: dreamwidth: dare to be you (whoever that may be.) (dw dare)

[personal profile] lanterne_rouee 2010-10-22 07:35 pm (UTC)(link)
"DW: We even care about your sockpuppet"

XD Hilarious! The one thing left out of the diversity statement.
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Shared access = massive security hole (but maybe not as much as I thought?)

[personal profile] helens78 2010-10-21 03:51 pm (UTC)(link)
First of all, I want to kick this off by saying that I have been really, really excited about the primary/secondary account system since it was first mentioned back on the mailing list. I think it is a killer feature, and I am really, really, really excited about the prospect of bringing it in.

However, there are some issues with the spec that, as written above, freak me out from a security perspective. I'm going to try to tackle these one at a time, so that people can either a.) calm me down and explain why my take on them are wrong, or b.) discuss them individually rather than having them get lost in the conversation flow. :)

So first of all: let me respond to the big, huge, terrifying suggestion in the spec:

If someone has given access to any one of your accounts, and you go to their journal, you see the locked entries.
If someone has given access to only one of your accounts, and you subscribe to them from another account, what happens when you look at the reading page of that account? Do you see the locked entries or not?


3)Similarly, when she's reading as dw_annabel, she would like to read any post that has given access to her work_annabel or fic_annabel journals.

3)The project SHOULD provide a single central reading page for the primary account, which will incorporate all journals to which all associated journals are subscribed. Such an interface SHOULD include locked posts to which any associated journal has access.

From the way this is written, I can see that this is still a point of contention, and thank goodness for that, because this allows for a truly heinous security hole the likes of which make me positively dizzy.

I'm really glad that the OPs talked about shared accounts, because that is precisely where the security hole comes in. In a system where only one person may control a journal, period, it makes perfect sense to assume that any post to which primary has access, secondary1 and secondary2 also have access, because they belong only to primary. Same person, same access.

However, in a system where secondary(comm_mod) is shared between primary1 and primary2, then allowing secondary(comm_mod) to view everything that primary1 has access to also means granting primary2 access to everything primary1 has access to.

That is a huge security hole, particularly in light of the fact that the spec calls for people to have private secondary accounts.

Now, I am very much in favor of private secondary accounts -- I would be very, very happy to associate my RL journal, or my original fic journal, with this one, so long as I did not have big flaming signs (or even little, non-flaming signs) on the profile pages that say RL_helens is a secondary account for helens78. That would be fantastic.

However, if you grant global access to all secondary accounts associated with a primary account, you are quietly granting access to accounts without the knowledge or consent of the access-granter. And if those secondary accounts are shared accounts, then you have just quietly granted access not to the same user, but to potentially any number of unknown users.

Let me spell this out a little more concretely, in case it's not clear why this is a scary idea:

my_best_friend has access to every filter I use. She co-mods not_my_fandom_kinkmeme with somebody_I_don't_know, somebody_else, some_third_person, and my_worst_enemy, using not_my_fandom_kinkmeme_mod. For various reasons, not_my_fandom_kinkmeme_mod does not list its primary accounts on its profile page, and we certainly don't want a system in which my_best_friend must reveal all her secondary journals on her profile page.

Right now, the access flow looks like this:

my_best_friend: access
somebody_I_don't_know: no access
somebody_else: no access
some_third_person: no access
my_worst_enemy: no access
not_my_fandom_kinkmeme_mod: no access

However, if not_my_fandom_kinkmeme_mod, as a secondary account to my_best_friend, is automatically granted access to everything my_best_friend has access to, then the access flow suddenly looks like this:

my_best_friend: access
somebody_I_don't_know: ACCESS - which I didn't grant and don't know about
somebody_else: ACCESS - which I didn't grant and don't know about
some_third_person: ACCESS - which I didn't grant and don't know about
my_worst_enemy: ACCESS - which I didn't grant and don't know about
not_my_fandom_kinkmeme_mod: ACCESS - which I didn't grant and don't know about

DW could certainly stop this from happening by allowing an account to be secondary to only one journal, but it seems clear from the Annabel/Boris examples that secondary accounts are designed to include the shared journal paradigm (and allowing only one person to have a secondary journal would really lessen the utility for people who are deliberately looking for this feature; see this thread). Allowing people to pass secondary accounts like a hot potato (so that people can change whose secondary account it is, but can't have shared access at the same time) would maintain security, but would also make it difficult for shared mod accounts to react in-the-moment -- if PrimaryMod is hit by a bus, and all hell breaks loose on the community, and PrimaryMod has to release a secondary journal to SecondaryMod, the community is not going to get mod responses in a timely manner.

DW could also set up a system that allows people to see locked posts only if all accounts under the primary account have access to those locked posts, but I think this is not very feasible -- I can't think of anyone who has access to all of the accounts I would list as secondary accounts. Then I wouldn't get any locked posts at all.

DW could set it up so that your reading page allows you to read as only one account at a time, and you would have access to only those posts that you are explicitly granted access to as that account, using some kind of navigation dropdown: if you select my_best_friend, you get all the posts that my_best_friend has access to, but if you select not_my_fandom_kinkmeme_mod, you get only those posts that NMFKM has access to. This is terrific for shared journal situations -- if you are logged in as my_worst_enemy, you don't have access to my posts, and if you switch to NMFKM, you still do not have access -- only if I have explicitly granted access to one of your accounts do you see access-locked posts. (But that completely kills off the "read all posts from all accounts" idea.)


The thing that seems so unbelievably scary about this is not that there might be some person masquerading as, say, totally_innocent_journal who happens to be a sockpuppet for my_worst_enemy -- in a situation where one journal can be owned by only one person, and everyone can be anonymous, you pays your money and you takes your chances.

What seems scary to me is the fact that in a system like this one, you may be -- and in many cases, absolutely would be -- granting access to people without knowing about it or consenting to it. That is a massive, massive security hole, and one that definitely needs serious discussion and thought before implementation.

ETA: [personal profile] tyggerjai has clarified some of this here in this thread. I'm still antsy, but this is different from how I was envisioning it.
Edited 2010-10-21 15:58 (UTC)
helens78: A man in a leather jacket, seated on the ground, looks up hopefully. (Default)

Discounted time for paid secondary accounts!

[personal profile] helens78 2010-10-21 04:10 pm (UTC)(link)
Shop - as well as "buy paid time for me" and "buy paid time for another user", need "buy paid time for my secondary account(s)" (which might be discounted)

Have a careful think about transferring a secondary account from one primary account to another.

As long as the numbers are sufficiently crunched for this, I think that would be a pretty amazing idea. I'm sure lots of RPers would buy extra accounts for their secondary journals, especially if they could get them at a discount.

However, there'd need to be some check on this, so that you don't end up buying discounted paid time for one journal, then making that one your primary journal, and buying discounted paid time for your former primary journal, so that you get all of your time at a discount just because you're gaming the system. (Maybe a journal that's been paid at the discount secondary rate can't be made a primary without ponying up the difference between the discount secondary rate and the normal primary rate, or waiting until its paid time expires altogether?)
ilyena_sylph: picture of Labyrinth!faerie with 'careful, i bite' as text (Default)

Re: Discounted time for paid secondary accounts!

[personal profile] ilyena_sylph 2010-10-21 04:59 pm (UTC)(link)
I'm sure lots of RPers would buy extra accounts for their secondary journals, especially if they could get them at a discount.

In a hot microsecond. I've got fifteen RP accounds and a seed. I buy for some of my secondaries every so often, but if I could get a discount rate on them... hot damn.

Page 1 of 2

<< [1] [2] >>