-
Yes. But again, why get bogged down in the minutiae of an edge case or corner case of what could be achieved.
-
Out of interest, how useful is the folders feature in subscribed threads?
I'm working on v1 of the notifications dashboard now (initially only for new posts in comment threads you're watching, and mentions of your profile using +username).
Statistically, no-one uses it.
I think I tried using it but it didn't turn out to be what I wanted it to be. I can't remember, though, as it didn't make much sense.
I also think that I decided a while ago that I preferred the way in which notifications weren't too compartmentalised.
-
When somebody is ignored in microcosm will they be completely ignored? Don't want no "a useless and annoying thing has been posted by somebody really irritating, LOL!" message on my beautiful thread listings. Need them tidy-tidy. Also no seeing quotes from them when some poor wretch who has not yet seen the line starts repeating what they say.
I know that vBulletin uses a particularly crappy way of handling ignore lists, but hopefully this is one of the things that the InternetBrands killer is going to kill.
-
It's actually simpler for us to write a query that hides ignored people totally.
Otherwise we would have to write all kinds of special rules and then hope that the clients of the API honour them. Best not to trust the clients and just not to return the ignored people's posts.
So we'll probably go for simply removing all mention of them silently. And if people notice gaps and want to unignore they'd have to go to some control panel and unignore them there.
-
When somebody is ignored in microcosm will they be completely ignored? Don't want no "a useless and annoying thing has been posted by somebody really irritating, LOL!" message on my beautiful thread listings. Need them tidy-tidy. Also no seeing quotes from them when some poor wretch who has not yet seen the line starts repeating what they say.
I know that vBulletin uses a particularly crappy way of handling ignore lists, but hopefully this is one of the things that the InternetBrands killer is going to kill.
Boss level ignore: vBulletin - Full ignore -
Most of you will already have seen the new features appearing soon, but if not here's the email update I sent out yesterday: http://microcosm.app/updates/september.html
-
I'll be talking to the people at Mozilla who are working on Persona (the login service that we use on Microcosm) this afternoon.
So if you have any general feedback about the login stuff specifically I will pass it on.
I know rive_gauche had trouble logging in from a locked-down browser in a corporate network, but other than that I think it's been pretty smooth.
Logging in is one of the slowest parts of the site at the moment (and it's made more obvious by the fact that almost everything else is very fast) so we may eventually end up hosting our own version (the code is all open-source) where we can better control that factor.
-
There are some self-hosted Persona instances that already offer 2-factor auth: https://persowna.net/
If we need such a thing, we could always host our own.
But yeah, I agree that it would be nice if that was in the original Persona
-
Actually what I want to do there is utilise the same stuff that does YouTube video embedding.
I want links to auto-convert into some useful preview or embedding of what's at the other end of the links.
From a technical perspective... imagine if the only thing that the user did was to put links in posts and we would follow them, read the mime-type of the end item in the HTTP chain, and if image embed, otherwise if HTML look for open-graph or Twitter card and auto-embed that way.
And... if someone did CTRL+V and pasted what was obviously an image... upload and auto-attach.
I want posting and editing, attaching and embedding... to be so incredibly easy that even thinking of anything else is hard.
How about being able to resize whatever is embedded without having to click through to youtube, for example? Hate how small videos embed on here at the moment...
-
The conversation with Mozilla on Friday was interesting. It was mostly a user interview so that they could gather feedback on our experience using Persona for Microcosm, but they also spent some time answering my questions.
For two-factor authentication it's worth explaining how the protocol works first. When you log in to a site using Persona, this results in the domain that supplies your email account being asked a question, which is essentially "how do I know this user owns this email address?". The domain responds with this file:
https://developer.mozilla.org/en-US/docs/Mozilla/Persona/.well-known-browserid
Which tells Persona things like where to redirect the user to identify themselves (e.g. a login page) and some other information about how to verify the identity.
So if your email address ends with example.org, Persona will hit example.org/.well-known/browserid to fetch that information.
But if your domain doesn't serve that file, Mozilla provides a "fallback provider" which will authenticate a user with any email address. That's when you get asked for a password in the Persona popup (and you can see your account here: https://login.persona.org/).
With the new Google Account bridge this doesn't happen - it relies on your login status with Google.
The upshot is that we can, at some point, implement that fallback provider ourselves (or pay someone else to do it) with two-factor authentication support.
I don't know the implementation details of the bridge with Google Accounts very well (it is here: https://github.com/mozilla/browserid-sideshow), but it is my suspicion that adding two-factor authentication to that flow would be difficult, and wouldn't add much protection since Google has already verified your identity using two-factor authentication if you have it turned on. So even if we were to implement a fallback authority with two-factor support, it might not do anything if you used a Google Account with it. (see edit though)
Based on the phone call last week, Mozilla don't have plans to add two-factor authentication to their own fallback provider as they are keen to have email providers do the authentication part.
Gory details of the provisioning flow are here: https://github.com/mozilla/id-specs/blob/prod/browserid/index.md#identity-provisioning-flow
I'm just chatting with them again in the irc channel about a few other things so will write them up here as I know more (e.g. Android SDK).
Edit: the other thing is we could always add two-factor auth with something like Google Authenticator after the Persona bit finished. Could be a good future option and it wouldn't matter what type of account was used beforehand.
-
Slightly off topic, but I find login with persona a bit clunky.
I'm always logged in to gmail/google with my primary gmail address, but I use a secondary gmail address for forums (and now for microcosm). I use POP3 to check my secondary email address via my primary, and have various filters in place to only see the good stuff, so I never log in to secondary directly.
When I try to log in to microcosm via persona, it throws a wobble because I'm not logged in with my secondary address. It wants me to logout of my primary, which isn't going to happen.A way around this is to use 'Add Account' in gmail to add my secondary account, so that I'm logged in to both at the same time. I'd rather not do that, as it sort of defeats the purpose of having the secondary address.
Am I unique in this, or is this just something to live with?
Emyr
NotThamesWater
motter
Velocio
skydancer
Oliver Schick
bothwell
Dramatic_Hammer
hamster-
Post a reply
About
Microcosm Feature Suggestions
Posted by
@MrDrem
Of course you could. But why would you limit yourself to escrow? Or expose yourself to the additional risk and limited reward of escrow? That's not to say that you couldn't though.
My point is that an intra-community escrow service would be a restricted implementation of a much larger service.