Re: [Mailman-Users] Hijacking threads and netiquette (was: e: Obscure addresses problem)
On 9/5/06, Brad Knowles
At 1:14 PM -0500 2006-09-05, David Dyer-Bennet wrote:
Did you search for "reauthentication"? Or "saving my changes"?
No; I searched for "password" and "firefox", I believe. Obviously there were a number of entries mentioning passwords, but none about saving them.
Correct, there are a number of entries that mention "password", which is why this isn't the best search term. Nevertheless, I have gone ahead and modified the subject lines of the two most relevant FAQ entries to also include the term "password".
While I agree it's not a wonderful search term by virtue of being relevant to a lot of different FAQs, it's the one people will be looking for in this case; the problem is that their browser doesn't offer to remember their password.
If there *is* such a FAQ; you haven't yet exhibited one that has anything to do with the issue I'm raising.
You apparently did not take the hint that I gave you previously. You really should search for the term "reauthentication", which will come back with one and only one FAQ entry, which I believe is relevant to your query. You should also search for the phrase "saving my changes", which will come back with one and only one FAQ entry (which is different from the other one), which might also be relevant.
Could you *please* drop your condescending tone about 10 decibels? I *did* search for "reauthentication", it's how I got to FAQ 4.65, which I mention below. ***THAT IS NOT RELEVANT TO MY PROBLEM.*** I have said this before, several times. I'm getting tired of not being listened to. Also FAW 4.45 is not relevant to my problem. They're about a different set of symptoms entirely. My problem, as I have said from the beginning, is that browsers (specifically Firefox, though I note the same problem reported against Safari in feature request 966157) do not recognize the password field on the mailing list administrator login page as a password field, and hence do not offer to save it for me, and hence make it much, much harder to deal with mailing list administration than it needs to be.
I don't see where "saving my changes" would come in; definitely not something I'd search for when the issue is that browsers aren't recognizing a password field.
Try reading the two FAQ entries in question. If you can come up with some suggested improvements to the wording, please go ahead and do so. After all, this is a community supported document, and all the information you need for making changes to any of the FAQ entries is already present on the page.
I HAVE read the FAQ entries in question. I don't want to change those two, becaues they're not relevant to this issue (and presumably *are* relevant to the issues they are addressing, so I shouldn't hijack them).
Why doesn't Firefox (or other browsers, I think I've seen the same behavior in Opera) offer me the chance to remember the Administrative password for my site?
I'm not yet convinced that there is anything here that is not answered in the FAQs.
I'm not convinced there's anything about this in the FAQ.
That's possible. If this really is a browser-specific issue with Firefox, then it would be the very first time I've ever heard of this kind of thing, and I frequently use Firefox myself.
It's probably not specific to Firefox. I reported it against Firefox because that's where I've actually seen it happen. I seem to remember seeing it in Opera as well. And as I mentioned above, another user has reported it in Safari.
4.65 is not about the issue I'm raising; that's about cookie issues, whereas my case is that the password field isn't recognized in the first place.
Maybe I'm wrong, but you should at least look at the other FAQ entry as well.
If I am wrong, then this is the very first time I've ever heard of such problems with Firefox, and will require a new FAQ entry.
While this wouldn't be the first application-specific FAQ entry, it would be the first one that is specific to Firefox, and I believe it would also be the first one that is specific to a particular web browser -- all other application-specific FAQ entries I know of have to do with other types of programs, and web browsers appear to have acted more or less the same with regards to these kinds of things.
I wrote what would have been 3.67, only to then be told that it wasn't actually open to anybody to post after all; so to keep that work from going to waste I post it here, and propose it be included (or improved and then included): Summary: Some browsers do not recognize the password on the list administrator authentication page Firefox and Safari, and quite possibly other browsers, do not recognize the password entry field on the administrator list authentication web page as a password field, and hence do not offer to remember it for you. The password field is named "adminpw" in the form rather than "password", and the browsers may also be set up to look for a pair of "username" and "password" rather than a bare password field. No workaround is known for this problem. At least one of Mailman and the browsers will have to change for this behavior to change. You should of course be very careful how and where you store your passwords; if you store them on a computer connected to the net (in the browser or otherwise) you should *at least* make sure they're well encrypted (using, in Firefox, the "master password" feature). Feature request 966157 (from 2004) was filed to get this fixed, but as of 2006-09-05 nothing appears to have been done about it yet. --------------- I'm sure it could be refined and improved, but there's a starting point.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755
I'm reading Franklin's autobiography right now (thanks Gutenberg!), and right about that date, though he doesn't choose to repeat that phrase in the autobio. It's one of my favorites, though. -- David Dyer-Bennet, mailto:dd-b@dd-b.net, http://www.dd-b.net/dd-b/ RKBA: http://www.dd-b.net/carry/ Pics: http://www.dd-b.net/dd-b/SnapshotAlbum/ Dragaera/Steven Brust: http://dragaera.info/
On Tue, 5 Sep 2006 14:23:42 -0500 "David Dyer-Bennet" dd-b@dd-b.net wrote:
My problem, as I have said from the beginning, is that browsers (specifically Firefox, though I note the same problem reported against Safari in feature request 966157) do not recognize the password field on the mailing list administrator login page as a password field, and hence do not offer to save it for me, and hence make it much, much harder to deal with mailing list administration than it needs to be.
What I cannot understand, since this is a browser issue, is that it becomes a Mailman problem. Should Mailman, and every web site on the Internet, change their programming? Should the browser programmers change their programming? I suppose the answer to those questions depend on who is asked.
-- Raquel
This above all: to thine own self be true; And it must follow, as the night the day; Thou canst not then be false to any man. --William Shakespeare
On 9/5/06, Raquel raquel@thericehouse.net wrote:
On Tue, 5 Sep 2006 14:23:42 -0500 "David Dyer-Bennet" dd-b@dd-b.net wrote:
My problem, as I have said from the beginning, is that browsers (specifically Firefox, though I note the same problem reported against Safari in feature request 966157) do not recognize the password field on the mailing list administrator login page as a password field, and hence do not offer to save it for me, and hence make it much, much harder to deal with mailing list administration than it needs to be.
What I cannot understand, since this is a browser issue, is that it becomes a Mailman problem. Should Mailman, and every web site on the Internet, change their programming? Should the browser programmers change their programming? I suppose the answer to those questions depend on who is asked.
It's an issue in the interaction of browsers and Mailman. It could almost certainly be fixed by either side. If you want to start a finger-pointing contest and say "not my problem" that's your privilege of course, but they can do so just as validly on the other side.
The schemes currently implemented in many browsers work with a huge array of sites out there, everything from ebay to amazon to sourceforge to slashdot to The New York Times, thousands and thousands of sites.
Unfortunately they do not seem to work with Mailman.
You can argue that everybody is wrong except Mailman, and all the browsers should change to support the way Mailman wants to do this (while, of course, not breaking any of the *other* sites they already work with).
If you want to argue that, please go ahead; there may be additional reasons I haven't yet seen or thought of why what Mailman does is so right that it's more important than whether it works with existing browsers, and so right that when we make the argument to the browser community they will all rush to fix the browsers. That's entirely possible.
So, make the argument.
David Dyer-Bennet, mailto:dd-b@dd-b.net, http://www.dd-b.net/dd-b/ RKBA: http://www.dd-b.net/carry/ Pics: http://www.dd-b.net/dd-b/SnapshotAlbum/ Dragaera/Steven Brust: http://dragaera.info/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
David Dyer-Bennet wrote:
It's an issue in the interaction of browsers and Mailman. It could almost certainly be fixed by either side. If you want to start a finger-pointing contest and say "not my problem" that's your privilege of course, but they can do so just as validly on the other side.
The schemes currently implemented in many browsers work with a huge array of sites out there, everything from ebay to amazon to sourceforge to slashdot to The New York Times, thousands and thousands of sites.
Unfortunately they do not seem to work with Mailman.
You can argue that everybody is wrong except Mailman, and all the browsers should change to support the way Mailman wants to do this (while, of course, not breaking any of the *other* sites they already work with).
If you want to argue that, please go ahead; there may be additional reasons I haven't yet seen or thought of why what Mailman does is so right that it's more important than whether it works with existing browsers, and so right that when we make the argument to the browser community they will all rush to fix the browsers. That's entirely possible.
So, make the argument.
Perhaps you should first show how mailman is broken here. If you're claim is that all sites which have a password entry form need to use both a username and password or that the password field needs to be named password, then I'm just going to chuckle.
If there is something actually broken about the way that mailman's admin page presents itself and makes it impossible for a sane browser to save the password, then point it out explicitly. References to any related RFC or other standard specification would be a big plus.
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
I've had a perfectly wonderful evening. But this wasn't it. -- Groucho Marx
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQFDBAEBAgAtBQJE/d9cJhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90 bXouYXNjAAoJEEMlk4u+rwzjZ8IH+QGNeGffliYhlihWflV+WP2T9GGsotXi6XJA RQmpLw59sAblRiAnPf3M+D7ricul5UZiGdGqvEUNRl6Ubwr4IyeIH/QeAmeKWPxk WLFJ6VJjVbzHh9+RqkcBG02sinklWxgNMmMyK/G8XvShumJjRzUgbI5x7DCxt872 +5zLJbx0kC1vY/spAxiG5Zy43SyKWXqq0iFHo1Hrd+St1YVaP0/k0AddeGUG4UTb Y8pKzwWoJ+tkHvmto4gtSlk0oy6/3/K9uoA1O7BmYpwDKzLSkWEuGoS6w4KftQsr Tp6P7e9kMvhVe1bq7vn7Ce8JmOi5y47THrFcZZsY1aQ/U/6nRQU= =RvQJ -----END PGP SIGNATURE-----
On 9/5/06, Todd Zullinger tmz@pobox.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
David Dyer-Bennet wrote:
It's an issue in the interaction of browsers and Mailman. It could almost certainly be fixed by either side. If you want to start a finger-pointing contest and say "not my problem" that's your privilege of course, but they can do so just as validly on the other side.
The schemes currently implemented in many browsers work with a huge array of sites out there, everything from ebay to amazon to sourceforge to slashdot to The New York Times, thousands and thousands of sites.
Unfortunately they do not seem to work with Mailman.
You can argue that everybody is wrong except Mailman, and all the browsers should change to support the way Mailman wants to do this (while, of course, not breaking any of the *other* sites they already work with).
If you want to argue that, please go ahead; there may be additional reasons I haven't yet seen or thought of why what Mailman does is so right that it's more important than whether it works with existing browsers, and so right that when we make the argument to the browser community they will all rush to fix the browsers. That's entirely possible.
So, make the argument.
Perhaps you should first show how mailman is broken here. If you're claim is that all sites which have a password entry form need to use both a username and password or that the password field needs to be named password, then I'm just going to chuckle.
If there is something actually broken about the way that mailman's admin page presents itself and makes it impossible for a sane browser to save the password, then point it out explicitly. References to any related RFC or other standard specification would be a big plus.
If you want to take a rules-lawyer approach and use it to resist any suggestion of change, be my guest. So far as I know, what's at issue here is the question of interoperability in an area where there are no formal standards in play. So, from a rules-lawyer point of view, clearly nobody is at fault.
From a real-world point of view, there's still a problem.
Given that Firefox was picking up the password, but was NOT offering it back on later visits, I'll accept the argument that the basic problem is really in Firefox. Apparently so do they, and they've fixed it in an upcoming release, see my recent previous message.
David Dyer-Bennet, mailto:dd-b@dd-b.net, http://www.dd-b.net/dd-b/ RKBA: http://www.dd-b.net/carry/ Pics: http://www.dd-b.net/dd-b/SnapshotAlbum/ Dragaera/Steven Brust: http://dragaera.info/
At 4:03 PM -0500 2006-09-05, David Dyer-Bennet wrote:
Given that Firefox was picking up the password, but was NOT offering it back on later visits, I'll accept the argument that the basic problem is really in Firefox. Apparently so do they, and they've fixed it in an upcoming release, see my recent previous message.
That still leaves us with the problem of what was causing the same apparent behaviour with Opera, Safari, and the other browsers you mentioned.
If I had to guess, I would say that it's probably a result of people using essentially the same terms to describe various problems with very different root causes, some of which may already have been addressed in more recent versions of our code, some of which may have already been discussed in the FAQ, some of which may not be our fault, and there is still the slight possibility that there may be something we could or should do to try to help make this issue more clear.
I think the biggest problem is going to be trying to figure out which is which.
There are now twenty-six different FAQ entries that use the term "password", and I've gone in and edited 4.45, 4.65, and 4.71 to all cross-link to each other because they all seem to be related to the same type of problem, albeit with various different root causes.
This is not a good situation. We need to clear this up so that we don't have these kinds of problems again in the future.
-- Brad Knowles, brad@stop.mail-abuse.org
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
Founding Individual Sponsor of LOPSA. See http://www.lopsa.org/.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
David Dyer-Bennet wrote:
If you want to take a rules-lawyer approach and use it to resist any suggestion of change, be my guest. So far as I know, what's at issue here is the question of interoperability in an area where there are no formal standards in play. So, from a rules-lawyer point of view, clearly nobody is at fault.
No, firefox is at fault. They save the password as feature and then fail to re-use it when it would be useful. Mailman has no part in this at all and asking anyone that develops a web site to change their code to suit the arbitrary scheme a browser uses to save passwords is pointless. If there were some sort of RFC that outlined how such a process should work, then it'd be fairly simple to change the mailman html output to meet it. Without that, whose arbitrary scheme would mailman use? Making one work may break another and lead to more user coming here asking why their favorite broswer's unique scheme for recognizing a pasword to save didn't work.
From a real-world point of view, there's still a problem.
Yep. A firefox problem.
Given that Firefox was picking up the password, but was NOT offering it back on later visits, I'll accept the argument that the basic problem is really in Firefox. Apparently so do they, and they've fixed it in an upcoming release, see my recent previous message.
Glad to hear it.
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
There are a thousand hacking at the branches of evil to one who is striking at the root. -- Henry David Thoreau
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQFDBAEBAgAtBQJE/eqeJhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90 bXouYXNjAAoJEEMlk4u+rwzjawIH/0NHlilX1iHm8iFFHO950PO5Ao8epYR2eqAZ XpHq7+KtU6Zde9nTPiYzMqnKcILZtEwCBnYV1fmTOb0jrYX9Nj41Qzpwi2yUR3Wy Nr6O3sR8uaK401SeUSimsmGUTRXxfFCcbLCxlqy904udlsLXHypXlMoZ2fQ7J4C1 OT2ZpUdGVBIUa441WSU4ALKO5FrUI4LBjgki3Mi1FZqfHT2FZKcS1Ov1ys1uV089 q9cK7YTYBvn19rrYwXb+bxaa0uKHJV33PZ/o2OkLDazz/hp8D5g4bOHmxu1it6Kx zMLNVce4t44SStTUH1dVhyLT1WN7T4CcHaMN4o7OMDt2wnCgflM= =4IQ/ -----END PGP SIGNATURE-----
At 2:23 PM -0500 2006-09-05, David Dyer-Bennet wrote:
While I agree it's not a wonderful search term by virtue of being relevant to a lot of different FAQs, it's the one people will be looking for in this case; the problem is that their browser doesn't offer to remember their password.
Unfortunately, with 25 different entries being returned matching the term "password", I fear that it is going to be difficult for most people to figure out which ones are or are not related to their particular question. That's part of why I made a point of using the term "reauthentication" on one particular entry, and I've tried to describe the problems using as much of the same terminology as the person who initially brought the subject to my attention.
I
*did* search for "reauthentication", it's how I got to FAQ 4.65, which I mention below.
I saw that later, but there was no clear indication that you had read both entries, and at that point I still had not received enough information from you to convince me that neither of these were actually related to the problem you were having.
My problem, as I have said from the beginning, is that browsers (specifically Firefox, though I note the same problem reported against Safari in feature request 966157) do not recognize the password field on the mailing list administrator login page as a password field, and hence do not offer to save it for me, and hence make it much, much harder to deal with mailing list administration than it needs to be.
Which sounds to me pretty much exactly like the problems described in FAQ 4.64 and 4.45, namely that your password is not being saved and you keep being asked to re-enter it. The precise mechanism of the failure may be different, but the high-level description is essentially the same. We need some way to differentiate between the underlying problems, and it's still not clear to me what the real underlying problem is or how it should be fixed -- or even if we should try to fix it within the Mailman code.
I HAVE read the FAQ entries in question. I don't want to change those two, becaues they're not relevant to this issue (and presumably *are* relevant to the issues they are addressing, so I shouldn't hijack them).
Fair enough. Then a new FAQ entry would be appropriate.
I wrote what would have been 3.67, only to then be told that it wasn't actually open to anybody to post after all; so to keep that work from going to waste I post it here, and propose it be included (or improved and then included):
Look closely. All the information you need is actually right there. You're asked for your full name, your e-mail address, and the password. The password is actually given to you in multiple places, and is pretty obvious -- although I'm not going to explicitly mention it in this public forum.
With those three pieces of information, anyone can create a new FAQ entry or edit an existing one. In fact, that's how I got involved in the Mailman project several years ago -- I installed Mailman at my site, I started seeing lots of common questions coming up on the list, and I started combing through all the FAQ entries.
-- Brad Knowles, brad@stop.mail-abuse.org
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
Founding Individual Sponsor of LOPSA. See http://www.lopsa.org/.
participants (4)
-
Brad Knowles
-
David Dyer-Bennet
-
Raquel
-
Todd Zullinger