[isf-wifidog] Possible problem with Laika

Mina Naguib webmaster at topfx.com
Dim 6 Mar 21:47:16 EST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I just did a similar test too.

Unless I missed something, here is how it went:

1. Entered my homepage's URL in the address box
2. WiFiDog captured it, re-directed me to auth server
3. In there I clicked "create new account"
4. Took me to a page where I got to select a new username/password/email
- - clicked "next"
5. Took me to a page that said I now have 15 minutes to check my email
to validate my account

IMO this is misleading. At step 3 and onwards I was strictly dealing
with the auth server.  It never forwarded me to my local wifidog to
actually move me to the "Validating" stage.

After step 5 I thought everything should work, but nothing worked (I was
still anonymous)

I tried to POP/IMAP my mail but it failed.

I had to visit a web site again, which got again re-forwarded to the
login screen.  Only when I entered my new username and password did
wifidog get notified I'm now "validating" and open some more ports and
web access.

Like you've said, we perfected something technically so well that we may
have lost a bit of perspective on the user experience (especially a part
most of us rarely do anymore).

In my opinion the message shown in step #5 above is highly misleading
and I can think of 2 things to address that:

1. The message should read "Your account is created. You now need to log
in with it >>here<<.  After you log in you must check your email within
15 minutes"

or I'd prefer:

2. Upon account creation, the auth server should automatically re-direct
the user back to their wifidog as if they successfully logged-in with
their new username+password.  Wifidog will then make them "validating"
and can then re-direct them to a screen that says "You now have 15
minutes to do check your email etc.."

Philippe April wrote:
| I just tested the chain, it works well but I have comments:
|
| 1. Port 22 outgoing is blocked so I couldn't do my regular SSH port
| forwarding to check my mail. Perhaps we should accept this for the
| validation period?
|
| 2. I just realized, if I did like a lot of people and double-click on
| links instead of single-clicks, well I'd probably get an error message
| at the login page. Therefore, I would not get the "you get 15 minutes of
| access, please go ahead, thank you" but "Access denied" or something
| like that, because the token would already have been used.
|
| I think we should do something about that. Perhaps we could detect... If
| the token has been used already, but it's only been a few seconds only,
| spit out the same message because "it's been double-clicked".
|
| Input? Input? I say we open port 22 and do something for double-clicks
| like I mentionned.
|
| If you want, read the following too, I'm just thinking loud:
|
| It's funny how... We do something pretty challenging technically, and it
| works so well at this moment, we're so glad about stability, it's our
| baby. But still, the issues we have are issues related to user interface
| and double-clicking links! Issues we just wouldn't think about because
| we don't do it...
|
| Perhaps we should be a bit closer to the users. How about just taking
| time to walk into a frequently visited cafe to ask the users "now, how
| was signing-up and all? painful?"
|
| I've heard twice now that the link that says "Sign-up, it's free!"
| highlighted in green.. is not clear! To me, it's perfectly clear!
| </done>
|
| On 6-Mar-05, at 9:20 PM, Philippe April wrote:
|
|>> -----BEGIN PGP SIGNED MESSAGE-----
|>> Hash: SHA1
|>>
|>> Intéressant.
|>>
|>> I think we need to create a little document to test the whole chain.
|>> Basically take time to create a new account and follow the whole
|>> chain, including the case where the user doesn't validate his account
|>> and gets 'locked'.
|>>
|>> That should be done both when we have a new version of wifidog out,
|>> AND new auth server changes.
|>>
|>> Let me do a test right now, I'll let you know if everything goes well.
|>>
|>> On 6-Mar-05, at 8:33 PM, Daniel Drouet wrote:
|>>
|>>> I was at Laika today and one of their staff (who happens to be a big
|>>> fan of ISF) told me that people often try to set up new accounts, but
|>>> are unable to go anywhere during their 15 min period of grace. So far
|>>> he gives them Laika's username/password, so that they can log in and
|>>> check their email. After that, they can log in and use their newly
|>>> validated acct without a hitch. Unfortunately, I didn't have a laptop
|>>> with me, so I couldn't try to replicate the bug.
|>>> _______________________________________________
|>>> WiFiDog mailing list
|>>> WiFiDog at listes.ilesansfil.org
|>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
|>>>
|>>>
|>> Philippe April
|>> GnuPG: http://key.philippeapril.com/
|>> Skype ID: mousetrap
|>>


_______________________________________________
WiFiDog mailing list
WiFiDog at listes.ilesansfil.org
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCK8CzeS99pGMif6wRAm/XAKD0s2q1UPaU+4gnImuH4efixEdqdwCgrsY3
i0+zZ9Bcnzr2le6+6Zmxhzc=
=JZQJ
-----END PGP SIGNATURE-----

Plus d'informations sur la liste de diffusion WiFiDog