The dynamics of an Internet Cafe

About: This is to help with specs brought up by my page option

An Internet Cafe has multiple terminals and multiple users. Eash user may be using FastBlogIt or some other program. A user may use a teminal for a time and then give it up to somebody else. Each FastBlogIt user has many roles within many groups.
Some of the roles are:

  1. Viewer of the Common River
  2. Viewer of a group and author within that group
  3. Viewer of a group and different author within that group
  4. Author within many groups
  5. Viewer & author of private items within many groups.
  6. Viewer, author in many groups on many terminals both public and private
  7. Anonymous author in anonymous groups
  8. Anonymous author for private items (probably silly!)
considerations:
  1. cookies may want information as to whether terminal is public or private as opposed to a home or business computer
  2. users of a public terminal should logoff before they leave.
  3. private info should be protected by at least a password including the 'my page" stuff
  4. A master password could protect all group passwords & identities of a single individual, but this may need the email and anti-spambot protection. This master password should NOT be available in a cookie, but possibly an encrypted session ID might. Some security principles are outlined in this document. The session ID should be destroyed upon logout.
  5. cookies left behind should encrypt userid's and passwords.
  6. There may be some DMCA rules we have to comply with.
  7. An author/viewer may handle some of the "my page" items and leave others alone.. therefore I suspect it would be better to have a trashcan associated with each item in this list for the "my page" consumer to deal with.
  8. If the "my page" consumer uses the "mark all read" button all items for that room should be destroyed in all groups in his master password protected ID has recorded.
  9. Alternatively the "mark all read" button could reset all items that are public in all groups under the master password, also reset all those in under the current group which are public or private , but leave alone all those in other groups that are private.
  10. I've probably left something out, but ..... (this is my thinking on the subject) ... discuss


Tags

  1. author
  2. identity
  3. security
  4. wish
  5. round tuit
  6. news

Comments


Seth says
source:
cookies may want information as to whether terminal is public or private as opposed to a home or business computer
i suppose this information could be collected as a check box on "my page".  Then it could control the expiration of multiple cookies.  One might want that their cookie on any public or business terminal to expire in a short amount of time whereas they may not want their cookies on their home computer to ever expire. 

I had a situation where i was demoing at group black river and left the signin on group ads. This totally bothered me when i went home.  If anyone had posted just casually on that terminal, it would have gone direct to the ads.  I had to have Jason go back to that termal and log it back to black river. 

Seth says
source:
3. private info should be protected by at least a password including the 'my page" stuff
The system does protect private information with a password.  However it is not checked if the group cookie is present on the browser-machine.  This means that if you don't logout from a public machine, you are leaving your private information available to the public.  This is a known hazzard, we should make people very aware of it.  A, perhaps default option, to expire cookies on public machies in a short time since they last were accessed, would be a feature that might help to amlerate this hazzard.

Seth says
source:
5. cookies left behind should encrypt userid's and passwords.
passwords are not stored in the cookie.  the authentication on password is between the information between the login form inputs and the group db.   However, once that authentication happens, the cookie stored on the browser-machine give that browser-machine (at the moment) permanent and unexpiring access to that group.  That is the way fastblogit is working now. 

Seth says
source:
7. An author/viewer may handle some of the "my page" items and leave others alone.. therefore I suspect it would be better to have a trashcan associated with each item in this list for the "my page" consumer to deal with.
This prolly will never happen as it is a radically different approach to news.  It would require some kind of humungous userXcomment db.   Right now the news is controled by a single timestamp with everything later than that stamb being defined as news.  With this design the only user variable is moving that timestamp back and forth.

Seth says
source:
7. therefore I suspect it would be better to have a trashcan associated with each item in this list for the "my page" consumer to deal with.
PS:  it might be possible to do it the opposite way, which is something that works well at bloglines.  Allow a user to click an item into "keep new" .   Such a piece of info could be remembered in a For humans to read and edit quads, they should be displayed and edited with humanly understood words. record.

Seth says
source:
8. If the "my page" consumer uses the "mark all read" button all items for that room should be destroyed in all groups in his master password protected ID has recorded.
this "master password protected id" is not defined at the moment.  How would it work?

Mark de LA says
seth 2005-10-24 10:41:19 1681
source:
8. If the "my page" consumer uses the "mark all read" button all items for that room should be destroyed in all groups in his master password protected ID has recorded.
this "master password protected id" is not defined at the moment.  How would it work?
A master password would be solicited the first time that a FastBlogIteer signs onto a private group. It would probably require an email address & a password and the email address would have to be validated in the usual way.  The master massword would be used to create a session on a terminal - it would gather all that stuff needed to determine news and keep track of passwords for groups and other identities.  Sessions need to be time expired for inactivity, and on purpose by a logout. A person who does not want to use a master password can be put in an underprivileged class of user so that maybe the news & other futures would be disabled.

Seth says
Mark 2005-10-24 10:59:46 1681
seth 2005-10-24 10:41:19 1681
source:
8. If the "my page" consumer uses the "mark all read" button all items for that room should be destroyed in all groups in his master password protected ID has recorded.
this "master password protected id" is not defined at the moment.  How would it work?
A master password would be solicited the first time that a FastBlogIteer signs onto a private group. It would probably require an email address & a password and the email address would have to be validated in the usual way.  The master massword would be used to create a session on a terminal - it would gather all that stuff needed to determine news and keep track of passwords for groups and other identities.  Sessions need to be time expired for inactivity, and on purpose by a logout. A person who does not want to use a master password can be put in an underprivileged class of user so that maybe the news & other futures would be disabled.
Can you functionally distinguish between that "master password" and the password for group ? Or is it the same password, and you are just redefining how it should work ?

Mark de LA says
source:
Can you functionally distinguish between that "master password" and the password for group ? Or is it the same password, and you are just redefining how it should work ?
The "master password" is like a superuser password which tracks & knows all the groups and all the passwords of that a particular human has used. It is maintained thru sessions - i.e. what happens in the way of joining groups and using author id's during one particular session on a particular terminal.  In a way we need to follow a real, individual human no matter where that individual signs onto FastBlogIt (possibly any clone thereof) & give him the support to know what passwords & groups he/she/it has participated in & under what author. Obviously such a thing must be highly encrypted & protected.

Seth says
Mark 2005-10-24 11:31:15 1681
source:
Can you functionally distinguish between that "master password" and the password for group ? Or is it the same password, and you are just redefining how it should work ?
The "master password" is like a superuser password which tracks & knows all the groups and all the passwords of that a particular human has used. It is maintained thru sessions - i.e. what happens in the way of joining groups and using author id's during one particular session on a particular terminal.  In a way we need to follow a real, individual human no matter where that individual signs onto FastBlogIt (possibly any clone thereof) & give him the support to know what passwords & groups he/she/it has participated in & under what author. Obviously such a thing must be highly encrypted & protected.
ok, so then are you talking about the user's identity proposed under  how would a global author screen name work? ?

Mark de LA says
source:
Can you functionally distinguish between that "master password" and the password for group ? Or is it the same password, and you are just redefining how it should work ?
somewhat, I would have to analyze the differences, in a usecase by usecase fashion - which I started to do in this item.
  1. First Time (potential FastBlogIteer) accesses the home page, sees an item in the common river of items & types a comment - then what happens to each of the cookies & db records besided content.   etc.  - he bcomes a FastBlogIteer
  2. FBIeer goes thru the door and creates a group ... then what happens...
  3. At what point do we ask for his email & master password & start authentication ?
  4. etc...

programmer says
Mark 2005-10-24 12:25:32 1681
source:
Can you functionally distinguish between that "master password" and the password for group ? Or is it the same password, and you are just redefining how it should work ?
somewhat, I would have to analyze the differences, in a usecase by usecase fashion - which I started to do in this item.
  1. First Time (potential FastBlogIteer) accesses the home page, sees an item in the common river of items & types a comment - then what happens to each of the cookies & db records besided content.   etc.  - he bcomes a FastBlogIteer
  2. FBIeer goes thru the door and creates a group ... then what happens...
  3. At what point do we ask for his email & master password & start authentication ?
  4. etc...
Ok, i think we are on the same page here.   I would not call it a "master password", i wuold call it the person, or user, or author identity.  That identity is named with the same string that you enter in the author boxes of the current signon screens ... otherwise we need to create another such thingy and that would just create confusion. 

One big point, that i think we both agree upon, is that a person securing this identity is not necessary to start commenting or creating groups or making items.  All of that can proceed as it has the same way it has for quite a while here.  This point is necessary, i think to be true to our name "fastblogit"  ... we don't put a lot of rig-a-morl in front of contributing here.

But when a fastblogiteer wants some additional services and security, we allow them to secure their author name with somewhat traditonal techinques and to allow that identity to trancend all of the groups which they may log into. 

This will necessitates a bit of a trama for a person that has chosen a common name and has contributed a lot and then decides to secure their name and reputation.  These names are first come first serve.  So the person might get a big surprise one morning when they try to log in or post as an author and someone last night had secured that name for themselves.  But i think this is an allowable trama and if it is well documented will not occur that often and will be understood when it happens. 

Are we on the same page ?



Mark de LA says
source:
Are we on the same page ?
close - the point in time that things get secured is my question.  Also an email address is sufficient to secure a screen name. It seems to work for slashdot.  What is valuble to some who does that (secures with email & passsword) ?

programmer says
the news marker may be controlled by a separate browser-machine cookie if the author identity has not been secured.  it should function very well that way.  after a fastblogiteer secures their author identity, then, perhaps this marker moves to (or is copied to) the records of that identity.

programmer says
Mark 2005-10-24 12:59:11 1681
source:
Are we on the same page ?
close - the point in time that things get secured is my question.  Also an email address is sufficient to secure a screen name. It seems to work for slashdot.  What is valuble to some who does that (secures with email & passsword) ?
Well i see it this way:
  •  author string (unsecured) - can be used by anyone in any group
  • (author string <-associated with-> password ) remembered on the server in a db
  • (author string <-associated with-> password and email) remembbered on the server allowing the person to recieve emails for different services one of them being to reset their password if they forgot it.
This is pretty traditional except for the first bullet preceeding the second and the third not being required for the second.

Do you see it any other way?

programmer says
Once the author string is secured and remembered in the db, it can be attached to a browser session and expire if inactive for a appropriate amount of time.  User can reauthenticate to it by entering the password.   All of the current group cookie passwords would be associated with the secured author identity.  This would prolly mean that a peson with a secured author identity would log into that before logging into a group, then the groups they coul access could appear in a drop down list.  They should not need to enter both passwords if they enter the author password first.

programmer says
Incidentally, i don't see this, relatively complex programming, which would entail lots of changes, is in the stars prior to this mythical opening date.

Mark de LA says
programmer 2005-10-24 13:30:31 1681
Incidentally, i don't see this, relatively complex programming, which would entail lots of changes, is in the stars prior to this mythical opening date.
The might consider the effect of making these changes when there are actual customers using the system verses making the changes before release.  I am not agitating one way or another, though.

Seth says
... well it's a big project and not essential for opening so almost certainly will not happen unless for some reason i decide to delay the push into the world till after the christmas rush at speaktome.

Mark de LA says
me 2005-10-24 18:47:52 1681
... well it's a big project and not essential for opening so almost certainly will not happen unless for some reason i decide to delay the push into the world till after the christmas rush at speaktome.
One last comment, all this being understood , this may rear it's ugly head in a hurry if the spambots show up.

Seth says
I don't get that a global author login is going to prevent spambots. I know you made that argument above and i just passed over it. Could you elaborate on how that would prevent spambots ?

Mark de LA says
me 2005-10-25 07:47:45 1681
I don't get that a global author login is going to prevent spambots. I know you made that argument above and i just passed over it. Could you elaborate on how that would prevent spambots ?
If at some time you require a real human to login with a verifiable email then spambots should not be able to get thru.  It is hanging on to not doing that that is the problem. Once a person surrenders the email & verifys his email then he/she/it has the opportunity to invent all kinds of names & groups to be anonymous in (or nearly anonymous) .  I'm not so sure that anonymity is all it's cracked up to be except for drug dealers, terrorists, flame-throwers & lawbreakers. Slashdot is successful & yet I don't remember anybody that is anonymous on it.  The handle is anonymous anyway & can be hooked to an amorphous group which reveals nothing .

Mark de LA says
This whole thing - an internet cafe - is best described by a state machine.

Seth says
Mark 2005-10-25 09:35:17 1681
me 2005-10-25 07:47:45 1681
I don't get that a global author login is going to prevent spambots. I know you made that argument above and i just passed over it. Could you elaborate on how that would prevent spambots ?
If at some time you require a real human to login with a verifiable email then spambots should not be able to get thru.  It is hanging on to not doing that that is the problem. Once a person surrenders the email & verifys his email then he/she/it has the opportunity to invent all kinds of names & groups to be anonymous in (or nearly anonymous) .  I'm not so sure that anonymity is all it's cracked up to be except for drug dealers, terrorists, flame-throwers & lawbreakers. Slashdot is successful & yet I don't remember anybody that is anonymous on it.  The handle is anonymous anyway & can be hooked to an amorphous group which reveals nothing .
So give up on the "fastblogit concept" and lock up identity tightly ?  ... because that is what you are talking about. 

You know there is one big thing that helps us here against the spam bots and that is the ease with which one can hit the trash can in one's group.   But if we get under sever attack there are other stratagies in the wings that do not involve making it difficult to get in.  One is a posting delay.  I am pretty sure that others will emerge.   Perhaps we need a title room [title spambots] to carry this discussion further when the time for it arrives.  

Mark de LA says
Well, look at what they did to my title page today!

Mark de LA says
The other day every single page was nothing but a list of links from some Russian server to a bunch of spam advertizements. I suspect it will be here sooner rather than later. It seemed OK while they just put the spam at the bottom of each page, but the latest attack destroyed all the pages I had. Luckily I have a backup.

Seth says
Mark 2005-10-25 10:29:24 1681
Well, look at what they did to my title page today!
you know you are running that wiki with no protection whatsoever.  at least here we have a password for the group. 

spambotted says
See group spambots for further discussion on the topic.

spambotted says
source:
you know you are running that wiki with no protection whatsoever.  at least here we have a password for the group.
Yes and to fix it is a real pain in the ass.  I'm looking for a new wiki. Maybe won't need one with FastBlogIt.  I still like some of the behavior though.

Seth says
spambotted 2005-10-25 11:00:11 1681
source:
I'm looking for a new wiki. Maybe won't need one with FastBlogIt.  I still like some of the behavior though.
might be useful to specifically identify what features of a wiki are still missing from here.

Mark de LA says
Hyperlinks in a Hyperlinked environment. Menus of hyperlinks without a lot of trouble. (Although I did do it in the [project: group UnhackTheBrain] ... you remember the password persumably.

Mark de LA says
Mark 2005-10-31 21:12:37 1681
This whole thing - an internet cafe - is best described by a state machine.
I need a list for this or I'll prolly never get a

See Also

  1. Thought Win Win Interactions with others with 167 viewings related by tag "identity".
  2. Thought So which is it? with 114 viewings related by tag "news".
  3. Thought Eropa with 80 viewings related by tag "identity".
  4. Thought Anonymity Vs Identity with 79 viewings related by tag "identity".
  5. Thought about: Unhacking Wars - comment 67183 with 71 viewings related by tag "identity".
  6. Thought An Event is something that the news reports on with 42 viewings related by tag "news".
  7. Thought A New Respect for The Specific with 17 viewings related by tag "identity".
  8. Thought [title (23165)] with 12 viewings related by tag "security".
  9. Thought seth@thinking.live with 12 viewings related by tag "identity".
  10. Thought about: re: should webids denote people or accounts? from seth russell on 2014-05-17 (public-webid@w3.org from may 2014) with 10 viewings related by tag "identity".
  11. Thought Patty as Me with 9 viewings related by tag "identity".
  12. Thought Funny Surprise on Signing my name with 7 viewings related by tag "identity".
  13. Thought The Barikaw Event with 5 viewings related by tag "news".
  14. Thought The Patriot Act - Good or Bad ? with 4 viewings related by tag "security".
  15. Thought Eliminate clumsiness for starting with 3 viewings related by tag "author".
  16. Thought Today There is no Source for the Unvarnished NEWS ! with 3 viewings related by tag "news".
  17. Thought A Crisis is a Wonderful Thing to Exploit ! with 2 viewings related by tag "security".
  18. Thought about: Top 10 Sources with 2 viewings related by tag "news".
  19. Thought News in the Light of What's Published with 2 viewings related by tag "news".
  20. Thought identity crisis with 2 viewings related by tag "identity".
  21. Thought Items I wish were in FastBlogIt with 2 viewings related by tag "wish".
  22. Thought The Big Stories and views that don't make major network news ... with 2 viewings related by tag "news".
  23. Thought about: REpresentation - comment 57743 - comment 57813 with 2 viewings related by tag "identity".
  24. Thought Feature: Roaming profiles are here with 2 viewings related by tag "identity".
  25. Thought about: tech.memeorandum with 1 viewings related by tag "news".
  26. Thought Open Source Media - OSM with 1 viewings related by tag "news".
  27. Thought about: Gravatar - Globally Recognized Avatar with 1 viewings related by tag "identity".
  28. Thought My secured encrypted email with 1 viewings related by tag "security".
  29. Thought I need the function to store pictures without showing them with 1 viewings related by tag "wish".
  30. Thought Sourcing Journalism with 1 viewings related by tag "news".
  31. Thought New & Newsworthy with 1 viewings related by tag "news".
  32. Thought news now refreshes every 2 seconds and shows ads with 0 viewings related by tag "news".
  33. Thought They trashed the wiki again with 0 viewings related by tag "security".
  34. Thought To Zen or NOT to Zen - Is that the Question? with 0 viewings related by tag "news".
  35. Thought abort exit from RTE should be changed with 0 viewings related by tag "wish".
  36. Thought Please FIx with 0 viewings related by tag "news".
  37. Thought about: Real ID Act Approved By House Of Representatives - Gizmodo with 0 viewings related by tag "identity".
  38. Thought about: the web platform: browser technologies with 0 viewings related by tag "security".
  39. Thought How do we find .... continued (WORKFLOW) with 0 viewings related by tag "wish".
  40. Thought involved bloger with 0 viewings related by tag "news".
  41. Thought about: Diggdot.us - digg / slashdot / del.icio.us popular with 0 viewings related by tag "news".
  42. Thought rte for item needs convenient exit for consistency with 0 viewings related by tag "wish".
  43. Thought Another way to flag the news with 0 viewings related by tag "news".
  44. Thought Watch digg in real time with 0 viewings related by tag "news".
  45. Thought Jace then edit within a group is a nightmare with 0 viewings related by tag "wish".
  46. Thought add groups to the live search with 0 viewings related by tag "wish".
  47. Thought The Anatomy of a Panic 9/11 with 0 viewings related by tag "news".
  48. Thought the Identity Web vs mutually resonant entities with 0 viewings related by tag "identity".
  49. Thought Bad URL should go to front door with 0 viewings related by tag "wish".
  50. Thought Manifesto: Freedom of The Internet with 0 viewings related by tag "security".