[sldev] RFC: design proposal for VWR-1071

Cypren Christenson cypren at gmail.com
Tue Jul 21 20:46:01 PDT 2009


On Jul 21, 2009, at 8:29 PM, Melinda Green wrote:

> I like where this is going though I worry about loading up an already
> untested user interaction with more features, not to mention asking  
> poor
> Cypren with more requirements.

I appreciate the concern. =)

> I therefore suggest that we do this in
> two stages. Since everyone seems to like Cypren's design for at least
> the advanced case, I propose that we let him finish what he intended  
> and
> let people get used to actually using it. With that in hand and  
> assuming
> that everyone really does like it, we then design the "instant login"
> functionality on top of that and someone (not neccecarraly Cypren)
> implements it. Does that sound like a good idea?

To be honest, as long as we're changing the UI, wouldn't it make sense  
to change it once and then stabilize it again? It's been my experience  
that few things frustrate the average computer user more than  
frequent, small changes that disrupt their habits and make them re- 
learn things. Those of us on this mailing list are probably the most  
likely users of the "advanced case", since we need alt accounts to  
test and prod the system. We also all have the ability to apply code  
patches and run a "custom client" for as long as we want, and this  
issue has sat largely untouched for a long time anyway, so the urgency  
seems fairly low.

I'm all for taking this slowly, carefully and doing as many revisions  
as it takes until we get something that represents the closest-to- 
ideal solution that we can come up with between the lot of us.

> Regarding instant log-in, I'll throw out this strawman design: replace
> the "General > Show Start Location on Login Screen" check box with
> simply "General > Show Login Screen" which when shown will always show
> the start location control. (What's the point of showing and hiding  
> that
> one control when we're talking about showing and hiding the entire  
> login
> panel, right?) Bootstraping this for brand new users will require one
> bit magic however which will be the ability to cache their user name  
> and
> hashed password in a cookie when creating a new account. The goal is  
> to
> be able to create an account & password and then fire up the viewer  
> with
> instant login. That way 90% of users will never see a login screen! Of
> course somewhere along the line they'll need to be warned about cached
> passwords on insecure machines. They could even be given the option
> during account registration for us to not do that which would simply
> result in the full login screen being shown.
>

I like this idea a lot, but the security concerns really worry me. As  
far as I know, SL hasn't been hit by the same rampant account-hacking  
and asset-theft that WoW has (largely, I assume, because of its  
smaller userbase), but that will eventually change as it gets larger.  
I'm not sure we necessarily want to make a saved password the  
*default* setting for unaware users.


More information about the SLDev mailing list