28 Sep 2005 prozac   » (Journeyer)

GRUE - Globally Recognized User Environment

In this entry I outline a new Web technology. It may already exist. I just have not seen it done.

It is my dislike of poorly designed technology that drives me to write this rant.

I dislike virtual brickwalls. Like trying to fix or to understand a programming problem only to find that access to the people most likely able to help you are behind technological barriers.

Are Internet based technical forums really so "vandalized" by anonymous users that in order to participate one must always have to Register?

I registered to places like Advogato and Freshmeat to be a member of a community.

But oh so many times I want to enter into an online forum simply to ask a question. Always doing so after searching the Web (and sometimes books and magazines as well) turns up no answer. Usually these forums are hardware or software related, like a Dell computer, or Adobe software; something for which I do not want to "join up" because I am a "Dell Groupie" or an "Adobe Fan", but to simply ask something of someone closer to the technology than I have been able to get to. (More on this later.)

And this is the typical forum register process:

  1. Adjust Web Browser settings to allow cookies for the site.
  2. Click on the "Register" link.
  3. Sometimes at this point find out that Javascript needs to be allowed also. *
  4. Reload/re-click on the "Register" link if Javascript was required. *
  5. Fill out initial data: Enter user name, E-mail address, Password, etc. **
  6. Click on the "Submit" link. *
  7. Restart process if Javascript was required at this step only. *
  8. If Web Site does not use email address for user names, restart process if user name already exists. ***
  9. Wait for a confirmation e-mail.
  10. Respond to the confirmation e-mail.
  11. If all went well you can now post your question.

I have gone through this process several times. An many times only in order to ask my one or two questions, read the feedback, offer resulting feedback, never to appear again.

I do not like this process. It is so... archaic. We have the technology to automate this entire process. That is what computers are for!

So, the Globally Recognized User Environment would be similar to the Globally Recognized Avatar.

Now, I am someone who has trouble understanding most RFCs, so I can't write one myself, but I can outline the technology:

The Web Browser would have a setting for your GRUE (you see why I picked the name ;-), i.e. you would enter your E-mail Address and Password -- that is it. (There would probably be more, optional data, like User Name.) The password would then be stored as a one-way hash.

When you go to a GRUE enabled Web Site, you would hit a link like: "Register with GRUE Account".

Then, and this is the good part, you would only have to make sure cookies are enabled, the Web Site would:

  1. Get your GRUE data (e-mail and hash)
  2. Get your password

It would then verify you by comparing your typed in password with your hashed password; if OK it would allow you to post.


Obviously, the transmission of the password is in the clear, and this may be a gaping security hole -- I'm not experienced enough to know if this is something that can not be overcome other than HTTPS -- but most Websites already do this anyway.

This, GRUE - Globally Recognized User Environment thingy is just an idea. And ideas are always free to be used. (If this is a valid idea I'd love to see it pursued by someone in the Free Software Community.)

I will further elaborate at times future. See also, perhaps: GRUE.



* Web Browsers such as Firefox which allow fine-tuned Javascript restrictions (rather than just broad allow/disallow like IE) means that alowing Javascript all the time is safer.

** The amount of data required to be input varies. Most technical sites require simply ID and Password; some more generic sites require many pieces of information.

*** Some Web Sites have horrible data verification processes. I've encounter one that had two pages of forms before checking for existing user names. Obviously, e-mail addresses are guaranteed to be unique and most sites use it.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!