Hello,
We have created an easy way for you to start writing using tiddlywiki at:
(Login with linkedin and press +, to get writing today.
We do the rest)
We are starting a blog, and was curious if you had top 3 favorite features of tiddlywiki we should write about?
Thanks
Lucas
Sounds interesting my only concern is giving over my linked in credentials.
Many years ago I’ve run moin-moin. And I tried to build a community, but soon I realized that spam is spam. And one night woke up to 1000 accounts and pages that I spent 1.5 days cleaning up. From there I had no choice to lock the wiki, to be only editable by one username aka mine, and my community shrinked fast.
So the reason linkendin is there, is two fold:
Give it a try: http://wwwhwww.news
A site that asks for my login credentials from some other service - that does not itself use https - is one I personally would never try. On top of which all of the site’s terms, data policy, and cookie policy links give 404 errors. No thank you.
KEYS TO THE KINGDOM: your user id and password that gives you access to something only you should have access to OR all of the things that identify you (and you don’t want others to have because they could steel your identity.)
YOUR KINGDOM: Any one of the many things that would qualify as your kingdom, which is a thing that belongs to you and you don’t want anybody else taking or using, like the money in your bank account, or your retirement plan, or your identity, etc.
If you are asking for somebody’s keys to a kingdom:
I don’t give a flying fig if you are as saintly as Mother Theresa, bless her soul, and have the purest of intentions: NEVER ask for keys to any of a person’s kingdoms. STOP IT. You are doing what people with malicious intent do. Again: STOP IT.
If you are about to give away your keys to one of your kingdom’s:
And the rest of you reading this: if you are into giving away your keys to any of your castles (or give away your bank card number and PIN to anybody):
I have some bad news for you: you are a prime candidate for Darwin Award recipient. Educate yourself, please.
OR, I have some terrific news for you: before you proceed with giving away your keys to your kingdom and/or giving away your bank account number and PIN to anybody, you should get a hold of me so we can first complete an awesome transaction: I have a bridge on the other side of the world to sell you for a steal.
BTW, only ever enter a user id and password for one of your kingdoms into a service that is obviously from the same kingdom, and ideally a device that belongs to you.
ASIDE: Read about website spoofing.
And when somebody steels your identify: they then have the keys to your kingdoms, or create kingdoms in your name leaving you with bills for moats, catapults, and a whole bunch of other stuff you don’t remember buying…
Just to be clear, the site made by @lszyba1 is categorically not asking for your LinkedIn username and password.
It is using an entirely standard and common technique called OAuth authentication that allows people to log in to a site “A” via a site “B” that provides authentication services. Site A never sees the password; the login process redirects to site B for the user to enter their password, and then back to the original site.
For example, I use OAuth authentication from my gmail account to sign in to a bunch of unrelated services. Doing so means that I don’t need to maintain a separate username/password for unimportant sites.
As @lszyba1 says, from the perspective of a site operator, using OAuth authentication means that one benefits from the spam control that these operators perform.
Then the web page ought to be clear. about it. But it is not clear. So steer clear.
And if not steer clear for that reason, then steer clear due to clear lack of policies. Sign in with your Linked In account, and you have agreed to surrender to whatever whims of nobody knows who.
Nope. Not even if you vouch for it.
But hey, for the rest of you who are into signing agreements with an anonymous "US (From “Join Us”; who is “Us”?) without reading them, have at it.
(And once you join and you decide to check out, can you really ever leave?)
Charlie, jwd
Thanks for bringing the issue with the links. We are working on correcting that now.
Do you have a suggestion on how to make it clear, that you will be re-directed to linkedin, and LN handles all your username/password and that we just get “you were sucessfully authenticate by LN”. I was assuming its a common “login with xyz” process. I don’t really have seen others explain anything, although maybe they use their icons in a buttons. (I’ll compare the design of other’s “login with” to see if different).
As I’ve mentioned in prior post, I’m trying to build something that we can all use. I was frustrated with spam and building identifty/trust, I think I found a solution (linkedin). I needed a space to write down (my thoughts, new ideas, or just things I didn’t want to remember but took days to find when doing technical research). I found a solution: (tiddlywiki). I’m merging the two to make it great for all of us, and hopefully bring more users to use tiddlywiki on daily basis. “Captain’s log” 
. As far as policies, legal language in them probably won’t be any different then what linkedin or some of the other serves have in them. A lot of it is protections for companies running these services, and corresponding compliance to various regulations. I’ve read many of them, they are as fun to read as it gets 
. I’m open to suggestions, and would love for you guys to be my first 10 users.
I’ll get the items mentioned in feedback taken care off, and looking forward to more.
ps. Is there a way to make a comic in tiddlywiki ?
I saw the video that one could use tiddywiki for D&D game.
Thank you
Lucas
I look at that page and it says sign in with your LinkedIn account.
But hovering over that link, I don’t know where it is going to take me to. And I won’t click on it unless I have some information right there that explains to me what is going to happen after I click on it.
If it is legitimately a sign in via LinkedIn, I have no idea what LinkedIn gets out of it. Nothing is for free, so what is LinkedIn getting? Is anything done in the blog going to show up in LinkedIn? If so, do I have a way to control things so that stuff related to that blog does not show up on my LinkedIn profile, and that my profile doesn’t show up in the blog?
It would be good to have a link to some LinkedIn page that explains what it means to login with a LinkedIn account. What are the terms and policies for that? What am I giving away?
And once I login with my LinkedIn account, you have no terms, no policies, no cookie policies described. What people put in, who owns it?
By signing in, folk are accepting to give who-knows-who carte blanche to who-knows-what related to my signin, my identity, my contributions. And what’s involved in getting out?.
“Login with XYZ” is extremely common on web services of all shapes and sizes, and it’s a secure and well-established pattern. I really don’t understand your hostility towards this. Why are you warning people not to even try their service?
Maybe today is a good day to learn something new? Is It Safe to Log in with Facebook or Google? | AVG
I do not see any issue with using OAuth via LinkedIn and it is indeed a well established pattern. Perhaps consider adding support for other OAuth providers, like for example GitHub, for those of us that do not have nor desire LinkedIn accounts?
Part of the problem I see is that you go to the website and you’re immediately taken to the login screen without any explanation of what the site is even about. Like, I still don’t know what would happen if I tried to sign up. The topic of this thread mentions you’re writing the blog but the first link is to a mysterious login screen.
I use OAuth all of the time, but when I do, I know what I’m getting into. FAQ’s and other info are available.
Using LinkedIn for OAuth, I’m not finding any info about it, and that’s the kind of thing that ought to be available to review before using that kind of service.
If it is hard to find, then a button that asks to login via LinkedIn ought to have some links to info.
Lack of that info, lack of policies etc. on that page, I’m being asked to agree to undefined terms of use.
These things ought to be there. Nobody should ever agree to sign up to something without knowing the terms of the agreement. (Because signing in is giving full consent to the provider of the service, who-knows-who and who-knows-who-else, whatever they want to do related to that sign-in within the the terms of policies that are not defined.
For those of you who are okay with that, that’s your business. But for those who don’t understand the implications of signing some contract without reading the contract, there is a need for folk to understand what that means.
And what it means to use a OAuth service that does not have easy-to-find info about it. One wants to be able to trust that service and the cost of that service.
There is info to be found about whether it is safe to use OAuth services from Google and Facebook. Show me the same info for LinkedIn, and then you will have given me something new to learn.
It would be nice if you could offer some other social sign-in, like Google. As for spam, maybe the service you tried before had too few restrictions. On discourse, I think I’ve only seen one spam message every two months. On another forum I help with, on a platform that has a reputation for spam (phpBB), I see maybe one spam every two weeks. I notice that there are only 3 articles in place. The overlap between those willing to write and those with linked-in maybe smaller than you think.
Behind the scenes, are you using TW on node? Also, I notice that the site isn’t secured with SSL, which might be a bit concerning.
Thank you for feedback.
Our main page that will explain more is coming, but the layout is still not good on phones, so hopefully in next 2 weeks or so.
I do understand the “login” page doesn’t provide any info. Let me see if I can fix that.
To answer it now:
Thanks
Lucas
I am quite familiar with using OAuth via other credentials, I really like it. Where serious doubt comes to mind is if I login to LinkedIn in my browser then go to WWWHWW - Login I get this bespoke page;
I would have though it would simply go through to the site using tokens given by LinkedIn authentication. I have seen this in the past and I only got the prompt if I was not already logged in. That is the site says I will let you in but only if you have a valid logged in linked in, and at most got a message about connecting with my linkedin credentials, not ask for the actual credentials that is LinkedIn’s responsibility (especially when already Logged In).
I do not know if this should be trusted or not, but a number of aspects and normal practices say do not trust it. Even if @lszyba1 is totally honest.
All three of the terms and policies links on the log-in page are broken. That’s basic due diligence for a website and their absence is a red flag for me.
Hello,
Moving wwwhww.news to alpha release.
Based on the feedback we fixed the links to privacy policy,terms,etc
I did want to write top 3 features you all use everyday in our blog?
What would say they are: ?
Get yours today, here is mine:
http://wwwhww.news/u/cwSNkeLNXf
Hi @lszyba1 I noticed that your wiki is running TiddlyWiki v5.2.0 which is now quite old (it was released in October 2021).
I did click this link and get blocked by a “Sign In” wall. … I don’t have a LinkedIn account and I don’t intend to create one, just for reading something.
IMO it should show an overview of existing public wikis or something similar.
