Steve - Here goes - my comment follow...
Quote:Hi Kurt, some feedback if I may... (you may want to make a cuppa Unsure
A frank and honest answer from you re the security aspect, great. I look at security from two angles, one is someone attempting to log on as me. If they know my login name (handle or email address) then they need only attempt to guess my password. The better systems allow three maximum attempts at a failed password before locking the account, and then either an administrator must unlock it after suitable identity verification, or you could employ one of the two-factor methods such as a verification code to a mobile phone or secondary email address etc but these tend to be expensive processes to implement and typically found only in higher-end financial type online services.
Currently there is functionality in place to lock a ModelRailRoadCollectorWiki ("Wiki") account after a specific number of unsuccessful login attempts. The account will remain locked until unlocked by the administrator. It is beyond the scope of the project to employ a two-factor authentication method, such as the ones you mention. When any type of financial operation is involved then authentication protocols are in order, but the "Wiki" does not take nor make payments of any kind.
Quote:But the other issue that is more worrying is someone accessing the entire database from behind the scenes and obtaining all data rather than a single individual as in the first scenario. And as you say, all the protection in the world may not thwart a obsessed hacker. In that respect, if I was personally to use the Database, I would probably not enter any data that could lead to my home address, or for that matter any logon name or email address that is used elsewhere, but the items added to the database would still be useful to the aim of the site as a whole.
It is ok to NOT enter any personally identifiable information (PII) on the "Wiki". I have removed the address requirements when registering because another active member of our group pointed out to me in a PM this week that legal and security situations may surface due to storing this data. It's not credit card data, but it WAS data that could be used to locate the city in which someone lived. As I mentioned in my comments in an earlier thread my intentions were good (I wanted to show the geo diversity of our group members by plotting their approximate locations on a public map). There are some calculations that the "Wiki" can automatically do for you - case in point totals for "cost" and "appraised value" of items in your collections, but I don't expect that many people will use them due to potential leakage of the data. This is fine as I have built the export collection function in a way that you can export ALL of your collection data to a spreadsheet and add costs OFFLINE.
Another case in point about security hardening on the "Wiki" - For each item in the Directory I had shown (in the Audit section) the name of the collector that CREATED the item and the name of the collector that last UPDATED the record. My idea was that if someone had a question about an item then they could contact the creator or the last person to modify the record. These names were "live" - clicking on them would open up your email client and you would be able to send them an email. Great idea right ? Nope - this week another member of the group pointed out to me that the email addresses on these pages could be "harvested". I had to agree with this collector and I removed this "feature". So I'm trying to tighten the security of the "Wiki" on a day by day basis based on feedback from those testing it out. Fortunately those that ARE testing out the "Wiki" have brought their concerns to me and I haven't yet disagreed with any of the suggestions (or worries) provided in their comments. Keep them coming either on the public forums or via PM.
Quote:A possible downside here is people who for whatever reason might create such a profile and then deliberately upload incorrect data, confusing variants etc, and particularly where it may be an extremely rare item to begin with and if you cannot be satisfied to the credentials of the person uploading then who do you trust?
You are correct that this scenario is possible with a public database. Opening up a database to the public also opens the possibility of rogue users corrupting the data. So what do you do? You can lock down the database so that no one can edit it and prevent all possible corruption, but then you are not able to use the power of the group's knowledge to make it a better data store. I will continue to monitor the "Wiki" updates and initially guide those collectors that are adding new items to build out their collections and watch for intentional or accidental corruptions to the data. Who do you trust? As one member advised me in a PM this week... "...you have to start out trusting everyone" and this is the path I will adapt at the moment. In the future I may assign "editing" roles to specific users based on factors such as qty of contributions to the Directory (more is better), edits to improve the quality of existing data, help with translations etc. Role based access to features is available in the platform at the present, but I have not turned it on yet. Everyone gets trusted for now.
Quote:I do have a question regarding the reliability of the items already on there. I took a look immediately after you posted this link and just did a browse.
First thing I looked at was in the "Select Category" drop-down menu and the available options. I wondered right away, what is the difference between a "Multi-function car", and a "Passenger car" or a "Freight car" which also has multi-functions - and there are no shortage of those now.
I noted only one entry in the Multi-function car category so I clicked it, says it is a Marklin 2510. A what??? Never heard of it. Clicked the entry expecting to see an image of the item, nope, no image. And even Mr Google was no help so there's a frustration right off the bat and screams loudly "work in progress" (and bad or error data). You have already said it's very early days so I do accept that 100%.
The data currently in the Directory came from various sources - some were given to me by freinds in list form, some I obtained from the internet, product catalogs, and price catalogs. It's definitely a hodgepodge of sources. Someone told me that much of the data originally resided in a public facing database on the excellent German website Stummis Forum (sp?) and some of the data seems to be similar to that found on the excellent database currently maintained by Achim Lücking (
http://mobadb.gleiswarze.de/mobadb-webapp/homepage?1) who told me that his database originated from the Stummis data. I have not seen many, but of all the non-commercial online databases that I have seen up until now Gleiswarz IS the most complete. I agree that the ONE item in the Multi-function category that you mention - item number 2510 - does seem out of place. Thirty seconds on Google and I see that this item is called a "Alpha-Grundpackung mit Akku-Fahrgerät". It comes in several colors and you probably don't have one in your collection unless you have grandchildren. I've added an image to the "Wiki" so you can see what it looks like and, of course, add one to your Want List... ;) Make sure that you get batteries though. Not really sure how to categorize this one. Any help here ? If you look at the item you might think that it lives in a category by itself... ? Probably best to remove this "Multi-function" category altogether and recategorize this item.
Quote:Then I checked an item which I personally have, a Catenary Maintenance Wagon. Now this is a Locomotive, based on the Railbus Powered car, and is also a multi-function item. So where does it belong?, there is one (39970) listed in Locomotives, but unless you know the Marklin code, nothing in the entry give any additional information, which made me wonder where is a "Description" column, or "Class". The columns are "Article No." and "Version" - but whose 'version', Koll ?, Mikado ?, or some other reference altogether? ** I'll come back to this further below.
I searched for your #39970 and did not find it in the "Locomotive" category, but in the "Railcar". As you pointed out the details were rather slim (none in English). I found some information about the car on the official Maerklin website, prepared a thumbnail and edited the record. Now it is available for you and everyone else to use and add to your collection or Want List. It took me about 5 minutes to update the record - most of the time preparing the specially formatted thumbnail image. Version ? - Since Koll's has been around for 40 years now - we will assume that it is the judge and jury for item information (supplemented by corrections where it is found to be in error).
Quote:Then I thought well maybe you need to be registered to see images (although there is no valid reason for such a requirement except to force membership) so I went through the registration - Please, do make it clear that the security code is case-sensitive, often these codes, 'captcha' etc (thank Gawd you did not use that) are not case-sensitive, but yours is, and meant I had to go back and re-do both passwords - a minor irritation but for the sake of adding "case sensitive", easily avoided :-)
You do not need to be registered to see images - neither the individual item thumbnails nor item images in their respective photo galleries. I have taken a different approach in the "Wiki" than what you might be accustomed to in other databases containing images. Rather than spending incredible amounts of time preparing thumbnails I only add these when I see that someone has added the item to his/her collection. Image preparation is time consuming and I would prefer to spend that time helping those users make their active collection than trying to add thumbnails to items that have never been used yet in a collection. Sure the quality of the database is improved, but the ROI with my time invested is better when applied only to those items that are being used. So as a research tool the database is missing images, but most of the collections are complete. One thing to note here that has confused some users is that they cannot upload thumbnails. In order to maintain a consistant look and feel of the collection images I have assumed the exclusive role of "thumbnail provider" (for now anyway). Not many collectors understand (nor care to understand) image editors, optimizing size and weight (KB) so I'll take on this task for now.
Case-sensitive Captcha ? - I'll add text to the registration form. Good suggestion.
Quote:Back to the item, still no image, ok. Bad entry. Then I wondered, well who added it?, absolutely NO supporting information. Except a "Year introduced" and "Year discontinued". What the heck? Personally, I have always been of the opinion that NO data is better than Bad Data, perhaps this comes from my Genealogy interest where an incorrect individual's details or assigned to an incorrect family tree can waste potentially weeks of dead-end research.
So then I thought I'd check some more common items and headed to "Locomotives". Again, NO images, and again, no supporting data to verify the source (contributor and reference such as a catalogue year and page).
Missing the supporting information - This is probably my fault for not giving better (any) explanation and usage instructions from the get-go. All items in the database HAVE some supporting information, but if you are viewing the item in English then the English translation has probably not been updated. A couple of decisions I made. In "View" mode the form details are displayed in the language chosen for the User Interface (UI). Currently the "Wiki" supports English and German (shout out again to Jens Ullmann for help with English->German translations). If there is little or no detail information in the English UI then please switch the language to German (click on the German flag) and you will more that likely see additional details (albeit in German). If you are registered and logged-in then you have, in addition to the "View" button, an "Edit" button. After selecting an item you can click on "Edit" and you will see all language translations ON THE SAME FORM PAGE. I hope that those collectors that are bi-lingual will help the project by updating the descriptions and other localized data. For now either view the item in Edit mode or switch the UI language to see all available details.
Quote:Ok, I guess this requires people to add images to populate the database. How easy is that?, click on the +Images button which brought up a dialogue "+Add files", "Start Upload" and "Cancel upload" - but I didn't actually have an image to add at this time so I clicked "Cancel upload"... and the dialogue won't go away. And there is no "X" to close the window. No matter what I do, I now cannot get rid of the Dialogue window and the entire site was greyed out. Finally I found by accident that I only had to click anywhere outside the dialogue window to make it go away. Not how I would expect to get rid of it but perhaps you could add in the text "Click outside this window to dismiss" or simply add a close X button top right corner.
Back to images... People can add images to any item in the Directory. The images cannot surpass about 400K in size and they can be any dimension as long as they do no exceed the size limit. Since launch I have been dealing with at least 6 collectors that have questions/issues with the image uploader so I know that some work still needs to be done in this feature. All uploaded images for an item comprise the item's Photo Gallery which is seen ONLY in the VIEW mode of the item. Clicking on the main Photo Gallery image will open the entire photo gallery and all of the images can be paged or swiped (on portable devices) to see them all. I'm still evolving this feature since currently there is no means for a user to remove or delete an item that he/she uploaded in error (wrong image or wrong item). I have promised to make a demonstration video showing how to add photos to a gallery. Expect this soon.
Quote:These are all relatively minor bugs except for the validity of the data. I would expect in any site that uses the word "Wiki" that there should be a "Source" link, and that it should be Mandatory. If a contributor cannot substantiate the data they are adding, then it should not be an option. The source should be able to be linked to an individual contributor, and that contributor needs to be able to provide their own reference, either a catalogue or some other verifiable literature, or acknowledgment that the description and/or image is of an item they personally own or have access to, provided of course this falls within your aim for the idea.
I like your suggestion and hope that you can elaborate with me (perhaps offline) how this might be accomplished. As previously mentioned the audit trail of adding and updating items is limited to recording the user and the date/time the item was added or updated. Currently there is no support for a mandatory "Source", but I like the idea. Maybe something like Wikipedia with their footnotes? Again, I like the idea and would be willing to discuss methods to implement and force some type of substantiation of data, but, currently there is none in place.
Quote:** Back to the category question further above.
Initially I referred to the difference between certain categories, when an item crosses over two or three and which to choose. I also wondered how the entries that are already in the database came to be, ie; did you add them as an initial base, maybe your own collection, or do they represent items in the collections of other users?
Cross over categories ? Perhaps add a duplicate(s) item to the Directory with the only difference being the category ? There is no penalty for duplicates in the database and it would make it easier for a collector to locate his/her item if it appeared in all possible categories that you might query to find your item.
Quote:So I tried creating my own collection, seem to have created it ok, but how do I add anything to it?, I have searched everywhere but there is no obvious "add new item" button or anything remotely like it.
And.... if that were not enough, to add insult to injury, why NO NZ $ currency? - C'mon, really??? I guess there's an attempt by including Australia but there is a thriving Marklin community here in NZ and just like I said about no data versus bad data. I would rather have NO currencies than be limited. Or, failing that, limit yourself to just the Euro and the Greenback. And even more obviously, where is the Swiss Franc?, Switzerland is well known as a highly lucrative market for Marklin, yet you have the British Pound and Canadian and Australian dollars. I can say without any question of doubt there are more Marklin enthusiasts in NZ than in Australia!!, absolutely per head of population but literally as well !! ThumpUp
Not to mention other countries who should be screaming with righteous indignation. Woot
Yikes
- This is a gross oversight on my part and I apologize for the apparent exclusion of some (many) country currencies. I did want to keep the currency selector rather clean (short list) and did have functionality in place for adding additional currencies based on the country of origin of the registered users, but since I removed all geo-location data from the registration process many collectors may feel rightfully excluded. I just added NZ$ for my Kiwi friends, but will need to add all world currencies. Again, you are completely correct and I have no excuses. Thank you for pointing this out and again I apologize for the exclusions.
Quote:Hopefully this feedback is helpful to you. For me, I'm pretty much a Marklin purist, I have very little in my collection that is not Marklin but it appears this database is for all and any brands? - it's hard enough keeping accuracy within just the Marklin range which is probably better-documented than most others. So at this stage, having already invested some time this morning playing around and composing this response, the Database is not for me, there's just too much absent, than present but I fully endorse what you are aiming to achieve and will be watching with interest any developments in the hope it really takes off.
If I have missed anything really really obvious please do let me know. I have semi-permanent egg on my face and carry a shovel to dig myself out of never-ending holes. Blushing And of course, please do take in the spirit intended. Cool
Cheers
Steve
The schema of the "Wiki" Directory will easily support multiple manufacturers and scales. My collection too is 99.9% Marklin, but several collectors have asked for non-Marklin support in the database for their collections. This has been added and is available should they choose to use it.
"the Database is not for me" - I completely understand your position and you have clearly pointed out some of your reasons. Clearly not everyone will like what they see in the project. I am encouraged, however, by seeing several collections containing between 50-100 items being built only 4 days after the project launch. I probably should market the ModelRailroadCollector Wiki as a "Collection Management Tool" rather than a Marklin database. It was built on the basis of documenting one's collection in few steps - Find an item, Select it and Click to Add. The database does have holes in it, does have some incorrect data too, but, with the power of crowd-sourcing, the passion of the Marklin collector, and a bit of patience and time, I feel that the project has potential as a useful addition to the collector's toolset.
Steve - I appreciate your honest feedback and I will continue to follow your posts on FB, in the M Forums and elsewhere. Many thanks again for taking the time to air your "findings" in the forums.
Kurt
