Hey, LiveJournal!

[marcmagus]

Not that anybody in a position to do anything about it is likely to be listening, but it would be really cool if I could reply to comment notification emails and have LJ do the right thing.

That is, when I get an email from LJ that someone has replied to my <post|comment>, I want to be able to reply using my email client and have my reply appear in the appropriate comment thread, threaded correctly. It wouldn't be hard, and it would be really helpful not to have to open a web page just so I can read what I've already read and then enter my reply into a textarea (or use "It's All Text...") instead of using the editor my mail client is already configured to use.

Comments

[dan4th.livejournal.com]

what? urm. I use gmail, and my comments are threaded appropriately. Is this a new problem for you, or have you always had it.

[oldsilenus.livejournal.com]

I've had the same experience, also using Gmail's web interface.

What mail client do you use, marcmagus, praytell?

[dan4th.livejournal.com]

mebbe he's getting plain-text formatted notifications, rather than html ones?

[marcmagus]

Errr, all the notifications thread correctly in mutt.

The feature I want is to be able to hit the reply key ('r' in mutt, click the reply button in GMail, not the link internal to the email which opens the LJ page to post a reply) and have that reply be added as a comment in response to the comment I'm 'reply'ing to.

The bit about threading was that it shouldn't be braindead and fail to insert it into the thread in the right place while it's doing this cool email->LJ_comment gateway thing.

[dan4th.livejournal.com]

nods. Yeah... I'm suspecting the problem is plaintext emails? I don't get a link to post a reply in my html emails. I get a box to type in, and a button to hit "send".

However, I agree that creating unique, threaded reply-to-email-addresses should be manageable.... Not that I know how to do it, but I can see it as feasible. Still, considering how crankily and unwillingly LJ coughs up "post by email", reply-by-email doesn't seem likely to appear.

edit: I just tried switching to plain-text emails to see if you were forced into launching a browser window. Yeah, the plain-text emails kinda suck.

edit2: Bugger. It's become so routine that I had failed to notice that the HTML emails actually launch another browser window when you use them to reply. So the net browser windows opened is identical. You're right. That's stupid.

[marcmagus]

I've just turned on HTML emails to see what they're sending (although I have little hope that it'll work nicely, and I now see your edit2, but I'm curious). I assume they're using some kind of HTML hack to post the reply, which would only work if you're getting your email in a web browser?

Do me a favor and reply to this just so I get another one and can look at it?

[It would be easy...you just generate some unique identifier (the comment already has one, you could probably use that, or that plus a hash of it [with salt?] to protect against certain types of exploits. Check the sender against the email the notification was sent to and you should largely prevent this from being used for spamming.]

[marcmagus]

(Also, now I know why you guys were so confused; you're getting [something like] the functionality I wanted, so you didn't know it might be absent here. I've never seen the version of the email you're looking at, so I had no idea it was present there.)

Do you have to be a paid user to edit your own comments, or am I blind?

[kdsorceress.livejournal.com]

You have to be a paid user. You may be able to do it as a "omg, I like ads!" user as well, but then you have to hack up some way to make the ads go away.

~Sor

[marcmagus]

That would be wrong.
I kind of actually mean it this time. I think explicitly signing up to accept ads in return for additional services and then bypassing the ads is unethical.

[marcmagus]

So rather than implement an email gateway, they shoved a entire reply form into the email and decided to hope people who accept HTML email would be using a browser which could use the form. In the process, they clearly implemented all of the security features an email gateway would probably need.

Can I just say, "WTF?"

(It works, btw, using mutt+links, although it's a bunch of extra work [have to go and open the email in links explicitly] and *still* doesn't let me use the editor I want to like just hitting reply would.)

(Re 2: the opening in a separate browser window could be GMail interference, actually.)

[dan4th.livejournal.com]

Hm. All these things I didn't know. I've been on webmail exclusively since the 1990's.

At any rate, yes, editing comments is a paid user functionality.

[soulchanger.livejournal.com]

Yes. I know exactly what you are talking about, but I think it would be harder than you think, at least to implement a reasonably robust and user-friendly solution.

The trouble arises from LJ correctly recognizing the incoming email and routing it to the right spot without the user having to do anything special. Since different mail clients handle replies differently (some quote text, some quote html, some presumably do other strange or unpredictable things, some may simply send a reply with no trace of the original message) and users can often change the thing a mail client does by default, or do their own strange and unpredictable things (such as reply in-line), LJ would invariably end up receiving tons of unroutable emails. Basically, I can't think of any way for LJ to make people's email clients behave properly, and so LJ would have to include instructions for the user that the user would have to follow. Since the process breaks down so easily at the user level, LJ would also have to bounce unroutable emails back to the user to let the user know their comment failed. Add to that the difficulty of securely authenticating incoming comment emails (the user would again have to follow some instructions, and if authentication failed the email would have to be bounced) and the problem does become hard. Not impossible, but hard, at least to produce a clean, elegant, idiot-proof, secure, and robust solution.

Using http to authenticate and route is easy because there are already reams of built-in features that people regularly use. Cookies, for instance. When your browser goes to post the reply from the email, odds are good that your browser already has your security information and a cookie that will get you access to posting without authentication. Authenticating by email requires encryption features that most users don't use, which is why, for instance, when a website sends you a confirmation email, you have to click a link in the email rather than reply to it to complete the confirmation process.

[marcmagus]

Embed a token into the Reply-To: address, such as <marcmagus-84890-295578@livejournal.com> (that would be a unique identifier for the comment I'm currently replying to, there might be a shorter one. That handles all the routing/threading issues (emails to that address are replies to your comment here). If you're concerned about someone guessing legal addresses and sending spam to them, append a field which is difficult to guess in advance to the key. Reject any comments not going to a legal identifier.

Authentication is a greater issue. I suggest requiring that the From: address of the incoming email match the To: address to which the notification email was sent. This should work correctly for most users. You could even let the user specify the email address they'll reply back from if they have a forwarding account and a weird configuration. Reject any comments not apparently from the correct user.

As for parsing, take the incoming comment as-is. If you need, implement something which strips quotes, make it the default, and allow power users to turn it off in their settings if they really want things posted as-is. This is all a formatting problem, not a routing problem.

If you look at the html form, it's got a bunch of hidden fields containing the sorts of identifiers I'm talking about. It doesn't use cookies (my links install doesn't have a login cookie for livejournal, and it posted just fine). This is why I say they've probably already done the overwhelming bulk of the necessary work.

Many websites allow you to reply to a confirmation email rather than clicking/copy-and-pasting a link. Just like I describe above, they encode the confirmation code into the reply address.

[soulchanger.livejournal.com]

Good work. Perhaps you should email these suggestions to the LJ team?

[marcmagus]

What, do something proactive, rather than just whining about it in my LJ? I guess I should; then I can complain about how they didn't listen to my feedback, rather than complaining about how they didn't anticipate my use case.

[mneme]

Yeah, I've been winging about this for a long time. Do send the suggestions in.

The problem is that having implemented something reasonable for HTML email, they think they're done.

The problem with -that- is that even ignoring text-only browsers, it is entirely an inadequate solution for mobile devices.