Important News About Your O'Reilly Account

by Tony Stubblebine

Updated: I've added a FAQ section at the bottom.



We just launched O'Reilly's single sign on system. Effective immediately you'll be able to access oreilly.com, Safari Bookshelf, O'Reilly Network, MacDevCenter.com, ONDotnet.com, ONJava.com, ONLamp.com, Perl.com, WindowsDevCenter.com, and XML.com using a single account and password.



We hope you find this system more convenient and intuitive to use.



There are several additional sources of information.


  • Existing users will receive an email with more information about their account.


  • You can also read the official system bulletin.


  • If you're having account troubles, send email to accounts@oreilly.com



This is a big change for us, so we'll be keeping a close eye on the changes over the next few days. If you have any questions or concerns I'm happy to address them here or through email.



Frequently Asked Questions



Why can't I login?


You need to login with your email address now. A lot of our sites previously required a user id.



Your password may have changed or you may no longer remember your password. Click the "Forgot your password" link on the login page. You will receive a numeric password that will allow you to access your account and reset your password.



Why did my password change?


If you had more than one account on our sites we reset your password. You should have received the new password in your email. If you didn't receive an email, you can retrieve a new password from the "Forgot my password" link.



You'll be required to change your password when you login



What's a screen name?


We've kept your old login name around for use as a screen name. It's now your public identifier on our sites.



Why did my screen name change



In cases where two or more users shared a screen name, we incremented the duplicate names.



This eliminates confusion across our sites where chromatic on OReillyNet may not be the same user as chromatic on XML.com. There would now be a chromatic and a chromatic1.



I'm a Safari customer and I can't login



You may not have signed up for Safari through O'Reilly. Try logging in through http://search.safaribooksonline.com. You will be automatically directed to the correct Safari portal for your account. You can read more in this note to Safari customers.



Why didn't you give more warning/communicate this better?



This is a big change for us and for you. We're reading all of the emails and comments and adding new information to this weblog. Please check back as needed. If you want personal help from our Support Group send email to accounts@oreilly.com.




24 Comments

kbedell
2004-04-11 10:33:38
problems accessing weblogger home page
I can't seem to get to the 'weblogger' home page now. I just see the new default account screen.


I'm not sure if or how I can post any weblog entries...


-kevin

alexvaldez
2004-04-11 21:15:23
I want my user ID back
Somehow my user ID got changed from alexv to alexv1. Who's got my old account now?
tonystubblebine
2004-04-12 00:30:04
I want my user ID back
Alex, I'm sorry that your screen name changed. We consolidated accounts from several O'Reilly sites. Unfortunately someone else also had the screen name alexv.


You're not the only user in this position. We dealt with duplicate screen names by incrementing the name. To anyone who lost a cherished handle, I'm sorry.


Knowing that the person posting talkbacks as chromatic on oreillynet.com is the same user as the chromatic posting talkbacks on XML.com is a good and long overdue change.

mbeckman
2004-04-12 08:50:08
How To Deploy Single Sign On With Maximum Customer Annoyance
What were you guys thinking? I tried to log in this morning to my Safari bookshelf for an urgent project, and couldn't. After a lot of digging I figured out what had happened, but still don't have my login working!


Why didn't you provide any advance notice of this change? And why, when I tried to use my old user ID and password, didn't you route me to a password change or new-account confirmation screen? Why for pete's sake don't you put some kind of banner on the ORA home page announcing this change! The only reference I could find about this was under "weblogs" -- not terribly obvious. I suggest something like "ATTENTION: YOUR OREILLY LOGIN HAS CHANGED! CLICK HERE FOR DETAILS!"


Finally, I discovered that you did email me this morning about the change, but you embedded a huge URL in the email, so Postini flagged it as spam. Surely you of all companies should know that embedded email links are security problems! I am constantly warning my clients to NEVER click on them, advice I've seen on ORA numerous times.


Two hours down the drain on a busy Monday morning trying to sort this out. Count me seriously unhappy about the handling of this project. I expected much better from O'Reilly.

kforward
2004-04-12 10:08:27
Smelled like phish
As a security admin I spend my days trying to convince people to never follow unsolicited links asking them to log in and verify/update account information of any sort.


I myself almost tossed that email, then thought to keep it as an example of a phishing scam. Much to my chagrin, the mail headers suggest it's real.

Better you had directed people to manually type in www.oreilly.com, then visit the SSO link found mid/upper-right...

mbeckman
2004-04-12 10:38:41
Still no announcement on the front page
I'm glad to see the addition of the FAQ above -- that's a start on the education process for your users. However, there is still no announcment on ORA's front page about this! What's taking you so long?


Note that the tiny link "O'Reilly Single Sign On" listed under "Featured Weblogs" doesn't count. I saw that link several times before it clicked that the article had something to do with my login problems.


I'm talking about a banner across the page. Something nobody will miss. Surely O'Reilly's highly technical staff could add this into the content delivery system in a few milliseconds. I can't think of a reason not to.


Particularly for those of us who pay to use O'Reilly services like Safari, I'd expected better handling of this. The above FAQ asks the question "Why didn't you give more warning/communicate this better?" but doesn't answer it.


-mel beckman

derrick
2004-04-12 13:03:48
It's There
Hi Mel,


We posted an announcement at the top of the News column on oreilly.com not long after your post here. We also have posts above the fold on other sites. Thanks.

kenjanuski1
2004-04-12 15:04:10
Smelled like phish
I agree completely. I was tempted to follow the email link but thought better of it. Only when I was presented with a new logon screen when I tried to access Safari today did I realize that the email was legit.


I think a warning on the web page would have made users a little more likely to have trusted the email. And I would have thought 0'Reilly of all people would have thought of that.



tonystubblebine
2004-04-12 19:40:09
Smelled like phish
Several people have pointed out that our email notification smelled like spam. We tried to avoid this by running the email through Spam Assassin. It scored very low.


Unfortunately the email was often flagged as suspicious by software and users both.


For those who didn't see or didn't trust the email, we're trying to make the new login process as clear as possible.


We've added instructions to the login pages. Hopefully anyone facing the new login process for the first time will find enough official information to feel comfortable.

jwenting
2004-04-13 00:08:08
Smelled like phish
hmm, either I never got an email sent to me or my spamfilters got the better of it.


Good thing my old password still works :)

jwenting
2004-04-13 00:10:20
I want my user ID back
are old posts consolidated towards the new screennames to avoid confusion?


Or do we have to guess if the post by alexv on oreillynet.com from today is the same user as the post from last week or not?

rsf-lists
2004-04-13 09:03:12
I want my user ID back
I too found out that my user ID associated with my main email address had been changed to a combination of my names I rarely use for this purpose, with a digit appended. My preferred screen ID (this one) was associated with a secondary email address, and I'd like to move it to my primary address, but I see no way to do this. I can't edit my primary address to my preferred name, because it's "already in use" (by another account I control), and I can't see a way to delete my secondary account to free up the user ID.


(The same thing happened to me when Netscape and AOL "consolidated" their various accounts, leaving me with a screen name I had never used anywhere else. I solved the problem then by no longer using Netscape. :-)


Again, it would have been nice if more warning had been given to the user community before implementing the change.

rsfinn
2004-04-13 09:09:58
I want my user ID back
Never mind -- I figured out I could change the secondary account's screen ID to something else, then go in and change the primary account. (Now this post has the desired screen ID, and the parent post has the "something else").


Still wish I could delete the secondary account...

dnxthx
2004-04-13 11:12:07
My account's still missing
It looks like my Safari account has been wiped from the face of the earth. I've put in two e-mail requests and made a phone call and still nothing. I certainly expect that O'Reilly will prorate or extend our subscriptions for the time lost due to this great single sign-on 'idea.'
shaw@oreilly.com
2004-04-13 15:49:32
My account's still missing
If you get the error "account does not exist", the solution is to go to:


http://search.safaribooksonline.com


and log in from there. You'll be redirected to the correct URL for your individual Safari account.


Your Safari account is with MSDN, not O'Reilly, and that is why you get an "account does not exist" error when trying to log in at safari.oreilly.com.

blkwolf
2004-04-16 11:57:07
My account's still missing
Is there any way to consolodate the MSDN account with my O'Reilly account? I now find myself with a disabled O'Reilly account for Safari Bookshelf and have login with a different email address at http://search.safaribooksonline.com to access my safari subscription.


Which is highly confusing to me since I dont ever recall signing up to safari thru MSDN and under normal circumstances go out of my way to not have anything to do with any MS services.

ajohnson1200
2004-04-28 20:32:56
how was it done?
Single sign on is a great service! Thanks for putting it together... I'd love to see an article on *how* it was done, specifically what technologies you used and what some of the pros and cons are.


Thanks!


AJ

elegans
2004-05-11 11:05:00
how was it done?
Did any one answer your questions?
dwjohnson
2004-07-29 10:59:01
Still no announcement on the front page
How do I find your news articles (columns)?
davidsambell1
2004-08-14 02:25:17
Safari login - cookies
After deleting cookings I have experienced difficulties in logging back into Safari; particularly when I'm unsure which password to use.
I have discovered that I need to delete cookies after each failed attempt before the correct password will be accepted.
tonystubblebine
2004-08-14 12:44:08
Safari login - cookies
I forwarded your request to accounts@oreilly.com. Someone from the Safari Customer Service team will provide personal assistance.
ian.waring
2004-10-09 11:51:31
Has all of O'Reilly switched over yet?
I still get mail sent to my old pre-epoch ian.waring@btopenworld.com address - whereas my epoch address iw@minsystems.co.uk gets next to nothing now (it's fallen off completely). And whenever the old addresses get used in an attempt to change my email address again, the epoch says the old address isn't registered. Just the new one - which doesn't get any newsletters requested!


It looks like different newsletters in O'Reilly still use the old pre-epoch email addresses and haven't started using the new ones yet. Bug or feature?


One other annoyance is that O'Reilly use SORBS for their inbound email filtering - and my ISP has erroneously registered the netblock that my fixed IP address sits in on the SORBS DUHL list. I'm currently trying to move heaven and earth to get British Telecom to fix it, but everyone there gives up in desperation - and the two phone numbers given for their abuse team are engaged all working hours. Until they fix it, O'Reilly reject all mail sent from iw@minsystems.co.uk :-(


Is there any fix to both problems available?


Ian W.

ojsimpson
2005-03-20 08:18:00
Yawn
Damn Small Linux (DSL) livecd has been using a writable file system for almost a year now where you can apt-get stuff with little effort. If you have a decent swapfile or swap partition, you can apt-get almost anything even large size downloads.


I am happy that KNOPPIX is heading in this direction but the functionality is not groundbreaking for a livecd distro.

tonystubblebine
2005-05-16 11:00:40
how was it done?
It's on my todo list to write up an article. My group does a lot of SSO/Shared Auth work beyond your initial question. I'd like to at least share our techniques (web services, mod_perl magic, cookie magic).


If you can't wait, I think the developers of SXIP used the same aproach that we did.