Date   

moderated Re: Update login expiration on site visit #suggestion

Bruce Bowman
 

On Sun, Nov 4, 2018 at 02:49 PM, Shal Farley wrote:
For some definition of "most".

The only sites I use that behave that way are financial (banking) and other high-security sites. etc...
The only cogent reason I've heard to suggest that we need to change the current login process is that subscribers are becoming "disconcerte." I offered that alternative only as a bit of reductio ad absurdum rhetoric -- a way to address [what I consider to be] a non-existent problem. 

Looking back at the GMF archives, we might get 6-8 inquiries about this a month. There are half a million subscribers to the Updates group; certainly more actual accounts. It could be that many group owners are struggling to head off questions about logon problems so that they don't land in GMF. My own experience with my own groups is that not one person has made an inquiry that directly relates to expiration of the logon cookie.

I do believe that a "you are not logged in" banner of some sort has merit; and you may recall that I supported that idea in GMF. Other than that, it remains my opinion that the seriousness of this issue has been blown out of proportion.

Regards,
Bruce


moderated Re: Update login expiration on site visit #suggestion

 

Jeremy,

My thought is that probbly what is required, is that when GroupsIO
recognises an expired login (i.e login cookie older than 30 days) it
puts up a page saying (essentially) 'Your login has expired. Please
re-enter your password (or do whatever to) log back in.'
A distinct landing page like this would make the experience more comparable to what I get (the login page) if my destination required login. Or it could be just a red-box page banner, that would inform the user but allow them to continue browsing as "guest" (not logged in).

Whether it mentions the 30 days, or what should be done for someone
who has specifically logged off, are things that need to be thought,
That's the key. The page or banner obviously should not appear for someone who explicitly logged out, nor for someone who visits the site having not been (recently) logged in.

Shal


moderated Re: Update login expiration on site visit #suggestion

 

Bruce,

... perhaps we should make them log in every time, and time them out
after a certain interval of inactivity. That would be consistent with
what most other sites do and certainly makes no less sense.
For some definition of "most".

The only sites I use that behave that way are financial (banking) and other high-security sites.

Sites like Gmail, Yahoo, Facebook, and others seem to keep me logged in indefinitely. I'm not sure if they refresh on visit, or simply never expire, the effect is similar: I come back to the site days, weeks, or even months later (it seems) and I'm still logged in.

Even Amazon seems to use a kind of hybrid system. You retain your logged in identity, apparently indefinitely, for most browsing purposes, but after some time (days? I'm not sure) you'll be asked to log in again to access certain things, like your prior orders.

Shal


moderated Re: Give group owners control over how subscriptions are processed #suggestion

 

I have the first text at the top of our home page, in all caps, informing people that after they apply, they need to check their email for the confirmation link and pending questionnaire. It’s ugly but it’s the only way it works for us.

On this subject, the sequence is still confusing and non-illuminating. People applying via the web are now showing up NC, having received (it seems?) only the confirmation email and not the pending email with the questionnaire (according to their email delivery histories, which of course woefully shows only the most recent single delivery - but I think Mark has it on his Todo list to change that). I thought if used to be the opposite. Bottom line, I have zero idea of what’s happening any more with people’s applications to join, and what they have received etc.


On Nov 4, 2018, at 9:21 AM, Beth Weld <bethweld77@...> wrote:

We have received numerous join requests for my group this weekend, I really would like to strongly suggest that for restricted groups, we have the option to remove both the Apply button as well as the subscribe email address on the group main page.  I'm trying to redirect people to our website where they need to fill out an application (and pay money), but it hasn't worked for the dedicated folks who won't read. I've changed our verbiage to be in red and 14pt so we will see how that works, but we really don't want anyone to try to join using groups.io

I'm also using Bruce's pending subscription notice with stronger wording - basically that they will be rejected until they follow the process, but that is a bit late after they have already applied. Not very nice either, but I don't think we have a choice.
Thanks
Beth

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Give group owners control over how subscriptions are processed #suggestion

Beth Weld
 

We have received numerous join requests for my group this weekend, I really would like to strongly suggest that for restricted groups, we have the option to remove both the Apply button as well as the subscribe email address on the group main page.  I'm trying to redirect people to our website where they need to fill out an application (and pay money), but it hasn't worked for the dedicated folks who won't read. I've changed our verbiage to be in red and 14pt so we will see how that works, but we really don't want anyone to try to join using groups.io. 

I'm also using Bruce's pending subscription notice with stronger wording - basically that they will be rejected until they follow the process, but that is a bit late after they have already applied. Not very nice either, but I don't think we have a choice.
Thanks
Beth


moderated Re: Update login expiration on site visit #suggestion

 

On Sun, Nov 4, 2018 at 07:00 AM, J_Catlady wrote:
as previously suggested.
as Jeremy suggested.
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Update login expiration on site visit #suggestion

 

On Sun, Nov 4, 2018 at 06:50 AM, Ken Schweizer wrote:
I agree with Bruce in that members should have to log in every time they visits a sit
 I actually think that part would be going too far. It's the opposite extreme. I think the balance as it is now is a good one, with possibly some better messaging as previously suggested.
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Update login expiration on site visit #suggestion

Ken Schweizer
 

I agree with Bruce in that members should have to log in every time they visits a site; if that is consistent  it shouldn't confuse anyone who is able to use a computer. I would prefer a log out to be with a site disconnect or, if necessary, after a prolonged time of inactivity of say >1 hour along with a pop-up window announcing a pending log out in xx minutes. Automatic disconnects of <1 hour can be frustrating if you are researching a response.

 

Ken

 

"And if any man shall take away from the words of the book of this prophecy, God shall take away his part out of the book of life, and out of the holy city, and from the things which are written in this book." God

 

From: main@beta.groups.io [mailto:main@beta.groups.io] On Behalf Of Bruce Bowman
Sent: Sunday, November 4, 2018 7:39 AM
To: main@beta.groups.io
Subject: Re: [beta] Update login expiration on site visit #suggestion

 

On Sun, Nov 4, 2018 at 12:59 AM, Shal Farley wrote:

Proposal:

Update the 30-day login period when the user visits the site, rather than only when they go through the login flow.

I am not fond of this idea. Confirmation of identity needs to be done on a periodic basis, and simply visiting the site using the same device does not accomplish that objective.

Has anyone given thought to the legal ramifications of this?

If we want subscribers to be less disconcerted, perhaps we should make them log in every time, and time them out after a certain interval of inactivity. That would be consistent with what most other sites do and certainly makes no less sense.

Thanks,
Bruce


moderated Re: Update login expiration on site visit #suggestion

Jeremy H
 

My thought is that probbly what is required, is that when GroupsIO recognises an expired login (i.e login cookie older than 30 days) it puts up a page saying (essentially) 'Your login has expired. Please re-enter your password (or do whatever to) log back in.' 

Whether it mentions the 30 days, or what should be done for someone who has specifically logged off, are things that need to be thought, but which I haven't come to any decision about.  


moderated Re: Update login expiration on site visit #suggestion

 

I agree with Bruce. My reaction was the same as his, but I didn’t write it down here because it was more of a gut feeling that I couldn’t articulate or rationalize. He articulated it.


On Nov 4, 2018, at 5:38 AM, Bruce Bowman <bruce.bowman@...> wrote:

On Sun, Nov 4, 2018 at 12:59 AM, Shal Farley wrote:
Proposal:

Update the 30-day login period when the user visits the site, rather than only when they go through the login flow.
I am not fond of this idea. Confirmation of identity needs to be done on a periodic basis, and simply visiting the site using the same device does not accomplish that objective.

Has anyone given thought to the legal ramifications of this?

If we want subscribers to be less disconcerted, perhaps we should make them log in every time, and time them out after a certain interval of inactivity. That would be consistent with what most other sites do and certainly makes no less sense.

Thanks,
Bruce

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Update login expiration on site visit #suggestion

Bruce Bowman
 

On Sun, Nov 4, 2018 at 12:59 AM, Shal Farley wrote:
Proposal:

Update the 30-day login period when the user visits the site, rather than only when they go through the login flow.
I am not fond of this idea. Confirmation of identity needs to be done on a periodic basis, and simply visiting the site using the same device does not accomplish that objective.

Has anyone given thought to the legal ramifications of this?

If we want subscribers to be less disconcerted, perhaps we should make them log in every time, and time them out after a certain interval of inactivity. That would be consistent with what most other sites do and certainly makes no less sense.

Thanks,
Bruce


moderated Re: Calendar - Date Format on Reminder Notices

 

Pamela,

Is it possible to add a selection box for Date Formats to the
Calendar??
I don't think a new setting is needed. But I do think the reminders and notices sent from the calendar should obey the subscriber's Date and Time Display settings (from the recipient's Account Preferences page).

At present the Subject line is in US format ("10/30/18"). In the body of the reminder the month is spelled out (e.g. "30 October 2018") so that may be ok.

Shal


moderated Update login expiration on site visit #suggestion

 

Mark,

Background:

There's been some discussion in GMF about the current login mechanism, in particular dissatisfaction with the user experience of having one's login suddenly evaporate (30 days after your last login) even though one has recently - even a second ago - been logged in and active on site.

Usually I'm heading for a page that requires login (such as GMF's Pending list), so my experience has been to be suddenly faced with the login page. That's fairly self-explanatory (at least to me) as to what happened and what I need to do next.

But if one is heading for a page that doesn't require login, say GMF's or beta's public messages, then the effect is much more disconcerting - you seem to have suddenly been unsubscribed from the group (the button list on the left shrank). If you're paying attention you'll notice that your name disappeared in the upper right, replaced with the Log In and Sign Up links - but that's not the most prominent change.

The consequence is that some group owners get complaints from members who believe they've been unsubscribed without cause, and who generally confound matters in their attempts to re-join the group.

Proposal:

Update the 30-day login period when the user visits the site, rather than only when they go through the login flow.

I presume you wouldn't want to add this to the burden of every page load, but if there's a way to do check it at most once daily per user that ought to be more than adequate.

Shal


moderated Calendar - Date Format on Reminder Notices

Pamela Tatt
 

I asked this question in the GMF and it was suggest it might be a matter for the beta group.

I am struggling to find where to change the date format for calendar reminders.  
I am in Australia and use the DD.MM.YY format.  I have this selected everywhere I can find to make a selection but the reminders still arrive with the American format of MM.DD.YY which is confusing for our elderly members.

Is it possible to add a selection box for Date Formats to the Calendar??  Either when adding Events or as a Default setting perhaps?

Kind regards,
Pamela


moderated Re: a PAID version with no footer links??? #suggestion

 

Al,

We sure would like "no footer links" whatsoever in our PAID group.
As JohnF said, at least the Unsubscribe link would likely need to remain. That's pretty much a standard for email lists.

Want a PURE email group, with no member ever learning there is an
"online interface" whatsoever.
I think you could also keep the Reply To links (Sender and Group) and Contact Group Owner, as those are mailto: links (no web pages involved in their function).

As to the rest...

The Mute links are useful for email subscribers also, though it takes one to the site to make the selection. And you con only Unmute via the site.

The Follow links are designed primarily for email subscribers, even though they take one to the site to make the selection. And the subscriber would have had to have visited the site at some time to make the "Following Only" subscription selection that activates the Follow/Unfollow links.

That leaves "View/Reply Online" and "New Topic" as the two links whose function is primarily aimed at using the web site. Those are the only two I think you could eliminate without diminishing the list functionality for email-using members.

So my recommendation would be to have this proposed option retain links to the subscription-related pages while removing links to the content pages.

Shal


moderated Site updates #changelog

 

Changes to the site this week:

Web:

  • No changes

API:

  • CHANGE: The /downloadarchives endpoint has been temporarily disabled because a company was abusing it and putting too much load on the system.
  • NEW: The /gettopics endpoint now works.
  • NEW: Additional error codes for /login API endpoint.
  • NEW: Added group_alias, org_id, org_domain fields to the 'subscription_plus' object.

A note on my focus for the next few months: https://beta.groups.io/g/main/message/18909

Have a good weekend everyone.

Mark


moderated Re: My focus for the next few months

 

Mark,

There are several other projects that will also eventually roll into
this, including the notifications overhaul, ...
Yay!

Shal


moderated Re: a PAID version with no footer links??? #suggestion

Brian Vogel <britechguy@...>
 

On Fri, Nov 2, 2018 at 02:06 PM, J_Catlady wrote:
On Fri, Nov 2, 2018 at 10:51 AM, Sam Hughes wrote:
Want a PURE email group, with no member ever learning there is an "online interface" whatsoever.
I don't think that's possible in groups.io. It really goes against the model.
Indeed.

I've said it before, and I'll say it again:  Why choose to sign up to use a medium, intentionally designed as a fusion of e-mail list and online forum, if you adamantly don't want one half of said fusion?

There are plenty of other options out there if you want one, or the other, but not both.  When you add to that the fact that no one is obligated to use either interface if they do not so choose, well . . .
 
--

Brian - Windows 10 Home, 64-Bit, Version 1809, Build 17763 
The terrible state of public education has paid huge dividends in ignorance.  Huge.  We now have a country that can be told blatant lies — easily checkable, blatant lies — and I’m not talking about the covert workings of the CIA. When we have a terrorist attack, on September 11, 2001 with 19 men — 15 of them are Saudis — and five minutes later the whole country thinks they’re from Iraq — how can you have faith in the public? This is an easily checkable fact. The whole country is like the O.J. Simpson jurors.

      ~ Fran Lebowitz in Ruminator Magazine interview with Susannah McNeely (Aug/Sept 2005)


moderated Re: a PAID version with no footer links??? #suggestion

 

On Fri, Nov 2, 2018 at 10:51 AM, Sam Hughes wrote:
Want a PURE email group, with no member ever learning there is an "online interface" whatsoever.
I don't think that's possible in groups.io. It really goes against the model. Even if you have no footers, people can always log onto the site. Etc.
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: a PAID version with no footer links??? #suggestion

 

There would probably need to be at least an unsubscribe link, or it would cause problems. If you want an email reflector list with absolutely no web presence, there may be better options than Groups.io available.

JohnF