Date   

moderated Groups.io instead of Mailchimp #misc

Steve
 

Has anyone tried using Groups.io instead of apps like Mailchimp? Obviously not for marketing, but maybe announcements only? Are there advantages to using this platform over the usual email apps?

Best regards,
Steve Oglesby


moderated Archive PremiumS #suggestion

billsf9c
 

Just a thought...

If a list is falling back to Free from Premium... and might not like it, they may take 30 days to really discuss it, and 30 to act.

So maybe Archive their SubGroups etc, while allowing to see but no access, or perhaps as a teaser, no access but Read Only.

And SubGroups is my best example at this early pre-coffee hour. It might apply to other lost teatures.

Once these are "lost-forever," they may force themselves, in a foul mood, to live within Free. But if they can get them back within 60 or 90 days, voille. I had originally thought -30 days. But groups are ships and they turn slowly.

BillSF9c


moderated Publicly Listed Groups results #bug

Duane
 

When paging through the results of the various views in the groups directory, there comes a point when it won't show the next page.  It always happens when crossing over the 10,000 results line.  As an example, if I go to https://groups.io/search?p=SubsCount,,,20,2,9980,0, all works fine.  When I scroll to the bottom and use the right arrow to go to page 501, there are no results shown, even though it (currently) says 10001 - 10020 of 32031 and the URL shows https://groups.io/search?p=SubsCount,,,20,2,10000,0.  I suspect it's when the results get into the 5 digit range.  Probably not something many people will do, but it's a bit irritating when I'm playing with search parameters there. ;>)

Thanks,
Duane


moderated Re: consider a "Like" to be a "follow" #suggestion

 

Yeah, it came in handy for this; the Online Follow everywhere ability had been asked a few times before, so your post pushed it off the table and into the done basket. :D


On 2020-11-05 23:24, J_Catlady via groups.io wrote:
On Thu, Nov 5, 2020 at 08:02 PM, Christos G. Psarras wrote:
Thanks to J as well for finally pushing it over the table edge :)
Did you say that because I'm Catlady? Cats are always pushing things off the edge of tables. ;)


moderated Re: consider a "Like" to be a "follow" #suggestion

 

On Thu, Nov 5, 2020 at 08:02 PM, Christos G. Psarras wrote:
Thanks to J as well for finally pushing it over the table edge :)
Did you say that because I'm Catlady? Cats are always pushing things off the edge of tables. ;)
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: consider a "Like" to be a "follow" #suggestion

 

Mark, many thanks for adding this, it makes following groups online a lot faster and easier!

Thanks to J as well for finally pushing it over the table edge :)

Cheers,
Christos


moderated Re: Summary email has subject "digestnoreply" #bug

 

One last note on this, for anyone on an iPhone: It turns out that ios 14.1 fixes the "sends from wrong email address" bug. The bug was in 14.0. However, the fix results in the "name" part of the email being left out of emails from donotreply mass emails. That was the original source of my post here. The wrong-from-address occurred the day before and I noticed it in the morning.

Anyway, end of story except that on iPhones, summary and digest messages from groups.io now have strange-looking from addresses, by virtue of lacking the name of the group they're about.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Database ordering and datetime field #suggestion

Chris Smith
 

A date time field would be a handy feature for the database for a use case we have: we need to add entries for past events that occurred at a specific date and time, we then need to display the entries ordered from oldest to latest date & time.

Either that, or some way to link the existing date & time fields together for sorting purposes?

It would also be nice to be able to set a field as the default sort order for display purposes.

Chris


moderated Re: Wording to disable two-factor (2FA) #suggestion

Jeff Smith
 

Concerning my original suggestion, I don't mind if you added "(NOT your OTP)" however my point is to not say any more in the label than what needs to be entered in that text field. I was mistaken because I quickly saw the words "Two-Factor Authentication" and to me that confirmed it was asking for the OTP same as all my other sites I was removing it from.

Who knows maybe someone else cannot understand what you need unless you also add all the things it does not need, but that was not my problem.
Bruce Bowman said:
> How about "Enter Your Password (NOT your OTP)"


moderated Re: Wording to disable two-factor (2FA) #suggestion

Jeff Smith
 

People have continued arguments from a thread in Group_Help where someone else had 2FA problems, so I probably left all of my "good evidence" there.
It is without any refutability however, proven that this is better in other words more secure in this scenario. I have made it clear with very recent real world cases where this would have been necessary to require the one-time-password from 2FA and it would have not stopped the unauthorized user if they were only required to enter the password.

You also asked about having both factors to disable 2FA. The reason I was not concerned about that is actually because it is common that the intruder has already aquired the regular password so protects nothing. Only reason they wouldn't use same methods to discover the user's OTP as well is because it changes every minute.


On Wed, Nov 4, 2020 at 07:19 AM, Mark Murphy wrote:
I don't know if we have good evidence whether using a password or 2FA is "better" or more secure in this scenario  [...]


moderated Re: Wording to disable two-factor (2FA) #suggestion

Mark Murphy
 

On Wed, Nov 4, 2020 at 09:19 AM, Mark Murphy wrote:
On the issue of loss or compromise of your GIO 2FA credentials/device, I think some areas in GIO could be improved. For example, provide 2FA recovery codes when first setting up 2FA. Currently, you must contact GIO Support.
Sorry, I realize now GIO provides 2FA recovery codes at setup.


moderated Re: Wording to disable two-factor (2FA) #suggestion

Mark Murphy
 

On Mon, Nov 2, 2020 at 10:16 AM, Jeff Smith wrote:
My secure advice (as a specialist) is to require the OTP instead, because of the security breaches that often happen by people who only know the password so they sneak in while the account owner is AFK and disable authentication so they can go to their own computer and authenticate because they only were able to steal the owner's password.
Why not require both factors to disable 2FA?


moderated Re: Wording to disable two-factor (2FA) #suggestion

Mark Murphy
 

I think the OP was first concerned with the dialog wording on which credential is required to Disable 2FA. I agree that could be made more clear.

On Wed, Nov 4, 2020 at 12:14 AM, Jeff Smith wrote:
Only question people are debating here is that you want to allow disabling 2FA without having 2FA because of course people do lose their secret key and maybe they are still logged in somewhere, right? You want convenience in exchange for less security.
On the issue of requiring a password or 2FA in order to disable 2FA: I don't know if we have good evidence whether using a password or 2FA is "better" or more secure in this scenario, so I don't have a strong opinion.

On the issue of loss or compromise of your GIO 2FA credentials/device, I think some areas in GIO could be improved. For example, provide 2FA recovery codes when first setting up 2FA. Currently, you must contact GIO Support.

Github has a good model: https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/securing-your-account-with-two-factor-authentication-2fa





moderated Re: Wording to disable two-factor (2FA) #suggestion

Jeff Smith
 

On Tue, Nov 3, 2020 at 08:16 AM, Donald Hellen wrote:
I was wondering if, let's say, you switched ISPs and no longer have[...]
Good point Donald,
The reason they want you to have multiple methods (i.e. phone# and another email), and also remind you to check all of them regularly, is because of the assumption they would not all be lost at the same time. I'd say it's up to us to learn enough to make sure we have independent multiple verification routes that won't be lost together.
Ultimately, guess it's time to get that chip stamped into our forehead ;-)


moderated Re: Wording to disable two-factor (2FA) #suggestion

Jeff Smith
 

On Tue, Nov 3, 2020 at 07:52 AM, Bruce Bowman wrote:
Jeff -- It just seems to me, if you're the kind of person who does things like that, no amount of security questions or login factors is going to work.
Obviously what I have said (require the OTP to turn off 2FA) does stop the intrusion that I explained. So I don't know why you are pretending that is not enough security for that.
If you are just saying, "Gee, sound like nothing is completely secure" then welcome to reality. If you did your research you'll find that has always been taught.

Only question people are debating here is that you want to allow disabling 2FA without having 2FA because of course people do lose their secret key and maybe they are still logged in somewhere, right? You want convenience in exchange for less security.

I am saying simply yes we do want the full two factor authentication security (by requiring the OTP to disable it).
For the plethora of folks who lose it (I have lost it in the past), this is another very important question. How do you plan for support to authenticate them, so they are not resetting it for the sake of a hacker pretending to be the owner? There needs to be yet another factor.
Typically this other factor is to assume that only the owner would get the email in that email account. Problem of course is that if you use 2FA on everything and you just lost Google Authenticator, you probably just lost access to your email too. It's all about planning. Because too many don't plan, we end up losing security because support gives in and starts resetting passwords without knowing if it's for the right person.


moderated Re: Summary email has subject "digestnoreply" #bug

 

One point that's not OT: moderators may want to be on the alert for a lot of attempted posts by "non-members," which are actually just members using their iPhones and thinking that they're sending a message from one email address whereas actually it's going out as being from another.

This is a very, VERY bad and dangerous bug. People are reporting having no control over what email address their messages are going out under, with some bad and possibly embarrassing results (private emails being sent to work and vice versa, etc).
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Summary email has subject "digestnoreply" #bug

 

This is now OT for beta, but this seems to be related to what I'm experiencing, although I'm not (consciously) using aliases. From one of the forums:

"...there appears to be an issue with all email accounts that have an associated alias that causes the Mail app to pick a random "From" address.

There seems to be no fix or workaround at this time aside from disabling aliases, and as pointed out on the MacRumors forums, the problem continues to persist in the iOS 14.2 update that's in beta testing. We expect iOS 14.2 to be in beta for at least another few weeks (likely until the iPhone 12 models launch) so there's time for Apple to add additional bug fixes.

Update: Early reports suggest that the second iOS 14.2 beta provided to developers on September 29 fixes the email alias bug."

Hopefully end of story.

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Summary email has subject "digestnoreply" #bug

 

And to further the point that this has nothing to do with digests: the email from digestnoreoly@groups.io was not a digest. It was a daily summary. It seems that Mark just happens to use that address for both digests and daily summaries.


On Nov 3, 2020, at 2:21 PM, J_Catlady via groups.io <j.olivia.catlady@...> wrote:

Guys, guys. This has NOTHING to do with replying to digests. Nothing to do with that other thread about the group member who couldn't reply to digests (which turned out to be a Thunderbird bug).

This is an iPhone bug. There are two parts to it:

1. The phone inserts the wrong email address into emails I try to send to a group, resulting in my emails bouncing from the group because that email address is not a subscriber. (In one harrowing case, it inserted my real-name email address into a message to a group that allowed posts from non-members, and in which I wanted to remain anonymous.) This is in responding to a regular, garden-variety message. Nothing to do with digests.

2. The phone leaves out the "name" part of the email address in emails it sends to me from what seem to be "noreply" email addresses. The two examples I have are (1) a groups.io email coming from [groupname]<digestnoreply@groups.io>. The fact that the word "digest" is in the email address has nothing to do with anything here. I was not trying to respond to it. The phone made the From address into <digestnoreply@groups.io>, leaving out the name. (2) a no-reply email from the USGS about an earthquake. I strongly suspect that the no-reply feature of the email is the criterion for when it does this.

I looked around and apparently ios14 and 14.1 (which I was updated to last night) are notoriously buggy, although I have yet to see these particular bugs reported.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Summary email has subject "digestnoreply" #bug

 

Guys, guys. This has NOTHING to do with replying to digests. Nothing to do with that other thread about the group member who couldn't reply to digests (which turned out to be a Thunderbird bug).

This is an iPhone bug. There are two parts to it:

1. The phone inserts the wrong email address into emails I try to send to a group, resulting in my emails bouncing from the group because that email address is not a subscriber. (In one harrowing case, it inserted my real-name email address into a message to a group that allowed posts from non-members, and in which I wanted to remain anonymous.) This is in responding to a regular, garden-variety message. Nothing to do with digests.

2. The phone leaves out the "name" part of the email address in emails it sends to me from what seem to be "noreply" email addresses. The two examples I have are (1) a groups.io email coming from [groupname]<digestnoreply@groups.io>. The fact that the word "digest" is in the email address has nothing to do with anything here. I was not trying to respond to it. The phone made the From address into <digestnoreply@groups.io>, leaving out the name. (2) a no-reply email from the USGS about an earthquake. I strongly suspect that the no-reply feature of the email is the criterion for when it does this.

I looked around and apparently ios14 and 14.1 (which I was updated to last night) are notoriously buggy, although I have yet to see these particular bugs reported.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Pending message notices arriving hours late in some cases #misc #bug

 

Starting recently, perhaps today or yesterday, I've noticed that pending message notices are often arriving (and timestamped, not just arriving) extremely late, in many cases by hours. Invariably I've long ago approved the message on the site. Then, after the fact, I get the pending message notification.
p.s. this has nothing to do with my iPhone. The timestamp is consistent on the computer.

The most recent example: Activity log shows message sent at 11:53 a.m. I approve it shortly thereafter via the web. I get the pending message email at 1:45 pm. That was just a few minutes ago.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

4141 - 4160 of 30684