Date   

moderated Re: RSS feeds for private groups? #suggestion

 

If the RSS feeds are retrieved over HTTPS then there's no more security risk than any member's password being compromised. Not adequately vetting a new member is more of a risk.

/Colin


moderated Re: RSS feed not working for this group #bug

 

Many thanks for the quick fix!

I also asked Feedly why it wasn't working and they responded with this:
https://validator.w3.org/feed/check.cgi?url=https%3A%2F%2Frealstmfc.groups.io%2Fg%2Fmain%2Frss

You might want to fix the remaining issues, if they're also easy to fix.

/Colin


moderated Re: RSS feed not working for this group #bug

 

On Tue, Mar 23, 2021 at 6:24 AM Colin 't Hart <colinthart@...> wrote:

One of my groups advertises an RSS feed but it doesn't work in Feedly.

https://realstmfc.groups.io/g/main/rss

I wonder if it's because this group has been setup with its own domain with the group called "main"?

I just stripped all the HTML out of the feed description, and it's working for me in Feedly now (although I don't know why HTML in the description would matter at all).

Mark 


moderated Re: RSS feeds for private groups? #suggestion

Duane
 

On Tue, Mar 23, 2021 at 08:24 AM, Colin 't Hart wrote:
Please, please, please. I have too many groups I'd like to follow :-)
Please DON'T.  I don't need any more security risks.  The bad guys already cause enough problems.

Thanks,
Duane


moderated Hide Dutch quote

Benoît Dumeaux
 

Hide Dutch
Example
"Op ma 22 mrt. 2021 om 12:20 schreef phill via groups.io:"



moderated RSS feed not working for this group #bug

 

One of my groups advertises an RSS feed but it doesn't work in Feedly.

https://realstmfc.groups.io/g/main/rss

I wonder if it's because this group has been setup with its own domain with the group called "main"?

Hope you can take a look at it.

Thanks,

Colin


moderated RSS feeds for private groups? #suggestion

 

Any chance we can get RSS feeds for private groups? This would require embedding some sort of token into the RSS feed URL.

Please, please, please. I have too many groups I'd like to follow :-)

Thanks,

Colin


moderated Formatting of Individual Photo Description in an Album display bug #bug

Alan
 

Following o riginally posted on GMF message No. 37496 and validated and described by Christos G. Psarras as follows in message no. 37497:

> This does look like a display bug, on the text/label control which is displaying the caption, it doesn't respect the CR/LF/etc.<
> I'd report it on beta so Mark can become aware of it.<

How can one insert a "Carriage return and Line feed" or in computer speak an "End of Line Character" within the description field of the photo?

I have tried using "Shift+Enter" (which works on FB, WhatsApp etc.) and this does seem to produce a blank line / new paragraph in the "Edit" mode, but once one saves the change the text all runs together without the paragraph / space.

If one then goes to "Edit" again, the blank line / paragraph space is visible, so .. stuck

Can you assist, please?

I found this on line but I'm guessing this is a change to the site code that Mark would need to program.
https://www.ni.com/en-us/support/documentation/supplemental/21/labview-termination-characters.html


Thank you

Alan


moderated Re: Limit Number of Unsuccessful Logins #suggestion

 

On Sun, Mar 21, 2021 at 12:16 PM, Glenn Glazer wrote:
we had to implement a randomizer so that the limit is actually some random number between X and Y.
Good idea.
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Limit Number of Unsuccessful Logins #suggestion

Glenn Glazer
 

On 03/21/2021 11:42, J_Catlady wrote:
On Sat, Mar 20, 2021 at 03:19 PM, Mark Fletcher wrote:
We do indeed have a rate limiter on login requests.. I won't say what the current limit is
Mark is an oracle.:) Keep trying until you hit it.
 
--
J

Where I work, "clever" people outside the company wrote a script to determine this value for our login system. So, we had to implement a randomizer so that the limit is actually some random number between X and Y.

Best,

Glenn

--
#calcare
PG&E Delenda Est


moderated Re: Limit Number of Unsuccessful Logins #suggestion

 

On Sat, Mar 20, 2021 at 03:19 PM, Mark Fletcher wrote:
We do indeed have a rate limiter on login requests.. I won't say what the current limit is
Mark is an oracle.:) Keep trying until you hit it.
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Several FILES improvements #suggestion

KWKloeber
 

Chris

You said:

You didn't comment on my earlier [re main page]

Yes I did, you might have missed it. 

You said:
It crossed my mind that you might have been interpreting All members can post to the Group as including "members can upload File & Photos", which it doesn't

Nope, I intentionally kept the discussion centered on uploading permissions, not posting permissions. 

You said:
Have you been able to check whether the group in question really does allow members to upload files and photos?

Trying to.  It’s a sailing group of specific boat owners.  
The owner sold her boat so the group is sort of on autopilot.  I did make contact but haven’t gotten an answer yet ( I think her group email is rarely checked.) But we will eventually work our way to the bottom of the hole. 
Regardless of that outcome, the #Suggestion are still valid as the notifications, warnings, etc that I highlighted up are not there and would be nice for both members and owners/mods to have. 

-K


moderated Re: Limit Number of Unsuccessful Logins #suggestion

 

Hey, I found your book!
https://www.amazon.com/Elementary-Information-Security-Richard-Smith/dp/1284153045?

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Limit Number of Unsuccessful Logins #suggestion

Rick Smith
 

If there’s to be a hard limit on attempts, I’d recommend something between 10 and 20. If it’s lower, it penalizes those who rarely log in but actually try to remember a password for this particular site.

NIST’s latest password recommendation is a bit more sophisticated: no hard limit on attempts, but the account suffers an increasing delay between logins.

FWIW I wrote a book on this 20 years ago, and my cybersecurity textbook is in its 3rd edition. This doesn’t guarantee I’m right, but I’ve dealt with this question a bit.

Rick Smith.


moderated Re: Limit Number of Unsuccessful Logins #suggestion

Mike Hanauer
 

So glad to hear there is a limit. Should it be lowered? Since I never reached it, my guess is yes. 

Consider Better, not Bigger. So many advantages. Just ask. USA adds a Chicago to our overpop each year.
"Still more population growth is not our way to a healthy community, a healthy planet, OR enjoyable cycling."

    ~Mike


On Saturday, March 20, 2021, 06:19:45 PM EDT, Mark Fletcher <markf@corp.groups.io> wrote:


On Sat, Mar 20, 2021 at 3:15 PM Mike Hanauer via groups.io <MGHanauer=yahoo.com@groups.io> wrote:
It appears to me that groups.io has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

We do indeed have a rate limiter on login requests. I won't say what the current limit is, but perhaps I should lower it.

Mark


moderated Re: Limit Number of Unsuccessful Logins #suggestion

 

On Sat, Mar 20, 2021 at 3:15 PM Mike Hanauer via groups.io <MGHanauer=yahoo.com@groups.io> wrote:
It appears to me that groups.io has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

We do indeed have a rate limiter on login requests. I won't say what the current limit is, but perhaps I should lower it.

Mark


moderated Limit Number of Unsuccessful Logins #suggestion

Mike Hanauer
 

It appears to me that groups.io has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

If true, I would suggest a limit of 4 or 5. After that, perhaps validate via an email or some other method.

AllTheBest.


moderated Re: File & Photo (etc) Notices #bug

 

I noticed this same issue awhile ago and may have posted about it, but eventually gave up on it.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated File & Photo (etc) Notices #bug

Chris Jones
 

In doing a search before composing this message I found this point in Message #25397: Given that these new ones aren't intended to be used by members... which makes sense and is what I would expect to be the case.

Earlier today I spotted (in a group that I don't moderate) that a member had used #photo-notice to announce a photo that he had embedded in his post. To the best of my knowledge that group has no representation either here or on GMF so when these notices were introduced they will have just "happened" without anyone necessarily noticing anything particularly different. A bit more investigation found that the -notice hastags were all available in the drop - down list of hashtags that members can use, and of course they would also be available to anyone who added one to an email posting. 

IMHO this is wrong; what is really a system hashtag should not be accessible for members to use right from the outset. Is there any way in which these notices can be configured at source to prevent their use in members' routine posts? And if so, is there any way of enacting it retrospectively?

In the group I moderate I set these hashtags to moderators only because the list of tags available to members has been deliberately kept very short and simple.

Chris


moderated Re: Several FILES improvements #suggestion

Chris Jones
 

On Sat, Mar 20, 2021 at 04:25 AM, KWKloeber wrote:
After your suggestion that it might be over limit (not locked by MOD)  I checked and it wasn't -- as I said just over 1MB storage was used.
Ah... thanks for that.

You didn't comment on my earlier I think some clarification is called for. You said "main page"; did you mean Home Page? I ask because I cannot find any group where that particular bit of information is provided on the Home Page...

It crossed my mind that you might have been interpreting All members can post to the Group as including "members can upload File & Photos", which it doesn't

Have you been able to check whether the group in question really does allow members to upload files and photos?

Chris

2101 - 2120 of 30674