Date   

moderated More efficient page navigation of member and other lists #suggestion

Barry_M
 

I'm new to groups.io but, now a week or so in, came across something that, very probably, must have been suggested before or just decided against. But, on the off chance it hasn't been...

When looking at "Members" for a group, at lower right are the page numbers and obvious how one can click on whatever page or click through them to see the entirety of a list.  But, to the left and right of a small range (maybe 5-8) page number options are single arrows which, if clicked, move one page left or right.  I'd love to suggest the inclusion of double arrows at left and right of those single arrows to speed navigation.  Clicking on one of those would bring you to the first or last page of a membership list versus just one page left or right.  Screenshot attached. 


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

 

Oops. That was a mental typo. Should say “ is not really automatic” 


On Apr 25, 2019, at 10:12 AM, J_Catlady via Groups.Io <j.olivia.catlady@...> wrote:

I had one more thought on the idea that rejection, etc., should not be done "automatically" lest nefarious individuals take advantage of the situation:

I submit that having groups.io send a "This topic is locked" rejection notice in response to attempted posts to a locked topic is really "automatic." The rejection notice has, in effect, been requested by the moderator who locked the topic. It is simply a blanket (although still explicit) request at one level "up" from rejecting an individual message. Groups.io would simply be acting as the moderator's agent in sending the boilerplate message.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

 

I had one more thought on the idea that rejection, etc., should not be done "automatically" lest nefarious individuals take advantage of the situation:

I submit that having groups.io send a "This topic is locked" rejection notice in response to attempted posts to a locked topic is really "automatic." The rejection notice has, in effect, been requested by the moderator who locked the topic. It is simply a blanket (although still explicit) request at one level "up" from rejecting an individual message. Groups.io would simply be acting as the moderator's agent in sending the boilerplate message.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

Jeremy H
 

My thought on this is: what would happen if the topic was not locked? The message (posting to topic) would AIUI be dealt with 'normally' (posted through, moderated, whatever), even if from a spammer: that being the case, I fail to see what the real problem in sending a reply (with or without original message), saying 'This is a locked topic, your message has been rejected' (or words to that effect), and that should be the 'normal' response in that case.

Jeremy


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

Glenn Glazer
 

On 4/25/2019 09:16, Brian Vogel wrote:
Locking topics is a basic function under any forum/e-mail system that I have used over the course of decades.  It needs to work.

No one is proposing "security by obscurity."   The fact, and it is a fact, is that spammers look for ease of putting a message out scattershot.  They do not target, and they certainly do not target in the way discussed here.  One takes precautionary measures based upon a realistic risk assessment.  It is a waste of time and effort to try to prevent the highly improbable.  If the highly improbable becomes easy or starts being used, then one takes remedial measures.  'Twas ever thus when keeping up with what spammers will try next.

The idea of a spammer employing backscatter is, to put it mildly, highly improbable.   I don't worry about being hit by a meteorite when sitting in my living room (though it's conceivably possible) just as I don't worry about the issue of backscatter and spammers.   If it were an easy and worthwhile effort to achieve their ends it would have been in use long before now, as the capability has existed long before now.

Hear, hear! I couldn't agree more.

In the computer security field, we often say that one doesn't need Fort Knox to safeguard a broken bicycle, which is a metaphorical way of saying exactly what Brian says above.

Best,

Glenn
M.S. '07 UCLA Security and Cryptography

--
We must work to make the Democratic Party the Marketplace of Ideas not the Marketplace of Favors.

Virus-free. www.avast.com


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

 

Marv,

Sometimes you really want it locked. As one example, we have group members on moderation-bypass (status “P”) who may not realize when a topic is really closed, because the locking is not announced. It’s just done. Locking means you don’t want to allow ANY posts to a topic.

Another reason to lock instead of moderate is to disable Likes. Again, stopping all activity.

A third reason is not wanting to compose and send rejection notices. Locking (whether via the current bounce message or the proposed method) sends, or would send under the proposed idea, a boilerplate “This topic is locked.” 

A fourth reason is to eliminate the Reply button so that members responding via web realize they can’t post to the topic even before they’re tempted to reply. 

Etc. Locking is just a whole different ballgame from moderation.


On Apr 25, 2019, at 8:40 AM, Marv Waschke <marv@...> wrote:

Forgive me if I am missing something, but groups that want to avoid ugly bounce messages could put topics under moderation instead of locking the topics. Wouldn't that be an effective workaround that lets the individual group decide? I can't recall that I've ever locked or placed a topic under moderation so I don't have experience.

In other realms, I've seen "security by obscurity" (don't worry, those dopey criminals will never bother to figure it out) fail miserably, so I am inclined to close security gaps even when a breach appears improbable at the moment. If you accept the obscurity argument regularly, you end up with a porous system.
Best, Marv

--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

Brian Vogel <britechguy@...>
 

Locking topics is a basic function under any forum/e-mail system that I have used over the course of decades.  It needs to work.

No one is proposing "security by obscurity."   The fact, and it is a fact, is that spammers look for ease of putting a message out scattershot.  They do not target, and they certainly do not target in the way discussed here.  One takes precautionary measures based upon a realistic risk assessment.  It is a waste of time and effort to try to prevent the highly improbable.  If the highly improbable becomes easy or starts being used, then one takes remedial measures.  'Twas ever thus when keeping up with what spammers will try next.

The idea of a spammer employing backscatter is, to put it mildly, highly improbable.   I don't worry about being hit by a meteorite when sitting in my living room (though it's conceivably possible) just as I don't worry about the issue of backscatter and spammers.   If it were an easy and worthwhile effort to achieve their ends it would have been in use long before now, as the capability has existed long before now.
--

Brian - Windows 10 Pro, 64-Bit, Version 1809, Build 17763  

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

              ~ Brian Vogel


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

Marv Waschke
 

Forgive me if I am missing something, but groups that want to avoid ugly bounce messages could put topics under moderation instead of locking the topics. Wouldn't that be an effective workaround that lets the individual group decide? I can't recall that I've ever locked or placed a topic under moderation so I don't have experience.

In other realms, I've seen "security by obscurity" (don't worry, those dopey criminals will never bother to figure it out) fail miserably, so I am inclined to close security gaps even when a breach appears improbable at the moment. If you accept the obscurity argument regularly, you end up with a porous system.
Best, Marv


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

Brian Vogel <britechguy@...>
 

I agree that there's very little value in including the member's message in the bounce message back when a topic is locked.   I also agree that it would be nice to have the ability to customize a group's message sent back when a topic is locked.

The above being said, I just tested out what Leeni discussed, and the following is the text that comes back at the top, before the quotation of the incoming message that's been rejected:

The response from the remote server was:

500 This topic has been locked by the moderators and can no longer be posted to.

While that text seems abundantly clear to me, it also doesn't resemble any truly generic bounce message I've ever seen.  It seems to be customized by Groups.io, and I'd have to believe that the text that follows the 500 is lifted directly from a file, somewhere.  It would seem to me that if/then/else logic for, "If group has custom text then use it, else use canned text," is possible.   Again, this is conjecture, but it's an educated guess after decades as a nuts and bolts coder.

--

Brian - Windows 10 Pro, 64-Bit, Version 1809, Build 17763  

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

              ~ Brian Vogel


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

 

On Wed, Apr 24, 2019 at 08:47 AM, Shal Farley wrote:
Rejection notices typically contain a copy of the rejected message, in this scenario that would be the payload.
Why couldn't that be altered for this case? The original suggestion already would require some nontrivial programming. The suggestion is not just, "turn locked topics into moderated topics." It's "treat locked topics  similarly to moderated topics, but where the system automatically rejects the messages." So why not also do away with including the rejected message? Voila, no payload. I'm not suggesting making locked topics into moderated topics where everything has to remain the same, including pasting in a copy of the rejected message. I'm saying, IF the system can handle moderated topics without bouncing messages, it should also be able to handle locked topics without bouncing messages.
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

Leeni
 

Just an added side note about lock topics while you can't delete them, you also can't start a new message from an email if your email has the same subject line as the locked messages.
 
Example: My groups are Creative Design groups
Graphics are shared
A member starts a topic and the subject line reads Easter Eggs and that topic is auto locked after one day.
 
Now another member a couple days later shared Easter Eggs and names their subject Easter Eggs.
 
Their email would be rejected saying that the subject is locked.
 
Leeni
 
 
 
 
 

-------Original Message-------
 
Date: 4/24/2019 12:31:45 PM
Subject: Re: [beta] User-friendly message rejection after attempt to post to a locked thread #suggestion
 
This also ties in, and pretty directly, with another feature request I made:  Hide Topic Function

The need to hide a topic, per se, is separate from this topic.  But the fact that one cannot delete a topic after locking it, and having it remain somehow stored by Groups.io as locked, without any trace of it being visible to anyone is not.

Locked topics should not only be able to have some sort of "human comprehensible" message of the "You can't post to this topic because it's locked" nature sent out, but if one locks a topic there should be a "locked list" maintained even if the topic itself is deleted afterward.   Locked is locked, and should not be volatile based on the presence or absence via deletion of the material that triggered a topic to be locked in the first place.

While I'd like to have the capability to hide a topic for its own sake, when it comes to locked topics that I wish to have purged from the archive I'd far rather do that than hide it just so that no one can post to it again.

It strikes me as entirely feasible (and I may be wrong) to maintain a history of all locked topics for a group, even if said topic were subsequently deleted, so that "late entries" cannot revive it from the dead when replying to it.   I know individuals can create a separate topic to try to revive or extend something, but that is taken care of by the moderators making clear that it will not be tolerated and immediately locking the revival attempt.  (Then, if I had the option, deleting it if it would keep it locked, or at the very least hiding it to keep it out of the archive view).

--

Brian - Windows 10 Pro, 64-Bit, Version 1809, Build 17763  

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

              ~ Brian Vogel

 


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

Brian Vogel <britechguy@...>
 

This also ties in, and pretty directly, with another feature request I made:  Hide Topic Function

The need to hide a topic, per se, is separate from this topic.  But the fact that one cannot delete a topic after locking it, and having it remain somehow stored by Groups.io as locked, without any trace of it being visible to anyone is not.

Locked topics should not only be able to have some sort of "human comprehensible" message of the "You can't post to this topic because it's locked" nature sent out, but if one locks a topic there should be a "locked list" maintained even if the topic itself is deleted afterward.   Locked is locked, and should not be volatile based on the presence or absence via deletion of the material that triggered a topic to be locked in the first place.

While I'd like to have the capability to hide a topic for its own sake, when it comes to locked topics that I wish to have purged from the archive I'd far rather do that than hide it just so that no one can post to it again.

It strikes me as entirely feasible (and I may be wrong) to maintain a history of all locked topics for a group, even if said topic were subsequently deleted, so that "late entries" cannot revive it from the dead when replying to it.   I know individuals can create a separate topic to try to revive or extend something, but that is taken care of by the moderators making clear that it will not be tolerated and immediately locking the revival attempt.  (Then, if I had the option, deleting it if it would keep it locked, or at the very least hiding it to keep it out of the archive view).

--

Brian - Windows 10 Pro, 64-Bit, Version 1809, Build 17763  

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

              ~ Brian Vogel


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

Glenn Glazer
 

On 4/24/2019 08:32, Shal Farley wrote:
I admit it does seem far-fetched that a miscreant would put together the pieces necessary to exploit this particular suggestion.

This I agree with. And furthermore, the way around all of the speculation is to make it a feature that individual groups can turn on or off as a preference. So, for those groups for whom it works and want this, great and if some spammer is attacking a group, they can turn it off temporarily or permanently without impairing the usage by other groups.

The same holds true, incidentally, of my other suggestion to send it a queue, by which I meant a different queue than the regular moderation queue. The idea would be that it would be easier in a separate queue to select all and send the group's customized locked thread message than to have to pick them out of the general moderation queue.

Best,

Glenn

--
We must work to make the Democratic Party the Marketplace of Ideas not the Marketplace of Favors.

Virus-free. www.avast.com


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

 

J,


Do you mean they would spoof various group members' email addresses in order to connivingly and deliberately send messages to locked topics in their name, just so that the group members would get the rejection message?

That is the scenario, as I understand it. Rejection notices typically contain a copy of the rejected message, in this scenario that would be the payload.


I considered myself cynical, but even I am not as cynical as that.

It is a concern (as Mark said), not a proven threat that I know of.

I admit it does seem far-fetched that a miscreant would put together the pieces necessary to exploit this particular suggestion. Perhaps ironically beta itself seems like one of the juicier targets because it has public archives, unrestricted membership, and (formerly) generous use of thread locking; yet even so it seems unlikely to me. However, once someone figures it out history has shown us that the dark corners of the internet are pretty good at sharing "how-to" info and packaged scripts to exploit anything they can.

Shal


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

Brian Vogel <britechguy@...>
 

Being someone who deals with spam management on a daily basis, I have to say that I find the idea that spammers would do what is proposed highly, very highly, unlikely.

It's not something that would be of any value to them in any way I can think of.  They want their message out there, and no matter what they'd get back from trying to e-mail to a locked thread if it isn't a posted message they'd almost certainly move on.   Spam is a "drive by" activity using the broadest and quickest scatter and run methods possible.

When they get a rejection message they move along.
--

Brian - Windows 10 Pro, 64-Bit, Version 1809, Build 17763  

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

              ~ Brian Vogel


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

 

On Tue, Apr 23, 2019 at 10:44 PM, Shal Farley wrote:
Automatically sending back a message runs the risk of allowing spammers to deliberately trigger this response, targeting group members.
Shal,

Ok, I read Lena's message about backscatter, and yours explaining it, and I am missing something. It seems unrealistic/overly pessimistic to assume that spammers would somehow find and send messages to locked topics. Even if they were somehow able to do that (which could only occur in unrestricted groups anyway), how would this "target group members"? Do you mean they would spoof various group members' email addresses in order to connivingly and deliberately send messages to locked topics in their name, just so that the group members would get the rejection message? I considered myself cynical, but even I am not as cynical as that. Or perhaps I'm actually overly naive and trusting. :)
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

 

J,

I still have not heard what's infeasible about my original suggestion,
Read back through the topic for the word "backscatter", starting with Lena's message of 2018-01-02.

Automatically sending back a message runs the risk of allowing spammers to deliberately trigger this response, targeting group members.

Shal


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

 

On Tue, Apr 23, 2019 at 12:50 AM, Shal Farley wrote:
2. Have an option that messages that go to locked threads go to a
moderation queue and the humans can determine what is backscatter
and what gets a nice message.
This seems to me to be the same as moderating the topic, rather than locking it.
I still have not heard what's infeasible about my original suggestion, which is to treat locked topics as moderated topics but wherein all posts are rejected automatically by the system and sent a canned "this subject is locked" rejection notice. 
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

 

Glenn,

1. ... if a message is from member in group, send back new email with
nice message, else drop on the floor.
If the message is from a non-subscriber it should be given an error at connection time (not accepted then dropped) using the existing error code/text for non-subscriber messages -- unless the group is set to allow non-subscriber posts.

If the group is set to allow them, then a message to a locked topic from a non-subscriber should be handled the same as one from a member.

I realize that 1. risks backscatter, but until there is evidence of
such, there is no way to evaluate that risk and it just may be a case
of being too timorous.
This belongs in a different topic, but I've come to believe that Groups.io ought to be doing DMARC-like authentication on inbound group postings and email commands before accepting them. That would (I think) eliminate the risk of backscatter were Groups.io to accept the message and separately send back a "nice" error message.
https://beta.groups.io/g/main/topic/24836368#18077

2. Have an option that messages that go to locked threads go to a
moderation queue and the humans can determine what is backscatter
and what gets a nice message.
This seems to me to be the same as moderating the topic, rather than locking it.

Shal


moderated Re: User-friendly message rejection after attempt to post to a locked thread #suggestion

Sarah k Alawami
 

I'm in favor of option 2 personally. I'd rather hold the messages then either reject them all, or maybe let one or 2 through, or not depending on the case.

Sarah Alawami, owner of TFFP. . For more info go to our website.
For stuff we sell, mac training materials and  tutorials go here.
and for hosting options go here
to subscribe to the feed click here

The listen page is found here

Our telegram channel is also a good place for an announce only in regard to podcasts, contests, etc.

Finally, to become a patron and help support the podcast go here

On 22 Apr 2019, at 16:09, Glenn Glazer wrote:

So, I am also in the camp of making the message more human friendly. I understand HTTP status codes and so on, but only a tiny fraction of my group members do and they find the bounce message frightening, as Mark noted. 

I have two alternatives to suggest:

  1. As a slight modification to the alternative Mark describes, if a message is from member in group, send back new email with nice message, else drop on the floor. 
  2. Have an option that messages that go to locked threads go to a moderation queue and the humans can determine what is backscatter and what gets a nice message.

I realize that 1. risks backscatter, but until there is evidence of such, there is no way to evaluate that risk and it just may be a case of being too timorous.

A bonus to 2. is that each group could design its own lock message as a preference.

Best,

Glenn

6921 - 6940 of 27798