Date   

moderated Re: Capability to add PDFs or documents #suggestion

Frances
 

I would be happy with uploading a PDF to Files and then linking to the specific file in the wiki using the Link Tool. Whatever works! I just would like a user to go to a wiki page and find everything on that page or on a link from that page.

As for examples of adding a PDF to a wiki - a Google search adding a pdf to a wiki retrieved several. National Cancer Institute wiki. MediaWiki. Wikipedia!

Wikipedia:Creation_and_usage_of_media_files

It says that "As of March 2012, the following file types may be uploaded: png, gif, jpg/jpeg, xcf, pdf, mid, ogg/ogv/oga, svg, djvu. All others are prohibited for security reasons, and pdf and djvu are intended primarily for projects like Wikisource."

Frances


moderated Re: Regarding emailed login links

 

Hi Dano,

On Wed, May 3, 2017 at 11:30 PM, D R Stinson <dano@...> wrote:

I just lost a group member. This is most frustrating for me because he made the transition to the new group fine and was getting messages by email. Unfortunately, he was never able to get logged in to the web page and finally gave up in frustration and quit. I had worked with him quite a bit and provided him with the detailed procedure that follows this message.

Can you send me his email address off-list? If the logs haven't rotated out, I can look up his interactions and see what happened.
 
In exchanges with him he indicated that all his attempts at clicking on the link in the email took him to "the page with elephants", which suggests to me that the messages were timing out for him.

What could also be the case is that he has cookies disabled. In which case he'd never be able to log in.

 
This happened repeatedly for him. Is there a way that half hour could be extended to a "Cinderella hour" for members who have problems?

I've bumped the expiration to an hour.

 
Alternately, for premium groups, could there be a way that owners could send (or have sent) a message with a temporary password directly to a member having problems, which they would then have to change upon their first login? These members would have to be fully moderated until we knew they were okay, but it might be a way around the problem that drove my member away.

I can definitely consider something like that. But I'd first like to find out why your member had problems.

Thanks,
Mark 


moderated Re: Google Docs invite phishing attack

 

On Thu, May 4, 2017 at 12:22 AM, Shal Farley <shals2nd@...> wrote:

The second factor is only required the first time you access Groups.io from a given browser/device -- not on every sign-in.

Slight addition. The login cookie expires every 30 days, which means you have to go through the entire login process every 30 days.

Still, it's a good idea to add it if you can.

Thanks,
Mark 


moderated ability to display members list ordered by posting status #suggestion

 

I sometimes wish I could easily see all the members who are on NuM, or on Mod, etc. It would be nice, if feasible, to make that a separate, sortable column in the members list (like display name, delivery method, etc.).
--
J

Messages are the sole opinion of the author. Especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated Re: Google Docs invite phishing attack

Brian Vogel <britechguy@...>
 

I guess it really depends on how you interact with cyberspace in general. I use Google Docs extensively, but were I to receive an invitation "out of the blue" from someone I didn't know it would be instant "electronic round file." I make it a point to let anyone that I will be sending an invitation to (which virtually never happens, I just make most things shareable to the world and send a link) that it will be forthcoming and expect the same. For myself, two-factor authentication is gross overkill and I don't use it and have no intention of doing so. Most vulnerabilities are the direct result of inadequate reflection on the part of the user before they take an action.


moderated Re: Google Docs invite phishing attack

 

Dave,

For those of us who don't spend all their time staring at their smart
phones it is far from convenient. My PAYG mobile is only turned on if
and when I need to use it, very rarely, so I won't be enabling two
factor here.
The second factor is only required the first time you access Groups.io from a given browser/device -- not on every sign-in. This makes it far less arduous than you're imagining. It primarily happens when you bring up a new device/machine or install a new browser (or use someone else's computer). Unless you routinely use public computers or for other reasons frequently flush your browser's memory.

I don't use Google Docs either - so any email I receive about that
would be instantly known to be spam.
You don't have to be a Google Docs user to know someone who might want to share a file with you.

Shal
https://groups.io/g/Group_Help
https://groups.io/g/GroupManagersForum


moderated Regarding emailed login links

 

On 9/27/2016 at 10:33:57 AM, Mark posted:

I just made a change to emailed login links. Before, the link would expire after the first time it was clicked, or 30 minutes, whichever came first. But there are anti-spam systems that automatically click on every link in an email, and there's no way to distinguish those clicks from real clicks. People protected by these systems cannot use the email me a login link functionality (and get frustrated when they try). So I've changed it so that the links are active for 30 minutes regardless of how many times they're clicked.

I don't think this creates much more of a security issue. Please let me know if you disagree of have other suggestions.
I just lost a group member. This is most frustrating for me because he made the transition to the new group fine and was getting messages by email. Unfortunately, he was never able to get logged in to the web page and finally gave up in frustration and quit. I had worked with him quite a bit and provided him with the detailed procedure that follows this message.

In exchanges with him he indicated that all his attempts at clicking on the link in the email took him to "the page with elephants", which suggests to me that the messages were timing out for him. This happened repeatedly for him. Is there a way that half hour could be extended to a "Cinderella hour" for members who have problems?

Alternately, for premium groups, could there be a way that owners could send (or have sent) a message with a temporary password directly to a member having problems, which they would then have to change upon their first login? These members would have to be fully moderated until we knew they were okay, but it might be a way around the problem that drove my member away.

Dano

--------------
Signing onto the web page for the first time
1) Go to https://groups.io
2) Click on the blue ''Log in'' box in the upper right.
3) Enter your email address in the ''Email Address'' box. *** DO NOT enter any password!! ***
4) Click on "Forget your password?" under it.
=[ The next three steps may or may not occur. If they do, just work through them. If they don't, you'll be taken to step 8). ]=
5) This will open a new window titled ''Send Log In Link''.
6) Enter your email address
7) Click on ''Email link to log in''.
8) That will give you a message that says ''An email has been sent to you with a link to log into your account.''
9) Close the window and groups.io.
10) Check your email right away. Within about five minutes or so you should get a message titled ''Link to log into Groups.io''. If you don't find it after 10 minutes, check your spam filter.
11) Open the message and click on the link. NOTE: The link is only good for a half hour. If you get the message but it's been too long and the link has expired you can just start again at 1).
12) The link will take you to your subscriptions page at groups.io. Now you are into the website and there's not a need to rush after this.
13) On the same page, near the right end of the blue bar is your username or email address. Click on the down triangle following it.
14) This will open up a menu with your email address, the option ''Account'' and the option ''Logout''.
15) Click on ''Account'', and you will be taken to your master Login page. Your email address will show in the ''Email'' box. Below it is a ''Password'' box. Enter a password of your choice. It must be at least six characters long. Try to make a good password, and WRITE IT DOWN or otherwise remember it.
16) Then click on ''Change Password''. You have now set your password, and you should remain logged in for a number of days unless you log out.
17) If you get logged out later on, you can log in by clicking the ''Log in'' box to the right on the blue bar and putting in your email address and password that you wrote down. If that doesn't work, you can follow this procedure again to log in one more time.


moderated Re: Google Docs invite phishing attack

Dave Sergeant
 

Mark

I appreciate that two factor authentication is seen as a good thing
(although some query whether it is as secure as it is claimed to be).
For those of us who don't spend all their time staring at their smart
phones it is far from convenient. My PAYG mobile is only turned on if
and when I need to use it, very rarely, so I won't be enabling two
factor here.

I don't use Google Docs either - so any email I receive about that
would be instantly known to be spam.

Dave

On 3 May 2017 at 14:14, Mark Fletcher wrote:

As a reminder, and in general, you should turn on two factor
authentication for all your accounts, including your email account and
your Groups.io account.

http://davesergeant.com


moderated Re: Capability to add PDFs or documents #suggestion

 

Dano,

I agree that the ability to add PDF files would be useful. There are
some procedures that might be better and easier shared without the
risk of corruption by passing along as a PDF. I'm ASSuming that these
documents would be somehow checked for malicious links??
It may not be just links.

I think the issue is similar, or identical, to the question of whether a PDF file uploaded to the Files section should be allowed to open within the browser window, or whether the user is forced to download it and open it on their own. Obviously the latter wouldn't be nearly as useful as a page in the wiki.

Opening a user-supplied file within a web page opens up some risks when the file might contains scripts (programs) that could interact with the web site itself. PDF is such a format, so the question is whether the browser's viewer is sufficiently protected against malicious content. In the arms race between functionality and security it is difficult to be certain.

Speaking of "as a page in the wiki", since opening in the browser is currently supported for PDFs in the Files section, I think this would be my suggestion. Make it simple to include in a wiki page a link that refers to a file in the File section. That avoids having a whole separate mechanism for uploading files into the Wiki.

Or perhaps have Link tool in the window offer both choices: browse and link to an existing file, or browse to a File folder then upload and link to a new file in that folder.

Either way, unless some magic were worked, you'd end up looking at a PDF in the browser's viewer, and not surrounded by the usual header, footer, and sidebars that one normally sees on Wiki pages.

Notably I think we're in uncharted territory here. Are there any examples of wiki's that support PDF content in a native way?

Shal
https://groups.io/g/Group_Help
https://groups.io/g/GroupManagersForum


moderated Re: Capability to add PDFs or documents #suggestion

 

I agree that the ability to add PDF files would be useful. There are some procedures that might be better and easier shared without the risk of corruption by passing along as a PDF. I'm ASSuming that these documents would be somehow checked for malicious links??
 
Dano
 
> I work on a Wordpress website and I can add documents. I use Google Document Viewer format so everyone who has access can read it. On the wiki, we can add photos but not a PDF or other document. That would be a great addition. Someday!
>
> Thanks.
> Frances


moderated Re: Google Docs invite phishing attack

 

Mark,

There's a phishing attack going on right now that's apparently fairly
widespread, involving Google Docs invites.
I got it twice today, both times in my remaining Yahoo Groups. One fortunately held pending in a fully moderated group, but the other went through on my (mostly) unmoderated alumni group.

Both with a very odd Received line. My first reaction was that both came through compromised Gmail accounts, but now I'm not sure if the Gmail accounts were actually compromised, or if this represents a kind of spoof that passes authentication tests.

X-Received: from 73997885975 named unknown by gmailapi.google.com
with HTTPREST;
The from is of an unfamiliar (to me) form, and access through an api suspicious.

Shal
https://groups.io/g/Group_Help
https://groups.io/g/GroupManagersForum


moderated Re: Premium group badge?

Bob Bellizzi
 


Why not consider adding a buck or two per month to have premium badge.

Bob Bellizzi


moderated Need beta testers for new message editor

 

Hi All,

I posted this yesterday in another thread, but only got one response. I want to switch HTML editors on the website, from summernote to TinyMCE. But I'd like to get some feedback before I throw the switch on the entire website. If you use the website to post new topics or reply to existing topics with the HTML editor, and would be willing to test the new one, please send me off-list the email address of the account to activate. I'd also especially appreciate testers who use screen readers.

Thanks,
Mark


moderated Google Docs invite phishing attack

 

Hi All,

This has nothing to do specifically with Groups.io. There's a phishing attack going on right now that's apparently fairly widespread, involving Google Docs invites. If you receive an unexpected invite to a Google Doc, don't click it, delete it.

As a reminder, and in general, you should turn on two factor authentication for all your accounts, including your email account and your Groups.io account.

Cheers,
Mark


moderated Mail server reverse DNS records

 

Hi All,

In the next day or so, as an anti-spam measure, I will start to block incoming email from servers without reverse DNS records. This should not affect anyone (it's a fairly common practice). If you have a specific email configuration that will be caught by this, please let me know.

Thanks,
Mark


moderated Capability to add PDFs or documents #suggestion

Frances
 

I work on a Wordpress website and I can add documents. I use Google Document Viewer format so everyone who has access can read it. On the wiki, we can add photos but not a PDF or other document. That would be a great addition. Someday!

Thanks.

Frances


moderated Re: Premium group badge?

 

On Wed, May 3, 2017 at 04:36 am, Duane wrote:
you could make the badge (or whatever notification is used) optional

I thought about suggesting that, but I'm not sure the badge would have any meaning if not used consistently. I don't know.

I had an idea that I would be happy with personally, but don't think it would fly since groups.io is a for-profit (or eventually for-profit;) business: the badge might say "This group contributes to groups.io" or something along those lines.  
--
J

Messages are the sole opinion of the author. Especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated Re: Premium group badge?

Duane
 

While all of my groups are currently basic, I can see where some owners might appreciate a little extra visibility for premium. If it wouldn't be too much extra work, you could make the badge (or whatever notification is used) optional for those that would want to use it.

Duane


moderated Re: Premium group badge?

 

On Tue, May 2, 2017 at 08:20 pm, D R Stinson wrote:
I think if Mark comes up with a system whereby people could contribute to the ongoing costs of the group, I would want it to be voluntary, with my own account as responsible if the donations dried up.

That's the only way our group would even consider asking members for donations.

I vacillate between thinking it would be okay and thinking it would be an embarrassment.

That expresses my feeling, too.

 Some people might be suspicious of it

Agree there, too. My group is a volunteer group dedicated to helping cats and their owners. I think if people started to get a whiff that there is money involved somehow, even though it's only through altruism on the part of the owner, some of them might not like it. They would not necessarily realize that I am doing it only to make my own life as the group owner easier, and because there was the opportunity to take advantage of the lower grandfathered-in rate. And explaining that stuff is the last thing I want to have to do. I don't even want to highlight the fact that we've gone premium, let alone post a lot of explanations about why. "Why haven't the *other* cats groups gone premium?" (some members of many cats groups might wonder). "What's so special about this group?" (or "what do they THINK is so special about them?") etc. OTOH maybe I'm just being paranoid.


I vacillate between thinking it would be okay and thinking it would be an embarrassment.

Me too.

The only possible advantage I can relate to is the idea that the owner has made some sort of commitment to the group and isn't going to disappear, as suggested in the prior post.  
--
J

Messages are the sole opinion of the author. Especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated Re: Premium group badge?

 

> I hope people answering in this thread will say whether or not they
> have a premium/enterprise vs basic group. My group is now premium
> but I am ambivalent about making the distinction visible. (Literally
> ambivalent. I go back and forth on it. Just curious, when people
> answer here, which side of this they're coming from.) Thanks.
> --
> J
 
Like J, I'm ambivalent about the idea. I have two groups that I took premium, mostly for the additional moderator's capabilities. I have another coming over, and am shepherding a couple more, but they will stay as basic groups. As for funding, we discussed it on the group and it drew interesting comments. A few wanted to contribute, but I know that others would be pushed away by any such requirement. I think if Mark comes up with a system whereby people could contribute to the ongoing costs of the group, I would want it to be voluntary, with my own account as responsible if the donations dried up.
 
I'm not certain that a badge of any kind would be terribly useful. Some people might be suspicious of it, and others might find it draws unnecessary attention. Maybe if it was just something simple on the group home page it would be okay. As JohnF suggested, it might reflect that the owner is more dedicated or perhaps better cared for.
 
I don't know. I vacillate between thinking it would be okay and thinking it would be an embarrassment. The group is really the people in it, not the owner. In a really good group, I think the owner is more like the head janitor, taking care of problems behind the scenes. My feeling is the most successful owners are the least visible. Perhaps such a badge could reflect those groups that someone found exceptional enough to put resources toward to protect.
 
Dano

14861 - 14880 of 28342