Date   

moderated Re: Limit Number of Unsuccessful Logins #suggestion

Rick Smith
 

If there’s to be a hard limit on attempts, I’d recommend something between 10 and 20. If it’s lower, it penalizes those who rarely log in but actually try to remember a password for this particular site.

NIST’s latest password recommendation is a bit more sophisticated: no hard limit on attempts, but the account suffers an increasing delay between logins.

FWIW I wrote a book on this 20 years ago, and my cybersecurity textbook is in its 3rd edition. This doesn’t guarantee I’m right, but I’ve dealt with this question a bit.

Rick Smith.


moderated Re: Limit Number of Unsuccessful Logins #suggestion

Mike Hanauer
 

So glad to hear there is a limit. Should it be lowered? Since I never reached it, my guess is yes. 

Consider Better, not Bigger. So many advantages. Just ask. USA adds a Chicago to our overpop each year.
"Still more population growth is not our way to a healthy community, a healthy planet, OR enjoyable cycling."

    ~Mike


On Saturday, March 20, 2021, 06:19:45 PM EDT, Mark Fletcher <markf@corp.groups.io> wrote:


On Sat, Mar 20, 2021 at 3:15 PM Mike Hanauer via groups.io <MGHanauer=yahoo.com@groups.io> wrote:
It appears to me that groups.io has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

We do indeed have a rate limiter on login requests. I won't say what the current limit is, but perhaps I should lower it.

Mark


moderated Re: Limit Number of Unsuccessful Logins #suggestion

 

On Sat, Mar 20, 2021 at 3:15 PM Mike Hanauer via groups.io <MGHanauer=yahoo.com@groups.io> wrote:
It appears to me that groups.io has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

We do indeed have a rate limiter on login requests. I won't say what the current limit is, but perhaps I should lower it.

Mark


moderated Limit Number of Unsuccessful Logins #suggestion

Mike Hanauer
 

It appears to me that groups.io has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

If true, I would suggest a limit of 4 or 5. After that, perhaps validate via an email or some other method.

AllTheBest.


moderated Re: File & Photo (etc) Notices #bug

 

I noticed this same issue awhile ago and may have posted about it, but eventually gave up on it.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated File & Photo (etc) Notices #bug

Chris Jones
 

In doing a search before composing this message I found this point in Message #25397: Given that these new ones aren't intended to be used by members... which makes sense and is what I would expect to be the case.

Earlier today I spotted (in a group that I don't moderate) that a member had used #photo-notice to announce a photo that he had embedded in his post. To the best of my knowledge that group has no representation either here or on GMF so when these notices were introduced they will have just "happened" without anyone necessarily noticing anything particularly different. A bit more investigation found that the -notice hastags were all available in the drop - down list of hashtags that members can use, and of course they would also be available to anyone who added one to an email posting. 

IMHO this is wrong; what is really a system hashtag should not be accessible for members to use right from the outset. Is there any way in which these notices can be configured at source to prevent their use in members' routine posts? And if so, is there any way of enacting it retrospectively?

In the group I moderate I set these hashtags to moderators only because the list of tags available to members has been deliberately kept very short and simple.

Chris


moderated Re: Several FILES improvements #suggestion

Chris Jones
 

On Sat, Mar 20, 2021 at 04:25 AM, KWKloeber wrote:
After your suggestion that it might be over limit (not locked by MOD)  I checked and it wasn't -- as I said just over 1MB storage was used.
Ah... thanks for that.

You didn't comment on my earlier I think some clarification is called for. You said "main page"; did you mean Home Page? I ask because I cannot find any group where that particular bit of information is provided on the Home Page...

It crossed my mind that you might have been interpreting All members can post to the Group as including "members can upload File & Photos", which it doesn't

Have you been able to check whether the group in question really does allow members to upload files and photos?

Chris


moderated Re: Issues over non group member joining sub-group directly #bug

Andy Wedge
 

On Fri, Mar 19, 2021 at 08:38 PM, Jeremy H wrote:
Similarly, when a member leaves a main group, they also should be going through a process of leaving any sub-groups they are members of (including appropriate notifications). What actually happens is that they just disappear from the sub-group, without any notification e-mail or activity log entry.
Agreed. If a member is removed from a main group for having a message marked as spam, an activity log entry is generated as expected and a notification is sent to the owner/mod. However nothing shows in the Activity Log for any subgroups they belonged to when they are removed from there. 

If they resume their membership, an Activity Log entry and owner/mod notification are generated for the main and subgroups. So it leaves the Activity Logs for the subgroups showing only half the story.

Andy


moderated Re: Several FILES improvements #suggestion

KWKloeber
 

Chris:

You said:
"Your conclusion may be incorrect; it may be that the group in question has reached the limit of its storage allowance in which case further uploads are not allowed".

I said:
"I could have been misinterpreting it (but I just checked and wasn’t - whew."
After your suggestion that it might be over limit (not locked by MOD)  I checked and it wasn't -- as I said just over 1MB storage was used.

-ken


moderated Site updates #changelog

 

Changes to the site this week:

March 19, 2021:

  • DOCS: Updates from Nina.
  • NEW: You can now specify an event either on the last day of a month, or the last day of week of the month. Discussion
  • CHANGE: In the Create/Edit hashtag page, indent Lock Topic under Topic Duration and disable it when duration is Forever. Discussion
  • CHANGE: When parsing hashtags from subject lines, include punctuation (except .?!) when parsing them. Discussion

March 18, 2021

  • INTERNAL: Work on internal tools for identifying, monitoring, and disabling spammers.

March 17, 2021

  • BUGFIX: Publicly was misspelled in the create subgroup page. Discussion

March 16, 2021

  • BUGFIX: For hashtags that are set as moderated as well as Use by Mods Only, the Use by Mods Only setting now takes precedent over the moderated setting. Discussion
  • CHANGE: For groups that allow reposting, if the #repost hashtag is set to Use by Mods Only, do not give the user an option to repost if they are not a moderator. Discussion
  • NEW: Include a count of waitlisted people when viewing an event summary. Discussion.

Take care everyone.

Mark


moderated Re: Allow repeating events on last Friday (etc) of the month #suggestion

Andy Wedge
 

On Fri, Mar 19, 2021 at 08:46 PM, Mark Fletcher wrote:
You can now specify an event repeats on the last day of a month or the last [day of week] of the month (or every N months).
 
This was a pretty extensive change. I've tested it, but please let me know if you see anything amiss.
 
Hi Mark,

I'm not sure if this was an existing issue or just introduced.  If you open the event details page to define a new event, click the Event Repeats checkbox to open the Repeats panel and then do a browser refresh (F5), the Repeats panel collapses but the checkbox is still checked. Unchecking the box causes the Repeats Panel to expand - it's working back to front.

Regards
Andy


moderated Re: Allow repeating events on last Friday (etc) of the month #suggestion

Osbert Lancaster
 

That’s brilliant, very much appreciated. Will check it out over the weekend. 

Cheers 

Osbert 


Osbert Lancaster | +44 (0) 7981 528 991
naturalchange.co.uk | realise.earth | fix a mtg with me

On 19 Mar 2021, 20:46 +0000, Mark Fletcher <markf@corp.groups.io>, wrote:
On Fri, Mar 19, 2021 at 6:55 AM Osbert Lancaster <osbert@...> wrote:
Trying to set up a recurring meeting on the last Friday of the month. But the only option seems to be either the fourth or fifth Friday. I don't want the fourth Friday! If I select the fifth Friday, the event is only created when there are five Fridays in the month.

Therefore - a feature request to be able to create repeating events on last (Mon, Fri etc) of the month. 


moderated Re: Allow repeating events on last Friday (etc) of the month #suggestion

 

On Fri, Mar 19, 2021 at 6:55 AM Osbert Lancaster <osbert@...> wrote:
Trying to set up a recurring meeting on the last Friday of the month. But the only option seems to be either the fourth or fifth Friday. I don't want the fourth Friday! If I select the fifth Friday, the event is only created when there are five Fridays in the month.

Therefore - a feature request to be able to create repeating events on last (Mon, Fri etc) of the month. 
_._,_._,_

You can now specify an event repeats on the last day of a month or the last [day of week] of the month (or every N months).

This was a pretty extensive change. I've tested it, but please let me know if you see anything amiss.

Thanks,
Mark 


moderated Issues over non group member joining sub-group directly #bug

Jeremy H
 

When someone who is not a member of a main group joins - or attempts to - a sub-group (directly, with first joining the main group), there are various issues. See also https://groups.io/g/GroupManagersForum/topic/inviting_new_member_to_a/81357919

Bottom line over this issue is that when somebody not a member of a main group wishes to join a sub-group, two seperate processes have to be gone through for that to happen: (1) join main group and (2) join sub-group - both requiring authorisation (explicit or implicit), and visibility (to member and moderator(s)/owner(s)) notifications by e-mail and activity log entries), as specified by settings.

When a non-member applies directly to join a sub-group, by sending an e-mail to Subgroup+subscribe@... , the Main group owner gets an approval request, and if approved, the Main group is joined - with a 'Welcome to Main@...' e-mail. to new member, notification to Main group owner and Main group activity log entry. From the subscribers point of view, the process they have undertaken has failed: they have not joined the Subgroup they asked to, rather the Main group they didn't:  (without any positive indication that they haven't joined the subgroup, or what they need to do to join the subgroup).

If the non-member is invited to join the subgroup (by a subgroup moderator who is not a main group moderator), and accepts that invitation, then they do join the subgroup, with a 'Welcome to Subgroup' e-mail, notification to subgroup moderator, and entry in subgroup activity log. And also they become a member of the Main group, without either any approval by a Main group moderator, or with any notification e-mails (to new member or Main group moderator), or entry in main group activity log. The first they will know is they receive a post from a group (Main) that neither they, nor anyone else, have had any notification of having joined.

Similarly, when a member leaves a main group, they also should be going through a process of leaving any sub-groups they are members of (including appropriate notifications). What actually happens is that they just disappear from the sub-group, without any notification e-mail or activity log entry.

Jeremy


moderated Re: Stricter treatment of invalid hashtags #bug

Peter Cook
 

Thanks, Mark!

pete


moderated Re: Hide Locked topics #suggestion

 

George

As it currently stands, you'll need to complain to the group owner(s) to try to get them to reduce the number.
I'd also recommend having a look at the stickies, it could be that they all or some of them be combined so the number of them gets reduced, and if yes, suggest that to the admins when you contact them.
 
Cheers,
Christos


moderated Re: On hashtag definition screen, make Lock Topic subordinate to Topic Duration #suggestion

 

On Thu, Mar 11, 2021 at 7:35 AM Andy Wedge <andy_wedge@...> wrote:
Hi Mark,

To avoid confusion between Lock Topic and Locked on the hashtag definition screen, can we make the Lock Topic checkbox subordinate to the Topic Duration and only active when the Duration is something other than Forever?

Done.

Thanks,
Mark 


moderated Re: Stricter treatment of invalid hashtags #bug

 

On Thu, Mar 11, 2021 at 4:38 PM Peter Cook <peterscottcook@...> wrote:

I'd like to see stricter rules so that any string in the subject line beginning with # is seen as an invalid hashtag unless it corresponds precisely to an existing one. So "#FREE:" would be treated as an invalid hashtag just as "#FREEP" would, and the message would be kicked back.

I've changed how we parse hashtags in subject lines so that they now include all punctuation, except periods, question marks, and exclamation points appearing at the end of a hashtag, which are ignored (which is something we've always done).

Please let me know if you have any questions.

Thanks,
Mark


moderated Re: Allow repeating events on last Friday (etc) of the month #suggestion

Andy Wedge
 

On Fri, Mar 19, 2021 at 01:55 PM, Osbert Lancaster wrote:
a feature request to be able to create repeating events on last (Mon, Fri etc) of the month.
As discussed on Group_Help this was also requested last year.

Andy


moderated Allow repeating events on last Friday (etc) of the month #suggestion

Osbert Lancaster
 

Trying to set up a recurring meeting on the last Friday of the month. But the only option seems to be either the fourth or fifth Friday. I don't want the fourth Friday! If I select the fifth Friday, the event is only created when there are five Fridays in the month.

Therefore - a feature request to be able to create repeating events on last (Mon, Fri etc) of the month.

1521 - 1540 of 30081