|
Ah, right.
It's because the title is over 500 chars long and we reject it. I'll make a change to simply trim it.
[Edit: fixed, but still in the deploy queue]
cheers
Chris Maunder
modified 17-Apr-18 16:31pm.
|
|
|
|
|
How do I report a site security bug privately?
|
|
|
|
|
Email: webmaster[at]codeproject.com
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Chris,
As a suggestion for your Posting questions anonymously[^] feature...
I would like to contact a specific member because his experience and expertise and in a single field. It's an extremely low level hard drive firmware question and could be covered by NDA at his past/present employers. So his answer may be that he cannot help/disclose the information. I'd rather that the exchange not be publicly posted. However I don't have anything to hide... it's just that I'd rather the exchange remain semi-confidential.
Here is an example that I don't mind disclosing:
I am currently analyzing a rootkit that implements persistence in a unique way. It basically marks the last sector of the Windows BOOT partition as bad (which happens to be a deterministic location for winre.wim) and it relies on the hard drive firmware to reallocate a sector from the reserved area to 'patch' the Winre.wim (Windows Recovery Environment[^]) file. One of our regulars has experience with hard-drive firmware and could possibly answer some of my questions about sector reallocation.
I'd rather that these types of questions and answers are not public. But I'd also like to perform the information exchange right here on codeproject. Have you considered adding a 'Targeted Question' feature? Also perhaps allowing some questions/answers to be marked as non-public maybe 'Private Messages' or 'Private Questions'?
I anticipate that you may answer 'Just click email' in his profile. However many members here have their work e-mail associated with their account. As you probably know... most employees cannot answer questions using their work e-mail address.
Your thoughts?
Best Wishes,
-David Delaune
|
|
|
|
|
Questions aren't anonymous anymore I don't think. Just click the guy's email in his profile.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Your question seems to ask if there is a way of circumventing an NDA. I would ask is it an NDA or not?
In your example I can't see why an NDA would apply.
Other than that you seem to have a desire to have a secret technical conversation for reasons not clear to me. This is not my understanding of the purpose of this site.
One should also remember that on the Internet not much is truly secret.
Peter Wasser
"The whole problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts." - Bertrand Russell
|
|
|
|
|
pwasser wrote: Your question seems to ask if there is a way of circumventing an NDA.
Not at all.
I am basically asking if Codeproject would be interested in developing something similar to what Stackoverflow done back in July:
Channels: Private Q&A for Your Team[^]
A more formal and private area would allow members to disclose their employer and perhaps contact information and project details. Yes, it may even allow members to discuss technical details under NDA in a private area.
I guess Chris had a similar idea way back when he did the last site redesign because there is already a 'Group'[^] implementation.
But I don't think the current implementation allows groups/teams/individuals to collaborate privately between multiple groups.
Best Wishes,
-David Delaune
|
|
|
|
|
It seems clear that the SA Channel is meant for sharing information within a team under the same NDA. As an aside that does not seem too safe to me and I can't imagine any organization I've been involved with agreeing to that. However that is not what you are proposing.
Peter Wasser
"The whole problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts." - Bertrand Russell
|
|
|
|
|
pwasser wrote: It seems clear that the SA Channel is meant for sharing information within a team under the same NDA.
I have absolutely no idea why you keep focusing on the word 'NDA' which has very little to do with my suggestion. It was a single use-case scenario for contacting/collaborating with other site members privately.
Best Wishes,
-David Delaune
|
|
|
|
|
Interesting.
If someone has their work email associated with their account, and that email isn't always under their control (eg they leave) and we have a private conversation viewable only by the participants, and the purpose is to have a discussion that the person probably can't have using their work email, then the purpose is defeated because if the person leaves and their IT dept now has their email then the IT dept can now log in as them and recover the full conversation.
I would suggest that a private email be sent with your contact details in it so the person can contact you from their private email address and have the conversation outside of their account.
cheers
Chris Maunder
|
|
|
|
|
Well,
I guess I should have phrased the original post differently. It seems everyone keeps getting stuck on NDA and 'conversations you shouldn't be having'. But it has nothing to do with either.
Working at 'One of the Big 5' basically means that you cannot have ANY technical conversation outside of the company using your work e-mail address. Even if that e-mail contains basic instructions on how to use printf().
I am basically asking if you have ever considered implementing private messages or targeted questions for a specific user?
Best Wishes,
-David Delaune
Edit:
Let me put it another way... I have friends at Google, NVIDIA, Intel and a few other companies. But I could *never* contact them using a work e-mail address. Sure we can chat on the phone or use our personal e-mail addresses but would never make direct contact using work e-mails (especially for technical or programming issues)
We do however.... sometimes chat over LinkedIn messenger... I am asking if you have ever considered doing something like this on codeproject.
|
|
|
|
|
So even the initial outreach from you to them (assuming both you and them are signed into CodeProject with work addresses) would be a Bad Thing. Gotcha.
Short answer is: no, we don't have plans at the moment to offer private chat.
cheers
Chris Maunder
|
|
|
|
|
Would you consider suppressing avatar display along with home page stuff for under-repped members? Another discouraging nudge to spammers.
Cheers,
Peter
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
It starts to make it way too exclusive then. You're taking the fun away from 99.9% of users for a few who abuse.
I'd rather just focus on removing the abusers. I know it's harder, but it's better for the majority of those who are good.
cheers
Chris Maunder
|
|
|
|
|
Maybe I didn't express myself very well. I meant that you could apply the same "minimum rep" qualification to displaying avatars as you currently do for home page content. I would have thought that the vast majority of non-spammers would qualify pretty quickly.
Cheers,
Peter
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
I did understand what you meant, I'm just hesitant to penalise further those that are doing the right thing because a few miscreants abuse the system.
cheers
Chris Maunder
|
|
|
|
|
Personally I'm using the avatar as an extra indicator as to whether an account in the spam queue is a spammer or not.
|
|
|
|
|
There used to be a good rule on the codeproject that when someone gives an article rating less than 4 some verbal explanation is necessary. Why am I getting ones and twos without any explanation? How can I improve my article without knowing what the person was upset about?
In particular I talk about a recent 2 I got for Software Design Principles and Patterns in Pictures[^].
BTW the rating is clearly outside of the variance interval, yet it influenced the article's average (also something new).
Thanks
Nick Polyak
|
|
|
|
|
I can understand your Frustration.
On the other side what will it help you if a (mandatory) comment for a low vote will be "asdflkjh"?
What I hink to see is, that the "2" comes from a higher rep mem. Maybe one should force mandatory comment for them
It does not solve my Problem, but it answers my question
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Hey
If someone puts "asdflkjh" as an explanation at least everyone would see that he is either a spammer or a malicious joker. After several "asdflkjh" such account can be forbidden.
Based on the negative score for the '2' the guy who gave it to me had a Golden level!. People with golden level should be a bit more responsible.
Thanks
Nick Polyak
|
|
|
|
|
Quote: After several "asdflkjh" such account can be forbidden
That makes sense.
Quote: People with golden level should be a bit more responsible
Yep, that's why they should be forced to give a comment, because their votes Count more.
Anyway a difficult matter, and more or less it works at the Moment not that bad.
[Edit]
For me it would also be ok, that one can see who voted how. But I see also the fights starting then with this Information...
[/Edit]
It does not solve my Problem, but it answers my question
modified 19-Jan-21 21:04pm.
|
|
|
|
|
The only value of a down vote is that it shows that something is wrong with the article to both the author and the readers. Without an explanation it is absolutely pointless.
Nick Polyak
|
|
|
|
|
You have 14 x 5, 1 x 4 and 1 x 2, so most people think it's a good article. The 4 vote is most likely by someone who still thought it was a good article. The 2 you can ignore, either a mistake, or someone whose opinion is not worth worrying about.
|
|
|
|
|
that's true, but still some explanation would be good. Also, until yesterday - such outlier vote would not be part of the average, while today it is part of it. Something changed in the algorithm.
Nick Polyak
|
|
|
|
|
Forget about it, it is just something that happens on the internet. Not everyone who comes here is serious about software development.
|
|
|
|