|
There's pixels, and then there's pixels 
I have some CodeProject.AI releases to do today, then some CodeProject updates, and I'll try and find the gaff tape and string to fix the layout for you while I do that.
cheers
Chris Maunder
|
|
|
|
|
Yeah, these are little teeny tiny Chinese pixels. 
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Done, and I'll try and get the fix deployed soon.
cheers
Chris Maunder
modified 24-Jul-23 11:35am.
|
|
|
|
|
From the CodeProject email newsletter today.
The little added blurb/comment on the second line - congrats - I laughed out loud at that.
Engineer’s new no-code programming language uses visual diagrams
*No one* has ever tried that one before
Source: The New Stack
https:
Keep those little blurbs coming. I think they are great.
|
|
|
|
|
Anyone else getting whacked with excessive identical emails for today's 'The Daily Build'? 38 so far and counting...
-Sean
----
Fire Nuts
|
|
|
|
|
My bad. I introduce a fail/retry condition in the mail sender.
It's fixed now.
"Mistakes are prevented by Experience. Experience is gained by making mistakes."
|
|
|
|
|
Guess some spam was posted on this thread recently and was taken care of. That's why no recent activity can be seen except mine.
But I thought this is worth reporting in that's not the case.
modified 21-Jun-23 6:06am.
|
|
|
|
|
It is valid. Someone posted a reply a few hours ago.
"Mistakes are prevented by Experience. Experience is gained by making mistakes."
|
|
|
|
|
Yes - GKP1922 did. 
I think the issue was that it appeared in the discussions list before that reply was posted. Possibly due to a moderated spam message?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Or possibly the disembodied spirits of ancient hamsters.
|
|
|
|
|
|
on the (aptly named thread) Beyond strange[^]
Marc's reply seems to be to a now deleted message?
The author of the message is still an active account so it's not the account that got deleted (Slacker007 - Professional Profile[^])
Maybe the message itself got deleted?
It makes the thread look a bit weird.
Probably related (or equal? ) to this: Bugs and Suggestions[^]
Tom
|
|
|
|
|
I deleted the message/post.
This is a known bug and it has not been fixed. It has been a bug for a very long time now.
When someone or process deletes a parent/top level message, the child/related messages don't get deleted - they become non-sensical orphan records in the thread.
|
|
|
|
|
Keeping the thread as is and deleting just the content could solve this.
|
|
|
|
|
There appears to be some accounts of late that may have been hacked. Have you thought about adding 2FA support for sign in? If 2FA was compulsory, it may greatly reduce the number of spam accounts, depending on the implementation used.
Graeme
"I fear not the man who has practiced ten thousand kicks one time, but I fear the man that has practiced one kick ten thousand times!" - Bruce Lee
|
|
|
|
|
Adding 2FA support is a good idea, but it wouldn't help with the old dormant accounts which are being hacked (or sold).
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Yes if they can't post actively until 2FA is done on both, registration email and the selected 2FA mode
M.D.V. 
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
You can't enforce 2FA on existing accounts without allowing them to set it up the next time they log in.
If the account has been stolen, then the person who stole it will set up 2FA the next time they log in.
All that will achieve is to make it harder for the real account owner to recover their account. It won't stop the thief from using it to post spam (at least until it gets clobbered). 
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
A good understanding of the Perverse incentive - Wikipedia AKA the Cobra effect.
"Mistakes are prevented by Experience. Experience is gained by making mistakes."
|
|
|
|
|
Agreed. It would take time to implement. It could require a re-verification email for accounts that have been inactive for a period of time, say 3 or 6 months of inactivity. That way, if hacked, the hacker won't get the re-verification email and remain locked out.
Graeme
"I fear not the man who has practiced ten thousand kicks one time, but I fear the man that has practiced one kick ten thousand times!" - Bruce Lee
|
|
|
|
|
You're assuming the hacker won't have changed the email on the account to one they control. And that they didn't originally hack the account by gaining control of the email address used to sign up.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
That would be the minority, not the majority of inactive accounts.
Graeme
"I fear not the man who has practiced ten thousand kicks one time, but I fear the man that has practiced one kick ten thousand times!" - Bruce Lee
|
|
|
|
|
Unfortunately this places an extra burden of inconvenience on the 99.999+% of accounts that are fine for a few accounts that have been compromised.
Is the goal to stop accounts being hijacked, or stop spammers? If it's the latter, that where spam detection comes in. For the former, it would be far better if we can detect unusual usage, and then alert the owner of the account. Doing that requires a phone or second email address, which would probably be the first thing changed if someone took over an account.
This is a tough one: I wish everything were totally 100% locked down and safe. That's eluded the entire IT community for 60 years. All we can do is make it more and more inconvenient until we hit the balance of point of (inconvenience for the majority) == (value in protecting the minority)
cheers
Chris Maunder
|
|
|
|
|
Regarding 2FA, I do hear what you are saying. We are all in IT here and we do understand the issues, only those who don't would find it annoying.
If 2FA was opt-in, it would not be a huge inconvenience. I use 2FA whenever possible. I am not sure how long the CP token is set for, however, once I am logged in, it is very rare that I need to again.
In my second post I mentioned maybe if an account is inactive for a period of time, say 3 or 6 months, chances are they're rarely going to come back and log on, so do a re-verification email before full sign in. That way, the 99.9999% of users are not inconvenienced.
Graeme
"I fear not the man who has practiced ten thousand kicks one time, but I fear the man that has practiced one kick ten thousand times!" - Bruce Lee
|
|
|
|
|
I think I was thinking about this from the point of view of 'someone loses control of their email account', such as someone using a old hotmail account that they let lapse and then someone else takes it up, starts getting email notifications or whatever, and takes over.
From the point of someone having their password compromised that's a different story. In that case the re-validation (a nice idea) may not help since it provides a window of 3months for the perp to do as they wish.
Validating when signing onto a new device would be key here: On first login, after creating a new account, it's not needed since they just created the account. Maybe, as an option, each time you login via a different IP then your device (via cookie) gets validated via email.
That would need to be optional, I think, because you could be on a device where you just want to post but don't want to be signing in on your email account (eg shared computer). Authenticator app or SMS would help, but that's a bigger project. And then, if it's optional, then probably no something used by those most at risk of compromise.
IT all comes down to: how big a problem is this really?
cheers
Chris Maunder
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
