|
Regarding 2FA, I do hear what you are saying. We are all in IT here and we do understand the issues, only those who don't would find it annoying.
If 2FA was opt-in, it would not be a huge inconvenience. I use 2FA whenever possible. I am not sure how long the CP token is set for, however, once I am logged in, it is very rare that I need to again.
In my second post I mentioned maybe if an account is inactive for a period of time, say 3 or 6 months, chances are they're rarely going to come back and log on, so do a re-verification email before full sign in. That way, the 99.9999% of users are not inconvenienced.
Graeme
"I fear not the man who has practiced ten thousand kicks one time, but I fear the man that has practiced one kick ten thousand times!" - Bruce Lee
|
|
|
|
|
I think I was thinking about this from the point of view of 'someone loses control of their email account', such as someone using a old hotmail account that they let lapse and then someone else takes it up, starts getting email notifications or whatever, and takes over.
From the point of someone having their password compromised that's a different story. In that case the re-validation (a nice idea) may not help since it provides a window of 3months for the perp to do as they wish.
Validating when signing onto a new device would be key here: On first login, after creating a new account, it's not needed since they just created the account. Maybe, as an option, each time you login via a different IP then your device (via cookie) gets validated via email.
That would need to be optional, I think, because you could be on a device where you just want to post but don't want to be signing in on your email account (eg shared computer). Authenticator app or SMS would help, but that's a bigger project. And then, if it's optional, then probably no something used by those most at risk of compromise.
IT all comes down to: how big a problem is this really?
cheers
Chris Maunder
|
|
|
|
|
The "from a different IP" bit would piss off those of us with dynamic IP home connections (which I suspect is more than a few). I've had about 4 different IPv4s so far this year. (Just don't ask about the pseudo-random dynamic stuff at the end of an IPv6 concocted by the ISP!)
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
Not to forget Smart phone at home in WiFi or on the way with normal data, then the PC...
M.D.V. 
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Sounds like time for Code Project identity services. That would be a fun project.
|
|
|
|
|
We actually have that, but it's for the API and it's old and it's a little overengineered while, at the same time, not being what we actually want.
So...fun. Yes. That's a word for it 
cheers
Chris Maunder
|
|
|
|
|
Writing my own identity provider has long seemed like an interesting mental challenge. It would be fun to tackle at some point.
|
|
|
|
|
You have such a different definition of fun than I do.
To me it's like painting a huge target on your back and calling out to everyone to line up and have a crack. It's terrifying.
cheers
Chris Maunder
|
|
|
|
|
Chris Maunder wrote: You have such a different definition of fun than I do.
You should see what I'm working on right now. For the last couple of months, I've been working on my most ambitious article set.
|
|
|
|
|
I'm scared.
cheers
Chris Maunder
|
|
|
|
|
So, the technologies I am using are:
- AWS services (using localstack to allow people to try this at home)
- Terraform (giving me a bit of IaC for AWS)
- Blazor WASM
- .NET 7
Is that too much? Are you going to be okay with articles that link out to localstack? There is a forever-free version so it shouldn't cost anybody anything.
|
|
|
|
|
If it's a tool or service an average developer in the space has access to in their day to day job (and a free tool fits this) then absolutely.
cheers
Chris Maunder
|
|
|
|
|
Thanks mate. It teaches a bit of AWS while it's at it.
|
|
|
|
|
|
Hi,
Survey about the impact (if any) of the deluge of hoop-la, hype, innovation, utilization, usefulness, etc. about Chat/ML/LLM/GPT/et. al. has on CP, and the extent CP coders/mavens/gurus/QA-punters, etc. are using or experimenting with these tools.
Ideas for survey ?
1) do you use Chat-whatever now ?
2) if you use: rank the utility of Chat for you.
3) is it possible former CP QA-clients are using Chat whatever, and CP QA queries are less frequent ?
4) impact of all this Chat/Co-Pilot stuff on developers/IDE's.
and, so forth ... in other words help skeptical and confused bill (off-line technically a few months), and, others, get a grip on what appears to be a pandemic of unknown structure, of unpredictable potency and/or with unpredictable risks/benefits.
thanks, bill
there is no answer
to the question you can't ask
the nearest mirror
... attributed to bill in one of his frequent, recent, haiku-precipitating, travels in the zone between half-asleep/half-awake, where he struggles to understand if "normal" was insight, or delusion
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
modified 25-May-23 7:50am.
|
|
|
|
|
I am guessing their account was terminated?
And then posts were deleted?
Member Profile[^]
I does however leave my posts looking a bit odd. Looks like I am having a conversation with myself (the thread chain) but not doing a good job of it.
Re: Does D correctly simulated by H terminate normally? - Algorithms Discussion Boards[^]
Although to be fair not really sure what should happen then. If you delete my posts then it leaves me wondering what happened.
Perhaps leave their posts but add a 'Beware of idiot' sign (or maybe something more diplomatic)?
|
|
|
|
|
See the thread two below: Bugs and Suggestions[^]
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Hello and Thanks,
i got a bug by installing:
failed to register layer: ApplyLayer exit status 1 stdout: stderr: unlinkat /usr/lib/python3/dist-packages/zipp-1.0.0.egg-info: invalid argument
Can anyone help me ? I got the error in debian (aktual version) and in docker (aktual version).
I run it in a proxmox ct.
Thanks
Bernd
|
|
|
|
|
|
|
See the fairly long thread directly below your after OG's post. After a user's account was closed by the community, Sean deleted its posts, so the replies to it no longer have a parent.
|
|
|
|
|
The user still has an active account, so he most likely deleted the original post. Alternatively, if enough members flagged it as spam ...
|
|
|
|
|
Chris, I don't know how your ads are selected, but this one might be inappropriate in some places: 
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
[edited after replying to the wrong post]
The ads are probably personalized, so where in blazes have you been surfing? 
|
|
|
|
|
Dunno - I normally get computer related ones. I don't think any of those costumes would fit me. IIRC there is normally a filter on the ads to make sure they are appropriate?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
