• Content count

  • Joined

  • Last visited

1 Follower

About Morgin

  • Rank

Recent Profile Visitors

5,797 profile views
  1. To take this a step further, you (used to) be able to actually set this up as a topic multi moderation action - set up a variety of preset messages that makes it easy to edit a post to complete rule enforcement. Someone more familiar with 4 will need to chime in if you could do a multi-moderation to warn a user, edit their post with a preset appended edit, and then lock topic or not.
  2. Just want to bump this one
  3. which holidays? summer holidays? labour day weekend?
  4. I know why you want this, but it's a lost cause. Browsers come with built in tools to grab media from pages. Right click blocking isn't really worth considering in 2016. What you may want to try is finding a way to host/link a high quality version of an image that requires an account to access, and the low res is shown to all.
  5. Anecdotal evidence time (if you had boring work stuff to catch up on, now would be the time!) but my extremely non-techy wife who can't even figure out password managers (no really, lastpass is too complicated so she won't use it) somehow figured out how to enable sms 2fa on her gmail. I was so proud! I agree sms 2fa is pretty ubiquitous, and I think is going to be pretty much be regularly used by mainstream non-power users more often than not the more that people get exposed to it.
  6. Lindy, Hopefully I've posted enough rational stuff in the past that you know I don't tend to complain without having put a modicum of thought into it, but IMO this is an extremely crud position for IPS to take right now :/ I should clarify that's on 2FA not being across the entire platform (and just planned for ACP), as well as the idea that password policies are relevant or helpful in 2016 as a standalone solution. Also, for what its worth, yes having 2FA would have helped even if the moderator has a weak password, because the unauthorized user could not have got in without physical access to the moderator's token (be it on a phone, or delivered via SMS, or usb token, whatever). That would have prevented the unauthorized user from having access to mod tools, which would have prevented the data loss, which is what prompted the initial query. Almost every major platform that I use, aside from IPS, has a 2FA option or is implementing 2FA for users, and a lot are pushing it as non-optional. We've hit the point where passwords of any level of complexity are simply not enough, and it's really a matter of when (not if) there will be a data leak of some sort when passwords alone are the only lock on the door. You simply can't force moderators to use password managers, and requiring the level of password complexity to make it "uncrackable" also means it's unlikely to be remembered and the avenues for social engineering or someone being sloppy with it written down are higher. This statement "If anything, it reinforces the need for password policies -- something else we have planned" is actually not widely supported in the security community - password policies have not actually shown to have any tangible effect on securing user's accounts. That comes down to two things - platform security, and user account security. We rely on IPS for the former, but we can't do anything about the latter - there is no way even with a password policy that I can enforce a moderator not reusing a password that meets my password policy on another site that it also qualifies for, and that other site (say, linkedin) having a massive data breach and then that mod's account, notwithstanding it met the complex password requires, is ripe for unauthorized access. Google. Apple. Lastpass. Facebook. Valve. Blizzard. Slack. Sparkpost. Linode. Digital Ocean. Rackspace. Amazon. Microsoft. The list of companies that have recognized passwords in 2016 are not a solution in and of themselves (regardless of how complex you require them to be) is growing every day. I think IPS should be on that list. Please rethink this. 2FA isn't a quaint feature request. In 2016, multi-factor authentication as an option for admins should be a requirement for a social platform, and not just to secure the ACP. I know it wasn't intentional, but your reply really makes me uncomfortable in that it seems like you are speaking as if this is a done decision as not being high on the priority list. I'd really love to hear from your security team on this, because I can't believe they would agree this approach makes sense in light of how unreliable single authentication has shown itself to be. And implementing TOTP isn't (in the scheme of things) that difficult.
  7. Is this likely to come before 4.2 do you think? 2FA is starting to become a must have given the number of data dumps that have happened and users simply cant be trusted to not reuse passwords (even moderators).
  8. I know what you are getting at, but spending as much time on my own forum as I do, I often don't want to spend a bunch more here. It's a bit of an uphill battle for IPS to develop a community of people when I'm sure there are people who are like myself who will poke their nose in once in awhile but mostly don't have the time. I'm not as passionate about forum software as some of the people who are regulars on places like adminzone or whatever. I suspect there are a lot of people who use IPS who are like me.
  9. It's a bit of a tough thing though when your customers are all people running active websites that require a fair bit of attention. This is obviously just my opinion, but in my view having spent time at the adminzone forums and on the xenforo forums, you can generally categorize forum admins into two camps - those who are enthusiasts about the actual software (and having a community using it is a bit of a bonus), and those who just want the software to function and devote much more of their energy to their actual community itself. I find there are far more of the former on those sites vs here - not to say IPS isn't used by very smart people who love good software, but moreso that the customer base tends to skew more towards - corporate customers? Not sure if that's the right way to put it. In any event, I absolutely think there are less active IPS enthusiasts here and on other community related websites out there vs those for xenforo or other competitors. People who like to tinker, who are trying every mod under the sun, who just love digging into the nuts and bolts of their software - those people don't gravitate to the IPS forums or IPS (they go to adminzone to extol the virtues of IPS). This software, for better or worse, seems to attract a different type of admin. From the sounds of it, targeting people of my ilk (who have active, stable communities that want first class software but are resistant to changes to their experience, such that I'm very rarely doing any tinkering) has been a great strategy for IPS. I'm glad there is choice because at least for my use case, IPS is a better overall experience for me vs those other options (I came from phpbb which probably biases me against the nuts and bolts crowd a bit). The downside is that these forums are a bit lower traffic than others, and it sometimes it does take longer to get an answer to a generic type question (or maybe not at all). However, look at the flipside of that - if your customer base changes to become overwhelmingly "software enthusiast" driven, it necessarily requires adjustments to development strategies, and I'm not convinced those changes that would result (and which tend to form the basis of 95% of the complaints about IPS over at the adminzone for not being implemented) would result in better software for me or customers like me. So I'll take the good with the bad. At least right now, IPS has unrivaled developer to customer support directly through the ticket system, and on top of that, the developers will generally spend some time on these community forums to just shoot the sh*t which often ends up with them answering stuff even in the peer to peer forums. (Edit: Changing Sh*t to faeces though? Really guys!? )
  10. Yeah. They used to be terrible at this but it has improved dramatically.
  11. Minimalist would be great too. Not minimal contrast, just a very stripped down basic skin with not as much graphical clutter for more professional type communities.
  12. When I click the "My Activity Streams" dropdown, I get a bunch of broken stream links - specifically,,,, and (listed as stream_title_546, stream_title_547, stream_title_548, and stream_title_550. How do I fix this? Also, these are under default streams, not custom streams
  13. The best way to do this is to use a dedicated advertising platform like doubleclick for publishers - It provides the functionality you are looking for in a way that Invision could never support as part of the core (Doubleclick and those of its ilk are an entire platform to do what you want with every conceivable option). It would generate ad code that you insert into your ad slots in IP.Board. The percentage determination for what ads to run is all handled the ad software. Ties into your adsense as well.
  14. Sparkpost runs a support slack that you can join and talk to the devs directly almost 24/7. They are super passionate about e-mail (freakishly so). I got great vibes when talking to them when I switched from Mandrill. I think it's the right choice for your average IPS admin. People who need more than what Sparkpost offers are likely capable of figuring out their own integration it seems.
  15. Why? it's their corporate site. This doesn't really impact the software. They can organize their company site how they see fit - we're probably the worst people to test since we are used to the quirks of old layouts and resistant to change and most the changes seem to be to make all of this more visible for those who are less of power users.