Jump to content
You're invited! Join our 4.6 Live Event on ZOOM 6/24 ×

Community

Mark

+Clients
  • Posts

    36,207
  • Joined

  • Last visited

  • Days Won

    113

Reputation Activity

  1. Like
    Mark reacted to Meddysong in Language strings: differentiating 2nd and 3rd person   
    I love the pluralization feature in IPS. It's easy to work with and does the job very well.
    There is one area that it doesn't currently capture owing to the fact that English doesn't make a visible distinction for whether a person is part of a group or not outside of the pronouns. If pronouns aren't used because the names themselves are presented, then English is easy and the system works. This isn't the case for other languages, however.
    Visualising with pronouns
    Consider reactions and what they would look like if pronouns rather than usernames were used. The language string react_blurb is currently %s {!# [?:reacted]} to this. If the only person who reacted is the user, they would expect to see the message You reacted to this. Which pronoun would be used if the user and somebody else had reacted? In English, it's still you because we don't formally differentiate the second person singular and second person plural: You are a very naughty boy and You are very naughty children use the same pronoun. That's not usually the case in other languages,
    Now remove the user from the equation altogether. If only one person reacted and this person isn't the user, we would expect to see a third person singular pronoun: he, she, it. (Ignore the fact that it isn't currently programatically solvable about which one to use, since in practice we're not using pronouns.) What if more than one person reacted, other than the user? We need to jump to third person plural: they: They reacted to this.
    Changing forms depending on whether the user is included
    The problem is that the current set-up doesn't allow for these distinctions. In English, they don't matter: I reacted, you (singular) reacted, he reacted, she reacted, it reacted, we reacted, you (plural) reacted, they reacted. The string %s can take any form ("You and 1 other", "One person", "You and several others", "Several people but not you") and we can capture that. In other languages we can adjust our language strings for singular or plural but not for inclusivity, the question of whether the user is included in the statement.
    This is important because the form changes depending on the circumstance. The verb with the second person singular is not the same as with the plural and so on. Here's how it looks in Italian:
    Second person singular (only the user has reacted): Tu hai reagito qui Second person plural (the user plus at least one other person have reacted): Voi avete reagito qui (or, as it could appear, Tu, Meddysong, Ilya Hoilik, opentype e 3 altri avete reagito qui) Third person singular (only one person, not the user): Lui ha reagito qui Third person plural (several people, not the user): Loro hanno reagito qui (Meddysong, Ilya Hoilik, opentype e 3 altri hanno reagito qui) It might be easier to visualise if we switch the English from reacted to have reacted:
    If the user is the only person or there are several people, irrespective of whether the user is one of them: %s have reacted If there is only one person but this isn't the user: %s has reacted We can get away with working around this problem in English by using the simple past form. (We perhaps shouldn't in this instance but complaining would be nitpicking!) In other languages, however, we don't have this option. It's not just a question of capturing number but also inclusivity.
    I don't know how you'd go about resolving this but I'm not one of the devs -- I bet you've solved trickier conundrums than this one 🙂
  2. Like
    Mark reacted to Meddysong in Could this sentence be improved?   
    It's written perfectly appropriately for English and in a way which indicates that you can distinguish plurality if translating. I don't see why the English should be rewritten with a needless distinction when there's no difference between singular and plural. If you're translating, then you can see that it's possible to make a distinction for number if it's required.
  3. Like
    Mark reacted to Nathan Explosion in WYSIWYG editor needs table element   
    Right, I've looked at the language for that specific message that is displayed and it is editor_plugin_folder_desc
    editor_plugin_folder (and its _desc) is displayed when the server environment doesn't allow the upload and extraction a .zip file (no PHP ZipArchive module) and therefore it wants you to first upload the contents of the ckeditor plugin zip file to the mentioned folder via FTP. You then refresh the page you are at and you should then have the plugin available in the list.
    'colordialog' is one of the default plugins provided with IPS, hence why you see it there.
    Probably no ticket needed I reckon - you just have to follow the instructions they provide you. If you want  upload the zip the proper way and have IPS do the extraction etc then you'll need to check in to the server's ability to allow it (it uses the PHP  ZipArchive module)
  4. Like
    Mark got a reaction from GrooveOnBeat in Option to сhange notification sound   
    It won't get overridden unless you're uploading the full set of files every upgrade.
  5. Like
    Mark reacted to opentype in Commerce: add pre-filled Billing Address for manual invoices   
    I just tried it with two accounts and I can confirm what Jim says. I get the view above with empty fields if the user has never finished a Commerce order and therefore has no address data on file. I'm not sure what you mean by “address provided during registration”. As long as you force a purchase during registration, there will be none in the system. 
    If I go to step 2 with a user that has made a purchase in the past (and therefore provided the data), the addresses are made available as in Jim’s screenshot. 
  6. Like
    Mark reacted to optrexnz in Possible bug in IPS 4.4.0 or issue IE11 win 8.1 phone?   
    Why doesnt it display properly on my ZX81 emulator?
  7. Like
    Mark reacted to MMXII in How do you report bugs like this?   
    Whenever I discovered a bug, I simply opened a support ticket in the client area. That is what IPS staff is recommending, too.
  8. Like
    Mark got a reaction from exel80 in REST using OAuth2   
    Yes, using the REST API with OAuth 2 authentication is the best way to do this. 
    Our documentation assumes you are familiar with the basic concepts OAuth before you begin. A good resource is OAuth 2 Simplified.
    First decide how you want users to authenticate:
    By opening a webpage, logging in, and granting access (like you do for Facebook login, etc) - this is the recommended way as it's the most secure, but maybe a bit more difficult. See the "Web Server Apps" section of the OAuth 2 Simplified site. By entering their username/email + password. See the "Other Grant Types" section of the OAuth 2 Simplified site. You'll create an OAuth Client in AdminCP → System → REST & OAuth → OAuth Clients.
    If you're having trouble, let us know how far you've got and what you need help with.
  9. Like
    Mark reacted to The Old Man in Please allow "full price" for upgrade option   
    But based on Mark's example, they've already paid the first $10! You'd effectively be charging your members $40 for $30 of service, or put another way, over charging them for their loyalty and investment?
  10. Like
    Mark got a reaction from TheWorldNewsMedia.org in Speed up Private Messaging   
    End-to-end encryption is not really possible as there is no method for storing the keys in a browser with reliable persistence (unlike in a mobile app). Note that "secret comversations" in Facebook Messenger, for example, can only be created and viewed on their mobile app, not their website.
  11. Like
    Mark got a reaction from Makoto in Speed up Private Messaging   
    End-to-end encryption is not really possible as there is no method for storing the keys in a browser with reliable persistence (unlike in a mobile app). Note that "secret comversations" in Facebook Messenger, for example, can only be created and viewed on their mobile app, not their website.
  12. Sad
    Mark got a reaction from Kpp in CKEditor 5   
    To clarify since @Joel R mentioned me specifically... 😂
    We will be sticking with CKEditor 4 for a little while. While we will presumably move to CKEditor 5 some time in the future, it is currently still very new and maturing (when Joel asked me, it was before 5.11.2.0 was released which is when they re-added paste from word). But most importantly, to move would require a lot of development time (to upgrade our custom plugins) for what will be, to the end-user, very little change. And since CKEditor plans to continue releasing updates to version 4 for the foreseeable future we're not missing out on bug fixes or security patches.
    Obviously if you're experiencing issues, please submit a support ticket and we can look into that - if you're not seeing the same problems on CKEditor's demo, the problem is likely our end and so it's probable that moving to CKEditor 5 wouldn't resolve it.
  13. Like
    Mark got a reaction from Makoto in FTP storage options silently removed.   
    We have no plans to remove the \IPS\Ftp classes, which are used by the upgrader. But the ability to set up the system to store uploaded files like attachments on an external FTP server was deprecated in 4.3.0 (i.e. 8 months ago).
  14. Like
    Mark got a reaction from Makoto in FTP storage options silently removed.   
    It's actually still there so people who were using it wouldn't suddenly end up with things broken. You could add a row to the table in the database where the configurations are stored if you really wanted to.... but I wouldn't recommend it.
    It was notorious for causing errors where the FTP server's flood protection or other limitations would suddenly block the connection and then suddenly the community would be unable to upload anything and have other issues caused by the communication not working.
    While some who knew what they were doing were able to configure the FTP server in a way that these issues wouldn't happen, it was used by such a small number of communities (like... less than 0.1%) and the percentage of those it caused irreparable issues to was so high, it just made sense to deprecate it. Especially in today's world where more robust solutions like Amazon S3 are available. Or, as you mention, a virtual drive on the webserver.
  15. Like
    Mark got a reaction from SeNioR- in CKEditor 5   
    To clarify since @Joel R mentioned me specifically... 😂
    We will be sticking with CKEditor 4 for a little while. While we will presumably move to CKEditor 5 some time in the future, it is currently still very new and maturing (when Joel asked me, it was before 5.11.2.0 was released which is when they re-added paste from word). But most importantly, to move would require a lot of development time (to upgrade our custom plugins) for what will be, to the end-user, very little change. And since CKEditor plans to continue releasing updates to version 4 for the foreseeable future we're not missing out on bug fixes or security patches.
    Obviously if you're experiencing issues, please submit a support ticket and we can look into that - if you're not seeing the same problems on CKEditor's demo, the problem is likely our end and so it's probable that moving to CKEditor 5 wouldn't resolve it.
  16. Like
    Mark reacted to Morgin in FTP storage options silently removed.   
    You shouldn’t even have an ftp server installed on a modern server. It is a major security hole. There should not be any need for ftp in 2018/2019. IPS should make the Amazon S3 option compatible with all s3-compatible storage options (if it isn’t already) to ensure anyone who doesn’t want to specifically use Amazon doesn’t have to and not rely on a community plugin, but they would be doing more of a disservice to continue supporting ftp storage. 
  17. Like
    Mark got a reaction from Jennifer M in CKEditor 5   
    To clarify since @Joel R mentioned me specifically... 😂
    We will be sticking with CKEditor 4 for a little while. While we will presumably move to CKEditor 5 some time in the future, it is currently still very new and maturing (when Joel asked me, it was before 5.11.2.0 was released which is when they re-added paste from word). But most importantly, to move would require a lot of development time (to upgrade our custom plugins) for what will be, to the end-user, very little change. And since CKEditor plans to continue releasing updates to version 4 for the foreseeable future we're not missing out on bug fixes or security patches.
    Obviously if you're experiencing issues, please submit a support ticket and we can look into that - if you're not seeing the same problems on CKEditor's demo, the problem is likely our end and so it's probable that moving to CKEditor 5 wouldn't resolve it.
  18. Like
    Mark reacted to AndyF in 4.4 Preview   
    Positive Feedback: With regard to the 'post before register' , I purposely yesterday did not register after the post. 🙂 I forgot to mention earlier as I'd filled in the form etc I got an email reminding me of this with a helpful link to let me finish up if I wanted to:

  19. Thanks
    Mark got a reaction from SJ77 in purchase again option seems unneeded.   
    If you're willing to submit a support ticket, I'd be interested to check that there's nothing else going wrong. It seems to me very bizarre that someone would miss the equally sized "Download" button and click "Buy Now" and submit payment 6 separate times.
    If you do, mention this post so the support team know to send it up to me.
  20. Thanks
    Mark got a reaction from ahc in Guest Checkout   
    If you go to AdminCP > Commerce > Payments > Settings > Checkout. you can set it so guests are not asked for a display name. Also on that page, you can set it so under certain circumstances, the customer's real name and billing address isn't required - however, some payment methods require this information.
    Beyond that, the only thing they are asked for is an email address (which we need to send the order confirmation and details to) and password. So the only thing that it asks for which could be avoided is the "Password" field.
  21. Like
    Mark reacted to NeedCoffee in Limit Support Request titles, just had one 196 characters!   
    Example screenshot as I know people like screenshots!

    I appreciate there might be cases where you really want all that in the subject, rather than body, but it's a bit of a PITA and would be nice if, like topic titles, it could be set as an option :)
  22. Like
    Mark reacted to Aiwa in List of every change to DOWNLOADS app since 4.0   
    To be fair to IPS, they weren't very thorough in their change logs for a fair portion of that update range. Something they've been greatly improving as of late.
  23. Like
    Mark reacted to Joel R in 2 Factor Auth via e-mail   
    Actually, the main purpose of 2FA is to provide two different factors of security, not two of the same kind of security.  As @Mark explained, the main benefit of 2FA is to divide the password among at least 2 of 3 factors: knowledge, possession, and inherency.  I'm not against additional layers of security, especially for admins, but using a phone-based authenticator is just as easy - and is stronger than - email authentication.     
  24. Like
    Mark got a reaction from Meddysong in 2 Factor Auth via e-mail   
    Two Factor Authentication significantly improves your security and is certainly not just dumbing things down.
    Generally speaking, there are three ways of proving you are who you say you are: knowledge factors (something you know, like a password), possession (something you have, like a mobile phone) and inherent (something you are, like a fingerprint).
    Using a strong password helps address some of the shortfalls of the knowledge factor - it protects you against someone trying to guess (or bruteforce) your password. However, it doesn't prevent you against a variety of other attacks (for example, if someone was able to compromise your system and install a key logger).
    But two factor authentication adds an additional factor into play: usually a possession factor. In addition to providing your (hopefully strong) password, it requires you to prove that you have in your possession a device which belongs to you.
    It should be used whenever available, especially for things which require additional security.
     
     
    To address the original question: email is generally not a great 2FA method as it is already the method of recovery if a user forgets their password. If you use email as the second authentication factor, it means an attacker only has to gain access to the desired victim's email account in order to compromise their account - which effectively brings you back to a single-factor authentication system.
  25. Thanks
    Mark got a reaction from tonyv in 2 Factor Auth via e-mail   
    Two Factor Authentication significantly improves your security and is certainly not just dumbing things down.
    Generally speaking, there are three ways of proving you are who you say you are: knowledge factors (something you know, like a password), possession (something you have, like a mobile phone) and inherent (something you are, like a fingerprint).
    Using a strong password helps address some of the shortfalls of the knowledge factor - it protects you against someone trying to guess (or bruteforce) your password. However, it doesn't prevent you against a variety of other attacks (for example, if someone was able to compromise your system and install a key logger).
    But two factor authentication adds an additional factor into play: usually a possession factor. In addition to providing your (hopefully strong) password, it requires you to prove that you have in your possession a device which belongs to you.
    It should be used whenever available, especially for things which require additional security.
     
     
    To address the original question: email is generally not a great 2FA method as it is already the method of recovery if a user forgets their password. If you use email as the second authentication factor, it means an attacker only has to gain access to the desired victim's email account in order to compromise their account - which effectively brings you back to a single-factor authentication system.
×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy