Jump to content



IPS Management
  • Content Count

  • Joined

  • Last visited

  • Days Won


Lindy last won the day on July 31

Lindy had the most liked content!

About Lindy

Contact Methods

Profile Information

  • Gender
  • Location
    Forest, VA

Recent Profile Visitors

104,036 profile views
  1. Lindy

    Completely confused

    Welcome back! You should be able to still download addons (unless the author requires renewals that you've not paid) and most areas of the community should still be accessible to expired customers. As mentioned, please submit a ticket and we'll be happy to take a look at your account. Regarding URL changes - the perception that an active license is tied exclusively to only support is a misconception due to the way licenses were handled many years ago. For quite a long time (approx. a decade), the only thing an expired license allows you to do is continue using the software as it was at time of expiration - meaning, on the same URL, the same existing installed version, etc. An expired license is just that, so unfortunately, that is why you're not able to update the URL, reinstall or download until the license is reactivated -- we don't shut off the software or prevent use when a license expires, but just about everything else requires an active license. Sorry for any confusion and frustration - please get in touch with us and we'll work on getting your account back in order.
  2. Chris - Firstly, thank you for 15 years of business, we appreciate it! There were in fact multiple reminders about the survey, but as noted, this particular one targeted active customers. I completely agree that feedback from those that let their license lapse is important as well, but that wasn't the focus of the experimental survey we pushed out last year. We now have, baked into the software, a renewal reminder that appears in the AdminCP before a license expires. If you choose not to renew, it allows you to easily let us know why and we do review all of those responses. Naturally, you're also welcome to contact us at any time with any specific feedback - you have a standing invitation. 🙂 That was our first ever survey of that scale and it was extremely beneficial, with thousands upon thousands of responses. There were several concerns that were common across most such as search, Commerce and Gallery. We then took the more elaborate responses ("I hate it" or "It sucks" isn't the kind of feedback we look for and will generally not follow up on it, vs "I find it difficult to search for partial model numbers") and conducted mini focus groups with those clients. As a result, search was vastly improved, we made numerous Commerce improvements with more planned for 4.4 and the Gallery interface and upload process was improved in 4.3. It's a system we really like and we will continue to use moving forward. With that said, we will not likely announce them as they would rarely target all customers and former customers of all types, with all apps, all at once. To gather usable feedback, they really need to be a touch more focused. So, it's important to keep @Invisionpower.com whitelisted.
  3. This is logged for internal consideration and I'm not saying we won't do this, but keep in mind, at least in the interim, you can change the display name to that of your choosing before you delete it to accomplish your goal.
  4. Lindy

    Outdated IPS CSS Framework

    Remember that time Rikki worked here? Me too. Dark days... glad those are behind us.
  5. @DReffects2 - I appreciate you've done extensive research as applicable to your situation jurisdiction. We have expended an enormous amount of time and resources aiding our EU clients with GDPR compliance to the best of our abilities and it's our understanding, we've actually done more than most similar platforms. A temporary line has to be drawn somewhere or we're going to end up with, as Matt said, a barrage of half-baked features and checkboxes everywhere. We have consulted with the ICO, our largest EU clients and perused legal resources and are confident that our implementation as of 4.3.3 will help satisfy your compulsory requirements under the GDPR. I know you don't like the "let's wait and see" approach on your remaining potential concerns, but that is in fact a key purpose of the judicial system -- interpreting and providing subsequent guidance on existing regulation. We are committed to adapting and accommodating as needed, I assure you. We aren't, however, able to go crazy and toss things in based on armchair interpretations. From a layman perspective, a simple checkbox here and there seems easy. From a development perspective - you need to do something with that checkbox. As the contact form, when configured such, is merely an email form, there's nothing to do in the same way there's nothing to do when you actively send someone a traditional email -- you're sending the email because you want to initiate contact. If you wanted a "simple" checkbox on the contact form that's simply sending an email, you then need to provide a mechanism for obtaining consent, store the email address, store the consent, provide a mechanism to withdraw the consent to store the email, etc. None of that is necessary based on reasonable interpretations of the GDPR, so as developers with finite resources, we need to weigh out these requests that amount to a fair amount of development time with limited basis and simply say, if you're super concerned about untested, unchallenged, extreme interpretations for things like this, it's likely best, for your own peace of mind, to simply not use the feature. I say with confidence that although ultimate compliance with any local, national or international law or regulation is the responsibility of the community owner; 4.3.3 is GDPR friendly. If you feel you need to be more restrictive based on additional member state requirements, interpretations or even personal peace of mind - you can of course disable embeds, disable the contact form, disable spam mitigation, disallow tech support and/or peruse third party solutions. It's my opinion, however, the EU authorities are not intending to cripple the Internet or make it cumbersome, inconvenient and unenjoyable to use; only to hold providers, controllers and processors to task for safeguarding data... and in that regard, it's only a good thing. There's a lot of information, opinions and suggestions floating through the comments here and it's difficult to keep track of. We welcome you to engage us via a support ticket for software and corporate specific information and, of course, you may use the client forums to discuss various scenarios, share opinions, tips, etc. We appreciate the feedback and participation. Let us know if we can be of further help.
  6. Lindy

    my grief

    Chris - there's a lot of info flying around here, so I'm sorry if I'm misunderstanding your goal. We actually have a lot of customers now that don't buy the forums app at all. Some use Commerce only, but most use Pages and Commerce. As noted, the forums are not required for... well, anything beyond forum-y stuff. Unless you've required a purchase, registration should always be available at <yoururl>/register (https://invisioncommunity.com/register for example) We totally agree about the gift card / guest scenario and it is in fact on our roadmap. I can't recall offhand if this is on the 4.4 list, but I can say there are many, many improvements to Commerce in 4.4. Don't let this sort of thing fester, Chris. Hit us up and pitch your use case and what you're trying to accomplish - some people use the software for some crazy cool things (the craziest that comes to mind is an ambulance dispatch system) - give us the chance to tell you if there's a built in solution, if we're able to make an accommodation or even if it's "sorry, no can do!" We run split installs ourselves -- this community powers the site and forums; another Commerce-only install powers the cart, support and client area. We have very few customizations (other than things like a hook to make PM view wider... ha! I slay me) to make that possible so we can upgrade with every release just like you do.
  7. Lindy

    my grief

    Sorry for your disappointment, Chris. For what it's worth, no one person at IPS writes the product roadmap. I assure you that there's no secret society, whispers or handshakes; when a suggestion comes up, there is a multi-level vetting process that ensures all angles are accounted for: can we develop it? can we sell it? can we support it? Things do not generally just get added willy nilly these days - no matter who you know. 😉 Regarding PMs, I would hope that you are already aware that you can in fact search PMs. This does not drill down to specific messages, which may be the crux of your concern. I don't think we're adverse to exploring this, it's just not regularly come up as a "must have" and to be honest, I'm not sure it's typical to have 1000 messages in a single conversation. I'm not really sure I understand your contention regarding the "desktop view." It looks and behaves like similar systems such as Facebook messenger, for it is in fact a messenger and is not really intended to behave like an email client. Regarding addons - we allow extremely deep integration with the framework. It's frankly a double-edged sword at times in that third party authors have a lot of flexibility, but because of that, we can't always "sandbox" modifications the way Apple can -- meaning, an app on your iPhone isn't going to break your entire iPhone as Apple does not allow third party developers to interact with the device or OS on that level. With that said, hopefully in 4.4, we will have - and require third party authors to use - an IPS hosted versioning system. This means that when an author updates their resource, it will show in your ACP as an available update. Now, this doesn't guarantee a resource will be updated to address any compatibility issues, but it should go a long way in minimizing the need for customers to go down their list of resources and check each listing in the marketplace. While I personally don't do a lot of web browsing on mobile - the fact is, 66% of all web users do and that number is steadily rising. Mobile has been a strong focus and for good reason - it's kind of a big deal and I can say with complete confidence that you would be in the overwhelming minority of "people that pay the bills" (for which we're appreciative) that are unconcerned with mobile. 🙂 As I've said many times in the past - we don't develop for our own personal interest; we develop for the customer-base at large. If we had a large segment of the customer base that wanted an email client-esque experience with the messenger, we'd of course prioritize accordingly. A growing number of clients wanted alternate search options, for example, so -- we [finally] did it. We need to focus on providing current/modern technology that empowers community operators to remain relevant themselves via a solution that engages an audience accustomed to a social media type experience. So, respectfully, things like social promotion features and integration, clubs, revenue generation, mobile experience, etc. unfortunately do take precedent over accommodating more limited use cases (comparatively) like using the PM system as an expansive helpdesk (Commerce has helpdesk functionality.) I can tell you're frustrated and something has been festering, so I'm glad you got this off your chest - we appreciate the feedback. If, however, you really feel our direction with things like responsive technology/mobile support and the items I've mentioned that promote social engagement, clubs, monetization, etc. is "the wrong direction" - I know you don't want to hear this, but I really feel you'll continue to be disappointed with our platform. While there are many "basic" things we would like to do (and eventually will), including spruce up the reporting and PM systems - nothing else matters if you can't keep your existing users engaged and capture new audiences, so that's where we feel customers want us to place the most attention. We're always willing to stand corrected and we have not been around for 16 years by discounting customer feedback. Nonetheless, we know we can't be everything to everyone, try as we might. I wish I had a "sure, we'll do that!" magic bullet fix for you. I will check into the feasibility of contextual message searching in PMs though - that would be a handy feature. Thanks for sharing your time and feedback with us. I'm sorry again for your overall disappointment and wish I could do more to help. Hopefully you'll stick with us, but I wish you the best of luck on whatever path you choose.
  8. Sorry guys, while 4.3.3 has the GDPR improvements, it also contains numerous bug fixes and so we need to carry it through our normal release schedule. We avoid late-week releases because we are not open for general support on the weekends. Tuesday is our target release date. Have a good weekend!
  9. You guys may wish to start a peer-based GDPR topic in the client lounge or similar to share your thoughts, tips and interpretations and carry on an ongoing dialogue amongst each other. You may pick up or be able to share some insightful information that will likely be lost in the shuffle here.
  10. Lindy

    Your GDPR questions answered

    More information will be made available about our position with regards to the GDPR in the next day or so and a few more provisions are being added to the software (this will be detailed more in the upcoming post) by the implementation deadline. Beyond that, I'd ask that you slow the roll so-to-speak on personal interpretations and armchair legalese for there is no need to get worked up into a frenzy. Much like Y2K when everyone thought the world was going to end, the power grid was going to shut down and we'd be left with a smoking pile of circuitry ashes - I assure you, May 26th will be uneventful and we will all carry on as normal - just with some additional data processing safeguards. The regulations will be further interpreted, tested via case law and the world (including IPS) will adapt accordingly. In the interim, please relax and wait for our next update this week. It should address the remaining concerns we've interpreted and determined to be valid. As an aside, the software does not prevent you from controlling content. It is not our position nor that of the numerous experts we've consulted with that contributed content to a public community-centric entity constitutes personal information in accordance with the GDPR. If you believe otherwise, the software allows you to delete that content upon receipt of a right to erasure request from a data subject. You can also include in your terms and conditions (which you can require your users to accept) verbiage that addresses copyright, if you so desire. All of this is your decision based on your (and ideally, your legal expert's) individual interpretation of applicable laws - we are just providing baseline tools based on our interpretation. Please stay tuned while we further address your GDPR concerns such as obtaining technical support, data portability, etc.
  11. As noted in your other topic, I know Germany has additional data protections than other EU members, but the Privacy Shield will do nothing to address those and again, being certified Privacy Shield does not mean you are GDPR compliant. Dynamic IPs are not universally considered personally identifiable data, but with the GDPR, IP addresses are considered PII data. I can't and won't tell you to not follow your own local legal advice, but there are going to be gray areas in the expansive legislation, just as there were with the numerous renditions of the "cookie law." I believe the GDPR is intended to keep the big boys at bay and hold folks like us to a higher standard in terms of data transmission, processing and storage. It's extremely unlikely EU authorities are going to descend upon you for embedding a vimeo video. 😃 Further, provided you are using GDPR compliant (Privacy Shield is insufficient) providers and you've obtained consent, you should be fine. We unfortunately cannot advise or accommodate every scenario, so as the controller of data, it is your ultimately responsibility to ensure compliance. With that said, we will of course evaluate as things move forward to determine what we can do to help our clients be most successful. On this specific issue, we believe it would be unnecessary to do as your attorney is purportedly suggesting. Being prepared and diligent is fantastic, but try not to get too stressed and overthink this. If Facebook can continue to allow you to embed YouTube and Vimeo videos, I'm pretty confident you'll be ok too. 🙂
  12. Thanks for your feedback. We are in fact aware of the Privacy Shield program. For the benefit of others, Privacy Shield (formerly the safe harbor agreement) is an agreement between the EU and US. Participation is voluntary, however, once a US corporation enters into the program, it is enforced by the US Department of Commerce - this was a big advantage to the EU as otherwise, absent a physical presence in the EU, data protection laws in the EU are largely unenforceable in the US. The GDPR, which is not the same thing as Privacy Shield, aims to extend data transfer, processing and storage protections and expand the EU's reach to US companies, even those not enrolled in Privacy Shield via various trade agreements. Many believe that's unlikely to be successful except in severe circumstances with large corporations and in those cases, those companies likely have a presence in the EU anyway. Regardless of reach, we feel the GDPR is appropriately encouraging us all to hold ourselves accountable for the personally identifiable data we process and store and we're taking our obligations seriously. Those in the Privacy Shield program don't necessarily meet the requirements of the GDPR and we've opted not to, as of yet, go through the cumbersome certification and registration process (and to the best of my knowledge, nobody else in the industry has either) as the GDPR offers more protection than that required by PS (for example, IP addresses are definitively considered PII data by the GDPR whereas previously, dynamic IPs may or may not be, depending on opinion and interpretation) and we've instead focused our efforts on reaching GDPR compliance (which, to be clear, has been an enormous effort.) We will have a GDPR compliance section on our website very soon that will be of interest to you. I am not in a position to question the accuracy of your attorney's service and am aware Germany has more stringent data protection guidelines than other EU members. With that said, we have thousands of clients across the EU, including Germany and I've never seen or heard of a local regulation requiring a resident to only do business with those in the Privacy Shield program. I would think that would have a significantly adverse effect on the ability to engage in international commerce as a German. Nonetheless, regarding the spam service, if you opt to use the spam service, you'll just want to list us on a (sub)processors page on your site (a blurb in your privacy policy.) The GDPR requires your (as the controller) vendors/processors and sub-processors also be GDPR compliant and we will be. Again, I cannot speak to Germany specifically, but I have no knowledge of a requirement to be Privacy Shield certified and again, you can be PS certified and still not necessarily be compliant with the GDPR as the latter is more restrictive. I hope this helps. As mentioned, we'll have more information on the GDPR on our site soon.
  13. Lindy

    Security Link in ACP

    Davyc, I'd recommend finding a new host (might I suggest www.invisioncommunity.com/buy ? ) Having those commands enabled, especially in a shared hosting environment is simply reckless. PHP has functionality called open_basedir that prevents a PHP script from "breaking out" of your account. In other words, let's say another customer on your server is running a PHP script full of security holes and an attacker exploits it. With in-built PHP security precautions (open_basedir) - an attacker should not be able to break out of that account housing the vulnerable script, meaning, they cannot use that script to get to other accounts on the server (including yours.) The issue is, the commands we recommend be disabled are system level commands. These completely bypass open_basedir. Using exec, system, passthru and the other listed commands in that scenario, an attacker simply needs to find one vulnerable account on the entire server and upload a "shell" script... because those commands are enabled, they can very easily browse other accounts on the server, read your conf_global to get your database details, then dump, alter or even drop your database. Disabling those commands isn't just protection from outside attackers directly on your site, it's also to protect your account from other accounts. Again, if your host won't disable them (server-wide), get another host, even if it's not us. It's akin to renting an apartment, finding all of your neighbors' keys fit your apartment and your landlord won't do anything about it.
  14. Lindy

    Security Link in ACP

    We scrapped our recommendation for things like custom named admin directories, which now actually cause more trouble than they help and were introduced when a time when obfuscation was better than nothing. Now, there are much better solutions such as 2FA, web application firewalls and IP restrictions. Dangerous security concerns such as allowing exec() and system PHP commands are now in-line on the dashboard where they are more likely to be addressed. Things like file permissions should be addressed in the support tool. If you note anything that's missed in the support tool or are confused about anything being shown on the dashboard, please let us know specifics so we can address them.
  15. Lindy

    4.3 Removing SparkPost

    Yes, that is the biggest issue - by default, they dump you into public ranges that are blacklisted. That's not helpful to our customers at all. One shouldn't have to jump through hoops to reliably use a service and as I've noted many times in the past, our demographic choose us to avoid having to get their hands dirty and unnecessary barriers. We're not going to provide an integration and in the next block of text "you'll likely either have to buy a private IP pool or bounce around with support and hope for the best for it to actually work correctly." Firstly, there are legitimate issues with users not getting notifications - sometimes preferences, sometimes user error, sometimes a bug. Unlike other third party items, it's not as simple as disabling all modifications and testing. We have to investigate, it's time consuming and Sparkpost caused us (and clients) more drama and headaches than Sendgrid. It's really as simple as that. I know you're frustrated and I'm sorry for your displeasure. We have no affiliation with Sparkpost nor Sendgrid. We get no revenue from either. Our decisions are made in the best interest of the client-base at large and efficiency in providing support. You can argue Sendgrid also experiences similar issues and you're not entirely wrong, but it's to a much lesser and infrequent extent and most importantly, clients have reported more positive experiences and support interactions with Sendgrid. Regarding your current issue, I know it's stressful and frustrating to have your emails stop working. Respectfully, this is the point of a beta cycle. The developers are doing a remarkable job and 4.3 is amazingly stable, but some quirks and concerns will take longer than others. If it's a show-stopping issue, you can restore to 4.2 for your production site, use localhost to send mail, use any other SMTP provider or use Sendgrid. Finally, we do appreciate anyone taking the time to provide feedback. In many cases, such as the MySQL wait timeout being displayed and folks expressing their concern about it, we can easily say "yeah, that can definitely be done better - we're on it." Or "search sucks, make it better!" Yup, we agree, here you go! Sometimes, though the picture may not be entirely clear from browsing the forum, we make decisions you won't agree with and while we won't reject feedback, we're not interested in arguing back and forth. We're open to and are exploring other integration options in the future - mailgun is a possibility. At this juncture, there's nothing further to be gained in this topic. If you have any transitional issues from Sparkpost API to SMTP, please feel free to open a support request. Sorry again for any inconvenience this may have caused and we appreciate the feedback and understanding.