Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

Ooops, machine crashed, and mail got sent ... Instead of that long quoting of what Mark said, that was supposed to be: "Thank you Mark." Apologies, apologies. Laura -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.or

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

In a message of Sat, 25 Apr 2015 08:42:10 -0700, Mark Sapiro writes: >On 04/22/2015 09:49 PM, Laura Creighton wrote: >> Maybe at the point where we mention 'you must have cookies enabled' >> we should mention that load balancers can cause problems? > > >What Stephen said plus, the stuff about cooki

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

Mark Sapiro writes: > As I said before, this is reported as a bug > which is "fixed" for > the next release, and which fix has been installed for the > mail.python.org Mailman. Note that the RFC-ly correct fix would involve a reverse lookup, w

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

On 04/22/2015 09:49 PM, Laura Creighton wrote: > Maybe at the point where we mention 'you must have cookies enabled' > we should mention that load balancers can cause problems? What Stephen said plus, the stuff about cookies is on admin, moderator and private archive logon pages which someone who

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

Laura Creighton writes: > Maybe at the point where we mention 'you must have cookies enabled' > we should mention that load balancers can cause problems? I don't think nontechnical users will know what "load balancer" means. By now most users either know about cookies because they've disabled t

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

Maybe at the point where we mention 'you must have cookies enabled' we should mention that load balancers can cause problems? (Thinking out loud here.) Laura X -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailma

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

On 04/22/2015 08:59 PM, Laura Creighton wrote: > > BINGO. He has found out that this is what happens at his (new) work > site. It's a load balancer. He is very grateful for getting this > figured out. :) I fear that this sort of load balancing is going to > become all the more common in the fut

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

Laura Creighton writes: > become all the more common in the future. Is insisting that the IP > addresses match serving a useful purpose? Yes. Differing request origins is the characteristic signature of a CSRF attack.[1] I suppose the site could resolve the IP to a domain, but that would slo

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

In a message of Wed, 22 Apr 2015 16:52:33 -0700, Mark Sapiro writes: >It wouldn't be his machine. It would be something between his machine >and mail.python.org. Perhaps some kind of load balancer or other >device which submits each separate http request from one of a pool of >IP addresses. Thus, t

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

On 4/22/15 3:11 PM, Laura Creighton wrote: > In a message of Wed, 22 Apr 2015 14:34:00 -0700, Mark Sapiro > writes: >> >> It is conceivable that some browser could corrupt the >> sub_form_token value upon submission if and only if the password >> fields are empty, but as I say, it's a stretch. >

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

In a message of Wed, 22 Apr 2015 14:34:00 -0700, Mark Sapiro writes: >It is a stretch, but the HTML for the form tag and it's input tags look >something like > > name="sub_form_token" >value="1429735034:cebafdd44a345e440de23b4ba49d63b71439258a"> > > > > > > No > Yes > > > >It is c

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

On 04/22/2015 01:34 PM, Laura Creighton wrote: > > He says he got the form from https://mail.python.org/mailman/listinfo/pypy-dev > > So what can corrupt the token, I wonder. How chrome stores tokens > and what things -- like an add blocker -- could modify or remove > it isn't one of the things

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

In a message of Wed, 22 Apr 2015 09:07:13 -0700, Mark Sapiro writes: >The message your user got, "You must GET the form before submitting >it.", indicates the hidden 'sub_form_token' either was not present in >the submitted form or was not of the correct format. This could indicate >that there is a

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

On 04/21/2015 09:53 PM, Laura Creighton wrote: > In a message of Tue, 21 Apr 2015 16:31:46 -0700, Mark Sapiro writes: >> On 04/21/2015 03:55 PM, Laura Creighton wrote: >>> Forwarded message here. He just tried to subscribe as ben.jol...@xad.com >>> but apparantly can only subscribe if he leaves th

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

In a message of Tue, 21 Apr 2015 16:31:46 -0700, Mark Sapiro writes: >On 04/21/2015 03:55 PM, Laura Creighton wrote: >> Forwarded message here. He just tried to subscribe as ben.jol...@xad.com >> but apparantly can only subscribe if he leaves the password field blank. >> >> It is, of course, work

Re: [Mailman-Users] Somebody could not subscribe to pypy-...@python.org

On 04/21/2015 03:55 PM, Laura Creighton wrote: > Forwarded message here. He just tried to subscribe as ben.jol...@xad.com > but apparantly can only subscribe if he leaves the password field blank. > > It is, of course, working just fine for me. And it has nothing to do with the password being b

[Mailman-Users] Somebody could not subscribe to pypy-...@python.org

Forwarded message here. He just tried to subscribe as ben.jol...@xad.com but apparantly can only subscribe if he leaves the password field blank. It is, of course, working just fine for me. Laura --- Forwarded Message Return-Path: Received: from na01-bl2-obe.outbound.protection.outlook.co