|
Title: Time to bring back avatars Post by: Gazza1 on April 25, 2014, 10:24:58 PM Please
Title: Re: Time to bring back avatars Post by: MsCollec on April 25, 2014, 10:25:45 PM More please..I need to change my WDC Logo ;D
Title: Re: Time to bring back avatars Post by: jonald_fyookball on April 25, 2014, 10:38:26 PM ya...PLEASE I would like one. ;D
Title: Re: Time to bring back avatars Post by: Remember remember the 5th of November on April 25, 2014, 10:51:26 PM Wrong subforum, the correct subforum for this is Meta.
Title: Re: Time to bring back avatars Post by: Gazza1 on April 25, 2014, 10:59:29 PM and also return "move topic" and "make thread self moderated" to the options please. No reason to remove them, not having them in there just creates more work for mods.
Title: Re: Time to bring back avatars Post by: alani123 on April 25, 2014, 11:08:52 PM Meh!
Tradecoin is still relevant. I'm so glad I'm a supporter since the early days. Title: Re: Time to bring back avatars Post by: Lauda on April 26, 2014, 07:20:45 AM Why would a small image be this important to you? It doesn't really mean anything.
Eventually the feature will be brought back. Title: Re: Time to bring back avatars Post by: Swordsoffreedom on April 26, 2014, 07:22:35 AM Why would a small image be this important to you? It doesn't really mean anything. Eventually the feature will be brought back. Think it won't be brought back till the new forum appears Theymos has a certain recollection of that day https://www.youtube.com/watch?v=LKrOHAfMdxI Good times evil 1000 ;) Title: Re: Time to bring back avatars Post by: Soappa on April 26, 2014, 08:53:43 AM Why would a small image be this important to you? It doesn't really mean anything. Eventually the feature will be brought back. Think it won't be brought back till the new forum appears IIRC, we need to wait for at least a year for the new forum. Title: Re: Time to bring back avatars Post by: counter on April 26, 2014, 09:16:00 AM It would be nice but not if it is going to be an issue over safety and security. I would very much like to ahve my avatar changed so yea.. co signed.
Title: Re: Time to bring back avatars Post by: jonald_fyookball on April 26, 2014, 01:51:53 PM Why would a small image be this important to you? It doesn't really mean anything. Eventually the feature will be brought back. It's not like it's SOOOO important but it's cool. Bitcoin and this forum is my new hobby and way to take a break from work. More healthy than checking news websites. Why did they stop the avatars? Title: Re: Time to bring back avatars Post by: Gazza1 on April 26, 2014, 04:02:18 PM Why would a small image be this important to you? It doesn't really mean anything. Eventually the feature will be brought back. It's not like it's SOOOO important but it's cool. No kidding. There's always some moron devil's advocate. It's a disease I tell you. :D Title: Re: Time to bring back avatars Post by: Gazza1 on April 26, 2014, 05:48:53 PM We also need a + button for the ability of quoting multiple people easily.
Title: Re: Time to bring back avatars Post by: pandacoin on April 26, 2014, 06:00:55 PM We don't need avatars. That shouldn't be a priority. I'm patiently waiting new forum software. I hope it will be revolutionary.
Title: Re: Time to bring back avatars Post by: counter on April 26, 2014, 06:37:50 PM It's not about needing them it's just nice to have the option I think is the point of the thread and what others are getting at IMO. That is what I meant in any case.
Title: Re: Time to bring back avatars Post by: jonald_fyookball on April 26, 2014, 06:40:40 PM Why can't they simply turn them back on.is there some issue?
Title: Re: Time to bring back avatars Post by: Gazza1 on April 26, 2014, 06:57:16 PM It's important for promotional purposes.
Title: Re: Time to bring back avatars Post by: Swordsoffreedom on April 27, 2014, 07:17:44 AM Why can't they simply turn them back on.is there some issue? SMF issue that cannot be patched if I recall correctly since the forum can't upgrade its server Hence that we wait for a year problem Also don't think they can backend a new avatar API too much custom code already Title: Re: Time to bring back avatars Post by: cybrbeast on June 04, 2014, 06:13:47 PM And why hasn't the forum been upgraded and fixed yet. Are the 1000s of Bitcoin donated to Theymos not enough to cover it?
Title: Re: Time to bring back avatars Post by: hilariousandco on June 04, 2014, 06:17:22 PM It's in development now. There's an entire subforum dedicated to it: https://bitcointalk.org/index.php?board=167.0
Title: Re: Time to bring back avatars Post by: BigMac on June 05, 2014, 01:27:52 AM And why hasn't the forum been upgraded and fixed yet. Are the 1000s of Bitcoin donated to Theymos not enough to cover it? The new forum software costs 1 mil USD (~1500 btc), but no worries, the forum has way more than that. :) Title: Re: Time to bring back avatars Post by: jeffersonairplane on June 05, 2014, 02:24:24 AM I would love avatars to come back. Don't see why they were taken away in the first place.
Title: Re: Time to bring back avatars Post by: Swordsoffreedom on June 05, 2014, 02:27:31 AM I would love avatars to come back. Don't see why they were taken away in the first place. It was because bitcointalk got hacked back in 2013 and they needed to disable them Title: Re: Time to bring back avatars Post by: BigMac on June 05, 2014, 02:42:02 AM I would love avatars to come back. Don't see why they were taken away in the first place. It was because bitcointalk got hacked back in 2013 and they needed to disable them For those interested, you can refer to the thread https://bitcointalk.org/index.php?topic=306878.0 On October 3, it was discovered that an attacker inserted some JavaScript into forum pages. The forum was shut down soon afterward so that the issue could be investigated carefully. After investigation, I determined that the attacker most likely had the ability to execute arbitrary PHP code. Therefore, the attacker probably could have accessed personal messages, email addresses, and password hashes, though it is unknown whether he actually did so. Passwords were hashed very strongly. Each password is hashed with 7500 rounds of sha256crypt and a 12-byte random salt (per password). Each password would need to be individually attacked in order to retrieve the password. However, even fairly strong passwords may be crackable after a long period of time, and weak passwords (especially ones composed of only a few dictionary words) may still be cracked quickly, so it is recommended that you change your password here and anywhere else you used the password. The attacker may have modified posts, PMs, signatures, and registered Bitcoin addresses. It isn't practical for me to check all of these things for everyone, so you should double-check your own stuff and report any irregularities to me. How the attack was done I believe that this is how the attack was done: After the 2011 hack of the forum, the attacker inserted some backdoors. These were removed by Mark Karpelles in his post-hack code audit, but a short time later, the attacker used the password hashes he obtained from the database in order to take control of an admin account and insert the backdoors back in. (There is a flaw in stock SMF allowing you to login as someone using only their password hash. No bruteforcing is required. This was fixed on this forum when the password system was overhauled over a year ago.) The backdoors were in obscure locations, so they weren't noticed until I did a complete code audit yesterday. After I found the backdoors, I saw that someone (presumably the attacker) independently posted about his attack method with matching details. So it seems very likely that this was the attack method. Because the backdoors were first planted in late 2011, the database could have been secretly accessed any time since then. It was initially suspected by many that the attack was done by exploiting a flaw in SMF which allows you to upload any file to the user avatars directory, and then using a misconfiguration in nginx to execute this file as a PHP script. However, this attack method seems impossible if PHP's security.limit_extensions is set. Title: Re: Time to bring back avatars Post by: Swordsoffreedom on June 05, 2014, 02:47:19 AM It was because bitcointalk got hacked back in 2013 and they needed to disable them For those interested, you can refer to the thread https://bitcointalk.org/index.php?topic=306878.0 Good point will contribute a video of it in practice as well since a picture says a 1000 words and a video is a play by play :) http://www.youtube.com/watch?v=LKrOHAfMdxI That said did Theymos finally review the 1XX script the hack was way back in 2013 so there should have been sufficient time to see if the problem was with avatars. Title: Re: Time to bring back avatars Post by: SgtMoth on June 05, 2014, 02:52:06 AM whats an avatar?
Title: Re: Time to bring back avatars Post by: jonald_fyookball on June 05, 2014, 03:31:34 AM Nginx ehh.. What's wrong with apache?
Title: Re: Time to bring back avatars Post by: BigMac on June 05, 2014, 04:05:40 AM It was because bitcointalk got hacked back in 2013 and they needed to disable them For those interested, you can refer to the thread https://bitcointalk.org/index.php?topic=306878.0http://www.youtube.com/watch?v=LKrOHAfMdxI That said did Theymos finally review the 1XX script the hack was way back in 2013 so there should have been sufficient time to see if the problem was with avatars. It seems your quotes didn't work very well. ;) Title: Re: Time to bring back avatars Post by: CEG5952 on June 05, 2014, 06:45:23 AM I'd love for avatars to come back. LOL, I'm stuck with this guy. I just randomly picked one when I joined. If I knew I was gonna stick around, I probably would have chosen a better one... :-\
Title: Re: Time to bring back avatars Post by: Swordsoffreedom on June 05, 2014, 09:17:06 AM It seems your quotes didn't work very well. ;) Sometimes I try to get rid of the quote walls or adjust it to topic and miss one sorry about that and edited ;D. I am not sure if suggesting a pruning method to include certain quotes only would be a software improvement or just being lazy lol. Title: Re: Time to bring back avatars Post by: gagalady on June 05, 2014, 03:36:20 PM I would also like to get avatars back and why they were disabled , for what reason?
Title: Re: Time to bring back avatars Post by: Yuki1988 on June 05, 2014, 03:59:32 PM I would also like to get avatars back and why they were disabled , for what reason? Read a few posts up there, and you will see. I would love avatars to come back. Don't see why they were taken away in the first place. It was because bitcointalk got hacked back in 2013 and they needed to disable them For those interested, you can refer to the thread https://bitcointalk.org/index.php?topic=306878.0 On October 3, it was discovered that an attacker inserted some JavaScript into forum pages. The forum was shut down soon afterward so that the issue could be investigated carefully. After investigation, I determined that the attacker most likely had the ability to execute arbitrary PHP code. Therefore, the attacker probably could have accessed personal messages, email addresses, and password hashes, though it is unknown whether he actually did so. Passwords were hashed very strongly. Each password is hashed with 7500 rounds of sha256crypt and a 12-byte random salt (per password). Each password would need to be individually attacked in order to retrieve the password. However, even fairly strong passwords may be crackable after a long period of time, and weak passwords (especially ones composed of only a few dictionary words) may still be cracked quickly, so it is recommended that you change your password here and anywhere else you used the password. The attacker may have modified posts, PMs, signatures, and registered Bitcoin addresses. It isn't practical for me to check all of these things for everyone, so you should double-check your own stuff and report any irregularities to me. How the attack was done I believe that this is how the attack was done: After the 2011 hack of the forum, the attacker inserted some backdoors. These were removed by Mark Karpelles in his post-hack code audit, but a short time later, the attacker used the password hashes he obtained from the database in order to take control of an admin account and insert the backdoors back in. (There is a flaw in stock SMF allowing you to login as someone using only their password hash. No bruteforcing is required. This was fixed on this forum when the password system was overhauled over a year ago.) The backdoors were in obscure locations, so they weren't noticed until I did a complete code audit yesterday. After I found the backdoors, I saw that someone (presumably the attacker) independently posted about his attack method with matching details. So it seems very likely that this was the attack method. Because the backdoors were first planted in late 2011, the database could have been secretly accessed any time since then. It was initially suspected by many that the attack was done by exploiting a flaw in SMF which allows you to upload any file to the user avatars directory, and then using a misconfiguration in nginx to execute this file as a PHP script. However, this attack method seems impossible if PHP's security.limit_extensions is set. Title: Re: Time to bring back avatars Post by: ampere9765 on June 05, 2014, 09:42:11 PM Okay, so we just need to come up with a million bucks for the forum, and then I am no longer stuck being Bruce Willis? Sounds good to me. Let's get on that! :)
Title: Re: Time to bring back avatars Post by: hilariousandco on June 05, 2014, 09:54:13 PM Theymos has previously stated that he will remove avatars for people who don't want theirs anymore but won't change them. Pm him if you want but I'd just keep it for now.
Title: Re: Time to bring back avatars Post by: Cryptopher on June 05, 2014, 10:17:41 PM and also return "move topic" and "make thread self moderated" to the options please. No reason to remove them, not having them in there just creates more work for mods. The move topic is still there, in the bottom left when viewing your topic. You can make a thread self-moderated at topic creation time under additional options, but I don't believe that you can subsequently change this. I would love to see the avatar option return - I know that it is in the new forum plans, but it would be nice if they were activated on here again. They stopped allowing avatars by the time I had joined the forum. Title: Re: Time to bring back avatars Post by: oli123123 on June 07, 2014, 05:46:30 PM Guys please stop creating threads like this, you won't be able to change your avatar until the forum software upgrade.
Title: Re: Time to bring back avatars Post by: Yuki1988 on June 07, 2014, 05:51:04 PM Guys please stop creating threads like this, you won't be able to change your avatar until the forum software upgrade. This thread is not new (created in Apr), but it gets bumped... Title: Re: Time to bring back avatars Post by: Cryptopher on June 07, 2014, 05:55:09 PM Guys please stop creating threads like this, you won't be able to change your avatar until the forum software upgrade. This thread is not new (created in Apr), but it gets bumped... By new I think that he means that it was decided before then that we won't have custom avatars until at least the forum software upgrade. Title: Re: Time to bring back avatars Post by: oli123123 on June 07, 2014, 10:50:41 PM Guys please stop creating threads like this, you won't be able to change your avatar until the forum software upgrade. This thread is not new (created in Apr), but it gets bumped... Title: Re: Time to bring back avatars Post by: AlPutino on June 08, 2014, 06:23:06 AM yes please!!!!11 I would like to constantly see the flawless image of alPutino there.
Title: Re: Time to bring back avatars Post by: jeffersonairplane on June 08, 2014, 06:36:51 AM It's in development now. There's an entire subforum dedicated to it: https://bitcointalk.org/index.php?board=167.0 What development needs to be done. All they need to do is enable it. Title: Re: Time to bring back avatars Post by: Yuki1988 on June 08, 2014, 07:15:22 AM It's in development now. There's an entire subforum dedicated to it: https://bitcointalk.org/index.php?board=167.0 What development needs to be done. All they need to do is enable it. The new forum software is in development. We will have a completely new software around next Feb. Title: Re: Time to bring back avatars Post by: ajareselde on June 10, 2014, 06:03:40 PM There are alot of other things that must be done.
Avatar is nice, but u shouldnt put bling bling infront of your info safety Title: Re: Time to bring back avatars Post by: nwfella on June 11, 2014, 05:53:56 AM Certainly wouldn't mind seeing this functionality re-enabled soon.
Title: Re: Time to bring back avatars Post by: knightcoin on June 11, 2014, 06:10:19 AM they' scare to death to be hacked again ...
be cool and people will be cool ... ortherwise .. people will start poke into simple machines again ... Title: Re: Time to bring back avatars Post by: oli123123 on June 11, 2014, 11:56:00 AM It's in development now. There's an entire subforum dedicated to it: https://bitcointalk.org/index.php?board=167.0 What development needs to be done. All they need to do is enable it. Title: Re: Time to bring back avatars Post by: jeffersonairplane on June 11, 2014, 08:31:38 PM It's in development now. There's an entire subforum dedicated to it: https://bitcointalk.org/index.php?board=167.0 What development needs to be done. All they need to do is enable it. What security problems arise from that? Title: Re: Time to bring back avatars Post by: Acidyo on June 11, 2014, 09:06:04 PM I would also love to finally be able to have an avatar. :)
Why did they get disabled anyway? Title: Re: Time to bring back avatars Post by: alani123 on June 11, 2014, 09:11:40 PM I would also love to finally be able to have an avatar. :) Why did they get disabled anyway? There were some issues at first, they disabled them saying they'll be fixed later. But ultimately they're not getting fixed until the new forum software arrives. Here's the board created about the software https://bitcointalk.org/index.php?board=167.0 Title: Re: Time to bring back avatars Post by: Pkofet on June 12, 2014, 07:24:32 AM Changing avatars is disabled because of a security problem. They won't enable it until the new forum software. What security problems arise from that?Why did they get disabled anyway? No idea about the details, but I believe it was disabled after the hack in Oct. https://bitcointalk.org/index.php?topic=306878.0 Title: Re: Time to bring back avatars Post by: Initscri on June 12, 2014, 07:18:42 PM There's no point waiting for avatars until the new forum is complete. A new forum is going to replace this forum regardless.
If security is priority number one, then a security audit will surely need to be put into place upon logo reactivation. More money spent. Title: Re: Time to bring back avatars Post by: oli123123 on June 15, 2014, 10:40:50 AM There's no point waiting for avatars until the new forum is complete. A new forum is going to replace this forum regardless. Yeah, we just have to wait for the new forum software.If security is priority number one, then a security audit will surely need to be put into place upon logo reactivation. More money spent. Title: Re: Time to bring back avatars Post by: drugo on June 16, 2014, 10:40:09 AM yes we want avatar back
Title: Re: Time to bring back avatars Post by: Hazir on June 16, 2014, 04:52:04 PM This is the first forum when avatars are disabled for security reasons. And I don't get it why, really. So big and popular forum without avatars? It is time to bring them back imo.
Title: Re: Time to bring back avatars Post by: Initscri on June 16, 2014, 04:56:20 PM This is the first forum when avatars are disabled for security reasons. And I don't get it why, really. So big and popular forum without avatars? It is time to bring them back imo. Forum software has yet to be updated. If you look at the bottom, the version of SMF is 1.1.19. SMF is currently at 2.0.7 Stable. We have an old forum software which may have unknown/known bugs with file uploads which could cause security issues. I'm not saying I wouldn't like avatars... I just prefer a secure forum. This is a unique forum in the way it is run and is more of a target of exploits than others. Security < Nice images. Title: Re: Time to bring back avatars Post by: 21-hater on June 16, 2014, 06:41:38 PM As long as it is a security flaw no way.
Title: Re: Time to bring back avatars Post by: Malok on June 16, 2014, 08:26:20 PM If there's a security risk...obviously have to wait for the upgrade. That being said, I like being able to "personalize" my profile with an avatar, so definitely looking forward to when they are able to be used.
Title: Re: Time to bring back avatars Post by: Joca97 on June 16, 2014, 09:02:04 PM yes it would be nice to bring avatars back!!! :)
Title: Re: Time to bring back avatars Post by: CoinHoarder on June 16, 2014, 10:05:20 PM Pleassssseeeee.
I want to get rid of this ugly Litecoin logo in my avatar. :D If not re-enabling avatars, please at least allow us to delete our old ones. Bitcoin 4 life Title: Re: Time to bring back avatars Post by: Initscri on June 16, 2014, 10:07:37 PM Pleassssseeeee. I want to get rid of this ugly Litecoin logo in my avatar. :D If not re-enabling avatars, please at least allow us to delete our old ones. Bitcoin 4 life You can try contacting Theymos and see if he will do it for you. In all honesty though, I'd rather have a bad (depending on how bad) avatar than no avatar. Title: Re: Time to bring back avatars Post by: Neotox on June 18, 2014, 05:31:08 AM yes
allow changing or adding avatars Title: Re: Time to bring back avatars Post by: ranochigo on June 18, 2014, 05:51:04 AM It would pose some security risk, the forum was previously hacked because of this. Not sure if the community want to giveup their security for changing of avatar.
Title: Re: Time to bring back avatars Post by: sgk on June 18, 2014, 06:16:34 AM whats an avatar? Could you lend me yours for a day? ;D |