No more signature images

[BitcoinPorn]

Animated avatars are the worst.   Also, I love how strong of an opinion everyone has at the moment when this topic has come up so many times yet I don't think I have ever seen this much activity about it.

pot, kettle.

Post was for the lulz.   I love avatars.  I hate sigs, but I am fine with them within size constraints.  I think I've participated in this type of topic a few times in the Meta section, so no pots or kettles here   just people whining about censorship and democracy issues on a privately owned forum.

There are many other forums available with many posting options https://en.bitcoin.it/wiki/Bitcoin:Community_portal    .. and a lot of those are not hosted on MagicalTux's servers, so no fear of the whole Mt Gox controls everything situation I sometimes read about.

[btc_artist]

Fair enough.

[greyhawk]

here're more things to consider to disable:

emoticons
icons
css styles
js

as it is not real information and therefor completely worthless and offtopic, just taking extra space and bandwith

Good point.  All you need is tables in a database format.  Minimalism at its best!

Heck, remove the links too - those just take up space.  If you want to get somewhere, just type in the URL.

Youknowwhatelsewecouldgetridof?Whitespace.

[payb.tc]

anyone else think it's funny this policy is coming from the owner of the most bland bitcoin site ever (blockexplorer.com)?

[mjcmurfy]

Also, I love how strong of an opinion everyone has at the moment when this topic has come up so many times yet I don't think I have ever seen this much activity about it.

This is the first time I have heard anything about banning embedded images. I thought it was just about banning signature images. That in and of itself isn't too big of a deal, so I never felt the need to say much about it. Most find them annoying, and there are legitimate reasons for wanting to get rid of them, but it doesn't bother me nearly as much as total banning of all embedded external images. That is an insane policy unless the admins are willing to go the extra expense and provide local image storage.

... just people whining about censorship and democracy issues on a privately owned forum.

I don't want to be part of ANY forum that does not listen to the wishes of its members, privately owned or not. The ideology of bitcoin is one of the rejection of centralized power structures that are inflexible to the wishes of those they rule over. If this forum is not willing to do so, then most of us will just join one that listens to them and bye-bye forum. Democracy still functions correctly on the nets at least. I personally like this forum, so I want to ensure that the admins make the correct decisions and have a thriving community that continues into the future.

[Maged]

Yes, hosting the images is not worth the trouble. Definitely don't do that.
But there are many ways you can prevent the linking of dynamic images, and thus prevent cookie stuffing.

That is impossible. The only way you can prevent people from linking dynamic images without local hosting is by whitelisting image upload sites where you trust that it is impossible to upload dynamic images.

In my mind, a forum is more useful when people can read through a guide with pictures without having to click on each image to display it individually.  But I guess not everyone can look past the fractions-of-a-second lost when scrolling past an off-topic picture.  

Agreed.  The cookie stuffing exploit is real enough, though. It would be easy enough to add some Javascript to detect whether or not the resource loaded in the img src url is actually an image, and if not, then all users who have Javascript enabled would get a huge warning (and mods could easily see them and delete).

eg:
http://stackoverflow.com/questions/3499941/javascript-check-if-img-src-is-valid
http://stackoverflow.com/questions/3744266/how-can-i-test-if-a-url-is-a-valid-image-in-javascript

All that does is warn the user after the fact. By then, it's too late.

[btc_artist]

Yes, hosting the images is not worth the trouble. Definitely don't do that.
But there are many ways you can prevent the linking of dynamic images, and thus prevent cookie stuffing.

That is impossible. The only way you can prevent people from linking dynamic images without local hosting is by whitelisting image upload sites where you trust that it is impossible to upload dynamic images.

In my mind, a forum is more useful when people can read through a guide with pictures without having to click on each image to display it individually.  But I guess not everyone can look past the fractions-of-a-second lost when scrolling past an off-topic picture.  

Agreed.  The cookie stuffing exploit is real enough, though. It would be easy enough to add some Javascript to detect whether or not the resource loaded in the img src url is actually an image, and if not, then all users who have Javascript enabled would get a huge warning (and mods could easily see them and delete).

eg:
http://stackoverflow.com/questions/3499941/javascript-check-if-img-src-is-valid
http://stackoverflow.com/questions/3744266/how-can-i-test-if-a-url-is-a-valid-image-in-javascript

All that does is warn the user after the fact. By then, it's too late.

If the attack is cookie stuffing, then you clear your browser cookies-- problem solved.  If the attack is CSRF, then you're screwed, BUT, if there is an application/site that is vulnerable to CSRF, that's their problem, not this forum's problem.

[Transisto]

Does not take a genius to figure out what's annoying and what isn't.

Smaller SIG and no animated avatar seems the best cut-off.

Sorry btcPorn


NOT OK
(520 KB) !!!








Borderline




OK

[BitcoinPorn]

Does not take a genius to figure out what's annoying and what isn't.

Smaller SIG and no animated avatar seems the best cut-off.

Sorry btcPorn

Don't be sorry to me, be sorry to yourself for not "voting" every time this topic has come up and even I am happy either with no sigs or regulated sigs.  Hell, I am a fan of everyone signatures being EXACTLY the same in design..  https://bitcointalk.org/index.php?topic=24367.0  back from June.  I still stand by that would be a cool idea too.  Fuck all other things in everyones signature, just a btc address.

Animated avatar I could care less about, it is funny how two frames of animation that end up being less in size than one jpeg image most people use, but that is beside the point.  Oh wait, no it isn't :p

Always felt sig sizes should just be sort of standard ad sizes.  468x60 or something around that I think.  Other people prefer sig bar size.  I like those too.    theymos, is the further discussion on this topic done or are you kind of reading through some of the posts here to catch any actual usable ideas?

I don't want to be part of ANY forum that does not listen to the wishes of its members, privately owned or not. The ideology of bitcoin is one of the rejection of centralized power structures that are inflexible to the wishes of those they rule over. If this forum is not willing to do so, then most of us will just join one that listens to them and bye-bye forum.

  empty threats.  No one leaves here for good.  Even the ones that did still lurk lol

[BitMagic]

Youknowwhatelsewecouldgetridof?Whitespace.

W cld rmv ll vwls. tht mght b fn.

[imsaguy]

Youknowwhatelsewecouldgetridof?Whitespace.

W cld rmv ll vwls. tht mght b fn.

Trolling much? That always gets you what you want.

[BTCurious]

Youknowwhatelsewecouldgetridof?Whitespace.

W cld rmv ll vwls. tht mght b fn.

Trolling much? That always gets you what you want.

I hate the otto row of y keyoard Let's reoe that yeah

[mjcmurfy]

e eoe a ooa (lets remove all consonants)

I know I'm being facetious, but it's fun.

[BTCurious]

[cbeast]

www.no_more_stupid_links.wtf

[mjcmurfy]

I don't want to be part of ANY forum that does not listen to the wishes of its members, privately owned or not. The ideology of bitcoin is one of the rejection of centralized power structures that are inflexible to the wishes of those they rule over. If this forum is not willing to do so, then most of us will just join one that listens to them and bye-bye forum.

  empty threats.  No one leaves here for good.  Even the ones that did still lurk lol

Not over the space of a few months, but time answers all questions. I want the admins here to get the answer right.

[theymos]

So the best way to ensure ideas can be expressed effectively is to ban any form of imagery and limit people's means of communication to text only? This is broken logic.

You're not limited to text. You can easily include a direct link to an image, and readers can access the image with a single click. It's not a huge barrier.

How can you judge their worth anyway?

With links instead of embedded images, readers will judge the worth of images before clicking on them.

But there are many ways you can prevent the linking of dynamic images, and thus prevent cookie stuffing.

Either the forum needs to check and recheck images constantly, which is expensive, or client-side code needs to be used to prevent large images, which might not work for all users. I don't find either of these solutions acceptable.

They do NOT use up any of this server's bandwidth. Are you kidding me? The request is not sent from this server, it is sent from the users viewing the images - using up the bandwidth the image is hosted on, not bitcointalk's bandwidth.

Obviously I was talking about the bandwidth of readers...

Turn down the fidelity of your browser's error reporting if it's a problem for you.

All major browsers will do something different when viewing pages with mixed content. On Firefox and recent versions of IE the URL bar changes color. On older versions of IE a dialog box popped up on every such page.

Why not hold a vote on the issue to find out how correct your assumptions are?

I know that my security concerns are justified.

A vote would determine only what the majority of current users want, which is not very important. It's easy for the majority to be wrong.

These forums don't need to become 4chan just to allow photos, and what kind of an admin can't restrict sizes?

I like 4chan. On 4chan, every image is hosted locally, so there are no security problems, and each image is the same, small size until you click on it. I want to do the same thing here, but without the thumbnail (since this is not an imageboard and images are not the central focus).

Fine. Fair point. So make sig images turned off by default, but let people turn them on if they choose! What you are proposing removes all choice entirely from the user. You are doing the very opposite of providing "freedom and choice" which you ironically use as justification for limiting those very things.

I'm fine with that:

SMF doesn't support this. If it did, I would definitely allow the option of showing signature images.

I'd add it now if I could figure out how to add a new user setting in a reasonable amount of time.

If you remove images there is a great "unknown" cost... all the good information that otherwise would've been conveyed, yet nobody will ever know about it or account for it.

I'm getting rid of embedded images. Not images entirely. If you like images, you can click the image links. This works very well on IRC, 4chan, and the other sites/systems I mentioned previously.

Someone might not care about another user's mining stats, but what about an image that shows how many donations a charity has recieved?

It would be far down on my list of things to do, but I wouldn't be opposed to having the server fetch a small text file every once in a while to display in signatures/posts.

Bottom line:  Allow signature images-- if I don't like them, I can add a greasemonkey user script to hide them in literally 30 seconds.

Like I said before, I think it's a better policy to assume that people don't want images. You can write a GreaseMonkey script to expand all directly-linked images in a few minutes, too.

here're more things to consider to disable:

emoticons
icons
css styles
js

as it is not real information and therefor completely worthless and offtopic, just taking extra space and bandwith

Emoticons probably will be eliminated with the next software. Images in the layout will be reduced. The other things are used to attractively structure data and create features. Even Bitcoin Block Explorer uses CSS and JavaScript.

I find avatars to be useful in quickly identifying posters, so I'm almost never annoyed by those. You can also disable seeing them in your settings.

[ineededausername]

Hi theymos, thanks for the easily exploitable quote
SIGGED

[theymos]

Hi theymos, thanks for the easily exploitable quote
SIGGED

I first found Bitcoin on 4chan, so I especially like 4chan.

[mjcmurfy]

So the best way to ensure ideas can be expressed effectively is to ban any form of imagery and limit people's means of communication to text only? This is broken logic.

You're not limited to text. You can easily include a direct link to an image, and readers can access the image with a single click. It's not a huge barrier.

Why not write a server side script that would allow users to input ad-hoc an external image link, it would then be tested for various properties (i.e. the size of the file, whether it is a valid image file, whether it is a dynamically generated image, whether it obeys the dimension restrictions) and if the image passed the criteria, permission would be given to the post parser to display the embedded image. If not, then the image would not be embedded.

Either the forum needs to check and recheck images constantly, which is expensive, or client-side code needs to be used to prevent large images, which might not work for all users. I don't find either of these solutions acceptable.

Validated images could potentially be replaced with something else later, necessitating continuous checking - granted, but you just need a database table that keeps track of validated images that the parser can re-query at runtime. If the image has been modified, the image 'hash' would be different and the image would have to be reverified manually by the poster else it would not be displayed, and no further checking would be done until the OP revalidated the image.

You wouldn't have to do this image hash checking each time the thread is loaded, you could just set up a daily cron that would reverify a certain % of the embedded external images table. Maybe have it so that each image is checked once every 2 days or so, or spread it out slowly over a period of time.

You could make it a quite efficient process that would not require that much by way of server resources. We have gotten pretty good at driving down the cost of hashing power, have we not? And it would seem that it would be better in terms of resource usage than actually storing the images, using up potentially huge amounts of disk space and a heckuva lot of bandwidth - simply to ensure their integrity.

This way requires no additional disk space and much lower bandwidth costs as the server only has to download the image once every two days, instead of uploading it hundreds of times per day to individual users.

They do NOT use up any of this server's bandwidth. Are you kidding me? The request is not sent from this server, it is sent from the users viewing the images - using up the bandwidth the image is hosted on, not bitcointalk's bandwidth.

Obviously I was talking about the bandwidth of readers...

Then why were you using it as justification for getting rid of embedded images? It is trivial in comparison to the cumulative bandwidth that delivering locally stored images would clock up. And why should the operators of the forum care about how much bandwidth a few images take up on the end-users side? If you watch a single youtube video, I'd imagine it would still account for more bandwidth use than a week's worth of surfing this forum.

Why not hold a vote on the issue to find out how correct your assumptions are?

I know that my security concerns are justified.

A vote would determine only what the majority of current users want, which is not very important. It's easy for the majority to be wrong.

Yes, they are of course justified. It is just the conclusions you are drawing that I have questions about. We don't need to crack this walnut with a sledgehammer. There are workarounds that can be put in place.

Your lack of respect for what the users of the forum think is quite cynical and arrogant. At the end of the day, you have to keep your members on side, as they are the ones that produce all of the content and make this forum what it is. Telling them directly that what they think is not important is a highly presumptuous move for you. People remember statements like that.

Yes it's easy for the majority to be wrong, but it's even easier for a single individual to be wrong.