imsaguy
General failure and former
VIP
Hero Member
Offline
Activity: 574
Merit: 500
Don't send me a pm unless you gpg encrypt it.
|
|
November 09, 2011, 06:46:33 AM |
|
Why not write a server side script that would allow users to input ad-hoc an external image link, it would then be tested for various properties (i.e. the size of the file, whether it is a valid image file, whether it is a dynamically generated image, whether it obeys the dimension restrictions) and if the image passed the criteria, permission would be given to the post parser to display the embedded image. If not, then the image would not be embedded.
When the images are external, the image itself can always be replaced later. So just because it passes today or tomorrow, in 3 days, I could keep the same image url, but the image itself is different. The only solution is local images or no images. Otherwise, there truly is no guarantee.
|
|
|
|
mjcmurfy
|
|
November 09, 2011, 06:52:21 AM |
|
Why not write a server side script that would allow users to input ad-hoc an external image link, it would then be tested for various properties (i.e. the size of the file, whether it is a valid image file, whether it is a dynamically generated image, whether it obeys the dimension restrictions) and if the image passed the criteria, permission would be given to the post parser to display the embedded image. If not, then the image would not be embedded.
When the images are external, the image itself can always be replaced later. So just because it passes today or tomorrow, in 3 days, I could keep the same image url, but the image itself is different. The only solution is local images or no images. Otherwise, there truly is no guarantee. I'm aware of that. Read the second part of my post again.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
November 09, 2011, 06:52:45 AM |
|
When the images are external, the image itself can always be replaced later. So just because it passes today or tomorrow, in 3 days, I could keep the same image url, but the image itself is different. The only solution is local images or no images. Otherwise, there truly is no guarantee.
Exactly. Sadly it looks like the forum is going back into circa 1980s text only BBS but all these complicated schemes to validated and revalidated are dumb. Either you host images locally or don't bother trying to do anything else because odds are no scheme is going to stop a determined hacker. Given how easy it is to host images locally it simply doesn't make sense trying to make the "problem" more complicated only to have it be a token security measure. Three options 1) No images 2) Locally cache images 3) Accept that you may be attacked
|
|
|
|
mjcmurfy
|
|
November 09, 2011, 07:02:15 AM |
|
... all these complicated schemes to validated and revalidated are dumb.
Really? Why are you involved in bitcoin again? It's not that complicated. Three options 1) No images 2) Locally cache images 3) Accept that you may be attacked
Let me expand on that: 1) No images 2) Figure out a way of solving the problem and save server costs3) Locally cache images 4) Do nothing and accept that you may be attacked
|
|
|
|
BTCurious
|
|
November 09, 2011, 10:53:00 AM |
|
I know no one is going to care about me, but I'm going to look for a different forum. This is ridiculous. 4chan has thumbnails (which I always expand using javascript anyway), and reddit/IRC/everything2 are only popular with nerds for a reason. The only good solution I've heard to this… "whim", is to have a checkbox to turn on or off embedded images. If they were turned off, they would be automatically turned into a link. But this suggestion is being completely ignored. There is no such thing as the perfect forum, you should be looking for the perfect forums.This non-issue is being solved with a sledge-hammer.
|
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
November 09, 2011, 04:53:05 PM |
|
I can't wait until we have enough people at bitcoinforums.net that we can have proper discussions there, and get away from this forum. Hopefully, theymos pushing away users from this forum with this new image scheme will make that happen.
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
November 09, 2011, 04:57:38 PM |
|
Why not write a server side script that would allow users to input ad-hoc an external image link, it would then be tested for various properties (i.e. the size of the file, whether it is a valid image file, whether it is a dynamically generated image, whether it obeys the dimension restrictions) and if the image passed the criteria, permission would be given to the post parser to display the embedded image. If not, then the image would not be embedded.
When the images are external, the image itself can always be replaced later. So just because it passes today or tomorrow, in 3 days, I could keep the same image url, but the image itself is different. The only solution is local images or no images. Otherwise, there truly is no guarantee. I'm aware of that. Read the second part of my post again. Your entire idea blows up when you consider that the image could be dynamic. That means that a script generates it. Scripts can be told to always serve the exact same image to the forum server when it's checked. At that point, the only way to avoid IP address whack-a-mole is to put the image checker behind tor. Even then, the script can simply be told to serve the static image to any user behind tor, instead of the dynamic image, since that would only impact a small fraction of the people who would load the image.
|
|
|
|
btc_artist
Full Member
Offline
Activity: 154
Merit: 102
Bitcoin!
|
|
November 09, 2011, 06:05:48 PM |
|
Like I said before, I think it's a better policy to assume that people don't want images.
From a pure usability and UX standpoint, the best policy would be to assume that people DO want images, perhaps clickable thumbnails that show the full image in a lightbox. On the other hand, this is a privately owned website, and the owners are free to do as they please. As for dealing with security issues (cookie stuffing and CSRF), simply host all images locally and have stringent checks to validate them as clean image files. That's a no-brainer for me. EDIT: IMO, sig images are a distraction to useful discussion, but embedded images in posts can be very helpful to discussion.
|
BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
|
|
|
Bitsky
|
|
November 09, 2011, 06:15:14 PM |
|
- add column "showsigimg" to database and default it to 0 - add checkbox "Don't show images in users' signatures" under "Look and Layout Preferences" - mod source to toggle showsigimg depending on checkbox state - mod source to add <style type="text/css">.signature img {display: none;}</style> into head section if showsigimg==1 Problem solved. Thanks to btc_novice for starting this idea. My goal is to make the best Bitcoin forum possible, not to appeal to current users.
If users are not appealed, then this won't be the best forum possible. Simple as that. You can have the greatest product in the universe, but if nobody wants it, you're fubar'ed. See Betamax. Seriously, this should be rather trivial and doesn't really deserve all this drama.
|
|
|
|
btc_artist
Full Member
Offline
Activity: 154
Merit: 102
Bitcoin!
|
|
November 09, 2011, 06:17:11 PM |
|
Seriously, this should be rather trivial and doesn't really deserve all this drama.
Yup.
|
BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
|
|
|
BitMagic
Member
Offline
Activity: 98
Merit: 10
|
|
November 09, 2011, 06:32:57 PM |
|
Youknowwhatelsewecouldgetridof?Whitespace.
W cld rmv ll vwls. tht mght b fn. Trolling much? That always gets you what you want. No, it's called continued satire to show the ridiculousness of this whole ordeal. Sometimes a comical response has more of a point than to piss off other posters.
|
Please give me your money, because I am a shameless libertarian elite who deserves your money more than you do: 9Hkao8U82WWDp6SQGn4k7ad9gT1LWeL5s3
|
|
|
Graet
VIP
Legendary
Offline
Activity: 980
Merit: 1001
|
|
November 29, 2011, 01:27:26 AM |
|
what is happening with this?
It seems rather discriminatory that some pools can use sig images still while others are blocked. and when will the avatar pool images be blocked? or are they ok?
or are these forums not about fairness? it is one thing to deal with the trolls and the crap that comes from them, but when the administration stops being fair to all participants.... maybe it is time to move to a forum that is more consistent in its admin...
either do the job properly or allow the free for all that there was previously....
|
|
|
|
cablepair
|
|
November 29, 2011, 03:03:04 AM |
|
its not that they are blocking one and not another
the way it works is as soon as you change your signature it starts to blocks images
so the people who still have images in their signature means they have not changed it since before the new rules
|
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
November 29, 2011, 03:15:53 AM |
|
Result: Some people have images, some don't. its not that they are blocking one and not another
|
|
|
|
AniceInovation
Donator
Sr. Member
Offline
Activity: 446
Merit: 262
Interesting.
|
|
December 24, 2011, 02:12:48 PM |
|
Is this change definitive or you're looking to fix it?
|
|
|
|
tysat
Legendary
Offline
Activity: 966
Merit: 1004
Keep it real
|
|
June 14, 2012, 03:15:57 PM |
|
This new policy seems to be more about the mods' personal tastes than the demands of the community.
...yes, this "new" policy from November of last year...
|
|
|
|
cryptoanarchist
Legendary
Offline
Activity: 1120
Merit: 1003
|
|
June 14, 2012, 05:02:48 PM |
|
This new policy seems to be more about the mods' personal tastes than the demands of the community.
...yes, this "new" policy from November of last year... oops...I don't know how I ended up on this thread. I seem to remember it was like it was the third or fourth down in the 'meta' forum when I clicked on it. sorry
|
I'm grumpy!!
|
|
|
iCEBREAKER
Legendary
Offline
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
|
|
July 13, 2012, 06:47:48 PM |
|
looks like the forum is going back into circa 1980s text only BBS but all these complicated schemes to validated and revalidated are dumb.
Three options 1) No images 2) Locally cache images 3) Accept that you may be attacked
I <3 txt only 80s BBSes!!!1 And so: Option 4) Can I allowed for putting big ANSi arts in my sig? 8^P ,.=ctE55ttt553tzs., ,,c5;z==!!:::: .::7:==it3>., ,xC;z!:::::: ::::::::::::!=c33x, ,czz!::::: ::;;..===:..::: ::::!ct3. ,C;/.:: : ;=c!:::::::::::::::.. !tt3. /z/.: :;z!:::::J :E3. E:::::::.. !ct3. ,E;F ::;t::::::::J :E3. E::. ::. \ttL ;E7. :c::::F****** **. *==c;.. :: Jttk .EJ. ;::::::L "\:. ::. Jttl [:. :::::::::773. JE773zs. I:. ::::. It3L ;:[ L:::::::::::L |t::!::J |:::::::: :Et3 [:L !::::::::::::L |t::;z2F .Et:::.:::. ::[13 E:. !::::::::::::L =Et::::::::! ::|13 E:. (::::::::::::L ....... \:::::::! ::|i3 [:L !:::: ::L |3t::::!3. ]::::::. ::[13 !:( .::::: ::L |t::::::3L |:::::; ::::EE3 E3. :::::::::;z5. Jz;;;z=F. :E:::::.::::II3[ Jt1. :::::::[ ;z5::::;.::::;3t3 \z1.::::::::::l...... .. ;.=ct5::::::/.::::;Et3L \t3.:::::::::::::::J :E3. Et::::::::;!:::::;5E3L "cz\.:::::::::::::J E3. E:::::::z! ;Zz37` \z3. ::;:::::::::::::::;=' ./355F \z3x. ::~=======' ,c253F "tz3=. ..c5t32^ "=zz3==... ...=t3z13P^ `*=zjzczIIII3zzztE3>*^`
|
██████████ ██████████████████ ██████████████████████ ██████████████████████████ ████████████████████████████ ██████████████████████████████ ████████████████████████████████ ████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ████████████████████████████████ ██████████████ ██████████████ ████████████████████████████ ██████████████████████████ ██████████████████████ ██████████████████ ██████████ Monero
|
| "The difference between bad and well-developed digital cash will determine whether we have a dictatorship or a real democracy." David Chaum 1996 "Fungibility provides privacy as a side effect." Adam Back 2014
|
| | |
|
|
|
Bitcoin Oz
|
|
July 14, 2012, 03:46:01 AM |
|
Someone needs to create ascii banners for advertisers
|
|
|
|
|