No more signature images

[imsaguy]

Why not write a server side script that would allow users to input ad-hoc an external image link, it would then be tested for various properties (i.e. the size of the file, whether it is a valid image file, whether it is a dynamically generated image, whether it obeys the dimension restrictions) and if the image passed the criteria, permission would be given to the post parser to display the embedded image. If not, then the image would not be embedded.

When the images are external, the image itself can always be replaced later.  So just because it passes today or tomorrow, in 3 days, I could keep the same image url, but the image itself is different.  The only solution is local images or no images. Otherwise, there truly is no guarantee.

[1714102886]

1714102886

[1714102886]

1714102886

[1714102886]

1714102886

[1714102886]

1714102886

[mjcmurfy]

Why not write a server side script that would allow users to input ad-hoc an external image link, it would then be tested for various properties (i.e. the size of the file, whether it is a valid image file, whether it is a dynamically generated image, whether it obeys the dimension restrictions) and if the image passed the criteria, permission would be given to the post parser to display the embedded image. If not, then the image would not be embedded.

When the images are external, the image itself can always be replaced later.  So just because it passes today or tomorrow, in 3 days, I could keep the same image url, but the image itself is different.  The only solution is local images or no images. Otherwise, there truly is no guarantee.

I'm aware of that. Read the second part of my post again.

[DeathAndTaxes]

When the images are external, the image itself can always be replaced later.  So just because it passes today or tomorrow, in 3 days, I could keep the same image url, but the image itself is different.  The only solution is local images or no images. Otherwise, there truly is no guarantee.

Exactly.  Sadly it looks like the forum is going back into circa 1980s text only BBS but all these complicated schemes to validated and revalidated are dumb.

Either you host images locally or don't bother trying to do anything else because odds are no scheme is going to stop a determined hacker.  Given how easy it is to host images locally it simply doesn't make sense trying to make the "problem" more complicated only to have it be a token security measure.

Three options
1) No images
2) Locally cache images
3) Accept that you may be attacked

[mjcmurfy]

... all these complicated schemes to validated and revalidated are dumb.

Really? Why are you involved in bitcoin again?
It's not that complicated.

Three options
1) No images
2) Locally cache images
3) Accept that you may be attacked

Let me expand on that:

1) No images
2) Figure out a way of solving the problem and save server costs
3) Locally cache images
4) Do nothing and accept that you may be attacked

[BTCurious]

I know no one is going to care about me, but I'm going to look for a different forum. This is ridiculous. 4chan has thumbnails (which I always expand using javascript anyway), and reddit/IRC/everything2 are only popular with nerds for a reason.

The only good solution I've heard to this… "whim", is to have a checkbox to turn on or off embedded images. If they were turned off, they would be automatically turned into a link. But this suggestion is being completely ignored.
There is no such thing as the perfect forum, you should be looking for the perfect forums.

This non-issue is being solved with a sledge-hammer.

[SgtSpike]

I can't wait until we have enough people at bitcoinforums.net that we can have proper discussions there, and get away from this forum.  Hopefully, theymos pushing away users from this forum with this new image scheme will make that happen.

[Maged]

Why not write a server side script that would allow users to input ad-hoc an external image link, it would then be tested for various properties (i.e. the size of the file, whether it is a valid image file, whether it is a dynamically generated image, whether it obeys the dimension restrictions) and if the image passed the criteria, permission would be given to the post parser to display the embedded image. If not, then the image would not be embedded.

When the images are external, the image itself can always be replaced later.  So just because it passes today or tomorrow, in 3 days, I could keep the same image url, but the image itself is different.  The only solution is local images or no images. Otherwise, there truly is no guarantee.

I'm aware of that. Read the second part of my post again.

Your entire idea blows up when you consider that the image could be dynamic. That means that a script generates it. Scripts can be told to always serve the exact same image to the forum server when it's checked. At that point, the only way to avoid IP address whack-a-mole is to put the image checker behind tor. Even then, the script can simply be told to serve the static image to any user behind tor, instead of the dynamic image, since that would only impact a small fraction of the people who would load the image.

[btc_artist]

Like I said before, I think it's a better policy to assume that people don't want images.

From a pure usability and UX standpoint, the best policy would be to assume that people DO want images, perhaps clickable thumbnails that show the full image in a lightbox.

On the other hand, this is a privately owned website, and the owners are free to do as they please.

As for dealing with security issues (cookie stuffing and CSRF), simply host all images locally and have stringent checks to validate them as clean image files.  That's a no-brainer for me.

EDIT:  IMO, sig images are a distraction to useful discussion, but embedded images in posts can be very helpful to discussion.

[Bitsky]

- add column "showsigimg" to database and default it to 0
- add checkbox "Don't show images in users' signatures" under "Look and Layout Preferences"
- mod source to toggle showsigimg depending on checkbox state
- mod source to add <style type="text/css">.signature img {display: none;}</style> into head section if showsigimg==1

Problem solved. Thanks to btc_novice for starting this idea.

My goal is to make the best Bitcoin forum possible, not to appeal to current users.

If users are not appealed, then this won't be the best forum possible. Simple as that. You can have the greatest product in the universe, but if nobody wants it, you're fubar'ed. See Betamax.

Seriously, this should be rather trivial and doesn't really deserve all this drama.

[btc_artist]

Seriously, this should be rather trivial and doesn't really deserve all this drama.

Yup.

[BitMagic]

Youknowwhatelsewecouldgetridof?Whitespace.

W cld rmv ll vwls. tht mght b fn.

Trolling much? That always gets you what you want.

No, it's called continued satire to show the ridiculousness of this whole ordeal. Sometimes a comical response has more of a point than to piss off other posters.

[Graet]

what is happening with this?

It seems rather discriminatory that some pools can use sig images still while others are blocked.
and when will the avatar pool images be blocked? or are they ok?

or are these forums not about fairness? it is one thing to deal with the trolls and the crap that comes from them, but when the administration stops being fair to all participants....
maybe it is time to move to a forum that is more consistent in its admin...

either do the job properly or allow the free for all that there was previously....

[cablepair]

its not that they are blocking one and not another

the way it works is as soon as you change your signature it starts to blocks images

so the people who still have images in their signature means they have not changed it since before the new rules

[Matthew N. Wright]

Result: Some people have images, some don't.

its not that they are blocking one and not another

 

[AniceInovation]

Is this change definitive or you're looking to fix it?

[tysat]

This new policy seems to be more about the mods' personal tastes than the demands of the community.

...yes, this "new" policy from November of last year...

[cryptoanarchist]

This new policy seems to be more about the mods' personal tastes than the demands of the community.

...yes, this "new" policy from November of last year...

oops...I don't know how I ended up on this thread. I seem to remember it was like it was the third or fourth down in the 'meta' forum when I clicked on it.

sorry

[iCEBREAKER]

looks like the forum is going back into circa 1980s text only BBS but all these complicated schemes to validated and revalidated are dumb.

Three options
1) No images
2) Locally cache images
3) Accept that you may be attacked

I <3 txt only 80s BBSes!!!1

And so:

Option 4)

Can I allowed for putting big ANSi arts in my sig?  8^P

Code:

                  ,.=ctE55ttt553tzs.,
             ,,c5;z==!!::::  .::7:==it3>.,
          ,xC;z!::::::    ::::::::::::!=c33x,
        ,czz!:::::  ::;;..===:..:::   ::::!ct3.
      ,C;/.:: :  ;=c!:::::::::::::::..      !tt3.
     /z/.:   :;z!:::::J  :E3.  E:::::::..     !ct3.
   ,E;F   ::;t::::::::J  :E3.  E::.     ::.     \ttL
  ;E7.    :c::::F******   **.  *==c;..    ::     Jttk
 .EJ.    ;::::::L                   "\:.   ::.    Jttl
 [:.    :::::::::773.    JE773zs.     I:. ::::.    It3L
;:[     L:::::::::::L    |t::!::J     |::::::::    :Et3
[:L    !::::::::::::L    |t::;z2F    .Et:::.:::.  ::[13
E:.    !::::::::::::L               =Et::::::::!  ::|13
E:.    (::::::::::::L    .......       \:::::::!  ::|i3
[:L    !::::      ::L    |3t::::!3.     ]::::::.  ::[13
!:(     .:::::    ::L    |t::::::3L     |:::::; ::::EE3
 E3.    :::::::::;z5.    Jz;;;z=F.     :E:::::.::::II3[
 Jt1.    :::::::[                    ;z5::::;.::::;3t3
  \z1.::::::::::l......   ..   ;.=ct5::::::/.::::;Et3L
   \t3.:::::::::::::::J  :E3.  Et::::::::;!:::::;5E3L
    "cz\.:::::::::::::J   E3.  E:::::::z!     ;Zz37`
      \z3.       ::;:::::::::::::::;='      ./355F
        \z3x.         ::~======='         ,c253F
          "tz3=.                      ..c5t32^
             "=zz3==...         ...=t3z13P^
                 `*=zjzczIIII3zzztE3>*^`

[Bitcoin Oz]

Someone needs to create ascii banners for advertisers