View previous topic :: View next topic |
Author |
Message |
jmbsvicetto Moderator
Joined: 27 Apr 2005 Posts: 4734 Location: Angra do Heroísmo (PT)
|
Posted: Sat Oct 22, 2005 6:50 pm Post subject: Avatars |
|
|
Hi.
Can one of the admins or moderators explain what's the deal with the non-gallery avatars? I'm missing my "devil" looks!
Seriously, what's the problem? _________________ Jorge.
Your twisted, but hopefully friendly daemon.
AMD64 / x86 / Sparc Gentoo
Help answer || emwrap.sh
|
|
Back to top |
|
|
nixnut Bodhisattva
Joined: 09 Apr 2004 Posts: 10974 Location: the dutch mountains
|
Posted: Sat Oct 22, 2005 6:59 pm Post subject: |
|
|
Always pay attention to the announcements
https://forums.gentoo.org/viewtopic.php?t=394310 _________________ Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered
talk is cheap. supply exceeds demand |
|
Back to top |
|
|
RobNyc Tux's lil' helper
Joined: 11 Oct 2005 Posts: 101 Location: NYC
|
Posted: Sat Oct 22, 2005 11:18 pm Post subject: |
|
|
I was wondering too.
So I just got a gallery avatar _________________ Thank You |
|
Back to top |
|
|
jmbsvicetto Moderator
Joined: 27 Apr 2005 Posts: 4734 Location: Angra do Heroísmo (PT)
|
Posted: Sun Oct 23, 2005 1:50 am Post subject: |
|
|
nixnut,
I've created this thread as a consequence of that announcement!!!
I'm just asking that the "latter" becomes now. I'm not expecting a complete and detailed answer, just a brief explanation. I'm sure that this change was duly weighted before being taken, but I would like to have the briefest idea on its need.
I won't even enter the previous and long debate asking that certain avatars, remember agent smith?, be removed from the avatars gallery or that the gallery itself be disbanded, whilst this action has left the gallery avatars as the only ones working - I'm starting to feel a bit naked! I suspect and expect that this action is based on some security concerns about avatar uploading, but I'm left wondering! Anyone cares to fill me in?
Thank you and keep up the great work! _________________ Jorge.
Your twisted, but hopefully friendly daemon.
AMD64 / x86 / Sparc Gentoo
Help answer || emwrap.sh
|
|
Back to top |
|
|
ahubu Guru
Joined: 16 Aug 2003 Posts: 400 Location: Groningen, The Netherlands
|
Posted: Sun Oct 23, 2005 2:15 am Post subject: |
|
|
I guess the staff wanted to separate the lazy people from the creative ones, in order to create an extensive list for Santa Claus/Sinterklaas/(insert your local december-present-bringer). I hope Santa notices . _________________ Anne // Light travels faster than sound. That's why people appear bright until
you hear them speak. -Unknown |
|
Back to top |
|
|
brianahr Apprentice
Joined: 07 Oct 2004 Posts: 236 Location: USA
|
Posted: Sun Oct 23, 2005 3:24 am Post subject: |
|
|
Hmmm. ok. I seem to remember something about gentoo users and wanting choice... Yeah... I'm thinking this no-custom-avatars thing goes against all that. |
|
Back to top |
|
|
Archangel1 Veteran
Joined: 21 Apr 2004 Posts: 1212 Location: Work
|
Posted: Sun Oct 23, 2005 4:47 am Post subject: |
|
|
brianahr wrote: | Hmmm. ok. I seem to remember something about gentoo users and wanting choice... Yeah... I'm thinking this no-custom-avatars thing goes against all that. |
Calm down, I'm sure there's a reason for it - as someone said a couple of posts ago, it's probably security related or similar. The announcement only says it's temporary. _________________ What are you, stupid? |
|
Back to top |
|
|
brianahr Apprentice
Joined: 07 Oct 2004 Posts: 236 Location: USA
|
Posted: Sun Oct 23, 2005 5:31 am Post subject: |
|
|
Ya I figure its probably security related. Kindof sad though. Hopefully they will figure something out and/or make an announcement soon. |
|
Back to top |
|
|
Aynjell Veteran
Joined: 28 Jun 2004 Posts: 1117
|
Posted: Sun Oct 23, 2005 5:56 am Post subject: |
|
|
Some asshat is prolly using a porn icon or something. How often do images cause buffer overflows? _________________ CPU: 3800+ X2 (2.5Ghz)
GPU: eVGA 7600GT (640/1700)
MOBO: DFI SLI-DR (Surprisingly good!)
RAM: 2 x OCZ Gold 1024 DDR500 3-4-3-7 (2048)
HDD: Western Digital Raptor |
|
Back to top |
|
|
Archangel1 Veteran
Joined: 21 Apr 2004 Posts: 1212 Location: Work
|
Posted: Sun Oct 23, 2005 7:46 am Post subject: |
|
|
Aynjell wrote: | Some asshat is prolly using a porn icon or something. How often do images cause buffer overflows? |
If you're using Microsoft software, fairly frequently... _________________ What are you, stupid? |
|
Back to top |
|
|
amne Bodhisattva
Joined: 17 Nov 2002 Posts: 6378 Location: Graz / EU
|
Posted: Sun Oct 23, 2005 8:13 am Post subject: |
|
|
We disabled avatars after reading this message on full disclosure:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038109.html
I've done some testing and i can confirm that it is possible to upload a jpg file with a gif header. I also can confirm it's possible to prepare a "jpg" file with a gif header containing some html code that makes IE send his forums cookie to some other host. <insert random bitching about IE here>
So this is a security issue, even if it only affects people using the IE. We'll reactivate avatars as soon this is resolved. _________________ Dinosaur week! (Ok, this thread is so last week) |
|
Back to top |
|
|
jmbsvicetto Moderator
Joined: 27 Apr 2005 Posts: 4734 Location: Angra do Heroísmo (PT)
|
Posted: Sun Oct 23, 2005 12:10 pm Post subject: |
|
|
Humpff!
I now understand the reason and can only support your decision.
However, as a Firefox user and someone that only uses IE when forced to, I feel like shouting to everyone: STOP USING IE AND START USING FIREFOX!!! I hope the phpBB developers can create the fix soon. _________________ Jorge.
Your twisted, but hopefully friendly daemon.
AMD64 / x86 / Sparc Gentoo
Help answer || emwrap.sh
|
|
Back to top |
|
|
John5788 Advocate
Joined: 06 Apr 2004 Posts: 2140 Location: 127.0.0.1
|
Posted: Sun Oct 23, 2005 6:00 pm Post subject: |
|
|
amne wrote: | We disabled avatars after reading this message on full disclosure:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038109.html
I've done some testing and i can confirm that it is possible to upload a jpg file with a gif header. I also can confirm it's possible to prepare a "jpg" file with a gif header containing some html code that makes IE send his forums cookie to some other host. <insert random bitching about IE here>
So this is a security issue, even if it only affects people using the IE. We'll reactivate avatars as soon this is resolved. |
i was wondering why it wasn't working on firefox when I clicked the link. im stupid -_-... _________________ John5788 |
|
Back to top |
|
|
Kurt Steiner Bodhisattva
Joined: 01 Apr 2005 Posts: 1050 Location: Ostroleka, Polska
|
Posted: Sun Oct 23, 2005 6:59 pm Post subject: |
|
|
Will we get our avatars back, or will we have to load them once again ourselves? |
|
Back to top |
|
|
amne Bodhisattva
Joined: 17 Nov 2002 Posts: 6378 Location: Graz / EU
|
Posted: Sun Oct 23, 2005 7:17 pm Post subject: |
|
|
Kurt Steiner wrote: | Will we get our avatars back, or will we have to load them once again ourselves? |
Don't worry, the avatars are still there, they are just not displayed (because you can only turn off uploading and showing uploaded avatars). Once the problem gets fixed avatars will be displayed again. _________________ Dinosaur week! (Ok, this thread is so last week) |
|
Back to top |
|
|
wjholden l33t
Joined: 01 Mar 2004 Posts: 826 Location: Augusta, GA
|
Posted: Sun Oct 23, 2005 9:14 pm Post subject: |
|
|
Guys, the administrators disabled avatars some months ago when a PNG vulnerability was discovered. Everybody had their own conspiracy theory that avatars would never get reactivated, but they were, and once the problem was solved a full disclosure about the security risk was released. C'mon...stop bugging the mod's. |
|
Back to top |
|
|
jetblack101 n00b
Joined: 17 Jan 2005 Posts: 16
|
Posted: Sun Oct 23, 2005 11:11 pm Post subject: |
|
|
Its great to here that the avas will be comming back eventually
But i have a solution that can implemnted immediately and will protect from many future problems!
Since it only affects the one browser, you should just filter out all IE requests or redirect them to one of many standards/more secure internet browser websites. This will solve all our problems and we can sing and rejoice in the streets! |
|
Back to top |
|
|
WTFman Apprentice
Joined: 04 Apr 2005 Posts: 153
|
Posted: Sun Oct 23, 2005 11:31 pm Post subject: |
|
|
So who uses IE to browse a forum devoted to a flavor of Linux? So it's basicly IE users who are ruining avies for us _________________ Occupation: Professional Slacker
Hobbies/Interests: Open Source Aficionado since 2005 |
|
Back to top |
|
|
GaMMa l33t
Joined: 23 Aug 2002 Posts: 684 Location: USA
|
Posted: Mon Oct 24, 2005 2:27 am Post subject: |
|
|
I'll have to make a new avatar, I accidently selected a preset one . I think a better solution to the problem would have been denying all internet explorer users access to the forums . _________________ Ubuntu Linux Dapper Drake running Gnome-2.14.1
[Website | Screenshot | Portage Guide] |
|
Back to top |
|
|
acasto Apprentice
Joined: 06 Feb 2004 Posts: 236 Location: Durka-Durka-Stan
|
Posted: Mon Oct 24, 2005 3:08 am Post subject: |
|
|
WTFman wrote: | So who uses IE to browse a forum devoted to a flavor of Linux? So it's basicly IE users who are ruining avies for us |
It sounds like it would just be used as a place to host the image, unless they then tried to pass the link in the forums. Since the image has to be viewed directly and not as part of a webpage. In that case, you would almost have to shut down the entire internet to protect them from themselves. _________________ Leerrroooooyyyyyyyy JENKINS!!!!1111...................
"You know the Nazi's had pieces of flare.. that they made the Jews wear." |
|
Back to top |
|
|
gkmac Guru
Joined: 19 Jan 2003 Posts: 333 Location: West Sussex, UK
|
Posted: Mon Oct 24, 2005 8:15 pm Post subject: |
|
|
WTFman wrote: | So who uses IE to browse a forum devoted to a flavor of Linux? |
People who browse the forums from work or from an internet kiosk or cafe. It might not be their choice to use IE. |
|
Back to top |
|
|
Aynjell Veteran
Joined: 28 Jun 2004 Posts: 1117
|
Posted: Mon Oct 24, 2005 11:50 pm Post subject: |
|
|
I do when I am at school. I like to spend the 1 hour I have before class when I get there to surf the web (schedule isn't in my control, I take the bus). And on saturdays and sundays, it's even worse. _________________ CPU: 3800+ X2 (2.5Ghz)
GPU: eVGA 7600GT (640/1700)
MOBO: DFI SLI-DR (Surprisingly good!)
RAM: 2 x OCZ Gold 1024 DDR500 3-4-3-7 (2048)
HDD: Western Digital Raptor |
|
Back to top |
|
|
96140 Retired Dev
Joined: 23 Jan 2005 Posts: 1324
|
Posted: Tue Oct 25, 2005 12:27 am Post subject: |
|
|
WTFman wrote: | So who uses IE to browse a forum devoted to a flavor of Linux? |
The people who haven't yet switched to using any sort of *nix. The curious folks from the Windows camp, as well as the last few IE 5.5 users on Mac. Remember, a lot of Windows people learn about Gentoo by reading the forums first, then decide to "make the switch" after following the community for a year or a year and a half . . . like I did. Though I wasn't using IE in all that time; that's for sure!
I wonder if this vulnerability extends to the old Mac 5.x editions of IE, as well? |
|
Back to top |
|
|
m4chine Apprentice
Joined: 12 Mar 2003 Posts: 271 Location: Ventura, CA, USA
|
Posted: Tue Oct 25, 2005 5:30 pm Post subject: |
|
|
will a post be made here when phpbb has been patched? _________________ never trust a man who can count to 1023 on his fingers.
-m4chine |
|
Back to top |
|
|
tomk Bodhisattva
Joined: 23 Sep 2003 Posts: 7221 Location: Sat in front of my computer
|
Posted: Tue Oct 25, 2005 5:33 pm Post subject: |
|
|
m4chine wrote: | will a post be made here when phpbb has been patched? |
Yes, we'll post here and probably post an announcement too. _________________ Search | Read | Answer | Report | Strip |
|
Back to top |
|
|
|