Avatars

jmbsvicetto · Posted: Sat Oct 22, 2005 6:50 pm Post subject: Avatars

Hi.

Can one of the admins or moderators explain what's the deal with the non-gallery avatars? I'm missing my "devil" looks! :lol:

Seriously, what's the problem?
_________________
Jorge.

Your twisted, but hopefully friendly daemon.
AMD64 / x86 / Sparc Gentoo
Help answer || emwrap.sh

nixnut · Posted: Sat Oct 22, 2005 6:59 pm Post subject:

Always pay attention to the announcements :wink:

https://forums.gentoo.org/viewtopic.php?t=394310
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand

RobNyc · Posted: Sat Oct 22, 2005 11:18 pm Post subject:

I was wondering too.
So I just got a gallery avatar
_________________
Thank You

jmbsvicetto · Posted: Sun Oct 23, 2005 1:50 am Post subject:

ahubu · Posted: Sun Oct 23, 2005 2:15 am Post subject:

I guess the staff wanted to separate the lazy people from the creative ones, in order to create an extensive list for Santa Claus/Sinterklaas/(insert your local december-present-bringer). I hope Santa notices

.
_________________
Anne // Light travels faster than sound. That's why people appear bright until
you hear them speak. -Unknown

brianahr · Apprentice Joined: 07 Oct 2004 Posts: 236 Location: USA

Hmmm. ok. I seem to remember something about gentoo users and wanting choice... Yeah... I'm thinking this no-custom-avatars thing goes against all that.

Archangel1 · Veteran Joined: 21 Apr 2004 Posts: 1212 Location: Work

brianahr · Apprentice Joined: 07 Oct 2004 Posts: 236 Location: USA

Ya I figure its probably security related. Kindof sad though. Hopefully they will figure something out and/or make an announcement soon.

Aynjell · Veteran Joined: 28 Jun 2004 Posts: 1117

Some asshat is prolly using a porn icon or something. How often do images cause buffer overflows?
_________________
CPU: 3800+ X2 (2.5Ghz)
GPU: eVGA 7600GT (640/1700)
MOBO: DFI SLI-DR (Surprisingly good!)
RAM: 2 x OCZ Gold 1024 DDR500 3-4-3-7 (2048)
HDD: Western Digital Raptor

Archangel1 · Veteran Joined: 21 Apr 2004 Posts: 1212 Location: Work

amne · Posted: Sun Oct 23, 2005 8:13 am Post subject:

We disabled avatars after reading this message on full disclosure:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038109.html
I've done some testing and i can confirm that it is possible to upload a jpg file with a gif header. I also can confirm it's possible to prepare a "jpg" file with a gif header containing some html code that makes IE send his forums cookie to some other host. <insert random bitching about IE here>
So this is a security issue, even if it only affects people using the IE. We'll reactivate avatars as soon this is resolved.
_________________
Dinosaur week! (Ok, this thread is so last week)

jmbsvicetto · Posted: Sun Oct 23, 2005 12:10 pm Post subject:

Humpff!

I now understand the reason and can only support your decision.
However, as a Firefox user and someone that only uses IE when forced to, I feel like shouting to everyone: STOP USING IE AND START USING FIREFOX!!! :lol:

I hope the phpBB developers can create the fix soon.
_________________
Jorge.

Your twisted, but hopefully friendly daemon.
AMD64 / x86 / Sparc Gentoo
Help answer || emwrap.sh

John5788 · Posted: Sun Oct 23, 2005 6:00 pm Post subject:

Kurt Steiner · Posted: Sun Oct 23, 2005 6:59 pm Post subject:

Will we get our avatars back, or will we have to load them once again ourselves?

amne · Posted: Sun Oct 23, 2005 7:17 pm Post subject:

wjholden · l33t Joined: 01 Mar 2004 Posts: 826 Location: Augusta, GA

Guys, the administrators disabled avatars some months ago when a PNG vulnerability was discovered. Everybody had their own conspiracy theory that avatars would never get reactivated, but they were, and once the problem was solved a full disclosure about the security risk was released. C'mon...stop bugging the mod's.

jetblack101 · n00b Joined: 17 Jan 2005 Posts: 16

Its great to here that the avas will be comming back eventually

But i have a solution that can implemnted immediately and will protect from many future problems!
Since it only affects the one browser, you should just filter out all IE requests or redirect them to one of many standards/more secure internet browser websites. This will solve all our problems and we can sing and rejoice in the streets!

WTFman · Apprentice Joined: 04 Apr 2005 Posts: 153

So who uses IE to browse a forum devoted to a flavor of Linux? So it's basicly IE users who are ruining avies for us

_________________
Occupation: Professional Slacker
Hobbies/Interests: Open Source Aficionado since 2005

GaMMa · l33t Joined: 23 Aug 2002 Posts: 684 Location: USA

I'll have to make a new avatar, I accidently selected a preset one

. I think a better solution to the problem would have been denying all internet explorer users access to the forums

.
_________________
Ubuntu Linux Dapper Drake running Gnome-2.14.1
[Website | Screenshot | Portage Guide]

acasto · Posted: Mon Oct 24, 2005 3:08 am Post subject:

gkmac · Posted: Mon Oct 24, 2005 8:15 pm Post subject:

Aynjell · Veteran Joined: 28 Jun 2004 Posts: 1117

I do when I am at school. I like to spend the 1 hour I have before class when I get there to surf the web (schedule isn't in my control, I take the bus). And on saturdays and sundays, it's even worse.

_________________
CPU: 3800+ X2 (2.5Ghz)
GPU: eVGA 7600GT (640/1700)
MOBO: DFI SLI-DR (Surprisingly good!)
RAM: 2 x OCZ Gold 1024 DDR500 3-4-3-7 (2048)
HDD: Western Digital Raptor

96140 · Retired Dev Joined: 23 Jan 2005 Posts: 1324

m4chine · Posted: Tue Oct 25, 2005 5:30 pm Post subject:

will a post be made here when phpbb has been patched?
_________________
never trust a man who can count to 1023 on his fingers.

-m4chine

tomk · Posted: Tue Oct 25, 2005 5:33 pm Post subject: