Author Topic: Uploading Photos, Images & Avatars  (Read 21530 times)

0 Members and 1 Guest are viewing this topic.

Offline hilts17

  • Arena Rocker
  • *****
  • Posts: 995
  • Good Vibes 53
Re: Uploading Photos, Images & Avatars
« Reply #75 on: June 11, 2019, 11:00:03 pm »
I'm also on the Acoustic Guitar Forum
https://www.acousticguitarforum.com/forums/index.php

And a couple of motorcycle forums. They all have pretty much the same feel to them along with Justin's forum. At least for my purposes which is simply viewing/responding to posts and uploading a video once in a while, this forum suits me the way it is.
Martin D28
Seagull S6 Original
Seagull Entourage CW Black QI
Seagull Coastline 12 String
Yamaha Pacifica 112

Offline claudinec

  • Newbie
  • Posts: 6
  • Good Vibes 1
Re: Uploading Photos, Images & Avatars
« Reply #76 on: June 12, 2019, 01:04:05 am »
Newbie here, thanks Justin for all your hard work!

Discourse seems to be the way of the future in terms of forums. I'm on a few Discourse forums and find it a much more usable, modern, and aesthetically pleasing system than any other forum out there.
Schecter Hellraiser C-1 / Blackstar Super Fly
Makai MT-70 tenor uke

Offline Majik

  • Stadium Superstar
  • ******
  • Posts: 2027
  • Good Vibes 123
Re: Uploading Photos, Images & Avatars
« Reply #77 on: June 12, 2019, 11:49:36 am »
Discourse seems to be the way of the future in terms of forums. I'm on a few Discourse forums and find it a much more usable, modern, and aesthetically pleasing system than any other forum out there.

Discourse is OK, but IMO it's not significantly "better" than SMF. I wouldn't be against moving to it, but I also don't necessarily see a strong reason to do so.

If this forum was being set up from scratch, Discourse would definitely be a strong option. But, to me, it doesn't seem worth the pain of migrating all the accounts and messages of the last decade or so, as well as getting the moderators and admins up to speed on how the new software works, and dealing with all the user issues (and inevitable complaints).

What say everyone else - happy as it is more or less or I should look into upgrading the forum software to whatever the new best thing going is?

I would definitely suggest, as a minimum, the upgrading of the current software to the newer versions if this can be done. In general, it's always best to keep this sort of application up to date, as the latest releases tend to contain all of the bug fixes and security patches.

If you fancy trying something new, like Discourse, then this could be set up on another server for "internal testing". There are migration scripts which are supposed to support migration of SMF to Discourse.

I should note that moving to a new software application is not a "magic bullet" against the sorts of security issues Dan was highlighting. These security issues tend to not be with the application itself (although those exist too), but with the underlying support technology. For instance, there are no current listed security vulnerabilities for the SMF software relating to the uploading of avatar images.

However, the graphics image processing libraries that are used by SMF for things like processing image uploads have been a common target for security attacks over the years, and often have many security issues. These issues would be the same for any forum software which relied on these apps, which is most of them.

That doesn't necessarily mean that we should never allow image uploads. What it really means is, if they are allowed, that it should be allowed with a full understanding of the risks and mitigations. This includes ensuring the software is kept updated and tracked for security vulnerabilities. But this applies for all software, including SMF itself (or Discourse, etc.)

Cheers,

Keith

Guitars: PRS Singlecut S2, Fender Tele Lite Ash, G&L Legacy Tribute, Freshman Apollo 2 OCBX, Gibson SG Special P90
Amps: Bugera G5 Head, Boss Katana 100
All sorts of other stuff.

Offline stitch101

  • Stadium Superstar
  • ******
  • Posts: 4869
  • Good Vibes 173
Re: Uploading Photos, Images & Avatars
« Reply #78 on: June 12, 2019, 04:54:02 pm »


What say everyone else - happy as it is more or less or I should look into upgrading the forum software to whatever the new best thing going is?


I belong to a few different forums and this one runs the smoothest and is easy to navigate.

To go through all the work and hassle for very little return doesn't seem worth the energy.






Offline hilts17

  • Arena Rocker
  • *****
  • Posts: 995
  • Good Vibes 53
Re: Uploading Photos, Images & Avatars
« Reply #79 on: June 12, 2019, 05:53:27 pm »
I belong to a few different forums and this one runs the smoothest and is easy to navigate.

To go through all the work and hassle for very little return doesn't seem worth the energy.

I would tend to agree.
Martin D28
Seagull S6 Original
Seagull Entourage CW Black QI
Seagull Coastline 12 String
Yamaha Pacifica 112

Offline Dan Graves

  • All Time Legend
  • *******
  • Posts: 6607
  • Good Vibes 171
  • Is on the Outside, looking in
Re: Uploading Photos, Images & Avatars
« Reply #80 on: July 06, 2019, 03:07:45 am »
@Dan

You seem to understand this stuff - what's the best approach for this situation?



Sorry for the late reply Justin, I don't have thread notifications on because I'd get mailbombed from the 'just chatting' forums topics alone...  :-[

I'd leave things as they are, really.
Best option remains for users to simply use something like Imgur to upload their pictures, or link to their instagram or something, provided it's public.
And really, it's not rocket science to use sites like Imgur, if I can teach my mom (in her 60's and a genuine technophobe if there ever was one) how to use such sites, users here can learn how to use it as well.

You could ask your webmaster to find a way to upload images, either through plugins or some trickery, but as Keith already pointed out, the real security issue tends to be with underlying tech, and while there are relatively safe ways to do it, there are no guarantees; one lapse in security patching, one smart xx--xx scriptkiddie (like the one you dealt with a few years back), and you're looking at issues at best, or a fully compromised system at worst.
In which case I hope there are decent backups of the database and site, made at frequent intervals.

Discourse seems to be the way of the future in terms of forums.

I'd like to see you qualify that statement with facts as to why you think that is.
And no 'it feels good to use' type response, actual (factual) reasons please.
Because if I had a nickel for every time someone touted something as 'the future' of anything, only for them to be spectacularly wrong...
I'd have about tree fiddy.

aesthetically pleasing

Beauty is in the eye of the beholder, they say...
And let's just say that I'm no fan of the Discourse look and feel, and leave it at that.
"You need a little bit of insanity to do great things"
--Henry Rollins

(If you need me for something, PM ME FOR FSM'S SAKE ! I'm not around a lot, and I do NOT have thread notifications on!)

Offline Robertcraft

  • Newbie
  • Posts: 2
  • Good Vibes 0
Re: Uploading Photos, Images & Avatars
« Reply #81 on: August 29, 2019, 04:39:04 pm »
Hello everybody, I am 59 years old and just picked up a right handed guitar. I played left handed in my teen and into my twenties. I lost my right pointer finger #1 to guitar players. So glad I found Justin on line. How does one use an avitar here? Please

Offline hilts17

  • Arena Rocker
  • *****
  • Posts: 995
  • Good Vibes 53
Re: Uploading Photos, Images & Avatars
« Reply #82 on: August 29, 2019, 06:05:40 pm »
Welcome to the forum Robert. The process to create an avatar no longer works on this site. Hasn't worked for a long time. Only users that created one prior, have one now.

Enjoy the site. Lots of terrific folks here.
Martin D28
Seagull S6 Original
Seagull Entourage CW Black QI
Seagull Coastline 12 String
Yamaha Pacifica 112

Offline Edwin010

  • School Prom Hero
  • **
  • Posts: 37
  • Good Vibes 1
Re: Uploading Photos, Images & Avatars
« Reply #83 on: September 02, 2019, 11:36:03 am »
Ability to upload images to smf is very easy and can be found in the admin-area of smf.
U can see it's already implemented when writing a post, u see "attachments and other options" below the textfield, but u cant upload cause it's not allowed trough the admin-area.

 It's a 5-min job, and u can setup the imagesizes and weights it needs to be. Also the ability to clean the images after an amount of time to keep the size of the imagefolder to a minimum and there is an ability to set a max of pics per post.

It would be a great addition to the forum to be able to post images. Will add to the usibility and the accessability of the forum, i tend to not post cause of the missing ability to post images and the 'work' it takes to post a images trough other ways. More and more imagehosts are for paid costumors or will try to ad adds, wich can contain harmful codes. U dont want that on your forum.

Offline Edwin010

  • School Prom Hero
  • **
  • Posts: 37
  • Good Vibes 1
Re: Uploading Photos, Images & Avatars
« Reply #84 on: September 02, 2019, 02:53:57 pm »
Admins the world over just facepalmed at that comment...

https://packetstormsecurity.com/files/153154/Ubuntu-Security-Notice-USN-4003-1.html
https://packetstormsecurity.com/files/152286/Ubuntu-Security-Notice-USN-3925-1.html
There's quite a few more examples of how an attacker can abuse image uploads, but these more recent ones seemed perfect as an example of why allowing image uploads IS a security risk.
Seems i missed this one....

All admins indeed facepalmed over your answer...

ALL internetuse is a securityrisk, its just in how far it Lets it influence u. The adds on Justin’s site, wich are totally out of his control, are a way far more risk for codeinfusions than an avatar on a forum.
Do u use a pic-Blocker to block ALL pics on the internet cause it can be an infected image or do u rather use any kind of ad-Blocker? I know what all IT-specialists Will tell u.....

In my 16 years of forum-bulding i NEVER came across an infected avatar, but the number of infected Ads.....

 

Get The Forum As A Mobile App