Why do some people still have images in their profiles? November 6, 2006 8:12 PM Subscribe
Why, in the great image purge, did some folks lose the images in their profiles while other members still have images in their profiles? I click to people's profiles to see who I'm talking to and I've noticed some members whose images seem to have survived the purge while mine did not. What's up with that? Is the image tag ban really useful and necessary?
It's the same with all image comments, FYI- all the comments made before the ban are still there.
posted by ThePinkSuperhero at 8:22 PM on November 6, 2006 [1 favorite]
posted by ThePinkSuperhero at 8:22 PM on November 6, 2006 [1 favorite]
Matt flipped a switch. He didn't destroy all the lightbulbs.
posted by crunchland at 8:29 PM on November 6, 2006
posted by crunchland at 8:29 PM on November 6, 2006
there's been no purge. the only change is img tags are now stripped out at posting time. where did you come up with this purge notion?
posted by quonsar at 8:31 PM on November 6, 2006
posted by quonsar at 8:31 PM on November 6, 2006
I notice you have Kilroy(sp?) in your profile, taosbat- did you add him after the image ban?
posted by ThePinkSuperhero at 8:32 PM on November 6, 2006 [1 favorite]
posted by ThePinkSuperhero at 8:32 PM on November 6, 2006 [1 favorite]
I know it's not an image, quonsar- my point is that if he added that to his profile after the ban (which I have a hunch he might have), all his real images would have disappeared when he saved the changes, because the image tag doesn't process anymore.
posted by ThePinkSuperhero at 8:41 PM on November 6, 2006 [1 favorite]
posted by ThePinkSuperhero at 8:41 PM on November 6, 2006 [1 favorite]
I hope images don't come back.
/prays
posted by The God Complex
Which brings up a good question: when you think you're God, who do you pray to?
posted by ColdChef at 8:43 PM on November 6, 2006
/prays
posted by The God Complex
Which brings up a good question: when you think you're God, who do you pray to?
posted by ColdChef at 8:43 PM on November 6, 2006
Which brings up a good question: when you think you're God, who do you pray to?
Bono.
posted by Divine_Wino at 8:55 PM on November 6, 2006 [3 favorites]
Bono.
posted by Divine_Wino at 8:55 PM on November 6, 2006 [3 favorites]
TPS, taosbat is female, not that it makes any difference to this post, except that she used to have her picture up on her profile...
posted by owhydididoit at 8:58 PM on November 6, 2006
posted by owhydididoit at 8:58 PM on November 6, 2006
Ah. My apologies, taosbat!
posted by ThePinkSuperhero at 9:02 PM on November 6, 2006 [1 favorite]
posted by ThePinkSuperhero at 9:02 PM on November 6, 2006 [1 favorite]
Yeah, it just means the people with images haven't changed their profiles since I removed the img tag. Given that I haven't found any security workaround to potential mischief with the img tag and everyone would know it's a huge security hole, I'm afraid it's not coming back anytime soon.
posted by mathowie (staff) at 9:23 PM on November 6, 2006 [1 favorite]
posted by mathowie (staff) at 9:23 PM on November 6, 2006 [1 favorite]
*drinks*
posted by loquacious at 9:28 PM on November 6, 2006
posted by loquacious at 9:28 PM on November 6, 2006
You could allow images from a set of known locations, no?
posted by xiojason at 9:32 PM on November 6, 2006
posted by xiojason at 9:32 PM on November 6, 2006
No more images, huh? What a fucking drag. Security hole? Sheezus.
Was this announced on MeTa? I musta missed it.
posted by scarabic at 9:34 PM on November 6, 2006
Was this announced on MeTa? I musta missed it.
posted by scarabic at 9:34 PM on November 6, 2006
Are you kidding? Tell me you're kidding. It's late, I'm tired... and I'm naive and trusting. But I think you're kidding.
posted by ThePinkSuperhero at 9:36 PM on November 6, 2006 [1 favorite]
posted by ThePinkSuperhero at 9:36 PM on November 6, 2006 [1 favorite]
I miss ceiling pissing elephant cat.
posted by loquacious at 9:40 PM on November 6, 2006
posted by loquacious at 9:40 PM on November 6, 2006
I'm not kidding. I've been offline a lot recently. Apparently I missed my chance to bitch and moan about this one.
posted by scarabic at 9:40 PM on November 6, 2006
posted by scarabic at 9:40 PM on November 6, 2006
That's ok, ThePinkSuperhero, many folks assume everyone who posts here is a guy. There are some gals, though. That's part of why I look at profiles.
I noticed this before I made any changes to my profile. I saw that my profile images, I had three, vanished immediately upon the image tag ban. At the same time, I saw that the three comments of mine that had images, and which were favorited by others, had lost the images.
So, I thought that was that...total whack. My first profile change was just last week, long put off, to take out the empty lines left by the vanished images.
But I also started noticing profiles with images, and other profiles I could have sworn had once had images but now don't...
Just a day or so ago, the images were vanished in the three comments of mine that had images and which were favorited by others; but, now they're back.
mathowie, I'm confused.
posted by taosbat at 9:44 PM on November 6, 2006
I noticed this before I made any changes to my profile. I saw that my profile images, I had three, vanished immediately upon the image tag ban. At the same time, I saw that the three comments of mine that had images, and which were favorited by others, had lost the images.
So, I thought that was that...total whack. My first profile change was just last week, long put off, to take out the empty lines left by the vanished images.
But I also started noticing profiles with images, and other profiles I could have sworn had once had images but now don't...
Just a day or so ago, the images were vanished in the three comments of mine that had images and which were favorited by others; but, now they're back.
mathowie, I'm confused.
posted by taosbat at 9:44 PM on November 6, 2006
Hahah, yea, I understand, taosbat- several people have met me at meetups and said, ?!?, you're not a guy?
And scarabic, SHAME, shame on you for staying away so long. Didn't you miss me?
posted by ThePinkSuperhero at 9:50 PM on November 6, 2006 [1 favorite]
And scarabic, SHAME, shame on you for staying away so long. Didn't you miss me?
posted by ThePinkSuperhero at 9:50 PM on November 6, 2006 [1 favorite]
Heh, I should have looked at your profile, ThePinkSuperhero; but, when I did, I remembered why I avoid it...it's a little extra bright for me...makes me all squinty.
posted by taosbat at 9:59 PM on November 6, 2006
posted by taosbat at 9:59 PM on November 6, 2006
Just a day or so ago, the images were vanished in the three comments of mine that had images and which were favorited by others; but, now they're back.
Please post the URL to some of these comments. If you're talking about those annoying ascii "killroy" comments you tend to leave and calling them "images" then they might have been deleted by hand because they just add noise to the site. If you're talking about actual images, please post some links to comments you made with images so I can see what is going on.
posted by mathowie (staff) at 10:22 PM on November 6, 2006
Please post the URL to some of these comments. If you're talking about those annoying ascii "killroy" comments you tend to leave and calling them "images" then they might have been deleted by hand because they just add noise to the site. If you're talking about actual images, please post some links to comments you made with images so I can see what is going on.
posted by mathowie (staff) at 10:22 PM on November 6, 2006
No more images, huh? What a fucking drag. Security hole? Sheezus.
Was this announced on MeTa? I musta missed it.
Yeah it was, here. Basically anyone could post an image that actually loaded a script on their server and since it was running in the domain of the metafilter.com site, any script could do things like easily grab your username and password cookies, delete favorites from your account, etc. It's a giant security hole and no one has offered any solutions and I haven't found any, so img tags are gone.
posted by mathowie (staff) at 10:28 PM on November 6, 2006
Was this announced on MeTa? I musta missed it.
Yeah it was, here. Basically anyone could post an image that actually loaded a script on their server and since it was running in the domain of the metafilter.com site, any script could do things like easily grab your username and password cookies, delete favorites from your account, etc. It's a giant security hole and no one has offered any solutions and I haven't found any, so img tags are gone.
posted by mathowie (staff) at 10:28 PM on November 6, 2006
I miss you each day we type away on our opposite coasts, Pinky. Now WTF happened while I wasn't looking!!!?? I've scoured mathowie and Jessamyn's MeTa posts and commented-in posts for the last couple weeks and I don't see anything obvious. I'm sure ye admins are playing it on the down-low so as not to arouse protest, but where's the beef, yo?
posted by scarabic at 10:29 PM on November 6, 2006
posted by scarabic at 10:29 PM on November 6, 2006
I'm sorry I annoyed you with Kilroy, mathowie, and I'll apologize again. That's not what I mean.
In these three comments, the images disappeared when the image ban took effect. I was so surprised to see them this evening. I checked them in the last few days as I was wondering about this and they weren't visible then:
http://www.metafilter.com/mefi/55441#1459177
http://www.metafilter.com/mefi/55394#1457191
http://www.metafilter.com/mefi/53048#1370878
posted by taosbat at 10:37 PM on November 6, 2006
In these three comments, the images disappeared when the image ban took effect. I was so surprised to see them this evening. I checked them in the last few days as I was wondering about this and they weren't visible then:
http://www.metafilter.com/mefi/55441#1459177
http://www.metafilter.com/mefi/55394#1457191
http://www.metafilter.com/mefi/53048#1370878
posted by taosbat at 10:37 PM on November 6, 2006
---------------------------------------------------| ___________ || ( GIMME MY ) || ( IMAGES BACK ) || ( OR I'LL CRY ) || ( SOME MORE!) || (_____ __) || |/ |---------------------------------------------------posted by Kickstart70 at 10:47 PM on November 6, 2006
I'm afraid it's not coming back anytime soon.
Good.
posted by stavrosthewonderchicken at 10:53 PM on November 6, 2006
Good.
posted by stavrosthewonderchicken at 10:53 PM on November 6, 2006
I can see all three images taosbat, so maybe it's something on your end.
posted by Serial Killer Slumber Party at 11:00 PM on November 6, 2006
posted by Serial Killer Slumber Party at 11:00 PM on November 6, 2006
I can see them now, too, Serial Killer Slumber Party, but I couldn't see them a couple of days ago. They disappeared after the initial image ban and I thought that was that...but, now, here they are again.
posted by taosbat at 11:03 PM on November 6, 2006
posted by taosbat at 11:03 PM on November 6, 2006
In these three comments, the images disappeared when the image ban took effect.
False. The "image ban" was on new, incoming posts. I made no changes to any existing content anywhere on the site. If you couldn't see those images, it was probably something wrong with the image hosts themselves or the connection on your end. They were never removed.
posted by mathowie (staff) at 11:11 PM on November 6, 2006
False. The "image ban" was on new, incoming posts. I made no changes to any existing content anywhere on the site. If you couldn't see those images, it was probably something wrong with the image hosts themselves or the connection on your end. They were never removed.
posted by mathowie (staff) at 11:11 PM on November 6, 2006
Here is what happened as far as I can see:
1. image tags are banned
2. I look at my profile and find the images stripped
3. I look under my comments that other folks have favorited and check the three comments that had images, all the images are gone
4. I notice that some images remain in some folks' profiles
5. I ask about it here
6. I check the comments I mentioned, linked above, and am astonished to see those images
7. mathowie says, "False."
8. I remain confused
posted by taosbat at 11:18 PM on November 6, 2006
1. image tags are banned
2. I look at my profile and find the images stripped
3. I look under my comments that other folks have favorited and check the three comments that had images, all the images are gone
4. I notice that some images remain in some folks' profiles
5. I ask about it here
6. I check the comments I mentioned, linked above, and am astonished to see those images
7. mathowie says, "False."
8. I remain confused
posted by taosbat at 11:18 PM on November 6, 2006
I remain confused
I think Matt's saying it was probably trouble at "taospage", which looks like where your images were hosted. None of the other folks' images are hosted there, probably.
posted by mediareport at 11:40 PM on November 6, 2006
I think Matt's saying it was probably trouble at "taospage", which looks like where your images were hosted. None of the other folks' images are hosted there, probably.
posted by mediareport at 11:40 PM on November 6, 2006
It's a giant security hole and no one has offered any solutions and I haven't found any
How are other discussion sites dealing with it, I wonder?
posted by mediareport at 11:42 PM on November 6, 2006
How are other discussion sites dealing with it, I wonder?
posted by mediareport at 11:42 PM on November 6, 2006
POST DELETE PUT GET HEAD
bah...
All that's missing is:
PROFIT!!!
posted by scarabic at 11:51 PM on November 6, 2006
bah...
All that's missing is:
PROFIT!!!
posted by scarabic at 11:51 PM on November 6, 2006
mathowie: Basically anyone could post an image that actually loaded a script on their server and since it was running in the domain of the metafilter.com site, any script could do things like easily grab your username and password cookies, delete favorites from your account, etc. It's a giant security hole and no one has offered any solutions and I haven't found any, so img tags are gone.
Hmm... That description sounds like the XRF vulnerability, not CSRF. Unless you're specifically worried about browser bugs, scripts residing on other servers should not run in the domain of metafilter.com unless the SCRIPT tag can be posted. As far as I can tell MetaFilter, even with images, is not vulnerable to these sorts of attacks. If you've immunized MetaFilter against CSRF attacks, then the only thing eliminating the IMG tag does is prevent MetaFilter from being used to launch CSRF attacks at other sites.
posted by RichardP at 12:09 AM on November 7, 2006
Hmm... That description sounds like the XRF vulnerability, not CSRF. Unless you're specifically worried about browser bugs, scripts residing on other servers should not run in the domain of metafilter.com unless the SCRIPT tag can be posted. As far as I can tell MetaFilter, even with images, is not vulnerable to these sorts of attacks. If you've immunized MetaFilter against CSRF attacks, then the only thing eliminating the IMG tag does is prevent MetaFilter from being used to launch CSRF attacks at other sites.
posted by RichardP at 12:09 AM on November 7, 2006
Seriously, though, this is disappointing as all shit. I know there are people who:
1) have personal pecadillos with the image-posting crowd, based mostly on the desire to see quonsar stop posting elephant pissing pics
2) well... that's pretty much it.
3) oh wait, no, there's the minority of folks who are both a. on a slow modem and b. convinced that this is somehow of concern to anyone else
but still... Images are an important part of interacting on the web, moreso and moreso as time passes. I'm sure that Matt, who decided to post ten years of his life, in images, to the web, knows even better than I. With the videosharing and podcasting and all that's going on these days, in fact, being able to post an image seems like a simple and basic thing. It's sad to see images nixed entirely because, seemingly, there's just no way to make it safe. I'm not a security or technical guru, but this seems like an "avoid it completely" rather than a "do it right and make it safe" choice to me. Not that it's wrong, but it makes you wonder if anything will ever be doable on MeFi that calls for a real challenge, not just something one dude can code up in a weekend.
I am not making some dramatic "Goodbye Cruel World" statement with this, but I've heard Matt's hints at forbidding images for a long, long time, and I've waited and waited for this as a kind of "jumping the shark" moment for MeFi. I only see my connectedness with this community going down as a result, and I'm even more saddened by the reasons behind the policy. They make MeFi seem sad and hobbled. Still a closet project despite years of great press, an awesome SEO profile, and many thousands of paid memberships. Sorry, your favorite Web 2.0 community site just can't support images. Too dangerous. I'm sure I'm missing some subtleties. The referenced thread is a little over my head, technically, but still.
I may have missed my chance to piss and moan but that never stops me
posted by scarabic at 12:20 AM on November 7, 2006 [2 favorites]
1) have personal pecadillos with the image-posting crowd, based mostly on the desire to see quonsar stop posting elephant pissing pics
2) well... that's pretty much it.
3) oh wait, no, there's the minority of folks who are both a. on a slow modem and b. convinced that this is somehow of concern to anyone else
but still... Images are an important part of interacting on the web, moreso and moreso as time passes. I'm sure that Matt, who decided to post ten years of his life, in images, to the web, knows even better than I. With the videosharing and podcasting and all that's going on these days, in fact, being able to post an image seems like a simple and basic thing. It's sad to see images nixed entirely because, seemingly, there's just no way to make it safe. I'm not a security or technical guru, but this seems like an "avoid it completely" rather than a "do it right and make it safe" choice to me. Not that it's wrong, but it makes you wonder if anything will ever be doable on MeFi that calls for a real challenge, not just something one dude can code up in a weekend.
I am not making some dramatic "Goodbye Cruel World" statement with this, but I've heard Matt's hints at forbidding images for a long, long time, and I've waited and waited for this as a kind of "jumping the shark" moment for MeFi. I only see my connectedness with this community going down as a result, and I'm even more saddened by the reasons behind the policy. They make MeFi seem sad and hobbled. Still a closet project despite years of great press, an awesome SEO profile, and many thousands of paid memberships. Sorry, your favorite Web 2.0 community site just can't support images. Too dangerous. I'm sure I'm missing some subtleties. The referenced thread is a little over my head, technically, but still.
I may have missed my chance to piss and moan but that never stops me
posted by scarabic at 12:20 AM on November 7, 2006 [2 favorites]
I'm afraid it's not coming back anytime soon.
Good.
posted by stavrosthewonderchicken at 10:53 PM PST on November 6 [+] [!]
Spoken like someone who's known for his writing primarily. I mean, sheeit... why would we expect one such as yourself to support multiple media on MeFi? You're a celebrated MeFi writer and you want TEXT to be the main event here. Big surprise? I don't think so.
Like the way I flower your path to agreeing with me with petals of flattery? They're sincere, but still, my point remains the same. Don't offer your opinion as a "data point" when you have an obvious bias. Similarly, I would also dismiss wendell, for example, who has made a name for himself in photoshopped imagery, and is much beloved by the ladies for it.
posted by scarabic at 12:41 AM on November 7, 2006
Good.
posted by stavrosthewonderchicken at 10:53 PM PST on November 6 [+] [!]
Spoken like someone who's known for his writing primarily. I mean, sheeit... why would we expect one such as yourself to support multiple media on MeFi? You're a celebrated MeFi writer and you want TEXT to be the main event here. Big surprise? I don't think so.
Like the way I flower your path to agreeing with me with petals of flattery? They're sincere, but still, my point remains the same. Don't offer your opinion as a "data point" when you have an obvious bias. Similarly, I would also dismiss wendell, for example, who has made a name for himself in photoshopped imagery, and is much beloved by the ladies for it.
posted by scarabic at 12:41 AM on November 7, 2006
Ok, this is dumb. It was dumb when it was temporary, and I mean short-term, but long-term it's unconscionable. Just because someone maybe will know what bank you're using and you happen to be looking at an image while using an online banking website with shitty security. Seriously, I want statistics about how common this is. How many people has this happened to in the history of the Internet? 10? 20? Zero?
Matt, you need to program something like on MetaChat where you can opt to turn inline images on (they're off by default), because ruining things for everyone because something might hypothetically happen to someone, some time this millennium is just ridiculous. That way, those of us who need the occasional random image macro to get us through the day can have it; everyone else needn't be bothered. I normally like to be understanding and supportive of the way the site is run, even if I disagree, but this just strikes me as uncharacteristically lazy. If you think this is your opportunity to say, "sorry, it's out of my hands" so that you can appease the 10 or so very vocal IMG haters out there, then clearly the only option is for the IMG lovers to speak up loudly and often until you both admit and remedy your folly.
(All I need is an "Ok, that sounds like a good idea. I'll work on it." No promises of a delivery date, no detailed explanation of your planned implementation; just let us know you care.)
posted by Eideteker at 12:50 AM on November 7, 2006 [2 favorites]
Matt, you need to program something like on MetaChat where you can opt to turn inline images on (they're off by default), because ruining things for everyone because something might hypothetically happen to someone, some time this millennium is just ridiculous. That way, those of us who need the occasional random image macro to get us through the day can have it; everyone else needn't be bothered. I normally like to be understanding and supportive of the way the site is run, even if I disagree, but this just strikes me as uncharacteristically lazy. If you think this is your opportunity to say, "sorry, it's out of my hands" so that you can appease the 10 or so very vocal IMG haters out there, then clearly the only option is for the IMG lovers to speak up loudly and often until you both admit and remedy your folly.
(All I need is an "Ok, that sounds like a good idea. I'll work on it." No promises of a delivery date, no detailed explanation of your planned implementation; just let us know you care.)
posted by Eideteker at 12:50 AM on November 7, 2006 [2 favorites]
I've got a solution for the CSRF thing that I'm working on. Hopefully I'll get some free time and post it to projects in a little bit.
posted by mock at 1:11 AM on November 7, 2006
posted by mock at 1:11 AM on November 7, 2006
How about just stripping any img tag whose source contains "metafilter.com"? That would totally eliminate any IMG CSRF against Metafilter. Really, that would be as easy as pissing your pants.
posted by blasdelf at 1:20 AM on November 7, 2006
posted by blasdelf at 1:20 AM on November 7, 2006
The "image" on my profile certainly seems to have been grandfathered in.
posted by Olli at 1:27 AM on November 7, 2006
posted by Olli at 1:27 AM on November 7, 2006
Funny. Too bad javascript only works in src attribute on IE
posted by mock at 1:31 AM on November 7, 2006
posted by mock at 1:31 AM on November 7, 2006
Funny. Too bad javascript only works in src attribute on IE
And Opera.
posted by Olli at 1:33 AM on November 7, 2006
And Opera.
posted by Olli at 1:33 AM on November 7, 2006
I'm afraid it's not coming back anytime soon.
Good.
Indeed! /Gives stav a textual high-five
Spoken like someone who's known for his writing primarily. I mean, sheeit... why would we expect one such as yourself to support multiple media on MeFi? You're a celebrated MeFi writer and you want TEXT to be the main event here. Big surprise? I don't think so.
Like the way I flower your path to agreeing with me with petals of flattery? They're sincere, but still, my point remains the same. Don't offer your opinion as a "data point" when you have an obvious bias. Similarly, I would also dismiss wendell, for example, who has made a name for himself in photoshopped imagery, and is much beloved by the ladies for it.
I can't speak for Stav, but I've always found the problem to be twofold:
1.) They cause for an aggravating aesthetic disconnect in the site.
2.) They're a boring crutch for the unamusing to prop themselves up with. Occasionally they're fitting, even downright hilarious, but often they make the user look like little more than a Metafilter Carrot Top.
Previous metatalk threads that devolved into boring gif-offs are transformed into devil's playgrounds, where mischievious users are free to unleash their dormant fantastical whimsies on us unsuspecting oglers.
But mostly it just looks prettier!
posted by The God Complex at 1:36 AM on November 7, 2006
Good.
Indeed! /Gives stav a textual high-five
Spoken like someone who's known for his writing primarily. I mean, sheeit... why would we expect one such as yourself to support multiple media on MeFi? You're a celebrated MeFi writer and you want TEXT to be the main event here. Big surprise? I don't think so.
Like the way I flower your path to agreeing with me with petals of flattery? They're sincere, but still, my point remains the same. Don't offer your opinion as a "data point" when you have an obvious bias. Similarly, I would also dismiss wendell, for example, who has made a name for himself in photoshopped imagery, and is much beloved by the ladies for it.
I can't speak for Stav, but I've always found the problem to be twofold:
1.) They cause for an aggravating aesthetic disconnect in the site.
2.) They're a boring crutch for the unamusing to prop themselves up with. Occasionally they're fitting, even downright hilarious, but often they make the user look like little more than a Metafilter Carrot Top.
Previous metatalk threads that devolved into boring gif-offs are transformed into devil's playgrounds, where mischievious users are free to unleash their dormant fantastical whimsies on us unsuspecting oglers.
But mostly it just looks prettier!
posted by The God Complex at 1:36 AM on November 7, 2006
Excuse my ignorance, but couldn't the comment posting script examine included img tag and only allow images from trusted sites--maybe tinypic, flickr, photobucket, and/or imageshack (...or whatever)? Yeah, that would limit folks who have images posted on their own servers, but the policy could be "you want an image in your comment? Throw it on imageshack or forget it." Most photo hosting sites have very specific photo link formats which might (would?) be easy to regex.
Is this workable or is it still a gaping, two-handed hole?
posted by maxwelton at 1:39 AM on November 7, 2006
Is this workable or is it still a gaping, two-handed hole?
posted by maxwelton at 1:39 AM on November 7, 2006
That pretty much solves the problem, baring gaping holes in the image hosters. I was planning on building a firefox extension that enforced this on the users side, and allowed for a 'meta' tag (something like [image src=http://blahblah]) which would allow images for those who wanted them (safely), but the site could still keep them off, thus protecting everyone else. It has the added benefit that those who want images can turn them on, and those who don't, don't have to.
posted by mock at 1:48 AM on November 7, 2006
posted by mock at 1:48 AM on November 7, 2006
This Firefox extension does something like that. It hasn't been updated for 2.0 though.
posted by Olli at 1:56 AM on November 7, 2006
posted by Olli at 1:56 AM on November 7, 2006
Not that I have any photos of my own there, but tinypic in particular has a very easy to parse format:
http://tinypic.com/view/?pic=2unx7gl
Exactly the same for all images through the query string to the "=" and then always (I think) seven letters or numbers. I am the worst regex guy in the world and I might even be able to write that one.
(The added benefit to mankind would be to balance the sheer number of photos of young women (taken by holding their camera high above their head) and sparkly animated gifs on tinypic with a flood of images showing elephants pissing and cats located in explicable places.)
posted by maxwelton at 2:02 AM on November 7, 2006
http://tinypic.com/view/?pic=2unx7gl
Exactly the same for all images through the query string to the "=" and then always (I think) seven letters or numbers. I am the worst regex guy in the world and I might even be able to write that one.
(The added benefit to mankind would be to balance the sheer number of photos of young women (taken by holding their camera high above their head) and sparkly animated gifs on tinypic with a flood of images showing elephants pissing and cats located in explicable places.)
posted by maxwelton at 2:02 AM on November 7, 2006
It must be bedtime, because it's even easier than that:
http://tinypic.com/2unx7gl.jpg
The above was the HTML page, of course. Bah.
posted by maxwelton at 2:04 AM on November 7, 2006
http://tinypic.com/2unx7gl.jpg
The above was the HTML page, of course. Bah.
posted by maxwelton at 2:04 AM on November 7, 2006
Matt, please reconsider. I've no idea how much work would be required to implement maxwelton's solution, but it seems to be a good compromise.
posted by blag at 2:21 AM on November 7, 2006
posted by blag at 2:21 AM on November 7, 2006
Olli, no joy for me in Safari with regards to your "image".
posted by RichardP at 2:38 AM on November 7, 2006
posted by RichardP at 2:38 AM on November 7, 2006
Olli, no joy for me in Safari with regards to your "image".
Opera and IE execute it, Safari and Firefox don't.
posted by Olli at 2:45 AM on November 7, 2006
Opera and IE execute it, Safari and Firefox don't.
posted by Olli at 2:45 AM on November 7, 2006
What about only allowing images from a hypothetical images.metafilter.com? Give each user a very small queue (50k?), and forbid hotlinking from other sites to the images contained therein.
In combination with that, I also really like the idea of allowing users to turn off images as a preference, but I think Matt's said that would be way hard to implement.
posted by Doofus Magoo at 3:37 AM on November 7, 2006
In combination with that, I also really like the idea of allowing users to turn off images as a preference, but I think Matt's said that would be way hard to implement.
posted by Doofus Magoo at 3:37 AM on November 7, 2006
> I think Matt's said that would be way hard to implement.
I would definitely want to turn off images of pissing elephants, horse cocks, and that guy fucking a chicken. I understand how this might be a real pill to implement.
posted by jfuller at 4:34 AM on November 7, 2006
I would definitely want to turn off images of pissing elephants, horse cocks, and that guy fucking a chicken. I understand how this might be a real pill to implement.
posted by jfuller at 4:34 AM on November 7, 2006
They make MeFi seem sad and hobbled. Still a closet project despite years of great press, an awesome SEO profile, and many thousands of paid memberships. Sorry, your favorite Web 2.0 community site just can't support images. Too dangerous.
matt's such a dork.
posted by quonsar at 4:35 AM on November 7, 2006
matt's such a dork.
posted by quonsar at 4:35 AM on November 7, 2006
I really can't let olli get away with having a cooler XSS vulnerability than I have. Hopefully this works in comment links, if not, it definitely works in profile links.
I like XSS, do you?
posted by mock at 4:56 AM on November 7, 2006 [1 favorite]
I like XSS, do you?
posted by mock at 4:56 AM on November 7, 2006 [1 favorite]
quonsar is such a dork.
posted by quonsar at 5:16 AM on November 7, 2006 [2 favorites]
posted by quonsar at 5:16 AM on November 7, 2006 [2 favorites]
Spoken like someone who's known for his writing primarily. I mean, sheeit... why would we expect one such as yourself to support multiple media on MeFi? You're a celebrated MeFi writer and you want TEXT to be the main event here. Big surprise? I don't think so.
Well, thank you for your kind words. Nonetheless, I'd appreciate it if you'd refrain from telling me not to offer my opinion as a data point or as anything else. Mine's not worth any less than yours or anybody else's (except, I suppose Matt's).
Some of the photoshops that people have done expressly for this community have been some of my favorite community moments over the years. Big funnies, many of them.
But honestly, they've been a fraction of a percent of the total image crapflood, which has gotten worse and worse and more and more intrusive and conversation-derailing in recent months. If they'd been linked rather than inlined, they'd have been seen just as well, and we'd never have had the problem of the Rise of The Low-Impulse-Control Image Crapflood (which other chuckleheads have encouraged with comments like 'what, no gifs yet guys amirite?'). The good drowned out by the mediocre and the loud, tragedy of commons, yadda yadda.
I hope to see many more funny photoshops and communistuff in the future. It won't exactly break my heart if they're links rather than inline images, though.
Conversely, if Matt turns inlining back on, I won't piss and moan, but the Metafilter I love has, as you suggest (although you're offbase with regard to my love of things nontextual) been about words first.
posted by stavrosthewonderchicken at 5:20 AM on November 7, 2006
Well, thank you for your kind words. Nonetheless, I'd appreciate it if you'd refrain from telling me not to offer my opinion as a data point or as anything else. Mine's not worth any less than yours or anybody else's (except, I suppose Matt's).
Some of the photoshops that people have done expressly for this community have been some of my favorite community moments over the years. Big funnies, many of them.
But honestly, they've been a fraction of a percent of the total image crapflood, which has gotten worse and worse and more and more intrusive and conversation-derailing in recent months. If they'd been linked rather than inlined, they'd have been seen just as well, and we'd never have had the problem of the Rise of The Low-Impulse-Control Image Crapflood (which other chuckleheads have encouraged with comments like 'what, no gifs yet guys amirite?'). The good drowned out by the mediocre and the loud, tragedy of commons, yadda yadda.
I hope to see many more funny photoshops and communistuff in the future. It won't exactly break my heart if they're links rather than inline images, though.
Conversely, if Matt turns inlining back on, I won't piss and moan, but the Metafilter I love has, as you suggest (although you're offbase with regard to my love of things nontextual) been about words first.
posted by stavrosthewonderchicken at 5:20 AM on November 7, 2006
Which is to say, more with the good, defenestrate the bad, fitznorble pantsfish hoohah.
posted by stavrosthewonderchicken at 5:23 AM on November 7, 2006
posted by stavrosthewonderchicken at 5:23 AM on November 7, 2006
I'm not sure MeFi would be particularly useful for launching attacks on other sites (given the vast number of forums etc. out there allowing images), but the issue needs to be considered.
What about only allowing images from a hypothetical images.metafilter.com?
I was about to suggest the same thing. How about funding it via an extra $5 fee for those who want to use images? Each subscriber could be allowed to upload, say, 1 image per week, with a tight max file size (to protect the service and those viewing the images from large downloads).
posted by malevolent at 5:45 AM on November 7, 2006
What about only allowing images from a hypothetical images.metafilter.com?
I was about to suggest the same thing. How about funding it via an extra $5 fee for those who want to use images? Each subscriber could be allowed to upload, say, 1 image per week, with a tight max file size (to protect the service and those viewing the images from large downloads).
posted by malevolent at 5:45 AM on November 7, 2006
1.) They cause for an aggravating aesthetic disconnect in the site.
Translation: I don't like them.
2.) They're a boring crutch for the unamusing to prop themselves up with. Occasionally they're fitting, even downright hilarious, but often they make the user look like little more than a Metafilter Carrot Top.
Translation: I don't like them.
Some images are great, many are dumb. Some comments are great, many are dumb. I know, let's ban commenting so we won't have to look at dumb comments!
posted by languagehat at 6:02 AM on November 7, 2006
Translation: I don't like them.
2.) They're a boring crutch for the unamusing to prop themselves up with. Occasionally they're fitting, even downright hilarious, but often they make the user look like little more than a Metafilter Carrot Top.
Translation: I don't like them.
Some images are great, many are dumb. Some comments are great, many are dumb. I know, let's ban commenting so we won't have to look at dumb comments!
posted by languagehat at 6:02 AM on November 7, 2006
I don't think I've ever posted an image. And I really hate a lot of the stupid ones that get posted. Yet a great crap-flood can really get my days going sometime. Please bring it back, Matt.
(Also, without images, we never would have had interrobang's awesome illustrated comments. Imagine the loss.)
posted by dame at 6:12 AM on November 7, 2006
(Also, without images, we never would have had interrobang's awesome illustrated comments. Imagine the loss.)
posted by dame at 6:12 AM on November 7, 2006
If it were just because some of us don't like them, the image tag would have been lost a long time ago. I've been careful not to show too much glee in the loss of them, but I completely agree with god complex's #2. And, if nothing else, Bob Sarabia has lately been forced to be much more verbally eloquent than ever before.
Everyone wins.
posted by crunchland at 6:16 AM on November 7, 2006
Everyone wins.
posted by crunchland at 6:16 AM on November 7, 2006
I miss images, too, even though I hate when they're overused by a few folks. It's been a neat little experiment to live without them for a while, but I wouldn't mind seeing them back, with maybe a guideline or two added about when posting images crosses the line.
Again, I'll ask: Does anyone know how other discussion sites are handling this? Apologies for my programming ignorance, but I'm curious if this is MeFi-specific.
posted by mediareport at 6:23 AM on November 7, 2006 [1 favorite]
Again, I'll ask: Does anyone know how other discussion sites are handling this? Apologies for my programming ignorance, but I'm curious if this is MeFi-specific.
posted by mediareport at 6:23 AM on November 7, 2006 [1 favorite]
No. It's a vulnerability with html. Any place that allows images posted by random people is theoretically at risk.
posted by crunchland at 6:28 AM on November 7, 2006
posted by crunchland at 6:28 AM on November 7, 2006
Thanks. So to follow up, which sites have banned images and which have kept them? In other words, how is this risk being perceived by other site managers?
posted by mediareport at 6:32 AM on November 7, 2006
posted by mediareport at 6:32 AM on November 7, 2006
How is it that the rest of the internet has images? If this is so serious that images must be banned for our safety, why is it that no other site I go to has banned IMGs? Why aren't rooms full of PhDs harrumphing furiously in front of blackboards? Should we organize a Day Without Porn in order to raise awareness of the need for a cure?
posted by popechunk at 6:36 AM on November 7, 2006
posted by popechunk at 6:36 AM on November 7, 2006
The rest of the internet doesn't usually give random people the ability to introduce html code on their pages. Amazon, for example, strips out all html from their comments.
Flickr will let you post an image in a comment. I wonder if they're aware of the security issue about this, and if they're just willing to allow it.
posted by crunchland at 6:43 AM on November 7, 2006
Flickr will let you post an image in a comment. I wonder if they're aware of the security issue about this, and if they're just willing to allow it.
posted by crunchland at 6:43 AM on November 7, 2006
Everyone wins.
Sorry. Despite your advanced hand-waving techniques I still miss the img tag.
Look, I'm probably one of the wordiest motherfucker's up in this joint - with some of the deepest love and respect for the written word as well, but I also like images a lot.
I like the dumb images. I like invisible sandwich cat. I like visual humor. I loved interrobang's illustrated comments. I loved the Metafilter comics, which I shamelessly stole the idea for and expanded it to metatalk and ask, and I would like to do more of. Even if they suck and they're stupid.
So, no, not everybody wins.
posted by loquacious at 6:44 AM on November 7, 2006
Sorry. Despite your advanced hand-waving techniques I still miss the img tag.
Look, I'm probably one of the wordiest motherfucker's up in this joint - with some of the deepest love and respect for the written word as well, but I also like images a lot.
I like the dumb images. I like invisible sandwich cat. I like visual humor. I loved interrobang's illustrated comments. I loved the Metafilter comics, which I shamelessly stole the idea for and expanded it to metatalk and ask, and I would like to do more of. Even if they suck and they're stupid.
So, no, not everybody wins.
posted by loquacious at 6:44 AM on November 7, 2006
The rest of the internet doesn't usually give random people the ability to introduce html code on their pages.
Huh? How many sites run phpBB or some similar web forum software with html-like syntax that includes an image tag?
posted by Armitage Shanks at 6:59 AM on November 7, 2006
Huh? How many sites run phpBB or some similar web forum software with html-like syntax that includes an image tag?
posted by Armitage Shanks at 6:59 AM on November 7, 2006
images were good. :(
posted by jeffburdges at 7:05 AM on November 7, 2006
posted by jeffburdges at 7:05 AM on November 7, 2006
Well, what I meant was that most websites don't offer the ability for random people to post random things for public display. Google doesn't. USPS.gov doesn't. Boing Boing doesn't. Ebay does, but they strip out all html.
The vast majority of sites on the net don't have phpbb or any other forum software. Maybe I was being pedantic, but "the rest of the internet" doesn't trust you enough to let you post anything at all. Many that do strictly control it. And those that don't strictly control it probably aren't even aware of the vulnerability, I'd bet.
posted by crunchland at 7:07 AM on November 7, 2006
The vast majority of sites on the net don't have phpbb or any other forum software. Maybe I was being pedantic, but "the rest of the internet" doesn't trust you enough to let you post anything at all. Many that do strictly control it. And those that don't strictly control it probably aren't even aware of the vulnerability, I'd bet.
posted by crunchland at 7:07 AM on November 7, 2006
Flickr will let you post an image in a comment. I wonder if they're aware of the security issue about this, and if they're just willing to allow it.
They had to beef up their filters last year after someone demonstrated that various img tricks from the XSS Cheatsheet worked. Mathowie did the same thing here earlier in the year.
The problem is that browsers accept so much that it's almost impossible to catch it all.
posted by Olli at 7:10 AM on November 7, 2006
They had to beef up their filters last year after someone demonstrated that various img tricks from the XSS Cheatsheet worked. Mathowie did the same thing here earlier in the year.
The problem is that browsers accept so much that it's almost impossible to catch it all.
posted by Olli at 7:10 AM on November 7, 2006
The answer to the question about how the rest of the internet is dealing with CSRF, is that for the most part it isn't. This will probably cause some spectacular nastyness at some future date.
Now if I had my druthers I would have Matt implement the following:
Every user could turn on images for specific domains in their profile. By default images would be off. By default only sane domains (flickr, imageshack, etc) would be allowed. The user could add new domains to this list if desired.
The list of domains would go into a cookie, something of the form "allowedimgurl=http://flickr.com, http://imageshack.com, http://etc"
People wanting to display an image would add an img attribute their anchor tags. So, for example, someone wanting to display goatse would link using <a href="http://goatse.cx" img=1>image of man ass</a>
At the top of the page would be a bit of javascript. For people who wanted images on, it would change the anchor tags to an img tag only for the domains specified in their cookie. Everyone else would just see a plain old link. People without javascript would just see a plain old link. People who didn't put http://goatse.cx in their list on accepted image urls would just see a plain old link.
This solves the problem of CSRF - CSRF doesn't work unless the attacker has control over the url. Since the viewer controls which urls he considers safe, this vector is greatly reduced to the list of people who specifically turn on dangerous behaviour. Since CSRF is mostly dangerous by causing unintended trusted actions using the user's credentials, the stupid people would hurt only themselves. Since most people would have images only set to specific safe urls, the user would have to be intensionally stupid to be harmed.
This also solves the problem of not wanting to see giant gaping man ass. Images can be turned off. Images can be turned off per url. In theory additional ACL like behaviour could be applied to links (checksums against known tubgirl images and locations, per user image bans, etc).
This solves the problem of Matt eating a giant bandwidth bill. An issue that images.metafilter.com would have to solve, probably by charging a fair whack of cash.
This solves the problem of people wanting know that ceiling cat takes an interest in their sexual health.
If Matt doesn't implement this or something similar, probably I'll get around to just doing it with a firefox plugin or a custom css or something. Which is slightly less cool, but accomplishes much the same goal.
posted by mock at 7:14 AM on November 7, 2006
Now if I had my druthers I would have Matt implement the following:
Every user could turn on images for specific domains in their profile. By default images would be off. By default only sane domains (flickr, imageshack, etc) would be allowed. The user could add new domains to this list if desired.
The list of domains would go into a cookie, something of the form "allowedimgurl=http://flickr.com, http://imageshack.com, http://etc"
People wanting to display an image would add an img attribute their anchor tags. So, for example, someone wanting to display goatse would link using <a href="http://goatse.cx" img=1>image of man ass</a>
At the top of the page would be a bit of javascript. For people who wanted images on, it would change the anchor tags to an img tag only for the domains specified in their cookie. Everyone else would just see a plain old link. People without javascript would just see a plain old link. People who didn't put http://goatse.cx in their list on accepted image urls would just see a plain old link.
This solves the problem of CSRF - CSRF doesn't work unless the attacker has control over the url. Since the viewer controls which urls he considers safe, this vector is greatly reduced to the list of people who specifically turn on dangerous behaviour. Since CSRF is mostly dangerous by causing unintended trusted actions using the user's credentials, the stupid people would hurt only themselves. Since most people would have images only set to specific safe urls, the user would have to be intensionally stupid to be harmed.
This also solves the problem of not wanting to see giant gaping man ass. Images can be turned off. Images can be turned off per url. In theory additional ACL like behaviour could be applied to links (checksums against known tubgirl images and locations, per user image bans, etc).
This solves the problem of Matt eating a giant bandwidth bill. An issue that images.metafilter.com would have to solve, probably by charging a fair whack of cash.
This solves the problem of people wanting know that ceiling cat takes an interest in their sexual health.
If Matt doesn't implement this or something similar, probably I'll get around to just doing it with a firefox plugin or a custom css or something. Which is slightly less cool, but accomplishes much the same goal.
posted by mock at 7:14 AM on November 7, 2006
Do you really expect some mouth-breather wanting to post ceiling cat for the eleven-hundredth time is going to go to that trouble of adding an image attribute tag? It would have to be automatically pasted in during the posting process.
posted by crunchland at 7:21 AM on November 7, 2006
posted by crunchland at 7:21 AM on November 7, 2006
I figure if said mouthbreather really wants to post an image, then he'll go to the trouble. Otherwise, no real loss, is it.
posted by mock at 7:26 AM on November 7, 2006 [1 favorite]
posted by mock at 7:26 AM on November 7, 2006 [1 favorite]
That said, there are a couple of other possible schemas for transposing anchors and img tags. The other possibility I thought of was to just put the word image as the first word in the anchor text. For example <a href="http://goatse.cx">image of gaping man ass</a>
posted by mock at 7:29 AM on November 7, 2006
posted by mock at 7:29 AM on November 7, 2006
ruining things for everyone
Not.
I don't miss them, but would not complain just because they came back. If there were a lot of truly worthless ones, I might.
posted by Kirth Gerson at 7:30 AM on November 7, 2006
Not.
I don't miss them, but would not complain just because they came back. If there were a lot of truly worthless ones, I might.
posted by Kirth Gerson at 7:30 AM on November 7, 2006
I've now tested this Firefox Extension. It seems to work fine on Firefox 2.0 if installed with the nightly tools.
When using it all links to images are converted into inline images (as an example, I see a picture of a bunny here).
posted by Olli at 7:30 AM on November 7, 2006
When using it all links to images are converted into inline images (as an example, I see a picture of a bunny here).
posted by Olli at 7:30 AM on November 7, 2006
I think images are worth repeating
images repeated from a painting
Images taken from a painting
from a photo worth re-seeing
I love images worth repeating
project them upon the ceiling
multiply them with silk screening
see them with a different feeling
Images, oh, images
images, oh, images
Some say images have no feeling
I think there's a deeper meaning
Mechanical precision or so it's seeming
instigates a cooler feeling
I love multiplicity of screenings
things born anew display new meanings
I think images are worth repeating
and repeating and repeating
Images, oh, images
images, images
I'm no urban idiot savant
spewing paint without any order
I'm no sphinx, no mystery enigma
what I paint is very ordinary
I don't think I'm old or modern
I don't think I think I'm thinking
it doesn't matter what I'm thinking
it's the images that are worth repeating
And repeating, oh, images
images
If you're looking for a deeper meaning
I'm as deep as this high ceiling
If you think technique is meaning
you might find me very simple
You might think that images boring
cars and cans and chairs and flowers
you might find me personally boring
Hammer, sickle, Mao Tse Tong
Mao Tse Tong
ooohhh, images, images
Images
I think that it bears repeating
the images upon the ceiling
I love images worth repeating
and repeating and repeating
Images, images
oh, images, oh, images
--Lou Reed
posted by hermitosis at 7:40 AM on November 7, 2006
images repeated from a painting
Images taken from a painting
from a photo worth re-seeing
I love images worth repeating
project them upon the ceiling
multiply them with silk screening
see them with a different feeling
Images, oh, images
images, oh, images
Some say images have no feeling
I think there's a deeper meaning
Mechanical precision or so it's seeming
instigates a cooler feeling
I love multiplicity of screenings
things born anew display new meanings
I think images are worth repeating
and repeating and repeating
Images, oh, images
images, images
I'm no urban idiot savant
spewing paint without any order
I'm no sphinx, no mystery enigma
what I paint is very ordinary
I don't think I'm old or modern
I don't think I think I'm thinking
it doesn't matter what I'm thinking
it's the images that are worth repeating
And repeating, oh, images
images
If you're looking for a deeper meaning
I'm as deep as this high ceiling
If you think technique is meaning
you might find me very simple
You might think that images boring
cars and cans and chairs and flowers
you might find me personally boring
Hammer, sickle, Mao Tse Tong
Mao Tse Tong
ooohhh, images, images
Images
I think that it bears repeating
the images upon the ceiling
I love images worth repeating
and repeating and repeating
Images, images
oh, images, oh, images
--Lou Reed
posted by hermitosis at 7:40 AM on November 7, 2006
I'll give $100 to anyone who can prove that posting song lyrics causes some kind of security violation.
posted by crunchland at 7:45 AM on November 7, 2006
posted by crunchland at 7:45 AM on November 7, 2006
I'm not sure why it's so important to people that their precious images must appear in the thread.
This is not an image. But it still gets the job done, doesn't it?
posted by Alvy Ampersand at 7:49 AM on November 7, 2006
This is not an image. But it still gets the job done, doesn't it?
posted by Alvy Ampersand at 7:49 AM on November 7, 2006
I really don't understand why people feel compelled to post entire song lyrics. I've posted a stanza here and there, but why make people scroll past all that verbiage? Do you seriously think somebody's going to read every word? You think it's cool and funny that Lou Reed did a song about images, quote the chorus and link to the rest. Jesus.
posted by languagehat at 7:49 AM on November 7, 2006
posted by languagehat at 7:49 AM on November 7, 2006
im in ur song lerix robin all ur banx
posted by hermitosis at 7:49 AM on November 7, 2006
posted by hermitosis at 7:49 AM on November 7, 2006
But it still gets the job done, doesn't it?
No, it doesn't. This is not a pipe. If you can't understand the distinction, no wonder you have no problem with banning images.
posted by languagehat at 7:49 AM on November 7, 2006
No, it doesn't. This is not a pipe. If you can't understand the distinction, no wonder you have no problem with banning images.
posted by languagehat at 7:49 AM on November 7, 2006
Languagehat, that's the thousand words that a picture would have been worth.
posted by hermitosis at 7:51 AM on November 7, 2006
posted by hermitosis at 7:51 AM on November 7, 2006
*rushes off to find particularly nasty Avenue D lyrics*
posted by loquacious at 7:52 AM on November 7, 2006
posted by loquacious at 7:52 AM on November 7, 2006
For crunchland:
Avenue D - Stick It Inposted by loquacious at 7:53 AM on November 7, 2006
Hey Daphne
Yeah Debbie?
You know who I saw the other day?
Who's that?
That boy, you know the one with the eyes...
Shit you mean the one with the ass?
He is so dreamy
he is so fuckin hot
And he's always saying the sweetest things,
I know, like the other day he was telling me how pretty I was and how much he likes my ass, but you know, sometimes, I wish that he would just...
Shut up and stick, just stick it in!
shut up and stick it in! stick, just stick it in! shut up and stick it in! stick, just stick it in! shut up and stick it in! stick, just stick it in! shut up and stick it in!
ay papi, damelo fuerte, quiero que me besas y que me muerdes las tetas, mis nalgas, y lo que tu quieras me gusta quando tu gritas electra y yo te chupo el... ay que rico, no me des un chiquito, quiero uno grande por detras y por delante, sigue asi me gusta, tu sabes que soy una nina sucia ven y toca me por todo mi cuerpo tu eres el nino de mis suenos....
you're my dreamboy, you suck my pussy every day, I'm really glad that your not gay, now I know that dreams come true...
you're my dreamboy, you came and filled my pants with joy, and I can smile again, cuz I know that you're gonna stick it in!
chorus
you're my dreamboy, I come clean boy, when I think about you I cream boy, when you look at me with those twinkly eyes, I get so wet between my thighs cuz boy you look so nice and sweet, I want you to stick me with your meat, you know how to show this ho a good time, you treat me right and know that I'm horny wanna ride your pony the one made out of balogna, oh my dreamboy can't you see, tonight you gotta run it up inside of me!
What stavros said.
Actually, restricting it to pay-per-use hosting at images.metafilter.com would be great. Make it $5 per image.
posted by hydrophonic at 7:54 AM on November 7, 2006
Actually, restricting it to pay-per-use hosting at images.metafilter.com would be great. Make it $5 per image.
posted by hydrophonic at 7:54 AM on November 7, 2006
Another favorite:
Avenue D - Do I Look Like a Slut?posted by loquacious at 7:55 AM on November 7, 2006
Do I look like a slut?
Uh-huh.
Shut up.
You know, I don't understand why everyone keeps calling us sluts.
Me neither, I'm a good girl.
Yeah, me too.
Hell, I just went to church the other day.
Here's a story about the boys of the alter.
Some of them got between me and my halter.
But I don't think the Good Lord would mind,
I was calling his name the whole time.
Sometimes I get a little drunk,
and I go home with some crazy punks.
But don't judge me by what I do,
'cause baby you know you want to hit it too.
Shit, you know they all want to hit it.
Yeah, they're just talkin' shit 'cause they want it.
You know, maybe it's these outfits we wear, I mean, I can see your boobies.
Shit my stylist is on a budget, he's just trying to save some fabric.
It really doesn't matter, I'm just gonna end up taking it off anyway.
So what if I'm a little nudie?
It don't mean you're gonna get some booty,
Baby I just want to shake it,
it took mama nine months to make it.
My daisy dukes they fit just right,
they squeeze my coochie really tight.
So that when I shake and dance,
there's a party in my pants.
Shit, I like your daisy dukes, I think they're real classy.
Do I look like a slut?
Is it the way I move my butt?
Is it the way my clothes are cut?
I like to do it, and what?
Do I look like a slut?
Is it the way I move my butt?
Is it how my clothes are cut?
I don't give a fuck.
I saw Mikey on the street yesterday, and do you know what he called me?
What?
He called me a slut.
No.
Yeah.
Honey, don't worry, he's just a fag anyway.
I'm not a fuckin' slut you fucking cock sucker,
your mom's the one letting everyone fuck her.
Everyone knows she's a fuckin' ho,
sucks dick on the corner for a little blow.
Just because I like to freak each and every night of the week,
don't mean I can't resist temptation,
hell I don't give a damn about my reputation.
Shit, you know I'm grade A, top joint, speed baby.
This is one classy ass.
I can't believe she'd get off talkin' shit like that.
I mean she's one to talk.
At least we don't let just anyone stick it in.
what a fucking slut.
Slut!
That's offensive, loq, but I don't think it will do nasty things to the server. Please check the number and try your call again.
posted by crunchland at 7:56 AM on November 7, 2006
posted by crunchland at 7:56 AM on November 7, 2006
Guh? Why is posting a link to an image such a crap alternative to posting the image itself?
And why do you seem so cranky, languagehat?
posted by Alvy Ampersand at 7:59 AM on November 7, 2006
And why do you seem so cranky, languagehat?
posted by Alvy Ampersand at 7:59 AM on November 7, 2006
Avenue D is freakin' nasty all over the server! Violatin' and reprobatin'!
Oh. Never mind.
posted by loquacious at 8:00 AM on November 7, 2006
Oh. Never mind.
posted by loquacious at 8:00 AM on November 7, 2006
Metafilter became moderately less interesting for me when the image tag was banned.
posted by blue_beetle at 8:19 AM on November 7, 2006
posted by blue_beetle at 8:19 AM on November 7, 2006
Ebay does, but they strip out all html
Strip all html out of what, exactly? You can most certainly post more or less arbitrary html in auction descriptions, with as many embedded images from arbitrary locations as you like.
posted by Chuckles at 8:26 AM on November 7, 2006
Strip all html out of what, exactly? You can most certainly post more or less arbitrary html in auction descriptions, with as many embedded images from arbitrary locations as you like.
posted by Chuckles at 8:26 AM on November 7, 2006
You're absolutely right. I hadn't thought about that. For some reason, I was thinking only about feedback comments. Auction listings themselves are wide open.
posted by crunchland at 8:28 AM on November 7, 2006
posted by crunchland at 8:28 AM on November 7, 2006
What blue beetle said. It's been on a slide for a while, though. No more happy image fun is just another stone in the path.
posted by scarabic at 8:30 AM on November 7, 2006
posted by scarabic at 8:30 AM on November 7, 2006
not quite song lyrics, but you have to admit, using the <em> tag is pretty damn close.
posted by mock at 8:52 AM on November 7, 2006
posted by mock at 8:52 AM on November 7, 2006
Well, that turned me right around on this entire issue.
As long as the images are as fresh, orginal, and funny as the one above, count me as a member of the pro-image crowd.
posted by Alvy Ampersand at 9:00 AM on November 7, 2006
As long as the images are as fresh, orginal, and funny as the one above, count me as a member of the pro-image crowd.
posted by Alvy Ampersand at 9:00 AM on November 7, 2006
See, now we've got ourselves a shooting match. Somebody...hold me!
posted by Jofus at 9:09 AM on November 7, 2006
posted by Jofus at 9:09 AM on November 7, 2006
No, only mock images work.
posted by monju_bosatsu at 9:11 AM on November 7, 2006
posted by monju_bosatsu at 9:11 AM on November 7, 2006
Count me in the pro-image camp. When used judiciously, they're a positive.
An image is worth a thousand words, as the saying goes. When a post truly sucks, the pissing elephant just says it so succinctly. Without the image tag, to show our displeasure, we'll have to write a novella describing the act of an elephant urinating in minute detail, and I just don't have the time for that.
posted by Gamblor at 9:13 AM on November 7, 2006
An image is worth a thousand words, as the saying goes. When a post truly sucks, the pissing elephant just says it so succinctly. Without the image tag, to show our displeasure, we'll have to write a novella describing the act of an elephant urinating in minute detail, and I just don't have the time for that.
posted by Gamblor at 9:13 AM on November 7, 2006
Guh? Why is posting a link to an image such a crap alternative to posting the image itself?
Because... Jeez, how to explain this. If you're sitting there on the front porch, fanning yourself, looking like you could really use an iced tea, I could bring you a glass of nice, cold, iced tea, or I could tell you "Hey, if you go inside there's a pitcher of iced tea in the kitchen." Yeah, that's not a lot of work, but it's not the same, is it? Or you're thinking about your youth and a radio suddenly starts playing that song you loved when you were 13. Is that really just the same as someone mentioning the name of the song and telling you where you can go if you want to hear it? You don't seem to place any value on immediacy and surprise, so I don't really know how to convey the difference to you. Sorry if I sound cranky, but I don't like the fact that people are using crap arguments to try to justify eliminating something that they don't like but others do.
posted by languagehat at 9:15 AM on November 7, 2006 [2 favorites]
Because... Jeez, how to explain this. If you're sitting there on the front porch, fanning yourself, looking like you could really use an iced tea, I could bring you a glass of nice, cold, iced tea, or I could tell you "Hey, if you go inside there's a pitcher of iced tea in the kitchen." Yeah, that's not a lot of work, but it's not the same, is it? Or you're thinking about your youth and a radio suddenly starts playing that song you loved when you were 13. Is that really just the same as someone mentioning the name of the song and telling you where you can go if you want to hear it? You don't seem to place any value on immediacy and surprise, so I don't really know how to convey the difference to you. Sorry if I sound cranky, but I don't like the fact that people are using crap arguments to try to justify eliminating something that they don't like but others do.
posted by languagehat at 9:15 AM on November 7, 2006 [2 favorites]
If you can't enjoy the site unless you can post or see that someone else has posted a dancing squirrel playing the harmonica, well then maybe it's time you moved on to other pastures.
posted by crunchland at 9:15 AM on November 7, 2006
posted by crunchland at 9:15 AM on November 7, 2006
Well, actually I'm quite enjoying figuring out new ways of sneaking images and javascript into my comments, but maybe that's just me. Plus the night's been rather productive. I've got a new XSS vector which isn't up on the XSS cheat sheet yet.
posted by mock at 9:22 AM on November 7, 2006
posted by mock at 9:22 AM on November 7, 2006
Because... Jeez, how to explain this. If you're sitting there on the front porch, fanning yourself, looking like you could really use an iced tea, I could bring you a glass of nice, cold, iced tea, or I could tell you "Hey, if you go inside there's a pitcher of iced tea in the kitchen." Yeah, that's not a lot of work, but it's not the same, is it?
Under the old system people used to pourcocks iced tea all over me, whether I liked it or not. I'm kind of glad that no longer happens, if you miss it I hear theres this extension.
posted by Olli at 9:24 AM on November 7, 2006
Under the old system people used to pour
posted by Olli at 9:24 AM on November 7, 2006
If you can't enjoy the site unless you can post or see that someone else has posted a dancing squirrel playing the harmonica, well then maybe it's time you moved on to other pastures.
Translation: "Hey you kids! Get off my lawn! And turn down that rock and roll music!"
posted by Gamblor at 9:26 AM on November 7, 2006
Translation: "Hey you kids! Get off my lawn! And turn down that rock and roll music!"
posted by Gamblor at 9:26 AM on November 7, 2006
You don't seem to place any value on immediacy
You mean the immediacy of having the image just appear versus the monumentally difficult and time-consuming task of clicking on the link? That immediacy?
and surprise
How are you less surprised when you click on a link to see ceiling cat for the eleven-hundred-and-first time? I'd be even more surprised. I'd think, "shit, I can't believe I went to the effort of clicking on a link just to see ceiling cat again."
posted by Armitage Shanks at 9:28 AM on November 7, 2006
You mean the immediacy of having the image just appear versus the monumentally difficult and time-consuming task of clicking on the link? That immediacy?
and surprise
How are you less surprised when you click on a link to see ceiling cat for the eleven-hundred-and-first time? I'd be even more surprised. I'd think, "shit, I can't believe I went to the effort of clicking on a link just to see ceiling cat again."
posted by Armitage Shanks at 9:28 AM on November 7, 2006
If you can't enjoy the site unless you can post or see that someone else has posted a dancing squirrel playing the harmonica, well then maybe it's time you moved on to other pastures.
If you can't enjoy a picture of a dancing squirrel, maybe you're tired of life!
posted by loquacious at 9:29 AM on November 7, 2006
If you can't enjoy a picture of a dancing squirrel, maybe you're tired of life!
posted by loquacious at 9:29 AM on November 7, 2006
This is what people more intelligent than me would call an impasse.
Actually, fuck it, this is what people considerably stupider than me would call an impasse. The clever people would have italicized it though.
My impassioned plea is that we organize some kind of poll of all Mefi members and ask them the simple question: You want pics, or what?
..and then instead of arguing about the issue for three months we can argue about the argument about the issue.
posted by Jofus at 9:29 AM on November 7, 2006
Actually, fuck it, this is what people considerably stupider than me would call an impasse. The clever people would have italicized it though.
My impassioned plea is that we organize some kind of poll of all Mefi members and ask them the simple question: You want pics, or what?
..and then instead of arguing about the issue for three months we can argue about the argument about the issue.
posted by Jofus at 9:29 AM on November 7, 2006
Second blue_beetle.
I consider myself somewhat intelligent. I enjoy learning and working with odd problems. I am a dork. That said, this img tag "exploit" seems like a problem that isn't caused by the sites allowing the image tab, but by sites that use HTTP GET as the mechanism for making "things" happen. It shouldn't be on sites like Metafilter to prevent people from posting img links. It should be on site creators to not use HTTP GET to take actions on their site.
This shouldn't be Metafilter's fight. I don't understand why we are putting up the fight. Can someone explain it to me what EXACTLY we are protecting ourselves from by blocking images (besides, you know, the guy fucking a chicken)?
posted by jeversol at 9:29 AM on November 7, 2006
I consider myself somewhat intelligent. I enjoy learning and working with odd problems. I am a dork. That said, this img tag "exploit" seems like a problem that isn't caused by the sites allowing the image tab, but by sites that use HTTP GET as the mechanism for making "things" happen. It shouldn't be on sites like Metafilter to prevent people from posting img links. It should be on site creators to not use HTTP GET to take actions on their site.
This shouldn't be Metafilter's fight. I don't understand why we are putting up the fight. Can someone explain it to me what EXACTLY we are protecting ourselves from by blocking images (besides, you know, the guy fucking a chicken)?
posted by jeversol at 9:29 AM on November 7, 2006
It's fairly trivial to convert an HTTP GET to a POST. You can either use actionscript, or depending on the browser version and it's protocol handlers, use a 302 redirect to a different protocol and overlay the POST on top of that.
posted by mock at 9:33 AM on November 7, 2006
posted by mock at 9:33 AM on November 7, 2006
You don't seem to place any value on immediacy and surprise, so I don't really know how to convey the difference to you.
It's funny, my apathy towards in-line images is based partly on how highly I value immediacy and surprise - a lot of the time image use (And abuse) interferes with immediacy by making pages load more slowly or giving FF a grand mal seizure (And no, I'm not saying ban images because I have a shitty PC).
And I've been amused by images and acknowledge how helpful they can be in AskMe, but for the most part I just see the same tired cliched memes... a pissing elephant is not a surprise. A cat watching me masturbate isn't a surprise.
An occasional turn-on, yes, but not a surprise.
Thank you for elaborating on your position though, I do appreciate it.
(I know it's not a pipe, I was referring to the link itself. I suck at meta art jokes.)
A dancing squirrel?
Playing the harmonica?
This I gotta... aw, screw it.
posted by Alvy Ampersand at 9:38 AM on November 7, 2006
It's funny, my apathy towards in-line images is based partly on how highly I value immediacy and surprise - a lot of the time image use (And abuse) interferes with immediacy by making pages load more slowly or giving FF a grand mal seizure (And no, I'm not saying ban images because I have a shitty PC).
And I've been amused by images and acknowledge how helpful they can be in AskMe, but for the most part I just see the same tired cliched memes... a pissing elephant is not a surprise. A cat watching me masturbate isn't a surprise.
An occasional turn-on, yes, but not a surprise.
Thank you for elaborating on your position though, I do appreciate it.
(I know it's not a pipe, I was referring to the link itself. I suck at meta art jokes.)
A dancing squirrel?
Playing the harmonica?
This I gotta... aw, screw it.
posted by Alvy Ampersand at 9:38 AM on November 7, 2006
Can someone explain it to me what EXACTLY we are protecting ourselves from by blocking images (besides, you know, the guy fucking a chicken)?
- You make an image post that has code pointing to:
http://yourserver.com/omg/haha-funnier-than-FARK.jpg
- You setup apache to parse .jpg URLs as php in your omg directory
- it shows up as a broken image on metafilter, no one really suspects anything but your server down or something.
- that php file grabs any and all cookie data from the metafilter user, since the script is run within an image tag on the metafilter.com site.
- you take the username/password cookie and do stuff on the site. Maybe you take mine and delete everything and ban everyone, you know, just for kicks.
posted by mathowie (staff) at 9:40 AM on November 7, 2006 [1 favorite]
- You make an image post that has code pointing to:
http://yourserver.com/omg/haha-funnier-than-FARK.jpg
- You setup apache to parse .jpg URLs as php in your omg directory
- it shows up as a broken image on metafilter, no one really suspects anything but your server down or something.
- that php file grabs any and all cookie data from the metafilter user, since the script is run within an image tag on the metafilter.com site.
- you take the username/password cookie and do stuff on the site. Maybe you take mine and delete everything and ban everyone, you know, just for kicks.
posted by mathowie (staff) at 9:40 AM on November 7, 2006 [1 favorite]
Matt says: you take the username/password cookie and do stuff on the site. Maybe you take mine and delete everything and ban everyone, you know, just for kicks.
Holy christ. Um. Yeah. Wow. I had understood the problem in abstract, but not in that light.
But there's totally a rolling backup, right?
posted by cortex at 9:52 AM on November 7, 2006
Holy christ. Um. Yeah. Wow. I had understood the problem in abstract, but not in that light.
But there's totally a rolling backup, right?
posted by cortex at 9:52 AM on November 7, 2006
Translation: "Hey you kids! Get off my lawn! And turn down that rock and roll music!"
Close, but I think you're fumbling with the dialect. It actually translates into "Don't let the door hit you on the ass."
posted by crunchland at 9:55 AM on November 7, 2006
Close, but I think you're fumbling with the dialect. It actually translates into "Don't let the door hit you on the ass."
posted by crunchland at 9:55 AM on November 7, 2006
For the anti-image crowd, here's a somewhat recent thread that devolved entirely into silly images.
It had 290 comments, including three from mathowie saying how he approved of the images in the post, requesting more images, and posting an image himself.
It was marked as a favorite by 93 users, including stavrosthewonderchicken, who is now arguing that images should be banned.
Assuming the security problem has a workaround, please explain to me again why images are always a bad thing and therefore should be permanently banned? Seems like people enjoy them, except when they're don't. That may be a good reason to flag a comment, but it's hardly a reason to set a site-wide policy.
posted by Gamblor at 10:03 AM on November 7, 2006
It had 290 comments, including three from mathowie saying how he approved of the images in the post, requesting more images, and posting an image himself.
It was marked as a favorite by 93 users, including stavrosthewonderchicken, who is now arguing that images should be banned.
Assuming the security problem has a workaround, please explain to me again why images are always a bad thing and therefore should be permanently banned? Seems like people enjoy them, except when they're don't. That may be a good reason to flag a comment, but it's hardly a reason to set a site-wide policy.
posted by Gamblor at 10:03 AM on November 7, 2006
mathowie, what do you think of some of the solutions been suggested here? Is the img ban only because of the exploit? If a solution is found, would that be all that is needed to return images or has the ban taken on larger overtones?
posted by Falconetti at 10:11 AM on November 7, 2006
posted by Falconetti at 10:11 AM on November 7, 2006
Assuming the security problem has a workaround, please explain to me again why images are always a bad thing and therefore should be permanently banned? Seems like people enjoy them, except when they're don't. That may be a good reason to flag a comment, but it's hardly a reason to set a site-wide policy.
A few things:
There doesn't appear to be any easy workaround. There are some difficult ones and some time consuming ones and I have to wonder if silly images are worth all that effort. Creating a system with allowed URLs isn't easy considering all the text filtering I have to do to keep people like mock at bay (not saying mock is a bad guy, he's quite helpful and clever, but it's not easy to thwart the tricks he comes up with). It's complex stuff to say hundreds of malicious things are bad except when an attribute includes foo.com for each and every thing posted anywhere on the server.
I've never said images are "always" a bad thing. Each and every time this has come up (and we're going on five years of people asking for the img tag to be banned) I've defended them saying yes a lot of the use is annoying but they are sometimes useful. In the last year or so, I have to say my years of patience for defending the img tag has wained. Especially the hair-trigger response from people demanding that dumb images get posted to any thread they don't like. In the last three months or so, the use of images on the site has swung way too far into Fark territory, with the good examples of using an inline image getting fairly rare. I know because I have to look at all the flags and I was seeing 100 stupid images for every moderately useful one.
And yes, one day I said the flashing dot was kind of funny but I had to delete dozens of 1000px wide flashing dots that day as well.
Simply put, continued abuse of the image tag is why I'm not bending over backwards coming up with an entire new infrastructure to handle it. And I know there are 40,000 people here with 40,000 opinions on what constitutes "lame use of the image tag" and we've already argued back and forth extensively here, but overall, img tag use was taking away from the site much more than it was helping. And for the few times it was used intelligently in ask mefi, people can easily link to their picture of a bug or flower they need identified and still get good answers.
For those still clamoring for the img tag, that firefox extension certainly seems to solve the issue.
posted by mathowie (staff) at 10:15 AM on November 7, 2006
A few things:
There doesn't appear to be any easy workaround. There are some difficult ones and some time consuming ones and I have to wonder if silly images are worth all that effort. Creating a system with allowed URLs isn't easy considering all the text filtering I have to do to keep people like mock at bay (not saying mock is a bad guy, he's quite helpful and clever, but it's not easy to thwart the tricks he comes up with). It's complex stuff to say hundreds of malicious things are bad except when an attribute includes foo.com for each and every thing posted anywhere on the server.
I've never said images are "always" a bad thing. Each and every time this has come up (and we're going on five years of people asking for the img tag to be banned) I've defended them saying yes a lot of the use is annoying but they are sometimes useful. In the last year or so, I have to say my years of patience for defending the img tag has wained. Especially the hair-trigger response from people demanding that dumb images get posted to any thread they don't like. In the last three months or so, the use of images on the site has swung way too far into Fark territory, with the good examples of using an inline image getting fairly rare. I know because I have to look at all the flags and I was seeing 100 stupid images for every moderately useful one.
And yes, one day I said the flashing dot was kind of funny but I had to delete dozens of 1000px wide flashing dots that day as well.
Simply put, continued abuse of the image tag is why I'm not bending over backwards coming up with an entire new infrastructure to handle it. And I know there are 40,000 people here with 40,000 opinions on what constitutes "lame use of the image tag" and we've already argued back and forth extensively here, but overall, img tag use was taking away from the site much more than it was helping. And for the few times it was used intelligently in ask mefi, people can easily link to their picture of a bug or flower they need identified and still get good answers.
For those still clamoring for the img tag, that firefox extension certainly seems to solve the issue.
posted by mathowie (staff) at 10:15 AM on November 7, 2006
Remember when crunchland used to not be such a curmudgeon?
Yeah, neither do I.
posted by mr_crash_davis at 10:50 AM on November 7, 2006
Yeah, neither do I.
posted by mr_crash_davis at 10:50 AM on November 7, 2006
"...you take the username/password cookie and do stuff on the site. Maybe you take mine and delete everything and ban everyone, you know, just for kicks."
Wait a minute, you log in as root?
posted by mr_crash_davis at 10:53 AM on November 7, 2006
Wait a minute, you log in as root?
posted by mr_crash_davis at 10:53 AM on November 7, 2006
Thank you for elaborating on your position though, I do appreciate it.
Same right backatcha.
For the anti-image crowd, here's a somewhat recent thread that devolved entirely into silly images.
Man, I just don't know how anyone can scroll down that thread and not bow to the Majesty of the Image. It still makes me smile.
posted by languagehat at 11:00 AM on November 7, 2006
Same right backatcha.
For the anti-image crowd, here's a somewhat recent thread that devolved entirely into silly images.
Man, I just don't know how anyone can scroll down that thread and not bow to the Majesty of the Image. It still makes me smile.
posted by languagehat at 11:00 AM on November 7, 2006
So, mathowie, can we get an official ruling here: Are you actively working to fix the problem, or have you suspended the image tag for good? Because it sounds like you've already made up your mind.
"Some day I might get around to it..." seems like a non-confrontational way of saying "I'm not bringing the image tag back".
posted by Gamblor at 11:11 AM on November 7, 2006
"Some day I might get around to it..." seems like a non-confrontational way of saying "I'm not bringing the image tag back".
posted by Gamblor at 11:11 AM on November 7, 2006
Gamblor, I'm not actively working on rewriting the text filtering code, comment and post creating code, and user authentication system so that I can build a new image hosting and management system, no.
I won't say it is suspended for good because if a simple fix presented itself I might consider it, but at the moment I'm working on other things and would like to see what the site is like after a few inline image-free months before making any final decision.
posted by mathowie (staff) at 11:25 AM on November 7, 2006
I won't say it is suspended for good because if a simple fix presented itself I might consider it, but at the moment I'm working on other things and would like to see what the site is like after a few inline image-free months before making any final decision.
posted by mathowie (staff) at 11:25 AM on November 7, 2006
scarabic writes "I've been offline a lot recently. Apparently I missed my chance to bitch and moan about this one."
It's been less than a month most of the Metatalk threads are still open. With comment response notification some people might actually see any of your responses.
maxwelton writes "Yeah, that would limit folks who have images posted on their own servers, but the policy could be 'you want an image in your comment? Throw it on imageshack or forget it.' Most photo hosting sites have very specific photo link formats which might (would?) be easy to regex."
And most of them have TOS that either give the image to the hoster or allow them to unilaterally rewrite the TOS. Many of them limit how many times the image can be viewed, a limit that is almost instantly reached on any popular thread on MeFi (God I hate that imageshack frog). Unless Matt wants to host this stuff himself this isn't a solution.
posted by Mitheral at 11:40 AM on November 7, 2006
It's been less than a month most of the Metatalk threads are still open. With comment response notification some people might actually see any of your responses.
maxwelton writes "Yeah, that would limit folks who have images posted on their own servers, but the policy could be 'you want an image in your comment? Throw it on imageshack or forget it.' Most photo hosting sites have very specific photo link formats which might (would?) be easy to regex."
And most of them have TOS that either give the image to the hoster or allow them to unilaterally rewrite the TOS. Many of them limit how many times the image can be viewed, a limit that is almost instantly reached on any popular thread on MeFi (God I hate that imageshack frog). Unless Matt wants to host this stuff himself this isn't a solution.
posted by Mitheral at 11:40 AM on November 7, 2006
God, Matt, every time I begin to think you aren't the king of namby-pamby, you write something like that. It reminds me why I left Orange County at the fist oppotunity, too. Ah, nostalgia.
posted by dame at 11:44 AM on November 7, 2006
posted by dame at 11:44 AM on November 7, 2006
Sorry to be namby-pamby but I don't make a habit of proclaiming I'm never going to do something. Things can change in time and there is a small chance I'd do this, but at the moment I'm not working on it.
posted by mathowie (staff) at 11:53 AM on November 7, 2006
posted by mathowie (staff) at 11:53 AM on November 7, 2006
Metafilter->PersonalPreferences->ShowImages* = true
* = May cause various bad things, but you've been warned
posted by blue_beetle at 11:56 AM on November 7, 2006
* = May cause various bad things, but you've been warned
posted by blue_beetle at 11:56 AM on November 7, 2006
Yeah it was, here. Basically anyone could post an image that actually loaded a script on their server and since it was running in the domain of the metafilter.com site, any script could do things like easily grab your username and password cookies, delete favorites from your account, etc. It's a giant security hole and no one has offered any solutions and I haven't found any, so img tags are gone.
A few points:
1) the image is not treated as being from metafilter.com. It cannot easily grab your username or password cookies. You are confused.
2) Theoretically it could delete favorites. But it does not even need to be on metafilter for that to work. If you are cookied into mefi, then any site on the internet, anywhere, can run a script that will fuck with your mefi account.
3) <img ="some_script.js"> does not actually run the script. (at least in the browsers I checked.)
4) Even if there is a browser so stupid as to run the script (ancient version of IE, maybe?), it has no special privileges that would not exist if the same script ran on a different site.
So basically you have misunderstood the scope of the problem, overestimated peoples desire to hack metafilter (seriously, why bother with mefi when you could hit banking websites?) and are just sticking with your guns.
Good for you. I admire your courage to ignore all facts and reality and to stick with your plan. You could be president some day!
posted by Tacos Are Pretty Great at 12:06 PM on November 7, 2006
Okay, I take back what I said. Tacos is right: your courage, it warms me.
(Also, I don't want you to take images away at all. But if you are going to make me all sad, at least twirl your mustache and declare it's because you hate it and don't care what we think. As it is, you are just giving succor toa bunch of whiners and making another bunch of whiners way less happy because "whimper, whimper, meh." That sucks.)
posted by dame at 12:10 PM on November 7, 2006
(Also, I don't want you to take images away at all. But if you are going to make me all sad, at least twirl your mustache and declare it's because you hate it and don't care what we think. As it is, you are just giving succor toa bunch of whiners and making another bunch of whiners way less happy because "whimper, whimper, meh." That sucks.)
posted by dame at 12:10 PM on November 7, 2006
Oh, and for what it's worth, while most images were just used in crapfloods, more often they were actually used in useful and tasteful manners. Especially in Askme where people would post something like "look at this", and having it inline saved every single user several clicks.
Sure, it's not a huge deal, but you're making the site slightly more annoying because of a wholly irrational fear.
Sadly, your site will continue to have traffic and grow, because that is how community sites work. They can withstand enormous amounts of technical and managerial error before enough users have reason to migrate elsewhere. And even then, there tend to be a decent number of users who stick around, which would probably be enough to pay your mortgage for a while.
posted by Tacos Are Pretty Great at 12:10 PM on November 7, 2006
Sure, it's not a huge deal, but you're making the site slightly more annoying because of a wholly irrational fear.
Sadly, your site will continue to have traffic and grow, because that is how community sites work. They can withstand enormous amounts of technical and managerial error before enough users have reason to migrate elsewhere. And even then, there tend to be a decent number of users who stick around, which would probably be enough to pay your mortgage for a while.
posted by Tacos Are Pretty Great at 12:10 PM on November 7, 2006
i've already started visiting other sites more.
posted by StrasbourgSecaucus at 12:20 PM on November 7, 2006
posted by StrasbourgSecaucus at 12:20 PM on November 7, 2006
Oh, and for what it's worth, while most images were just used in crapfloods, more often they were actually used in useful and tasteful manners.
What?
posted by Kirth Gerson at 12:38 PM on November 7, 2006
What?
posted by Kirth Gerson at 12:38 PM on November 7, 2006
overestimated peoples desire to hack metafilter (seriously, why bother with mefi when you could hit banking websites?)
Ahh, security through blind trust of the internet.
posted by advil at 12:45 PM on November 7, 2006
Ahh, security through blind trust of the internet.
posted by advil at 12:45 PM on November 7, 2006
Dear mathowie,
Please bring back the image tag you namby-pamby lazy
irrational fatass or I will start visiting other sites.
Also your server sucks and you seem kind of testy lately.
Yours truly,
A Concerned User
posted by Armitage Shanks at 12:51 PM on November 7, 2006 [1 favorite]
Please bring back the image tag you namby-pamby lazy
irrational fatass or I will start visiting other sites.
Also your server sucks and you seem kind of testy lately.
Yours truly,
A Concerned User
posted by Armitage Shanks at 12:51 PM on November 7, 2006 [1 favorite]
Would any sort of thumbnail preview on hover work? I guess you'd have to add a class to the image link.
posted by Joeforking at 12:54 PM on November 7, 2006
posted by Joeforking at 12:54 PM on November 7, 2006
Kirth: I worded it poorly. Most image encounters (especially in the green) were useful and pertinent.
However, occasionally an image encounter would be in the context of a crapflood, which created a large volume of image posts, but all in one spot.
Thus, if you went into random threads looking for images, most would be useful, and in small quantity... but occasionally you'd run into a zillion animated gifs on one page.
posted by Tacos Are Pretty Great at 1:02 PM on November 7, 2006
However, occasionally an image encounter would be in the context of a crapflood, which created a large volume of image posts, but all in one spot.
Thus, if you went into random threads looking for images, most would be useful, and in small quantity... but occasionally you'd run into a zillion animated gifs on one page.
posted by Tacos Are Pretty Great at 1:02 PM on November 7, 2006
Tacos, talk to mock. IE and Opera can run js in images, there are demos of img tags grabbing cookie info and passing it on.
posted by mathowie (staff) at 1:02 PM on November 7, 2006
posted by mathowie (staff) at 1:02 PM on November 7, 2006
mock mock mock.
It's just not the same.
posted by mr_crash_davis at 1:08 PM on November 7, 2006 [1 favorite]
It's just not the same.
posted by mr_crash_davis at 1:08 PM on November 7, 2006 [1 favorite]
By the way, the anchor tag can be used to defraud people, especially through the use of redirects. I say we ban it outright. Matt should strip "http://" and ".com" (all tlds, in fact) from all comments and FPPs.
posted by Eideteker at 1:35 PM on November 7, 2006
posted by Eideteker at 1:35 PM on November 7, 2006
By the way, the anchor tag can be used to defraud people, especially through the use of redirects.
Great analogy. I didn't realize that anchor tag links are all followed just by virtue of loading the page that contains them.
posted by Armitage Shanks at 1:43 PM on November 7, 2006
Great analogy. I didn't realize that anchor tag links are all followed just by virtue of loading the page that contains them.
posted by Armitage Shanks at 1:43 PM on November 7, 2006
From looking at a TCP capture, I don't see my browser (Firefox 2.0) passing a Cookie header in its GET request for an off-domain image.
Some browsers do this?
posted by xiojason at 1:48 PM on November 7, 2006
Some browsers do this?
posted by xiojason at 1:48 PM on November 7, 2006
Translation: I don't like them.
Well, geeze, no kidding. I could also quote everyone in favor of images and translate their comments as "Translation: I like them," but that wouldn't be much of a conversation, would it?
Or I could just post an inline image of a pissing elephant that's been posted nine thousand times and see if it's funny yet!
posted by The God Complex at 2:20 PM on November 7, 2006
Well, geeze, no kidding. I could also quote everyone in favor of images and translate their comments as "Translation: I like them," but that wouldn't be much of a conversation, would it?
Or I could just post an inline image of a pissing elephant that's been posted nine thousand times and see if it's funny yet!
posted by The God Complex at 2:20 PM on November 7, 2006
"Tacos, talk to mock. IE and Opera can run js in images, there are demos of img tags grabbing cookie info and passing it on."
Strip images for the IE and Opera users while allowing them for the rest of us. :) (As a Safari user, that FireFox extension doesn't help me much.)
And just another data point here -- I like the images and want them back.
posted by litlnemo at 3:01 PM on November 7, 2006
Strip images for the IE and Opera users while allowing them for the rest of us. :) (As a Safari user, that FireFox extension doesn't help me much.)
And just another data point here -- I like the images and want them back.
posted by litlnemo at 3:01 PM on November 7, 2006
Wow, thanks for the extension. Problem very much solved for me. Bring on the img urls.
posted by moonbird at 3:13 PM on November 7, 2006
posted by moonbird at 3:13 PM on November 7, 2006
It was marked as a favorite by 93 users, including stavrosthewonderchicken, who is now arguing that images should be banned.
Oh, fuck you. Did you even read what I said upthread? This is why it's better, in the balance to turn off images -- perhaps people who have some difficulty reading and writing in English will either aquire better skills or just go away once they can't post the latest (3 year old) animated gif they found on livejournal that perfectly captures the nuance of their innermost thought.
posted by stavrosthewonderchicken at 3:21 PM on November 7, 2006
Oh, fuck you. Did you even read what I said upthread? This is why it's better, in the balance to turn off images -- perhaps people who have some difficulty reading and writing in English will either aquire better skills or just go away once they can't post the latest (3 year old) animated gif they found on livejournal that perfectly captures the nuance of their innermost thought.
posted by stavrosthewonderchicken at 3:21 PM on November 7, 2006
Also, and to the point, and despite the fact that Matt's taken repeated kicks in the balls in the this thread, the fact that 'Favorites' are misnamed is not my problem. They're bookmarks, and favoriting something does not automatically imply approval or support. The implication is that the 'favorited' item is just something you want to find again, for whatever reason.
That Matt called them favorites but has argued since day one against cults of personality, against competition for popularity or notoriety, and against the focus being on individuals rather than discussions leads me to wonder how well he thought these things out, because one of the unintended consequences of using that word, with all its connotation, means those very things take hold.
Further, even if I did mark that thread 'favorite' in a mood of approbation and avuncular mellowness (I don't recall), that in no way militates against the comment I made upthread nor my overall stance about inline images (they are often funny and cool, if homemade, but much more often approval- and recognition seeking tools, or just asinine crapflooding, so, if forced to choose, fuck inlining, and let links rule the day, which keeps the good and discourages those with poor impulse control), which, once again, I enjoin you to read and enjoy.
posted by stavrosthewonderchicken at 3:34 PM on November 7, 2006
That Matt called them favorites but has argued since day one against cults of personality, against competition for popularity or notoriety, and against the focus being on individuals rather than discussions leads me to wonder how well he thought these things out, because one of the unintended consequences of using that word, with all its connotation, means those very things take hold.
Further, even if I did mark that thread 'favorite' in a mood of approbation and avuncular mellowness (I don't recall), that in no way militates against the comment I made upthread nor my overall stance about inline images (they are often funny and cool, if homemade, but much more often approval- and recognition seeking tools, or just asinine crapflooding, so, if forced to choose, fuck inlining, and let links rule the day, which keeps the good and discourages those with poor impulse control), which, once again, I enjoin you to read and enjoy.
posted by stavrosthewonderchicken at 3:34 PM on November 7, 2006
the fact that 'Favorites' are misnamed is not my problem
They should be named "Favourites".
posted by timeistight at 3:45 PM on November 7, 2006
They should be named "Favourites".
posted by timeistight at 3:45 PM on November 7, 2006
Oh, fuck you.
This comment is useless without pictures.
posted by loquacious at 3:54 PM on November 7, 2006
This comment is useless without pictures.
posted by loquacious at 3:54 PM on November 7, 2006
They should be named "Favourites".
Goddam you, you canucky bastard.
posted by cortex at 3:57 PM on November 7, 2006
Goddam you, you canucky bastard.
posted by cortex at 3:57 PM on November 7, 2006
The cacophony of displeasure that arise because a chatty askme thread gets deleted is small compared to what we'd have to endure if he did away with inline images from the crybabies who cling to them.
posted by crunchland at 4:26 PM on November 7, 2006
posted by crunchland at 4:26 PM on November 7, 2006
Wow, that self-righteous complaint you made that other time about this general situation certainly does remain consistent with your current position. Touche.
posted by cortex at 4:44 PM on November 7, 2006
posted by cortex at 4:44 PM on November 7, 2006
>Oh, fuck you.
>>This comment is useless without pictures.
My aim is to please.
posted by stavrosthewonderchicken at 4:50 PM on November 7, 2006
>>This comment is useless without pictures.
My aim is to please.
posted by stavrosthewonderchicken at 4:50 PM on November 7, 2006
I'm...torn. I love that they are gone -- those ginormous animated gifs just extend out the page load time to eternity or otherwise croak the browser -- but I also liked the intermittent madness and occasional usefulness. I sleep fitfully. Still.
posted by peacay at 4:54 PM on November 7, 2006
posted by peacay at 4:54 PM on November 7, 2006
i've already started visiting other sites more.
posted by StrasbourgSecaucus
But you're the glue, man!!! The motherfucking glue!!!
I'm assuming you're joking, right?
posted by Alvy Ampersand at 6:54 PM on November 7, 2006
posted by StrasbourgSecaucus
But you're the glue, man!!! The motherfucking glue!!!
I'm assuming you're joking, right?
posted by Alvy Ampersand at 6:54 PM on November 7, 2006
I won't miss images much.
I'm actually very fond of funny pictures, and sort of collect them, but I hardly ever saw them used well, and very frequently saw them used badly. They were, too often, used as a derail tool. People decided they Didn't Approve of particular threads, and crapped all over them.
If the IMG tag ever does come back, I'd love to see a flag... "Allow images in this thread". That way, if the original poster didn't think they would be appropriate, they couldn't be posted inline. If it were the kind of thread that would benefit from pictures, like some of jonson's recent art threads, or the CAPSLOCK DAY thread (which was a lot of fun) then it could easily be turned on at post time. It would let FPPers who don't like images to opt out, while allowing those who DO like them to opt in.
Might also be useful for the admins... if a thread were spiraling out of control, you could set the flag so that no more images could be added.
Just a thought.
posted by Malor at 9:00 PM on November 7, 2006
I'm actually very fond of funny pictures, and sort of collect them, but I hardly ever saw them used well, and very frequently saw them used badly. They were, too often, used as a derail tool. People decided they Didn't Approve of particular threads, and crapped all over them.
If the IMG tag ever does come back, I'd love to see a flag... "Allow images in this thread". That way, if the original poster didn't think they would be appropriate, they couldn't be posted inline. If it were the kind of thread that would benefit from pictures, like some of jonson's recent art threads, or the CAPSLOCK DAY thread (which was a lot of fun) then it could easily be turned on at post time. It would let FPPers who don't like images to opt out, while allowing those who DO like them to opt in.
Might also be useful for the admins... if a thread were spiraling out of control, you could set the flag so that no more images could be added.
Just a thought.
posted by Malor at 9:00 PM on November 7, 2006
You are not logged in, either login or create an account to post comments
posted by ThePinkSuperhero at 8:21 PM on November 6, 2006 [1 favorite]