I miss the image tag January 26, 2007 3:32 PM Subscribe
Bring back the image tag redux? Not exactly, but sort of. A call for volunteers who are still jonesing for the embedded image to spring to beta testing action and get their fix. An image tag recourse until Matt Haughey changes his mind or the four winds we know blow away.
Well done. I wanted to write something like this, but was too lazy to learn how to write extensions.
posted by stavrosthewonderchicken at 3:52 PM on January 26, 2007
posted by stavrosthewonderchicken at 3:52 PM on January 26, 2007
Hrm. Thanks for creating this, but that floating pink button is pretty invasive. It's sitting over my Live Preview right now. Is it supposed to be sitting in the middle of the screen like that? Firefox 2.0.0.1, if it matters.
posted by team lowkey at 4:13 PM on January 26, 2007
posted by team lowkey at 4:13 PM on January 26, 2007
After RingTFM, I see that it is by design. Pity.
posted by team lowkey at 4:16 PM on January 26, 2007
posted by team lowkey at 4:16 PM on January 26, 2007
Yeah, I'd like to do something different, but I gots to have my control button somewhere. Definitely not married to it there. Were I, a quick divorce would be forthcoming.
posted by mdevore at 4:18 PM on January 26, 2007
posted by mdevore at 4:18 PM on January 26, 2007
Is it possible to put it down in the bottom bar? Down where the greasemonkey icon is?
posted by team lowkey at 4:27 PM on January 26, 2007
posted by team lowkey at 4:27 PM on January 26, 2007
Linkification does it this, way if you need an example.
posted by team lowkey at 4:30 PM on January 26, 2007
posted by team lowkey at 4:30 PM on January 26, 2007
Sweet, an excuse to finally install Greasemonkey. I'm loving this so far -- great work!
Two suggestions:
One, I nth ditching the floating pink button. Stick it down in the status bar with the AdBlock icon, NoScript, GreaseMonkey, FasterFox, etc.
Two, I'm a big fan of NoScript's ad hoc whitelisting that enables me to whitelist a site only for a single session. Any way to get something like that here, where a link to a pic is somehow highlighted, and I can double-click or something to temporary whitelist and see it? I'd prefer not to do a *.* permanent whitelist.
posted by Doofus Magoo at 4:42 PM on January 26, 2007
Two suggestions:
One, I nth ditching the floating pink button. Stick it down in the status bar with the AdBlock icon, NoScript, GreaseMonkey, FasterFox, etc.
Two, I'm a big fan of NoScript's ad hoc whitelisting that enables me to whitelist a site only for a single session. Any way to get something like that here, where a link to a pic is somehow highlighted, and I can double-click or something to temporary whitelist and see it? I'd prefer not to do a *.* permanent whitelist.
posted by Doofus Magoo at 4:42 PM on January 26, 2007
Cool idea. The floating pink button is a show stopper for me!
posted by knave at 4:46 PM on January 26, 2007
posted by knave at 4:46 PM on January 26, 2007
More pink-button hate. It shouldn't be anywhere in my actual browser window. I'm not sure I need it visible at all, actually, so a toggle for that would be brill.
posted by cortex at 4:47 PM on January 26, 2007
posted by cortex at 4:47 PM on January 26, 2007
Nice. But couldn't you incorporate it into MondoMeta, so that I don't have to have two seperate Greasemonkey apps for all my Mefi browsing and posting needs?
posted by PeterMcDermott at 4:51 PM on January 26, 2007
posted by PeterMcDermott at 4:51 PM on January 26, 2007
Thought about integration. Maybe share a common Mondo core and then add stuff on as each finds the other, assuming I write any additional goofball scripts. I've been hoping there's an agreed standard between the extension writers on how to play nicely with each other (really, I can't fairly declare any particular screen real estate as mine), but so far I haven't seen one. Possibly later on, everything would need to update at once for it to work.
The people have spoken in unison about one thing though. That button is gonna move somewhere. Make it blue and put it at the top, if nothing else works. And there's still that mouse gesture idea...nahhhh.
It's first cut software, so design/ops will evolve. Rapidly depending on feedback.
posted by mdevore at 5:01 PM on January 26, 2007
The people have spoken in unison about one thing though. That button is gonna move somewhere. Make it blue and put it at the top, if nothing else works. And there's still that mouse gesture idea...nahhhh.
It's first cut software, so design/ops will evolve. Rapidly depending on feedback.
posted by mdevore at 5:01 PM on January 26, 2007
Make it blue and put it at the top, if nothing else works.
Or add a tab to the preferences dialog. Or configure it via the "add ons" window. Or put it in the status bar where adblock, greasemonkey, etc. go. But seriously, floating over the page is inappropriate.
posted by knave at 5:44 PM on January 26, 2007
Or add a tab to the preferences dialog. Or configure it via the "add ons" window. Or put it in the status bar where adblock, greasemonkey, etc. go. But seriously, floating over the page is inappropriate.
posted by knave at 5:44 PM on January 26, 2007
Sweet.
For recent example, with Mondo Image and appropriate filter settings, the Beatles stamp topic shows me three inline stamp images, as perhaps The Fates intended.
What are the appropriate filter settings. I've got a pink box (*snicker*) and these values in the expand from the sites checkbox: *.flickr.com,*.imageshack.us,*.photobucket.com,*.usps.com. Still no magic.
posted by and hosted from Uranus at 8:27 PM on January 26, 2007
For recent example, with Mondo Image and appropriate filter settings, the Beatles stamp topic shows me three inline stamp images, as perhaps The Fates intended.
What are the appropriate filter settings. I've got a pink box (*snicker*) and these values in the expand from the sites checkbox: *.flickr.com,*.imageshack.us,*.photobucket.com,*.usps.com. Still no magic.
posted by and hosted from Uranus at 8:27 PM on January 26, 2007
OH JUST BRING BACK THE DAMN TAG. THEN WE'LL BE THE ONLY SITE ON THE NET THAT HAS INLINE IMAGES. WE'LL BE SEW KEWL.
posted by quonsar at 8:37 PM on January 26, 2007
posted by quonsar at 8:37 PM on January 26, 2007
Same as Uranus.
Also, I was thinking some sort of Extension or Script could help make DateMetaFilter (DateMe, DoMe) a reality, by adding pertinent info into the profiles of members who have signed up. I am neither technically inclined to make such a thing or attractive enough to benefit from it, but there must be some lonely hearted geek out there willing to give it a shot - and to pay me a cut when Matt buys the thing.
posted by Alvy Ampersand at 8:42 PM on January 26, 2007
Also, I was thinking some sort of Extension or Script could help make DateMetaFilter (DateMe, DoMe) a reality, by adding pertinent info into the profiles of members who have signed up. I am neither technically inclined to make such a thing or attractive enough to benefit from it, but there must be some lonely hearted geek out there willing to give it a shot - and to pay me a cut when Matt buys the thing.
posted by Alvy Ampersand at 8:42 PM on January 26, 2007
Any way to get something like that here, where a link to a pic is somehow highlighted, and I can double-click or something to temporary whitelist and see it?
Sure, sky is near the limit as far as possible in-frame manipulations since there's an actual language underneath it all. But as with most less-basic options, it's more a matter of how to gracefully implement the request without confusing people or cluttering things. Do you have a stream-lined, graceful, and minimal design on how to implement what you want?
Anyway, I've been reminded of why the cheesy button was stuffed in there. Greasemonkey doesn't appear to allow scripts direct access to the status bar area. Looks like you have to mess about with Chrome to get in there, and I don't see a way to do that via GM. Greasemonkey does let you create a tool-specific menu item+callback, but that doesn't compile to anything which works.
The stand-alone extensions are compiled Greasemonkey scripts. Can't abandon either approach since there are users who want scripts and users who want XPIs. Multiple code/build version tracking for a single lightweight tool isn't a step I'm willing to take.
So. That leaves directly accessing the config editor, which is a bit much to ask of Joe User. Or capturing keypresses, which can conflict with existing setups. Kinda ugly either way. Open to alternates, here. Code injections, even.
posted by mdevore at 8:47 PM on January 26, 2007
Sure, sky is near the limit as far as possible in-frame manipulations since there's an actual language underneath it all. But as with most less-basic options, it's more a matter of how to gracefully implement the request without confusing people or cluttering things. Do you have a stream-lined, graceful, and minimal design on how to implement what you want?
Anyway, I've been reminded of why the cheesy button was stuffed in there. Greasemonkey doesn't appear to allow scripts direct access to the status bar area. Looks like you have to mess about with Chrome to get in there, and I don't see a way to do that via GM. Greasemonkey does let you create a tool-specific menu item+callback, but that doesn't compile to anything which works.
The stand-alone extensions are compiled Greasemonkey scripts. Can't abandon either approach since there are users who want scripts and users who want XPIs. Multiple code/build version tracking for a single lightweight tool isn't a step I'm willing to take.
So. That leaves directly accessing the config editor, which is a bit much to ask of Joe User. Or capturing keypresses, which can conflict with existing setups. Kinda ugly either way. Open to alternates, here. Code injections, even.
posted by mdevore at 8:47 PM on January 26, 2007
Still no magic.
Try with the site filter turned off, i.e. uncheck the box for sites. If you want to be absolutely sure of safety while the site list is off, enable user list mannythedog,amro,hovercraft to limit the image display to those three users. You should see all three pictures. Or pick your favorite user of the three, if one picture display will suffice. This works for me on both machines here.
And, dammit, the explicit site setup isn't working on that topic for me either. It worked with another topic when testing, probably a stupid regexp pattern match failure in my code. Well, easy to find and fix that one. We'll get a version #2 out there soon. Sans pink button, absolutely.
posted by mdevore at 9:07 PM on January 26, 2007
Try with the site filter turned off, i.e. uncheck the box for sites. If you want to be absolutely sure of safety while the site list is off, enable user list mannythedog,amro,hovercraft to limit the image display to those three users. You should see all three pictures. Or pick your favorite user of the three, if one picture display will suffice. This works for me on both machines here.
And, dammit, the explicit site setup isn't working on that topic for me either. It worked with another topic when testing, probably a stupid regexp pattern match failure in my code. Well, easy to find and fix that one. We'll get a version #2 out there soon. Sans pink button, absolutely.
posted by mdevore at 9:07 PM on January 26, 2007
There it is.
Being able to set max width/height values would be swell too, unless I just didn't notice the option.
posted by Alvy Ampersand at 9:12 PM on January 26, 2007
Being able to set max width/height values would be swell too, unless I just didn't notice the option.
posted by Alvy Ampersand at 9:12 PM on January 26, 2007
MetaChat has an option, "IMAGES ON/OFF". If you like 'em off, you can choose to turn them off. IMG tags are replaced with HREFs that say "Click here to see image". Matt says this doesn't solve the security issue, but I don't see how it doesn't. Because people can click on the links and see the images? Ok, but they're no longer seeing them inline, so what's the problem? I thought it was only when embedded in an HTML page that the malicious code could be executed.
Matt, of course, could resolve all of this by placing a disclaimer on the page that it should only be viewed in Firefox, because it's stupid IE that has the problem. I mean, if you want your bank account hacked, then by all means, surf the web while doing your banking. Why is MetaFilter playing nanny to the masses?
It's stupid. Images are mostly stupid, but the reason for removing them entirely is even stupider, and horribly convenient for what's been, in the past, a hot-button issue that gets dragged repeatedly into MetaTalk. "Oh well, I guess I don't have to make a ruling on what images are allowable, due to this small, obscure security flaw that's never actually compromised anything in the history of the millions of images on the internet." Weak.
posted by Eideteker at 9:18 PM on January 26, 2007 [1 favorite]
Matt, of course, could resolve all of this by placing a disclaimer on the page that it should only be viewed in Firefox, because it's stupid IE that has the problem. I mean, if you want your bank account hacked, then by all means, surf the web while doing your banking. Why is MetaFilter playing nanny to the masses?
It's stupid. Images are mostly stupid, but the reason for removing them entirely is even stupider, and horribly convenient for what's been, in the past, a hot-button issue that gets dragged repeatedly into MetaTalk. "Oh well, I guess I don't have to make a ruling on what images are allowable, due to this small, obscure security flaw that's never actually compromised anything in the history of the millions of images on the internet." Weak.
posted by Eideteker at 9:18 PM on January 26, 2007 [1 favorite]
Being able to set max width/height values would be swell too
That's true, innnocently or maliciously linking to grossly oversized images could be a real problem for average users, though it's a cosmetic rather than a security issue. I should add max limits on both to the existing setup box. Another version #2 item.
posted by mdevore at 9:25 PM on January 26, 2007
That's true, innnocently or maliciously linking to grossly oversized images could be a real problem for average users, though it's a cosmetic rather than a security issue. I should add max limits on both to the existing setup box. Another version #2 item.
posted by mdevore at 9:25 PM on January 26, 2007
It's stupid. Images are mostly stupid, but the reason for removing them entirely is even stupider, and horribly convenient
I'm sympathetic to this viewpoint in large part, but it's a done deal. It's senseless to continue to argue back and forth about it. Matt perceives a possible critical failure with the image tag. His nightmare scenario really is a nightmare scenario even if it only comes 10% true, and I cannot fault him for protecting himself and the site.
Rather than take sides, I think it's time to try and satisfy those who want inline images as best as can be done outside of server control. Doing this through an extension is neutral. You don't like it, don't use it. You like it, then have at it. Whether or not the exension should be necessary is a debate that won't be settled here. Possibly not anywhere.
posted by mdevore at 9:31 PM on January 26, 2007
I'm sympathetic to this viewpoint in large part, but it's a done deal. It's senseless to continue to argue back and forth about it. Matt perceives a possible critical failure with the image tag. His nightmare scenario really is a nightmare scenario even if it only comes 10% true, and I cannot fault him for protecting himself and the site.
Rather than take sides, I think it's time to try and satisfy those who want inline images as best as can be done outside of server control. Doing this through an extension is neutral. You don't like it, don't use it. You like it, then have at it. Whether or not the exension should be necessary is a debate that won't be settled here. Possibly not anywhere.
posted by mdevore at 9:31 PM on January 26, 2007
As someone who has railed against the nuking of <img>, I feel compelled to admit at this point a kind of grudging apathy about the whol thing. I miss images, but I don't miss stupid overuse of images, and it's only been a couple times that I've found myself really wishing I could drop an actual image into a thread.
So, eh.
posted by cortex at 9:55 PM on January 26, 2007
So, eh.
posted by cortex at 9:55 PM on January 26, 2007
mdevore, as I said, the solution is to implement MetaChat's image-handling protocol. You want 'em, and the associated risk, turn images on AT YOUR OWN RISK. I'll take "responsibility for my own browsing" for $1,000, Alex.
posted by Eideteker at 10:49 PM on January 26, 2007 [1 favorite]
posted by Eideteker at 10:49 PM on January 26, 2007 [1 favorite]
After reading through stavros' linked thread inspired me to check my cookies... wow, Metafilter sure does store a lot of crap in cookies. Is that one of the reasons behind stripping out the img tag? I'm not caught up on the whole affair. If so there's some pretty easy ways to avoid storing sensitive information in cookies without losing any functionality.
posted by chundo at 10:57 PM on January 26, 2007
posted by chundo at 10:57 PM on January 26, 2007
Matt, of course, could resolve all of this...
Matt did resolve it. It's been resolved. This thread is about an extension that Mdevore generously wrote for MeFites. He's asking for help testing and feedback to improve its performance. That's a pretty good use of MetaTalk, I'd say — whereas derailing the discussion into a rehash of an already-settled argument doesn't seem particularly constructive.
posted by cribcage at 11:15 PM on January 26, 2007
Matt did resolve it. It's been resolved. This thread is about an extension that Mdevore generously wrote for MeFites. He's asking for help testing and feedback to improve its performance. That's a pretty good use of MetaTalk, I'd say — whereas derailing the discussion into a rehash of an already-settled argument doesn't seem particularly constructive.
posted by cribcage at 11:15 PM on January 26, 2007
But alla them tears won't cry themselfs, cribcage.
posted by Alvy Ampersand at 11:22 PM on January 26, 2007
posted by Alvy Ampersand at 11:22 PM on January 26, 2007
Why can't you put the options under Tools->Mondo Image, in the same way that any number of other add-ons are configured?
posted by stovenator at 1:36 AM on January 27, 2007
posted by stovenator at 1:36 AM on January 27, 2007
It's not supported across both standard Greasemonkey script and compiled to XPI, at least as far as I can tell. The compiler accepts GM menu options, but they don't show.
I'd be thrilled to be proven wrong, however.
posted by mdevore at 1:41 AM on January 27, 2007
I'd be thrilled to be proven wrong, however.
posted by mdevore at 1:41 AM on January 27, 2007
Seems like from the reaction, GreaseMonkey ain't gonna cut it if it means having the config button in the window. I don't know how much more difficult it is for you to write it as an add-on with its own config, but I don't reckon "users who want scripts" want this script. You may only be able to provide the desired utility via an xpi. It would be nice if this could be done in GreaseMonkey, and maybe a GreaseGuru will say it is possible, but I think for the time being you might want to abandon the script and develop an add-on.
posted by team lowkey at 2:02 AM on January 27, 2007
posted by team lowkey at 2:02 AM on January 27, 2007
"Matt did resolve it. It's been resolved."
If it's resolved, why don't we have inline images enabled? It's not that I don't appreciate what mdevore's doing, I do. What I don't appreciate is Matt making a mountain out of a security issue that only affects people who use a browser that has been show time and time again to be riddled with security holes, just so that he can silence the debate on images.
posted by Eideteker at 4:54 AM on January 27, 2007
If it's resolved, why don't we have inline images enabled? It's not that I don't appreciate what mdevore's doing, I do. What I don't appreciate is Matt making a mountain out of a security issue that only affects people who use a browser that has been show time and time again to be riddled with security holes, just so that he can silence the debate on images.
posted by Eideteker at 4:54 AM on January 27, 2007
It's funny you use the word "appreciate," because you walked straight from "I had fun at tonight's MetaFilter meetup" to "I'm gonna derail this thread to bitch about how some much-debated decision that Matt made 3 months ago is 'stupid' and 'weak.'"
I understand that you're pissed about inlines and you think everybody should use Firefox. I don't like everything Matt does, either; and I think the world ought to use Apple. But in your circumstance, it might have shown more class to swallow this particular rant and instead say, "Hey, Matt. Tonight I shot pool with a couple of people I'd have never met if not for MetaFilter, and then I came home to discover that another member wrote some free software to help everybody enjoy the site. This is a pretty cool place you've built."
posted by cribcage at 6:59 AM on January 27, 2007
I understand that you're pissed about inlines and you think everybody should use Firefox. I don't like everything Matt does, either; and I think the world ought to use Apple. But in your circumstance, it might have shown more class to swallow this particular rant and instead say, "Hey, Matt. Tonight I shot pool with a couple of people I'd have never met if not for MetaFilter, and then I came home to discover that another member wrote some free software to help everybody enjoy the site. This is a pretty cool place you've built."
posted by cribcage at 6:59 AM on January 27, 2007
If it's resolved, why don't we have inline images enabled?
Matt axed them, and he's not inclined to work on a solution to bring them back, so they remain gone. It's only unresolved if you refuse to accept that fact.
posted by Dave Faris at 7:28 AM on January 27, 2007
Matt axed them, and he's not inclined to work on a solution to bring them back, so they remain gone. It's only unresolved if you refuse to accept that fact.
posted by Dave Faris at 7:28 AM on January 27, 2007
You may only be able to provide the desired utility via an xpi.
Yeah, might be. It's too soon yet to start down paths which are increasingly difficult to backtrack on and which potentially alienate a subset of the interested users. I'm hoping for a stroke a genius, or far more likely given the raw material necessary for such, another user to jump in here and say "Michael you idiot, if you could Google for beans you'd know the answer is here", where here links to a blindingly obvious solution which makes everyone happy.
If support for both scripts and XPIs is kept, perhaps I could implement a more exotic solution. Something like, click three times at the upper right quadrant in the next five seconds to pop up the Mondo Image configuration box. That should work and not suffer half the collective hate as on the dread pink button. 'Course clicking three times in succession might bring up a weird accessibility menu, I forget what triggers those.
In the meantime, I have a real site list bug to fix and maximum dimension option to add -- and maximum is trickier than it first appears. Plus other feature additions people might get to me which are a) semi-reasonable and b) have clear design representations. The test has proven valuable, already I've avoided a public release with a serious bug and a major UI faux pas. Since MetaTalk topics tend to have a attention half-life of 2-3 days, I'm good for a little while longer just working on current to-do for beta #2 release and announcing it's ready here. Then if that goes well, we're off to Projects. Woo hoo!
posted by mdevore at 10:24 AM on January 27, 2007
Yeah, might be. It's too soon yet to start down paths which are increasingly difficult to backtrack on and which potentially alienate a subset of the interested users. I'm hoping for a stroke a genius, or far more likely given the raw material necessary for such, another user to jump in here and say "Michael you idiot, if you could Google for beans you'd know the answer is here", where here links to a blindingly obvious solution which makes everyone happy.
If support for both scripts and XPIs is kept, perhaps I could implement a more exotic solution. Something like, click three times at the upper right quadrant in the next five seconds to pop up the Mondo Image configuration box. That should work and not suffer half the collective hate as on the dread pink button. 'Course clicking three times in succession might bring up a weird accessibility menu, I forget what triggers those.
In the meantime, I have a real site list bug to fix and maximum dimension option to add -- and maximum is trickier than it first appears. Plus other feature additions people might get to me which are a) semi-reasonable and b) have clear design representations. The test has proven valuable, already I've avoided a public release with a serious bug and a major UI faux pas. Since MetaTalk topics tend to have a attention half-life of 2-3 days, I'm good for a little while longer just working on current to-do for beta #2 release and announcing it's ready here. Then if that goes well, we're off to Projects. Woo hoo!
posted by mdevore at 10:24 AM on January 27, 2007
a security issue that only affects people who use a browser that has been show time and time again to be riddled with security holes
I do not think it affects only one browser.
posted by kindall at 11:32 AM on January 27, 2007
I do not think it affects only one browser.
posted by kindall at 11:32 AM on January 27, 2007
Maybe the way to go is to write the greasemonkey script however you can, and then write an xpi which does nothing but creates an icon in the status bar which shows and hides the greasemonkey config button. Then you won't need to maintain two branches. The xpi is a separate piece of software that enhances the main script. It's not as elegant as a single installable solution, but it means you won't need to worry about backtracking if you solve things on the greasemonkey side. You could just abandon the add-on if it becomes unnecessary.
Mega props for writing this, by the way.
posted by team lowkey at 11:42 AM on January 27, 2007
Mega props for writing this, by the way.
posted by team lowkey at 11:42 AM on January 27, 2007
I'm a later comer, both to the thread and to MetaFilter. Could someone just link me to a discussion that explains exactly what the security issue was? Is in an IE-only thing?
posted by roll truck roll at 1:11 PM on January 27, 2007
posted by roll truck roll at 1:11 PM on January 27, 2007
Eideteker, Matt is not making a mountain out of a molehill. Direct from Matt's mouth:
Can someone explain it to me what EXACTLY we are protecting ourselves from by blocking images (besides, you know, the guy fucking a chicken)?
- You make an image post that has code pointing to:
http://yourserver.com/omg/haha-funnier-than-FARK.jpg
- You setup apache to parse .jpg URLs as php in your omg directory
- it shows up as a broken image on metafilter, no one really suspects anything but your server down or something.
- that php file grabs any and all cookie data from the metafilter user, since the script is run within an image tag on the metafilter.com site.
- you take the username/password cookie and do stuff on the site. Maybe you take mine and delete everything and ban everyone, you know, just for kicks.
posted by Roger Dodger at 1:36 PM on January 27, 2007
Can someone explain it to me what EXACTLY we are protecting ourselves from by blocking images (besides, you know, the guy fucking a chicken)?
- You make an image post that has code pointing to:
http://yourserver.com/omg/haha-funnier-than-FARK.jpg
- You setup apache to parse .jpg URLs as php in your omg directory
- it shows up as a broken image on metafilter, no one really suspects anything but your server down or something.
- that php file grabs any and all cookie data from the metafilter user, since the script is run within an image tag on the metafilter.com site.
- you take the username/password cookie and do stuff on the site. Maybe you take mine and delete everything and ban everyone, you know, just for kicks.
posted by Roger Dodger at 1:36 PM on January 27, 2007
Security, schmecurity. I want... no, I NEED to post an image of a dancing squirrel, damn you!
posted by Dave Faris at 1:44 PM on January 27, 2007
posted by Dave Faris at 1:44 PM on January 27, 2007
Thanks a lot, Roger Rodger.
I know that this will induce just as many cries as removing the tag did, but why not only allow images from certain domains? i.e., flickr?
But deep inside, I find the discussion pretty trivial. I always thought of MetaFilter as a pure descendant of BBS, and therefore not reliant on graphics.
posted by roll truck roll at 1:47 PM on January 27, 2007
I know that this will induce just as many cries as removing the tag did, but why not only allow images from certain domains? i.e., flickr?
But deep inside, I find the discussion pretty trivial. I always thought of MetaFilter as a pure descendant of BBS, and therefore not reliant on graphics.
posted by roll truck roll at 1:47 PM on January 27, 2007
or whatever your name is.
posted by roll truck roll at 1:47 PM on January 27, 2007
posted by roll truck roll at 1:47 PM on January 27, 2007
Had a dumb logic bug in there when checking the allowed sites list which broke the script. Fixed and tested OK with approved site Beatles stamphood, so in a couple days/next beta you won't have to do the silly 'enable all sites restrict by user' name workaround.
posted by mdevore at 2:34 PM on January 27, 2007
posted by mdevore at 2:34 PM on January 27, 2007
Security, schmecurity. I want... no, I NEED to post an image of a dancing squirrel, damn you!
posted by Dave Faris
Hey, crunchland's back!
posted by Alvy Ampersand at 2:59 PM on January 27, 2007
posted by Dave Faris
Hey, crunchland's back!
posted by Alvy Ampersand at 2:59 PM on January 27, 2007
"Hey, crunchland's back!"
I thought everyone knew that.
posted by mr_crash_davis at 3:15 PM on January 27, 2007
I thought everyone knew that.
posted by mr_crash_davis at 3:15 PM on January 27, 2007
I forgot to renew my subscription to the newsletter.
posted by Alvy Ampersand at 3:21 PM on January 27, 2007
posted by Alvy Ampersand at 3:21 PM on January 27, 2007
Subscribe now and we'll throw in a free subscription to GRIT, which you can win valuable prizes for selling!
posted by mr_crash_davis at 5:00 PM on January 27, 2007
posted by mr_crash_davis at 5:00 PM on January 27, 2007
Yeah. I decided, among other reasons, to switch to my real name because I felt like I sometimes might be reflecting badly on the community site I run by some of the blunt things I tend to say. I also figure this way, I'm less apt to be a complete butthead since I'm not hiding behind an alias -- the jury is still out on this one. And before any of you jump to any conclusions about sock-puppetry, I asked Matt to randomize the password on the old ID. And you heard it here first, the cult of the low user id number is a total crock.
posted by Dave Faris at 5:37 PM on January 27, 2007
posted by Dave Faris at 5:37 PM on January 27, 2007
Plus he's totally "Dave Farts" now, which I love.
posted by mr_crash_davis at 5:49 PM on January 27, 2007
posted by mr_crash_davis at 5:49 PM on January 27, 2007
Dave Faris: I thought that you were just some other guy riffing on the dancing squirrel thing (Where did his harmonica go?), and didn't realize that mr_crash_davis was serious until I checked yours and crunchland's member pages. No accusation of sockpuppetry or attempt to out here, I just never was very good at connect the dots.
And screw GRIT, I'm gonna earn prizes or cash selling cards and gifts with Captain "O"! Ask for Bridget!
posted by Alvy Ampersand at 6:29 PM on January 27, 2007
And screw GRIT, I'm gonna earn prizes or cash selling cards and gifts with Captain "O"! Ask for Bridget!
posted by Alvy Ampersand at 6:29 PM on January 27, 2007
Yeah, Crash. I can understand someone your age needing their eyes checked so you can read the tiny letters. I can't understand someone your age still finding poopy and fart jokes funny.
posted by Dave Faris at 10:37 PM on January 27, 2007
posted by Dave Faris at 10:37 PM on January 27, 2007
I can't understand someone your age still finding poopy and fart jokes funny.
Bah. When scatological humor stops doing it for me I'll be ready to up and die.
posted by cortex at 11:44 PM on January 27, 2007
Bah. When scatological humor stops doing it for me I'll be ready to up and die.
posted by cortex at 11:44 PM on January 27, 2007
I must interrupt for now. Beta release #2 of Mondo Image is now available for downloading. New features were added in beta release #2 and a bug fixed that was causing failure with site filtering. So you don't have to reread the whole dreary beta site text, I'll try to hit the highlights here.
Mondo Image's configuration box is invoked by clicking twice within 20 pixels of the left or right border of a MetaFilter page within two seconds time. Advanced users can use Firefox's about:config editor to modify these settings to their preference. You can change the border offset, active area width, border checked (left, right, both), number of required clicks, and total seconds to allow between clicks. Look for clickArea* variables in the settings.
If you liked the original pink button invocation of Mondo Image and somehow neglected to tell me of that curious fact, you can bring it back by going into the about:config editor and changing the variable cutePinkBoxFromHell from false to true. Reload and the button will return.
The new Advanced button brings you to a different configuration box (and the Simple button goes back to the original configuration). Within the advanced configuration, you can limit the maximum height and width of a displayed image. You can explicitly exclude sites from permission to host an inline image. You can explicitly exclude MetaFilter users from permission to display an inline image. These advanced options allow you to isolate and filter out bad behavior, rather than narrowly filter in what is accepted. Default is off for maximum security.
In addition, you can specify a placeholder for each image that has been restricted by Mondo Image. If the placeholder option is selected, all restricted images show a small graphic which states "Mondo Image restricted. Click image to view inline". When clicked, that placeholder image is replaced by the restricted image. The placeholder is clearly a graphic so it cannot be spoofed by "bad guys", only by those who already have your permission to host an image anyway. Note that overriding a placeholder bypasses Mondo Image's normal controls so any image will not be subjected to the maximum size restrictions.
Remember to save your settings. The newest beta changes were only tested under Firefox version 2.x because I didn't have the version 1.5 machine readily available. Please, PLEASE, do not tell me that stuff fails under 1.5 which runs under 2.0.
And let's see here, one more item. I promise that after Mondo Image is signed off for publicly release, I will glomp its operating code into a special Mondo Meta version which shares codebase from both extensions. We'll call that one MondoMegazoid or MondoPumped or something. Mondo StatMe operations will probably not be included along with because only one person on the planet uses it, and I'm not sure the number is that high.
Okay, I think that covers all pending requests and bugs. Lemme know.
posted by mdevore at 1:17 AM on January 28, 2007
Mondo Image's configuration box is invoked by clicking twice within 20 pixels of the left or right border of a MetaFilter page within two seconds time. Advanced users can use Firefox's about:config editor to modify these settings to their preference. You can change the border offset, active area width, border checked (left, right, both), number of required clicks, and total seconds to allow between clicks. Look for clickArea* variables in the settings.
If you liked the original pink button invocation of Mondo Image and somehow neglected to tell me of that curious fact, you can bring it back by going into the about:config editor and changing the variable cutePinkBoxFromHell from false to true. Reload and the button will return.
The new Advanced button brings you to a different configuration box (and the Simple button goes back to the original configuration). Within the advanced configuration, you can limit the maximum height and width of a displayed image. You can explicitly exclude sites from permission to host an inline image. You can explicitly exclude MetaFilter users from permission to display an inline image. These advanced options allow you to isolate and filter out bad behavior, rather than narrowly filter in what is accepted. Default is off for maximum security.
In addition, you can specify a placeholder for each image that has been restricted by Mondo Image. If the placeholder option is selected, all restricted images show a small graphic which states "Mondo Image restricted. Click image to view inline". When clicked, that placeholder image is replaced by the restricted image. The placeholder is clearly a graphic so it cannot be spoofed by "bad guys", only by those who already have your permission to host an image anyway. Note that overriding a placeholder bypasses Mondo Image's normal controls so any image will not be subjected to the maximum size restrictions.
Remember to save your settings. The newest beta changes were only tested under Firefox version 2.x because I didn't have the version 1.5 machine readily available. Please, PLEASE, do not tell me that stuff fails under 1.5 which runs under 2.0.
And let's see here, one more item. I promise that after Mondo Image is signed off for publicly release, I will glomp its operating code into a special Mondo Meta version which shares codebase from both extensions. We'll call that one MondoMegazoid or MondoPumped or something. Mondo StatMe operations will probably not be included along with because only one person on the planet uses it, and I'm not sure the number is that high.
Okay, I think that covers all pending requests and bugs. Lemme know.
posted by mdevore at 1:17 AM on January 28, 2007
Dave Faris: "Yeah, Crash. I can understand someone your age needing their eyes checked so you can read the tiny letters. I can't understand someone your age still finding poopy and fart jokes funny."
Why was it that you said you decided to use your real name again?
posted by PeterMcDermott at 4:03 AM on January 28, 2007
Why was it that you said you decided to use your real name again?
posted by PeterMcDermott at 4:03 AM on January 28, 2007
So, with the new version, if I bring up the options, then hit cancel, from then on, scrolling around the page is very slow and choppy. It stays that way until I change the page (even if it's just a different page on mefi). I'm guessing the cancel button just "hides" the window, but it's still there and causing firefox to take the trouble to render it. Firefox 2.0, Linux.
(Overall, [this is good])
posted by knave at 6:13 AM on January 28, 2007
(Overall, [this is good])
posted by knave at 6:13 AM on January 28, 2007
Eideteker: "If it's resolved, why don't we have inline images enabled? It's not that I don't appreciate what mdevore's doing, I do. What I don't appreciate is Matt making a mountain out of a security issue that only affects people who use a browser that has been show time and time again to be riddled with security holes, just so that he can silence the debate on images."
I just want to say: this is stupid bullshit. The number of people using IE is high. It is not proportional to the number of people who are stupid enough to use it; it is more likely proportional to the number of people who are either (a) unknowing (which is not a sin, and certainly not a sin punishable by exposure to security issues) or (b) forced to use it by the circumstances that they're in. The number of people who have to use IE because of their workplace or because they surf at the library is myriad. Even if people "dumb enough to use IE" should be punished (as you propose) there are plenty of people out there who can't avoid it.
In short, it's just cruel and brutish to maintain a "fuck you" attitude about browsers like the one you're advancing. It's what I like to call "Microsoft thinking," and it doesn't work well in the real world.
posted by koeselitz at 12:33 PM on January 28, 2007
I just want to say: this is stupid bullshit. The number of people using IE is high. It is not proportional to the number of people who are stupid enough to use it; it is more likely proportional to the number of people who are either (a) unknowing (which is not a sin, and certainly not a sin punishable by exposure to security issues) or (b) forced to use it by the circumstances that they're in. The number of people who have to use IE because of their workplace or because they surf at the library is myriad. Even if people "dumb enough to use IE" should be punished (as you propose) there are plenty of people out there who can't avoid it.
In short, it's just cruel and brutish to maintain a "fuck you" attitude about browsers like the one you're advancing. It's what I like to call "Microsoft thinking," and it doesn't work well in the real world.
posted by koeselitz at 12:33 PM on January 28, 2007
"I can understand someone your age needing their eyes checked so you can read the tiny letters. I can't understand someone your age still finding poopy and fart jokes funny."
Yeah, it's probably written somewhere that, at my age, I should be an ill-tempered curmudgeonly bastard with no sense of humor at all.
But it's probably in small print, so I missed it.
posted by mr_crash_davis at 2:54 PM on January 28, 2007
Yeah, it's probably written somewhere that, at my age, I should be an ill-tempered curmudgeonly bastard with no sense of humor at all.
But it's probably in small print, so I missed it.
posted by mr_crash_davis at 2:54 PM on January 28, 2007
You're probably right. I guess I never considered elementary school name-calling was even a part of humor. I've obviously lost touch with my inner 8-year-old.
posted by Dave Faris at 4:10 PM on January 28, 2007
posted by Dave Faris at 4:10 PM on January 28, 2007
I'm guessing the cancel button just "hides" the window, but it's still there and causing firefox to take the trouble to render it.
Yup, although the script sets the invisible box to 0px height and width to theoretically allow a rendering short-circuit, so Firefox is being rather silly about all that. This is an issue dating from the first nontrivial Greasemonkey script I wrote which was, uhhh, Mondo Meta. Appears to depend on the environment and machine. I don't notice it except on my pokey 1Ghz P3 machine, and then it's more a "ultra-fast text scroll, oooo lookit where that hidden window must be" minor video effect which doesn't bother me.
However, since the issue has been raised I can probably safely unhook the box from the document tree while it's unpopped and reattach it on invocation without a lot of associated bother. If there is a lot of associated bother, it may have to wait until a later release and rewrite. Which reminds me, looking back at Mondo Meta as a reference, there's a few bits of code in there which makes me cry, so I ought to stop lollygagging and restart version 2.0 development.
Other than the rendering issue, and noticing that the Reset button doesn't reset the maximum height/width to default 400px, things are smooth so far. Wait for the Monday MetaTalk stragglers, then if nothing else comes in, I'll fix the buglets and call this one a 1.x-level release-ready wrap.
posted by mdevore at 8:22 PM on January 28, 2007
Yup, although the script sets the invisible box to 0px height and width to theoretically allow a rendering short-circuit, so Firefox is being rather silly about all that. This is an issue dating from the first nontrivial Greasemonkey script I wrote which was, uhhh, Mondo Meta. Appears to depend on the environment and machine. I don't notice it except on my pokey 1Ghz P3 machine, and then it's more a "ultra-fast text scroll, oooo lookit where that hidden window must be" minor video effect which doesn't bother me.
However, since the issue has been raised I can probably safely unhook the box from the document tree while it's unpopped and reattach it on invocation without a lot of associated bother. If there is a lot of associated bother, it may have to wait until a later release and rewrite. Which reminds me, looking back at Mondo Meta as a reference, there's a few bits of code in there which makes me cry, so I ought to stop lollygagging and restart version 2.0 development.
Other than the rendering issue, and noticing that the Reset button doesn't reset the maximum height/width to default 400px, things are smooth so far. Wait for the Monday MetaTalk stragglers, then if nothing else comes in, I'll fix the buglets and call this one a 1.x-level release-ready wrap.
posted by mdevore at 8:22 PM on January 28, 2007
Just FYI -- slightly related (not offerering the same kind of functionality, I don't think) is this. Happened across it today. (Worth a look for it's wow-factor at least. Obviously, I have a weakness for eyecandy.)
posted by stavrosthewonderchicken at 11:11 PM on January 28, 2007
posted by stavrosthewonderchicken at 11:11 PM on January 28, 2007
I dunno if there's much intersection between the two scripts. Unfortunately the developers are a bit coy about saying exactly what the script does unless you try it out. I can say that unless a script or extension is specifically written to or customized for MetaFilter, certain image filtering features cannot be easily emulated because filtering is dependent upon MetaFilter specific structures for identifying users, the message body versus footer, and separating comments from the site text.
However, if a developer or group wants to run with the image management idea, adding large feature sets and slicking the extension look and feel up to commercial software standards, that's great. Won't hurt my feelings a bit; there's a hard limit to what I can and will invest in script work as an off-time freebie. Alternatively, MetaFilter is almost -- if not already -- popular enough to support full-scale open-source development of user tools. There is certainly a sufficiency of talented programmers on here to get a good team of volunteers.
In the meantime, I think I'm gonna look at writing an eBay script. Been using their site quite a bit the last few days, and man on man, that is an interactive experience which could use vastly improved streamlining and better filtering on item searches.
posted by mdevore at 11:39 PM on January 28, 2007
However, if a developer or group wants to run with the image management idea, adding large feature sets and slicking the extension look and feel up to commercial software standards, that's great. Won't hurt my feelings a bit; there's a hard limit to what I can and will invest in script work as an off-time freebie. Alternatively, MetaFilter is almost -- if not already -- popular enough to support full-scale open-source development of user tools. There is certainly a sufficiency of talented programmers on here to get a good team of volunteers.
In the meantime, I think I'm gonna look at writing an eBay script. Been using their site quite a bit the last few days, and man on man, that is an interactive experience which could use vastly improved streamlining and better filtering on item searches.
posted by mdevore at 11:39 PM on January 28, 2007
Of course, that should say "man, oh man". Normally I'd ignore the small typo, but around here, a "man on man" slip is throwing red meat to the wolves.
posted by mdevore at 11:45 PM on January 28, 2007
posted by mdevore at 11:45 PM on January 28, 2007
Didn't mean to steal your thunder, at all, I hasten to add, mdevore. Thanks again for all your hard work!
posted by stavrosthewonderchicken at 11:50 PM on January 28, 2007
posted by stavrosthewonderchicken at 11:50 PM on January 28, 2007
OK, my final remarks. I fixed the previous issues, fixed a bug where image placeholders wouldn't always show up, forced periods not to act like regular expression wildcards, and cleaned up the docs for public release. First public release is available for downloading now. Hopefully, remaining bugs are few and minor, and I didn't screw anything up at the last minute.
Off to submit to Projects, where The Powers hold its fate in their hands. Not The Fates hold its power in their hands, remember the first post what I said about mixing them up. I don't exactly know what the conditions are for closing a thread, or if it's considered A Good Thing To Do unless the discussion is veering off-track, but if an admin type wants to close this topic now, I have no objection. Or not close it, I don't mean to presume either way.
Thanks to everyone for the invaluable testing and feedback, and to the admins for letting me post the request. It could not have worked without y'all.
posted by mdevore at 7:44 PM on January 30, 2007
Off to submit to Projects, where The Powers hold its fate in their hands. Not The Fates hold its power in their hands, remember the first post what I said about mixing them up. I don't exactly know what the conditions are for closing a thread, or if it's considered A Good Thing To Do unless the discussion is veering off-track, but if an admin type wants to close this topic now, I have no objection. Or not close it, I don't mean to presume either way.
Thanks to everyone for the invaluable testing and feedback, and to the admins for letting me post the request. It could not have worked without y'all.
posted by mdevore at 7:44 PM on January 30, 2007
You are not logged in, either login or create an account to post comments
Mondo Image is a stand-alone Firefox extension or Greasemonkey script that allows users to automatically display inline images from existing hotlinks, similar in result to the now proscribed tag of letters I, M, and G. The image display can be customized based on the linked image file extension, image host site, MetaFilter user, and text in the body of a message containing the hotlink. This approach offers flexible image filtering and protection for users from the image tag boogeyman. Mondo Image continues the design philosophy of Mondo Meta encouraging users to personalize the MetaFilter experience on their side of the browser interaction. Firefox 1.5 through 2.x is required.
For recent example, with Mondo Image and appropriate filter settings, the Beatles stamp topic shows me three inline stamp images, as perhaps The Fates intended.
[Forestalling complaint item #3, post permission asked, granted, thank you to The Powers. Not The Fates, The Powers. Don't mix them up, they hate that.]
posted by mdevore at 3:32 PM on January 26, 2007