Can I has a pony I means an ELEFINK August 9, 2007 10:35 PM Subscribe
Is IMG back? A sudden favoriting of a long-ago image-only post yielded sweet, sweet, elephantine pictograms! Can we keep them? They followed my pony home!
I'm not entirely sure what you're getting at here, but I think the grandfather rule applies to this phenomenon you're experiencing. <img> was not turned to scorched earth, it is simply no longer allowed.
posted by carsonb at 10:46 PM on August 9, 2007
posted by carsonb at 10:46 PM on August 9, 2007
Like Burhanistan said. Also there is a Greasemonkey script that purports to turn .jpg links to inline images, but it seems to work sporadically at best, for me.
posted by Rock Steady at 10:48 PM on August 9, 2007
posted by Rock Steady at 10:48 PM on August 9, 2007
Hm, perhaps yr right. I recall pondering other late-breaking faves on this post and having the thread load sans pix; my assumotion was the IMG ban was retroactive.
Of course, that assumption would require favoriting an image-only post without seeing the image, a refined expression of the critical faculties if ever I did, um, see.
posted by mwhybark at 10:52 PM on August 9, 2007
Of course, that assumption would require favoriting an image-only post without seeing the image, a refined expression of the critical faculties if ever I did, um, see.
posted by mwhybark at 10:52 PM on August 9, 2007
ah, that is: 'my assumotion' was intended to be typed thusly: 'my assumption.'
nervously twists Gilligan-style bucket hat in hands
posted by mwhybark at 10:55 PM on August 9, 2007
nervously twists Gilligan-style bucket hat in hands
posted by mwhybark at 10:55 PM on August 9, 2007
It was not retroactive, it was not a massive pruning of old posts, it was just a tweak to cull out the img tag when making a new post.
posted by caddis at 10:57 PM on August 9, 2007
posted by caddis at 10:57 PM on August 9, 2007
The ban was not retroactive. In fact, the tag isn't banned at any low level; the comment box just won't let an img tag by during posting (or big, or marquee, or font, or...).
posted by cortex (staff) at 10:58 PM on August 9, 2007
posted by cortex (staff) at 10:58 PM on August 9, 2007
you know, if metafilter supports chinese script - which i think it does - you can probably still post all the elephant pictograms you like.
just sayin'
posted by UbuRoivas at 11:43 PM on August 9, 2007
just sayin'
posted by UbuRoivas at 11:43 PM on August 9, 2007
This would be a pretty good attack using the img vulnerability. Those of us hosting our own stuff could modify a previously linked image with the exploit and then link to the comment in a post to MetaTalk. Perfect for stealing admin passwords as depending the text of the post at least one of them would be practically compelled to click the link. Heck you could change the image and then link to somebody else's comment in the same thread.
posted by Mitheral at 11:48 PM on August 9, 2007
posted by Mitheral at 11:48 PM on August 9, 2007
[the script] seems to work sporadically at best
Bug reports lead to fixes. But first, the bug report.
(I use it daily, myself, with no more than expected problems on stupid-behaving websites that use JPG or PNG extensions for non-image code. Wikipedia I'm looking at you).
posted by mdevore at 12:14 AM on August 10, 2007
Bug reports lead to fixes. But first, the bug report.
(I use it daily, myself, with no more than expected problems on stupid-behaving websites that use JPG or PNG extensions for non-image code. Wikipedia I'm looking at you).
posted by mdevore at 12:14 AM on August 10, 2007
Um. Not sure what you mean here. All the old IMGs are still around, there are just no new ones.
Same thing with some inline code. A handful of people suddenly and inexplicably +faved this comment of mine from way back, I noticed.
Also, where people drop links to images into threads, I see them inline here (and everywhere) thanks to this thingy I mentioned before.
posted by stavrosthewonderchicken at 12:21 AM on August 10, 2007
Same thing with some inline code. A handful of people suddenly and inexplicably +faved this comment of mine from way back, I noticed.
Also, where people drop links to images into threads, I see them inline here (and everywhere) thanks to this thingy I mentioned before.
posted by stavrosthewonderchicken at 12:21 AM on August 10, 2007
Mitheral: "This would be a pretty good attack using the img vulnerability."
There's image hosted on my server in the linked thread. The temptation to malice is palpable. Good thing I'm not an asshole.
Yet.
posted by team lowkey at 1:00 AM on August 10, 2007
There's image hosted on my server in the linked thread. The temptation to malice is palpable. Good thing I'm not an asshole.
Yet.
posted by team lowkey at 1:00 AM on August 10, 2007
Guess this would be a good place to post my question that I did not believe warranted a a new thread?
How the hell are people making their text smaller.
font size="" does nothing for me. Checked the Wiki and it shows that this should work. What am I missing?
posted by B(oYo)BIES at 2:59 AM on August 10, 2007
How the hell are people making their text smaller.
font size="" does nothing for me. Checked the Wiki and it shows that this should work. What am I missing?
posted by B(oYo)BIES at 2:59 AM on August 10, 2007
FONT attributes are stripped. Use the SMALL tag. Small is nestable.
posted by Mitheral at 3:05 AM on August 10, 2007
posted by Mitheral at 3:05 AM on August 10, 2007
What Wiki page are you looking at? The formatting page says FONT isn't allowed.
PS: Matt and cortex (and jessamyn probably but I've never seen her do it) have secret admin powers allowing them to use the FONT and other disallowed tags. They use itto mess with our minds for evil for demonstration purposes on occasion.
posted by Mitheral at 3:15 AM on August 10, 2007
PS: Matt and cortex (and jessamyn probably but I've never seen her do it) have secret admin powers allowing them to use the FONT and other disallowed tags. They use it
posted by Mitheral at 3:15 AM on August 10, 2007
Ahhhh. t y
posted by B(oYo)BIES at 3:18 AM on August 10, 2007
posted by B(oYo)BIES at 3:18 AM on August 10, 2007
@Mitheral
Same page you just linked to. But I swear the 'Disallowed Tags,' in BIG BOLD letters didn't show up last time.
not really.. I am an ass that can't take the time to read over the page properly.
posted by B(oYo)BIES at 3:21 AM on August 10, 2007
Same page you just linked to. But I swear the 'Disallowed Tags,' in BIG BOLD letters didn't show up last time.
not really.. I am an ass that can't take the time to read over the page properly.
posted by B(oYo)BIES at 3:21 AM on August 10, 2007
No problem, I noticed that the page said IMG was allowed so I fixed that. I just wanted to make sure there wasn't another formatting page out there with wrong information.
posted by Mitheral at 3:25 AM on August 10, 2007
posted by Mitheral at 3:25 AM on August 10, 2007
Your search - LOLiphants - did not match any documents.
posted by Devils Rancher at 6:00 AM on August 10, 2007
posted by Devils Rancher at 6:00 AM on August 10, 2007
This would be a pretty good attack using the img vulnerability. Those of us hosting our own stuff could modify a previously linked image with the exploit and then link to the comment in a post to MetaTalk. Perfect for stealing admin passwords as depending the text of the post at least one of them would be practically compelled to click the link. Heck you could change the image and then link to somebody else's comment in the same thread.
That's not true at all. The HTTP GET vulnerability works via the URL. You post an image tag like <img src="http://www.metafilter.com/favorite.mefi?fave=1231"> and then when the browser tries to load the image, it accesses that URL.
The problem, though, is that you can also do that with regular hyperlinks. But one of the things matt did was set things up so that nothing changed via HTTP get. so if someone clicked a link like that, nothing would happen, so that's no longer a worry.
And, once you post an image URL, you can't change it. Another thing you can do is exploit security vulnerabilities in browsers, but people using updated browsers won't be affected.
posted by delmoi at 6:06 AM on August 10, 2007
That's not true at all. The HTTP GET vulnerability works via the URL. You post an image tag like <img src="http://www.metafilter.com/favorite.mefi?fave=1231"> and then when the browser tries to load the image, it accesses that URL.
The problem, though, is that you can also do that with regular hyperlinks. But one of the things matt did was set things up so that nothing changed via HTTP get. so if someone clicked a link like that, nothing would happen, so that's no longer a worry.
And, once you post an image URL, you can't change it. Another thing you can do is exploit security vulnerabilities in browsers, but people using updated browsers won't be affected.
posted by delmoi at 6:06 AM on August 10, 2007
and jessamyn probably but I've never seen her do it
It's true, I have the sekrit admin power but never use it. Though I was realy tempted to with my last FPP. Remember back when it was Jerry Garcia's birthday a few years ago and someone posted a Jerry Garcia image right to the front page? Ahh good times....
posted by jessamyn (staff) at 6:10 AM on August 10, 2007
It's true, I have the sekrit admin power but never use it. Though I was realy tempted to with my last FPP. Remember back when it was Jerry Garcia's birthday a few years ago and someone posted a Jerry Garcia image right to the front page? Ahh good times....
posted by jessamyn (staff) at 6:10 AM on August 10, 2007
CAN'T YOU SEE?! LOLCATS CHANGED EVERYTHING! NEVER FORGET!!!
posted by sourwookie at 6:24 AM on August 10, 2007
posted by sourwookie at 6:24 AM on August 10, 2007
posted by cortex (staff) at 7:04 AM on August 10, 2007 [4 favorites]
Holy cow.
posted by cortex (staff) at 7:04 AM on August 10, 2007 [2 favorites]
posted by cortex (staff) at 7:04 AM on August 10, 2007 [2 favorites]
Flagged as bouncy.
posted by Partial Law at 7:07 AM on August 10, 2007
posted by Partial Law at 7:07 AM on August 10, 2007
(which wasn't easy to do)
posted by Partial Law at 7:11 AM on August 10, 2007
posted by Partial Law at 7:11 AM on August 10, 2007
you are getting sleepy very sleepy send me all your money and nekkid pitchers
posted by Lentrohamsanin at 7:27 AM on August 10, 2007
posted by Lentrohamsanin at 7:27 AM on August 10, 2007
So it turns out (upon review, arriving at work), that FF deals with an unclosed marquee tag by confining the marquee to the outer div of the comment. But IE drops it down the rest of the thread, which is just, let's be frank, goddam annoying. Close your forbidden tags, kids!
posted by cortex (staff) at 7:33 AM on August 10, 2007
posted by cortex (staff) at 7:33 AM on August 10, 2007
I miss the img tag, if only because trainwreck threads always swelled my "amusing" subdirectory of "My Pictures".
posted by Pope Guilty at 7:47 AM on August 10, 2007
posted by Pope Guilty at 7:47 AM on August 10, 2007
Unfavorited because now my previous comments look stupid.
posted by Partial Law at 8:17 AM on August 10, 2007
posted by Partial Law at 8:17 AM on August 10, 2007
Taking requests, cortex? You could run a little side business here, "Gitcher slogan on da Marqueeee! Five dollah!! Your quote 5 miles high where everyone can see it on the strip!"
cortex's marquee comment above has changed innumerable times by the time you're reading this. It is a sickening abuse of admin power, this marquee flaunting, and not just because of all the back-and-forth.
posted by carsonb at 8:29 AM on August 10, 2007
cortex's marquee comment above has changed innumerable times by the time you're reading this. It is a sickening abuse of admin power, this marquee flaunting, and not just because of all the back-and-forth.
posted by carsonb at 8:29 AM on August 10, 2007
delmoi writes "You post an image tag like <img src='http://www.metafilter.com/favorite.mefi?fave=1231'> and then when the browser tries to load the image, it accesses that URL. "
If that was the case it seems like it would be easy enough to code for, just stop people from putting anything in the SRC attribute except for items ending in .png .gif .jpg .jpeg .bmp. I thought the vulnerability was when the image was requested the server sent a piece of malicious code instead.
mock says: "allowing images with specific file types will not work either, as I can just set a 302 redirect on the image name and use that to attack the server."
Also Rhomboid wrote: That would be completely useless in terms of security. All the attacker would have to do would be to point to an URL on a server he controls, and have that URL redirect to the target URL.
I could just set the 302 on a already existing "safe" image link. Then get everyone to look at by posting to MetaTalk with a link to someone's comment in the same thread as the redirected image.
posted by Mitheral at 9:00 AM on August 10, 2007
If that was the case it seems like it would be easy enough to code for, just stop people from putting anything in the SRC attribute except for items ending in .png .gif .jpg .jpeg .bmp. I thought the vulnerability was when the image was requested the server sent a piece of malicious code instead.
mock says: "allowing images with specific file types will not work either, as I can just set a 302 redirect on the image name and use that to attack the server."
Also Rhomboid wrote: That would be completely useless in terms of security. All the attacker would have to do would be to point to an URL on a server he controls, and have that URL redirect to the target URL.
I could just set the 302 on a already existing "safe" image link. Then get everyone to look at by posting to MetaTalk with a link to someone's comment in the same thread as the redirected image.
posted by Mitheral at 9:00 AM on August 10, 2007
Can I has a pony I means an ELEFINK
Ha, ha, ha, LOLCatspeak never gets old!
Wait, it just did.
posted by signal at 10:14 AM on August 10, 2007
Ha, ha, ha, LOLCatspeak never gets old!
Wait, it just did.
posted by signal at 10:14 AM on August 10, 2007
Ah, I remember the old days of imgs and marquee tags left open and...
*sigh*
posted by Shane at 11:10 AM on August 10, 2007
*sigh*
posted by Shane at 11:10 AM on August 10, 2007
There are other community sites that allow users to post images, how do they do it?
posted by LarryC at 11:25 AM on August 10, 2007 [3 favorites]
posted by LarryC at 11:25 AM on August 10, 2007 [3 favorites]
Like not wearing your seatbelt they just accept the risk.
posted by Mitheral at 11:51 AM on August 10, 2007
posted by Mitheral at 11:51 AM on August 10, 2007
cortex's little floating picture aside, I've come to really enjoy the absence of <img>s around here. I was sad when the ban went into effect, but the cleanliness has grown on me.
And it's not like clicking links to images are any great pain.
As for nested <small> tags
1 2 3 4 5 6 7 8 9 10 11 12 13 14 invisible
At 15 it becomes essentially invisible.
posted by quin at 12:03 PM on August 10, 2007 [1 favorite]
And it's not like clicking links to images are any great pain.
As for nested <small> tags
1 2 3 4 5 6 7 8 9 10 11 12 13 14 invisible
At 15 it becomes essentially invisible.
posted by quin at 12:03 PM on August 10, 2007 [1 favorite]
Those numbers aren't tiny, they're just really far away.
posted by goodnewsfortheinsane at 12:07 PM on August 10, 2007
posted by goodnewsfortheinsane at 12:07 PM on August 10, 2007
quin, 11 through "invisible" are the same size (height) as displayed by my Mac using its awesome magnificatory faculty.
posted by Mister_A at 12:31 PM on August 10, 2007
posted by Mister_A at 12:31 PM on August 10, 2007
Worse here: everything 3 and down is the same 6pt profile. IE: party pooper.
posted by cortex (staff) at 12:34 PM on August 10, 2007
posted by cortex (staff) at 12:34 PM on August 10, 2007
i miss img and everyone who dose not is on de enemeez list
posted by dame at 6:11 PM on August 10, 2007
posted by dame at 6:11 PM on August 10, 2007
The image tag may still be gone, but this infection of closures needs to be treated.
posted by Big_B at 9:41 AM on August 11, 2007
posted by Big_B at 9:41 AM on August 11, 2007
Bug reports lead to fixes. But first, the bug report.
I wasn't told we had to do Logo in this community.
posted by ikkyu2 at 12:58 PM on August 12, 2007
I wasn't told we had to do Logo in this community.
posted by ikkyu2 at 12:58 PM on August 12, 2007
A well-rounded MeFite should be conversant in several languages, with swearing as a primary and Logo on the elective list. Since AskMe questions and meetup photographs show well-rounded to describe many here, there should be community support for Logo.
posted by mdevore at 2:38 PM on August 12, 2007
posted by mdevore at 2:38 PM on August 12, 2007
So, the [small] tag is actually just a [far] tag? Wow, who knew?
posted by nevercalm at 5:41 PM on August 12, 2007
posted by nevercalm at 5:41 PM on August 12, 2007
What? I can't quite—could you speak up? I'm not—I'm not quite making it out. Oh, stuff it, I'll just come over there.
posted by cortex (staff) at 6:17 PM on August 12, 2007
posted by cortex (staff) at 6:17 PM on August 12, 2007
You are not logged in, either login or create an account to post comments
posted by Rock Steady at 10:45 PM on August 9, 2007