PDA

View Full Version : Huh? I Used To Have An Avatar!



bob
21st July 2013, 09:48 PM
Yep, and temporarily at least, now you don't (unless it's Staff). :blink:

In light of the Ubuntu Hack and recent suggestions, the use of Avatars has been removed for now.

Oh come on now, I've seen all of yours and they weren't that good anyhow!:p Mine, however, remains intact and perfect. :dance:

Edit: 5 hours later, thanks to Dan, now NONE of us have 'em. &$%#!!! :dis:

Dutchy
21st July 2013, 10:52 PM
Pretty bad vulnerability which could have been pretty easy to prevent.
Too bad this stuff is proprietary.

Good I'd not yet granted myself the privilege of an easy to recognize user picture, otherwise I'd be heartbroken. ;)

Gareth Jones
21st July 2013, 11:17 PM
It’s probably worth noting that the Ubuntu Forum hack got everyone’s user names and passwords (encrypted), as well as email addresses. I don’t know how many of members are also on Ubuntu Forums, but you’re advised to change the passwords of any accounts that currently use the same one – including your account here!

smr54
22nd July 2013, 03:56 AM
Without knowing any of the details, but going on the statement that avatars create a vulnerability, the staff avatars should be the first to go as staff has more access than ordinary users.

If I used an avatar, I'd probably be more upset.

GallComp
22nd July 2013, 04:07 AM
Without knowing any of the details, but going on the statement that avatars create a vulnerability, the staff avatars should be the first to go as staff has more access than ordinary users.

If I used an avatar, I'd probably be more upset.

As mentioned by Bob (Edited post), and thanks to Dan for playing around with the settings, even staff members lost their Avatars... And just to clarify, we haven't been compromised or anything, this is just a preventive measure for your own protection.

Dan
22nd July 2013, 04:08 AM
Scott ... You'd be upset if we hung you with a new rope.

sailor
22nd July 2013, 04:48 AM
I had a account with Unbuntu...but no idea what my login/password was? It may have been the same as here...I think I will change my pass.....:)

bob
22nd July 2013, 12:25 PM
Good idea! Ubuntu emailed me this morning about the breach and mentioned my account, even though I haven't used it in quite a few years. Like you, I wasn't sure, so I spent the morning changing passwords everywhere I do business.

Dan
22nd July 2013, 01:40 PM
It may or may not be indicative of the way I feel about Ubuntu ... but when I registered over there, I used a "disposable" password.

DBelton
22nd July 2013, 01:51 PM
I use a different password on every site, so I spend most of my time trying to figure out what freakin password I used :p I do remember that when I got demoted.. errr promoted on here, I changed mine to a harder one to guess, though.

Now, I don't even remember if I even had an account over on the Ubuntu forums or not :(

bob
22nd July 2013, 01:51 PM
It may or may not be indicative of the way I feel about Ubuntu ... but when I registered over there, I used a "disposable" password.

Ah, but you DID register! At one time you CARED enough to register! We've discovered a hidden flaw in the impenetrable "E-16 fortress known as Dan". :D

bob
22nd July 2013, 01:53 PM
And to (other) Dan, they seem to be emailing their backup list, so I wouldn't concern myself unless you get an email.

DBelton
22nd July 2013, 01:58 PM
And to (other) Dan, they seem to be emailing their backup list, so I wouldn't concern myself unless you get an email.

Well, so far, no email from them, so I may not have registered over there. About the only time I was over there was just reading solutions to problems that could also affect Fedora, but I don't believe I ever posted on there. I never really cared too much for running Ubuntu for some reason.

Dan
22nd July 2013, 03:18 PM
Ah, but you DID register! At one time you CARED enough to register! We've discovered a hidden flaw in the impenetrable "E-16 fortress known as Dan". :D <..:fp:..> Yeah. That was back when I was young and stupid.

BBQdave
22nd July 2013, 04:15 PM
Well, so far, no email from them, so I may not have registered over there. About the only time I was over there was just reading solutions to problems that could also affect Fedora...


<..:fp:..> Yeah. That was back when I was young and stupid.

I believe if you are not active on the Ubuntu Forums, your account is deactivated. I am not sure of the time parameter for deactivation, but I think the reasoning is - many noobs post once or twice and never show again, so the membership list is kept clean by deactivation of accounts not in use.

And come on Dan-s, everyone has enjoyed the refreshing Kool-Aid that is Ubuntu, at one time or another :p

bob
22nd July 2013, 04:36 PM
Dave, you'd be surprised at how many members come back here years later and log in after trying a later version of Fedora. I get requests all the time to check their status when there's a problem logging in.

However, your point is taken. We'll discuss a time limit for inactive membership.

sailor
22nd July 2013, 07:29 PM
It's sad that I have about 12 different passwords for my work alone.....then add the 10 personal ones for internet sites...sheesh. I can't remember them all :(. I do keep a notebook with my work passwords (shsssh...don't tell)...but then I have to remember where I hid the notebook :p

BBQdave
22nd July 2013, 10:11 PM
It's sad that I have about 12 different passwords for my work alone.....then add the 10 personal ones for internet sites...sheesh. I can't remember them all :(. I do keep a notebook with my work passwords (shsssh...don't tell)...but then I have to remember where I hid the notebook :p

I think that is done a lot, or at least people have a better memory than me... but cough cough - that's not to say I have a secrete notebook too :p

BBQdave
22nd July 2013, 10:21 PM
Dave, you'd be surprised at how many members come back here years later... We'll discuss a time limit for inactive membership.

If you guys do decide to impose a time limit, I humbly ask that those running Gnome 3 or a twisted Gnome 3 - Unity version have the same time parameters as everyone else. That is to say, please don't shrink our inactivity time and boot us off :p

Gareth Jones
22nd July 2013, 11:23 PM
If you guys do decide to impose a time limit, I humbly ask that those running Gnome 3 or a twisted Gnome 3 - Unity version have the same time parameters as everyone else. That is to say, please don't shrink our inactivity time and boot us off :p

Oh I donít know. Unity users might only get a few minutes. ;)

Gareth Jones
22nd July 2013, 11:29 PM
I think that is done a lot, or at least people have a better memory than me... but cough cough - that's not to say I have a secrete notebook too :p

Well, thatís what GNOME Key-Ring etc. are for. Or encrypted Vim files if you prefer a more manual approach. ;)

Dutchy
23rd July 2013, 12:55 PM
It's sad that I have about 12 different passwords for my work alone.....then add the 10 personal ones for internet sites...sheesh. I can't remember them all :(. I do keep a notebook with my work passwords (shsssh...don't tell)...but then I have to remember where I hid the notebook :p
Yeah, this password thing and the authentication dilemma in general is pretty annoying, sadly it is still the best thing we got.
So it's much like democracy. :)

MadmanRB
23rd July 2013, 03:21 PM
I do hope the avatars return, its kind of stock and boring without them.

matthewjavelet
24th July 2013, 12:09 AM
Avatars are for the birds anyways. Have there been any plans on switching from this mess known as vbulletin anytime soon?

StephenH
24th July 2013, 12:12 AM
With KeePass, it is easy to use unique, complex passwords for each site. KeePass has a password generator to generate them, and then stores them encrypted. It is cross-platform, so the same KeePass encrypted database works with Windows as well as Linux (tested), Mac OSX, BSD, Android, etc. The portable version means I can carry my passwords on a USB stick and not worry if it should get lost. It beats carrying passwords around in a notebook which is definitely not secure.

yum install keepassx

I'm not worried if I had an Ubuntu login (I don't think I ever set up an account there) because I don't reuse passwords on other sites. My Fedora Forum password is unique to this site. If I should get an Email from Ubuntu, I would just change the password for that site and not have to worry about the others.

Dan
24th July 2013, 12:29 AM
Avatars are for the birds anyways. Have there been any plans on switching from this mess known as vbulletin anytime soon? No.

bob
24th July 2013, 01:26 AM
My Fedora Forum password is unique to this site. Dang it, Steve! That's why I'm having no luck accessing your savings account. :D Be a little more considerate in the future; I'm living on a fixed income ya know!

debo2011
24th July 2013, 03:40 AM
mmm, and if I want upload example a image haha, I don't like the avatars ;)

Ok, will not be allowed. ;)

StephenH
24th July 2013, 07:22 PM
Dang it, Steve! That's why I'm having no luck accessing your savings account. :D Be a little more considerate in the future; I'm living on a fixed income ya know!

:rtfl:
So am I. That's why I'm so careful with passwords. I can't afford for someone else to be spending my money.

I'd prefer them to be doing this: :bang:

CronoCloud
25th July 2013, 05:20 AM
I'd forgotten I'd had an UbuntuForum account. In fact I don't remember why I have one, preferring my distros Redhatty, but apparently I got it back in 2010.

CronoCloud

matthewjavelet
25th July 2013, 06:26 AM
No.

Any reason as to why we shall continue using this poopy, outdated(php4 based) forum software? I also find it ironic that a free linux distro's community forum uses paid software.

Unbuntu forums were hacked using the same software, and i doubt every last one of their users data was stolen due to a malicious avatar. At least keep an open-mind to the idea?

bob
25th July 2013, 11:26 AM
If you'd read a bit, you'd know that this Forum is donated by a very generous guy who's not connected to linux. Now, if you want to pay the freight, we'd be happy to consider what you suggest.

Dan
25th July 2013, 01:22 PM
Any reason as to why we shall continue using this poopy, outdated(php4 based) forum software? I also find it ironic that a free linux distro's community forum uses paid software.

Unbuntu forums were hacked using the same software, and i doubt every last one of their users data was stolen due to a malicious avatar. At least keep an open-mind to the idea?It's early (I didn't get a whole lot of sleep last night.) So, let me hit this in bullet points.


We shall continue to use this "poopy" software because that's what we've got.
The relative irony you feel has a lot more to do with your lack of thinking, understanding and research than it does any existential problem with the forum.
Given the above conditions, your plea to, "At least keep an open-mind to the idea" suffers from being somewhat compromised.


As Bob and myself have stated ad-nausium, we and the forum are here as a matter of generosity and courtesy.

tl;dr - If you find such circumstances to be too onerous to deal with, there are other operating systems, softwares and support communities available.

matthewjavelet
26th July 2013, 12:29 AM
If you'd read a bit, you'd know that this Forum is donated by a very generous guy who's not connected to linux. Now, if you want to pay the freight, we'd be happy to consider what you suggest.

I do read, just because I haven't found something I didn't know exists doesn't mean I do not read, so thanks for that. Why would I have to pay? There are plenty of open source alternatives that are much better than vBulletin. However I really wouldn't mind paying out of my pocket for a decent forum to come visit each day. IPB and XenForo come to mind.


It's early (I didn't get a whole lot of sleep last night.) So, let me hit this in bullet points.


We shall continue to use this "poopy" software because that's what we've got.
The relative irony you feel has a lot more to do with your lack of thinking, understanding and research than it does any existential problem with the forum.
Given the above conditions, your plea to, "At least keep an open-mind to the idea" suffers from being somewhat compromised.


As Bob and myself have stated ad-nausium, we and the forum are here as a matter of generosity and courtesy.

tl;dr - If you find such circumstances to be too onerous to deal with, there are other operating systems, softwares and support communities available.

No, you definitely did not get enough sleep as this arugment is illogical and I don't know why you even posted.

Checking out your bullets:

1. It's what you got because you are still using it, not because you have to. Saying, we use it beacuse it's what we got is a horrible response to an actual problem.

2. The irony is not due to my lack of thinking, it is due to this specific isolated situation. Fedora is a free linux distro and it's supporting community resides on paid forum software. Simple as that. Who, what, when, where or why are not relevant to the irony.

3. Saying that my statement is being somewhat compromised by your condidtions:
a. Because it's what we got
a. My opinion

is complete bullcrap. thanks for everything you've brought to the table.

Look, all I'm getting at is that we are using an old, outdated and vulnerable(xss) forum system and I just want admins to keep an open-mind about switching in case security is ever compromised. Thanks for being adults about it guys.

bob
26th July 2013, 01:14 AM
It's not up to us, you see. We don't own the Forum or make that decision. We can and have suggested things to the owner and when he sees fit to change things, they will be changed.

Before you decide to criticize the owner or his choices, you should know that the revenue from the ads that appear in the Forum go to benefit a person in need. The owner gains nothing from them and still pays the full price for the Forum. That's a helluva nice thing to do, IMHO.

That's why I said if you want to pay for it, you get to make the decisions, but we'll work with what we're provided, as will you if you want to continue under these conditions, feeling that it's outdated and vulnerable. If that really does bother you, I'd suggest investigating Ask Fedora (link above) which is the Q&A site that IS a part of Fedora Project.

Now, that said, I think this is a very good time to end the subject since you've referred to the Sr. Admin as posting "bullcrap", and he's not one to take that lightly. (Edit: Nope, he didn't).

So, Thread Closed and if you want to pursue this further, I'd suggest PM'ing me.

Dan
26th July 2013, 01:16 AM
Matthew ... We've posted all over that we are looking for alternatives.

That being said, one of the factors you have failed to consider is that you are more than welcome to choose the software you wish to use ... and go start your very own forum.

And that being said, as weird as luck would have it, you and your continued sarcastic demeanor have just won the forum ID-10-T of the week contest!

Your prize is a time out.