General discussion


Member signature phase 1 is live

By sMoRTy71 ·
Today, we launched the first phase of a new Member Signature, our first (of many) new Community features. The Signature provides more information about each of our members as well as more opportunities for other members to interact with them.

One of the new pieces of information that we will be displaying is the Site Activity Rating. The Rating, which is represented by a status meter, shows how active that member has been on the site in the past 30 days. It is still in beta; however, the algorithm that we have built to drive it is scalable so that it can be tweaked and enhanced over time.

The second phase of the Member Signature will launch over the next couple of weeks. This phase will include:

1. Ability to add a photo or avatar (that members host) to the Signature

2. Addition of Signature to Technical Q&A pages

3. Addition of a Top 100 status message to the Signatures of our Top 100 members (#47 of Top 100 members)

4. Addition of a Top 100 listing page that displays all of the Top 100 members

Let us know of changes/tweaks/additions you'd like to make to the signature. Thanks.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

one point

by apotheon In reply to Member signature phase 1 ...

While I certainly understand the need to have members host their own photos/avatars, that strikes me as a potentially dangerous solution to bandwidth issues. It's possible that this could lead to abuse of the feature, including introduction of JPEG exploits and inappropriate images. Are there any ideas for how to defend against that sort of thing?

Collapse -

Just to step in

by Oz_Media In reply to one point

When inaaprorpiate material is posted here, it is VERY quickly reported to the editors and gets removed. Now as for viral jpeg's etc. well let's just hope TR has a way to scan uploaded photo's before posting them.
But as for inappropriate, you should see some of the stuff that's been removed, some is a 50/50 toss up of SOME people find it offensive and others didn't, in which case those offended are given the benefit of the doubt and the post is pulled. They don't moderate as much as they respond to user complaints.

Collapse -

Self-policing is our goal

by sMoRTy71 In reply to Just to step in

Ultimately, we want the community to be self-policing.

It is our hope that users will keep the photos or avatars on the "appropriate" side of the spectrum since the images will represent them everywhere they post on the site. Plus, we will provide a suggestion on the photo attachment page that reminds people that they should keep the images clean.

However, we know that there will always be someone who posts something just to see if they can get it through.

Inappropriate photos will just be something we'll have to deal with on a case-by-case basis until we can let moderators share in those responsibilities.


Collapse -

I should leave that to the engineers

by sMoRTy71 In reply to one point

I may have spoken out of turn when I suggested that users host the images. I will definitely let our engineers determine the best (and most secure) approach to those images.

My thought was that it would shorten the time to market for the feature. However, I hadn't yet considered the potential security implications.

You all aren't scared of a little malicious code are you? :)

Thanks for pointing that out.

Collapse -

Power of a pixel

by Oz_Media In reply to I should leave that to th ...

It is amazing what a single pixel is capable of isn't it?

It is almost a microscience in that respect.
Can you not have a simple engine scanning of uploaded images? You wouldn't need to scan each and every post, just the image upload section of the profile page when signing. or even have it posted to a secondary source (such as yourself or some other employee) that is physically checked, time depending and added afterwards.

Collapse -

power in pixel?

by Ned Rhinelander (CNET) In reply to Power of a pixel

I don't mean to be dense, but what specifically can be hidden in a pixel? I know about html-based cross scripting exploits, but what is there to look for in jpgs.

Ned Rhinelander (TR Engineering)

Collapse -

Perhaps just paranoia

by Oz_Media In reply to power in pixel?

I am not malicious myself,well not technically malicious that is.

Is it not true that an entire script can be embedded into a single pixel of a jpeg? When the jpeg is loaded so is the script?

Here's another issue, obviously in this case it does require an executable but is triggered from an infected jpeg.

Granted other similar scripts also need to be 'fried' by an executable, but what if the virus is resident in psople's
PC's and then 'fired' by viewing an infected image on TR?

There are some pretty good security experts here (not I), perhaps they can elaborate for me.

Collapse -

graphics exploits

by Ned Rhinelander (CNET) In reply to Perhaps just paranoia

I did a little more research,

JPEG's are not executable, I think that the link you sent earlier was reporting a virus that changed the jpeg interpreter to allow execution of code..this is obviously very different, as damage would be limited to infected machines.

However, here is one of the legitimate concerns:

This involves a buffer overrun...which is I suppose a way of making a jpeg executable.

However, this is such a severe flaw, that I wonder if it's really introducing much of a risk for TR members...the internet is full of graphics hosted elsewhere. (akamai, 3rd party ad servers, etc.). It seems to me that if an exploit were released, the only possible way of combatting it would be through the client. So, I personally don't see much of a security risk to allow 3rd party graphics, at least in the non-commerce portions of the site.

btw, I also read that there is a server-side exploit in a module called 'imagemagik', which would affect any servers that were engaged in reformatting images...

If anyone has any better information or conflicting viewpoints I'd love to hear them.

Collapse -

Fair enough

by Oz_Media In reply to graphics exploits

I figured it was something like an small executable on an infected machine that was activated by the code in the jpeg as it was downloaded. Therefore anyone infected, which could be a massive audience if the coed is unobtrusive enough to go unnoticed, would automatically get nailed when the jpeg loaded.

Collapse -

This looks great

by HAL 9000 Moderator In reply to Member signature phase 1 ...

But I wonder is the Location of the Peer is currently restricted to the USA/Canada as mine doesn't appear and I've just had a look see to make sure that I have everything correct.

As far as making the engineers work better and faster a long stock whip tends to let them know you mean business but you can not play favorites who ever screws up or isn't pulling their weight needs some form of incentive to pick up their game. When I was told that I could no longer threaten either the Staff or the Dealers I just replied I wasn't threating them but using "Aversion Therapy" which was far less painful than the then medically accepted methods.


Related Discussions

Related Forums