Welcome to SP!  -
Areas & RangesMountains & RocksRoutesImagesArticlesTrip ReportsGearOtherPeoplePlans & PartnersWhat's NewForum

Summitpost Bulk Uploader bug/feature request thread

Suggestions and comments about SummitPost's features, policies, and procedures. Post bugs here.
 

Postby Gangolf Haub » Mon Mar 22, 2010 8:32 pm

And again - this time no error on my side. The only difference of these pictures to the ones I successfully loaded is that they don't contain any Exif information. Will have to revert to the trusty old way now ...
User Avatar
Gangolf Haub
Forum Moderator
 
Posts: 8399
Joined: Wed Nov 12, 2003 4:28 pm
Location: Mainz, Germany
Thanked: 516 times in 292 posts

Postby neghafi » Mon Mar 22, 2010 8:47 pm

mvs wrote:Hi Neghafi,

For sure, I think I mentioned the open source idea somewhere earlier in the thread or on another thread. I dropped that idea (for now) just because the elves were very cautious of the technology being used to spam the site. So, I've plugged in various controls for them. For example, they can (simply by editing one page) ban a particular user from using the tool. They can (or I can) force an upgrade to patch a security hole.

As an open source tool, that minimal protection would be very easily set aside. Of course a motivated "hacker" could side-step things whether they have the source or not, but it shouldn't be incredibly easy for them.

Recently, the Elves have relaxed their earlier stance regarding this tool. For almost a year, it was kind of a "black market" tool anyway. But they saw that the world didn't come to an end, people are using it responsibly, and so it was okay to let the tool go on the front page. I appreciate their trust and understand why they move conservatively. Therefore, I wouldn't make the tool open source without serious consideration, in a way that allows them to preserve some of the protections currently programmed into the tool despite outside changes.

I'm looking into a Mac port via Silverlight, but it's just in the planning stages. Obviously, what the tool does isn't rocket science. In fact it started as a Python script that just took a day or two to make. So as a programmer yourself you could easily improve on it, even without the source.

All the best,
--Michael


Now I'm sure you are a Pro programmer.
As you said there are several controls and I think it's good if admins would help to do some auth. an API or such
As a control (server based), username for bulk uploading must created at least 3 months and activated for a week (or something like that). This leads only ture people approved to do a mass upload and spammers are easly filtered. I don't think playing with IP is a good idea.
But as you know this doesn't mean to block hackers to do a DOS attack. As a hacker view be sure that if someone focus on this site. It would be easy to spam. I'm sure you know about proxy chaining or use of many usernames and other techniques hackers may use that is not the case
User Avatar
neghafi

 
Posts: 196
Joined: Sat Feb 23, 2008 11:42 am
Location: Tehran, Tehran, Iran
Thanked: 0 time in 0 post

Postby mvs » Mon Mar 29, 2010 8:43 pm

Okay thanks for having a look Gangolf, sorry work was crazy and I disappeared for a week.

Okay I have found a bug, different from yours but I thought I should mention it right away. The issue is that if you have unusual characters in your EXIF/metadata description text, the program may crash. I'm working on a fix, though I don't have a solution yet. It may require a round of upgrades in the libraries I'm using to read that data and to convert between string types.

I hope this isn't inconveniencing anyone, it sure did get me though.
User Avatar
mvs

 
Posts: 1040
Joined: Tue Oct 23, 2001 7:44 pm
Thanked: 282 times in 108 posts

Postby mvs » Mon Mar 29, 2010 8:45 pm

neghafi wrote:
mvs wrote:Hi Neghafi,

For sure, I think I mentioned the open source idea somewhere earlier in the thread or on another thread. I dropped that idea (for now) just because the elves were very cautious of the technology being used to spam the site. So, I've plugged in various controls for them. For example, they can (simply by editing one page) ban a particular user from using the tool. They can (or I can) force an upgrade to patch a security hole.

As an open source tool, that minimal protection would be very easily set aside. Of course a motivated "hacker" could side-step things whether they have the source or not, but it shouldn't be incredibly easy for them.

Recently, the Elves have relaxed their earlier stance regarding this tool. For almost a year, it was kind of a "black market" tool anyway. But they saw that the world didn't come to an end, people are using it responsibly, and so it was okay to let the tool go on the front page. I appreciate their trust and understand why they move conservatively. Therefore, I wouldn't make the tool open source without serious consideration, in a way that allows them to preserve some of the protections currently programmed into the tool despite outside changes.

I'm looking into a Mac port via Silverlight, but it's just in the planning stages. Obviously, what the tool does isn't rocket science. In fact it started as a Python script that just took a day or two to make. So as a programmer yourself you could easily improve on it, even without the source.

All the best,
--Michael


Now I'm sure you are a Pro programmer.
As you said there are several controls and I think it's good if admins would help to do some auth. an API or such
As a control (server based), username for bulk uploading must created at least 3 months and activated for a week (or something like that). This leads only ture people approved to do a mass upload and spammers are easly filtered. I don't think playing with IP is a good idea.
But as you know this doesn't mean to block hackers to do a DOS attack. As a hacker view be sure that if someone focus on this site. It would be easy to spam. I'm sure you know about proxy chaining or use of many usernames and other techniques hackers may use that is not the case


Thanks, your knowledge on these matters is going beyond mine for sure, and that may come in handy at some point. It has to be easy for the Elves to use those server side controls. I think I've got a really easy system right now that required no server side programming. That is the thing...there is no one interested with access to SP server side code, so I can't go as far as I'd like.
User Avatar
mvs

 
Posts: 1040
Joined: Tue Oct 23, 2001 7:44 pm
Thanked: 282 times in 108 posts

Postby neghafi » Wed Mar 31, 2010 3:29 pm

mvs wrote:Thanks, your knowledge on these matters is going beyond mine for sure, and that may come in handy at some point. It has to be easy for the Elves to use those server side controls. I think I've got a really easy system right now that required no server side programming. That is the thing...there is no one interested with access to SP server side code, so I can't go as far as I'd like.

Thanks for your kindly compliments. I thought your tool may be supported by admins. To tell the truth I'm not sure if server programing is more dangerous and client aut. client aut. is more easy to bypass by debugging and editing exe file (there are many cracknung tuts) sniffing is another way to try. so for an elite hacker it's not a prevention layer. and for script kiddies, a server side auth is more hard to analyse. That's all my points and admins may not want to support in anycase. I wish here we have a penetration tester as member to know about his/her viewpoints.
anyway thanks for sharing your tools
User Avatar
neghafi

 
Posts: 196
Joined: Sat Feb 23, 2008 11:42 am
Location: Tehran, Tehran, Iran
Thanked: 0 time in 0 post

Postby mvs » Wed Mar 31, 2010 5:11 pm

neghafi wrote:
mvs wrote:Thanks, your knowledge on these matters is going beyond mine for sure, and that may come in handy at some point. It has to be easy for the Elves to use those server side controls. I think I've got a really easy system right now that required no server side programming. That is the thing...there is no one interested with access to SP server side code, so I can't go as far as I'd like.

Thanks for your kindly compliments. I thought your tool may be supported by admins. To tell the truth I'm not sure if server programing is more dangerous and client aut. client aut. is more easy to bypass by debugging and editing exe file (there are many cracknung tuts) sniffing is another way to try. so for an elite hacker it's not a prevention layer. and for script kiddies, a server side auth is more hard to analyse. That's all my points and admins may not want to support in anycase. I wish here we have a penetration tester as member to know about his/her viewpoints.
anyway thanks for sharing your tools


Hi you are 100% right, and see the situation with clarity. Indeed, should a motivated "spammer" upload too many pictures they can bat aside my client security in various ways, for example creating new user accounts, or yes, hacking the executable. At that point it will come down to the oft-used server tool of banning the offending IP address.

You know, if this amazing offer of server side support ever came up I would jump at it and recommend to throw away the bulk uploader and replace it with an actual server side solution for bulk uploads. That really would be the ideal picture. I only went down this client side road because I didn't see that forthcoming.

Really nice talking to you!
User Avatar
mvs

 
Posts: 1040
Joined: Tue Oct 23, 2001 7:44 pm
Thanked: 282 times in 108 posts

Postby Hotoven » Wed Mar 31, 2010 5:47 pm

Thanks mvs, Im currently working on a huge trip report from my 2009 North West trip. I have many great photos I would love to share. And now that I see this, I finally started the long preocess of typeing it out the report. Keep your eyes open for the next month or two to be blowen away! haha
User Avatar
Hotoven

 
Posts: 1863
Joined: Mon Feb 09, 2009 8:06 pm
Location: Summit County, Colorado, United States
Thanked: 116 times in 88 posts

Postby neghafi » Sun Apr 04, 2010 1:28 pm

mvs wrote:Hi you are 100% right, and see the situation with clarity. Indeed, should a motivated "spammer" upload too many pictures they can bat aside my client security in various ways, for example creating new user accounts, or yes, hacking the executable. At that point it will come down to the oft-used server tool of banning the offending IP address.

You know, if this amazing offer of server side support ever came up I would jump at it and recommend to throw away the bulk uploader and replace it with an actual server side solution for bulk uploads. That really would be the ideal picture. I only went down this client side road because I didn't see that forthcoming.

Really nice talking to you!


I hope admins have rethink about it and provide you, your proposal server side programming. Nice meeting you as a pro programmer in mountaineering society.
User Avatar
neghafi

 
Posts: 196
Joined: Sat Feb 23, 2008 11:42 am
Location: Tehran, Tehran, Iran
Thanked: 0 time in 0 post

Postby visentin » Wed Aug 25, 2010 8:15 am

I see one more feature in which the tool could help, related to <a href="http://www.summitpost.org/phpBB2/viewtopic.php?t=54700&highlight=">this topic</a>.

In parallel to the Bulk detacher, we could add (or improve the existing feature ?) to add such possibility:
Attach all pics from an object to another object, of course if both source and destination belong to the same owner. Perhaps with a tickbox "detach from source" in the same time.
Perhaps the Bulk detacher could be a part of it: there would be a source object, mandatory, and a destination object, not mandatory. When the destination object is not filled, it would work as a detacher only.

As for the picture uploader, I still strongly encourage the listbox with all picture tags: hiking, climbing, humour, fauna, etc.

Since SP is not much improved lately with new features, there are many things your tool could do to ease the job of contributors, I'll add them here as they come into my mind :)
Thanks,
Eric
User Avatar
visentin

 
Posts: 1440
Joined: Sun Jan 13, 2008 12:27 pm
Location: WrocBaw, France and, Poland
Thanked: 87 times in 58 posts

Re: Summitpost Bulk Uploader bug/feature request thread

Postby mvs » Mon Oct 04, 2010 6:39 pm

Hi guys, the Summitpost Bulk Uploader is currently broken. Attempts to authenticate will give an error like "Unknown User." I'll work on a fix this week.
Thanks,
--Michael
User Avatar
mvs

 
Posts: 1040
Joined: Tue Oct 23, 2001 7:44 pm
Thanked: 282 times in 108 posts

Re: Summitpost Bulk Uploader bug/feature request thread

Postby mvs » Mon Oct 04, 2010 11:51 pm

Hi guys,
The Summitpost Bulk Uploader has been fixed. Server-side changes required a corresponding client-side change. The new version is 1.0.0.11, and you can get it here as usual.

Thanks to you guys who were using it and let me know. Sorry it took me a while to fix it! :)
User Avatar
mvs

 
Posts: 1040
Joined: Tue Oct 23, 2001 7:44 pm
Thanked: 282 times in 108 posts

Re: Summitpost Bulk Uploader bug/feature request thread

Postby mvs » Sat Jan 15, 2011 1:02 pm

Hi guys,
Josh Lewis pointed out that the Summitpost Bulk Uploader was broken for him. I identified the cause. It appears something changed in the server regarding url-rewriting or redirection. This broke my authentication feature, which wouldn't allow you to log in. I'm not sure how long the bug has been active (a month?), but it should have affected everyone. Anyway, the new version is available at the usual place (1.0.0.12).

Thanks for the help, Josh!
--Michael
User Avatar
mvs

 
Posts: 1040
Joined: Tue Oct 23, 2001 7:44 pm
Thanked: 282 times in 108 posts

The following user would like to thank mvs for this post
Josh Lewis, visentin

Re: Summitpost Bulk Uploader bug/feature request thread

Postby Josh Lewis » Sat Jan 15, 2011 8:40 pm

Awesome! Now the tool is looking good! Works like a charm. Thanks MVS!
My Websites: Alpine Josh · Alpine Ascent · AceMaps
User Avatar
Josh Lewis

 
Posts: 2316
Joined: Thu Jan 06, 2011 11:12 pm
Location: Lynnwood, Washington, The Cloudiest Place on Earth, United States
Thanked: 502 times in 332 posts

Re: Summitpost Bulk Uploader bug/feature request thread

Postby Marco Marinescu » Tue Oct 11, 2011 1:22 pm

Hey MVS, I just managed to get the tool eventually, I don't know what was the reason for it not working like that, but now It should be up and running, I'll just post any faults, or problems if they shall occur. Thank you.
User Avatar
Marco Marinescu

 
Posts: 4
Joined: Sun Oct 09, 2011 12:34 am
Location: Bucharest, Romania
Thanked: 0 time in 0 post

Re: Summitpost Bulk Uploader bug/feature request thread

Postby visentin » Mon Apr 08, 2013 11:48 am

Hey Michael ! The link to the download is broken !
User Avatar
visentin

 
Posts: 1440
Joined: Sun Jan 13, 2008 12:27 pm
Location: WrocBaw, France and, Poland
Thanked: 87 times in 58 posts

Previous

Return to Site Feedback

 


  • Related topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: No registered users and 0 guests

© 2006-2013 SummitPost.org. All Rights Reserved.