Page 5 of 6

PostPosted: Mon Mar 22, 2010 8:32 pm
by Gangolf Haub
And again - this time no error on my side. The only difference of these pictures to the ones I successfully loaded is that they don't contain any Exif information. Will have to revert to the trusty old way now ...

PostPosted: Mon Mar 22, 2010 8:47 pm
by neghafi
mvs wrote:Hi Neghafi,

For sure, I think I mentioned the open source idea somewhere earlier in the thread or on another thread. I dropped that idea (for now) just because the elves were very cautious of the technology being used to spam the site. So, I've plugged in various controls for them. For example, they can (simply by editing one page) ban a particular user from using the tool. They can (or I can) force an upgrade to patch a security hole.

As an open source tool, that minimal protection would be very easily set aside. Of course a motivated "hacker" could side-step things whether they have the source or not, but it shouldn't be incredibly easy for them.

Recently, the Elves have relaxed their earlier stance regarding this tool. For almost a year, it was kind of a "black market" tool anyway. But they saw that the world didn't come to an end, people are using it responsibly, and so it was okay to let the tool go on the front page. I appreciate their trust and understand why they move conservatively. Therefore, I wouldn't make the tool open source without serious consideration, in a way that allows them to preserve some of the protections currently programmed into the tool despite outside changes.

I'm looking into a Mac port via Silverlight, but it's just in the planning stages. Obviously, what the tool does isn't rocket science. In fact it started as a Python script that just took a day or two to make. So as a programmer yourself you could easily improve on it, even without the source.

All the best,
--Michael


Now I'm sure you are a Pro programmer.
As you said there are several controls and I think it's good if admins would help to do some auth. an API or such
As a control (server based), username for bulk uploading must created at least 3 months and activated for a week (or something like that). This leads only ture people approved to do a mass upload and spammers are easly filtered. I don't think playing with IP is a good idea.
But as you know this doesn't mean to block hackers to do a DOS attack. As a hacker view be sure that if someone focus on this site. It would be easy to spam. I'm sure you know about proxy chaining or use of many usernames and other techniques hackers may use that is not the case

PostPosted: Mon Mar 29, 2010 8:43 pm
by mvs
Okay thanks for having a look Gangolf, sorry work was crazy and I disappeared for a week.

Okay I have found a bug, different from yours but I thought I should mention it right away. The issue is that if you have unusual characters in your EXIF/metadata description text, the program may crash. I'm working on a fix, though I don't have a solution yet. It may require a round of upgrades in the libraries I'm using to read that data and to convert between string types.

I hope this isn't inconveniencing anyone, it sure did get me though.

PostPosted: Mon Mar 29, 2010 8:45 pm
by mvs
neghafi wrote:
mvs wrote:Hi Neghafi,

For sure, I think I mentioned the open source idea somewhere earlier in the thread or on another thread. I dropped that idea (for now) just because the elves were very cautious of the technology being used to spam the site. So, I've plugged in various controls for them. For example, they can (simply by editing one page) ban a particular user from using the tool. They can (or I can) force an upgrade to patch a security hole.

As an open source tool, that minimal protection would be very easily set aside. Of course a motivated "hacker" could side-step things whether they have the source or not, but it shouldn't be incredibly easy for them.

Recently, the Elves have relaxed their earlier stance regarding this tool. For almost a year, it was kind of a "black market" tool anyway. But they saw that the world didn't come to an end, people are using it responsibly, and so it was okay to let the tool go on the front page. I appreciate their trust and understand why they move conservatively. Therefore, I wouldn't make the tool open source without serious consideration, in a way that allows them to preserve some of the protections currently programmed into the tool despite outside changes.

I'm looking into a Mac port via Silverlight, but it's just in the planning stages. Obviously, what the tool does isn't rocket science. In fact it started as a Python script that just took a day or two to make. So as a programmer yourself you could easily improve on it, even without the source.

All the best,
--Michael


Now I'm sure you are a Pro programmer.
As you said there are several controls and I think it's good if admins would help to do some auth. an API or such
As a control (server based), username for bulk uploading must created at least 3 months and activated for a week (or something like that). This leads only ture people approved to do a mass upload and spammers are easly filtered. I don't think playing with IP is a good idea.
But as you know this doesn't mean to block hackers to do a DOS attack. As a hacker view be sure that if someone focus on this site. It would be easy to spam. I'm sure you know about proxy chaining or use of many usernames and other techniques hackers may use that is not the case


Thanks, your knowledge on these matters is going beyond mine for sure, and that may come in handy at some point. It has to be easy for the Elves to use those server side controls. I think I've got a really easy system right now that required no server side programming. That is the thing...there is no one interested with access to SP server side code, so I can't go as far as I'd like.

PostPosted: Wed Mar 31, 2010 3:29 pm
by neghafi
mvs wrote:Thanks, your knowledge on these matters is going beyond mine for sure, and that may come in handy at some point. It has to be easy for the Elves to use those server side controls. I think I've got a really easy system right now that required no server side programming. That is the thing...there is no one interested with access to SP server side code, so I can't go as far as I'd like.

Thanks for your kindly compliments. I thought your tool may be supported by admins. To tell the truth I'm not sure if server programing is more dangerous and client aut. client aut. is more easy to bypass by debugging and editing exe file (there are many cracknung tuts) sniffing is another way to try. so for an elite hacker it's not a prevention layer. and for script kiddies, a server side auth is more hard to analyse. That's all my points and admins may not want to support in anycase. I wish here we have a penetration tester as member to know about his/her viewpoints.
anyway thanks for sharing your tools

PostPosted: Wed Mar 31, 2010 5:11 pm
by mvs
neghafi wrote:
mvs wrote:Thanks, your knowledge on these matters is going beyond mine for sure, and that may come in handy at some point. It has to be easy for the Elves to use those server side controls. I think I've got a really easy system right now that required no server side programming. That is the thing...there is no one interested with access to SP server side code, so I can't go as far as I'd like.

Thanks for your kindly compliments. I thought your tool may be supported by admins. To tell the truth I'm not sure if server programing is more dangerous and client aut. client aut. is more easy to bypass by debugging and editing exe file (there are many cracknung tuts) sniffing is another way to try. so for an elite hacker it's not a prevention layer. and for script kiddies, a server side auth is more hard to analyse. That's all my points and admins may not want to support in anycase. I wish here we have a penetration tester as member to know about his/her viewpoints.
anyway thanks for sharing your tools


Hi you are 100% right, and see the situation with clarity. Indeed, should a motivated "spammer" upload too many pictures they can bat aside my client security in various ways, for example creating new user accounts, or yes, hacking the executable. At that point it will come down to the oft-used server tool of banning the offending IP address.

You know, if this amazing offer of server side support ever came up I would jump at it and recommend to throw away the bulk uploader and replace it with an actual server side solution for bulk uploads. That really would be the ideal picture. I only went down this client side road because I didn't see that forthcoming.

Really nice talking to you!

PostPosted: Wed Mar 31, 2010 5:47 pm
by Hotoven
Thanks mvs, Im currently working on a huge trip report from my 2009 North West trip. I have many great photos I would love to share. And now that I see this, I finally started the long preocess of typeing it out the report. Keep your eyes open for the next month or two to be blowen away! haha

PostPosted: Sun Apr 04, 2010 1:28 pm
by neghafi
mvs wrote:Hi you are 100% right, and see the situation with clarity. Indeed, should a motivated "spammer" upload too many pictures they can bat aside my client security in various ways, for example creating new user accounts, or yes, hacking the executable. At that point it will come down to the oft-used server tool of banning the offending IP address.

You know, if this amazing offer of server side support ever came up I would jump at it and recommend to throw away the bulk uploader and replace it with an actual server side solution for bulk uploads. That really would be the ideal picture. I only went down this client side road because I didn't see that forthcoming.

Really nice talking to you!


I hope admins have rethink about it and provide you, your proposal server side programming. Nice meeting you as a pro programmer in mountaineering society.

PostPosted: Wed Aug 25, 2010 8:15 am
by visentin
I see one more feature in which the tool could help, related to <a href="http://www.summitpost.org/phpBB2/viewtopic.php?t=54700&highlight=">this topic</a>.

In parallel to the Bulk detacher, we could add (or improve the existing feature ?) to add such possibility:
Attach all pics from an object to another object, of course if both source and destination belong to the same owner. Perhaps with a tickbox "detach from source" in the same time.
Perhaps the Bulk detacher could be a part of it: there would be a source object, mandatory, and a destination object, not mandatory. When the destination object is not filled, it would work as a detacher only.

As for the picture uploader, I still strongly encourage the listbox with all picture tags: hiking, climbing, humour, fauna, etc.

Since SP is not much improved lately with new features, there are many things your tool could do to ease the job of contributors, I'll add them here as they come into my mind :)
Thanks,
Eric

Re: Summitpost Bulk Uploader bug/feature request thread

PostPosted: Mon Oct 04, 2010 6:39 pm
by mvs
Hi guys, the Summitpost Bulk Uploader is currently broken. Attempts to authenticate will give an error like "Unknown User." I'll work on a fix this week.
Thanks,
--Michael

Re: Summitpost Bulk Uploader bug/feature request thread

PostPosted: Mon Oct 04, 2010 11:51 pm
by mvs
Hi guys,
The Summitpost Bulk Uploader has been fixed. Server-side changes required a corresponding client-side change. The new version is 1.0.0.11, and you can get it here as usual.

Thanks to you guys who were using it and let me know. Sorry it took me a while to fix it! :)

Re: Summitpost Bulk Uploader bug/feature request thread

PostPosted: Sat Jan 15, 2011 1:02 pm
by mvs
Hi guys,
Josh Lewis pointed out that the Summitpost Bulk Uploader was broken for him. I identified the cause. It appears something changed in the server regarding url-rewriting or redirection. This broke my authentication feature, which wouldn't allow you to log in. I'm not sure how long the bug has been active (a month?), but it should have affected everyone. Anyway, the new version is available at the usual place (1.0.0.12).

Thanks for the help, Josh!
--Michael

Re: Summitpost Bulk Uploader bug/feature request thread

PostPosted: Sat Jan 15, 2011 8:40 pm
by Josh Lewis
Awesome! Now the tool is looking good! Works like a charm. Thanks MVS!

Re: Summitpost Bulk Uploader bug/feature request thread

PostPosted: Tue Oct 11, 2011 1:22 pm
by Marco Marinescu
Hey MVS, I just managed to get the tool eventually, I don't know what was the reason for it not working like that, but now It should be up and running, I'll just post any faults, or problems if they shall occur. Thank you.

Re: Summitpost Bulk Uploader bug/feature request thread

PostPosted: Mon Apr 08, 2013 11:48 am
by visentin
Hey Michael ! The link to the download is broken !