[X] My Assistant

It is on my Firefox.

It isn't in Opera.

after the doggie bag archives no more
i cnt download anymore

its kulled "Archive Download" nao, possably too make it les confusin phoar... peopleses liek ewe.

Could we have progress bars for upload status?

Could we have progress bars for upload status?

Apparently not.

Don't know if it's been suggested or if it might arleady exist, but what about adding a way to exclude tags when searching. For instance, some anime series have a higher amount of yaoi, so maybe someone searching would like to exclude all the yaoi results by putting "!yaoi" in their search bar or adding an exclude field to the advanced search.

Don't know if it's been suggested or if it might arleady exist, but what about adding a way to exclude tags when searching. For instance, some anime series have a higher amount of yaoi, so maybe someone searching would like to exclude all the yaoi results by putting "!yaoi" in their search bar or adding an exclude field to the advanced search.

Try -yaoi . It's same in every web search...

Could we have a secure login page to avoid sending our passwords unencrypted whenever we log into EH ? Using HTTPS seems to be the best solution from the user side (especially if we can then browse the whole website through HTTPS), but maybe an HMAC scheme (using JS) will be secure enough.

I know I could create a secure tunnel to a trusted network, and connect to EH through that tunnel, but it isn't always possible to create the tunnel depending on the network you're connecting from (and also if your trusted network is partially banned from EH (IMG:[invalid] style_emoticons/default/rolleyes.gif)).

Could we have progress bars for upload status?

Apparently not.

Actually, now that both Firefox and Chrome support the "file" input type, such a feature could probably be implemented (without needing to patch PHP). There's a project [code.google.com] here trying to create a library that works with any browser (though the accuracy of the progress bar will depend on the browser features).

Could we have a secure login page to avoid sending our passwords unencrypted whenever we log into EH ? Using HTTPS seems to be the best solution from the user side (especially if we can then browse the whole website through HTTPS), but maybe an HMAC scheme (using JS) will be secure enough.

I have considered offering HTTPS, but there are a few problems with doing so, some trivial and others less so. Just doing it on the login page isn't too hard, except that you'd need it both on the forums and on the "bounce" page. Meaning I'd have to get either an expensive wildcard certificate or maintain several certificates.

Extending it to Galleries or Classic would be either a complete bitch, or spam you with mixed mode errors. I'd have to set up SSL and certificates on all the thumbnail and image servers to avoid the latter, and the H@H network would not be usable unless all clients have a) two ports and b) their own certificate - nor would it be compatible for use as a proxy.

Essentially, I'm not sure it's worth the effort.

Actually, now that both Firefox and Chrome support the "file" input type, such a feature could probably be implemented (without needing to patch PHP). There's a project [code.google.com] here trying to create a library that works with any browser (though the accuracy of the progress bar will depend on the browser features).

Thanks, I'll keep an eye on that.

I find something weird whenever I view the current toplist ranking for any of my galleries. When a gallery appears not to be in the top 10,000 for a given toplist, no ranking is given, and instead a message reading "Not currently Top 1000"
Is this something commonly known that would be too difficult to fix?

Essentially, I'm not sure it's worth the effort.

That's why I mentioned the [en.wikipedia.org] HMAC solution which is easy to implement and can still protect the credentials without the need to buy a certificate. It will probably be unimplementable on the forum without patching the IPB source code, but if there's at least one webpage which allows us to log in securely to the EH realm (the bounce page for instance), then it will still be better than nothing (IMG:[invalid] style_emoticons/default/smile.gif)

Feature that allows users to subtract power from expunges, rather than waiting for the gallery to be expunged and then de-expunging.

Meaning I'd have to get either an expensive wildcard certificate or maintain several certificates.

Cacert.org... Expensive? The caveat being that the users here would get an annoying pop-up because they need to add cacert to their trusted authorities. Though, cacert might be in firefox's already. I can't really remember right now (IMG:[invalid] style_emoticons/default/smile.gif)


*editted because I'm too stupid to type properly when I first wake up.

This post has been edited by areth: Jul 1 2010, 20:32

Yeeeeah, certificates from an untrusted root authority? Those are worthless, as far as security goes, as anyone could spoof them as a signing authority and perform a MITM attack with only slightly more complexity than eavesdropping on the unencrypted stream.

In that case, I'd rather sign my own.

Yeeeeah, certificates from an untrusted root authority? Those are worthless, as far as security goes, as anyone could spoof them as a signing authority and perform a MITM attack with only slightly more complexity than eavesdropping on the unencrypted stream.

Certificates from so called "trusted" root authority [www.eff.org] aren't better anyway (IMG:[invalid] style_emoticons/default/sad.gif)

Certificates from so called "trusted" root authority [www.eff.org] aren't better anyway (IMG:[invalid] style_emoticons/default/sad.gif)

Yeah, I've suspected that they have that capability. At the very least, if a signing authority is based in the same country as the government in question, they could easily demand the signing keys and issue a gag order preventing them from telling anyone. And that's assuming the signing keys aren't shared per default.

But in terms of securing a connection from a third-party snooper, it's still a step up - the only ones capable of spoofing a valid certificate would be the people who have access to the signing keys for some trusted authority. This is unlike a non-trusted root authority which can pretty much be spoofed by anyone. And unless you're planning to blow up a building, I somehow doubt that these governments want to risk divulging that they have the capability to intercept encrypted connections.

It is a bit suspect that the export restrictions on encryption were suddenly removed, innit? If you trust your communications to something you think is safe, but a hostile entity has the keys to the backdoor, well..

Feature that allows users to subtract power from expunges, rather than waiting for the gallery to be expunged and then de-expunging.

For what it is worth, petitions that do not reach 100%+ after a number of days (is it 10? I can't remember) and get wiped from the gallery, and users can subtract their own petitions. Also, de-expunging can happen any time, as it is a tool to wipe expunges regardless of the percentage amount. So unless the petition succeeds they go away after some time, and getting a bunch of people to vote down expunges is more work than letting it wipe itself.

Hmm. In their defense, CACert does have checks to make sure that you have ownership or control over the domain in question. As for 'trusted' authorities... Well, 'nuff said.
However, a lot of users would get scared because of the acceptance dialog anyway, and self-signing is easy, so there is that...

When a gallery is updated, stars, templates and comments are moved. What is not is favorites and rename/expunge votes. Shouldn't they be moved as well (perhaps not the expunges, as the new gallery can be fixing the problems of the old, but the rest?)

On the other hand, torrents are moved as well - which is a problem, as they are almost guaranteed NOT to represent the updated gallery.

This post has been edited by Red_Piotrus: Jul 2 2010, 12:43

And unless you're planning to blow up a building, I somehow doubt that these governments want to risk divulging that they have the capability to intercept encrypted connections.

I'm sure they can also risk that with complete impunity in the name of the child porn hunt (most people in that board know that lolicon/shotacon shouldn't be associated with child porn, but it probably comes from a reflection that most people won't bother to do).

But you're right, trusted root authorities limit the number of potential attackers. I'd rather trust a self-signed certificate from you for EH though (but I guess educating people about why their browsers are whining about the validity of the CA would probably take too much effort) ...

But you're right, trusted root authorities limit the number of potential attackers. I'd rather trust a self-signed certificate from you for EH though (but I guess educating people about why their browsers are whining about the validity of the CA would probably take too much effort) ...

Here's the kicker, though. How can you know that the self-signed certificate from me is really from me? That someone hasn't stuck a box between the E-H servers and yourself, and replaced it with a different certificate? There's no way to ensure the authenticity of the certificate in question unless it's signed by another, trusted, certificate.

In order to understand recursion, you must first understand recursion. (IMG:[invalid] style_emoticons/default/smile.gif)

Here's the kicker, though. How can you know that the self-signed certificate from me is really from me?

Me, personally ? Well, as soon as you'll publish your very first self-signed certificate, I'll be able to recognize your CA, and say when it'll be spoofed (IMG:[invalid] style_emoticons/default/smile.gif) But yeah, other new users that might come after the certificate has been spoofed won't be able to detect anything. Errr ... ok ok, browsers are right when they warn about error because of certificates signed by an unknown CA (IMG:[invalid] style_emoticons/default/dry.gif)