With user script installation it’s good to have a notice that you’re installing something that changes the behavior of the browser. Otherwise without any message, and one-click installation possible a malicious script could be installed without permission by just clicking any link on the web. They need to at least ask ‘Are you sure you want to install a user script?’, and at that point they might as well mention there are possible security considerations if you have a malicious script. But without a human reading it and determining what it does there isn’t any way they can say that it is or isn’t malicious but just to be aware that it could be.
Unlike facebook apps and whatnot, scripts are wide open and able to be read by everyone. The SDMB Avatar script is simple and even non-programmers can pretty much understand what it does by just reading it. Anyone with even a modicum of scripting knowledge can quickly determine it is safe. So a malicious user script is possible but it won’t make it very far due to that transparency in the code. What goes on behind the scenes at Facebook is another question.
Imgur (http://www.imgur.com) is a fairly reliable image upload/remote hosting service that doesn’t require an account. It’s the go-to image host for Reddit users.
EDIT: I found one bug with the script. Links to images on other vBulletin-based message boards will display as images.
I wasn’t really worried about it since it was made by SDMBers and I did read the script just becasue I wanted to see if I remembered any info from high school when we made scripts for our calculaters back in '95. A couple things looked familiar.
Do you mean “will display as images [other than those that were linked to]”?
Normally you’d want images to display as images, but I’m guessing you mean they return some “remote image linking not allowed” image, which is understandable. Other than sites specifically intended for linking to images most others don’t appreciate it. It uses their bandwidth without increasing direct visitors to their sites.
I noticed my installation was set to automatic update. That could represent an intriguing point of attack for crims from foreign lands and bridge dwellers at home with a habit of breaking into less than airtight servers. Of course they would presumably be attracted to distributed code with a larger set of users.
I don’t know what you mean exactly. It may be that your browser was offering you an automatic update. From what I’ve seen so far when installing SDMB Avatars in Chrome you get a message that you are installing a user script and in FF you get a message that you are installing a user script. Userscripts.org does have a means of offering automatic updates of user scripts but the SDMB script doesn’t make use of it.
Depending on what you mean, well I don’t know what you mean so I can’t really address this concern. Individual users going to a link specifically to get a user script probably won’t worry too much about the security alert but I don’t see how it presents an opportunity for ‘attack’ beyond any that exists in the nature of using computers and the internet in general.
Ok. I don’t know whether that setting could be changed or not.
By default Greasemonkey enables automatic checking for updates of scripts and automatic installation of the same. Here are some screen grabs: http://wm40.inbox.com/thumbs/5b_130b63_9ea3ca81_oP.png.thumb
Those options can be unchecked. I see that there’s a box that says “Require secure updates”.
Ah, I thought you were describing an alert message you received while installing the SDMB script. That is a setting within Greasemonkey itself. Even though GM has a feature to make it easy to do, the script itself still needs to be written with auto-updating in mind, at least as far as I can tell from this blog postabout the feature.
This is looking great for me at home. Can’t do it at work but that’s okay. Welcome to the 21st century, SDMB (even if done by haxxing and not adminning).
An updated version of the SDMB Avatar script is available here.
This release includes 2 new optional features:
Ability to specify a default avatar to display for all posters that don’t have an avatar specified.
Ability to set an avatar to display for any poster who has been banned.
Thanks to **cmyk **for the feature requests, and **ntucker **for doing most of the work. They are both good ideas (personally I prefer not to have a default avatar for all users without avatars, but I did set up a ‘banned’ avatar for banned posters.) This screenshot demonstrates the new features in use. It shows, in order of appearance, a poster with no avatar specified displaying a ‘default’ avatar, a poster who has added the ‘SDMB Avatar’ line to their profile, a banned poster, and a poster with a built-in profile avatar.
Additionally the comments have been cleaned up and instructions have been added for using these new features. There is no need to get the updated version unless you want to make use of these new features.
I mean links to images using the URL tag on other message boards; e.g. not the SDMB. Images linked with [noparse](image URL)[/noparse] will display as images, not remain as links to those images.
The script should not have any affect on sites other than the SDMB, but it does. This can be a problem because most sites have a one-click NSFW policy, rather than the two-click rule of the SDMB.
They are working fine for me too. Occasionally the CGI stops responding for short times but it’s usually back within minutes. During those times avatars linked from user’s profiles don’t load but custom-assigned avatars, default avatars and banned user avatars still do.
I PM’ed **ntucker **with some details about the occasional outages and he said he would look into it and do some logging on the server to see if he could identify any problem there. That was several days ago and I haven’t noticed any outages in recent days.
It just came to my attention that I included a typo in the latest release that would case the custom-assigned avatars to fail. There is now a corrected copy at the link above, or to fix it directly just make the following edit to your existing script:
if(username in CustomAvatars) imageurl =** customavatars**[username];
Should be changed to:
if(username in CustomAvatars) imageurl = **CustomAvatars**[username];
“customavatars” should be changed to “CustomAvatars”
Would it be possible to break this out into its own thread, or rename the current thread (something like “Want avatars? Here’s a script” or something) because I’ve been avoiding this thread on the grounds that I am tired unto death of the ongoing avatars/no avatars fight.
I think it’s a good idea. I wasn’t sure if it should be an ATMB thread or not. **PlainJain **if you start one up I will add a post with all the details (installing, configuring, etc.) one time in that thread too.
It might be a good idea to specify in the OP that the new thread is for discussion of the SDMB Avatar script and not for debating the merits of avatars in general or asking TPTB to enable them board-wide.
