ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Gravatars Are Gone

    Announcements
    gravatar nodebb
    19
    45
    10929
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gjacobse
      gjacobse @scottalanmiller last edited by

      @scottalanmiller said in Gravatars Are Gone:

      Sorry everyone, but @aaronstuder discovered a vulnerability in the Gravatar plugin for NodeBB (our platform here) and we had to disable it. People had had their private emails exposed via the plugin. So we had to abandon that plugin. We are now using the local avatar functionality. I know that this is a pain but it does have some security benefits.

      Please take a moment to upload an avatar to your account and we will get everything back to normal. Sorry for the inconvenience. 😞

      But on a positive note, we got emojis back.

      😧

      And that is why I can't do programming... I get frustrated with that.. Fix one thing, break another,..But that is evolution to a degree.

      Thanks for figuring it out.

      1 Reply Last reply Reply Quote 0
      • DustinB3403
        DustinB3403 last edited by

        No problem, issues happen. Hopefully the damage isn't to bad.

        1 Reply Last reply Reply Quote 0
        • scottalanmiller
          scottalanmiller last edited by

          The resulting outage was fast. Just a couple of minutes of downtime. We got everything to the very latest patches while doing it, which probably is what fixed the emojis. We were up to date, but they release updates that aren't announced at times and don't change the version number, which is problematic.

          1 Reply Last reply Reply Quote 1
          • A
            Alex Sage last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • nadnerB
              nadnerB last edited by

              Nice catch @aaronstuder 🙂

              1 Reply Last reply Reply Quote 0
              • Deleted74295
                Deleted74295 Banned last edited by

                I have my face back without uploading a new image 🙂

                scottalanmiller 1 Reply Last reply Reply Quote 1
                • scottalanmiller
                  scottalanmiller @Deleted74295 last edited by

                  @Breffni-Potter said in Gravatars Are Gone:

                  I have my face back without uploading a new image 🙂

                  Magic

                  1 Reply Last reply Reply Quote 0
                  • bbigford
                    bbigford last edited by bbigford

                    Nobody ever screws up. It's inhuman to ever make a mistake.

                    Just kidding, I don't care that much. Shit happens. I think we're all smart enough to do multi factor authentication with email among other layers sooo we're good.

                    aaron-closed account 1 Reply Last reply Reply Quote 2
                    • Dashrender
                      Dashrender @scottalanmiller last edited by

                      @scottalanmiller said in Gravatars Are Gone:

                      But on a positive note, we got emojis back.

                      YEAH!! 😄

                      1 Reply Last reply Reply Quote 1
                      • dafyre
                        dafyre last edited by

                        Where is the vulnerability at? Is it in the NodeBB plugin or in Gravatar?

                        scottalanmiller 1 Reply Last reply Reply Quote 0
                        • scottalanmiller
                          scottalanmiller @dafyre last edited by

                          @dafyre said in Gravatars Are Gone:

                          Where is the vulnerability at? Is it in the NodeBB plugin or in Gravatar?

                          The plugin.

                          dafyre 1 Reply Last reply Reply Quote 0
                          • dafyre
                            dafyre @scottalanmiller last edited by

                            @scottalanmiller said in Gravatars Are Gone:

                            @dafyre said in Gravatars Are Gone:

                            Where is the vulnerability at? Is it in the NodeBB plugin or in Gravatar?

                            The plugin.

                            Cool. I'm assuming it has been reported?

                            scottalanmiller 1 Reply Last reply Reply Quote 0
                            • scottalanmiller
                              scottalanmiller @dafyre last edited by

                              @dafyre said in Gravatars Are Gone:

                              @scottalanmiller said in Gravatars Are Gone:

                              @dafyre said in Gravatars Are Gone:

                              Where is the vulnerability at? Is it in the NodeBB plugin or in Gravatar?

                              The plugin.

                              Cool. I'm assuming it has been reported?

                              Yes, and there was a PR issued within minutes and the plugin got pulled within a few hours. but we were already off of gravatar and it has caused so many issues (and complaints) that now that we made the leap off of it AND that we have CloudFlare, the value to keeping Gravatar seems low. So we are not going back down that path.

                              dafyre 1 Reply Last reply Reply Quote 2
                              • dafyre
                                dafyre @scottalanmiller last edited by

                                @scottalanmiller said in Gravatars Are Gone:

                                @dafyre said in Gravatars Are Gone:

                                @scottalanmiller said in Gravatars Are Gone:

                                @dafyre said in Gravatars Are Gone:

                                Where is the vulnerability at? Is it in the NodeBB plugin or in Gravatar?

                                The plugin.

                                Cool. I'm assuming it has been reported?

                                Yes, and there was a PR issued within minutes and the plugin got pulled within a few hours. but we were already off of gravatar and it has caused so many issues (and complaints) that now that we made the leap off of it AND that we have CloudFlare, the value to keeping Gravatar seems low. So we are not going back down that path.

                                Out of curiosity... How does Cloudflare help with that? Does it cache the images, etc?

                                scottalanmiller 1 Reply Last reply Reply Quote 0
                                • scottalanmiller
                                  scottalanmiller @dafyre last edited by

                                  @dafyre said in Gravatars Are Gone:

                                  Out of curiosity... How does Cloudflare help with that? Does it cache the images, etc?

                                  Yes, it acts as a content delivery network for the static content out in front of the "real" server and it caches globally so people get the image content from local servers with low latency and high bandwidth instead of pulling it all from the single site in New York. So it lowers the load on the server while providing a better experience for the end users. Gravatar does the same kind of thing, it is a content delivery network, but CF does it better and more easily and is a bigger scale so it all works out well.

                                  1 Reply Last reply Reply Quote 1
                                  • dafyre
                                    dafyre last edited by

                                    I've noticed a marked improvement this morning. I was AFK over the weekend and didn't get to fumble around as much as usual.

                                    scottalanmiller 1 Reply Last reply Reply Quote 1
                                    • scottalanmiller
                                      scottalanmiller @dafyre last edited by

                                      @dafyre said in Gravatars Are Gone:

                                      I've noticed a marked improvement this morning. I was AFK over the weekend and didn't get to fumble around as much as usual.

                                      The CF cache has warmed up which is helping.

                                      1 Reply Last reply Reply Quote 0
                                      • IRJ
                                        IRJ last edited by

                                        test

                                        dafyre 1 Reply Last reply Reply Quote 0
                                        • dafyre
                                          dafyre @IRJ last edited by

                                          @IRJ said in Gravatars Are Gone:

                                          test

                                          You.... shall not.... pass!

                                          1 Reply Last reply Reply Quote 0
                                          • aaron-closed account
                                            aaron-closed account Banned @bbigford last edited by

                                            This post is deleted!
                                            A 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post