A more (or less) new form of exploit has just been published [1]. By appending
a Java-Archive (JAR) file to an Image file (JPG/GIF) a hybrid file can be
created which will validate as both a valid JAR and a valid image.
The file can be uploaded to an image host and included as a Java-Applet on any
page on any host. The applet will have privileges to connect back to the
originating host and operate with all the account holders privileges.
Commons seems to be a target for such an attack. Upload is easy, although I'm
not to sure about the damage potential. I suppose if an administrators
account would get compromised an applet could be manufactured to mass delete
content or mass block users.
Anyhow. I was just surprised that nobody posted this already.
[1]
http://www.infoworld.com/article/08/08/01/A_photo_that_can_steal_your_onlin…
--
[[en:User:Dschwen]]
[[de:Benutzer:Dschwen]]
[[commons:User:Dschwen]]
> > Sending this on to wikitech-l so the devs can comment on it.
>
> Replied on commons-l and fixed for default MediaWiki installations in
> r39203.
What did you fix? Nothing on the Wikimedia servers, right? Because I have now
confirmed, that the applet can be made into originating from commons using
Special:FilePath and it can connect back to commons (that involved uploading
a new version of my gifar).
http://toolserver.org/~dschwen/test.html
(the second applet loads user.gif from commons.wikimedia.org)
Hi all,
I am happy to announce that Round 1 of the Philip Greenspun
illustration project (PGIP) is now open. The request list is published
here: <http://meta.wikimedia.org/wiki/Philip_Greenspun_illustration_project/Round_…>
It will run for two months. Then in conjunction with Cary and Erik we
will assess how Round 1 went, adjust as necessary and (with any luck
:)) carry on with Round 2.
In case you are wondering "What is PGIP?", it's a project that was
enabled by a donation of Philip Greenspun to the Wikimedia Foundation
for the purpose of creating illustrations. The original community
announcement by Cary was here
<http://lists.wikimedia.org/pipermail/foundation-l/2007-November/034531.html>
and the central place for all PGIP info has been on meta, here:
<http://meta.wikimedia.org/wiki/Philip_Greenspun_illustration_project>
So basically it's 1) collect requests for illustrations and 2) pay
people to make them.
If you are interested in the project and/or interested in creating
illustrations, please join the mailing list:
<https://lists.wikimedia.org/mailman/listinfo/greenspun-illustrations>
and please also check out the information on meta.
If you are wondering why it took like ten months, I wrote a bit of an
explanation here.
<http://meta.wikimedia.org/wiki/Talk:Philip_Greenspun_illustration_project/R….>
I will probably have more to say over the next couple of weeks about
ways people can help. For now, I'd just like your help spreading the
word to any illustrators you know that might not have heard of this
project yet.
thanks,
Brianna
user:pfctdayelise
--
They've just been waiting in a mountain for the right moment:
http://modernthings.org/
Semen2.jpg file was deleted by Szczepan1990 after a community vote,
initiated on June 23rd.:
http://commons.wikimedia.org/wiki/Commons:Deletion_requests/Image:Semen2.jpg
In a few hours' after the deletion, a user initiated an undeletion
request and despite a few voices pro and one heavy opposition (and not
even a word of comment to add to that), the file was undeleted after 20
hours (!). I broke the vote back to the previous status, because of his
doubts over the process. After revert file was undeleted again and
ShakataGaNai blocked me for a week.
Such files are very delicate in terms of building a (preferably
positive!) image of the project, i think. If a user (Richiex,
http://commons.wikimedia.org/wiki/User:Richiex) converts Commons into a
self-pseudo-pornographic picture gallery with own private parts, this
calls for immediate reaction. Additionally, files that have their
equivalents of a better quality ought to be removed in my opinion. If
my statement is called vandalism... Multichill wrote in my talk: "Dear
Szwedzki, please see the deletion guidelines. You deleted several
pictures which are in use at wikipedia articles so clearly in
Commons:Scope.". Oh yeah: "Private image collections and the like are
generally not wanted. Wikimedia Commons is not a web host for e.g.
private party photos, self-created artwork without educational purpose
and such. There are plenty of other projects in the Internet you can
use for such a purpose, like Flickr and others."
regards
szwedzki
http://commons.wikimedia.org/wiki/User:Szwedzki
Dear everyone.
I am in possession of a book, "The University of Glasgow Old and New".
(Partial details:
http://special.lib.gla.ac.uk/exhibns/month/july2008.html). My copy is
#22 of 50, I believe there was also a cheaper edition of 150
or 250. I really want to make this available to Wikipedia, but need help:
The book is relatively tightly bound, and the spine gets in the way of the
scanner. I need someone with either a scanner that doesn't have a one-inch
bit of plastic between the scanner bed and the edge of the scanner, thus
cutting off the photos, or a photographer able to take high-quality photos
of the photos.
I would also like to donate copies of some very large (A0 and A1) medical
posters, from the series "Supplement to the Anatomy of Labour". These are a
bit delicate, though not ridiculously so, but I'd be uncomfortable running
them through a strip scanner. If someone has a sufficiently large flatbed,
or can take photos of them, let's do this.
Please help, I've been trying to get these to Wikipedia for 6 months now.
Thank you,
Adam Cuerden
Posting here as sometimes the admin noticeboard seems a bit too quiet...
I've seen comments that this is happening more frequently now, where
[[User:Foo]] will suddenly say, "I withdraw release/copyrights/permission/I
just want all these 20-100+ images removed from Commons". I had one that I
reverted on 10 or so images the other day where the uploader wanted
images--good ones at that--from 2006 deleted because Google was indexing
them on Commons. They were all images of random streets in another country.
Should the upload forms be more clear/explicit and politely in-your-face
that once material is released under copyleft/GFDL, you can't technically
undo that?
- Joe
The Ubuntu Free Culture Showcase is looking for content, see
<https://wiki.ubuntu.com/UbuntuFreeCultureShowcase>
The want to "show off free culture artists" and want audio and video under
CC-BY-SA - I'm not sure we have much to offer them (do we?), but I suppose we'd
be interested in at least of some of the submittions. So... maybe we could
strike up some sort of collaboration? A Project on commons to
make/collect/suggest content for them? Or ask them to tell people about commons?
I'm wondering if the content they want is really stuff we don't want (your
neighbours garage band), or maybe stuff that could be extremely usefull to use
("example of a trumpet solo")? what do you think?
-- Daniel
PS: I think they could showcase a collection of backdrops and screensaver images
from commons, btw :)
Problem:
* > 2 million iPhone users
* built-in camera plus "always-on" network connection = ideal Commons
shoot-and-upload tool
* but : upload to Commons from iPhone doesn't work (can't chose local
file on iPhone)
However: You can email photos you have taken quite easily. Should we
establish some service around that?
Like:
* log into Commons (once)
* mail image from iPhone to selfupload(a)commons.wikimedia.org (or whatever)
* get emailed back a URL with your (temporary) file in a form, pre-filled:
** File name is title of your mail
** Description is the body of your mail
** GFDL and CC-BY-SA-3.0 chosen (self-made)
** Author field is a link to your user name (you're logged in, after all)
** Date is extracted from EXIF data
** Coordinates are pre-filled if you had the iPhone add the GPS data
** OTRS can be automatically filed and added to the form
Would also be useful for non-iPhone uploads...
Magnus
