Re: [Inkscape-docs] welcome new moderator, and discuss PDFs

2018-03-10 Thread Martin Owens 
On Sat, 2018-03-10 at 19:04 -0700, brynn wrote:
> 
> Any reason not to use that?

I can't say, as a Linux user for a very long time, this is outside my
expertise. 😃

Martin,

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Inkscape-docs mailing list
Inkscape-docs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/inkscape-docs

Re: [Inkscape-docs] welcome new moderator, and discuss PDFs

2018-03-10 Thread Abdur-Rahmaan Janhangeer 
yes, as it is not common, spending time on it is not that urgent.

Abdur-Rahmaan Janhangeer
https://github.com/abdur-rahmaanj/

On Thu, 8 Mar 2018, 05:30 brynn,  wrote:

> Hi Fellow Moderators!
> Welcome to our newest moderator, Abdur-Rahmaan Janhangeer.  Now
> with 6
> moderators, 3 of which are able visit on almost daily basis, I'm starting
> to
> feel like the system is really able to meet its potential.
>
> (Fyi Everyone, JAKE is now Panda.)
>
> I'd also like to discuss a moderation issue regarding PDFs.  There
> was a
> recent image, I think it was the map of Europe, uploaded as a PDF.  One
> comment
> which was posted, along with a vote to delete, was "pdf can contain
> viruses or
> get your ip on opening".
>
> While I understand that potentially can happen, PDF is an
> acceptable
> format for uploaded resources (whether image or text) in the gallery.  So
> we
> can't delete them only because they are PDFs.
>
> However, since their contents are not displayed, we must open
> them, to
> find out if they meet the CoC guidlines.  What would be the best way to
> get a
> look at the contents, without risking our  personal privacy and/or
> security?
>
> I'm thinking we should download and run our local security scans,
> before
> opening.  (Or I suppose there are some free online scanners.  Don't have
> any
> links right offhand though.)  Does anyone know of a better, possibly  less
> time
> consuming (and memory eating) way to get a safe look at the contents?
>
> All best,
> brynn
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Inkscape-docs mailing list
Inkscape-docs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/inkscape-docs

Re: [Inkscape-docs] welcome new moderator, and discuss PDFs

2018-03-10 Thread brynn 

Yes, I agree, they are very small in number, presently.


More load on the server wouldn't be good. But I am thinking of ways to

protect the user, if pdfs are this small in number then we could check
them all manually.

No, that's what I meant -- that moderators could do it manually, as long as the 
numbers stay low.  Maybe someday, we have some server side scan.


But for now, is there any way to check PDFs, without having to download them?

Ok, I found this:  https://virusdesk.kaspersky.com/
I've heard of kapersky forever.  So you just copy the link to the PDF, and paste 
it in the field.  (Or there's a drag and drop option.)  Then just click Scan 
button.  If it's says "safe", then it will be safe to open with your PDF viewer, 
to see what's in there.


Any reason not to use that?

Thanks,
brynn


-Original Message- 
From: Martin Owens

Sent: Saturday, March 10, 2018 3:53 PM
To: brynn ; Inkscape-Docs
Cc: Abdur-Rahmaan Janhangeer ; die humblex
Subject: Re: welcome new moderator, and discuss PDFs

Hi Brynn,


But I guess it's something like scanning the file before it actually
uploads?


This isn't at issue at the moment, but we should be aware of it for the
future.


I suppose it might be more convenient to copy the PDF and take to a
free online  scanner (rather than moderators downloading them).


More load on the server wouldn't be good. But I am thinking of ways to
protect the user, if pdfs are this small in number then we could check
them all manually.


I mean, for that matter, I think the same thing is true for SVGs,
isn't it?
They can contain scripts which could potentially be malicious,
right?  I wonder
if there is some server side scanner which could automatically check
all
uploads?


No, we don't host svg images to users like that. There's a flag that
allows us to embed them IF we trust the contents. But it's only used by
the admins for certain svg files that's we've checked out first.

Browsers will naturally protect users from non-embeded svg files and
should be protecting users from pdf files too.

Unless we know we're getting viruses because we're checking files
manually, I say we wait until we have a problem. We can always pause
the quota to pause uploads while we get a solution put together when
that day comes.

Best Regards, Martin Owens 



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Inkscape-docs mailing list
Inkscape-docs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/inkscape-docs

Re: [Inkscape-docs] welcome new moderator, and discuss PDFs

2018-03-10 Thread Martin Owens 
Hi Brynn,

> But I guess it's something like scanning the file before it actually
> uploads?

This isn't at issue at the moment, but we should be aware of it for the
future.

> I suppose it might be more convenient to copy the PDF and take to a
> free online  scanner (rather than moderators downloading them).

More load on the server wouldn't be good. But I am thinking of ways to
protect the user, if pdfs are this small in number then we could check
them all manually.

> I mean, for that matter, I think the same thing is true for SVGs,
> isn't it? 
> They can contain scripts which could potentially be malicious,
> right?  I wonder 
> if there is some server side scanner which could automatically check
> all 
> uploads?

No, we don't host svg images to users like that. There's a flag that
allows us to embed them IF we trust the contents. But it's only used by
the admins for certain svg files that's we've checked out first.

Browsers will naturally protect users from non-embeded svg files and
should be protecting users from pdf files too.

Unless we know we're getting viruses because we're checking files
manually, I say we wait until we have a problem. We can always pause
the quota to pause uploads while we get a solution put together when
that day comes.

Best Regards, Martin Owens

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Inkscape-docs mailing list
Inkscape-docs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/inkscape-docs

Re: [Inkscape-docs] welcome new moderator, and discuss PDFs

2018-03-10 Thread brynn 
Well, I'd say currently, PDF's are not very commonly uploaded.  I wouldn't want 
to take a lot of your time on this, especially if it's not a perfect solution.


I'm not sure what Abdur-Rahmaan means about

though as a programmer i'm sometimes wary of pdfs, i think a system like 
google drive which checks before downloading might work ok (we'll check on 
uploading).

or a serverside check on back-end maybe if a trusted one exists.

But I guess it's something like scanning the file before it actually uploads?

I suppose it might be more convenient to copy the PDF and take to a free online 
scanner (rather than moderators downloading them).


Does anyone know a reliable free online malware scanner?  Or other ideas? 
Should I copy this to the Devel list, for more comments?


I mean, for that matter, I think the same thing is true for SVGs, isn't it? 
They can contain scripts which could potentially be malicious, right?  I wonder 
if there is some server side scanner which could automatically check all 
uploads?


brynn

-Original Message- 
From: Martin Owens

Sent: Wednesday, March 07, 2018 7:18 PM
To: brynn ; Inkscape-Docs
Cc: Abdur-Rahmaan Janhangeer ; die humblex
Subject: Re: welcome new moderator, and discuss PDFs

It's possible to convert a pdf to an image on the webserver to aid with
the problem. Wouldn't be a completely proof solution, but would help.

If this seems like it would be urgently need, I can spend some time on
it.

Best Regards, Martin Owens

On Wed, 2018-03-07 at 18:30 -0700, brynn wrote:

Hi Fellow Moderators!
Welcome to our newest moderator, Abdur-Rahmaan
Janhangeer.  Now with 6
moderators, 3 of which are able visit on almost daily basis, I'm
starting to
feel like the system is really able to meet its potential.

(Fyi Everyone, JAKE is now Panda.)

I'd also like to discuss a moderation issue regarding
PDFs.  There was a
recent image, I think it was the map of Europe, uploaded as a
PDF.  One comment
which was posted, along with a vote to delete, was "pdf can contain
viruses or
get your ip on opening".

While I understand that potentially can happen, PDF is an
acceptable
format for uploaded resources (whether image or text) in the
gallery.  So we
can't delete them only because they are PDFs.

However, since their contents are not displayed, we must open
them, to
find out if they meet the CoC guidlines.  What would be the best way
to get a
look at the contents, without risking our  personal privacy and/or
security?

I'm thinking we should download and run our local security
scans, before
opening.  (Or I suppose there are some free online scanners.  Don't
have any
links right offhand though.)  Does anyone know of a better,
possibly  less time
consuming (and memory eating) way to get a safe look at the contents?

All best,
brynn




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Inkscape-docs mailing list
Inkscape-docs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/inkscape-docs

Re: [Inkscape-docs] welcome new moderator, and discuss PDFs

2018-03-07 Thread Abdur-Rahmaan Janhangeer 
though as a programmer i'm sometimes wary of pdfs, i think a system like
google drive which checks before downloading might work ok (we'll check on
uploading).

or a serverside check on back-end maybe if a trusted one exists.


Garanti
sans virus. www.avast.com

<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

On Thu, Mar 8, 2018 at 5:30 AM, brynn  wrote:

> Hi Fellow Moderators!
>Welcome to our newest moderator, Abdur-Rahmaan Janhangeer.  Now
> with 6 moderators, 3 of which are able visit on almost daily basis, I'm
> starting to feel like the system is really able to meet its potential.
>
>(Fyi Everyone, JAKE is now Panda.)
>
>I'd also like to discuss a moderation issue regarding PDFs.  There
> was a recent image, I think it was the map of Europe, uploaded as a PDF.
> One comment which was posted, along with a vote to delete, was "pdf can
> contain viruses or get your ip on opening".
>
>While I understand that potentially can happen, PDF is an
> acceptable format for uploaded resources (whether image or text) in the
> gallery.  So we can't delete them only because they are PDFs.
>
>However, since their contents are not displayed, we must open them,
> to find out if they meet the CoC guidlines.  What would be the best way to
> get a look at the contents, without risking our  personal privacy and/or
> security?
>
>I'm thinking we should download and run our local security scans,
> before opening.  (Or I suppose there are some free online scanners.  Don't
> have any links right offhand though.)  Does anyone know of a better,
> possibly  less time consuming (and memory eating) way to get a safe look at
> the contents?
>
> All best,
> brynn
>



-- 
Abdur-Rahmaan Janhangeer
https://github.com/Abdur-rahmaanJ
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Inkscape-docs mailing list
Inkscape-docs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/inkscape-docs

Re: [Inkscape-docs] welcome new moderator, and discuss PDFs

2018-03-07 Thread Martin Owens 
It's possible to convert a pdf to an image on the webserver to aid with
the problem. Wouldn't be a completely proof solution, but would help.

If this seems like it would be urgently need, I can spend some time on
it.

Best Regards, Martin Owens

On Wed, 2018-03-07 at 18:30 -0700, brynn wrote:
> Hi Fellow Moderators!
> Welcome to our newest moderator, Abdur-Rahmaan
> Janhangeer.  Now with 6 
> moderators, 3 of which are able visit on almost daily basis, I'm
> starting to 
> feel like the system is really able to meet its potential.
> 
> (Fyi Everyone, JAKE is now Panda.)
> 
> I'd also like to discuss a moderation issue regarding
> PDFs.  There was a 
> recent image, I think it was the map of Europe, uploaded as a
> PDF.  One comment 
> which was posted, along with a vote to delete, was "pdf can contain
> viruses or 
> get your ip on opening".
> 
> While I understand that potentially can happen, PDF is an
> acceptable 
> format for uploaded resources (whether image or text) in the
> gallery.  So we 
> can't delete them only because they are PDFs.
> 
> However, since their contents are not displayed, we must open
> them, to 
> find out if they meet the CoC guidlines.  What would be the best way
> to get a 
> look at the contents, without risking our  personal privacy and/or
> security?
> 
> I'm thinking we should download and run our local security
> scans, before 
> opening.  (Or I suppose there are some free online scanners.  Don't
> have any 
> links right offhand though.)  Does anyone know of a better,
> possibly  less time 
> consuming (and memory eating) way to get a safe look at the contents?
> 
> All best,
> brynn 
> 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Inkscape-docs mailing list
Inkscape-docs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/inkscape-docs

[Inkscape-docs] welcome new moderator, and discuss PDFs

2018-03-07 Thread brynn 

Hi Fellow Moderators!
   Welcome to our newest moderator, Abdur-Rahmaan Janhangeer.  Now with 6 
moderators, 3 of which are able visit on almost daily basis, I'm starting to 
feel like the system is really able to meet its potential.


   (Fyi Everyone, JAKE is now Panda.)

   I'd also like to discuss a moderation issue regarding PDFs.  There was a 
recent image, I think it was the map of Europe, uploaded as a PDF.  One comment 
which was posted, along with a vote to delete, was "pdf can contain viruses or 
get your ip on opening".


   While I understand that potentially can happen, PDF is an acceptable 
format for uploaded resources (whether image or text) in the gallery.  So we 
can't delete them only because they are PDFs.


   However, since their contents are not displayed, we must open them, to 
find out if they meet the CoC guidlines.  What would be the best way to get a 
look at the contents, without risking our  personal privacy and/or security?


   I'm thinking we should download and run our local security scans, before 
opening.  (Or I suppose there are some free online scanners.  Don't have any 
links right offhand though.)  Does anyone know of a better, possibly  less time 
consuming (and memory eating) way to get a safe look at the contents?


All best,
brynn 



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Inkscape-docs mailing list
Inkscape-docs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/inkscape-docs