Attachment Approvals: Need for Faster Response Time

  • Thread starter Thread starter ehrenfest
  • Start date Start date
AI Thread Summary
The discussion centers on the need for faster attachment approval times on the forum, particularly for users with a high post count. Many participants suggest that users with 1000 posts or more should have automatic approval for attachments, or that more moderators should be granted this authority to expedite the process. However, concerns about security and the potential risks of allowing unrestricted uploads are raised, emphasizing the importance of scanning attachments for malware. Some propose that Homework Helpers and Science Advisors could be given the ability to approve attachments to improve efficiency. Overall, the conversation highlights the balance between convenience and security in managing user-uploaded content.
ehrenfest
Messages
2,001
Reaction score
1
I understand the need to prevent people from uploading explicit images and what-not, but I think I should get to upload attachment's without approvals after I hit 1000 posts, or at least more people should have the authority to approve attachments. I think it is wrong that I should have to wait more than a day to have my attachments approved.
 
Physics news on Phys.org
That's a good point.
 
We try to update attachments as soon as we see them. Although, some attachments that are questionable may be delayed.

If you need an attachment approved right away, you can use the "report post" button and request the attachment be approved. That will bring it immediately to our attention. Just be careful not to abuse the report button and use some discretion as to how long you've been waiting. I usually go in and check for attachments at least once a day, as do several other mentors.
 
But let's you're a member and have like 1000 posts. Couldn't there be a direct approval system made?

What causes an attachment to be questionable, besides the obvious?
 
I think that's a good suggestion. If we haven't banned you for spam or crackpottery by 500 or 1000 posts, it seems we can probably trust you to have automatic approval on your attachments.

For now, if a post sits with an unapproved attachment for more than half a day (that seems like a reasonable time for someone to notice it), feel free to send a PM to a mentor or report the post to request we approve the attachment. You shouldn't have to wait over a day for approval; that is too long.

(P.S., Your attachments are now approved.)
 
I think there might be a limit with how powers are granted.
 
We discussed this some among the Homework Helpers. Attachment approval is something of a problem in the homework forums, where typical response times are on the order of a couple hours, unless there's an attachment in the OP.

Automatic attachment approval for regulars would be sweet!
 
Or, alternatively, if HW Helpers and Science Advisors were allowed to approve attachments, it would probably speed up the response time. I'm not sure what the constraints are of the forum software, if it's possible to give people power to approve attachments without access to the other moderation tools, or if people can be put into a "regulars" user group once they've hit a certain post count that allowed automatic approval of attachments.
 
Moonbear said:
Or, alternatively, if HW Helpers and Science Advisors were allowed to approve attachments, it would probably speed up the response time.
We've hoped/asked for this before, if I recall correctly. I think it is time for more aggressive lobbying. :devil:
 
  • #10
If Greg can give attachment only approval to HH's I think it would be a great idea.
 
  • #11
Greg's on vacation right now, so won't be able to respond to this right away.
 
  • #12
It sounds like a great idea, since pending attachments very often prevent certain problems in the Homework Forums from being solved, even if they are not really difficult for the helpers. I would be all for the "regular poster" idea or giving more people the ability to approve attachments.
 
Last edited:
  • #13
Meanwhile, use the Report Post button to draw attention to a unapproved attachment. It would not be a bad idea for the OP to report the post for approval immediately after posting .
 
  • #14
This is a Terrible Idea! Greg, Don't Do It!

ehrenfest said:
I understand the need to prevent people from uploading explicit images and what-not, but I think I should get to upload attachment's without approvals after I hit 1000 posts

PF moderators have no way of knowing how careful even a long-time poster is regarding computer security! I for one strongly urge PF to continue to insist on individually moderating images and other attachments, including scanning them for possible malware. This is very important!

Please recall that many popular "social networking" websites, including MySpace, LinkedIn, Facebook, Friendster, and Wikipedia, have experienced problems with phishers uploading dangerous malware which seriously affected at least some visitors. To mention only one item from a long long list of possible unintended consequences of the proposed change.

Decisions which affect security always involve a tradeoff between convenience, practicality, and security. IMO, security should remain a primary consideration for the maintainers of PF, particularly given evidence of the changing nature of criminal activity on the web which seems to indicate a trend toward targeting social networking sites.

(Since this discussion affords me a rare chance to say something nice about WP, I note that one reason why so few security problems with WP, e.g. compromise of non-public portions of the internal database, have hit the news is that Brion Vibber has been much careful about security than some other networking website admins have been. Another reason, less happy, is that even computer literature commentators generally seem to be badly confused by the complexity of WP's social and software structure.)

If PF should seriously consider changing its policy by allowing users to upload anything which could cause unprotected browsers to execute unexamined code, please announce the change well in advance and give concerned users the option of not only not revisiting PF, but of having their information wiped from the internal database before the change is implemented!
 
Last edited:
  • #15
That's a good point Chris. We make Moonbear open all of the suspicious links since she has a Mac.
 
  • #16
All Joking Aside...

:wink:

But seriously, while I do not use That Other Operating System, there are many very serious issues here. Compromising security is never something to do lightly, and if it were up to me, Greg and chroot would have regular discussions about reviewing and improving the security situation at PF, which would include tracking problems noted at other websites and corresponding with other admins.

I should probably point out that Macs are not immune to malware; see for example Macs seized by porn Trojan, 'First' Mac OS X Trojan sighted, and Virus dances onto Mac OS X from The Register. Likewise see Linux Malware On The Rise from InternetNews, Linux and Mac OS X get some love (?) from malware writers from Ars Technica, etc.

Everyone: I strongly urge that discussion of specific security concerns at PF be confined to PM for obvious reasons!
 
Last edited:
  • #17
Chris Hillman said:
:wink:

But seriously, while I do not use That Other Operating System, there are many very serious issues here. Compromising security is never something to do lightly, and if it were up to me, Greg and chroot would have regular discussions about reviewing and improving the security situation at PF, which would include tracking problems noted at other websites and corresponding with other admins.

Everyone: I strongly urge that discussion of specific security concerns at PF be confined to PM for obvious reasons!

Very Good Point Chris. I have to agree that giving regular users upload privileges would be a security risk. Obviously, I still think that something should be done with the approval delays. They really do affect the efficiency of the HH forums. Obviously, I don't think we can ask too much more of the mentors (Evo would eventually snap and start swinging fishes in other forums.:biggrin:)

I would still support giving the privilege to the Homework Helpers with one caveat. There is an issue with giving the privilege to that large a group. That is a lot more people that would have to be trusted with an important part of running the site. If Greg thinks this is possible and workable, then great, but if he doesn't I would understand his concern.
 
  • #18
Some suggested reading

I think a more reasonable suggestion would be to explore autoscanning of uploads by homework helpers whose IRL identities are known to Greg and chroot, using the latest scanning packages. But only after some careful checking that the new system is working as intended and only if regular checks are performed thereafter to ensure it hasn't been inadvertently broken by some unrelated upgrade.

I would be concerned about autoscanning generally because auto-anything provides a weakness which can often be exploited. Restricting autoscanning to uploads from a small and select group with the greatest need for the added convenience makes much better sense than enabling autoapproval of all uploads.

IMO, every effort should be made to minimize the chance of compromise of the internal database or of expositing PF visitors to the possibility that their browser will execute any unvetted code.

Here are some links to related new items from various on-line "techie" newsletters:

From the second Dark Reading item cited above, as an illustration of why we need to think this through before doing anything hasty:
Social networking sites don't collect the type of personal data big-time hackers crave -- social security numbers, credit-card numbers, and bank account data. But they could be used to stage an attack on that data.

Something to bear in mind when reading alerts from sources such as SANS is that many vendors not only have a motive for a certain amount of fear-mongering, but may be owned or at least unduly influenced by the Evil Giant; see for example http://www.linux.com/articles/54886 from linux.com. Similarly, techie newletters and even major media sources often turn out to have surprising ownership, which may cast doubt on the impartiality of their reporting. And those of you who have played with [http://wikiscanner.virgil.gr/]Wikiscanner[/url] will know that numerous BBC staffers have been caught slanting Wikipedia articles related to the BBC (or to colleagues).

Just to keep it all in perspective, here's some further food for thought from the Register. :rolleyes:
 
Last edited by a moderator:
  • #19
At this time there is not a function to give HH attachment approval rights. Whether we develop something is an idea I'll explore when I get back in town next week.
 
  • #20
Chris Hillman said:
PF moderators have no way of knowing how careful even a long-time poster is regarding computer security! I for one strongly urge PF to continue to insist on individually moderating images and other attachments, including scanning them for possible malware. This is very important!

Please recall that many popular "social networking" websites, including MySpace, LinkedIn, Facebook, Friendster, and Wikipedia, have experienced problems with phishers uploading dangerous malware which seriously affected at least some visitors. To mention only one item from a long long list of possible unintended consequences of the proposed change.

Decisions which affect security always involve a tradeoff between convenience, practicality, and security. IMO, security should remain a primary consideration for the maintainers of PF, particularly given evidence of the changing nature of criminal activity on the web which seems to indicate a trend toward targeting social networking sites.

(Since this discussion affords me a rare chance to say something nice about WP, I note that one reason why so few security problems with WP, e.g. compromise of non-public portions of the internal database, have hit the news is that Brion Vibber has been much careful about security than some other networking website admins have been. Another reason, less happy, is that even computer literature commentators generally seem to be badly confused by the complexity of WP's social and software structure.)

If PF should seriously consider changing its policy by allowing users to upload anything which could cause unprotected browsers to execute unexamined code, please announce the change well in advance and give concerned users the option of not only not revisiting PF, but of having their information wiped from the internal database before the change is implemented!

Excuse my ignorance about computer science, but I did not think that image-uploading was in any way a security issue in the sense that downloading an image could actually cause harm to your computer. I thought the main issue was with people uploading pornographic or otherwise explicit images, which is certainly a problem but is not really a threat to your operating system. If I understand your post correctly, then you are saying that merely downloading an image in a standard format such as jpg or bmp can damage my computer somehow. I was not aware of that, but again this is probably just ignorance.
 

Similar threads

Trouble viewing attachments
Replies
30
Views
2K
Suggestion Making an online digital library in PF
Replies
17
Views
2K
Membership Perk: Automatic Approval of Image Attachments
Replies
9
Views
2K
Suggestion Attachment pending approval
Replies
2
Views
2K
Why I don't like a well-meant response and what is wrong with it.
Replies
2
Views
1K
Calculations: Creep of Metals and the Life of a Rod
Replies
4
Views
2K
Praise My feedback, one month and half experience in PF so far
Replies
1
Views
3K
Image Theory for an Electric Dipole
Replies
14
Views
2K
How to Upload Images on PF
Replies
6
Views
3K
News US: Immediate free access to government-funded publications (2026+)
Replies
3
Views
1K

Hot Threads

Recent Insights

Back
Top