If you run a forum, social platform, or any site where people can set external avatars or media, you’ve probably considered letting them use external media sources like Imgur or Gravatar. It’s convenient, has no storage costs, and is quite simple. But there is a downside: the external (source) has absolute control of your site content and may have access to your user's private information.

Available user information:

• IP Address: The media source can log the IP address of every person who loads the image or video. This could reveal approximate geographic location like the person country, city, or even the Internet Service Provider (ISP).
  
• User Agent: The browser version and operating system which helps external sources fingerprint user devices.
  
• Referrer URL: The page on your site where the media was loaded. This can expose user navigation patterns within your forum or site.
  

Stop trusting external media sources by default.

External media sources are a security and privacy concern. Site scripts (CMS, MyBB, etc) may only check the external media once. For example, when people set an external avatar through a URL. After this original verification, users or the source owner can change the content anytime.

The most secure and privacy-focused option is to only allow people to upload content and store it on your server. Controlling users media allows you to mitigate tracking, securing the original media content and availability. You will avoid breaking content in your site when external sources go offline, or they decide to block people (i.e: Imgur is blocked in some countries) or your server IP.

Still want to allow external sources?

If you still want to allow embedding external media content (e.g., for user convenience), you must mitigate the risks. Here are your options:

• Proxy external media content: proxy the user media (avatars or posted images) through your server. This allows you to constantly verify the media contents and avoid tracking.
  
• Hash and verify: Hash the original media content and verify it constantly to confirm that it matches the current media. If you discover the embedded media was tempered with, you may apply moderation policies for it in your site.
  
  
• Use Content Security Policies (CSP): Restrict media to trusted sources through a content security policy, limiting the source origin pool.
  

For medium to large sized sites, it is possible to leverage costs by using cloud storage or Pull CDN providers. You still would have control over your files when stored in the cloud and save some bandwidth when using CDN to cache media to reduce server load.

Don’t overcomplicate it: for most sites or small communities, proxying could be too complex a setup. Specially for limited and essential user media content like profile pictures or avatars. Just let users upload their avatars and store them locally in your server while setting reasonable limits like file sizes, image dimensions, or video quality.

For other heavy media where it is not feasible to allow users to upload, like videos, consider limiting embedding to trusted sources like YouTube or Wikipedia.

Originally published on ougcNetwork

Image by Freepik

Daniel Naroditsky, gran maestro de ajedrez estadounidense, falleció el 19 de octubre de 2025 a los 29 años.

Vladimir Kramnik, gran maestro y excampeón mundial de origen ruso, de 50 años, ha acusado a varios jugadores de hacer trampa desde 2023, sin evidencia, incluido Daniel Naroditsky.

Daniel Naroditsky fue víctima por más de 1 año de acusaciones sin fundamento y Vladimir Kramnik continúa insultando su habilidad incluso después de su irreparable perdida.

La popularidad de la IA permite que cualquier acuse a otro sin fundamento, destruyendo por completo su voluntad para crear y disfrutar la creatividad ajena.

https://c.org/ZNBT8SjxVm

Software erosion refers to the gradual decline in software performance over time, leading to obsolescence and the need for updates to sustain usability. It occurs due to continuous updates made to the software's operating environment. As software development costs increase, existing software extends its functional lifespan, resulting in frequent architectural changes.

Several causes contribute to software erosion. Unexpected changes in the operating system can make the software incompatible with the updated environment. The inability to restore software to its functional state, known as "onceability," is another factor. Additionally, specific components within the software may decay due to low usage frequency, and the failure of one component can lead to the failure of others with strong interdependencies.

Software erosion can be classified into inactive erosion and active erosion. Inactive erosion occurs when software usage decreases, making it unstable and unusable. As the operating environment changes, erosion becomes more likely. Active erosion, on the other hand, happens when software is continuously developed or updated without proper mitigation processes, which can also contribute to erosion.

However, continuous updates are necessary to address changing technology, user needs, capabilities, security, and unexpected issues. Software reengineering, which involves updating and maintaining software, is often impractical and leads to divergence from the original design, causing performance, maintenance, and quality problems. This deviation, known as software entropy, increases the probability of architecture erosion, demanding active mitigation.

Software erosion impacts performance, development, maintenance, and software quality. If left untreated, it can result in unstable software, project objectives not being met, increased resource requirements for rewriting, and higher maintenance costs. Preventive measures should be implemented to address system failures caused by software erosion.

To tackle these challenges, developers should thoroughly understand the causes of errors before attempting to fix them. Thoughtful planning of new features with entropy in mind, as well as communication of architecture evolution within the development team, can reduce erosion caused by divergent changes from the original intended architecture. Maintaining up-to-date documentation is crucial to preserve specific knowledge about software components. Descriptive coding practices, such as using descriptive variables and methods, contribute to effective documentation.

By considering these factors, developers can mitigate software erosion, ensuring the long-term viability and usability of their software systems.

References:
Software Architecture Erosion: Impacts, Causes, and Management
Understanding software architecture erosion: A systematic mapping study
Image from PlayGroundAI.com

Quote:With the release of MyBB 1.8.22, over one hundred vulnerabilities have been addressed in the 1.8 branch. In this post we look into what the numbers can tell us so far, and how the trends are expected to change in the future.

I invite you to read the following blog entry by the MyBB Group:
https://blog.mybb.com/2020/02/23/a-close...abilities/

Gross Domestic Product (GDP) is an accurate economic indicator and is the most used to weight economic grow in any country. It refers to the total economic output achieved by any nation over a specific period. But there are some shortcomings of GDP to consider in every economy as it doesn’t take into consideration some calculations of market and political (regulations) specific behavior.

Non-market transactions

Though most, if not all, market transactions are considered within the build of GDP, non-market transaction are not. This due primarily to the fact that no solid information is available for it to be accurately accounted for. Consider, for example, the income made by children doing chores for their neighborhoods or the produce being grown for personal consumption.

Leisure

Working hours reduction has been an ongoing movement around the world specially in leading economies such as the USA and France. Additionally, worker benefits have also grown, as might be sick leaves, as well as maternity and paternity leaves. Even though it might be clean that people is producing more in less time, the improvement in productivity is not accounted for in GDP calculation.

Improved product quality

GDP is lacking as a qualitative measurement indicator as it fails to property inform the increase on product and service quality. Product and service quality measure has a big impact on economic wellbeing as customers might be more satisfied with current but cheaper products than before just because of its quality improvement.

The underground economy

Non-market transaction can also refer to the trade of illegal goods and services, such as prostitution, gambling, and drugs, etc. These are not recorded and thus not taken into consideration while building the official GDP. But underground economy might also refer to non-illegal activities which citizens or residents decide not to report, such as informal jobs and informal exchange of services between economic agents (ex. “repair this for me and I repair that for you”).

Environmental abuse

Sometimes production might be increased at the expense of environmental damage. While production might be highly regulated in developed nations developing ones might rely heavily on environmental exploitation to support their growth. Green Gross Domestic Product (GGDP) is a formula that aims to penalize such counties by offering a more accurate measurement of economic grown by considering the implementation of manufacturing practices that harm the environment.

Here you can find an article which shares possible alternatives to GDP as a measurement of wellbeing. Even so I recommend you to do your own and extensive research in the matter.

Source: SHORTCOMINGS OF GDP - MBA Tutorials, What is Gross Domestic Product (GDP)? - CFI
Graphic source: G20 GDP Growth - Second quarter of 2019, OECD