ivatar issueshttps://git.linux-kernel.at/oliver/ivatar/-/issues2021-09-06T12:18:02Zhttps://git.linux-kernel.at/oliver/ivatar/-/issues/77Check ID form: email not normalized for sha2562021-09-06T12:18:02ZGhost UserCheck ID form: email not normalized for sha256I just noticed that depending on the casing of the email address, the sha256 icon is found or not, when using the [check form on libravatar.org](https://www.libravatar.org/tools/check/)
Using `test@example.com` vs `Test@example.com` **s...I just noticed that depending on the casing of the email address, the sha256 icon is found or not, when using the [check form on libravatar.org](https://www.libravatar.org/tools/check/)
Using `test@example.com` vs `Test@example.com` **should not** cause different sha256 hashes to be produced. And **does not** cause different md5 hashes.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/74Reduce profile data2021-09-10T11:07:35ZGhost UserReduce profile dataIn order to encourage privacy by design, I would recommend to reduce the information that is hold on in the account data.
In explicit, I would recommend/encourage to get rid of the actual identity strings and replace them with aliases a...In order to encourage privacy by design, I would recommend to reduce the information that is hold on in the account data.
In explicit, I would recommend/encourage to get rid of the actual identity strings and replace them with aliases and only store the hashed version.
[As we recently saw with gravatar](https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/) vulnerabilities allow account enumeration and like in worst case. This is not necessary when one takes some trade-offs.
We can just store the hash of most identities in the database. There should be a primary identity that is used as an emergency contact, but otherwise identities should just get an alias field that is used as their UI identifier and otherwise be stored in form of a hash. This reduces the ability to collect mail addresses and OpenIDs even when the database would be breached.
From a workflow perspective it's not necessary to store an identity after successful verification as all further actions are performed with the hash only.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/73Create an avatar maker2021-09-06T12:17:56ZGhost UserCreate an avatar makerTo be able to create your own avatar to host on Libravatar it would be nice with an own avatar maker directly on the website.
The avatar maker could have a web UI that lets you create your own avatar. The avatar could also be stored in ...To be able to create your own avatar to host on Libravatar it would be nice with an own avatar maker directly on the website.
The avatar maker could have a web UI that lets you create your own avatar. The avatar could also be stored in a format that can be fed to the avatar maker. It could output SVG and export to PNG.
Things could be rendered in layers:
- Layer 1: The background
- Layer 2: Skin tone
- Layer 3: Eyes, nose, mouth
- Layer 4: Hair
- Layer 5: Glasses, hat, shirt
# Avatar description language
An avatar description language based on JSON or XML could be defined. It could be documented, a specification could be written, maybe even standardized. The data could be fed to the Libravatar avatar maker as well as other third-party avatar makers, games and animation software which could render it in 3D or animated.
## Example format
```json
{
"skinTone": 1,
"eyebrowColor": "brown-200",
"eyebrowShape": 7,
"eyeColor": "green-500",
"eyeShape": 5,
"eyeSize": "m",
"lipColor": "red-300",
"lipSize": "m",
"noseShape": 3,
"noseSize": "m",
"shirtColor": "grey-700",
"background": "wall-2",
"mood": "happy"
}
```
## JavaScript
You could pass the format to a JavaScript library that renders it to either a SVG element or to a `<canvas>` element.
```javascript
const element = document.getElementById('output');
let libravatar = new Libravatar();
libravatar.load(example_data);
libravatar.render(element);
```
### JavaScript API
- `load(obj)` - Load avatar object.
- `export_png()` - Returns a [`Blob`](https://developer.mozilla.org/en-US/docs/Web/API/Blob) object containing the avatar in PNG format.
- `export_svg()` - Returns a `Blob` object containing the avatar in SVG format.
- `setEyebrowColor(value)` - Sets the eyebrow color.
- `setEyeColor(value)` - Sets the eye color.
## React
There could be a React component.
```jsx
<Avatar
skinTone="1"
eyebrowColor="brown-200"
eyebrowShape="7"
eyeColor="green-500"
eyeShape="5"
eyeSize="m"
lipColor="red-300"
lipSize="m"
noseShape="3"
noseSize="m"
shirtColor="grey-700"
/>
```
## Get avatar using URL
You could base64 encode the JSON object and pass it as a query parameter.
```http
GET /avatar?data=ewogICAgInNraW5Ub25lIjogMSwKICAgICJleWVicm93Q29sb3IiOiAiY... HTTP/1.1
```Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/71Bitmoji integration2022-12-30T12:24:15ZGhost UserBitmoji integrationIt would be nice with integration with [Bitmoji](https://www.bitmoji.com/) since those avatars are very customizable and pretty.
Links that might be of relevance:
* https://github.com/matthewnau/libmoji
* https://kit.snapchat.com/docs/b...It would be nice with integration with [Bitmoji](https://www.bitmoji.com/) since those avatars are very customizable and pretty.
Links that might be of relevance:
* https://github.com/matthewnau/libmoji
* https://kit.snapchat.com/docs/bitmoji-kit-web
* https://kit.snapchat.com/docs/reference-webOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/67big confusion in login2021-11-22T13:14:06ZGhost Userbig confusion in loginAs described in https://git.linux-kernel.at/oliver/ivatar/-/issues/64 . Since the rewrite in 2018, my avatar wasn't display correctly until yesterday, but I had to fight a lot to discover my problem . with https://www.libravatar.org/tool...As described in https://git.linux-kernel.at/oliver/ivatar/-/issues/64 . Since the rewrite in 2018, my avatar wasn't display correctly until yesterday, but I had to fight a lot to discover my problem . with https://www.libravatar.org/tools/check/ I found that what Fedora sites are looking for http://sergiomb.id.fedoraproject.org/ , and when I logged in with http://sergiomb.id.fedoraproject.org/ I went to my first registered user "sergiomb" but I usually I use just id.fedoraproject.org to login in my main user which is "sergiomb2"
Here in sergiomb2 profile I defined a lot similar openIds https://sergiomb.id.fedoraproject.org/ (with https) and http://id.fedoraproject.org/openid/id/sergiomb/ and https://id.fedoraproject.org/openid/id/sergiomb .
At least iavatar shouldn't allow:
- equal openIds with / or not in end
- with http and https with same URL
this cases allow 4 cases that are exactly the same thing:
```
http://id.fedoraproject.org/openid/id/sergiomb/
http://id.fedoraproject.org/openid/id/sergiomb
https://id.fedoraproject.org/openid/id/sergiomb/
https://id.fedoraproject.org/openid/id/sergiomb
```
but I missed the most important one ! what I needed was http://sergiomb.id.fedoraproject.org/ :(, I even can add just https://id.fedoraproject.org ,I guess.
And at last when we try login, we just need write "id.fedoraproject.org", We don't need specify the user and neither the protocol.
If we specify an openId that is the same in practice , and are different registered, lets says: https://id.fedoraproject.org/openid/id/sergiomb/ and http://sergiomb.id.fedoraproject.org/ the iavatar creates a new login automatically , for example I have sergiomb , sergiomb2 to sergiomb11 already . But all the records have the same email , which makes us not allow to recover the password (because uses the email).
In conclusion I think you shouldn't allow new records if the email associated is the same, and that can be the key point to allow a better service .
ThanksOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/66libravatar disable upload new photo when user reached max allowed photos limit2021-09-06T11:54:36ZGhost Userlibravatar disable upload new photo when user reached max allowed photos limitFrom libravatar IRC:
```
18:20:10 opal | suggestion: disable the "upload new photo" button if user has reached max allowed photos
18:20:26 opal | its annoying to go through the upload process only to find out it wouldnt have worked a...From libravatar IRC:
```
18:20:10 opal | suggestion: disable the "upload new photo" button if user has reached max allowed photos
18:20:26 opal | its annoying to go through the upload process only to find out it wouldnt have worked anyway
```Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/65„+“ in mail address doesn‘t work for photo import2020-04-23T09:17:26ZOliver Falkoliver@linux-kernel.at„+“ in mail address doesn‘t work for photo importAccording to
https://twitter.com/webknjaz/status/1252558228518559746?s=21
„+“ in mail address doesn‘t work.According to
https://twitter.com/webknjaz/status/1252558228518559746?s=21
„+“ in mail address doesn‘t work.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/64The user interface isn't intuitive enough2021-09-17T08:02:50ZGhost UserThe user interface isn't intuitive enoughAs you may know we've been using Libravatar in [Liberapay](https://liberapay.com/) for 4 years. Since the rewrite in 2018, we've gotten several help requests from confused people unable to figure out how to set up their Libravatar accoun...As you may know we've been using Libravatar in [Liberapay](https://liberapay.com/) for 4 years. Since the rewrite in 2018, we've gotten several help requests from confused people unable to figure out how to set up their Libravatar account correctly. The latest one is <https://github.com/liberapay/liberapay.com/issues/1740>.https://git.linux-kernel.at/oliver/ivatar/-/issues/63Idea for Default Avatar2022-12-30T12:21:21ZGhost UserIdea for Default AvatarI love what you have been working on. I have a suggestion for the default avatars.
I love the professional look of the Mystery Man avatar, but the downside of using it is that everyone has the same exact default avatar.
It would be nic...I love what you have been working on. I have a suggestion for the default avatars.
I love the professional look of the Mystery Man avatar, but the downside of using it is that everyone has the same exact default avatar.
It would be nice if you created a new set of default avatars similar to Mystery Man, except it changes the background color for different emails, and then uses a consistent color for that email address.
For example, someone@example.com would always have a blue background color, while someoneelse@example.com would always have a green background color.
You could probably use some algorithm that spits out the same result for each email so that each email address is always the same color.
This would be useful in forums and blog comments where people don't always have a registered Gravatar or Libravatar. At least their replies would have the same color default avatar, so it is easier to tell them apart from others who are using the default avatar.
Unlike the other sets, which are more whimsical, it would be nice if there was a more professional option besides the Mystery Man. Ideally, the generated colors would be muted a bit (grays, light blues, light greens, light reds, etc.) so they do not contrast with the sites and are not too overpowering. For example, a bright magenta avatar might not look that appealing. Also, since people can't choose their colors, neutral colors would be the best option. They can always register a Libravatar or a Gravatar if they don't like the color, but we should probably avoid outrageous colors anyway so it appeals to the widest audience.
Thank you for your time.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/62libravatar.org footer covers content in firefox2021-09-06T11:41:31ZGhost Userlibravatar.org footer covers content in firefoxIn Firefox, the page footer covers whatever part of the page it is over when the page loads. Scrolling on the page moves the footer as well as the page content.
The page footer has css of "position: absolute;" in FF, but has "position:...In Firefox, the page footer covers whatever part of the page it is over when the page loads. Scrolling on the page moves the footer as well as the page content.
The page footer has css of "position: absolute;" in FF, but has "position: relative;" in Chrome where it behaves as expected.
Of no real consequence: in FF the footer is just a box but in Chrome it is a fancy curve topped element.![libravatar_home_page_in_FF](/uploads/1f101ffaabe2e72c822e18b2d013374a/libravatar_home_page_in_FF.png)https://git.linux-kernel.at/oliver/ivatar/-/issues/61Maintenance page2020-02-25T11:29:27ZOliver Falkoliver@linux-kernel.atMaintenance pageAdd config option to allow a maintenance page to show up instead of the normal user interface, but still allow avatars to be served.
So => No write, just read.Add config option to allow a maintenance page to show up instead of the normal user interface, but still allow avatars to be served.
So => No write, just read.Migration 02/2020Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/60Avatar boxes are too narrow2021-11-22T13:14:32ZGhost UserAvatar boxes are too narrowHaving several similarly named domains turns avatar management into a nightmare
![image](/uploads/a01170dd3cfb22092292d7c567f4d889/image.png)
Why not use wide list like gravatar does?Having several similarly named domains turns avatar management into a nightmare
![image](/uploads/a01170dd3cfb22092292d7c567f4d889/image.png)
Why not use wide list like gravatar does?Redesign Profile pagehttps://git.linux-kernel.at/oliver/ivatar/-/issues/57Add CORS headers to returned avatars2021-09-06T11:53:49ZGhost UserAdd CORS headers to returned avatarsHello! :wave:
Could you consider adding CORS header (`Access-Control-Allow-Origin: *`) to avatar image responses? Gravatar uses it and it allows fetching avatars without cookies or any other tracking information through `<img src="..."...Hello! :wave:
Could you consider adding CORS header (`Access-Control-Allow-Origin: *`) to avatar image responses? Gravatar uses it and it allows fetching avatars without cookies or any other tracking information through `<img src="..." crossorigin=anonymous>`
More details here: https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_settings_attributes
Reported here: https://photog.social/users/libravatar/statuses/102265339201031638Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/56W3 validator throws issues2019-05-28T08:24:29ZOliver Falkoliver@linux-kernel.atW3 validator throws issueshttps://validator.w3.org/nu/?doc=https%3A%2F%2Fwww.libravatar.org%2Fhttps://validator.w3.org/nu/?doc=https%3A%2F%2Fwww.libravatar.org%2Fhttps://git.linux-kernel.at/oliver/ivatar/-/issues/55Check tool, compatiblity with previous version2021-09-06T11:53:40ZGhost UserCheck tool, compatiblity with previous versionHello,
Our wiki and probably external documents mention the old check tool under the following URL: https://www.libravatar.org/tools/check_domain.
Can we provide a redirect to the new one ?
Regards.Hello,
Our wiki and probably external documents mention the old check tool under the following URL: https://www.libravatar.org/tools/check_domain.
Can we provide a redirect to the new one ?
Regards.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/54Problem in PIL/Image.py2021-09-06T11:53:33ZGhost UserProblem in PIL/Image.pyHello!
in error.log we have lots of errors that goes like this:
```
[Mon Mar 04 01:56:23.783813 2019] [wsgi:error] [pid 20992:tid 140345052468992] """)
Exception ignored in: <object repr() failed>
Traceback (most recent call last):
...Hello!
in error.log we have lots of errors that goes like this:
```
[Mon Mar 04 01:56:23.783813 2019] [wsgi:error] [pid 20992:tid 140345052468992] """)
Exception ignored in: <object repr() failed>
Traceback (most recent call last):
File "/mnt/data/.virtualenv/lib/python3.6/site-packages/PIL/Image.py", line 614, in __del__
NameError: name 'hasattr' is not defined
Exception ignored in: <object repr() failed>
Traceback (most recent call last):
File "/mnt/data/.virtualenv/lib/python3.6/site-packages/PIL/Image.py", line 614, in __del__
NameError: name 'hasattr' is not defined
Exception ignored in: <object repr() failed>
Traceback (most recent call last):
File "/mnt/data/.virtualenv/lib/python3.6/site-packages/PIL/Image.py", line 614, in __del__
NameError: name 'hasattr' is not defined
```
Would it be possible to fix somehow?
These are not the only errors but the other seems to be a problem in deployment related to deprecation of psycopg2 wheel package. I need to take a look at it.https://git.linux-kernel.at/oliver/ivatar/-/issues/53500 error on trying to upload export in invalid format2021-09-06T11:42:43ZGhost User500 error on trying to upload export in invalid formatHello,
on https://www.libravatar.org/accounts/upload_export/, if i try to upload e.g. a txt file i get 500 error. Instead, the file should be checked for a valid format and only then processed.Hello,
on https://www.libravatar.org/accounts/upload_export/, if i try to upload e.g. a txt file i get 500 error. Instead, the file should be checked for a valid format and only then processed.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/52No Identica importer2021-09-06T11:53:25ZGhost UserNo Identica importerHello,
While reading the old [photo importers](https://github.com/libravatar/wiki.libravatar.org/commit/89804fc50d4ae61c8bc31daed8254cb0fdaaf66c) page I discovered the previous version of Libravatar had support for automatic import of p...Hello,
While reading the old [photo importers](https://github.com/libravatar/wiki.libravatar.org/commit/89804fc50d4ae61c8bc31daed8254cb0fdaaf66c) page I discovered the previous version of Libravatar had support for automatic import of picture from the Identica micro-blogging platform.
Nobody complained about it so far so we should just document this regression somewhere.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/51Libravator logo link in wiki is broken2021-09-06T11:53:18ZGhost UserLibravator logo link in wiki is brokenIn the [wiki](https://wiki.libravatar.org) there was a link to a Libravatar logo, which is currently broken. It points to https://seccdn.libravatar.org/nobody/256.png.In the [wiki](https://wiki.libravatar.org) there was a link to a Libravatar logo, which is currently broken. It points to https://seccdn.libravatar.org/nobody/256.png.https://git.linux-kernel.at/oliver/ivatar/-/issues/50Cache-Control and Expires2021-09-06T11:53:10ZGhost UserCache-Control and ExpiresWhen setting up a localhost caching reverse proxy I noticed that libravatar.org doesn't set the `Cache-Control` (and `Expires`) header.
Gravatar sets
```http
Cache-Control: max-age=300
```
Should libravatar use something similar?
T...When setting up a localhost caching reverse proxy I noticed that libravatar.org doesn't set the `Cache-Control` (and `Expires`) header.
Gravatar sets
```http
Cache-Control: max-age=300
```
Should libravatar use something similar?
The [libravatar API](https://wiki.libravatar.org/api/) only mentioned caching in relation to SRV records (1 day = 24 hour?). Should avatars itself be allowed to be cached for 24 hours?
In @tastytea's [libravatarserv](https://schlomp.space/tastytea/libravatarserv) example config for nginx the `Expires` and `Cache-Control` are set to 86400 (24 hours) (+ `Cache-Control` adds `public`):
<https://schlomp.space/tastytea/libravatarserv/src/commit/de7e61a2fed91c0be3ab787907ff39f7f72b4043/doc/nginx-example.conf#L12-L14>
Since the libravatar api very much rely on query string it's affected by <https://httpd.apache.org/docs/trunk/caching.html#http-caching>, under "What Can be Cached?":
> If the URL included a query string (e.g. from a HTML form GET
> method) it will not be cached unless the response specifies an
> explicit expiration by including an "Expires:" header or the
> max-age or s-maxage directive of the "Cache-Control:" header, as
> per RFC2616 sections 13.9 and 13.2.1.
I suppose this might affect caching in clients? I haven't checked that.
Using [mod_expires](https://httpd.apache.org/docs/2.4/mod/mod_expires.html) I used something like:
```apache
ExpiresActive On
ExpiresDefault "A86400"
Header merge "Cache-Control" "public"
```
(Maybe
```apache
ExpiresDefault "access plus 24 hours"`
```
is a bit more readable.)