bitcointalk.org is SMF 1.x. That's not going to work.

submitThisOnce doesn't make the post. Just send an HTTP POST in the same way that the form does. Note that you need to pass a valid session key as "sc" (which the form does via a hidden <input>).

There's no harm in leaving extra positive trust ratings. You can keep them or not, it's up to you.

It is a bit of an issue that trust ratings are subjective. Probably this is a flaw in the trust score algorithm, but I'm not sure what to do to improve this.

FMS uses a web-of-trust system. (This forum's trust system was inspired by FMS.) You only see posts of people in your trust list, or in someone you trust's trust list, etc. This prevent spam, though it's tricky to figure out how to add new anonymous people to the trust network. FMS has a feature where anyone can publish a CAPTCHA, and solving this will add you to that person's trust list automatically (with a low score), but this is pretty vulnerable to DoS attacks. Paying some bitcoins is also a good idea.

I haven't looked into this stuff in several years, so I may be out-of-date on some things. Maybe things have improved somewhat by now.

When I tried it FMS worked very well for me, but again, most people don't want to manually manage trust lists.

Decentralized forum software has existed since before Bitcoin. The most successful example that comes to my mind is Freenet's FMS. However, since decentralized forums can't have normal moderation, using them generally requires more responsibility and work from readers. The vast majority of people don't want to do this, which is one big reason why decentralized forums are very obscure. (Another reason is that there are very very few developers working in this space, so the tools are often not so great, both from a usability standpoint and in general. IMO Freenet is very unlikely to actually be secure in the face of serious attack, for example.)

Increasing fault-tolerance is a long-term goal, but (re)creating a truly decentralized and uncensorable forum is outside of bitcointalk.org's scope.

The image proxy isn't a caching proxy. Proxied images are never saved to disk, and only small chunks of images are stored in memory at any one time. The proxy does work with client-side caching (it passes on appropriate cache-related headers, etc.), so you may cache images.

Fixed.

I suspect that Wardrick's account was compromised around May, though I'm not 100% sure. But I'm not hearing any evidence one way or another from anyone who previously owned the account, so I suppose the account will be locked for some time. Therefore, I removed Wardrick's recent sent trust ratings. He can rewrite them later if his account is ever restored.

I made a very rough tool for this:
https://bitcointalk.org/gettopics.php?user=311162

If I know that person's other account, I don't know that I know it.

(I didn't enter the Bitcoin scene until a year after that person mined those bitcoins.)


I really don't think that Satoshi is government.

You can't.

Reddit mods don't have access to that info. (And I wouldn't publish that info anyway.)

If you're going around posting people's personal information for no real reason other than just to annoy them, then that's trolling, which is not allowed.

Dox is currently more-or-less allowed for two reasons:
- It is sometimes useful when dealing with scammers for the community to collaboratively investigate the scammer. There have been a few cases where these collaborative investigations have led to good results.
- It is very difficult to define a consistent line between reasonable public information and non-public dox. For example, on Reddit the admins will sometimes delete posts which reference someone's real name even when this name can be found on the first page of a Google search for their pseudonym, which is ridiculous.

This is something that I've been thinking about for a long time. The current rules are sub-optimal, I think, since it's too easy for innocent people to be hurt. But at the same time I don't want to ban "personal information" entirely, due to the above two reasons. Maybe dox should be restricted to an "investigations" board which is only viewable to Jr members and above, or something like that.

At least in 0.11.0, that's not true. I just tried it and it worked fine.


I signed that on the same wallet.dat file that I used to mine the bitcoins -- I didn't import the private key or anything.

The forum sells ad space in the area beneath the first post of every topic page. About 25% of ad income goes to the forum moderators as thanks for all of their work. (There are many moderators, so each moderator gets only a small amount -- moderators should be seen as volunteers, not employees.) The rest is stored in the forum's treasury (verifiably), where it sits until the forum needs it.

Ads are allowed to contain any non-annoying HTML/CSS style. No images, JavaScript, or animation. Ads must appear 3 or fewer lines tall in my browser (Firefox, 900px wide). Ad text may not contain lies, misrepresentation, or inappropriate language. Ads may not link directly to any NSFW page. Ads may be rejected for other reasons, and I may remove ads even after they are accepted.

There are 10 total ad slots which are randomly rotated. So one ad slot has a one in ten chance of appearing. Nine of the slots are for sale here. Ads appear only on topic pages with more than one post, and only for people using the default theme.

The ad lasts at least 7 days starting from when I put it up. (However, if you look at the ad history you'll see that ads usually get at least 8 days, and sometimes as many as 12, but this is random and definitely not guaranteed.)

Stats

Exact historical impression counts per slot:
https://bitcointalk.org/adrotate.php?adstats

Info about the current ad slots:
https://bitcointalk.org/adrotate.php?adinfo

Ad blocking

Hero/Legendary members, Donators, VIPs, and moderators have the ability to disable ads. I don't expect many people to use this option. These people don't increase the impression stats for your ads.

I try to bypass Adblock Plus filters as much as possible, though this is not guaranteed. It is difficult or impossible for ABP filters to block the ad space itself without blocking posts. However, filters can match against the URLs in your links, your CSS classes and style attributes, and the HTML structure of your ads.

To prevent matches against URLs: I have some JavaScript which fixes links blocked by ABP. You must tell me if you want this for your ads. When someone with ABP and JavaScript enabled views your ads, your links are changed to a special randomized bitcointalk.org URL which redirects to your site when visited. People without ABP are unaffected, even if they don't have JavaScript enabled. The downsides are:
- ABP users will see the redirection link when they hover over the link, even if they disable ABP for the forum.
- Getting referral stats might become even more difficult.
- Some users might get a warning when redirecting from https to http.

To prevent matching on CSS classes/styles: Don't use inline CSS. I can give your ad a CSS class that is randomized on each pageload, but you must request this.

To prevent matching against your HTML structure: Use only one <a> and no other tags if possible. If your ads get blocked because of matching done on something inside of your ad, you are responsible for noticing this and giving me new ad HTML.

Designing ads

Make sure that your ads look good when you download and edit this test page:
https://bitcointalk.org/ad_test.html
Also read the comments in that file.

I will send you more detailed styling rules if you win slots in this auction (or upon request).

Auction rules

You must be at least a Jr Member to bid. If you are not a Jr Member and you really want to bid, you should PM me first. Tell me in the PM what you're going to advertise. You might be required to pay some amount in advance. Everyone else: Please quickly PM newbies who try to bid here to warn them against impersonation scammers.

Post your bids in this thread. Prices must be stated in BTC per slot. You must state the maximum number of slots you want. When the auction ends, the highest bidders will have their slots filled until all nine slots are filled.

So if someone bids for 9 slots @ 5 BTC and this is the highest bid, then he'll get all 9 slots. If the two highest bids are 9 slots @ 4 BTC and 1 slot @ 5 BTC, then the first person will get 8 slots and the second person will get 1 slot.

The notation "2 @ 5" means 2 slots for 5 BTC each. Not 2 slots for 5 BTC total.

- When you post a bid, the bids in your previous posts are considered to be automatically canceled. You can put multiple bids in one post, however.
- All bid prices must be evenly divisible by 0.05.
- The bidding starts at 0.50.
- I will end the auction at an arbitrary time. Probably the end time will be 7-12 days from the time of this post, though it could be anywhere between 4 and 22 days from now. (I will probably end the auction 1-3 days before the ads are scheduled to go up.)
- If two people bid at the same price, the person who bid first will have his slots filled first.
- Bids are considered invalid and will be ignored if they do not specify both a price and a max quantity, or if they could not possibly win any slots

If these rules are confusing, look at some of the past forum ad auctions to see how it's done.

I reserve the right to reject bids, even days after the bid is made.

You must pay for your slots within 24 hours of receiving the payment address. Otherwise your slots may be sold to someone else, and I might even give you a negative trust rating. I will send you the payment information via forum PM from this account ("theymos", user ID 35) after announcing the auction results in this thread. You might receive false payment information from scammers pretending to be me. They might even have somewhat similar usernames. Be careful.

Auction ended. Final result:

Slots BTC/Slot Person
1 3.90 SparkedDev
3 3.85 FortuneJack
3 3.85 PocketRocketsCasino
2 3.80 victorhing

These posts got lost.

Interesting bug. When using the utf8_unicode_* collation, MySQL treats invalid UTF-8 characters (like the X'C29D' string used here) as being equal to an empty string, even in the middle of other strings. Normally this isn't such a big deal, but in certain queries it's a major problem. In particular, this is really really bad if you're using the text as some sort of ID and the ID column is not constrained to be unique (as is the case with SMF's memberName column for some reason).

Those weird users were being added to your list because an SQL query was adding all users who matched memberName in ('') or in EcuaMobi's case memberName in ('Quickseller', ...), and this matched multiple unintended users due to that empty-string confusion. There are security implications here. AFAICT, some serious (but not critical) mischief could've been done by impersonating privileged users in certain cases. I bet there are a lot of sites out there that have more serious vulnerabilities due to this sort of thing. And I never even considered collation as a source of these issues -- it's not something I've given more than a passing glance at previously. This looks like a pretty serious flaw in SQL and/or MySQL which should be publicized more IMO. It's too difficult to reason about correctness here.

- I cleared those users from everyone's trust lists and renamed them. Some similar users probably still exist in the DB, but I don't see the need to search them out.
- I revised all of the database's collation rules to settings which should work as intended. This required locking tables for extended periods of time, which is what caused the other weirdness over the last few hours.
- I made it so you can't use names containing invalid UTF-8 strings or control characters.

Right. It's also not "officially supported". For example, my account recovery procedures assume that accounts are not sold, so I could be convinced to return accounts to the original owner, and the purchaser is out of luck if I do this. I'm not going to act as a broker or escrow for account sales. (But if I do realize that someone is trying to take back a sold account like this, then I'm not going to do it and I might ban them for wasting my time...)

That might also be possible. I'm looking into that.

Timeline (UTC):
04:00 Failed attempts to guess Wardrick's secret answer
16:31 This post
16:35 Wardrick's password reset using the code in the screenshot and an IP that Wardrick has never used

Shadow_Runner: Do you have the @gmail address? That's not Wardrick's actual email.


Nothing I did. Probably someone changed his trust list temporarily, and the change was cached for some people.

  Now his account actually was compromised because he posted that link. I locked it for now.