I'll give another wallet a try if that's my only option I guess
Could you look at HCP's question. What does the private key begin with? an "L" or a "K" means the key is wif compressed. a "5" means the key is wif format (but not compressed). a "U" means it's encrypted (usually) anything else might mean the key is in a different format. I'd suggest trying electrum for importing the keys to check it's not the problem of copay if you want a secondary wallet to try it with. [EDIT: as hcp suggested]. If the link doesn't load: http://electrum.org/#download - copy/paste this. |
|
|
|
|
I don't want any "friends" here - there aren't that many users i'd trust anyway so my list would be fairly empty. Online acquaintances are more what people are from here, you can't really have personal relationships with people you only know over the internet unless there's a really high amount of trust you have with them (in which case, you would probably have met in real life by now wouldn't you)?
Also, what @the pharmacist said, however, we are a social media site (technically). And, we would start to see loads of thread popping up "x removed me from his buddy list" and then negative trust from removing trusted people in order to keep their same number of "friends".
|
|
|
|
Only administrators can view the IP change or?
The only person that can get IP address related information is theymos (admin). Your IP address is stored everytime you post, moderators can also get hold of this information. Not sure whether they can get hold of registration IP, but, if you make a post, they can access that IP, and if you don't make a post - unless your username is really catchy - you don't need to recover the accoutn as it won't have any value. Also, if you do something like edit someone's trust or send a pm, your IP will also be stored. I would like to stake my ETH address because I donīt have BTC, is that possible? I think that ethereum could sign message too or?
Eth addresses can be signed, where is the eth address? I'd consider asking you to download an ethereum client rather that using an online client (as tryninja suggested above). It'll make your address, funds and this account a bit more secure. Understand, but a lot of people could have same IP address and also multiaccounts are allowed, so only way how to red tag them is when they sending tokens to each others, right? (This means abusing bounties) If their posting style suddenly changes, that's one way to get them. You can prove ownership if you use a static IP that belongs to you but that's not great as you can host openssl and tor exit nodes that give people your IP. Vpns, tor exit nodes and other masking services can sometimes leave a trace that they belong to that service or can leave a trace that can track you back to the original user (if the user is not intelligent enough to hide that data, IE using a VPN on a regular browser without noscript and other adaptations means your IP can be traced with some simple js code). |
|
|
|
Yeah... Log out and try those links. There! You can't access them. This issue is that users who don't have an account here are unlikely to deal with users here without registering an account (unless the user tells them in the op to email them or something for the deal). My suggestion would be to display only red trust (on DT2) to guests, as a warning not to fall for scams.
Some DT members have negative trust. Also, some trustworthy members have one or two negative correlations.[tagging for shitposting, selling accounts,...etc.] Good point, I forgot about users with both red and green trust. I've edited my post. while we're on the subject of making trust changes, may I suggest (again) to show red trust on all boards.
Trust system has been created to reduce scam, showing it outside Marketplace is worthless. I was thinking about the users who post scams (in their signature or in their posts) on other boards. Is it not common sense to research a company before you do anything with them? I mean if someone falls for a link in a signature that is phishing or just a scam page, they could do that anywhere else on the internet couldn't they? Google lists ponzis that are obvious and don't get removed... |
|
|
|
Only administrators can view the IP change or?
The only person that can get IP address related information is theymos (admin). Your IP address is stored everytime you post, moderators can also get hold of this information. Not sure whether they can get hold of registration IP, but, if you make a post, they can access that IP, and if you don't make a post - unless your username is really catchy - you don't need to recover the accoutn as it won't have any value. Also, if you do something like edit someone's trust or send a pm, your IP will also be stored. I would like to stake my ETH address because I don´t have BTC, is that possible? I think that ethereum could sign message too or?
Eth addresses can be signed, where is the eth address? I'd consider asking you to download an ethereum client rather that using an online client (as tryninja suggested above). It'll make your address, funds and this account a bit more secure. |
|
|
|
I don't see any point of limiting pages these to logged-in users. It would help immensely with archiving data: there have been many a time where I've wanted to archive merit history for busting users that are trading/selling/abusing. Same thing with trust pages.
Vod is working the BPIP which will have this data archived on it and publicly avaliable (I believe). I'm not sure as for the merit system, however, I know trust isn't avaliable wiithout registering an account as you can't set your own trust level and users like to do that as DT1 and 2 are prone to have people others may not trust. |
|
|
|
the first thread has been locked and no one can longer post there. Correct me if I'm wrong but This forum is also for altcoins as well Ethereum , Dogecoin Deeponion, etc are allowed to have posters everywhere.
Yeah no. They don't allegedly pay users to bump your ANN threads and spread unwanted lies about other cryptos. The threads have been locked because newbies spam there to keep the ANN thread on top. This is against the rules. So don't expect bitcointalk and its staff to co-operate with you when you can't even follow the rules. Alternative,like I said: This is a bitcoin forum. If you can't respect that,create a mtc forum and do your shit there. Not here.
Dogecoin is a fork of Bitcoin's main chain so that's a useless subject as it's obviously going to be seen near it. Also, Bitcoin is the main currency here like pugman said - if I had my way, the altcoin board would be gone to allow for bitcointalk to be focussed on the main currency. And the mods delete stupid bumps in threads so why wouldn't they delete yours too? the original community coin mtc THis is the point where you said it was the original community coin if pugman didn't make it visible to you (which it should have been by this point). |
|
|
|
|
If that was posted on its own then it looks a bit spammy - you could have put it on the OP?
|
|
|
|
|
There are no windows binaries there. I have 0.10.2 somewhere I'll get round to posting it if it is absolutely needed - if achows strategy fails.
|
|
|
|
Thank you guys! I am changing my password regularly to prevent hack, but I canīt regularly change my private key  . But also do you know how hackers steal accounts? And how moderators find that the account is hacked? Because I see many red tagged hacked accounts. For me it is very interesting because I did not believe in malwares, hacker attacks until I used Bitcoin and Bitcointalk forum  The owner signs the address of that specific account to prove ownership and get red trust on it. Accounts can also be locked by using the change password link in your email. You can change private keys regularly if you particularly want to also, just make a new address, it won't do much but still. Hackers can steal accounts in many ways. There are ways to get hold of hashed account passwords and bruteforcing them to find users with simple passwords, like if someone uses the password "password" which, if they do, they deserve their account to be stolen IMO then that can be found in that way. But I donīt think that Hero and Legendary members are so stupid to have such simple passwords, or? You'd be suprised... Anyone can come up with a bad password that hasn't been hacked (yet) and it's not sometimes that simple either to try to get a complex password. My forum account is much easier to crack than accounts that actually hold money in them for example. I always suggest, that if you deal with a high ranking member just off their trust, it's good to get their signature to ensure that it is them before you trade with them (it can't hurt). |
|
|
|
Thank you guys! I am changing my password regularly to prevent hack, but I canīt regularly change my private key . But also do you know how hackers steal accounts? And how moderators find that the account is hacked? Because I see many red tagged hacked accounts. For me it is very interesting because I did not believe in malwares, hacker attacks until I used Bitcoin and Bitcointalk forum The owner signs the address of that specific account to prove ownership and get red trust on it. Accounts can also be locked by using the change password link in your email. You can change private keys regularly if you particularly want to also, just make a new address, it won't do much but still. Hackers can steal accounts in many ways. There are ways to get hold of hashed account passwords and bruteforcing them to find users with simple passwords, like if someone uses the password "password" which, if they do, they deserve their account to be stolen IMO then that can be found in that way. |
|
|
|
@op, I'd suggest a full virus scan on your computer before putting the new software on in case it's a virus. There's free software like malware bytes and free trials of other services like McAfee.
I even advise to burn a bootable CD and scan from it. Kaspersky or Avira are 2 pretty good options. The idea is at the chance the Electrum vulnerability was used is smaller than the chance you have some surprise on your system. Afaik for the vulnerability to be exploited Electrum should have been kept running. (And yes, I've read that you have Avast on, but no antivirus is perfect). A single av software on its own is good, but it can be hijacked by the virus in some circumstances, no doubt the theif has tried that to get more money. It also needs for you to be sending a transaction while simultaneously on a website for that call to work if the wallet is password protected. (I'd suggest using preview before the send part and sign and broadcast it so you can verify that anything is acting normally). |
|
|
|
Won't limiting the spending of sMerits in itself cause people to farm their merits.
If someone told so many users that their sMerit will be decaysed by tomorrow, a lot will probably be more inclined to sell their sMerit immediately and get something from it (which is what we are really trying to avoid here).
My idea was to set 2 months for deadline. In my view, the merit system is a good development. But to limit the abuse, all smerit points should be withdrawn for everyone and handed to a selected and dedicated persons whose duty is to carry out the award of merits to deserving posts. In so far as merit remains in the hands of every member, there must be cheats. People must craft out a way to cheat. You make it sound as if theymos can't just change the allocations of merit sources. If he particularly wanted to double source merits for sources, I doubt it'd take a lot of effort. Why take some 100-300 smerits and centralise the system to a few merit sources, in my view that's a backwards step and exactly what we don't want? I doubt every merit source runs dry at the end of the month (some will, but others)... |
|
|
|
The vulnerability shouldn't be too much of an issue if the electrum wallet is encrypted. Unless it gets decrypted while the user if on another page/has an established connection with a server untrustworthy. Unless the payto field gets edited also via jsonrpc calls. @op, I'd suggest a full virus scan on your computer before putting the new software on in case it's a virus. There's free software like malware bytes and free trials of other services like McAfee. |
|
|
|
|
Stake a SECURE address. Get an airgapped computer or a hardware device if you can't store something on a hot wallet without fearing your keys will be exposed.
Can you give any information a bit more specifically? Like how the key might have been taken.
|
|
|
|
I agree with what others have said and I personally think that it is a bad idea as well. Your solution of decaying sMerits won't have your intended effect as this will just encourage this higher rank members to distribute their unspent sMerits to their alt accounts, instead of giving to worthy post. Plus this way of encouragement to members won't be as effective as you are just encouraging them to send their merits but not encourage them to send it to quality post. This will just affect the merit system in a bad way.
It'll also lead to alright posts being merited and that's not what we're after, I want to be able to merit posts that I think stand out and have taken effort to write. |
|
|
|
I am pretty sure that there is a common header file which loads with all the pages except few special pages like you mentioned.
Every page loads the smf banner at the top, the smf banner at the bottom (the custom code by theymos) and the information specific to the parameter passed to it. I have no idea about the coding structure of smf but what I said was for in general coding style. These are the $_GET parameters we are talking about which we can see, there are $_POST parameters as well IMO which we are not seeing at all. I'm not discussing how general get/post requests work (and the other two main requests you can make). Im suggesting looking at the URL to see that everything loads from the same page (index.php). If the array was (,1 hours,1 minutes) would that still get picked up by your code or do you have to look at the individual indexes in more detail? (I haven't used php very much).
Here are the arrays: [1 days, 1 hours, 1 minutes][1 day, 1 hour, 1 minute]Any instance of the something in the first array is replaced with the item in the second array of the same index. It does this for every instance.
I guess no, it should be done through localization or translation files if necessary.
I may be incorrect, but I believe this forum only supports English. Since this is the case, and the forum only supports one theme, the code would only have to be replaced in one place. That, and due to the way that SMF works trying to change this through localization files would be massively complicating things when only one language is available. Yes English is the only avaliable language for banners. And I didn't realise it checked every record individually, that's quite efficient. |
|
|
|
Or does the seed derive both mprivs now?
IIRC the seed has always derived 2 out of 3 keys (I could be wrong here, but i am relatively sure it has always been this way). If you create a new wallet with 2FA enabled the wallet file just stores one of these 2 keys. But if you decide to create it as a wallet with 2FA disabled, it will store both of the keys (which allos to sign transactions). A while ago, there used to be a 24 word seed. I think this has probably been broken down a bit simpler (as everone kept losing their 24 word seed and there's not really much point in having two when you can do the same in one). I always thought - supidly - that you have to input the same key that gets generated that you can then send to TrustedCoin (I must have gotton confused - yet again - somewhere). this thread is where I first became confused as to these 2FA wallets. |
|
|
|
You can't turn it off simply.
Yeah... you can. File -> New\restore -> Wallet with Two Factor Authentication: Select "I already have a seed": Enter your 2fa wallet seed and click "next": You'll be prompted to "keep or disable" 2FA... select DISABLE: That will generate a "2fa" wallet file that has two of three master private keys in it. You'll be able to "self sign" the multi-sig transactions without needing to use the TrustedCoin service. Note: It is NOT recommended to continue to use a "disabled" 2fa wallet long term... you should create a new "standard" wallet (with a new seed mnemonic) and send your coins to that new wallet. That's a nice guide. Do you not have to input a secret somewhere, and if you do, this is the point where I think it is no longer simple as many people don't seem to learn the importance of keeping such things. Or does the seed derive both mprivs now? |
|
|
|
The majority of the forum uses the same file (index.php).
I am pretty sure that there is a common header file which loads with all the pages except few special pages like you mentioned. There are just different things passed as parameters per pages. Like: https://bitcointalk.org/index.php?action=post;quote=37842121;topic=3956687.0 - loads a link to add a new reply - with two extra parameter added though I'm not sure I should include them. Every page loads the smf banner at the top, the smf banner at the bottom (the custom code by theymos) and the information specific to the parameter passed to it. |
|
|
|
|
Show Posts
