Bitcoin Forum
September 27, 2016, 06:57:32 PM *
News: Latest stable version of Bitcoin Core: 0.13.0 (New!) [Torrent]. Make sure you verify it.
 
  Home Help Search Donate Login Register  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 326 »
1  Economy / Auctions / Advertise on this forum - Round 187 on: September 26, 2016, 05:25:34 PM
The forum sells ad space in the area beneath the first post of every topic page. This income is used primarily to cover hosting costs and to pay moderators for their work (there are many moderators, so each moderator gets only a small amount -- moderators should be seen as volunteers, not employees). Any leftover amount is typically either saved for future expenses or otherwise reinvested into the forum or the ecosystem.

Ads are allowed to contain any non-annoying HTML/CSS style. No images, JavaScript, or animation. Ads must appear 3 or fewer lines tall in my browser (Firefox, 900px wide). Ad text may not contain lies, misrepresentation, or inappropriate language. Ads may not link directly to any NSFW page. Ads may be rejected for other reasons, and I may remove ads even after they are accepted.

There are 10 total ad slots which are randomly rotated. So one ad slot has a one in ten chance of appearing. Nine of the slots are for sale here. Ads appear only on topic pages with more than one post, and only for people using the default theme.

Duration

- Your ads are guaranteed to be up for at least 7 days.
- I usually try to keep ads up for no more than 8 or 9 days.
- Sometimes ads might be up for longer, but hopefully no longer than 12 days. Even if past rounds sometimes lasted for long periods of time, you should not rely on this for your ads.

Stats

Exact historical impression counts per slot:
https://bitcointalk.org/adrotate.php?adstats

Info about the current ad slots:
https://bitcointalk.org/adrotate.php?adinfo

Ad blocking

Hero/Legendary members, Donators, VIPs, and moderators have the ability to disable ads. I don't expect many people to use this option. These people don't increase the impression stats for your ads.

I try to bypass Adblock Plus filters as much as possible, though this is not guaranteed. It is difficult or impossible for ABP filters to block the ad space itself without blocking posts. However, filters can match against the URLs in your links, your CSS classes and style attributes, and the HTML structure of your ads.

To prevent matches against URLs: I have some JavaScript which fixes links blocked by ABP. You must tell me if you want this for your ads. When someone with ABP and JavaScript enabled views your ads, your links are changed to a special randomized bitcointalk.org URL which redirects to your site when visited. People without ABP are unaffected, even if they don't have JavaScript enabled. The downsides are:
- ABP users will see the redirection link when they hover over the link, even if they disable ABP for the forum.
- Getting referral stats might become even more difficult.
- Some users might get a warning when redirecting from https to http.

To prevent matching on CSS classes/styles: Don't use inline CSS. I can give your ad a CSS class that is randomized on each pageload, but you must request this.

To prevent matching against your HTML structure: Use only one <a> and no other tags if possible. If your ads get blocked because of matching done on something inside of your ad, you are responsible for noticing this and giving me new ad HTML.

Designing ads

Make sure that your ads look good when you download and edit this test page:
https://bitcointalk.org/ad_test.html
Also read the comments in that file.

Images are not allowed no matter how they are created (CSS, SVG, or data URI). Occasionally I will make an exception for small logos and such, but you must get pre-approval from me first.

The maximum size of any one ad is 51200 bytes.

I will send you more detailed styling rules if you win slots in this auction (or upon request).

Auction rules

You must be at least a Jr Member to bid. If you are not a Jr Member and you really want to bid, you should PM me first. Tell me in the PM what you're going to advertise. You might be required to pay some amount in advance. Everyone else: Please quickly PM newbies who try to bid here to warn them against impersonation scammers.

Post your bids in this thread. Prices must be stated in BTC per slot. You must state the maximum number of slots you want. When the auction ends, the highest bidders will have their slots filled until all nine slots are filled.

So if someone bids for 9 slots @ 5 BTC and this is the highest bid, then he'll get all 9 slots. If the two highest bids are 9 slots @ 4 BTC and 1 slot @ 5 BTC, then the first person will get 8 slots and the second person will get 1 slot.

The notation "2 @ 5" means 2 slots for 5 BTC each. Not 2 slots for 5 BTC total.

- When you post a bid, the bids in your previous posts are considered to be automatically canceled. You can put multiple bids in one post, however.
- All bid prices must be evenly divisible by 0.05.
- The bidding starts at 0.25.
- I will end the auction at an arbitrary time. Unless I say otherwise, I typically try to end auctions within a few days of 10 days from the time of this post, but unexpected circumstances may sometimes force me to end the auction anytime between 4 and 22 days from the start.
- If two people bid at the same price, the person who bid first will have his slots filled first.
- Bids are considered invalid and will be ignored if they do not specify both a price and a max quantity, or if they could not possibly win any slots

If these rules are confusing, look at some of the past forum ad auctions to see how it's done.

I reserve the right to reject bids, even days after the bid is made.

You must pay for your slots within 24 hours of receiving the payment address. Otherwise your slots may be sold to someone else, and I might even give you a negative trust rating. I will send you the payment information via forum PM from this account ("theymos", user ID 35) after announcing the auction results in this thread. You might receive false payment information from scammers pretending to be me. They might even have somewhat similar usernames. Be careful.
2  Economy / Auctions / Re: Advertise on this forum - Round 186 on: September 26, 2016, 05:14:01 PM
1@1

I won't accept this ad for reasons which I PMed to you, sorry.

Auction ended, final result:
Slots BTC/Slot Person
5 0.80 KiboPlatform
2 0.75 Bitcoin Kan
2 0.75 Randian Hero
3  Other / Meta / Re: How aren't Bitcointalk ads blocked by ad blockers like ABP ? on: September 20, 2016, 02:54:33 AM
ABP's matching capability is limited. The forum's ads are structured so that it is impossible, within the limits of ABP, to block ads in general without blocking posts. Additionally, a carefully-designed ad will itself be impossible to block without blocking posts, but most advertisers don't bother to make ads in this way, so their specific ads can be blocked.

I've long wondered why the major Web advertisers like Google haven't pursued this sort of thing. In my research of how to accomplish this I even figured out a way to generically defeat ABP on most browsers using some JavaScript, assuming the ad is all inline (though this technique isn't what the forum does). I guess inline ads are difficult, though you'd think that it'd be possible with at least the most major websites.

I'd appreciate it if people not try to block ads. They are by far the forum's largest source of income, and they should not be at all annoying, since there's only one ad per page and I reject ads that are too flashy. I also recently adjusted the ads so that they should in no case be taller than ~50px, even on small screens. Plus, the ads are uniquely targeted to Bitcoiners, so you might find something interesting in the ads -- I've learned of several interesting services through forum ads.
4  Economy / Auctions / Advertise on this forum - Round 186 on: September 16, 2016, 07:15:48 PM
The forum sells ad space in the area beneath the first post of every topic page. This income is used primarily to cover hosting costs and to pay moderators for their work (there are many moderators, so each moderator gets only a small amount -- moderators should be seen as volunteers, not employees). Any leftover amount is typically either saved for future expenses or otherwise reinvested into the forum or the ecosystem.

Ads are allowed to contain any non-annoying HTML/CSS style. No images, JavaScript, or animation. Ads must appear 3 or fewer lines tall in my browser (Firefox, 900px wide). Ad text may not contain lies, misrepresentation, or inappropriate language. Ads may not link directly to any NSFW page. Ads may be rejected for other reasons, and I may remove ads even after they are accepted.

There are 10 total ad slots which are randomly rotated. So one ad slot has a one in ten chance of appearing. Nine of the slots are for sale here. Ads appear only on topic pages with more than one post, and only for people using the default theme.

Duration

- Your ads are guaranteed to be up for at least 7 days.
- I usually try to keep ads up for no more than 8 or 9 days.
- Sometimes ads might be up for longer, but hopefully no longer than 12 days. Even if past rounds sometimes lasted for long periods of time, you should not rely on this for your ads.

Stats

Exact historical impression counts per slot:
https://bitcointalk.org/adrotate.php?adstats

Info about the current ad slots:
https://bitcointalk.org/adrotate.php?adinfo

Ad blocking

Hero/Legendary members, Donators, VIPs, and moderators have the ability to disable ads. I don't expect many people to use this option. These people don't increase the impression stats for your ads.

I try to bypass Adblock Plus filters as much as possible, though this is not guaranteed. It is difficult or impossible for ABP filters to block the ad space itself without blocking posts. However, filters can match against the URLs in your links, your CSS classes and style attributes, and the HTML structure of your ads.

To prevent matches against URLs: I have some JavaScript which fixes links blocked by ABP. You must tell me if you want this for your ads. When someone with ABP and JavaScript enabled views your ads, your links are changed to a special randomized bitcointalk.org URL which redirects to your site when visited. People without ABP are unaffected, even if they don't have JavaScript enabled. The downsides are:
- ABP users will see the redirection link when they hover over the link, even if they disable ABP for the forum.
- Getting referral stats might become even more difficult.
- Some users might get a warning when redirecting from https to http.

To prevent matching on CSS classes/styles: Don't use inline CSS. I can give your ad a CSS class that is randomized on each pageload, but you must request this.

To prevent matching against your HTML structure: Use only one <a> and no other tags if possible. If your ads get blocked because of matching done on something inside of your ad, you are responsible for noticing this and giving me new ad HTML.

Designing ads

Make sure that your ads look good when you download and edit this test page:
https://bitcointalk.org/ad_test.html
Also read the comments in that file.

Images are not allowed no matter how they are created (CSS, SVG, or data URI). Occasionally I will make an exception for small logos and such, but you must get pre-approval from me first.

The maximum size of any one ad is 51200 bytes.

I will send you more detailed styling rules if you win slots in this auction (or upon request).

Auction rules

You must be at least a Jr Member to bid. If you are not a Jr Member and you really want to bid, you should PM me first. Tell me in the PM what you're going to advertise. You might be required to pay some amount in advance. Everyone else: Please quickly PM newbies who try to bid here to warn them against impersonation scammers.

Post your bids in this thread. Prices must be stated in BTC per slot. You must state the maximum number of slots you want. When the auction ends, the highest bidders will have their slots filled until all nine slots are filled.

So if someone bids for 9 slots @ 5 BTC and this is the highest bid, then he'll get all 9 slots. If the two highest bids are 9 slots @ 4 BTC and 1 slot @ 5 BTC, then the first person will get 8 slots and the second person will get 1 slot.

The notation "2 @ 5" means 2 slots for 5 BTC each. Not 2 slots for 5 BTC total.

- When you post a bid, the bids in your previous posts are considered to be automatically canceled. You can put multiple bids in one post, however.
- All bid prices must be evenly divisible by 0.05.
- The bidding starts at 0.25.
- I will end the auction at an arbitrary time. Unless I say otherwise, I typically try to end auctions within a few days of 10 days from the time of this post, but unexpected circumstances may sometimes force me to end the auction anytime between 4 and 22 days from the start.
- If two people bid at the same price, the person who bid first will have his slots filled first.
- Bids are considered invalid and will be ignored if they do not specify both a price and a max quantity, or if they could not possibly win any slots

If these rules are confusing, look at some of the past forum ad auctions to see how it's done.

I reserve the right to reject bids, even days after the bid is made.

You must pay for your slots within 24 hours of receiving the payment address. Otherwise your slots may be sold to someone else, and I might even give you a negative trust rating. I will send you the payment information via forum PM from this account ("theymos", user ID 35) after announcing the auction results in this thread. You might receive false payment information from scammers pretending to be me. They might even have somewhat similar usernames. Be careful.
5  Economy / Auctions / Re: Advertise on this forum - Round 185 on: September 16, 2016, 07:15:19 PM
Auction ended. Final result:
Slots BTC/Slot Person
5 0.65 KiboPlatform
4 0.60 victorhing

2 @ 0.455

Bids must be evenly divisible by 0.05. When they're not, I round down to the nearest multiple of 0.05.
6  Other / Meta / Re: PM email notification not available anymore? on: September 14, 2016, 05:18:02 PM
Turns out the forum is still listed in the PBL. I'll remove it from there.

There are a million little things you have to do to make a new IP "clean" from the perspective of many email providers...
7  Alternate cryptocurrencies / Altcoin Discussion / Re: Iota Tip Thread (iota has no tx fees, lets have fun with that) on: September 14, 2016, 05:13:35 PM
Incentivizing people to post in this way is not allowed because it creates spammy posts. See: https://bitcointalk.org/index.php?topic=434310.0
8  Other / Meta / Re: Marketplace trust on: September 13, 2016, 06:13:29 PM
There is now a 30-day orange warning after a user changes their email address.
9  Economy / Auctions / Re: Advertise on this forum - Round 185 on: September 13, 2016, 05:47:12 PM
1@ 0.2

2@.02

Because you have newbie accounts, you need to PM me the details of what you're going to advertise before your bids will be accepted.

Note that I have cleared p2p to bid.

The auction continues.
10  Other / Meta / Re: Should we change our passwords? on: September 12, 2016, 01:41:28 AM
I am curious to know what happens when someone attempts to access the forum from behind the GFW during times of DDoS attacks, especially when it is non-obvious that the request is coming from a VPN/VPS, and especially when the request appears to be from what could be "high value" potential hacking targets.

Currently there's no regional filtering. It isn't usually necessary, since attacks have either been possible to detect and block (automatically or manually) or SYN floods which use fake IP addresses. On a few occasions in the past I've had to block a few /16 networks for a while, but there's nothing like that active now.

I really like the idea of having a bunch of firewall servers which handle the TCP handshake and then send real traffic to the real server(s) via a GRE tunnel. Since it works at the TCP level, the firewall servers do not need the HTTPS key and aren't particularly sensitive security-wise. It doesn't protect against application-level attacks, but generally those are easier to protect against by just blacklisting or limiting misbehaving IPs. I wish that more companies would offer this service. The forum's previous DDoS protection did this, but it was some amateur operation which had its own reliability issues, making it unacceptable. Incapsula was willing to do a special deal, but their price was ridiculous. I think that someone could make money by buying a few dozen servers distributed across the globe and selling GRE-tunnel-based DDoS protection from SYN floods and maybe also bandwidth leeching (by tracking when new IPs start using way more traffic than anyone else), ideally with anycast IP addresses to distribute traffic among the firewall servers. I think that you could do it largely with standard iptables rules, though it'd be very complicated. If I was setting up a service like this, I would oversell like crazy -- each site is only actually DDoSed a very small percentage of time, so you only need enough ordinary capacity to protect against one or two active attacks --, but then have some sort of backup plan to add more servers in an emergency (maybe by spinning up EC2/DigitalOcean/Vultr instances, which are expensive compared to a dedicated server but quickly available in case more capacity is needed now).
11  Other / Meta / Re: Ancient Bitcoin Talk accounts logging in on: September 12, 2016, 01:32:23 AM
Were password hashes at the time salted?

The new password hashing scheme was implemented in July 2012. Accounts that never logged in after then still have the old hashes, which are IIRC one round of SHA-1, salted with the username. Strong passwords could survive, but it's certainly much easier to crack the old hashes than the new hashes.

When will we see Satoshi's account being used soon?

You won't, since I locked his account long ago. The password hashes leaked in 2015 aren't even his original hashes.
12  Other / Meta / Re: Bitcointalk downtime, or just me? Edit: DDoS attack confirmed as per Theymos on: September 08, 2016, 05:04:19 AM
Theymos, were there any demands linked to these attacks?

Nope.
13  Other / Meta / Re: Bitcointalk downtime, or just me? Edit: DDoS attack confirmed as per Theymos on: September 08, 2016, 02:52:37 AM
I guess they're going to do it every day at around this time until I figure out how to stop them... I've made some progress on that front, but it's not done yet.

If anyone is an actual expert in Linux networking (ie. the term "GRE tunnel" is familiar to you), I could use your help in figuring some of this stuff out.
14  Other / Meta / Re: Problems with notifications? on: September 07, 2016, 03:22:48 PM
Well there was a DDoS attack recently so maybe he changed something to try combat it. I think when I first stopped receiving them it was after a DDoS attack so maybe theymos changed something that altered the IP that the emails come from and that particular one is blocked by your provider. I think that's what happened to me as theymos told me the emails were still being sent but I certainly wasn't receiving anything as I had before.

Yes, that's what happened. I forgot about this, I'll fix it soon.
15  Bitcoin / Bitcoin Discussion / Re: Hacked BitcoinTalk Data Finally Surfaces On Dark Net on: September 06, 2016, 07:52:07 AM
What year did you change the hashing algorithm? From what I saw in the database some users who didn't logon after 2012 were not in it.

July 2012.
16  Bitcoin / Bitcoin Discussion / Re: Hacked BitcoinTalk Data Finally Surfaces On Dark Net on: September 06, 2016, 07:44:46 AM
I think that one extra step of security would be to have implemented a custom salt for every users password

Each hash has a unique 12-byte salt.

Quote
Also, from StackOverflow:

That's the same nonsense I was responding to.

Quote
Not all of the passwords in the database leak had that encryption :p

It's impossible to upgrade a user's hash until they log in, since their password isn't known. Those users never logged in since the hash algorithm was upgraded several years ago.
17  Bitcoin / Bitcoin Discussion / Re: Hacked BitcoinTalk Data Finally Surfaces On Dark Net on: September 06, 2016, 06:34:55 AM
I sent out a mass email about this right after the leak in 2015. People really should've changed their passwords then. This database has been floating around since then, so if you didn't change your password already and your password is sufficiently weak, then there's a good chance that your account would've already been compromised.

Let me just say that the encryption algorithm could've been stronger. For example, bcrypt or something like what Wordpress implements. Now THOSE are some tough hashes to crack.

That's a common misconception. There is no functional difference between bcrypt and sha256crypt, except that sha256crypt uses the industry-standard SHA-256 hash function while bcrypt uses a hash function based on the deprecated and obscure Blowfish encryption algorithm.

PHP uses a default bcrypt cost of 10, which is roughly similar to sha256crypt with rounds=1024. Python uses a default cost of 12, which is roughly similar to sha256crypt with rounds=4096. The forum uses sha256crypt with rounds=7500. The forum's hashes, while not uncrackable given weak passwords, are far stronger than those used by almost every other site.
18  Other / Meta / Re: Bitcointalk downtime, or just me? Edit: DDoS attack confirmed as per Theymos on: September 06, 2016, 12:23:53 AM
A DDoS attack takes a site down, it doesn't provide the attacker with any access.
19  Other / Meta / Re: Bitcointalk downtime, or just me? on: September 05, 2016, 11:31:20 PM
OMG! Is everything going to be okay? Can we expect more downtime? Please answer!

Probably there will be periodic downtime until they stop or until I figure out how to mitigate the attack.
20  Other / Meta / Re: Bitcointalk downtime, or just me? on: September 05, 2016, 10:37:32 PM
Yes, there was a DDoS attack.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 326 »
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!