Bitcoin Forum
August 20, 2022, 04:42:12 AM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 ... 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 [93] 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 ... 416 »
1841  Economy / Auctions / Re: Advertise on this forum - Round 186 on: September 26, 2016, 05:14:01 PM

I won't accept this ad for reasons which I PMed to you, sorry.

Auction ended, final result:
Slots BTC/Slot Person
5 0.80 KiboPlatform
2 0.75 Bitcoin Kan
2 0.75 Randian Hero
1842  Other / Meta / Re: How aren't Bitcointalk ads blocked by ad blockers like ABP ? on: September 20, 2016, 02:54:33 AM
ABP's matching capability is limited. The forum's ads are structured so that it is impossible, within the limits of ABP, to block ads in general without blocking posts. Additionally, a carefully-designed ad will itself be impossible to block without blocking posts, but most advertisers don't bother to make ads in this way, so their specific ads can be blocked.

I've long wondered why the major Web advertisers like Google haven't pursued this sort of thing. In my research of how to accomplish this I even figured out a way to generically defeat ABP on most browsers using some JavaScript, assuming the ad is all inline (though this technique isn't what the forum does). I guess inline ads are difficult, though you'd think that it'd be possible with at least the most major websites.

I'd appreciate it if people not try to block ads. They are by far the forum's largest source of income, and they should not be at all annoying, since there's only one ad per page and I reject ads that are too flashy. I also recently adjusted the ads so that they should in no case be taller than ~50px, even on small screens. Plus, the ads are uniquely targeted to Bitcoiners, so you might find something interesting in the ads -- I've learned of several interesting services through forum ads.
1843  Economy / Auctions / Advertise on this forum - Round 186 on: September 16, 2016, 07:15:48 PM
The forum sells ad space in the area beneath the first post of every topic page. This income is used primarily to cover hosting costs and to pay moderators for their work (there are many moderators, so each moderator gets only a small amount -- moderators should be seen as volunteers, not employees). Any leftover amount is typically either saved for future expenses or otherwise reinvested into the forum or the ecosystem.

Ads are allowed to contain any non-annoying HTML/CSS style. No images, JavaScript, or animation. Ads must appear 3 or fewer lines tall in my browser (Firefox, 900px wide). Ad text may not contain lies, misrepresentation, or inappropriate language. Ads may not link directly to any NSFW page. Ads may be rejected for other reasons, and I may remove ads even after they are accepted.

There are 10 total ad slots which are randomly rotated. So one ad slot has a one in ten chance of appearing. Nine of the slots are for sale here. Ads appear only on topic pages with more than one post, and only for people using the default theme.


- Your ads are guaranteed to be up for at least 7 days.
- I usually try to keep ads up for no more than 8 or 9 days.
- Sometimes ads might be up for longer, but hopefully no longer than 12 days. Even if past rounds sometimes lasted for long periods of time, you should not rely on this for your ads.


Exact historical impression counts per slot:

Info about the current ad slots:

Ad blocking

Hero/Legendary members, Donators, VIPs, and moderators have the ability to disable ads. I don't expect many people to use this option. These people don't increase the impression stats for your ads.

I try to bypass Adblock Plus filters as much as possible, though this is not guaranteed. It is difficult or impossible for ABP filters to block the ad space itself without blocking posts. However, filters can match against the URLs in your links, your CSS classes and style attributes, and the HTML structure of your ads.

To prevent matches against URLs: I have some JavaScript which fixes links blocked by ABP. You must tell me if you want this for your ads. When someone with ABP and JavaScript enabled views your ads, your links are changed to a special randomized URL which redirects to your site when visited. People without ABP are unaffected, even if they don't have JavaScript enabled. The downsides are:
- ABP users will see the redirection link when they hover over the link, even if they disable ABP for the forum.
- Getting referral stats might become even more difficult.
- Some users might get a warning when redirecting from https to http.

To prevent matching on CSS classes/styles: Don't use inline CSS. I can give your ad a CSS class that is randomized on each pageload, but you must request this.

To prevent matching against your HTML structure: Use only one <a> and no other tags if possible. If your ads get blocked because of matching done on something inside of your ad, you are responsible for noticing this and giving me new ad HTML.

Designing ads

Make sure that your ads look good when you download and edit this test page:
Also read the comments in that file.

Images are not allowed no matter how they are created (CSS, SVG, or data URI). Occasionally I will make an exception for small logos and such, but you must get pre-approval from me first.

The maximum size of any one ad is 51200 bytes.

I will send you more detailed styling rules if you win slots in this auction (or upon request).

Auction rules

You must be at least a Jr Member to bid. If you are not a Jr Member and you really want to bid, you should PM me first. Tell me in the PM what you're going to advertise. You might be required to pay some amount in advance. Everyone else: Please quickly PM newbies who try to bid here to warn them against impersonation scammers.

Post your bids in this thread. Prices must be stated in BTC per slot. You must state the maximum number of slots you want. When the auction ends, the highest bidders will have their slots filled until all nine slots are filled.

So if someone bids for 9 slots @ 5 BTC and this is the highest bid, then he'll get all 9 slots. If the two highest bids are 9 slots @ 4 BTC and 1 slot @ 5 BTC, then the first person will get 8 slots and the second person will get 1 slot.

The notation "2 @ 5" means 2 slots for 5 BTC each. Not 2 slots for 5 BTC total.

- When you post a bid, the bids in your previous posts are considered to be automatically canceled. You can put multiple bids in one post, however.
- All bid prices must be evenly divisible by 0.05.
- The bidding starts at 0.25.
- I will end the auction at an arbitrary time. Unless I say otherwise, I typically try to end auctions within a few days of 10 days from the time of this post, but unexpected circumstances may sometimes force me to end the auction anytime between 4 and 22 days from the start.
- If two people bid at the same price, the person who bid first will have his slots filled first.
- Bids are considered invalid and will be ignored if they do not specify both a price and a max quantity, or if they could not possibly win any slots

If these rules are confusing, look at some of the past forum ad auctions to see how it's done.

I reserve the right to reject bids, even days after the bid is made.

You must pay for your slots within 24 hours of receiving the payment address. Otherwise your slots may be sold to someone else, and I might even give you a negative trust rating. I will send you the payment information via forum PM from this account ("theymos", user ID 35) after announcing the auction results in this thread. You might receive false payment information from scammers pretending to be me. They might even have somewhat similar usernames. Be careful.
1844  Economy / Auctions / Re: Advertise on this forum - Round 185 on: September 16, 2016, 07:15:19 PM
Auction ended. Final result:
Slots BTC/Slot Person
5 0.65 KiboPlatform
4 0.60 victorhing

2 @ 0.455

Bids must be evenly divisible by 0.05. When they're not, I round down to the nearest multiple of 0.05.
1845  Other / Meta / Re: PM email notification not available anymore? on: September 14, 2016, 05:18:02 PM
Turns out the forum is still listed in the PBL. I'll remove it from there.

There are a million little things you have to do to make a new IP "clean" from the perspective of many email providers...
1846  Alternate cryptocurrencies / Altcoin Discussion / Re: Iota Tip Thread (iota has no tx fees, lets have fun with that) on: September 14, 2016, 05:13:35 PM
Incentivizing people to post in this way is not allowed because it creates spammy posts. See:
1847  Other / Meta / Re: Marketplace trust on: September 13, 2016, 06:13:29 PM
There is now a 30-day orange warning after a user changes their email address.
1848  Economy / Auctions / Re: Advertise on this forum - Round 185 on: September 13, 2016, 05:47:12 PM
1@ 0.2


Because you have newbie accounts, you need to PM me the details of what you're going to advertise before your bids will be accepted.

Note that I have cleared p2p to bid.

The auction continues.
1849  Other / Meta / Re: Should we change our passwords? on: September 12, 2016, 01:41:28 AM
I am curious to know what happens when someone attempts to access the forum from behind the GFW during times of DDoS attacks, especially when it is non-obvious that the request is coming from a VPN/VPS, and especially when the request appears to be from what could be "high value" potential hacking targets.

Currently there's no regional filtering. It isn't usually necessary, since attacks have either been possible to detect and block (automatically or manually) or SYN floods which use fake IP addresses. On a few occasions in the past I've had to block a few /16 networks for a while, but there's nothing like that active now.

I really like the idea of having a bunch of firewall servers which handle the TCP handshake and then send real traffic to the real server(s) via a GRE tunnel. Since it works at the TCP level, the firewall servers do not need the HTTPS key and aren't particularly sensitive security-wise. It doesn't protect against application-level attacks, but generally those are easier to protect against by just blacklisting or limiting misbehaving IPs. I wish that more companies would offer this service. The forum's previous DDoS protection did this, but it was some amateur operation which had its own reliability issues, making it unacceptable. Incapsula was willing to do a special deal, but their price was ridiculous. I think that someone could make money by buying a few dozen servers distributed across the globe and selling GRE-tunnel-based DDoS protection from SYN floods and maybe also bandwidth leeching (by tracking when new IPs start using way more traffic than anyone else), ideally with anycast IP addresses to distribute traffic among the firewall servers. I think that you could do it largely with standard iptables rules, though it'd be very complicated. If I was setting up a service like this, I would oversell like crazy -- each site is only actually DDoSed a very small percentage of time, so you only need enough ordinary capacity to protect against one or two active attacks --, but then have some sort of backup plan to add more servers in an emergency (maybe by spinning up EC2/DigitalOcean/Vultr instances, which are expensive compared to a dedicated server but quickly available in case more capacity is needed now).
1850  Other / Meta / Re: Ancient Bitcoin Talk accounts logging in on: September 12, 2016, 01:32:23 AM
Were password hashes at the time salted?

The new password hashing scheme was implemented in July 2012. Accounts that never logged in after then still have the old hashes, which are IIRC one round of SHA-1, salted with the username. Strong passwords could survive, but it's certainly much easier to crack the old hashes than the new hashes.

When will we see Satoshi's account being used soon?

You won't, since I locked his account long ago. The password hashes leaked in 2015 aren't even his original hashes.
1851  Other / Meta / Re: Bitcointalk downtime, or just me? Edit: DDoS attack confirmed as per Theymos on: September 08, 2016, 05:04:19 AM
Theymos, were there any demands linked to these attacks?

1852  Other / Meta / Re: Bitcointalk downtime, or just me? Edit: DDoS attack confirmed as per Theymos on: September 08, 2016, 02:52:37 AM
I guess they're going to do it every day at around this time until I figure out how to stop them... I've made some progress on that front, but it's not done yet.

If anyone is an actual expert in Linux networking (ie. the term "GRE tunnel" is familiar to you), I could use your help in figuring some of this stuff out.
1853  Other / Meta / Re: Problems with notifications? on: September 07, 2016, 03:22:48 PM
Well there was a DDoS attack recently so maybe he changed something to try combat it. I think when I first stopped receiving them it was after a DDoS attack so maybe theymos changed something that altered the IP that the emails come from and that particular one is blocked by your provider. I think that's what happened to me as theymos told me the emails were still being sent but I certainly wasn't receiving anything as I had before.

Yes, that's what happened. I forgot about this, I'll fix it soon.
1854  Bitcoin / Bitcoin Discussion / Re: Hacked BitcoinTalk Data Finally Surfaces On Dark Net on: September 06, 2016, 07:52:07 AM
What year did you change the hashing algorithm? From what I saw in the database some users who didn't logon after 2012 were not in it.

July 2012.
1855  Bitcoin / Bitcoin Discussion / Re: Hacked BitcoinTalk Data Finally Surfaces On Dark Net on: September 06, 2016, 07:44:46 AM
I think that one extra step of security would be to have implemented a custom salt for every users password

Each hash has a unique 12-byte salt.

Also, from StackOverflow:

That's the same nonsense I was responding to.

Not all of the passwords in the database leak had that encryption :p

It's impossible to upgrade a user's hash until they log in, since their password isn't known. Those users never logged in since the hash algorithm was upgraded several years ago.
1856  Bitcoin / Bitcoin Discussion / Re: Hacked BitcoinTalk Data Finally Surfaces On Dark Net on: September 06, 2016, 06:34:55 AM
I sent out a mass email about this right after the leak in 2015. People really should've changed their passwords then. This database has been floating around since then, so if you didn't change your password already and your password is sufficiently weak, then there's a good chance that your account would've already been compromised.

Let me just say that the encryption algorithm could've been stronger. For example, bcrypt or something like what Wordpress implements. Now THOSE are some tough hashes to crack.

That's a common misconception. There is no functional difference between bcrypt and sha256crypt, except that sha256crypt uses the industry-standard SHA-256 hash function while bcrypt uses a hash function based on the deprecated and obscure Blowfish encryption algorithm.

PHP uses a default bcrypt cost of 10, which is roughly similar to sha256crypt with rounds=1024. Python uses a default cost of 12, which is roughly similar to sha256crypt with rounds=4096. The forum uses sha256crypt with rounds=7500. The forum's hashes, while not uncrackable given weak passwords, are far stronger than those used by almost every other site.
1857  Other / Meta / Re: Bitcointalk downtime, or just me? Edit: DDoS attack confirmed as per Theymos on: September 06, 2016, 12:23:53 AM
A DDoS attack takes a site down, it doesn't provide the attacker with any access.
1858  Other / Meta / Re: Bitcointalk downtime, or just me? on: September 05, 2016, 11:31:20 PM
OMG! Is everything going to be okay? Can we expect more downtime? Please answer!

Probably there will be periodic downtime until they stop or until I figure out how to mitigate the attack.
1859  Other / Meta / Re: Bitcointalk downtime, or just me? on: September 05, 2016, 10:37:32 PM
Yes, there was a DDoS attack.
1860  Economy / Auctions / Re: Advertise on this forum - Round 185 on: September 05, 2016, 03:33:51 PM
Since only one person supported the change, I decided not to change the auction rules at this time. Thank you to those who gave feedback.

Again note that starting with round 184, the ad area will be slightly changed so that it has a maximum width and height, and any content outside of this space will be cut off. I don't think that most ads will typically be affected by this, but possibly certain ads will require redesign.

The change will be similar to:
<div style="display:inline-block; max-width:100%; min-width:100%; max-height:42px; overflow:hidden">
[your ad here]

At the time of this posting ad_test.html is not updated to take this into account, but it will be in a few days.
Pages: « 1 ... 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 [93] 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 ... 416 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!