Bitcoin Forum
October 20, 2017, 06:37:27 PM *
News: Latest stable version of Bitcoin Core:  [Torrent]. (New!)
  Home Help Search Donate Login Register  
  Show Posts
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 ... 343 »
361  Other / Meta / Re: Bitcointalk downtime, or just me? Edit: DDoS attack confirmed as per Theymos on: September 08, 2016, 05:04:19 AM
Theymos, were there any demands linked to these attacks?

362  Other / Meta / Re: Bitcointalk downtime, or just me? Edit: DDoS attack confirmed as per Theymos on: September 08, 2016, 02:52:37 AM
I guess they're going to do it every day at around this time until I figure out how to stop them... I've made some progress on that front, but it's not done yet.

If anyone is an actual expert in Linux networking (ie. the term "GRE tunnel" is familiar to you), I could use your help in figuring some of this stuff out.
363  Other / Meta / Re: Problems with notifications? on: September 07, 2016, 03:22:48 PM
Well there was a DDoS attack recently so maybe he changed something to try combat it. I think when I first stopped receiving them it was after a DDoS attack so maybe theymos changed something that altered the IP that the emails come from and that particular one is blocked by your provider. I think that's what happened to me as theymos told me the emails were still being sent but I certainly wasn't receiving anything as I had before.

Yes, that's what happened. I forgot about this, I'll fix it soon.
364  Bitcoin / Bitcoin Discussion / Re: Hacked BitcoinTalk Data Finally Surfaces On Dark Net on: September 06, 2016, 07:52:07 AM
What year did you change the hashing algorithm? From what I saw in the database some users who didn't logon after 2012 were not in it.

July 2012.
365  Bitcoin / Bitcoin Discussion / Re: Hacked BitcoinTalk Data Finally Surfaces On Dark Net on: September 06, 2016, 07:44:46 AM
I think that one extra step of security would be to have implemented a custom salt for every users password

Each hash has a unique 12-byte salt.

Also, from StackOverflow:

That's the same nonsense I was responding to.

Not all of the passwords in the database leak had that encryption :p

It's impossible to upgrade a user's hash until they log in, since their password isn't known. Those users never logged in since the hash algorithm was upgraded several years ago.
366  Bitcoin / Bitcoin Discussion / Re: Hacked BitcoinTalk Data Finally Surfaces On Dark Net on: September 06, 2016, 06:34:55 AM
I sent out a mass email about this right after the leak in 2015. People really should've changed their passwords then. This database has been floating around since then, so if you didn't change your password already and your password is sufficiently weak, then there's a good chance that your account would've already been compromised.

Let me just say that the encryption algorithm could've been stronger. For example, bcrypt or something like what Wordpress implements. Now THOSE are some tough hashes to crack.

That's a common misconception. There is no functional difference between bcrypt and sha256crypt, except that sha256crypt uses the industry-standard SHA-256 hash function while bcrypt uses a hash function based on the deprecated and obscure Blowfish encryption algorithm.

PHP uses a default bcrypt cost of 10, which is roughly similar to sha256crypt with rounds=1024. Python uses a default cost of 12, which is roughly similar to sha256crypt with rounds=4096. The forum uses sha256crypt with rounds=7500. The forum's hashes, while not uncrackable given weak passwords, are far stronger than those used by almost every other site.
367  Other / Meta / Re: Bitcointalk downtime, or just me? Edit: DDoS attack confirmed as per Theymos on: September 06, 2016, 12:23:53 AM
A DDoS attack takes a site down, it doesn't provide the attacker with any access.
368  Other / Meta / Re: Bitcointalk downtime, or just me? on: September 05, 2016, 11:31:20 PM
OMG! Is everything going to be okay? Can we expect more downtime? Please answer!

Probably there will be periodic downtime until they stop or until I figure out how to mitigate the attack.
369  Other / Meta / Re: Bitcointalk downtime, or just me? on: September 05, 2016, 10:37:32 PM
Yes, there was a DDoS attack.
370  Economy / Auctions / Re: Advertise on this forum - Round 185 on: September 05, 2016, 03:33:51 PM
Since only one person supported the change, I decided not to change the auction rules at this time. Thank you to those who gave feedback.

Again note that starting with round 184, the ad area will be slightly changed so that it has a maximum width and height, and any content outside of this space will be cut off. I don't think that most ads will typically be affected by this, but possibly certain ads will require redesign.

The change will be similar to:
<div style="display:inline-block; max-width:100%; min-width:100%; max-height:42px; overflow:hidden">
[your ad here]

At the time of this posting ad_test.html is not updated to take this into account, but it will be in a few days.
371  Economy / Auctions / Advertise on this forum - Round 185 on: September 05, 2016, 03:32:42 PM
The forum sells ad space in the area beneath the first post of every topic page. This income is used primarily to cover hosting costs and to pay moderators for their work (there are many moderators, so each moderator gets only a small amount -- moderators should be seen as volunteers, not employees). Any leftover amount is typically either saved for future expenses or otherwise reinvested into the forum or the ecosystem.

Ads are allowed to contain any non-annoying HTML/CSS style. No images, JavaScript, or animation. Ads must appear 3 or fewer lines tall in my browser (Firefox, 900px wide). Ad text may not contain lies, misrepresentation, or inappropriate language. Ads may not link directly to any NSFW page. Ads may be rejected for other reasons, and I may remove ads even after they are accepted.

There are 10 total ad slots which are randomly rotated. So one ad slot has a one in ten chance of appearing. Nine of the slots are for sale here. Ads appear only on topic pages with more than one post, and only for people using the default theme.


- Your ads are guaranteed to be up for at least 7 days.
- I usually try to keep ads up for no more than 8 or 9 days.
- Sometimes ads might be up for longer, but hopefully no longer than 12 days. Even if past rounds sometimes lasted for long periods of time, you should not rely on this for your ads.


Exact historical impression counts per slot:

Info about the current ad slots:

Ad blocking

Hero/Legendary members, Donators, VIPs, and moderators have the ability to disable ads. I don't expect many people to use this option. These people don't increase the impression stats for your ads.

I try to bypass Adblock Plus filters as much as possible, though this is not guaranteed. It is difficult or impossible for ABP filters to block the ad space itself without blocking posts. However, filters can match against the URLs in your links, your CSS classes and style attributes, and the HTML structure of your ads.

To prevent matches against URLs: I have some JavaScript which fixes links blocked by ABP. You must tell me if you want this for your ads. When someone with ABP and JavaScript enabled views your ads, your links are changed to a special randomized URL which redirects to your site when visited. People without ABP are unaffected, even if they don't have JavaScript enabled. The downsides are:
- ABP users will see the redirection link when they hover over the link, even if they disable ABP for the forum.
- Getting referral stats might become even more difficult.
- Some users might get a warning when redirecting from https to http.

To prevent matching on CSS classes/styles: Don't use inline CSS. I can give your ad a CSS class that is randomized on each pageload, but you must request this.

To prevent matching against your HTML structure: Use only one <a> and no other tags if possible. If your ads get blocked because of matching done on something inside of your ad, you are responsible for noticing this and giving me new ad HTML.

Designing ads

Make sure that your ads look good when you download and edit this test page:
Also read the comments in that file.

Images are not allowed no matter how they are created (CSS, SVG, or data URI). Occasionally I will make an exception for small logos and such, but you must get pre-approval from me first.

The maximum size of any one ad is 51200 bytes.

I will send you more detailed styling rules if you win slots in this auction (or upon request).

Auction rules

You must be at least a Jr Member to bid. If you are not a Jr Member and you really want to bid, you should PM me first. Tell me in the PM what you're going to advertise. You might be required to pay some amount in advance. Everyone else: Please quickly PM newbies who try to bid here to warn them against impersonation scammers.

Post your bids in this thread. Prices must be stated in BTC per slot. You must state the maximum number of slots you want. When the auction ends, the highest bidders will have their slots filled until all nine slots are filled.

So if someone bids for 9 slots @ 5 BTC and this is the highest bid, then he'll get all 9 slots. If the two highest bids are 9 slots @ 4 BTC and 1 slot @ 5 BTC, then the first person will get 8 slots and the second person will get 1 slot.

The notation "2 @ 5" means 2 slots for 5 BTC each. Not 2 slots for 5 BTC total.

- When you post a bid, the bids in your previous posts are considered to be automatically canceled. You can put multiple bids in one post, however.
- All bid prices must be evenly divisible by 0.05.
- The bidding starts at 0.25.
- I will end the auction at an arbitrary time. Unless I say otherwise, I typically try to end auctions within a few days of 10 days from the time of this post, but unexpected circumstances may sometimes force me to end the auction anytime between 4 and 22 days from the start.
- If two people bid at the same price, the person who bid first will have his slots filled first.
- Bids are considered invalid and will be ignored if they do not specify both a price and a max quantity, or if they could not possibly win any slots

If these rules are confusing, look at some of the past forum ad auctions to see how it's done.

I reserve the right to reject bids, even days after the bid is made.

You must pay for your slots within 24 hours of receiving the payment address. Otherwise your slots may be sold to someone else, and I might even give you a negative trust rating. I will send you the payment information via forum PM from this account ("theymos", user ID 35) after announcing the auction results in this thread. You might receive false payment information from scammers pretending to be me. They might even have somewhat similar usernames. Be careful.
372  Economy / Auctions / Re: Advertise on this forum - Round 184 on: September 05, 2016, 03:26:12 PM
9 @ .75

Sorry, I won't accept your bid for reasons I explained privately.

3 @ 0.35

You're too new, PM me first next time.

Auction ended. Final result:
Slots BTC/Slot Person
2 0.70 Bitcoin Kan
1 0.60 liqui
5 0.60 KiboPlatform
1 0.50 Stunna
373  Other / Beginners & Help / Re: Verifying Bitcoin Core on: September 04, 2016, 02:59:36 AM
Will a future version prevent an older version from connecting at some later point in time?

Yes, but it's done very rarely. Versions as old as 0.3 can still connect to the network, though versions between 0.3 and 0.7 have a random chance of rejecting large blocks unless you add a special DB_CONFIG file to the data directory. (Those version numbers are from memory, and might be somewhat off.)

Except in case of some catastrophic network event such as an attack by the majority of miners, you should generally have at least 6 months of warning before a backward-incompatible change is made, and probably more like 12-24 months. The change which made versions older than 0.3 incapable of connecting to the network was done with 2 years of advance warning.
374  Other / Beginners & Help / Re: Verifying Bitcoin Core on: September 03, 2016, 10:25:46 PM
Is there an issue if still using 0.12 core version.

No, there are no known problems with 0.12.1, and both the most recent major version and the previous major version are officially supported. So 0.12 will be supported until 0.14 comes out.

I recommend waiting a few months to upgrade on sensitive systems just in case any bugs are found.
375  Other / Beginners & Help / Re: Verifying Bitcoin Core on: September 03, 2016, 08:03:51 PM
in windows

Can a little more explanation

Step by Step


Hold down shift and right click on empty space next to the downloaded Bitcoin installer. Click "open command window here". In the box that comes up, type certUtil -hashfile SHA256 (if the file you downloaded has a different name, use that name instead). Push enter. The hash will be printed. Between every two characters of the hash there will be a space, but you can ignore those spaces.
376  Other / Beginners & Help / Re: Verifying Bitcoin Core on: September 03, 2016, 04:28:41 PM
Ok I tried saved the below text to a txt file:

You didn't copy-paste it correctly.

Putting it in a file as suggested will work. But in looking online, it seems to me that Ctrl-D should signal end-of-file on OSX. I don't know why it's not working. I've never used a Mac, though. Can anyone who does use OSX share their experience?

The warning about the signature not being valid is because you didn't do the lsign stuff that I mentioned in the guide.
377  Other / Beginners & Help / Re: Verifying Bitcoin Core on: August 30, 2016, 08:48:58 PM
Hashes in OP should be updated for 0.13 if possible.

Thanks, I forgot about that.
378  Other / Meta / Re: New investigations board & restrictions on posting personal information on: August 29, 2016, 11:59:48 PM
I had a thread of mine moved to investigations that did not meet the above criteria because no references to any online identity were made in the thread.

I agree with your interpretation of the current rules. I moved it back.

This is a situation which I only vaguely considered when writing the rules, so maybe in the future I will change the rules to better address this.
379  Other / Beginners & Help / Re: Verifying Bitcoin Core on: August 29, 2016, 03:52:01 AM
Just wondering, why a .torrent file instead of a magnet link? Since the file is stored at, there shouldn't be much difference.

On certain pages, when your session code is in the URL and it would be dangerous to click any external link due to the referer header that would be sent, links are disabled in all bbcode (including the news), and links show up completely expanded. Like:
Latest stable version of Bitcoin Core: 0.13.0 ( (New!) [Torrent (]. Make sure you verify it (

With a magnet link, whenever this happens, a huge chunk of the page would be annoyingly taken up by the full magnet link. It wouldn't be all that hard to fix this, but I decided to just save a bit of time by using a torrent file.
380  Other / Meta / Re: Can the mods see deleted posts? Is deleting/reposting allowed? on: August 29, 2016, 12:35:42 AM
If they're doing that in a way that is substantially annoying, or in order to bypass rules such as the bump limit, then it's not allowed.

Regular mods can't see posts deleted by users. Only admins can.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 ... 343 »
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!