|
I don't see a problem with it as long as he isn't actively impersonating him.
|
|
|
|
I'm glad to hear that, rock on  . |
|
|
|
Sorted. Remember, the secret question/answer is basically an easier to guess second password, and the hashes for the answer (that was leaked) was a simpler version of the password hashes (which means easier to brute force). Could it be that suspicious logins are filtered? I've never heard of accounts being banned for security reasons, would that protect any attacker from accessing information PMs?
He was likely banned by a global moderator until Theymos could give it personal attention, just as a security measure. Mod bans don't look like that, anything with something more than the generic "You have been banned by a forum moderator..." is admin applied. |
|
|
|
What if keypass goes down? I added one of my passwords to a password manager site and then later I couldn't log in. A trojan in your computer could read a passwords.txt file and then upload it to a command and control server. If you put it into the browser, it really is the same problem. Ultimately, a trojan could keylog your password in. I had a ten character password and according to grc's password haystack's page that was two weeks of super computer hacking. Now, considering everytime you add an interesting character you multiply the time it takes by the key space, one hundred should be more than enough. I copied the 63 random ASCII printable characters at the password generator at www.grc.com and put it into the password haystack's page at the same domain and got this for a massive offline super computer scenario: 1.27 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion centuries You should read up on the security on some of the password managers, it's pretty impressive, but nothing is perfect. The entire database is encrypted, typing the master password supports Secure Desktop, and the autotype functionality also fools most keyloggers with Two Channel AutoType. Also supports two factor with a master file, which can be on a USB stick or wherever else. |
|
|
|
If you are against sig campaigns then why are they still here? theymos disagrees with you?
No he agrees (in general, I don't know about the finer points), and there will be changes eventually. Lack of time, and a general unwillingness to significantly modify the current forum when a new one is under development are the main reasons it hasn't been done yet. BadBear...then why are the paid campaigns still allowed to continue? I myself have a flat rate so I am paid the same no matter what. It is a shame that these farmers ruined these campaigns for us non spammers. Either ban the campaigns or force them to some strong rules might do it?
Only a set amount of users
If members spam in your campaign - boot them or be shut down
No paid per post only a flat rate
Etc...
I think that would force the campaigns to pick only good posters and not farmers.
See above, and that would be a significant time investment to essentially run campaigns for them, with nothing in return. I'm also not sure how I feel about the forum inserting itself into the business deals of others. Seems a little... Big Brother-ish. |
|
|
|
As far as I know, there is a software here created by a mod to lessen out the visual quality of annoying signature ads. If you don't want to see ads, then you might find that software useful. There is no need to disable forum signatures imo, but yes, I can agree that post quality nowadays are lower compared to last year when there are only a few signature campaigns available to the users.
I agree, the post quality has declined, you see so many newbies with the 777coin signatures and they are posting useless stuff in useless topics just to get the couple satoshis from the signature. However, disabling the signatures will only remove the signature, not the useless post made by the signature user. But once signatures are disabled, you will see a drastic change on the number of low-quality posts that are related to signature campaigns. Low-quality posts and off-topic replies are sometimes made by newbies with their signatures so as to get a couple of satoshis. I myself do not support the idea of removing the signature, but maybe set another limit to newbies? Maybe they shouldn't be allowed to wear any form of signature until they reached the Jr. Member rank because as far as I can see, the most off-topic and nonsense posts are usually made by members with a newbie rank. I think the forum should add some special staff members to be very aggressive and their job is to hunt down spammers. Imagine a few dedicated signature spam hunters...might work? I think that personal signatures should always remain even if paid campaigns are banned. In my experience so far, banning has little effect, the compensation and incentive is too much. It doesn't really have the desired result of reducing the spam. This isn't a problem that can be solved with more moderation. Consider the change from post based ranks to activity based ranks a while back, you could make hero member in no time at all as long as you posted enough. A lot of people ended up getting banned, and eventually we went to activity based ranks. It removed the incentive to spam posts, reduced moderation, reduced bannings, and overall lead to a better forum. Leaving the cookie jar on the table and smacking people every time they try to take one, instead of just moving the cookie jar is a waste of time and ends up in lots of unnecessary conflict. Though sig campaigns have completely undone that, and we are back where we started. The reason I believe this will never happen is that a lot of people actually post on here due to the ads, and is what makes it very active. I guess theymos could perhaps disable ads for a week and see if the posting is still as wild as it gets these days.
This forum has existed for a long time without signature campaigns. Sig campaigns came about because this is an active forum. Sig campaigns actually harm the forum in several ways, and not just the random sig spam. 1. it decreases forum revenue via advertising 2. that in turn decreases compensation for staff 3. more spam, in conjunction with point 2 accounts for the current state of the forum 4. increases workload on staff, along with less compensation mentioned above, means things that aren't sig spam go unhandled 5. Broken windows theory, the presence of spam, then encourages more spam I'm gonna stop here because the rest will be subjective and just lead to more circular arguments, but I could go on. The forum only had the one ad spot for a reason, sig campaigns make it look like crap. If the competition would be too stiff, adding more spots would certainly be preferable to sig campaigns, maybe some of it could even go to posters, I don't know if that's legally feasible though, with tax concerns and all. Stopping it temporarily would have no effect, people would keep posting in order to "prove a point" and increase their activity for the inevitable return. |
|
|
|
|
Disabling signatures entirely would affect innocent users as well. A way to disable signature ads specifically would be good. Ignore certain signatures (which would ignore all of that type), and maybe an auto ignore at a certain point is probably the best solution.
|
|
|
|
Won't help, they'll just use multiple accounts.
Limit the amount of users a campaign can use and allow for only 1 account per IP to join a campaign We aren't going to start handing out user information to businesses here just to accommodate sig campaigns. Also not going to dictate the terms of other people's business deals for them. |
|
|
|
|
Won't help, they'll just use multiple accounts.
|
|
|
|
|
The post you were replying to was deleted, along with several others (13), all at the same time.
Looking at the thread there's a reply to your post that was missed though.
|
|
|
|
|
Yes, empty means there isn't one. Double check and make sure it's actually empty, and that there aren't any white spaces (cursor there, backspace and then delete).
|
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Confirming Badbear is Badbear, and not Goodbear or other variations of bears.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJVY0O5AAoJEKAjO3S1eXxPH40H/jvkkJhKUVxKB6a1whLFE08p
jIJi3qw1WkZPFkM9QWwNXNq+8p8bZxiC+0mIskITUiZBwLqgHgyogFf5FjWNnhSy
lhhmLLh6L+LxXtXg+6kITn2nEPiP+wiZRXkRWwzqRd5mh8c3I1hMMfnYa9DarQG3
hC+TjJXwHKvdYXL5FjcGv4HXGX0QMhXUzwodF05SWXJmH6v8uG3vn6QFej4XRVPd
kWWHh61GlzUAZix0EOxd/cvElgJW6Y8sWl/gH5qBnqhnHDTVnS4/cnQVLjgScyGF
QXVoLZG71Mjkgq+PFX8GRqatKIt/vzMvhBYz7DKKDM8NNzbLRRVexlb2MnpeTx8=
=QK2I
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 My account has not been compromised. -----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v2.0.8 Comment: https://keybase.io/cryptowsBcBAABCgAGBQJVY/MiAAoJEFkJihs2GslbzkkIAI7po8OksJfjdw1ufqBm6Vgb dh/qViHU1LCCeTTt/H0GNIdv+P/A6uG1cRX8JPuefLa96TeJVVrHNPbTVr5xg3Eb YpAJcW54FD1E5Y3v3xJ6vK6QDRJUZsJ32aMjngago8A1ZbfLCop58UvP9Wi1QTiV f6tOYmzfVA41Kxq3suQJa5yidTaPmJwE3neaa8UjSKS+/96n3H7AzjzLqjusaFDz VS7nT7ZVxrZhuxJ7YTZOWNtmfsXg2b483v9VfuybJ6alKNigcg7XPXy2LKDuysrN rD1JTF636tj4pbatHnTt1Sc8hoCgpVGNpYPtFxNwlERHjhGkWBDJulfuZn39kEI= =jsgL -----END PGP SIGNATURE----- If you're going to sign a message you should try to be more specific. The message you wrote does not specify which account or when. As such anyone can use it after compromising your account to claim it was not compromised. And if they managed to access your account they of course would delete the above post. At least now it's quoted, so we have a record of it.... His message is fine, PGP signed messages contain a timestamp, and are associated with your email address. |
|
|
|
Thanks theymos for the hardwork. I changed my password but not my email ID as I'm not sure if I should do it as the pwd used on this forum wasn't used anywhere else fortunately. I've not received any phishing email except this one yesterday:
You are receiving this message because your email address is associated
with an account on bitcointalk.org.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlVhiGI..........................
I hope the above message is genuine.
It is. Signed on 2015-05-24 04:14 by michael_m+pgp@mm.st (Key ID: 0xDAB591E7). The signature is valid and the certificate's validity is fully trusted. What is theymos's GPG key? Is it published somewhere official? I received the signed email but I can't find a verified source with the key.
All PGP keys are hosted on public keyservers. They're also hosted on the forum's servers, though you shouldn't rely on that solely. https://bitcointalk.org/theymos.asc, https://bitcointalk.org/BadBear.aschttps://pgp.mit.edu/pks/lookup?search=theymos&op=indexFor the record. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Confirming Badbear is Badbear, and not Goodbear or other variations of bears.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJVY0O5AAoJEKAjO3S1eXxPH40H/jvkkJhKUVxKB6a1whLFE08p
jIJi3qw1WkZPFkM9QWwNXNq+8p8bZxiC+0mIskITUiZBwLqgHgyogFf5FjWNnhSy
lhhmLLh6L+LxXtXg+6kITn2nEPiP+wiZRXkRWwzqRd5mh8c3I1hMMfnYa9DarQG3
hC+TjJXwHKvdYXL5FjcGv4HXGX0QMhXUzwodF05SWXJmH6v8uG3vn6QFej4XRVPd
kWWHh61GlzUAZix0EOxd/cvElgJW6Y8sWl/gH5qBnqhnHDTVnS4/cnQVLjgScyGF
QXVoLZG71Mjkgq+PFX8GRqatKIt/vzMvhBYz7DKKDM8NNzbLRRVexlb2MnpeTx8=
=QK2I
-----END PGP SIGNATURE-----
|
|
|
|
|
Ban evasion and trolling.
|
|
|
|
|
You're using it wrong. Watchlist was created as a replacement for show replies, largely because of this, and because you couldn't follow a thread without posting in it.
Watchlist has all the same features as show new replies, and more that are missing like this. Use it instead.
|
|
|
|
|
Minus time restrictions, same for everyone.
|
|
|
|
I want to ask what are the conditions to retrieve your banned account/s?
Lesson Learned.
I gave you a chance already when I temp banned your accounts initially. Then you continued posting on yet more accounts. Do you feel you deserve yet another chance? |
|
|
|
|
Your trust score has nothing do with whether your feedback shows up as trusted or not.
For your feedback to show up as trusted, you would need to appear in one's trust list, or extended trust network (ie joe has bob in his trust list, bob has you in his trust list, then you are in joe's trust network and your feedback would be trusted).
|
|
|
|
Libeler (OP) has default trust T2, libeler's victim (me) was wiped from T2=injustice done.
You are both in the default trust network at depth 2. I think BadBear recently added him to his trust list. TBZ was not previously in default trust network (level 2) for a while now. Maybe I'm blind? https://i.imgur.com/Upm5ZFv.jpgNot blind no, but relying on a snapshot of a trust list at a single point in time is going to give you outdated information, trust lists aren't static. I did add you back to my trust list. |
|
|
|
|
I remove or limit them sometimes when they are either excessively annoying or distracting, they definitely shouldn't be interfering with other topic subjects.
|
|
|
|
|
Show Posts
