Bitcoin Forum
May 19, 2019, 01:58:27 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 428 »
1  Economy / Auctions / Re: Signature space - Global Moderator - 5800+ posts - around 50 posts/month on: May 09, 2019, 10:01:34 PM
Bump
2  Alternate cryptocurrencies / Tokens (Altcoins) / MOVED: [ANN] Borocoin (BORO) - Dividends in Ethereum every month ! on: May 07, 2019, 07:45:58 PM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=5139349.0

On-forum altcoin giveaway / Incentivising posting within specific threads. See:

https://bitcointalk.to/index.php?topic=2103690.0
https://bitcointalk.to/index.php?topic=434310.0
3  Alternate cryptocurrencies / Bounties (Altcoins) / MOVED: [AIRDROP] IEO 🔥🔥🔥 $1M MENAPAY - 1,000,000 Token on: May 05, 2019, 03:50:03 PM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=5139378.0

On-forum altcoin giveaway / Incentivising posting within specific threads. See:

https://bitcointalk.to/index.php?topic=2103690.0
https://bitcointalk.to/index.php?topic=434310.0
4  Bitcoin / Press / MOVED: Craig Wright Officially Sues Roger Ver, Is this becoming normal behaviour? on: May 05, 2019, 03:48:53 PM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=5139511.0

Wrong format - missing date.
5  Alternate cryptocurrencies / Announcements (Altcoins) / MOVED: 🚀🚀 [ANN] ⭐7ELEVEN - SMART APPLICATION ⭐🚀🚀 on: May 04, 2019, 01:09:40 AM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=5135462.0

On-forum altcoin giveaway / Incentivising posting within specific threads. See:

https://bitcointalk.to/index.php?topic=2103690.0
https://bitcointalk.to/index.php?topic=434310.0
6  Alternate cryptocurrencies / Bounties (Altcoins) / MOVED: [BOUNTY] Pngme - Mobile Finance App - Telegram Airdrop ($52 in Pngcoin at IEO)🔥 on: May 03, 2019, 06:17:06 AM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=5137168.0

On-forum altcoin giveaway / Incentivising posting within specific threads. See:

https://bitcointalk.to/index.php?topic=2103690.0
https://bitcointalk.to/index.php?topic=434310.0
7  Other / New forum software / Re: 59 packages used in Epochtalk, why ? on: May 02, 2019, 09:43:21 AM
All three of those XSS things are relatively minor and pretty much require admin access to exploit (only admins can enable/disable maintenance mode, only admins can manage packages and only admins can use the html tag). At that point you're pretty much screwed anyway.
Yet those are still XSS exploits that would've never even been present had the developers paid more attention to security when starting the project. XSS is one of 3 (the other being SQL injection and CSRF) most common (and thus often easiest to exploit) security exploits. Exploits that many web development frameworks include protections for by default (e.g. Django). If someone decides to build consumer-facing web software from scratch, one that should be able to withstand constant poking and prodding, making sure that these exploits are patched by default (either through libraries or writing their own abstractions for processing user input, fetching DB data and processing form data) should be their top priority. In the end, the core issue isn't the exploits themselves - it's the development process that let them slip past unnoticed.

With that said, I can't really blame the SMF devs that much - the software (at least according to the changelog's chronologically first entry) is around 15 years old. Couple that with the fact that it's a community-driven project and the resulting software is bound to have some holes in it. Future proofing non-enterprise software to withstand 15 years of intense scrutiny is a bit of tall order, especially for something started in the mid 00s. However, that still leaves Bitcointalk with the need for something more secure and fitting to handle it's use case.

If security is so important, wouldn't it be better to spend all that time and money helping a project that has helped you instead of reinventing forum software? Isn't that the whole point of Open Source?
Fair point. The reality of the situation is that it's much easier to write code than to read it. Improving and patching legacy systems is a massive pain compared to developing something from scratch, especially when you have a sufficient budget for it. Obviously, starting over has it's own issues (having to reimplement a plethora of functionality the old software already has), but if you are trying to develop something bulletproof and the old software's structure wasn't designed with security as the number 1 priority in mind, starting over might be your best option.

With all of this in mind, I can't really say whether starting over from scratch was the best option but there's definitely merit to the idea of avoiding existing projects and starting over. Then again, as you've mentioned, there's also merit to contributing all that development effort towards an existing open-source project. I guess we'll see if starting over was a good idea when (or if) this gets deployed to Bitcointalk.
8  Other / New forum software / Re: 59 packages used in Epochtalk, why ? on: May 01, 2019, 04:55:42 AM
Stick with SMF:
Everyone is used to this system
<...>

EpochTalk:
Completely new system for people to get used to
<...>
Users will likely have to reset their passwords
It's an online forum - the core concepts are still the same. Sure, people are going to need to adapt to changes in where certain function can be found, but I'd say the current forum software scares off more new people yearly than it would lose if old users had to adapt to a somewhat different forum software package.

EpochTalk:
<...>
Someone has to write a system to convert all the data from this forum to the new one
Someone has to write a system to redirect all the URLs that have been indexed in search engines to the new ones
That's part of the development specifications.

Stick with SMF:
<...>
You can get new features and a modern design whenever the admins decide to upgrade (though that seems like it isn't going to happen now)
And lose all the custom features already implemented into the old SMF 1.x (or, again, have to hire people to reimplement them). And introduce a plethora of security flaws not present in the already heavily patched SMF version that the forum uses.

I wouldn't call SMF 2.0's default theme modern either. It's better than what we currently have, but it's far from modern.


Stick with SMF:
<...>
Proven stability and reliability backed by a strong community
The forum's SMF software has already been hacked... twice: https://bitcointalk.to/index.php?topic=4405796.0

Causes for the aforementioned hacks:

While a small SMF forum might not need bulletproof security (hence why extensive and expensive audits aren't particularly common in open-source forum script development), Bitcointalk, the first and largest dedicated cryptocurrency forum, probably does.

And yet you're still two versions behind in SMF 1.1...

Plenty of other sites (both large and small) still use SMF without any issues. Nothing is guaranteed to be bulletproof.
And those 2 versions fix a total of 3 (rather basic) security flaws and none of the flaws that caused the forum to get hacked:

Quote
SMF 1.1.21                                            April 22 2015
===============================================================================

January 2015
-------------------------------------------------------------------------------
 ! XML post preview was broken in 1.1.20

SMF 1.1.20                                                       October 1 2014
===============================================================================

September 2014
--------------------------------------------------------------------------------
 ! XSS possibility if HTML used in maintenance mode title (Reported by guest)
 ! Various parts of the package system could allow XSS attacks (Reported by Arantor)
 ! Add session check to post preview to prevent XSS from html tag through forged forms (Reported by emanuele)

The fact that the last versions were still fixing XSS security flaws really says something about the amount of attention dedicated to security.

While plenty of sites use SMF, very few of them are such big targets. Alongside the fact that classical forums are dying (and thus it's getting harder to find bigger ones as time passes), very few of them cover topics with enough politics and financial interest to warrant continously attacking the forum.
9  Other / New forum software / Re: 59 packages used in Epochtalk, why ? on: April 30, 2019, 02:49:23 PM
Stick with SMF:
Everyone is used to this system
<...>

EpochTalk:
Completely new system for people to get used to
<...>
Users will likely have to reset their passwords
It's an online forum - the core concepts are still the same. Sure, people are going to need to adapt to changes in where certain function can be found, but I'd say the current forum software scares off more new people yearly than it would lose if old users had to adapt to a somewhat different forum software package.

EpochTalk:
<...>
Someone has to write a system to convert all the data from this forum to the new one
Someone has to write a system to redirect all the URLs that have been indexed in search engines to the new ones
That's part of the development specifications.

Stick with SMF:
<...>
You can get new features and a modern design whenever the admins decide to upgrade (though that seems like it isn't going to happen now)
And lose all the custom features already implemented into the old SMF 1.x (or, again, have to hire people to reimplement them). And introduce a plethora of security flaws not present in the already heavily patched SMF version that the forum uses.

I wouldn't call SMF 2.0's default theme modern either. It's better than what we currently have, but it's far from modern.


Stick with SMF:
<...>
Proven stability and reliability backed by a strong community
The forum's SMF software has already been hacked... twice: https://bitcointalk.to/index.php?topic=4405796.0

Causes for the aforementioned hacks:

While a small SMF forum might not need bulletproof security (hence why extensive and expensive audits aren't particularly common in open-source forum script development), Bitcointalk, the first and largest dedicated cryptocurrency forum, probably does.
10  Economy / Auctions / Signature space - Global Moderator - 5800+ posts - around 50 posts/month on: April 26, 2019, 02:02:42 AM
I'm auctioning off my signature. I make on average around 50 posts per month. The rules for this auction are:

  • No NSFW content.
  • No scams or shady businesses.
  • No [glow] tags.
  • I have the right to reject bids or advertisements. You can offer a different one of course.
  • I have the right to shorten, extend, restart or cancel the auction at any point in time.
  • If a user's rank is lower than Member and the bid increase (compared to the last valid bid) is bigger than 0.005 BTC, he has to send in the bid (or the increase if it's not the user's first bid) to 3PL5BStNmwzn8YfEfx4NX2vm5ZYgyeJ92c or the bid is invalid. If the user in question doesn't win the auction, the bid amount minus the miner fee (may vary; depends on current state of Bitcoin) will be sent back.
  • If the service turns out to be a scam, I'll remove the ad and your money will not be refunded.
  • The auction winner must provide payment and the signature ad code within 48 hours of a request via PM.
  • Your signature will have an "Advertisement: " text before it, a notice and should fit within the following example:

Quote

Advertisment:
<Advertisement here>
|  Some sort of
|  text of mine
  |  Websites advertised in my signature are not endorsed by me.
  |  Advertise in my signature

The minimum bid is 0.02 BTC, the bids should be evenly divisible by 0.005 BTC. The auction will end on May 22nd when this thread is closed if there is at least 1 valid bid. If there isn't one, it'll end 3 days after the first valid bid is placed. The winner's advertisement will run for 1 month.


Examples for both valid and invalid bids:
Quote
0.02 BTC <------- VALID
0.01 BTC <------- INVALID, lower than minimum bid

0.03 BTC <------- VALID
0.0325 BTC <------- INVALID, bid is not evenly divisible by 0.005 BTC

0.10 BTC <------- VALID
0.2556642 BTC <------- INVALID,  bid is not evenly divisible by 0.005 BTC

P.S. Custom offers (that DO NOT include me removing either of the advertisement notices ("Advertisment:") or ("Websites advertised in my signature are not endorsed by me.") ) are welcome via PM though keep in mind that the price of advertising will be much higher.
11  Other / Meta / Re: BitcoinTalk++ script - v0.2.96 on: April 22, 2019, 10:21:22 PM
Hey guys, is this project completely dead? I was really enjoying it for years. Should I go ahead and kill the VPS that the database is on?

Or is anyone still able to use it

Or maybe @jackjack we could get you to get 'er running again?

jackjack has long been banned.
*locked due to security reasons.
12  Alternate cryptocurrencies / Service Announcements (Altcoins) / MOVED: [ANN] Nexybit (NXY) - Token Mining Exchange / Trans-Fee Mining Exchange on: April 21, 2019, 05:48:56 PM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=5072276.0

On-forum altcoin giveaway / Incentivising posting within specific threads. See:

https://bitcointalk.to/index.php?topic=2103690.0
https://bitcointalk.to/index.php?topic=434310.0
13  Economy / Auctions / Re: Signature space - Global Moderator - 5800+ posts - around 50 posts/month on: April 21, 2019, 09:15:34 AM
I request an additional day to bid in case of auction snipers, if there are none we can proceed
The auction will end on the date mentioned in the OP. You are free to bid until then.
14  Economy / Invites & Accounts / MOVED: Selling verified, Skrill/PM/Neteller/PP/Payza/Advcash/Okpay/Payeer accounts. on: April 20, 2019, 12:01:04 AM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=4899135.0

Sale of illegal goods.
15  Alternate cryptocurrencies / Announcements (Altcoins) / MOVED: [PRE-ANN][POS/MN][BOUNTY][ARBX] Arbinex project - Arbitrage trading plartform on: April 18, 2019, 12:23:23 PM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=5126840.0

On-forum altcoin giveaway / Incentivising posting within specific threads. See:

https://bitcointalk.to/index.php?topic=2103690.0
https://bitcointalk.to/index.php?topic=434310.0
16  Bitcoin / Bitcoin Discussion / MOVED: Are free BTCs real??? on: April 17, 2019, 08:06:23 PM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=5133001.0

Ref spam.
17  Economy / Auctions / Re: Signature space - Global Moderator - 5800+ posts - around 50 posts/month on: April 17, 2019, 05:26:23 PM
Bump
18  Other / Meta / Re: How Many Years on Bitcointalk? Take the Poll! on: April 17, 2019, 05:22:08 PM
7+ years for me. To avoid repeating myself, I'll just requote a few snippets of stuff I mentioned over the years:

I've started lurking around mid to late 2011
I was looking for a way to earn online a year ago and found an article about mining bitcoins. Then I researched it a bit and forgot about it until now.

Didn't really join for any political reasons - I liked tech, self-sustaining systems, money, business and discussions. Bitcoin combined the first 3, while Bitcointalk finished off with the last 2.

It's strange - I recall the number of years I've been here as well as a vague timeline of events I've gone through. But only when I start digging through old posts is when I grasp how much things have changed, both in general as well as on a personal level. Some for better, some for worse. But that's life for ya, I guess.
19  Alternate cryptocurrencies / Announcements (Altcoins) / MOVED: [ANN] Safe Seafood Coin POW/POS Home of SSHT Storage on the Blockchain on: April 16, 2019, 03:01:04 PM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=5120940.0

On-forum altcoin giveaway / Incentivising posting within specific threads. See:

https://bitcointalk.to/index.php?topic=2103690.0
https://bitcointalk.to/index.php?topic=434310.0
20  Alternate cryptocurrencies / Announcements (Altcoins) / MOVED: [ANN] [ICO] [AIRDROP] [GSA] [MN 75%,POS 25%] GlobalSmartAsset 700000 GSA Airdrop on: April 15, 2019, 06:05:45 PM
This topic has been moved to Trashcan.

https://bitcointalk.to/index.php?topic=5131879.0

On-forum altcoin giveaway / Incentivising posting within specific threads. See:

https://bitcointalk.to/index.php?topic=2103690.0
https://bitcointalk.to/index.php?topic=434310.0
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 428 »
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!