ipb

This seems to have been resolved. Please try editing your old posts before creating new topics.

As a consequence of our rebuilding the posts table manually, you will not be able to edit old posts. Posts made after approximately 1PM EST today should be editable, but posts prior to Sept 18 may not be editable. For non-swap posts, just post a link to your previous post and respond. For swap posts, report your old topic for closure and start a new topic.

Our weekly scan to make sure there aren't any table errors found some in posts, and it took awhile to be able to fullly recover them due to a miscommunication between us and tech support, It's fixed now.

The sessions table crashed sometime last night, and when I did a full system repair, the cache & posts tables crashed because there wasn't enough space where the database does repairs. It's all better now.

I added a new rating for the swap feedback that asks whether or not you would repeat the experience. Feel free to update your previous feedback to reflect it! (Note: not doing so won't mess up their 'Would you do it again?' overall rating.) I'm also in the process of adding "eBay handle" and "Primary livejournal handle" to the profile custom fields! Let people know what your eBay handle and LJ handles are!

As an extra incentive for the members that haven't yet used our feedback system to leave swap feedback, we now offer 1 reward point for each review written. For the 210 brave souls that have pioneered the swap feedback reviews, you have retroactively been awarded your points. ETA: And for those who haven't noticed, the warnings and reward points are back to automagically decaying/adding up (respectively).

Anything listed here for swap / etc (both proper thread and off-site links) must adhere to the Lab's aftermarket requests in addition to our own restrictions. Specifically: 1) No derivative products can be swapped, sold, etc. 2) No listings for non-BPAL/BPTP/TAL products being "for BPAL" or the like. Posts will become invisible, and links may be removed without notification. Continued abuse of this can result in warning or losing the ability to access the Swaps forum or editing your profile.

http://www.bpal.org/index.php?showtopic=8008

Something SV didn't mention about the feedback engine is that there are links in everyone's profile (under the "Information" section) that go straight to that person's feedback.

The swaps feedback, links, and gallery are finally live! I hope y'all find the swaps feedback useful, and if there are things you want to see changed, please mention it here, Forum Ideas, or shoot me a PM. There's a great deal of things I can't change (the core of the program is encrypted), but there's a great deal that I can. I've already modified a HUGE amount of the code to get it to work with the forum and to look nice -- it originally looked something between this and this. And you know us, we don't like those ugly, bland default layouts! In other news, the "original poster can view invisible threads" modification works again -- and I'm sure those who have been dinged for price cap violations will be much relieved to have direct access to their topics once more, as well as those who start decant circles (so they can report 'em to be checked). In unrelated news, I've been working on my new pet project: moving my foodie ramblings from LJ over to a proper food blog. I've got about 12 of 62(ish) entries over, and then I have a ton of recipes here and already on my site that I want to move over... I think I should be done in about two weeks. My friend Mike is supposedly making a layout for the blog (not because I can't, but because he got inspired by the name), but until then, I'm just using a public template.

Roar, one of the mods that I've been wanting to install for ages (a mod that basically takes images more than 480px wide and resizes them to be 200px wide) isn't working with the changes with the latest update. This makes me sad, very sad. Another mod that's making me sad? The trash can mod. Boo, hiss! Another thing making me sad? AFAIK, the chat is still broken. And this is something I absolutely cannot fix because we don't host it! What's making me happy? Our links engine works. Our gallery works. Our feedback works. I fully expect that we should be announcing them as "live" this week, as soon as we get our ducks in a row. Entry title: April Showers / April Tears.

We're pleased to announce the lastest addition to our reward points perks! Now, in addition to being able to reduce warning levels, purchase additional PM box space, upload an avatar, and changing your member title, you can purchase the ability to change how your name is displayed! For 250 points, you can opt for an unlimited name change package, that will actually let *you* change your name at-will via the Control Panel, with a minimum length of 45 days between name changes. If you opt for the case-by-case package, the first display name changed is FREE! Additional display name changes will run you 50 points. NOTE: any name changes that have been requested at the time of this posting and not completed do not count towards your free display name change. In both cases, the handle you use to log in will not be altered. An updated list of things you can exchange your reward points for: Unlimited display name changes (250 points) Custom member title one time (100 points) Upload an avatar one time (100 points) Expand PM box by 25 messages (100 points) Reduce warning level (75 points) Case-by-case display name changes (1st one free, each additional, 50 points) How can you exchange your reward points? Just PM shriekingviolet or myself, letting us know what reward you want!

You know, it's really funny... there seems to be two kinds of people in Mensa: those with enough class (or whatever) to not constantly talk about it, and those who are so invested in "being the smart one" that they can't help constantly talk about it.

Always wanting to improve the process of how the updates are done (so to avoid massive amounts of downtime), we tried something new this time. It worked out pretty well - we were down for.. well, I'm not particularly sure how long we were down. I was working on some tweaks to our mod center when it went down, and the upgrade happening meant I couldn't continue, so I ended up running errands and by the time I got back (about 45 minutes later), it was all up and running. Much better than the six hours plus of downtime the last time we did a major upgrade!! In other forum notes, we ended up switching the link engine software code, because what we originally purchased was not as integrated with invision as it claimed to be, and it turned out to be incredibly difficult to get it to work. And I say that as someone who had to entirely rewrite how the swaps feedback integration worked (though, part of that is because we had a double-integration going on; instead of just having an integrated log-in, I also had to tie in the "items being reviewed" into the forum). We just have a little bit more to do with it before we'll put it up as live, mostly procedural issues. Completely unrelated: I don't believe I mentioned it here, but we did have a small hiccup a few weeks ago -- some corrupted tables. Thanks to our "lessons learned" from last March, instead of being down for two weeks, it was dealt with so quickly that I doubt many people even noticed the downtime. And now I must jump in the shower so I can head to work! Ta. Entry Title: Love (Side note: of all the bootlegs, this studio demo is probably one of my favorites. Once they move everything to iTunes, you should totally try it out.)

We actually have a topic called "what is this oil?" in the FAQ section for just this sort of question...

ew ew ew ew ew. i couldn't force myself to smell it more deeply to give a description. just, yuck. and it's really, really strong, and in a bad way. ironically, one of the perfumes that i enjoy much (voodoo) has it in it, but the myrrh and other oils balances it out into something enjoyable. resmelling voodoo, i could smell a hint of it.

It's been about a year, and we've grown alot in the interim. This is just a reminder that while swapping is an at-your-own-risk activity, we do keep track of people who habitually fail to follow-through with swaps arranged here on the forum. People who swaplift excessively are banned from swapping until they have resolved all of their outstanding swaps. In order to do that, we need to know who is swaplifting. You may think 'Oh, I'm the only one, and it was just one bottle' but it can add up quickly. Most swaplifters that get reported here are usually at around $50 of oils that they haven't followed through with, but a recent massive swaplift incident was around $500 -- one that would have been prevented if people had come forward before it was too late. The ONLY way we can prevent swaplifters from amassing such a large scale swaplift is by you, the members, letting us know that it's happening. So please, if you arranged a swap here at the forum, and it's been one month since the swap was finalized, and items haven't arrived and your swap partner isn't responding to communications or hasn't been around the forum: let one of our swap mods (cupide430, grrrlennyl, Scylla, Silvertree, twistygirl) know via PM! Please include any relevant correspondance and dates, and copy your swap partner in the PM so they are aware that they have been reported as a swaplifter. Thank you!

It is very important that if you elect to report something as having been swaplifted, you let us know if it does comes through or that something has been resolved to your mutual satisfaction, as we DO ban people from the swaps area based off of the number of active reports.

Sooo, how do you think it went?

So, we were hacked. 99% annoyance, 1% actual damage done. The hacker yoinked the password hashes from the first 50 users, injected some malware iframes into one of the skins, and attempted to inject code to let him come back and fuck around (foiled!). We ended up going through and reinstalling the forum from scratch, and fixin' stuff. We're keeping track of who changes their passwords when, but nothing is being done with it yet -- it may turn into a security mod, requesting a change of password on an annual basis. Entry title: Voodoo Dolls.

WHAT OCCURRED At 6:49 am (CST), we were hacked by someone with a Russian IP address. As many of you noted, he was able to insert a pair of iframes into a few skins. I was notified at 9.37 am (approximately 90 minutes after he inserted the iframes) and closed the forum until it could be cleared up. He was also able to access everyone's cookie login information. He did NOT access PMs or other personal information, just the skins and the cookie logins. He has, however, returned at least three times since the initial attack - but not at all since we have implemented security measures. WHAT WE HAVE DONE We have given the forum a fresh install, and have added additional security measures to the forum, as well as applied a recent security update that fixes this specific problem. The IP in question has been banned, as has the individual and their email address. We have also reported this incident to Invision, in case it was a new hack. It turned out to not be a new one, but it's recently been very active. WHAT WE ARE DOING We are actively looking into ways to additional measures to prevent unauthorized access to the web-based administrative controls. WHAT YOU NEED TO DO While we use a double encryption scheme on the passwords, and your password was not actually accessed, it is still VERY important that you change your password immediately and destroy your old cookies from bpal.org (manually or by clicking this link). You should be changing your password frequently, at least every 2-4 months, and use strong passwords. We will be conducting a "password changing" audit later this month to ensure that everyone has changed their password. Individuals who do not change their password by approximately mid-July will eventually lose access to the forum. FAQs Q: How did they find us? A: Our logs indicate that he found us using a simply search engine query - just as you may search for information to travel, spoilers, restaurants, etc, the hacker was searching for a specific kind of forum and version. Q: Does he now have my password? A: It's entirely possible, depending on the sophistication of the hacker. While our passwords have a special scheme that is not standard for most bulletin boards, it does rely on an encryption scheme that was recently broken. The hacker would have to know exactly how we encrypt our passwords, have the list of encrypted passwords and any added information, have a decrypting programs for each method of encryption, and know how and where to undo the special multiplication and string smooshing (taking "c" and "at" to create "cat") that is done to our passwords. Considering the number of things that could have been done and wasn't, I don't believe that this particular hacker is that sophisticated. It would still be a good idea to change your password if you use that password elsewhere with that email address, and we are requiring everyone to change their password. Q: What does you mean when you by "a broken encryption scheme"? A: There are decryption programs where you put in an encrypted passphrase and it returns the original password. For instance, if your password was "dog" and the encryption method was to reverse the phrase and add a 5 at the end of the phrase, your encryped password would be "god5". If someone entered in "god5" in a decryption program for that method, the program would tell them that the original word was "dog". Q: What does this mean for other sites I use that password on? A: He does not have your username, only the email address you registered with. The worst case scenario is that he has your email address and the password you used on the forum, in which case the only sites that could be affected are the ones that use those email addresses with your password. Change your password at all sites with this email address and password, and you will be fine. The best case scenario is that all he can do is attempt to use your account to login to the forum and try to hack it again. If you use Paypal or eBay with the same email address and password, I strongly recommend you change your passwords there as well -- it is ALWAYS better to be safe than to be sorry. Q: Was that a virus or what? A: On our end, it was not technically a virus, or a trojan -- after gaining administrative access to the forum (but not our server), he installed an advertisement/malicious spyware in one of the skins. I use Firefox, have a variety of pop up/pop under blockers (one of which blocks all iframes from domains other than the one you want to be on), and use skin that was not affected, so I did not get a chance to see what exactly they were doing outside of what they did to the forum. BUT, the redirection may have been a trojan. If you have any additional questions, please ask them in this topic.

Yesterday, around 11am (CST), we managed to fill up the part of the hard drive that holds the database. Whoops! We had our tech people move things around, and now we've got 10x more space over in that drive (which should be good for a few more years, anyway). But as a result of filling up the hard drive, our tables corrupted like whoa (sessions, posts, topics, and the two PM-related tables). BEFORE we realized we had filled that part of the hard drive, repairs were made, and in the repairs, the topics data was lost, so we had to restore it from our backup. The three topics that would have been lost were manually recovered, so in the end, nothing was actually lost (yay!). In other forum-size news, we're about 500 posts from hitting 500,000!

No, I just took the FE ... may take the PE for Controls in NV next April if I passed, though.

No, I just took the FE ... may take the PE for Controls in NV next April if I passed, though.

Starting today, we are handling price cap violations slightly differently. We have found that with over 70 price cap violations to date, it's harder to track the way we have been doing, and many violations have been going unmarked. These changes are not very different from our current policy, except that we now use the warning system to keep records of previous price cap violations. Even after 90 days, price cap violation warnings will remain in the warning log for moderator records, but they will not affect your warning level after 90 days. Warnings for things other than price cap violations (such as for duplicate topic) will NOT affect your access to the swaps forum. First price cap violation: After the first price cap violation, a reminder will be issued. Second price cap violation: After the second price cap violation, a warning will be issued. This warning will NOT be reversed upon fixing the violations. Third price cap violation: After the third price cap violation, the individual will be suspended from the swaps are for two months. A warning will be issued. Fourth price cap violation: After the fourth price cap violation, the individual will be permanently suspended from the swaps. No warning because they can't commit the offense any more. Since Decant This pro-actively deals with the pricing issues (eg, the pre-approval of all threads), it will NOT be affected by this. Swaps, For Sale, and Wanted WILL be. Over the next two weeks, we will be retroactively adding warnings to the warn log for price cap violations. Warnings over 90 days old will be neutralized after we add in all of the price caps, but you may see a temporary rise in your warning level.