patrick.net

@Patrick: your certificate has expired.

FuckCCP89 says

Patrick: your certificate has expired.

Thanks for telling me @FuckCCP89

Should be fixed now. I really need to automate that.

Can you develop a way to flag Threads as official Threads for a topic, i.e. the Cat Thread, the Funny Picture thread, the Political Thread, this Thread, the Corona Thread, the 2016 official election thread, not every thread can do it, but perhaps after a threshold of replies has been reached they fall into that list. And have their own link like the Best or Random threads.

Tenpoundbass says

Can you develop a way to flag Threads as official Threads for a topic, i.e. the Cat Thread, the Funny Picture thread, the Political Thread, this Thread, the Corona Thread, the 2016 official election thread, not every thread can do it, but perhaps after a threshold of replies has been reached they fall into that list. And have their own link like the Best or Random threads.

Not a bad idea. I'd like to see the ability to merge threads. I'm fueling the flames, but we've got 3-4 crypto threads going in the last 2 weeks. Only having one would be less annoying to the users that know crypto is crap and don't want to see it.

OK, tell me which threads to merge, and which title should remain.

Patrick says

OK, tell me which threads to merge, and which title should remain.

Exactly.

I didn't mean to nuke any threads, or go thread Nazi on other threads. There just seems to be some threads that endure, if you know what I mean.
This one for example, there are just standard threads, that get revisited time and time again for a certain topic.
A flag that a moderator could flag when they think a thread has reached that status to show up in the (unofficial) official thread list.

@Tenpoundbass How about just looking at the "comments" tab on the home page, which sorts by a thread's total number of comments?

https://patrick.net/?order=comments

All the most commented threads pop to the top then. So you could call those your "standard" threads.

I remember a fun story about bubbles at the museum of finance on Wall Street.
Everyone knows about the "tulip mania" in Holland.
Besides tulips, once olive oil was considered very good as an investment, an important commodity.
A guy in New Jersey had giant tanks of it and attracted LOTS of money from investors.
But this bubble popped, as someone found out the tanks were actually full of water, with just a layer of olive oil floating on top.
Enjoy your "digital olive oil" boys.

All twitter links should be auto changed to a nitter link. Or maybe show both, letting the user choose which link to click.

The nitter instances occasionally get nuked or go down.

Both is a good idea.

I'm in the middle of another bit project, but will get to this eventually.

I have a suggestion, a hard link for general topics to get off the plantation.

How about a link that always shows up on the page (somewhere) that just allows people to post suggestions to alternatives to big tech?

Different search engines, different social media platforms, different video sites, and maybe at the top just more suggestions? Allow people to talk about anything that isn't "mainstream". Mainstream is generally captured.

I just discovered https://www.twitch.tv tonight.

Thanks @richwicks

I don't quite understand though. Just a list of alternative tech?

Patrick says

Thanks @richwicks

I don't quite understand though. Just a list of alternative tech?

Alternative communication systems.

People are trapped into what they are used to, simply because they are unaware there are other systems they can use.

How to post literal asteriks?

I want to post:



But the asteriks get parsed into html:

a b c = xyz

a %2A b %2A c = xyz

Lol, I had not considered this problem. Let me think for a minute...

*

OK, you can do it with:

& # 4 2 ;

If you remove the spaces. Sorry about the trouble @Tenpoundbass

richwicks says

Alternative communication systems.

People are trapped into what they are used to, simply because they are unaware there are other systems they can use.

Not saying mine is a great suggestion, just a silly one perhaps. But using dancing men to communicate, like in that Sherlock Holmes book where instead of letters they used predefined dancing men to hide communication. It's not exactly encryption and is pretty easy to break, but a neat concept with deniability.

I apologize if this was already suggested, but is there a way to allow copying an image and pasting it directly in a post without having to save it to disk and then upload it?

Would it be difficult to implement a reply limit per thread for anon's? I think it's fine if an anon wants to post a few replies here or there, but if they want to get deep into debate, I think they should have to reveal themselves so we can recognize those who may just be trolling, or if we want to use the ignore feature.

There are websites that allow you to setup temp email accounts with no personal info, so this wouldn't really force anyone to give away anything.

porkchopexpress says

allow copying an image and pasting it directly in a post without having to save it to disk and then upload it

Not yet, but thanks for the idea @porkchopexpress

Ah, there is one way @porkchopexpress

If you paste in an image url from another site (ending in .png, .jpg, .jpeg, or .gif) It should be automatically copied into the comment.

Unless the other site doesn't allow it via technical means (like Twitter, for example). But most sites do.

So you can often right-click on an image, "copy image address", and then paste that url in here and the image should appear.

@NuttBoxer What do you mean by an anon? Everyone is anonymous here, unless they choose to use their real name as their user name.

You can still ignore anyone. If they want to get around that, they'd have to register again with a different email and different user name.

Patrick says

Ah, there is one way @porkchopexpress

If you paste in an image url from another site (ending in .png, .jpg, .jpeg, or .gif) It should be automatically copied into the comment.

Unless the other site doesn't allow it via technical means (like Twitter, for example). But most sites do.

So you can often right-click on an image, "copy image address", and then paste that url in here and the image should appear.

Didn't know that. I'll give it a try. Thanks.

Patrick says

@NuttBoxer What do you mean by an anon?

Someone who posts as Misc. I assume that means they didn't sign in at all and are posting as a lurker.

EDIT:
nvm, I didn't realize that was an actual user. Clever name.

I thought I remembered you putting a feature in to allow for posting without logging in at some point. Anyway, the ignore feature was a great idea. Definitely worth using in certain cases.

Yes, at times I did allow posting without logging in, but it generally doesn't work very well.

One that's been creeping up again lately. Noticing people with unpopular opinions are commonly targeted by personal attacks. We don't have a lot of diversity of opinion here. And no matter how wrong those people are, they deserve the right to say their piece without being personally attacked for doing so. I don't want this to be an echo chamber, and I don't come here for flame wars.

NuttBoxer says

One that's been creeping up again lately. Noticing people with unpopular opinions are commonly targeted by personal attacks.

Ever heard of Crocker's Rules?

http://sl4.org/crocker.html?source=patrick.net

The only person that can offend you, really, is yourself. People have called me everything in the book, and the ONLY time I've been offended is when I thought "well, they did make a good point there, maybe I am a fucking idiot?"

Let us distinguish between:

1. expressing a sincerely held point of view which someone else finds offensive (good)

2. deliberately offending others by personal attacks (bad)

Hi Patrick... am I just missing something? How do I change my password for this website? I went to profile section and can change my screen name, email, etc, but didn't see any way to change password.

@SunnyvaleCA

The only way is to use the "forgot password" link. That will issue you a new random password.

I know people want to choose their passwords themselves, but from years in tech, I have learned that a fair number of people will use, say, their banking password. So then if patrick.net got hacked, it's possible that the hacker would get your banking password and your email address. Not good.

So not allowing password choice is a defense mechanism against that. I know it's not great, but I can't think of a better solution.

Patrick says

That will issue you a new random password.
... I have learned that a fair number of people will use, say, their banking password.

That's pretty reasonable, given how much safer it will be for everyone. Maybe you could add a little blurb on the profile section to save people some time?

I believe the problem of reusing of passwords is solved by adding a salt value to the user's password before salting. I remember the old days of UNIX where the operating system kept a text file of names and salted hashed passwords. Everyone could see that file! Maybe that has been broken by brute-force nowadays?

I propose a new Social Network Model.
The missing password question gave me a mind spark.

Instead of a Social Network where extroverted people go beat their chest and expose their inner demons, and cancel themselves for their outrageous ideas.
How about a website you go to that has a selection of Monikers, already with Username and a profile. (lots of preset monikers, with a wide range of personalities and interests)
You don't log in, you don't sign up, you just visit, assume a moniker and make posts much like Twitter, Gab, or Patnet. You may or may not, identify yourself in the post, though it would defeat some of the purpose for this style of Rando Anon Networking.

This idea gives me a lot of curios things to ponder how people will behave. A place where Truth Bombs can posted, without the Canceling or Doxing. Even if the Fuckers get mad at a Rando Anon thread, they'll have no idea, that original poster posted in one of his threads, and he was having a civil conversation with that person.
Monikers wont be vilinized, unless one happens to be the one assholes and trolls' gravitate to.
It would be kind of funny to see hot women posting bathroom mirror duckface shots under the name Farah's Faucet.
I wonder if that kind of platform would illicit the same perpetual victims that like to sign up for the traditional bluemark verified bonefide services?

Patrick says

So not allowing password choice is a defense mechanism against that. I know it's not great, but I can't think of a better solution.

NOTE there is a danger with this - if they are able to get onto your site and monitor the traffic, they can see the password in the clear before it is translated into the "true" password which is the hash.

@Patrick:

I can because I know how Unix does this. Use password salt. So, don't store a password directly, store a hash of the password plus salt:

https://cyberhoot.com/cybrary/password-salting/?source=patrick.net

It's called adding salt to the password. Something that should work well is something like:

SHA256SUM ("user selected password" + "patrick.net" + "user name")

So for me it would be something like

SHA256SUM ("MyEasyPassword patrick.net richwicks") which works out to be:

f67e091546188ba42d39f3706de32ed6009649f013e68a14f7f4a11adba65b9a

The reason you want the salt to change for every user (in this case the salt is "patrick.net richwicks") is that solving for the hash for ONE user, will only solve it for that one user. Somebody trying to crack passwords have to go through the ENTIRE dictionary of possible passwords for every single user, not just once. The hash will be different for each user even if they have the same password.

Also the salt should be last, otherwise a cracker can cheat by doing SHA256SUM ("patrick.net richwicks") ONCE and from that point, start guessing passwords. It reduces the time needed to calculate "patrick.net richwicks" each time. SHA256sums are calculated from left to right.

SunnyvaleCA says

Maybe you could add a little blurb on the profile section to save people some time?

Good idea, I will add a blurb on the profile section.

I already store the passwords md5 encrypted with a salt, but if someone got control of the site, they could see the password when it is sent to the server before I salt and encrypt and compare.

I suppose that problem could be solved by encrypting the password in the browser with js before sending, and then comparing encrypted versions on the server. But then again, if someone got control of the site, they could disable that js. it's a never-ending arms race, so I pre-empt it by just making passwords random. Then the worst they can do now is just fuck with the site, but not with your bank account. I regularly upload new code, overwriting what is on the server, so they couldn't even do that for very long, I think. But surprises abound in the tech world.

Mirror the site on the dark web in case the man tries to shut you down...


https://www.zerohedge.com/markets/death-truth?source=patrick.net

Patrick says

So not allowing password choice is a defense mechanism against that. I know it's not great, but I can't think of a better solution.

Currently the password size is six. anything smaller than eight can easily be hacked now days. Suggest bumping length to at least 10.

Did anyone requested to see only the new messages when clicked on a previously visited threads. This should eliminate lot of redundant traffic.