Silk Road forums
Discussion => Newbie discussion => Topic started by: TuggingOnSupermansCape on April 24, 2013, 06:26 pm
-
I appreciate loyalty, i really do, but some of you have absolutely no clue what you're talking about when declaring SR better than Atlantis. Here, allow me to put my BS in Cyber Security to use for you.
Silk Road:
Severely outdated code, that is both insecure and inefficient. It is filled with open loops, inline styling, and code snippets that haven't been used since 1999. It has so much errant and extra code within the pages themselves, that it accounts for 26% of the page load time alone. It is written in php 4 (which was phased out in 2009), and is vulnerable to multiple site hacks to including the php-cgi hack, and the null byte attack (which is what is currently happening). It's 'code' is extremely amateurish, and appears to be a hodgepodge of several different premade scripts.
Atlantis:
Written in bootstrap (html 5/css3) with a lamp backend (php 5+). i wont discuss the benefits bootstrap offers, because they're too numerous. Let's just state it's pretty much the most efficient coding template available, google will tell you specifics. It has a team of professional developers. It is stable and secure, and every single bit of information sent is hashed, then hashed again. No plain text vulnerability here (cough, SR).
Even if every single SR user logged onto atlantis and started doing business at the same time, you would NEVER face the instability issues that SR has.
Now i'm not saying that one is better than the other from a consumer standpoint, as its obvious SR currently has more to offer, however i had to clarify the technicalities of the site, because i've seen some really idiotic comments here from people who simply have no idea what they're talking about.
There's many more differences that can be pointed out, however i wanted to concentrate on the website aspect alone (to avoid any personal feelings, opinions, or conjecture being used).
tldr: Atlantis is, and always will be (as long as SR stays on it's current platform) more technically advanced, stable, and secure. You're only fooling yourself if you believe otherwise.
-
such a big campaign now going on to promote atlantis...
and sr is having an dos atack`s..
would think these events are conected
-
Are we seeing a gang war?
Atlantis and Silk Road fighting for turf?
Where are the tabloids when you need them?
-
such a big campaign now going on to promote atlantis...
and sr is having an dos atack`s..
would think these events are conected
Ok let me clarify a few things.
1. i am in no way affiliated with sr or atlantis. i have no dog in the fight, and actually stand to benefit more if SR is more stable. I'm a casual user here maybe ~20btc total, and i only purchase the occasional bud. I do, however, have orders placed from last Friday and Saturday, that the vendor can't even login to send. That is unacceptable.
2. There is no DDOS going on. If there was, they wouldnt be able to set a maintenance message the last 2 days. The site was prone to a null byte hack, which is why the site is totally down (requires DB changes/upgrades to prevent as well as a code update). Are you familiar with DDOS over TOR? Here let me quote you some official info from the TOR project so you can be more informed.
"Distributed denial of service (DDoS) attacks typically rely on having a group of thousands of computers all sending floods of traffic to a victim. Since the goal is to overpower the bandwidth of the victim, they typically send UDP packets since those don't require handshakes or coordination.
But because Tor only transports correctly formed TCP streams, not all IP packets, you cannot send UDP packets over Tor. (You can't do specialized forms of this attack like SYN flooding either.) So ordinary DDoS attacks are not possible over Tor. Tor also doesn't allow bandwidth amplification attacks against external sites: you need to send in a byte for every byte that the Tor network will send to your destination."
3. Why are you so hostile towards competition? It only forces those not performing up to their rivals to get their ass in gear. It's a good thing, and necessary for a healthy market.
-
anyone fancy giving me a short brief on atlantis and a url please :) ?
-
anyone fancy giving me a short brief on atlantis and a url please :) ?
http://dkn255hz262ypmii.onion/index.php?topic=151636
-
I just checked Atlantis now it seems pretty legit. Its way more pleasing to the eye and is much faster. I'm sure it'll expand really fast.
-
I don't like it, when somebody wants to sell me something, and insists at the same time that he doesn`t wanna sell me something. That's hypocritical.
-
I love the UI of Atlantis, so sleek and easy to use; not to mention fast as shit. Despite all that though, I'll stick to the tried and tested SR until Atlantis has really been through the ropes- hell, maybe not even then. The amount of established vendors on SR is enough for me.
-
i dont like thefact you hae to sign up just to browse. that is a bit of a turn off IMO.
-
i dont like thefact you hae to sign up just to browse. that is a bit of a turn off IMO.
You have to sign up to browse Silk Road too :o
-
sounds to me like the op might be the one who attacked silk road, i mean look at the timeing of this post.
-
Has anyone had a successful order from Atlantis yet?
-
Lol atlantis might be pretty, but I've already made 14 BTC exploiting an xss on their website. Not recommended as a big site yet.
-
sounds to me like the op might be the one who attacked silk road, i mean look at the timeing of this post.
Yes, i signed up months ago, spent ~20btc on various orders, all to DDOS a tor site (isnt happening), and make you all aware of my intentions by simultaneously posting this thread.
You're quite the genius.
-
Lol atlantis might be pretty, but I've already made 14 BTC exploiting an xss on their website. Not recommended as a big site yet.
FYI - for those that whose meter is broke, this is complete bullshit. Member obviously is not even familiar with XSS, or TOR, at all. But hey, what better way to get people to not check something out? Tell them they will lose all their money. User should be banned.
-
Nobody knows anything about the guys behind Atlantis or what happens on the backend. With Silk Road at least its known the DEA have been looking for DPR for years without luck. They could find the atlantis servers, creators within months and these guys being kids for all we know could easily roll over and taking down all the buyers / sellers on their site at the same time. For me I'll check it out in 6months to a year if its still around, stay safe this is not EBAY
-
I agree, all this Atlantis hype when SR is under attack is highly suspicious..... If you want to praise Atlantis go do it on their forums..... oh wait, they probably don't have one.
I don't give 2 shits and a fuck about Atlantis.... even if SR only works for 5 minutes a day, I'll continue to support it over the competition.
If I was DPR I'd delete every forum member hyping Atlantis, along with any SR account that has matching username. I'd also lock new user registration on the forums for a few weeks as well.
This is the SR forum, you should only be aloud to talk about SR.
-
Nobody knows anything about the guys behind Atlantis or what happens on the backend. With Silk Road at least its known the DEA have been looking for DPR for years without luck. They could find the atlantis servers, creators within months and these guys being kids for all we know could easily roll over and taking down all the buyers / sellers on their site at the same time. For me I'll check it out in 6months to a year if its still around, stay safe this is not EBAY
i can only agree to that
-
Nobody knows anything about the guys behind Atlantis or what happens on the backend.
Nobody knows shit about the guys behind this site either.
-
Wow there is a lot of bickering and hate going on here
-
I was going to try Atlantis for myself, but after they spammed this forum to get started, and have started running some kind of passive advertising campaign now that the site is under attack, I don't trust them at all.
As someone who switched from one of those Cyber Security/Ethical Hacking BSc courses to Computer Science BSc, I would strongly question your ability to perform a security assessment on this site. Those courses are absolutely horrendous.
-
sounds to me like the op might be the one who attacked silk road, i mean look at the timeing of this post.
Yes, i signed up months ago, spent ~20btc on various orders, all to DDOS a tor site (isnt happening), and make you all aware of my intentions by simultaneously posting this thread.
You're quite the genius.
jk lol smiley face
-
DEA CAN LICK MY SCROTUM, THEY ARE HERE AMONG US
-
OINK OINK PIGSSS
-
Lol atlantis might be pretty, but I've already made 14 BTC exploiting an xss on their website. Not recommended as a big site yet.
FYI - for those that whose meter is broke, this is complete bullshit. Member obviously is not even familiar with XSS, or TOR, at all. But hey, what better way to get people to not check something out? Tell them they will lose all their money. User should be banned.
after posting jk lol smiley faec, i read this comment, and i take back the jk lol smiley face, sounds like your a soldier in the turf war atlantis vs silk raod, and you did bomb us with dos attack , guily guily you are guilty!!!
-
Lol atlantis might be pretty, but I've already made 14 BTC exploiting an xss on their website. Not recommended as a big site yet.
Do you have any sort of proof of this? I fail to see how an XSS is going to give you BTC regardless.
As for the DDoS on SR, Atlantis is not behind this, and I severely doubt it's a DDoS issue to begin with. Seems far more likely to be an infrastructure problem.
-
FUCK YO COUCH NIGGA
-
Lol atlantis might be pretty, but I've already made 14 BTC exploiting an xss on their website. Not recommended as a big site yet.
Do you have any sort of proof of this? I fail to see how an XSS is going to give you BTC regardless.
As for the DDoS on SR, Atlantis is not behind this, and I severely doubt it's a DDoS issue to begin with. Seems far more likely to be an infrastructure problem.
At least someone has some sense. Anyone with a modicum of intelligence can tell this is a software issue and not a DDOS. Hell google DDOS and the information you will find in 3 minutes will convince you otherwise.
Either way, i apologize for trying to dispel some of the fallacies and rumors. I should have known i would have become a lightning rod for frustration. Do what you guys will,and i wish you the best of luck either way.
-
Lol atlantis might be pretty, but I've already made 14 BTC exploiting an xss on their website. Not recommended as a big site yet.
Do you have any sort of proof of this? I fail to see how an XSS is going to give you BTC regardless.
As for the DDoS on SR, Atlantis is not behind this, and I severely doubt it's a DDoS issue to begin with. Seems far more likely to be an infrastructure problem.
At least someone has some sense. Anyone with a modicum of intelligence can tell this is a software issue and not a DDOS. Hell google DDOS and the information you will find in 3 minutes will convince you otherwise.
Either way, i apologize for trying to dispel some of the fallacies and rumors. I should have known i would have become a lightning rod for frustration. Do what you guys will,and i wish you the best of luck either way.
There are two types of people, the ones that embrace change, and the others that fight it. The ones that embrace change will have a successful career over on Atlantis. The others will stick it out on SR, spreading their misinformation about Atlantis, until it slowly dwindles to nothing due to its infrastructure problems. People can only put up with so much downtime. Downtime is money. It's sales vendors are not making. Unless SR re-code their entire website I don't see these problems going away in the near future. Atlantis hasn't had a single outage since its launch.
It's a good thing that you're helping clear up some of the common FUD and misinformation. The shift in attitude has already begun and Atlantis is starting to take off.
-
I appreciate your response. However, i just want to clear up one thing. I didn't do this as an Atlantis promotion, SR demotion thread. I know it certainly reads that way, but that's only because the facts steer it towards that. I wanted to make sure people actually knew that their information is no safer on SR, and is probably much less safe in all actuality, than another site in the industry.
You're absolutely correct about people though. Humans as a whole have become a much more closed minded species since digital media has become more prevalent in our lives. Questions used to be good, and breed innovation. Nowadays questions bring attacks, accusations of disloyalty, and libelous statements. One day we'll wake up.
-
I just had a look around atlantis and have to say:
1) if you're in the EU, you'd be nuts not to grab some cheap samples
2) the site loads very quick
Negatives:
no reviews, 3rd party escrow?, not enough info to determine if the site is legit. I'd say in a year or so we'll know for sure though.
-
I agree, all this Atlantis hype when SR is under attack is highly suspicious..... If you want to praise Atlantis go do it on their forums..... oh wait, they probably don't have one.
I don't give 2 shits and a fuck about Atlantis.... even if SR only works for 5 minutes a day, I'll continue to support it over the competition.
If I was DPR I'd delete every forum member hyping Atlantis, along with any SR account that has matching username. I'd also lock new user registration on the forums for a few weeks as well.
This is the SR forum, you should only be aloud to talk about SR.
When I heard SR was being DDoS'd, my first impression was that it was a rival site or possibly some form of government.
-
Silk Road:
Severely outdated code, that is both insecure and inefficient. It is filled with open loops, inline styling, and code snippets that haven't been used since 1999. It has so much errant and extra code within the pages themselves, that it accounts for 26% of the page load time alone.
The images accounts for 90% of the page load times. I also took that number straight from my ass.
It is written in php 4 (which was phased out in 2009), and is vulnerable to multiple site hacks to including the php-cgi hack, and the null byte attack (which is what is currently happening). It's 'code' is extremely amateurish, and appears to be a hodgepodge of several different premade scripts.
Please fill me in on the "php-cgi hack" and the "null byte attack", because I believe you just made up two new terms. Also there isn't really much of a difference between php 4 and 5, and running an older version of php would be just plain stupid considering the tiny effort in altering the code so it runs in php5. I believe security updates are still released for php4, and that makes the version even more irrelevant.
And you also have absolutely no idea what version of php silk road is using, unless they announce it publicly, which I highly doubt.
Written in bootstrap (html 5/css3) with a lamp backend (php 5+). i wont discuss the benefits bootstrap offers, because they're too numerous. Let's just state it's pretty much the most efficient coding template available, google will tell you specifics. It has a team of professional developers. It is stable and secure, and every single bit of information sent is hashed, then hashed again. No plain text vulnerability here (cough, SR).
Bootstrapping as in tunneling all traffic through a single php file? Offers absolutely no benefits or security whatsoever. It's a design choice, and a very stupid one. That kind of setup would negatively impact the php optimizer if one is used.
It is stable and secure, and every single bit of information sent is hashed, then hashed again. No plain text vulnerability here (cough, SR).
They use one-way encryption? Please tell me how that works out. Next thing you will tell me they use one-time pads too.
Now i'm not saying that one is better than the other from a consumer standpoint, as its obvious SR currently has more to offer, however i had to clarify the technicalities of the site, because i've seen some really idiotic comments here from people who simply have no idea what they're talking about.
You are the idiot trying to use abbreviations and technical lingo in order to appear technical even though you clearly don't know what the fuck you are talking about.
-
Ok, eggheads - can any one of you tell me when I'm going to be able to buy drugs again?
I could give fuck about DOS isn't that the black screen thing with white letters? PHP my ass, if you knew anything you'd have fixed it by now. Typical guys, standing around a car with the hood up and looking over the engine and talking like they know it all. Nobody can fix it?
I need a puff.
-
Ok, eggheads - can any one of you tell me when I'm going to be able to buy drugs again?
I could give fuck about DOS isn't that the black screen thing with white letters? PHP my ass, if you knew anything you'd have fixed it by now. Typical guys, standing around a car with the hood up and looking over the engine and talking like they know it all. Nobody can fix it?
I need a puff.
DPR and his team are the only ones who can see under the hood and tune up the engine. I think the current engine is too old with too many miles and they should just do an engine swap. I think they should just drop a 6.7 liter Cummings in this motherfucker see what it can do!
Or write the site in php5
-
Lol atlantis might be pretty, but I've already made 14 BTC exploiting an xss on their website. Not recommended as a big site yet.
Lol. I feel like if you were being serious, then you would just keep on exploiting and not feel the need to mention it, or mention specifics. Still funny though.
-
I just made a cool $400. From Silk Road. !
I just withdrew my money as fast as I could so i can protect it or spend it elsewhere
Hahaha
-
My name isn't Aquaman, so I don't give a fuck about Atlantis.
If they are responsible for the attacks, I guarantee their site will go belly up within a month and the staff will be sleeping with the fishes. :)
3 things that point to Atlantis are...
1. The fact nobody heard of it until SR was under attack.
2. All the new forum members who joined during the turmoil were
A. Atlantis Supporters
B. "Hacking prodigies" who claim a ddos through tor is impossible (while tor developers disagree entirely)
C. "Web Design Pros" who know for a "fact" how SR and Atlantis are designed and knew without a doubt the shortcomings of SR coding compaired to the "superiority" of Atlantis coding.
3. When the forums started to shift towards blaming Atlantis, everything stopped.
That alone would make anyone suspicious.
-
These morons don't even know what DoS means. It's a term used to describe any attack that results in a denial of service to users. In other words, if it results in the website going down, it's a DoS attack of some form. They're only trying to claim it's not a DoS attack so they can then suggest that DPR is either technically inept or dishonest. It's just their way of trying to make the community lose faith in this site and its administrators.
The other point of interest is that the members on this forum who are claiming that Silk Road is vulnerable and unsafe compared to Atlantis also claim to be customers on Silk Road. Every time I have found what I consider to be a better alternative to a site I use, I just go there and use it, and I don't start preaching about it.
I remember first hearing about Atlantis when this forum was briefly hit by spammers advertising it. That alone looked a bit shady, but now they've really exposed themselves. Whether it's members of the community doing this or the admins, I don't want anything to do with them.
-
Humorous Atlantis folly..... naming your website after a gay cruise line notorious for drug busts....... yup that'll draw in the customers ;)
http://www.advocate.com/news/daily-news/2011/02/13/drug-bust-atlantis-cruise
-
You should praise SR and DPR. he or they works hard to mantain this.
The rules are fantastic, the people here too.
Your silly
-
I actually like the layout of SR over Atlantis, don't care much about the engine running it. Atlantis is a good backup for when SR goes to shit (touch wood) but until then, I'll walk the road.
-
I will probably check it out some point. Going to give it some time to develop though, being able to easily research vendors is too good to give up.
-
For the record, I have no affiliation to Atlantis (haven't even visited it) but I will pick up a couple of superman's / Eleusinian's points:
- If SR is really still using PHP 4 then that would be pretty shocking. PHP 4 hasn't received any security updates since 2008.
- PHP-CGI is an old PHP handler, security can be improved with SUPHP although it's very slow compared with modern FastCGI. It's quite easy to DOS CGI by forcing it to spawn processes until it dies on it's arse.
- "Bootstrapping as in tunneling all traffic through a single php file?" No, bootstrap is a modern, clean, CSS3 framework used by Twitter etc. Security doesn't really come in to it but it does indicate modern standards compliant web development.
- One way hash functions are standard on all modern CMSes for obscuring passwords stored in a database. No one in their right mind stores plaintext passwords. Even MD5 hashes are pretty insecure these days, there are plenty of sites where you can break them in a few seconds (still better than plaintext though). Salting helps though, or using stronger algos. It has nothing whatsoever to do with a one time pad which is something completely different ( and very secure as Eleusinian implies).
The earlier point about TOR not routing UDP sounds legit (really), this doesn't feel like a DDOS, it feels like a lack of resources.
Just my 2p
-
It is stable and secure, and every single bit of information sent is hashed, then hashed again. No plain text vulnerability here (cough, SR).
Every single bit of information is hashed?! And again! What are you talking about? :o
There is only 1 real way to avoid the plaintext vulnerability and everybody knows that. Clientside encryption. Since every little bitty bit gets hashed, pray do tell how a consumer's shipping address or username is hashed twice and then magically reversed so the vendors knows what to do. With your quantum computer? Because it sounds very much like you're saying a bunch of irrelevant or vague bullshit to pull the wool over people's eyes so they think server side encryption is A-OK. Hashing is done for passwords. There's no point in doing it for other user data unless the user enters the identical strings again. Encryption serverside then is a separate matter. You don't seem to be lucid.
I think you are just an agent provocateur. Loving how all the Atlantis groupies have about 50 posts between them.
This feels like what happens when Privnote starts a druggy hidden service! :D
-
I'm not too sure how trustworthy Atlantis will prove to be in the future but for now, SR is good enough. Also, I don't know about BMR but I would trust it more than Atlantis as a backup.
-
SR seems good for me. These spam threads are ridiculous and childish.
Look, users know about Atlantis let them go there and make their own choice don't 'force' it on them.
Until Atlantis has the kind of track record SR does, I'll continue to be here.
-
Well although initially I was neutral in regard to Atlantis, I now am very sick of seeing people claiming to be them spamming the shit out of this forum. I don't jump to conclusions, it is quite possible that the feds are trying to turn us against each other by framing Atlantis, in an attempt to cause general discord. However, if this is the case, they have succeeded in my case, as I start to really think Atlantis is likely a scam, provided they are truly responsible for the DDoS and the massive spamming of their site here. It is really admirable that DPR even allowed them to post links to their site here a few times, he honestly does not strike me as a ruthlessly competitive person. Hell, he even gave OVDB an entire sub forum here for a while. But the Atlantis supporters are really wearing out their welcome imo, because we do not need to see in a hundred different threads information about their shit. That is spamming. People who spam tend to be scammers it seems to me. I wonder if they are going to run away with the escrow?
As far as the code of SR, why don't you post some of it since you know it is so shitty? Oh, you cannot post it because PHP is fucking server side code you retard. Did you hack into the SR server and do a security audit on their code? All you can see is the HTML that it outputs. The same goes for Atlantis. You cannot see their code unless you have access to their server. Additionally, it doesn't really matter a whole whole lot how secure the rendezvous server between vendors and customers is. As always, security is up to those who want it, it can not possibly be outsourced in a secure fashion, especially not outsourced to anonymous characters doing illegal things on the onion net. Admittedly, Atlantis has a few innovative features, I like the idea of automatic GPG encryption of messages to the vendors key, provided the messages are not encrypted already. That is admittedly a bit more secure than what SR is doing, however it would be utterly foolish to rely on it, and as always, security should be managed by the people who need it, not outsourced to potentially malicious third parties.
As far as DDoS being impossible over Tor, this has already been covered extensively in some of the other threads these idiots have been making. DDoS over Tor is possible. If you don't believe me you could ask the Tor developers, but OZfreelancer already did and posted their response saying that DDoS is possible. Not only is it possible in the specific way that they mentioned, which is HS specific, but they are also weak to an assortment of traditional DoS and DDoS attacks. So the people claiming that DDoS over Tor is not possible are talking out of their asses, most certainly.
They have either penetrated SR and Atlantis to get copies of the code, or they are lying about having compared the quality.
They are overstating the importance of having a secure server, as far as vendors and customers should be concerned.
They are lying about the ability to carry out DDoS attacks over Tor.
They are spamming this forum with Atlantis bullshit that everybody is sick of hearing, despite DPR being kind enough to allow them to do it ever at all
So either they are affiliated with Atlantis, and Atlantis should never be trusted, or they are not affiliated with Atlantis and are trying to cause a problem between the established community and the emerging community, which is a technique that would indeed be utilized by the feds, or could even be bored trolls.
-
I agree, all this Atlantis hype when SR is under attack is highly suspicious..... If you want to praise Atlantis go do it on their forums..... oh wait, they probably don't have one.
I don't give 2 shits and a fuck about Atlantis.... even if SR only works for 5 minutes a day, I'll continue to support it over the competition.
If I was DPR I'd delete every forum member hyping Atlantis, along with any SR account that has matching username. I'd also lock new user registration on the forums for a few weeks as well.
This is the SR forum, you should only be aloud to talk about SR.
I do appreciate that SR lets the competition discuss themselves somewhat here. I think that is good. But I think that this Atlantis spam has gotten beyond annoying. Make a single thread about it and shut the fuck up everywhere else already. Nobody really cares about Atlantis.
PS: If Atlantis is so much more leet at security than SR , why did I have to tell them to disable hotlinked images on their forum 0_0.
-
Well although initially I was neutral in regard to Atlantis, I now am very sick of seeing people claiming to be them spamming the shit out of this forum. I don't jump to conclusions, it is quite possible that the feds are trying to turn us against each other by framing Atlantis, in an attempt to cause general discord. However, if this is the case, they have succeeded in my case, as I start to really think Atlantis is likely a scam, provided they are truly responsible for the DDoS and the massive spamming of their site here....0
This. If you want my two cents, and this is not from a programmer, or developer, or hacker, or anything really, but I feel like TOR services are slower than clearweb anyway, so why have all that extra jazzy graphics for a TOR service? What I look for is functionality. The good looking marketing stuff is to attract masses, and I think SR users, or TOR users that are looking to buy stuff with bitcoin are above visual marketing gimmicks. I could be wrong, but that's just the way I see it. Give me a Windows 3.1 service that gets the job done or a flashy Windows 7/MacOSX display that's just showy and slow and doesn't quite do the job, or is not as intuitive, and I'll take the Windows 3.1 looking service any day. What's the use of all those flashy colors? Plain old black and white (or green and white) works great for me.
-
I don't trust Atlantis. But then I don't even trust Silkroad.
It could be a honeypot or scam. Pigs have been running well made honeypots before, sometimes for years before busts.
-
i dont like thefact you hae to sign up just to browse. that is a bit of a turn off IMO.
You have to sign up to browse Silk Road too :o
yeh. good point. you have to sign up to dilk road in otder to browse the market. I was referring to the forums. But once again, you probably don't have to sign up to browse them, either. someone here gave us the wrong link and you couldn't enter the site. :/
-
It is stable and secure, and every single bit of information sent is hashed, then hashed again. No plain text vulnerability here (cough, SR).
Every single bit of information is hashed?! And again! What are you talking about? :o
There is only 1 real way to avoid the plaintext vulnerability and everybody knows that. Clientside encryption. Since every little bitty bit gets hashed, pray do tell how a consumer's shipping address or username is hashed twice and then magically reversed so the vendors knows what to do. With your quantum computer? Because it sounds very much like you're saying a bunch of irrelevant or vague bullshit to pull the wool over people's eyes so they think server side encryption is A-OK. Hashing is done for passwords. There's no point in doing it for other user data unless the user enters the identical strings again. Encryption serverside then is a separate matter. You don't seem to be lucid.
I think you are just an agent provocateur. Loving how all the Atlantis groupies have about 50 posts between them.
This feels like what happens when Privnote starts a druggy hidden service! :D
I have stated this before, but i'll go ahead and do it again. I've been on the road for a year and a half. Registered here in jan or feb. I don't do the spam posts, so thats why i still have a low, but quality, post count.
You slinging wild accusations is almost as bad as the mass of people believing that DPR and his one man crew singlehandedly solved SR and TOR's 'attacks' when just hours before he all but admitted defeat. DPR and his 'team' had absolutely nothing to do with SR coming back up. The attack was confirmed as stopped. I appreciate loyalty but some of you are just sheep, plain and simple. I couldn't care less, it's your money, your wasted time, your unhappy customers. One day you will wake up.
p.s. why is no one freaking out about tormail being a honeypot?It was the only other tor site to go down with the 'attacks'. DB inaccessible now. It was touted, advertised, and promoted all throughout SR and these forums as the defacto mail service to use. Things that make you go hmmmm.
-
It is stable and secure, and every single bit of information sent is hashed, then hashed again. No plain text vulnerability here (cough, SR).
Every single bit of information is hashed?! And again! What are you talking about? :o
There is only 1 real way to avoid the plaintext vulnerability and everybody knows that. Clientside encryption. Since every little bitty bit gets hashed, pray do tell how a consumer's shipping address or username is hashed twice and then magically reversed so the vendors knows what to do. With your quantum computer? Because it sounds very much like you're saying a bunch of irrelevant or vague bullshit to pull the wool over people's eyes so they think server side encryption is A-OK. Hashing is done for passwords. There's no point in doing it for other user data unless the user enters the identical strings again. Encryption serverside then is a separate matter. You don't seem to be lucid.
I think you are just an agent provocateur. Loving how all the Atlantis groupies have about 50 posts between them.
This feels like what happens when Privnote starts a druggy hidden service! :D
I have stated this before, but i'll go ahead and do it again. I've been on the road for a year and a half. Registered here in jan or feb. I don't do the spam posts, so thats why i still have a low, but quality, post count.
You slinging wild accusations is almost as bad as the mass of people believing that DPR and his one man crew singlehandedly solved SR and TOR's 'attacks' when just hours before he all but admitted defeat.
I hope you're not about to accuse pine of slander. Before you know it, we could be at the City Park at dawn, drawing pistols in a duel.
DPR and his 'team' had absolutely nothing to do with SR coming back up. The attack was confirmed as stopped. I appreciate loyalty but some of you are just sheep, plain and simple. I couldn't care less, it's your money, your wasted time, your unhappy customers. One day you will wake up.
Most people criticizing Atlantis are libertarians who don't have a problem with Atlantis competing with SR. Indeed most buyers and vendors would prefer to see more competition to drive prices down, but more importantly to increase the diversification of the darknet economy.
My problem with Atlantis is mainly down to the fact they are acting weird, specifically obfuscating the difference between clientside and serverside PGP encryption. This is very bad in Pine's book, and you know why. It does not prove that they are a DEA honeypot but it does make them look suspicious, so you can hardly blame people for jumping to conclusions.
You cannot accuse SRians of being sheep. Although some of it may be naive tribalism, look at how former OVDB was welcomed by SR, and more importantly, how there is almost no rancor with discussing backopy's BlackMarketReloaded, a direct competitor to SR. Atlantis is being picked on specifically because of its marketing approach and what some would call its proponents abrasive manner (not to mention the DOS attack started immediately after a sharp rise in people or sockpuppets talking about Atlantis). The Atlantis people came out and said it was not them, which is accepted and appreciated by me. The timing was highly unfortunate though.
If the Atlantis admins want to advertise on SRF, I don't think DPR has a problem with that. Just show the correct nyms and talk plainly instead of this apparent astroturfing we saw a few days ago. Whether it's true that's what it was or not, it makes Atlantis look unethical. You Atlantis supporters do not want to give the impression of an American electoral campaign I should hope. Like kmfkewm says, it just comes across as unprofessional spam. Just imagine SRians return the favor and spam your discussion board (oh wait...). I think we understand each other. Surely we're better than that.
FWIW, I think there are a number of important areas where darknet marketplaces can cooperate to great affect. Namely vendor insurance, backup strategies, vendor information sharing, security information sharing and so on. We should be all aiming towards a darknet confederacy.
p.s. why is no one freaking out about tormail being a honeypot?It was the only other tor site to go down with the 'attacks'. DB inaccessible now. It was touted, advertised, and promoted all throughout SR and these forums as the defacto mail service to use. Things that make you go hmmmm.
We always knew Tormail could be a honepot, practically every time I suggested using it to newbs I said just that. You're right though, that Tormail is unavailable at the same time as this attack on SR is suspicious. Although they may be unconnected events, it biases our idea of the attacker being somehow connected to LE. I think it is time we emphasized we diversify our contact information or find a proper system for distributed encrypted anonymous communications that cannot be shutdown.
I like BitMessage and Liberte's Cables, but I have not yet had the time to investigate BitMessage fully.
-
1. PHP is server side not client side. You do not have access to SR code. You also do not have access to Atlantis code. Bullshit.
2. Bootstrap is a user interface library and has nothing to do with security. It also is not the most efficient template available. It also is contributed to by a community of people in their free time. Asshole.
3. Bootstrap does not hash anything. Liar.
4. Bootstrap does not hash anything twice either. Dumb cunt.
5. What is being hashed twice? You are stupid.
6. What plain text vulnerability? Fuck you.
7. Nice try. Twat.