Welcome to Australia's only Vintage Radio and Television discussion forums. You are not logged in. Please log in below, apply for an account or retrieve your password.
Vintage Radio and Television - Australia's only Vintage & Antique Radio & Television Forums
  Home  ·  About Us  ·  Discussion Forums  ·  Services Directory  ·  Safety Warnings  ·  Tutorials

Front Page Forum Comments

 Changes to site behaviour
 Return to top of page · Post #: 1 · Written at 00:44 on 2 October 2011.
's avatar
 Administrator
 Location: Greenwich, NSW
 Member since 15 November 2005
 Member #: 1
 Postcount: 4375

Recently a new feature was rolled out on the forums that allow members to see when new comments have been added to a thread. This is by way of the subject text turning bold and an icon appearing in the left column of the threads list.

To make this complex feature work correctly I've had to change the way this website issues cookies. From this point on, Vintage Radio and Television will no longer issue session cookies for those not wishing their browser to remember they were logged in.

However, it is known that many members do not wish to remain logged in after they leave the site, so to allow this to continue the site will now issue these members a temporary text cookie. This will achieve the same security advantages that a session cookie gives but it will behave slightly differently.

A session cookie will expire either when a browser is closed or 20 minutes passes since the site was last used. A temporary text cookie will expire only once the browser is closed.

In plain English: Those members wishing to force their login to expire before they leave the computer they are using must either log out or close their web browser.

Of course, those members wishing the site to remember them can still do so by ticking the box when they log in. The login will be remembered for 12 months from the date of login. This feature should not be used in Internet cafes and other computers accessible by the general public for security reasons.


‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
Brad.

A valve a day keeps the transistor away...


 Return to top of page · Post #: 2 · Written at 20:07 on 5 January 2012.
's avatar
 GTC
 Location: Sydney, NSW.
 Member since 28 January 2011.
 Member #: 823
 Postcount: 3972

Brad, the various new features seem to be working well, although I note that the Last Thread By link is not always correct now.

For instance, in Tech Talk shows latest thread as by Airzone on 30 December, but that is not the latest thread in that section.


 Return to top of page · Post #: 3 · Written at 00:33 on 7 January 2012.
's avatar
 Administrator
 Location: Greenwich, NSW.
 Member since 15 November 2005.
 Member #: 1
 Postcount: 4375

It seems to be behaving for me at the moment. I will keep my eye on it.


‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
Brad.

A valve a day keeps the transistor away...


 Return to top of page · Post #: 4 · Written at 08:54 on 7 January 2012.
ZScan's Gravatar
 Location: Not supplied, NSW.
 Location: Australia.
 Member since 10 June 2010.
 Member #: 681
 Postcount: 553

Brad, have found this web site for hints on wooden cabinet repair and restoration.

http://www.woodworkforums.com/.

Very good, but the interesting point is that when doing searches it will ask a question like, "What is this word spelled backwards; renrutdoow". Or, "Please spell the 3rd word in this sentence backwards".

I guess this is to defeat automated searches. Perhaps this sort of thing could be included on the registration form (if it is not patented or somesuch) to repel boarders.


 Return to top of page · Post #: 5 · Written at 13:43 on 8 January 2012.
's avatar
 Administrator
 Location: Greenwich, NSW.
 Member since 15 November 2005.
 Member #: 1
 Postcount: 4375

I guess this is to defeat automated searches.

Yep, it is. Originally, when features were first introduced to try and discriminate between people and robots they worked flawlessly. As time went on (several years to be precise) the authors of malicious robots started to programme them to be clever enough to work around many security features by the use of artificial intelligence, also known as fuzzy logic.

To be more efficient with this, several versions of a given piece of malicious software will be written and each aimed at its own specific version of forum software. In the case of the forums at the link you posted, they use vBulletin, which is a popular choice on Unix webservers because it is very rich in features and works well. The downside to popularity is that it has also become prone to an above average number of workarounds at the hands of the malicious robots.

One of the backbones to most of the security features here is that a robot performing an automated registration will not get told the process failed. They are lead to the same page that real people are sent to when they apply for membership. This stalls the robot - it doesn't realise it needs to swap to a different way of signing up because it hasn't been told it failed the first attempt. So the robot will become confused when it tries to log in and can't, thus halting its ability to do damage.

No system is perfect, not even the one here. CAPTCHA-type authentication systems, including the one you mention are no longer viable as most robots can and do work around them. They do this by recording in a central database the questions they get asked, the answer they provide and the response they are given - true, false, etc- and this is used by the robot's clones to take the guesswork out of getting inside and strings of numberals and letters that show as images instead of text can also be deciphered by the robot's character recognition abilities.

They appear to have little impact as large forum communities are blessed with extra staff to close accounts that appear to be automatically generated and a sifficiently large number of threads are opened to make those that are posted by robots appear small in number.

Because this place is, by comparison, fairly small, we don't enjoy those luxuries so I need to play the game on the same terms as the robots - be cunning and crafty. In the last couple of weeks I have simplified the registration form and removed from view things like adding a signature, biography or avatar. These can now be added, changed or deleted by members on their profile pages so there's no need to have them in the initial registration process. The problem for the robots though, is that these fields are still there - they can't be seen by real people but can be seen by the robots and if the back end script that processes the registration application sees that these fields have been filled out (which does happen with robots) then the application is rejected, though once again, the robot is not told this is the case.

Of course this isn't the only security feature here though because we haven't had any successful automated signups in the last couple of weeks I can get the impression that this is working. This site logs all application attempts, whether they were successful or not and those that fail show a reason in the logs why it failed. So when I read the logs I can see which security feature rejected the application and why.

The same applies to the password retrieval form. Some robots see this form and hammer it hard because it thinks it is a login form. Again, the site rejects the robot's submission and logs the event in the database.

There is one slight advantage here that most forum owners do not have. Those that operate off-the-shelf software like vBulletin or Snitz cannot code in their own security updates unless they have an intimate knowledge of how to code in backend script languages like PHP or ASP. On this site, the owner is also the developer. Updates, whether they be mere graphic or of a feature or security nature, are more regular and when a problem strikes a fix is closer at hand.

I'll admit though, I'd rather be talking to you all about radios than coding in security fixes! But one has to take the good with the bad. Sleepy


‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
Brad.

A valve a day keeps the transistor away...


 Return to top of page · Post #: 6 · Written at 16:35 on 10 January 2012.
ZScan's Gravatar
 Location: Not supplied, NSW.
 Location: Australia.
 Member since 10 June 2010.
 Member #: 681
 Postcount: 553

My post above was motivated by the occasional mention of unwanted registrations over the last few months but had no feel for the constant and cunning back-room battle.

To paraphrase (with apologies)

To enjoy the valve everyday, keep the transistor at bay.


 Return to top of page · Post #: 7 · Written at 18:47 on 10 January 2012.
's avatar
 Administrator
 Location: Greenwich, NSW.
 Member since 15 November 2005.
 Member #: 1
 Postcount: 4375

To enjoy the valve everyday, keep the transistor at bay

heh, In many ways that is my lot in life. If only this website could be hosted on a server powered by valves that saying could be true to its word. I wonder if AMD and Hewlett Packard can do anything for me... Smile


‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
Brad.

A valve a day keeps the transistor away...


To have your say, you need to be a member and be logged in.

Time and Date

Official time: 23:05 (GMT + 11)
Saturday, 21st October, 2017.

Sign In

Username:
Password:
 Keep me logged in.
Do not tick box on a computer with public access.

Glossary

Vintage Radio and Television's glossary contains the definitions for dozens of words and phrases.

Outside links

On our free links page there are dozens of other vintage radio-related websites which may be of interest to you. Everything from national vintage radio clubs to personal and business websites is included. Outside links.