Trolls are winning the internet, technologists say

[shomyo]

> People who i don't agree with are winning the internet

fixed

Donald Trump is the president-elect of the U.S.

[shomyo]

MAGA

Show HN: Tenta – A private encrypted browser

[shomyo]

Nice try NSA.

Show HN: ttystudio – a terminal-to-gif recorder without the headaches

[shomyo]

> without the headaches

> nodejs

Test Pilot Admits the F-35 Can’t Dogfight

[shomyo]

Who cares about dogfight when you only bombing of civilians.

New Revelations U.S. Tracked Americans’ Calls for Over a Decade

[shomyo]

To Read the Full Story, Subscribe or Log In

The Coin Market API

[shomyo]

> US Based

No thanks.

Cryptanalys.is – Hacker News for crypto, security, and privacy

[shomyo]

> Passwords can only consist of the following characters: a-z, A-Z, 0-9, and !@#$%^&()-_. Please choose another.

Sure.

Epic: http://i.imgur.com/zT30wY1.png

No thank you.

[GigabyteCoin]

There really isn't a reason for the limit on the password characters. I suppose I can lift that restriction now.

I don't get what you mean by "Epic:" and the link to the karma-collection script.

If you care to explain what you don't like about the website I will try my best to improve the experience.

The site just launched a few days ago and I need feedback from early-eyes like yours to help shape the user experience.

I appreciate your taking a look at the website.

[KMag]

Restrictions on input characters are often as strong indication that a cryptographic key derivation function (or even just a salted cryptographic hash function) isn't being used to store the passwords.

See http://plaintextoffenders.com

[GigabyteCoin]

It had simply been some time since I had worked with MySQL.

I didn't fully understand prepared statments when I began creating the site (as I had never worked with them before), so I put in a check to make sure that nobody was trying to inject anything via SQL when registering, but I realize that is all for nothing now when using prepared statements.

Every user's password is hashed using the default PHP 'PASSWORD_DEFAULT', which according to this page uses BCRYPT: http://www.php.net/manual/en/password.constants.php

Needless to say, I have removed the password restrictions... now the only restriction is that it must be at least 6 characters in length, and must be no more than 5,000 characters in length. You should be able to use any kind of crazy UTF8 combination of characters you can muster.

Not only that, but attackers are limited to 3 attempts per IP per hour when trying to log in via brute force.

Buttercoin – US-based Bitcoin exchange

[shomyo]

US-based. The most dangerous for bitcoin-based business.

Silk Road 2 Hacked, All Bitcoins Stolen

[shomyo]

"hacked"