Yeah, I don't see it.In the OT- Humor & Jokes-forum, the thread about the funny images (I don´t know the correct title) seems to be missing, too.
Yeah, I don't see it.In the OT- Humor & Jokes-forum, the thread about the funny images (I don´t know the correct title) seems to be missing, too.
For sure easiest (for them) solution proposed would be restoring from backup. Doing this thread merge was unfortunately clever action by hacker, because it's much more damaging compared to deleting threads where it's usually soft-delete (depending on account's privileges). I would be really (positively) surprised if this engine has some damage-repairing capabilities of such scenario. It seems very unlikely. I don't know XenForo under the hood, but in general I'm thinking about one way available backup could be used to help restore those massive threads without the need for rollback. In general "thread" and "post" tables should be simple one-to-many relation tables linked by key column. Restoring last not poisoned backup somewhere on the side should allow you to run queries for those large topics and get all post_id of posts belonging to specific thread_id. Then maybe you could just run update query for those posts on live database changing their thread_id. This way last 12-36 hours cannot be saved and those posts would stay in this merged thread, but large portion of big threads could be restored. But for sure it shouldn't be tried without support of XenForo. Might be that more is happening with this data under the hood and manual updates could do more damage.A database backup is run every 12h, and the last one was affected by the hack. Xenforo support will most likely only be available tomorrow morning, at which point a database rollback will mean losing 36h of posts.
Restoring last not poisoned backup somewhere on the side should allow you to run queries for those large topics and get all post_id of posts belonging to specific thread_id. Then maybe you could just run update query for those posts on live database changing their thread_id.
Any word on restoring the player count thread? Assuming it’s even possible given that it was so many pages
Yeah, I don't see it.
I don't own a cellphone or tablet (by choice - I won't make a rant on my personal reasons). I have a landline and a laptop at home, and another landline and laptop at work. Is this passkey consideration going to potentially lock me out of CivFanatics?I think passkeys will be the answer but aren't there yet.
![]()
Passkeys: they're not perfect but they're getting better
Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.www.ncsc.gov.uk
Passkeys work perfectly well on general purpose computers, ie. your laptops.I don't own a cellphone or tablet (by choice - I won't make a rant on my personal reasons). I have a landline and a laptop at home, and another landline and laptop at work. Is this passkey consideration going to potentially lock me out of CivFanatics?
A passkey is a login mechanism that uses dual key encryption to avoid the need to transfer the actual secret. It avoids most of the problems with passwords, and I think should be the defaul way all web site authenticate users.I have no idea what a passkey is. It's apparently not like a password, but what is it?
This is very true. KeePassXC runs from a local encrypted database that you unlock with a password and it takes however many seconds you say to check. That gives you passkeys, as well as password/username and TOTP authentication. That database can be backed up with the rest of the data you care about and if someone gets hold of it it is really hard to guess the password.You're never going to get widespread buy-in for an authentication system that needs to include a "you might lose access to all your accounts if you lose access to your device" as a warning, because (as most people perceive it), loss/damage/destruction/theft of the physical device is a far more *real* threat than someone managing to get into their online accounts.
If you cannot back up data then what do you rely on? You have ruled out device based being the last line of defence, out of band communication just pushes the problem one level up, TOTP are just passwords that you cannot make bad and cannot so easily MITM (and most of the tools are effectively device based), and just using your brain to remember passwords is some combination of difficult and insecure. The list of solutions is not that long.The first one is a solution for computer-versed people who regularly back up their data, but for a lot of end-user who have little to no computer literacy, it's going to sound as daunting as anything else - because "backing up your data" sounds like some extra step you need to take yourself, and one that they won't necessarily link with any automated data back up their system may naturally come with.
The second one, yeah, that's for an incredibly small niche of people who both don't trust their database but know what a trusted printer is, and who don't feel daunted by that amount of information on paper. Otherwise known as a vanishly small solution.
Passkeys for moderators of big websites can probably be argued for, but they aren't ready to serve as a mass market solution yet.
That is exactly what got us into this situation, right? The solution presented was 2FA. It seems that it is up to "us", as in those people who choose what options to present to users, to users the best options available, and out of all those currently available it seems passkeys are the best.Well, if there's one thing I know for sure, it's that I'm *not* a representative sample of humans, so it's not what I can or cannot do, but what the number of non-computer-literate people out there who nonetheless still need access to all these online services can and cannot do. So the fact that I do, in fact, use data backups is not particularly relevant here.
And yes, most of them rely on insecure (reusing the same 2-3 passwords) or difficult and insecure (piece of paper) or difficult (trying to remember all the passwords).
To me this all sounds more like an angry person kicked from the site (for being an idiot) who wanted revenge, and anger is seldomly stealthyTbh, it could have been used more stealthily, by impersonating the mod, instead of immediately banning people ^^
As I say, I would accept this argument if everyone was given the option of passkeys but opted for the combination of passwords, TOTPs and OOB messages that we have to deal with. That is not the case, so I do not see a good argument for it being primarily users who are driving the choice.Not really, because if you make entry more complicated, even by so small an amount as it may seem to you, compared to other services, people will use the other services. Every little extra step, every little extra moving piece that is outside the user's regular experience, make the process an order of magnitude more daunting, and before long, you've lost them to something simpler.
Look at Mastodon versus Bluesky. Mastodon remains a niche service, and was never able to mount a serious challenge to Twitter, because it just look a *little* more complex to join (ie, you have to chose an instance) than Xitter. Bluesky comes along, set up its own system with the same joining process as Xitter, and the next thing you know it's the alternative to it.
It's the same for Linux, and any number of open source alternative to corporate software. The average people want convenient and comfortable more than they want safe and secure.