Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
Download a sciencemadness backup!
I have uploaded an encrypted backup of the sciencemadness forum database to axehandle's FTP site. The file name is
/upload/SM-backup-08052004-xmb1.gz.asc.gz. In the event that the site should suffer some grave failure, I might have to rely on members who downloaded
this file to supply me with it again so that the board can be restored. I will give the private key to my fellow moderators as well, so that there is
no single point of failure that could mean the irrecoverable loss of the information in our database.
I trust that the FTP account-holding members here will do their part to make sure this archive is widely distributed. If this works out well, I will
place my future backups (encrypted, of course) on the FTP site as well.
Edit: all moderators, will you please post your PGP public keys in this thread? I don't want to send the private key to the archive as plaintext.
[Edited on 8-5-2004 by Polverone]
PGP Key and corresponding e-mail address
|
|
|
jimmyboy
Hazard to Others
Posts: 235
Registered: 1-3-2004
Location: Texas
Member Is Offline
Mood: No Mood
|
|
could this be done as well for roguesci on their ftp - or is it their already?
|
|
|
Hang-Man
Hazard to Self
Posts: 70
Registered: 16-1-2004
Location: Canada
Member Is Offline
Mood: Wasted
|
|
Can't be done unless somone has the backups, or feels like running through all the google caches (I found a few gems) The Rouge Sci ftp is still
up, which is a bit odd.....
|
|
|
Sarevok
Harmless
Posts: 33
Registered: 16-12-2003
Member Is Offline
Mood: No Mood
|
|
Polverone, can the backup be made available for those who don't have FTP access? My account was deleted, for a reason. 
The more people with the backup, the better.
|
|
|
Eliteforum
National Hazard
Posts: 571
Registered: 18-11-2002
Location: United Kingdom
Member Is Offline
Mood: Enjoying the journey
|
|
What's the chances of someone cracking the file and getting everyones passwords?
All that glitters isn't gold.
|
|
|
Quantum
Hazard to Others
Posts: 300
Registered: 2-12-2003
Location: Nowhereville
Member Is Offline
Mood: Interested
|
|
Lol!
If someone can crack PGP then cracking forum passwords would be like taking
C<sub>12</sub>H<sub>22</sub>O<sub>11</sub> from an infant!
What if, what is isn\'t true?
|
|
|
Saerynide
National Hazard
Posts: 954
Registered: 17-11-2003
Location: The Void
Member Is Offline
Mood: Ionic
|
|
No one can crack PGP, but we don't know what the NSA is hiding now, do we? I know what Im talking about is almost impossible, but if
anyone's read Digital Fortress, or stuff about quantum computers, they'll know what Im talking about. Who knows? Maybe the governments
already have broken PGP... :S
Im not trying to make anyone paranoid here, k? I dont believe anyone has broken PGP 
"Microsoft reserves the right at all times to monitor communications on the Service and disclose any information Microsoft deems necessary to...
satisfy any applicable law, regulation or legal process"
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
The database contains only password hashes, not the passwords themselves. Still, the hashes can be valuable. When the mods have provided me with
public keys so that I can send the private key, they will all have access (if they so choose) to the password hashes used here. Nobody here is so
careless as to use their sciencemadness password for any other system or service... right?
I don't think any private citizen is going to be able to crack the encryption on this file. It would of course be trivial if they private key
were stolen. Keeping the key on removable media or on a non-net-connected machine might be a good idea, if we want to put on our worst-case-scenario
thinking caps.
PGP Key and corresponding e-mail address
|
|
|
JC
Harmless
Posts: 17
Registered: 1-8-2004
Location: Dis-united Kingdom
Member Is Offline
Mood: 85% H2O
|
|
Well, the FTP is at a completely different IP than the server that hosted the site.
As for the password hashes, well, they technically can't be reversed. However, you can take the possible words and run them through the same
encryption/hashing algorithm, then compare them. This takes a while, as hashes are designed to be slow, so savvy hackers tend to have large databases
of hashes of common passwords. This is then queried via SQL, and the answer found. Not much of a risk if you have a strong password, but most people
don't bother for forums.
Also, the NSA could have a db of billions of rows, each word having an MD5, blowfish, SSL, etc. equivalent. It would be hard to build, but very useful
on a daily basis.
As for breaking the PGP key, etc., well, there are plenty of people who would love to be able to. Currently, the cost of breaking a key is too high.
However, I have a friend who is convinced that the US government have the ability. I was pretty sceptical, but he tried to convince me. I came up with
a way to reduce the scale of the crack by about log n, and he came up with a feasible way to break a password in a human scale time. Combine the two,
and you could get into a short PGP key in little time. Of course, each system would cost millions, but what else do the NSA do all day? They will have
the kind of processing power that will be self-aware as soon as someone works out how to write the code! In short, I wouldn't trust any current
system to keep me in the clear for more than five years, since that's about how long it would take to break it. The best insurance is not to be a
priority job! Osama's posts get 99% of it, and are cracked in a few months/years, I am sure. My grocery orders aren't a part of that
priority effort.
[Edited on 6-8-2004 by JC]
I am Jack\'s Complete lack of suprise...
|
|
|
vulture
Forum Gatekeeper
Posts: 3330
Registered: 25-5-2002
Location: France
Member Is Offline
Mood: No Mood
|
|
| Quote: |
My grocery orders aren't a part of that priority effort.
|
No, but if you're trying to get into someones comms, you're cracking everything. So send alot of PGP messages which don't make alot of
sense, use some gibberish code language, etc and drive the blokes at the NSA (do they ever get sunlight?) to madness. 
One shouldn't accept or resort to the mutilation of science to appease the mentally impaired.
|
|
|
MadHatter
International Hazard
Posts: 1339
Registered: 9-7-2004
Location: Maine
Member Is Offline
Mood: Enjoying retirement
|
|
Backup
I have lots of hard drive space and a cable connection to the
net. What is the fastest way to backup this forum ?
From opening of NCIS New Orleans - It goes a BOOM ! BOOM ! BOOM ! MUHAHAHAHAHAHAHA !
|
|
|
solo
International Hazard
Posts: 3975
Registered: 9-12-2002
Location: Estados Unidos de La Republica Mexicana
Member Is Offline
Mood: ....getting old and drowning in a sea of knowledge
|
|
Ref: Way to extract a web site.....
Look for a program that is a web extractor ....look in goggle......solo
It's better to die on your feet, than live on your knees....Emiliano Zapata.
|
|
|
chemoleo
Biochemicus Energeticus
Posts: 3005
Registered: 23-7-2003
Location: England Germany
Member Is Offline
Mood: crystalline
|
|
Yes, I tried this before after the down-period, using various web zip programs from the net. In fact, I tried pretty much every single one I could
find.
It doesnt work well though. You can indeed download the threads, but it is of course just an html file, and despite all my efforts I did not manage to
exclude links that are repetitive, such as 'post reply', 'quote' etc. Therefore one accumulates a vast amount of useless htmls. As
a result, I stopped after I downloaded 200 MB, for I didnt want to stress the web host... that is, Polverone 
Having worked with Perl script elsewhere, I figure this is the only way to download a forum site properly, without accumulating lots of junk.
But I am sure there are plenty of people who know much more about htis than I do, care to comment?
|
|
|
S.C. Wack
bibliomaster
Posts: 2419
Registered: 7-5-2004
Location: Cornworld, Central USA
Member Is Offline
Mood: Enhanced
|
|
Firefox plugin Spiderzilla works very well for me, though I've never done it here. Might there be spidering defenses on this board?
[Edited on 3-1-2005 by S.C. Wack]
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
It is difficult to properly automate archival of web-forums due to the use of passwords and (as you mentioned) redundant links. Simplistic traversal
will yield many worthless document duplicates. I think the only practical way to do this is to write a custom program specifically designed to archive
a single web forum or class of web forums (like XMB forums, YaBB forums, etc.) It's fairly easy to do this in a straightforward manner, harder if
you want to add bells and whistles like storing complete threads in single HTML files and updating those files as the threads get more posts.
PGP Key and corresponding e-mail address
|
|
|
Quince
National Hazard
Posts: 773
Registered: 31-1-2005
Location: Vancouver, BC
Member Is Offline
Mood: No Mood
|
|
I think 7z uses better compression than gz, and the fact that few have the decompressor is moot given that a self-extracting archive can be made.
\"One of the surest signs of Conrad\'s genius is that women dislike his books.\" --George Orwell
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
Wil it self-extract no matter what CPU and OS the user has? No, I didn't think so. There are certainly more powerful compression schemes than
gzip available, but few are more widely supported. I'm due to upload another encrypted backup of the forum just as soon as axehandle's FTP
server starts working again.
PGP Key and corresponding e-mail address
|
|
|
Eliteforum
National Hazard
Posts: 571
Registered: 18-11-2002
Location: United Kingdom
Member Is Offline
Mood: Enjoying the journey
|
|
Polverone, I can host it on my HTTP if you want? PM me and I'll give you the details.
All that glitters isn't gold.
|
|
|
PainKilla
Hazard to Others
Posts: 306
Registered: 29-4-2004
Member Is Offline
Mood: No Mood
|
|
My computer is always on due to various things running, and i have a few good progs for downloading sites....
If I have your permission Polverone I can download and safely store such a backup... you can do whatever you like with it. I can zip it up and send it
to you if you want to encrypt it.
I dont see the point of encryption though, except to protect members though i think we are as much at rish now than ever....
|
|
|
neutrino
International Hazard
Posts: 1583
Registered: 20-8-2004
Location: USA
Member Is Offline
Mood: oscillating
|
|
The reason for encryption (last I heard, anyway) was that the backups contain personal data by default and it would be impractical to remove it all.
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
That is correct. I have come up with a way to allow "open" archives, though. I would install mysql, php, apache, and the forum software on
my home machine. I would set up the forum like it's set up on the public server, and download/import database dumps from the public site. Then I
can set up a spidering program to grab all the public threads and finally make a zipfile archive with all these public threads.
Strictly speaking, it wouldn't be necessary to do this on my local machine, but it would take a considerable amount of time and bandwidth to do
it over the internet, using the live board. As it is, we are riding perilously near the edge of the bandwidth limit. I get 10 GB a month without
paying more. We'll have 11 GB of traffic this month if current trends continue.
Edit: it looks like about 20% of our traffic comes from the library, so I should be able to save bandwidth by shifting more books over to
BromicAcid's webspace. Thanks, BromicAcid!
[Edited on 2-25-2005 by Polverone]
PGP Key and corresponding e-mail address
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
new backup
I have provided a fresh backup. It contains an encrypted copy of the board database, plus an unencrypted copy of all scipics files. You can download
it by connecting via FTP to 80.3.211.50 with username mad, password sci. Thanks go to eliteforum for providing the hosting for this bulky file.
Remember, if something catastrophic were to happen to me or our server, it might be your backup copy that saves the forum!
PGP Key and corresponding e-mail address
|
|
|
Mahlzahn
Harmless
Posts: 13
Registered: 7-4-2005
Member Is Offline
Mood: gased-not good
|
|
I can`t connect to the ftp.
I have a timeout after 28 seconds.
|
|
|
![[*]](images/xpblue/default_icon.gif){kind=icon}
