Avatar
On Monday I removed the ‘avatar’ feature from thesake.is web site. This was done for security reasons. The commentators that choose to have a custom ‘avatar’ are required to register their email address with Gravatar. Gravatar encrypts the provided email address, uses the encrypted data to provide the same ‘avatar’ to whatever other Gravator supported site the commentator visits on the web.
The end result is that the sites visited by the ‘avatar’ commentator can be tracked across the web. Various techniques can be employed to convert the encrypted data back to an email address.
As a result of the modification on Monday (2015-04-27) this security hole has been eliminated.
Comments and Suggestions
My goal as webmaster is to make this site easy to navigate, consistent in style and intuitive to use. Also bug free of course.
Please send your comments and suggestions regarding this site to
saker-webmaster
saker-webmaster@yandex.com
I will gather these together and publish the suggestions next week. We will can discuss which modification will be most beneficial and determine a rough order of implementation.
Moderators Needed
At this time we have 6 moderators covering 24/7. We need to have 2-3 additional moderators, so that thesaker.is is not uncovered for long periods of time. Help is needed most in the 2pm-midnight (GMT) time frame. Commentator experience is the only requirement.
Email me at if your interested.
saker-webmaster
saker-webmaster@yandex.com
Regards
HCS (Webmaster)
FYI: There’s a WP Plugin called “Avatar Manager” which lets member upload a site-specific image instead of using Gravatar. However, Gravatar is the default.
.
we’re looking at various things, but the security hole had to go right away.
“Commentator experience is the only requirement” !?
And how do you know what kind of moderators will offer their help ? I’m sure all the alphabet agencies are interested in the position.
Also how do you ensure mods’ impartiality ? Especially when they also participate in the discussions.
@Flor Solitaria
“Also how do you ensure mods’ impartiality ?
Especially when they also participate in the
discussions.”
What part of “Commentator experience is the *only*
requirement” did you not get?
The applied part of the ‘experience’, which I sometimes saw in action. A lot of insulting comments, especially against Catholics and Catholicism, are deemed ok by some of the moderators, even though they include only slander.(And many of those which defend it do not appear.)
I’m surprised you didn’t notice that.
No defence of any religion or peoples is censored. Sniping at other commenters often is.
@ KK
Ok. I’ll remember that.
Ah, Dabija.
Asemenea.
“I’m surprised you didn’t notice that.”
When others project holograms they typically don’t notice as I expect you have realised.
I have. It was a rhetorical question.
And don’t start talking about rhetoric now.
“Also how do you ensure mods’ impartiality ?”
Impartiality is never possible and the illusion of impartiality is dangerous in many ways.
The lateral solution is to have no “moderation”.
@ The Data Collectinator
You are right about the impartiality question, but no moderation would lateralize the problem up to chaos, so it’s not really a solution.
“would lateralize the problem up to chaos, so it’s not really a solution.”
Evaluation is always a function of purpose.
My purpose is to encourage lateral transcendence but I note you fail to outline yours, and perhaps implicitly project that we have similar purposes.
From data it would appear that you are mistaken for many purposes including mine; the exceptionalists were of the view they were superior in media strategies, then for some reason they are making extra investments, including efforts against RT and others, “doubling” up on previously adopted linear strategies.
The notion of “chaos” like “infinitity” is an often used concept to bridge “doubt” in linear systems – generally in response to indicators of oscillations outwith perceived margins of safety or to denote unpredictability like Mr. Heisenberg; in lateral systems neither chaos nor infinity are valid concepts, and hence it is not possible to lateralise to chaos.
In lateral systems there are no such things as solutions merely catalysts encouraging further lateral transitions.
“perhaps implicitly project that we have similar purposes”
Perhaps I don’t.
“From data it would appear that you are mistaken for many purposes including mine”.
Perhaps I’m not.
“Perhaps I don’t.”
“Perhaps I’m not.”
Doubt is ever the lateral catalyst and certainty anathema.
Any chance of removing the background image so the website loads quicker on mobile devices?
Just a suggestion. :)
Allow rating of comments.
“Allow rating of comments.”
That would be a useful metric of engagement in market practices.
Hi All,
I’ll list here the reasons of banning Gravatar from this site.
The short answer is :
– it is relatively easy to retrieve commenter’s emails from the hash (what the webmaster called “encrypted” but is very different) present in the page source, and
– Gravatar has the possibility to track commenters among the different sites using this system
Le long and technical one is :
Gravatar requires a MD5 hash of your email to match your avatar they store.
Hashes are sometimes considered as a 1-way obfuscation method, i.e. that can not be reversed. This is inexact in the case the original pattern is known, i.e., in our case, an email address.
To know the email of a given commenter, it is perfectly possible to attack a hash using the dictionary method, i.e. to hash a list of known emails addresses and compare the results with the «secret» hash.
Knowing it’s an email that is hidden in the hash, it is even possible to bruteforce it, even though more expensive, but far less than if the pattern is unknown. The possible hash collisions for a given pattern are by the way restricted.
It is thus pretty easy to identify commenters who entered their email address on the site and correlate it with comments on every site using this «service», even if they are not registered at gravatar.
The use of «rainbow tables» facilitates this work, as the attacker computes the hashes only once, and stores them in a DB within which they just have to search for a given hash to identify a target. I can bet a barrel of this excellent Czech beer Matushka that several governments already have these rainbow tables for every email address they can have collected. By the way, reversing this kind of hashes is at reach of a far largest audience.
Kind regards,
La Luciole
The e-mail I use here has already been attacked. How is this possible ?
And who exactly are the moderators ?
Attacked in what way? where do you use that email? do you have an easily guessed name on it? have you signed up for anything or especially bought anything with it? Paypal? have you looked at Full Headers to see what IP anything is being sent from? do you ever use email (or your computer generally) from public wifi connections?>
I, as moderator, am not willing to reveal you who I am. Do not take this as something personal Flor, only I see this would be counterproducent for my moderator work, so I would like to remain E.K. moderator. Some moderators already are subject of, sometimes, intense personal attacks.
@E.K.
I have observed K.K. being denounced as ‘evil’ by some Anonymous or other for her views on wealth-distribution.
I personally found it comically OTT and she’s well able to defend herself. In fact, getting into a dog-fight with her is more likely to send the ‘attacker’ limping off, bloody and bruised.
But I appreciate what you’re saying. Making yourself known should be a personal choice on the net. The NSA has all but taken that choice away, so anything that restores anonymity should be supported.
We are here for discussion. It’s tho ‘what’ not the ‘who’ that matters.
Names are irrelevant. It’s the process of choosing the moderators that’s in question. No offense to any of them, but if anybody can be a moderator, how can they guarantee they are not from the agencies ?
How do we know YOU are not? what can be 100% certain in life?
“how can they guarantee they are not from the agencies ?”
Since you have gone to the trouble of writing it, why should that be significant?
“why should that be significant ?”
Why shouldn’t it be ?
“How ?”
By being active and/or passive.
“We are here for discussion.”
On what dataset and using what evaluation criteria/methods do you base your assumption?
“Some moderators already are subject of, sometimes, intense personal attacks.”
Publishing them can have many advantages, although to do so might appear counter-intuitive.
The e-mail I use here has already been attacked.
Are there reasons to think it has been attacked due to posting on this website? If so, what are those reasons? Your claim could be perfectly true – and perfectly irrelevant to the management of this site.
I don’t know. If I had known, I would not have asked. But KK wrote some of the possible things why this happened so I will check.
“The e-mail I use here has already been attacked.”
Instead of defining it as attacked why not consider it an opportunity to communicate?
How ?
“How ?”
By being active and/or passive.
“I can bet a barrel of this excellent Czech beer Matushka that several governments already have these rainbow tables for every email address they can have collected.”
You have won but where do you propose to collect?
“You have won but where do you propose to collect?” ???
Is every thing done for a reward? I hope your post is coming across wrong.
Anonymous? All is explained.
“All is explained.”
Omniscience is never possible – holograms don’t qualify.
Webmaster, thank you for plugging the security hole! I am perfectly happy to have a gray and white nondescript “avatar” on my comments. The anonymity and identity protection are worth more to me than a little ego fix.
FWIW, I mentioned tracking on a previous post (the FB-Twitter announcement). I installed a free program called Ghostery so I can see how I’m being tracked. It hasn’t happened on this site, but on others, Gravatar has a tracking program, which I assume is keeping a record of where I go. Ghostery allows you to block it.
Thanks again, and also a big thank you to the moderators for the excellent job you are all doing.
I didn’t know about the avatar exploit, but had wondered why they had disappeared. It’s good that you guys caught this and fixed it.
Perhaps off topic (security) but the ability to bring up previous comments and replies would be great. I post something then can’t find it again.
Some time ago I posted a comment that I later realized was wrong, but could not remember what article I had posted it in. Other comments I leave, and the replies if any, I have a hard time finding again, often not finding them, if a few days have passed and there are a number of new articles and comments.
Forum type sites solve this by users having a Profile, where the person’s posts are listed. Even places like Huffington Post have/had this. If set to public, anyone else can go there to see someone’s older posts.
Everyone here seems to be strongly against such a solution. Many won’t even use an email address, for fear their posts can be read together to form some kind of “profile” on them or their activities/opinions, say by someone who hacks this blog. In some places such fears are entirely reasonable.
However a hacker could come to some fairly reliable conclusions just from the IP addresses used, and those absolutely must be recorded, for the system to know who to send a page to when requested…. the internet just doesn’t work with messages coming from nowhere or going to nowhere.
Meanwhile, if it’s important, you could try posting some distinctive part of the wrong post and ask the mods to find it for you, make sure to put a heading to clearly indicate it’s a request, not a comment for publication.
@. Anonymous on April 30, 2015 · at 7:12
pm UTC
1. Explain ‘lateral transcendence’.
2. How do you ‘encourage’ it (whatever ‘it’ may be).
3. Why do you want ditto?
Because if you want to achieve objectives, you need to quit with the crypto abstractions. A good rule of thumb is to illustrate by example.
(sings)
‘Hi HAL, Hi HAL
It’s off to work we go
To catalyse we analyse
Hi HAL , hi HAL hi HAL hi HAL
Hi HAL ( etc.) ;o
“1. Explain ‘lateral transcendence’.
2. How do you ‘encourage’ it (whatever ‘it’ may be).
3. Why do you want ditto?”
“Because if you want to achieve objectives, you need to quit with the crypto abstractions.A good rule of thumb is to illustrate by example.”
Your immersion in exceptionalism is showing with especial reference to entitlement (1-3) and undermined by your assertions of how to.
“(sings)
‘Hi HAL, Hi HAL ”
It would also appear that you prefer to sing rather than whistle in the dark.
Datastreams of opponents insecurities are always welcome.
So we end up as fearful words, hammered by anonymous man on the grid. However, I’ve always thought that fear is no good advice ’cause it paralyzes man to more than just to some extent. That this goes for us outside of the U.S. empire as well, that’s new and frightening. I am disappointed.
Requests for clarification are not evidence of
‘immersion in exceptionalism’: they are a very common feature of human communication. They are especially important for correct decision-making.
The basis of your refusal is an example of projection.
But yes, I do prefer singing to whistling to the dark.
You won’t be asked again. ;)
“You won’t be asked again. ;)”
You now have an example of encouraging lateral change but apparently from
“The basis of your refusal is an example of projection”
you still react to holograms since no refusal or bases for refusal were given, hence it is perhaps fortunate that
“But yes, I do prefer singing to whistling to the dark.” perhaps meaning in the dark if the original text is to be quoted verbatim.
Another consequence of the linear whether level 1 or 2 binary.
http://wallstreetonparade.com/2015/04/whats-really-behind-the-flash-crash-trader-prosecution/
@K.K.
Q: Are you sure it’s human?
R: My first Lol! :) Apart from its fondness for ‘ ping-pong’, I remain in a state of ‘lateral uncertainty’..;)
Maybe we should try ticking it?
My last post should have said ‘tickling’.
1937 KK, memory holes and/or reflex actions to holograms of 5th columns?
The broadcast is made when transmitted not when “moderated” or “published”.
Like this one.
You are so right, my lateral friend. We are all so naked in the eyes of the agencies that I feel I really need to keep up my exercise routine.
As for myself, I know that all the interested parts already know that I am here:
http://www.youtube.com/watch?v=AjGOxo0KDMs
Try to always remember the Emperors New Clothes.
The opponents do but some can’t quite remember the ending, and others hope for a similar ending.
A case of memory holes, taking tea or increase of ostrichness?
How about fast forwarding to 1957?
Vineyard Moderator – K.K. on May 01, 2015 · at 1:19 pm UTC
Anon, write me the name of the commenter who talks with you the most please?
Reply in two separate comments:
First:
Given that this broadcast was in reference to security your request is astonishingly ill judged and naïve.
Second
As commented before
“Vineyard Moderator – E.K. on April 29, 2015 · at 9:55 pm UTC
“I, as moderator, am not willing to reveal you who I am. Do not take this as
something personal Flor, only I see this would be counterproducent for my
moderator work, so I would like to remain E.K. moderator. Some moderators
already are subject of, sometimes, intense personal attacks.”
As to personal attacks I welcome them being published and analysed.
To these could be added:
Vineyard Moderator – K.K. on April 29, 2015 · at 3:21 pm UTC
we’re looking at various things, but the security hole had to go right away.
It is noted that some consequences of linear binary 1 and 2 has been “published” but if “your” blog would not like to be included in loops just advise by publishing preferences.
Perestroika is generally wise subject to purpose.
@ The Data Collector
Dear lateral friend, I want to say goodbye to you with a special gift.
http://www.youtube.com/watch?v=wS7CZIJVxFY
http://www.youtube.com/watch?v=XEVMcejsaX0
http://www.youtube.com/watch?v=3Qita2yScp4
Since you have such an analytical mind and are also a great theoretician, I would like to know if you are as good at practice. Please access the links in the order I gave, and then tell me why did I choose that order. Thank you.
“Please access the links in the order I gave, and then tell me why did I choose that order. ”
Pollination like knowledge is socially interactive and some environments are more conducive to such than others.
“Order” is often conflated with “sequence”, and perception of “sequencing” is contextually/culturally specific within lateral processes which are often delineated/represented linearly – for example in set theory’s use of distincts/intersects.
In this blog some appear enamoured of the notion of vectors.
Archimedes didn’t restrict his activities to taking a bath, but Archimedes “lived” in his time and space to some degree (a linear construct/notion), and had “issues” reportedly leading to unfortunate consequences.
We live in our time and space to some degree (a linear construct/notion).
You have broadcast an interesting datastream.
Thank you.
Like chaos, random seeks to deny the lateral.
You mean you don’t know the answer.
I’ll give you one more clue: the key to the sequencing is hidden in the last half of all three songs, and in one of them near the end.
The response was made in the comment not “published” but transmitted before 10-23 UTC May 04 2015, i.e. the first in the linear sequence.
As notification below transmitted at 10:57 UTC:
“There was an additional reply referencing methodologies transmitted before 10-23 UTC May 04 2015 which may or may not emerge “published” in “due course”.”
In alphabetical sequence but not exposition, it touched on “answers”,attribution, blogs, broadcasting, context, purposes, “questions”, security and sequencing amongst other matters.
At 10-23 UTC above pull through references were made since it is not unknown that on this blog my comments are sometimes not “published”.
“Pollination like knowledge is socially interactive and some environments are more conducive to such than others.”
” Archimedes didn’t restrict his activities to taking a bath”.
Nobody can “know” answers but some believe that they can – hence the Emperor’s New clothes, nakedness being perceptual rather than actual, and the catalysation of projection.
Broadcasting clues and enthusiasm are generally unwise security practices, as can be wishes for acceptance.
Feedback loops are more than doubly unwise – http://thesaker.is/msg-from-webmaster-removal-of-avatar-feature/comment-page-1/#comment-97723
Perhaps practices re http://thesaker.is/msg-from-webmaster-removal-of-avatar-feature/comment-page-1/#comment-97681 will be exhibited.
The 3rd comment in the linear sequence was http://thesaker.is/msg-from-webmaster-removal-of-avatar-feature/comment-page-1/#comment-98038.
You still don’t know, but it’s ok. I made you listen to three long, boring, songs and that’s the main thing. Goodbye, my lateral friend. I’ll miss you.
http://fortruss.blogspot.ca/2015/05/us-rep-to-nato-gathers-most-intel-from.html
There was an additional reply referencing methodologies transmitted before 10-23 UTC May 04 2015 which may or may not emerge “published” in “due course”.
http://www.globalresearch.ca/pre-publication-peer-review-process-entirely-misguided-warns-former-editor-of-the-british-medical-journal/5449164