Putting the 'role' back in role-playing games since 2002.
Donate to Codex
Good Old Games
  • Welcome to rpgcodex.net, a site dedicated to discussing computer based role-playing games in a free and open fashion. We're less strict than other forums, but please refer to the rules.

    "This message is awaiting moderator approval": All new users must pass through our moderation queue before they will be able to post normally. Until your account has "passed" your posts will only be visible to yourself (and moderators) until they are approved. Give us a week to get around to approving / deleting / ignoring your mundane opinion on crap before hassling us about it. Once you have passed the moderation period (think of it as a test), you will be able to post normally, just like all the other retards.

PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

Taluntain

Most Frabjous
Staff Member
Joined
Oct 7, 2003
Messages
5,504
Location
Your Mind
This might be a SHOCKING REVELATION but deleting posts is not supposed to fuck up threads.

Let's see here, option 1: fix whatever is wrong with Xenforo, name and shame the retard who got hacked.
Deleting a few posts doesn't mess anything up. Deleting thousands does. The XF devs are aware of the problem but in no rush to fix it because basically "you shouldn't do that anyway". Yeah.
 

zapotec

Liturgist
Joined
Feb 7, 2018
Messages
1,501
This might be a SHOCKING REVELATION but deleting posts is not supposed to fuck up threads.

Let's see here, option 1: fix whatever is wrong with Xenforo, name and shame the retard who got hacked.
Deleting a few posts doesn't mess anything up. Deleting thousands does. The XF devs are aware of the problem but in no rush to fix it because basically "you shouldn't do that anyway". Yeah.
Then the software it's not GDRP compliant and should be reported
 

Taluntain

Most Frabjous
Staff Member
Joined
Oct 7, 2003
Messages
5,504
Location
Your Mind
This might be a SHOCKING REVELATION but deleting posts is not supposed to fuck up threads.

Let's see here, option 1: fix whatever is wrong with Xenforo, name and shame the retard who got hacked.
Deleting a few posts doesn't mess anything up. Deleting thousands does. The XF devs are aware of the problem but in no rush to fix it because basically "you shouldn't do that anyway". Yeah.
Then the software it's not GDRP compliant and should be reported
There is no GDPR requirement to allow anyone to have all of their posts deleted. The site operator only needs to remove personally identifiable information on request from the account and/or specific posts if the poster points them out and can't edit them on their own, but is under no obligation to go deleting entire post histories of anyone. And even that only goes for EU-based services, which the Codex isn't.
 

Semiurge

Cipher
Joined
Apr 11, 2020
Messages
7,640
Location
Asp Hole
I had to setup 2FA again and now the codes work. I'm puzzled. System time is synced with the phone, network speed seems ok.

Do I need to do this shit every day from now on?
 

Taluntain

Most Frabjous
Staff Member
Joined
Oct 7, 2003
Messages
5,504
Location
Your Mind
I had to setup 2FA again and now the codes work. I'm puzzled. System time is synced with the phone, network speed seems ok.

Do I need to do this shit every day from now on?
Of course not. You only do one verification every 30 days under normal circumstances. If you're seeing anything else, it's an issue on your end, either due to various addons you're using interfering with normal functionality, blocking cookies, or who knows what else you have installed/misconfigured on your end.

The backup codes are only meant for BACKUP purposes, i.e. if you lose your primary access. They are not meant for normal use.
 

Lord of Riva

Arcane
Patron
Joined
Jan 16, 2018
Messages
2,859
Strap Yourselves In Pathfinder: Wrath
You don't need to use your phone number. Feels like I'm playing chinese whispers

https://getassist.net/email-services-dont-ask-for-phone-verification/

I think I have a solution. Taluntain Would it be possible to make it so the only people who can edit posts are the ones with 2FA enabled? That way we get to preserve our right to delete posts, and if someone chooses to have an unsecure account, they won't have the ability to delete their posts and this will prevent shit like this from happening. If someone ends up getting hacked and all their posts edited, then that will be their fault and the administration won't have any responsibility to fix the edited posts.
It'd be possible, but it'd require custom coding, so unlikely. Permissions for deleting and editing posts are separate in XF, but whereas we can set time limits on editing old posts, post deletion doesn't have the option to set how far back it can go by default. However, there is an addon to enable post deletion time limits as well, so we could use that if we decided that that's preferable to 2FA for everyone. Then the muh-freedomz complaints about 2FA would just be replaced with muh-freedomz complaints about not being able to delete posts.

Just quoting Taluntain for the rating.

If I had not figured out I can use an E-Mail I would not be able to post you nobheads.

:nocountryforshitposters:
 

Semiurge

Cipher
Joined
Apr 11, 2020
Messages
7,640
Location
Asp Hole
Of course not. You only do one verification every 30 days under normal circumstances. If you're seeing anything else, it's an issue on your end, either due to various addons you're using interfering with normal functionality, blocking cookies, or who knows what else you have installed/misconfigured on your end.

The backup codes are only meant for BACKUP purposes, i.e. if you lose your primary access. They are not meant for normal use.

The same happened when trying to log in from my phone. Since I got to the part of entering the secret code after the username/password sign-in, what could possibly be wrong with the browsers' settings? No, it must be the app or something in the network that affects both devices. I literally lost my primary access.

If the issue sorts out I'll still need to find a way to keep those login cookies safe while removing all others, so that this can only be done once a month.
 

Semiurge

Cipher
Joined
Apr 11, 2020
Messages
7,640
Location
Asp Hole
Or google mail since it's very likely that your phone already has a google account. You can then read the verification code from the toast notification of your phone.
 

Jaedar

Arcane
Patron
Joined
Aug 5, 2009
Messages
10,126
Project: Eternity Shadorwun: Hong Kong Divinity: Original Sin 2 Pathfinder: Kingmaker
I think I have a solution. Taluntain Would it be possible to make it so the only people who can edit posts are the ones with 2FA enabled? That way we get to preserve our right to delete posts, and if someone chooses to have an unsecure account, they won't have the ability to delete their posts and this will prevent shit like this from happening. If someone ends up getting hacked and all their posts edited, then that will be their fault and the administration won't have any responsibility to fix the edited posts.
It'd be possible, but it'd require custom coding, so unlikely. Permissions for deleting and editing posts are separate in XF, but whereas we can set time limits on editing old posts, post deletion doesn't have the option to set how far back it can go by default. However, there is an addon to enable post deletion time limits as well, so we could use that if we decided that that's preferable to 2FA for everyone. Then the muh-freedomz complaints about 2FA would just be replaced with muh-freedomz complaints about not being able to delete posts.
To be fair, people being allowed to delete months old posts just to spite someone should arguably be removed anyway. If you need to hide codex affiliation due to being hunted by gestapo you can always ask to get your account nuked.
 

zapotec

Liturgist
Joined
Feb 7, 2018
Messages
1,501
This might be a SHOCKING REVELATION but deleting posts is not supposed to fuck up threads.

Let's see here, option 1: fix whatever is wrong with Xenforo, name and shame the retard who got hacked.
Deleting a few posts doesn't mess anything up. Deleting thousands does. The XF devs are aware of the problem but in no rush to fix it because basically "you shouldn't do that anyway". Yeah.
Then the software it's not GDRP compliant and should be reported
There is no GDPR requirement to allow anyone to have all of their posts deleted. The site operator only needs to remove personally identifiable information on request from the account and/or specific posts if the poster points them out and can't edit them on their own, but is under no obligation to go deleting entire post histories of anyone. And even that only goes for EU-based services, which the Codex isn't.
If I want to delete my account because of "right to be forgotten" you will have to to check if my posts contain any data pertaining to my person, this unfeseable with users with tens of thousands of posts.
 

LarryTyphoid

Scholar
Joined
Sep 16, 2021
Messages
2,233
I don't know why I'm getting rated "cringe" for using a password manager and being responsible; if you fags did the same thing then I wouldn't have had to install this authy faggotry onto my phone.
 

Tacgnol

Shitlord
Patron
Joined
Oct 12, 2010
Messages
1,871,883
Codex 2016 - The Age of Grimoire Grab the Codex by the pussy RPG Wokedex Strap Yourselves In Codex Year of the Donut Shadorwun: Hong Kong Divinity: Original Sin 2 Steve gets a Kidney but I don't even get a tag. Pathfinder: Wrath I helped put crap in Monomyth
I don't know why I'm getting rated "cringe" for using a password manager and being responsible; if you fags did the same thing then I wouldn't have had to install this authy faggotry onto my phone.

Basic PW hygiene should be common sense. You can't use the same PW everywhere anymore considering how many sites and DBs get compromised, I'm surprised this even needs saying in CURRENT_YEAR.
 

Ranselknulf

Arcane
Patron
Joined
Nov 28, 2012
Messages
1,880,096
Location
Best America
PC RPG Website of the Year, 2015 Codex 2016 - The Age of Grimoire Make the Codex Great Again! Grab the Codex by the pussy Insert Title Here RPG Wokedex Strap Yourselves In Codex Year of the Donut Steve gets a Kidney but I don't even get a tag.
I had to setup 2FA again and now the codes work. I'm puzzled. System time is synced with the phone, network speed seems ok.

Do I need to do this shit every day from now on?
Of course not. You only do one verification every 30 days under normal circumstances. If you're seeing anything else, it's an issue on your end, either due to various addons you're using interfering with normal functionality, blocking cookies, or who knows what else you have installed/misconfigured on your end.

The backup codes are only meant for BACKUP purposes, i.e. if you lose your primary access. They are not meant for normal use.

Unless, ofc, you use a VPN. Then its every time.
 

Tacgnol

Shitlord
Patron
Joined
Oct 12, 2010
Messages
1,871,883
Codex 2016 - The Age of Grimoire Grab the Codex by the pussy RPG Wokedex Strap Yourselves In Codex Year of the Donut Shadorwun: Hong Kong Divinity: Original Sin 2 Steve gets a Kidney but I don't even get a tag. Pathfinder: Wrath I helped put crap in Monomyth
I had to setup 2FA again and now the codes work. I'm puzzled. System time is synced with the phone, network speed seems ok.

Do I need to do this shit every day from now on?
Of course not. You only do one verification every 30 days under normal circumstances. If you're seeing anything else, it's an issue on your end, either due to various addons you're using interfering with normal functionality, blocking cookies, or who knows what else you have installed/misconfigured on your end.

The backup codes are only meant for BACKUP purposes, i.e. if you lose your primary access. They are not meant for normal use.

Unless, ofc, you use a VPN. Then its every time.

I've used Proton and NordVPN and never seen this behaviour.
 

As an Amazon Associate, rpgcodex.net earns from qualifying purchases.
Back
Top Bottom