Updates to Website

All Races, Ethnic Groups, Religions, Gay or Straight, CIS or Trans: If you can rock with us, you are one of us.

For the time being register with Protonmail until I can check with G-Mail.

Reminder: Personal Vendetta Threads (especially against staff) will be locked and thrown into the dumper.

Onionfarms.online is temporarily down.
Topics of Interest

The end of kiwifarms

This is a dragon Josh may not be able to slay. And they have come for here as well. Assuming Keffals kills Kiwi Farms, Onion Farms is his next target. We are running out of places to speak, this isn't good for any of us.
OnionFarms doesn't have even 0.1% the reputation KF has. Lucas was invited here by Kengle to present his side of the story and interact with posters here who may be able to fact check some of his claims. He declined. The mere fact that a lot of people here refer to him as a Him and the mere fact that a lot of people here use less than kind terms to describe him has officially nothing to do with his status as a "trans-woman"; it has everything to do with the disgusting content of his character that no amount of "respect muh" can overcome. I don't respect him and I won't give him the dignity of playing pretend with him. So he can try to come after us, it would be a disastrous move for his image and reputation if he did.
 
At this point, I'd probably have to create a new account, if he ever reopens non invite registration, but I do wonder if it's really worth it. Josh not allowing users to delete accounts really does not sit well with me. On one hand, I sort of appreciate his turbo autistic determination to keep the site going, but his "customer service " skills blow barrels and barrels of chimps.
Requiring all users to do a password reset, with email, was the last straw for me. It's left a bad taste in my mouth that he could do this once; and so he could do it again. And only removing all email functionality from the site could mitigate my concerns with going back at this point.

The session-stealing attack did not even require such drastic action. All he had to do was log out all active sessions, and then require all users to pick a new password at login. Adding email to the mix just took out half the user accounts.

Taking out half the user accounts, and keeping registration closed, is 100% certain to cause the site to decline.
 
The whole account thing was stupid.

But, to be fair, he will need o stall registrations as much as possible. Likely they already have plans to cusse trouble or attempt to discredit the farms even more with false flags,
 
The whole account thing was stupid.

But, to be fair, he will need o stall registrations as much as possible. Likely they already have plans to cusse trouble or attempt to discredit the farms even more with false flags,
I'm shocked he doesn't even doxxed the false flaggers that come to his site given how he lets those idiots get away with dragging his name in the mud
 
Likely they already have plans to cusse trouble or attempt to discredit the farms even more with false flags,
Then the cows just make fake screencapps like they're already done a couple times in recent history.

At a certain point the site needs to open registrations. They have less users logged in right now (~600) than they did when they were Tor-only a couple weeks ago. (~900)
 
Requiring all users to do a password reset, with email, was the last straw for me. It's left a bad taste in my mouth that he could do this once; and so he could do it again. And only removing all email functionality from the site could mitigate my concerns with going back at this point.

The session-stealing attack did not even require such drastic action. All he had to do was log out all active sessions, and then require all users to pick a new password at login. Adding email to the mix just took out half the user accounts.

Taking out half the user accounts, and keeping registration closed, is 100% certain to cause the site to decline.
XenForo encrypts password information. Not only is password information inaccessible completely from the control panel, but even IF they had access to the physical database (which they didn't) passwords are one-way encrypted. They can't be decrypted. It would make sense for Josh to require a password reset for staff members because if I were going to break into KF I'd change the passwords on the janny accounts and screencap their PMs and whatnot; but if that happened I suspect we'd already know it had happened because leaks would have already taken place, but they haven't.

Josh likes to exaggerate everything but this exaggeration is flat out retarded. It makes negative sense. Josh himself said that the logs showed they tried to export the user data which are user settings/preferences, email addresses, IP logs and that is all.
 
XenForo encrypts password information. Not only is password information inaccessible completely from the control panel, but even IF they had access to the physical database (which they didn't) passwords are one-way encrypted. They can't be decrypted. It would make sense for Josh to require a password reset for staff members because if I were going to break into KF I'd change the passwords on the janny accounts and screencap their PMs and whatnot; but if that happened I suspect we'd already know it had happened because leaks would have already taken place, but they haven't.

Josh likes to exaggerate everything but this exaggeration is flat out retarded. It makes negative sense. Josh himself said that the logs showed they tried to export the user data which are user settings/preferences, email addresses, IP logs and that is all.
Oh yeah, I know quite well. I host a few sites.

I'm assuming it's a one way hash, which in this usage case is actually a step better than encryption, as there is no actual key to decrypt it, it's one-way. (This is how we store them in PHPBB, and how nearly every site does now)

You can brute force hashes, but there is no one decryption key; you'd have to try every combination, one by one. And with a long, complex password there's no point in even trying.
 
Oh yeah, I know quite well. I host a few sites.

I'm assuming it's a one way hash, which in this usage case is actually a step better than encryption, as there is no actual key to decrypt it, it's one-way. (This is how we store them in PHPBB, and how nearly every site does now)

You can brute force hashes, but there is no one decryption key; you'd have to try every combination, one by one. And with a long, complex password there's no point in even trying.
Yeah that's what I meant, a one-way hash and that's exactly right there's no key; so it makes no sense for Josh to force users to email reset their accounts and I strongly suspect that his decision is rooted in the fact that he doesn't know how to set up a password reset prompt upon login
 
Well now Kiwi Farms is back on normie net.
more of a stalemate
1664783651334.png

sometimes it works for me , but most of the time im waiting for a dead page.
 
I know josh said he warned people, but nobody was going to seriously use an email anyone could track And risk be associated with the site in anyway.

So you only had an email for a single website. Obviously a lot of people would lose access.
 
You know, if the user count drops down a bunch, but there's still a couple few hundred people anyway, that's actually pretty comfortable. Compare faster and slower 4chan boards.
 
I am not super tech savvy or anything, but I honestly thought Losing Clouldfare Would be the end. That‘s what killed 8Chan, right?

After being booted from literally everywhere, and enduring a hack, and a stupid password reset, the site is still around.I am starting to think this might not be the end after all.
 
Back
Top