RegisterDonateLogin

Could still beat you with 1 Doombot tied behind its back.

Welcome Guest Active Topics | Members

Updating Bloomilk security? Options
shatterpoint7
Posted: Saturday, August 6, 2022 12:09:49 PM
Rank: Advanced Bloo Milk Member
Groups: Member

Joined: 4/19/2009
Posts: 488
As I login using firefox, there is a notification saying this website may not be secure. Perhaps there is a way to upgrade?
kobayashimaru
Posted: Saturday, August 6, 2022 1:33:48 PM
Rank: Advanced Bloo Milk Member
Groups: Member

Joined: 8/26/2011
Posts: 915
Agreed Shatterpoint7;
Although there is a thread titled
"Should Kobayashimaru Self-Efface and Leave Bloomilk, Other Webpresences"
The reasons of Security at Bloomilk is part of why I am considering finding alternative options.
the other being, a lot of people dislike posts over 150 characters or more,
so I was supportive of BoardgameGeek and other webpresences,
possibly even stuff from the Nebula Forums side etc for SWMinis,
or within the VASSAL community itself.

Folks are trying to look out for us until Bloomilk moves to CSS and https frameworks.
Part of the reason was hosting and access.
I am also concerned at a number of 'backrooms' at Bloomilk over the years as a lot of folks use
Bloomilk as a port to other things.


In the meantime;
You can use sachette protocols to mirror to the Wayback Machine Live-Fetch etc,
I recommend using VPN + PubKey-Switch Mirror etc to provide through those if using Bloomilk.
Rather than direct access to Bloomilk etc.
There is a little 'lag' / 'latency" to doing things with the Live-Get Image of Bloomilk
but hey, its safer than having Bloomilk open while playing VASSAL-SWMinis only to have to defend against
unwanted network intrusion etc.

NB Firefox Quantum etc is looking to be being dropped at some point
where they will suggest you just use Google Chrome etc.
That's a separate story...
kobayashimaru
Posted: Saturday, August 6, 2022 2:01:02 PM
Rank: Advanced Bloo Milk Member
Groups: Member

Joined: 8/26/2011
Posts: 915
kobayashimaru wrote:
Agreed Shatterpoint7;
In the meantime...;


So,
As Previously Mentioned,
There Are Options.

1) Abandon Bloomilk as Abandon Ware. Easiest Option,
go to VASSAL/SWMinis or TabletopBoardgameSim or to Boardgamegeek (as a last resort).
1b - Use a VPN and Virtual Network Distribution to Sachette Into Bloomilk via
a fetched crawler/feeder framework like via Wayback Machine,
rather than direct access to the raw Bloomilk "Au-Naturale".
Safer than direct access.


2) Try to Reform/ Re-Develop Bloomilk, via
"Right Of Resumption" after Bloomilk is declared "Abandoned Forum" in Absentia,
get a squatters-rights resumption declared,
metadata scrape the existing content and filter the crud from it.
Clean the semblance to remove any embedded crud over the years and dormant backrooms etc.
Audit Bloomilk's Data Integrity - Report on the Hidden Features etc...

Transfer Bloomilk to a new company;
The Star Wars Miniatures Players Association International Inc.
SWM-PAI-Inc. A 501.3 C Charitable Not For Profit Organization Modelled After Chess Clubs etc,
For The Preservation And Continuation of The Star Wars Miniatures Boardgame,
find pathways with SETI-intl and The Planetary Society, to have the external compliance audits
be performed by The Planetary Society and Librepenseurie Sans Frontieres etc,
so that we can be assured that the Not-For-Profit Status is Integrity-Assured.

learning from the Chess, Heroclix and other examples,
this would then allow folks who have suggested Kickstarters and Peer-Share or "Beer Money" frameworks,
to archive and re-develop Bloomilk

3) Found a new, separate site similar to that described in (2) above,



kobayashimaru
Posted: Saturday, August 6, 2022 2:08:15 PM
Rank: Advanced Bloo Milk Member
Groups: Member

Joined: 8/26/2011
Posts: 915
So, I would like to see (SOONER THAN LATER)
a formal Bloomilk Symposia - BLOOMILK AnnualGeneralMeeting Special Deliberation; a Community Consultation Process,
A Discussion, A Census of All Remaining Players At Bloomilk ;
"Do you want to Redevelop Bloomilk" ?

"Please Submit A Voluntary Survey At Google-Docs / SurveyMonkey Etc"
a peer reviewed reverse lowest bidder dutch auction style white-paper submission process;
we want to hear from you on ideas and ways to make XYZ happen.

Then, submit your vision and plan for
Making SWMinis the Chess of Boardgames Again etc.



We can then ascertain from a discrete survey,
what the 'beer money' dev envelope is,
when we go to tender the Redevelopment Process etc.

Depending on Cooperation, We may not need to invoke
"Right To Be Forgotten" , "Right of Resumption / Cyber-Squatting" and "Abandon-ware" Provisions
to achieve the aims of fixing some issues at Bloomilk.
Also depending on that co-operation,
the 'legacy' folks from the Existing WizardsOfTheCoastEra to Present 2022 Era
will be remembered as Founders at the new Bloomilk / SWMinis Players Association International, Inc. A 501.3 C NotForProfit Dedicated To
The Preservation And Continuation Of Star Wars Miniatures Etc. (and the Webpresences Thereof, Which Are Themselves Part Of net-Culture/Nerd Gaming Culture Worthy Of UNESCO Heritage Preservation and Cultural Preservations).
kobayashimaru
Posted: Saturday, August 6, 2022 2:23:39 PM
Rank: Advanced Bloo Milk Member
Groups: Member

Joined: 8/26/2011
Posts: 915
A quick, ad-hoc informal straw poll,
suggests, the appetite for this reform is there,
there are LOTS of you all who are coders and devs.
This is before I reach out to the RollerDex, and see who might be able to assist on that,
much less other folks at Bloomilk
or folks who knew Squelchy etc.

Many of you have expressed volunteering options to
assist in such a re-dev project --- that is pretty awesome,
and, some of you, already go above and beyond to keep us few Bloomilk Users as safe as you can.
to our blackhat guardian digi-angels, You have my thanks for what you do at Bloomilk.
My special thanks goes to "The German Borg Collective" - you folks in tech have been
assisting for years to keep Bloomilk safe and on the
Search Engine Optimization side, to keep Bloomilk 'bump'd" and seen,
and we have those folks, many of whom are from Call Of Duty and Counter Strike Pins Teams etc
to thank for their continued support for boardgames.

ESports are helping 'legacy-boardgames" and,
it is my hope someday to see the tabletop Half-Life or CounterStrike Miniatures D20 Modern Game,
Recognize their sustained help to StarWarsMiniatures over the years.
I would like at some point, to have extra mission-patch or a Pin/ Tie-Lapel etc,
which I can get for the folks from those E-Sports who have helped SWMinis at Bloomilk,
that I can get them a D-20 Mission Patch and Pin,
and an in-game unlockable of the same, as a special thanks for their sustained support.


We have maybe 400 user accounts who log in the most etc,
and the rest many have abandoned or sadly, some have passed away etc.
I believe an Audit of Data Integrity etc of Bloomilk
would reveal most of the '7200" users are sockpuppet or spammer stuff.
only around 800 are even real I believe at this point.
I want to see the public results of that Data Integrity Survey at some point as
that would almost be as awesome reading as Kezzamachines' articles and or Save20 Magazine.

So,
I think we can realistically anticipate to have
a positively-geared transition to any new redev'd frameworks,
possibly entirely positive-geared from as few as 10 individual peers at Bloomilk now.
if the 501.3 NotForProfit Charity Charter Structure is Compliant,
we may be eligible for Loans from micro-peer-share which are NO INTEREST, NO REPAYMENT DEADLINE frameworks,
separate to the possibilities
of Kickstarter / CrowdFunder Options or
Individual Benefactors funding part or whole of the re-dev and migration etc.

Realistically, I believe We can come in under a low
4 digit number to complete the archiving, the clean-up and re-dev.
I believe only 10 individuals from Bloomilk are required for this project to succeed.
10 individuals, and 'beer money' to invest in the future of Star Wars Miniatures and Re-Model Bloomilk etc.

This discussion is moot iff;
1) The existing governance structure hierarchy at Bloomilk AND the peers ie,
other Bloomilk Users are unwilling and uncooperative to want to see a redevelopment project
or, the broader 501.3 C Not-For-Profit Charitable Framework for the establishment of
The Star Wars Miniatures Players Association International Inc.
-------
adamb0nd
Posted: Tuesday, August 9, 2022 8:45:36 AM
Rank: Moderator
Groups: Member , Moderator

Joined: 9/16/2008
Posts: 2,328
shatterpoint7 wrote:
As I login using firefox, there is a notification saying this website may not be secure. Perhaps there is a way to upgrade?


We have some active mods here who can add pieces and control forum posts, but only Shinja has the keys to do anything with the web server. Unfortunately, I don't see this ever changing.

Since we have no ability to update our security to modern day acceptable levels, i'd like to provide best practice for using Bloo and ensuring you're not making yourself vulnerable.


1. Use a unique password.

Do you use the same password for bloomilk as for any other site or account? If so, change your password on all accounts sharing the same password as bloomilk, and create a unique password that only bloomilk uses. This will ensure if it is compromised, the attacker will only have access to your bloomilk account.


2. Use a strong password.

Strong and long passwords are harder to crack that short, simple, or common passwords. Typically, 8 characters minimum with uppercase, lowercase, and special characters is the minimum length and complexity.

Long passwords are even better. 4 words that tell you a story may be stronger than a short complex password, and easier to remember. For example;

"Luke Blonde Tatooine 1977!" is much harder for a computer to crack than "Luke1234"


3. Don't store or post sensitive information on bloo.

Minimize the risk in the event that your account is ever breached. Don't ever transmit sensitive information over bloo. If you want to share that information, consider using email or another more secure mode of transmission.

4. Consider a password manager.

It's 2022. If we are truly secure by practicing the above methods on all our accounts, we will have too many passwords to humanly remember. Consider using a password manager like LastPass or Bitwarden.

-They're free.
-They are encrypted so only the user may ever access the passwords.
-They are easy to use, and can generate new passwords for you.
-The idea is; Instead of remembering a million unique passwords, just remember your password manager password. All other passwords can be retrieved from the password manager.


https://vault.bitwarden.com
https://www.lastpass.com/

If you do choose to use a password manager;
-Configure it with multi-factor authentication, so it requires you to generate a code on your mobile device to log in. If an attacker gets into your password manager, they get access to all of your accounts. This will mostly prevent that risk by requiring the attacker to also have access to your mobile device in order to break into the account.

-Store an OTP in a safe place. OTP (One time passcode) is an emergency back door code to your password manager. If you ever lose your phone, you will not be able to authenticate your MFA pin, and may be locked out of all your managed accounts. An OTP is a password for emergency access that only works one time. Its important to store this OTP physically/offline (where a hacker cannot reach it, like on paper in safe), and to never store the OTP with your user name.


Users browsing this topic
Guest


Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Main Forum RSS : RSS

Bloo Milk Theme Created by shinja
Powered by Yet Another Forum.net.
Copyright © 2003-2006 Yet Another Forum.net. All rights reserved.