• Sign up or login, and you'll have full access to opportunities of forum.

October 16, 2019 - Visions of Darkness is no longer open to new registrations and will close on May 26, 2020. If you're a current member, you'll find

  • Thread starter Deleted member 16320
  • Start date
Go to CruxDreams.com
D

Deleted member 16320

Guest
hello folks, I have an unpleasant news, visionofdarknes.com is canceling next year, and I'm doing my job, trying to convince many artists from that site to come here to cruxfrum, no longer register for VoD, but some VoD members complain that after registration for cruxforum, they did not receive a confirmation mail..please for a solution.
thanks a lot, my arm is broken, but I will try to send samples of the work of VoD authors!
Thanks.
 
I agree completely that this forum would be enormously enriched by the migration of VoD artists such as jucundus and Bleumune.

Although I have not been asked, I will try to post images of their work on this thread to assist the injured Darken. I have until May, 2020.

I think it underscores the effort made by the principals to keep this forum alive and healthy. They deserve gratitude and support.

flower3
 
I've been trying to convince people there to consider coming here. To be honest many of the regulars there have some complaints about this site:

1. Crux is too niche and they aren't into it. Well, I feel the same way, but there is so much other stuff here, that it doesn't really matter, IMO.
2. There is too much posting of non-original work. Sure, that's true. Personally, if any of them come here, I will happily cease re-posting their work, because I have no interest in duplicate posting. I post their work only so that members here who don't go to VoD can enjoy it. Someone there said they wished there was some separation of original work from re-posts on CF. That is something I would support (say a section where only the artists who made the work can post).
3. They don't like having to post thumbnails. The volume at VoD is much less than what's here (partly because they don't allow re-posting). For me, having to click to get the full-size doesn't bother me.
4. They are afraid that there is no place to post any of the "lighter" images from the Promenade gallery there. My answer is-make a thread and post and see what happens. Remember what happened in "Green Eggs and Ham"-he ended up liking them!!!

Anyway, now they're talking about starting a new VoD, which is fine by me...
 
I've been trying to convince people there to consider coming here. To be honest many of the regulars there have some complaints about this site:

1. Crux is too niche and they aren't into it. Well, I feel the same way, but there is so much other stuff here, that it doesn't really matter, IMO.
2. There is too much posting of non-original work. Sure, that's true. Personally, if any of them come here, I will happily cease re-posting their work, because I have no interest in duplicate posting. I post their work only so that members here who don't go to VoD can enjoy it. Someone there said they wished there was some separation of original work from re-posts on CF. That is something I would support (say a section where only the artists who made the work can post).
3. They don't like having to post thumbnails. The volume at VoD is much less than what's here (partly because they don't allow re-posting). For me, having to click to get the full-size doesn't bother me.
4. They are afraid that there is no place to post any of the "lighter" images from the Promenade gallery there. My answer is-make a thread and post and see what happens. Remember what happened in "Green Eggs and Ham"-he ended up liking them!!!

Anyway, now they're talking about starting a new VoD, which is fine by me...
fix, it is said that they could create new webmasters, but probably void anyway ...
 
I'm sorry it lasts but with my left hand shit working!
 

Attachments

  • 001.jpg
    001.jpg
    1.5 MB · Views: 306
  • 016.jpg
    016.jpg
    838.3 KB · Views: 317
  • 019.2.jpg
    019.2.jpg
    1.1 MB · Views: 324
  • 029.jpg
    029.jpg
    1.4 MB · Views: 340
  • 20161105 Burned Cunt.jpg
    20161105 Burned Cunt.jpg
    990.9 KB · Views: 355
  • 20161106 Up or down.jpg
    20161106 Up or down.jpg
    1.3 MB · Views: 351
  • forbidden fantasy.jpg
    forbidden fantasy.jpg
    408.4 KB · Views: 349
  • JerriK013a.jpg
    JerriK013a.jpg
    1.8 MB · Views: 324
  • Lyon under interrogation (occ direct).jpg
    Lyon under interrogation (occ direct).jpg
    499.4 KB · Views: 322
  • Michael BG bats2FIN.jpg
    Michael BG bats2FIN.jpg
    199.3 KB · Views: 313
I've been trying to convince people there to consider coming here. To be honest many of the regulars there have some complaints about this site:

1. Crux is too niche and they aren't into it. Well, I feel the same way, but there is so much other stuff here, that it doesn't really matter, IMO.
Certainly, Crux was where the Forums started, but the BDSM Forum was soon added, and since we introduced Fantasy Unlimited, we've had a very wide range of stuff.
2. There is too much posting of non-original work. Sure, that's true. Personally, if any of them come here, I will happily cease re-posting their work, because I have no interest in duplicate posting. I post their work only so that members here who don't go to VoD can enjoy it. Someone there said they wished there was some separation of original work from re-posts on CF. That is something I would support (say a section where only the artists who made the work can post).
If artists start threads for their own work, and make it clear they'd prefer not to have others muscling in, we try to ensure their wishes are respected - on the whole, that sort of courtesy is part of the 'culture' of the Forums, if we tried to enforce more rigid demarcation, it would be a different kind of place.
3. They don't like having to post thumbnails. The volume at VoD is much less than what's here (partly because they don't allow re-posting). For me, having to click to get the full-size doesn't bother me.
The main reason for thumbnails is that posting full-size (unless the image is streamed from another site) uses up the finite usage allowance and can cost our site-owner, ImageMaker, money from his pocket. Also, only registered members can open thumbnails, full-size posts are visible to anyone who finds the Forums.
4. They are afraid that there is no place to post any of the "lighter" images from the Promenade gallery there. My answer is-make a thread and post and see what happens. Remember what happened in "Green Eggs and Ham"-he ended up liking them!!!
Quite right, cf 1 above, there's certainly a welcome for 'lightness' and 'darkness' here.
 
Darken, robn13 and Windar are certainly doing a good job selling this site. I also agree entirely with Eulalia. There are lots of places here to post whatever you fancy. The BDSM section is still in its infancy but is rapidly catching up with the rest of the forum. The complaint about recycled material is valid except in our superb archive which consists of member's work only.
 
I guess the bottom line here is that we can invite the refugees from VoD to join us here, and some will come to us. Of those, some will leave but others will choose to stay once they realise that crux is only part of what we talk about here. Either way we gain more members and at least some of the stuff from VoD can be saved
 
As a VoD member my greatest concern is the apparent lack of security here. Just logging in gives a warning about no security and there is a donate banner with absolutely no security either...
 
As a VoD member my greatest concern is the apparent lack of security here. Just logging in gives a warning about no security and there is a donate banner with absolutely no security either...
Thank you, for your first message here!
The https-login, brings more costs for the site owner. And then, it's a site for fun, not for money-dealing, sale or banking. Our content it's free for the member. Why pay for https-login then?
 
Thank you, for your first message here!
The https-login, brings more costs for the site owner. And then, it's a site for fun, not for money-dealing, sale or banking. Our content it's free for the member. Why pay for https-login then?
A thing to consider is that, to run HTTPS in the past you had to buy commercial SSL certificates from 'authorities' like Thawte, Comodo and so on, and you'd have to pay yearly to renew them.

Today as a site/server owner you can use Let's Encrypt certificates which are free; they only have a short validity time but there is an autorenewal service that works by you proving site ownership in a challenge/response. So you actually have to worry about nothign and it can be automagic. A lot of the graphical server management interfaces actually have point and click Let's Encrypt integration today.


Everything should be ssl nowadays (and making that possible is one of the goals of the Let's Encrypt project)
 
Last edited:
A thing to consider is that, to run HTTPS in the past you had to buy commercial SSL certificates from 'authorities' like Thawte, Comodo and so on, and you'd have to pay yearly to renew them.

Today as a site/server owner you can use Let's Encrypt certificates which are free; they only have a short validity time but there is an autorenewal service that works by you proving site ownership in a challenge/response. So you actually have to worry about nothign and it can be automagic. A lot of the graphical server management interfaces actually have point and click Let's Encrypt integration today.


Everything should be ssl nowadays (and making that possible is one of the goals of the Let's Encrypt project)
As a VoD member my greatest concern is the apparent lack of security here. Just logging in gives a warning about no security and there is a donate banner with absolutely no security either...
As someone not that tech savvy, how much security does https give, given that highly secure sites like the NSA, Pentagon, large banks, etc. have been hacked? My account here is linked to an anonymous email so there would be a hell of a trail to follow to get what exactly? And, of course, your ISP and phone company already know you access CF, as well as Google, Facebook, the FBI, NSA, GRU, etc. etc.

Regarding VoD, I had an exchange with a member there who wanted some ideas of other sites where he could find good stories and art. I suggested CF and he came back with "They use cookies". I showed him that the cookie warning for CF and VoD were IDENTICAL (both being XenForo sites), but his mind was made up. Not surprising, since many studies have shown that presenting facts that contradict someone's viewpoint actually makes them hold to their beliefs more strongly..,.
 
I don't understand the business or politics of running a site like this, but I must say I appreciate the art work and the talented artists on this site. Thank you so much. There is so much more to this site than just crux. We as a group have many interests in common and I am thankful that we have this place to come to with out fear of being judged.
 
You are right, Cynthia. I must say I'm not amused to see all the robots under the visitors here
 
You are right, Cynthia. I must say I'm not amused to see all the robots under the visitors here
The 'robots' are almost all search engines at work - Google, Bing, Baidu etc.
It's well to be aware that anyone who finds this site can read much of the content,
and view any full-size images, without needing to register.
But to take an active part, open thumbnails, view all the content,
registration is necessary.
https encryption would really make no difference to our site,
it's very necessary on sites that take bank details for purchases,
or other kinds of confidential information. But we don't,
and of course we advise against putting any personal information
(email addresses etc.) on public threads where, as I say, the whole world can see them.
 
As someone not that tech savvy, how much security does https give, given that highly secure sites like the NSA, Pentagon, large banks, etc. have been hacked? My account here is linked to an anonymous email so there would be a hell of a trail to follow to get what exactly? And, of course, your ISP and phone company already know you access CF,...
It's less about protecting the site against being hacked, than providing a secure channel.

Over plain HTTP you are sending your login name and password as a message in a clear bottle, that anyone processing the IP packets can fully inspect. The same goes for all interactions. When you use https, it can only be seen that you're interacting with the site, the amount of data etc. but nobody has any idea what you were doing. In fact it's not at all trivial even for the NSA to do that - we learned about that through Snowden et al., they have to rely on phenomena like the 'Heartbleed' vulnerability to get at the private keys server side - which can be mitigated by PFS which you get all for free today.
The possibility to inspect all traffic just like that, and collate it, is the reason why alarms will show up in browsers. And why many sites today that mostly just deliver content, still use https.

Also when you use https, you are secure in the 'coffee shop' scenario where you connect to an insecure network. Now of course no one is knowingly going to do that with CF, but the problem is that very often you are connecting to a compromised network without knowing. That's because a lot of routers and access points never get their firmware updated (sometimes even admin passwords are at the factory default) ... or even if someone wants to update the manufacturers cease support too quickly. (Be honest, when was the last time you updated the firmware of your own WLAN access point or router. Routers getting hijacked is a real problem).

It's like with anything regarding security - there is not ever such a thing as 100% security, but there are always worthwhile steps to take. And there should always be multiple layers. And if someone with trillionaire resources is really out to get you they will, but you can avoid being easy prey ... you don't have to run faster than the lion, just faster than the other prey ;)

It's always a balance between risk (there may be a low chance of a high-damage outcome) versus cost or inconvenience (you will carry the cost and inconvenience even if the high-damage event never happens)

With the cost of https going to close to zero (there may be legacy technical burdens for some sites that make it take more than the usual few minutes to set up free https) it's an easy move to make.

Anyway here's some recommendations for a general minimum of best practice, based on the European GDPR. They alos agree quite straightforwardly, "How should our users enter their passwords? You should ensure that your login pages are protected with HTTPS, or some other equivalent level of protection. Failure to do so will mean that anyone who is in a position to intercept network traffic can obtain passwords and may be able to carry out replay attacks"

"They use cookies"
It's necessary to use at least one type of cookie (the session cookie) to maintain a login, as http is itself a so-called "stateless protocol" (that is, without assistance, it can't carry over information like logins from one request to the next). Xenforo describes the cookies they set by default here, the are all legit and well-known for this type of application https://xenforo.com/community/help/cookies/ in fact one of them is supposed to be a security aid against an attack called cross-site request forgery.
Then there is stuff from Google Analytics and Google Tag Manager, these are things one may wish to block, Firefox can do that for you or a number of extensions will or you can nuke them with a hosts file entry.
 
It's less about protecting the site against being hacked, than providing a secure channel.

Over plain HTTP you are sending your login name and password as a message in a clear bottle, that anyone processing the IP packets can fully inspect. The same goes for all interactions. When you use https, it can only be seen that you're interacting with the site, the amount of data etc. but nobody has any idea what you were doing. In fact it's not at all trivial even for the NSA to do that - we learned about that through Snowden et al., they have to rely on phenomena like the 'Heartbleed' vulnerability to get at the private keys server side - which can be mitigated by PFS which you get all for free today.
The possibility to inspect all traffic just like that, and collate it, is the reason why alarms will show up in browsers. And why many sites today that mostly just deliver content, still use https.

Also when you use https, you are secure in the 'coffee shop' scenario where you connect to an insecure network. Now of course no one is knowingly going to do that with CF, but the problem is that very often you are connecting to a compromised network without knowing. That's because a lot of routers and access points never get their firmware updated (sometimes even admin passwords are at the factory default) ... or even if someone wants to update the manufacturers cease support too quickly. (Be honest, when was the last time you updated the firmware of your own WLAN access point or router. Routers getting hijacked is a real problem).

It's like with anything regarding security - there is not ever such a thing as 100% security, but there are always worthwhile steps to take. And there should always be multiple layers. And if someone with trillionaire resources is really out to get you they will, but you can avoid being easy prey ... you don't have to run faster than the lion, just faster than the other prey ;)

It's always a balance between risk (there may be a low chance of a high-damage outcome) versus cost or inconvenience (you will carry the cost and inconvenience even if the high-damage event never happens)

With the cost of https going to close to zero (there may be legacy technical burdens for some sites that make it take more than the usual few minutes to set up free https) it's an easy move to make.

Anyway here's some recommendations for a general minimum of best practice, based on the European GDPR. They alos agree quite straightforwardly, "How should our users enter their passwords? You should ensure that your login pages are protected with HTTPS, or some other equivalent level of protection. Failure to do so will mean that anyone who is in a position to intercept network traffic can obtain passwords and may be able to carry out replay attacks"


It's necessary to use at least one type of cookie (the session cookie) to maintain a login, as http is itself a so-called "stateless protocol" (that is, without assistance, it can't carry over information like logins from one request to the next). Xenforo describes the cookies they set by default here, the are all legit and well-known for this type of application https://xenforo.com/community/help/cookies/ in fact one of them is supposed to be a security aid against an attack called cross-site request forgery.
Then there is stuff from Google Analytics and Google Tag Manager, these are things one may wish to block, Firefox can do that for you or a number of extensions will or you can nuke them with a hosts file entry.
So what you're saying is that someone could steal my password, log onto this site as "windar" and post some really bad stories? :eek::eek::eek::eek::eek::eek::eek:

But, seriously, I do understand the risk if you're on a site like Facebook under your real name and of course, with anything involving credit cards #s, bank info, SSN# or the equivalent in other countries. But everyone here is under a fake name and anything they say about themselves may or may not be true (though I really am better looking than Brad Pitt, honest, I swear!) I think the GDPR is a fine thing to protect real identities, but does it really apply to fake ones?
 
does it really apply to fake ones?
I think you're being a bit too flippant here.

Everything you do with a 'fake' identity ... you do with real devices from real places with the appendages of your real person. There is absolutely nothing fake about the data being logged. That's all you.

What your screen name is, is irrelevant.

It isn't about someone appropriating your account in order to profit from your reputation. It's about collating the data. That one particular real person which Google knows about and Facebook knows about (they tend to know about you even if you have no account with them) happens to be some particular account on cruxforums.

If someone database registers that, it isn't going to be harvested by a conspiracy to appropriate your cruxforums likes.
It is going to be a piece of information along with similar information about many other users, that will be sold off to any bidder who thinks they may be able to use it for whatever kind of leverage. (Not all of the buyers are going to be named Igor or Vladimir).

Perhaps this is more understandable to younger people. All this data can be collated, are we to trust not only the currently existing corporations and governments but also all the future ones a generation on to never use this?

One reason Wikipedia is using https even for just browsing its pages (not only for editing) is that they understand, if for instance someone collates all the data about people who suddenly become interested in any type of disease and its treatment, well that increases the likelihood they may have been diagnosed for it, and when you consider the amount of people accessing Wikipedia that would be a huge dataset that could be sold off for great profit and terrible consequence. Also, especially with cellphones, it just really isn't that hard to collate data with devices with locations with behaviors. They know your sleep and work patterns. (Think of it, it's trivial). Oh yeah add to that Google buying up health records and Fitbit.

It's basically the question,

A) you want to trust ALL corporations and powerful governments not only for now but far into the future to never ever do something dodgy.(Remember how "Don't be evil" used to be Google slogan ... until they removed it... )

b) for FREE you can reduce the possible impact significantly.

It might not be about you but for instance about some, out of thousands, who might get their career shot down (2044 Progressive hopeful resigns from presidential race because of allegation of 'internalized misogyny' raised from Russian leaks of packet sniffing way back from the Roaring Twenties when they were a member of some weird forum), or their lives upended in a different regime.

Having https on a site like this would not negatively impact your ability to write stories and accumulate likes in any way.

Assuming it can be implemented in the same way as elsewhere - for free from Let's Encrypt - it also doesn't increase the costs of running the forum in such a way that they'd have to switch to a paid subscription model or anything.

So what's the damage done?

Why not improve security?

People who are serious about this, and working for non profits, have come to the conclusion that we should just phase out unencrypted http completely and use https everywhere ... about five years ago. https://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdf -- everything described there has gotten much easier and better by orders of magnitude in the last 5 years... for instance if you use Plesk it's just literally 'mash that button and follow the instructions'.
1.png

I don't see why it's necessary to dig in the heels and resist a more secure web for everyone.

If the technical protocols for the web had been designed for encryption from the ground up you wouldn't argue to switch to insecure would you?
When someone who manages a server logs on to do the nitty gritty work, they'll use something called SSH, which is always encrypted, and nobody is saying, can I please have an insecure way to manage my server.

Is it just ingrained that security is bad? It's only for tinfoil hat people like Edward Snowden and Julian Assange and you don't want to end up like that?

Because we should be good subjects who have nothing to hide?

Because The Government needs to catch The Terrorists so The People shall sleep peacefully? (yes terrorists are in fact a very real issue but they are a focused problem which is best addressed by targeted intervention).
 
I think you're being a bit too flippant here.

Everything you do with a 'fake' identity ... you do with real devices from real places with the appendages of your real person. There is absolutely nothing fake about the data being logged. That's all you.

What your screen name is, is irrelevant.

It isn't about someone appropriating your account in order to profit from your reputation. It's about collating the data. That one particular real person which Google knows about and Facebook knows about (they tend to know about you even if you have no account with them) happens to be some particular account on cruxforums.

If someone database registers that, it isn't going to be harvested by a conspiracy to appropriate your cruxforums likes.
It is going to be a piece of information along with similar information about many other users, that will be sold off to any bidder who thinks they may be able to use it for whatever kind of leverage. (Not all of the buyers are going to be named Igor or Vladimir).

Perhaps this is more understandable to younger people. All this data can be collated, are we to trust not only the currently existing corporations and governments but also all the future ones a generation on to never use this?

One reason Wikipedia is using https even for just browsing its pages (not only for editing) is that they understand, if for instance someone collates all the data about people who suddenly become interested in any type of disease and its treatment, well that increases the likelihood they may have been diagnosed for it, and when you consider the amount of people accessing Wikipedia that would be a huge dataset that could be sold off for great profit and terrible consequence. Also, especially with cellphones, it just really isn't that hard to collate data with devices with locations with behaviors. They know your sleep and work patterns. (Think of it, it's trivial). Oh yeah add to that Google buying up health records and Fitbit.

It's basically the question,

A) you want to trust ALL corporations and powerful governments not only for now but far into the future to never ever do something dodgy.(Remember how "Don't be evil" used to be Google slogan ... until they removed it... )

b) for FREE you can reduce the possible impact significantly.

It might not be about you but for instance about some, out of thousands, who might get their career shot down (2044 Progressive hopeful resigns from presidential race because of allegation of 'internalized misogyny' raised from Russian leaks of packet sniffing way back from the Roaring Twenties when they were a member of some weird forum), or their lives upended in a different regime.

Having https on a site like this would not negatively impact your ability to write stories and accumulate likes in any way.

Assuming it can be implemented in the same way as elsewhere - for free from Let's Encrypt - it also doesn't increase the costs of running the forum in such a way that they'd have to switch to a paid subscription model or anything.

So what's the damage done?

Why not improve security?

People who are serious about this, and working for non profits, have come to the conclusion that we should just phase out unencrypted http completely and use https everywhere ... about five years ago. https://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdf -- everything described there has gotten much easier and better by orders of magnitude in the last 5 years... for instance if you use Plesk it's just literally 'mash that button and follow the instructions'.
View attachment 789838

I don't see why it's necessary to dig in the heels and resist a more secure web for everyone.

If the technical protocols for the web had been designed for encryption from the ground up you wouldn't argue to switch to insecure would you?
When someone who manages a server logs on to do the nitty gritty work, they'll use something called SSH, which is always encrypted, and nobody is saying, can I please have an insecure way to manage my server.

Is it just ingrained that security is bad? It's only for tinfoil hat people like Edward Snowden and Julian Assange and you don't want to end up like that?

Because we should be good subjects who have nothing to hide?

Because The Government needs to catch The Terrorists so The People shall sleep peacefully? (yes terrorists are in fact a very real issue but they are a focused problem which is best addressed by targeted intervention).
Yes, there is a data risk. But I think there will be a data risk from on-line shopping, too, encrypted or not. You have to trust the corporation will not sell its data (in bankruptcy?) and that employees or others will not steal and/or leak it. Privacy is I'm afraid going away, despite Commissioner Margrethe. All one can do is try to mitigate risk. (Back in the late '60's, a guy named Robert Bork was nominated to the US Supreme Court, and advocated "cracking down" on pornography. Sales records came to light--way before the internet--indicating the he himself had rented pornographic movies. He wasn't confirmed, and even to this day conservatives have charged that Bart Kavanaugh was "Borked" in his confirmation hearing.)
For example, there was an academic with whacky conservative views (an economist, it turns out) in the United States in the news recently. He tweeted a paper that argued that women didn't belong in Academe. He said blacks were inferior academically. He argued that geniuses were all men, albeit a little weird. It got out. The provost of his institution (a women) called his views "stupid and vile", but said he had a right to free speech on his own time. Now his "views" were indefensible in the sense that they don't accord with the facts. (For instance, women have only recently been allowed into positions which show "genius", the "genius" sample is small, and what the hell is a "genius" anyway--Einstein, Feynman, Beethoven, Picasso, Yoyo Ma--include him and maybe you should include Sandy Koufax, an American baseball pitcher, Marx, Hitler--a brilliant showman, a lot like Picasso in many respects? The sample is poorly defined and and not statistically significant.) What prompted him to make such views public? He should have known they would get out. On this site I try to remain anonymous, so no one can trace me (although I doubt that will be effective in the long run). I console myself with the thought that I will never want to run for office anywhere. And our "genius" male economist will probably keep his tenured job. I'm sure most of his colleagues knew what he thought anyway.
So, I am not sure encryption, while it would help, would be real protection either.
 
Last edited:
for FREE you can reduce the possible impact significantly
Free cheese can only be found in a mousetrap.

I had experience using a free certificate on other projects. Yes, you can use the certificate for free for a year. But then you have to pay.
And if you stop using the certificate, there are problems with the forum - it stops working due to the problem of changing the address bar. And in order to establish work, you need to make some efforts and the forum will not work for several days.

However - if you pay, I can do it :banana:
But you will need to pay for several years. A few decades :hambre:

But do not worry about the lack of a certificate. If you carefully use the Internet and protect your username and password, your data will be safe.
 
Back
Top Bottom