As we feared, the owner of the old domain has already betrayed the community and redirected the domain. After the redirect propagates, hundreds of thousands of loyal patriots may not know where to find home!
Spread the word that we've moved! Gab, Twitter, etc! Here's an example (Also, new Gab account for the new domain name):
https://gab.com/PatriotsDotWin/posts/105594470022099271
Edit-
A lot of concerns have actually been answered by more technically savy users in the comments,
No, they said if you were logged out, that was bad. And that the new site would likely blindly accept the first password provided. I was not logged out. My browser does not remember passwords, so it could not have logged me back in. Or... It's all bullshit and it's been compromised for a while already. Probably back when that 'hold the line' lie started.
the cookie is still valid, which means that the front end hosts are the same, the back end db is the same. URL may be different, but everything else is the same. Even the ssl cert is the same.
Yep. The fact the domain changed and SSL didn't freak out is a good thing. To every pede that doesn't know what that means... it means a ton of extremely annoying extra measures on your computer designed to warn you if something's amiss, aren't ringing. And trust me, they got super annoying the past 2 years. So I feel safe. The token is still valid, the cert is good, AND the domain name changed... even the most secure site will freak out if you change a domain name, unless you've set up a line of trust. Well it looks like they setup a line of trust. So there.
EDIT-
Dusted off the old poorly underused, but verified, thedonaldreddit Gab account for additional verification:
https://gab.com/thedonaldreddit/posts/105595244151890950
Edit- As far as media posts go, it's fixed for new posts, being worked on for old ones.
Well, no. No serious website stores passwords.
I know how salting and hashing works. The point is that it's very much not the same as storing passwords (in plaintext), which is what the comment I responded to seemed to imply was being done.
Oh, okay. I assumed you didn't have a technical background based on your silly assumption that passwords are stored in plain text.
Of course they aren't, and of course that isn't what he meant.
You're obviously not the security programmer for healthcare.gov /s
How do you know?
How do you know?
Oh yeah I'm so silly, that's never happened before or anything, I mean it's practically unheard of.
Like I said. I think it's likely the mod (who deferred to another on the technical questions) simply used imprecise language, but this is important enough that it merits clarification.
Nobody who isn't a retard does this on accident. You do it because 1) you want to harvest passwords or 2) you don't care at all about security.
This website wasn't built by retards. Clearly that response wasn't a technical response. Regardless, you're drawing silly conclusions.
I'm not going to argue with you or continue to granulate common sense into a powder for you. Move on pede!
I should hope so. All the same, it's a perfectly reasonable question and I would like an answer.
Wut? That makes no sense whatsoever. If the website didn't store anything for a user but their username, there would be no way to ensure the password matches the username (other than private keys or something).
I repeat: no serious website stores its users' passwords. It's a huge security hole. It stores a hash, which is the result of the application of a one-way function (in practice, a function that nobody knows how to invert, like SHA-256), together with a random string called a 'salt' (but let's ignore that for now). When you try to log in, the system computes the hash of the password you input, and compares that hash with the hash stored in the database. It correctly compares whether it was given the correct password even though it doesn't know what your password is. This is a very important security matter. Without it, if the database ever becomes compromised, the hacker gets easy access to all the users' passwords, which given the rampant practice of password reuse, would be an absolute nightmare.
Like I said, I think it's likely that this is being done correctly and this was just imprecise wording on the mod's part, but it merits asking for clarification.
I was replying to your other reply implying hashes weren't how this works. They are still storing a password, just not the plaintext password.
Looks like you've now edited the reply to make yourself look smart though, congratulations.
Where did I imply that?
But that's the thing, they aren't. A hash is not a one-to-one function. It's many-to-one (guaranteed by the pigeonhole principle). There are many possible passwords that result in the same hash value, so really you could login by typing in something that's not your password. Finding collisions is extremely hard with a decent hash function, of course, but the important point of principle is that in a well-designed system the server doesn't even have to see your password in order to properly authenticate you. It's not storing passwords. It's storing hashes. That's the crucial bit.
I don't know what you're talking about. I didn't edit my replies and have no interest in 'looking smart', I just want to have some mod please confirm that yes they're hashing and salting, how could I even suggest otherwise.