ipb

Anything listed here for swap / etc (both proper thread and off-site links) must adhere to the Lab's aftermarket requests in addition to our own restrictions.

 

Specifically:

 

1) No derivative products can be swapped, sold, etc.

 

2) No listings for non-BPAL/BPTP/TAL products being "for BPAL" or the like.

 

 

Posts will become invisible, and links may be removed without notification. Continued abuse of this can result in warning or losing the ability to access the Swaps forum or editing your profile.

As an extra incentive for the members that haven't yet used our feedback system to leave swap feedback, we now offer 1 reward point for each review written.

 

For the 210 brave souls that have pioneered the swap feedback reviews, you have retroactively been awarded your points.

 

 

ETA: And for those who haven't noticed, the warnings and reward points are back to automagically decaying/adding up (respectively).

http://www.bpal.org/index.php?showtopic=8008

Something SV didn't mention about the feedback engine is that there are links in everyone's profile (under the "Information" section) that go straight to that person's feedback.

We're pleased to announce the lastest addition to our reward points perks! Now, in addition to being able to reduce warning levels, purchase additional PM box space, upload an avatar, and changing your member title, you can purchase the ability to change how your name is displayed!

 

For 250 points, you can opt for an unlimited name change package, that will actually let *you* change your name at-will via the Control Panel, with a minimum length of 45 days between name changes.

 

If you opt for the case-by-case package, the first display name changed is FREE! Additional display name changes will run you 50 points. NOTE: any name changes that have been requested at the time of this posting and not completed do not count towards your free display name change.

 

 

In both cases, the handle you use to log in will not be altered.

 

 

An updated list of things you can exchange your reward points for:

• Unlimited display name changes (250 points)
  
• Custom member title one time (100 points)
  
• Upload an avatar one time (100 points)
  
• Expand PM box by 25 messages (100 points)
  
• Reduce warning level (75 points)
  
• Case-by-case display name changes (1st one free, each additional, 50 points)
  

How can you exchange your reward points? Just PM shriekingviolet or myself, letting us know what reward you want!

We actually have a topic called "what is this oil?" in the FAQ section for just this sort of question...

It's been about a year, and we've grown alot in the interim. This is just a reminder that while swapping is an at-your-own-risk activity, we do keep track of people who habitually fail to follow-through with swaps arranged here on the forum. People who swaplift excessively are banned from swapping until they have resolved all of their outstanding swaps.

 

In order to do that, we need to know who is swaplifting. You may think 'Oh, I'm the only one, and it was just one bottle' but it can add up quickly. Most swaplifters that get reported here are usually at around $50 of oils that they haven't followed through with, but a recent massive swaplift incident was around $500 -- one that would have been prevented if people had come forward before it was too late. The ONLY way we can prevent swaplifters from amassing such a large scale swaplift is by you, the members, letting us know that it's happening.

 

So please, if you arranged a swap here at the forum, and it's been one month since the swap was finalized, and items haven't arrived and your swap partner isn't responding to communications or hasn't been around the forum: let one of our swap mods (cupide430, grrrlennyl, Scylla, Silvertree, twistygirl) know via PM! Please include any relevant correspondance and dates, and copy your swap partner in the PM so they are aware that they have been reported as a swaplifter.

 

Thank you!

WHAT OCCURRED

At 6:49 am (CST), we were hacked by someone with a Russian IP address. As many of you noted, he was able to insert a pair of iframes into a few skins. I was notified at 9.37 am (approximately 90 minutes after he inserted the iframes) and closed the forum until it could be cleared up.

 

He was also able to access everyone's cookie login information.

 

He did NOT access PMs or other personal information, just the skins and the cookie logins.

 

He has, however, returned at least three times since the initial attack - but not at all since we have implemented security measures.

 

 

WHAT WE HAVE DONE

We have given the forum a fresh install, and have added additional security measures to the forum, as well as applied a recent security update that fixes this specific problem.

 

The IP in question has been banned, as has the individual and their email address.

 

We have also reported this incident to Invision, in case it was a new hack. It turned out to not be a new one, but it's recently been very active.

 

 

WHAT WE ARE DOING

We are actively looking into ways to additional measures to prevent unauthorized access to the web-based administrative controls.

 

 

WHAT YOU NEED TO DO

While we use a double encryption scheme on the passwords, and your password was not actually accessed, it is still VERY important that you change your password immediately and destroy your old cookies from bpal.org (manually or by clicking this link).

 

You should be changing your password frequently, at least every 2-4 months, and use strong passwords. We will be conducting a "password changing" audit later this month to ensure that everyone has changed their password. Individuals who do not change their password by approximately mid-July will eventually lose access to the forum.

 

 

FAQs

Q: How did they find us?

A: Our logs indicate that he found us using a simply search engine query - just as you may search for information to travel, spoilers, restaurants, etc, the hacker was searching for a specific kind of forum and version.

 

Q: Does he now have my password?

A: It's entirely possible, depending on the sophistication of the hacker. While our passwords have a special scheme that is not standard for most bulletin boards, it does rely on an encryption scheme that was recently broken. The hacker would have to know exactly how we encrypt our passwords, have the list of encrypted passwords and any added information, have a decrypting programs for each method of encryption, and know how and where to undo the special multiplication and string smooshing (taking "c" and "at" to create "cat") that is done to our passwords. Considering the number of things that could have been done and wasn't, I don't believe that this particular hacker is that sophisticated.

 

It would still be a good idea to change your password if you use that password elsewhere with that email address, and we are requiring everyone to change their password.

 

 

Q: What does you mean when you by "a broken encryption scheme"?

A: There are decryption programs where you put in an encrypted passphrase and it returns the original password. For instance, if your password was "dog" and the encryption method was to reverse the phrase and add a 5 at the end of the phrase, your encryped password would be "god5". If someone entered in "god5" in a decryption program for that method, the program would tell them that the original word was "dog".

 

Q: What does this mean for other sites I use that password on?

A: He does not have your username, only the email address you registered with. The worst case scenario is that he has your email address and the password you used on the forum, in which case the only sites that could be affected are the ones that use those email addresses with your password. Change your password at all sites with this email address and password, and you will be fine. The best case scenario is that all he can do is attempt to use your account to login to the forum and try to hack it again.

 

If you use Paypal or eBay with the same email address and password, I strongly recommend you change your passwords there as well -- it is ALWAYS better to be safe than to be sorry.

 

Q: Was that a virus or what?

A: On our end, it was not technically a virus, or a trojan -- after gaining administrative access to the forum (but not our server), he installed an advertisement/malicious spyware in one of the skins.

 

I use Firefox, have a variety of pop up/pop under blockers (one of which blocks all iframes from domains other than the one you want to be on), and use skin that was not affected, so I did not get a chance to see what exactly they were doing outside of what they did to the forum. BUT, the redirection may have been a trojan.

 

 

If you have any additional questions, please ask them in this topic.

Yesterday, around 11am (CST), we managed to fill up the part of the hard drive that holds the database. Whoops! We had our tech people move things around, and now we've got 10x more space over in that drive (which should be good for a few more years, anyway).

 

But as a result of filling up the hard drive, our tables corrupted like whoa (sessions, posts, topics, and the two PM-related tables). BEFORE we realized we had filled that part of the hard drive, repairs were made, and in the repairs, the topics data was lost, so we had to restore it from our backup.

 

The three topics that would have been lost were manually recovered, so in the end, nothing was actually lost (yay!).

 

 

In other forum-size news, we're about 500 posts from hitting 500,000!

Starting today, we are handling price cap violations slightly differently. We have found that with over 70 price cap violations to date, it's harder to track the way we have been doing, and many violations have been going unmarked. These changes are not very different from our current policy, except that we now use the warning system to keep records of previous price cap violations.

 

Even after 90 days, price cap violation warnings will remain in the warning log for moderator records, but they will not affect your warning level after 90 days. Warnings for things other than price cap violations (such as for duplicate topic) will NOT affect your access to the swaps forum.

• First price cap violation: After the first price cap violation, a reminder will be issued.
   
  
• Second price cap violation: After the second price cap violation, a warning will be issued. This warning will NOT be reversed upon fixing the violations.
   
  
• Third price cap violation: After the third price cap violation, the individual will be suspended from the swaps are for two months. A warning will be issued.
   
  
• Fourth price cap violation: After the fourth price cap violation, the individual will be permanently suspended from the swaps. No warning because they can't commit the offense any more.
  

Since Decant This pro-actively deals with the pricing issues (eg, the pre-approval of all threads), it will NOT be affected by this. Swaps, For Sale, and Wanted WILL be.

 

 

Over the next two weeks, we will be retroactively adding warnings to the warn log for price cap violations. Warnings over 90 days old will be neutralized after we add in all of the price caps, but you may see a temporary rise in your warning level.

We've been getting complaints from people who are being contacted for swaps that are in the Dead Swaps Cemetery section of the forum.

 

Please do not contact anyone about the swaps offered in those posts or report posts for moderator activity. The area consists of DEAD Swaps, the swaps that have been completed or had no activity for more than six weeks. That's why it's in the read-only archive and NOT in the appropriate swap forum.

 

We've added a reminder in the "Attention: This section is read only" that appears on every page within the Forum Archives to not contact people about swaps in the Dead Swap Cemetery.

The Lab has never expressed the desire to have GCs to me while we have discussed various things that they wanted with the shopping cart. Scent recommendations, wish lists, search engine integration with impulse links, yes.... GCs, no.

i won't have time to fix the menu or update the db until about about may 12th (when i'm done with school... at least for three days). right now, i've got 3 weeks of class plus finals left, but that's not so much the problem as everything else i have to do (i've got a big national licensing exam on the 22nd, i'm running my office solo for 2 weeks starting the 24th, and that brings us to finals week )

 

regarding the 4 letter thing: it's something i can't fix without completely rewriting how it does the boolean searches. i tried to do it other ways, but this was the only way that worked consistently.

First off, I want to thank all of you for your generosity. Despite being down most of the month (even as I write this, due to my admin powers), we've managed to nearly meet our amended goal - $7,581! By the time you see this, we will have installed the majority of the updates that YOU, yes, YOU, helped us get -- our shiny dedicated server, our status blog, our new image gallery, our pretty blogs, everyone's favorite java-based chat room, and the upcoming swap feedback and link exchange!

 

It gave me chills (and panics at the tax implications ) when I saw that we'd nearly raised our original goal of $4,500 in 24 hours. That's ... wow ... it still amazes me, a month later. I mean, I've seen the generousity to help others come out in the past - last year's charity raffle, the efforts earlier this year to help fulfill a dream, but I think this one's affected me the most because of how swiftly our original goal was met, and again as I was reading the sweet comments that people added -- including those from people who aren't even members, but thought we were useful to their BPAL decisions.

 

 

 

Anyways ... onto what I really meant to talk about:

 

As of today (roughly 3am, 3/19), I will have the last chunk of PM box upgrades through 7pm 3/18. I plan on doing additional upgrades for future orders on next Saturday (3/25) and the Saturday after that. If you notice that your PM box is wrong (too high/too long), please wait until after I've announced that all of the PM box upgrades are done to PM me, because it could be that you're eligible for an upgrade for purchases made after my last update.

Since it's on the raffle, I thought I'd tease y'all a bit with my thoughts on one or two of the prototypes

When I first opened the bottle, I was a little disappointed because all I could smell was a dusty earth scent - more like Zombi or Seance's dusty earth than Graveyard Dirt.

But whoa mama, once it had a warm up (before it was even dry!), it was a whole nother scent. Instead of the dusty earth, it was this gorgeous incensey, spicy scent with just enough earthiness to keep it grounded, and it got better and better as the day went on.

It's probably my favorite prototype, and I hope it goes up because I'm almost halfway through the bottle already

EDIT: Moved from Unreleased to Rappaccini's Garden, added description. --Shollin

Since it's on the raffle, I thought I'd tease y'all a bit with my thoughts on one or two of the prototypes


Black Lily... if you love the scent of lily - not necessarily the scent of lily on you, but the scent of the flower - this is a great scent. I don't think I've tried a scent that was as true to the lily smell as this. Lily tends to get funky on me, but this one doesn't - it still smells like a lily.

Sadly, though, I'm not really a huge fan of the smell of lilies, so the fact that it doesn't do that lily thang isn't necessarily a good thing for me. But, for those of you who DO adore the smell of lily and get disappointed when it gets funky on your skin, this may just be a lily that works for you!

Images in your signature and avatar should be work-safe as a common courtesy:

• not everyone has the same comfort level as far as nudity goes.
  
• many forumites have small children and may not want to unintentionally expose them to such images.
  
• many *more* forumites do occasionally check into the forum at work (where it may be considered porn).
  
• there have been some complaints about some of the more explicit scent icons/avatars for Smut.
  

For the same reasons that we request/require NWS/NSFW tags be put up in topics that aren't obviously not work safe, we request/require your avatars and signature images also be work safe.

 

It's just common courtesy.

 

People with avatars and signature images that aren't work safe will have them removed if they are reported to us (either via PM or via the report button). If they are returned after removal, a warning may be issued.

Normally, I don't announce forum creation, but since this one is basically a forum mini-con hijack of another con ... I thought I would. We started it to make it easier to do any plans - roommate requests/housing comments were getting lost, as were attempts to actually make plans.

 

So, now there's a place for it. Feel free to start up new threads.

 

One word of note, I don't know what we'll do with the forum after Convergence is over. It may be dumped in the archive, or we may toss all Convergence talk into a general thread in BPAL Chatter and then all meetup-during-Convegence talk into the Meet n Greet area.

The search engine will be down for a few days while I go and do some long-needed updates (no, nothing exciting like the TAL site -- boring stuff like double checking which ones are listed as feminine/masculine/gender neutral and d/c stuff is marked as d/c, changing how it stores moods/scent families and making sure it's all ready for being dumped into the shopping cart's database, etc).

 

The secondmost time consuming part - making sure that everything's entered in - is almost done.

 

Once it is done, the search engine will go back up, using the other database.

 

 

You will note that some things will no longer be in there, namely:

* Up and Coming, because the menu on the cart is automatically generated. There were only 2-3 of these left, anyways.

* TALs, because some time after the cart is live, we'll be putting the TAL site up. For legality reasons, the TAL site is completely separate from the BPAL site (just as BPTP is and will be completely separate from the BPAL site). There is no timeline for when the TALs will go up, or at least none that I have heard.

* Carrier Oils, because they're no longer offered & haven't been for quite some time

* Forum-only Oils, because the search engine will be hiding them as they'll now be listed as Forum-only.

Just a reminder: this still applies.

it's a very green scent - all bamboo and tea when wet. like most teas, the tea starts disappearing when it dries, and it ends up being a yummy green/woody scent. it's perfect work scent.

use paypal for your order instead?

I agree! and of the two or three times I've had to email the lab it was my feck up not theirs!

i've been ordering regularly for about 27 months now, and only once (out of probably 18-20 orders, many of which were over $100 size-wise) have i had to contact them about problems -- twice if you count me bribing ted to separate my BPTP inquition + skellie order so my sister would have part of her pressie under the table.

you make me happy enough to explode on a regular basis

regarding the 'half filled 5ml', i know there was recently an issue with the bottle manufacturer & a handful of the bottles were not sealing properly once the cap was put on and this wasn't discovered until after the bottles went out. more than likely, that was one of those bottles, and the lab & tedwin have been great about sending out new bottles when this happens.