Advertise on Northwest Firearms
Low Price Guns
HighLine Firearms
J&B Firearm Sales
Simply Triggers
Buster Beaver Cerakote
Gun Deals
Defensive Arts
Oregon Rifleworks
Sporting Systems
Southwest Firearms
I can't speak for this site but SQL databases have a special data type for passwords that makes it very difficult for administrators (in this context, people with Administrator access) to see your password. They can change it, but usually not see it.
Depends on the code base. I haven't seen uncrypted passwords in a long time (i.e. since 2004), but I've seen variations in programs where the passwords are encoded with a weak hash that's pretty easy to crack. One would expect, but it's always better to be safe than sorry. Where before all my passwords for social sites were the same, now all the passwords are different and more complex.
And for that, I can thank the moderator who was hacked for getting me off my lazy arse and changing all my passwords.... :s0155:
 

TTSX

Messages
3,040
Reactions
6,748
oh no a $5 fee. Heaven forbid I pay $5 for a convenient service on top of the $400+ I'm already spending. How will I buy my extra supersize big mackdaddy burger meal at McDiabetic's, now.....?
 
Messages
25,128
Reactions
60,468
Depends on the code base. I haven't seen uncrypted passwords in a long time (i.e. since 2004), but I've seen variations in programs where the passwords are encoded with a weak hash that's pretty easy to crack. One would expect, but it's always better to be safe than sorry. Where before all my passwords for social sites were the same, now all the passwords are different and more complex.
And for that, I can thank the moderator who was hacked for getting me off my lazy arse and changing all my passwords.... :s0155:
The software I used to work on had crap for security on passwords, front to back, in the DB, all over the place. That was just one of a myriad of bad code practices throughout the software. Definitely amateur hour.

OTOH, this wasn't public facing software - it was in house software that only our dealers used & had access to.

Most software that uses web services and is written with best practices, does not give users, not even admins, access to the persistence store - it is only accessible to the services and DB admins, requiring different access routes/permissions/credentials.
 
The software I used to work on had crap for security on passwords, front to back, in the DB, all over the place. That was just one of a myriad of bad code practices throughout the software. Definitely amateur hour.

OTOH, this wasn't public facing software - it was in house software that only our dealers used & had access to.

Most software that uses web services and is written with best practices, does not give users, not even admins, access to the persistence store - it is only accessible to the services and DB admins, requiring different access routes/permissions/credentials.
Funny you should write that - the last place I saw poor security was at the Black Bunker on Swan Island, in line of sight of Montgomery Park where IT sat. sa was still accessible then. Went from MSSQL there to an Oracle V13i system, which felt like going from a sand trap on a putting green to the moat around an impenetrable fortress.
 
Messages
9,700
Reactions
20,444
Funny you should write that - the last place I saw poor security was at the Black Bunker on Swan Island, in line of sight of Montgomery Park where IT sat. sa was still accessible then. Went from MSSQL there to an Oracle V13i system, which felt like going from a sand trap on a putting green to the moat around an impenetrable fortress.
MS SQL Server is very secure when configured properly. It's just the default settings that are atrocious. :D
 
MS SQL Server is very secure when configured properly. It's just the default settings that are atrocious. :D
Not 18 years ago.... It's default settings were atrocious then, and its security was also easily defeated. Back then, poorly written web apps that used PHP could cause a buffer overflow that gave you sa access (again if not well configured). I used Java, which I understand had its own weaknesses.
Edit to add: ain't arguing with you -- security is one of those things where ignorance can be hell.
2nd Edit - there were also a crap-ton of zero-day exploits then being utilized on Windows and in SQL Server. They've cleaned up their act exponentially since then.
I think McAfee's debacle back in 2009 was a security wake up to software firms who witnessed Mc's cratering in the months that followed.
 
Messages
644
Reactions
1,278
I have gotten to the point where I only buy FTF, or from reputable online retailers even if I pay a bit more. Too much BS, and it’s getting harder to recognize. As the saying goes, “if a deal seems too good to be true, it probably is”…
 
Messages
25,128
Reactions
60,468
It is mostly the app/service code devs who ignore well known and long held best practices for developing code and configuring systems that are responsible for security holes. Due diligence and caring about your craft/job are still required as part of the profession.

When you have a s/w dev team and IT staff that don't have much skin in the game, and don't care about their work, and/or you have management who doesn't care about quality, only arbitrary deadlines with no rhyme or reason beyond looking good to their bosses, then you get crappy, buggy, poorly written, poorly tested and insecure code that is hard to maintain. On top of that, a LOT of turnover - just makes it so the people who wrote the crap code are not held accountable.

I worked hard for my employer/client for 9 years to improve the software, advocating for improvements in the code and the practices. What did I get? I got a phone call telling me I was laid off - no notice. I had a few hours to return the laptop and clean out my desk. No recognition, no thank you, no severance, no notice (that they required of me - written policy was to give them 2 weeks notice if I quit). A LOT of people got laid off in a similar fashion that day.

Sorry, but the client really didn't and still does not care about s/w quality, at least not in any of the codebases I was exposed to. Maybe some of the others - they had/have a LOT of software that they develop in house, and I suppose some of those dev teams actually managed to output decent to good code, but it wasn't because the client in general wanted it that way.
 
Messages
9,700
Reactions
20,444
It is mostly the app/service code devs who ignore well known and long held best practices for developing code and configuring systems that are responsible for security holes. Due diligence and caring about your craft/job are still required as part of the profession.

When you have a s/w dev team and IT staff that don't have much skin in the game, and don't care about their work, and/or you have management who doesn't care about quality, only arbitrary deadlines with no rhyme or reason beyond looking good to their bosses, then you get crappy, buggy, poorly written, poorly tested and insecure code that is hard to maintain. On top of that, a LOT of turnover - just makes it so the people who wrote the crap code are not held accountable.

I worked hard for my employer/client for 9 years to improve the software, advocating for improvements in the code and the practices. What did I get? I got a phone call telling me I was laid off - no notice. I had a few hours to return the laptop and clean out my desk. No recognition, no thank you, no severance, no notice (that they required of me - written policy was to give them 2 weeks notice if I quit). A LOT of people got laid off in a similar fashion that day.

Sorry, but the client really didn't and still does not care about s/w quality, at least not in any of the codebases I was exposed to. Maybe some of the others - they had/have a LOT of software that they develop in house, and I suppose some of those dev teams actually managed to output decent to good code, but it wasn't because the client in general wanted it that way.
No argument here. I've worked on some teams that were well oiled machines and others that were like Black Friday at Kmart. I've shipped some really cool stuff and had projects cancelled 6 months after I started them. "Archive your code and start studying this new technology. We have a planning meeting tomorrow." :rolleyes: I've worked with people so fiercely intelligent and talented it was almost disturbing to watch them work and with people so inept I wouldn't let them water my plants. I blame leadership because I rarely take a leadership role in this industry. :D TBF I already have the ulcer and don't need to egg it on any.
 
Messages
88
Reactions
51
I apologize up front if I'm way off base here. I had a deal finalized, but now the seller won't respond and the thread is "locked".

This evening I saw an ad for a Trijicon MRO for $275 shipped. Seemed like a very good deal. The seller had lots of posts, and 14 positive feedback. I PM'd him that I'd take it and asked for his paypal address. First, the seller responds "great", but requests the wrong dollar amount. Second response says "Sory" and asks for the correct dollar amount. I respond "great" and again ask for the paypal address. The seller responds with an address. I actually put the address into paypal and was ready to "send" when it says it will cost me $4.99 to send the funds. I think, "that's weird" and whatever method I tried, it says it'll cost $4.99 and there may be "foreign taxes" involved. I then ask the seller to double check the paypal address. Seller replies "Yes that is right. My Paypal address charges 4.99 fee due to tax deduction. Please send." I ask if this is a non-US paypal account, that I read that the $4.99 charge is for foreign accounts. Then there is no response to my multiple PMs and now the thread is locked?

Did I almost get scammed or was it sold to another interested guy even though I was THIS close to sending the money thru paypal?

I'm not out any money, I just don't understand what happened? Again I apologize if I'm way off base, but it sure seems fishy to me...

Yooooo.
Those are my pictures!
I sold this a few months ago!!
This is actually an MRO HD

here’s my link

https://www.northwestfirearms.com/threads/trijicon-mro-hd-price-lowered-sold.375661/

The mount itself costs about as much as the whole price.

The optic itself is 600$
That should’ve been a red flag
 
Last Edited:

uberguy

Messages
752
Reactions
1,598
I don’t believe that’s correct, unless people fibbed to me about having to pay the fee. Tell you what let’s test it, I have several items that you could purchase; go ahead and contact me and you can buy something and you can tell me whether they try to charge you a fee…. :s0056:
I've had a PP account for 20 years, used mostly for eBay but have done multiple F&F, never had to pay any fee.
No credit card involved.
 

RobMa

Messages
1,340
Reactions
1,520
I've had a PP account for 20 years, used mostly for eBay but have done multiple F&F, never had to pay any fee.
No credit card involved.
No cc, that is probably why no fee. They did recently make the the other option G&S to have a non refundable fee for the receiver of the funds so if I were to return money on a G&S transaction the payer would get all their money but they would charge me the fee anyway. This was several months ago and it really pissed a lot of people off but their response was "You can delete your accounts and use a different service" I shi_ you not; they told people that complained a retort like that...
 
Last Edited:
Happened to me to and a Moderator on here was in on it and tried to play, oops I can’t accept funds because PayPal does not deal with firearm accounts, so send it again via Zelle.
And this was a Moderator on here and said he would have me banned if I did not send the money within 10 minutes.
That’s messed up NWFA
Simmer down buddy, you're one of the biggest scammers, flakes, and tire kickers here. I see you keep chalkin up those neg feedbacks. Have you figured out what "I'll take it" means yet or do you still ghost, back pedal, and lie to forum members about being a LEO when you get called out? I'm still trying to figure out how you still have classified privilege's. Oh wait I know the answer to that, you lied to mods about being a cop too. :rolleyes:
 
Last Edited:
Messages
25,128
Reactions
60,468
Dear Heretic and Flopsweat.

What do you use for your virus/malware/etc. protection? What brand name do you use in 2021?

Thank you.

Sincerely,

Cate
I use MacAfee because it came with the Windows laptop. I use Clam AV on my MacBook.

I do not rely on them much though. I rely a lot on not clicking on links in spam emails and being careful about what sites I visit. Most people who get into trouble are duped by social engineering. Some by porn sites.

I used to live in a duplex next to a lifelong friend. I would give him my old computers when I upgraded. Within a month or two he would be complaining about them being slow (even though they were faster than the computer he had before). I would go over and look at them and he would have 10 different virus checkers running, and 10 different add ons that he had downloaded, etc. - they would be clashing with each other - and often it was infected too. He would download and run whatever was sent to him in emails/etc.

I would clean it up, tell him not to do that and some months later repeat and rinse.

My mom would click on links in spam and chain letters sent to her, and send the stuff to me too. I kept warning her and my aunt not to do that. When I would visit her I would always have to "fix" her computer too.

I rarely have anything infect my computers - maybe once every couple of years if that.
 

RobMa

Messages
1,340
Reactions
1,520
I can fix all this distrust! all of you who feel unsafe buying things can go to my selling page on my profile and purchase something from me...
This way I can instill some hope in your hearts that not everyone here is gonna do you wrong... (insert shameful plug here!) :s0114:
 
I can fix all this distrust! all of you who feel unsafe buying things can go to my selling page on my profile and purchase something from me...
This way I can instill some hope in your hearts that not everyone here is gonna do you wrong... (insert shameful plug here!) :s0114:
You forgot to provide the shameful link (plug) above. 🤣
 

Flymph

Messages
6,153
Reactions
10,766
I agree somewhat with the recent post, although you shouldn’t be so overly cautious that you become paranoid :confused: about it, not everyone is a crook..
Not everyone is a crook, but every internet crook only accepts "non-recourse payment" methods, such as; paypal F&F, zelle, cashapp, money orders, ETC...

If their only acceptable form of payment is through one of these methods, i refuse to do business with them.
 
Copeland Custom Gunworks
Sporting Systems
Let Freedom Ring
Southwest Firearms
Cerberus Training Group
Advertise on Northwest Firearms

Upcoming Events

Oregon Arms Collectors September Show
Portland, OR
Rimfire Challenge Oct 9th @ DRRC
Eagle Creek, OR
Nrl22 at DRRC
Eagle Creek, OR

Latest Resource Reviews

New Classified Ads

Top