Parallel Fractional Go Game 4

martin3141 · April 9, 2025, 1:30pm

Round 35

Game link

martin3141 · April 14, 2025, 7:37am

Reminder @benjito @A_Normal_Name

martin3141 · April 14, 2025, 5:34pm

Round 35

Game link

Gooplet · April 14, 2025, 7:02pm

i’m having a lot of trouble visually estimating who is ahead. one of our teams could be completely demolishing the other and i’d have no idea lol

martin3141 · April 20, 2025, 6:13am

Reminder @benjito @yebellz @fuseki3 @A_Normal_Name

yebellz · April 20, 2025, 11:06pm

Does anyone know how to reset the password on the Go Variants server?

benjito · April 20, 2025, 11:15pm

giphy

Annoying answer

Submit PR to implement a “forgot password?” button
Click the “forgot password?” button

More pragmatic answer

We have ability to kick users from games, so you could make a new account and re-join.

Jon_Ko · April 20, 2025, 11:34pm

Annoying answer for admins, who should have added a reset password feature

Or create a new user with the new password and ask someone with database access to copy the encrypted password to your old user (and delete the new one).

BHydden · April 20, 2025, 11:45pm

Should be impossible, if the passwords are salted as they should be.

benjito · April 21, 2025, 12:25am

You salt with user ID?

BHydden · April 21, 2025, 12:41am

Salting with just the user id is not advisable, but some sort of unique salt should be used. If two users with the same password get the same hash, you’re doing it wrong.

Feijoa · April 21, 2025, 1:00am

Normally isn’t the salt part of the encrypted password, so it can be copied around? Unix passwords work this way, for example.

benjito · April 21, 2025, 1:12am

Exactly this - assuming you haven’t permanently tied salt to a user somehow, it’s very possible for an admin to do what @Jon_Ko suggested.

I’m not really in favor of doing it, just wanted to point out, it is possible even with a standard security system.

BHydden · April 21, 2025, 3:44am

If two users can choose the same password, and the resulting password hash comes out the same for both, either there was no salt or the salt was pointless. Salt is meant to be unique per user so that the 30 people that all used password123 all still have unique hashes.

hoctaph · April 21, 2025, 4:05am

However, presumably one could copy over the salt too, not just the hash.

BHydden · April 21, 2025, 4:24am

Aaah yeah, that’s a good point. I forgot about that then yeah as long as it’s not set up in such a way that salt contains or checks itself against some other uuid such as username, then yeah copying salt and hash from one user to another should work, although definitely not advisable to make a habit of

martin3141 · April 21, 2025, 6:46am

For me the big hurdle with this feature is adding email notifications.

However implementing the following “workaround” would probably be doable currently:

make it so users can change their password while logged-in
make it so admins can set a new password for users (so they can send it to this person privately).

benjito · April 21, 2025, 11:21am

We could also allow admin to generate the “reset password” link for a user. That way, user doesnt need to reset password another time, and we’re a step closer to the legit email flow, even though we don’t have email.

yebellz · April 21, 2025, 11:31am

Ok, I am now yebellz2 on the GoVariants server. Could someone kick yebellz and I will rejoin as yebellz.

I’ll try to remember my password this time

benjito · April 21, 2025, 11:35am

Done!