I believe he thought your underlining of the phrase "in this forum" may have actually linked to the compromised posts, instead of just underlining the phrase for emphasis.

Good call - yeah I'm not linking anything public to it. Just underlining for emphasis.

Judge Jude - I sent you a PM explaining how your onroto account was compromised

And for anyone else with an onroto account - based on their security model the "session_id" in onroto urls is basically your password. Guard it as such.

A simple way to observe that is that if you copy the onroto page URL for your team and open it in an incognito window, which doesn't have any of your login info or cookies, you still have full access to the site and can make changes for your team. So if someone else gets the URL, they can do whatever they want.

Completely agree, that's a garbage trade. Should be reversed.

If Ken agrees, then I feel pretty sure I was right.

Exactly right. And if you change your password, the link still works, so outside of creating a new account, once your session ID is in the wild, you are done for.

For added security bonuses:

If you choose forgot password, your login AND password are sent to you in one email.
The password is in plain text, meaning they don't store a hash of your password, they store it plain text - so whatever you do, do not use this password anywhere else, it is in the wild

Guard your userID too, if someone knows the ID you used to sign up with, they can login as you with some very basic understanding of low level decryption.

The other party agreed to reverse the trade.

How inexcusably reckless. I stopped bashing OnRoto at every opportunity awhile back, but they were awful to me. I had initially complained on opening day about the lack of a live scoreboard and after jerking us around for a week or so they just deleted the league without even letting me know! Thankfully, we had already set up a backup with CBS and averted a disaster but man am I glad we dumped them.

He sent a league wide note indicating that he purposely submitted a 'new' offer in order to have the option of going back to my original offer if his offer was declined.

I am not sure how I feel about this tactic.

I think given that he reversed the deal once you let him know you were unaware your offer was still out there, I'm fine with his tactic. I assume, given that he reversed the deal, that his intent was not to trick you, but to merely keep your offer available while making a counter, with the assumption you'd still want to do the deal you proposed. Of course, the amount of time passing, and player situations changing makes that assumption a charitable one, but given his reversal, I'll still give him the benefit of the doubt. And his actions exposed a flaw in the system, which is a good thing. So, no harm no foul.

I have done this via email, by saying something like, "well, would you do it this way?" and then, if the other person says no, i will sometimes then say "okay, I'll do the deal you proposed." I did recently have someone then say, no, I take back my offer, simply because I asked for another piece to be included. Since the whole exchange happened within a 24 hour period, I felt that was poor form on his part to take back his offer simply because I asked for more, but, of course, that is his prerogative, as it was yours to change your mind. But since, once he became aware you no longer wanted to do the deal, he gave you that right back, again, I'll assume, he merely wanted to be able to be able to accept a deal at his leisure that he thought you still wanted to do if/when he decided to do it.

I arrive home to find the commish decided to process the trade even after it was clearly settled as a no-go between the two teams involved.

This was on the message board:

I put the trade through because it was an offered trade that wasn't withdrawn and was accepted by a willing owner. Traders remorse is really no reason to reverse a trade.



Now, understand, this commish is new to the league this year but so far:

- processed his trade mid week even though we are a weekly transaction league

- refuses to drop bj upton even though he was never in the a.l. in 2017 (he was a mlb free agent picked in the reserve round who, post auction, signed in the n.l....thus, is suppose to be dropped immediately)

- didn't have accurate contract status on at least one player well after the dispersal draft, this caused me to make a trade I clearly would not have considering what the real contract was/is (oh, yeah...he was willing to reverse that trade after processing)

- was arrogant when I asked him, about a month into the season, to please update contracts so the same thing doesn't happen to a league member which happened to me (lots of 'minor' league contracts were now active mlb'ers)


Essentially, I replied on our message board a bunch of what you see in this post, suggestion he should get to it on reversing the ill-advised processed trade.




So, I wait for a response on the league message board. What do you think about all this ?

I think you either need a new Commish - or a new league.

but I'd play it out this year if possible, and being aware of the land mines that are set. see what happens in the offseason

I agree with Judge...that commish seems horrid. Of special concern are any shady moves that benefit him personally. I don't know how the league didn't go bananas over him keeping BJ Upton and him doing a trade mid-week. The other stuff is equally infuriating, but I am a tad more forgiving of incompetence than corruption.