/operate/ - Endchan Operations

Let us know what's up

Boards | Catalog | Bottom

Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

FILE SUPPORT THREAD odilitime Board owner 01/23/2016 (Sat) 08:43:14 [Preview] No. 1017 [Reply]
What file types do we don't support that you would like us to add?

Making an official thread to keep on top of this better. Most of these are relatively easy to add.

I'm not quite sure why LynxChan has a filter on these. It maybe easy to start a list of what we don't want.


Here's the current list:

Message too long. Click here to view full text.

Edited last time by odilitime on 06/05/2016 (Sun) 10:44:34.
149 posts and 22 images omitted.

odilitime Board owner 02/20/2017 (Mon) 05:20:38 [Preview] No. 5707 del
1. correct

2. It's really hard to add backends options. We'll get there but still learning. Right now lazy-loading youtube embed works but the BO has to have link rewriting off. If you rewrite links, the youtube detector can't find it.

Anonymous 02/22/2017 (Wed) 02:42:03 [Preview] No. 5714 del
Embeds have been already implemented.
What are you talking about?

Anonymous 02/22/2017 (Wed) 02:45:54 [Preview] No. 5715 del

Sometimes when I paste a youtube html like that it does the spam filtration whack job on the URL, and denies the viewer embed link. What am I doing wrong or how did you do that?

Also I am on lo bandwidth, how come my webms sometimes just fade into space, talking <3 mb file I can't upload to the thread

Anonymous 02/22/2017 (Wed) 02:47:16 [Preview] No. 5716 del
If the board owner adds a filter that fucks it up, take to the board owner.

odilitime Board owner 02/22/2017 (Wed) 08:55:00 [Preview] No. 5718 del
I mean this
https://youtube.com/watch?v=JBIh26Jgtbg [Embed]

PSA: Block bypass has been enabled for some IPs Balrog Board volunteer 05/17/2016 (Tue) 14:23:15 [Preview] No. 4154 [Reply]
I found where that spam full of random garbage is coming from. It doesn't have any discernable pattern so we can't use the autoban addon to remove it, but it's all coming from the same /24 range of IPs in Russia so we can just rangeban it. The problem is that Lynxchan currently only does /16 rangebans, which would result in substantial collateral damage. To counter this I'm enabling the block bypass function.

If you are rangebanned, you can use the block bypass function to solve a CAPTCHA and bypass the rangeban. This requires your browser to store a "bypass" cookie. No CAPTCHA will be required to post if your IP has not been subject to a rangeban. Block bypasses last for 24 hours or 50 posts.

I've already asked StephenLynx about adding a second, smaller rangeban level.
18 posts omitted.

odilitime 01/24/2017 (Tue) 00:50:27 [Preview] No. 5635 del
I haven't applied the fix to EndChan yet

Anonymous 01/24/2017 (Tue) 00:53:45 [Preview] No. 5636 del
I figured it was the same error that you get on 8ch when it says "invalid referrer". Thanks for looking into it though this is wonderful.

Anonymous 01/25/2017 (Wed) 18:12:29 [Preview] No. 5642 del
>I don't want to copy every outside url manually to open them.
The latest Tor browser update is for you:
>Tor Browser 6.5 -- January 24 2017
> * Bug 17334: Spoof referrer when leaving a .onion domain
Allowing referrers on per-site basis is a bit harder to do. You still need to use about:config and manually set it, post somewhere and set it back when you are done.

>Yes, that's an antispam measure, so it has benefits.
Well, it worth just as much as relying on the browser's user-agent for anti-spam. Nothing. Even the most simple spambots include referrer spoofing. And when referrers are used for "security purpose" (like at Webfaction), I become so confused: I don't know whether I should cry or laugh.

odilitime 01/28/2017 (Sat) 02:02:48 [Preview] No. 5643 del
fix has been applied

>it worth just as much as relying on the browser's user-agent
it's more like, if it stops one piece of spam, it's worth implementing

Czwarty 02/21/2017 (Tue) 19:34:56 [Preview] No. 5713 del
there's more spam incoming lately. I don't know if it's just some bored scamdude (only one post appearing in latest thread on my board in random time with big intervals) or shitty spambot. Leaving the post for you and the link he gave (added xxx among numbers there, if you remove it you will get actual link) - don't know if it will be of any use for you but whatever


odilitime Board owner 09/08/2016 (Thu) 05:12:04 [Preview] No. 4983 [Reply]
I had a development server breached that I had an old development copy of the Endchan database (without media).

All users are advised to change their passwords ASAP.

Development server was breached used an redis/ssh exploit. Redis was installed and usually ran as a user but recently doing some development work, I accidentally started it up as root to look something up and left it running. Redis then can write to your ssh keys and insert unwanted keys and allow root access. All files in /root and /home were removed and a note was left:

>Hi, please view here: http://pastebin.com/raw/vadfLyDS for information on how to obtain your files!

Luckily I have bandwidth logs on that box and I can see there was nothing transferred out of the box. So my guess is they just deleted the files. The nature in which they left the machine leads me to believe this was an automated attack (plenty of other meaningful data directories were left alone).

The copy of Endchan's data is left untouched on this development server. However the dump that was used to transfer the copy was still likely in the /root directory that was deleted. I will get the date of the data copy as soon as I can do some data recovery on that machine, I estimated the copy to be an early 2016 Q2 dump. This server is now offline.

At Endchan, we want to be as transparent as we possibly can and even though we do not believe anything was leaked, we cannot rule out nothing happen with 100%. And even if we could be certain that nothing was at risk, we still want to report anything of this nature to our users.

I fucked up, I'm sorry for any troubles this may and has caused any of you.

Please let us know any questions you may have.
12 posts and 4 images omitted.

Anonymous 11/29/2016 (Tue) 09:52:50 [Preview] No. 5343 del
Why is/was your development/test server accessible online? Can't keep >>4986 over this mishap. Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers?
>crazy NSA shit transmitting the data offsite without the transmission being logged by the external monitoring equipment; not likely) than anything else.
Highly possible with state actor attacks we've seen as of late.

Leaking PizzaGate really did a number, worldwide.
You do still have a copy of that old DB, right?

odilitime Board owner 11/29/2016 (Tue) 11:16:02 [Preview] No. 5344 del
>Why is/was your development/test server accessible online?
because we needed public testers.

>Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers
Not sure how to figure that out, let me talk with Lynx.

>You do still have a copy of that old DB, right?
No I don't.

Anonymous 11/29/2016 (Tue) 23:46:32 [Preview] No. 5380 del
Then make a mock test site, not a duplicate, yesh.
>No I don't.
This is bad. M8, when you can, study up on Sysadmin. Rule 37 of "After an attack" is to keep an archive of the exploit. You want to retrospect on how malicious attacks are growing, so you proactively scope those vulnerabilities.

odilitime Board owner 12/06/2016 (Tue) 01:38:31 [Preview] No. 5428 del
>make a mock test site
That's what this was. What's the point of the test if you aren't testing real data. Very few have a budget to generate similar but different data.
But you're right in the sense that we did need every users' account on the dev server. That could have and should been cleaned out more.

>keep an archive of the exploit
generally a good rule. I have a large archive of them, however the size of this development server was too large. I did a thorough analysis and deleted it. The vulnerability was easy to figure out and very popular, so there was plenty of documentation on it. In this specific case the storage costs outweighed the value.

Anonymous 12/07/2016 (Wed) 18:30:32 [Preview] No. 5430 del
As long as you archive and properly mock the test server from hither on, you will form a basis to document changes dependent on the master branch. Usually it is cheaper to VPN the server in a locked virtual environment, so you see a full scope of the system. Vulnerabilities are getting scarier and efficient, thanks in part to manufacturers leaving vulnerabilities in the hardware/UEFI/BIOS/firmware. Right now, the biggest threat are GPUs with DMA and their undocumentation: enormous processing power that when clustered, can replicate innumerable vulnerabilities in one machine before the next cycle hits the CPU to address the bus.

Misc. Anonymous 02/23/2017 (Thu) 07:33:28 [Preview] No. 5720 [Reply]
Howdy fambinos

Any way we can increase the character limit used for flags? The current limit (16) is barely large enough for a relatively normal name like 'Michael Jordan' let alone enough to submit some of our gag flags like...

Person of Interest - NHP - Yakub the Evil Black Scientist Who Lived 6,600 Years Ago and Created the White Race Through a Selective Breeding Process Known as 'Grafting'

I don't know what the formal limit of flag files is either as it doesn't say, but I currently have close to 700 of them and they're all very dear to our community so something to keep in mind.

Also it would be nice if we could embed off site videos hosted on youtube, liveleak, dailymotion, vimeo etc. into the post itself like 8chan. Of course you can just post urls in the post's comment body itself, but embedding is a nice feature that gives the post a contextual visual to accompany it, gnomesaiyan?

https://youtube.com/watch?v=vg14HPuXLOU [Embed]

Anonymous 02/23/2017 (Thu) 07:36:56 [Preview] No. 5721 del
...and by "embed off site videos" I meant in place of an image if you know what I'm talmbout

odilitime Board owner 02/23/2017 (Thu) 10:29:20 [Preview] No. 5722 del
Thank you for a sample. Flags name length increasted to 256 characters.

Well, I just feel a big image in the middle of a text post would just cause a problem. And we can't put it in the media slot... well maybe we can, I'll look into it.

OP @Work 02/23/2017 (Thu) 16:23:55 [Preview] No. 5723 del
(212.04 KB 1471x927 Untitled-1.jpg)
>Well, I just feel a big image in the middle of a text post would just cause a problem.

Basically what happens on 8chan if you embed a video it precludes any images being posted, it isn't placed in the middle of the post in the text, rather off to the side in the same manner an image is.

>And we can't put it in the media slot... well maybe we can, I'll look into it.

Consider doing a little digging into 8chan/vichan's code-I don't imagine it's all that hard. While I'm a layman so take my guess with a grain of salt I would assume it's just an 'IF' statement that swaps the <div> that normally displays image(s) at variable dimensions with a <div> that displays an embedded youtube video with static dimensions.

https://youtube.com/watch?v=NAS70o1sLRI [Embed]

odilitime Board owner 02/16/2017 (Thu) 15:22:54 [Preview] No. 5684 [Reply]
working with a developer from /librejp/, we'll made some minor adjustments on page loading and refresh. We're trying to:
1. Make sure freshly added posts at the bottom of the page have all the same bells as whistles at the posts that were there when the page loaded
2. Cut down on browser stalls when processing large pages

Let me know if you notice anything better or worse.
7 posts and 1 image omitted.

to_sha_ki#+NqD6W 02/19/2017 (Sun) 12:28:38 [Preview] No. 5702 del
I localized day-of-week expression.

[Hide User Posts] is duplicated.
hookShowHideUi is called from thread.js/refreshCallback and showHide.js .

rather than code change to detect duplicates,
I think that it is better to shift to the method of hooking to addPost .

odilitime Board owner 02/20/2017 (Mon) 05:16:42 [Preview] No. 5706 del
Thanks again! Applied.

>[Hide User Posts] is duplicated.
Oh didn't know. Good catch.

>I think that it is better to shift to the method of hooking to addPost .
but the initial pageload wouldn't be covered would it?
Either way it needs to be rewritten.

Hey here's a feature I'd really like. 8ch.net has the ability to screenshot a page. I'd really like that for EndChan. I've made something before but my time is best spent on fixing bugs. I also have to fix the unban system apparently.
Edited last time by odilitime on 02/20/2017 (Mon) 06:43:43.

to_sha_ki#+NqD6W 02/20/2017 (Mon) 14:27:48 [Preview] No. 5710 del

>but the initial pageload wouldn't be covered would it?
my description was insufficient.
I said shift from "hooking to refreshCallback" to "hooking to addPost".
write a new function that receive a postCell, and add it to the bottom of addPost.
to leave hookShowHideUi call on page loading.

>Hey here's a feature I'd really like. 8ch.net has the ability to screenshot a page. I'd really like that for EndChan. I've made something before but my time is best spent on fixing bugs. I also have to fix the unban system apparently.
would you like to reflect endchan server's front-end files and back-end files to the repository?
(Several files in the repository look old)
I want to see the bug.

I found this. but I have never used it yet.

to_sha_ki#+NqD6W 02/20/2017 (Mon) 15:30:50 [Preview] No. 5712 del
(24.60 KB 408x234 code.png)
I just confirmed that html2canvas can work.
I will not proceed with this, I will write each hook for addPost.

to_sha_ki#+NqD6W 02/22/2017 (Wed) 10:31:31 [Preview] No. 5719 del
I changed not to use updateTimes() and hookShowHideUi()

refreshCallback calls addPost and
addPost calls processPostCell and
processPostCell calls adjustPostTime and applyShowHidePost

adjustPostTime() is a substitue for updateTimes()
applyShowHidePost() is a substitue for hookShowHideUi()

new postCell to be added newly will be processed individually.
processes only postCell to be newly added to page.

endchan.i2p is down Anonymous 02/20/2017 (Mon) 14:46:10 [Preview] No. 5711 [Reply]

odilitime Board owner 02/22/2017 (Wed) 08:53:44 [Preview] No. 5717 del
restarted. let me know if that didn't fix it.

Anonymous 02/19/2017 (Sun) 23:52:41 [Preview] No. 5703 [Reply]
nCo of /intr/ here, why are you trying to kill /intr/ by making sure we have 0 UIPS?

Anonymous 02/20/2017 (Mon) 01:01:36 [Preview] No. 5704 del
jews control endchan and the software is shit

come home son https://nntpchan.info/

Anonymous 02/20/2017 (Mon) 01:03:37 [Preview] No. 5705 del

If so I am beating the crap out those other Jews over there, with it.

but hmm whatever. Jews you say?

odilitime Board owner 02/20/2017 (Mon) 05:22:11 [Preview] No. 5708 del
from boards.js at the bottom:
>* this the total number of posts for the previous hour and is only updated once every hour.
>** this also included deleted posts
>*** Board are sorted by Unique IPs over the previous day (not 3 days) and then PPH and because of that, this is only updated once every 24 hours and does not include tor or transparent proxy users.

Anonymous 02/20/2017 (Mon) 05:38:50 [Preview] No. 5709 del
do u expect me to read all that?

(5.71 MB 10000x1807 447.jpg)
odilitime Board owner 10/04/2016 (Tue) 04:12:12 [Preview] No. 5024 [Reply]
Server provider has almost doubled their price on us. They're now asking $115/mo instead of $66/mo. I'm of half a mind to tell them to fuck off but they are one of the few providers that protects free speech.

So I'll throw it out to our users, should we stay or should we go? If stay, we'll have to raise more donations. If leave, we'll have to find a provider that protects free speech. We may end up paying the same costs.

I'm communicating with them now to see if a slower/less expensive server is available.

Luckily, we'll have under January 1st until we have to pay the new bill, though if we want to move, we'll have to purchase something and do so before then.

Since this is a community focused board and funded, we want you to help us make the ultimate decision.

This does not mean we're going offline at all. The worst case is we might get a little slower than usual.

I think it's also safe to say, if anyone wants to come onboard and replace SnakeDude as an owner of EndChan and shoulder the financial burden, Balrog and I would be happy to discuss that at this point. Please use the contact link to reach out to us.
62 posts and 30 images omitted.

Anonymous 10/25/2016 (Tue) 15:23:49 [Preview] No. 5214 del
1TB storage for $35? What?

Anonymous 10/27/2016 (Thu) 14:24:50 [Preview] No. 5216 del
>This is the universe and you are worried about a fucking planet.
A fucking planet eh?
First and foremost it's a symbolic representation so it doesn't actually have to point to physical astronomical object known as Saturn, presuming such an object exists as defined.
There should still be a thread on, unfortunately rulecucked, /x/. Later it got coopted by circlefag turning it into his blog but the first half or so is still fine.
Let this be an introduction to what saturn might be.
If you ever bother to dig around the symbolism saturn ties so many loose ends and trails it's astonishing.

>there would be something not as finite as the end of the world
But 'end of the world' kinda exists in several prominent and mystery school influenced cultures around the world. However when they say "end" they also mean "beginning" because in their understanding of time it's the same point therefore infinite.

>I think god has a hand in all of our lives and I do not feel there is the darkness that is in the gateway logo
It's not something to be 'felt' like eerie presence intangible to bodily senses. It's something to be learned and understood based upon examples upon examples of use, like a language (because it is a language).

>We are cattle and jews call cattle goyim
I tried to find a source for that, I failed. Searching around I found that the meaning of word goyim is "nations". Maybe it's used as derogatory but I haven't seen anything that relates goy as a word directly to cattle, maybe due to some omission on my part but still.

Anonymous 10/29/2016 (Sat) 03:32:17 [Preview] No. 5218 del
Make your own damn board :^)

sage Anonymous 11/11/2016 (Fri) 13:05:29 [Preview] No. 5229 del
Gotta love how most of the chan doesn't have any mods and basically every thread gets derailed with "masonry claims" :^)

sage sage 12/20/2016 (Tue) 13:46:42 [Preview] No. 5465 del
(139.71 KB 719x421 1354497226922.png)
I too visit imageboads because of their renowned ability to keep the thread on topic through strict moderation. Also fuck this sage shit, it's so tedious to keep in mind where to put 'sage' in, they should just add downvote option to tick, like spoiler, amrite?

Bugs Anonymous 06/18/2016 (Sat) 18:22:12 [Preview] No. 4605 [Reply]
Gif upload was stuck at 99% so I refreshed the page and post got uploaded without the file. Then I posted the file again but it didn't show as evidenced by the picture. However I noticed in thread index that the file actually got uploaded the second time.
Refreshing fixed it but just letting you know.
18 posts and 5 images omitted.

Anonymous 02/17/2017 (Fri) 21:10:51 [Preview] No. 5688 del
(113.09 KB 696x779 1370181354441.jpg)
But not anything else
wait a sec...
>non-faggot post noumbers

Anonymous 02/17/2017 (Fri) 21:15:28 [Preview] No. 5689 del
Anyway posts before today excluding OP posts appear unlinkable - or at least that's what I thought but upon accessing the thread again I can't even link previously linkable posts (automatically - links work after entering post noumber after >> manually).

Anonymous 02/18/2017 (Sat) 11:21:47 [Preview] No. 5692 del
hrm I think rerunning the quote processing on quoteLink is breaking quickreply... we'll need to hook in quick reply hooks on each refresh

odilitime Board owner 02/18/2017 (Sat) 11:26:44 [Preview] No. 5694 del
all fixed.

Anonymous 02/18/2017 (Sat) 17:25:41 [Preview] No. 5698 del
(89.16 KB 1280x720 1352770921914.jpg)
seems like it

(103.14 KB 907x718 wew.jpg)
Server running on FreeBSD? Anonymous 02/14/2017 (Tue) 21:56:38 [Preview] No. 5682 [Reply]
Hey Odill, I see you're running on nginx (Ubuntu) but what are your thoughts running on FreeBSD? it's more faster and secure.
The longest uptime ever recorded for an actively used server was on a FreeBSD machine that ran a NetWare server, which was up for 18.6 years before it was taken down when its hardware finally failed. Compare this to the longest uptime for a Linux machine: roughly 6 years
See https://archive.is/sre09

odilitime Board owner 02/15/2017 (Wed) 07:23:27 [Preview] No. 5683 del
I'm a big fan of FreeBSD, used admin a lot of BSD boxes but Linux has much better database and virtualization now and BSD just hasn't caught up.