/operate/ - Endchan Operations

Let us know what's up

Boards | Catalog | Bottom

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

(6.88 KB 222x222 NewFeatures-logo.png)
Realtime experiment odilitime Board owner 04/04/2017 (Tue) 16:53:25 [Preview] No. 5963 [Reply] [Last 50 Posts]
Just added a "realtime" checkbox to the thread page. This is an opt-in feature that lets you participate in seeing incoming posts (of other users that have opted-in) and broadcasts any post you draft as you make.

Thought I'd try this experiment out and see how it goes.
99 posts and 4 images omitted.

Anonymous 04/07/2017 (Fri) 02:16:56 [Preview] No. 6083 del

Anonymous 04/07/2017 (Fri) 02:22:09 [Preview] No. 6084 del
it's already delivered

Anonymous 04/07/2017 (Fri) 02:27:52 [Preview] No. 6085 del

I'm not a programmer but as I understood >>6071 was attacking the realtime thing
but it just hit the board as well, I am wrong?

I see no fix here: https://gitgud.io/InfinityNow/megud/commits/master

I would test it myself but I don't know how without being attacked...

Anonymous 04/07/2017 (Fri) 02:28:45 [Preview] No. 6086 del
Yea, I can confirm, it's not happening any more in the latest tor browser

Anonymous 04/07/2017 (Fri) 02:30:49 [Preview] No. 6087 del
it was but also the backend, because the bug was copied to the realtime area from the backend.

>I see no fix
correct, we haven't posted it there yet, we want to confirm it is fixed.

>I would test it myself
Me too, but the correct input isn't clear

Anonymous 04/06/2017 (Thu) 19:45:18 [Preview] No. 6060 [Reply] [Last 50 Posts]
What's with the login issues? I can't seem to access two of my accounts which are linked to a board. Pretty sure they weren't cracked, but I have no idea of what's going on. An answer or a password reset will be much appreciated.
5 posts omitted.

Anonymous 04/06/2017 (Thu) 21:46:38 [Preview] No. 6066 del
Im asking because the board doesn't appear in the new account. I don't want to bother, but this is a serious issue which could affect others as well

Anonymous 04/06/2017 (Thu) 21:50:15 [Preview] No. 6067 del
I just changed your password to "password1", it should be working now.

Anonymous 04/06/2017 (Thu) 21:53:03 [Preview] No. 6068 del
Internal server error, login failed. Let's just give up for now, I'll prepare a new account tomorrow and I'll text you on Twitter for the board assignment. Thanks for the help.

Anonymous 04/06/2017 (Thu) 21:56:23 [Preview] No. 6069 del
Original responder here.

In spite of the limitless potential for amusement afforded by this thread, I'm risking vertigo with all these flashbacks to the world of computer support requests from twenty five years ago. I'll just drop this here, knock it the fuck off, and go find something productive to do:


Dude, you are speaking to some random assholes (myself included) NOT to the site administration. Why don't you email the admins directory? At least wait for one to clearly identify himself and respond. Anything more you post here will only lead you to grief.

Good luck. Yer gonna need it.

Anonymous 04/06/2017 (Thu) 22:00:51 [Preview] No. 6070 del
>>6069 Rip, im texting them on Twitter. Wasn't really paying attention whether you were the admin or Not, the login fails got me hard.

New infrastructure ordered odilitime 03/08/2017 (Wed) 09:48:54 [Preview] No. 5773 [Reply] [Last 50 Posts]
After a long period researching a new host and waiting for the right inventory to become available. We have found one. We're getting the keys tomorrow. Our new set up is $100USD/mo, a little more than our old server but it's much better hardware (3 times the cpus and ram, double the disk space) and we believe this is a better arrangement moving forward.

This includes an $85USD/mo 12 cores (24 threads) of 2.6ghz and 2x2tb HDD set up (HW RAID) in RAID 1. It has 6 bays and it is rent/lease to own, which means after 12 months we can reduce our monthly cost. It'll be a little slower than what we're on now (3.5ghz) but service levels should be more consistent.

Then the remaining $15USD/mo. is a front end caching VPS with encrypted disks (root and swap). We will use this to hide our backend server better, prevent DDoS and help put the nail in Cloudflare's coffin.

We'll be migrating to these new servers over the next week. Please hang with us and let us know any problems you may have.

We rely on your donations to stay independent and have our own hardware. This is a first major step in improving our infrastructure and having a long term plan to ensure we'll be around when needed. While we have a couple months buffer, I'd like to ask if you like what we're doing, to see if you can help kick down some bitcoin to ensure our continued existence.

Edited last time by odilitime on 03/08/2017 (Wed) 09:55:58.
20 posts and 1 image omitted.

Anonymous 04/04/2017 (Tue) 11:15:52 [Preview] No. 5958 del

What happens if Balrog or Odili dies and the site crashes?

Anonymous 04/04/2017 (Tue) 16:27:55 [Preview] No. 5961 del

How will that help when the CPUs are backdoored? The crypto keys are stored XORd in ram. Intel management engine and AMD's trust zone etc let the women's christian temperance religion the entire world lives under now (ie: no female children as brides, good is what is good for women, men must have selfless love, not posessive love, etc: IE: Opposite of God of Deuteronomy etc: IE: Pro jesus/zoroaster/bhuddist philisophy)

Anonymous 04/04/2017 (Tue) 16:29:01 [Preview] No. 5962 del
... exfiltrate all data from ram etc.

Anonymous 04/05/2017 (Wed) 01:34:44 [Preview] No. 6044 del
>>5939 atta boy!
Now recall to have someone externally keep the private keys away from the servers, and one other person (please come back Snake dude!) maintain the VPN settings between the three!
I also hope your backup keys are not only encrypted but have a steganographed backup externally, like I do on "my cat blog". Bitcoin blockchain might come handiest in the future.
And soon to have deadman switches ( >>5958 ). Mines rotate monthly, since I barely have time to connect online at all.
>>5961 >>5962
That's not within the threat model of lynxchan & most IBs: If the hardware is already compromised host level, nothing much you can do: which many are (softserv, KVM, Xen, etc.)
But do actually summon me when you've designed a kernel-IB server that can auto validate compromise within hardware! (no irony, for real!)
I mean that extremely positively:

Anonymous 04/05/2017 (Wed) 20:38:34 [Preview] No. 6054 del
>But do actually summon me when you've designed a kernel-IB server that can auto validate compromise within hardware! (no irony, for real!)

"The mortal can only see what the gods show"

A function running on the host CPU cannot peer into the pipeline of the hypervisor CPU (unless Intel, AMD, etc really implemented it poorly).

endchan.i2p is down Anonymous 02/20/2017 (Mon) 14:46:10 [Preview] No. 5711 [Reply] [Last 50 Posts]
8 posts and 1 image omitted.

Anonymous 03/03/2017 (Fri) 06:17:22 [Preview] No. 5762 del

>Most I've seen it use in a month is ~400GB.

Ayo hol up. My I2P routers use a little over a terabyte a month each. I run one of them on my shitty home connection, too.

A terabyte is nothing these days, though.

Anonymous 03/09/2017 (Thu) 23:41:46 [Preview] No. 5779 del
It's down again.

I might be thinking 400GB every two weeks which, now that I think about it, sounds more accurate.

Anonymous 04/03/2017 (Mon) 14:33:20 [Preview] No. 5951 del
Fugg I can't get to endchan.i2p site
It gives me "503 service unavailable"

Anonymous 04/03/2017 (Mon) 14:38:34 [Preview] No. 5952 del
How do I configure my i2pd? I only get max 2KiB/s while I get 50KiB/s with i2p

Yes, I'm fucktard running both i2pd and i2p at the same time. Finding help for i2pd problems is hard.

Anonymous 04/05/2017 (Wed) 19:05:50 [Preview] No. 6053 del
Nevermind, now it is working

Hide issue Anonymous 04/05/2017 (Wed) 17:21:18 [Preview] No. 6052 [Reply] [Last 50 Posts]
When you hide a thread it loses its' hr above and it floats up into whatever is on top. If you hide a thread under another thread with no replies, it floats up into the op of that thread.

Also, hide links aren't shown on Expanded Threads.

8ch database Anonymous 04/04/2017 (Tue) 17:58:21 [Preview] No. 6019 [Reply] [Last 50 Posts]

Anonymous 04/05/2017 (Wed) 00:27:13 [Preview] No. 6043 del
nntpchan thread: t/e09c3319dfa651ae01990264d751531dd5db3b5d/

odilitime Board owner 09/08/2016 (Thu) 05:12:04 [Preview] No. 4983 [Reply] [Last 50 Posts]
I had a development server breached that I had an old development copy of the Endchan database (without media).

All users are advised to change their passwords ASAP.

Development server was breached used an redis/ssh exploit. Redis was installed and usually ran as a user but recently doing some development work, I accidentally started it up as root to look something up and left it running. Redis then can write to your ssh keys and insert unwanted keys and allow root access. All files in /root and /home were removed and a note was left:

>Hi, please view here: http://pastebin.com/raw/vadfLyDS for information on how to obtain your files!

Luckily I have bandwidth logs on that box and I can see there was nothing transferred out of the box. So my guess is they just deleted the files. The nature in which they left the machine leads me to believe this was an automated attack (plenty of other meaningful data directories were left alone).

The copy of Endchan's data is left untouched on this development server. However the dump that was used to transfer the copy was still likely in the /root directory that was deleted. I will get the date of the data copy as soon as I can do some data recovery on that machine, I estimated the copy to be an early 2016 Q2 dump. This server is now offline.

At Endchan, we want to be as transparent as we possibly can and even though we do not believe anything was leaked, we cannot rule out nothing happen with 100%. And even if we could be certain that nothing was at risk, we still want to report anything of this nature to our users.

I fucked up, I'm sorry for any troubles this may and has caused any of you.

Please let us know any questions you may have.
13 posts and 4 images omitted.

odilitime Board owner 11/29/2016 (Tue) 11:16:02 [Preview] No. 5344 del
>Why is/was your development/test server accessible online?
because we needed public testers.

>Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers
Not sure how to figure that out, let me talk with Lynx.

>You do still have a copy of that old DB, right?
No I don't.

Anonymous 11/29/2016 (Tue) 23:46:32 [Preview] No. 5380 del
Then make a mock test site, not a duplicate, yesh.
>No I don't.
This is bad. M8, when you can, study up on Sysadmin. Rule 37 of "After an attack" is to keep an archive of the exploit. You want to retrospect on how malicious attacks are growing, so you proactively scope those vulnerabilities.

odilitime Board owner 12/06/2016 (Tue) 01:38:31 [Preview] No. 5428 del
>make a mock test site
That's what this was. What's the point of the test if you aren't testing real data. Very few have a budget to generate similar but different data.
But you're right in the sense that we did need every users' account on the dev server. That could have and should been cleaned out more.

>keep an archive of the exploit
generally a good rule. I have a large archive of them, however the size of this development server was too large. I did a thorough analysis and deleted it. The vulnerability was easy to figure out and very popular, so there was plenty of documentation on it. In this specific case the storage costs outweighed the value.

Anonymous 12/07/2016 (Wed) 18:30:32 [Preview] No. 5430 del
As long as you archive and properly mock the test server from hither on, you will form a basis to document changes dependent on the master branch. Usually it is cheaper to VPN the server in a locked virtual environment, so you see a full scope of the system. Vulnerabilities are getting scarier and efficient, thanks in part to manufacturers leaving vulnerabilities in the hardware/UEFI/BIOS/firmware. Right now, the biggest threat are GPUs with DMA and their undocumentation: enormous processing power that when clustered, can replicate innumerable vulnerabilities in one machine before the next cycle hits the CPU to address the bus.

Anonymous 04/04/2017 (Tue) 22:02:00 [Preview] No. 6042 del
testing sticky bump

(25.39 KB 620x388 money_1638177b.jpg)
Anonymous 02/09/2017 (Thu) 18:58:01 [Preview] No. 5679 [Reply] [Last 50 Posts]
can u plz be a bit more transparent with the server hosting?

>SnakeDude pays the bills
is nice but it does not give us much assurance endchan would stay alive the next day. since he is the sugar daddy of endchan he could just disappear next month and endchan is gone.

on elysium, they give a financial report where they say how much longer their world of warcraft servers are able to stay up based on donations:


u dont have to give the exact cost like they do because of bargaining reasons, but it would b nice if u could give an expiration estimate like "EndChan hosting set to expire on March 11 based on current funds."
3 posts omitted.

Anonymous 03/29/2017 (Wed) 22:02:32 [Preview] No. 5888 del
He is the administrator/creator of vichan. On top of that, he is a well known serpent, thief, manipulator, and all around a shit person, much, much worse than Jim, Littlecar and Josh all combined.

In case you don't know, vichan is a polish imageboard with the levels of cancer exceeding reddit, 4ch and tumblr and whatever you can think of. It's basically facebook with "anonymity" at present point. For one, Czaks is advertising a chan/imageboard derivative called Uczuciopedia on his website, which is a facebook page running on stolen polish chan culture original content and memes and run by highschool normalfag chads. He was invited to a party organised by Lanceq, the creator of Uczuciopedia, on which he (czaks) was insulted and made fun of (he wanted to feel like a highschooler chad one more time </3, rip in peace)

Czaks has a history of undermining privacy of the users of his chan, he has also declared vichan "the polish 4chan", he has fucked up karachan a few times (another polish chan, this one is less cancerous and more of a mix of modern day 8ch and old 4ch /b/) and generally assisted in spreading polish chan OC on mainstream sites like facebook, for cancerous normalfag youth to use and appropriate.

Pic rel is czaks, as you can notice, he is a ginger and has no soul.

I don't think I'll be able to find you anything in english. And not much in polish, unless I find an archived imageboard page, because the good anons don't blog about chans and don't talk about chans outside of chans (Karachan, for example, tries to keep outsiders out so bad that you need special cookies and adblock lines to get in and browse properly). One fact I recall was that he blew all the server money on drugs, (I think it was cocaine?) the money included ad revenue and donations.

Typing in "czaks ruda kurwa" gets you this:

>Man that destroyed polish chan community. After reviving Vichan in 2012 (before it existed in 2009-2010, but he got doxxed and had lots of pay-on-delivery shit to him so he closed the shop, it also came out he was underage then), he invited all kinds of normal and moralfags to polish chans, causing a major downgrade in quality. He became friends with Jakub "lanceq" Nies?uchowski, founder of Uczuciopedia, facebook group that's the main enemy of polish chans right now, they are whiteknighting all raids and actions, stealing all content that can be stolen (because of them most of our memes are now in all polish middle schools which is fucking annoying) and just being shit. Result of his actions? Since middle 2014 nothing interesting was made or happened on polish chans, every raid or action was whiteknighted or moralfagged into oblivion before it even began and no one is even making OC anymore because he knows it will be on kwejk (polish 9gag) next day. Before, polish chans were places for social outcasts and losers to spend time and do shit with people like them, but currently they are SWARMED by underages and no fun allowed moralfags which are turning the community into what 4chan became after sociology.

Message too long. Click here to view full text.

Anonymous 04/02/2017 (Sun) 03:10:32 [Preview] No. 5922 del
>endchan appears to not be doing so well
>less people come
>endchan does worse
>less people come

self defeating prophecy.

Anonymous 04/02/2017 (Sun) 03:11:06 [Preview] No. 5924 del
dubs don't lie

Anonymous 04/02/2017 (Sun) 07:37:15 [Preview] No. 5930 del
lurk moar faggot, we've done nothing but increase traffic month over month.

Anonymous 04/04/2017 (Tue) 12:36:33 [Preview] No. 5960 del
>>5888 (checked)
So that's why karachan is stuck making papies mene forever? Thanks for making a good read and lecturing a bit about the polish chan history.

(35.33 KB 492x276 439f15.jpg)
onion geolocation Anonymous 04/03/2017 (Mon) 22:30:29 [Preview] No. 5954 [Reply] [Last 50 Posts]
It seems that since the migration, on boards that have geolocation flags enabled, posts made via the onion service are being attributed to amerifat-land.

What did you break, odili?

Anonymous 04/03/2017 (Mon) 22:55:41 [Preview] No. 5955 del
ok, I think it's fixed. Try now

(47.79 KB 1280x720 1489819377147.jpg)
Anonymous 04/02/2017 (Sun) 21:00:35 [Preview] No. 5946 [Reply] [Last 50 Posts]
You guys seen 8chan getting rekt? It happened yesterday, thought it was an April fools joke, turned out to be real. Still it sounds too stupid to be real, wtf is going on guys?

Anonymous 04/03/2017 (Mon) 00:31:20 [Preview] No. 5947 del
I don't think it's a prank.

Anonymous 04/03/2017 (Mon) 00:32:22 [Preview] No. 5948 del
I think the shills flipped their shit when they saw something. they probably haxxed the whole website because deleting it wasn't enough.