/operate/ - Endchan Operations

Let us know what's up

Posting mode: Reply

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images

(6.88 KB 222x222 NewFeatures-logo.png)
Realtime experiment odilitime Board owner 04/04/2017 (Tue) 16:53:25 [Preview] No. 5963
Just added a "realtime" checkbox to the thread page. This is an opt-in feature that lets you participate in seeing incoming posts (of other users that have opted-in) and broadcasts any post you draft as you make.

Thought I'd try this experiment out and see how it goes.

Anonymous 04/04/2017 (Tue) 16:57:49 [Preview] No. 5964 del
does this dick yo?

Anonymous 04/04/2017 (Tue) 17:23:22 [Preview] No. 5965 del
doesn't work with https

Anonymous 04/04/2017 (Tue) 17:36:02 [Preview] No. 5966 del
should be fixed now

Anonymous 04/04/2017 (Tue) 17:36:05 [Preview] No. 5967 del

Anonymous 04/04/2017 (Tue) 17:36:34 [Preview] No. 5968 del
how does this work tho?

Anonymous 04/04/2017 (Tue) 17:36:48 [Preview] No. 5969 del
let's see

Anonymous 04/04/2017 (Tue) 17:37:50 [Preview] No. 5970 del
you should see other people making new posts near the realtime counter

Anonymous 04/04/2017 (Tue) 17:38:01 [Preview] No. 5971 del
reel time duzin werk!

Anonymous 04/04/2017 (Tue) 17:38:16 [Preview] No. 5972 del
Still can't decide whether I like this or not.

Anonymous 04/04/2017 (Tue) 17:39:06 [Preview] No. 5973 del
Does it work?

Anonymous 04/04/2017 (Tue) 17:39:19 [Preview] No. 5974 del
Yes, it's very subjective. That's why it's an opt-in

Anonymous 04/04/2017 (Tue) 17:39:37 [Preview] No. 5975 del
where is realtime counter?
I'm not sure where should I be lookin

Anonymous 04/04/2017 (Tue) 17:39:45 [Preview] No. 5976 del
how do you tell if it works?

Anonymous 04/04/2017 (Tue) 17:40:33 [Preview] No. 5977 del
bottom of the thread

Anonymous 04/04/2017 (Tue) 17:40:38 [Preview] No. 5978 del
I literally can't tell

Anonymous 04/04/2017 (Tue) 17:41:09 [Preview] No. 5979 del
what happens if auto is off?

Anonymous 04/04/2017 (Tue) 17:41:12 [Preview] No. 5980 del
yea, something is broken, I'm not seeing any typing either.

Anonymous 04/04/2017 (Tue) 17:41:45 [Preview] No. 5981 del
dddddddddoooooood it doesn't work in quick reply

Anonymous 04/04/2017 (Tue) 17:42:16 [Preview] No. 5982 del
I saw that one

Anonymous 04/04/2017 (Tue) 17:42:21 [Preview] No. 5983 del
ohay it did something?

Anonymous 04/04/2017 (Tue) 17:42:49 [Preview] No. 5984 del
it does not work in the quick reply box thingy doo

Anonymous 04/04/2017 (Tue) 17:43:11 [Preview] No. 5985 del
testing quick reply thingy doo
can u see dis?

Anonymous 04/04/2017 (Tue) 17:44:15 [Preview] No. 5986 del
Try it again, I looked away for a second

Anonymous 04/04/2017 (Tue) 17:44:27 [Preview] No. 5987 del
Yea I saw it

Anonymous 04/04/2017 (Tue) 17:44:32 [Preview] No. 5988 del
does this work thingy do ayyyyyyyyyyyyyyyyyyyyyyyyy??????????????????????? AYYYYYY?????

Anonymous 04/04/2017 (Tue) 17:45:00 [Preview] No. 5989 del
we need moar tester tbh fammmmmmalam

Anonymous 04/04/2017 (Tue) 17:45:33 [Preview] No. 5990 del
I'm working on safari fix, so you can see me type

Anonymous 04/04/2017 (Tue) 17:46:38 [Preview] No. 5991 del
testint testing 1 2 3

Anonymous 04/04/2017 (Tue) 17:47:11 [Preview] No. 5992 del
o hey I think I saw something

Anonymous 04/04/2017 (Tue) 17:47:38 [Preview] No. 5993 del
trying quick reply box thingy dooooooooooooooooooo
(someone tell me if this is working) ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo (is it working?) oooooooooooooooooooooooooooooooooooooooooooo (PLZ RESPOND) oooooooooooooooooooooooooooooooooooooooooooooooo??????

Anonymous 04/04/2017 (Tue) 17:48:07 [Preview] No. 5994 del
Didn't see a damn thing that time

Anonymous 04/04/2017 (Tue) 17:48:24 [Preview] No. 5995 del
Uncaught TypeError: Cannot read property 'hasChildNodes' of undefined
at updateRealTimeCounts (megud.js:118)
at WebSocket.ws.onmessage (megud.js:153)

Anonymous 04/04/2017 (Tue) 17:48:40 [Preview] No. 5996 del
(9.62 KB 400x223 Bez tytułu.png)
heh noice

Anonymous 04/04/2017 (Tue) 17:48:52 [Preview] No. 5997 del
megud.js:2 Uncaught TypeError: Cannot read property 'addEventListener' of null
at attach (megud.js:2)
at megud.js:38

Anonymous 04/04/2017 (Tue) 17:49:17 [Preview] No. 5998 del
Sweet. I'm not using the quick box tho.

Anonymous 04/04/2017 (Tue) 17:49:35 [Preview] No. 5999 del
you forgot some semicolins brah

Anonymous 04/04/2017 (Tue) 17:51:30 [Preview] No. 6000 del
doooooooood testing

Anonymous 04/04/2017 (Tue) 17:51:40 [Preview] No. 6001 del

Anonymous 04/04/2017 (Tue) 17:51:54 [Preview] No. 6002 del
Fuck it. If this becomes permanent I'm staying forever

Anonymous 04/04/2017 (Tue) 17:52:02 [Preview] No. 6003 del
>tfw lagchan

Anonymous 04/04/2017 (Tue) 17:52:13 [Preview] No. 6004 del

Anonymous 04/04/2017 (Tue) 17:52:33 [Preview] No. 6005 del

Anonymous 04/04/2017 (Tue) 17:53:23 [Preview] No. 6006 del

Anonymous 04/04/2017 (Tue) 17:53:28 [Preview] No. 6007 del
Although people will realize what a retard I am seeing me trying to correct all my spelling mistakes.

Anonymous 04/04/2017 (Tue) 17:53:41 [Preview] No. 6008 del
fug, meant for >>6007

Anonymous 04/04/2017 (Tue) 17:54:34 [Preview] No. 6009 del

Anonymous 04/04/2017 (Tue) 17:54:38 [Preview] No. 6010 del
what happens when I do this?

Anonymous 04/04/2017 (Tue) 17:54:39 [Preview] No. 6011 del

Anonymous 04/04/2017 (Tue) 17:55:07 [Preview] No. 6012 del

Anonymous 04/04/2017 (Tue) 17:55:25 [Preview] No. 6013 del
oyy man from the future

Anonymous 04/04/2017 (Tue) 17:55:33 [Preview] No. 6014 del
On the other site you could see the spoiler growing larger as you type.

Anonymous 04/04/2017 (Tue) 17:56:05 [Preview] No. 6015 del
>litterally a botnet in your browser yo

Anonymous 04/04/2017 (Tue) 17:56:13 [Preview] No. 6016 del
yea and preview their images. We'll get there. Just wanted to see if people would use it first. Lemme clean up all these bugs.

Anonymous 04/04/2017 (Tue) 17:56:46 [Preview] No. 6017 del
Ok, yeah I want it now.

Anonymous 04/04/2017 (Tue) 17:57:13 [Preview] No. 6018 del
you need to send it 1 char at at time instead of the entire thingy doooooooooooooooooooooooo in each websocket frame.

Anonymous 04/04/2017 (Tue) 17:58:59 [Preview] No. 6020 del
yea optimizations later

Anonymous 04/04/2017 (Tue) 18:03:33 [Preview] No. 6021 del
quick reply is working, back to the scoping problems.

Anonymous 04/04/2017 (Tue) 18:03:59 [Preview] No. 6022 del
Quick reply

Anonymous 04/04/2017 (Tue) 18:04:33 [Preview] No. 6023 del
I can see those message appearing on other boards

Anonymous 04/04/2017 (Tue) 18:04:33 [Preview] No. 6024 del
yup, that's why it's optional

Anonymous 04/04/2017 (Tue) 18:04:35 [Preview] No. 6025 del
I saw this from another board

Anonymous 04/04/2017 (Tue) 18:04:48 [Preview] No. 6026 del
no clue what was going on there

Anonymous 04/04/2017 (Tue) 18:05:10 [Preview] No. 6027 del
semicolons aren't needed

Anonymous 04/04/2017 (Tue) 18:07:50 [Preview] No. 6028 del
yea that was the scoping problems. I think it's at least scoped to the board you're on now. Need to do thread scope next.

Anonymous 04/04/2017 (Tue) 18:35:35 [Preview] No. 6029 del
Ok thread scoping is complete. Let me know if you guys run into any more bugs. I think it's solid.

Anonymous 04/04/2017 (Tue) 18:39:32 [Preview] No. 6030 del
I think there's one bug with safari submit.

Anonymous 04/04/2017 (Tue) 18:39:50 [Preview] No. 6031 del
ok that's fixed

Anonymous 04/04/2017 (Tue) 18:46:23 [Preview] No. 6032 del
Cool. I'm going to use this more often. Except when I have to type out long posts. It's weird knowing someone is watching your thought process, kek.

Anonymous 04/04/2017 (Tue) 18:46:42 [Preview] No. 6033 del

Anonymous 04/04/2017 (Tue) 18:47:03 [Preview] No. 6034 del
I see your benis

Anonymous 04/04/2017 (Tue) 18:47:07 [Preview] No. 6035 del
>implying benis

Anonymous 04/04/2017 (Tue) 18:47:28 [Preview] No. 6036 del
You can't see my benis, don't lie

Anonymous 04/04/2017 (Tue) 18:47:29 [Preview] No. 6037 del
I can see ur ass nigguh

Anonymous 04/04/2017 (Tue) 18:48:21 [Preview] No. 6038 del
I don't have ass, i'm skeletor

Anonymous 04/04/2017 (Tue) 19:09:30 [Preview] No. 6039 del
Ok lynx formatting is done

Anonymous 04/04/2017 (Tue) 22:01:31 [Preview] No. 6041 del

odilitime Board owner 04/05/2017 (Wed) 01:56:16 [Preview] No. 6045 del
Ok after some discussion, this feature radical alters the type of discussion. Just see this thread as an example of what it does.

So we're going to disable it globally. And BO can request that it be turned on if they want to have it on their boards. That way we can have more long form discussion in most of the site and a couple quicker boards for chat.

odilitime Board owner 04/05/2017 (Wed) 01:57:42 [Preview] No. 6046 del
also this is going to be open sourced. It was built to be tacked onto any IB including vichan, nntpchan or infinity.

Anonymous 04/05/2017 (Wed) 11:13:04 [Preview] No. 6047 del
(171.33 KB 640x427 IMG_6120.JPG)
This is totally........not showing anything cas of my ipad I guess.

Anonymous 04/05/2017 (Wed) 11:13:36 [Preview] No. 6048 del
Oh nevermind I see it at bottom.

Anonymous 04/05/2017 (Wed) 11:16:41 [Preview] No. 6049 del

odilitime Board owner 04/05/2017 (Wed) 13:58:55 [Preview] No. 6050 del

Anonymous 04/05/2017 (Wed) 16:50:28 [Preview] No. 6051 del
Benis in de magin' :DDDDDD

just as expected from js "programmers" Anonymous 04/05/2017 (Wed) 21:12:00 [Preview] No. 6055 del
> subblock.appendChild(document.createTextNode(data.n))
> subblock.innerHTML=lynxFormatting(data.n)

Trivial XSS: just type whatever HTML you want to inject into the browser of all the idiots that enabled this feature^Wbotnet.

For example, type: <img src="/randomBanner.js?boardUri=operate" onload="alert('odili is even worse than stephenlynx');">

odilitime Board owner 04/05/2017 (Wed) 23:47:10 [Preview] No. 6056 del
Thanks for pointing it out. Patch has been applied.

Anonymous 04/06/2017 (Thu) 00:51:24 [Preview] No. 6057 del
Ah, yes. Regex, a javascript programmer's best friend.

Try again: <<foo>img src="/randomBanner.js?boardUri=operate" onload="alert('regex ftw ;)');">

odilitime Board owner 04/06/2017 (Thu) 01:12:44 [Preview] No. 6058 del
Good catch. Yea regex isn't really going to be a solution because I'd need to parse how each browser parses. It's just not practical.

Fixed with some encoding. How did I do?

Anonymous 04/07/2017 (Fri) 00:05:34 [Preview] No. 6071 del

You sure about that, mate?

Hex-encoded, in case stephenlynx also fucked up:

https://youtube.com/watch?v=http://www.nicovideo.jp/watch/[/niconico] onmousemove=alert&40;'you&#34;re&#32;gonna&#32;keep&#32;on&#32;losing,&#32;mate'&41; style=display:block;position:absolute;top:0px;left:0px;width:2500px;height:2500px [<a href="https://youtube.com/watch?v=[niconico] [Embed] onmousemove=alert&40;'you&#34;re&#32;gonna&#32;keep&#32;on&#32;losing,&#32;mate'&41; style=display:block;position:absolute;top:0px;left:0px;width:2500px;height:2500px">Embed]

Note 1: This quite depends on the quirks-mode parsing of the browser. This XSS works in latest Tor Browser.

Note 2: This one actually took me a little while to make it effective. Since it's getting more complicated and you don't seem to be getting the message, the next one I post will be an actual exploit. But, you're welcome to keep playing if you want.
Edited last time by odilitime on 04/07/2017 (Fri) 00:48:37.

Anonymous 04/07/2017 (Fri) 00:12:03 [Preview] No. 6072 del

>in case stephenlynx also fucked up

lolz, it seems he totally did.

So here you have a javascript-less XSS in effect, without even trying. ;)

Anonymous 04/07/2017 (Fri) 00:23:49 [Preview] No. 6073 del

I meant of course megud-javascript-less, you understand me.

Anonymous 04/07/2017 (Fri) 00:39:11 [Preview] No. 6074 del
It doesn`t seem to work on vanilla lynxchan.


I copy and pasted from 'https' to 'Embed]

odilitime Board owner 04/07/2017 (Fri) 00:51:08 [Preview] No. 6075 del
ok that was an addon that was causing it. All patched up.

Had to edit the post to trigger the rebuild. After the rebuild I don't get the error but can't be sure, as we can't really tell what you put in for input.

Is it still broken?

Anonymous 04/07/2017 (Fri) 00:57:01 [Preview] No. 6076 del
it worked in chrome too

I'm not seeing any problems with the hex version at all? What would decode the hex?

I understood from the original message. The backend daemon is what processes the bbcode stuff.

Anonymous 04/07/2017 (Fri) 01:07:25 [Preview] No. 6077 del
>I copy and pasted from 'https' to 'Embed]

>as we can't really tell what you put in for input.

>I'm not seeing any problems with the hex version at all? What would decode the hex?

Are you people joking? That's why I put the encoded payload. Also, if you can't into hex-encoding, then you probably shouldn't be poking here.

>It doesn`t seem to work on vanilla lynxchan.

Dunno. I said "seems", maybe it was not stephenlynx? Just doubly odili?

Anonymous 04/07/2017 (Fri) 01:11:15 [Preview] No. 6078 del
Guess it's fixed and you can't do it any more

Anonymous 04/07/2017 (Fri) 01:16:11 [Preview] No. 6079 del
I didn`t change a thing so...

odilitime Board owner 04/07/2017 (Fri) 01:17:15 [Preview] No. 6080 del
we did and we no longer get the alerts

Anonymous 04/07/2017 (Fri) 01:24:18 [Preview] No. 6081 del
I was talking about vanilla lynxchan.

Anonymous 04/07/2017 (Fri) 01:39:43 [Preview] No. 6082 del
no one was talking to you. lrn2read

Anonymous 04/07/2017 (Fri) 02:16:56 [Preview] No. 6083 del

Anonymous 04/07/2017 (Fri) 02:22:09 [Preview] No. 6084 del
it's already delivered

Anonymous 04/07/2017 (Fri) 02:27:52 [Preview] No. 6085 del

I'm not a programmer but as I understood >>6071 was attacking the realtime thing
but it just hit the board as well, I am wrong?

I see no fix here: https://gitgud.io/InfinityNow/megud/commits/master

I would test it myself but I don't know how without being attacked...

Anonymous 04/07/2017 (Fri) 02:28:45 [Preview] No. 6086 del
Yea, I can confirm, it's not happening any more in the latest tor browser

Anonymous 04/07/2017 (Fri) 02:30:49 [Preview] No. 6087 del
it was but also the backend, because the bug was copied to the realtime area from the backend.

>I see no fix
correct, we haven't posted it there yet, we want to confirm it is fixed.

>I would test it myself
Me too, but the correct input isn't clear

Top | Return | Catalog | Post a reply