/operate/ - Endchan Operations

Let us know what's up

Boards | Catalog | Bottom

Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


FILE SUPPORT THREAD odilitime Board owner 01/23/2016 (Sat) 08:43:14 [Preview] No. 1017 [Reply]
What file types do we don't support that you would like us to add?

Making an official thread to keep on top of this better. Most of these are relatively easy to add.

I'm not quite sure why LynxChan has a filter on these. It maybe easy to start a list of what we don't want.

IF YOU ARE HAVING PROBLEMS, TEST HERE AND LET USE KNOW THE MIME TYPE YOU GET:
http://mime.ritey.com

Here's the current list:
application/download,
application/epub+zip,
application/gzip,
application/pdf,
application/vnd.adobe.flash.movie,
application/x-7z-compressed
application/x-7z-compressed,

Message too long. Click here to view full text.

Edited last time by odilitime on 06/05/2016 (Sun) 10:44:34.
149 posts and 22 images omitted.


odilitime Board owner 02/20/2017 (Mon) 05:20:38 [Preview] No. 5707 del
>>5699
1. correct

2. It's really hard to add backends options. We'll get there but still learning. Right now lazy-loading youtube embed works but the BO has to have link rewriting off. If you rewrite links, the youtube detector can't find it.


Anonymous 02/22/2017 (Wed) 02:42:03 [Preview] No. 5714 del
>>5699
Embeds have been already implemented.
What are you talking about?


Anonymous 02/22/2017 (Wed) 02:45:54 [Preview] No. 5715 del
>>5714

Sometimes when I paste a youtube html like that it does the spam filtration whack job on the URL, and denies the viewer embed link. What am I doing wrong or how did you do that?

Also I am on lo bandwidth, how come my webms sometimes just fade into space, talking <3 mb file I can't upload to the thread


Anonymous 02/22/2017 (Wed) 02:47:16 [Preview] No. 5716 del
>>5715
If the board owner adds a filter that fucks it up, take to the board owner.


odilitime Board owner 02/22/2017 (Wed) 08:55:00 [Preview] No. 5718 del
>>5714
I mean this
https://youtube.com/watch?v=JBIh26Jgtbg [Embed]



PSA: Block bypass has been enabled for some IPs Balrog Board volunteer 05/17/2016 (Tue) 14:23:15 [Preview] No. 4154 [Reply]
I found where that spam full of random garbage is coming from. It doesn't have any discernable pattern so we can't use the autoban addon to remove it, but it's all coming from the same /24 range of IPs in Russia so we can just rangeban it. The problem is that Lynxchan currently only does /16 rangebans, which would result in substantial collateral damage. To counter this I'm enabling the block bypass function.

If you are rangebanned, you can use the block bypass function to solve a CAPTCHA and bypass the rangeban. This requires your browser to store a "bypass" cookie. No CAPTCHA will be required to post if your IP has not been subject to a rangeban. Block bypasses last for 24 hours or 50 posts.

I've already asked StephenLynx about adding a second, smaller rangeban level.
18 posts omitted.


odilitime 01/24/2017 (Tue) 00:50:27 [Preview] No. 5635 del
>>5634
I haven't applied the fix to EndChan yet


Anonymous 01/24/2017 (Tue) 00:53:45 [Preview] No. 5636 del
>>5635
I figured it was the same error that you get on 8ch when it says "invalid referrer". Thanks for looking into it though this is wonderful.


Anonymous 01/25/2017 (Wed) 18:12:29 [Preview] No. 5642 del
>>5630
>I don't want to copy every outside url manually to open them.
The latest Tor browser update is for you:
>Tor Browser 6.5 -- January 24 2017
> * Bug 17334: Spoof referrer when leaving a .onion domain
Allowing referrers on per-site basis is a bit harder to do. You still need to use about:config and manually set it, post somewhere and set it back when you are done.

>>5631
>Yes, that's an antispam measure, so it has benefits.
Well, it worth just as much as relying on the browser's user-agent for anti-spam. Nothing. Even the most simple spambots include referrer spoofing. And when referrers are used for "security purpose" (like at Webfaction), I become so confused: I don't know whether I should cry or laugh.


odilitime 01/28/2017 (Sat) 02:02:48 [Preview] No. 5643 del
>>5636
fix has been applied

>>5642
>it worth just as much as relying on the browser's user-agent
it's more like, if it stops one piece of spam, it's worth implementing


Czwarty 02/21/2017 (Tue) 19:34:56 [Preview] No. 5713 del
there's more spam incoming lately. I don't know if it's just some bored scamdude (only one post appearing in latest thread on my board in random time with big intervals) or shitty spambot. Leaving the post for you and the link he gave (added xxx among numbers there, if you remove it you will get actual link) - don't know if it will be of any use for you but whatever

>>/4/10531



odilitime Board owner 09/08/2016 (Thu) 05:12:04 [Preview] No. 4983 [Reply]
I had a development server breached that I had an old development copy of the Endchan database (without media).

All users are advised to change their passwords ASAP.

Development server was breached used an redis/ssh exploit. Redis was installed and usually ran as a user but recently doing some development work, I accidentally started it up as root to look something up and left it running. Redis then can write to your ssh keys and insert unwanted keys and allow root access. All files in /root and /home were removed and a note was left:

>Hi, please view here: http://pastebin.com/raw/vadfLyDS for information on how to obtain your files!

Luckily I have bandwidth logs on that box and I can see there was nothing transferred out of the box. So my guess is they just deleted the files. The nature in which they left the machine leads me to believe this was an automated attack (plenty of other meaningful data directories were left alone).

The copy of Endchan's data is left untouched on this development server. However the dump that was used to transfer the copy was still likely in the /root directory that was deleted. I will get the date of the data copy as soon as I can do some data recovery on that machine, I estimated the copy to be an early 2016 Q2 dump. This server is now offline.

At Endchan, we want to be as transparent as we possibly can and even though we do not believe anything was leaked, we cannot rule out nothing happen with 100%. And even if we could be certain that nothing was at risk, we still want to report anything of this nature to our users.

I fucked up, I'm sorry for any troubles this may and has caused any of you.

Please let us know any questions you may have.
12 posts and 4 images omitted.


Anonymous 11/29/2016 (Tue) 09:52:50 [Preview] No. 5343 del
Why is/was your development/test server accessible online? Can't keep >>4986 over this mishap. Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers?
>>4998
>crazy NSA shit transmitting the data offsite without the transmission being logged by the external monitoring equipment; not likely) than anything else.
Highly possible with state actor attacks we've seen as of late.

Leaking PizzaGate really did a number, worldwide.
>>5016
You do still have a copy of that old DB, right?


odilitime Board owner 11/29/2016 (Tue) 11:16:02 [Preview] No. 5344 del
>>5343
>Why is/was your development/test server accessible online?
because we needed public testers.

>Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers
Not sure how to figure that out, let me talk with Lynx.

>You do still have a copy of that old DB, right?
No I don't.


Anonymous 11/29/2016 (Tue) 23:46:32 [Preview] No. 5380 del
>>5344
Then make a mock test site, not a duplicate, yesh.
>No I don't.
This is bad. M8, when you can, study up on Sysadmin. Rule 37 of "After an attack" is to keep an archive of the exploit. You want to retrospect on how malicious attacks are growing, so you proactively scope those vulnerabilities.


odilitime Board owner 12/06/2016 (Tue) 01:38:31 [Preview] No. 5428 del
>>5380
>make a mock test site
That's what this was. What's the point of the test if you aren't testing real data. Very few have a budget to generate similar but different data.
But you're right in the sense that we did need every users' account on the dev server. That could have and should been cleaned out more.

>keep an archive of the exploit
generally a good rule. I have a large archive of them, however the size of this development server was too large. I did a thorough analysis and deleted it. The vulnerability was easy to figure out and very popular, so there was plenty of documentation on it. In this specific case the storage costs outweighed the value.


Anonymous 12/07/2016 (Wed) 18:30:32 [Preview] No. 5430 del
>>5428
As long as you archive and properly mock the test server from hither on, you will form a basis to document changes dependent on the master branch. Usually it is cheaper to VPN the server in a locked virtual environment, so you see a full scope of the system. Vulnerabilities are getting scarier and efficient, thanks in part to manufacturers leaving vulnerabilities in the hardware/UEFI/BIOS/firmware. Right now, the biggest threat are GPUs with DMA and their undocumentation: enormous processing power that when clustered, can replicate innumerable vulnerabilities in one machine before the next cycle hits the CPU to address the bus.



Android App Anonymous 02/26/2017 (Sun) 07:03:04 [Preview] No. 5734 [Reply]
I'm shocked at how little support there is on Android for Endchan. You truly should reach out to the devs of Chan Barauza or Everychan or Ouroborous or something and get them supporting this board. That's the key reason many folks do not migrate here.
10 posts omitted.


Anonymous 02/26/2017 (Sun) 22:45:13 [Preview] No. 5747 del
>>5746
You're not wrong. That being said convenience is essential to the growth of Endchan. There are many people who aren't completely reprehensible 4chan faggots who would likely contribute to healthy board activity if such a an ease of access was readily available to them.


Anonymous 02/26/2017 (Sun) 22:49:20 [Preview] No. 5748 del
https://www.amazon.com/SHARP-undefined-Sharp-Zaurus-SL-5500/dp/B000063D6E

The comments on the amazon page above (notice all this lcass of amazon style teccchh tards agglomerate not just tech but humans and their talking of buying things hah) show how nixers lost the ball to android people.

Very simply put I would rather have a difficulty +1 device that is a computer, even if its not touchscreen to fondle, or large screen, and even if its just a shitty risc processor, I want a computer, that is modular, not android/applestyle production line from Chinese Foxconned workers who get not right to leap from the rooves to their deaths.

To have a -1 device later iterative (as the comments describe it was 5500 then androidshits) that is not a computer, but which is a TARD TO TARD FONE DEVICE, is not an upgrade-based iterative. Notice good old POTS copper was ripped out by the same FIOS type shitheads, now all fios does i make your landline go dead when the power flattens and the batteries run dry, fucking great tactical upgrade dipshits.


Anonymous 02/26/2017 (Sun) 22:51:24 [Preview] No. 5749 del
>convenience is essential to the growth of Endchan.

Oh no I don't agree with this premise in relation to android tards fuck those slabfone idiots they cant be saved.


Anonymous 02/26/2017 (Sun) 22:52:41 [Preview] No. 5750 del
Literally the programmers of the world, have destroyed the image of Picard confidently swiping on some ipad shits. they made it and made it totally reprehensible at the same time. They got richer than fuck all, and guns threads are not part of your board, so, good luck with the tech that helps you is all I say.


Anonymous 02/27/2017 (Mon) 03:18:43 [Preview] No. 5753 del
>>5749
I don't disagree but you're not taking into consideration those of us who have gainful employment and enjoy shitposting and debate whilst at work. I'm only on my PC in the evenings due to surveillance at work



Bans Anonymous 02/27/2017 (Mon) 01:12:06 [Preview] No. 5751 [Reply]
Is the ban system broken or am I just fucking retarded and don't know what to put in the duration field?
I try things like "April 1, 2017" that should work with the js mentioned in the moderation manual yet nothing happens when I try and ban a user.


Anonymous 02/27/2017 (Mon) 02:44:26 [Preview] No. 5752 del
The format for it changed and wasn`t properly updated on endchan.
See http://lynxhub.com/.static/moderation.html#banSection



odilitime 02/25/2017 (Sat) 18:11:46 [Preview] No. 5728 [Reply]
Cloudflare breached! If you used infinow.net to log in, it's possible that your password has been leaked. We suggest you change it, even though CloudFlare has sent us an email saying
>Fortunately, your domain is not one of the domains where we have discovered exposed data in any third party caches.

We're now considering removing the cloudflare from infinow.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
http://archive.is/72wqO
Edited last time by odilitime on 02/25/2017 (Sat) 18:12:49.


Anonymous 02/26/2017 (Sun) 04:24:36 [Preview] No. 5733 del
You did not link this odi but here are a list of website and how to fix it.
https://github.com/franciscop/cloudbleed


Anonymous 02/26/2017 (Sun) 08:04:35 [Preview] No. 5737 del
>>5733
that's a complete list of cloudflare clients, not all were affected



It keeps happening Anonymous 05/16/2016 (Mon) 07:24:27 [Preview] No. 4061 [Reply]
>Click on the "latest post" on what happens to be a large thread.
>Every image thumbnail pops into being and grows, one at a time
>Get taken on a wild ride
>mfw
2 posts omitted.


Anonymous 05/19/2016 (Thu) 12:09:20 [Preview] No. 4170 del
That happens because the css isn't reserving the space thumbs use.

So the page initially loads using zero height for images.

As thumbs load, they start using space, causing the page to do the hockey pokey.


odilitime Board owner 05/22/2016 (Sun) 22:14:47 [Preview] No. 4234 del
>>4170
hrm lynx generates the image tag, so we haven't set width/height from the frontend. Plus not all thumbs are going to be 255, some will be less.

My first attempt using CSS broke the image expansion. I'll keep trying, there must be a way with css. Otherwise I'll have to hack the lynxchan engine.


Anonymous 05/22/2016 (Sun) 23:41:08 [Preview] No. 4239 del
>>4234
You can set a min-height on the uploadCell class.


odilitime Board owner 02/06/2017 (Mon) 08:36:26 [Preview] No. 5668 del


cialis pills cialis_pills 02/26/2017 (Sun) 02:14:49 [Preview] No. 5732 del



endchan.i2p is down Anonymous 02/20/2017 (Mon) 14:46:10 [Preview] No. 5711 [Reply]
oliiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
3 posts omitted.


Anonymous 02/25/2017 (Sat) 17:12:51 [Preview] No. 5726 del
>>5725
noooo, that is a bad idea. i2p routing is determined by how reliable a router is on the network. If it dc/s every day or less, you will never integrate well.

Better to figure out what's up with it. For starters: you using the java i2p or i2pd?


Anonymous 02/25/2017 (Sat) 18:06:14 [Preview] No. 5727 del
>>5726
java


Anonymous 02/25/2017 (Sat) 18:11:57 [Preview] No. 5729 del
also I'm like so pumped there's finally a cross-net imageboard i recognize on i2p im so down to help
>mfw


Anonymous 02/25/2017 (Sat) 18:27:19 [Preview] No. 5730 del
>>5727
alright, it SHOULD be ok as long as
a. hidden mode isn't enabled (check http://localhost:7657/confignet)
b. "Network: OK" and ports are forwarded good
c. bandwidth settings are set right (http://localhost:7657/config)

For bandwidth, set it to your top speed or 12500 KBps (100 Mbps) and adjust the share ratio where you want it. It says
>(97.66M bits per second or 31.18T bytes per month maximum)
at 12500 100% but don't let that freak you out, it'll never use 31 fucking terabytes ever. Most I've seen it use in a month is ~400GB. If that's a bit much sounding, try 10% to start off with and see what your usage is like.


Anonymous 02/25/2017 (Sat) 19:16:35 [Preview] No. 5731 del
>>5730
>>5727

Also while I'm thinking about it, check your server tunnel for it's various settings, as they can affect site reachability tremendously.
Tunnel count: Higher count/backup == more reliable but also more bandwidth usage.

Hop length: Lower hops == less anon and slightly less bandwidth usage but much better reliability, speed and RTT/ping time.

Backups are for when a built tunnel in the count suddenly dies, 1 or 2 of these can be handy for reliability. They aren't used otherwise and I don't think they use much bandwidth. will have to ask

If you honestly don't want much anonymity for your server (since it's hosting the same site on clearnet anyway) you could probably go for a 1 hop tunnel with 3-5 count and 1 backup. 1 hop ensures that others connecting still have their anonymity from your end while making your site faster to use and 5 count/1 backup would make for excellent reachability but potentially higher bandwidth usage due to the 6 tunnels being built.

I forget what variance does but I remember having piss poor performance :^)

With the bandwidth profile, I would try either the interactive or the bulk to see which works the best. Here I would see bulk probably working better.

lastly that I can think of, there's the "Reduce tunnel quantity when idle". This will reduce the tunnel count (but not backups) when idle. If you turn it on, this'll reduce bandwidth usage with more idleness and not affect reliability much. Very worth it to turn on.

Message too long. Click here to view full text.




Misc. Anonymous 02/23/2017 (Thu) 07:33:28 [Preview] No. 5720 [Reply]
Howdy fambinos

Any way we can increase the character limit used for flags? The current limit (16) is barely large enough for a relatively normal name like 'Michael Jordan' let alone enough to submit some of our gag flags like...

Person of Interest - NHP - Yakub the Evil Black Scientist Who Lived 6,600 Years Ago and Created the White Race Through a Selective Breeding Process Known as 'Grafting'

I don't know what the formal limit of flag files is either as it doesn't say, but I currently have close to 700 of them and they're all very dear to our community so something to keep in mind.

Also it would be nice if we could embed off site videos hosted on youtube, liveleak, dailymotion, vimeo etc. into the post itself like 8chan. Of course you can just post urls in the post's comment body itself, but embedding is a nice feature that gives the post a contextual visual to accompany it, gnomesaiyan?

https://youtube.com/watch?v=vg14HPuXLOU [Embed]


Anonymous 02/23/2017 (Thu) 07:36:56 [Preview] No. 5721 del
...and by "embed off site videos" I meant in place of an image if you know what I'm talmbout


odilitime Board owner 02/23/2017 (Thu) 10:29:20 [Preview] No. 5722 del
>>5720
Thank you for a sample. Flags name length increasted to 256 characters.

>>5721
Well, I just feel a big image in the middle of a text post would just cause a problem. And we can't put it in the media slot... well maybe we can, I'll look into it.


OP @Work 02/23/2017 (Thu) 16:23:55 [Preview] No. 5723 del
(212.04 KB 1471x927 Untitled-1.jpg)
>>5722
>Well, I just feel a big image in the middle of a text post would just cause a problem.

Basically what happens on 8chan if you embed a video it precludes any images being posted, it isn't placed in the middle of the post in the text, rather off to the side in the same manner an image is.

>And we can't put it in the media slot... well maybe we can, I'll look into it.

Consider doing a little digging into 8chan/vichan's code-I don't imagine it's all that hard. While I'm a layman so take my guess with a grain of salt I would assume it's just an 'IF' statement that swaps the <div> that normally displays image(s) at variable dimensions with a <div> that displays an embedded youtube video with static dimensions.

https://youtube.com/watch?v=NAS70o1sLRI [Embed]



odilitime Board owner 02/16/2017 (Thu) 15:22:54 [Preview] No. 5684 [Reply]
working with a developer from /librejp/, we'll made some minor adjustments on page loading and refresh. We're trying to:
1. Make sure freshly added posts at the bottom of the page have all the same bells as whistles at the posts that were there when the page loaded
2. Cut down on browser stalls when processing large pages

Let me know if you notice anything better or worse.
7 posts and 1 image omitted.


to_sha_ki#+NqD6W 02/19/2017 (Sun) 12:28:38 [Preview] No. 5702 del
I localized day-of-week expression.
https://gitgud.io/to_sha_ki/8TailedLynxJa/commit/0aaa2356399db76cd59be56322e8ead27ec31dab
https://jsbin.com/zefazeqeqi/1/edit?js,output


[Hide User Posts] is duplicated.
hookShowHideUi is called from thread.js/refreshCallback and showHide.js .

rather than code change to detect duplicates,
I think that it is better to shift to the method of hooking to addPost .


odilitime Board owner 02/20/2017 (Mon) 05:16:42 [Preview] No. 5706 del
>>5702
Thanks again! Applied.

>[Hide User Posts] is duplicated.
Oh didn't know. Good catch.

>I think that it is better to shift to the method of hooking to addPost .
but the initial pageload wouldn't be covered would it?
Either way it needs to be rewritten.

Hey here's a feature I'd really like. 8ch.net has the ability to screenshot a page. I'd really like that for EndChan. I've made something before but my time is best spent on fixing bugs. I also have to fix the unban system apparently.
Edited last time by odilitime on 02/20/2017 (Mon) 06:43:43.


to_sha_ki#+NqD6W 02/20/2017 (Mon) 14:27:48 [Preview] No. 5710 del
>>5706
teeheehee

>but the initial pageload wouldn't be covered would it?
my description was insufficient.
I said shift from "hooking to refreshCallback" to "hooking to addPost".
write a new function that receive a postCell, and add it to the bottom of addPost.
to leave hookShowHideUi call on page loading.

>Hey here's a feature I'd really like. 8ch.net has the ability to screenshot a page. I'd really like that for EndChan. I've made something before but my time is best spent on fixing bugs. I also have to fix the unban system apparently.
would you like to reflect endchan server's front-end files and back-end files to the repository?
(Several files in the repository look old)
I want to see the bug.

I found this. but I have never used it yet.
https://html2canvas.hertzen.com/examples.html


to_sha_ki#+NqD6W 02/20/2017 (Mon) 15:30:50 [Preview] No. 5712 del
(24.60 KB 408x234 code.png)
I just confirmed that html2canvas can work.
I will not proceed with this, I will write each hook for addPost.


to_sha_ki#+NqD6W 02/22/2017 (Wed) 10:31:31 [Preview] No. 5719 del
https://gitgud.io/to_sha_ki/8TailedLynxJa/commit/927bc3fe442b211c5c96ad95ec33c301788d7a6a
I changed not to use updateTimes() and hookShowHideUi()

refreshCallback calls addPost and
addPost calls processPostCell and
processPostCell calls adjustPostTime and applyShowHidePost

adjustPostTime() is a substitue for updateTimes()
applyShowHidePost() is a substitue for hookShowHideUi()

new postCell to be added newly will be processed individually.
processes only postCell to be newly added to page.