/operate/ - Endchan Operations

Let us know what's up

Boards | Catalog | Bottom

Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


FILE SUPPORT THREAD odilitime Board owner 01/23/2016 (Sat) 08:43:14 [Preview] No. 1017 [Reply]
What file types do we don't support that you would like us to add?

Making an official thread to keep on top of this better. Most of these are relatively easy to add.

I'm not quite sure why LynxChan has a filter on these. It maybe easy to start a list of what we don't want.

IF YOU ARE HAVING PROBLEMS, TEST HERE AND LET USE KNOW THE MIME TYPE YOU GET:
http://mime.ritey.com

Here's the current list:
application/download,
application/epub+zip,
application/gzip,
application/pdf,
application/vnd.adobe.flash.movie,
application/x-7z-compressed
application/x-7z-compressed,

Message too long. Click here to view full text.

Edited last time by odilitime on 06/05/2016 (Sun) 10:44:34.
143 posts and 21 images omitted.


Anonymous 11/11/2016 (Fri) 12:52:22 [Preview] No. 5227 del
>>7368
Why "Bad Gateway"? I can upload images (even if concatenated with archive) but not zip/7z.


Anonymous 11/18/2016 (Fri) 05:29:42 [Preview] No. 5241 del
(45.62 KB 466x345 audio_mp3.png)
audio/mp3
please.


odilitime Board owner 12/06/2016 (Tue) 02:04:19 [Preview] No. 5429 del
>>5241
Just checked the server list. It's already there.


Anonymous 01/15/2017 (Sun) 06:40:30 [Preview] No. 5587 del
>>1017
hey odil
can you add mng
https://archive.is/V4K4D



odilitime Board owner 09/08/2016 (Thu) 05:12:04 [Preview] No. 4983 [Reply]
I had a development server breached that I had an old development copy of the Endchan database (without media).

All users are advised to change their passwords ASAP.

Development server was breached used an redis/ssh exploit. Redis was installed and usually ran as a user but recently doing some development work, I accidentally started it up as root to look something up and left it running. Redis then can write to your ssh keys and insert unwanted keys and allow root access. All files in /root and /home were removed and a note was left:

>Hi, please view here: http://pastebin.com/raw/vadfLyDS for information on how to obtain your files!

Luckily I have bandwidth logs on that box and I can see there was nothing transferred out of the box. So my guess is they just deleted the files. The nature in which they left the machine leads me to believe this was an automated attack (plenty of other meaningful data directories were left alone).

The copy of Endchan's data is left untouched on this development server. However the dump that was used to transfer the copy was still likely in the /root directory that was deleted. I will get the date of the data copy as soon as I can do some data recovery on that machine, I estimated the copy to be an early 2016 Q2 dump. This server is now offline.

At Endchan, we want to be as transparent as we possibly can and even though we do not believe anything was leaked, we cannot rule out nothing happen with 100%. And even if we could be certain that nothing was at risk, we still want to report anything of this nature to our users.

I fucked up, I'm sorry for any troubles this may and has caused any of you.

Please let us know any questions you may have.
12 posts and 4 images omitted.


Anonymous 11/29/2016 (Tue) 09:52:50 [Preview] No. 5343 del
Why is/was your development/test server accessible online? Can't keep >>4986 over this mishap. Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers?
>>4998
>crazy NSA shit transmitting the data offsite without the transmission being logged by the external monitoring equipment; not likely) than anything else.
Highly possible with state actor attacks we've seen as of late.

Leaking PizzaGate really did a number, worldwide.
>>5016
You do still have a copy of that old DB, right?


odilitime Board owner 11/29/2016 (Tue) 11:16:02 [Preview] No. 5344 del
>>5343
>Why is/was your development/test server accessible online?
because we needed public testers.

>Could you check the logs if a mod volunteer like >>>/pol/23993 was in the logs of potential account takeovers
Not sure how to figure that out, let me talk with Lynx.

>You do still have a copy of that old DB, right?
No I don't.


Anonymous 11/29/2016 (Tue) 23:46:32 [Preview] No. 5380 del
>>5344
Then make a mock test site, not a duplicate, yesh.
>No I don't.
This is bad. M8, when you can, study up on Sysadmin. Rule 37 of "After an attack" is to keep an archive of the exploit. You want to retrospect on how malicious attacks are growing, so you proactively scope those vulnerabilities.


odilitime Board owner 12/06/2016 (Tue) 01:38:31 [Preview] No. 5428 del
>>5380
>make a mock test site
That's what this was. What's the point of the test if you aren't testing real data. Very few have a budget to generate similar but different data.
But you're right in the sense that we did need every users' account on the dev server. That could have and should been cleaned out more.

>keep an archive of the exploit
generally a good rule. I have a large archive of them, however the size of this development server was too large. I did a thorough analysis and deleted it. The vulnerability was easy to figure out and very popular, so there was plenty of documentation on it. In this specific case the storage costs outweighed the value.


Anonymous 12/07/2016 (Wed) 18:30:32 [Preview] No. 5430 del
>>5428
As long as you archive and properly mock the test server from hither on, you will form a basis to document changes dependent on the master branch. Usually it is cheaper to VPN the server in a locked virtual environment, so you see a full scope of the system. Vulnerabilities are getting scarier and efficient, thanks in part to manufacturers leaving vulnerabilities in the hardware/UEFI/BIOS/firmware. Right now, the biggest threat are GPUs with DMA and their undocumentation: enormous processing power that when clustered, can replicate innumerable vulnerabilities in one machine before the next cycle hits the CPU to address the bus.



PSA: Block bypass has been enabled for some IPs Balrog Board volunteer 05/17/2016 (Tue) 14:23:15 [Preview] No. 4154 [Reply]
I found where that spam full of random garbage is coming from. It doesn't have any discernable pattern so we can't use the autoban addon to remove it, but it's all coming from the same /24 range of IPs in Russia so we can just rangeban it. The problem is that Lynxchan currently only does /16 rangebans, which would result in substantial collateral damage. To counter this I'm enabling the block bypass function.

If you are rangebanned, you can use the block bypass function to solve a CAPTCHA and bypass the rangeban. This requires your browser to store a "bypass" cookie. No CAPTCHA will be required to post if your IP has not been subject to a rangeban. Block bypasses last for 24 hours or 50 posts.

I've already asked StephenLynx about adding a second, smaller rangeban level.
1 post omitted.


odilitime Board owner 06/05/2016 (Sun) 11:25:18 [Preview] No. 4453 del
>>4445
I dunno, what is it telling you?


Anonymous 06/30/2016 (Thu) 22:39:14 [Preview] No. 4713 del
this is the best workaround at this point. thanks!


Anonymous 10/06/2016 (Thu) 14:54:52 [Preview] No. 5044 del
>>4154
Can't you just ban all the IPs in the /24 individually?


Anonymous 12/02/2016 (Fri) 22:19:29 [Preview] No. 5417 del
Please help, /librejp/ is getting wiped.


odilitime Board owner 12/06/2016 (Tue) 01:31:07 [Preview] No. 5427 del
>>5417
globals can only help delete spam. It's really up to your BO manage the settings and choose what risks he wants to accept. We recommend using higher (less risky) settings when under attack, such as CAPTCHAs. But all boards should have a thread creation limit.

Maybe someone can type up a guide to the settings better than:
http://endchan.xyz/.static/moderation.html



(62.38 KB 1280x720 new-features.jpeg)
odilitime Board owner 01/09/2017 (Mon) 09:40:38 [Preview] No. 5530 [Reply]
Cleaned up the UI on IDs:
- You now see the count of posts per ID.
- You can now click to highlight all the posts of that ID (click again on ID to turn if off, You can also highlight multiple IDs)
- If you hover on the ID and they have more than one post, you'll see "prev" and "next" links that let you scroll to the previous or next post by that ID

Thanks to StephenLynx for the initial proof-of-concept.
9 posts and 2 images omitted.


odilitime Board owner 01/15/2017 (Sun) 23:09:10 [Preview] No. 5592 del
>>5575
ok try now


Anonymous 01/16/2017 (Mon) 01:06:45 [Preview] No. 5594 del
>>5592
No, now the "ban" button doesn't do anything.


odilitime Board owner 01/16/2017 (Mon) 07:17:06 [Preview] No. 5595 del
>>5594
looks like another JS error. I've compared the various reference frontends and made a fix, which was to remove this now broken check. Try now


Anonymous 01/16/2017 (Mon) 15:01:25 [Preview] No. 5596 del
>>5595
Back to square one, every ban is 5 years


odilitime Board owner 01/16/2017 (Mon) 18:43:13 [Preview] No. 5597 del
>>5596
It works for me, i put "1y" for 1 year in the duration field and it banned me for only 1 year. I did have JS on, let me know if you're trying with JS off or a meme browser.

Let me know any questions you may have?



(80.08 KB 615x619 new.png)
odilitime Board owner 01/12/2017 (Thu) 09:54:02 [Preview] No. 5559 [Reply]
Just implemented a request from /AM/, there is now an expand/collapse all images link in the upper right of the thread page.

Let me know if there are any problems.
16 posts and 4 images omitted.


Anonymous 01/14/2017 (Sat) 14:47:34 [Preview] No. 5583 del
I have got a problem with feature "Expand/Collapse All".
the problem when collapse all images when there is the small picture in the thread.

> TypeError: link.getElementsByClassName(...)[0] is undefined
> expandAll.js:38:7: link.getElementsByClassName('imgExpanded')[0].style.display = 'none';

for example: >>>/librejp/27722


odilitime Board owner 01/14/2017 (Sat) 16:56:09 [Preview] No. 5584 del
>>5583
ok fixed.


Anonymous 01/14/2017 (Sat) 19:27:47 [Preview] No. 5586 del
>>5584
thanks.
but
>> if (elem.slength) {
dot position is wrong.


odilitime Board owner 01/15/2017 (Sun) 19:41:56 [Preview] No. 5589 del
>>5586
Argh, fixed.


Anonymous 01/16/2017 (Mon) 00:10:25 [Preview] No. 5593 del
I missed this feature when 8ch went to shit, thanks



(165.23 KB 900x600 mad shrek.jpg)
Anonymous 01/15/2017 (Sun) 18:48:34 [Preview] No. 5588 [Reply]
hey odil
can you and lynx fix the ban system
bans are mistakely given 5 years


Anonymous 01/15/2017 (Sun) 20:32:36 [Preview] No. 5590 del
(40.21 KB 479x530 shrek.jpg)
>replying to the other thread and not this one
silly Odill being silly


odilitime Board owner 01/15/2017 (Sun) 23:07:11 [Preview] No. 5591 del
>>5590
So many, I had to pick one. I'll reply with the fix here, that work?

Balrog just decrypted StephenLynx autism documentation and updated our theme so that the ban system should now be fixed.



Anonymous 01/14/2017 (Sat) 01:32:43 [Preview] No. 5574 [Reply]
Please make ban length variable. Users on /pol/ are reporting that it is fixed to 5 years and the mod claims that it is unchangeable.

If you don't want end/pol/ to get the same reputation as 8/pol/ for retarded bans, this needs to be fixed ASAP.


odilitime Board owner 01/14/2017 (Sat) 16:57:17 [Preview] No. 5585 del
>>5574
we're working on it. It is a high priority. Something broken between 1.6 and 1.7 and figuring it out hasn't been easy.



End.chan Domain Anonymous 01/14/2017 (Sat) 05:39:46 [Preview] No. 5576 [Reply]
Why did you get rid of the opennic end.chan domain?


Anonymous 01/14/2017 (Sat) 07:44:36 [Preview] No. 5579 del
different anon here
Check the emails odil


odilitime Board owner 01/14/2017 (Sat) 09:54:25 [Preview] No. 5581 del
>>5576
Oh look at that, we forgot to update the IP. It should be back soonish.
>>5579
ok



(238.57 KB 960x1280 image.jpg)
If I wrote 8chan migration for InfinityNow Anonymous 01/11/2017 (Wed) 02:10:40 [Preview] No. 5549 [Reply]
To OdiliTime and SnakeDude:

Would you be open to the idea of allowing endchan board owners to rip and migrate 8chan threads and their replies to their endchan board?

The purpose of this would be to allow less active 8chan board communities that don't want to start fresh to migrate here as seamlessly as possible.

It's an ambitious project that I'd like to try writing for your website, but I don't want to spend weeks on this only to be told that you have zero interest in allowing something like this to be implemented on your website in the first place, even if the code meets your performance and security expectations and very cleanly migrates data to the MongoDB. I need to know if you'd be open to this if I ever manage to get it at a finished, thoroughly tested state.

I'm leaving the technical details out for now in this OP to be keep this post short and to the point.
3 posts omitted.


Anonymous 01/11/2017 (Wed) 05:30:08 [Preview] No. 5553 del
>>5552

how does the exported data look like?

would it make sense to write script that manually migrates post by simple http(s) requests to endchan's board one by one?


Anonymous 01/11/2017 (Wed) 05:32:32 [Preview] No. 5554 del
just my 2c, but i doubt they would want to make this an official feature of endchan and place it on account.js moderator page for everyone to use due to feature bloat and liability reasons. Frankly your code would be for a very special case and they seem to be keen on keeping the codebase as lean as possible.

on the other hand, i do think it would be very nice of them if they were to allow this as an "unofficial" option where 8chan board owners can privately request the endchan staff to migrate their 8chan board's threads to the corresponding endchan board by sending them the ripped data (name, date, post #, files, etc.)

so i do think it would be a neat option, and you should still write your board ripping program that rips and formats the relevant data from the static html mod pages and then write the migration script so that data can be migrated to infinitynow/lynxchan. but don't expect this kind of thing to ever become an official feature, it just seems to me a very special case that would have to be something endchan staff does manually, if they're even willing. also, i don't know how much 8chan's codebase is changing, but it could potentially be a nightmare to maintain this ripper+migrator since 8chan is not open source and you don't always know what changes behind the scenes.


odilitime Board owner 01/11/2017 (Wed) 15:39:02 [Preview] No. 5555 del
>>5549
Well look at these, probably could be converted to using the 4chan JSON API instead of using mysql to read infinity
https://gitgud.io/stephenlynx/VichanMigration/
https://github.com/SpaceDustTeapot/infinity2lynx

Definitely some ethical issues with steal content.

Then the question of does this really solve what you're trying to do. And I would say no. If you don't have a big enough user base or the will to set up shop new, you're not likely just to move cause of the content has been copied.

but I'm open to the idea and discussion about it.

>>5554
Yea, I think it would have to be a supervised process like claims. You'd send a request, we'd process it and then that's that.

I maintain 8archive, the 4chan API is superstable, it's not a big deal to maintain at all.


Balrog Board volunteer 01/11/2017 (Wed) 21:07:59 [Preview] No. 5557 del
For the record, in the earliest phase when the goal was to onboard the non-shit people from 8chan as quickly and smoothly as possible before Next dropped and scattered everyone, I had considered some kind of scraping setup to help content-dump-centric boards (e.g. /pdf/) get back up to speed. That sort of fell by the wayside when the plan to give 8chan BOs first dibs on their boards on endchan (again, to try and skip the period of anarchy post-Next) was met with a resounding "fuck you" and the exodus died.

While I would normally be at least a bit concerned about the ethics of scraping boards wholesale, in my opinion 8chan has decayed to the point where the staff is beyond any consideration of ethics or mercy. Fuck Watkins and everything he touches, any questions of ethics lie with the community of the board to be scraped.

The real issue with scraping (and transferring 8chan boards to endchan intact as a prerequisite) would be global staff picking winners and losers and giving 8chan communities a head start. Again, I tried that (the only boards that actually got to take advantage were /tg/ and /monster/, since I went to them first to provide a low-cancer vanguard; they've still kept endchan as their primary bunker) and the immediate reaction over here was "fuck 8gaggers, let them come here on their own and rise or fall on their own merits." So it would really be up to the community here to decide if it's worth it. If it's decided to be a good idea it would be like the early plan.
>8chan board owner verifies with a capcode post that they do own /foo/
>we run migration script on 8chan's /foo/ pointing to endchan's /foo/
>8chan board owner has ownership of endchan /foo/ transferred to their endchan moderator account


odilitime 01/12/2017 (Thu) 10:27:29 [Preview] No. 5560 del
>>5557
After some thought, if the community created the content, it's likely their content. Unless 8chan has some really shitty legal rules.



Capcodes for BOs? Anonymous 01/11/2017 (Wed) 20:21:44 [Preview] No. 5556 [Reply]
1) Can BOs use capcodes?
2) How is this done, moderation manual doesn't mention it


Anonymous 01/13/2017 (Fri) 07:31:56 [Preview] No. 5572 del
>>5558
thanks.