/tech/ - Technology★

>no sign up process. anyone can comment.

From a technical point of view I must bring this issue up: what about spam?

>>1048491

Maybe there's an offline, non-tracking simple "recatcha" service that he could/should add to it?

https://github.com/yasirmturk/simple-php-captcha ? I think that's offline.

>>1048491

yes, thats the hardest part about wanting an open platform.

there was multiple things i thought about. first was having users. but that makes things less accessible. then it was thinking of getting third party services for security but then i will be giving other companies access to things.

the best system i think that will work with having an open platform is using captchas. so right now, i am using a mixture of recaptcha and a regular captcha system.

i think shitposting/spam is inevitable in an open medium like the internet. for me even if people shit post, i don't mind it if it makes me laugh or think. thats what i like about the internet. i dislike the robotic internet marketing spam. for right now i think the captcha system should be good. honestly being a fairly new coder, i wanted to create something and improve it as i go along. so if the captcha system does not work then i will change it to a different system and fix the issue if it becomes a problem.

if people start using this extension, then i think the issues/solutions will show itself and things can be changed accordingly.

can you make something useful like an option to randomize file names when uploading to 8cucks (and anywhere) so the nsa can't fingerprint me that way?

>https://raw.githubusercontent.com/zedsa/Lairs/master/background.js

Provide real source code

>>1048502

he can't, he'd have to admit that it's all botnet

>>1048502

>>1048503

i'm using vuejs. the code gets bundled with webpack.

here is the github repo.

https://github.com/zedsa/LairsExtension

that is where everything gets bundled from.

>>1048495

Thoughts on the captcha I linked?

>>1048507

sorry i am checking it now. i will get back.

>https://github.com/zedsa/LairsExtension/commit/f5b3199d9cda3acd06655b4df66c301e70ffa71b#diff-182223fdfe0b7f20c1063acde21d8780

Was that your C&C IP?

>>1048511

yeah i will make a new repo and only put in the environment variables.

>>1048512

Since you're a faggot, the URL was http://157.230.165.115:8080.

>>1048511

ok i gogoled C&C IP hahah no its not a botnet. it was my backend server for my database.

>>1048514

i been coding for only 6 months i couldnt hack or fake hack even if i wanted to. that ip was my backend server. now i have to get a new one since its exposed.

>>1048515

i hope you're not running unfirewalled mongodb with default settings and sensitive data, considering what a bunch of gerfag students discovered.

https://blog.fefe.de/?ts=aa248fde

https://blog.shodan.io/its-the-data-stupid/

A shitton of them were asked for ransom money.

https://twitter.com/Viss/status/819230131017289728

But devs or nsa just sent out a bunch of shills telling everyone that this was fine so i guess it's still the default settings.

>>1048522

s/shitton of them/shitton of database admins/

Where are comments stored?

>>1048522

i hate to say it. but it is default settings. man im glad i posted here. learned some stuff. well looks like the next journey is hardening the database.

>>1048525

i am storing the comments on my backend server which is using a nosql database. step 1 was get it working. now i'm gonna look up different ways i can make it better. a lot of posters are talking about p2p/distributed databases. so i'll check that.

>>1048527

if mongodb seriously still accepts connections from *.*.*.* and no login by default then you should consider not using it :-/

This is a fucking AWESOME idea. Comment sections are the most censored communication on the web. Offloading that to an independent data source is a great idea. The only problem I see is that installation of a browser extension is somewhat invasive. It might be nice to increase the platform surface area by also making it available as a user script via Tampermonkey, Greasemonkey, etc. And also create a standard JavaScript library so that it can be used as a replacement for Disqus.

>>1048530

this is my fun project, so most likely i will be upgrading things and changing things around. this is my second project ever. i'm still new. but the more i learn the more i will tuning it. right now i think the best thing to do is secure everything i can and just plain learn about security best practices. and then look at options for database. still feels good though. some months ago i knew no code. just gotta keep at it now.

>>1048542

i thought about his before. even though i like this concept of browser extension, the act of installing extensions itself might be an issue. so i also plan to make a regular site that can also have all of the comments along with the original link. that way you do not have to install any extensions.

i also wanna experiment with dat protocol and ipfs. i saw a presentation for dat protocol was nice, it doesn't seem too hard.

as far as a js library, that would be awesome. never even thought of something like that. a drop-in replacement for a lot of the comment boards. even though thats beyond what i can do, i will still look this up and see if others have done this. sounds interesting.

Relying on an addon page such as Mozilla's isn't, well, reliable.

A script might be superior as its more universal to browsers etc. https://greasyfork.org/en

>>1048553

Mozilla website would be superior because addons there are signed.

You can sign your greasemonkey scripts too but nobody has your key hardcoded in his browser.

But Mozilla makes signing mandatory so this creates vendor lock-in.

Firefox is shit now.

>>1048553

>>1048557

Depends, I'm using an outdated 56.0 x86 version that still keeps all the legacy plugins intact and I'm having less problems than with a fully updated browser with half the plugins missing because they wouldn't play ball with Pozilla's unreasonable demands.

>>1048490 (OP)

>>1048495

What if you also/rather have to type in a topic you want to discuss? Like, just a word or three words tops, so that there can be multiple discussions going on at the same time and spammers need to guess the next topic?

>>1048551

>as far as a js library, that would be awesome. never even thought of something like that. a drop-in replacement for a lot of the comment boards. even though thats beyond what i can do, i will still look this up and see if others have done this. sounds interesting.

Yeah I'm just thinking, many interfaces to the single data source.>>1048551

>so i also plan to make a regular site that can also have all of the comments along with the original link. that way you do not have to install any extensions.

That kind of already exists (sites like this, esp. the news boards).

>>1048560

I've heard that the firefox and also tor got pozzed by ~60.2 something, and tor since 8.0. I wonder if this is true, specially the tor part. If you are in android you can still use Orfox (technically unpozzed tor) + Orbot.

I've had this idea for a while myself, some suggestions:

- Make it clear that a certain URL has comments, now you have to click on the button to see/post comments.

- Create a better UI, it looks god awful now :^)

- Force users to publish the comments under the CC0 1.0 Universal license[1], because fuck copyright

- Use as much existing back- and front-end as possible

- Federation, decentralization, etc.

[1]: https://creativecommons.org/publicdomain/zero/1.0/

if it's anonymous, can someone post CP links as comments?

can this app become pedo sharing community?

>>1048494

how do you want to use that as offline captcha? anyone can edit code and bypass captcha

>>1048566

>I've heard that the firefox and also tor got pozzed by ~60.2 something, and tor since 8.0. I wonder if this is true, specially the tor part.

Yes to both

but how to share CP without Tor?

Why not just use 8chan as the backend?

Create a series of boards with a separate manifest for URLs, then use the 8chan posting code for the goldwater.

>>1048624

1) No

2) Kill yourself

it will not let me comment on any thing

>>1048490 (OP)

You are copying Gab's Dissenter. I like it. Still need a lot of work though.

The problem is that all comments are stored on your database. If I use it you will be able to see every site I go to. I don't trust you with that information.

Instead it should be federated. You should write an open source server (I would recommend making a Docker container that just werks) that anyone who wants to can run. The comments must be stored on different instances so that no one DB operator can see someone's entire comment history.

Also, stop typing like a retard. If this is the best English you can write, I don't want to imagine the quality of your code.

>>1048668

Seems like a good use case for blockchain storage.

>>1048661

misogynerds are banned from voicing their toxic opinions!

Didn't Gab make something like this already?

>>1048752

Yeah they did But this is sort of an example of what they should have done

>>1048787

Oh I guess someone could push non-encrypted data into your database. If it doesn't looks like it's encrypted, you can discard it. You can check its entropy, if it's unusually low then it's probably not encrypted. Send back to the client a NAK; a good client will try to pad the data in a different way to get different hash, an unruly client will just keep getting NAKs.

>>1048793

why do some people always post this meme on imageboards? you have to actually search for it to find it. you wont accidentally find cp on some random site like people here say. not even on tor

>>1048818

fbi has a license to distribute CP.

disagree with zog, your site goes to bog.

when I was 15 I used a generic php imageboard script on a free web server, didn't tell anyone yet pedo content was posted from 3 different ips.

>>1048824

Hey that could be a rap song

>>1048490 (OP)

Hey bobo i left a comment on your git page

>>1048818

That's what I said. You'll have to really search to find it, but it'll be there.

It's like this russian prison meme: there are two chairs, one with erect dicks, the other with sharp shivs, choose one for yourself and one for your mom. You could receive your content pre-encrypted but then there's nothing you could do to moderate it, or you can receive your content as plaintext but then your database is right there for glowniggers' taking and nothing is anonymous about it.

>>1048829

>It's like this russian prison meme: there are two chairs, one with erect dicks, the other with sharp shivs, choose one for yourself and one for your mom.

Let me guess, whichever one you choose you get beaten for disrespecting your mom.

>there's nothing you could do to moderate it

There could be a separate reporting interface, people could say "yo xyz.com has CP in comments" which would allow the DB admin to decrypt posts that come from xyz, confirm that it's CP and delete. Of course this shows the self-defeating nature of >>1048787 's suggestion: There's nothing stopping the admin from simply guessing the URL. For example, he could guess "8ch" because he shilled there, or he could guess most popular sites like Jewtube which would be the bulk of the comments anyway.

>>1048843

Good luck guessing exact URL. In addition to huge amount of pages on every particular website, users would not be restricted to using real URLs and can just post under fake URLs - the chat room would work just the same, over a page showing 404 error. I've made a somewhat similar system for /v/fullderp, except that one was chatroom-centered and didn't had security features to speak of.

>>1048843

>>1048846

Also, the idea of storing pre-encrypted messages is not only for users and admins security, but also to avoid having to actually moderate what amounts to an entire fucking internet.

>>1048843

>whichever one you choose you get beaten for disrespecting your mom

Yeah you're supposed to take the third option. It's one of those trick riddles where you need to apply common sense rather than adhere to the rules. Like the one where they give you a broom, tell you it's a guitar and ask to play a song on it, or direct you to the painting of a tiger on the wall and tell you to make it cry.

If you want to make a system with reports, moderation, upvotes, and all that shit - dab already did it better. I gave some pointers about making a system with built-in security, if you not gonna pursue that then I might. I suggest you do it because if I'll do it, no fucks will be given.

>>1048846

>youtube.com

>find 1000000 most popular videos

>dictionary attack

This is even assuming comments are stored by full URL, not domain. For unpopular sites, you would go through page after page without seeing a comment. As a practical solution users would start leaving their comments on the front page where they're more likely to be seen. Which are even easier to guess.

>fake URLs

So you made a private discussion board, great. You could also just make an unlisted board here or host an invite-only forum, among countless other ways.

OPs and gab's extension are meant for a decentralized public comment section for any page. But if all comments are stored on the same server it's even more centralized: In early stages it at least accomplishes moving comments out of the website admin's control. But if you start using it regularly, now you've gone from your entire comment history on each site being visible to that site's admin, to your entire comment history on all sites being visible to one admin.

I get that encryption at least makes it a bit more tedious to violate your privacy. However the whole concept of encryption relies on using secret information as the key. Public URLs are not a secret and not hard for the adversary to discover.

>>1048847

>avoid having to actually moderate

That's a bit naive. History shows that as soon as criminal content appears, you will be held responsible for it anyway. You'll get arrested, sued, raided and FBI won't believe you when you say you don't know the key. Especially if the key is something public like a URL, shared by several people.

The problem is not moderation but concentrating moderation authority. Classical comment sections gave this power to the same guy who makes content being commented on. Rep systems gave power to the majority. 8ch IMO has a promising solution by giving the power to whoever created the board. If you don't like moderation you can always move to another board, or make your own. Problem is that you will have much less content. The solution would be allowing overboard which 8ch devs are too incompetent to set up.

With website comments, my solution would be to let anyone run a server, and let the user decide which server they want to push comments to and which server's comments they'd like to see. So for example you would go to xyz.com/abc and by default see 3 comments from your preferred server based.com, and something like "72 more on cucked.com, 32 more on poz.com, 53 more on others" which you can click to show the other comments as well. No upvotes needed, server operator gets to delete content he's not comfortable storing, but if you disagree with it you can just find another server that won't delete it (or host your own).

>>1048854

>Yeah you're supposed to take the third option.

There's no third option besides physically attacking the guy asking. His main goal is that he gets to beat someone. He is only asking the question for additional amusement. He is not going to deny himself that just because you figured out a clever response. If he was honorable or an intellectual he wouldn't be in prison asking riddles about cock chairs.

>If you want to make a system with reports, moderation, upvotes,

I guess you got confused when I said report and thought I meant some kind of rep system. All it takes is someone going to xyz.com/abc, seeing CP in comments, then emailing the db admin with the URL. Now the admin knows the key. Is your plan to just hope nobody will expect the admin to do anything about criminal content hosted on his network?

>>1048858

>The solution would be allowing overboard which 8ch devs are too incompetent to set up.

Also somebody will probably mention the nerve center. I am aware of that and don't consider it practical or a good implementation.

>>1048490 (OP)

Any updates?

>>1048858

>8ch IMO has a promising solution by giving the power to whoever created the board. If you don't like moderation you can always move to another board, or make your own.

"Make your own" is a complete non-starter in most cases, and misses the point of most criticism.

So this still relies on a central server? How about making it P2P like torrents/IPFS?

>>1051502

How so?

>>1051536

Ah, but how will he datamine you if you don't just hand him all your data?

>>1051575

He can still datamine because P2P means IPs are revealed unless behind Tor.

>>1051583

They're making their own browser and they'll hopefully make a less retarded way to install the extension. Maybe (((Brave))) will add Dissenter by default.

Nice extension OP. Is a Pale Moon port planned?

>>1051583

Christ it's getting bad, as much as I hate to be the retard that references Star Wars it's like in A New Hope when Leia mentions to Tarkin that the more he tightens his fist the more that will slip between them.

>>1051583

>apps should not contain content that threatens or harrasses others

lmao so chat software is illegal now if it doesn't get filtered?

>>1051583

>>1051656

>>1051657

Clearly it's a bullshit excuse, but what ticked them off? Was Gab dumb enough to say "harrassment is a-okay kids!" in their ToS? Or are we literally at the point where simply being associated with kosher alt right like Gab is enough to auto-ban any program you make, no matter how innocuous?

God it feels so good right now to not be using these (((stores))).

>>1051624

If the peer sends his comment to you, sure. If he sends to one of the 999 other peers, it's up to that peer whether he will log the IP and whether he will tell you the log. Which is all irrelevant because OP is a dumb pajeet who wants everyone to voluntarily submit their data so he can be zuck 2.0.

ok everyone.

i am have been updating a lot of things.

first i stopped using google recaptcha, too much bs to deal with when it comes to recaptcha. i am using another captcha system.

i did not make this project for sick disgusting things like beastiality or cp. thoughts of things like that make me wanna vomit. for that reason, i have applied a "patrol" system. if people see anything that is illegal or disgusting they can just press a button and leave a description of why its bad content, or a code like [IC] <- for "illegal content". i think disgusting immoral things are hated by most decent people, and things that are genuinely disgusting such as anything to do with children or animals will get reported by a lot of people.

there is some things on my checklist that i want to finish. first, i am creating a regular site version of this extension. i am creating a sign-in/username system. its a system where the server gives you a password and you have to save it. yes is harder to remember the password, but it makes things much more anonymous. i made this username system because if people get active they can have @mention features that leads them to their own profile. but since its just a randomized word with a password the server makes for you it makes things much for anonymous and randomized. and honestly makes the process easier on my end lol. the only thing is that you HAVE to save the password because its shown only once after you sign up.

now blockchain/decentralizing. yes, it is something i am interested in. but simply speaking, that is in the future. i am not finished with this project yet. its like thinking about and working on step 14 when i am not even on step 7. i am a guy not a team. again i am interested in it, and i am researching multiple things. once i find a good path i will go that route. maybe even experiment and create my own blockchain for this. i was making a blockchain/crypto toy project but i left it to create my current extension/site.

so Lairs extension is an extension that anyone can use. Lairs.site is the site version of it. the main difference is that the site has more information. you can view all urls and see the comments. while the extension i wanna keep it simple so you see the current url and their comments. with the chrome version, you get a button on top of the webpage. once you click it you see how many comments the current url has. the ONLY way the app/extension gets access to your current url is if you press the Lairs button on top of the webpage, or you click the extension icon on the top right. other than that the extension does not know anything. so if you are ok with sharing the url to see if there are any comments or how many people viewed the url, then click the Lairs button on top or the extension icon on the top right. some websites has a top menu that is permanently fixed on the top so the lairs button can be hidden on these sites. that is when you have to click he extension icon on the top right.

google is reviewing my extension, so after it is approved then all these updates will be available. unfortunately i am having some frustrating issues with firefox. the button on top feature for some reason is not working with firefox, of course i am actively trying to solve that issue.

i am also thinking/working on some other small fun tools that i might implement to make this more fun.

after i finish these main things i will try to truly finish it by porting it to other browsers. right now it works ok chrome, firefox, opera. i am sure it will work with brave since its chromium based.

i am gonna go back to working on the checklist. i'll come back and answer more things when i have time.

>>1051677

>i am have been updating a lot of things.

When will you update your English, Mohinder?

>i did not make this project for sick disgusting things like beastiality or cp.

kek literally where do you think you are

>i am creating a sign-in/username system.

lmao unironically kill yourself

>since its just a randomized word with a password the server makes for you it makes things much for anonymous and randomized.

Just say "my shitty tutorial didn't show making password forms", we all know that's what you meant.

>its like thinking about and working on step 14 when i am not even on step 7.

No retard deciding on architecture is step 1, even step 0.

>i am sure it will work with brave since its chromium based.

what is testing lol

Verdict:

Puny, weak. A pathetic offering! The only good thing about your thread is that it serves as an example of what not to do.

>>1051677

>sign-in/username system

>makes things much more anonymous

Lel. Sounds retarded but ok.

>blockchain/decentralizing. yes, it is something i am interested

If you go for the blockchain/distributed route it'll be difficult to moderate stuff so you'll have to let users add other users and posts to a blocklist manually. But, it will mean that you don't have to host almost anything yourself so you won't be liable for anything and it'll be cheaper for you personally. It's a better choice imho otherwise your addon isn't in any way different than Dissenter.

>>1048743

>Seems like a good use case for blockchain storage.

Agreed. Using a fully decentralized p2p encrypted database to store comments (preferably under tor network) is the only way I see this having any reason to exist, without trust issues or risking eventually just becoming another Disqus where wrongthink will be silenced. If it'll just use a centralized database running from an old Pentium III sitting in the hen house of some pajeet's backyard, I see no reason to install it instead of using Disqus or just not bother commenting.

Yes it would be fully unmoderated and we would have to deal with spammers, street shitters and pedos, so what? Anyone who has a problem with that doesn't belong here and should go back to >>/4um/

>>1051685

>>i did not make this project for sick disgusting things like beastiality or cp.

>kek literally where do you think you are

CP isn't welcome here; that's literally fake news smear info.

>>1051809

>Yes it would be fully unmoderated and we would have to deal with spammers, street shitters and pedos, so what?

Blockchain storage isn't free; if it becomes the user's responsibility to pay for it, that would regulate the spam. But it would also severely restrict adoption. If the developer pays for the storage instead, he would have to regulate spam, and possibly make decisions as to what type of content is allowed.

>>1048490 (OP)

Can you provide a non-minified version of the source code?

>>1048505

>https://github.com/zedsa/LairsExtension

You said this was the real source, but this repository was deleted.

Also, I don't think you need to load 5 JavaScript libraries for such a simple feature, plus 10k+ lines of CSS.

>>1051847

Yeah on blockchain it would probably need a cryptocurrency token to make the distributed storage reliable, I see that as a necessary evil in this case.

With centralized moderated storage it's nothing more than a Disqus that can be used on any page and subject to every kind of foul play it entails.

>>1051843

I don't have any interest in those things either, I rarely even look at porn. But coming here and moralfagging about that shit is pretty rich. Somebody probably uploaded some shit just to fuck with him, and he took the bait hook line and sinker. He is so out of touch it's ridiculous. Why would such a retarded person talk about this project here? Sounds like perfect for some plebbit sub.

>>1051863

Agreed. OP's idea isn't all bad but he writes like a massive normalfag who just parachuted straight outta Reddit. And from the looks of it, I don't know why he didn't stay there and shared this idea there.

I have created https://lairs.site/

It is a site which holds all of the comments from the lairs extension. there is a board feature where people can create boards just like here.

btw some folks here are complaining that i created a username/password system. it is optional, i created so if people like this then they can follow each other if they like what others have to say. again it is optional.

i plan to share this project anywhere and everywhere i can. i already posted this on 4chan and here. the site right now has a lot of test posts i made.

i will be improving the extension now. i am also working on 2 other small tools that is kind of related.

the extension looks a lot better compared to how it was at first. now i plan to implement things from the site lairs.site into the extension.

another thing, i have not finished the styling of the site. so i will improve the way the site looks as i go along.

>still no source code

Hard pass.

>>1048858

>The problem is not moderation but concentrating moderation authority

I totally agree, only a federated solution is worth pursuing. I've also been thinking along the lines you've described. The simplest solution I've come up with is is piggybacking off of Mastodon or Pleroma. Someone would set up their own server (or use an existing one) and post with their account but include the sha1 of the url of the webpage in a hashtag. The instance owner could offer a public shared account (no password changes) that anyone can use if they wish be be anonymous. The browser addon would allow you to add or remove Mastodon/Pleroma instances of your choice. All the addon would do is search your instances for a hashtag of the current website's url sha1 you're on and return the results. This also somewhat obfuscates what webpages a user is commenting on when viewed from Mastodon/Pleroma.

>>1051863

>>1052108

I don't have much hope for him but at least we can discuss real alternatives to the centralized services already pitched by Gab and BitChute.

And before someone mentions blockchains again, no they are not practical for a public comment system unless you expect users to download hundreds of gigabytes of spam.

>>1059667

I wonder if mozilla and google would ban that addon like they did with dissenter. The addon creator isn't hosting anything himself it's outsourcing to third parties. You could even add twitter support for good measure.

>>1048498

this

>>1048490 (OP)

if you really want me to use your app it should pay me to use it like Facebook vpn app did.

Any updates on Lairs, OP?

>>1061272

i bet that they inspected every packet very carefully if they thought that its worth paying the users

So if a white guy wanted to do this, instead of OP, what would be some considerations? Aside from basic shit like not leaving the db open this time :^)

>>1048490 (OP)

>made this browser extension for anyone and everyone (but not everyone)

You can do this with bitmessage right now, all you need to do is make an extension that will auto connect/create a chan with the url you entered.

>>1048490 (OP)

Thank god for this.

I had thought about this and posted a thread beforehand.

Glad to know somebody did it.

>>1048490 (OP)

How can one man fail this much?

>>1063857

i just finished another project of mine which i will link to when i get more time. Lairs was not getting enough users so i kind of stopped paying attention for a little while. but recently few people started to use it so now it has my attention again. i like the project because i think the discussion board system goes really well with the comment and link sharing feature. makes conversation very nice and fun. i will go and see what things i can add. i made a board for feedback. https://lairs.site/boards/site if there is any feature you want or any feedback you have then post it there. of course anyone can make more discussion boards there too.

i made this blockchain/cryptocoin.

there are 3 things you can do. earna nd send coins. make random posts, and share media files.

you can either connect to another network or start your own network. if you connect to another peer then you will become part of that bigger network. or you can start your own network and let other join with you.

https://github.com/zedsa/blokchan