/tech/ - Technology★

I forgot to mention that it doesn't have any javascript

>simple layout

>no JS

>tor users can post

>tor users can post images

>doesn't need "referer" header

>doesn't need cookies

looks pretty good. 8ch and endchan deprecated

>>991379

It does need the referer header and cookies, but only if you're logged in as moderator and using the mod tools. Normal users don't need cookies or referer.

Honestly I don't know why the fuck 8chan even needs the referer to post, it's super easy to implement posting without referer.

>>991380

It's luggage from vichan/tinyboard.

because they use some nignog framework that uses referers to stop CSRF probably

Here's the source code if anyone wants it for osme reason. ~1800 lines of lua.

The image processing code is absolute shit

https://files.catbox.moe/wy7nu1.lua

>>991387

eh, it's fine, I didn't have any problems with it (and it's better than PHP at least). Speed is ok, I used a bot to post as fast as possible (accessing from localhost to eliminate tor latency) and I could manage about 20 posts per second or thereabouts.

The main problem I have is the image processing code. It takes around 5 seconds to process an 8 MiB file (which is the current limit that I've set), because I couldn't find a proper image library which wasn't outdated as fuck (as a result I had to use external imagemagick to make thumbnails).

>>991375 (OP)

Thank you, you're the best of us.

I am going to look for a vulnerability

server's down

>>991397

it's not, fucking retard, works perfectly fine for me on the hidden service

>>991391

You can probably do a XSS attack using the log page if you have a board owner or admin account.

>>991401

it was possible, but I've fixed it now, thanks for pointing it out

regardless, I made a board owner account (board owner of /test/)

username: xss

password: 123456

p. cool. I was able to post these "tor on openbsd" intructions to nano /g/ without any trouble. tor 8ch wouldn't take the post from surf though. Probably need TorBrowser for 8ch, or some extra captcha juggling.

$ pkg_add tor

edit /etc/tor/torrc:

uncomment SOCKSPort (127.0.0.1:9050)

add "ORPort 0" to disable relaying (skip this if you can afford it and want greater discalaimability -- the ability to say "nah I have no idea how those packets came from my machine")

uncomment ExitRelay (0)

pkg_add polipo

edit /etc/polipo/torrc:

uncomment socksParentProxy (localhost:9050) and socksProxyType (socks5)

uncomment one of the memory options

uncomment localDocumentRoot to disable web server

$ rcctl enable tor

$ rcctl start tor

$ rcctl enable polipo

$ rcctl start polipo

want nyx? not necessary but can use to confirm configuration and monitor tor. If you followed above, second line should read "Relaying Disabled, Control Port (password): 9051"

$ pkg_add nyx

edit /etc/tor/torrc:

uncomment ControlPort (9051)

uncomment HashedControlPassword (generate with tor --hash-password)

$ rcctl restart tor

$ nyx

once polipo and tor are running, you'll want to use polipo as an HTTP proxy, so it can then use tor as a SOCKS proxy, so tor can then make a connection through the tor network. On your end, all you need is to set an environment variable for w3m/surf. You probably don't want these set all the time, so better to make a script.

HTTP_PROXY=http://127.0.0.1:8123 w3m http://nanochanxv2lxnqi.onion/

http_proxy=http://127.0.0.1:8123 surf http://nanochanxv2lxnqi.onion/

example script to support just "script_name http://blah.onion" usage:

#! /bin/sh 
http_proxy=http://127.0.0.1:8123 exec surf $1

speaking of code blocks...

-- Turn nanochan-formatting into html.
function post.nano2html(text)
    local text = "\n" .. text .. "\n";
    text = text:gsub("&gt;&gt;(%d+)", "<a class='reference' href='#post%1'>&gt;&gt;%
1</a>");
    text = text:gsub("&gt;&gt;&gt;/([%d%l]-)/", "<a class='reference' href='/nano/%1
'>&gt;&gt;&gt;/%1/</a>");
    text = text:gsub("(https?://)(.-)%s", "<a href='%1%2'>%1%2</a> ");
    text = text:gsub("\n&gt;(.-)\n", "\n<span class='greentext'>&gt;%1</span>\n");
    text = text:gsub("\n&lt;(.-)\n", "\n<span class='pinktext'>&lt;%1</span>\n");
    text = text:gsub("%(%(%((.-)%)%)%)", "<span class='kiketext'>(((%1)))</span>");
    text = text:gsub("==(.-)==", "<span class='redtext'>%1</span>");
    text = text:gsub("%*%*(.-)%*%*", "<span class='spoiler'>%1</span>");
    text = text:gsub("~~(.-)~~", "<s>%1</s>");
    text = text:gsub("__(.-)__", "<u>%1</u>");
    text = text:gsub("&#39;&#39;&#39;(.-)&#39;&#39;&#39;", "<b>%1</b>");
    text = text:gsub("&#39;&#39;(.-)&#39;&#39;", "<i>%1</i>");
    text = text:gsub("\n", "<br />");
    return text;
end

>>991418

I think it's fine. Anything else is going to look about as ugly. If performance is ever a problem, you can just use some PCRE bindings.

it lacks a code block though

>>991417

>how to do it better

make a real parser, i guess.

>>991389

That's worse performance than josh's software friendo

>>991456

I know, it's horrible (but only really noticeable with files above 2mb). I'm working on optimizing that shit, I have a fairly good idea of which functions are taking a long time. The problem is basically that copying 8mb of data around is bad for performance, so I have to minimize that.

how many people are involved in this? what is your goal? is this a honeypot?

He seems legit, only a few would use Luna while making such a good imageboard.

>>991470

>such a good imageboard

everything is good - apart from image processing, which is total shit.

I've located the problem, hopefully image uploading will be much better by tomorrow (and then I can raise the filesize limit to 16 or 32 MiB).

Too many boards? /b/ and /meta/ would be enough. Once you get larger userbase add new boards as needed. Layout looks nice, readable and simple, so good job on that.

Official lua styleguide suggests two spaces as indentation

http://lua-users.org/wiki/LuaStyleGuide

>>991375 (OP)

OP is not a faggot? wtf?

>>991474

at least throw in a /g/ or /tech/ board, since that's who this type of project would attract at first. I wouldn't wanna go someplace where all there is is random shit and a board about dealing with the random shit.

>>991386

<Lua

>not C89

OP here. I'm thinking of using haserl (CGI wrapper) in my script instead of doing all the CGI parsing/conversion manually. What do you think of it? I think that it would help me reduce the amount of code, and also potentially make everything faster because haserl handles the image uploads for me in a "proper" way as opposed to the retarded method that I'm using at the moment.

Any issues with haserl?

https://manpages.ubuntu.com/manpages/xenial/man1/haserl.1.html

>>991489

Rewrite the entire board in perl

>>991493

perl is gay

after I've perfected the lua version, I might try and re-implement nanochan in C for shits and giggles

>>991494

your gay, gayboy

>>991386

>single table with a single column (retrieve announce columns in globals table)

>looping a table with only one record at all times

what the actual fuck

just grab the first row and learn sql triggers for creating posts

>>991497

How am I supposed to store a single value not attached to a table? Is there even a way to do that?

>>991498

r u stupid?

>>991498

yeah its called writing text into file

>>991500

in a fucking sqlite database, nigger

I can't go around creating billions of little text files for all the little variables that I need to store

>>991497

hey I got an idea

what about making the global table just be a name/value table, with the name storing a string such as "Announcement" and value storing the actual announcement itself, that way if I wanted to create more global settings it would be easy

then just SELECT Value FROM GlobalConfig WHERE Name = 'Announcement' etc.

>>991501

first off, that announcement message is on like most of the pages that users are going to be using, realize you're opening the database everytime you retrieve that annoucement value, what a fucking waste of time, store that shit in memory.

Only read during bootup/creating tables with the if not exist stuff & only write when you update that announcement message, skip reading the database if you're updating it, because you already have the announcement message.

>>991503

ideal if you had more than one global value

>>991505

>in memory

you do realize this is a CGI program right, I have to write all data to disk between page accesses.

I have, though, played with the idea of storing the nanochan.db in a memory-backed filesystem, and then have a cronjob copying it to disk every once in a while to account for crashes/power failures/whatever.

I just haven't gotten around to doing it yet because there's a much bigger, macroscopic problem with image uploading which causes the program to spend a few seconds processing the image when it shouldn't take that long.

if you make a big deal about the little announcement message I bet your head's gonna fucking blow off when you see my HTTP request handlers (which I'm in the process of fixing right now)

>>991506

use the environment variables then

>>991508

>environment variables

No. The script gets re-executed from the beginning with every page request (i.e. deleting all environment variables upon restart); that's how the CGI protocol works. I have to store things to disk. There is no better way to do it.

>>991505

>opening the database everytime you retrieve that announcement value

this is SQLite, heathen: https://sqlite.org/np1queryprob.html

Where is the /tech/ you faggot?

>>991474

>Too many boards? /b/ and /meta/ would be enough.

I think what he has now is fine.

I wouldn't want to start a thread about tech only to come back in a few days to find it flooded with /b/ shit. And who knows what the future might bring for anonymous chans on the clearweb. Torchans may get big influxes real quick.

>>991549

not important ;^)

Will you gib sauce?

How do you report a post to mods? Would be a pain if board owners have to watch every thread for glowers trying to slip CP or honeypot links.

>>991575

rtft

>>991386

>>991578

this is needed

Make image board software for TempleOS

>>991578

Use /meta/. Mods are supposed to watch it (although at the moment it's just me).

The report system on 8chan sucks ass; it'd be easier to just make a post in a meta thread telling mods exactly what the problem is. That's why /meta/ exists.

Also, I rolled the database back to what it was yesterday because I made a retarded mistake and deleted something. I will keep more regular backups from now on.

>>991402

>>991401

The xss test account has been removed.

So there's no clearnet access? Pretty cool tbh. When will you have webm support?

>>991779

>no clearnet access

no, there will never be. I'm not interested in getting cucked by dmca and other jewish laws

>webm support

After I finish my optimizations for file uploads, I will fix the mod tools (some are a bit buggy), add an overboard, improve the statistics page and then add webm/mp4/pdf support.

>>991784

... and I will also add a content security policy to prevent the execution of any javascript, or any inclusion of external images/css (muh tracking).

>>991786

based

>>991786

Wow big based

And for clearnet niggers, you can use https://nanochanxv2lxnqi.onion.sh although it is a bit slower than using the normal onion address.

>>991805

Do you plan on having a community come out of this project or are you going towards a nntpchan type imageboard where it eventually goes nowhere from a social perspective ?

I know this depends on the people and it's a somewhat stupid question but it seems you made this for a reason. ( onion only, no javashit, one of the first priorities was XSS immunity )

Aren't tor clearnet proxies to be discouraged ? What's special about onion.sh ?

>>991811

>Do you plan on having a community come out of this project

maybe. I originally made it because I didn't like chodekikey's mismanagement of /pol/ but I will wait until after the midterms before shilling over there.

>What's special about onion.sh?

Nothing special about it, just the first one that actually worked and didn't time out or give some sort of error.

>>991812

The /pol/ situation is kinda sad.The majority from what I've seen don't care about privacy or technology.I've seen some groups have moved to matrix which is an improvement but I don't see how many will actually give this a chance.

>>991418

>https://files.catbox.moe/9drdth.lua

Why not simply host the source code at http://nanochanxv2lxnqi.onion/source.lua or something?

nicely done OP

>>991815

>going to mewch

Don't even attempt with those fags.

They're all mostly goons, the site admin got into site drama with another imageboard by the name of 76 where he purchased it from the previous owner just to shut it down.

Almost every user on that site comes from his inner cobal of barely intelligible collagefags or just straight from reddit.

He's very well known on smaller imageboards for being an ass.

>>991826

how fucking new are you, faggot?

>>991431

shark

>>991814

I think some do, or atleast old users used to. There is/was a few days ago a op-sec thread up with ~400posts, with some good info about tor etc.

>>991852

I went there and it was garbage.

Some nigger faggot was spamming nanochan, so I've implemented a per-board-configurable limit on the number of threads per hour. It's set to 6 at the moment, should be enough for a whole day of spam without me watching - legitimate thread creation doesn't happen that fast anyway.

>>991815

You are anonymous to us, but do you believe you are anonymous to glowindarks? I've been researching onion hosting and it seems to be somewhat of a feat by itself, and running one anonymously (even clearnet anon hosting is difficult) is even harder, and probably no bulletproof solutions exist.

Further, if your identity became known either publicly or to alphabet niggers, could your involvement with the site come back to harm you irl?

Nice, OP. You should think about migrating to fastcgi (it probably means implementing it in openbsd's httpd, though).

>>992095

>fastcgi

if you're going to answer HTTP requests, then just answer them. Don't use someone's silly reinvention of HTTP.

>>992060

Spamming with what ?

>>991389

>>991456

>20 posts per second

lmao it's 2018 you should literally be able to achieve 1000x that

>>992103

>lol subsonic travel in CURRENT_YEAR+3

>haven't you heard that we have supersonic aircraft now?

>why are you using your legs to walk around? where's your plane?

>is that a bike? a 15-speed? so it reaches mach 15?

>I bet your car doesn't even use jet fuel

>I timed that trip to the bathroom. You spent 40s just walking from location to location. LITERALLY ROMANS could do that

>>991478

>OP is not a faggot? wtf?

He is if he runs his /pol/ like a trash /christian/ clone, which I haven't been able to determine.

3chan.io is trash tho.

>>992097

You're not implying that writing an fcgi program is the same as writing an HTTP server (with pipelining, keep-alive and all that shit), right?

>>992126

>replace leg with robo-leg

>robo leg has numerous superficial differences with leg

>robo leg connects to a server embedded in your dick

<are you implying that legs and robo legs are basically the same?

>>992107

I also kinda want my /pol/ less religious and more conspirational type shit. Again it depends on the people.

>>992101

Bots. they were posting randomly generated strings and images.

>>991387

If it works with LuaJIT, then it is the fastest scripting language in existence.

Faster than many compiled languages, like Go and Java.

>>991379

8chan isn't deprecated unless he implemented user boards creation.

And fixes his image processing problem.

>>992201

board creation is veddit-tier tbh

Only used this site because it didn't have shit mods and could post without jewglecaptcha.

But now that it uses cuckflare and the mods have gotten a lot shitter, there really is no reason to keep using this site aside from it's somewhat higher traffic.

>>992202

>board creation is veddit-tier tbh

It's the one single good thing about reddit.

>>992208

>let people make their own board

and splinter the userbase into 10,000 different tiny little shitboards? no thanks

people naturally gravitate to the legacy board names anyway

>>992201

The image processing problem has been fixed. The time for uploading an image is now only around 5% more than the time it takes to simply hash the data and run imagemagick to generate the thumbnails.

I'm sure I could optimize it further and I will do so, though.

>>992193

Unfortunately, I chose to use lua 5.3 for this project because muh new features n'shiiiieet. It's probably not hard to convert to lua 5.1 (which is what luajit can use), though. If speed ever becomes a problem I will keep luajit in mind.

Discovered today that my auto cookie deleter for palemoon no longer works.

Anyone know how to fix or a better alternative? I've disabled all cookies for now.

>>992223

Could use graphicsmagick, it's usually faster than IM.

>>992260

On this ~16mb file (which I can't upload here because my VPN is too slow and 8chan would crap out), generating a 200x200 thumbnail takes 7.9 seconds with GM while taking 8.6 seconds with IM. Similar results with other large images. I'm sold on that one.

but fucking OUCH that 8-second waiting time to upload an image... nice to know it's not my fault though. At least subsequent uploads are way faster because no thumbnail or catalog icon needs to be generated.

Thank you for your work, anon! Your imageboard is definitely superior to 3chan.io.

>>992285

I suggest you sandbox (image|graphics)magick very well, ESPECIALLY if you feed it some pdfs.

>>992285

>Eurocuck dates

No wonder you're so scared of Jewish laws

Did you fix your fucking indentation yet?

LUA

USES

2 SPACE

INDENTS

YOU

MONG

great chan nanochan anon

can't wait for the webm/mp4 support

how about

 enter text here 

>>992232

I would only switch if it becomes popular and you need the speed.

The standard lua interpreter is plenty quick anyways.

They really need to update LuaJIT to support 5.3 though. I know some features of 5.3, like Integer variables, are available in LuaJIT in a different form, but it should try to conform to the standard.

Sadly, I don't think it's under active development.

>>992372

there's a stripped-down fork of LuaJIT under development. It has a CoC though so I don't know more about it.

>>992407

>>992372

At this point in time luaJIT is no longer faster than normal lua or rather normal lua is as fast as the JIT version

>>992161

You got Spammer-kun'd :DDD

>>992490

They didn't do it again today. Must have been some skiddie who couldn't get past the spam protection.

>>992491

So I can literally prevent anyone from posting on all boards? Who's the skiddie?

>>992491

pfff I spoke too soon

Luckily it's easy to delete because there isn't much of it and there is a limit on the number of threads he can create.

>>992494

>this level of butthurt

>>992455

[x] doubt

>>992494

>not knowing what a skiddie is

>even though he is one

>>991375 (OP)

>can you try and hack into it to find security vulnerabilities and shit

I know what country your sever is based in,

your IPv4 address,

what operating system your host is using,

85% chance on knowing what version of that OS that they are using,

your hostname, and some other bla bla stuff

there are no open ports though.

I didn't do a super thorough look. It takes too much time.

>>992722

>your hostname

Tell me the OS and the hostname. I'm pretty sure you're bullshitting, but I need to make sure.

>>991805

What are the chances for a read only json api (preferably vichan-like)?

>>992730

Wouldn't be hard to do, considering the existence of libraries like lua-cjson. However, for the next one or two days I will focus on minor improvements and code cleanup. Then, I will implement webm/mp4 support, and after that comes the features like the JSON API.

I won't make it compatible with vichan but I will make sure to provide all the necessary information for people to write their own clients, if anyone wants to.

Why all image boards have board-global post numbers rather than thread-local?

Surely it would've been much easier---considering the fact that Nanochan doesn't use JavaScript—to remember that you wanted to reply to a post #15, as opposed to #878675.

>>992763

That's a good idea, but what about DUBS!!1!?

>>992795

I guess it'll make them more predictable but eh.

>>992285

>>992323

I wonder if slowing down pdf uploads by converting them to some other less risky format would be acceptable. I don't know what alternatives there even are though. Also, allowing cbz uploads would be nice, but you would have to deal with zip bombs and non-cbz zip files that anons could just rename (so would have to check that the file is only images, directories, and maybe text).

>>992763

How would you crosslink between threads then, retard? Have you never seen someone go

NEW THREAD

>>965329

or even

Previous thread

>>965329

>>992816

By posting a fucking link, idiot.

>>992816

cbt, m8. Better than cbz by miles.

>>992763

Best solution would be to display both numbers and allow the usual links and >>#no for thread local count.

>>992834

I assume cbt uses tar? I've heard complaints about tar not being good for archival purposes, but I've also not seen anyone back that up with examples of tars that no longer work. After all, tar has been in use for a damn long time, so I would think there'd be some proof of that if there was actually a problem. Is there anything there, or just the usual shitposting? I like the idea of tar when compression is not needed or wanted.

>>992837

Or just stick to tradition. It's not broken, and newfags figure it out quickly enough anyway. Why change it?

>onion only site

>ban tor users

i thought it was 8ch admins who had shown us the deepest depths of chan retardation. i was wrong.

>>993168

Tor users were not banned, you fucking retard. There is no ban function in nanochan.

What ackchually happened was I put up a fake ban message, which appeared for his specific version of tor browser, in the hopes that the spammer would fuck off but that's not happening because he's an autistic anarchoskiddie from lainchan. I will add a captcha on /pol/ instead - better than locking the whole thing up.

>>992887

>https://github.com/koreader/koreader/issues/3533

cbt is a lot faster than cbz to extract, even when no compression is used for zip. Pretty useful even on powerful computers for those GB Berserk scans.

>>993174

>I put up a fake ban message, which appeared for his specific version of tor browser

>his specific version of tor browser

Are you retarded?

>>993204

No, I'm not retarded. There were people posting during the time the ban was in place. Different versions of Tor Browser have different user-agent strings.

Either way, I will think up some form of captcha that doesn't require image support - maybe an ASCII art captcha or some shit like that. It's not acceptable for one anarchoskiddie to be able to spam unapprehended.

>>993206

Then they are the retarded ones: they must using either an old Tor Browser, the mobile version or another browser. Pick your poison.

>>993207

User-agent bans don't work, I get it. But as I said, bot spam is absolutely not acceptable and it needs to be stopped somehow, either with an army of global volunteers (impossible because we don't have enough users) or with ascii-art-captcha like I'm planning. Probably both. Fortunately, due to its nature as a service only accessible through Tor, I am able to delete things much faster than the bots can post.

Some fucking skiddie is getting really fucking butthurt. This is exactly what happened to 3chan, except 3chan has worse code and was unable to deal with it without resorting to cancerous methods like (((javascript))) and (((cloudflare))). I suspect (((lainchan))). There should be a raid against (((lainchan))) once we get more users.

>>993208

you keep deleting too much :|

unrelatedly, next level torchan:

want to post?

1. create a tor hidden service

2. post your comments to it

3. give us its .onion link

4. central server periodically polls links for new comments or new threads

5. aggregates them

6. if you spam it can only be via spamming one of your own hidden services, which we'll just cut off

7. admin can see whole-site IDs, but hides them or uses them for thread-local IDs. people too paranoid even for that can just have multiple hidden services

>>993210

>you keep deleting too much

Most of the posts I delete are obvious bot spam.

How is that deleting "too much"?

Also your idea is shit because it's basically just using accounts which is reddit tier bullshit.

>>993218

>>993210

what I'm trying to say is if you do that it's better to just use usernames and passwords instead, which is reddit.

>>993218

where's the OpenBSD thread in /g/?

>just using accounts

You're too focused on the "how do I deal with this spam" perspective. From that perspective, yes, my idea is exactly the same as accounts, because what you do to delete spam is exactly the same as if you were dealing with accounts. From every other perspective, it's nothing like that. It's still an anonymous imageboard. You can't even make cross-site inferences about the onion link because it's a bunch of random letters (presumably nobody would bother to search for definite leading characters, except to call you a fag for looking).

>>993220

>where's the OpenBSD thread in /g/?

It unfortunately got slid off the bottom of the catalog due to bot spam. That was before I implemented the hourly posting limit to reduce the impact of the bot spam. That sort of thing wouldn't happen now.

Regarding the solution to the spam, I've already coded a working prototype for a text-based captcha which isn't too difficult to solve, yet works in text browsers or low-bandwidth connections etc. Once I implement that, I don't think any low-level skiddies will be able to get around it.

>>992726

It's clearly a Unix derivative

>>993305

>a server

>clearly a Unix

watch out nano admin!

I haven't seen investigative prowess like this since I watched an anime adaption of Sherlock Holmes!

>>993307

All in a day's work, good sir

>Tips fedora

An asskey captcha would be truly legendary.

>>993322

Here we go, a captcha that works even in text browsers. The difficulty is set quite low at this point so that people can actually solve it (difficulty is 2 atm, I can solve reliably up to 5 but other people might not because they're not used to it).

I don't know whether it will keep really determined botniggers out, but it will certainly stop the lainchan anarchoskiddie. Success for now.

https://my.mixtape.moe/bdtlfh.png (what it looks like currently on difficulty 2)

>>993357

h7_t5rb ? damn.

>>993360

actually it's "hltsfb". Only lowercase letters.

>>993360

All the letters are fixed width, but the difficulty comes from the random flipping of characters based on the difficulty factor. Once you do a few of them it'll be piss easy.

requesting /i/ or /baphomet/ board, based owner

>>993366

is anyone going to be using it?

>>993370

i surely hope so, there isnt any /i/ board on any chan i know of

>>993375

well, the /i/ on 8chan is extremely inactive, based on that I don't think nano/i/ will be a good idea because it'll just be empty.

if you know of an existing /i/-like community which would like to move over (or which you could convince to move over) then sure, I'll make the board and you can be board owner.

>>993376

last active community like that i witnessed was old /baphomet/.i just wish there could be a place like that again

thanks for offer, but im irresponsible fag and prefer lurking

>>991375 (OP)

This is pretty neat, will you add support for audio files? I've never understood why none of the popular chan engines support them even though they support video.

>>993415

Support for various filetypes such as audio and video is underway. However it's been delayed due to the bot spam.

>>993417

Webm and mp4 uploads have been implemented.

Audio soon to come but I have to do other shit now so that will come tomorrow.

>>993207

>an old Tor Browser

I thought the new one didn't spoof the OS in the user agent anymore with the argument that it was so "trivial" to get it anyway?

>>993691

It was fixed.

It's really quick for tor. I can post a webm there quicker than it usually takes over here heh.

>>992222

It's not even just about creating the boards, although board creation is great for niche interests that don't already have a cuckchan board. It's nice to have different mods on different boards, so that if I get banned for saying something mean about Israel on /pol/, I can still take a giant shit all over /tv/. On imageboards with centralized moderation, you get stalked from board to board if you piss off a mod, and all bans are global, and communities get moderated by people with no interest in the topic. It's a fucking disaster, and even the worst board on 8chan is better moderated.

>>993758

Except on nanochan there are no bans, and there are no post histories, and everyone is perfectly anonymous until they decide not to be. It's a non-issue.

If the site administration is cucked or malicious, it's time to move, not create a new board.

>>993856

>Except on nanochan there are no bans

That ended up working out really poorly for masterchan iirc.

>>992323

>>992816

ghostscript which is used by most PDF readers has a pretty heavy vulnerability

https://www.kb.cert.org/vuls/id/332928

It might be smarter not to generate thumbnails at all for PDFs, if you don't know what you're doing.

>>993856

>Except on nanochan there are no bans, and there are no post histories, and everyone is perfectly anonymous until they decide not to be. It's a non-issue.

How do you handle spambots, shills/influencers and faggots out to simply shit up boards? Seems like a recipe to have every board be /b/.

I'll answer here to http://nanochanxv2lxnqi.onion/nano/meta/430 because owner is a faggot who keeps deleting my posts.

>>434

Take your meds.

>>444

curl and imagemagick is all it takes. The captcha thingy needed some python.

>>445

Think about it. A (image) captcha is hard because it's hard to parse. You're using 26 5x5 known text letters which can't be highly distorted, or people like OP will rightfully complain.

>>994021

>other people are faggots

so which cock is in your mouth right now? Is it the "punch Nazis" cock like the admin thinks, or is it "pointless spam/antispam technical escalation" cock?

have you ever gone outside? There's practically nothing stopping you from pissing over literally everything. Bushes, sidewalks, building sides. Hell you can walk into any public bathroom and piss all over the floor and then leave and you'll mostly be OK. Don't the people running those public bathrooms deserve to have to check the bathroom every 5 minutes to defeat you? Maybe they add pee detectors, and maybe then you could just shit on the floor. What a crazy anarchist you are.

>>991784

How would one go about anonymously hosting a blog? I know basic web dev and would probably just use a static site generator but I don't know the details of serving/deploying that shit in an anonymous manner.

>>994026

The "because I can" cock :^)

>>992228

You should really disable the overboard for now, makes the spammers job incredibly easy.

>>994033

Doubt he will read because he's probably going to be seating on his ass for a while to clean his site up. I'm using the overboard to find threads to shit up but even if he disabled it, it'll be piss easy to find them :^)

>>994029

The easiest way to do it would be to make it an i2p or a tor site. If you wanted a clearnet site, I know that VC runs a VPS that accepts crypto as payment, but I have no idea how you'd get your hands on a domain name anonymously.

Is there any chance of an index getting implemented? Catalog is nice, but I doubt if this imageboard will ever be fast enough to require one, let alone make it the default.

>>994051

domain name? never. advantage of tor: you don't need a domain.

but just about anyone who does have a domain name might be persuaded to point a subdomain at your blog for you. costs them almost nothing. It's more trouble for you though.

you could also not have a domain at all, but have a tiny website on some free hosting that's just a redirect to your IP.

exposing your IP exposes you to other problems though.

Captcha is usually unsolvable.

>>994179

>t. robot

>>994051

if I were to pay for a VPS from https://box.cock.li (which claims to be .onion friendly) from a Tails Monero wallet, would that offer sufficient privacy? I don't actually plan on posting anything illegal, so it doesn't need to necessarily be 100% glow in the dark proof (though that would obviously be preferable) just very controversial political musings that would definitely cost me my job if my boss were to find it or something.

>>994242

sounds like a good plan, domains are hard to get anon but it is possable

>>994051

opennic.org

opennic.chan

Bonus: No botnet users

>>994254

>FurNIC

>Providing resolution to any .fur domain through all of our Tier 2 resolvers.

wtf

well, not quite a thousand years

>>994358

yeah. It was still a good idea, and well-demonstrated, and we have at least an old version of the code. We just need to stay aware of efforts completely indistinguishable from JIDF anonymity suppression efforts.

>>994364

https://files.catbox.moe/uph274

>hai guise can you try to fuck up with my new imageboard

<waaa why do you continue spamming markov chains lain nigger

Can't say I didn't enjoy doing it.

>>994358

>The vol accounts have been deleted as "unnecessary".

This was the cherry on top. Poor umarufag wasted hours deleting posts for nothing.

I'll give it a 7/10. Breddy gud :DDD, wish it had lasted longer.

>>994367

yeah k. keep us updated with how you're forcing the local Taco Bell to clean their restrooms more than they'd like.

>>994369

>captcha taking up majority of the page

who would do that

>>994369

that's still defeatable; just needs some preprocessing to turn it into a drawing of the larger bits of negative space. captchas that aren't mechanical turks are speedbumps, not serious barriers.

>>994364

>>994369

>>994358

think about it for a while. why do people use nanochan? for me it was

>no captcha

>no javashit

>usable in text browsers

>anonymity

1. if you have to add a 4cucks style captcha on every post because some lainnigger spams, that isn't acceptable.

3. if you have to add an image captcha, that makes it very inconvenient to post from text browsers, which is not acceptable either.

there you go, half the reasons why nanochan is good have been crossed out. what is there left.

>>994358

>vols

>multiple vols

so all the users were mods, great shit you had going on there

>advertise imageboard on imageboard

>assumedly, retard begins to spam as ususal, expect retarded people to quit being retarded

>anti-retard technology ruins the purpose of the website and makes it redundant to every other captcha-based weeb forum

at this point, tenbux with anonymity might be a better solution after all

then again, patience may solve the problem again. What's the major flaw with NNTPchan again?

>>994375

Well yes, but then again, you can always also just hire some pajeets to solve captchas for you, $1 for 1000 captchas, which is a lot spam on a small imageboard.

>>994379

>image captcha

>on imageboard

>inconvenient

>think about it for a while

It just needed a novel solution to the spam problem. I am disappointed that the board was closed down so soon, and find it odd that he just gave up, but who knows the real reason. I hope that it's reopened.

>>994405

>Is it really that bad if half the users, or even the majority are volunteers who can delete the spam?

Might as well just make registration mandatory to post, if everyone is a volunteer. No problems with spam then and also saves you from constantly restoring board state because spammers are still free to post. You also get invasion/normalfag protection as a bonus. Only problem is anonymity which you can solve by running a cron job that removes user ID from post after n days so that if server gets compromised users should still theoretically be safe. Sperging too much about security and anonymity is not productive. There is always timing correlation and hardware backdoors to fuck you over. You have to draw the line somewhere and ask yourself is this really what I need?

>>994405

>If a volunteer abuses power to delete non spam it can be brought up in meta and adressed

Then the volunteer just create a new account with a new disposable email and continue to shit things up.

>>994358

let's be real here was there any way nanochan, using its current model of muh anonymity, muh captcha and muh javashit, could have worked without being spammed to death? the same principles which made it good caused it to die.

>>994589

Yes, why not? There is always a solution.

>>994358

Why not move it from tor to i2p? I2p gives you a little 4-character "ID" that could probably be used for bans that are at least as effective as clearnet IP bans. Yes, it could be circumvented by setting your i2p router to give you a new ID every time you start it and then restarting your i2p router, but the time it would take to do that would at least be something of a speedbump. The fact that i2p is slower than tor would present a speedbump as well. Sure, in one sense that would be somewhat less anonymous than tor, ie the mods can keep tabs on what posts were made by the same people. But in the sense that matters i2p's security model keeps you much more anonymous than tor does, ie it's much harder for CIA niggers to de-anonymize you. Hakase, if you're still reading this thread, please consider this option.

>>994600

The reason why IP bans are somewhat effective is that IP addresses are a limited resource. One person may be able to get access to a few hundred /24 IP ranges, and after those are banned, the user can only spam at a very limited rate of a few per hour as he finds more open vpns and proxies. (This requires constant effort as well.)

If someone can get a new I2P identifier after let's say 30 seconds, that would force me or the mod team to check the overboard once every few minutes. Personally I wouldn't want to do that, and I wouldn't ask others to do it for me, either.

With anonymity, trying to deal with the spam at its source is impossible. Therefore the only way of dealing with the problem is to target the spam itself. Clearly this is theoretically possible, but automated spam detection and removal would require some sort of meme neural network/AI fuckery which I don't have the time, inclination or computing resources to implement.

>>994405

>even the majority are volunteers who can delete the spam

At what point does it turn into a voting system? If the majority of users can delete spam, then something most people don't like is likely to be disappeared. This is basically what makes reddit reddit. And since you rely on these users to clean up spam, you can't just deprivilege all of them either.

>>adding javashit (proof of work function)

>nope.

You don't need javashit for PoW though. Everyone browsing presumably has access to a console, so you could have them run a simple script in bash or python instead. Once they generate a key, they could keep using it until they get banned or clear their cookies. You could have the option to use javascript instead, but as long as it isn't necessary I think this is fine.

>>994600

>es, it could be circumvented by setting your i2p router to give you a new ID every time you start it and then restarting your i2p router, but the time it would take to do that would at least be something of a speedbump.

I don't know i2p, do you only have to restart your i2p router because they haven't added another way to do it, or is it somehow computationally difficult?

>>994605

The key idea has merit. If a simple C program were to generate the answer to a proof of work requiring ~3 hours to complete on the average computer, that wouldn't be a horrible barrier to entry, yet would limit spam so severely that it would become a non-issue. Users could be banned based on their proof of work key, if they spam/violate the global rules; and local rules could continue to be enforced through deletion alone.

>>994612

Is nanochan kill or are you gonna try and revive it? I know how to run a hidden service, could you give some info on how to set up nanochan and I could carry the torch on

>>994619

I will try and see whether that proof of work idea is practical. If so, I will start it up again. I thought nobody would want to use nanochan anymore after all its advantages were gone, but apparently that is not the case.

>>994622

why not just let people volunteer to delete spam?

>>994622

i'd much prefer a totally anon ib but if you have to add some js make the source code easily available so there's no possibility of botnet

>>994622

http://textcaptcha.com/

>>994628

This seems like a really good idea, especially if you randomly combine it with stuff like 1337$p3@k filters

>>994612

How do you stop a user from pre-generating a ton of keys so that they can spam the forum at a specific time? How do you stop a user from farming out the computation to google/amazon cloud? (I know you think it might be expensive, but google is throwing free $100 credits left and right at university students to try to grow their platform).

>>994629

>>994628

Making a request to the captcha service would deanonymize me or the users. I think I'm going to trial the proof of work concept first.

>>994623

There was too much spam and not enough users.

>>994630

>How do you stop a user from pre-generating a ton of keys so that they can spam the forum at a specific time

make the proof of work key change every few days or so. Old users would have to regen keys, but you couldn't pregen them.

>How do you stop a user from farming out the computation to google/amazon cloud? (I know you think it might be expensive, but google is throwing free $100 credits left and right at university students to try to grow their platform).

That I don't know. how far does $100 go? Proper PKDFs generally need lots of ram, so take an instance with ram and cpu comparable to a desktop. Even if someone can create a few keys cheaply, this only leads to a few posts that need to be banned.

>>994631

>Making a request to the captcha service would deanonymize me or the users

do it over tor.

>>994633

too slow.

hakase, if you're still alive for whatever reason, email me at my 314chan admin email. I have a proposition for you.

I know my site is written in shit PHP, but PHP is a language I hold near and dear to my heart.

>>994662

>314chan.org

seems to be down, gives a blank page in spanish

>>994665

yeah just email that one. 314 is down right now

>>994670

whaddayamean "that one"

is the one in the whois information for 314chan.org good enough?

oojdjqtvtejr...?

>>994671

just admin@314chan

>>994641

making a captcha over tor isn't too hard, dream market did it

>>994641

it actually isn't too slow

You really need server-side generation of ids and keys. I don't see this ever taking off without it.

>>994697

That is what I'm working on. The user ID is generated on the server, and the user completes a proof of work using a downloaded program, which outputs a key which can be used to post on nanochan. I am still testing the key generator program at the moment - the target key generation time is around 3 hours.

Perhaps very few people will use nanochan afterwards due to the barrier of entry, but at least there would be a theoretically functioning imageboard with little spam. I have no doubt that Spamnigger is still going to at least attempt spamming, though.

>>994699

Nobody will download that program. Make a JS generator.

>>994700

>JS

too slow, cancer

>Nobody will download that program

why not

I haven't read the thread.

Does Nanochan have moderator subscriptions (i. e. no posts are ever deleted but a moderator can mark some posts, and if I subscribe to that moderator then I get the marked posts hidden)?

>>994699

Are you running an alternative server in your house or is this a (((cloud)))-hosted site? If the former, you can install the program on the computer and simply call to it as needed. I have never hosted a site though so that might be a shit option but it sounds good on paper at least.

>>994704

I'm running nanochan on an old laptop with openbsd installed.

>program

Which program are you talking about? If you are talking about the key generator, that must be run on each user's computer, or it would defeat the purpose of proof of work.

>>994703

No, this has not been implemented. Having mod subscriptions would require Javashit to be enabled.

BTW, some text browsers have GUI versions which are approximately the same but can display images. For example, xlinks2.

>>994706

> Having mod subscriptions would require Javashit to be enabled.

wut

>>994706

>Which program are you talking about? If you are talking about the key generator

Yes I am talking about the key generator.

>it would defeat the purpose of proof of work

You'll have to excuse me being a lazy faggot but that's the context I was coming into the thread with but are you using a crypto to generate the PoW or your own implementation? I know cryptos out there that are trying to be able to allow you to mine while on a web site and I know a few not the names which have been successful. You could also attempt to apply this theory to your implementation if that is indeed what you're doing.

I won't bore you with any more asinine theories. I was just spit-balling anyway.

>>994707

Perhaps, but I would like to avoid the idea of captchas entirely. Having it would make nanochan totally redundant.

The proof of work system forces newfags to lurk for a few hours (at the very least), and it forces spammers to use a lot of CPU resources just to make a few spamposts which can easily get deleted. I believe this is a reasonable compromise since we have seen in the past week that having no spam protection is not practical.

>>994708

Why not? Mod subscriptions are unique to each user. Therefore, they require local configuration stored in the browser, which requires javashit to access.

>>994709

It's not mining crypto or benefiting me in any way (when I release the key generator program you will be able to verify this). It is simply performing work for the sake of performing work, such that spamniggers will have to perform many times more work (since their keys get banned and they have to generate new ones) than real users (who only have to generate ONE key).

>>994710

>Therefore, they require local configuration stored in the browser, which requires javashit to access.

...or an account. Yes.

> I believe this is a reasonable compromise since we have seen in the past week that having no spam protection is not practical.

What about adaptive PoW cost?

>>994711

I would like to avoid storing more information than is necessary in the "accounts". Just a way for a person to verify that their computer did some work, which lets them post. That is all I want here, and its sole purpose is to make it easier to deal with spam of all types.

>adaptive PoW cost

The cost of PoW will remain constant to reduce complexity. If in the future (a few years later) computing power increases to the level that the proof of work is easy to break, I will bump the difficulty up a notch and require that people regenerate their keys to match the difficulty. However, this will not happen frequently.

>>994700

I will.

So what's the PoW gonna be? Dogecoin mining?

>>994715

no, it's not mining, it's simply solving a few million whirlpool hashes.

>>994716

So this PoW thing means the spammers and the legit posters will all post at the same speed of 1 PPH?

>>994717

The real users solve ONE proof of work and can continue using it for however long they want.

When spammers solve the proof of work, they get banned quickly, all their posts deleted and they have to generate another one.

The barrier of entry that this system causes is not a concern to me; newfags are supposed to lurk anyway so a few extra hours spent waiting is not a problem.

>>994718

Sounds good

>>994718

So a PoW thing is associated with a given poster until it's renewed. Will you be selling nanochan passes?

Post pow algorithm. I'll make a Rust version.

>>994710

>POW

Sounds like it has the beneficial side effect of weeding out normals (especially casual phoneposters with low computing power), but it might hurt the ib's adoption by /pol/ users even further

If the POW is going to be generated only once, could your implementation be used to identify individual users across multiple posts? Or would it work in a similar fashion to something like the privacy pass?

I'll make the nanochan pass graphics.

>>994723

>If the POW is going to be generated only once, could your implementation be used to identify individual users across multiple posts

Must be, but you could always create more keys. A bit of a boon to anonymity though, since it's basically a more cumbersome email sign up

>>994725

You could share the keys with other people.

>>994720

>cuckchan bullshit

no

>>994723

it could be used to identify individual users across multiple posts, but only the admin (me) can see it. Either way you can generate a new one every few days if you are interested in more anonymity.

>/pol/ users

they are not interested in moving anyway; the majority do not give a shit about the increased prevalence of cuckchan and reddit bullshit all over the board. nothing I can do about that.

>>994726

yes, and that wouldn't be a problem as long as none of them spammed. if one of them spammed they would all get banned.

>>994721

need to do more testing of the program first, which is going to take some time because the whole purpose of the program is to take time.

I like your PoW idea for reducing spam. But why not make it a crypto miner? It seems like a lot of clock cycles to waste while not doing anything productive.

>>994810

|
|
|\
|_\
|
|x
|
|

>>994810

>implying mining cryptoshekels isn't a waste

>implying anyone will mine cryptoshekels for someone else

>>994819

>oy vey, use the approved payment channels and fiat or you're a kike, goy

>>994820

But you're already forcing users to run PoW, so its not an additional requirement. The only difference is that you're making a few shekels for the website admin via pool-mining with his key.

>>994714

Not if no source

>>994824 (((You)))

>>994710

>Why not? Mod subscriptions are unique to each user. Therefore, they require local configuration stored in the browser, which requires javashit to access.

Or you can just do: nanochandajslkfjalksfjal.onion/board?modsub=fagmod1 then just save links as bookmark or echo to text file.

I'm not so sure about this PoW meme. What's stopping me from hoarding PoWs and unleashing massive spambomb at once? Since you're going to use whirlpool GPU users will be at an advantage. What if I get an FPGA and do hashing there?

https://www.nayuki.io/page/fast-whirlpool-hash-in-x86-assembly

CPU 63.1 MiB/s

https://scholarworks.rit.edu/cgi/viewcontent.cgi?article=4217&context=theses

FPGA ~900 MiB/s (7687 Mbps)

You can also at any time buy compute time on the cloud jew. If key generation time is 3 hours that's still 8 keys/day or 240 keys/month (With standard hardware! GPU will be faster). Now your mod group has to manually invalidate 240 keys, by reading post in question, deciding if it is a spam or not and executing appropriate action. That's just one person, what if 3 fags decide to do hashes for a month? Now you have to deal with 720+ keys.

If I'll have to download software to post, I might as well download image captcha and solve that instead and hope that someone doesn't pay pajeets to solve captchas for him.

>>994850

>Now your mod group has to manually invalidate 240 keys, by reading post in question, deciding if it is a spam or not and executing appropriate action.

That's a considerable improvement though.

The PoW should be minimum 24hrs on a standard machine, maybe even 48hrs. Autists who want to post on nanochan the PoW shouldn't be much of a hurdle since the key is good for the life of the board or until banned.

For a spammer this would become a burden timewise or loss of shekels (cloud jew) to generate multiple keys. Unless he controls a botnet :(

>>994850

Nah, you just provide users with a salt that expires within x-hours if unused. The most amount of keys that could be pre-hashed would then be the number of VPN IPs you have access to.

>>994029

>>994242

Very easy with tor but will only be accessible via tor or tor to clearnet gateways. Just need tor and a web server to host your files. If you self host, ,just use web server software on your pc or host in a VM or use a dedicated machine. Drawbacks are that you may not have 100% up time (not really a big deal for low traffic) if you ever turn your computer off, or have a power outage or internet outage. Otherwise you can rent server space where you'd have to install tor unless it comes preinstalled. Renting has its own issues such as the host being able to shut it down any time and if you're paying anonymously, there's basically no recourse for you and you're out the money. If you pay with real info, most hosts can/will provide your info to law enforcement if asked.

If you want clearnet accessibility, you can always self host using your IP as the web address without having to purchase or register an actual domain or use a free DNS service. Just remember your IP is tied to you via your ISP but usually only your isp/law enforcement are supposed to have access to your actual personal info. Of course that doesn't stop any sites you visit from that IP from correlating the two (ie, using your company website from the same IP you're hosting from can lead them to correlate the two).

>>994896

>the number of VPN IPs you have access to.

but this is supposed to work over tor

>>994725

>it's basically a more cumbersome email sign up

I'd say it's much better. You can't even sign up for the majority of email services anymore without a telephone number. 3 hours of automated cpu time is much better than 3 active hours trying to sign up at some email provider requiring captchas, reference emails, texts, free text services, or literally buying a new phone number etc.

>>994824

>But you're already forcing users to run PoW, so its not an additional requirement. The only difference is that you're making a few shekels for the website admin via pool-mining with his key.

[aa]The idea that you have to mine for someone else's shekels in order to post on an imageboard is extremely off-putting to the majority of imageboard users. Regardless of the fact that it's objectively not very different from the user's standpoint, this would easily drive off 99% of potential posters. Also, sending the cryptos to hakase would require the miner to connect to the internet, which introduces the possibility of botnet, which is antithetical to the whole point of nanochan.

What about taking the concept of text-based captchas like >>994628, but extending it to be more intelligence based? A medium-tier mathematics or algebra problem that would take some pen & paper to solve? Could that still be outsourced to pajeets? Or make it based in knowledge of English, since there are probably no fluent speakers in those poo captcha shops.

Extending that, you could implement a type of registration where you just exchange PGP keys and use your private one as the login. Registration captcha would be the most difficult one, obviously. In terms of only Tor-posting, I can't really see simple visual tasks or ones taking computational resources working. [spoiler ]But I'm just a lurking brainlet passing by, had some hope for the board.[/spoiler]

>>994947

>Algebra problem that takes pen and paper to solve

>what is a cas

>>994955

The point of using keys unique to users is that you don't have to manually ban every piece of spam because you can just ban every post from a given key. If multiple people share a key, and any one of them spams, all of their posts get deleted. If you're on something with DMs (reddit, twitter) then you could use that to hand out keys. But you can't really make them public

>>994947

I proposed using SAPTCHA instead of CAPTCHA on nano/meta/, but my wisdom was not heeded.

http://dmytry.com/texts/captcha_and_saptcha.html

>>994955

This is why keys should be much harder to generate than every 3 hrs. There will be keys spread everywhere if the PoW is too easy, and newfags will have their posts deleted the instant a spammer gets a hold of a shared key. The keys should be semi-valuable with a moderately difficult PoW and be shared privately.

>says to download key generator source code to generate user key

>no link to source code

shiggy diggy doo

>>994975

If you don't want keys to be spread everywhere, just expire the keys. Newfags make their shitty posts, a spammer gets hold of the keys, oops, that key already expired.

>>994972

>every website owner would like to believe a spammer is targetting them personally

And sometimes they fucking are. SAPTCHA only works to fend off automated blog spam.

OP. are you on HRT medication?

>>994978

but in that case then CAPTCHA wouldn't help ether

>>994958

A key ban should only result in no further posting from that specific key. If every single post is linked to and tracked using the pow key, it implies that nanochan is actively tracking users across multiple posts (rather than just leavinf it as a possibility), and with enough effort, users and mods could easily learn the identity of a user by tracking which posts were instantly/erroneously deleted at the same time.

>>994993

Problem is, any period of time where mods are away someone can spam freely, and mods would have to manually delete it all. Or they can just delete everything from that period of time.

>>994976

still need to finish testing the program, as I said, and doing that takes a lot of time because the whole purpose of the key generator is to perform a process which takes time.

>>995019

I've been wondering for a while whether certain types of zero-knowledge proof could be useful for anonymity-respecting onion sites that nonetheless need to stop spam. If I understand the solution you're working on correctly, there will be quite a lot of (CPU) work involved for you. Basically, if a key takes an average of three hours to compute, and there are ten users, each with a key, each user will spend three hours working on their key, but you will have to spent thirty hours, correct?

I think there would be a way to use Hamiltonian cycles for large graphs, as described at https://en.wikipedia.org/wiki/Zero_knowledge_proof#Hamiltonian_cycle_for_a_large_graph to do something that would be computationally intensive for the user, but not you. Basically, a user would compute a Hamiltonian cycle for a large graph, G (and it would have to be HUGE, such that it took hours to compute). They'd share graph G with you, which you'd store in your database. Using the procedure outlined in the wikipedia article, they'd prove to you that they have a Hamiltonian cycle for graph G, and you'd issue them a cookie that allowed them to post. I don't think verifying the user's knowledge would be computationally intensive for you. And if the person started spamming, you'd just delete/blacklist the graph associated with their cookie, and they'd have to compute a whole new Hamiltonian cycle for a large graph and submit it to you just to post again. So the user still has to do hours of computing in order to create a "credential" for posting, but you don't have to do the same computation.

>>995025

No, the proof of work system I am testing is asymmetric such that the user spends several hours (idk how long on average it's actually going to take, need to do more testing) generating his initial key, and each verification of the key (by me) takes almost zero computational work. The user only needs to generate his key once unless he gets banned, in which case he must generate a new key. For real users this is a one-time cost, but Spamnigger must generate many keys since he will get banned all the time.

>>995026

>each verification of the key (by me) takes almost zero computational work

oic, I misunderstood.

>>991375 (OP)

>no /k/

pathetic

>>994936

Running a website isn't free, especially when 20 post/second from running on a spare laptop on his residential line isn't cutting it. PoPow, proof-of-proof-of-work pool mining, would be a transparent way of closed-loop funding of the site. It reminds me of backyard aquaponics farming :D

Even if Hakase doesn't use it for nanochan, I think the concept in general is interesting.

>>995157

>20 post/second

heh nanochan will never reach such speed, not even 8chan is that fast. The current """hardware infrastructure""" is fast enough for however big nanochan is going to get. A PPH of 60 site-wide is good by my standards - one post every minute on average. Especially consider that Nanochan's obscure nature, its lack of javashit, the fact that it's hosted on tor, the fact that you need to spend a day or two generating a key just to post, etc. is all going to drive away the vast majority of people. I wouldn't really be surprised if nanochan died even after I finish implementing the proof of work stuff to stop the spamming, considering all the above factors and my shoddy history as a site admin.

>>995157

I don't really like the idea of it, but having an optional crypto mining pow key generation alongside a non-crypto alternative would be nice.

Honestly, it's not really a bad idea too, I'm sure the thought of mining coins for hakase just to spam his board would demoralize the skiddie very efficiently.

>>995161

it would also drive away people because i'd look like a kike wanting to make more shekels for myself. with the current "infrastructure", nanochan is more or less free for me to operate, so I don't need any extra shekels from it. Not to mention that adding crypto integration would require much more effort than a non-crypto proof of work.

>>995161

I forgot to mention that getting cryptocurrency from banning people (and thus making them generate more keys) is not a good model because it incentivizes me to ban people so that I get extra shekels.

>>995162

Don't worry I get the drawbacks, the suggestion was mostly just a joke

Can't say it wouldn't work nicely though

I am concerned about the idea of the PoW being more than 16 hours since my computer is next to where I sleep.

Ok, the PoW system is working as far as I can tell.

Follow the instructions on this page http://nanochanxv2lxnqi.onion/System/newuserid to generate the user ID. You will need a C compiler and OpenSSL header files. The key generation time can vary, I've had key generation times as long as 6 hours and as short as 1 hour.

All volunteer and board owner accounts have been restored.

>>995171

>doesn't have his computer running 24/7 with an annoying ass fan blaring the whole time

heh

>>995164

Good, nobody likes a lazy mod.

>>995194

But what I don't want to waste my electricity to shitpost? It should be enabled only during times of spam.

>>995171

get a fractal design case and noctua fans, i can barely tell mine is running

>>995208

In case you haven't noticed we have been spammed NON-STOP by some leftist faggot. Also, the way the system works you only need to follow the procedure once and after that you can post unrestricted.

I imagine what I have done is a hack though and not the right way.

>>995217

Generating 3 keys took my FX 8350 6, 1 and 3 minutes

>>995221

I wish the mods would enable IDs so we could filter.

Does nanochan have IDs and filters on all boards?

>>995224

Why would you want to filter >>995221? Have (((you))) been triggered? I had the same problem I just figured I wouldn't mention it because of the barrier to entry rule that is subtly not-so-subtly being implied. It has a /pol/ board so clearly this isn't supposed to be le sekret techee only club.

>>995229

Yes I think filtering is a useful way to shield oneself from the mental illness of others, especially on an imageboard.

>>995236

What mental illness are we talking about here? The mental illness of being new and not knowing something or the mental illness of being so out of touch with reality that you think newness is an issue?

key took about 30 min to make btw.

>>995245

I'm talking about the lewd anime pictures, you dumbass.

>>995252

Why are you so upset at the sight of fictional women?

>>995257

>incel

>>995194

404 Not Found

The requested URL '/System/newuserid' was not found on this server.

>>995279

>404 Not Found

>The requested URL '/System/newuserid' was not found on this server.

New url is http://nanochanxv2lxnqi.onion/nano/System/newuserid

I would feel better about using the pow program if it was pledge()d.

>tfw Ryzen 7 1700

>added multi-threading

>keys generating in under 10 min

>current record 35s

Free keys:

6cYDFvvOy6gsJs79:5000000139413899
o4hNp6eX0mbqqqKJ:6875000479741202
GgCkenNTerH55JZk:1250000045356904
wGRrltPS3YqFPSb5:6875000557057930
dS0TsmMFazSRxRuh:4375000055404559
zdszpuBYMJoeK9wI:3750000648007191
znaAzIOxjlyfaNXS:1250000026525623
FnX4AXh7eTRow8us:1875000188348950

CUDA/OpenCL implementation coming soon™. This PoW thing won't be fair at all. Sure you can increase difficulty, but what if someone is running non-botnet core 2 duo shitbox? Will he then wait 1 month before posting (also wasting a lot of kW)?

>>995357

> what if someone is running non-botnet core 2 duo shitbox?

Those chips are botnet though, and they need OS mitigations to lessen the risks. For a non-botnet chip, you have to go older and slower, using only those that never did speculative execution in the first place. Then this POW stuff gets pretty silly.

>>995357

>>995366

lol what a waste of time

anyone have any better ideas for spam prevention?

>>995380

Just make keys yourself and give them out/ban them at your own discretion like private trackers do.

why is nanochan such a fucking dumpster fire LOL

>>994599

No there isn't. There is no way something can both be rotten and fresh at the same time. Black cannot be white. Red cannot be Blue.

Are image boards even a good idea any more? Clearnet or not the userbase is drying up. If you do create a new one where do you get your users? 8ch is already as slow as you can get away with.

>>995440

Just treat it like a normal forum faggot, who needs high pleb traffic anyway

All posting restrictions have been removed. The proof of work system was kind of a reasonable idea but it turned out to be useless (some guy managed to generate keys in under 35 seconds due to better hardware), and the keys made it very inconvenient to post.

Let's see what happens from here.

>>995452

What about implementing an 8ch-esque image captcha, rendered in braille for text browsers?

>>995460

The image captcha works because it has a lot of detail compared to a text captcha, which the brain can use to extract information (where a computer wouldn't be able to). Converting an 8chan style captcha to text would make it unreadable.

>>995380

Create new /register/ board with images disabled. Users would post with public/private key pair they generated themselves. If moderator approves posts users make on /register/ their public key gets accepted and they're able to post on other boards. That way you don't have to use email to register so you stay anonymous unless you do something stupid and use your public key for something other than nanochan.

>>995461

Here's a fun captcha idea, though I'm not sure it would be bot resistant. Anybody here remember the glorious America's Army 3? Here's the rifleman training video which gave me the idea:

https://invidio.us/watch?v=18nJs7ZTG74

So basically, how about an image captcha that asks the user to click on certain shapes of certain colors that are generated randomly? For simplicity, square, triangle and circle shapes positioned and colored randomly in blue, red and yellow?

It would be like Google's reCaptcha shit with choosing cars and roads but much simpler, like "choose the red triangle and the blue circle". For text users ask for labels like "enter the label of the red triangle and the blue circle" and the shapes would be drawn as colored ASCII art with labels/indexes in them.

It probably wouldn't even annoy genuine posters because it would be kindergarten easy and require only 2-3 correct clicks.

>>995461

Here's a sample generated using 8ch's captcha, a fake captcha and dotmatrix from https://github.com/kevin-cantwell/dotmatrix :

https://pastebin.com/raw/U8xRTQ9y

It's still not exactly readable since it's only 80 characters wide, couldn't seem to manipulate the output image size with that particular program when piping, but running it by itself in a large enough terminal gives a very readable captcha

>>995468

that's pretty good, I'll look into it

thanks for the suggestion

>imageboard engine with 0 innovation or improvements #3524852374128798124817395329582895623486

>>995478

Not to defend hackass and become his cute gay buttboy goy of soy

BUT

>with 0 innovation or improvements

<on tor + image upload + file upload

<no jewscript

<extra text scrolls in catalog view (means its searchable) unlike in 8chan

It's a decent start you got to admit, even though I expect it to go to shit. I've witnessed firsthand the nazi tier moderation in its /pol/. That together with the recent addition to the 3rd rule is an obvious recipe for powertripping faggotry deluxe edition.

>>995482

>I've witnessed firsthand the nazi tier moderation in its /pol/

you can stay on 8chode/pol/ if you want "muh centrism muh lolberg", or you can go to 4cucks for outright leftist moderation.

>>995482

Or when he literally shut the whole thing down for the sake of one spamming skiddie. It's got a lot of promise though

Speaking of which, is the source still being released?

>>995485

The source will be released when I am finished with unicode captcha 2.0, which should get released by friday.

Speaking of the shutdown, yes, that was a bad decision but there was another reason besides "I got tired of dealing with the spam" - I was busy with some other shit for a few days and could not do any work on stopping the skid - hopefully he thinks nanochan will be down forever and stays away for another few days until I can finish the captcha.

>>995482

>tor + image upload

Not sustainable.

>no jewscript

Wow just like most imageboards, so new and innovative!

>extra text scrolls in catalog view (means its searchable)

Searchable how?

>file upload

If you can upload any file type then that's good. Imageboards should have done it years ago.

Thanks to the anon who gave this suggestion - great idea.

⣿⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠟⠿⣿
⣿⠅⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠨⣿
⣿⠅⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣠⠀⠀⣰⣶⠀⠀⣼⠟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠨⣿
⣿⠅⠀⠀⠀⢀⣠⠀⠀⠀⣠⡷⠀⠀⠀⠀⠀⠀⠀⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢾⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣠⣀⠀⠀⠀⠀⠀⠀⣀⣀⣾⣗⣄⣼⣿⣿⣤⣾⣏⣄⣄⣄⣄⣄⣀⣠⣤⣀⣀⡀⠀⠨⣿
⣿⠅⠀⠀⠀⣼⡟⠀⠀⣰⡿⠁⠀⠀⠀⠀⠀⢠⣾⠟⠛⡷⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠸⣷⠀⠀⠀⠀⠀⠀⢀⢀⣀⣄⣴⠿⠛⠟⢛⣷⣵⠙⠉⠉⠉⠉⠡⣿⢃⡽⠃⣽⣇⣾⠃⠀⠀⠀⠈⠛⠾⣬⣈⠸⢿⡌⠁⠀⠨⣿
⣿⠅⠀⠀⣸⣯⣴⡴⣶⡿⠁⠀⠀⠀⠀⠀⠀⢽⣿⡾⠾⣦⣄⢀⢀⢀⣀⣀⣠⡠⡠⡤⠤⢿⣧⠒⠒⠃⠋⠉⠁⠁⠀⠸⣯⣀⢀⣠⡾⠋⠀⠀⠀⠀⠀⠀⢸⣷⡿⠁⢀⣿⡿⠁⠀⠀⠀⠀⠀⠀⠀⠀⠙⠛⠮⣿⣆⠀⠨⣿
⣿⠅⠀⢰⡿⠛⠚⢚⣿⠋⠑⠙⠘⠑⠑⠑⠑⢹⣿⠉⠉⢹⣿⠁⠁⠁⠁⠀⠀⠀⠀⣀⠀⢘⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⣩⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠽⠏⠀⠀⠀⠉⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠨⣿
⣿⠅⢠⡿⠁⠀⠀⠼⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠷⠶⠟⠃⠀⠀⠀⠀⠀⠀⠀⠀⢻⣶⠾⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠨⣿
⣿⠅⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠨⣿
⣿⡅⡀⡀⣀⢀⡀⡀⡀⡀⣀⢀⢀⡀⡀⡀⡀⡀⡀⡀⡀⣀⢀⡀⣀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢨⣿
⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛

I like it because it is tiny!

>>995487

>any file type

sounds like a bad idea

Captcha implemented and enabled on /test/. When skiddie comes back to spam, I will enable it across all boards. Please tell me if it's too difficult/doesn't work/whatever.

>>995487

>just like most imageboards

hahah what

>>995489

No problem, glad to see that the idea has found a practical use sonewhere. Hopefully it'll solve the captcha situation once and for all

I don't see anything when I use the TBB. All I see is a field for the captcha and nothing else.

>https://files.catbox.moe/lfbkts.jpg

>>995512

Click on the text box for the captcha

>>995492

You can put viruses into images and PDFs, if you download .exes from imageboards and run them unsandboxed then you deserve to get fucked and fuck off.

>>995504

>hahah what

8chan is designed to work without javascript. "Doesn't have javascript" isn't a feature, it's the lack of features for most people.

>>995514

>8ch doesn't need js

Fair point, but most anons would happily run js if the site came with it, so not having it in the first place sounds like a great boon to overall privacy. Besides, not having js isn't really supposed to be a feature, but more of a requisite for the benefits of tor to actually be there for the user.

Userscripts do a better job in that department anyway.

>>995517

>not having it in the first place sounds like a great boon to overall privacy. Besides, not having js isn't really supposed to be a feature, but more of a requisite for the benefits of tor to actually be there for the user.

What the fuck are you talking about? Javascript doesn't datamine you, it's just a way to interact with the DOM and shit. You could just as well drop a hidden script into a "no-js" page as you could put it into a page that has other scripts.

If you're browsing from TOR then you should block javascript entirely, not trust websites to not cheat on you.

>>995514

Javashit is a cancer of the web. It is one of the main reasons why all modern browsers have to be bloated pieces of shit if you want to be able to use 60% of websites that require it for some faggy reason.

>>995513

I see. But now I am just getting a bunch of empty box shapes. Am I supposed to copy those into the captcha field?

>https://files.catbox.moe/osi49z.jpg

Where is the /soc/ board?

>>995523

That doesn't mean you have to make your own website a bloated piece of shit that uses 7 js frameworks to move a box. You can do very useful things with very simple scripts if you're not a retarded computer science graduating pajeet

>>995524

I found that if I don't let the page load the full way and copy to a text editor it works. The TBB just isn't displaying the pattern for some reason or another. You may want to load the captcha with the page for others with this issue so they can simply copy it into a text editor.

>>995524

your browser doesn't have fucking unicode support? guess I'll just change the captcha to be a normal image, then. i'll put my extreme autism aside for once. will do that tomorrow

>>995529

can confirm, doesn't work in Tor Browser Bundle

>>995521

>javascript doesn't datamine you

I like how of all the things you could be mad about in my post, you decide to lash out at me on this.

>you should block js when browsing tor

That's why nanochan hasn't bothered to implement javascript, how is that not a logical conclusion? That was literally my whole point, you were whining about how not having js meant a lack of features compared to other ib's, so I made that argument.

Having to spell all this out for you really makes me feel like I'm on /g/.

>>995529

Or instead of a click-to-see approach you could load with the page like I mentioned in >>995528 with a little note about copying to an editor if it's not showing a pattern.

>>995525

>implying

>>995533

I'm just going to assume that you're retarded and continuing this conversation is going to be a complete waste of my time because that's the way it's headed right now.

>>995537

Kek, sure thing man have a nice day

>>995535

How else will we attract trannies?

OP do you have latest source code?

>>995528

You could also focus on the captcha box, right click it to inspect element and copy the text in the captcha-text tag

The tor browser bundle doesn't seem to have support for unicode altogether

>>992201

8ch is unusable, it doesn't even work with referers disabled.

is there a non onion link for phone posters?

>>995557

No. Use PC to post.

It really needs features like clicking on a post ID to quote it, and hovering over whatever the fuck you call this >>991375 (OP)

solid start, hopefully you make somewhere /pol/ can migrate to so we can finally escape the terrible moderation.

>>995489

This is what I see on /test/. Rows of rectangles.