Name: Anonymous 2018-01-14 9:03
Hello, dear citizens of /prog/. As you might have noticed, a terrible(!) plague has set itself upon our beautiful board, lowering the median intelligence of the poasts to a level difficult to describe. During the past years, we have endured and endured, waiting for these painful months of the year to pass; some of us have given up, maybe even tried finding refuge in other programmer communities, only to realize the depth of the hole /prog/ had left behind in their hearts.
I don't know about you, but personally, I've had enough.
As it is a widely-known fact that we cannot rely on moderator power to push away the hordes of intruders, we must find another way to cleanse our magnificent community of the line noise that is ruining it.
What makes us special, /prog/? What is it that differentiates us from all the other boards? We can program. Let us use this to our advantage.
I thereby propose, as the final solution against the recent shitpoastfest, the creation and implementation of the GJS protocol.
This protocol has but one goal: to give /prog/riders a way of recognizing each other's poasts, and by extension, a way of ignoring all other poasts.
/prog/riders are encouraged to devise message authentication/signing algorithms and poast the corresponding textual description to /prog/, with absolutely no sample implementation whatsoever. Other /prog/riders who are willing to identify themselves as ``legitimate citizens'' will be able to do so by signing their own poasts with one of the aforementioned algorithms; of course, they will be required to implement the algorithm of their choice themselves - perhaps easy and entertaining for them, but a veritable brick-wall for the intruders. As a result, /prog/riders will have no difficulty in recognizing poasts written by a fellow compatriot (and automatically ignoring everyone else's).
Implementation:
The GJS protocol specifies two poast formats: poasts describing signing algorithms and signed poasts.
The message-signing algorithms shall take a variable-length string as their input and return a variable-length string as their output. The message authentication code shall be defined as the lowercase hexadecimal-encoded MD5 hash of the output of the message-signing algorithm.
Note: BBCode and its associated HTML formatting must be ignored. Users of the GJS protocol are therefore encouraged to wrap the message header in text size-reducing tags, i.e. [sup] or [sub]. <br> tags (or whatever newlines are represented as) shall be interpreted as "\n".
Message signing algorithms will be uniquely identified by the FIPS-180-2 SHA-256 hash of their textual description.
Format of a poast describing a signing algorithm:
Sample poast describing a signing algorithm:
Format of a signed poast:
Recommendation: As a preventive measure against false positives (poasts not written by true /prog/riders recognized as authentic), the first line of the payload should have the following format (note: if the poast is a thread starter, 0 must be used as Thread ID):
Sample signed poast:
Guidelines for writing a successful signing algorithm:
* Not too simple, but not too complex either. Ask yourself the question: would a person who has been using ``Teach yourself Sepples in 24h'' tutorials be able to write a program that implements your algorithm? If the answer is yes, then it's not complex enough.
* Do not rely upon external libraries; libcrypt is no exception.
* Do not rely upon language-specific features.
* Do not rely upon platform-specific features.
* Your algorithm should not require excessive time and space. Worst-case should be O(n) relative to the input size.
* Make sure the algorithm can be comfortably implemented in Javascript (to facilitate the writing of Greasemonkey extensions that would remove all non-signed poasts from view).
* If you're out of inspiration, just use common problems in computer science, e.g. make the algorithm solve small custom knapsack problems generated from bytes of the input.
* Be creative!
I don't know about you, but personally, I've had enough.
As it is a widely-known fact that we cannot rely on moderator power to push away the hordes of intruders, we must find another way to cleanse our magnificent community of the line noise that is ruining it.
What makes us special, /prog/? What is it that differentiates us from all the other boards? We can program. Let us use this to our advantage.
I thereby propose, as the final solution against the recent shitpoastfest, the creation and implementation of the GJS protocol.
This protocol has but one goal: to give /prog/riders a way of recognizing each other's poasts, and by extension, a way of ignoring all other poasts.
/prog/riders are encouraged to devise message authentication/signing algorithms and poast the corresponding textual description to /prog/, with absolutely no sample implementation whatsoever. Other /prog/riders who are willing to identify themselves as ``legitimate citizens'' will be able to do so by signing their own poasts with one of the aforementioned algorithms; of course, they will be required to implement the algorithm of their choice themselves - perhaps easy and entertaining for them, but a veritable brick-wall for the intruders. As a result, /prog/riders will have no difficulty in recognizing poasts written by a fellow compatriot (and automatically ignoring everyone else's).
Implementation:
The GJS protocol specifies two poast formats: poasts describing signing algorithms and signed poasts.
The message-signing algorithms shall take a variable-length string as their input and return a variable-length string as their output. The message authentication code shall be defined as the lowercase hexadecimal-encoded MD5 hash of the output of the message-signing algorithm.
Note: BBCode and its associated HTML formatting must be ignored. Users of the GJS protocol are therefore encouraged to wrap the message header in text size-reducing tags, i.e. [sup] or [sub]. <br> tags (or whatever newlines are represented as) shall be interpreted as "\n".
Message signing algorithms will be uniquely identified by the FIPS-180-2 SHA-256 hash of their textual description.
Format of a poast describing a signing algorithm:
:GJS1A <Message signing algorithm ID: hexadecimal sha256sum of the message describing the algorithm, i.e. of the base64-decoded Payload><newline>
:<Message authentication code (as defined above) using the algorithm itself of the message describing the algorithm, i.e. of the base64-decoded Payload><newline>
<Payload: base64-encoded message describing the algorithm, line-wrap is recommended>
Sample poast describing a signing algorithm:
:GJS1A b824e263caedb4eb97689b25d14ab4217f229687b35ede63872c184b455b372e
:3fcee1ea342699e1bf18973b242f9b65
VGhpcyBpcyBhIHNhbXBsZSBtZXNzYWdlIHNpZ25pbmcgYWxnb3JpdGhtIGRlc2NyaXB0b3IgcG9z
dC4gTm9ybWFsbHksIGl0IHdvdWxkIGJlIGZpbGxlZCB3aXRoIHRoZSB0ZXh0dWFsIGRlc2NyaXB0
aW9uIG9mIGEgcmF0aGVyIGNvbXBsZXggc2lnbmluZyBhbGdvcml0aG0sIGJ1dCBmb3IgdGhlIHNh
a2Ugb2Ygc2ltcGxpY2l0eSwgbGV0J3Mgc2F5IHRoZSBhbGdvcml0aG0gaXMgcmVhbGx5IGp1c3Q6
CgpSZXR1cm4gdGhlIHN1bSBvZiBhbGwgdGhlIHZhbHVlcyBvZiB0aGUgYnl0ZXMgaW4gdGhlIGlu
cHV0IHN0cmluZyBtb2R1bG8gNjU1MzYsIGluIGRlY2ltYWwuCg==
Format of a signed poast:
:GJS1M <Message signing algorithm ID: hexadecimal sha256sum of the message describing the algorithm><newline>
:<Length: length in bytes of Payload, in decimal> <Message authentication code of the Payload><newline>
<Payload: string of Length bytes>
Recommendation: As a preventive measure against false positives (poasts not written by true /prog/riders recognized as authentic), the first line of the payload should have the following format (note: if the poast is a thread starter, 0 must be used as Thread ID):
:<Thread ID in which poast is located, in decimal> <Unix time at the time of signing, in decimal>
Sample signed poast:
:GJS1M b824e263caedb4eb97689b25d14ab4217f229687b35ede63872c184b455b372e
:63 ac2e084d679d6de0a60f75fca6e63589
:0 1277094869
This message was written by an EXPERT PROGRAMMER.
Guidelines for writing a successful signing algorithm:
* Not too simple, but not too complex either. Ask yourself the question: would a person who has been using ``Teach yourself Sepples in 24h'' tutorials be able to write a program that implements your algorithm? If the answer is yes, then it's not complex enough.
* Do not rely upon external libraries; libcrypt is no exception.
* Do not rely upon language-specific features.
* Do not rely upon platform-specific features.
* Your algorithm should not require excessive time and space. Worst-case should be O(n) relative to the input size.
* Make sure the algorithm can be comfortably implemented in Javascript (to facilitate the writing of Greasemonkey extensions that would remove all non-signed poasts from view).
* If you're out of inspiration, just use common problems in computer science, e.g. make the algorithm solve small custom knapsack problems generated from bytes of the input.
* Be creative!