BEFOREHAND: close door, each window & exit; wait until time. open spellbook, study, read (scan, select, tell us); write it, print the hex while each watches, reverse its length, write again; kill spiders, pop them, chop, split, kill them. unlink arms, shift, wait & listen (listening, wait), sort the flock (then, warn the "goats" & kill the "sheep"); kill them, dump qualms, shift moralities, values aside, each one; die sheep! die to reverse the system you accept (reject, respect); next step, kill the next sacrifice, each sacrifice, wait, redo ritual until "all the spirits are pleased"; do it ("as they say"). do it(*everyone***must***participate***in***forbidden**s*e*x*). return last victim; package body; exit crypt (time, times & "half a time") & close it, select (quickly) & warn your next victim; AFTERWORDS: tell nobody. wait, wait until time; wait until next year, next decade; sleep, sleep, die yourself, die at last
Name:
Anonymous2018-02-12 20:08
BBCODE is considered standard for the rear end
Name:
Anonymous2018-02-19 5:41
i just added a new line
my $allow_javascript = 0;
Because i dont want to support javascript at all.
Name:
Anonymous2018-02-19 6:20
I don't think perl is scalable enuff why not write in go with redis and shit?
Name:
Anonymous2018-02-19 7:31
>>6 textboards need not be scalabale they're gonna be used by 8 people max
1) Text board, no Javashit. Pure css3. I dont know how i will deal with spam without it (recaptcha) but hey, who uses textboard these days, right?
2) It might support images in a future, but you will be able to pick images from a library of attachments only specific to each board.
3) I am thinking on a way to create tweets (tweeter or gab) from here so AMAs will be possible with anons.
4) Also it will have a rudimentary way to organize mods and assign tasks to them. Just because it sounds fun to implement. I doubt a textboard needs a team of mods.
Well, actually i was trying to make a CSS3 inspired on WindowsXP. Still needs work of course. But the actions, button locations, and icons at the top are there to stay.
How do you think i can avoid that? (besides not doing a textboard and forget about this and going outside)
Name:
Anonymous2018-02-20 14:37
Any unmoderated dead community turns into a pรฆdo nest eventually.
Name:
Anonymous2018-02-20 14:43
>>16 was it? I remember one namefag (something @live.com I think) talking about pedo shit but I don't remember anything more than that. a single retard does not a pedophile nest make
Name:
Anonymous2018-02-20 15:30
>>19 it does when the community consists of 2 people
No, a textboard (maybe adding images later in a limited way) that works 100% well even with JS disabled.
I think voting will be good to know what threads are really good/fun and which ones are meaningless. So you can voting vote up if you care about the thread and actually make a post.
Name:
Anonymous2018-03-17 12:08
How do u throttle down voat
Name:
Anonymous2018-03-17 12:14
By controlling what is being posted? Things like "+1" and variations, or repeated/too similar messages in the same thread could be filtered as shit posting.
That's not something amazing I'm pretty sure none of the current textboard softwares require JS for anything important
Name:
Anonymous2018-03-17 12:53
>>34 The focus is 0% javascript. None. Nada. JS will be inexistant. Not even for unimportant stuff.
Name:
Anonymous2018-03-17 13:00
>>35 Still removing the external js files in kareha for example would make it use 0% javascript, wouldn't you say?
Name:
Anonymous2018-03-17 13:29
I know there is nothing "amazing" on not using js
I just want to show that a pretty and functional website can be done with it just by pure HTML and CSS3. I think JS is cancer.
And also i want to have fun while doing it :)
Name:
Anonymous2018-03-17 16:03
I don't hate JavaScript, but they way websites use it: 1.Unescapable ads 2.Cryptocoin miners(new but quickly expanding industry) 3.Requiring to load thirdparty stat sites to work. 4.millions of shitty "frameworks" that make any webpage cost 100MB+ ram. Not everyone is on 16GB workstations. 5.Much slower loading and handling of content.Javascript handlers everywhere slow down DOM interaction and create noticeable latency even in latest Chrome/Firefox. (btw, this is the reason WebGL1/2 are getting popular as backends)
Name:
Anonymous2018-03-17 18:48
>>29,31 the only way to do this without javascript is either iframes or redirect after POSTing the traditional way
>>39 I have a way kinda of figured out. It's weird, but i think it will work. The worse that could happen is that someone posts in a thread just to add a vote.
to be able to vote up for the thread at the moment of posting an answer.
What are you talking about? Just make it a button for a page like /vote/:threadid/:post_num/(up|down) then you can redirect them back. It doesn't require javascript at all.
Name:
Anonymous2018-03-17 23:42
>>41 You could look at the html for seiup.net, they have an upvote button.
Name:
๐ซ2018-03-18 4:28
>>43 Moecountsystem. Well... is still a regular form button like >>42 suggested... still... i'll try to look at the source if i find it.
I had been trying to use a "masonry" layout but i have not been able to get what i want without JS. I have a few ideas though. The problem with the masonry layout (also called, "Pinterest layout" in some places) is that, without JS, the units flow in columns up-down.
[ 1 ] [ 4 ] [ ] [ 5 ] [ 2 ] [ ]
[ 3 ] [ 6 ] [ ]
So is a bit weird since one expects always that the order flows from left to right. Anyway, small details overall. This week the work starts on the actual posting/replies. I hope to learn a bit more about voting. This + a tag system will make for an interesting way to find good content.
>>49 I should mention that i'm doing this because of the fond memories i have from the old /prog/ board in 4chan. Progboard... mmm didnt sound too good for me, and i like frogs.
Will you expoas a RESTful API for poasting automation?
Name:
Anonymous2018-03-24 19:54
What value does this add?
Name:
Anonymous2018-03-24 20:09
I've been meaning to do something like this except written in Go with a react.js frontend with tons of tracking and megabytes of javascript to trigger the hipster retards here who pretend like they're posting from raspberry pis.
Actually i've been thinking about this. Perl Dancer, the library i'm using, makes this VERY easy. Not to post, but to read from the boards. I will try to feed data from static json files, not from DB. But this is for version 2.0 or 3.0.
>>60 As for spam, i and thinking on a reporting system. Any link will go to an interstitial page with a screenshot taken from that page. That same page will have a report button, so you wont be getting free hits to that website. Maybe a regexp functions to detect certain patterns in URL like referals. Honestly, antispam will be, i think, the most advanced and interesting part to build. Any ideas are welcome ;)
The idea is to use cookies the least possible, and allow real anonimity, no ip tracking or recording or (permanent) sessions. So, we will keep an internal ID, and another table, to join the ID with a special code.
The user will not have an username, but rather, a key. This will be an url of the type
You will also asked to use a password when you access the url.
This password, with the key, will be processed and generates the special code. This code is related to the user ID.
By using this url-key the user will be able to: -access the posts -edit them -change the unique name to be shown on posting (kinda like a username) -access the profile (in the dumb case the user wants to add some personal info) -change the email
You can reset your url-key and password by entering your email.
You will receive a special link to do this. Then you will get the chance to pick a new password and a new url-key.
The site will use cookies, but only for: -Prefered stylesheet -The checkbox that indicates if you prefer to post as anon or by using your name -Catalog preferences
There will be a way to see all the posts a identified user has posted, even if he/she has changed their name.
I'm just learning this stuff now, i'm just thinking about it while i finish other board features.
I'm planning to post an early beta soon in my machine with dyndns
Name:
Anonymous2018-03-28 0:52
Basically i want to protect the user if he/she picks a shitty password
Show a warning and/or use PBKDF with many rounds. There is no other solution.
Name:
๐ซ2018-04-17 12:08
Ok, i have this idea for the security in the site. What do you think? Is just a small proof of concept, not the actual registration/identification procedure. So is not an actual algorithm, ok?
* An access_key is created. Is both your username and password * On registration, a random password is created (we make sure is unique by concatenating a special timestamp) * This random password is encrypted with your access key. used as a primary key in a table where yout personal data is stored (encrypted) * This encrypted random password is stored in the personal data table together with the hash and the actual encrypted data * After validating the encrypted random password with the hash, we can get the user's personal info * The user_access_key is used as the decryption key, but this time, the salt is a fixed salt taken from the website config.
Please be nice to me. I am just learning this stuff. Please give me you're opinion.
#!/usr/bin/perl use strict;
use Crypt::CBC; use Crypt::PBKDF2; use Crypt::URandom; use Data::Dumper;
#-- This is how we create the key the user will get my $partial_user_access_key = uc $pbkdf2->PBKDF2_hex(Crypt::URandom::urandom(32), Crypt::URandom::urandom(20)); my $code = '4YY7A1'; #-- This code is generated for the user as part of the registration process. this is sent by email, with no links whatsoever. You just have to type it to register, so i kept it short. my $extra_salt = '6H'; #-- 2 random extra characters, different for every user my $user_access_key = $partial_user_access_key.$code.$extra_salt;
print "User access key: $user_access_key\n"; my $salt = substr($user_access_key, -8); #-- Last 8 characters in the user_access_key are the salt print "Salt: $salt\n"; #-- This user_access_key is a decryption key my $salt = Crypt::URandom::urandom(8); #-- Encrypt and decrypt. This will hide the actual password. my $cipher1 = Crypt::CBC->new(-key => $user_access_key, -cipher => 'Blowfish', -salt => $salt ); my $random_internal_password = Crypt::URandom::urandom(32).time; #-- By adding time we make sure is unique (i have a way to make it unique beyond the level of the second. for simplicity i use only time here) print "Random internal password generated. We will encrypt it with our user_access_key\n"; my $encrypted_internal_password = $cipher1->encrypt($random_internal_password);
#-- Since the encrypted_internal_password is unique we use it as an index print "Store the encrypted internal password in a table as the index\n";
#-- We generate a hash from this internal password that is encrypted my $hash = $pbkdf2->generate($encrypted_internal_password); print "The hash is stored on the same row as the encrypted_internal_password\n";
if ($pbkdf2->validate($hash, $encrypted_internal_password)) { print "hash and encrypted_internal_password do match: access granted\n"; } else { exit(0); }
my $site_salt = 'FR0GB0RD'; #-- 8 chars long string
my $user_id = 234; my $user_email = 'supersecretemail@mail.com'; my $user_name = "NotSoAnonymous";
my $user_info = "$user_id\n$user_email\n$user_name"; my $cipher2 = Crypt::CBC->new(-key => $user_access_key, -cipher => 'Blowfish', -salt => $site_salt );
my $encrypted_user_info = $cipher2->encrypt($user_info);
#The user personal info is encrypted. This time, the encryption key is the a combination of #the user_access_key but the salt is taken from the frogboard's config.yml file
>>86 I did some manual tests yesterday to check XSS stuff. Seems safe for now. Of course i will use some automated tools in the future to be sure that the system is safe. I'm more concerned about the authentication mechanism i described in >>84
Name:
Anonymous2018-04-17 20:24
>>88 add rate-limiting for login attempts to protect against brute-forcing
I hate when people say shit like that. It's like when people say they don't need to make their website validate input or protect against XSS or whatever because ``the WAF will take care of it''. That's a lazy cop-out. Don't rely on other tools -- make your code secure without bandaids.
I'm not saying you shouldn't use Cloudflare or a WAF, as both are important. But to say that you'll leave security in the hands of third party code and services is silly.
Name:
๐ซ2018-04-21 6:35
>>84 I realized that this is all stupid bullshit. A regular user/password combo is the most sensible solution, maybe with an option for client-side certificates. I think i can still provide a decent level of "safety" and anonimity for the users.
Anyway, ... what the fuck was i thinking!!!?!?!?!
Name:
๐ซ2018-04-24 14:24
Hi all
In the end, i have a user/password mechanism now. However, your username is PRIVATE. Only in special circumstances, under your control, you can make it visible to everyone. You still have a public name, that can change anytime to anything ('Anonymous' by default)
My idea is that, in the event of a hack, anyone that gets access to the DB will have a hard time relating a username to a user_id.
user side server side ~~~~~~~~~ ~~~~~~~~~~~
$username <---> $user_id
The relationship between username and id (and email too) is on a table, but encrypted.
So, for practical purposes, when a user logs in, i keep this relationship stored in a variable in the programs memory. If there are 50000 users logged in, this structure will have 50000 elements. There is no public end-point to access this, and the only function you have available publicly is Session::who_is($username) and is used in the code whenever i need the user_id (mostly when calling stored procedures)
What do you think about this? Do you think is a secure way to do it? Of course, anyone with direct control of the machine can always explore the memory to read directly the data with the relationships, but then, it will only get the ones of the currently active users.
Name:
๐ซ2018-04-26 13:18
A recent gif with the login process and a notification for a response you got in the background
reeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee poast poast red cream cloan API WIN
Name:
Anonymous2018-04-27 10:02
i maek poast on the {spoiler /prog/} board
Name:
Anonymous2018-04-27 10:02
i maek poast on the {spoiler /prog/} board
Name:
Anonymous2018-04-27 10:03
i maek poast on the {spoiler /prog/} board
Name:
Anonymous2018-04-27 10:03
i maek poast on the {spoiler /prog/} board
Name:
Anonymous2018-04-27 10:03
i maek poast on the {spoiler /prog/} board
Name:
Anonymous2018-04-27 12:18
check my dubs
Name:
๐ซ2018-04-27 12:44
Markup choice
Right now i am being inclined to a combination of sexpcode and markdown.
After trying them for a while, i found this comfortable to type. Now i am coding this and see how it goes
(All these works only on column 1) : This will create a header (no multilevel headers. I'm keeping this intentionally simple) + Item List ++ Item List level 2 +++ Etc > green text # purple text
These are free to type anywhere [b] [i] [u] [h hidden] (AKA spoilers) [sup] [sub]
[code(end='\n]') some source code ]
Yes, some will have parameters. In the case of code, end is showing the default value for it, meaning that a new line plus a closing ] indicates the end of the code block. Notice that there is NO space between code and the opening parenthesis.
[do action] This will allow your post to trigger some specific action on posting. Example [do dice] This will throw a 6 side dice and print its value. (A nice replacement for trips i guess)
>>1 Points to post1 >>1:2 Points to heading 2 in post 1 >>1.3 Points to paragraph 3 in post 1
Since this has no JS there is no way to do markup except by typing it. So is imperative to keep it as simple as possible with sane defaults. Like >>1 for quick replies
Name:
Anonymous2018-04-27 12:49
>>112 why this weird sorta-bbcode-sorta-sexpcode instead of either one or the other? bbcode has [tag]value[/tag], sexpcode has {tag value} and for some reason your're are board will have [tag value]
>>117 The average /frogrider has very different opinions from what the average person.
Name:
Anonymous2018-04-27 23:55
I considered getting into Perl but someone told me it was shitty ancient language destined for total extinction. I suggest you follow the same advice and rewrite it in FIOC or something.
Name:
๐ซ2018-04-28 0:40
>>119 Well.... it still get the job done, and is pretty good for it. Perl Dancer2 is amazing! Is not shitty nor ancient at all, though i wont use it for any systems that requires an object oriented design. The Moose and Mouse libraries are awful IMHO.
The good side of perl today, is that is one of the best paid languages. Unveliebable right? But it is true today.
I'm moving on to Perl6 for my next project's backend. I have my goal set very high ;)
Name:
Anonymous2018-04-28 4:38
Perl is like the twitter of programming languages. Very short and sweet.
You can have some 20 character perl script -- pretty much impossible to read unless you're the author -- and it's the equivalent to like 500 lines of Java.
But it's not aging very well. Sites with .pl in the URL (for a file, not the ccTLD) usually look like they were designed in 2001.
Name:
Anonymous2018-04-28 9:20
Camel-kun, can I contribute? I know Java and I can consume a REST api and the create a mobile client for your web sight.
Name:
๐ซ2018-04-29 20:26
>>122 Sure, anon, but i am still far from defining an API. I need a decent open beta first to test my current design.
I have finished the design of the markup. I leave it here for you to comment. The coding of the parser is going pretty well! 5 passes of regexps gave me almost everything i needed ๐
Considering that the board will not have JS, i tried to think in something that was robust and quick to type. There are a couple or more constructs i'm working on (like a greentext block, and a special spoiler block) but in general this is a good description of the markup. An image markup and external links block are missing, and this is intentional.
And yes, i am thinking on support BBCODE later, and Markdown, there are perl modules for that already so integrating them should be easy. But this is going to be the official markup.
Name:
๐ซ2018-04-29 20:42
>>123 Some clarification about the "align left"", and asking for help too. The name in the table says "align left" and it shows aligning right because i still have not decided HOW to call it. See, there is NO PURPOSE in aligning left UNLESS, you write in a language where aligning right is the default, so the picture is just a reflection on what i'm thinking now. Now, for the question:
How would you call it? I only have these ideas: ALIGN OPPOSITE, INVERT ALIGN, ALIGN FRONT.
Name:
๐ซ2018-05-02 5:24
This is a sample of the current incarnation of the markup.
please don't make me learn another renegade markup language please support sexp code, it is powerful, expressive, and nonverbose
Name:
Anonymous2018-05-02 7:52
>>126 It's also a bitch to parse, because you have to keep a table of all identifiers and their arity to tell the text part from the arguments. Some kind of delimiter between the arguments and the text would have helped.
Name:
Anonymous2018-05-02 8:19
>>127 that's unpythonic, don't make things unnecessarily complicated to use
Name:
๐ซ2018-05-02 12:33
>>126 But, is similar to sexpcode!!!! Except for function composition, i tried to mimic it's general structure.
thisissome markup
Just compare BBCODE vs this one... [o][b]this[/b] [i]is[/i][/o] [u]some markup[/u]
VS
[o [b this] [i is]] [u some markup]
I left the function composition out because is just markup. However, i plan to use a very simple "parametrization" of some tags in this general form.
[x(flag1 flag2) contents of the tag]
--------------------------------------------
Examples For the Table construct: [t(separator-semicolon) header ; header data1 ; data2 data3 ; data4 ]
For the spoiler tag [h(reveal) a special type of spoiler] [h(blinds) another type of spoiler]
Name:
๐ซ2018-05-02 12:34
>>126 But, is similar to sexpcode!!!! Except for function composition, i tried to mimic it's general structure.
thisissome markup
Just compare BBCODE vs this one... [o][b]this[/b] [i]is[/i][/o] [u]some markup[/u]
VS
[o [b this] [i is]] [u some markup]
I left the function composition out because is just markup. However, i plan to use a very simple "parametrization" of some tags in this general form.
[x(flag1 flag2) contents of the tag]
--------------------------------------------
Examples For the Table construct: [t(separator-semicolon) header ; header data1 ; data2 data3 ; data4 ]
For the spoiler tag [h(reveal) a special type of spoiler] [h(blinds) another type of spoiler]
