A textboard in MIT Scheme

Hey /prague/

I made a little something. It was first prototyped in Guile but I've rewritten it in MIT Scheme.

https://gitlab.com/naughtybits/schemebbs

You can see a live demo at https://textboard.org/prog (add ?css=2ch to the url if you need the pseudo-pseud0ch css)

i2p access for the paranoids: http://7ubwrcixdcemzqwqzh2vaakjsnochj2biuzpo6dc2n4f7wqj4pua.b32.i2p

based

Finally some code!

http://groups.google.com/d/msg/rec.arts.sf.written/qGjpMAj0PBY/JHfTJWpmCgAJ

>>2
and redpilled

>>1,4
virii, don't click

>>6
No JS, no cookies.

>>7
And you know that how? It’s hard to verify that a websight uses neither.

>>8
How is verifying the absence of Javascript and HTTP Cookies hard?
You should block both by default anyway.

>>9
malformed requests can lead to code execution
imagine thinking JS is the only browser security issue
MIME confusion
overflows
MITB
0-days
flash
resource exhaustion
webrtc for deanonymizing you
hsts preload for inferring browser history
tracking pixels
cross-site request forgery i.e. <img src="somewebsiteyouuse.com/resetpassword.php?&newpassword=attackerpassword">
polyglot files
301 redirects (you think you're going to example.com but it redirects you to example.com/malware.exe)
PDF files (they can javascript or even pdf reader exploits can lead to code execution)
maldocs
clickjacking
cryptojacking
traffic distribution systems
just fingerprinting you based on your user agent and maybe using that to deliver a payload specific to your OS and browser version which might have CVEs or 0-days for them, using EKs or some shit

yes, javascript is A browser security issue
but it is by no measn the ONLY browser security issue

people think there's a magic bullet for security
``I know!'' shouted the anus
``I'll just disable cookies and javascript! then I'll be fine!!!!''
but little did they know that they can still get pwned, even with those changes to their browser

>>10
holy shit
now i am too afraid to go on the internet!

Disabling JS was never about security. It's about w3m-mode and its sort not supporting it. Do not mistake using software from 1983 for misplaced InfoSec paranoia.

>>12

paranoia

BRO JUST STOP CARING ABOUT SECURITY
BRO WHO EVEN VALIDATES INPUT ANYMORE?
IT'S 2018, STOP BEING A NAZI, LET ALL DATA IN
BRO WHO IS EVEN GONNA HACK ME HAHAHA NO ONE CARES HAHA I HAVE NOTHING TO HIDE HAHA

Good work, op.

>>13
if you depend on js for input validation, you're already pwned

There's a "sexp-api" too: https://textboard.org/sexp but no client yet. I will write one for mobile phones one of these days.

>>13
Dependent types solve this issue by not allowing unvalidated input.

>>13
Why are you so mad? Is it because you are using an unfunctional version of the web because your browser doesn’t support js?

>>11
conceded: Why even join a stupid DNS leaking textboard made in dynamic Perl code with unsanitized inputs?
>>18
I think that's irony,,,

OP I want to get back into Scheme. What implementation should I use? Guile seems like it has the most active development and comfiest tooling. I don’t want to use some abandonware.

Is there a reason to use Scheme over Racket?

>>21
meme value

>>20
Guile comes with ``battery included'' if you want to use it for system programming or for the web, it's pretty good. So is Gauche. Guile isn't going to be abandoware anytime soon thanks to GuixSD.
If you want to make a fast executable then choose Gambit or Chez. Take a look at Gerbil too, it has nice modern libraries.
>>21
Scheme's not dead.

>>23

Scheme's not dead.

Stable release: 7.1[1] / October 26, 2018; 7 days ago

Neither is Racket

>>23
I just spent several hours researching this and decided on Guile.

I was very interested in Chez because of its maturity and this benchmark showing how fast it is:
https://ecraven.github.io/r7rs-benchmarks/

But Chez looks like a behemoth with very few users, and the point of using Scheme isn't performance. Guile is more approachable.

>>24
I didn't meant that Racket was dead, it's very much alive. I thought you infered that Scheme was dead. Superseded by Racket. I didn't really know what to answer, you may be right. It was meant to be read like punk's not dead, a joke. Nevermind.

It was first prototyped in Guile but I've rewritten it in MIT Scheme.

why did you write in MIT scheme? you'd think it'd be better suited for guile

I'm getting 400s when trying to post on https://textboard.org/prog/23
copying what I wanted to say:
>>>8
nntpchan, as the name implies, is a fileboard, agnostic [currently?] to filetypes: we have to be careful on what is truly Dost confirmed

an ANN might be expensive, and I was seeking something more programmable like described in the thread. If you browse the network, you can see weird posts with cites and some garbled text.
I've experienced rotary spam, esp. in chat/IM networks. We had one autist, self named Nintendo, that did just that: copied the entire 200 page and repost, over and over gain.
Thank good the shutdown deterred him.

>>27
Guile would have made everything simpler. It has a fast web server, SQLite bindings and full sxml support, but where's the fun? Also MIT Scheme is tied to /prog/'s history.

>>28
There was a bug because the script will try to reject blankposts. Trailing blank lines caused this. I was aware of it in another form and it didn't take too long to correct. Thanks for making me actually fixing it.

>>28

I'm getting 400s when trying to post on

dependent types would have prevented this

>>30
depend on my anus

No returns would have prevented it

I might use this software, if that's okay. I got it to run quite easily, but how do you create boards?
(Sorry if I don't take my time reading the source code.)

>>33
Pull requests are welcome. ;)

pull request my anus

good man

Why are the called <<pull>> requests? If we have to use this obsolete scheme, a push request seems more reasonable.

>>33
It's more or less infinite boards by default, you juste have to create a directory with the name of your board.

Create data/html/vip and data/sexp/vip for instance.

>>38
So basically it checks if the directory exists every time you visit?

>>38
This doesn't work, for some reason (or I fail at interpretation)

>>39
Yes, if that directory doesn't exist it's a 404.
>>40
I'm not able to check right now, give me a couple of days I have to go through the install process myself.

nice

nice poast op
i cum 10 times and my dick is solid

wow op i fap so hard my dick bigger 2 inches great site A++++++

>>1 i slipped on my own penis im calling the police fuck you op