Nanochan

Thank you, you're the best of us.

I am going to look for a vulnerability

server's down

it's not, fucking retard, works perfectly fine for me on the hidden service

You can probably do a XSS attack using the log page if you have a board owner or admin account.

it was possible, but I've fixed it now, thanks for pointing it out
regardless, I made a board owner account (board owner of /test/)
username: xss
password: 123456

p. cool. I was able to post these "tor on openbsd" intructions to nano /g/ without any trouble. tor 8ch wouldn't take the post from surf though. Probably need TorBrowser for 8ch, or some extra captcha juggling.

$ pkg_add tor
edit /etc/tor/torrc:
uncomment SOCKSPort (127.0.0.1:9050)
add "ORPort 0" to disable relaying (skip this if you can afford it and want greater discalaimability -- the ability to say "nah I have no idea how those packets came from my machine")
uncomment ExitRelay (0)

pkg_add polipo
edit /etc/polipo/torrc:
uncomment socksParentProxy (localhost:9050) and socksProxyType (socks5)
uncomment one of the memory options
uncomment localDocumentRoot to disable web server

$ rcctl enable tor
$ rcctl start tor
$ rcctl enable polipo
$ rcctl start polipo

want nyx? not necessary but can use to confirm configuration and monitor tor. If you followed above, second line should read "Relaying Disabled, Control Port (password): 9051"
$ pkg_add nyx
edit /etc/tor/torrc:
uncomment ControlPort (9051)
uncomment HashedControlPassword (generate with tor --hash-password)
$ rcctl restart tor
$ nyx

once polipo and tor are running, you'll want to use polipo as an HTTP proxy, so it can then use tor as a SOCKS proxy, so tor can then make a connection through the tor network. On your end, all you need is to set an environment variable for w3m/surf. You probably don't want these set all the time, so better to make a script.

HTTP_PROXY=127.0.0.1:8123 w3m nanochanxv2lxnqi.onion/

http_proxy=127.0.0.1:8123 surf nanochanxv2lxnqi.onion/

example script to support just "script_name blah.onion" usage:#! /bin/sh http_proxy=127.0.0.1:8123 exec surf $1

speaking of code blocks...-- Turn nanochan-formatting into html.function post.nano2html(text) local text = "\n" .. text .. "\n"; text = text:gsub(">>(%d+)", ">>%1"); text = text:gsub(">>>/([%d%l]-)/", ">>>/%1/"); text = text:gsub("(https?://)(.-)%s", "%1%2 "); text = text:gsub("\n>(.-)\n", "\n>%1\n"); text = text:gsub("\n<(.-)\n", "\n<%1\n"); text = text:gsub("%(%(%((.-)%)%)%)", "(((%1)))"); text = text:gsub("==(.-)==", "%1"); text = text:gsub("%*%*(.-)%*%*", "%1"); text = text:gsub("~~(.-)~~", "%1"); text = text:gsub("__(.-)__", "%1"); text = text:gsub("'''(.-)'''", "%1"); text = text:gsub("''(.-)''", "%1"); text = text:gsub("\n", ""); return text;end

not the worst piece of spaghetti I've written...
any reccomendations on how to do it better?

Attached: 6ef216d83e578464f6e57aec6e06c27f3813358404400532741ca0f45ae1e5fd.png (500x500, 205.29K)

I think it's fine. Anything else is going to look about as ugly. If performance is ever a problem, you can just use some PCRE bindings.
it lacks a code block though

Attached: e31lHIc.jpg (800x442, 91.32K)

I like the name.

Attached: say 'shark' if you would bang this cute little robot.jpg (1920x1080, 184.4K)

make a real parser, i guess.

That's worse performance than josh's software friendo

I know, it's horrible (but only really noticeable with files above 2mb). I'm working on optimizing that shit, I have a fairly good idea of which functions are taking a long time. The problem is basically that copying 8mb of data around is bad for performance, so I have to minimize that.

how many people are involved in this? what is your goal? is this a honeypot?

He seems legit, only a few would use Luna while making such a good imageboard.

everything is good - apart from image processing, which is total shit.
I've located the problem, hopefully image uploading will be much better by tomorrow (and then I can raise the filesize limit to 16 or 32 MiB).

Too many boards? /b/ and /meta/ would be enough. Once you get larger userbase add new boards as needed. Layout looks nice, readable and simple, so good job on that.

Official lua styleguide suggests two spaces as indentation
lua-users.org/wiki/LuaStyleGuide

OP is not a faggot? wtf?

at least throw in a /g/ or Zig Forums board, since that's who this type of project would attract at first. I wouldn't wanna go someplace where all there is is random shit and a board about dealing with the random shit.

...

OP here. I'm thinking of using haserl (CGI wrapper) in my script instead of doing all the CGI parsing/conversion manually. What do you think of it? I think that it would help me reduce the amount of code, and also potentially make everything faster because haserl handles the image uploads for me in a "proper" way as opposed to the retarded method that I'm using at the moment.
Any issues with haserl?
manpages.ubuntu.com/manpages/xenial/man1/haserl.1.html

Rewrite the entire board in perl

perl is gay
after I've perfected the lua version, I might try and re-implement nanochan in C for shits and giggles

your gay, gayboy

what the actual fuck
just grab the first row and learn sql triggers for creating posts

How am I supposed to store a single value not attached to a table? Is there even a way to do that?

r u stupid?

yeah its called writing text into file

in a fucking sqlite database, nigger
I can't go around creating billions of little text files for all the little variables that I need to store

hey I got an idea
what about making the global table just be a name/value table, with the name storing a string such as "Announcement" and value storing the actual announcement itself, that way if I wanted to create more global settings it would be easy
then just SELECT Value FROM GlobalConfig WHERE Name = 'Announcement' etc.

first off, that announcement message is on like most of the pages that users are going to be using, realize you're opening the database everytime you retrieve that annoucement value, what a fucking waste of time, store that shit in memory.
Only read during bootup/creating tables with the if not exist stuff & only write when you update that announcement message, skip reading the database if you're updating it, because you already have the announcement message.

ideal if you had more than one global value

you do realize this is a CGI program right, I have to write all data to disk between page accesses.
I have, though, played with the idea of storing the nanochan.db in a memory-backed filesystem, and then have a cronjob copying it to disk every once in a while to account for crashes/power failures/whatever.
I just haven't gotten around to doing it yet because there's a much bigger, macroscopic problem with image uploading which causes the program to spend a few seconds processing the image when it shouldn't take that long.
if you make a big deal about the little announcement message I bet your head's gonna fucking blow off when you see my HTTP request handlers (which I'm in the process of fixing right now)

use the environment variables then

No. The script gets re-executed from the beginning with every page request (i.e. deleting all environment variables upon restart); that's how the CGI protocol works. I have to store things to disk. There is no better way to do it.

this is SQLite, heathen: sqlite.org/np1queryprob.html

Where is the Zig Forums you faggot?

I think what he has now is fine.
I wouldn't want to start a thread about tech only to come back in a few days to find it flooded with /b/ shit. And who knows what the future might bring for anonymous chans on the clearweb. Torchans may get big influxes real quick.

not important ;^)

Will you gib sauce?

How do you report a post to mods? Would be a pain if board owners have to watch every thread for glowers trying to slip CP or honeypot links.

rtft

this is needed

Make image board software for TempleOS

Use /meta/. Mods are supposed to watch it (although at the moment it's just me).
The report system on Zig Forums sucks ass; it'd be easier to just make a post in a meta thread telling mods exactly what the problem is. That's why /meta/ exists.
Also, I rolled the database back to what it was yesterday because I made a retarded mistake and deleted something. I will keep more regular backups from now on.

The xss test account has been removed.

So there's no clearnet access? Pretty cool tbh. When will you have webm support?

no, there will never be. I'm not interested in getting cucked by dmca and other jewish laws
After I finish my optimizations for file uploads, I will fix the mod tools (some are a bit buggy), add an overboard, improve the statistics page and then add webm/mp4/pdf support.

... and I will also add a content security policy to prevent the execution of any javascript, or any inclusion of external images/css (muh tracking).

based

Wow big based

OP here. I just rolled an upgrade which is live at nanochanxv2lxnqi.onion
1. A Content-Security-Policy HTTP header has been implemented. This prevents the loading of any resources outside the nanochan server. It also prevents any javascript from executing on nanochan; in other words, nanochan is now totally immune to XSS of any type.
2. Links to external websites no longer send a referrer, even if the browser has referrers enabled. This is NOT the case on Zig Forums.
3. File uploading speeds have been increased greatly. As such, the filesize limit has been raised to 16MiB.
4. Minor CSS improvements to the file upload form.
Here's a link to the new source code: files.catbox.moe/9drdth.lua Still around 1800 lines of code since I managed to cut out a lot of the useless bloat while adding features.
What new features do you guys want to see next?
etc.
Code improvements/suggestions are also welcome, I'll be putting some of the duplicated code into functions when I get more free time.

Attached: ClipboardImage.png (1354x1019, 202.74K)

And for clearnet niggers, you can use nanochanxv2lxnqi.onion.sh although it is a bit slower than using the normal onion address.

Do you plan on having a community come out of this project or are you going towards a nntpchan type imageboard where it eventually goes nowhere from a social perspective ?
I know this depends on the people and it's a somewhat stupid question but it seems you made this for a reason. ( onion only, no javashit, one of the first priorities was XSS immunity )
Aren't tor clearnet proxies to be discouraged ? What's special about onion.sh ?

maybe. I originally made it because I didn't like chodekikey's mismanagement of Zig Forums but I will wait until after the midterms before shilling over there.
Nothing special about it, just the first one that actually worked and didn't time out or give some sort of error.

The Zig Forums situation is kinda sad.The majority from what I've seen don't care about privacy or technology.I've seen some groups have moved to matrix which is an improvement but I don't see how many will actually give this a chance.

the real reason I originally chose for nanochan to be a tor HS was because of the following advantages it gives:
>doesn't need (((certificate authorities))), but is still an encrypted connection
>doesn't need DNS and (((ICANN))) but still has a semi-memorable name
now regarding whether Zig Forums users will move, idk. Depends on whether chodemonkey does anything else retarded over the next few weeks/months, or whether the spam/pajeet/cuckchan posting gets worse. It's pretty easy to estimate the number of tor users based on the number of posts with id 000000, there aren't that many but there are some - and most people know about the existence of tor at least, which is better than e.g. mewch where people asked me "HURR WHAT KIND OF LINK IS DAT" when they saw the .onion at the end.

Attached: ClipboardImage.png (880x162, 27.02K)

>files.catbox.moe/9drdth.lua
Why not simply host the source code at nanochanxv2lxnqi.onion/source.lua or something?

nicely done OP

Dedicated shitting board from day 1? Might as well have called it "Zig Forumschan #3".

Attached: 1428184137061-2.jpg (900x598, 193.97K)

Don't even attempt with those fags.
They're all mostly goons, the site admin got into site drama with another imageboard by the name of 76 where he purchased it from the previous owner just to shut it down.
Almost every user on that site comes from his inner cobal of barely intelligible collagefags or just straight from reddit.
He's very well known on smaller imageboards for being an ass.

how fucking new are you, faggot?

Is there any need to have both of these? they both seem to solve the same problem of having to switch between boards to keep up with new posts. I vote for overboard.

Attached: bd34178755bcf21be5da168eae74edfc.png (900x1200, 827.38K)

shark

I think some do, or atleast old users used to. There is/was a few days ago a op-sec thread up with ~400posts, with some good info about tor etc.

I went there and it was garbage.

Some nigger faggot was spamming nanochan, so I've implemented a per-board-configurable limit on the number of threads per hour. It's set to 6 at the moment, should be enough for a whole day of spam without me watching - legitimate thread creation doesn't happen that fast anyway.

You are anonymous to us, but do you believe you are anonymous to glowindarks? I've been researching onion hosting and it seems to be somewhat of a feat by itself, and running one anonymously (even clearnet user hosting is difficult) is even harder, and probably no bulletproof solutions exist.

Further, if your identity became known either publicly or to alphabet niggers, could your involvement with the site come back to harm you irl?

Nice, OP. You should think about migrating to fastcgi (it probably means implementing it in openbsd's httpd, though).

if you're going to answer HTTP requests, then just answer them. Don't use someone's silly reinvention of HTTP.

Spamming with what ?

lmao it's 2018 you should literally be able to achieve 1000x that

...

He is if he runs his Zig Forums like a trash Zig Forums clone, which I haven't been able to determine.
3chan.io is trash tho.

You're not implying that writing an fcgi program is the same as writing an HTTP server (with pipelining, keep-alive and all that shit), right?

...

I also kinda want my Zig Forums less religious and more conspirational type shit. Again it depends on the people.

Bots. they were posting randomly generated strings and images.

If it works with LuaJIT, then it is the fastest scripting language in existence.
Faster than many compiled languages, like Go and Java.

Zig Forums isn't deprecated unless he implemented user boards creation.
And fixes his image processing problem.

board creation is veddit-tier tbh
Only used this site because it didn't have shit mods and could post without jewglecaptcha.
But now that it uses cuckflare and the mods have gotten a lot shitter, there really is no reason to keep using this site aside from it's somewhat higher traffic.

It's the one single good thing about reddit.

and splinter the userbase into 10,000 different tiny little shitboards? no thanks
people naturally gravitate to the legacy board names anyway

The image processing problem has been fixed. The time for uploading an image is now only around 5% more than the time it takes to simply hash the data and run imagemagick to generate the thumbnails.
I'm sure I could optimize it further and I will do so, though.

Overboard has been implemented.

Attached: ClipboardImage.png (1366x706, 265.7K)

Unfortunately, I chose to use lua 5.3 for this project because muh new features n'shiiiieet. It's probably not hard to convert to lua 5.1 (which is what luajit can use), though. If speed ever becomes a problem I will keep luajit in mind.

Discovered today that my auto cookie deleter for palemoon no longer works.
Anyone know how to fix or a better alternative? I've disabled all cookies for now.

Could use graphicsmagick, it's usually faster than IM.

On this ~16mb file (which I can't upload here because my VPN is too slow and Zig Forums would crap out), generating a 200x200 thumbnail takes 7.9 seconds with GM while taking 8.6 seconds with IM. Similar results with other large images. I'm sold on that one.
but fucking OUCH that 8-second waiting time to upload an image... nice to know it's not my fault though. At least subsequent uploads are way faster because no thumbnail or catalog icon needs to be generated.

PDF uploads are now working.
WEBM and MP4 soon, that will involve the use of ffmpeg I'm sure.

Attached: ClipboardImage.png (563x555, 66.52K)