Nanochan II

Audio uploads, JSON API. I will first improve the captcha code though, right now it's a bit of copypasted code with a shit ton of repeated lines. All code must be up to my standards before adding more features. Should take only a few days to get audio support. JSON API needs a bit more consideration.

OP which webserver are you using?

sthttpd. you can check this yourself by visiting a page that doesn't exist outside of /nano e.g. nanochanxv2lxnqi.onion/asidjhfasuhdf

>JS-ON
Think!!

Where are some good places to shill nanochan? I'm desperate for replies to my shitposts.

at least it's not XML

Not fourchan. PLease no.

Haven't it be shilled here is already bad enough with the levels of cuckchan this shit-hole have reached.

Idk. Find obscure imageboards and make a thread about it on each one. Or just wait until exodus 2.0 which I'm sure will happen eventually.

Somebody has already linked nanochan once from 4cucks/g/. However, they all dismissed it because it was too dead for them. Someone linked it from reddit, but they all dismissed it because they were a bunch of anarkiddies.

...

Could you raise the filesize limit? And display it in the post box. And give a meaningful error, because on qutebrowser, I only get:
Unable to load pageError while opening nanochanxv2lxnqi.onion/nano/System/postERR_CONNECTION_RESET

That wasn't hitting the filesize limit. That's just a bad connection which I can't do anything about since it's over tor. Restart your tor daemon and try again.
The filesize limit is 16MiB and when you reach it you will get a "haserl CGI error: filesize limit exceeded" instead of a connection reset.

Maybe it's not a filesize issue, but some timeout on the upload or something. Couldn't upload a 4MB webm with a 100KB/s upload rate.

The connection reset everytime after something like ten seconds. I'm pretty sure it comes from your server.

You should delete it, it's shit

The problem has been fixed.

What was it?

Server timeout set too low by default, large files could not be uploaded

Support for audio files has been implemented. Supported file types are: mp3, ogg, flac.

>oy vey too anonymous it's shit

Better late than never, but, nigger, I told you before the shutdown that it might be a timeout error resulting from your server configuration, and you were all, "Nah, dude."

Endchan?

JSON API is a really good idea, plz do it user

...

Oh, sorry for making you investigate yourself when I had the bare minimum of knowledge. Somehow, I had the idea that both Wakaba and Kareha worked entirely through pure HTML.
Is using CSS instead of JS really a sensible alternative though? What makes one bad HTML extension better than another?

You don't need javascript to fetch data from a server and parse it. Dunno what you are implying.

Are you functionally retarded?

There are a number of known vulnerabilities, that have been used, to deanonymize Tor users via leveraging JavaScript.

The first major incident where this happened was with the "Freedom Hosting" seizure by the FBI. The FBI kept servers online, and then installed javascript paylods which exploited a zero-day exploit in Firefox. This caused the computers to call back to an FBI server from their real, non-anonymized IP, leading to the deanonymization of various users. You can read more about it in Ars Technica arstechnica.com/information-technology/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-users/

In general, enabling JavaScript opens the surface area for many more potential attacks against a web browser. In the case of a serious adversary like a state-backed entity (e.g. the FBI), they have access to zero-day exploits. If the vectors for these zero-days are disabled (e.g. JavaScript), then they may be hard pressed to find a viable exploit even if they have access to zero days etc.

The only reason the Tor project allows JavaScript to be on by default in the Tor browser is usability. Many Tor users are not technically savvy, and JavaScript is commonly used with HTML5 in modern web sites. Disabling JavaScript causes many web sites to be unusable, thus it is enabled by default.

As a best practice, one should disable JavaScript in the Tor browser and keep NoScript enabled for all sites, unless you have an extremely compelling reason not to.

>>>/g/ is over there

The issue in my eyes is that css is so complicated that were going to start seeing similar vulnerabilities in it. Ideally, users would install custom userscripts, which have been designed to not be turing complete (unlike css), such that there is as little attack surface as possible. These could do much more than css can, while still being safer from vulnerabilities.

Could you elaborate on this? Do you mean like a greasemonkey kind of thing?

What kind of vulnerabilities?

That's what I was imagining. The scripts would be bery simple though. Things like: when user clicks an id: insert >>{the id}\n into the text field and select it. When user hovers over an id: show the relevant post in a floating box. I know we think of javascript as being a bloated piece of shit, but these are the things javacript was designed to do, so it would only take a couple lines.

The problem with this approach is that it takes more effort on the part of the end user. This is a particularly large problem because nobody uses nanochan right now (case in point: why are we discussing this here and not there).

Right now, CSS can be used to leak your browser window size using media queries. Depending on your particular configuration, this could deanonimize you (tor normally sizes the browser into buckets, but the user can disable this by mistake by double clicking on the title bar eg).

Just in general though, css is massively complicated. Mozilla created a new programming language just to write their css engine in. They brag about it being safe, but they don't tell you that's it's safety needs to be disabled to do anything slightly complicated in it. That and the legacy cpp code almost certainly have vulns hidden in them, and the spooks probably know them all. Also note that our security model is "don't want to be deanonimized" so even the slightest uninitialized memory constitutes a vulnerability for our cases.

Given that the nanochan dev seems to be insistent on only using lua to power all of the site's functionality, I doubt he'd implement the userscripts thing. That said, I think it's a really good idea. Yes, it takes more effort on the part of the user, but if that user is too stupid to follow an instruction on the main page that says "Go here to install some comfort features you loser" then I think the site is better off without that user.

Hakase said that he has no clue how to write javascript and has asked the community to make their own

mee-G00-ka

...

4taba

wrong

Can I make my own boards or am I subject to the whims of your friends like cuckchan?

no.

LOL go back to the 90s grampa

But you can host your own nanochan. Which is a lot more freedom than creating shitty, non active, and forgettable meme boards.

The goal here is to improve things. Not repeating the same mistakes and end up with 5,000 boards about animal porn.

Is nano down for anyone else?

Is that a...
(((DATAMINING QUESTION?)))

Yeah it's down atm. The Mossad probably shoah'd it.

it's back up

...

I would like to announce the bunker URL in this thread for archival purposes.
/meta/1059 contains more information.
nanobunkv5kedrtq.onion/

Is there really a point in user-boards on an imageboard that'll probably never have more than 50 users? Anything you want to discuss that doesn't already have a board can be discussed on /b/.

dark theme nao

Attached: 1522763816182.png (619x710, 498.47K)

download /static/nanochan.css from the nanochan server, change the color: attributes, and release it as a userstyle. then let people install it themselves.

The fact that all imageboards aren't dark themed by default is a testament to how fucking retarded you have to be to host a forum like this.

Ran into a few performance problems. I'll proably rewrite Nanochan in another language. Probably Rust. Thoughts?

I think I'm going to rewrite Nanochan in JavaScript, thank you very much.

Lynxchan already exists.

Oh, it does? Perhaps I'll go a step farther and use a better, more modern language like AppleScript(tm) instead.

Nah. I'll use Rust.

Dark themes are shit.

I can't post in the bunker. What the fuck happened?

Performance problems. LUA sucks. I'm rewriting nanochan in Rust at the moment.

The bunker will remain locked until the main Nanochan goes down. The locking and unlocking of the bunker has been delegated to someone other than me.

Shut up fake hakase

I just installed dark reader and called it a day

Just created /pone/. Maybe this will increase user count?

I'm sure if anything it'll drive away users.
create a /tv/ though

I sure as fuck don't want this kind of customers.

There are no opinions, only truth. Dark themes are objectively better on your eyes, and therefore should always be used as the default. Back to cuckchan you dumb nigger monkey.

...

OP have you considered switching to a V3 onion address?

Just created Zig Forums and /zoo/. This will definitely increase user count. Our board is now more diverse and welcoming.

I took the liberty to unlock the nanobunker and create /umaru/, hope that's OK.

Dark themes are objectively shit for edgy kids trying to go blind. Kill yourself faggot.

Congratulations on not understand how eyes work retard.

Dark themes work on terminals because the text is either white or bright green on a black background, dark themes usually don't work on imageboards because most of them have mid-grey text on a dark-grey background, the lack of contrast kills your eyes.

Contrast and extreme lack of contrast are as bad, retard. Something like #aaaaaa on #ffffff is what you should use; as long as you use bitmap fonts, it's almost as sharp as pure white.

Gee, I wonder who could be behind OP.

It can't as easily track people with v3 via the atacamma submilimeter array so no, it won't switch for now.

The read-only API has been implemented. Information about the API is available here: nanochanxv2lxnqi.onion/nano/meta/1096

Jesus christ you spooks aren't even trying anymore.

when are you going to stop shilling everywhere?

Nobody cares asie

go back to your minecraft fanboy club

Dead?

haserl CGI Error

[string "nano"]:4: module 'cjson' not found:
no field package.preload['cjson']
no file '/usr/local/share/lua/5.3/cjson.lua'
no file '/usr/local/share/lua/5.3/cjson/init.lua'
no file '/usr/local/lib/lua/5.3/cjson.lua'
no file '/usr/local/lib/lua/5.3/cjson/init.lua'
no file './cjson.lua'
no file './cjson/init.lua'
no file '/usr/local/lib/lua/5.3/cjson.so'
no file '/usr/local/lib/lua/5.3/loadall.so'
no file './cjson.so'

never mind, working again.

I was updating some packages. No big deal.

Who's the nigger posting Lain r34. I'd rather see CP posted.

Nice cp request fbi. We know you love the lewd lains though.

a few minor changes have been made:
>threads now have a proper element

How about keeping the upload filename, too?

Would potentially cause deanonymization and higher code complexity since someone could send some weird strings as the filename which need to be rejected.

That's not hard to just execute a simple strpbrk or what's the Lua regexp equivalent and say no when it matches.

An opt-in checkbox of sorts would work for the deanonymization problem