>>69
The sage seems a bit off...
Yeah, no, maybe. Using secure trips for capcodes also adds extra protections against accidentially misspellingyour capcode and leaving it open to attack.
>>324
I've heard they use it on a per-IP basis for troublesome posters on 2ch. It could also discourage people from being jisakujien (supposing ID is disabled) or posting in a certain thread unless they're totally willing to have their host revealed.
I found this:
fusianasan【ふしあなさん】[名・自スル]
2ちゃんねるに書き込みする際に名前欄に「fusianasan」の文字列を入力すると、その書き込みをした人のリモートホストのIPアドレスがさらされるようになっている。
本来は「(固定ハンドル)@fusianasan」などとして、まだキャップを取得していない固定ハンドルが自らIPをさらすことで騙りを防ぐためのシステムである。
が、裏2ちゃん関係のコピペが横行するに至って、一時期うっかりIPをさらしてしまう。
エロな人間が続出し、fusianasan廃止要望まで唱えられるに至った(当然却下されたが)。
IPをさらすことだけによる危険は、そのIPから手元で使用中のコンピュータを一意に特定でき
(ex:グローバルIPによる常時接続)、かつプロキシ・サーバー、ファイヤーウォールなどの防御策を怠っている場合にしか及ばないので、
fusianasanに引っかかったからといって実はそこまで神経質になることもなかったりする。
……過去にIPから仕事中に政府機関から2ちゃんねるにつないで裏2ちゃんに入ろうとしていた愚か者が釣れてさらされたという事例はあるが。
なお、現在では一部の板でデフォルトの名無しさん(名前欄未記入時の名前)が「fusianasanさん」などfusianasanを含む名前となっている場合がある。
また、串の性能を試すために敢えて裏2ちゃんに引っかかっていると思われる強者もちらほら見受けられる。
類義語:mokorikomo
参照:裏2ちゃん、キャップ
testing #`¦
> Can't this be somewhere else but the post form?
No, because that would be immensely useless and annoying, because nobody would know it's there, and even if they did, they'd have to go somewhere else every time they wanted to post something using a different markup.
>>112
We already have the ID function, so why do we need such an egregious compromise of anonymity (and security) like voluntarily exposing your own IP?
> The "entire thread" link can easily be changes to link to the files in /res/ instead of going through the script, but that would make it somewhat less convenient when you want to consturct custom URLs, so I haven't done it.
A better solution would be to use mod_rewrite to rewrite all /kareha.pl/$number/ links to /res/$number.html
It schould be a lot faster then running the script and the links stay the same.
Well, a lot of machines run on x86 these days, so that covers a lot of it. And you could pre-compile for a couple of other architectures, and have it pretty much covered. Linux and unixes in general make it ridiculously hard to distribute binaries, as opposed to Windows or Mac OS, but it's still possible with a bit of trickery. Avoiding dynamic libraries helps a lot.
>Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.
You could take the route that MrVB (I think?) did and generate the strings on first run? openssl, /dev/random, perl's random as last resort. In almost every case you are going to get a better random string than most people will supply, and if they want to change it they can. Or only have them generated if they are not supplied.
Honestly, when people care so much about anonymity they can put up with the changes required to ensure it.
> Another topic: since dynamic pages eat up CPU in order to rebuild pages according to URL parameters, what would be the likelihood of the current dynamic thread subpages having a significantly adverse effect in this aspect if a board were to grow to 2ch-sized proportions?
The effect would be miniscule in comparison to the huge increase in bandwidth that would result from sending the entire static thread pages.
The "entire thread" link can easily be changes to link to the files in /res/ instead of going through the script, but that would make it somewhat less convenient when you want to consturct custom URLs, so I haven't done it.
> Also, let's put out a partition to kill secure tripcodes (unless they originated from 0ch/Futaba)
Why? Even if 0ch or Futaba implemented secure tripcodes, you wouldn't get the same secure tripcode there as on another board. That's the nature of the security.
> captcha (until we find a way to implement similar functionality without requiring it in the form of a GIF/PNG image)
That's even more non-sensical. Nobody on the entire internet has figured out a reasonable way to implement captcha except by using images, and the only boards that use them are image boards where you have to load images anyway. And finally, they aren't just there to annoy you, people do actually try to flood boards, and they are stopped by the captcha.
> And is there any practical way that Kareha can be modified to run multiple (even nested) boards in a single installation?
Not without doing a lot of changes throughout the code, and not without breaking current installations.
Your browser momentarily regressed to an old bug and then got better? Who can tell?
Running in pure perl would be ideal, portability-wise, but in practice implementing a JPEG loader and saver from scratch in Perl is both a lot more work than anyone wants to do, and the result will also be too slow.
As was already stated, making a statically linked executable lets you distribute pre-compiled binaries that people can just upload along with the script.
> (albeit edge cases)
Which is the crux of the matter - it mostly doesn't matter to the vast majority of users.
> You still end up with no way to link the fusianasan post with the name/trip one without IDs enabled (unless the ID method is known and no secret data is used).
You can use fusianasan with a tripcode, at least on Kareha. I suspect you can on 0ch too, but I haven't checked.
>The effect would be miniscule in comparison to the huge increase in bandwidth that would result from sending the entire static thread pages.
How about a config.pl parameter to split up thread subpages into X posts per page? The navigation links already use 100 posts per page for practically everything except "Last 50 posts".
Hmm, I just remembered: >> links would not work at all with static pages. Not good.
>Why? Even if 0ch or Futaba implemented secure tripcodes, you wouldn't get the same secure tripcode there as on another board. That's the nature of the security.
Right, I guess it was dumb to mention 0ch/Futaba in the first place. The point is, as you said yourself, tripcodes are a gimmick, and if someone wants to maintain a persistent identity across multiple boards and sites (ie, everyone here with a tripcode), they have no choice but to use ordinary tripcodes. Secure tripcodes are useless because they limit your identity to a single board, supposing each board/site's cipher key is different -- which it should be, since that's the point of having a secure tripcode in the first place. No one should be so paranoid about a tripcode that they'd need to have a different one per board/site.
>Not without doing a lot of changes throughout the code, and not without breaking current installations.
Shouldn't we sacrifice some backwards compatibility for a more robust and scalable design? It might even be possible to provide an upgrade.pl for old threads.
>You could only trigger the functions in a specific format, say...
That's a cool idea, though for now it would have to be left alone if we want to keep Kareha compatible with 2ch/Futaba conventions.
>>195
Exactly. The methods and the effects of saging a thread are separate subjects.
P.S. I recently discovered "rXX-XX" for threads in /soc/. How exactly does this work? From the sound of it, it's supposed to randomize the post order, but when I hit refresh I get the same order.
I have always found that it's more difficult than one would think to implement features that will measure "popularity" in a satisfying way that isn't open to abuse in one way or another.
Here's a fun little game for you all!
I'm looking into adding support for using HTML markup in addition to WakabaMark, but since most boards use XHTML, I can't just let through any old HTML, and most people can't write well-formed XHTML. Also, I don't want any cross-site scripting going on. So I've tried to write a piece of code that takes any horribly written piece of HTML, sanitizes it by removing all tags and attributes that are not an approved list, checks the attribute values, and turns it into well-formed XML.
Now I'd like to see if anyone can break this. The objective is to get some Javascript onto the page, or making the page break in Firefox (or any other browser that parses XML strictly), or otherwise causing trouble. Have at it!
>>324
I've heard they use it on a per-IP basis for troublesome posters on 2ch. It could also discourage people from being jisakujien (supposing ID is disabled) or posting in a certain thread unless they're totally willing to have their host revealed.
> Would it maybe make sense to make a separate thread creation page?
Considering that the ratio of users who start new threads to those who don't is pretty small on most message boards, I think it does.
A seperate page could also be used to put a more visible disclaimer/set of rules, as a seperate page with a different layout is likely to generate more attention from the user. Stuff that can be put there also wouldn't clutter up the frontpage.
I don't think this is an urgent matter, though.
>>108
fusianasan is a voluntary function to show identity without having to memorize a tripcode. Works on all boards. Reveals your IP, of course...
Another feature I'd like is keyboard shortcuts like Wikipedia. Although you'd have to avoid stuff like Alt-D.
Copyright only applies to the literal code, not to features, ideas, or algorithm. Patents do, to some extent, but that's not the issue here. Since I'm not going to write the exact same code, there's little they can do.
>>74
The comma range separator is useful for anchoring a certain post range to the first post (ie, "1,-100"), but that's all I can really think of. Still, I appreciate such a degree of flexibility.
What about a(n) (optional) preview page? It would be nice, especially with the multiple formating options. It also allows most of the benefits of being able to edit posts, without being able to edit posts. I don't know how often I've screw up a quote because it didn't look like multiple lines but it was.
Is there a reason why the post box is so small and pushed to the side?
Forced fusianasan would be fine I think, if they had advanced warning.
>>137
I also noticed that you removed the CSS selector in individual thread views. Personally, it seems both the Admin options and Style selector are a bit of a hindrance to the overall layout. Don't get me wrong -- I think the drop-in Style capability is fantastic-- but it just doesn't seem to play nice with the current 2ch page design.
The thing is, don't most or all major browsers these days allow users to change CSS styles from within the application itself? I know Firefox does, at least. Maybe the selector isn't really necessary.