Guidelines for imageboard

Captcha endpoint needs tweaked or rethought. Needs to not even generate a captcha until a user goes to post a reply. This also needs to accommodate non js users as good as possible.
More themes need added and integrated into the scss build system so they don't fall behind when changes are made to the base CSS (effectively using scss extend or import or whatever and putting colors in variables.)
To add to that the base CSS seems to need some work. Inconsistent margins and the bare templates use lists which makes the site ugly without CSS in text browsers.
JavaScript features are missing like webm looping, embeds from YouTube or soundcloud and filtering.
Document caching beyond HTTP caching in php is needed.
Needs features from 4chan-x like gallery mode and such.
Over/multi board needs finished, overcatalog and the "overwatch" feature is neat though.

All of that, and the software is finished.

(check)

ok if I have this right

is it
or is it

uh
can that be done with like, PHP or something else besides js?

sound like good standard features

filter what? like repeat posts of images or word filters?

can you explain why, I am completely novice to web

isn't that like, bloat?

couldn't a script like 4chan-x be added for that?

I have been trying to avoid his site

does overboard watch all selected boards, all boards, or selected threads?

Should not generate a captcha until a user begins writing a reply with js. Probably would be easily solved for linking to a captcha endpoint to solve for nonjs users, like it is on Holla Forums, or some iframe fuckery.
Needs to allow the user to filter anything and everything with js.
Overcatalog watches all boards, or only sfw boards, or only nsfw boards, or multiple boards you specify. Its effectively a multiboard. The overboard feature isn't fleshed out, only the overcatalog at the moment. But the overboard has the same multi board functionality. Can watch sfw, nsfw, or multiple boards you specify.

makes sense to me
is the 16chan captcha 24 hours and is that a desirable model?

does Lynx do this? would the lynx method be a good model wit ha lynx-x script for those that want java?

sounds like a snazzy feature to be honest, but can it be done without java?

Its every 100 or so posts or 3 days whichever comes first.
The problem with next was generating a captcha for lurkers, effectively consuming all system resources especially because of hotwheels shitty sine implementation, most of the work which wasn't even pushed to GD but done in the php interpreter.
I'm not sure if lynxchan has a built in filter/hiding system for posts.
The snazzy multiboard selection functionality doesn't require JavaScript, only "overwatch" which automatically refreshes the multicatalog.

SADWIFE
S stealable
A anonymous
D disclaimable
W (trade secret)
I imageful
F forgetful
E (trade secret)

stealable's not really an imageboard feature, but it's a feature we need to have in other areas. if it's too difficult to outright duplicate a resource, then there's too much of a dependency on the resource-providing user avoiding corruption.

anonymity is not obviously an imageboard feature. There are fields for Name and Email. Trips and flags and other crap can be added. but it's a feature of the community, and if you violate it (by revealing IPs f.e.) people will be pissed. It is also subtly supported by imageboards, with the default name, with per-thread IDs, with being able to post without having to log in. If all the world were imageboards you wouldn't notice this stuff.

a post or action is disclaimable if you can do it and then reasonably deny that you did it. you can support this with some care about what you log and what you track.

again, if all the world were imageboards you wouldn't notice the ability to post images. isn't that normal? no, it's not. usually the best you can do is post a link to an image. on imageboards people actually communicate with images. your imageboard should either host images itself or at least handle the hosting itself (you can f.e. receive an image and send it right on to imgur, and use their link -- TRS's forums do this). you may want to make it possible to post an image without any associated text at all. why not multiple images? how much space is there between them? do you strip image metadata or leave it?

'forgetful' is another accidental feature. imageboards are actually just limited in storage. you can't accept furry porn a hundred times a day and not eventually have to add a SAN attachment just for more furry porn unless you eventually delete the shit. and how humiliating would it be to have the German government shut you down, pull a disk, and find nothing but furshit on it? you can replicate the accidental feature by deleting old threads after new ones come in, but you can also remember it as an intentional thing to do. forget who posted what. forget bans. eternal storage is for alphabet agencies.

fascist
kill yourself

oh, and

don't let users inject javascript into other users' browsers. don't store anything that would even matter if it were stolen.

if you don't trust your coding, or are writing in PHP and therefore have no business trusting your coding, then have nginx serve static assets itself and proxy other requests to a completely different server that's capable of PHP. you're letting users upload files. don't let them run the files as PHP on your server. Note: PHP is such cancer that it will run PHP embedded in image files, or PDFs. Don't fix this is code. Fix it in your architecture.

work with vCPUs

where culture's concerned, part of it's stuff like anonymity, but a large part of it is the *absence* of cancerous features. You can add your own innovations to the model that will actually break it.

for example, on Something Awful people care an awful lot about your join date. On reddit they care about what other subreddits you post to. On forums they care about your post count.

Think about why those tiny features enter into discussion so often in those communities, and avoid shit like that.

Did I take a time machine and travel back to 2006? Even if you use sendfile with PHP that's not true for over a decade with stanadard nginx and apache configurations.

you're assuming that a framework handles the request for the image and then PHP reaches out to a file and sends it.

I'm talking about "a request arrives for a file, apache blindly hands the request to index.php, PHP echos it while executing the bits. like it does with everything, even invisible fucking byte order marks."

Under a reasonable configuration Apache *shouldn't* ask PHP to handle an image request, but it happens. It happens today. Someone write now is writing the next popular file-upload-exploit WordPress plugin that was only intended to add bunny ears to images. It is a thing to keep in mind and avoid.

Yeah a code of conduct isn't a terrible idea as long as it's not retarded. It wouldn't be bad to have an ""official"" document saying that no one gives a fuck about your personal life as long as long as your contributions are good and you don't bring drama into any official IRC channels or mailing lists.

Along with a mission statement clearly outlining the values of the project. Anonymity, free speech, open source, etc.

When it does the image isn't interpreted as PHP. That was a bug, it shouldn't happen for the past 8 years.

At least, not under any sane configuration. I'm sure there's pajeet boxes out there that are still vulnerable tho.

$ php -vPHP 5.5.9-1ubuntu4.17 (cli) (built: May 19 2016 19:05:57) Copyright (c) 1997-2014 The PHP GroupZend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies$ cp lolvn.jpg lolphp.jpg$ echo '' >> lolphp.jpg $ file lolphp.jpg lolphp.jpg: JPEG image data, EXIF standard$ php lolphp.jpg |grep lolBinary file (standard input) matches$ php lolphp.jpg |tail -1N��?��?��ў�֏X�����H�|��g�u^�C�=e!��}�o���?�m�n�:Gvd�uN���!l�&L L�^]Q���������n�/E^.���Y ��l;�Ŗ��~��>���Kcu��z*�}�ҍ����X���
��������������lol

OK, so a thing to keep in mind, would you say?

normie boxes. LAMP stacks dropped from the sky with cPanel. WordPress, Joomla, Magento, et cetera. Reasonably secure until plugins are installed, and then it's a crapshoot.

Oh, my definition of pajeet box is xampp/lamp. Who the fuck uses apache these days?
But you are right, it is a problem with pajeet boxes I guess. Hasn't affected anyone who's not a fucking retard forever, though.

OK. My zabbix instance has, last count, about 54 thousand servers in it. How big is yours?

Speaking of going back to 2006, I remember the late 90s where Perl people couldn't believe that this PHP shit wasn't going away. They also couldn't explain how to set up their new cool Perl frameworks in a CGI configuration. CGI? That's old, nobody uses that anymore.

Honestly I should be able to rebut any kind of "sane configuration" talk just by repeating "PHP" in an increasingly obnoxious matter.

$ cowsay PHP _____< PHP > ----- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||

hm. That's a dumb response. I guess it irritated me that you called all my normie customers 'pajeets'. That is horrendously unfair to normies. These are mostly honest white people trying to make money at home with one weird little trick. Your typical pajeet has 2-3 advanced degrees in technology but doesn't know what symlink is and fully 50% of his productivity comes from asking American counterparts to do things for him.

Here is a better response: my customers at least are only using PHP because they don't know any better and don't care that what they're directly (WordPress et al.) using relies on it. You though are some kind of technical person who is too cool for Apache but who uses literally the worst language in the entire world that isn't actually in-house and undocumented. Grats, you've architected away PHP's fundamental vulnerability to malicious uploaded files. I suggest OP do that too (if he must use PHP) - and carefully, and just as much with architecture instead of coding.

having josh is a bonus, he's like kryptonite to the worst kike cancer on this site

I'm surprised. What happened?

They're not really buzzwords, but they're often repeated.
This means being able to discuss controversial issues which people are unable to do on other sites because said controversial issues like GamerGate resulted in mods banning or deleting posts. Or stuff on Holla Forums like discussions in opposition to gay marriage or immigration get flagged as hate speech and taken down. This also includes being able to discuss things that are not convenient to website administration too.

This means not using scripts/widgets/etc from websites like Google, Twitter, Facebook, and other social media because they collect user data for analytics. As in the website isn't broken if those are disabled, and people could still post without a Google Captcha. It also means true anonymity, not "anonymity" where metadata behind the scenes (captchas, or password for post deletions as I've heard) can still track a user by the posts.

So, for buzzwords, those are pretty important.

I remember shitting on him because he blamed performance problems on vCPUs. With the example of Infinity at hand, with access to the servers and to Jim and to Hotwheels, he set out to create something more performant than Infinity, and when it was total shit he said "vCPUs?! Nobody told me about that! I was deceived!"

And yeah that line didn't last long, but

SO WHAT, THOSE ARE WHAT INFINITY IS USING

YOU WERE SUPPOSED TO MAKE SOMETHING rage-B-E-T-T-E-R-rage

jesus christ why

so bad code on top of bad code?

also what I am getting from this is that captcha should definitely be on it's own page or people should at least only show up around the post form when people press submit and a captcha timer/counter check or something fails and then it would need a refresh button for the post form

that doesn't sound like a very good idea actually, since one could easily turn that into a DDOS attack, should need like an active captcha to see it

neat that it doesn't use java tho

a fair point I'll have to remember and when I telephone it I'll have to remember to mention

thanks user

really shouldn't be posting porn on a safe for work board discussing childrens shows in a thread about sharing good whole sum volkish shows for kids to watch

Tits and ass in an economics discussion thread makes sense though, long as the board is safe for work

sounds like good advice in general

so run the software in virtual machines?

shit that makes sense

fuck that would be cancerous, I guess it is worth mention though just so some jackass doesn't think he had a good idea

Owncloud

I use it for my in home cloud file server
I don't have it online but these posts are fucking unnerving

would be good for board rules on a site like this one, with that "allow me to pontificate" image

I thought josh was a kike

I just did it because of his shit design

I still don't trust him but administration on Holla Forums has been going to shit and jewsh apparently has kept working on his site

I hear stuff like hotwheels fucking off when he should be trying to fix the site and jim goign full jew

but it's all heresay until you look up the stuff yourself

also it seems like Holla Forums mods are subverted most of the time, especially that jew imkamphy

given but they are rarely explained properly and used like buzzwords

I'll have to remember that, nice even post there

right but how does google get into fucking everything? we don't seem to have it here so are sites like 4chan just saying yeah gibs me dat money and you can check my site?

do we have that here?
and if so how can we get around that without opening ourselves up to spam and ddos?

shit I remember that

this whole fucking shitshow

I'm sorry for all of those spaces

it might help to use different environments, yeah. The other day I had to tell someone to move off of some hosting because the storage layer was done by ceph ( ceph.com ) and the write to disk performance was beyond shitty... and this guy had just migrated a website to it that had some crazy caching code that was constantly writing to disk.

honestly his site would have sucked on any hosting, but the slow writes really murdered its performance.

if you're not actively getting DDOSed, you don't need anti-DDOS features. you can make collection of some data toggle-able. or you can make it very short-lived by default.

the real justification for scare quotes on Holla Forums is that vols can see your "post history" within a board. but, that's misleading due to VPNs and due to mobile networks all using VPNs by default, so it's still disclaimable' to an extent. even if a vol sends logs to your boss, you can say no, I wrote that, but not that other shit.

.. or actually, I'm only assuming that that's the case because bans are by IP. the reality may well be worse.

but that's vol stuff. shill stuff. not necessarily something an admin needs to care about. as with thread ids here, you might make it a board-level feature and just make it clear to people if they're in a board where their posts can be tracked by vols or not.

even then you can discourage abuse of that feature by limiting the rate at which vols can use it, and by making the information short-lived.

Local staff (board volunteers, board owners) can see the posting history of a single IP, and they can see hashed 255.255.0.0 masks of your IP, allowing them to see that two posts were made from the same range. Seeing a range's posting history is impossible.

Global staff can see unhashed IPs and the posting history of single IP addresses on the current board. Because the IP addresses are unhashed they can verify that two posts on different boards come from the same IP address, but the database is too fucked to let them see global posting history (or delete by IP across the entire site).

BASE64'd MEME GOD DATABASE

that doesn't make sense
I suppose you meant to say DoS attack, and it still doesn't make sense.

I probably don't know what I am talking about

I just assumed you could have a bunch of browsers just running the page and letting it update automatically but that probably isn't as bad as a bunch of image requests and it's probably not what is happening