/lynxchan/ - LynxChan

The best engine you will ever shitpost with.



Keep threads on-topic.
Roadmap
Installation video tutorial
Vichan migration script

New Thread:



Max Message Length: 4096
Don't show location
Make sure I have a block bypass
Files:
Spoiler Max File Size: 1.00 MB
File Limit Per Post: 3
Remember to follow the rules .


Cat 02/11/2018 (Sun) 23:39:11 Id: d23996 No. 524 [Reply]
Open file ( 96.34 KB 750x600 200912102227351.jpeg )
Please explain how is engine better than Meguca.

Cat 02/12/2018 (Mon) 11:21:12 Id: c24fbe No. 525
You tell me why I should care about meguca.

Cat 05/08/2018 (Tue) 17:24:18 Id: 292745 No. 534
>>525
it's not written in spaghetti language

Cat 05/12/2018 (Sat) 16:04:10 Id: db7b17 No. 537
sans font looks nice (4chan a shit)



Cat 12/28/2017 (Thu) 04:25:58 Id: c95102 No. 495 [Reply]
Open file ( 44.54 KB 698x265 owned.png )
What is known about this claimed exploit?

Cat Board owner 12/28/2017 (Thu) 11:21:02 Id: 36351e No. 496
Aside from the possibility of running mongo accepting external connections without authentication enabled, nothing.

I am skeptical of anything that mentions or involves smiley, that image reeks of goon trolling. I figure the first place to be owned would be a large site, like mewch or endchan. At least this one, since its managed by me.

Mega Milk 12/29/2017 (Fri) 04:56:48 Id: 66a73b No. 499
>>495
What site is/was this?

nanote 12/29/2017 (Fri) 05:42:22 Id: 3914a8 No. 500
nanotech#zvNTEK 12/29/2017 (Fri) 05:42:40 Id: 3914a8 No. 501
It was a prank lmao



Cat 01/04/2018 (Thu) 16:28:54 Id: d3100a No. 505 [Reply]
Open file ( 83.88 KB 1273x518 XSS.png )
5 posts omitted.

Broken HTML generation OP 01/18/2018 (Thu) 17:44:42 Id: 61d67f No. 517
Markdown links containing quoted text or quotes to posts generate invalid HTML. For example:

http://google.com/>507
http://google.com/ class="quoteLink" href="/lynxchan/res/505.html#507">>>507
http://google.com/ class="quoteLink" href="/lynxchan/res/505.html#507">>>>/lynxchan/507

This could have security implications (the resulting HTML looks quite bad), but I cannot find a way to exploit it at first glance. Suggested fix:

diff --git a/src/be/engine/postingOps/common.js b/src/be/engine/postingOps/common.js
--- a/src/be/engine/postingOps/common.js
+++ b/src/be/engine/postingOps/common.js
@@ -471,9 +471,9 @@ exports.replaceMarkdown = function(message, posts, board, replaceCode, cb) {

});

- message = message.replace(/(http|https)\:\/\/\S+/g, function links(match) {
+ message = message.replace(/https?\:\/\/[^\s<>"]+/g, function links(match) {
Message too long. Click here to view full text.

Cat 01/19/2018 (Fri) 00:07:21 Id: 5a92bd No. 518
>>517
ty, ill look into it

Cat 01/19/2018 (Fri) 12:00:05 Id: e7347a No. 519
Fixed, all I had to do was to process links before quotes.

Fixed only on 2.0, I will fix on 1.8 and 1.9 if I find some way to exploit that.

But given how stuff is sanitized anyway, I don't think that would be possible.

Cat 01/22/2018 (Mon) 20:08:52 Id: 248a80 No. 520
test.

Testing Tester 01/28/2018 (Sun) 17:16:16 Id: 500963 No. 523
Open file ( 554.91 KB 400x393 1093125a34d1c4e753c8c6776442aed3.gif )
Open file ( 10.78 KB 228x221 index.jpg )
Test



Markdown in /<board>/catalog.json API Cat 01/23/2018 (Tue) 00:56:37 Id: 24b91a No. 521 [Reply]
Is there any reason that the catalog API json doesn't have the comment in markdown? The API has markdown in the thread views, but not catalog.

Cat 01/23/2018 (Tue) 21:08:40 Id: 04c95d No. 522
If you are the guy that e-mailed me, there is no good reason and I added it on 2.0.



Cat 01/14/2018 (Sun) 17:03:57 Id: 5d701d No. 516 [Reply]
Open file ( 74.68 KB 645x729 d27.png )
Open file ( 74.68 KB 645x729 d27.png )
Hey guys, just had a question regarding installation of a 3rd party front end with Lynxchan, upon downloading a front end like 8tailedLynx (https://gitgud.io/obongo/8TailedLynx) and booting up lynxchan I get several broken pages that look like plaintext.

I was told on the irc to run command [code]lynxchan -rfe -r -nd[/code] to rebuild the pages.

When running that command I get the following error:
[code]m@xchantest:~$ lynxchan -rfe -r -nd
Were found issues with templates.
Enable verbose mode to output them.
Full deletion progress: 7%
events.js:160
throw er; // Unhandled 'error' event
^

Error: connect ECONNREFUSED /tmp/unix.socket
at Object.exports._errnoException (util.js:1020:11)
at exports._exceptionWithHostPort (util.js:1043:20)
at PipeConnectWrap.afterConnect [as oncomplete] (net.js:1090:14)
Message too long. Click here to view full text.



Was the RAM cache a mistake? Dog 01/02/2018 (Tue) 08:43:20 Id: 100739 No. 502 [Reply]
Open file ( 490.02 KB 255x255 pondering.gif )
Can someone explain me the rationale behind the RAM cache? Intuitively, it feels wrong to (re)implement caching of GridFS files because GridFS/MongoDB already performs some sort of caching in the background. The main benefit seems to be the non-preemptive caching strategy (JIT), which is a big win, but could have been easily achieved without an additional cache layer.

Cat 01/02/2018 (Tue) 12:05:56 Id: 4e1f98 No. 503
Concurrency and performance.

Gridfs became unstable with JIT removing and reading at the same time, causing corrupted caches. Up to 1.8 that wasn't an issue since cached files would only be removed after a newer version was stored.

And the new implementation was able to serve 5x more requests.



Issues with Penumbra Lynx Cat 12/27/2017 (Wed) 08:03:39 Id: f170f6 No. 491 [Reply]
Not totally sure if this is the correct place to ask this, but apparently i'm too retarded to edit a front end

How do I edit the homepage of imageboard, like the title element and footnotes and stuff? Modifying the index.html in the templates doesn't work.

I'm also confused about the overboard, as on other places like mewch it shows recently posted threads on the index, but for me it doesn't work

Cat 12/27/2017 (Wed) 10:44:02 Id: 892edf No. 492
1: the title of the site is set on the global settings, the title of individual pages is set on the language pack.
2: after editing a template, you have to reload the RAM cache of the template. You have a few options for that: A: run lynxchan with -fd so it will reload that cache everytime it is used B: run lynxchan -nd adding a rebuild command, they can be found on src/be/readme. This will rebuild the completed page that used the template.
3: you have to set the overboard uri and the option to show recent posts on the front-page on the global settings. To edit global settings, login as root and click the link on the global management page. You can also edit the settings json manually, but that won't trigger some required actions on the engine after certain settings change and is prone to error.

Cat 12/27/2017 (Wed) 19:51:57 Id: f170f6 No. 493
>>492
Thank you so much!

Cat Board owner 12/28/2017 (Thu) 11:42:44 Id: c38287 No. 498
Btw, I made a small mistake there: -r commands rebuilds the disk cache of completed pages, -rfe reloads the RAM cache of templates.



Cat 12/27/2017 (Wed) 22:07:12 Id: d545ac No. 494 [Reply]
When I try to upload custom JS, my browser sends the file with the wrong mime type (application/x-javascript), and it gets rejected by the server. Is this check really needed?

Cat Board owner 12/28/2017 (Thu) 11:23:11 Id: c50848 No. 497
Hm, that is a good question.
I figure that I could remove the check, since its a feature that will only be used by sites without user owned boards and possibly by only site owners themselves.

Come to #lynxchan on rizon and I can give you a solution for 1.9.



Deleted posts Cat 12/12/2017 (Tue) 20:41:17 Id: 5abfcb No. 489 [Reply]
Open file ( 1006.58 KB 273x429 fat_teleport.gif )
Is there anyway to look at posts that have been deleted from Admin view?

Cat 12/12/2017 (Tue) 20:45:35 Id: be9967 No. 490
No.



THE SOLUTION TO THE SPAMMING QUESTION Cat 11/27/2017 (Mon) 05:42:18 Id: 1796cc No. 483 [Reply]
Idea: Registration system. You may think it sounds basic, but it offers a heck of lot of ways to deal with spamming.

For one, it means one can't just pop open a script to flood your site anymore. It adds another layer of authenticity. They need to create a script which can get them multiple e-mail accounts - we can also ratelimit those registrations. More details below.

Generally, the registration system should not exist for the purpose of identifiability on the boards. A tripcode already fulfills this purpose. Although, using a LynxChan extension, we could easily add support for certain flair similar to 4chan.org's since4pass feature, but that is for another thread. The registration system should serve as an anti-spam mechanism.

The registration system should work like this:
-On the frontend, a notice for users that they require an account is displayed if the registration system is turned on. They are forwarded to login.html and told to register or login. They register, verify their email, and then they login.

Now here is where we get into even more security:
-The administrator should be able to restrict what e-mails can be used for registration. We could limit them to cock.li, gmail.com, yahoo.com, protonmail,ch, and protonmail.com. If any of these domains become troublesome, they can be omitted.
-The registration should be restricted by the StopForumSpam database, just as with MyBB.
-Registrations should be able to be ratelimited. If the maximum daily registrations have been exceeded, tell the user. Staff should be able to make these user accounts as they already can do via the Global Management panel.
-Not really required: One can also turn on a mode where all registrations need to be approved by an administrator or moderator. Also known as the "vBulletin hell"

Let me know your thoughts and if this is something that sounds appealing to (You)

Cat 11/27/2017 (Mon) 11:56:41 Id: 4c3c6c No. 484
>For one, it means one can't just pop open a script to flood your site anymore.
You already can't. There is both mandatory global captcha and mandatory block bypass. Sites get spammed because they fail to RTFM and turn on settings to prevent spam.

All in all, I really dislike the idea of making the engine to behave like a forum with accounts and such. And its completely unnecessary. At best one could make it so users are exempt from filling captchas, like the 4chan pass for the sake of convenience.

But I really fell like this would give a bad rep to the software, by attaching e-mails to posting at all.

Cat 11/27/2017 (Mon) 17:42:40 Id: 1796cc No. 485
>>484
It's an alternative to needing to have captcha enabled constantly, as with the block bypass. You can make your registered users lives a lot more pleasant by not requiring them to fill out a captcha constantly. Someone starts spamming? Then you turn the registration off, and the posting experience remains the same for everyone currently registered. Plus you can manually let people in. It's another way to prevent spam, without the need for captcha.

>But I really fell like this would give a bad rep to the software, by attaching e-mails to posting at all.
It shouldn't; People who choose not to use instances which decide to take this approach to combating spam only need to use another instance. It's comparable to saying "I hate vichan... It makes me use a tripcode to post!" [Because the rules of the website require you to do so]

It doesn't behave like a forum either, it only adds a registration system and a new set of permissions. If it behaved like a forum, you would have things like persistent post count, world-readable post history, a reputation system, persistent nicknames forced, not an option. This takes only one thing from forums: Requirement for registration. Everything else is in the hands of the instance.

Cat 12/07/2017 (Thu) 17:04:03 Id: 42bb07 No. 488
>>483
emails aren't needed for registering, you're a dumbass; make a forum instead

>-The registration should be restricted by the StopForumSpam database, just as with MyBB.
make a forum instead

-Not really required: One can also turn on a mode where all registrations need to be approved by an administrator or moderator. Also known as the "vBulletin hell"
forum

>-On the frontend, a notice for users that they require an account is displayed if the registration system is turned on. They are forwarded to login.html and told to register or login. They register, verify their email, and then they login.


dude, thats a fucking forum, not an imageboard


are you runit?


Reason:
Password:
Global
Delete only files
Delete media (Actually removes the saved files from the server, standard file deletion only removes the reference to the selected posts)

Captcha(Used only for reporting): No cookies?

[ 12345 ]