all a / b / c / f / h / jp / l / o / q / s / sw / lounge cgi up wiki
[Home] [Catalog] [Search] [Inbox] [Write PM] [Admin]
[Return]

Posting mode: Reply
(for deletion, 8 chars max)
  • Allowed file types are: gif, jpg, jpeg, png, bmp, swf, webm, mp4
  • Maximum file size allowed is 50000 KB.
  • Images greater than 200 * 200 pixels will be thumbnailed.
File: 1264589203854.jpg
(77 KB, 553x800)[ImgOps]
77 KB
No.62293
Before it's too late and I get accused for not being transparent, there is a little thing I want to make clear: There are few features (modules) on Heyuri that can't be made public on the Github version. The reason is, these modules mostly consist of KolymaNET's centralized code, which isn't really unique to Kokonotsuba.

These modules are (at least ones that aren't depreciated/still in use on Heyuri):

1. Kaptcha
What you see on /lounge/ now to create threads. Kaptcha is currently the only type of captcha that can be used on Kokonotsuba. I am open to replace it if an alternative is developed.

2. VIP
Well, this is not really important, but including here for the sake of transparency. Users with a VIP code can post with a star next to their names, and bypass kaptcha. I am not saying anything on if I will leave this on Heyuri or abandon in the future for now.

3. SpamDB
Integration with https://spam.kolyma.org/spam.php - more explanation there.
I don't really want to abandon this until an alternative gets developed, but this may possibly cause conflicts as Kokonotsuba gets development updates.
Marked for deletion (Old)
>>
No.62295
I forgot to mention, it also needs to use Kolyma's secret password hashing method (as the only option) for admin/mod/janitor hashes as explained on >>62288

An alternative system for password hashes would be necessary in order to make kokonotsuba function without depending on KolymaNET.
>>
No.62297
>it also needs to use Kolyma's secret password hashing method
It's not that secret - I worked out the method and salt in about 5 minutes, and I'm the furthest thing from a cryptographer. It should really be changed sweat2
>>
No.62298
considering the willingness of people to contribute to heyuri, hopefully we can replace those modules with open source alternatives soon cool
>>
No.62301
>>62297
These are the kinds of knowledge/awareness the you know whos exploit to spam you know what and destroy alternative imageboards.
Be careful.
>>
No.62308
>>62307
I can barely code at all xd

It's really not that advanced - my experience tinkering with a few old Japanese BBS scripts from the 90s and early-2000s that worked the same way is what tipped me off (that alone should tell you how unrecommended this method is...), and there's some additional major giveaways

Now despite it being an archaic and unrecommended method, just knowing how it works still doesn't help much with cracking leaked hashed passwords or brute forcing the login field... so shouldn't it just be open source? (obviously with different default parameters to what Heyuri is using, and not hosting a public version for people to see what our parameters are)
>>
No.62317
>>62308
wait so heyuri doesnt even utilize the php password() function?? glare
Delete post: []