Rocksolid Light

Welcome to RetroBBS

register   nodelist   faq  


rocksolid / rocksolid.nodes / Re: Postmill thread

SubjectAuthor
* Re: Postmill threadRetro Guy
`* Re: Postmill threadanonymous
 `- Re: Postmill threadanonymous

Subject: Re: Postmill thread
From: retro_guy@retrobbs.rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.nodes
Organization: RetroBBS
Date: Thu, 12 Sep 2019 23:08 UTC
On Thu, 12 Sep 2019 21:13:25 -0000 (UTC)
anonymous@def2.anon (anonymous) wrote:

Nice work tracking stuff down!

Thanks, I am not sure if I have it yet

One thing to consider is that Tor Browser intentionally looks the
same (all users) to a web server.

Yes, that is the point. The session token for a user session is an
md5 generated from stuff like:
-ip-address
-user-agent
-(other stuff which is meaningless when working with the torbrowser)
In constrast to this, the anonymous session is simply a random value.
This should work for the user session too.
I guess when ff was written, tor or other darknets where simply not
considered as a use case.

Interesting, I see now what you're saying, use the opposite of trying
to find differences and use a random for everyone.

I've thought about entirely removing sessions from ff >(removing the
actual session_start lines), but I have not tried this yet.

If you remove sessions completely, I believe you have to rewrite the
post function, too.

I need to take a look also into this when I can. (Which won't be for a
few days, this is the end of my 'weekend').


btw, the newsserver on def4 is missing some messages, I guess I have
to reactivate the old pullnews...
Posted on def2

Do you sync between your two inn servers?

Retro Guy


Subject: Re: Postmill thread
From: anonymous@def2.anon (anonymous) (anonymous)
Newsgroups: rocksolid.nodes
Organization: def2org
Date: Fri, 13 Sep 2019 14:16 UTC
uncommenting line 350 in index.php seems to do the trick, at least I don't land in my own sessions anymore when connecting from i2p and tor.
for further testing i think i need to setup another instance of the forum, to get the address right. i don't remember how i used to do that (i mean run the forum on i2p and tor).
btw, this bug was reported by a forum admin on the fudforum in 2014, for multiple users all connecting from one vpn and with the same browser (ie). exactly the same issue. the response from the dev was that he would like to wait until this behaviour was confirmed by others ("could be a huge issue", well, no shit sherlock). that is the last message in the thread. i wanted to necrothread, but fudforum effectivly blocks tor users from registration, using some ip based blacklist in which tor exit nodes would be, of course.

i do sync my news servers with each other, but the one from def4 seems to have frozen or something, a restart fixed it.

cheers

trw Posted on def2


Subject: Re: Postmill thread
From: anonymous@def2.anon (anonymous) (anonymous)
Newsgroups: rocksolid.nodes
Organization: def2org
Date: Sat, 14 Sep 2019 16:28 UTC
btw, there is some useful ff documentation here:

http://cvs.prohost.org/index.php?title=Fud30_ses

and a ff hack fopr sso here:

https://github.com/phoxicle/FUDForum-SSO-Adapter/blob/master/index_sso.php


cheers

trw
Posted on def2


1
rocksolid light 0.6.4f
clearnet i2p tor