Hello, dear citizens of /prog/. As you might have noticed, a terrible(!) plague has set itself upon our beautiful board, lowering the median intelligence of the posts to a level difficult to describe. During the past years, we have endured and endured, waiting for these painful months of the year to pass; some of us have given up, maybe even tried finding refuge in other programmer communities, only to realize the depth of the hole/prog/ had left behind in their hearts.
I don't know about you, but personally, I've had enough.
As it is a widely-known fact that we cannot rely on moderator power to push away the hordes of intruders, we must find another way to cleanse our magnificent community of the line noise that is ruining it.
What makes us special, /prog/? What is it that differentiates us from all the other boards? We can program. Let us use this to our advantage.
I thereby propose, as the final solution against the recent shitpostfest, the creation and implementation of the GJS protocol.
This protocol has but one goal: to give /prog/riders a way of recognizing each other's posts, and by extension, a way of ignoring all other posts.
/prog/riders are encouraged to devise message authentication/signing algorithms and post the corresponding textual description to /prog/, with absolutely no sample implementation whatsoever. Other /prog/riders who are willing to identify themselves as ``legitimate citizens'' will be able to do so by signing their own posts with one of the aforementioned algorithms; of course, they will be required to implement the algorithm of their choice themselves - perhaps easy and entertaining for them, but a veritable brick-wall for the intruders. As a result, /prog/riders will have no difficulty in recognizing posts written by a fellow compatriot (and automatically ignoring everyone else's).
Implementation:
The GJS protocol specifies two post formats: posts describing signing algorithms and signed posts.
The message-signing algorithms shall take a variable-length string as their input and return a variable-length string as their output. The message authentication code shall be defined as the lowercase hexadecimal-encoded MD5 hash of the output of the message-signing algorithm.
Note: BBCode and its associated HTML formatting must be ignored. Users of the GJS protocol are therefore encouraged to wrap the message header in text size-reducing tags, i.e. [sup] or [sub]. <br> tags (or whatever newlines are represented as) shall be interpreted as "\n".
Message signing algorithms will be uniquely identified by the FIPS-180-2 SHA-256 hash of their textual description.
Format of a post describing a signing algorithm:
:GJS1A <Message signing algorithm ID: hexadecimal sha256sum of the message describing the algorithm, i.e. of the base64-decoded Payload><newline>
:<Message authentication code (as defined above) using the algorithm itself of the message describing the algorithm, i.e. of the base64-decoded Payload><newline>
<Payload: base64-encoded message describing the algorithm, line-wrap is recommended>
Sample post describing a signing algorithm:
:GJS1A b824e263caedb4eb97689b25d14ab4217f229687b35ede63872c184b455b372e
:3fcee1ea342699e1bf18973b242f9b65
VGhpcyBpcyBhIHNhbXBsZSBtZXNzYWdlIHNpZ25pbmcgYWxnb3JpdGhtIGRlc2NyaXB0b3IgcG9z
dC4gTm9ybWFsbHksIGl0IHdvdWxkIGJlIGZpbGxlZCB3aXRoIHRoZSB0ZXh0dWFsIGRlc2NyaXB0
aW9uIG9mIGEgcmF0aGVyIGNvbXBsZXggc2lnbmluZyBhbGdvcml0aG0sIGJ1dCBmb3IgdGhlIHNh
a2Ugb2Ygc2ltcGxpY2l0eSwgbGV0J3Mgc2F5IHRoZSBhbGdvcml0aG0gaXMgcmVhbGx5IGp1c3Q6
CgpSZXR1cm4gdGhlIHN1bSBvZiBhbGwgdGhlIHZhbHVlcyBvZiB0aGUgYnl0ZXMgaW4gdGhlIGlu
cHV0IHN0cmluZyBtb2R1bG8gNjU1MzYsIGluIGRlY2ltYWwuCg==
Format of a signed post:
:GJS1M <Message signing algorithm ID: hexadecimal sha256sum of the message describing the algorithm><newline>
:<Length: length in bytes of Payload, in decimal> <Message authentication code of the Payload><newline>
<Payload: string of Length bytes>
Recommendation: As a preventive measure against false positives (posts not written by true /prog/riders recognized as authentic), the first line of the payload should have the following format (note: if the post is a thread starter, 0 must be used as Thread ID):
:<Thread ID in which post is located, in decimal> <Unix time at the time of signing, in decimal>
Sample signed post:
:GJS1M b824e263caedb4eb97689b25d14ab4217f229687b35ede63872c184b455b372e
:63 ac2e084d679d6de0a60f75fca6e63589
:0 1277094869
This message was written by an EXPERT PROGRAMMER.
Guidelines for writing a successful signing algorithm:
* Not too simple, but not too complex either. Ask yourself the question: would a person who has been using ``Teach yourself Sepples in 24h'' tutorials be able to write a program that implements your algorithm? If the answer is yes, then it's not complex enough.
* Do not rely upon external libraries; libcrypt is no exception.
* Do not rely upon language-specific features.
* Do not rely upon platform-specific features.
* Your algorithm should not require excessive time and space. Worst-case should be O(n) relative to the input size.
* Make sure the algorithm can be comfortably implemented in Javascript (to facilitate the writing of Greasemonkey extensions that would remove all non-signed posts from view).
* If you're out of inspiration, just use common problems in computer science, e.g. make the algorithm solve small custom knapsack problems generated from bytes of the input.
* Be creative!
Interesting thought, certainly. I imagine that as soon as a single decent algorithm is devised, everyone will be sticking to that for at least some time.
I'll give it some thought, though I warn you in advance that I will ignore your adjuration to eschew external libraries.
>>3
Bad idea. See: * Make sure the algorithm can be comfortably implemented in Javascript (to facilitate the writing of Greasemonkey extensions that would remove all non-signed posts from view).
Name:
Anonymous2010-06-21 3:10
OP's ploy is just another way to fill /prog/ with more Xarnss. Why can't we focus on projects that are actually useful, like implementing sexpcode in FF extensions? or discussing official sexpcode with MrVacBob-kun-sama?
>>9
A /prog/ full of Xarns would be pretty awesome, actually. At least it'd have more code in it.
But yeah, I'm still waiting for that SexpCode Greasemonkey script as well. Apparently Bun is working on it.
Cute, but that would require most of us to actually spend a little bit of time to code a possibly trivial, possibly non-trivial program just so we could post on /prog/. One of the advantages of posting to BBSes is the low barrier of entry and being hassle-free. I don't see myself having problem following the protocol, but I don't think more than a few individuals would even bother, and I'm too busy right now to bother writing such a program.
would a person who has been using ``Teach yourself Sepples in 24h'' tutorials
It's possible, if he isn't stupid to begin with. Sadly a lot of your examples are also trivial for PHP programmers as the language comes with most functions you required built-in. I'll be sitting on the side-lines for this one and might decide to join in if it actually becomes popular, which I doubt.
>>12 Cute, but that would require most of us to actually spend a little bit of time to code THIS IS MADNESS
Name:
Anonymous2010-06-21 12:18
signing their own posts with one of the aforementioned algorithms
So you mean everybody will have their own algorithm? Why can't we just pick one?
Name:
172010-06-21 12:50
I doubt this will catch on. Of course we could make a program to make the post given the text, but it wouldn't be to hard for someone given a bit of time to make their own, even if they aren't expert programmers.
>>16
No, it's just that some imageboard kiddie will eventually manage to implement it and post it to their favourite imageboard (or maybe to /prog itself), thereby rendering it useless. The GJS protocol allows for multiple signing algorithms so that when one of them is broken, we can just switch to another one with no problem.
Also, I'm almost done writing my own.
Name:
Anonymous2010-06-21 14:07
>>19
I am ok with this. I say we start a thread in which we post tripcoded wildcard programs. If you see a program that looks worthy to you, consider that person a /prog/rider. If you see one that doesn't, don't bother reading their posts ever again, or simply script them out of existence.
Name:
Anonymous2010-06-21 14:24
This is a sample message signing algorithm descriptor post. Normally, it would be filled with the textual description of a rather complex signing algorithm, but for the sake of simplicity, let's say the algorithm is really just:
Return the sum of all the values of the bytes in the input string modulo 65536, in decimal.
>>24
The fact that it's nothing out of the ordinary doesn't mean we have to put up with it without resistance. When FV was around, we also responded by hiding him with that Greasemonkey script; technological solutions are a /prog/ tradition.
>>1
Well that's an interesting idea, but part of the charm of /Prague/ is being able to converse with people of various skill levels, so that you can both admire some and feel superior to some.
Now if we only had actual mods, who would delete any "[b][i]HAX MY %s[/i][/b]" posts. This protocol wouldn't help because I'm fairly sure that the people who post those are actual /prog/riders.
:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:87 e49af89cb2d30bb3f6871d301b5c0a79
:1277098146 1277169650
Now I wonder how long it will take /prog/riders to implement it.
>>32 as one 512-bit unsigned integer `N1' of which the MSB corresponds to the first byte
Couldn't you just have said to interpret it as a big-endian unsigned integer?
I'm having trouble with the third line (recommendation) of the signed post header. It's supposed to be a reference to the original posting of the signing algorithm, right? Why not include the post id as well the thread id? And why include the UNIX time of the signing at all?
>>39
I'm not sure if I quite understand it either. It's supposed to be part of the payload, right? So the signing program should automatically add that line to the message, and then authenticate the result? And I suppose that the UNIX time (together with the thread id) function as a form of salt?
Name:
Anonymous2010-06-21 22:21
:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:700 4cbd1d9c4bb409c428b0923719670c88
:1277098146 1277173200 >>39 It's supposed to be a reference to the original posting of the signing algorithm, right?
No, it is the thread in which the signed message will be posted.
Why not include the post id as well the thread id?
You cannot include the post ID because you cannot always predict it accurately.
The reason why UNIX time and thread ID are the recommended first line of the signed message is because the board intruders, frustrated of being ignored, will very likely start copy-pasting properly-signed messages randomly in order to annoy us. Having the UNIX time of the posting and the thread ID, it becomes possible to remove duplicate posts or posts without thread ID from view.
>>38
It's going fine in Haskell. But doing the first part is nontrivial (at least for me, since I haven't done much of this sort of stuff in a long time).
Name:
Anonymous2010-06-21 22:27
>>41
How about changing that to an expiration date instead? You can predict that you're going to post the message within the next n minutes; then we could filter the messages in which the posting time is greater than the UNIX time in the post.
Note: BBCode and its associated HTML formatting must be ignored.
Do you mean just for the header, or should it strip the whole post of BBCode when computing the hash?
:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:81 1df13244573cb18cc4b11803648c352b
:1277098146 1277177372 >>46
The whole post. C'mon people it's not that ambiguous.
I sort of implemented it, but it doesn't work. It would be quite helpful if >>32-san provided sample inputs and outputs for each of the three stages, so that I could find the bugs easier, but I guess that this not being trivial is the whole point. But it's 4:40AM here, and I can't think anymore.
Can we please just standardize and use this one, at least until somebody gives out a working implementation? I really don't feel like implementing 10+ different algorithms.
:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:226 be69af1dbccec93355bb17655026b9ad
:1277098146 1277224110 >>52
Well then congratulations! The Algorithm: field in post >>50 refers to the Algorithm ID, which is defined as the hex SHA-256 sum of the textual description of the algorithm. Sorry for the ambiguity.
Also, in case you still don't get it right, don't forget that the :1277098146 1277224110 line is really part of the message and NOT the header.
Name:
Anonymous2010-06-22 12:58
:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:213 2032647410993f8baa3e524d5a14202d
:1277098146 1277229332 >>60,61
No, I didn't get confused about that. As I said in http://dis.4chan.org/read/prog/1277199219, there was a bug in my code (which occasionally didn't appear) which I have now fixed.
:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:213 2032647410993f8baa3e524d5a14202d
:1277098146 1277229332 >>60,61
No, I didn't get confused about that. As I said in http://dis.4chan.org/read/prog/1277199219/12, there was a bug in my code (which occasionally didn't appear) which I have now fixed.
Name:
Anonymous2010-06-22 13:21
Okay, now it's time to write a /prog/HTTP proxy that filters out all posts that don't have a valid signature. Will post implementation soon (obviously it will call an external program that will *not* have its implementation posted).
>>64 Hey, don't steal my idea!
I thought about doing this sort of thing, too, complete with a BBCode parser and a Sexpcode implementation and my world4chscrape integration.
But no way I'm going to get banned for sending forged POST requests again. No one ever reads the appeals!
All further references to the hashed value of a string shall be interpreted by default as references to the binary representation of the hashed value of the string (and NOT the hexadecimal representation).
Throughout the whole document, the meaning of ``newline'' shall be interpreted as "\n" (byte 10).
* Algorithm:
The SHA-512 hash of the input string is interpreted as a 8x8 distance matrix where every byte represents a value from 0 to 255; the layout of the matrix is the following:
s[0] s[1] . . .
s[8] s[9] . . .
. . .
. . .
. . .
Therefore, M(x,y) corresponds to s(x+y*8).
Find the shortest possible route that visits 8 points, numbered from 0 to 7, exactly once and goes back to the starting point; the cost of going from point A to point B is given by M(A,B). Calculate the total length of the shortest possible route. Reverse the bits in the 16-bit unsigned integer representing the total length of the shortest possible route (e.g. msb <-> lsb), then convert the aforementioned length to 16-bit binary Gray code. Print the resulting number as a 16-character long stream of 1's and 0's, msb first. Print one newline character.
Now treat the SHA-512 hash of the input string as one 512-bit unsigned integer `N1' of which the MSB corresponds to the first byte of the SHA-512 hash (i.e. hash[0] == N1 >> 504). Reverse the bits in N1 to obtain `N2' (e.g. msb <-> lsb), then calculate the Hamming distance between N1 and N2. Print out the distance as a decimal number, then a newline.
Now take the unsigned integer value of the last byte of the SHA-512 hash of the input string, add 404 to it and call it `k'. Let F(x) be a function defined as:
F(0) = N1 (as defined above)
{ F(n-1) / 2, if F(n-1) is even
F(n) = {
{ F(n-1) * 3 + 1, otherwise
Print F(k), in decimal, then one newline character.
The final output of this algorithm should have the format:
<gray-encoded binary-reversed 16-bit length of shortest route><newline>
<hamming distance between N1 and N2><newline>
<F(k)><newline>
Why don't you make your own board. Except it's not a board, it's an interface for storing arbitrary objects. Then sit there. Alone. How very emergent.
Name:
Anonymous2010-06-22 15:56
This will never catch on. People will soon realize that the EXPERT PROGRAMMERS are also the retarded incontinent shitposters. Why? because EXPERT PROGRAMMERS have no social skills nor an acceptable sense of humor.
Name:
Anonymous2010-06-22 16:05
>>93
that about sums up my feelings on the subject
>>93
I follow your reasoning, but you are wrong. #sicp, for example, contains (as far as I can tell) everyone on /prog/ who can program, and is responsible for most of the high-quality posts here; they also complain regularly about the low quality content. It's possible some of them are hypocrites, but when the alternative hypothesis is just that high school kids flooding in from the imageboards now that it's summer are responsible for the crap, I think I know which I consider more likely.
>>94
I'm not surprised you think of yourself as an EXPERT PROGRAMMER, but it doesn't count unless you can get other people to agree.
>>95
I regret to inform you that I am responsible for a number of high quality posts on this bulletin board, and yet do not idle in #sicp as you suggest. Ergo, your wrong.