GJS protocol

Hello, dear citizens of /prog/. As you might have noticed, a terrible(!) plague has set itself upon our beautiful board, lowering the median intelligence of the posts to a level difficult to describe. During the past years, we have endured and endured, waiting for these painful months of the year to pass; some of us have given up, maybe even tried finding refuge in other programmer communities, only to realize the depth of the hole /prog/ had left behind in their hearts.

I don't know about you, but personally, I've had enough.

As it is a widely-known fact that we cannot rely on moderator power to push away the hordes of intruders, we must find another way to cleanse our magnificent community of the line noise that is ruining it.

What makes us special, /prog/? What is it that differentiates us from all the other boards? We can program. Let us use this to our advantage.

I thereby propose, as the final solution against the recent shitpostfest, the creation and implementation of the GJS protocol.

This protocol has but one goal: to give /prog/riders a way of recognizing each other's posts, and by extension, a way of ignoring all other posts.

/prog/riders are encouraged to devise message authentication/signing algorithms and post the corresponding textual description to /prog/, with absolutely no sample implementation whatsoever. Other /prog/riders who are willing to identify themselves as ``legitimate citizens'' will be able to do so by signing their own posts with one of the aforementioned algorithms; of course, they will be required to implement the algorithm of their choice themselves - perhaps easy and entertaining for them, but a veritable brick-wall for the intruders. As a result, /prog/riders will have no difficulty in recognizing posts written by a fellow compatriot (and automatically ignoring everyone else's).


Implementation:

The GJS protocol specifies two post formats: posts describing signing algorithms and signed posts.

The message-signing algorithms shall take a variable-length string as their input and return a variable-length string as their output. The message authentication code shall be defined as the lowercase hexadecimal-encoded MD5 hash of the output of the message-signing algorithm.

Note: BBCode and its associated HTML formatting must be ignored. Users of the GJS protocol are therefore encouraged to wrap the message header in text size-reducing tags, i.e. [sup] or [sub]. <br> tags (or whatever newlines are represented as) shall be interpreted as "\n".

Message signing algorithms will be uniquely identified by the FIPS-180-2 SHA-256 hash of their textual description.


Format of a post describing a signing algorithm:

:GJS1A <Message signing algorithm ID: hexadecimal sha256sum of the message describing the algorithm, i.e. of the base64-decoded Payload><newline>
:<Message authentication code (as defined above) using the algorithm itself of the message describing the algorithm, i.e. of the base64-decoded Payload><newline>
<Payload: base64-encoded message describing the algorithm, line-wrap is recommended>


Sample post describing a signing algorithm:

:GJS1A b824e263caedb4eb97689b25d14ab4217f229687b35ede63872c184b455b372e
:3fcee1ea342699e1bf18973b242f9b65
VGhpcyBpcyBhIHNhbXBsZSBtZXNzYWdlIHNpZ25pbmcgYWxnb3JpdGhtIGRlc2NyaXB0b3IgcG9z
dC4gTm9ybWFsbHksIGl0IHdvdWxkIGJlIGZpbGxlZCB3aXRoIHRoZSB0ZXh0dWFsIGRlc2NyaXB0
aW9uIG9mIGEgcmF0aGVyIGNvbXBsZXggc2lnbmluZyBhbGdvcml0aG0sIGJ1dCBmb3IgdGhlIHNh
a2Ugb2Ygc2ltcGxpY2l0eSwgbGV0J3Mgc2F5IHRoZSBhbGdvcml0aG0gaXMgcmVhbGx5IGp1c3Q6
CgpSZXR1cm4gdGhlIHN1bSBvZiBhbGwgdGhlIHZhbHVlcyBvZiB0aGUgYnl0ZXMgaW4gdGhlIGlu
cHV0IHN0cmluZyBtb2R1bG8gNjU1MzYsIGluIGRlY2ltYWwuCg==



Format of a signed post:

:GJS1M <Message signing algorithm ID: hexadecimal sha256sum of the message describing the algorithm><newline>
:<Length: length in bytes of Payload, in decimal> <Message authentication code of the Payload><newline>
<Payload: string of Length bytes>

Recommendation: As a preventive measure against false positives (posts not written by true /prog/riders recognized as authentic), the first line of the payload should have the following format (note: if the post is a thread starter, 0 must be used as Thread ID):

:<Thread ID in which post is located, in decimal> <Unix time at the time of signing, in decimal>


Sample signed post:

:GJS1M b824e263caedb4eb97689b25d14ab4217f229687b35ede63872c184b455b372e
:63 ac2e084d679d6de0a60f75fca6e63589
:0 1277094869
This message was written by an EXPERT PROGRAMMER.



Guidelines for writing a successful signing algorithm:

* Not too simple, but not too complex either. Ask yourself the question: would a person who has been using ``Teach yourself Sepples in 24h'' tutorials be able to write a program that implements your algorithm? If the answer is yes, then it's not complex enough.
* Do not rely upon external libraries; libcrypt is no exception.
* Do not rely upon language-specific features.
* Do not rely upon platform-specific features.
* Your algorithm should not require excessive time and space. Worst-case should be O(n) relative to the input size.
* Make sure the algorithm can be comfortably implemented in Javascript (to facilitate the writing of Greasemonkey extensions that would remove all non-signed posts from view).
* If you're out of inspiration, just use common problems in computer science, e.g. make the algorithm solve small custom knapsack problems generated from bytes of the input.
* Be creative!

^{:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:700 4cbd1d9c4bb409c428b0923719670c88
:1277098146 1277173200}
>>39
It's supposed to be a reference to the original posting of the signing algorithm, right?
No, it is the thread in which the signed message will be posted.


Why not include the post id as well the thread id?
You cannot include the post ID because you cannot always predict it accurately.


The reason why UNIX time and thread ID are the recommended first line of the signed message is because the board intruders, frustrated of being ignored, will very likely start copy-pasting properly-signed messages randomly in order to annoy us. Having the UNIX time of the posting and the thread ID, it becomes possible to remove duplicate posts or posts without thread ID from view.

>>38
It's going fine in Haskell. But doing the first part is nontrivial (at least for me, since I haven't done much of this sort of stuff in a long time).

>>41
How about changing that to an expiration date instead? You can predict that you're going to post the message within the next n minutes; then we could filter the messages in which the posting time is greater than the UNIX time in the post.

>>43
Same shit. IHBT

>>44
What? No.

Note: BBCode and its associated HTML formatting must be ignored.
Do you mean just for the header, or should it strip the whole post of BBCode when computing the hash?

^{:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:81 1df13244573cb18cc4b11803648c352b
:1277098146 1277177372}
>>46
The whole post. C'mon people it's not that ambiguous.

I sort of implemented it, but it doesn't work. It would be quite helpful if >>32-san provided sample inputs and outputs for each of the three stages, so that I could find the bugs easier, but I guess that this not being trivial is the whole point. But it's 4:40AM here, and I can't think anymore.

Can we please just standardize and use this one, at least until somebody gives out a working implementation? I really don't feel like implementing 10+ different algorithms.

>>48,49
The more I ``help'' you the easier it will be for the intruders to make it. But okay:

Algorithm: 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
Input string: "HMA"
Output of algorithm:
1001001001000000
254
14103585840156487810164442552287621548770247202479943008393869772619937936227511524967643926223493391118163568798272445077624726010824896305330

Fix your shit.

FIX MY ANUS

>>50
Are you sure that your MD5 works correctly? Mine gives me bc38c0e9c83a6e7b97cce070668345b8 as the hash of the output of your algorithm.

HASH THE OUTPUT OF MY ANUS

>>53
OUTPUT THE HASH OF MY ANUS

>>51,53,54
This is the bane of /Prague/

>>55
The ones that sage don't bother me so much. The bandwagon morons who don't have undoubtedly come from the imageboards.

>>56
COME FROM MY ANUS

>>52
^{:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:98 299c1c5cb51639e469c0455dd2d11f2f
:1277098146 1277223724}
>>52
$ echo -n "HMA" | ./JSB-1.py | md5sum
bc38c0e9c83a6e7b97cce070668345b8

^{:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:98 299c1c5cb51639e469c0455dd2d11f2f
:1277098146 1277223724}
>>52
$ echo -n "HMA" | ./JSB-1.py | md5sum
bc38c0e9c83a6e7b97cce070668345b8

^{:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:226 be69af1dbccec93355bb17655026b9ad
:1277098146 1277224110}
>>52
Well then congratulations! The Algorithm: field in post >>50 refers to the Algorithm ID, which is defined as the hex SHA-256 sum of the textual description of the algorithm. Sorry for the ambiguity.

Also, in case you still don't get it right, don't forget that the :1277098146 1277224110 line is really part of the message and NOT the header.

_{:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:213 2032647410993f8baa3e524d5a14202d
:1277098146 1277229332}
>>60,61
No, I didn't get confused about that. As I said in http://dis.4chan.org/read/prog/1277199219, there was a bug in my code (which occasionally didn't appear) which I have now fixed.

_{:GJS1M 67dcbdbce4a0b67c4b48e86a6ae29205a95e4b83024a9d947213d1231800e8d9
:213 2032647410993f8baa3e524d5a14202d
:1277098146 1277229332}
>>60,61
No, I didn't get confused about that. As I said in http://dis.4chan.org/read/prog/1277199219/12, there was a bug in my code (which occasionally didn't appear) which I have now fixed.

Okay, now it's time to write a /prog/ HTTP proxy that filters out all posts that don't have a valid signature. Will post implementation soon (obviously it will call an external program that will *not* have its implementation posted).

>>64
Why use an HTTP proxy when a Greasemonkey script works just fine?

>>64
Good job on filtering out all of the posters that can ignore the shit just by, um, ignoring it.

What a complete waste of time, signing posts. Bah stupid kids, get off my lawn.

>>67
It's like I'm back to the golden days of mailing lists and usenet!

>>68
My good, Sir, that is precisely my point.
Been there, done that, fucking over it.

Oh, and it will also sign automatically all outgoing messages.

>>64
Hey, don't steal my idea!
I thought about doing this sort of thing, too, complete with a BBCode parser and a Sexpcode implementation and my world4chscrape integration.
But no way I'm going to get banned for sending forged POST requests again. No one ever reads the appeals!

>>69
Then we have a mutual understanding on this matter; it being an exercise in futility.

>>71
It helps if you talk to Mr^Vac_Bob-chan directly on IRC or its variant, Twitter.

This is a ploy to make someone post the code to your »signing algorithm«, thereby doing your homework for you. I'm on to you.

I will not waste my time to check the authentication of each damn post I read. This is the worst idea of all time.

>>75
Then write a script to do it for you. What kind of a programmer are you?

>>32
THE JSB-1 ALGORITHM


* Notes:

This document is best viewed in a monospace font.

All further references to the hashed value of a string shall be interpreted by default as references to the binary representation of the hashed value of the string (and NOT the hexadecimal representation).

Throughout the whole document, the meaning of ``newline'' shall be interpreted as "\n" (byte 10).


* Algorithm:

The SHA-512 hash of the input string is interpreted as a 8x8 distance matrix where every byte represents a value from 0 to 255; the layout of the matrix is the following:

s[0] s[1] . . .
s[8] s[9] . . .
 .    .   .
 .    .     .
 .    .       .

Therefore, M(x,y) corresponds to s(x+y*8).

Find the shortest possible route that visits 8 points, numbered from 0 to 7, exactly once and goes back to the starting point; the cost of going from point A to point B is given by M(A,B). Calculate the total length of the shortest possible route. Reverse the bits in the 16-bit unsigned integer representing the total length of the shortest possible route (e.g. msb <-> lsb), then convert the aforementioned length to 16-bit binary Gray code. Print the resulting number as a 16-character long stream of 1's and 0's, msb first. Print one newline character.



Now treat the SHA-512 hash of the input string as one 512-bit unsigned integer `N1' of which the MSB corresponds to the first byte of the SHA-512 hash (i.e. hash[0] == N1 >> 504). Reverse the bits in N1 to obtain `N2' (e.g. msb <-> lsb), then calculate the Hamming distance between N1 and N2. Print out the distance as a decimal number, then a newline.



Now take the unsigned integer value of the last byte of the SHA-512 hash of the input string, add 404 to it and call it `k'. Let F(x) be a function defined as:

F(0) = N1  (as defined above)

       { F(n-1) / 2,     if F(n-1) is even
F(n) = {
       { F(n-1) * 3 + 1, otherwise

Print F(k), in decimal, then one newline character.




The final output of this algorithm should have the format:

<gray-encoded binary-reversed 16-bit length of shortest route><newline>
<hamming distance between N1 and N2><newline>
<F(k)><newline>

>>76
I will write a script that will hax your anus for me.

>>73
Which channel does MrVacBob-sama hang out on?

>>79
#4chan @ rizon