Anonymous 08/07/2019 (Wed) 00:32:11 No.16 del
>>14
Lynxchan's frontend is modular, but that's mostly used as an excuse by StephenLynx to not think about its design too much. The alternative frontends I've seen inherit most of the problems of the default one, being forked from it, and though I don't know the internal architecture in much detail I suspect some of the problems extend into the backend. One thing that caused me a lot of grief is that moderation logs are split by date, but not by board, making them absolute hell to search through.
There are functional concerns as well. The "early 404" anti-spam feature used to be pretty much useless. 8chan's version automatically deletes threads with fewer than 10 replies when they reach page 5, which makes flooding a board with empty threads less effective while limiting collateral damage. Lynxchan's version automatically deleted threads with fewer than 5 replies after an hour, which meant it'd destroy any board that isn't extremely active while doing nothing against a flood attack that's carried out in under an hour.
StephenLynx changed the feature after I complained, to his credit. The description in the Endchan mod panel is still of the old behavior though. I hope it's just the frontend that's outdated.
Lynxchan uses spreadsheet-driven design. That is, there's a spreadsheet with a list of features 8chan has, and StephenLynx tries to tick all the same boxes for Lynxchan, instead of adding features as needed in a way that solves problems.

8chan is more polished on the outside but not much better overall.
There are ancient design flaws carried over from Tinyboard. Every board gets its own database table, which scales hilariously badly and means that most features that span boards are broken. There's no way to get a global post history for a poster, even though their IP hash is the same on every board.
The current software, OpenIB, was supposed to be a hardened fork of the old software. The first hardening step they took was hashing IP addresses, but as far as I know that was also the last step. They don't make a serious effort to improve security.
Ron asked to hire me to do an audit, but I declined because I didn't even know PHP, which says something about the way he looks for auditors. A year later I had learned some PHP, so I took a look to see if anything jumped out, and by grepping for places where it used weak equality I discovered that if you make a board /04/ you also have board owner access to /4/, /004/, etcetera. There's no excuse to have that kind of bug. There are linters that could find that bug. But nobody found it, which must mean that nobody looked. I reported that and a few other bugs, and they're fixed now, but I'm sure it was just scratching at the surface. I don't trust it.
On the other hand, if you can run a site as large as 8chan without people digging that deep it'd probably suffice for a smaller site. Installing it is non-trivial though.

It's really surprising how dysfunctional everything is.

>Although I guess I don't actually know what powers a board owner has on one of these sites. Is it limited in some way? As in, does a malicious host have better ways to wreak havoc than a malicious board owner?
Board owners can moderate however they like, sometimes with a political restriction that if they make the board unusable other people can claim ownership. Site owners could in principle do outlandish things like add malicious JavaScript or harvest IP addresses. But it's more about having to trust two people instead of one.

Message too long. Click here to view full text.