/nrg/ - Nyaa Replacements General

I think the scraper finally works.

Nothing really big. Torrents haven't changed much in years.

Omedetou

Deluge has a better interface, qBittorrent is a meme

>I think
Stop using vague words

Oh no

youtube.com/watch?v=cB7IAXrCkO8

Say, can they sell those data to Japanese companies?

What are access logs? Those are stored by default too. Your IP isn't hard to figure out from a site owner perspective. Also, nyaa.se stored them too. How else do you prevent spam? I'll be waiting for your suggestion.

And really >seized
What are you 12? This isn't TPB, no one is getting seized.

that's great!
what does it scrape?

so THAT'S why they won't dump the db

>What are access logs
Access logs aren't stored indefinitely.

>Your IP isn't hard to figure out from a site owner perspective
How the fuck is that even relevant?

>How else do you prevent spam?
Uploading requires an account.

There is absolutely no reason to store the ip with every single torrent.

anidex and nyaa.si

Reading those DMCA complaints

comeso ones are the best TRACY!

Sorry.

Will it DEFINITELY avoid duplicates?

It should.
I just tested it in production.

Cartel data mining confirmed

Access logs can be stored indefinitely, how do you prove they aren't?

Anonymous uploads exist, how to prevent spam without IP logging?

How long do you need to store an IP address to combat spam? I would assume you would have any spam issues resolved after 24 hours at the most, and that's being generous. So you really shouldn't have to store access logs or IP addresses after that.

>Access logs can be stored indefinitely, how do you prove they aren't?
Trust goes a long way here. Nobody trusts Nyaazi admins, especially when people like AMM disrespect peoples' privacy for fun.

Who is "nobody"? Who are you trying to represent exactly?

Also trust is a silly construct, you shouldn't trust any shitty site. Take matters into your own hands with a VPN or similar measure these days. Anyone using arguably illegal sites with their real IP deserves whatever they get.

24 hours is ideal for keeping logs.
For something like this minimal logs should be kept anyway.

>this damage control

>Access logs can be stored indefinitely, how do you prove they aren't?
I can't but that's hardly relevant here.

>Anonymous uploads exist
No they don't.
"Anonymous" is simply a flag on the torrent that hides the username from other users.
The torrent is still linked to the account. If you looked at the link you'd see that for yourself.

Actually if you went to nyaa.si you'd see that you can upload a torrent anonymously, without signing in. Just like at old nyaa.

>Who is "nobody"?
Everyone that isn't an idiot. You earn trust. Nyaazi admins have done nothing to earn that. From everything I've seen they associate with people that are malicious. They are affiliated with HorribleSubs, who leaked the MangaTraders database filled with peoples' private information. They associate with AMM, who harvested the information of people on /f/ for fun. And now it comes out that they're permanently storing metadata about uploaders. Why would anyone trust them?

>Also trust is a silly construct, you shouldn't trust any shitty site.
You shouldn't have to, but that doesn't mean I'm going to use a site run by people I don't trust. There are a billion ways to fingerprint users even if they use a VPN.

>I just tested it in production.
lol

In that case you keep ip logs for a short amount of time for the sole purpose of rate limiting, not store them forever for every torrent.

>He's so bad he has to test in non-prod environments
Point and laugh

Help a nigga out here. Is there a way to sort stuff i search on mobile?

All i get is name sorting which doesn't help at all

[17:15] [~Aureolin] Yes I know
[17:16] [~Aureolin] It was a temporary thing anyway, it will be removed or phased out at some amount of time later on

Yeah, sure.

The bigger problem is that there are no mascots on mobile

>later
why not now?
why would they do it in the first place?

what about long term IP banning for those repeat spammers?

>I'm moving this to a secret repo

To prevent spam and the quickest way was storing uploader IPs so they could be blocked easily, admittedly if we were less lazy we might have done it right from the start.

Panty is fine

The very fact it wasn't hidden is all you proof you should need to know we didn't feel bad about it at all. It was a lazy decision, not a malicious one.

No shit you don't feel bad about it, one of your admins literally leaked a database filled with information about people from a website he hacked.

>To prevent spam
Pantsu had no issues with spam coming from anonymous users.

Who is this?
snowfag?

Kill yourself.

there are other ways to prevent spam, you don't need to tie every single IP to it's torrent and saving it in the DB

The decision of an individual in a 15+ person group doesn't reflect any consensus.

Snowfag prefers to use his trip for maximum epeen. I don't actually care.

Like I said, lazy decision, admittedly maybe not a good one. It is part of the reason our dbdumps are delayed too.

Reimu?
Fuck off, faggot.

>The decision of an individual in a 15+ person group doesn't reflect any consensus.
It does when they have access to your backend and can leak all of that delicious permanently stored information about your users. Even if you only stored logs for 24 hours I have no reason to believe that cunt wouldn't set up a cronjob to backup that data himself.

Reimu can't type coherent sentences like this. Couldn't you come up with better insults? At this rate I'm going to be more insulted at the bytes of my data cap you are wasting.

Who ever said he had backend access? He manages some servers, but the backend is handled by a highly core group. Barely anyone has access to the actual application backend.

>He manages some servers
So what you're telling me is that nobody associated with HorribleSubs or AMM has access to the nyaa.si database, access logs of any form, or any personally identifying information?

>coherent sentences like this
>insulted at the bytes

Some people associated to HS and AMM have access to the site moderation info which includes the user's email address, and when the account was made. That should be it. Only people in the admin group on the site have view access to the IP, such as Aureolin. Mods don't get that, and it is on the way out probably whenever someone gets around to it anyway since we forgot it was indefinitely stored. As I said earlier, probably was a mistake.

Lets not pretend half of the people in these threads aren't Europoor ESLs. What I did wasn't even all that bad.

>Some people associated to HS and AMM have access to the site moderation info which includes the user's email address, and when the account was made.
And you are saying that this is also the case on the servers that "he manages"? In what capacity does he manage these servers? Because that implies to me that he has root access to them.

Snowfag manages the tracker and front end server at the moment, which do both provide some measure of IP info, however the front end merely passed the IPs to the backend for access log purposes, I just checked the front end config again now, and it is configured to not log itself and just pass info to the backend. The tracker I think doesn't provide very useful data anyway, so it should be a non-issue. Almost nobody has DB access, in fact the dev team and ops team are highly separate at this point. I am on the ops team.

If you have questions I can get a trip to identify me easier, however I wouldn't put a username since I don't care to be called anything in particular.

>Snowfag manages the tracker and front end server at the moment, which do both provide some measure of IP info
So what you are now saying is that your previous comment was complete bullshit? Also, Snowfag is the kind of person I would expect to MITM an admin session to gain whatever access to the site he wanted. So saying he only has access to the your load balancer or whatever is not relieving.

This thread will never not make me laugh.

As far as I'm aware he wouldn't know how to MITM anything. And frankly I don't think access to a useless front end constitutes much trust, as I said, the configuration is set and checked fairly often by a few people. I really doubt anyone has a chance to do anything there. And the tracker I believe to be insignificant to begin with since you can obtain peer lists via opentrackers anyway. The entire reason Snowfag is even onboard is because he has the trust of at least one core member, his decision in regards to the MT thing was indeed unfortunate however I don't believe it to be an issue here since he has invested a lot of time and effort into settings things up. I don't see why he would do that just to bring it down.

>As far as I'm aware he wouldn't know how to MITM anything.
It's not comforting to know that your security to prevent Snowfag from running wild is that you think he's to stupid to do anything bad.

>The entire reason Snowfag is even onboard is because he has the trust of at least one core member
That's what concerns me the most. I don't know who that person is, whether they had anything to do with MT, or why they would trust someone actively malicious like Snowfag. Additionally, I don't know how malicious they might be personally. The whole nyaa.si project is shrouded in secrecy to people outside their IRC and they have done nothing to establish trust, but many things to break it.

>I don't see why he would do that just to bring it down.
I don't see why he would hack MT and leak personal information either but well here we are. Some people just fucking suck.

Also, how much information does AMM have access to? Do they manage any infrastructure?

>hey associate with AMM, who harvested the information of people on /f/ for fun.

The more I read about the cartel the more it sounds like a terrible joke that never stopped

>It's not comforting to know that your security to prevent Snowfag from running wild is that you think he's to stupid to do anything bad.
It isn't a matter of stupid, it is more that all he knows is syadmin-ing. He doesn't contribute in the code, because as far as I'm aware, he can't.

>The whole nyaa.si project is shrouded in secrecy to people outside their IRC and they have done nothing to establish trust, but many things to break it.
We're working on better communication, also you'll need to be more specific with when we broke trust. Other than the IP thing, as I said before, that was a lazy decision and nothing more. I could potentially address your concerns.

>I don't see why he would hack MT and leak personal information either but well here we are.
This is actually a misconception, Snowfag was never involved in the actual hacking. He merely obtained the fruits of it to wave around.

>Also, how much information does AMM have access to? Do they manage any infrastructure?
Just a dev, no access.

>it is more that all he knows is syadmin-ing
I'm also a sysadmin (Well more DevOps but whatever) and I always assume that people in similar positions have a similar knowledge set, and there's two things that I know for sure: 1. I'm also dumb and 2. I could still fuck lots of people's shit up for a long time if I had the same level of access that I presume Snowfag to have.

>also you'll need to be more specific with when we broke trust
The people your project associates with, in addition to the IP thing. At the end of the day, I simply don't trust pretty much anything anyone involved with your project says. Whether that's fair or not is irrelevant, you reap the benefits of your peers actions. And your project has some pretty shitty peers.

>He merely obtained the fruits of it to wave around.
Which is why I wouldn't doubt that he would delegate his access to someone more malicious in the future, so they could help him shake things up.

This 404 page need some work!

Submit a PR

do you mean create an issue?
i don't know how github

No, "Submit a PR" is one more level of asshole from "Create an Issue". It means "Fix it yourself"

No, I mean fork the project, fix it in your fork, and submit a pull request with your changes

If you are this set in your belief that Snowfag is some sort of evil mastermind I'm afraid I won't be able to dissuade you about it. All I can say is that I, and many others involved, do not believe it to be an issue at this time.

Also as I had said, I can't do anything about the people involved really, so I can't address that.

If it makes you feel any better as I had said earlier, dbdumps are on the way for us. Things just fell behind working on other shit, plus we're in the middle of some hardware upgrades for the backend.

i don't have the skill necessary to fix this otherwise i'd have done it myself

Read some books until you can fix it and then fix it

Fucking Sup Forums spam filter. I will post this in two parts.

>Only people in the admin group on the site have view access to the IP, such as Aureolin
And who is Aureolin?

I did a little bit of investigation.
1) Blame shows that line in was committed by nyaadev.

2) See logs in . Most likely Aureolin == nyaadev. Sunako probably knew this line was committed by Aureolin and Aureolin responded because he was the one who committed it.

3) Now I check my own irc logs
>[@matt] +@api_blueprint.route('/ghetto_import', methods=['POST'])" lol
>[@matt] did you really have to commit this to the git BotoX

I don't think he's a mastermind of anything, that's giving him too much credit. I just think he's an asshole.

>Also as I had said, I can't do anything about the people involved really, so I can't address that.
I understand as much. I'm just trying to help you and whoever else is involved with the project (nobody knows, which is part of the problem) understand why people might not trust nyaa.si

>If it makes you feel any better as I had said earlier, dbdumps are on the way for us.
Transparency goes a long way. It's why I trust Pantsu, for example. Not just the DB dumps though, but they're a nice start. They're open about pretty much everything, even when they buy one of their staff a pizza and how much it cost.

Whenever I click the mascot for the first time, it just plays a short "aa" sound. Second click gets the normal "nyanpass".

Forks fine here in both Firefox and Chrome.

continued from (still trying to bypass retarded Sup Forums spam filter).

4) Let's find out who committed that ghetto line:
>git log -S "api_blueprint.route('/ghetto_import'" --source --all
>Author: nyaadev
>Date: Mon May 22 01:49:02 2017 +0200
>temporary ghetto import, will be removed once importing is done.
I.e. Aureolin == nyaadev == BotoX

>And who is Aureolin?
Snowfag confirmed they're the sole owner of nyaa.si
warosu.org/g/thread/S60616531#p60621618

And again continued from . Fuck you, retarded admins and your retarded spam filters.

5) If you check commit times (and timezone) nyaadev is EUfag. BotoX is from Austria (CEST) according to google and archives.

6) And BotoX is literally member of HS who also was one of mangatrader hackers. Reminder:
>mangaupdates.com/showtopic.php?tid=46806&page=1
> that4chanwolf: you do know it was matt, me, and botox that hacked their shit right

MALICIOUS INTENT CONFIRMED

> that4chanwolf: you do know it was matt, me, and botox that hacked their shit right
This line from snowfag himself also seems contrary to what was being said here

He merely obtained the fruits of it to wave around

just use nyaa.si

Tomleb made an issue for this.
One of my goals for this is to be as Transparent as possible with this.
Definitely could be improved though.

Holy shit, we got internet P.I.'s up in this bitch. But really, Trusting Nyaa.si or HS after the shit they did is just ill advised.

It seems snowfag just boasts. I can't imagine how 3 people can hack a site together unless they were in the same room using one keyboard.

That may be the case, but the point is that he took credit for the hack. So whether he simply received the database or not is irrelevant. He's not an innocent bystander like was being implied.

The assumption that Aureolin is nyaadev is incorrect. Aureolin has his own github user. The rest I won't comment on.

This is accurate.

>The assumption that Aureolin is nyaadev is incorrect.
Why did matt call nyaadev aureolin then?

>Aureolin has his own github user.
I'm sure nobody would make two github accounts right

>Why did matt call nyaadev botox then?
Typo

When did he call him Aureolin? People in the know on IRC already know that Aureolin is the owner so asking him is the correct way to get any info.

Is nyaadev the same person as aureolin?

Because nyyadev = botox 100%. But Aureolin = nyaadev is not confirmed.

If it's not botox it's probably reimu.

This doesn't change what I said in Your assumption was that Aureolin was the one responsible for that commit because he is nyaadev is incorrect, the rest I don't care to address. Aureolin is the site owner, if you have questions about the site you generally want to ask him, since he tends to be informed of what goes on within his site.

See:

So is nyaadev the same person as botox then?

If Aureolin is Reimu it doesn't change much. The owner of the site might be not the member of HS, but he is still evil:
>[ReimuHakurei] on rizon a few years ago shitloads of us trolled some guy so hard we heard he _COMMITTED SUICIDE_
>owner of nyaa.si bullied little kid to death