Previous This thread is for the discussion of NyaaPantsu (pantsu.cat), a free (FOSS) torrent indexer, and other nyaa alternatives. The aim of this project is to write a fully featured nyaa.se replacement in golang that anyone will be able to deploy locally or remotely.
>Why is Pantsu down/error 502? Most likely because the team is deploying changes. Wait for a bit and refresh the page. It should be mostly stable now.
News >AniDex and .si scrapers are done (deployment soon) >Elastic search is fixed and has been optimized >Trying to ensure pantsu uptime (over 90% now) >Possible AniDB integration (shanaproject like) >Working on CSRF protection >Improving SEO >Adding auto-refreshing >Theme fix up is still ongoing (made more consistent) >Sessions no longer expire when we restart >Actual config files >More mod tools >Deployment script updates >Various bug fixes and general improvements
Local Client: >An user made a local client in case the online sources are down: instructions and download at >nyanner.net qBittorrent plugin for Pantsu. >github.com/4chenz/pantsu-plugin
Say, can they sell those data to Japanese companies?
Dominic Bailey
What are access logs? Those are stored by default too. Your IP isn't hard to figure out from a site owner perspective. Also, nyaa.se stored them too. How else do you prevent spam? I'll be waiting for your suggestion.
And really >seized What are you 12? This isn't TPB, no one is getting seized.
Ayden Peterson
that's great! what does it scrape?
Wyatt Gutierrez
so THAT'S why they won't dump the db
Nathan Rivera
>What are access logs Access logs aren't stored indefinitely.
>Your IP isn't hard to figure out from a site owner perspective How the fuck is that even relevant?
>How else do you prevent spam? Uploading requires an account.
There is absolutely no reason to store the ip with every single torrent.
Aiden Anderson
anidex and nyaa.si
Oliver Nelson
Reading those DMCA complaints
comeso ones are the best TRACY!
Jaxon Green
Sorry.
Leo Diaz
Will it DEFINITELY avoid duplicates?
Bentley Allen
It should. I just tested it in production.
Adam Diaz
Cartel data mining confirmed
Wyatt Russell
Access logs can be stored indefinitely, how do you prove they aren't?
Anonymous uploads exist, how to prevent spam without IP logging?
Jace James
How long do you need to store an IP address to combat spam? I would assume you would have any spam issues resolved after 24 hours at the most, and that's being generous. So you really shouldn't have to store access logs or IP addresses after that.
Cooper Ramirez
>Access logs can be stored indefinitely, how do you prove they aren't? Trust goes a long way here. Nobody trusts Nyaazi admins, especially when people like AMM disrespect peoples' privacy for fun.
Aaron Campbell
Who is "nobody"? Who are you trying to represent exactly?
Also trust is a silly construct, you shouldn't trust any shitty site. Take matters into your own hands with a VPN or similar measure these days. Anyone using arguably illegal sites with their real IP deserves whatever they get.
Jose Watson
24 hours is ideal for keeping logs. For something like this minimal logs should be kept anyway.
David Edwards
>this damage control
Benjamin Turner
>Access logs can be stored indefinitely, how do you prove they aren't? I can't but that's hardly relevant here.
>Anonymous uploads exist No they don't. "Anonymous" is simply a flag on the torrent that hides the username from other users. The torrent is still linked to the account. If you looked at the link you'd see that for yourself.
Evan Jones
Actually if you went to nyaa.si you'd see that you can upload a torrent anonymously, without signing in. Just like at old nyaa.
Henry King
>Who is "nobody"? Everyone that isn't an idiot. You earn trust. Nyaazi admins have done nothing to earn that. From everything I've seen they associate with people that are malicious. They are affiliated with HorribleSubs, who leaked the MangaTraders database filled with peoples' private information. They associate with AMM, who harvested the information of people on /f/ for fun. And now it comes out that they're permanently storing metadata about uploaders. Why would anyone trust them?
>Also trust is a silly construct, you shouldn't trust any shitty site. You shouldn't have to, but that doesn't mean I'm going to use a site run by people I don't trust. There are a billion ways to fingerprint users even if they use a VPN.
Christopher Baker
>I just tested it in production. lol
Joshua Hernandez
In that case you keep ip logs for a short amount of time for the sole purpose of rate limiting, not store them forever for every torrent.
Jaxson Bell
>He's so bad he has to test in non-prod environments Point and laugh
Justin Gonzalez
Help a nigga out here. Is there a way to sort stuff i search on mobile?
All i get is name sorting which doesn't help at all
Henry James
[17:15] [~Aureolin] Yes I know [17:16] [~Aureolin] It was a temporary thing anyway, it will be removed or phased out at some amount of time later on
Grayson Hernandez
Yeah, sure.
Oliver Adams
The bigger problem is that there are no mascots on mobile
Jason Stewart
>later why not now? why would they do it in the first place?
Brody Scott
what about long term IP banning for those repeat spammers?
Asher Hughes
>I'm moving this to a secret repo
Leo Jones
To prevent spam and the quickest way was storing uploader IPs so they could be blocked easily, admittedly if we were less lazy we might have done it right from the start.
Carson Garcia
Panty is fine
Justin Reed
The very fact it wasn't hidden is all you proof you should need to know we didn't feel bad about it at all. It was a lazy decision, not a malicious one.
James Martinez
No shit you don't feel bad about it, one of your admins literally leaked a database filled with information about people from a website he hacked.
Luke Cox
>To prevent spam Pantsu had no issues with spam coming from anonymous users.
Ian White
Who is this? snowfag?
Kill yourself.
Joshua Jackson
there are other ways to prevent spam, you don't need to tie every single IP to it's torrent and saving it in the DB
Joshua Perez
The decision of an individual in a 15+ person group doesn't reflect any consensus.
Snowfag prefers to use his trip for maximum epeen. I don't actually care.
Like I said, lazy decision, admittedly maybe not a good one. It is part of the reason our dbdumps are delayed too.
Ethan Phillips
Reimu? Fuck off, faggot.
Luis Reed
>The decision of an individual in a 15+ person group doesn't reflect any consensus. It does when they have access to your backend and can leak all of that delicious permanently stored information about your users. Even if you only stored logs for 24 hours I have no reason to believe that cunt wouldn't set up a cronjob to backup that data himself.
Jeremiah Flores
Reimu can't type coherent sentences like this. Couldn't you come up with better insults? At this rate I'm going to be more insulted at the bytes of my data cap you are wasting.
Who ever said he had backend access? He manages some servers, but the backend is handled by a highly core group. Barely anyone has access to the actual application backend.
Nathaniel Baker
>He manages some servers So what you're telling me is that nobody associated with HorribleSubs or AMM has access to the nyaa.si database, access logs of any form, or any personally identifying information?
Jose Reyes
>coherent sentences like this >insulted at the bytes
Nathan Clark
Some people associated to HS and AMM have access to the site moderation info which includes the user's email address, and when the account was made. That should be it. Only people in the admin group on the site have view access to the IP, such as Aureolin. Mods don't get that, and it is on the way out probably whenever someone gets around to it anyway since we forgot it was indefinitely stored. As I said earlier, probably was a mistake.
Lets not pretend half of the people in these threads aren't Europoor ESLs. What I did wasn't even all that bad.
Jace Gray
>Some people associated to HS and AMM have access to the site moderation info which includes the user's email address, and when the account was made. And you are saying that this is also the case on the servers that "he manages"? In what capacity does he manage these servers? Because that implies to me that he has root access to them.
Evan Turner
Snowfag manages the tracker and front end server at the moment, which do both provide some measure of IP info, however the front end merely passed the IPs to the backend for access log purposes, I just checked the front end config again now, and it is configured to not log itself and just pass info to the backend. The tracker I think doesn't provide very useful data anyway, so it should be a non-issue. Almost nobody has DB access, in fact the dev team and ops team are highly separate at this point. I am on the ops team.
If you have questions I can get a trip to identify me easier, however I wouldn't put a username since I don't care to be called anything in particular.
Aiden Baker
>Snowfag manages the tracker and front end server at the moment, which do both provide some measure of IP info So what you are now saying is that your previous comment was complete bullshit? Also, Snowfag is the kind of person I would expect to MITM an admin session to gain whatever access to the site he wanted. So saying he only has access to the your load balancer or whatever is not relieving.
Christopher Anderson
This thread will never not make me laugh.
Charles Robinson
As far as I'm aware he wouldn't know how to MITM anything. And frankly I don't think access to a useless front end constitutes much trust, as I said, the configuration is set and checked fairly often by a few people. I really doubt anyone has a chance to do anything there. And the tracker I believe to be insignificant to begin with since you can obtain peer lists via opentrackers anyway. The entire reason Snowfag is even onboard is because he has the trust of at least one core member, his decision in regards to the MT thing was indeed unfortunate however I don't believe it to be an issue here since he has invested a lot of time and effort into settings things up. I don't see why he would do that just to bring it down.
Adrian Butler
>As far as I'm aware he wouldn't know how to MITM anything. It's not comforting to know that your security to prevent Snowfag from running wild is that you think he's to stupid to do anything bad.
>The entire reason Snowfag is even onboard is because he has the trust of at least one core member That's what concerns me the most. I don't know who that person is, whether they had anything to do with MT, or why they would trust someone actively malicious like Snowfag. Additionally, I don't know how malicious they might be personally. The whole nyaa.si project is shrouded in secrecy to people outside their IRC and they have done nothing to establish trust, but many things to break it.
>I don't see why he would do that just to bring it down. I don't see why he would hack MT and leak personal information either but well here we are. Some people just fucking suck.
Also, how much information does AMM have access to? Do they manage any infrastructure?
Michael Hernandez
>hey associate with AMM, who harvested the information of people on /f/ for fun.
The more I read about the cartel the more it sounds like a terrible joke that never stopped
Bentley Bailey
>It's not comforting to know that your security to prevent Snowfag from running wild is that you think he's to stupid to do anything bad. It isn't a matter of stupid, it is more that all he knows is syadmin-ing. He doesn't contribute in the code, because as far as I'm aware, he can't.
>The whole nyaa.si project is shrouded in secrecy to people outside their IRC and they have done nothing to establish trust, but many things to break it. We're working on better communication, also you'll need to be more specific with when we broke trust. Other than the IP thing, as I said before, that was a lazy decision and nothing more. I could potentially address your concerns.
>I don't see why he would hack MT and leak personal information either but well here we are. This is actually a misconception, Snowfag was never involved in the actual hacking. He merely obtained the fruits of it to wave around.
>Also, how much information does AMM have access to? Do they manage any infrastructure? Just a dev, no access.
Michael Phillips
>it is more that all he knows is syadmin-ing I'm also a sysadmin (Well more DevOps but whatever) and I always assume that people in similar positions have a similar knowledge set, and there's two things that I know for sure: 1. I'm also dumb and 2. I could still fuck lots of people's shit up for a long time if I had the same level of access that I presume Snowfag to have.
>also you'll need to be more specific with when we broke trust The people your project associates with, in addition to the IP thing. At the end of the day, I simply don't trust pretty much anything anyone involved with your project says. Whether that's fair or not is irrelevant, you reap the benefits of your peers actions. And your project has some pretty shitty peers.
>He merely obtained the fruits of it to wave around. Which is why I wouldn't doubt that he would delegate his access to someone more malicious in the future, so they could help him shake things up.
Juan Williams
This 404 page need some work!
Ryan Green
Submit a PR
Samuel Sullivan
do you mean create an issue? i don't know how github
Nicholas Torres
No, "Submit a PR" is one more level of asshole from "Create an Issue". It means "Fix it yourself"
Gabriel Ortiz
No, I mean fork the project, fix it in your fork, and submit a pull request with your changes
Jason Nguyen
If you are this set in your belief that Snowfag is some sort of evil mastermind I'm afraid I won't be able to dissuade you about it. All I can say is that I, and many others involved, do not believe it to be an issue at this time.
Also as I had said, I can't do anything about the people involved really, so I can't address that.
If it makes you feel any better as I had said earlier, dbdumps are on the way for us. Things just fell behind working on other shit, plus we're in the middle of some hardware upgrades for the backend.
Jason Fisher
i don't have the skill necessary to fix this otherwise i'd have done it myself
Luke James
Read some books until you can fix it and then fix it
Luis Green
Fucking Sup Forums spam filter. I will post this in two parts.
>Only people in the admin group on the site have view access to the IP, such as Aureolin And who is Aureolin?
I did a little bit of investigation. 1) Blame shows that line in was committed by nyaadev.
2) See logs in . Most likely Aureolin == nyaadev. Sunako probably knew this line was committed by Aureolin and Aureolin responded because he was the one who committed it.
3) Now I check my own irc logs >[@matt] +@api_blueprint.route('/ghetto_import', methods=['POST'])" lol >[@matt] did you really have to commit this to the git BotoX
Brandon Nelson
I don't think he's a mastermind of anything, that's giving him too much credit. I just think he's an asshole.
>Also as I had said, I can't do anything about the people involved really, so I can't address that. I understand as much. I'm just trying to help you and whoever else is involved with the project (nobody knows, which is part of the problem) understand why people might not trust nyaa.si
>If it makes you feel any better as I had said earlier, dbdumps are on the way for us. Transparency goes a long way. It's why I trust Pantsu, for example. Not just the DB dumps though, but they're a nice start. They're open about pretty much everything, even when they buy one of their staff a pizza and how much it cost.
Hudson Mitchell
Whenever I click the mascot for the first time, it just plays a short "aa" sound. Second click gets the normal "nyanpass".
Brody Kelly
Forks fine here in both Firefox and Chrome.
Eli Perry
continued from (still trying to bypass retarded Sup Forums spam filter).
4) Let's find out who committed that ghetto line: >git log -S "api_blueprint.route('/ghetto_import'" --source --all >Author: nyaadev >Date: Mon May 22 01:49:02 2017 +0200 >temporary ghetto import, will be removed once importing is done. I.e. Aureolin == nyaadev == BotoX
And again continued from . Fuck you, retarded admins and your retarded spam filters.
5) If you check commit times (and timezone) nyaadev is EUfag. BotoX is from Austria (CEST) according to google and archives.
6) And BotoX is literally member of HS who also was one of mangatrader hackers. Reminder: >mangaupdates.com/showtopic.php?tid=46806&page=1 > that4chanwolf: you do know it was matt, me, and botox that hacked their shit right
Ayden Watson
MALICIOUS INTENT CONFIRMED
Angel Wright
> that4chanwolf: you do know it was matt, me, and botox that hacked their shit right This line from snowfag himself also seems contrary to what was being said here
He merely obtained the fruits of it to wave around
John Hall
just use nyaa.si
Landon Phillips
Tomleb made an issue for this. One of my goals for this is to be as Transparent as possible with this. Definitely could be improved though.
Thomas Hill
Holy shit, we got internet P.I.'s up in this bitch. But really, Trusting Nyaa.si or HS after the shit they did is just ill advised.
Joseph Sanchez
It seems snowfag just boasts. I can't imagine how 3 people can hack a site together unless they were in the same room using one keyboard.
Leo Bell
That may be the case, but the point is that he took credit for the hack. So whether he simply received the database or not is irrelevant. He's not an innocent bystander like was being implied.
Dominic Turner
The assumption that Aureolin is nyaadev is incorrect. Aureolin has his own github user. The rest I won't comment on.
This is accurate.
Carter Collins
>The assumption that Aureolin is nyaadev is incorrect. Why did matt call nyaadev aureolin then?
>Aureolin has his own github user. I'm sure nobody would make two github accounts right
Charles Davis
>Why did matt call nyaadev botox then? Typo
Jacob Cook
When did he call him Aureolin? People in the know on IRC already know that Aureolin is the owner so asking him is the correct way to get any info.
Dylan Russell
Is nyaadev the same person as aureolin?
Adrian Sullivan
Because nyyadev = botox 100%. But Aureolin = nyaadev is not confirmed.
If it's not botox it's probably reimu.
Owen Miller
This doesn't change what I said in Your assumption was that Aureolin was the one responsible for that commit because he is nyaadev is incorrect, the rest I don't care to address. Aureolin is the site owner, if you have questions about the site you generally want to ask him, since he tends to be informed of what goes on within his site.
See:
Logan Edwards
So is nyaadev the same person as botox then?
Tyler Baker
If Aureolin is Reimu it doesn't change much. The owner of the site might be not the member of HS, but he is still evil: >[ReimuHakurei] on rizon a few years ago shitloads of us trolled some guy so hard we heard he _COMMITTED SUICIDE_ >owner of nyaa.si bullied little kid to death