The State of the Recode

[Bren2010]

In short: We're wrapping up.
The entire project is publicly available at https://github.com/HackThisSite/HackThisSite, except for a few things that are kept in a private repository because of their general nature. You can also clone the repository and documentation with:

Code: Select all

git clone git://github.com/HackThisSite/HackThisSite.git

And here are some of the big changes:

1. HackThisSite will now be open sourced and actively maintained. This means we will have multiple branches of development, all of which are publicly contributable via GitHub, and the current branch on stable will be frequently pushed live.
2. We're a hacking site. Why do we have subpar security pracitices? It's just silly. We have a PKI now, that allows you to secure your account to statistically unbreakable levels, or give yourself a security and convenience bonus, similar to using SSH. You can read more about that here: http://goo.gl/NhGRU (Also, check out the LDAP bullet below.)
3. All user accounts are now managed in LDAP. Some stock reasons: It makes it easy to branch out auth to things like shells, or mail servers. LDAP also secures authentication information better than keeping accounts in the database.
4. Hopefully staff will use things like the Short News section more frequently to keep all of you updated.
5. User accounts aren't going to be imported automatically. In order to get your old account moved into the new format, you'll have to use the Account Reclaimation page. (Will be linked on the login page.)

Less important things:

1. Instead of the old 1-10 rating system, articles and news now have Like/Dislike buttons.
2. "Indefinite" sessions. JavaScript sends heart beats back to the server, keeping your session alive as long as you're on the site. Hopefully it's a bit less scary to draft forum posts and articles on the site now.
3. Users can choose in their settings page if they want their session locked to the original IP or not. Note: There is no significant loss in security by doing this. However, it should still only be disabled in situations where it's the only way for you to get a stable connection.
4. The activity that occurs on your account, including logins is logged and visible to you in your account settings.

Technologies used:

• Nginx (Webserver)
• PHP (Main programming language)
• Perl (Secondary programming language)
• Git (Version control)
• MongoDB (Main database)
• Redis (IPC and KV store)
• ElasticSearch (Search)
• OpenLDAP (Authentication)

However, we're missing a couple important things: missions and user feedback.

We're putting the majority of the old missions into a Legacy section to make room for a new style of missions. New missions are going to demonstrate one specific mistake in a field, and afterwards, explain the technical details of what the user did in case they didn't fully understand (or coding missions that just present a problem). However, we can't write a whole new batch of missions ourselves. We need everybody's help. There are so many people at HackThisSite and they're all interested in different things.

As for the latter, how are we doing?

[anarchy420x]

Awesome, I am excited to see all the new changes. Can you give more info on missions? I remember there being some rumors about how missions were going to be implemented, and I'm curious if they have changed any. Also, what languages will be supported as far as missions goes? One last silly question, if I click something in the new version, will it redirect my current tab or open a new tab? (yes, I know how to right click) I just think it would be more user friendly. I also think that might be a good way to open up forum posts. You might also think about some sort of safety lock for forum posts. I know we have fairly active mods to do this, but I would hate for some kid browsing the forums to click on something he shouldn't have because a mod wasn't there yet. If you were to do that, I would implement a seniority lock on it also, so you don't get a bunch of new posters locking up all the threads. IDK, some ideas.

[edone automaton]

if I click something in the new version, will it redirect my current tab or open a new tab? (yes, I know how to right click) I just think it would be more user friendly.

I also find it mildly annoying when a link redirects.

You might also think about some sort of safety lock for forum posts. I know we have fairly active mods to do this, but I would hate for some kid browsing the forums to click on something he shouldn't have because a mod wasn't there yet. If you were to do that, I would implement a seniority lock on it also, so you don't get a bunch of new posters locking up all the threads. IDK, some ideas.

I personally think this is a bad idea, a lot of people here are too trigger happy wit ToS as it is, and a lot of potentially interesting conversations get shot down because someone does not know the answer to a query but wants to say something anyway (I'm not talking about the facebook hax threads here). Leave it to the mods, its their job. The forums would be a total mess with threads getting locked and unlocked all over the place.

However, we're missing a couple important things: missions and user feedback.<br><br>We're putting the majority of the old missions into a Legacy section to make room for a new style of missions. New missions are going to demonstrate one specific mistake in a field, and afterwards, explain the technical details of what the user did in case they didn't fully understand (or coding missions that just present a problem). However, we can't write a whole new batch of missions ourselves. We need everybody's help. There are so many people at HackThisSite and they're all interested in different things.<br><br>As for the latter, how are we doing?

Are some missions already written then? what areas do we still need missions for? indeed, what are the new categories? what sort of time frame are we working to? Do we just write the mission and then you implement it into the site (im thinking mainly of looks, theme, layout etc) or is there a template?
Thanks.

[anarchy420x]

I personally think this is a bad idea, a lot of people here are too trigger happy wit ToS as it is, and a lot of potentially interesting conversations get shot down because someone does not know the answer to a query but wants to say something anyway, (I'm not talking about the facebook hax threads here). Leave it to the mods, its their job. The forums would be a total mess with threads getting locked and unlocked all over the place.

I think you might be right, but on the same note. Those threads wouldn't get locked down if people knew how to ask questions. You don't walk into a head shop asking for a bong. You don't jump onto a hacking site asking how to hack a bank either. I think you are right though and this would lead to a huge mess. On top of that, if something is amiss, then someone will say so when they see it.

[edone automaton]

Agreed, but you often have a situation where some guy has obviously spent a while thinking up a nice back story with supporting characters and a cameo appearance by chandler from friends, and the first reply is, "this is obvious BS".
We should have a little sticky somewhere entitled 'how to get your question answered' (Nzone maybe)

Anyway, we are in danger of leading this thread totally astray so we should stfu now

[limdis]

I personally think this is a bad idea, a lot of people here are too trigger happy wit ToS as it is, and a lot of potentially interesting conversations get shot down because someone does not know the answer to a query but wants to say something anyway (I'm not talking about the facebook hax threads here). Leave it to the mods, its their job. The forums would be a total mess with threads getting locked and unlocked all over the place.

This has recently been discussed among the mods, and we realize that there are some interesting conversations getting locked down before their prime. We are now taking additional steps to allow a little bit more wiggle room while also maintaining the integrity of the forums. There have actually already been 2 threads off the top of my head that have recently been modified to fit the ToS that have gotten a lot of feedback to the OP that normally would have landed in the graveyard in a heartbeat.

"Indefinite" sessions. JavaScript sends heart beats back to the server, keeping your session alive as long as you're on the site. Hopefully it's a bit less scary to draft forum posts and articles on the site now.

+1

However, we're missing a couple important things: missions and user feedback.

If you haven't already seen or know how and want to submit missions or leave your ideas for missions, read this.

[Bren2010]

Can you give more info on missions? I remember there being some rumors about how missions were going to be implemented, and I'm curious if they have changed any. Also, what languages will be supported as far as missions goes?

I don't think missions are going to change much, structurally. You'll still have categories and missions in each category. I'm planning on making the categories more meaningful, though. Things like: Cryptography, Reverse Engineering, Steganography, etc. As for languages, any language we can setup an environment for.

One last silly question, if I click something in the new version, will it redirect my current tab or open a new tab?

It will redirect in your current tab. If you prefer it the other way, most browsers will open a new tab if you click with the middle mouse button?

what areas do we still need missions for? indeed, what are the new categories?

No real official categories. Just choose a subject you think is cool (sticking to computer science), and demonstrate something subtle about it that will make people think. Like the fact that using sha512 doesn't actually help make session IDs more secure if you're just hashing the time (it makes them insecure!). Or the fact that you can inject you're own SQL into somebody else's if it's not sanitized properly.

Are some missions already written then?

Yes, I have no problem with writing the basic missions. I'm also working on some Cryptography missions (a subject I find interesting).

what sort of time frame are we working to? Do we just write the mission and then you implement it into the site (im thinking mainly of looks, theme, layout etc) or is there a template?

No time frame, just soon. And yes, don't worry about the template. What I need is: a.) the mission or a way to dynamically create the mission b.) an explanation of what happened c.) The mission solution, or another script that will solve the mission.

[anarchy420x]

Good info, are there going to be any changes to the forums, news feed, irc feed, internet radio, etcetera?

[centip3de]

YAY FOR REVERSE ENGINEERING!!!!!!!!!!!!111111111111111! <3

I'm definitely down with some reverse engineering challenges, and wouldn't even mind helping create them. I can pretty fluently program in C/C++/Python (though I haven't used Python in a year or so), and can fluently fumble around NASM/Java.

Side note: The way to go about it is confusing as GCC will use it's own optimizing algorithms to turn any ASM output into shit, and I'm sure any other compiler will do the same. While I could write the first few in NASM, my knowledge in ASM stops about there. And besides, if the goal is to replicate a possible situation in said field, realistically we should compile it with a compiler that destroys optimizes it. Thus, why not just use the Lena Crackme's?

[Bren2010]

Good info, are there going to be any changes to the forums, news feed, irc feed, internet radio, etcetera?

Not many changes. We're porting over as much data onto new code as possible.