I did some digging and the hacker posted which exploit he used.
Apparently some boards allowed uploading PDF files, but the site never checked if the PDF file was an actual PDF file. Once a PDF file was uploaded it was passed to a version of Ghostscript from 2012 which would generate a thumbnail. So the attacker found an exploit where uploading a PDF with the right PostScript commands could give the attacker shell access.
That checks out. Years ago I noticed a vulnerability through the photography board. You'd upload your pictures, and 4chan would display all the EXIF info next to the post.
4chan's PHP code would offload that task to a well-know, but old and not very actively maintained EXIF library. Of course the thing with EXIF is that each camera vendor has their own proprietary extensions that need to be supported to make users happy. And as you'd expect from a library that parses a bunch of horrible undocumented formats in C, it's a huge insecure mess.
Several heap overflows and arbitrary writes all over the place. Heap spray primitives. Lots of user controlled input since you provide your own JPEG. Everything you could want.
So I wrote a little PoC out of curiosity. Crafted a little 20kB JPG that would try to allocate several GBs worth of heap spray. I submit my post, and the server dutifully times out.
And that's where I'd like to say I finished my PoC and reported the vulnerability, but in fact I got stuck on a reliable ASLR bypass and lost interest (I did send an email about the library, but I don't think it was actively maintained and there was no followup)
My impression from this little adventure is that 4chan never really had the maintenance and code quality it needed. Everything still seemed to be the same very old PHP code that leaked years ago (which included this same call to the vulnerable EXIF library). Just with a bunch of extra features hastily grafted and grown organically, but never dealing with the insane amount of technical debt.
> Just with a bunch of extra features hastily grafted and grown organically, but never dealing with the insane amount of technical debt.
This describes probably 95%+ of the entire software world, from enterprise, to SaaS to IoT to mobile to desktop to embedded... Everything seems to be hastily thrown together features that barely work and piles of debt that will never get fixed. It's a wonder anything actually even works. If cars (the non-software parts) were made like this, there would be millions of them breaking down by the side of the road daily.
This is such a common hole. One of my early hacks was a forum that allowed you to upload a pfp but didn't check it was actually an image. Just upload an ASP file which is coded to provide an explorer-like interface. Found the administrator password in a text file. It was "internet" just like that. RDP was open. This was a hosting provider for 4000+ companies. Sent them an email. No thank you for that one.
Uploading ASP as an image and having it execute server side is one thing.
But in this case, it's subtly different.
This issue relies more on a quirk of how PDF and PostScript relate (PDF is built on a subset of postscript).
Imagine you had an image format which was just C which when compiled and ran produced the width, height, and then stream of RGB values to form an image. And you formalised this such that it had to have a specific structure so that if someone wanted to, they didn't have to write a C compiler, they could just pull out the key bits from this file which looks like ordinary C and produce the same result.
Now imagine that your website supports uploading such image files, and you need to render them to produce a thumbnail, but instead of using a minimal implementation of the standard which doesn't need to compile the code, you go ahead and just run gcc on it and run the output.
That's kind of more or less what happened here.
It's worth noting here that it's not really common knowledge that PDF is basically just a subset of postscript. So it's actually a bit less surprising that these guys fell for this, as it's as if C had become some weird language nobody talks about, and GCC became known as "that tool to wrangle that image format" rather than a general purpose C compiler.
The attackers in this case relied on some ghostscript exploits, that's true, but if you never ran the resulting C-image-format binaries, you could still get pwned through GCC exploits.
These were fun times. I've been working as a pentester for the past ten years, and the job got a lot harder, with everything using frameworks and containerization.
We still get plenty of results, because the tooling also gets better, and finding just one vulnerability is enough to be devastating, which makes it kind of frustrating. There is tons of progress, but much of it is just not paying dividends.
Interesting. I published research on this style of attack in 2019 when I found Slack and a few other big websites vulnerable to it. In their cases, LibreOffice was passing the files off to specific parsers based on magic headers rather than file extensions.
Reminds me of how people were crashing the PSP's XMB with BMP and TIFF files twenty years ago. I was just a kid, and began "pirating" every one of my classmates' consoles (some in exchange for a small amount of money). Good times.
When the first-gen iPhone was out there was a TIFF vulnerability so bad that you could jailbreak an iPhone just by visiting a specific web site. I remember going to Best Buy and seeing all of the display phones had been jailbroken. (It was easy to tell - this was before the App Store, so having extra app icons on the home screen wasn't normal.)
This was a user-empowering application of the vulnerability. Obviously, a bug that allows root-level arbitrary code execution just by getting the user to load a single image could be used for some pretty bad stuff. (And perhaps was.)
The `Memory Pit` exploit for the Nintendo DSi works in a similar way - it exploits a buffer overflow in the reading of image meta data by the Nintendo DSi Camera application in order to achieve arbitrary code execution.
4chan, ironically enough, had something similar where steganographic images were posted designed to be copied to Paint, saved as a bmp, renamed to an .hta file, and then executed. It would then spam the board with other variations of itself.
I would also say don't run ghostscript with the same permissions as the web server, especially not if you can just hand it your PDF through stdin and take a PNG through stdout. Sandbox it as much as possible. PDF is a really complex format which means lots of opportunities for buffer overruns and the like. (Edit: Actually, reading through Arch-TK's post above, it sounds like it was much dummer than something like a buffer overrun.)
Newer Ghostscript versions are Affero GPL, that might be problem for some people, although probably not for 4chan (they don't modify it so it should be fine)
(incidentally I am now working on compiling this old GPL ghostscript to webassembly with file isolation... it works fine... but the compilation is kind of annoying)
In February 2013, with version 9.07, Ghostscript changed its license from GPLv3 to GNU AGPL.
With the AGPL license being legal kryptonite I wonder if license compatibility drove the decision (and how many other installations of Ghostscript share this concern)?
Does this vuln have a CVE number, or other details? Just curious, since from the posts explaining things this doesn't seem to be based on memory corruption.
Same or similar thing happened to Gitlab. it used some common parsing library that worked on images and perl scripts... you can see where this is going
Usually the attacker, on their own computer, or some other server they have root on, will open a port and expose it to the internet and listen. The exploit payload will then make an outbound connection to that port. Once it's connected, the exploit will give the attacker's computer shell access. Search terms include 'reverse shell'.
It takes the normal client/server architecture and turns it inside out. If you remember FTP and active vs passive, it works like active mode FTP.
That's just one way to do it. If the attacker wants to actually listen on an open port on a compromised server that's behind a firewall, look up 'NAT traversal' for like half a dozen ways to do it.
One interesting method to get a shell that I read about is (ab)using ICMP echo requests. ICMP echo requests can contain arbitrary bytes as a payload. So the exploit will poll the attacker's IP address with ICMP echo requests. The exploit will have data payloads that have the shell's output. The attacker's server will respond with ICMP echo requests that have whatever the attacker wants to type into the shell. It's kinda janky but it works. Lots of firewalls might block outbound UDP/TCP connections from internal servers that don't need to make outbound connections, or might whitelist the addresses they're allowed to connect to. But they won't block ICMP, either because it's considered harmless or they forgot or they didn't know it needs to be blocked separately with other rules.
The point is there's any number of ways to do it, each more clever than the last.
most likely "shell access" was confused with execution of "shellcode" which is a type of code, typically bytecode, that gets injected by the hacker and the server gets tricked into executing it. Once it's executed, it can do anything, leave new files, open ports, disable firewalls, change the admin password, etc
pretty interesting discovery if that was the hack.
do you know what the legal implications are for this?
if the company that owns 4chan finds the identity of the attacker, could they sue him in civil court? or do they send whatever logs they have to the FBI and the FBI would initiate a criminal prosecution? also what is the criminal act here? is it accessing their systems, or is it posting the data that they found "through unauthorised means" on a public channel like twitter? does the "computer fraud and abuse act" apply?
like if you found this exploit, and sent it to the company in good faith (ie a "good hacker"), are you free from prosecution? and what is the grey area, like if you found this exploit and then just sat on it for a while (let's say you didn't report it to the company, but let's also say you didn't abuse it, ie leak private data to twitter)
Fascinating, that has been the attack vector in a couple of hackthebox like systems I've done over the last couple of years. The easier ones usually just require file name changes, the medium ones intercepting and mimetype change.
Such a useless feature too. There was like 1 or 2 book sharing threads in sci in the last few years and 1 in arts and crafts and 99.9% of people don't even know about it and just use offsite hosts
Kiwifarms is also discussing, links to code and griefing - https://kiwifarms (NSFW/NSFL) .st/threads/soyjak-party-the-sharty.145349/page-1468#post-21102686
The take on 4chan on here is super intriguing. I always felt that the current social media/doomscroll/memesharing landscape which has become so common worldwide is indiscernable and in some ways worse than 4chan. It feels like 4chan left it's homepage and went worldwide sometime in the early 2010s when iPhone-style phone use became more commonplace.
I remember that 4chan users had more honor than users on the internet today. One example would be 4Chan's "Not your personal army" mentality vs. the widespread doxxing/"call their place of employment!" witch hunts, driven by huge accounts on IG/Tiktok/etc, that hit normal people daily.
The modern social media landscape has become far more hectic, harmful, and downright scary than 4chan. Dodging explicit imagery is harder on Instagram's explore page than on 4chan, and the widespread popularization of OF creators has zero bounds across the socials. DOXXING is no longer frowned upon and now commonplace. And memes have become less unique and funny and more commoditized.
> 4Chan's "Not your personal army" mentality vs. the widespread doxxing/"call their place of employment!" witch hunts
That's too generous. "Not your personal army" started because 4chan had a well-earned reputation for harassment - usually raiding other web sites, but often targeting individual people who caught their attention for one reason or another.
The "not your personal army" slogan came about because people who were very aware of this reputation were showing up, hoping to make a web site or person they disliked the next target. That got annoying fast, hence they told those people to go away.
It wasn't a moral stance against target harassment - far from it. It was a stance that the group mind will choose the next target when they feel like it - not because some rando is mad at their ex or something
4chan will always be superior than modern social media to me, for one very simple reason: all posts are anonymous and there is no voting/ranking.
Each and every post must stand alone and be judged alone. You do not know if it was posted by someone you hate or adore. It doesn't get hidden or promoted based on what a bubble voted. You see the post and you must judge it alone.
This used to be a selling point for me when I was younger, but increasingly I find myself not wanting to deal with poorly-moderated platforms. I can’t tell if it’s because the transgressive vulgarity that these platforms enable has lost its novelty as I’ve gotten older or because the median user has less to contribute. Every time I try to browse 4chan these days I find that half the posts are repulsive, basically pornographic representations of the world, and the other half is the product of psychosis (that is, the people making the posts likely need to be institutionalized).
There are a lot of people who have nothing to contribute to a conversation, and a lot of people who are actively detrimental to a conversation. It used to be that you would put up with the craziest ones for the benefit of finding novel and overlooked ideas, but as the internet has become more accessible, the former group now outnumbers the latter.
I would be inclined to think that the problem is that I just grew out of the shock value, but I see the same trend on almost every other platform, too.
This is good sometimes but also horrible sometimes, because reputation exists for a reason. It's a filter, and if you have terabytes of information around which has mostly garbage quality you need filters if you want to make it useful. Of course, reputation does not solve the problem entirely, but at least it makes some steps towards the solution. Otherwise, you're basically on your own against the ocean of garbage, and not many people can really handle that.
Agreed. I would go so far as to say all the ills of modern social media are because of ranked platforms, such as upvote/downvote-based, or like-based. They turn into echo chambers, that promote witty one-liners over nuance, and any sort of controversial position is effectively censored.
That said, HN functions decently well, though in some ways it is even worse in the censoring the outliers.
Hard disagree. Finding anything of quality on 4chan is like searching for gold nuggets by hand in a mountain of radioactive poop. The only times I've ever seen anything useful in there is when someone else has already done the hard work of curating a post.
The core reason why HN is superior (IMO) is the curation and the moderation.
"Not your personal army" goes father then not doxxing. It's a rejection of any attempt to imagine a community of strangers, united by hatred of a scapegoat.
If someone rallied a hate-mob on 4chan, though, how would people know?
Since 4chan overtly resists it, it'd rapidly move off of there, but it's still a great place to find like-minded folks that'd follow someone to another server to go brigade someone.
My main problem with 4chan is how they talk, like the language they use. They really don't care about anyone's feelings and show a lack of empathy. Unfortunately this has been spreading to other social media as well.
Imagine how good a place it could have been if people over there talked like people on HN.
Like many others coming from social web, you expect to find some kind of community which fashions everyone shares, an apparel you can put on. The idea is complete opposite: you don't need to follow any fashion, or imagine yourself “part of the team” any more than you want to. Even though it's not written in any rules, you don't have to use slang or tone if you find them dumb, overused (globally or locally), or forced. Neither do you have to treat stupid posts with respect.
I assume that after 15-20 years of being part of collective consciousness, anonymous image boards have mostly the same public as any average site. Amount of crap that you can read there is just the same as everywhere (though in some cases this or that Big Brother hides it from your view — obviously, to make you more comfortable, and spend more time in his warm embrace). The difference is that regular social fashions mandate the use of suitable set of candy wrappers for the crap, then there are customary ways of dealing with them, so in the end people just spend their time wrapping and unwrapping crap, but are proud of themselves, and call it “civilised discourse”.
modern 4chan has a certain authentic charm to it. this is missing from most other places. you have to sift past loads of junk to get it, but you have to do that on any app to get the content you want.
with no names, likes, virality, accounts, etc there’s less focus on writing the basic filler comments. less companies trying to sell me stuff. less focus groups trying to tell me what to think. and with less censorship you end up seeing more creativity
The memetic speedrun that's so common now on social media has some roots there, to be sure, but I think a lot of it was parallel evolution combined with cribbing things that were already polished from years of metaphorical rock tumbling on 4chan, in the best ifunny.com style.
The ubiquitous expectations for modern humor among younger and even middle-aged people rely a lot more on knowing not just the joke but the culture and context it evolved in, and that sort of thing very much dominated bubbles of terminally online people before many people became terminally online and there was an expectation that everyone would know what you meant if you sent an image macro as the entire reply to an email.
You can find example after example from not that long ago of people who are not so terminally online being completely perplexed, on TV and otherwise, and memes like "what the fuck is he saying" "let's get you to bed grandpa" about the cultural disconnect.
Unfortunately, this sort of attention minmaxing without enough deliberation and learning around it produces people who are uncritical of what they consume and just want the next hit.
This is a cheap bait - of course when there's a small number of leniently moderated popular platforms, there will eventually be a high-profile criminal that would use one of them, because a) that what "popular" means and b) anti-social types would gravitate to more leniently moderated platforms. And of course on the same platforms there would be online edglelords that would make sure to cheer whatever causes the most offense, because that's what they are there for. If you close 4chan, there would be another platform that would become focus of the same people - because the people focus on the platform, not the platform causes the people to become bad. The press that tried to frame it the way which reverses the cause and the effect is doing you a disservice, and you may want to consider using a better source of information. If, of course, you are interested in understanding the causes and the effects of things, not just feeling good by having your preconceptions confirmed.
How many of these used Facebook, Twitter or Reddit? They are not mentioned in mainstream media because they are popular, but I assure you there are a lot of deranged people that never even posted on 4chan and just stuck to the “good” ones.
As a parent I have seen first hand some of the bullying teens face on some of the mainstream platforms. Kids being bullied in an instant on snap where things are spread around at lightning speed for one example.
But I have also seen some bad things happen on 4chan. People releasing nudes of their exes or posts where users submit clothed pictures of girls they want to see photoshopped naked and a person does so. Or the rekt threads with gore content blocked on most other sites.
I guess my feeling is that no matter the site you will always get bad actors.
I feel too many people conflate /pol/ with the whole website. I enjoyed browsing through sfw boards like /tg/ (tabletop media), /ck/ (cooking) and /fit/ (fitness). I had long discussions about the SW sequels on /tv/ back in 2015-19. The readership was surprisingly diverse and the anonymity lead users to provide more focused replies. With bodybuilding.com gone, the blue boards felt like the last bastion of the old internet.
For the record this is an example of the "Fencepost error" where the last item in a range gets double counted as the first item in the next range and is incredibly common in dyscalculia (the math version of dyslexia) as people will have "visual number lines" in their head that cover ranges of numbers but the ends get double counted, so there will be a 10-20 number line then a 20-30 number line.
I suspect TheJosh had something like that with the week where he visualized it with Sundays at both ends but lacked the self awareness to realize that this was not a universal representation.
> In 2015, Vice News contacted mathematician Joanna Nelson for a resolution, and she said that TheJosh would have to schedule his workouts in two-week chunks, claiming a week is seven days from Monday to Sunday.
Why was a mathematician necessary for this assertion?
> I feel too many people conflate /pol/ with the whole website.
Because it is the 2nd most active category, and the racist/alt-right beliefs have spread to the other boards because the head admin fires anyone that tries to moderate it.
All of this sentiment is many years out of date. "Alt-right" hasn't been a term of self-identification for almost a decade, and hasn't been used as an identifier by pretty much anyone for at least half of that. /pol/ is not the epicentre of the radical online right and has not been for years - it's a backwater in that regard now.
The most notable radicalisation happening on /pol/ nowadays, in my opinion, is a kind of hyper-masculine third-worldist ideology that is anti-semitic in its foundation and deeply misogynistic. While those two traits might sound superficially similar to the 2015 "Alt right", this new ideology has a significant pro-Islamist tendency, and has an almost comprehensive disdain for the west and its ways of life, in favour of authoritarian regimes like like Russia, Iran, and China. Also, as is being corroborated by other online circles like the Nick Fuentes "Groyper" movement, this faction of the online far-right is an increasingly post-racial one, with more traditionally white supremacist views disappearing, to be filled in by antisemitism.
Personally, I think this cultural political shift in the imageboard represents the increased representation of developing countries online, and is an important case study in how quickly cultural foundations can shift inside the borderless land of the internet.
I like /pol/ and although I'm not really interested in defending it (I 100% understand why people don't like it) I will give my opinion of it because I think most people don't get it and take the board wayy too seriously.
/pol/ isn't trying to be like the millions of other politic discussion forums online. It's literally intended to be politically outrageous so when people like yourself complain that it's full of outrageous alt-right content you're typically missing the point.
It's full of things that appear to be alt-right because stuff like racism, sexism and transphobia is extremely politically incorrect. While far-left views might be equally reprehensible, these views are not seen as equally politically incorrect. It's actually quite hard to hold politically incorrect far-left views unless you incorporate some far-right views – being so pro-trans that you hate biological women or something stupid. This is why you tend to see less left-wing content there. It's hard to be offensive and left-wing.**
But even then I think it's wrong to say /pol/ is full of alt-right content to be honest. There are alt-right people there for sure, but huge amount of the political memes posted on /pol/ are mocking the alt-right and the right more broadly. The board is constantly roasting the MAGA movement, for example.
As a brit my favourite threads on /pol/ are the brit/pol/ threads which basically just post politically incorrect memes mocking Brits and joking about how shit the UK is. These threads largely just Brits shitposting with each other and it would be wrong to assume the existence of hateful anti-British content on /pol/ is somehow evidence that /pol/ is xenophobic against Brits. People should take a similar views of the racist/alt-right threads – the vast majority of people there are just trolling and being offensive for a laugh. You don't have to like the humour, but most of it is just people shit posting.
> they actively delete and ban posts that go against alt-right.
Loads of stuff gets removed... If you're posting content that "goes against the alt-right" you're probably taking the board way way to seriously and you probably should be banned.
** Interestingly another commenter in the thread asked about why there's so much interracial porn on /pol/ if it's so racist, which kinda highlights my point here. Just hating white people isn't politically incorrect – there's people doing that all over Reddit. To make hating white people offensive you basically have to incorporate racist stereotypes about about how whites are genetically inferrer to blacks in various way, but then in doing this you'll get viewed as racist and alt-right because you're using racial stereotypes about how blacks are more athletic, etc.
If you're up for it I challenge you to be politically incorrect from a left-wing perspective without it being possible to argue that it's actually far-right.
I think people also don't acknowledge how much terminology, slang and other culture originate and spread there. When it breaches into Twitter (usually through funposters) people kind of ignore the unsavoury origin and rewrite the history. The anonymous nature kind of provides that petri dish of "if it's strong culture, it'll survive or be modified."
This absolutely was the case for a long time. It was the cultural center of the internet where nearly all memes sprang from or gained traction and context before leaving orbit for the greater internet.
That has not been the case for years though. I'd say it shifted to twitter as things shifted to inseparably political on almost all of 4chan maybe 6-8 years back and then shifted away from twitter a while after elon bought it and a lot of people started to bail. and I honestly don't know where exactly it's shifted to now, but I'd have to guess tiktok and similar new platforms.
But regardless I do think 4chan has lost nearly all of it's cultural influence, but still maintains it's notoriety.
I think this was true at one point but not for the past 5-10 years. Based off of using the site I feel like now a lot of things start on other sites (particularly smaller accounts on twitter), get aggregated and popularized on 4chan, and then get picked up on other sites (often regurgitated back to twitter). Knowyourmeme shows this for a lot of things that people typically attribute as original to 4chan. There was definitely a time when a ton of stuff originated on 4chan but these days everything is so interconnected with the same people posting on twitter, reddit, and 4chan that I think 4chan gets a lot of unearned credit
It's interesting to note the popularity of the website, and the massive traffic it handled, despite the lack of everything we assume necessary for a modern (social media) website
- no modern web frameworks
- no microservices/kubernetes clusters
- no algorithmic curation/moderation/recommendation algoritmhs
One wonders just how much of the modern engineering developed in the past decades, that cost a fortune to develop and run is actually necessary or even beneficial for running a modern social media website
I worked for a major internet company until 2020. HN would be aghast how much "if we failed to provide this service a good chunk of the internet would either go down or sites wouldn't function properly and the stock market probably would dip" stuff runs on redundant pairs of LAMP stacks and other unsophisticated old stuff HN would turn up its nose at.
I think no algorithmic curation is its strength. It means that even if an echo chamber appears anybody can still post their opinion and it doesn't get downvoted into oblivion when people disagree.
Nobody that is over 30 thinks any of those things are necessary because we all remember them not existing and websites handling plenty of traffic fine.
I feel too many people who don't conflate /pol/ with the whole website, as well as the others, don't know why /pol/ was created.
It was eventually a replacement for the /new/ board, where news of the arab spring first started, shortly before it was shut down. However, it was plagued with proto-pol behavior before anyone was bothering to complain about pol.
There was always these 'cells' of non /jp/ shitposters, if they weren't the OG shitposters themselves, that would post about left-right politics ad nauseum, and in the most hallmark unproductive ways. It was when trolling evolved from 'clever this and that' to shear brute forcing. It was the topic of the news that attracted these unsavor political actors into that place, which was for a short period of time, a great diverse place for collecting news.
This social phenomena and history could never be repeated enough, particularly since we might be finally ending the story of pol/4chan - which was more popular than 4chan itself.
I feel too many people who conflate /pol/ with the whole website are just regurgitating information they heard from other social media sites. The most popular boards, by far, since 2020 have been the video game and vtuber boards. With Video Game generals being the most popular board for the past five years outside of the occasional political season. You can check this on 4stats.
People who still complain about /pol/ look a little like people who would still complain about ebaumsworld: Completely out of touch individuals who equate everything to a tiny phenomena.
it is, and unfortunately from 2016 onwards it kind of outgrew the rest of the site like a tumorous growth until the whole site became markedly more neonazi and less goofy. something to do with donald trump i suspected
> I feel too many people conflate /pol/ with the whole website.
That's probably why a lot of websites use moderation to avoid having one section of it turn into a cesspit of every -ism you can imagine, up to and including fascism, because once you have a section of your website that is openly coordinating the pushing of fascism on society, everyone kinda forgets about the diverse and interesting other things it might have, because of the fascism.
I like that there can be wild places on the internet where people can pieces of shit. 4Chan had communist trolls, Jew-hating trolls, Zionist-trolls, pro-Christian trolls, anti-Christian pro-pagan trolls. It didn't foster any fascism in society. It was just a place where people could say mostly what they want.
That is what has saved Reddit. You cannot find society fascism coordination there because the mods are strong. If 4chan followed that model bronies might still be a thing.
/g/ was also the home of a Windows XP source code leak (at least publicly). Some gaming-related leaks also came from /v/, such as the 1999 Duke Nukem Forever builds.
/fit/ and /mu/ were good to me in my late teens, and /ck/ is the reason I actually asked my roommate’s mom to show me cooking basics when I was in college!
You’re right but only if ignoring the last 5 years or so.
I discovered 4chan around 2008 as a kid, it was much less hostile back then. Even as an adult I used to go on /fit/ every now and then. It was useful and funny and even “wholesome” in its own special way.
But over the last few years, the entire site became /pol/, and other boards became unusable. Maybe once a year I will pop in and immediately regret it.
the blue boards did have some slow overlap with pol in my experience - they were more distinct before 2014 or so and by 2016 I barely recognized /tg/ culture.
I'm curious, why bodybuilding.com in particular? I think I've only heard of it once. I wonder if anyone on HN remembers stardestroyer.net or old weird tech forums?
I used to hang out at Head-Fi a lot in the early ‘00s. It’s a headphone and headphone accessories (amplifiers, DACs, etc.) forum, and people nerd out about building their own stuff. I recall writing a review on some obscure Chinese brand of sound card that people liked, because it happened to have a really good DAC for the rear output (it was a surround sound card, back when that was something interesting).
I gradually lost interest when they started heavily pushing commercial sponsors. I get it; sites aren’t free to host, and moderator time isn’t free / unlimited, but it’s still sad.
Bodybuilding.com's misc board was essentially the same sort of raunchy teen hangout as /b/, sans the porn. It wasn't anything goes, but a lot did, and of course you were dealing with the kinds of meatheads (said lovingly) who would happen upon bb.com in the first place.
It's, funny enough, identical to people who conflate all of old 4chan with /b/. The current most popular boards are video game boards and have been since Covid hit. There's a site called 4stats which charts this, and shows how the end of Trump's presidency spelled the death knell of /pol/ dominating 4chan. Which, by comparison, was four years. It's been five years since then. It's kind of like how the golden age of /b/ was a shade over three years (2004-2007) but all of old 4chan is equated to the memes made in this prehistoric era.
/vg/ also had a pretty cool amateur game dev general thread (/agdg/). No one was making any hidden gems there, but it wasn't trash either. At any rate, I liked it.
Not hidden gems, no, but some of big titles originated from /agdg/, both Risk of Rain and VA-11 Hall-A started as progress posts in /agdg/ before hitting combined >1M sales.
It used to be a diverse place without much to tie all the boards and users together save for a shared commitment to counter-culture. Then GamerGate and Donald Trump happened. "Every board is /pol/" was one of the most frequent replies you would see for a while until all the halfway decent people left.
/g/ is where I and a lot of people learned about FOSS advocacy and now it's just gamer hardware and transphobia.
/g/ genuinely was one of the worst boards on the website, but there were a handful of lurkers who made good posts in some of the general threads. the site as a whole was still was a diverse place up until yesterday, with only a few boards being unusably bad, and it was getting increasingly better.
it's a bit sad really. zero-barrier to entry, no login gates, no accounts, and traffic was so high that it moved really fast. it was like a dive bar covered in grime. will be sad to see it go. none of the other imageboards still kicking are quite the same, most are even worse tbh.
Yeah, after 2015 it became impossible to go to any of the boards if you weren’t a pol poster. They made it their mission to spread their vile shit everywhere.
Gamergate and Donald Trump was a 4-6 year period depending on where you put the needle. There were 10 years before it and now close to 5 years after it. The people who continue to hammer about it are just announcing that they don't understand the site and are complaining about ancient history. The most popular board right now is the video game generals board, and second place belongs to the regular video games board.
This. It's just a website (where anyone can post, quite rare in these overpoliticalized days).
> A Soyjak.Party users also shared a list of emails they claimed are associated with janitor and moderator accounts, including three .edu emails. Although some internet users claimed that the leaks included .gov emails associated with members of the moderation team, this remains unverified.
I still don't understand how to read threads. How do replies work? How do you know it's actually the person you're replying to who's replying back? How is it organized visually??
Reply references the post it is replying to by ID, most boards will turn that ID into a link or even create a UI to view a chain of replies.
> How do you know it's actually the person you're replying to who's replying back?
You shouldn't, an anonymous imageboard invites you to engage with ideas, not people. However, on most boards you can enter a password with your post, which is displayed as a hash, changing you from anonymous to pseudonymous (although this is generally considered attention-seeking and is frowned upon).
The more popular blue boards were pretty bad too, let's be honest. It wasn't hard at all to find things on those boards that wouldn't be tolerated on any mainstream social media, for good reason.
I'm not looking for corporate sanitized social media site #102032. Imageboards if nothing else allow people to be people and you know what? Sure sometimes people suck, but I don't want some overvalued social media companies in America deciding what I can and can't see.
Sure I've encountered awful people on imageboards, but I've also encountered very nice, helpful people, some of which I've stayed in contact with long term.
Maybe today's social media. It's basically early xbox live tier banter. A relic of a different time on the internet that is incomprehensible to the outsiders who weren't around for it.
It wasn't hard to find things no, but the narrative one often reads is that it's the mainstream consensus there to the universal opinion rather than a fringe opinion which exists and isn't banned from having.
I feel too many people conflate /pol/ with the whole website.
I believe that's fair. Sure, it's "a different board" but it's just another URL on the same domain and same administrator, just different janitors. So it is really the part of the whole website. I know that 99% of people on 4chan disagree with me because they do not wish to be associated with /pol/ /b/ /gif/ but if they wanted to disassociate themselves with those boards then they should be on an entirely different domain without 4chan in name. polchan perhaps.
Piling on the "some parts of 4chan was good until it wasn't" theme: I really liked /ck/ for a while. Then there was this weird trend of just like "all food tubers are garbage" whether that was "Kenji-Cucks", or people hating on Rageusa, or what ever.
Combining that with the "post hands" request for a lot of food it was just an unpleasant community to participate it.
Weirdly trying to load the page right now I'm getting Connection timed out. Is hackernews ddosing 4chan? What a world.
/ck/ from around 2015 to hmm… maybe 2018-19 was pretty good, and probably my home board. Decent cook along threads (I hope Patti is doing ok), /ck/ challenge threads where there was some theme we had to follow and posts would get ranked… and of course the yearly lemon pig [1] threads. Sadly I guess fast food posting, shitting on foodtubers, and general /pol/ shittery made it go down in my view. Still went there most days until yesterday though.
Like it or not, 4chan was a major hub of Internet culture. Especially early on some of the best stuff on the internet happened on 4chan (and a good chunk of the worst, of course)
> Isn't it a running joke that the Jannies don't get paid?
You're think about reddit and why it is the way it is from an editorial perspective and what kind of people have the time to mods 100+ subs for free...
But that ceased to be true long ago. While some of the supermods aren't paid by reddit directly, they might be paid by other orgs to mod and influence reddit, corporate or 'grass root'...
Some others simply hijack subs to sell their own products.
I'd hardly call it the "old internet". It is very niche, and has not been around that long really - like what 2003 or something? Nothing compared to e.g. Geocities which was early-mid 90s IIRC which I'd argue had more relevance to people than 4chan.
"Old Internet" doesn't have a very defined meaning, but I think it has more to do with design and functionality than a hard date. While I don't think relevance matters, 4chan is much more relevant than you think. Having a niche is part of the old Internet. Websites used to be niche, but deep, instead of websites like Wikipedia, which are broad and shallow (compare the Castlevania dungeon [0] to the Wikipedia article for Castlevania, for example). Then compare 4chan's limited number of boards with reddit's endless subs. 4chan's design is early web 2.0, doesn't require you create an account, allows (pseudo) anonymous posting, content is mostly unfiltered, unmonetized, free & thought of as ephemeral, etc.
The initial leaker is most likely not the same parties as the ones tying email addresses and usernames to people's "real identities", if you look at the thread where the leak was announced.
Say what you will about 4chan but I am concerned for the team managing it - them and their close ones are certainly going to be exposed to a whole lot of viciousness soon :(
Was part of it. As somebody who has been trapped there since 2004, I'd say it evolved into a part of the normal internet between 2010 and 2016 (i.e. it had already fully transformed before Trump's first term), where "normal internet" means being infested with uncle-on-Facebook-tier political posts, "jokes" where the punchline is "I hate my political enemies", etc. Creative irreverence was replaced with regular childishness.
Mostly because, as more people came online, they mistook offensive humor for conservatism; and thought "counter-culture" meant "being opposed to the political party currently in power", rather than "being opposed to political parties".
>Creative irreverence was replaced with regular childishness.
I’d suggest taking off those glasses as they are a bit too rose-tinted.
I was there, just like you, and the humor was way more “childishness” than “creative irreverence” well before 2010.
Considering that the people posting this "creative irreverence" were the same guys calling you a "stupid f*gg*t n*gger piece of sh*t" on Halo 2/3 and CS when they got noscoped from across the map or whatever, "It's just a joke" has always been somewhat suspect. It would be wrong to say that there was no element of tongue-in-cheek-iness and hyperbole, of course. It just wasn't completely innocent, broadly speaking.
Of course, in a post-Bioshock Infinite world, there's really no excuse for not grokking how time and distance from the origins of a cultural behavior pattern can warp even well-meaning notions that aren't regularly re-examined and tuned to align the intention with the zeitgeist. If the Sarah Silverman-esque posters ever looked up and realized, "Oh, they don't know it's a joke, they're ACTUALLY Nazis," it was too late to shift things back. (Unless you were in a Boondocks thread on /co/, in which case correction was freely forthcoming.)
Probably didn't help that at least one mod wanted 4chan to become more racist, on purpose.
Something happened in the post-2010 times along with the Tea Party, and offensive humor - especially overt racism - became a mainstream part of conservativism, all the way to the White House.
> "jokes" where the punchline is "I hate my political enemies"
Hence the laughter in the White House at refusing to follow the court order to return their political enemies from the overseas prison.
4chan may have died, but Trump is more the first 4chan President than Howard Dean was the first "internet candidate", and especially Musk the Twitter Presidential Vizir is the heir to this culture.
Is it considered part of it? From my understanding, the culture has changed significantly and post get auto deleted eventually, so it’s not a good archive either. The only thing old about it is it’s web design
every board had it's own independent archiving service after a while, so board culture ended up stickier than the original design. there's some interesting stuff in there
Do you think that 4chan is going to disappear forever for this? Just wait a bit and it will be back.
Also where did you see that they are leaking home addresses and work contact info? I think they just leaked the emails (I don't understand why home addresses and work contact info should be present in the 4chan database, everyone moderating the site for free).
It's not so much that we lament the old internet, we lament that the new internet cannot be built because incumbents like google have distorted the playing field with shitty algorithmic SEO practices-- which really has nothing to do with 4chan at all.
But really, 4chan-style bullshit took over the rest of the internet. At least in the old internet, it was self contained there. If someone spouted nonsense they read on 4chan, you could easily dismiss them as a crank. Now everyone is posting and reposting bullshit on a multitude of microblogging shitsites.
My association was a bit later, mid to late 2010s. I recognize some of the names as well, including one of the top folks that probably onboarded both of us.
That said, my info is not on the list, I assume it was deleted when I left.
What kind of official association could one have with 4chan? 4chan was formative for my early connection to the internet, and I'm really curious what the organization behind it looked like. Was it professionally driven, or just some random guy mailing checks? stuff like that.
I lied about my age and was given janitor access in the mid 2000s. There was a special /j/ board to coordinate on, but it broke relatively early, and you mostly had to hang out in the #janiteam channel on Rizon. I think almost everybody else was underage as well. There was a minimal web overlay that let you delete/escalate posts. You couldn't see people's IPs, but you could see how many outstanding ban requests they had. These numbers helped me deduce that many boards' most infamous personalities were all the same guy.
We were all offered the chance to become mods in 2010, but moot wanted to see our faces on a Skype call. I thought that was a step too far and just gradually stopped caring after that. Seems like I made the right choice.
On the whole it was barely held together technically and organisationally, mostly run by moot's personal friends, and fun all around. Things were far less serious then.
So you were able to find the leak? Because I see reports that it was hacked repeated as fact everywhere on Daily Mail-tier reliable news websites and Reddit posts, but they are all based on “rumors on social media go about that there was a leak” but I've not been able to find the actual leak searching for it. Obviously not many people want to link it but it's also weird that so many people claim to have so easily been able to find it when I cannot.
Finally, I was there and using it when the website went down and this did not resemble an actual hack but technical issues. First there were a couple of hours where the website was up but no posts went through for anyone except occasionally when a new threat was bumped, mirroring the normal pattern of downtime issues that sometimes occur and then it just went down completely. This doesn't really resemble how a hack plays out but looks more like technical issues to me.
Even now, going to the front page, it loads for me, except very slowly and incompletely. This does not resemble a hack but technical issues.
Rip 4chan. For all the bad it did, 4chan also made at least one real contribution to science [1], specifically to the study of superpermutations (aka the Haruhi problem), which was cited by genuine academics. We should try to remember it by that.
Given a set of characters, find the shortest string with all permutations of that set. With 2 characters a,b the answer would be "aba", length 3 (not 2! like you suggested).
There's a KnowYourMeme [0] post with additional details and context. Most interesting to me is finding out that there' s a word filer / transformer, so SMH becomes BAKA and TBH becomes DESU, as two examples.
The term “weeaboo” as a term for western anime fans only came about because it was what the word “wapanese” filtered to. It was originally a nonsense work made up in a Perry Bible Fellowship comic.
From what I heard, it was because they were tired of people posting "tbh fam". This does result in people instead posting "tbdesu" in being aware of the filter.
A note that the filter for "doublechan" was never updated to include its current name, nor the place where this current attack originated was ever filtered, afaik.
/lit/ is a goldmine, I’ve discovered so many amazing books there. Everywhere else on the web is algorithm or voting skewed so no real opinions can be shared
I agree, I'd even go so far and say it's one of the best places on the internet to discuss 'serious' books (within all the rampant troll posts). Book discussions on reddit are far too positive when it comes to terrible books, /lit/ will call a bad book a bad book. Plus there was always an undercurrent in interest in 'obscure' books - there are great reading charts out there for all kinds of literatures and languages made by /lit/ users.
Readit News
Apparently some boards allowed uploading PDF files, but the site never checked if the PDF file was an actual PDF file. Once a PDF file was uploaded it was passed to a version of Ghostscript from 2012 which would generate a thumbnail. So the attacker found an exploit where uploading a PDF with the right PostScript commands could give the attacker shell access.
4chan's PHP code would offload that task to a well-know, but old and not very actively maintained EXIF library. Of course the thing with EXIF is that each camera vendor has their own proprietary extensions that need to be supported to make users happy. And as you'd expect from a library that parses a bunch of horrible undocumented formats in C, it's a huge insecure mess.
Several heap overflows and arbitrary writes all over the place. Heap spray primitives. Lots of user controlled input since you provide your own JPEG. Everything you could want.
So I wrote a little PoC out of curiosity. Crafted a little 20kB JPG that would try to allocate several GBs worth of heap spray. I submit my post, and the server dutifully times out.
And that's where I'd like to say I finished my PoC and reported the vulnerability, but in fact I got stuck on a reliable ASLR bypass and lost interest (I did send an email about the library, but I don't think it was actively maintained and there was no followup)
My impression from this little adventure is that 4chan never really had the maintenance and code quality it needed. Everything still seemed to be the same very old PHP code that leaked years ago (which included this same call to the vulnerable EXIF library). Just with a bunch of extra features hastily grafted and grown organically, but never dealing with the insane amount of technical debt.
This describes probably 95%+ of the entire software world, from enterprise, to SaaS to IoT to mobile to desktop to embedded... Everything seems to be hastily thrown together features that barely work and piles of debt that will never get fixed. It's a wonder anything actually even works. If cars (the non-software parts) were made like this, there would be millions of them breaking down by the side of the road daily.
Always check what is getting uploaded.
But in this case, it's subtly different.
This issue relies more on a quirk of how PDF and PostScript relate (PDF is built on a subset of postscript).
Imagine you had an image format which was just C which when compiled and ran produced the width, height, and then stream of RGB values to form an image. And you formalised this such that it had to have a specific structure so that if someone wanted to, they didn't have to write a C compiler, they could just pull out the key bits from this file which looks like ordinary C and produce the same result.
Now imagine that your website supports uploading such image files, and you need to render them to produce a thumbnail, but instead of using a minimal implementation of the standard which doesn't need to compile the code, you go ahead and just run gcc on it and run the output.
That's kind of more or less what happened here.
It's worth noting here that it's not really common knowledge that PDF is basically just a subset of postscript. So it's actually a bit less surprising that these guys fell for this, as it's as if C had become some weird language nobody talks about, and GCC became known as "that tool to wrangle that image format" rather than a general purpose C compiler.
The attackers in this case relied on some ghostscript exploits, that's true, but if you never ran the resulting C-image-format binaries, you could still get pwned through GCC exploits.
We still get plenty of results, because the tooling also gets better, and finding just one vulnerability is enough to be devastating, which makes it kind of frustrating. There is tons of progress, but much of it is just not paying dividends.
Has there been a single year since 2012 that didn't include a new ghostscript RCE? Exposing ghostscript to the internet is dangerous.
https://buer.haus/2019/10/18/a-tale-of-exploitation-in-sprea...
We published a PoC for file write as part of our research and bug bounty submissions:
https://gist.github.com/ziot/fb96e97baae59e3539ac3cdacbd0943...
This was a user-empowering application of the vulnerability. Obviously, a bug that allows root-level arbitrary code execution just by getting the user to load a single image could be used for some pretty bad stuff. (And perhaps was.)
https://dsibrew.org/wiki/Memory_Pit
https://wiibrew.org/wiki/Bannerbomb
Don't run versions of ghostscript from 2012?
(incidentally I am now working on compiling this old GPL ghostscript to webassembly with file isolation... it works fine... but the compilation is kind of annoying)
Per Wikipedia:
In February 2013, with version 9.07, Ghostscript changed its license from GPLv3 to GNU AGPL.
With the AGPL license being legal kryptonite I wonder if license compatibility drove the decision (and how many other installations of Ghostscript share this concern)?
Deleted Comment
How do these exploits work? Does it open an SSH port somewhere or does it show up as a browser-based terminal?
It takes the normal client/server architecture and turns it inside out. If you remember FTP and active vs passive, it works like active mode FTP.
That's just one way to do it. If the attacker wants to actually listen on an open port on a compromised server that's behind a firewall, look up 'NAT traversal' for like half a dozen ways to do it.
One interesting method to get a shell that I read about is (ab)using ICMP echo requests. ICMP echo requests can contain arbitrary bytes as a payload. So the exploit will poll the attacker's IP address with ICMP echo requests. The exploit will have data payloads that have the shell's output. The attacker's server will respond with ICMP echo requests that have whatever the attacker wants to type into the shell. It's kinda janky but it works. Lots of firewalls might block outbound UDP/TCP connections from internal servers that don't need to make outbound connections, or might whitelist the addresses they're allowed to connect to. But they won't block ICMP, either because it's considered harmless or they forgot or they didn't know it needs to be blocked separately with other rules.
The point is there's any number of ways to do it, each more clever than the last.
Once you can run any command, you start passing in whatever commands you want.
Deleted Comment
do you know what the legal implications are for this?
if the company that owns 4chan finds the identity of the attacker, could they sue him in civil court? or do they send whatever logs they have to the FBI and the FBI would initiate a criminal prosecution? also what is the criminal act here? is it accessing their systems, or is it posting the data that they found "through unauthorised means" on a public channel like twitter? does the "computer fraud and abuse act" apply?
like if you found this exploit, and sent it to the company in good faith (ie a "good hacker"), are you free from prosecution? and what is the grey area, like if you found this exploit and then just sat on it for a while (let's say you didn't report it to the company, but let's also say you didn't abuse it, ie leak private data to twitter)
Deleted Comment
Some boards used to allow PDF files to upload too.
Deleted Comment
Kiwifarms is also discussing, links to code and griefing - https://kiwifarms (NSFW/NSFL) .st/threads/soyjak-party-the-sharty.145349/page-1468#post-21102686
Dead Comment
I remember that 4chan users had more honor than users on the internet today. One example would be 4Chan's "Not your personal army" mentality vs. the widespread doxxing/"call their place of employment!" witch hunts, driven by huge accounts on IG/Tiktok/etc, that hit normal people daily.
The modern social media landscape has become far more hectic, harmful, and downright scary than 4chan. Dodging explicit imagery is harder on Instagram's explore page than on 4chan, and the widespread popularization of OF creators has zero bounds across the socials. DOXXING is no longer frowned upon and now commonplace. And memes have become less unique and funny and more commoditized.
That's too generous. "Not your personal army" started because 4chan had a well-earned reputation for harassment - usually raiding other web sites, but often targeting individual people who caught their attention for one reason or another.
The "not your personal army" slogan came about because people who were very aware of this reputation were showing up, hoping to make a web site or person they disliked the next target. That got annoying fast, hence they told those people to go away.
It wasn't a moral stance against target harassment - far from it. It was a stance that the group mind will choose the next target when they feel like it - not because some rando is mad at their ex or something
Each and every post must stand alone and be judged alone. You do not know if it was posted by someone you hate or adore. It doesn't get hidden or promoted based on what a bubble voted. You see the post and you must judge it alone.
There are a lot of people who have nothing to contribute to a conversation, and a lot of people who are actively detrimental to a conversation. It used to be that you would put up with the craziest ones for the benefit of finding novel and overlooked ideas, but as the internet has become more accessible, the former group now outnumbers the latter.
I would be inclined to think that the problem is that I just grew out of the shock value, but I see the same trend on almost every other platform, too.
That said, HN functions decently well, though in some ways it is even worse in the censoring the outliers.
The core reason why HN is superior (IMO) is the curation and the moderation.
United by hatred of a scapegoat that they didn't choose on a random whim or due to some common agenda. Otherwise it's completely fine.
Since 4chan overtly resists it, it'd rapidly move off of there, but it's still a great place to find like-minded folks that'd follow someone to another server to go brigade someone.
Imagine how good a place it could have been if people over there talked like people on HN.
Like many others coming from social web, you expect to find some kind of community which fashions everyone shares, an apparel you can put on. The idea is complete opposite: you don't need to follow any fashion, or imagine yourself “part of the team” any more than you want to. Even though it's not written in any rules, you don't have to use slang or tone if you find them dumb, overused (globally or locally), or forced. Neither do you have to treat stupid posts with respect.
I assume that after 15-20 years of being part of collective consciousness, anonymous image boards have mostly the same public as any average site. Amount of crap that you can read there is just the same as everywhere (though in some cases this or that Big Brother hides it from your view — obviously, to make you more comfortable, and spend more time in his warm embrace). The difference is that regular social fashions mandate the use of suitable set of candy wrappers for the crap, then there are customary ways of dealing with them, so in the end people just spend their time wrapping and unwrapping crap, but are proud of themselves, and call it “civilised discourse”.
That's antithetical to many of the foundational rules of the internet, which are core to 4chan culture.
The whole point is that they don't let the fluctuating, weak-willed whims of normie sensibilities determine what's allowed.
If it was pleasant to the senses then it wouldn't be counterculture.
with no names, likes, virality, accounts, etc there’s less focus on writing the basic filler comments. less companies trying to sell me stuff. less focus groups trying to tell me what to think. and with less censorship you end up seeing more creativity
I’m not sure you’ve actually been to 4chan…
The ubiquitous expectations for modern humor among younger and even middle-aged people rely a lot more on knowing not just the joke but the culture and context it evolved in, and that sort of thing very much dominated bubbles of terminally online people before many people became terminally online and there was an expectation that everyone would know what you meant if you sent an image macro as the entire reply to an email.
You can find example after example from not that long ago of people who are not so terminally online being completely perplexed, on TV and otherwise, and memes like "what the fuck is he saying" "let's get you to bed grandpa" about the cultural disconnect.
Unfortunately, this sort of attention minmaxing without enough deliberation and learning around it produces people who are uncritical of what they consume and just want the next hit.
Deleted Comment
The christchurch shooter was a 4chan regular https://theconversation.com/christchurch-terrorist-discussed...
The whole "boogaloo" white nationalist/supremacist movement started on 4chan:
https://www.splcenter.org/resources/reports/mcinnes-molyneux...
"Not your personal army" but 4chan users would routinely dox, swat, and otherwise harass people all the time.
I have no idea why people are whitewashing 4chan so hard.
Dead Comment
Dead Comment
Obligatory post about the dumbest argument to ever be had online [0]. It’s so good, the Wikipedia entry [1] has a section devoted to it.
[0]: https://web.archive.org/web/20240123134202/https://forum.bod...
[1]: https://en.wikipedia.org/wiki/Bodybuilding.com
I suspect TheJosh had something like that with the week where he visualized it with Sundays at both ends but lacked the self awareness to realize that this was not a universal representation.
Why was a mathematician necessary for this assertion?
Jon Bois did an amazing video about this one: https://www.youtube.com/watch?v=eECjjLNAOd4
Because it is the 2nd most active category, and the racist/alt-right beliefs have spread to the other boards because the head admin fires anyone that tries to moderate it.
https://www.vice.com/en/article/the-man-who-helped-turn-4cha...
On top of that, they actively delete and ban posts that go against alt-right.
I discussed it somewhat recently here: https://news.ycombinator.com/item?id=42276865#42283887
The most notable radicalisation happening on /pol/ nowadays, in my opinion, is a kind of hyper-masculine third-worldist ideology that is anti-semitic in its foundation and deeply misogynistic. While those two traits might sound superficially similar to the 2015 "Alt right", this new ideology has a significant pro-Islamist tendency, and has an almost comprehensive disdain for the west and its ways of life, in favour of authoritarian regimes like like Russia, Iran, and China. Also, as is being corroborated by other online circles like the Nick Fuentes "Groyper" movement, this faction of the online far-right is an increasingly post-racial one, with more traditionally white supremacist views disappearing, to be filled in by antisemitism.
Personally, I think this cultural political shift in the imageboard represents the increased representation of developing countries online, and is an important case study in how quickly cultural foundations can shift inside the borderless land of the internet.
Lurk moar.
/pol/ isn't trying to be like the millions of other politic discussion forums online. It's literally intended to be politically outrageous so when people like yourself complain that it's full of outrageous alt-right content you're typically missing the point.
It's full of things that appear to be alt-right because stuff like racism, sexism and transphobia is extremely politically incorrect. While far-left views might be equally reprehensible, these views are not seen as equally politically incorrect. It's actually quite hard to hold politically incorrect far-left views unless you incorporate some far-right views – being so pro-trans that you hate biological women or something stupid. This is why you tend to see less left-wing content there. It's hard to be offensive and left-wing.**
But even then I think it's wrong to say /pol/ is full of alt-right content to be honest. There are alt-right people there for sure, but huge amount of the political memes posted on /pol/ are mocking the alt-right and the right more broadly. The board is constantly roasting the MAGA movement, for example.
As a brit my favourite threads on /pol/ are the brit/pol/ threads which basically just post politically incorrect memes mocking Brits and joking about how shit the UK is. These threads largely just Brits shitposting with each other and it would be wrong to assume the existence of hateful anti-British content on /pol/ is somehow evidence that /pol/ is xenophobic against Brits. People should take a similar views of the racist/alt-right threads – the vast majority of people there are just trolling and being offensive for a laugh. You don't have to like the humour, but most of it is just people shit posting.
> they actively delete and ban posts that go against alt-right.
Loads of stuff gets removed... If you're posting content that "goes against the alt-right" you're probably taking the board way way to seriously and you probably should be banned.
** Interestingly another commenter in the thread asked about why there's so much interracial porn on /pol/ if it's so racist, which kinda highlights my point here. Just hating white people isn't politically incorrect – there's people doing that all over Reddit. To make hating white people offensive you basically have to incorporate racist stereotypes about about how whites are genetically inferrer to blacks in various way, but then in doing this you'll get viewed as racist and alt-right because you're using racial stereotypes about how blacks are more athletic, etc.
If you're up for it I challenge you to be politically incorrect from a left-wing perspective without it being possible to argue that it's actually far-right.
Dead Comment
That has not been the case for years though. I'd say it shifted to twitter as things shifted to inseparably political on almost all of 4chan maybe 6-8 years back and then shifted away from twitter a while after elon bought it and a lot of people started to bail. and I honestly don't know where exactly it's shifted to now, but I'd have to guess tiktok and similar new platforms.
But regardless I do think 4chan has lost nearly all of it's cultural influence, but still maintains it's notoriety.
Could you give some examples? The more unexpected, the better.
Preferably with sources, because tracing word origin is difficult enough on its own.
I can’t keep up anymore.
- no modern web frameworks
- no microservices/kubernetes clusters
- no algorithmic curation/moderation/recommendation algoritmhs
One wonders just how much of the modern engineering developed in the past decades, that cost a fortune to develop and run is actually necessary or even beneficial for running a modern social media website
It was eventually a replacement for the /new/ board, where news of the arab spring first started, shortly before it was shut down. However, it was plagued with proto-pol behavior before anyone was bothering to complain about pol.
There was always these 'cells' of non /jp/ shitposters, if they weren't the OG shitposters themselves, that would post about left-right politics ad nauseum, and in the most hallmark unproductive ways. It was when trolling evolved from 'clever this and that' to shear brute forcing. It was the topic of the news that attracted these unsavor political actors into that place, which was for a short period of time, a great diverse place for collecting news.
This social phenomena and history could never be repeated enough, particularly since we might be finally ending the story of pol/4chan - which was more popular than 4chan itself.
People who still complain about /pol/ look a little like people who would still complain about ebaumsworld: Completely out of touch individuals who equate everything to a tiny phenomena.
… but then again I never looked at /pol/, maybe it's even worse than /b/?
That's probably why a lot of websites use moderation to avoid having one section of it turn into a cesspit of every -ism you can imagine, up to and including fascism, because once you have a section of your website that is openly coordinating the pushing of fascism on society, everyone kinda forgets about the diverse and interesting other things it might have, because of the fascism.
Is this documented?
I discovered 4chan around 2008 as a kid, it was much less hostile back then. Even as an adult I used to go on /fit/ every now and then. It was useful and funny and even “wholesome” in its own special way.
But over the last few years, the entire site became /pol/, and other boards became unusable. Maybe once a year I will pop in and immediately regret it.
I still miss hanging out on /v/ and /fa/. When they split /vg/ out into its own board, the colour started to drain from my experience.
I'm curious, why bodybuilding.com in particular? I think I've only heard of it once. I wonder if anyone on HN remembers stardestroyer.net or old weird tech forums?
I gradually lost interest when they started heavily pushing commercial sponsors. I get it; sites aren’t free to host, and moderator time isn’t free / unlimited, but it’s still sad.
Deleted Comment
Reddit can't get close due to its voting system.
/g/ is where I and a lot of people learned about FOSS advocacy and now it's just gamer hardware and transphobia.
it's a bit sad really. zero-barrier to entry, no login gates, no accounts, and traffic was so high that it moved really fast. it was like a dive bar covered in grime. will be sad to see it go. none of the other imageboards still kicking are quite the same, most are even worse tbh.
Deleted Comment
> A Soyjak.Party users also shared a list of emails they claimed are associated with janitor and moderator accounts, including three .edu emails. Although some internet users claimed that the leaks included .gov emails associated with members of the moderation team, this remains unverified.
Like who cares?
Deleted Comment
Reply references the post it is replying to by ID, most boards will turn that ID into a link or even create a UI to view a chain of replies.
> How do you know it's actually the person you're replying to who's replying back?
You shouldn't, an anonymous imageboard invites you to engage with ideas, not people. However, on most boards you can enter a password with your post, which is displayed as a hash, changing you from anonymous to pseudonymous (although this is generally considered attention-seeking and is frowned upon).
Where I'm sat the only reason our three (?) social media companies restrict none illegal speech/content is to make it more appealing to advertisers.
I miss the internet before it was driven by advertisers and their investors.
Sure I've encountered awful people on imageboards, but I've also encountered very nice, helpful people, some of which I've stayed in contact with long term.
Deleted Comment
I believe that's fair. Sure, it's "a different board" but it's just another URL on the same domain and same administrator, just different janitors. So it is really the part of the whole website. I know that 99% of people on 4chan disagree with me because they do not wish to be associated with /pol/ /b/ /gif/ but if they wanted to disassociate themselves with those boards then they should be on an entirely different domain without 4chan in name. polchan perhaps.
Combining that with the "post hands" request for a lot of food it was just an unpleasant community to participate it.
Weirdly trying to load the page right now I'm getting Connection timed out. Is hackernews ddosing 4chan? What a world.
[1] https://en.m.wikipedia.org/wiki/Lemon_pig
The title is also a fair bit understated.
They're leaking the moderators home addresses and work contact info (for admins, who are(were?) paid moderators)
You may enjoy the walled garden, I for one don't. Such sites gave you a hole to get away from the dystopian view that these gardens hold.
They gave independence away from forced control.
You're think about reddit and why it is the way it is from an editorial perspective and what kind of people have the time to mods 100+ subs for free...
But that ceased to be true long ago. While some of the supermods aren't paid by reddit directly, they might be paid by other orgs to mod and influence reddit, corporate or 'grass root'...
Some others simply hijack subs to sell their own products.
0 - https://castlevaniadungeon.net/dungeon.html
Dead Comment
Say what you will about 4chan but I am concerned for the team managing it - them and their close ones are certainly going to be exposed to a whole lot of viciousness soon :(
Isn't viciousness the notorious bread and butter of 4chan?
It might end up making them more sympathetic people on the long term. They might realise the seriousness of what they have done to others.
Mostly because, as more people came online, they mistook offensive humor for conservatism; and thought "counter-culture" meant "being opposed to the political party currently in power", rather than "being opposed to political parties".
I’d suggest taking off those glasses as they are a bit too rose-tinted. I was there, just like you, and the humor was way more “childishness” than “creative irreverence” well before 2010.
Of course, in a post-Bioshock Infinite world, there's really no excuse for not grokking how time and distance from the origins of a cultural behavior pattern can warp even well-meaning notions that aren't regularly re-examined and tuned to align the intention with the zeitgeist. If the Sarah Silverman-esque posters ever looked up and realized, "Oh, they don't know it's a joke, they're ACTUALLY Nazis," it was too late to shift things back. (Unless you were in a Boondocks thread on /co/, in which case correction was freely forthcoming.)
Probably didn't help that at least one mod wanted 4chan to become more racist, on purpose.
Something happened in the post-2010 times along with the Tea Party, and offensive humor - especially overt racism - became a mainstream part of conservativism, all the way to the White House.
> "jokes" where the punchline is "I hate my political enemies"
Hence the laughter in the White House at refusing to follow the court order to return their political enemies from the overseas prison.
4chan may have died, but Trump is more the first 4chan President than Howard Dean was the first "internet candidate", and especially Musk the Twitter Presidential Vizir is the heir to this culture.
there's no other online community i know of that still allows fully anonymous posting
the culture changed, but the "environment" causing the culture there to be the way it is still same as the original.
the bump/delete mechanics work well to promote the most controversial, most engaging content, without any advanced statistics or ML.
despite being a shitty place, i don't feel advertised to, spied or in any way abused _by the software itself_ while browsing it
2chan is a japanese site.
Also where did you see that they are leaking home addresses and work contact info? I think they just leaked the emails (I don't understand why home addresses and work contact info should be present in the 4chan database, everyone moderating the site for free).
I would presume Anon would which to remain anon.
https://en.wikipedia.org/wiki/Project_Chanology
Dead Comment
Dead Comment
Dead Comment
That said, my info is not on the list, I assume it was deleted when I left.
We were all offered the chance to become mods in 2010, but moot wanted to see our faces on a Skype call. I thought that was a step too far and just gradually stopped caring after that. Seems like I made the right choice.
On the whole it was barely held together technically and organisationally, mostly run by moot's personal friends, and fun all around. Things were far less serious then.
And the checks arrived on time every month: $0.00
Finally, I was there and using it when the website went down and this did not resemble an actual hack but technical issues. First there were a couple of hours where the website was up but no posts went through for anyone except occasionally when a new threat was bumped, mirroring the normal pattern of downtime issues that sometimes occur and then it just went down completely. This doesn't really resemble how a hack plays out but looks more like technical issues to me.
Even now, going to the front page, it loads for me, except very slowly and incompletely. This does not resemble a hack but technical issues.
To your point:
It's more likely than not real, it contains configs for the entire site.
[1] https://www.theverge.com/2018/10/24/18019464/4chan-anon-anim...
Per my understanding, there is a show with 14 episodes that the viewer wants to watch in every order possible. How is this not just 14 factorial?
I know this can't be the problem, but it's just not clear to me from the article.
Edit: I found this link that explains it to anyone else as confused as I was: https://old.reddit.com/r/explainlikeimfive/comments/1bvn1rz/...
[0] https://knowyourmeme.com/memes/events/april-2025-4chan-hack
The term “weeaboo” as a term for western anime fans only came about because it was what the word “wapanese” filtered to. It was originally a nonsense work made up in a Perry Bible Fellowship comic.
A note that the filter for "doublechan" was never updated to include its current name, nor the place where this current attack originated was ever filtered, afaik.
https://www.goodreads.com/book/show/28282177-hypersphere