I looked at some of the leaked source code and my god the code smells are so rotten its like they had a dead horse in the back for a while and its developed a stank like an Eric Andre skit.
It increasingly looks like nobody would maintain this bundle of wax besides under-experienced juniors who threw themselves at it, and apparently after moot sold it, it was never touched. It runs on an extremely old version of FreeBSD and PHP.
The fact this happened now as opposed to any time in the past decade is, I have no words.
I wanna bet attackers probably thought it would be maintained by one or several of the most no-life, chronically-online users of the web… or that they would be waiting for an attack to get revenge in their typical unhinged way… and it turned out no one was maintaining or watching it at all XD
security theater is a quite effective deterrent at times.
Not even 4chaners thought it was worth protecting
I mean, the source code looks a lot cleaner than WordPress, which is an incredibly sad statement.
Kill WordPress now.
I’m unconvinced that it’s even possible to write clean code in a language as fucked-up as PHP.
Your opinion was correct like 10 years ago. PHP7 made a lot of fixes to many of the problems it had and PHP8 improved on it even more. And if you slap a framework on top of it, like laravel, PHP looks awesome.
Also, the owner of Wordpress is allegedly a piece of s…
Seriously, with views like his I don’t know how he ended up owning a place like tumblr
I wish people would stop censuring themselves on lemmy like they do for the other social medias. You can say shit, and a lot worse now that you aren’t asking a corpo for permission to speak.
I think he did it because the actual WordPress guy (Matt Mullenweg) is really litigious.
Censoring*
Censure is like a harsh criticism
…panish Inquisition
Didn’t expect that
Nobody does 😔
Shaaaaaving cream! Be nice and clean! Shave every day and you’ll always look keen!
Aaah, someone of culture, I see.
Stilton Cheese?
Satin undies?
Shit?
Satin undies?
Close. Soiled undies.
Ssssssandwiches
Really though, it doesn’t.
I absolutely hate the way 4chan formats their HTML + PHP intermingling in views. That’s not to say WordPress doesn’t do this as well, but oh man in a much better, cleaner, and more sparingly way. The 4chan imageboard view Github -> 4chan is absolute chaos. Why this wasn’t rewritten is beyond me. That’s just the first thing I see as I peruse the source, I can’t imagine it gets much better from here.
Here’s a fun exercise: What’s the deepest nest in this loop? Github -> 4chan Bonus points: What’s the deepest nested statement in the whole source?
but oh man in a much better, cleaner, and more sparingly way
I don’t think we’re looking at the same source code. The first thing I see in wp-activate.php:
function wpmu_activate_stylesheet() { ?> <style type="text/css"> .wp-activate-container { width: 90%; margin: 0 auto; } .wp-activate-container form { margin-top: 2em; } #submit, #key { width: 100%; font-size: 24px; box-sizing: border-box; } #language { margin-top: 0.5em; } .wp-activate-container .error { background: #f66; color: #333; } span.h3 { padding: 0 8px; font-size: 1.3em; font-weight: 600; } </style> <?php }This isn’t better nor cleaner. This is a disaster. A function that stops PHP execution halfway-through, outputs some text and then restarts PHP execution? Hell, I’ve been in the PHP ecosystem for over a decade now and I didn’t even know this was possible and I wish that knowledge was still hidden from me.
Maybe I was wrong by saying that the 4chan source code is better than wordpress, fair. Maybe I should just say both are abominations, I will not judge which one is better and both should be discarded and forgotten.
This has been possible since the very beginning of PHP.
I won’t say if this is the best way now. I haven’t touch PHP in the last 2 decades.
I completely disagree.
Intermingling PHP and HTML is one of PHP strengths. The processing/executing difference you’re describing is almost always negligible due to how PHP is optimized (specifically for this kind of thing - outputting HTML to the browser sometimes).
Seriously, compare this to the 4chan image board view we really aren’t looking at the same source code. In comparison, the WordPress function is blocked, purposeful, together. It’s a single CSS block output all at once. On the otherhand, in the linked 4chan discussion board PHP file, it echos as strings, broken up by multiple conditionals, and is difficult (even from an IDE perspective on highlighting) to tell where a block starts and where it ends (again due to it being echo’d in strings, and broken by conditionals). Trying to modify this blocked CSS is going to be wayyyyyyyyyyyyyyyyyyyy easier than trying to modify a bunch of printed HTML strings broken up by multiple nested conditionals. Plus it’s just straight-up easier to read and straight-forward to understand what the function does right away.
To harp on this even more, one of the benefits of blocking HTML in this way is IDE highlighting. In your example, if you were to pop that into a modern IDE like VSCode, it’ll highlight tags and allow collapsing like a normal HTML doc. It’ll probably even highlight the CSS as expected. On the other-hand, by echoing / printing HTML strings, IDEs aren’t going to highlight these things as HTML since they’re PHP strings, and in the case of the imageboard, it’s going to struggle finding matching open/end tags due to PHP strings and broken conditionals. I’d much prefer the WordPress example over echo / printing multiple lines of HTML strings (this is really a pet-peeve of mine).
I can’t think of a single system that doesn’t “stop PHP executing” at some point to output HTML in some way. Maybe an app that dynamically pulls it’s views in through JS I guess.
For comparison to future readers, this is just a small portion of the imageboard which goes on like this for another 600 lines:
if( $resno ) { $closed = $log[$resno]['closed'] || $log[$resno]['archived']; if( !$stripm ) { $msg .= '<div class="navLinks mobile"> <span class="mobileib button"><a href="/' . BOARD_DIR . '/" accesskey="a">' . S_RETURN . '</a></span> <span class="mobileib button"><a href="/' . BOARD_DIR . '/catalog">' . S_CATALOG . '</a></span> <span class="mobileib button"><a href="#bottom">' . S_BOTTOM . '</a></span> <span class="mobileib button"><a href="#top_r" id="refresh_top">' . S_REFRESH . '</a></span> </div>'; } if( !$stripm ) $msg .= '<div id="mpostform"><a href="#" class="mobilePostFormToggle mobile hidden button">' . S_FORM_REPLY . '</a></div>'; } else { if( !$stripm ) $msg .= ' <div class="navLinks mobile"> <span class="mobileib button"><a href="#bottom">' . S_BOTTOM . '</a></span> <span class="mobileib button"><a href="/' . BOARD_DIR . '/catalog">' . S_CATALOG . '</a></span> <span class="mobileib button"><a href="#top_r" id="refresh_top">' . S_REFRESH . '</a></span> </div> <div id="mpostform"><a href="#" class="mobilePostFormToggle mobile hidden button">' . S_FORM_THREAD . '</a></div>'; }Formatting and structure is important for a readable framework / project and longevity. 4chan had none of this - Moot took the bag and ran and whoever took it over just left left the PHP standards/organization in 2003.
Intermingling PHP and HTML is one of PHP strengths
Eeeh, no. It’s a bad practice in 2025. That was a good thing a decade ago.
Trying to modify this blocked CSS is going to be wayyyyyyyyyyyyyyyyyyyy easier than trying to modify a bunch of printed HTML strings broken up by multiple nested conditionals. Plus it’s just straight-up easier to read and straight-forward to understand what the function does right away.
True. But I was just looking at the source code of wordpress for 30 seconds. I could probably find worse.
To harp on this even more, one of the benefits of blocking HTML in this way is IDE highlighting.
Which isn’t a problem if you use a template engine - as you should in modern applications.
I can’t think of a single system that doesn’t “stop PHP executing” at some point to output HTML in some way.
Not a single modern system does that. It’s terrible practice and won’t even pass automated code reviews with sane settings.
Not a single modern system does that. It’s terrible practice and won’t even pass automated code reviews with sane settings.
What you’re talking about is semantics. At a base level, whether you use a templating engine, include / require, or just straight up mix HTML / PHP - PHP “stops execution” to output to the browser. The few exceptions to this that I can think of is if it’s instead handing off that responsibility to JS or some other frontend processor.
Templating engines are cool. They make it easier to separate your views from logic. It makes interloping more straight-forward and possibly more maintainable (though, not always - Engines don’t save from bad practices), but I do not agree that it’s defacto. I think the strength of PHP is it’s ease to just jump into it and get something working, right “out of the box”. The ease of mixing PHP and HTML is a boon from an entry level aspect. Low entry level leads to wider adoption, leads to more discussions, more volunteers for FOSS, more bug reports, more more more.
I could create a vanilla PHP application that organizes views just as well without a templating engine which could be understood by someone with baseline PHP knowledge - that’s good thing. It’s inherit to PHP and I won’t need to worry about keeping any templating library updated or ported to a new engine. In my made-up vanilla app, I wouldn’t do what 4chan did in their views, but I may do what WordPress does in your example because, used sparingly, in an organized application, it’s not that big of a deal. For the most part though, I do like to keep my HTML views and my PHP logic separate in an MVC kind of way either through templating or just straight up includes.
I looked at some of the leaked source code
Where? I’d be interested in looking through it too
Link unfortunately dead by now…
here’s a new one: https://files.catbox.moe/d56ws8.7z
I can upload a new one. Ping me tomorrow when I’m awake again.
check some of the other chans and you will find a catbox.moe link to it.
Didn’t they get hacked pretty regularly in the past?
So, a bunch of trolls got hacked? I’m not sure how I’m expected to feel about this, but frankly, I’m not feeling anything at all.
As someone who has never actually used 4chan, I have popcorn and am just sitting back and enjoying the shit show
That’s the best way to consume 4chan content.
well thing is, they might be searching for a new home
Oh many of them are here already.
It’s like a circus, grab popcorn and watch.
Now thats a meme i havent seen in 20 years
It’s an older meme sir, but it checks out.
Boxxy must be what…40 now?
I still would
She turns 33 in few days.
I bet you didn’t even look that up.
No, I didn’t even know who Boxxy is before this. I looked her up and Google gave out her Birthday.
I’m assuming that if you know that, you probably also know what she does for a living now… And I also want to know that. Programmer? Porn? Paralegal? I can’t even take a guess that feels right.
I can’t help you with that, I never read about Boxxy before yesterday. I didn’t use 4chan either…
I remember when she was popular learning that that she was like 10 years younger than me, so 35-ish.
Queen
damn it’s even in the original 140p
120x160, actually, but effectively close enough.
(e: also it’s a static image; no need to indicate whether it’s interlaced or progressive, because again, it’s a static image. And before you get pendantic: yes I’m aware that PNGs can be interlaced or progressive—but this is a JPEG—and those terms mean something completely different when referring to static images, compared to video.)
It’s also not a progressive JPEG either.
pendantic
lol
deleted by creator
Start linking up 4chan IDs to real rich people like Musk or republican officials and watch trump start calling for the death penalty for the hacker.
It’s that incel elon musk starting all those facebook porn threads on /b/.
I think you guys have a weird idea of what 4chan is.
https://archive.4plebs.org/pol/search/tripcode/!SATANZ0Gpo/page/3/
Allegedly Elon’s account.
Did 4chan had usernames and so? Wasn’t it’s deal that ir was anonymous?
Some of the boards use a system called tripcodes, which are essentially a username and password in one that are used when writing individual posts. It allows people to prove that they’re the same person across multiple posts, without anything as identifying as a user profile attached.
I always tough that they were cookie-generated, like you wnter the cookie assign a code for you that eventually go off. Pretty lame them pretending to not have user names while doing it.
Pretty lame them pretending to not have user names while doing it.
doesn’t this essentially make it an opt-in system to user names?
Tripcodes are not automatically applied. Default posting was anonymous, but a user could optionally post with a tripcode name.
Some boards like /pol/ introduced post IDs where a randomly generated code would follow your anonymous name within a thread, so others could see which comments within a thread were the same person. That system wasn’t site wide though, and it wasn’t a persistent account.
I posted an amused and positive comment on the orange site about this and in 2 minutes got a threat about me getting hanged in the near future. Tech bros be panicing.
I mean, the same will happen here if you post the wrong opinion. It’s not that different from Reddit. (See how I used to word and nothing happened, btw?)
I would like to be hung. 😏
What’s the point? 4chan seems like such a low value target.
A bunch of chuds got angry that they were banned because they went brigading against LGBTQ+ folk.
This was the end result
Ah yes, there’s no honor amongst thieves.
By my understanding, 4chan left themselves vulnerable which, given the circles they foster, means they were going to be compromised. No fear of reprisal or consequence for it either. Not like when attacking a major corporation or government.
i’m fairly certain there are more than likely a LOT of politicians on there with very questionable posting records who would probably be on a sex offender registry if it got out.
If they’re Republican it won’t matter.
For the LULZ obviously.
For revenge
The Elon thing is possible, and there’s a screenshot in the Reddit thread that’s kinda convincing, but I’m still not bought in.
Tinfoil hat brain is wondering if there’s something in there someone’s supposed to find but 😂 🤷🏻
someone hacked into the sewer and stole all the turds
That Reddit thread is a very strange experience for someone not of their culture
Lemmy and 4chan do have one thing in common
Hating reddit.
Also a shady image to the point some people who have only heard of it think it‘s some deep web voodoo. They have that in common somehow.
We have voodoo? Since when
We take turns taking care of it. You’ll get your turn eventually.
Of course, they hate Reddit because they can’t use hate speech there
Reddit allows racism or sexism just fine without slurs or with slurs depending on the subreddit.
You see it mostly on the more political and gamer/incel type communities there.
there are literally subreddits with slurs in the name
Ah yes “hydrohomies” had to change after they got too popular.
That is all 4chan lingo. As a general rule of thumb, if it sounds like something Elon would say, it’s from 4chan.
Just remember that the vast majority of those users are in their mid-late 30s or even early 40s. Zoomers and even younger millennials never gave a shit about 4chan.
Maybe they didn’t care to the same degree but unfortunately incel culture was fostered in several areas, and a lot of them are younger than mid 30s.
Oh incels are a massive problem. But younger millenials and genz and the like got radicalized by reddit and twitter and the like, not 4chan. And then they just went straight to 8chan if they left their festering grounds at all.
its like… getting a whiff of something I haven’t felt in a long time.
more like very sad
Question: what is the significance of /qa/, why was the board banned in the first place, and why did the hackers bring it back?
Is this the end of 4 Chan?
If so, it’s a fitting way for them to die.
4chan died a long time ago.
When do you consider it died? 2015 when Poole sold it?
I wonder about this sometimes.
Poole knew he had a contentious base of users. I remember in 2013 or 2014, 4chan users posted photographic evidence his gf was cheating on him, and I think it broke him. I dont blame him for selling the site, but 18 months later… I wonder if Moot knew he was holding back the end of the world.
I wonder if Poole has done any interesting interviews on the intersection of 4chan and the modern fascist propaganda machine it bred.
I have this dream that one day I’ll like, sit next to him on an airplane and have a chance to ask him.
Around then for me. Hiroyuki allowed /pol/ to happen when moot tried it and ditched it quickly. Too many people started thinking their farts didn’t stink. I went there for anime discussions when every other popular site was a hugbox.
yet the rotting carcass is still around stinking
Sort of like US Democracy.
No, the people who come there are retarded. They will still be retarded in a week or a month from now.
Who is this 4chan guy?
Pools closed
The hacker known as 4chan hacked himself? 😮
Who is this anonymous and why does he keep talking to himself?
Come over to Marblecake and I’ll explain.
Turns out the hacker known as 4chan barely knows how his own code.
10000 line file with no comments is honestly relatable as someone who took a job and had to wade through code like that
My nightmare source was only a few lines less, and it actually was commented. But in French. Label names were also dereived from French. The original author was dead, and Google translate was not yet a thing.
I’ve seen code where all the comments were simply URL references to tickets on a now deleted Trello board. Great, real helpful thanks.
deleted by creator
Which one of you is going to hack reddit then?
ok ok I’ll do it
