Furthermore, how IN is supposed to handle files Plain Text
02:00:53 @linear do the hashes have to be that long, couldn't you just have half of them 02:00:55 @linear to make links shorter 02:01:18 @linear or maybe then colliding is too easy, but that's such a long link 02:01:21 n-tech well you could just do /test/-post-id-/file/0/xxxx.webm 02:01:25 __uguu__ hash collisions is too easy with md5 anyways 02:01:32 __uguu__ may as well 02:01:33 @linear i assume it'd be using sha 02:01:47 __uguu__ sha1 sha2 or sha3 ? 02:02:00 __uguu__ i want a reason to use the shiny sha3 stuff 02:02:08 @linear it has newer backdoors 02:02:34 __uguu__ oh? is that the chatter on the grapevine? 02:03:12 @linear dont think so really 02:10:34 n-tech __uguu__, I don't know if you actually care, but there's a header called X-SendFile that does the best of both worlds. You still need a PHP process but it gives all the access controls without having to load the file into RAM to stream it. 02:10:50 n-tech That's probably what the bottleneck was 02:11:13 n-tech tho tbf I dont know if it does seeking 02:11:29 __uguu__ seek and tell are a thing 02:11:37 __uguu__ you can do those on file descriptors 02:12:13 __uguu__ given you have access to the underlying file descriptor you can do a seek via that 02:12:46 n-tech Have you worked with X-SendFile? 02:12:55 __uguu__ it 02:12:59 __uguu__ it's an http header 02:13:02 n-tech yes 02:13:16 __uguu__ i fail to see how it applies when doing seeking 02:13:41 n-tech Well unless I'm reading this wrong it looks like what it does is 02:13:59 __uguu__ i think you at the wrong network 02:14:01 n-tech instead of sending the header to the client, it's intercepted by the webserver, and then it handles that file by proxy of the request 02:14:02 __uguu__ er 02:14:06 __uguu__ i think you're at the wrong network layer 02:14:31 n-tech http://stackoverflow.com/questions/3697748/fastest-way-to-serve-a-file-using-php 02:15:30 __uguu__ you're still spawning a php process tho 02:16:23 n-tech yea but that's not the issue, I don't think. I don't know because I haven't done strenuous checks to see where the actual bottleneck is. 02:16:44 n-tech If the issue is RAM and not CPU, as I believe it is, the issue can be resolved while retaining the ability to do things like access restrictions 02:17:10 __uguu__ one solution that is pretty obvious is serving it statically via the webserver... 02:17:27 __uguu__ is pretty fast that way 02:17:29 n-tech If you can find a way to do that without changing the naming convention, do it. 02:17:29 __uguu__ js 02:17:44 __uguu__ can i add a query parameter? 02:17:50 n-tech like, a GET? 02:18:12 __uguu__ http://infinitydev.org/test/file/4d95b3b0377c82aba399a07db6087fb6/1440702842449.webm becomes http://infinitydev.org/test/file/4d95b3b0377c82aba399a07db6087fb6/1440702842449?webm 02:18:38 n-tech Why isn't it possible to use the filename at the tail end to determine mimetype? 02:19:08 __uguu__ actually you're right, it wouldn't matter 02:19:25 n-tech I mean I'm a big dummy but surely 02:19:30 n-tech you can just take the /filename.ext 02:19:36 n-tech and get the webserver to serve a file with that right? 02:19:44 __uguu__ i could do some rewrite rules possibly 02:19:58 n-tech I can't imagine it being more complicated than two tokens in a regex 02:20:06 __uguu__ indeed 02:20:17 n-tech I mean if you can make it so that 02:20:22 n-tech you take a little snippet of code 02:20:35 n-tech and plug it into the webserver to catch the same route that the php router uses 02:20:39 n-tech I would supply that in documentation 02:20:42 n-tech because that's a good solution 02:20:52 __uguu__ i could provide an nginx config that automagics all this so you can serve stuff statically without needing changes 02:21:07 __uguu__ still would be great to have some changes tho 02:21:31 n-tech in terms of changing filenames what I would be willing to do is adopt SHA1 02:21:47 __uguu__ sha1 is as broken as md5 but different 02:21:55 __uguu__ in bittorrent there have been hash collisions in the wild 02:22:14 n-tech The consequence of a successful hash collission in Infinity Next is uploading the wrong file 02:22:14 __uguu__ i have to find that paper 02:22:42 __uguu__ there's also cryptographic complexity based dos attacks 02:22:49 __uguu__ those are leet as fuck 02:22:54 n-tech wut 02:23:31 __uguu__ if you have something like RSA that takes longer to sign than to verify you may be able to do a DoS attack exploiting that 02:23:59 __uguu__ for hash functions probably not applicable but it depends on the function 02:24:10 n-tech well like 02:24:14 * __uguu__ /tangent 02:24:26 n-tech if you're doing that you're spamming image uploads, right? 02:24:37 n-tech the spamming image upload seems more problematic 02:24:38 __uguu__ you don't use RSA anywhere right? 02:24:53 n-tech I don't.. think so? I think copypaste wants to have signatures work using key files 02:24:56 __uguu__ it's not like you sign uploads with RSA 02:25:13 __uguu__ copypaste wants curve25519 sha512 which is constant time 02:25:17 __uguu__ 100% immune to that 02:25:25 n-tech Oh then I have no idea. I don't think so mate. 02:25:33 n-tech I just want people to be able to upload files and have them stored reliably lol 02:25:35 __uguu__ yeh, just a tangential blurt 02:25:37 n-tech I also think it'd be cool if 02:25:47 n-tech in modern browsers you can read a file that's prepped for upload 02:25:49 n-tech and MD5 hash it 02:25:55 __uguu__ you can it just sucks 02:25:56 n-tech I think it'd be cool if we could check file existence remotely 02:26:10 __uguu__ you do it with js 02:26:12 __uguu__ client side 02:26:15 __uguu__ :D 02:26:20 n-tech yea, exactly, that's what I just said god nibblets 02:26:34 n-tech you drop a file into dropzone.js and then it does a quick api call with the md5 of it 02:26:44 n-tech and if it exists, you mark it as already extant and send only the hash 02:26:55 __uguu__ may as well run a bitcoin miner with web workers it'd be more useful than hashing stuff client side 02:27:13 n-tech ? 02:27:13 __uguu__ you can always lie about the hash and then if you're checking server side.... why bother? 02:27:22 n-tech wut 02:27:26 n-tech this is for people like me 02:27:33 n-tech who have a 250kb/s connection 02:27:39 n-tech and dont want to spend 10 minutes uploading a webm 02:27:48 n-tech I don't care about people lieing who gives a shit 02:27:58 n-tech "i am uploading a file .. BUT I AM NOT!!" wow security breach 02:28:12 __uguu__ i could replace every image with goatse :D 02:28:18 n-tech no you dummy 02:28:24 n-tech god damnit dude 02:28:25 n-tech you fucking 02:28:29 n-tech add the file to your upload form 02:28:31 n-tech the CLIENT makes an MD5 02:28:36 n-tech the CLIENT asks the SERVER if that MD5 exists 02:28:44 __uguu__ how about: 02:28:45 n-tech if it DOES EXIST it uploads NOTHING and the extant md5 is what appears 02:29:04 __uguu__ client hashs, lies about hash, uploads the same image 5000 times 02:29:12 __uguu__ but the hash is different! 02:29:12 n-tech you lieing about the hash does nothing 02:29:17 n-tech because the hash is generated on the server 02:29:23 __uguu__ but then why do it on the client side? 02:29:24 n-tech you don't trust the fucking client with the hash generation what the fuck 02:29:31 n-tech ???? 02:29:37 n-tech to see if you even need to upload it 02:29:42 n-tech you're asking if the server already has a copy of the file 02:29:45 n-tech so you can skip uploading 02:29:47 __uguu__ you are checking for non existence i get that 02:30:02 n-tech the purpose of this is to determine if the client needs to spend time uploading a file 02:30:04 n-tech where is the issue 02:30:12 n-tech you don't trust the client's hash when the file is received 02:30:22 __uguu__ you could enumerate what files are there 02:30:35 __uguu__ that's not really always a good idea 02:30:52 n-tech in what instance is saying "yes, we have this file" a bad idea 02:31:08 __uguu__ so a spammer can effectively spam 02:31:26 __uguu__ it speeds up posting 02:31:38 n-tech sure? but it's not bloating the webserver with more content 02:31:41 __uguu__ it seems counter intuitive is all 02:31:44 n-tech that file exists once [...] 02:32:03 n-tech you still have anti-spam tools, post cooldown timers, captchas, etc 02:32:15 n-tech shit if they're so nice you can add a link "Delete all posts with file" 02:32:47 __uguu__ i wonder what the tradeoff for md5ing something in the browser vs just uploading it is 02:33:05 __uguu__ idk if it 02:33:08 __uguu__ idk if it'd be worth it 02:33:19 __uguu__ people would understand that their internet is slow 02:33:39 __uguu__ they wouldn't understand why their browser freezes up every time they click to upload a file 02:33:47 __uguu__ possibly 02:33:56 __uguu__ aaaanyways 02:34:00 * __uguu__ gets the nginx config 02:49:19 n-tech Okay, I'm physically ill and need to be up in a few hours. Goodnight. 02:49:59 Doke pee pee