News

DNS update
Update: All done.

Apologies for any service interruption while some changes to DNS records propagate.

-Tom
Last edited
Christmas Party
Fatchan is formally invited to both participate and contribute to a Christmas Party on December 18th! (The Saturday before Christmas).

For the month of December, a group of anons from anon.cafe/christmas/ organized around hosting a Christmas Party on the 18th, starting around 9PM GMT (Saturday) and going until about 7AM GMT Sunday. 

There will be a radio thread (music/social gathering point) and a social game thread (possibly Veloren, but another board is welcome to volunteer to host this over any game so long as it's easily accessible to anons). However, the beef of the thread will be focusing around treating the /christmas/ board much like a Japanese "school culture festival" with individual boards and/or websites contributing "cultural exchange" threads similar to how classes would host mini-society businesses/events for the festival. These threads will serve as both a means to advertise your board and to give anons alternative activities throughout the evening. Examples (non-exhaustive): Hosting a jigsaw thread, a drawfag or writefag contest, game server, video stream, a game of Jeopardy, a riddle thread, a quest thread, some kind of Christmas compilation or OC contribution, etc. It is requested that boards interested in participating with a thread declare their intent to NeneSeals@protonmail before or by December 4th to help ensure there is as little overlap as possible between boards, but this is not a hard and fast rule! 
 
All members of the webring have been invited to the event as well as a handful of non-webring imageboards, so there may end up being a large presence. We encourage everyone to have a great time and make some new friends that evening!
Last edited
"Adaptive" theme
Ever wanted the theme of jschan to switch between dark or light depending on your system theme? No? Didn't think so, but I added it anyway.

I set a new theme called "adaptive" to the site default. It's a hybrid theme that switches between "tomorrow2" and "clear" themes, for dark and light respectively.
Last edited
Inactive Accounts Reminder
Just a quick reminder about the upcoming inactive account deletion ~1 week from now. original newspost

From 1st November, the policy will be any account not logged into for 90 days may be deleted. Abandoned boards will be handled by global staff depending on activity, either given to somebody else or simply deleted.
Last edited
OVH network outage
Apologies for some services like IRC being down, OVH is experiencing a global network outage currently. Even their status page is unavailable.
Fatchan website should be unaffected, besides some slower name resolution times as 2 of our 4 nameservers are unavailable.

https://status.us.ovhcloud.com/
https://downdetector.fr/statut/ovh/
https://old.reddit.com/r/ovh/
https://twitter.com/ovh_status/status/1448185498812485633
https://nitter.fdn.fr/olesovhcom/status/1448196879020433409

Thanks.

Update: Service is restored.
Last edited
Letsencrypt
If you can't connect to irc using hexchat, its a certificate/openssl issue. Read more:
https://github.com/hexchat/hexchat/issues/2632
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Not a problem with the IRC server or certificate itself.

Update: looks like hexchat fixed this in an update
Last edited
Inactive Accounts
On the 1st of November 2021, any accounts that have not been active for 3 months or longer will be deleted.

That means on 01-11-2021 any account not seen active after 01-08-2021 will be permanently deleted. Boards owned by deleted accounts will be kept initially and up for claims, then deleted if there is no interest. If you have an account you care about, and especially if you are board staff and have not logged in recently, do so before the 1st of November.

Thanks.
Updated /t/ and board requests
>>>/t/ is no longer junk spam and not-actually-site-meta content.

Updated some threads, deleted some threads, made a few new threads, and kept (and bumplocked) some nice historical threads.

New board request thread here, and linked on the homepage.

Thanks.
Last edited
Software update
Long since last news post, so I figured to announce the site now runs jschan v0.1.6
- Customisable overboard
- An extra "new reply" button at the end of threads for convenience
- Proper video thumbnails in the file upload list
- Image previews now shown in notifications
- Reverse image search links for files (if enabled on board)
- Archive links in thread navbox (if enabled on board)
- Bugfixes
And more behind the scenes for staff and site admins.

Have fun.
/s/ available
2 boards got abandoned, if you wanna be new BO post in >>>/t/1 with your account name and which one you want.

Updates:
>>>/rkgk/ has been claimed
Last edited
Board settings fixed
Board settings was broken only for non-admins due to a bug. Oops.
Fixed now BOs can change board settings again.
Enjoy
The usual
Somebody is ddosing nameservers for fatchan domains all day.
No big deal, there are 4 servers and ddos mitigation is active. Shouldn't be any interruption.
Will enable stuff for the site if needed.
Just a heads up.

Thanks.
IRC Status
IRC service has been restored.

Fucked up my server, IRC down for a bit

Update, contacted the motherboard manufacturer for possible hardware issue. If I can't get the server running by 12:00UTC on the 6th, I will restore an IRC backup on a new machine, however there will be no bouncer (for those users with bouncer access).

Update2, IRC is up on backup machine

Update3, IRC and bouncer back on original server.
Last edited
Tor exit nodes
Experimenting with a new way to show tor exit nodes correctly as "Tor Exit Node" with the same flag as the hidden service. It wont mark them all especially new exits, but it will pick up most of them and updates on a schedule.

I was considering redirecting exit node users to the onion to stop them being retarded and not using the .onion, but I know it would piss off a lot of idiots so I chose not to for now.

Security problem
Thanks to responsible disclosure and help from a user in IRC to fix a security bug in jschan. After some investigating, an issue was found relating to session tokens and caching. Depending on caching and webserver setup, a user could get served a cached response of a specific page that includes the session token of another logged in user, and have full access to their account. For admin accounts this means seeing whatever they can see i.e. ips, logs, unlisted boards, account and permission list, etc. Not good!
The nature of the exploit meant account password hashes were not leaked and its not necessary to reset them. I rotated all server side secrets and cleared the session store so any unauthorised token is now invalidated. Tor onion and lokinet was  not affected.
(NOTE: This is patched in jschan code and all webring jschan sites already) 

The bug has existed for some time, since the code causing it was not updated recently. I audited fatchan webserver logs and the individual who discovered and reported the bug did not visit any sensitive pages. Logs do not indicate it was exploited otherwise, but they are only retained for a short time, so its not possible to see if it happened further in the past. 

As a reminder, the contact section of the FAQ and security.txt contain information to report issues. Not every issue gets a newspost here, just ones that I think are more important. You can see the now closed incident on gitgud here: https://gitgud.io/fatchan/jschan/-/issues/350

Thanks for your attention,
fatchan administration
FSF, GNU, RMS
Free software is important. Please read and consider signing the RMS support letter. https://rms-support-letter.github.io/
fatchan.loki
Thanks to a kind favour fatchan Lokinet SNApp can now be accessed using the vanity address fatchan.loki. Easier to remember and with the same benefits. Get lokinet and read more at lokinet.org 
Boards and domains
1. I notice a few accounts created or active lately, if you want a board that isn't already on the webring, follows the global rules and you can moderate it, just ASK and give board name+username on >>>/t/1. Staff will create and transfer it to you.

2. Clearnet domains besides fatchan.org now show nothing but links to the current clearnet domain, .onion and .loki. So all the clearnet domains cant be reported at once by some offended retard and I can switch them out. Also I am working on a vanity .loki address so if you don't already have lokinet you may as well install it.
Lokinet address
Hi all, as promised in the previous newspost there is now a .loki address so you can access Fatchan through lokinet.

http://e8zhrn4ideccyy6wfs8gyytdgz8xmcn11f1y5o557z3g8a18gf4y.loki/index.html

Lokinet uses onion routing, similar to tor but has some technical differences. You can learn more including how to access lokinet "SNApps" on their website here: https://docs.loki.network/Lokinet/Guides/AccessingSNApps/
I fully expect the tor network to solve its current problems, so the onion address will stay. Loki and tor can serve as fallback to one another. For now both will show the "tor onion" geo flag and country name. There are some code changes in the pipeline to switch to a more general term like "anonymizer" or use a separate name/flag for each. Let this newspost also serve as a reminder to bookmark or save all fatchan addresses, including tor onion and the new lokinet address, and please visit the canary page and take note of the public key that can be used to verify signed messages.
.onion downtime
Hi, due to some attacks against the tor network, fatchan and many other v3 onions are down. 

Read more:
https://news.ycombinator.com/item?id=25714424
https://darknetdaily.com/?p=1030
https://old.reddit.com/r/onions/comments/ktv32a/the_entire_tor_v3_consensus_is_unavailable/
https://old.reddit.com/r/TOR/comments/ktv8bw/the_entire_tor_v3_consensus_is_down/
https://consensus-health.torproject.org/

I will be making some changes to jschan code soon so the tor handling code is not just for tor, will be renamed "anonymizer" which is a better more agnostic term. Then I will create a lokinet (alternative onion network) address for fatchan. I will be keeping the .onion because obviously I expect tor to fix their shit,and it would be good to have both.
.is domain
For the past 24-48hrs the .is domain has been unavailable. It was placed on a temporary hold due to a violation of the .IS zone technical requirements. This issue has now been resolved, the domain is compliant again and should be operating normally. https://www.isnic.is/en/domain/test?domain=fatchan.is
Last edited
Happy New Year
Was fun working on jschan over the year and slowly seeing people use it. I'm enjoying some time off lately for Christmas and new year :^) will get back to it soon.

Hope yall had a good 2020 and a better 2021.

Sent from home, courtesy of the Australian government,
Tom
New Footer Links
Hi, there are some new links in the footer thanks to recent updates:

 "status" -> https://status.fatpeople.lol/d/stats/stats?kiosk
 "canary" -> /canary.html

Status has fancy graphs and monitors response time and status of the domains, .onion, and some other fatchan related stuff.
Canary, you know the drill. Requested by a user and I'll update it monthly.
Hello, again
It feels good to be back.
Last edited
newsrulesfaqapitransparency
jschan 0.1.9