4chan Blog

Sayonara E-mail field, and delayed thread pruning

Today we’re making two noteworthy changes:

  1. The E-mail field has been replaced with Options. This field had mainly been used for posting options such as sage and dice-rolling. If a user wishes to provide contact information, they can do so in the Comment field.
  2. We’re trialling delayed thread pruning on specific boards. While not a true archive, threads on /a/ and /v/ will continue to be accessible for a period of 48 hours after being pushed off of the board index. We may roll this out to additional worksafe (blue) boards in the future, as well as increase or reduce the retention period.

—moot

IPv6 support for 4chan

Today we’re pleased to announce support for IPv6 on all of 4chan’s domains, thanks to CloudFlare's new Pseudo IPv4 feature.

CloudFlare’s CEO, Matthew Prince, goes into more detail on their blog, but essentially they’ll accept traffic from our users over IPv6-enabled networks and route the request to our backend using plain ol’ IPv4. This removes the need for our application to be updated to natively support IPv6 (something we’re working on, but is a ways off).

Since IPv6’s address space is considerably larger than IPv4, the mapping of IPs won’t be one-to-one, however they believe it’s large enough to accommodate the transition period between now and applications having true IPv6 support.

If you’re using an IPv6-enabled network you may see a slight performance benefit should your ISP have better routes to CloudFlare’s datacenters that way.

Update: This change was reverted due to issues with our ban system, however our static content hosted at 4cdn.org is still accessible via IPv6 networks.

—moot

Announcing 4chan’s Vulnerability Disclosure Program

In response to last month’s intrusion, we’ve put numerous additional security measures in place in an effort to mitigate and prevent future intrusions.

We’re also pleased to announce the creation of 4chan’s Vulnerability Disclosure Program—commonly known as a “bug bounty”—powered by HackerOne.

We hope that by providing an officially sanctioned way for security researchers to submit security-related bugs, we’ll be in a better position to detect and respond to vulnerabilities that may impact the site and its users.

Security remains an ongoing priority and commitment of ours. Thanks again for bearing with us, and sorry to anyone we’ve let down.

—moot

Concerning a recent intrusion

Last week we were made aware of a software vulnerability that allowed an intruder access to administrative functions and information from one of our databases. The intruder later stated their motive was to expose the posting habits of a specific user they disliked.

After careful review, we believe the intrusion was limited to imageboard moderation panels, our reports queue, and some tables in our backend database. Due to the way the intruder extracted information from the database, we have detailed logs of what was accessed. The logs indicate that primarily moderator account names and credentials were targeted.

Three 4chan Pass users had their Pass credentials accessed, and were notified and offered refunds and lifetime Passes shortly after the discovery. As a reminder, all payment information is processed securely by Stripe—we never see nor store any of it, and thus no payment information was compromised.

We patched the vulnerability quickly after it came to our attention, and have spent—and will continue to spend—dozens of hours poring over our software and systems to help mitigate and prevent future intrusions.

We’re sorry it happened, and will do our best to ensure it doesn’t happen again.

—moot

Upcoming namespace changes

In the coming week, we’ll be making a few changes to how files are accessed. The changes are mostly cosmetic, and will be transparent to people using vanilla 4chan. We’ll also continue to support legacy URLs for a short time to give third-party developers the opportunity to migrate their apps, but suggest making the appropriate updates as soon as possible to be prepared for when the changes go live.

  1. Semantic thread URLs with slugs. “res/” will be renamed to “thread/”, and subject/comment snippets will be appended after the thread ID as a slug. For example, “http(s)://boards.4chan.org/g/res/41321419” would become “http(s)://boards.4chan.org/g/thread/41321419/daily-programming-thread”. This will be included in the JSON as the “semantic_url” attribute in the OP container.
  2. Less redundant file URLs. The “src/” and “thumb/” directories will be removed from images/thumbs.4chan.org and i/t.4cdn.org. Files will live at the board root on those subdomains.
  3. Pages renumbered. The board index will now start from “Page 1” instead of “Page 0”.

The 4chan API documentation will be updated shortly before the changes go live.

Update: To clarify, links that omit the slug and contain just the thread ID will continue to work as before, and slugs will only be in the URL bar and not post (»123) links. This change shouldn’t affect you unless you constantly copy and paste URLs, or stare at your URL bar all day.

—moot

Goodbye to some old friends

Yesterday we welcomed two old features back to the site—the 4chan Blog and Blotter—but today we’ll also say goodbye to a few.

Over the past 10 years, 4chan has accumulated many features and side-projects, but since the team has rarely consisted of more than myself, a single volunteer developer, and a handful of volunteer moderators, many have been neglected. Specifically the discussion boards (dis.4chan.org) and Fileshares board (rs.4chan.org).

Rather than continue to neglect these side-projects, we’ve decided to retire them so that we can focus our time and energy into maintaining and improving the core of the site—4chan’s image boards.

The discussion boards will continue to live on in a read-only state, while the Fileshares board will be shut down. Both will be frozen and de-linked soon.

For the VIPPERs and “expert programmers” among us this may be a sad day, however we hope to accommodate you with some future image board features. Stay tuned.

—moot

WebM support on 4chan

Today we added support for WebM files on 4chan’s image boards.

While WebM is technically a video file format, it offers many advantages over animated GIFs—namely superior image quality, support for more than 256 colors, and reduced file size. Its main disadvantage is browser compatibility, however 86% of 4chan’s visits come from browsers that include full or partial support for WebM, and plug-ins are available for those that don’t (like Internet Explorer and Safari).

We decided to disallow WebM files with sound for a few reasons, but mainly because it’s our intention to provide the site with better animated images, and not true video support. To that end, we only accept WebM files with one video stream and no audio streams, that are shorter than 120 seconds long, no larger than 2048x2048 pixels, and less than 3 MB in size.

We’re eager to see how 4chan’s users will adopt WebM, and have posted this short guide on encoding them to ease adoption. Many thanks to desuwa for both championing and implementing this feature.

—moot

Reintroducing the 4chan Blog and Blotter

Long-time users will remember the late 4chan DevBlog and Blotter, which were removed almost five years ago due to infrequent use. We had used them to share updates with the community that didn’t require lengthy news posts.

Today I’m pleased to reintroduce both. As someone who hates writing and prefers to publish news posts only when absolutely necessary, I welcome their return. We’ll continue to use the global message (big red text at the top of boards) to communicate important notices, but will use the blog and blotter to share a running tally of smaller updates.

You may not realize it, but we’re constantly working behind the scenes to improve the site—be it feature additions, code tweaks, or improving moderation. It’s our hope to give the community more visibility into those improvements via a changelog of sorts.

So give us a follow or subscribe via RSS, and keep an eye on the blotter.

—moot