Catagolue vandalism

For general discussion about Conway's Game of Life.
User avatar
calcyman
Posts: 2119
Joined: June 1st, 2009, 4:32 pm

Catagolue vandalism

Post by calcyman » June 24th, 2019, 7:12 am

Unfortunately, during the latter half of this month there have been a few bouts of gratuitous vandalism on Catagolue. In particular, there seem to be two principal offenders (who I can be certain are distinct people):
  • The first offender is a cracker who has been deliberately exploiting any loophole in the Catagolue source code. This includes creating censuses larger than b3s23/C1 and then creating backups (which, as I've mentioned before, causes user pages to break), and posting very large hauls consisting of distinct objects (which unnecessarily consumes disk space). When I created a temporary fix for the first (by deleting any censuses which surpass b3s23/C1), the offender immediately used this to delete the Snowflakes census. Fortunately, census deletion doesn't actually cause any actual data loss; the tabulations and objects all remain unaffected.
  • The second offender is a moron who posted a combination of inane vernacular comments, RLEs containing rasterized racial slurs, and comments occupying huge swathes of vertical space.
I've had to resort to disabling anonymous uploading to unprotected censuses, and completely disable comments, until anyone has a better idea.
What do you do with ill crystallographers? Take them to the mono-clinic!

User avatar
testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

Re: Catagolue vandalism

Post by testitemqlstudop » June 24th, 2019, 7:17 am

*sees General Discussion red* Ooh, someone responded to my request for a soup timer in apgsearch 5.0!
*sees this*

I've had to resort to disabling anonymous uploading to unprotected censuses, and completely disable comments, until anyone has a better idea.
Logged in (via Google) people should still be able to comment.

Also, I've seen that Catagolue has the ability to decide for an arbitrary apgcode with period under 100 whether or not it's valid. We could (?) use this to auto-check every submitted apgcode, if that's feasible.

Of course, this doesn't prevent an attacker from spamming something like bs012345678.


If necessary, we can make Catagolue closed-source, and only release very old versions. (Not good idea though)

User avatar
Freywa
Posts: 620
Joined: June 23rd, 2011, 3:20 am
Location: Singapore
Contact:

Re: Catagolue vandalism

Post by Freywa » June 24th, 2019, 7:37 am

Get an external auditor to review the code for security loopholes. There is no alternative. You can ask on the Stack Exchanges for one.

And I have actually preferred to not have comments on object pages, bearing in mind how annoying Paul Wilson was.
Princess of Science, Parcly Taxel

User avatar
Moosey
Posts: 2924
Joined: January 27th, 2019, 5:54 pm
Location: A house, or perhaps the OCA board. Or [click to not expand]
Contact:

Re: Catagolue vandalism

Post by Moosey » June 24th, 2019, 7:54 am

calcyman wrote:...
Not to mention the previous vandalism of sakagolue, which I feel is either by the same person who fooled with snowflakes (a possibility if “Uploady II” lied) or the perpetrator knows the said person (if Uploady II told the truth).
I am a prolific creator of many rather pathetic googological functions

My CA rules can be found here

Also, the tree game
Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?"

User avatar
dani
Posts: 975
Joined: October 27th, 2017, 3:43 pm
Location: New Jersey, USA
Contact:

Re: Catagolue vandalism

Post by dani » June 24th, 2019, 10:07 pm

There's still an uncommitted, seemly nonexistent haul for snowflakes, and the object count is desynched:
https://catagolue.appspot.com/census/b2 ... 5ar6i7e/C1

Pretty sad. I left a comment explaining the site a coupkle hours before you turned them off but he probably didn't see it.
moose#0915

User avatar
Freywa
Posts: 620
Joined: June 23rd, 2011, 3:20 am
Location: Singapore
Contact:

How to solve Catagolue vandalism

Post by Freywa » June 24th, 2019, 11:35 pm

We should have a two-state process for censuses:

1. Censuses of new rules, those with fewer than some threshold, may only be contributed to (aka "seeded") by some trusted set of people – "anyone with a Google account" is itself too wide.
2. Once the object count passes that threshold, which should be much lower than the current 1 trillion (short scale) – I suggest 1 million – the census switches to the statistical validation used for "protected" censuses currently and anyone may submit. Peer review should be done by two separate people (this idea is taken from the Stack Exchange procedure for reviewing suggested edits, although on Stack Overflow three people are needed).

As for comments on object pages, I suggest simply leaving them turned off, as I said earlier – comments are not suitable for a non-social database like Cata. To fill the missing space, some other data on the object in question should be displayed. (e.g. bounding box, heat, volatility, perhaps even an Oscillizer-style map – we don't have a version of Oscillizer for non-totalistic rules!)

For further tips, you may ask on Server Fault. But please implement my procedure now.
Princess of Science, Parcly Taxel

User avatar
testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

Re: Catagolue vandalism

Post by testitemqlstudop » June 24th, 2019, 11:45 pm

WHY IS EVERYONE IGNORING ME EVERYWHERE


Also we can ensure a procedure like "person needs to contribute 1G objects to b3s23/C1 before contributing to an unprotected census" or something like that. From the beginning, I didn't get the point of using Google Accounts to make payosha keys, why don't we use Life POW to authenticate that a payosha key isn't spam?

Sokwe
Moderator
Posts: 1598
Joined: July 9th, 2009, 2:44 pm

Re: Catagolue vandalism

Post by Sokwe » June 25th, 2019, 5:18 am

testitemqlstudop wrote:WHY IS EVERYONE IGNORING ME EVERYWHERE
You are not being ignored, but I understand why it can feel that way. Remember that this is a small community, and many comments and questions will go unanswered. I've had my own posts go unanswered many times, much to my frustration.
-Matthias Merzenich

User avatar
calcyman
Posts: 2119
Joined: June 1st, 2009, 4:32 pm

Re: Catagolue vandalism

Post by calcyman » June 25th, 2019, 8:16 am

testitemqlstudop wrote:Also we can ensure a procedure like "person needs to contribute 1G objects to b3s23/C1 before contributing to an unprotected census" or something like that. From the beginning, I didn't get the point of using Google Accounts to make payosha keys, why don't we use Life POW to authenticate that a payosha key isn't spam?
That's actually a very clever idea -- I like it!
What do you do with ill crystallographers? Take them to the mono-clinic!

Saka
Posts: 3138
Joined: June 19th, 2015, 8:50 pm
Location: In the kingdom of Sultan Hamengkubuwono X

Re: Catagolue vandalism

Post by Saka » June 25th, 2019, 8:26 am

What if a person isn't very interested in CGoL and just wants to search other rules?
Although I suppose it wouldn't be such a problem if the amount of objects you need to contribute is small. Perhaps the requirement could be "Submit 1 haul to b3s23/C1" (Although I dont know if that's secure enough.)
Airy Clave White It Nay

Code: Select all

x = 17, y = 10, rule = B3/S23
b2ob2obo5b2o$11b4obo$2bob3o2bo2b3o$bo3b2o4b2o$o2bo2bob2o3b4o$bob2obo5b
o2b2o$2b2o4bobo2b3o$bo3b5ob2obobo$2bo5bob2o$4bob2o2bobobo!
(Check gen 2)

User avatar
Moosey
Posts: 2924
Joined: January 27th, 2019, 5:54 pm
Location: A house, or perhaps the OCA board. Or [click to not expand]
Contact:

Re: Catagolue vandalism

Post by Moosey » June 25th, 2019, 8:27 am

calcyman wrote:
testitemqlstudop wrote:Also we can ensure a procedure like "person needs to contribute 1G objects to b3s23/C1 before contributing to an unprotected census" or something like that. From the beginning, I didn't get the point of using Google Accounts to make payosha keys, why don't we use Life POW to authenticate that a payosha key isn't spam?
That's actually a very clever idea -- I like it!
The top or the bottom? I have no clue how many objects I’ve contributed to B3/S23 C1 but it sure isn’t a billion and I just spend time searching OCA, so I’d be fairly disappointed if I couldn’t search one of my rules.
EDIT: oh, saka just said it
I am a prolific creator of many rather pathetic googological functions

My CA rules can be found here

Also, the tree game
Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?"

User avatar
testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

Re: Catagolue vandalism

Post by testitemqlstudop » June 26th, 2019, 8:54 am

Oh my hecking Von Neumman... seriously?

http://gol.hatsya.co.uk/census/b3s23/catagolue_bugs

User avatar
Moosey
Posts: 2924
Joined: January 27th, 2019, 5:54 pm
Location: A house, or perhaps the OCA board. Or [click to not expand]
Contact:

Re: Catagolue vandalism

Post by Moosey » June 26th, 2019, 2:09 pm

Crumbs, aforawesome, why'd you share the payosha key?
I am a prolific creator of many rather pathetic googological functions

My CA rules can be found here

Also, the tree game
Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?"

User avatar
A for awesome
Posts: 1942
Joined: September 13th, 2014, 5:36 pm
Location: 0x-1
Contact:

Re: Catagolue vandalism

Post by A for awesome » June 26th, 2019, 3:20 pm

I'm sorry that happened — but none of us foresaw spam attacks like these happening, so I really didn't expect it to cause problems. I doubt they'll be using this particular key in the future though, because I changed it to show the displayed name as "Spam user" instead of what it was before.
x₁=ηx
V ⃰_η=c²√(Λη)
K=(Λu²)/2
Pₐ=1−1/(∫^∞_t₀(p(t)ˡ⁽ᵗ⁾)dt)

$$x_1=\eta x$$
$$V^*_\eta=c^2\sqrt{\Lambda\eta}$$
$$K=\frac{\Lambda u^2}2$$
$$P_a=1-\frac1{\int^\infty_{t_0}p(t)^{l(t)}dt}$$

http://conwaylife.com/wiki/A_for_all

Aidan F. Pierce

User avatar
Moosey
Posts: 2924
Joined: January 27th, 2019, 5:54 pm
Location: A house, or perhaps the OCA board. Or [click to not expand]
Contact:

Re: Catagolue vandalism

Post by Moosey » June 26th, 2019, 3:38 pm

A for awesome wrote:I'm sorry that happened — but none of us foresaw spam attacks like these happening, so I really didn't expect it to cause problems. I doubt they'll be using this particular key in the future though, because I changed it to show the displayed name as "Spam user" instead of what it was before.
Good one. You’re right- I was joking anyways about that.

EDIT:
look at what they're doing now!
https://catagolue.appspot.com/haul/b3s2 ... ommitted=2

This is what they call their script
A script made by DefinitelyAlphanumeric (the new name of our team, please do not confuse with anything that you could find on google. Also, please do not confuse our nicknames for anything that you could reasonably find on google. Also, please note that Uploady alone tried to update Sakagolue, while both Uploady and Uploady II worked together to get to the point where they could rather easily upload the troll-est haul ever to Snowflakes C1.)

EDIT:
crumbs.
I am a prolific creator of many rather pathetic googological functions

My CA rules can be found here

Also, the tree game
Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?"

User avatar
Hdjensofjfnen
Posts: 1452
Joined: March 15th, 2016, 6:41 pm
Location: r cis θ

Re: Catagolue vandalism

Post by Hdjensofjfnen » June 30th, 2019, 7:00 pm

Here's all the things DefinitelyAlphanumeric has spilled so far:
Here's the story: [Are Available Here] (me) is the one who made the lifelib HBK gun script. Otherwise, I was a fairly minor contributor in Uploady's team. I was mostly just yelling at [Versus Total Contribution], who was the one that thought it was funny to act like a 'moron' on Catagolue, and instead got comments turned off, then turned to on-but-read-only-except-for-the-admins. I was also begging Uploady and Uploady II to stop acting like 'crackers'. Apart from that, my only major contribution was finding this random payosha key, so we could start uploading again, only this time, not acting like 'morons' and 'crackers'. Instead of using bugs destructively, we will just point them out via ylInfo apgcodes. Also, I've finally convinced the pseudo-moron to stop posting moron-ish comments.
A script made by DefinitelyAlphanumeric (the new name of our team, please do not confuse with anything that you could find on google. Also, please do not confuse our nicknames for anything that you could reasonably find on google.
...Also, please note that Uploady alone tried to update Sakagolue, while both Uploady and Uploady II worked together to get to the point where they could rather easily upload the troll-est haul ever to Snowflakes C1.)
... Also, I have noticed that Adam P. Goucher has been working a lot on a secret project lately.
... Also, you know what I would really love to have in Lifelib? Torus support in the Python version!
"A man said to the universe:
'Sir, I exist!'
'However,' replied the universe,
'The fact has not created in me
A sense of obligation.'" -Stephen Crane

Code: Select all

x = 7, y = 5, rule = B3/S2-i3-y4i
4b3o$6bo$o3b3o$2o$bo!

User avatar
Moosey
Posts: 2924
Joined: January 27th, 2019, 5:54 pm
Location: A house, or perhaps the OCA board. Or [click to not expand]
Contact:

Re: Catagolue vandalism

Post by Moosey » June 30th, 2019, 7:47 pm

@"Uploady the kind", (as I will refer to
I was also begging Uploady and Uploady II to stop acting like 'crackers'. Apart from that, my only major contribution was finding this random payosha key, so we could start uploading again, only this time, not acting like 'morons' and 'crackers'. Instead of using bugs destructively, we will just point them out via ylInfo apgcodes. Also, I've finally convinced the pseudo-moron to stop posting moron-ish comments.
you), how can we trust you?


We should all take what UtK and the other members of DefinitelyAlphanumeric say with a grain of salt. Perhaps they are indeed going to change for the better, but they seem to be screaming for apg to revert what he did; I think we better wait for them to find some actual bugs before we can trust them.
one of them wrote:ylInfo_Even_though_I_can_break_things_I_wont_because_Im_not_evil_anymore
We shall find out in due time.


I mean, if they’re actually serious about cutting out their jerkiness, that would be great. Considering that they literally created a place to report Catagolue bugs, they could be helpful.
Otherwise, they could still be damaging, though they do have the capacity to be damaging right now, and they’re not using it— maybe we SHOULD trust them, albeit cautiously.


EDIT:
A for awesome, maybe we should change the name that key uses to "DefinitelyAlphanumeric", since those are the people who use it.
I am a prolific creator of many rather pathetic googological functions

My CA rules can be found here

Also, the tree game
Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?"

Saka
Posts: 3138
Joined: June 19th, 2015, 8:50 pm
Location: In the kingdom of Sultan Hamengkubuwono X

Re: Catagolue vandalism

Post by Saka » July 1st, 2019, 10:26 am

Reported by a fellow catagolue user on discord
Image
Airy Clave White It Nay

Code: Select all

x = 17, y = 10, rule = B3/S23
b2ob2obo5b2o$11b4obo$2bob3o2bo2b3o$bo3b2o4b2o$o2bo2bob2o3b4o$bob2obo5b
o2b2o$2b2o4bobo2b3o$bo3b5ob2obobo$2bo5bob2o$4bob2o2bobobo!
(Check gen 2)

Bullet51
Posts: 544
Joined: July 21st, 2014, 4:35 am

Re: Catagolue vandalism

Post by Bullet51 » July 1st, 2019, 11:35 am

My view on comments:
1. Comments have some usage, e.g. making historical remarks, remarking about names(This is the pattern called xxx), and suggesting further research directions(The still life looks like a precursor of something).
2. I suggest the review-before-made-public way of dealing with comments. Such a way has the advantage of eliminating spam while preserving useful comments. Its main disadvantage is it requires people to do review.
Still drifting.

User avatar
testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

Re: Catagolue vandalism

Post by testitemqlstudop » July 6th, 2019, 4:40 am

Another possible attack: to run a verification machine that creates random objects and hence disrupts the verified censusae, marking everything as red.

User avatar
Hdjensofjfnen
Posts: 1452
Joined: March 15th, 2016, 6:41 pm
Location: r cis θ

Re: Catagolue vandalism

Post by Hdjensofjfnen » July 8th, 2019, 1:58 am

testitemqlstudop wrote:Another possible attack: to run a verification machine that creates random objects and hence disrupts the verified censusae, marking everything as red.
Another variation of this would to be to give the chi-square result as "null".
"A man said to the universe:
'Sir, I exist!'
'However,' replied the universe,
'The fact has not created in me
A sense of obligation.'" -Stephen Crane

Code: Select all

x = 7, y = 5, rule = B3/S2-i3-y4i
4b3o$6bo$o3b3o$2o$bo!

User avatar
testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

Re: Catagolue vandalism

Post by testitemqlstudop » July 8th, 2019, 2:49 am

The chi-square result is done by Catagolue, though, not the verifiers.

CoolCreeper39
Posts: 58
Joined: June 19th, 2019, 12:18 pm

Re: Catagolue vandalism

Post by CoolCreeper39 » August 6th, 2019, 12:57 am

Does anyone have screenshots of the vandalism?

User avatar
testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

Re: Catagolue vandalism

Post by testitemqlstudop » August 6th, 2019, 8:50 am

No, why do you want them :?

User avatar
Moosey
Posts: 2924
Joined: January 27th, 2019, 5:54 pm
Location: A house, or perhaps the OCA board. Or [click to not expand]
Contact:

Re: Catagolue vandalism

Post by Moosey » August 6th, 2019, 4:01 pm

CoolCreeper39 wrote:Does anyone have screenshots of the vandalism?
Vandalism looks something like this
This is the vandalism of Uploady.
This is the vandalism of Uploady.
Uploady I.png (84.2 KiB) Viewed 3640 times
(this isn't what calcyman was referring to but is related since uploady is in definitelyalphanumeric just like uploady II and the like)
I am a prolific creator of many rather pathetic googological functions

My CA rules can be found here

Also, the tree game
Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?"

Post Reply