## Catagolue vandalism

For general discussion about Conway's Game of Life.
calcyman
Posts: 2119
Joined: June 1st, 2009, 4:32 pm

### Catagolue vandalism

Unfortunately, during the latter half of this month there have been a few bouts of gratuitous vandalism on Catagolue. In particular, there seem to be two principal offenders (who I can be certain are distinct people):
• The first offender is a cracker who has been deliberately exploiting any loophole in the Catagolue source code. This includes creating censuses larger than b3s23/C1 and then creating backups (which, as I've mentioned before, causes user pages to break), and posting very large hauls consisting of distinct objects (which unnecessarily consumes disk space). When I created a temporary fix for the first (by deleting any censuses which surpass b3s23/C1), the offender immediately used this to delete the Snowflakes census. Fortunately, census deletion doesn't actually cause any actual data loss; the tabulations and objects all remain unaffected.
• The second offender is a moron who posted a combination of inane vernacular comments, RLEs containing rasterized racial slurs, and comments occupying huge swathes of vertical space.
I've had to resort to disabling anonymous uploading to unprotected censuses, and completely disable comments, until anyone has a better idea.
What do you do with ill crystallographers? Take them to the mono-clinic!

testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

### Re: Catagolue vandalism

*sees General Discussion red* Ooh, someone responded to my request for a soup timer in apgsearch 5.0!
*sees this*

I've had to resort to disabling anonymous uploading to unprotected censuses, and completely disable comments, until anyone has a better idea.
Logged in (via Google) people should still be able to comment.

Also, I've seen that Catagolue has the ability to decide for an arbitrary apgcode with period under 100 whether or not it's valid. We could (?) use this to auto-check every submitted apgcode, if that's feasible.

Of course, this doesn't prevent an attacker from spamming something like bs012345678.

If necessary, we can make Catagolue closed-source, and only release very old versions. (Not good idea though)

Freywa
Posts: 620
Joined: June 23rd, 2011, 3:20 am
Location: Singapore
Contact:

### Re: Catagolue vandalism

Get an external auditor to review the code for security loopholes. There is no alternative. You can ask on the Stack Exchanges for one.

And I have actually preferred to not have comments on object pages, bearing in mind how annoying Paul Wilson was.
Princess of Science, Parcly Taxel

Moosey
Posts: 2924
Joined: January 27th, 2019, 5:54 pm
Location: A house, or perhaps the OCA board. Or [click to not expand]
Contact:

### Re: Catagolue vandalism

calcyman wrote:...
Not to mention the previous vandalism of sakagolue, which I feel is either by the same person who fooled with snowflakes (a possibility if “Uploady II” lied) or the perpetrator knows the said person (if Uploady II told the truth).
I am a prolific creator of many rather pathetic googological functions

My CA rules can be found here

Also, the tree game
Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?"

dani
Posts: 975
Joined: October 27th, 2017, 3:43 pm
Location: New Jersey, USA
Contact:

### Re: Catagolue vandalism

There's still an uncommitted, seemly nonexistent haul for snowflakes, and the object count is desynched:
https://catagolue.appspot.com/census/b2 ... 5ar6i7e/C1

Pretty sad. I left a comment explaining the site a coupkle hours before you turned them off but he probably didn't see it.
moose#0915

Freywa
Posts: 620
Joined: June 23rd, 2011, 3:20 am
Location: Singapore
Contact:

### How to solve Catagolue vandalism

We should have a two-state process for censuses:

1. Censuses of new rules, those with fewer than some threshold, may only be contributed to (aka "seeded") by some trusted set of people – "anyone with a Google account" is itself too wide.
2. Once the object count passes that threshold, which should be much lower than the current 1 trillion (short scale) – I suggest 1 million – the census switches to the statistical validation used for "protected" censuses currently and anyone may submit. Peer review should be done by two separate people (this idea is taken from the Stack Exchange procedure for reviewing suggested edits, although on Stack Overflow three people are needed).

As for comments on object pages, I suggest simply leaving them turned off, as I said earlier – comments are not suitable for a non-social database like Cata. To fill the missing space, some other data on the object in question should be displayed. (e.g. bounding box, heat, volatility, perhaps even an Oscillizer-style map – we don't have a version of Oscillizer for non-totalistic rules!)

For further tips, you may ask on Server Fault. But please implement my procedure now.
Princess of Science, Parcly Taxel

testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

### Re: Catagolue vandalism

WHY IS EVERYONE IGNORING ME EVERYWHERE

Also we can ensure a procedure like "person needs to contribute 1G objects to b3s23/C1 before contributing to an unprotected census" or something like that. From the beginning, I didn't get the point of using Google Accounts to make payosha keys, why don't we use Life POW to authenticate that a payosha key isn't spam?

Sokwe
Moderator
Posts: 1598
Joined: July 9th, 2009, 2:44 pm

### Re: Catagolue vandalism

testitemqlstudop wrote:WHY IS EVERYONE IGNORING ME EVERYWHERE
You are not being ignored, but I understand why it can feel that way. Remember that this is a small community, and many comments and questions will go unanswered. I've had my own posts go unanswered many times, much to my frustration.
-Matthias Merzenich

calcyman
Posts: 2119
Joined: June 1st, 2009, 4:32 pm

### Re: Catagolue vandalism

testitemqlstudop wrote:Also we can ensure a procedure like "person needs to contribute 1G objects to b3s23/C1 before contributing to an unprotected census" or something like that. From the beginning, I didn't get the point of using Google Accounts to make payosha keys, why don't we use Life POW to authenticate that a payosha key isn't spam?
That's actually a very clever idea -- I like it!
What do you do with ill crystallographers? Take them to the mono-clinic!

Saka
Posts: 3138
Joined: June 19th, 2015, 8:50 pm
Location: In the kingdom of Sultan Hamengkubuwono X

### Re: Catagolue vandalism

What if a person isn't very interested in CGoL and just wants to search other rules?
Although I suppose it wouldn't be such a problem if the amount of objects you need to contribute is small. Perhaps the requirement could be "Submit 1 haul to b3s23/C1" (Although I dont know if that's secure enough.)
Airy Clave White It Nay

Code: Select all

x = 17, y = 10, rule = B3/S23
b2ob2obo5b2o$11b4obo$2bob3o2bo2b3o$bo3b2o4b2o$o2bo2bob2o3b4o$bob2obo5b o2b2o$2b2o4bobo2b3o$bo3b5ob2obobo$2bo5bob2o$4bob2o2bobobo!  (Check gen 2) Moosey Posts: 2924 Joined: January 27th, 2019, 5:54 pm Location: A house, or perhaps the OCA board. Or [click to not expand] Contact: ### Re: Catagolue vandalism calcyman wrote: testitemqlstudop wrote:Also we can ensure a procedure like "person needs to contribute 1G objects to b3s23/C1 before contributing to an unprotected census" or something like that. From the beginning, I didn't get the point of using Google Accounts to make payosha keys, why don't we use Life POW to authenticate that a payosha key isn't spam? That's actually a very clever idea -- I like it! The top or the bottom? I have no clue how many objects I’ve contributed to B3/S23 C1 but it sure isn’t a billion and I just spend time searching OCA, so I’d be fairly disappointed if I couldn’t search one of my rules. EDIT: oh, saka just said it I am a prolific creator of many rather pathetic googological functions My CA rules can be found here Also, the tree game Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?" testitemqlstudop Posts: 1282 Joined: July 21st, 2016, 11:45 am Location: in catagolue Contact: ### Re: Catagolue vandalism Oh my hecking Von Neumman... seriously? http://gol.hatsya.co.uk/census/b3s23/catagolue_bugs Moosey Posts: 2924 Joined: January 27th, 2019, 5:54 pm Location: A house, or perhaps the OCA board. Or [click to not expand] Contact: ### Re: Catagolue vandalism Crumbs, aforawesome, why'd you share the payosha key? I am a prolific creator of many rather pathetic googological functions My CA rules can be found here Also, the tree game Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?" A for awesome Posts: 1942 Joined: September 13th, 2014, 5:36 pm Location: 0x-1 Contact: ### Re: Catagolue vandalism I'm sorry that happened — but none of us foresaw spam attacks like these happening, so I really didn't expect it to cause problems. I doubt they'll be using this particular key in the future though, because I changed it to show the displayed name as "Spam user" instead of what it was before. x₁=ηx V ⃰_η=c²√(Λη) K=(Λu²)/2 Pₐ=1−1/(∫^∞_t₀(p(t)ˡ⁽ᵗ⁾)dt) $$x_1=\eta x$$ $$V^*_\eta=c^2\sqrt{\Lambda\eta}$$ $$K=\frac{\Lambda u^2}2$$ $$P_a=1-\frac1{\int^\infty_{t_0}p(t)^{l(t)}dt}$$ http://conwaylife.com/wiki/A_for_all Aidan F. Pierce Moosey Posts: 2924 Joined: January 27th, 2019, 5:54 pm Location: A house, or perhaps the OCA board. Or [click to not expand] Contact: ### Re: Catagolue vandalism A for awesome wrote:I'm sorry that happened — but none of us foresaw spam attacks like these happening, so I really didn't expect it to cause problems. I doubt they'll be using this particular key in the future though, because I changed it to show the displayed name as "Spam user" instead of what it was before. Good one. You’re right- I was joking anyways about that. EDIT: look at what they're doing now! https://catagolue.appspot.com/haul/b3s2 ... ommitted=2 This is what they call their script A script made by DefinitelyAlphanumeric (the new name of our team, please do not confuse with anything that you could find on google. Also, please do not confuse our nicknames for anything that you could reasonably find on google. Also, please note that Uploady alone tried to update Sakagolue, while both Uploady and Uploady II worked together to get to the point where they could rather easily upload the troll-est haul ever to Snowflakes C1.) EDIT: crumbs. I am a prolific creator of many rather pathetic googological functions My CA rules can be found here Also, the tree game Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?" Hdjensofjfnen Posts: 1452 Joined: March 15th, 2016, 6:41 pm Location: r cis θ ### Re: Catagolue vandalism Here's all the things DefinitelyAlphanumeric has spilled so far: Here's the story: [Are Available Here] (me) is the one who made the lifelib HBK gun script. Otherwise, I was a fairly minor contributor in Uploady's team. I was mostly just yelling at [Versus Total Contribution], who was the one that thought it was funny to act like a 'moron' on Catagolue, and instead got comments turned off, then turned to on-but-read-only-except-for-the-admins. I was also begging Uploady and Uploady II to stop acting like 'crackers'. Apart from that, my only major contribution was finding this random payosha key, so we could start uploading again, only this time, not acting like 'morons' and 'crackers'. Instead of using bugs destructively, we will just point them out via ylInfo apgcodes. Also, I've finally convinced the pseudo-moron to stop posting moron-ish comments. A script made by DefinitelyAlphanumeric (the new name of our team, please do not confuse with anything that you could find on google. Also, please do not confuse our nicknames for anything that you could reasonably find on google. ...Also, please note that Uploady alone tried to update Sakagolue, while both Uploady and Uploady II worked together to get to the point where they could rather easily upload the troll-est haul ever to Snowflakes C1.) ... Also, I have noticed that Adam P. Goucher has been working a lot on a secret project lately. ... Also, you know what I would really love to have in Lifelib? Torus support in the Python version! "A man said to the universe: 'Sir, I exist!' 'However,' replied the universe, 'The fact has not created in me A sense of obligation.'" -Stephen Crane Code: Select all x = 7, y = 5, rule = B3/S2-i3-y4i 4b3o$6bo$o3b3o$2o$bo!  Moosey Posts: 2924 Joined: January 27th, 2019, 5:54 pm Location: A house, or perhaps the OCA board. Or [click to not expand] Contact: ### Re: Catagolue vandalism @"Uploady the kind", (as I will refer to I was also begging Uploady and Uploady II to stop acting like 'crackers'. Apart from that, my only major contribution was finding this random payosha key, so we could start uploading again, only this time, not acting like 'morons' and 'crackers'. Instead of using bugs destructively, we will just point them out via ylInfo apgcodes. Also, I've finally convinced the pseudo-moron to stop posting moron-ish comments. you), how can we trust you? We should all take what UtK and the other members of DefinitelyAlphanumeric say with a grain of salt. Perhaps they are indeed going to change for the better, but they seem to be screaming for apg to revert what he did; I think we better wait for them to find some actual bugs before we can trust them. one of them wrote:ylInfo_Even_though_I_can_break_things_I_wont_because_Im_not_evil_anymore We shall find out in due time. I mean, if they’re actually serious about cutting out their jerkiness, that would be great. Considering that they literally created a place to report Catagolue bugs, they could be helpful. Otherwise, they could still be damaging, though they do have the capacity to be damaging right now, and they’re not using it— maybe we SHOULD trust them, albeit cautiously. EDIT: A for awesome, maybe we should change the name that key uses to "DefinitelyAlphanumeric", since those are the people who use it. I am a prolific creator of many rather pathetic googological functions My CA rules can be found here Also, the tree game Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?" Saka Posts: 3138 Joined: June 19th, 2015, 8:50 pm Location: In the kingdom of Sultan Hamengkubuwono X ### Re: Catagolue vandalism Reported by a fellow catagolue user on discord Airy Clave White It Nay Code: Select all x = 17, y = 10, rule = B3/S23 b2ob2obo5b2o$11b4obo$2bob3o2bo2b3o$bo3b2o4b2o$o2bo2bob2o3b4o$bob2obo5b
o2b2o$2b2o4bobo2b3o$bo3b5ob2obobo$2bo5bob2o$4bob2o2bobobo!

(Check gen 2)

Bullet51
Posts: 544
Joined: July 21st, 2014, 4:35 am

### Re: Catagolue vandalism

My view on comments:
1. Comments have some usage, e.g. making historical remarks, remarking about names(This is the pattern called xxx), and suggesting further research directions(The still life looks like a precursor of something).
2. I suggest the review-before-made-public way of dealing with comments. Such a way has the advantage of eliminating spam while preserving useful comments. Its main disadvantage is it requires people to do review.
Still drifting.

testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

### Re: Catagolue vandalism

Another possible attack: to run a verification machine that creates random objects and hence disrupts the verified censusae, marking everything as red.

Hdjensofjfnen
Posts: 1452
Joined: March 15th, 2016, 6:41 pm
Location: r cis θ

### Re: Catagolue vandalism

testitemqlstudop wrote:Another possible attack: to run a verification machine that creates random objects and hence disrupts the verified censusae, marking everything as red.
Another variation of this would to be to give the chi-square result as "null".
"A man said to the universe:
'Sir, I exist!'
'However,' replied the universe,
'The fact has not created in me
A sense of obligation.'" -Stephen Crane

Code: Select all

x = 7, y = 5, rule = B3/S2-i3-y4i
4b3o$6bo$o3b3o$2o$bo!


testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

### Re: Catagolue vandalism

The chi-square result is done by Catagolue, though, not the verifiers.

CoolCreeper39
Posts: 58
Joined: June 19th, 2019, 12:18 pm

### Re: Catagolue vandalism

Does anyone have screenshots of the vandalism?

testitemqlstudop
Posts: 1282
Joined: July 21st, 2016, 11:45 am
Location: in catagolue
Contact:

### Re: Catagolue vandalism

No, why do you want them

Moosey
Posts: 2924
Joined: January 27th, 2019, 5:54 pm
Location: A house, or perhaps the OCA board. Or [click to not expand]
Contact:

### Re: Catagolue vandalism

CoolCreeper39 wrote:Does anyone have screenshots of the vandalism?
Vandalism looks something like this
This is the vandalism of Uploady.
Uploady I.png (84.2 KiB) Viewed 3640 times
(this isn't what calcyman was referring to but is related since uploady is in definitelyalphanumeric just like uploady II and the like)
I am a prolific creator of many rather pathetic googological functions

My CA rules can be found here

Also, the tree game
Bill Watterson once wrote: "How do soldiers killing each other solve the world's problems?"