This is a message board where you can write things for others to read.
Features You May Recognize
- Write messages anonymously and under a profile
- Read messages others have already posted
- Vote on posted messages to improve quality
These Features May Be Confusing At First
- Your profile key lives on your device, not on this website or server.
- This means that you own your profile, not this website or server.
- This entire forum can be exported, migrated, cloned, and forked, without restriction.
- Your profile stays on your device, and you can use it between any other forums.
- Using the same profile on multiple devices and/or backing it up requires copying and pasting of a large blob of text.
Known Issues aka Features
- Actions sometimes do not take effect immediately.
- Confusing interface.
- Post public key first, or signed messages not recognized.
Terminology and Notation
An item is one "something" that has been added to the message board. Items are the most basic elements, on which everything else is built.
Everything that happens on the message board is an item. For example, a text that someone has posted is an item, and so is a user profile, a vote, a reply, etc.
Items are stored as plain text files (.txt), one of the most common and supported file formats, so that they can be easily inspected.
Items are identified with a 40-digit "hash", which looks like this:
6b50a8112fde3a6276cb0c5b9cd8c949bc1625d0. Sometimes you may see it shortened, like this:
(more to come)
Most timestamps are currently in epoch time. This is the number of seconds since the
beginning of the Unix Epoch, and is (for the foreseeable future) a 10-digit number, beginning with 15. Example:
An attempt is made to support every browser. If there is a problem, please report it.
The basic features of the website, including reading, posting, replying, and voting, has been tested in the following browsers:
- Netscape Navigator Gold 3.04*
- Netscape Communicator 4.8*
- Lynx 2.8.9rel.1
- Links 2.17
- qutebrowser 1.6.0
- SeaMonkey 2.49.4
- Firefox 52.7.2
- Waterfox 56.2.9
- ASCII (.txt)
How to use GPG
Summary for Experts
Creating a profile: Generate a PGP key, post public key.
Posting stuff as your profile: sign with GPG, paste into textbox.
Tokens: Replying, voting, etc. is done with text-based tokens.
Remember to include tokens in your signed message, or they will not be parsed.
Example token: >>0123456789abcdef
On a line by itself, this will reference message with that ID (git's "SHA-1")
Another example: addvote/0123456789abcdef/legit/1550000000/2753939054945
This will add a vote of "legit" to the same item, with a timestamp of 15500... The last bit is the anti-CSRF checksum, which is currently ignored if the message is signed, but verified by the server (and signed) at the time of reading from access.log
More descriptive version
You will need to generate a key and then sign your messages. Piece of cake.
Read This First
Read the GnuPG home page to familiarize yourself.
Apple iOS, iPhone, iPad
Creating Your Profile, AKA Key Pair
You can post your messages anonymously. Anonymous posting is very easy. Why even bother creating a profile?
- All your posts will appear on your author page.
- You can sign your posts with your name.
- You can edit or delete your posts later.
- You will get a colorful avatar that will appear with all your posts.
You will need to create a key pair. Look for this option in your software and use it. (More detailed guides to come.)
GPG is traditionally used for email, but you do not have to provide your address for this forum. In fact, we recommend that you either leave the field blank or add gibberish to it. Otherwise, your email address will be accessible by anyone, including spambots.
The key pair is stored on your device. If it is important to you, keep it safe, and back it up.
Writing As Yourself
To write something under your new profile, you will need to sign your text.
First, write the text that you want to post. Once you have finished writing it, save it to a .txt file.
Look for the command to "Sign" (not encrypt) your text in your GPG software.
Some software has no such option. In this case, you should use the "Encrypt" command, but ensure that the "To:" field is blank.
You should end up with a big block of text that begins with "-----BEGIN PGP SIGNED MESSAGE-----"
Copy this entire block of text, including the ----- part, and submit it via the Write page.
Uploading Your Public Key
Look for the option to export your public key in your software.
You should end up with a block of text that starts with "-----BEGIN PGP PUBLIC KEY BLOCK-----".
Copy the whole thing, including the ----- part, and submit it via the Write page.
You have now aliased your name to your key fingerprint.
Commands are in the form of simple tokens, length-constricted, ASCII only.
Adding a Vote
Voting is the process of applying a tag to an item.
item + tag = vote
A voting token has the following parameters
The checksum is generated on the server, using the following formula:
MD5( concat(file hash, ballot creation time, secret) )
The secret string is stored in config/secret, and a random one is automatically generated if the config is empty.
Profile Menu Link
The "Profile" item in the top menu is italicized when you are signed in through the Web UI.
This is done as a subtle signed in status indicator without disclosing the user's information to shoulder surfers.
Signing With Command-Line GPG
Check GPG Version
If you don't have GnuPG installed, go here: https://www.opengpg.org/
Generate Key Pair
Export Public Key
gpg --armor --export
Sign Message in Text File
gpg --clearsign example.txt
Sign Message After Typing It
Start typing your message. When you're finished, press Enter, then ^D (Ctrl+D).
There is planned support in the near future for roles, multiple admins, etc. in the near future.
That said, this software currently supports two roles: Admin, and Server. Both are optional.
The Admin key is set by putting the admin's public key, ASCII-armored, into
This user currently holds the following special powers:
addvouch token can only be used by the admin.
remove tag, when applied by the admin user, will cause an item to be removed at the nearest opportunity.
The Server key is set by first generating or importing the whole key into the server's keychain.
The Server key is used for signing (and in the process also timestamping) various events that happen on the server.
This ensures that the items were not posted by a random.
The following actions are currently server-signed:
Admin user changes. Server-signed notice is posted.
Version changed. Server-signed "changelog" is posted, which includes the comment from the current version's commit, as well as all the previous commits that came before it, up to the most recent commit included in a changelog.
Client fingerprint and timestamp for items that are posted where the user requests this.
You can easily clone this message board.
There are no "secrets" stored here (e.g. passwords, private keys, password hashes), except the anti-CSRF salt.
Any signing accounts are controlled by the users' private keys.
An hourly zip of the entire site can be downloaded here: /hike.zip, including the git repo.
The scripts are on GitHub here: github.com/gulkily/hike.