Deebster

The notorious imageboard 4chan is down following what appears to be a major hack of its backend. The hackers claim to have exposed code for the site, the emails of moderators, and a list of mod communications. This happened, it seems, as part of a five year long, inter-image board beef between users of 4chan and Soyjak, another image board that splintered off of 4chan.

It’s still unclear what the fallout of the hack will be, but the notorious image board remains down and a huge amount of data appears to have been leaked.

Users struggled to load 4chan on the evening of April 14, 2025, according to posts on other imageboards and forums. A few hours before that, the banned board /qa/ reappeared on the site and someone using the hiroyuki account, named after 4chan’s owner Hiroyuki Nishimura, posted “FUCKING LMAO” and “U GOT HACKED XD.

The hiroyuki account was flagged in bold red as an admin, suggesting the person posting the messages had control over a real admin account. /qa/ was a “questions and answer” imageboard on 4chan. Pitched as a place to discuss concerns that affected the whole of 4chan, /qa/ was in practice a board where various factions fought.

Soyjak is a popular meme you’ve probably seen before. It’s a balding man with glasses and shaggy beard, his mouth agape in docile joy. He is now the name of a rival imageboard.

At about the same time 4chan struggled to load, someone on the soyjak.st posted a thread that claimed to explain what happened. “Tonight has been a very special night for many of us at the soyjak party,” the thread said. “Today, April 14, 2025, a hacker who has been in 4cuck’s system for over a year, executed the true operation soyclipse, reopening /qa/, exposing personal information of various 4cuck staff, and leaking code from the site.”

The thread shared images of the resurrected and defaced /qa/ board as well as what appear to be screenshots from 4chan’s internal moderation tools. The screenshots included discussion about why users had been banned from 4chan, pieces of its backend in phpMyAdmin (the infrastructure that runs 4chan and other forums and imageboards), and traffic stats for specific boards.

Elsewhere on the internet, someone leaked an alleged list of moderator email addresses and a portion of what they described as the “source code” for the site. 404 Media reached out to an email in the leaked list that appeared to be for Nishimura but did not hear back.

It appears that 4chan was susceptible to a hack because it was running very out of date code that contained various vulnerabilities, according to 404 Media’s look at the code and people sorting through the hack online.

So 4chan very likely got hacked because they were running on an extremely out of date version of PHP that has a lot of vulnerabilities and exploits and are using deprecated function to interact with there MySQL database.

Web security 101: Keep your code and software up to date. pic.twitter.com/JFDOsbr5rt

— Yushe (@_yushe) April 15, 2025

That starts to answer the question of how this happened. But why did it happen? This all has roots in a five year old meme fight.

Soyjak.party, the site where a user began posting about the 4chan hack, was an offshoot of 4chan created as a joke about five years ago. Besides being a general cesspool,

4chan has long been a place that incubates memes. lolcats, the NavySeal copypasta, and Pepe the Frog grew and spread on 4chan’s imageboards. From time to time a meme is overplayed or spammed and mods on the site get tired of it.

Five years ago, users spammed the /qa/ board with soyjaks. Unable to quash the tide of soyfaced jpegs, 4chan shut down the entire /qa/ board. The soyajk loving exiles of 4chan started a new site called soyjak.party where they could craft open mouthed soyboy memes to their heart’s content. When 4chan was hacked on the night of April 14, the /qa/ board briefly returned. “/QA/ RETURNS SOYJAK.PARTY WON” read a banner image at the top of the board.

As of this writing, 4chan is still down. When you attempt to access a specific board, the connection times out. “The initial connection between Cloudflare's network and the origin web server timed out. As a result, the web page can not be displayed,” the error page says.

When posting your guess summary, add two spaces
at the end
of the line
to make a linebreak (and not all on one line or

a new paragraph)

Bum Farto was a real person, with a life as ridiculous as his name.

Overview

Navidrome 0.55.0 introduces the highly anticipated Big Refactor (BFR), significantly enhancing core functionalities, and introducing robust new features. This release brings substantial improvements in handling file management and metadata usage and customization.

New Features

• Multiple Artists in Albums and Songs: Navidrome now supports albums and tracks with multiple artists, allowing users to group tracks with different artists under a single album. This feature enhances the organization of compilation albums and multi-artist collaborations.

• Contributors and Performers: Composer, conductor, and other contributors can now be added to tracks, providing detailed information about the creators and performers involved in the music production process.

• Album Versions: Support for ALBUMVERSION tag has been added, enabling users to differentiate between standard releases, deluxe editions, remasters, and other versions of the same album. This feature enhances album categorization and provides a more comprehensive music library experience.

• Multi-valued Tags: Support for multi-valued tags has been improved, allowing users to store multiple values for any single tag. This feature enhances metadata flexibility and enables more detailed categorization.

• Custom Tags: Support for user-defined custom tags has been added, allowing enhanced metadata flexibility and personalized categorization. Learn more.

• Smart Playlists Enhancements: Smart Playlists supports all newly added tags, including multiple artists, contributors, performers, and album versions, as well as custom tags. It also behaves better with multi-valued tags.
  Learn more.

• Persistent IDs: Tracks and albums now use persistent IDs (PIDs), ensuring stability in playlists, favorites, and external integrations, even if your files move or are renamed. PIDs can also be configured to change the way
  Navidrome disambiguates albums and tracks. It is now also possible to group albums by folder, bay setting PID.Album="folder". Learn more.

• Scanner Improvements: Optimized file scanning, with improved handling of file moves and retagging, "watcher" mode for real-time updates, resumable scans and enhanced performance during library updates.

• Improved Handling of Missing Files: Enhanced mechanisms for managing missing files ensure better accuracy and easier troubleshooting. Learn more.

• Beginner-Friendly Tagging Guidelines: A comprehensive tagging guide has been introduced to assist new users in properly tagging their music collections. Learn more.

New configuration options

• PID.Album
• PID.Track
• Scanner.Enabled
• Scanner.Schedule
• Scanner.WatcherWait
• Scanner.ScanOnStartup
• Subsonic.AppendSubtitle
• Subsonic.ArtistParticipations
• Subsonic.DefaultReportRealPath
• Subsonic.LegacyClients
• Tags

Deprecated/Changed configuration options:

• ScanSchedule was renamed to Scanner.Schedule
• Scanner.Extractor was removed. ffmpeg extractor is not supported anymore and Navidrome will now always use TagLib for metadata extraction.
• Scanner.GenreSeparators was removed. Use Tags.genre.Split instead. Check the Custom Tags documentation for more information.
• Scanner.GroupAlbumReleases was removed. Use PID.Album instead.

Check the Configuration Options documentation for
more information.

Upgrade Instructions

1. Backup Database: Before upgrading, create a backup of your current Navidrome database.
2. Stop Navidrome: Ensure Navidrome is not running before proceeding.
3. Replace Binary: Download and replace the existing Navidrome binary with the latest version (0.55.0).
   If using docker, pull the latest image.
4. Start Navidrome: Restart Navidrome to automatically migrate the database schema. The upgrade process will trigger a full scan of your library, which may take some time depending on the size of your collection. While this full scan is in progress, please avoid using Navidrome, as the data will be unstable until the process finishes.
   Please don't report any bugs until this full scan is complete (check the logs)

For detailed discussions and comprehensive insights into this update, refer to
our Big Refactor announcement and the original BFR Pull Request

Discussed are things like why kids say someone's been "unalived", some surprising etymologies (and how incel terminology is widespread on TikTok), why cottagecore exploded from nothing, and whether we're cooked.

I did find his weird movements distracting - there's not many slides so you can just listen and not miss anything.

Apparently he's better known as the Etymology Nerd online, so you may know the name already.

Title text:

If only my ancestors had been fortunate enough to marry into the branch of the bacteria family that could photosynthesize, like all my little green cousins here.

Transcript:

[Cueball and Beret Guy, seen from afar in silhouette, are walking up a grassy hill.]

[They continue walking up the hill, reaching its grassy summit. Now with normal lighting. Beret Guy is a bit ahead of Cueball.]
Beret Guy: I learned something today.
Beret Guy: I went on one of those family tree sites and kept clicking back, and it turns out I'm related to stromatolites!

[Closeup on Cueball. Beret Guy's reply comes off-panel from a starburst on the right edge of the panel.]
Cueball: The bacterial mats?
Beret Guy [off-panel]: Yeah! A few billion years back, on my mitochondria's side.

[Cueball and Beret Guy standing on the top of the grassy hill facing each other. Berety Guy holding a hand out towards Cueball.]
Beret Guy: My Archaean ancestors absorbed some bacteria that were cousins of stromatolites. That's how I got mitochondria.
Beret Guy: Cell nuclei, too.

[Cueball is standing behind Beret Guy who is now sitting down in the grass leaning back on one arm with the other arm resting on his bent knee.]
Cueball: I think there are still living stromatolites. You could get in touch.
Beret Guy: Nah, they're probably busy. I don't want to bother them.

[Cueball is sitting behind Beret Guy who is now lying down, both again shown in silhouette from a far, revealing they are on the top of the grassy hill.]
Cueball: So what are you going to do with this knowledge? Nothing?
Beret Guy: Lying on a hill in the warm sun is an old family tradition.

Source: https://xkcd.com/3046/

explainxkcd for #3046

Title text:

They're continuing to search for a square with the same area as the circle, as efforts to construct one have run into difficulties.

Transcript:

[In a single panel, White Hat, Ponytail, Miss Lenhart, Cueball, and Megan are standing in a field. Ponytail is holding a notebook and taking notes, Miss Lenhart is kneeling and holding her hands on a circular object with the radius marked on it, Cueball is holding a large caliper-like measuring instrument, and Megan is taking a photo with her phone sideways.]

[Caption below the panel:]
Math breakthrough: Dimensional analysts have discovered a real unit circle. Once they measure it, units can finally be added to all our geometry textbooks.

Source: https://xkcd.com/3041

explainxkcd for #3041

Source: https://xkcd.com/3025

Archive Today mirror: https://archive.ph/JTLIU

AI summary

The webpage discusses leaked documents revealing the capabilities of Graykey, a phone unlocking and forensics tool utilized by law enforcement globally. According to the documents obtained by 404 Media, Graykey can retrieve only partial data from modern iPhones running iOS 18 and iOS 18.0.1. There is no information on its functionality with the recently released iOS 18.1. This leak is significant for Grayshift, the company behind Graykey, especially since it has been acquired by Magnet Forensics, another player in the digital forensics field. Unlike its competitor Cellebrite, which has experienced similar leaks, this is the first detailed disclosure of the specific phones Graykey can and cannot access. The documents also provide insights into Graykey's capabilities with Android devices. Overall, this situation highlights the ongoing struggle between forensics tools and phone manufacturers like Apple and Google. The information indicates a complex interplay in the evolving landscape of mobile device security and law enforcement access.

After a conversation in !isitdown@infosec.pub I was looking for status pages. Does infosec.pub have one?