merging

2023-08-10 21:13:00 +03:00 · 2012-05-22 18:48:24 +07:00 · 2012-05-22 18:48:24 +07:00 · 780c50f971
commit 780c50f971
parent 02a5aa6cf6 2b9a70c19b
7 changed files with 77 additions and 29 deletions
--- a/README.rst
+++ b/README.rst
@ -11,7 +11,7 @@ be pasted in it. The idea is that one can (probably...) not be legally entitled
 to `moderate the pastebin content`_ as he/she has no way to decrypt it.

 It's an Python implementation of the
-`zerobin project`_. It's easy to
+`zerobin project`_ under the `WTF licence`_. It's easy to
 install even if you know nothing about Python.

 For now tested with IE9, and the last opera, safari, chrome and FF.
@ -96,4 +96,5 @@ What does 0bin not implement?
 .. _Bootstrap: http://twitter.github.com/bootstrap/
 .. _VizHash.js: https://github.com/sametmax/VizHash.js
 .. _Cherrypy: http://www.cherrypy.org/ (server only)
-.. _is not worth it: http://stackoverflow.com/questions/201705/how-many-random-elements-before-md5-produces-collisions
+.. _is not worth it: http://stackoverflow.com/questions/201705/how-many-random-elements-before-md5-produces-collisions
+.. _WTF licence: http://en.wikipedia.org/wiki/WTFPL
--- a/zerobin/static/css/style.css
+++ b/zerobin/static/css/style.css
@ -352,3 +352,11 @@ canvas {
 	color: red;
 	font-weight: bold;
 }
+
+#faq dt {
+    margin:2em 0 1em 0;
+}
+
+#faq p {
+    margin:1em;
+}
--- a/zerobin/static/css/style.min.css
+++ b/zerobin/static/css/style.min.css
@ -4,4 +4,4 @@ article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display
 /* Prettify */
 .pln{color:#000}@media screen{.str{color:#080}.kwd{color:#008}.com{color:#800}.typ{color:#606}.lit{color:#066}.pun,.opn,.clo{color:#660}.tag{color:#008}.atn{color:#606}.atv{color:#080}.dec,.var{color:#606}.fun{color:red}}@media print,projection{.str{color:#060}.kwd{color:#006;font-weight:bold}.com{color:#600;font-style:italic}.typ{color:#404;font-weight:bold}.lit{color:#044}.pun,.opn,.clo{color:#440}.tag{color:#006;font-weight:bold}.atn{color:#404}.atv{color:#060}}pre.prettyprint{padding:2px;border:1px solid #888}ol.linenums{margin-top:0;margin-bottom:0}li.L0,li.L1,li.L2,li.L3,li.L5,li.L6,li.L7,li.L8{list-style-type:none}li.L1,li.L3,li.L5,li.L7,li.L9{background:#eee}
 /* Custom */
-.brand{font-size:38px!important;padding:0 55px 3px!important;text-shadow:0 1px 0 rgba(255,255,255,.1),0 0 30px rgba(255,255,255,.125);-webkit-transition:all .2s linear;-moz-transition:all .2s linear;transition:all .2s linear}.brand span{font-size:48px;line-height:0}.brand em{display:inline;color:#d40202;margin:0!important;font-size:27px}.about{line-height:13px;font-style:italic;text-align:right;padding-top:9px;margin-bottom:0!important}.about span{font-size:10px}body{padding-top:60px;padding-bottom:40px}.sidebar-nav{padding:9px 0}select{width:135px}label{display:inline;margin-left:18px;font-style:italic;font-size:11px;color:#888}ul,ol{padding:0;margin:0}li{margin-left:-9px}p{margin:0 0 20px}.grey{color:#999}.nav-list{padding-right:0!important;font-size:12px}blockquote{width:630px;float:left}h4 p{float:left;font-size:80px;text-shadow:1px 3px 1px #DDD,0 0 4px #333;-webkit-transition:all .2s linear;-moz-transition:all .2s linear;transition:all .2s linear;margin-right:7px;margin-top:3px}h4#pixels-total{position:relative;width:166px;float:right;margin:8px 0 0 0;padding:0 0 0 54px;font-size:1.1em;line-height:1.4;font-weight:normal;color:#777;-webkit-border-top-right-radius:6px;-webkit-border-top-left-radius:20px;-moz-border-top-right-radius:6px;-moz-border-top-left-radius:20px;border-top-right-radius:6px;border-top-left-radius:20px}.greetings{clear:both;margin:0 auto;text-align:center;margin-top:40px}.alert .title{display:block}.btn-group{float:left}html.file-upload p.file-upload{float:left;margin:22px 0 0 21px;display:none}html.file-upload p.file-upload{display:inherit}html.no-file-upload p.file-upload{display:none}input.btn-upload{position:relative;left:-6px;width:100px;z-index:1;margin-top:-13px}input.hide-upload{position:relative;left:-110px;-moz-opacity:0;filter:alpha(opacity:0);opacity:0;z-index:2;width:100px;margin-top:-20px;cursor:pointer;cursor:hand;height:49px}#paste-content{background-color:white;padding:1em}#paste-content.done{background-color:white;padding-top:1em;padding-left:0}.submit-form{display:none}.paste-option{float:right}a#clip-button.hover{cursor:pointer;text-decoration:underline}li.L0,li.L1,li.L2,li.L3,li.L4,li.L5,li.L6,li.L7,li.L8,li.L9{list-style-type:decimal;background:inherit}.prettyprint.linenums{-webkit-box-shadow:inset 40px 0 0 #fbfbfc,inset 41px 0 0 #ececf0;-moz-box-shadow:inset 40px 0 0 #fbfbfc,inset 41px 0 0 #ececf0;box-shadow:inset 40px 0 0 #fbfbfc,inset 41px 0 0 #ececf0}ol.linenums{margin:0 0 0 55px}ol.linenums li{color:#bebec5;line-height:18px;text-shadow:0 1px 0 #fff}.prettyprint{padding:8px;background-color:#f7f7f9;border:1px solid #e1e1e8}pre{font-family:Consolas,Menlo,Monaco,Lucida Console,Liberation Mono,DejaVu Sans Mono,Bitstream Vera Sans Mono,monospace,serif;line-height:21px;font-size:12px}.kwd{color:#66F}.pun,.opn,.clo{color:#0A0}.lit{color:#933}.com{color:#C0C}form{padding-bottom:3em!important;padding-right:17px}form textarea{overflow-y:auto}button.btn,input[type="submit"].btn{margin-left:5px}.well{padding-bottom:40px;padding-right:17px}.legal{margin:0 auto;width:300px;text-align:center;margin-top:30px}.btn{margin-left:5px}.btn-primary,.btn-danger{position:relative;top:-4px}#alert-template{display:none}.progress{display:none}.progress .bar{width:25%;text-indent:10px;text-align:left}.lnk-option canvas{vertical-align:middle;margin-right:10px}.previous-pastes .item{margin-top:5px;vertical-align:middle;line-height:24px;padding-left:1em}li.item{margin-left:-13px;margin-right:-5px}.previous-pastes canvas{display:block;float:left;margin-right:5px}html.local-storage .no-local-storage{display:none}html.no-local-storage .local-storage{display:none}canvas{border:1px solid white}#wrap-content{display:none}.noscript{text-align:center;color:red;font-weight:bold}
+.brand{font-size:38px!important;padding:0 55px 3px!important;text-shadow:0 1px 0 rgba(255,255,255,.1),0 0 30px rgba(255,255,255,.125);-webkit-transition:all .2s linear;-moz-transition:all .2s linear;transition:all .2s linear}.brand span{font-size:48px;line-height:0}.brand em{display:inline;color:#d40202;margin:0!important;font-size:27px}.about{line-height:13px;font-style:italic;text-align:right;padding-top:9px;margin-bottom:0!important}.about span{font-size:10px}body{padding-top:60px;padding-bottom:40px}.sidebar-nav{padding:9px 0}select{width:135px}label{display:inline;margin-left:18px;font-style:italic;font-size:11px;color:#888}ul,ol{padding:0;margin:0}li{margin-left:-9px}p{margin:0 0 20px}.grey{color:#999}.nav-list{padding-right:0!important;font-size:12px}blockquote{width:630px;float:left}h4 p{float:left;font-size:80px;text-shadow:1px 3px 1px #DDD,0 0 4px #333;-webkit-transition:all .2s linear;-moz-transition:all .2s linear;transition:all .2s linear;margin-right:7px;margin-top:3px}h4#pixels-total{position:relative;width:166px;float:right;margin:8px 0 0 0;padding:0 0 0 54px;font-size:1.1em;line-height:1.4;font-weight:normal;color:#777;-webkit-border-top-right-radius:6px;-webkit-border-top-left-radius:20px;-moz-border-top-right-radius:6px;-moz-border-top-left-radius:20px;border-top-right-radius:6px;border-top-left-radius:20px}.greetings{clear:both;margin:0 auto;text-align:center;margin-top:40px}.alert .title{display:block}.btn-group{float:left}html.file-upload p.file-upload{float:left;margin:22px 0 0 21px;display:none}html.file-upload p.file-upload{display:inherit}html.no-file-upload p.file-upload{display:none}input.btn-upload{position:relative;left:-6px;width:100px;z-index:1;margin-top:-13px}input.hide-upload{position:relative;left:-110px;-moz-opacity:0;filter:alpha(opacity:0);opacity:0;z-index:2;width:100px;margin-top:-20px;cursor:pointer;cursor:hand;height:49px}#paste-content{background-color:white;padding:1em}#paste-content.done{background-color:white;padding-top:1em;padding-left:0}.submit-form{display:none}.paste-option{float:right}a#clip-button.hover{cursor:pointer;text-decoration:underline}li.L0,li.L1,li.L2,li.L3,li.L4,li.L5,li.L6,li.L7,li.L8,li.L9{list-style-type:decimal;background:inherit}.prettyprint.linenums{-webkit-box-shadow:inset 40px 0 0 #fbfbfc,inset 41px 0 0 #ececf0;-moz-box-shadow:inset 40px 0 0 #fbfbfc,inset 41px 0 0 #ececf0;box-shadow:inset 40px 0 0 #fbfbfc,inset 41px 0 0 #ececf0}ol.linenums{margin:0 0 0 55px}ol.linenums li{color:#bebec5;line-height:18px;text-shadow:0 1px 0 #fff}.prettyprint{padding:8px;background-color:#f7f7f9;border:1px solid #e1e1e8}pre{font-family:Consolas,Menlo,Monaco,Lucida Console,Liberation Mono,DejaVu Sans Mono,Bitstream Vera Sans Mono,monospace,serif;line-height:21px;font-size:12px}.kwd{color:#66F}.pun,.opn,.clo{color:#0A0}.lit{color:#933}.com{color:#C0C}form{padding-bottom:3em!important;padding-right:17px}form textarea{overflow-y:auto}button.btn,input[type="submit"].btn{margin-left:5px}.well{padding-bottom:40px;padding-right:17px}.legal{margin:0 auto;width:300px;text-align:center;margin-top:30px}.btn{margin-left:5px}.btn-primary,.btn-danger{position:relative;top:-4px}#alert-template{display:none}.progress{display:none}.progress .bar{width:25%;text-indent:10px;text-align:left}.lnk-option canvas{vertical-align:middle;margin-right:10px}.previous-pastes .item{margin-top:5px;vertical-align:middle;line-height:24px;padding-left:1em}li.item{margin-left:-13px;margin-right:-5px}.previous-pastes canvas{display:block;float:left;margin-right:5px}html.local-storage .no-local-storage{display:none}html.no-local-storage .local-storage{display:none}canvas{border:1px solid white}#wrap-content{display:none}.noscript{text-align:center;color:red;font-weight:bold}#faq dt{margin:2em 0 1em 0}#faq p{margin:1em}
--- a/zerobin/static/js/behavior.js
+++ b/zerobin/static/js/behavior.js
@ -177,9 +177,9 @@ window.zerobin = {

  /** Get a tinyurl using JSONP */
  getTinyURL: function(longURL, success) {
-    var api = 'http://json-tinyurl.appspot.com/?url=';
+    var api = 'http://is.gd/create.php?format=json&url=';
    $.getJSON(api + encodeURIComponent(longURL) + '&callback=?', function(data){
-      success(data.tinyurl);
+      success(data.shorturl);
    });
  },

@ -269,12 +269,12 @@ window.zerobin = {

  getPasteId: function(url){
    var loc = url ? zerobin.parseUrl(url) : window.location;
-    return loc.pathname.replace(/\/|paste/g, '').replace(/\?.*$/, '');
+    return loc.pathname.replace(/\/|paste/g, '');
  },

  getPasteKey: function(url){
    var loc = url ? zerobin.parseUrl(url) : window.location;
-    return loc.hash.replace('#', '').replace(/\?.*$/, '');
+    return loc.hash.replace('#', '').replace(/(\?|&).*$/, '');
  },

  /** Return the paste content stripted from any code coloration */
--- a/zerobin/static/js/main.min.js
+++ b/zerobin/static/js/main.min.js
--- a/zerobin/views/base.tpl
+++ b/zerobin/views/base.tpl
@ -125,6 +125,7 @@
        <p>“Few persons can be made to believe that it is not quite an easy thing to invent a method of secret writing which shall baffle investigation. Yet it may be roundly asserted that human ingenuity cannot concoct a cipher which human ingenuity cannot resolve...”</p>
        <small>Edgar Allan Poe</small>
      </blockquote>
+
      
      %if settings.DISPLAY_COUNTER:
        <h4 id="pixels-total" >
@ -132,6 +133,7 @@
          <strong>{{ pastes_count }}</strong> </br>pastes øbinned
        </h4>
      %end
+      

      </br>
        <p class="greetings span12">
@ -155,6 +157,7 @@
      <strong class="title"></strong>
      <span class="message"></span>
    </p>
+  </div><!--/wrap-content-->

  </body>

--- a/zerobin/views/faq.tpl
+++ b/zerobin/views/faq.tpl
@ -1,31 +1,67 @@
-<div class="well"> 
+<div class="well" id="faq">

  <h1>FAQ</h1>
-  
-  %for i, entry in enumerate(settings.MENU):
-    %if "mailto:" in entry[1]:
-      <p>If a question does not appear here you can  
-        <span title="{{ entry[1].replace('mailto:', '').replace('@', '__AT__') }}"
-              class="email-link" >
-              contact us
-        </span>.
-      </p>
-    %end
-  %end 

  <hr width="90%">

  <dl>

-    <dt>What's the name of the captain?</dt>
-    <dd>The name of the captain is Igloo !</dd>
-    </br>
-    <dt>What's the name of the captain?</dt>
-    <dd>The name of the captain is Igloo !</dd>
-    </br>
-    <dt>What's the name of the captain?</dt>
-    <dd>The name of the captain is Igloo !</dd>
-  
+    <dt>How does it work?</dt>
+    <dd>
+        <p>We generate a random key, and encrypt the paste with it using
+           the <a href="http://crypto.stanford.edu/sjcl/">sjcl</a>
+           javascript library.</p>
+        <p>The content is sent encrypted to the server, which returns the
+           address of the newly created paste.</p>
+        <p>The javascript code then redirects to this address, but it adds the
+           encryption key in the URL hash (#).</p>
+        <p>When somebody want to read the paste, he usually just click on a link
+          with this URL. If the hash containing the key is part of it, Obin's
+          javascript will use it to decrypt the content sent by the server.</p>
+        <p>The browser never sends the hash to the server, so it does not
+           receives the key.</p>
+    </dd>
+
+    <dt>Javascript encryption is not secure!</dt>
+    <dd>
+        <p>No it's not.</p>
+        <p>The goal of 0bin is <strong>not</strong> to protect the users
+           or their secrets.</p>
+        <p>The goal is to make it hard to sue the host because of the
+           content users pasted in his service. The idea is that you can not
+           require somebody to moderate something he can't read</p>
+    </dd>
+    <dt>What if the server changes the Javascript code? Or in the case of a man
+        in the middle attack?</dt>
+    <dd>
+      <p>Read above.</p>
+      <p>0bin the is not built to protect the users content. It is built to
+        protect the host. If the user content is compromised, 0bin still
+        provides the host with the main feature: ignorance of the hosted content.</p>
+      <p>The case where the host himself compromises the encryption process
+         to read the content makes no sense: in that case he wouldn't have
+         installed 0bin in the first place. 0bin is here to protect him.</p>
+      <p><strong>If you want to be sure nobody can read your content, you should
+           not use 0bin</strong>. Use
+         <a href="https://crypto.cat/">cryptocat</a> (but JS crypto warnings apply)
+         or <a href="http://www.cypherpunks.ca/otr/">OTR</a> for chatting,
+         <a href="http://gnupg.org/">GPG</a>/<a href="http://enigmail.mozdev.org/home/index.php.html">enignmail</a>
+         for emails and <a href="http://www.truecrypt.org/">TrueCrypt</a> for storage.</p>
+    </dd>
+    <dt>How did you come out with such a cool idea?</dt>
+    <dd>
+      <p>We didn't, we based 0bin on
+        <a href="http://sebsauvage.net/paste/">sebsauvage's work</a>.</p>
+
+    <p>It was a reaction to
+       <a href="https://www.zdnet.com/blog/security/pastebin-to-hunt-for-hacker-pastes-anonymous-cries-censorship/11336">Pastebin been forced to moderate its content</a>
+        because of so many illegal stuffed posted to it. 0bin should be used the
+         same way <a href="pastebin.com">Pastebin</a> is for users. The only
+         difference is that if you host it, we hope the encryption
+         feature can be used as a defense. This is not proven though :-)</p>
+
+    </dd>
+
  </dl>

 </div>