2020.9.2 更新:
1.禁用了邮件摘要功能
2.将“从不”设置为“站内信邮件提醒”和“收到回复邮件提醒”的默认值。意味着用户除了进行注册或重置密码外将不会收到邮件。我们的邮件资源很紧张,请用户不要修改邮件设置。
我们认为一些组织具有改良主义倾向,不在推荐之列。
但是他们的文章可以作为参考,要用批判的眼光去阅读。
更正:
由于本人太久没关注IRN了,忘了IRN原名叫什么了,造成了误解。给红色文献翻译(已停更)带来了不好的影响(虽然论坛根本没有多少人),下次发布公告的时必先核对。
2020/9/26
禁止开放注册。
2020/10/2
允许开放注册
并且禁止用国内邮箱注册
2020/10/11
出于安全考虑,禁用onebox
https://meta.discourse.org/t/discourse-link-previews-through-a-proxy-server/72720/4
https://meta.discourse.org/t/disable-discourse-from-crawling-links/69778/5
2021/2/20
为了防止ip暴露,设cloudflare的IP为白名单。
https://www.cloudflare.com/en-gb/ips/
https://erichelgeson.github.io/blog/2014/01/18/whitelisting-cloudflare-in-nginx/
https://meta.discourse.org/t/how-to-disable-access-to-anyone-not-coming-from-a-specific-ip-address/114907/7
2021/2/25
经测试,这种方法仍然暴露ip。
原因是,如果访问https://xxx.xxx.xxx.xxx:443
nginx会先出示https证书(证书上有域名),建立tls链接后再判断是否允许该ip访问,如果不允许则返回403错误,403错误是通过tls返回的。
要从iptables上禁止非ipcloudflare访问。
但是先前的尝试失败了,原因是规则没有清理干净。
方法:
1.先清除原有的规则:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -t nat -F
ip6tables -t mangle -F
ip6tables -F
ip6tables -X
2.设置cloudflare的IP为白名单:
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP
完成之后iptables -L -v将会是这样:
Chain INPUT (policy ACCEPT 3370 packets, 2459K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any 131.0.72.0/22 anywhere multiport dports http,https
566 84264 ACCEPT tcp -- any any 172.64.0.0/13 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 104.16.0.0/12 anywhere multiport dports http,https
2439 241K ACCEPT tcp -- any any 162.158.0.0/15 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 198.41.128.0/17 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 197.234.240.0/22 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 188.114.96.0/20 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 190.93.240.0/20 anywhere multiport dports http,https
157 20624 ACCEPT tcp -- any any 108.162.192.0/18 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 141.101.64.0/18 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 103.31.4.0/22 anywhere multiport dports http,https
33 5482 ACCEPT tcp -- any any 103.22.200.0/22 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 103.21.244.0/22 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 173.245.48.0/20 anywhere multiport dports http,https
71 4192 DROP tcp -- any any anywhere anywhere multiport dports http,https
https://www.thomas-krenn.com/en/wiki/Saving_Iptables_Firewall_Rules_Permanently
如果你是ubuntu用户,用dpkg-reconfigure iptables-persistent来保存设置。
2021/2/26
发现邮件发不出去。
原因是docker容器内无法解析域名。
https://stackoverflow.com/questions/31667160/running-docker-container-iptables-no-chain-target-match-by-that-name
我键入了systemctl restart docker解决了这个问题,但是iptables却因此改变了。无法起到ip白名单的效果。
Chain INPUT (policy ACCEPT 364 packets, 75703 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any 131.0.72.0/22 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 172.64.0.0/13 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 104.16.0.0/12 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 162.158.0.0/15 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 198.41.128.0/17 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 197.234.240.0/22 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 188.114.96.0/20 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 190.93.240.0/20 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 108.162.192.0/18 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 141.101.64.0/18 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 103.31.4.0/22 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 103.22.200.0/22 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 103.21.244.0/22 anywhere multiport dports http,https
0 0 ACCEPT tcp -- any any 173.245.48.0/20 anywhere multiport dports http,https
0 0 DROP tcp -- any any anywhere anywhere multiport dports http,https
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1990 750K DOCKER-USER all -- any any anywhere anywhere
1990 750K DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere
1040 235K ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
59 3116 DOCKER all -- any docker0 anywhere anywhere
891 512K ACCEPT all -- docker0 !docker0 anywhere anywhere
0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 188 packets, 26045 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
55 2876 ACCEPT tcp -- !docker0 docker0 anywhere 172.17.0.2 tcp dpt:https
4 240 ACCEPT tcp -- !docker0 docker0 anywhere 172.17.0.2 tcp dpt:http
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
891 512K DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere
1990 750K RETURN all -- any any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any docker0 anywhere anywhere
891 512K RETURN all -- any any anywhere anywhere
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
1990 750K RETURN all -- any any anywhere anywhere
2021/3/7
将 log_anonymizer_details 设置为 false
2021/3/20
重要安全更新
论坛的私信不安全,一旦管理员账号被控制,私信将会暴露,请移步protonmail或xmpp。利用D-H密钥交换确保前向安全。
私信的安全性不高于公开的主题。
管理员除了在命令行键入数据库删除命令无法彻底删除帖子。
私信用于交换公钥。
请勿在私信讨论关于个人隐私的,具有明显时间地域特征的敏感内容。
2021/3/28
设置enable inline onebox on all domains为false
2021/9/16
安装BBCode插件
https://web.archive.org/web/20181005220704/https://meta.discourse.org/t/discourse-bbcode/65425
测试:
Denial of the Difference Between Socialism and Capitalism Is Not Allowed
— Repudiating the theme about “white cat, black cat”
by Chin Chih-po
[This article is reprinted from Peking Review , #16, April 16, 1976, pp. 18-21.]
IN the struggle to beat back the Right deviationist attempt to reverse correct verdicts, Chairman Mao has penetratingly exposed and criticized the nature of the unrepentant capitalist-roader Teng Hsiao-ping in negating the taking of class struggle as the key link and in practising revisionism. Chairman Mao has pointed out: “This person does not grasp class struggle; he has never referred to this key link. Still his theme of ‘white cat, black cat,’ making no distinction between imperialism and Marxism.” It is of extremely great significance for us to study conscientiously this important directive of Chairman Mao’s, make an in-depth criticism of the reactionary theme about “white cat, black cat,” draw a clear demarcation line between Marxism and revisionism and between socialism on the one hand and capitalism and imperialism on the other so as to adhere to the Party’s basic line and carry the socialist revolution through to the end.
The reactionary fallacy “It doesn’t matter whether it is a white cat or a black cat, any cat that catches mice is a good cat” came out in 1961. At that time, owing to the sabotage by the Khrushchov renegade clique of the Soviet Union and serious natural disasters, China met with temporary economic difficulties and the struggle between the two classes, two roads and two lines was very acute and fierce. Class enemies both at home and abroad who rejoiced at our temporary difficulties slandered that China’s economy was “on the verge of collapse” and considered that socialist China was about to fall apart. Joining in the chorus of class enemies at home and abroad, the ringleaders of the revisionist line inside our Party tried their utmost to distort the real causes that gave rise to the temporary difficulties, ascribing them to the socialist system, the Party’s line, principles and policies without mentioning at all the sabotage by the Soviet revisionists and the serious natural disasters. They made a wrong appraisal of the situation and, thinking that the time for restoring capitalism had come, made frenzied attacks on socialism. The renegade, hidden traitor and scab Liu Shao-chi shouted himself hoarse, saying: “Industry should fall back to a sufficient degree and agriculture should do the same, including the fixing of farm output quotas based on individual households and returning to individual farming.” The bourgeois careerist and conspirator Lin Piao also trumpeted with great vigour that of the various types of relations of production in the world, “we’ll choose the one that will raise production.” What he really meant was to restore the capitalist relations of production. It was in these circumstances that Teng Hsiao-ping also came out talking blatantly about his theme on the “white cat and black cat.” For fear that people might not follow what he said, he went out of his way to elaborate: “What kind of relations of production is better? It seems that we have to take this attitude: Adopt whatever kind in whatever place that facilitates the restoration and development of production.” He also said: “Individual farming is also permissible as long as there is a rise in production.” Apparently, he thought that the socialist system no longer worked for it “has failed to catch mice”; to him the capitalist system was better for it “catches mice all right.” So he worked with might and main to turn the collective economy back to an individual economy and “twist” the New China advancing on the socialist road back to the capitalist road.
Which one is better, socialism or capitalism? Whither China? This is a question that has been cleared up long ago. Chairman Mao pointed out in unmistakable terms: “The present social system of our country is far superior to that of the old days. If it were not so, the old system would not have been overthrown and the new system could not have been established. In saying that socialist relations of production are better suited to the development of the productive forces than are the old relations of production, we mean that they permit the productive forces to develop at a speed unattainable in the old society.” (On the Correct Handling of Contradictions Among the People.) Although China at that time had met with temporary economic difficulties, they were merely difficulties on the road of advance and we could overcome them by relying on the Party leadership and the initiative of the masses and on the socialist system itself. Under the guidance of Chairman Mao’s proletarian revolutionary line, our Party and the people of the whole country persisted in taking class struggle as the key link, criticized revisionism and capitalism, adhered to the policy of maintaining independence and keeping the initiative in our own hands and relying on our own efforts, strengthened and consolidated the socialist system under the dictatorship of the proletariat, took further steps to carry out the Party’s policies for the countryside, and consolidated the collective economy based on the three-level system of ownership of the means of production in the people’s commune, with the production team at the basic level. All this further brought the socialist initiative of the masses into play, and the result was the national economy quickly recovered and developed and the situation very soon took a turn for the better. Since then, in agricultural production in our country, there have been good harvests for 14 years in succession and industrial production too has been thriving. Hasn’t this historical fact fully demonstrated that, compared with the capitalist system, the socialist system has potentially unparalleled great strength? Isn’t this a forceful repudiation and negation of the “white cat, black cat” theme that negated socialism and advocated capitalism? Facts have given eloquent proof that “only socialism can save China.” (Mao Tsetung: On the Correct Handling of Contradictions Among the People.) If we were to act in the way proposed by Teng Hsiao-ping, let all the capitalist “white cats and black cats” come out, engage in individual farming and speculation, and embark on free enterprises, then the socialist collective economy would disintegrate, the cause of socialism would go down the drain and the state under the dictatorship of the proletariat would be turned into one under the dictatorship of the bourgeoisie. Then capitalist restoration such as that occurring in the Soviet Union would appear in our country. This is a thing the Chinese people absolutely will not agree. We can only advance, not retreat; we can only take the socialist road, not the capitalist road.
测试:
全世界无产者联合起来
当心上传的文件包含元信息!