
RedditStorage - newtonapple
https://github.com/Rossem/RedditStorage
======
joefreeman
If you had a language model (say, trained on existing comments from Reddit),
you could encode the data in the comments in English, and make the abuse a
little more subtle.

~~~
guidopallemans
.. Much like how gfycat encodes their links

eg.:

\-
[https://gfycat.com/JaggedIdealFrillneckedlizard](https://gfycat.com/JaggedIdealFrillneckedlizard)

\-
[https://gfycat.com/ThirstyAmbitiousBuzzard](https://gfycat.com/ThirstyAmbitiousBuzzard)

\-
[https://gfycat.com/AlertSpicyBlueandgoldmackaw](https://gfycat.com/AlertSpicyBlueandgoldmackaw)

~~~
gabemart
This is also how hipku stores ip addresses as haiku

demo - [http://hipku.gabrielmartin.net](http://hipku.gabrielmartin.net)

explanation -
[http://gabrielmartin.net/projects/hipku/](http://gabrielmartin.net/projects/hipku/)

~~~
malkia
No wonder why this is everywhere:

    
    
      The hungry white ape
    
      aches in the ancient canyon.
    
      Autumn colors crunch.
    

[https://www.google.com/search?q=%22%22The+hungry+white+ape+a...](https://www.google.com/search?q=%22%22The+hungry+white+ape+aches+in+the+ancient+canyon.+Autumn+colors+crunch.%22&oq=%22%22The+hungry+white+ape+aches+in+the+ancient+canyon.+Autumn+colors+crunch.%22&aqs=chrome..69i64j69i57.3103j0j9&sourceid=chrome&es_sm=122&ie=UTF-8#q=%22The+hungry+white+ape+aches+in+the+ancient+canyon.+Autumn+colors+crunch.%22)

~~~
titaniumdecoy
According to the overview on the of hipku website, it uses only monosyllabic
words, unlike this haiku.

~~~
gabemart
That's not entirely true - it only uses monosyllabic words for IPv6 addresses
because there's no other way to fit enough bits into the right number of
syllables.

For IPv4 addresses, there's loads of space, so I can afford to use some longer
words.

------
rndn
There should be a contest: Who can find the most implausible data storage
medium? (Rated according to various criteria such as ingenuity, reliability,
max. data read/write rates, latency, storage size, costs…)

~~~
fatratchet
To get reliable and free storage, photo hosting is usually the easiest way.
Flickr offers 1TB, picasa/g+ offers unlimited storage with some hidden quoats.
Everything that allows lossless photos lets you store arbitrary data.
Depending on how careful you wanna be you can store hundreds of GBs per
account.

Email attachments used to be a great way a while ago but nowadays using
multiple gdrive/dropbox/onedrive accounts is much easier.

They are easy to create in large numbers (especially if your ISP has dynamic
IPS) and as long as you're even a little bit careful, nearly impossible to
ban. Add some redundancy across different services to that and a $2 VPS that
gives you tons of upload bandwidth and you've got yourself as many TBs of
free,fast and reliable online storage as you want.

I spent so much time as a teenager with no money and some python skills coding
storage solutions like that. I'd say it was to store movies and tv shows for
myself but in retrospect I mostly did it because it was so much fun to
develop.

~~~
namwen
Yeah, I wrote something that stores data to Flickr last summer:
[https://github.com/namwen/hoardr](https://github.com/namwen/hoardr) . I kind
of had a reason but it was more for the enjoyment of getting it to work.

~~~
adrian_blx
There is also hyperglobalmegastore [https://github.com/adrian-
bl/hyperglobalmegastore](https://github.com/adrian-bl/hyperglobalmegastore)
All data is encrypted and you can even mount your flickr 'drive' using fuse.

~~~
vivab0rg
This project needs more stars!

------
Vexs
Well there's some pretty amusing abuse. I recall there was a botnet a while
back that got it's commands from a subreddit as well. Quite brilliant
actually- who would suspect reddit as a command server?

~~~
dragontamer
> who would suspect reddit as a command server

Everyone who used IRC as a command server from years past. It turns out that
things useful for human communication tend to be useful for computer
communication.

Usenet, Email... hell... I'm sure BBS would have been used if modems were
popular enough back in the day.

~~~
cmdrfred
Every time I see an api for sending and receiving any type of file or text, I
think botnet/building a secret chat system on top of it.

~~~
SilasX
Every time I see a service offering some resource as "unlimited", I think of
using it as a free backend.

~~~
cmdrfred
me too, I have about 3tb of stuff from the Napster days and I've always wanted
to upload it all somewhere so I can stream it on my phone.

------
gkop
If this idea appeals to you, you may also be interested in the 2009 paper
_Graffiti Networks: A Subversive, Internet-Scale File Sharing Model_ [0] by
Andrew Pavlo.

tl;dr: the researchers discovered that MediaWiki instances were good soft
targets.

[0] [https://www.cs.cmu.edu/~pavlo/static/slides/graffiti-
dc401-o...](https://www.cs.cmu.edu/~pavlo/static/slides/graffiti-
dc401-oct12.pdf)

~~~
zedadex
The mini-saga embedded in the presentation was pretty funny

> Concluding Remarks >  Off probation at the end of this semester!

~~~
zatkin
I got put on probation for redirecting my ~/.bash_history to /dev/null and
removing my `finger` information with `chfn`. Universities can be pretty
ridiculous with their disciplinary actions.

~~~
pavel_lishin
Why... why would redirecting your .bash_history to /dev/null be a punishable
offense? I assume it's so they could check for evildoing on your part, but
that seems like a ridiculously idiotic way of doing it.

------
Goronmon
An expected reaction from the reddit admins...

[http://www.reddit.com/r/programming/comments/38kn2g/redditst...](http://www.reddit.com/r/programming/comments/38kn2g/redditstorage_a_cloud_storage_that_uses_reddit_as/crvx3tp)

------
jamesjwang
One of the co-creators here; as a disclaimer, we didn't mean to threaten to
break reddit at all. We're amazed that someone even found this repo since we
abandoned it back in January, and that it's even gotten any amount of
attention. Honestly we just built this in a week over winter break cause we
were bored

------
jakejake
This is pretty much exactly how binary newsgroups got started. Not to be all
"I thought of it first" but I had thought it would be funny to do something
similar on Twitter.

~~~
yaeger
Woah, that'd be a lot of tweets. Even reddit with its 10000 char limit per
comment has loads of comment trains if you want to store a sizable amount of
info that way. With twitters 140 char limit, that would be a huge amount of
tweets. You'd probably run the risk of being identified as a spammer if you
send that many tweets at once...

~~~
Grue3
140 unicode characters. Which actually gives you quite a lot of space to work
with.

------
exacube
I like the proof of concept, but I hate that anyone would abuse Reddit this
way.

~~~
supercoder
More insightful than most of the comments on there.

------
diminish
Can anyone do a rough cryptoanalysis of the code? It uses AES block cipher in
CBC mode with a random iv. Which attacks is this open to?

First, I suspect it's lacking a secure integrity check (MAC), so is weak
against chosen ciphertext attacks.

    
    
        def encrypt(self, plaintext):
            plaintext = self.pad(plaintext)
            iv = Random.new().read(AES.block_size)
            cipher = AES.new(self.key, AES.MODE_CBC, iv)
            return iv + cipher.encrypt(plaintext)
    

I'm also not sure about his padding of zeros to attain the AES block size -
was there a more secure padding?

    
    
        def pad(self, s):
            return s + b"\0" * (AES.block_size - len(s) % AES.block_size)

------
jedberg
Wouldn't it be funny if reddit just randomly edited the comments to break the
encoding...

~~~
aquilaFiera
This sounds like a /u/jedberg type of thing to do.

~~~
jedberg
I'd only do it to people I know after backing up the original. I wouldn't want
someone to _actually_ lose their files.

~~~
aquilaFiera
One could argue that that's their fault for giving /u/rram "root" access to
their "database."

------
Someone1234
Shame an encryption key is REQUIRED, could be a useful way to transfer files
between Reddit users. Of course the file has to be encoded, but the encryption
should be an optional extra.

~~~
tschuy
You could always share the password, or even redistribute a modified version
of the program with a hardcoded password.

~~~
jamesjwang
That was the idea; one of our original goals was to make a system to quickly
share small files over reddit. The issue is you have to store the password for
each file somewhere

------
Freaky
Don't use this for anything important, and certainly not with a non-unique
password.

Key is derived from a single SHA256 (can be brute-forced very rapidly),
cyphertext isn't authenticated (can be tampered with or corrupted without
anything noticing), and the padding function is broken (strips trailing NULLs,
so no good for binary files).

------
stephengillie
Interesting idea... Since image formats already store a huge BLOB, how much
more would it take to make ImgurStorage?

(Ideally, it would be slightly more elegant than just renaming a zip file.)

~~~
mdadm
This isn't an area that I'm particularly strong in, but I think that the way
that imgur compresses images[0] might have a noticeable effect on this.

[0] [https://help.imgur.com/hc/en-us/articles/201424706-How-
does-...](https://help.imgur.com/hc/en-us/articles/201424706-How-does-Imgur-
compress-my-images)

~~~
dexterdog
I've run a few photo sites and one of the things I do on all wild incoming
JPGs is do a minor compression on them and if that saves more than about 30%
on the file size I just use the compressed version. Then anything that's been
camouflaged in there gets dropped.

------
empyrical
Pretty clever. If it was stored in reddit's wiki system instead of comments,
it could have a revision history!

------
s_dev
I think this will break your ToS with reddit and result in a ban on the
account. That said, I don't know. It's kinda cool though.

~~~
pstuart
Only in the "hacking the system part". Otherwise it's an abuse of a service.
There's plenty of cheap data hosting elsewhere on the net.

------
kej
Presumably something like this is what's happening in /r/A858DE45F56D9BC9/

~~~
mdadm
Possibly. Searching up some of the content on there revealed this[0], so at
least some of it is (most likely) data.

[0] [http://a858.soulsphere.org/](http://a858.soulsphere.org/)

Edit:[1] shows that this is most likely a false-positive.

[1]
[https://www.reddit.com/r/Solving_A858/comments/24vml1/mime_t...](https://www.reddit.com/r/Solving_A858/comments/24vml1/mime_type/chb5k2e?context=3)

------
deelowe
Welp. This won't last very long. :-)

------
math0ne
I've been preaching the similarities of reddit to newsgroups and IRC forever
so this seems like a natural evolution to me. Probably fairly easy for reddit
to shut down though unfortunately.

Now if ISP's would start offering their own cached usable versions of reddit
we would be getting somewhere :)

~~~
yellowapple
And that somewhere would be Usenet 2.0.

------
SyncOnGreen
I had the same idea few months ago, I've even coded simple POC in Java which
mapped submissions in subreddit to files. You could use FUSE to create virtual
device and map files in mounted folder to comments. For Java I was using fuse-
jna - there should be binding for Python.

~~~
empyrical
Someone made a reddit FUSE filesystem (I don't know if it still works though)

[https://github.com/ianpreston/redditfs](https://github.com/ianpreston/redditfs)

------
lucb1e
Lol, I've thought of doing this so many times on Facebook, Google+, Twitter
and reddit. Seeing the amount of points this gets, I guess I should have done
it. I didn't because it seemed so pointless: they'll just block accounts using
this.

------
meesterdude
Somewhat related project i had going...
[https://github.com/meesterdude/reddit-rust-
servers](https://github.com/meesterdude/reddit-rust-servers)
([http://ruru.name/reddit-rust-servers/](http://ruru.name/reddit-rust-
servers/) show/hide columns to see more options)

I used to run the rust servers sub. I would have people post JSON posts, which
i would then spider and generate a JSON DB from, and created a UI (see the gh-
pages branch) to grab the JSON and present a searchable/filterable way of
finding servers that are relevant to you.

------
vbezhenar
I thought about creating an anonymous peer-to-peer network like BitMessage but
over Twitter instead of over TCP/IP. The main benefit is that for the watching
government hardware your traffic will flow to twitter, not to some suspicious
computers. Of course if government can talk to Twitter, it might find out that
activity, but not all governments can talk to Twitter.

Another improvement might be not to send base64 abracadabra, but instead send
some readable texts (autogenerated or fragments from wikipedia) and encode
message as a slight deviations (typos, etc) using steganography. But it would
require a lot of messages to transmit enough data.

~~~
jamesjwang
yeah that'd probably speed things up significantly; we already ran into speed
issues with PRAW in terms of how fast it can upload comments

------
KeytarHero
Perhaps something like this could explain
[http://www.reddit.com/r/A858DE45F56D9BC9](http://www.reddit.com/r/A858DE45F56D9BC9)

------
mtanski
You could randomly spread this over various subs, that and add erasure coding.
This way if a chunk or two goes missing you can reconstruct the original blob.

------
nickpsecurity
A nice new example of what's called "parasitic storage." This kind should be
easy enough to detect on Reddit's end: encrypted and binary data look very
different from text. Further, if a site allows binary, it's different from
crypto. The only type that's hard to filter is custom stego whose patterns
look similar to normally accepted traffic. Extra true if it's a high volume
site.

------
gprasanth
From 2010: [https://nealpoole.com/blog/2010/12/bit-ly-file-storage-
cleve...](https://nealpoole.com/blog/2010/12/bit-ly-file-storage-cleverness-
and-chutzpah/)

------
yuhong
Reminds me of:
[https://twitter.com/manzoor_e/status/604072602114605056/phot...](https://twitter.com/manzoor_e/status/604072602114605056/photo/1)

------
biturd
how do you get a Mac OS X GUI around this if it is written in python? Can you
do the same with perl, php, and other languages? Interface Builder has always
been a stumbling block for me to even begin to learn Obj-C or Swift.

~~~
ssalenik
It says in the readme he uses wxPython (wxWidgets). You could also use Qt as I
believe both use native Cocoa underneath. You can't do everything that is
possible if you were coding on Obj-C or Swift, but the stuff you can do looks
native. Both have bindings in many languages.

------
justintbassett
Please don't do this . . .

------
zedadex
I remember once briefly thinking how fun it'd be to do something like this,
before realizing with the spam filters the way they are it'd probably be the
last thing I ever did on the site.

Neat proof-of-concept though

------
digitalsushi
RedditStorage reminds me of a couple business models we tried out that
tanked..

The first was a new business where we would go to trade shows, conventions,
hell even fast food places, and just collect as many free beverages,
condiments, napkins et cetera as possible. Then we'd sell them online.

The other one didn't do much better. We'd go to a Lowes Tool Rental, and just
rent a bunch of tools and then re-rent them out of our truck in the parking
lot. They had to have them back an hour before Lowes closed for the night.

Our current business model is, we go to bars and hit on people, and if we get
their phone numbers, we add it to a subscription service where other people
can have access to it.

Honestly, I feel we're no more in the wrong than RedditStorage is.. /s

------
tomphoolery
> RedditStorage uses an AES encryption algorithm which requires you to choose
> a password (e.g. "bunny")

Some people still don't know what a password is? =D

------
harel
What happens when someone uses this to pollute popular subreddits? People will
get pissed off...

~~~
scrrr
I guess they will simply block the username and delete the comments.

------
vladtaltos
that is awesome in its complete disregard of reddit :) and a death sentence to
itself if it gains popularity as reddit-admins will have to ban the
accounts/discard the content :) so it's not that secure a storage idea...

nice little engineering work though. kudos.

------
mihau
Yeah, it can be done, but who the fuck needs that ?

------
spydum
does reddit not have some sort of posting throughput limit?

~~~
broodbucket
If they don't, they will soon.

