I get it some of you people are computer wizzes but knock off the goofy games .

Rove once suggested that disrupter's should hang out and build their post counts first... Most of the trolls can be regularly found in the lounge doing just that.

just an attempt to try and explain it. Jurors are all the time excusing crappy posts in here because "it's the lounge"



If you can't beat 'em ... might as well join 'em ....

haha ...

that is my EXCUSE for participating in the threads in question.

Not my finest hour.

It was an amusing exercise, for me anyway.

However, I do see your point.

If Skinner is going to strictly interpret the TOS, then yes, we all need to post "normally".

I get a geek/nerd kick out of NYC_SKP's and Make7's threads. I admit to a tad of annoyance from both of them but I was the one trying to figure out the mystery in both. It was my own fault I got a tad annoyed.

Whatever Skinner says, I'll abide by, of course.

No viruses, worms, no disruption or damage or limiting of software functionality.

A post with no subject line, and one that sends you to your journal, does none of these things.

Some people really get bent out of shape for not being able to play.

Or smart enough to figure it out.

My cat had to do it for me.

It was not a virus, or in any way capable of damaging anyone's computer.


Just like any other post you find annoying, you can just avoid clicking on it.

First this, next thing it's "ghost kicking" again. It's juvenile and I'm prone to consider it an exploit, a fun exploit but nevertheless outside the ToS.

Further, we don't know what havoc it's creating server-side.

like a vampire looking at a mirror well I laughed because it keeps me on my internet toes and didn't get hurt plus I learned some stuff.

.
.
.

If one was really concerned with the security on this site, I believe they should PM the Admins;

not shove it in their face as to what one of over 200,000 members can do to this site.

Certainly not educate others as to how to accomplish it.

There are lurkers here for over ten years.

As there are "sleeper units" in the USA.

It's easy to check out (lurkers)

No posts in over ten years? - yep -

some forgot they ever joined,

but not all of them;

no way.

CC

I know what NYC SKP did. Was there a copycat?

Posted a really cool post that sends people who click on it to their own journal.

Locked now, this would have been the link: http://www.democraticunderground.com/1018469361

Look, if you don't want me to email you pictures of nude clowns bathing in Cheerios, just say it.

Or I will post a picture of Geddy Lee and TZ naked tebowing!! Wait, didn't TZ do that already??

Something to do with her religion.

My 'Post' thread wasn't just a prank - I was actually trying to make a nuisance of myself so they would fix this potentially disruptive error.

If posting a link to someone's own journal is malicious then everyone seems to have malicious links in all of their posts - click on someone's user name or avatar in any of their posts and where do you end up? Those aren't labeled as links to someone's journal either.

Whether typing and/or copying standard text characters into the text entry fields and hitting the [div style="display:inline-block; padding:2px; border:1px solid #999999; border-radius:0.2308em; background-color:#eeeeee;"] Post my reply!  button can be considered messing with software is debatable. Annoying, probably. Incentive to use the Trash this thread or Ignore features of the DU3 software, quite possibly (they disabled showing us how many star members are ignoring us, so I can't report any recent increases).

I thought I was actually doing something relatively innocuous - first to see if the software would actually let me, and when it did to highlight that it needed to be fixed sooner rather than later. The problem is that ANY html tags could be inserted into thread/reply titles and then be loaded for every page that title appeared on (the thread itself, the forum listing, the latest page, and even the greatest page).

I did a test (which I deleted) to see what html code I could fit into the 100 characters of a title - guess what I discovered? I could link to an external script which would load and run on any DU page that the title would appear on. If I can run a javascript file from an external site without any size restrictions, what on that DU page would I be prevented from messing with - pretty much nothing. The possibility for mischief in changing what was displayed and/or linked to on that page would be almost unlimited.

If DJ13 hadn't made a typo in one of his titles and if NYC_SKP didn't copy it as an OP in here, someone might have stumbled upon that bug and figured out a way to actually do things that were truly disruptive - they might even have done more than post a blank thread title or make a thread title link to one's own journal.

The hole is plugged now, so I guess we won't have to worry about it anymore.

Last edited Thu Sep 5, 2013, 06:33 PM - Edit history (1)

Not even the Admins before they locked it.

[hr]
First off, I had to actually post my thread to see if it really would change the link in the forum listings. Once I saw that it did I had to decide whether to leave it up or edit/delete it. My leaving it was in part due to the Admins seemingly inconsistent mechanism for fixing reported bugs. (Lord knows they are busy people with a lot of stuff to deal with running this site, so sometimes things get lost in the shuffle.) Quite a while ago I sent Elad a message about an issue that could only occur when a post was viewed in a thread - that one hasn't been fixed yet.

And I am still confused about the problem with https:// links here - they still don't work unless you put them in a [link] tag. There were more than a few threads about that issue over a time span of many months in Meta-discussion and then in Welcome & Help - when someone asked about secure links in Ask the Administrators they did address it but it didn't fix the actual URL of the link, just the displayed text. Does this take you to YouTube over a secure connection?

  https://www.youtube.com/

Wouldn't you expect it to?

I did notice that when I posted a reply in an Ask the Administrators thread which I wasn't supposed to be able to post in, the issue got fixed in less than a day. So I guess my decision to leave the 'Post' thread was based on what I thought would be likely to get the issue addressed as quickly as possible. If someone had asked me to edit/delete it, I would have changed my post and then sought an alternative way to stress the importance of plugging that particular hole.

I sometimes forget that some people that don't know much about computers can get worried when things don't act as expected and think they might have some virus or malware (although I can't think of any purpose for malware to redirect someone to their DU journal - especially if it's empty). But this bug of allowing html tags in post titles could have been a goldmine to a malicious intruder - so some discomfort to get it fixed is probably well worth it when one considers what possibly could have happened. Imagine what you could do if you could run an external script on every page a thread title appears on - the thread page, the forum listing, the latest page, the greatest page, and even the home page. Yikes!