HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » The DU Lounge (Forum) » Don't post malicious code...
Introducing Discussionist: A new forum by the creators of DU

Sat Aug 31, 2013, 02:37 PM

Don't post malicious code or mess with the software.

Don't post malicious code or mess with the software.

Do not attempt to intentionally interfere with or exploit the operation of the Democratic Underground website or discussion forums (eg. by "post bombing" or using any other flooding techniques, by attempting to circumvent any restrictions placed on your account by the forum software, etc.) Do not post messages that contain software viruses, Trojan horses, worms, or any malware or computer code designed to disrupt, damage, or limit the functioning of any software or hardware.

http://www.democraticunderground.com/?com=termsofservice

28 replies, 2005 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 28 replies Author Time Post
Reply Don't post malicious code or mess with the software. (Original post)
Ptah Aug 2013 OP
olddots Aug 2013 #1
nebenaube Aug 2013 #2
Tuesday Afternoon Aug 2013 #3
CaliforniaPeggy Aug 2013 #4
NYC_SKP Sep 2013 #15
steve2470 Aug 2013 #5
NYC_SKP Sep 2013 #6
cliffordu Sep 2013 #7
bluesbassman Sep 2013 #8
cliffordu Sep 2013 #17
surrealAmerican Sep 2013 #18
Chan790 Sep 2013 #9
olddots Sep 2013 #10
In_The_Wind Sep 2013 #12
Chan790 Sep 2013 #11
ConcernedCanuk Sep 2013 #16
Baitball Blogger Sep 2013 #19
NYC_SKP Sep 2013 #20
pinboy3niner Sep 2013 #13
Lady Freedom Returns Sep 2013 #21
Dr. Strange Sep 2013 #14
Lady Freedom Returns Sep 2013 #22
madinmaryland Sep 2013 #23
Dr. Strange Sep 2013 #26
madinmaryland Sep 2013 #27
Make7 Sep 2013 #24
Ptah Sep 2013 #25
Make7 Sep 2013 #28

Response to Ptah (Original post)

Sat Aug 31, 2013, 02:44 PM

1. I second that ----whats with these posts that go no-where ???

I get it some of you people are computer wizzes but knock off the goofy games .

Reply to this post

Back to top Alert abuse Link here Permalink


Response to olddots (Reply #1)

Sat Aug 31, 2013, 02:49 PM

2. hmmm

 

Rove once suggested that disrupter's should hang out and build their post counts first... Most of the trolls can be regularly found in the lounge doing just that.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Original post)

Sat Aug 31, 2013, 02:56 PM

3. Terms of Service are regularly IGNORED in the lounge. I am not excusing the behavior

just an attempt to try and explain it. Jurors are all the time excusing crappy posts in here because "it's the lounge"



If you can't beat 'em ... might as well join 'em ....

haha ...

that is my EXCUSE for participating in the threads in question.

Not my finest hour.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Original post)

Sat Aug 31, 2013, 02:57 PM

4. NYC_SKP is hardly a troll.

It was an amusing exercise, for me anyway.

However, I do see your point.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to CaliforniaPeggy (Reply #4)

Tue Sep 3, 2013, 04:23 PM

15. Thanks, darlin'!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Original post)

Sat Aug 31, 2013, 03:32 PM

5. I admit my bias up front

If Skinner is going to strictly interpret the TOS, then yes, we all need to post "normally".

I get a geek/nerd kick out of NYC_SKP's and Make7's threads. I admit to a tad of annoyance from both of them but I was the one trying to figure out the mystery in both. It was my own fault I got a tad annoyed.

Whatever Skinner says, I'll abide by, of course.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Original post)

Tue Sep 3, 2013, 03:33 PM

6. I don't think "malicious" can be applied. No harm is done, nothing is broken, nobody gets hurt.

No viruses, worms, no disruption or damage or limiting of software functionality.

A post with no subject line, and one that sends you to your journal, does none of these things.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to NYC_SKP (Reply #6)

Tue Sep 3, 2013, 03:35 PM

7. ^^^^^^THIS^^^^^

Some people really get bent out of shape for not being able to play.

Or smart enough to figure it out.

My cat had to do it for me.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cliffordu (Reply #7)

Tue Sep 3, 2013, 03:43 PM

8. I just got a new phone, can I call your cat for help setting it up?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bluesbassman (Reply #8)

Tue Sep 3, 2013, 05:07 PM

17. He works for catnip and fresh tuna.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to NYC_SKP (Reply #6)

Tue Sep 3, 2013, 05:22 PM

18. I agree.

It was not a virus, or in any way capable of damaging anyone's computer.


Just like any other post you find annoying, you can just avoid clicking on it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Original post)

Tue Sep 3, 2013, 03:43 PM

9. I agree.

First this, next thing it's "ghost kicking" again. It's juvenile and I'm prone to consider it an exploit, a fun exploit but nevertheless outside the ToS.

Further, we don't know what havoc it's creating server-side.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Original post)

Tue Sep 3, 2013, 03:47 PM

10. being to sent to my empty journal is ---------

like a vampire looking at a mirror well I laughed because it keeps me on my internet toes and didn't get hurt plus I learned some stuff.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to olddots (Reply #10)

Tue Sep 3, 2013, 03:49 PM

12. That'll teach you to add something to your journal.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Original post)

Tue Sep 3, 2013, 03:48 PM

11. Skinner locked one, assuming he'll lock the other. n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Chan790 (Reply #11)

Tue Sep 3, 2013, 04:42 PM

16. If I was Skinner, I'd ban anyone that messed with the software on this site.

 

.
.
.

If one was really concerned with the security on this site, I believe they should PM the Admins;

not shove it in their face as to what one of over 200,000 members can do to this site.

Certainly not educate others as to how to accomplish it.

There are lurkers here for over ten years.

As there are "sleeper units" in the USA.

It's easy to check out (lurkers)

No posts in over ten years? - yep -

some forgot they ever joined,

but not all of them;

no way.

CC

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Chan790 (Reply #11)

Tue Sep 3, 2013, 05:26 PM

19. What did I miss?

I know what NYC SKP did. Was there a copycat?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Baitball Blogger (Reply #19)

Tue Sep 3, 2013, 05:43 PM

20. Make7, creator of the great HTML tips thread pinned in the Help and Welcome forum....

Posted a really cool post that sends people who click on it to their own journal.

Locked now, this would have been the link: http://www.democraticunderground.com/1018469361

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Original post)

Tue Sep 3, 2013, 03:55 PM

13. Don't mess with the software! It comes already pre-messed with.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to pinboy3niner (Reply #13)

Tue Sep 3, 2013, 05:56 PM

21. ...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Original post)

Tue Sep 3, 2013, 04:19 PM

14. Whatever.

Look, if you don't want me to email you pictures of nude clowns bathing in Cheerios, just say it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Dr. Strange (Reply #14)

Tue Sep 3, 2013, 05:58 PM

22. ...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Dr. Strange (Reply #14)

Tue Sep 3, 2013, 07:54 PM

23. Would you please stop sending me pictures of Tony Romo naked Tebowing...

Or I will post a picture of Geddy Lee and TZ naked tebowing!! Wait, didn't TZ do that already??


Reply to this post

Back to top Alert abuse Link here Permalink


Response to madinmaryland (Reply #23)

Wed Sep 4, 2013, 09:30 PM

26. She does it every Thursday.

Something to do with her religion.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Dr. Strange (Reply #26)

Wed Sep 4, 2013, 10:10 PM

27. This...




Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Original post)

Tue Sep 3, 2013, 10:59 PM

24. Now that the bug is fixed I guess I should explain myself.

My 'Post' thread wasn't just a prank - I was actually trying to make a nuisance of myself so they would fix this potentially disruptive error.

If posting a link to someone's own journal is malicious then everyone seems to have malicious links in all of their posts - click on someone's user name or avatar in any of their posts and where do you end up? Those aren't labeled as links to someone's journal either.

Whether typing and/or copying standard text characters into the text entry fields and hitting the
 Post my reply! 
button can be considered messing with software is debatable. Annoying, probably. Incentive to use the Trash this thread or Ignore features of the DU3 software, quite possibly (they disabled showing us how many star members are ignoring us, so I can't report any recent increases).

I thought I was actually doing something relatively innocuous - first to see if the software would actually let me, and when it did to highlight that it needed to be fixed sooner rather than later. The problem is that ANY html tags could be inserted into thread/reply titles and then be loaded for every page that title appeared on (the thread itself, the forum listing, the latest page, and even the greatest page).

I did a test (which I deleted) to see what html code I could fit into the 100 characters of a title - guess what I discovered? I could link to an external script which would load and run on any DU page that the title would appear on. If I can run a javascript file from an external site without any size restrictions, what on that DU page would I be prevented from messing with - pretty much nothing. The possibility for mischief in changing what was displayed and/or linked to on that page would be almost unlimited.

If DJ13 hadn't made a typo in one of his titles and if NYC_SKP didn't copy it as an OP in here, someone might have stumbled upon that bug and figured out a way to actually do things that were truly disruptive - they might even have done more than post a blank thread title or make a thread title link to one's own journal.

The hole is plugged now, so I guess we won't have to worry about it anymore.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Make7 (Reply #24)

Wed Sep 4, 2013, 09:08 PM

25. Thanks for your explanation, Make7. I might have done the same,

I was actually trying to make a nuisance of myself
so they would fix this potentially disruptive error.


I might have done the same, if I thought the DU admin was unresponsive to suggestions,
or had a pattern of ignoring members concern.

It seems the same fix could have been accomplished with a private message to the admins.

It appears that you felt it was necessary to 'rally the troops' for admin to respond.

And I am glad that the error has been repaired, for that I thank you.







Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ptah (Reply #25)

Thu Sep 5, 2013, 05:13 PM

28. Also interesting to note is that not a single person PM'ed me to request I edit/delete my 'Post'.

Last edited Thu Sep 5, 2013, 06:33 PM - Edit history (1)

Not even the Admins before they locked it.



First off, I had to actually post my thread to see if it really would change the link in the forum listings. Once I saw that it did I had to decide whether to leave it up or edit/delete it. My leaving it was in part due to the Admins seemingly inconsistent mechanism for fixing reported bugs. (Lord knows they are busy people with a lot of stuff to deal with running this site, so sometimes things get lost in the shuffle.) Quite a while ago I sent Elad a message about an issue that could only occur when a post was viewed in a thread - that one hasn't been fixed yet.

And I am still confused about the problem with https:// links here - they still don't work unless you put them in a [link] tag. There were more than a few threads about that issue over a time span of many months in Meta-discussion and then in Welcome & Help - when someone asked about secure links in Ask the Administrators they did address it but it didn't fix the actual URL of the link, just the displayed text. Does this take you to YouTube over a secure connection?

  https://www.youtube.com/

Wouldn't you expect it to?

I did notice that when I posted a reply in an Ask the Administrators thread which I wasn't supposed to be able to post in, the issue got fixed in less than a day. So I guess my decision to leave the 'Post' thread was based on what I thought would be likely to get the issue addressed as quickly as possible. If someone had asked me to edit/delete it, I would have changed my post and then sought an alternative way to stress the importance of plugging that particular hole.

I sometimes forget that some people that don't know much about computers can get worried when things don't act as expected and think they might have some virus or malware (although I can't think of any purpose for malware to redirect someone to their DU journal - especially if it's empty). But this bug of allowing html tags in post titles could have been a goldmine to a malicious intruder - so some discomfort to get it fixed is probably well worth it when one considers what possibly could have happened. Imagine what you could do if you could run an external script on every page a thread title appears on - the thread page, the forum listing, the latest page, the greatest page, and even the home page. Yikes!

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread