Tsudohnimh wrote:
I clicked a link for hot judicial action and I got 0wn3d. I'd like to thank the academy, my parents for warping me, Tom and Nick for letting me do this, and my hero Acidus.

OK, let me explain what the story is with this. Its possible to embed a link in a MemeStreams page to /recommend. When people who are logged in click on it, it will automatically post a message to their MemeStream, and then redirect them back to the page they were looking at. Ironically, this tends to result in lots of clicking, as it seems like the browser has done something wrong. If Acidus had really wanted to be nasty he could have included a redundant link in the posts he was adding to your pages to that people who read your MemeStreams would also spread the post. Its like a meme worm.

This is actually a problem that Rattle and I anticipated when we first built this website. We used to have protection in place that prevented this. It worked by checking to make sure that when you submitted a post the referer header in your http request came from /recommend and not some other page. Unfortunately, we ran into trouble with this feature. Some Internet privacy software screens referer headers out of http requests, and so people who used such software were unable to post. After struggling through the process of explaining to a few users how to fix this problem we decided to disable the security feature for /recommend until we had time to revisit the problem. The security feature is still present in /delete and /edit, because we decided that a self propagating MemeStreams Meme was only a bit of an annoyance, but if someone wrote a javascript that wiped out your whole blog that would be a serious problem. This explains why a few of you have trouble editing or deleting posts sometimes.

We have a fix for this problem which is unlikely to cause problems for people running Internet privacy software. Its checked into subversion. However, we haven't shipped it yet because it is boiled in with a bunch of other changes to the UI that aren't quite ready for release yet. We decided it might be fun to go ahead and let Acidus propagate one of these Memes as he uncovered this issue a few weeks back and advised us on how to implement a better fix. I'd like to say that we're shipping this weekend, but I don't think its going to happen. I'm skiing and Rattle is attending Outerz0ne. Acidus is actually giving a talk at Outerz0ne which includes a discussion of this issue, so its not out of the question that you might see a few more people screwing around with it. Fortunately I don't think you can do anything terribly malicious with this. Its all in good fun.

Hopefully we'll have our update out soon.

Those darn kids....

thanks for the black eye acidus

Tsudohnimh wrote:
I clicked a link for hot judicial action and I got 0wn3d. I'd like to thank the academy, my parents for warping me, Tom and Nick for letting me do this, and my hero Acidus.

OK, let me explain what the story is with this. Its possible to embed a link in a MemeStreams page to /recommend. When people who are logged in click on it, it will automatically post a message to their MemeStream, and then redirect them back to the page they were looking at. Ironically, this tends to result in lots of clicking, as it seems like the browser has done something wrong. If Acidus had really wanted to be nasty he could have included a redundant link in the posts he was adding to your pages to that people who read your MemeStreams would also spread the post. Its like a meme worm.

This is actually a problem that Rattle and I anticipated when we first built this website. We used to have protection in place that prevented this. It worked by checking to make sure that when you submitted a post the referer header in your http request came from /recommend and not some other page. Unfortunately, we ran into trouble with this feature. Some Internet privacy software screens referer headers out of http requests, and so people who used such software were unable to post. After struggling through the process of explaining to a few users how to fix this problem we decided to disable the security feature for /recommend until we had time to revisit the problem. The security feature is still present in /delete and /edit, because we decided that a self propagating MemeStreams Meme was only a bit of an annoyance, but if someone wrote a javascript that wiped out your whole blog that would be a serious problem. This explains why a few of you have trouble editing or deleting posts sometimes.

We have a fix for this problem which is unlikely to cause problems for people running Internet privacy software. Its checked into subversion. However, we haven't shipped it yet because it is boiled in with a bunch of other changes to the UI that aren't quite ready for release yet. We decided it might be fun to go ahead and let Acidus propagate one of these Memes as he uncovered this issue a few weeks back and advised us on how to implement a better fix. I'd like to say that we're shipping this weekend, but I don't think its going to happen. I'm skiing and Rattle is attending Outerz0ne. Acidus is actually giving a talk at Outerz0ne which includes a discussion of this issue, so its not out of the question that you might see a few more people screwing around with it. Fortunately I don't think you can do anything terribly malicious with this. Its all in good fun.

Hopefully we'll have our update out soon.