Badge suggestions - ones with added thought
-
-
-
Bronze: Buddy - met 1 TDWTFer in real life
Silver: Group Hug - met 2 or 3 TDWTFer in real life
Gold: Fronds - met 4 or more TDWTFer in real lifeThe best thing about badges is coming up with salient names.
-
-
I am not a while(true) loop.
As I said, you can be easily replaced.
Filed under: 10 PRINT "Purple Dildo", 20 GOTO 10
-
Worse than failure buddy?
-
I think the number for gold is unreachable high. You'll never get 4 TDWTFers within a few meters of each other, definitely not without a keyboard being involved.
-
Well, you could get your real life friends to sign up for TDWTF, or create an account for your pets.
-
Or beer. Beer works.
Actually, I think a TDWTF meet-up could be cool. We could go to a pub and studiously ignore each other except for glares over the top of pints of good beer.
-
Well, if we can have triggers, my favourite one would work! So, suggestions:
Bronze name: What does this button do? Bronze requirements: Find a Discourse exploit. See: notifications from broken posts, the entire post body made of invisible characters, mention bombing... Silver name: Doing it wrong Silver requirements: Find 5 Discourse exploits. Gold name: Community Server survivor Gold requirements: Find 10 Discourse exploits. Icon name: fa-chain-broken EDIT: fa-gavel might work better Multiple awards: no
Ok, so this one would be manual, but hey! I guess it would encourage people to report the exploit as a bug so it can be checked. Is that a good thing? Don't know, you decide.
Bronze name: Fabulous Darth Vader Bronze requirement: Replied first directly to the same user at least 10 times Silver name: I agree whit whatever Morbs just said Silver requirement: Replied first directly to the same user at least 20 times Gold name: Signature guy Gold requirement: Replied first directly to the same user at least 50 times Icon name: fa-pencil or fa-pencil-square Multiple awards: yes
Filed under: Had to add a <br> manually, feels like CS again!
-
Just remember at the end of the day, whatever changes you make will either make us:
- raging mad
- disgusted and appalled
- mildly irritated
Good feelings? No. Silence is what you get when you did the right thing.
-
What does this button do?
We actually have this right now. Even have a wall-o-fame.
-
What's the criteria? Because in my world, anyone that gets to use any HTML markup that isn't the list of approved markup is creating an XSS - even if it is wasn't weaponised.
And there's guaranteed to be more people than that. @Matches I'm sure is one of those people. I haven't found any yet but I haven't been trying. I really should, because some of the interesting things I've come across over the years might well get past your sensors.
-
@PJH is the arbitrar and creator of that badge. In my book people who found a way to execute arbitrary js should get it.
-
Reasonable definition. I think it's good when things are clearly defined and understood.
This is why I dislike Discourse. So much of it seems nebulous and behaviour seems almost non-deterministic at times.
-
What are you blaming on me? Discourse loading posts is a barrier to reading so I'd rather you just repeat whatever the main purpose of this conversation is.
-
Not blaming you. Trying to suggest that you should be a contender for the XSS award for demonstrating what is (IMHO) an XSS vulnerability.
-
Naw, I haven't found any full fledged XSS yet - just pieces that might ultimately result in one. I'm really too lazy to do full investigations unless it's my own shit. I strongly suspect you could create an XSS by oneboxing a wikipedia forward page to a malicious site though.
-
I've thought about it but honestly the amount of hassle of figuring it all out (when posting for example, what's supplied? A per session token? A per session token and an anti-CSRF token?) is a barrier to testing.
-
We could go to a pub and studiously ignore each other except for glares over the top of pints of good beer.
I believe from the other thread it was clear that most of us are not shy. Introvert and calm, sure, but that's not shy.
-
-
In person.
-
Well, you could get your real life friends to sign up for TDWTF
Some of us don't want our real life friends to know we're here.
-
Some of us don't want our real life friends to know we're here.
Yeah... friends.
Filed under: in other news, I'm now officially living in a basement
-
Filed under: in other news, I'm now officially living in a basement
Can I join you? It's freaking hot! Basements are usually cooler. Usually.
-
-
Some of us don't want our real life friends to know we're here.
Or real life colleagues....
-
My (current) real life colleagues know I come here. But they don't perpetrate too many WTFs. Other than 2300-line queries in SQL Server, that is.
-
That's unnecessary, but definitely sufficient to be in my too many WTFs category.
-
The person in question is basically a DBA by trade anyway, but uses SQL for things for which SQL was never designed. He'd build everything in SQL if he could but realises that he can't do some things in it. Also refuses to learn any other languages.
-
SELECT * FROM table_internet
-
SELECT content FROM internet WHERE host = 'what.thedailywtf.com' AND port = 80 AND resource = '/' AND "content-type" LIKE 'text/html%'
Filed under: SQL is a barrier to content type negotiation
-
Why would you care about text/html% when presumably a content-type is simply text/html in the first place?
-
This post is deleted!
-
The person in question is basically a DBA by trade anyway, but uses SQL for things for which SQL was never designed. He'd build everything in SQL if he could but realises that he can't do some things in it. Also refuses to learn any other languages.
One of my client had an entire routine written using UTL package in Oracle to build xml, call soap service and then send data over.
It just worked Âlike a charm.â„¢
-
Why would you care about text/html% when presumably a content-type is simply text/html in the first place?
It might have a
charset
specified, or some other weird shit. I know too much about this sort of thing.
-
Oh, I see where you're coming from. Fortunately that particular piece of nonsense was fixed in HTML5.
-
Oh, I see where you're coming from. Fortunately that particular piece of nonsense was fixed in HTML5.
Now, if only they could get every browser to about the same point on HTML5 implementation, then we could have a consistent target.
-
I saw WebGL shit running on IE11 on a Windows 8 laptop today. Then again this was a Microsoft presentation so it's possible it wasn't quite legit.
-
Continuing the discussion from Spoilers No Longer Working:
What are you talking about - you've got another 9 hours left....
Gives me an idea for a badge actually.
Just need to make sure I can get the data to verify winning criteria...
So then....
Bronze name: INB4 antepenultimate
Bronze requirements: Managed to get the antepenultimate post within a minute of a topic auto-closing.Silver name: INB4 penultimate
Silver requirements: Managed to get the penultimate post within a minute of a topic auto-closing.Gold name: INB4 ultimate
Gold requirements: Managed to get the last post within a minute of a topic auto-closing.Icon name: fa-clock-o
Multiple awards: Sure, why not.
Can't possibly see this going wrong in any way whatsoever...
-
Pedantic Dickweed of the Most Honourable Order of the Bath
Tweaked a bit, but...
-
Bronze name: WONTFIX
Bronze requirements: Have your thread lockedIcon name: fa-lock
Multiple awards: no (maybe? whatever?)
Again, tweaked. With a bit of maliciousness thrown in to stop too much abuse happening...
-
Bronze name: Script Kiddie
Hmm - forgot about this one - ended up re-creating it:
-
Ok, so this one would be manual, but hey! I guess it would encourage people to report the exploit as a bug so it can be checked. Is that a good thing? Don't know, you decide.
See previous post.
-
Bronze name: Jukebox hero Bronze requirements: Post a YouTube video of a song Icon name: fa-la-la-la-la-la-la-la-la Multiple awards: yes
-
Right - I've just gone through the whole thread thus far, and have added the ones I felt weren't too silly, disruptive or onerous in terms of administration (since I'm likely to be the only one doing any...)
I will not be revisiting any posts prior to this post with a view to getting any more badge ideas, so if you've posted one above that you still think has merit, re-post and re-word in a way more likely to solicit my interest.
I shall continue to monitor the topic from this post on for further ideas.
There is now a (sensibly ordered) list of (most of the) current badges over in the FAQ:
-
The icon name reminded me of
http://www.youtube.com/watch?v=sTSA_sWGM44
-
Pedantry Awards for pedandic dickweedery
I am disappoint. I am trying to nominate existing posts (other than my own, which modesty precludes), but Discurse's broken search returns only 4 results for "pedantic."
-
And two matches on 'pedandic', one above, one as this post
-
You're supposed to flag them as you see them, not go back looking for previous ones
To reduce administration I'll only be keeping track of "recent"* posts - if they start getting too old, the chances of them getting sufficiently more flags is greatly reduced, so there's no point in keeping track of them.