Mr. Burns on the front page? wtf?



  • Is this a new addition to the site I just hadn't noticed before?

    [IMG]http://i.imgur.com/YFnNOm9.jpg[/IMG]



  • the new Discourse forums have provided a vulnerability. the Daily WTF community have used that vulnerability to prove it's existence.

    As for Mr Burns, some time spent on the discourse forums will make you understand





  • I have to wonder — if humanity survives a few more decades, where the IT industry will be, and whether we'll have finally made such bugs obsolete?



  • Personally I don't hit the discourse forums, I find them even beyond WTF and pure evil.
    I present as evidence, Alex was duped, coerced, converted, tortured, or imbibed with ludicrous amounts of alcohol to agree to let a friend of his replace a workable forum software with something less so.
    If this is not true, then we have become the WTF itself as Alex is using the community as the Alpha test site for Discourse bugs because no one else seems to be able to break it like we can.

    It has also come to my attention that the most interesting posters to the forums have also not continued in the discourse forums (note: this does not include myself in the interesting group) but by default of course new people are becoming the interesting posters in thier ability to inject things into the common areas of the site.



  • I thought the Mr. Burns picture was due to a flaw in the Side Bar WTF panel of the website itself, i.e. Discourse is handing out the raw topic title, and the website itself is failing to escape it?



  • That's right, we can't blame Discourse for this one.

    What I find surprising is how these forums seemed to have withered out since Discourse, given the amount of people out there who hate it.



  • Reminds me of a smallish forum I used to visit in the early 00's that used Ultimate Bulletin Board (a fairly popular piece of forum software at the time). While you could easily enable or disable html in posts, it did zero sanitation of thread titles or usernames, and the only way it limited the size of either was through the maxlength property of the input field.  Once you edited that out of the html, you could do anything.  Long story short, the owners were basically absent and not interested in improving the code, and once we all got bored of griefing the everloving f*ck out of the place, we started enhancing the site ourselves (think cornifying, but with pokemon).  Then someone discovered that you could easily hack into the admin functions because the file with the user data was just a csv file and the delimiter character wasn't filtered from new usernames.

    Anyway, I don't post much to begin with, but this new Discourse thing seems to be catastrophically bad



  • @dookdook said:

    Reminds me of a smallish forum I used to visit in the early 00's that used Ultimate Bulletin Board (a fairly popular piece of forum software at the time). While you could easily enable or disable html in posts, it did zero sanitation of thread titles or usernames, and the only way it limited the size of either was through the maxlength property of the input field.  Once you edited that out of the html, you could do anything.  Long story short, the owners were basically absent and not interested in improving the code, and once we all got bored of griefing the everloving f*ck out of the place, we started enhancing the site ourselves (think cornifying, but with pokemon).  Then someone discovered that you could easily hack into the admin functions because the file with the user data was just a csv file and the delimiter character wasn't filtered from new usernames.

    Anyway, I don't post much to begin with, but this new Discourse thing seems to be catastrophically bad

     

     

    Dick-Coarse is barrier to posting.

     



  • @Zecc said:

    That's right, we can't blame Discourse for this one.

    What I find surprising is how these forums seemed to have withered out since Discourse, given the amount of people out there who hate it.

    The logorrheic minority went over there so they could continue to enjoy shouting at each other. Those of us still here have not much confidence that Alex intends to keep this place open. Quite a few people have already sadquit.

    I'm personally pleased to find anybody around here at all. Daiquiri?



  • Sure, bring it on, trains are fucking boring.



  • @serguey123 said:

    Sure, bring it on, trains are fucking boring.

    =(



  • Yeah, slow as shit, (when greyhound gets there 2 hours faster, amtrack should reconsider their schedule), overpriced food (yeah, 2.25 for a soda seems fair), chatty passengers that you have to put up with for hours. The only upside is that seats are very roomy, plenty of leg room, unlike airplanes, lately you have to be a fucking Transformer to fit in their seats.

    There is also the issue of spotty connectivity but the fact that you get no internet in the middle of nowhere is not amtrack fault. Their phone app is awful though.



  • Amtrak run rail services in $WHATEVER_COUNTRY_WE_AGREED_YOU_LIVE_IN?

    The great thing about US rail services is they stop Britain from being at the bottom of the list when it comes to speed and frequency ;-) Plus the last bunch of locomotives we bought from you (or the US, depending on whether you're actually American or not) kept catching fire.

    Unfortunately my interest in trains is also boring ;-)



  • @Daniel Beardsmore said:

    Amtrak run rail services in $WHATEVER_COUNTRY_WE_AGREED_YOU_LIVE_IN?

    They don't, however even I can travel to other countries, it is called tourism, perhaps you heard of it?@Daniel Beardsmore said:
    depending on whether you're actually American or not
    I'm not@Daniel Beardsmore said:
    my interest in trains is also boring ;-)
    something we can agree on



  • @serguey123 said:

    Sure, bring it on, trains are fucking boring.
    Transcend boredom.



  • In replying to your post I discovered that the mobile version of Firefox 31.0 for android crashes hard if I try to reply. Yay!



  • @Daniel Beardsmore said:

    The great thing about US rail services is they stop Britain from being at the bottom of the list when it comes to speed and frequency ;-)

    Where's the Like button?...



  • Eaten by badgers on the line at Basingstoke.



  • @flabdablet said:

    The logorrheic minority went over there so they could continue to enjoy shouting at each other.

    Not really, most of the rage-whiners just quit, full stop. A certain one is over there, but the volume of his posts has come down since there's no echo chamber.





  • @KattMan said:

    Personally I don't hit the discourse forums, I find them even beyond WTF and pure evil.
    I present as evidence, Alex was duped, coerced, converted, tortured, or imbibed with ludicrous amounts of alcohol to agree to let a friend of his replace a workable forum software with something less so.
    I went over to the Discourse side a couple of times and couldn't believe how terrible it is.  Creating something worse that Community Server is quite the accomplishment.. 

    At the very beginning Blakeyrat said two things, and it pains me greatly to agree with anything he says, but he was right. First, why did Alex ask our opinion of Discouse when he obviously had already made up his mind that he was going to use it no matter what.  And second, its not a matter of not liking it because it's "different".  Discouse is fundamentally broken.

    During the short time I spent on the dark side, I was surprised at the number of bugs they were trying to fix.  And this is a product which Jeff Atwood claims has 50+ paying customers.. When I saw the post where Jeff said there is no HTML, Discouse renders the entire page in Javascript, I left and never went back.  The fact that Jeff Atwood is a major douchenozzle may have been a factor also.

     Oh well, nothing lasts forever.





  • @El_Heffe said:

    You need to log in to see that topic.

     

    Keep people out.  Nice touch.

     

    Again, this isn't Discourse's fault. This post was moved (for good reason*) to a category visible only to users with a minimum trust level.

    It's a category which was created specifically for abuse, by the way.

     

    * "It's better than nothing" is a valid reason.

     



  • @El_Heffe said:

    You need to log in to see that topic.

     

    Keep people out.  Nice touch.

    It was moved (by the author of the OP) from a public category to what is essentially a category for testing/abuse that deliberately requires a login to stop google (and casual browsers) from searching because most of the stuff in there is of no interest to almost everyone.



    A case could be made that it perhaps should have gone into (say) Meta instead, but it's not being deliberately hidden.



  • @PJH said:

    it's not being deliberately hidden.

    I'm not sure I completely agree.@PJH said:
    a category for testing/abuse that deliberately requires a login to stop google (and casual browsers) from searching because most of the stuff in there is of no interest to almost everyone.
    Except possibly black-hats. Some of the testing/abuse in that category has found, or at least has the potential of finding, stuff that could be exploitable. Naturally, there is a desire to keep that non-public, at least until it's fixed. OTOH, it takes really minimal effort for a potential black-hat to gain the trust level needed to read that category, so I just defeated my own argument. Whatever.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.