YouTube WTF



  • There was a thread a little while back about why login scripts don't tell you if you at least got the username right; they only say "invalid login".  In that tradition, YouTube does the same.  For the 50th time, I was linked to a video that said the content may be inappropriate and that I would need to be logged in to view it.  I know I'd encountered that message before, but couldn't remember if I actually bothered to sign up.  I tried my common user/pass combos but couldn't get logged in, so I tried entering my e-mail address into the "forgot username" link and got this message:

    If this email exists in our system, you will receive an email with your username


    Ok, so they don't want to tell you if you've hit upon a registered e-mail address, either.  Weird, but Ok.  I check my e-mail, and sure enough, there's a message from YouTube waiting for me.  It reads, in full:

    Your YouTube username
    service@youtube.com

    YouTube™ – Broadcast Yourself

    The following YouTube username is attached to this email address: . We hope this helps.

    Thanks for using YouTube!

    — The YouTube Team

    To change or cancel your email notifications, go to your email options.

    Copyright © 2006 YouTube, Inc.


    Well, I have to admit: If I were a hacker I would be thoroughly confused (just like anybody else using their system).



  • BugMeNot - Bypass compulsory Registration


    Very useful for sites like YouTube (or TDWTF) that require logins for no reason.



  • YouTube may not have a very good reason to require a login, but forums certainly do.  I once saw a discussion about BugMeNot that had who knows how many people posting as the same user.  Not exactly readable.



  • Forums actually don't have any real reason for requiring people to register and log in. Just giving a name should be enough, if that is even neccesary. Forums like 2channel (Where most people never enter a name anyways, even though they could) prove that anonymous forums work very, very well.



  • [quote user="halcyon"]Forums actually don't have any real reason for requiring people to register and log in. Just giving a name should be enough, if that is even neccesary. Forums like 2channel (Where most people never enter a name anyways, even though they could) prove that anonymous forums work very, very well.
    [/quote]

    I'm a global moderator at a fairly popular active forum (Currently sitting on 3,400 members and about cumulative 215,250 posts).
    In terms of administration, registration can make the job easier to keep no-gooders out.

    You get people who, if they aren't accepted by the general community because they are total tossers, try to post in other people's names, and generally post shit all over the forums. You get spambots posting page-long ads for garbage you'll never want. We've even had a "stalker" of sorts. All that kinda stuff.

    Requiring registrations and manually approving new ones (which only takes a a minute each day) is a fairly sound way of avoiding all of that shit. And then, if something does go up the creek you can just delete that person's account and never have to worry about them again - you know what e-mail address they might use to try and register a different account, you know their IP range (assuming they're not using AOL), and if they manage to slip through, you just delete them again.



  • Looks like their users' email addresses are in one table and the usernames and passwords are in another. Something orphaned a row somewhere, so its trying to assemble a message with some nulls instead of the username and password.

    Of course this begs the question: why would email addresses need to be in a separate table? 



  • [quote user="Vector"]I'm a global moderator at a fairly popular active forum (Currently sitting on 3,400 members and about cumulative 215,250 posts).
    In terms of administration, registration can make the job easier to keep no-gooders out.

    You get people who, if they aren't accepted by the general community because they are total tossers, try to post in other people's names, and generally post shit all over the forums. You get spambots posting page-long ads for garbage you'll never want. We've even had a "stalker" of sorts. All that kinda stuff.

    Requiring registrations and manually approving new ones (which only takes a a minute each day) is a fairly sound way of avoiding all of that shit. And then, if something does go up the creek you can just delete that person's account and never have to worry about them again - you know what e-mail address they might use to try and register a different account, you know their IP range (assuming they're not using AOL), and if they manage to slip through, you just delete them again.
    [/quote]

    Tripcodes and/or secure tripcodes, simply hashes of something you enter on the page, get rid of people impersonating other people (The secure ones are salted with different salts per board).

    For spambots, there's simple spamtraps (That will easily keep general-purpose spambots out) and captchas, if necesary.

    How would registration keep no-gooders out anyways? 15-Year old bored trolls with nothing else to do than to annoy people in online forums have enough time to register anyways, multiple accounts if neccesary, via TOR or loads of proxys. People who might actually have something to contribute, on the other hand, might decide to not post because they can't be bothered to go throuh a registration procedure, which might even take hours to be finalized.

    This type of board works pretty well for 2channel, which is community-moderated and gets ~2.3 million posts per day - http://stats.2ch.net/suzume.cgi?yes .
     

    (Better article about 2chlike boards: http://wakaba.c3.cx/shii/shiichan )



  • Don't forget 4chan - their largest board, /b/, gets so many posts that they have to delete them every couple hours to avoid over-loading the server. The entire site has no forced registration, and /b/ itself doesn't have names or tripcodes at all.



  • [quote user="bugmenot"]Don't forget 4chan - their largest board, /b/, gets so many posts that they have to delete them every couple hours to avoid over-loading the server. The entire site has no forced registration, and /b/ itself doesn't have names or tripcodes at all.
    [/quote]


    Actually, that's just a side effect of our script - the post purging happens on every board to keep things from getting stale (and save disk space, obviously).



  • [quote user="bugmenot"]Don't forget 4chan - their largest board, /b/, gets so many posts that they have to delete them every couple hours to avoid over-loading the server. The entire site has no forced registration, and /b/ itself doesn't have names or tripcodes at all.
    [/quote]

    4chan is big, but 2channel (Which is NOT an imageboard, btw, 2channel is text-only) or Futaba (Which is an imageboard, 4chan's script was modeled after Futaba's script) are bigger. _Much_ bigger.

    Also, /b/ isn't exactly something you'd want to show people when talking about discussion boards ;) .


     


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.