As shown in the past, I'm perhaps a bit too obsessed about finding Easter eggs on Hubski. That's because I know they are there, and once more I got a proof that "the truth is out there". ;)
Go to any post. Literally any will work, but here is a one chosen at random with a simple python script. Nice feature request from about two years ago.
Now, check this out!
Look at the addresses. Simply switching /pub/ to /print/ makes it printer-friendly. :D
However, this also comes with a minor bugski: it's not listed under robots.txt so it could be abused in some way (and also a reason why I didn't find it much sooner). I have confirmed that it can't (EDIT: thanks, cgod! Just for the future reference - the negative was here, I'm making it bold to avoid misreading-related problems) be used to, for instance, read someone's private messages or deleted posts/drafts, but I do feel that 'forgotten' features like this one could use some attention.
EDIT: It doesn't seem to work any longer. Bit shame, but it's perhaps for the better.
EDIT2: And now it works again? Stop messing with my head! :P
mk thenewgreen rd95 Seems like Devac is saying he has found a way to read people's private mail, please lock this down before someone gets hurt. Devac, please delete this post before something bad happens to someone if you have really found a way to read PM's.
No, no. I have confirmed that it can't be used in such way. Although I did find a way to do so about half a year ago, which mk had fixed in under an hour if memory serves. Sorry if my writing wasn't clear. EDIT: By the way, while I do sincerely appreciate your response and fast acting, for the future reference please assume that I'm not that irresponsible ;). When/if I find a security problem mk is informed about it ASAP via private message. I wouldn't make a friggin post with a guide on "how you can breach someone's privacy" and make it public like that. I know what I'm doing. ;)
People put a lot of personal stuff in PM's, so if you think you have found a way to get into them or even part of a way message someone who's in charge with the details. Please don't post it for other people to put together their ruin someone's life kit.
Unless I'm coming in too late and there's been multiple edits since, I think its been clear that protocol in such a case has been dealt with in the way you've described. Seeing as both Devac and I have done so, I think it's safe to have hope that Hubskiers wouldn't do that. :)
There were no unmentioned (by me, but I don't recall changes to cgod's posts) edits other than correcting stylistic mistake (missing comma, repeated words like "be used be used"). Plus, in all honesty, if I would ever want to do anything malicious, I would just do it. I have even told so to mk during the correspondence half a year ago that I'm happy he didn't: 1) ignore me completely (like a few website owners before, this included a fairly large electronics store in Czech Republic where I had accidentally obtained access to credit card info of their customers). 2) threaten me with authorities for 'obvious' hacking attempt (their proof was a private message where I have carefully explained how I found an exploit and how they can recreate it. You know, like any true '90s attacker would do to help them seal the breach to give myself a challenge). Since I feel like I'm digging a hole for myself… mk - if this thread will go south, would you mind vouching for my side of the story? :P
Thank you! Sorry to bother you, but as mentioned earlier I did have some nasty experience and accusations before. Regarding 'fixing': side of that robots.txt remark in the original post there's nothing that I would call a bug or problem. I'll repeat that switching /pup/ to /print/ did not grant me any additional access when testing with a different browser where I wasn't logged in (and frankly I made the test before and after purging history and cache , just to be sure (EDIT: changed the sentence because I have realised that it's not the same logical sense as previous "it had its cache and history purged before and after making the test", sorry)). Although while I have your attention, I made another discovery: When I was looking at the homepage I have noticed this under my post: What's weird, is the fact that there is no post by am_Unition. However, after going forward to the post link, it turned out to be private. My logic is that the information about someone making a draft can be accessed in this way. Hardly what you would call as security concern, but it did hit me as odd.
Let the records show that yes, it was a draft. Devac: I had also begun to type a paragraph about what I knew about Mach, but I was two sentences in by the time I hated it. I'm just too busy right now to really contribute much around here :(.
And thus I am correct, thanks for confirming my idea. About the drafted response, I get that. I know that you don't really have the time to be here often, which did not go unnoticed by the way, but I will shamelessly ask you to get back to it when your rush will end. Even if it would be years from now, I'm still going to be curious about what you wanted to say. ;)