On a related note, I got a pleasent surprise when I opened the Developer Console on Facebook.com: they present you with a giant red warningp[1] and block any code execution in it until you explicitly 'allow [your] account to be hijacked if I paste malicious Javascript'[2]
By the way, we're going to penalize April Fools' jokes tomorrow so that they fall off the front page quickly. This isn't new, but we're going to be more systematic about it. The April 1 tech thing has become stale. If you guys see April Fools stories that we miss, flag them unless they're really particularly good.
People complain about HN's humorlessness, and they're right to a point. The trouble is that with a culture of humor comes a flood of lame humor. HN wants to optimize for intellectual curiosity, which wants higher signal/noise ratio. It's not that we're killjoys—we like jokes and laughing—it's that the signal/noise problem is hard.
One of my favourite ways to punish JavaScript developers who don't use `var` is to randomly hide a
if (false) {
var GLOBALVAR;
}
somewhere in the code.
It's fun (in a harmless fun kinda way, but you can also use some really dirty tricks to really hamper someone's work) to fuck up people's code - that's why I wrote Underhanded JavaScript. :P
EDIT:
Another fun one is to add `return`s to constructor functions.
I did something similar in high school. You dropped a file named "System.java" into a Java project, which then intercepted all calls to System.out.println() and, for example, printed the text backwards, very slowly, or googled the text in Firefox:
A silly prank, but it makes me wonder: has anyone implemented an antivirus/anti-problem scanner for open source code? i.e. scan the source code on a git repository and report any suspicious code that matches known malicious patterns? Lint, but targeted at detecting likely security flaws and code injections.
Sounds incredibly resource intensive. First, the sheer number of "open-source" projects which grow whenever someone has a new idea or some frustration with an existing solution. I guess you could try to limit the tool to a list of established projects but that of course limits the effectiveness of what you're trying to do. Established projects may be more attractive as a delivery vector due to widespread adoption, but there's also more eyes looking at the code giving a potentially higher chance of discovery of any exploits. And new projects have less-deployment and potentially more active contributors who might more easily catch some exploit slipped in.
Then there's the problem that you've got how many languages you need to scan against? And no quick way to determine what language a project is implemented in? Sure, you could add some sort of language detection in there but then you're adding to the overhead.
Finally, if the project has any sort of real complexity, some of the best areas to exploit would be in the integrations between two technology surfaces. Writing a tool to look for problems in a single contained module is one thing, writing a tool that can find problems in the interfaces between modules is quite a bit more complicated.
I think your "anti-problem" scanning tool would be the best avenue to pursue though. Maybe some sort of tool that would run on "checkin/pull-request" and look for issues like introduced buffer-overflow potential and things like that.
I think it's just easier to rely on solid projects with "known" contributors to police themselves and hope for the best, as bad as that may sound. Still, if you could create such a tool you'd make a fortune and improve the world immensely, so don't let my nay-saying stop you.
Yes kill your coworker's productivity by making her or him even more miserable when dealing with a bug. If you did this and I was your manager, at worst you'd end up on a PIP. If you want conduct a prank do something that doesn't frustrate the work they're paid to do.
Making the text print out in reverse is cute because they should be expected to have a "WTF?" second and then move on. I would expect that messing with the printed order of elements would backfire badly.
[+] [-] madeofpalk|12 years ago|reply
[1]: http://i.imgur.com/6UVaTen.png
[2]: https://www.facebook.com/selfxss
[+] [-] hashx|12 years ago|reply
http://stackoverflow.com/questions/21692646/how-does-faceboo...
[+] [-] moron4hire|12 years ago|reply
BTW, that warning is starting to drive me nuts.
[+] [-] dang|12 years ago|reply
People complain about HN's humorlessness, and they're right to a point. The trouble is that with a culture of humor comes a flood of lame humor. HN wants to optimize for intellectual curiosity, which wants higher signal/noise ratio. It's not that we're killjoys—we like jokes and laughing—it's that the signal/noise problem is hard.
[+] [-] chewxy|12 years ago|reply
It's fun (in a harmless fun kinda way, but you can also use some really dirty tricks to really hamper someone's work) to fuck up people's code - that's why I wrote Underhanded JavaScript. :P
EDIT:
Another fun one is to add `return`s to constructor functions.
[+] [-] watwut|12 years ago|reply
I do not want to work in environment where people feel that it is appropriate to routinely "punish" colleges by making them waste time like this.
[+] [-] danielweber|12 years ago|reply
[+] [-] mathias|12 years ago|reply
Also note that `string.split('').reverse().join('')` is not a very good way to reverse a string in JavaScript. See http://mathiasbynens.be/notes/javascript-unicode#reversing-s...
[+] [-] cfj|12 years ago|reply
[+] [-] chewxy|12 years ago|reply
[+] [-] clux|12 years ago|reply
[+] [-] blinry|12 years ago|reply
https://github.com/blinry/fake-java-println
[+] [-] ijk|12 years ago|reply
[+] [-] willvarfar|12 years ago|reply
I've received a few such emails. Its a good way to market developer tools.
[+] [-] wavefunction|12 years ago|reply
Then there's the problem that you've got how many languages you need to scan against? And no quick way to determine what language a project is implemented in? Sure, you could add some sort of language detection in there but then you're adding to the overhead.
Finally, if the project has any sort of real complexity, some of the best areas to exploit would be in the integrations between two technology surfaces. Writing a tool to look for problems in a single contained module is one thing, writing a tool that can find problems in the interfaces between modules is quite a bit more complicated.
I think your "anti-problem" scanning tool would be the best avenue to pursue though. Maybe some sort of tool that would run on "checkin/pull-request" and look for issues like introduced buffer-overflow potential and things like that.
I think it's just easier to rely on solid projects with "known" contributors to police themselves and hope for the best, as bad as that may sound. Still, if you could create such a tool you'd make a fortune and improve the world immensely, so don't let my nay-saying stop you.
[+] [-] tootie|12 years ago|reply
[+] [-] Trufa|12 years ago|reply
I once did a similarly annoying chrome extension just for fun: https://chrome.google.com/webstore/detail/annoying-typo-gene...
Randomly generates typo in inputs and text boxes.
Side note: Mihai, since I know you will be reading this, watch out if your arrays in LRTF are upside down ;)
[+] [-] sz4kerto|12 years ago|reply
.. but in reality, I had a serious issue with Qt once: #ifndef TRUE #define TRUE true #define FALSE false #endif
Now this screwed up some other library's similar definitions...
[+] [-] luch|12 years ago|reply
My favorite (C++) : #define private public
[+] [-] ceedan|12 years ago|reply
[+] [-] mholt|12 years ago|reply
(C, obviously)
[+] [-] ultimatedelman|12 years ago|reply
[+] [-] rquantz|12 years ago|reply
[+] [-] yukichan|12 years ago|reply
[+] [-] TomSawyer|12 years ago|reply
[+] [-] lscott3|12 years ago|reply