At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores et quas molestias excepturi sint occaecati cupiditate non provident, similique sunt in culpa qui officia deserunt mollitia animi, id est laborum et dolorum fuga. Et harum quidem rerum facilis est et expedita distinctio. Nam libero tempore, cum soluta nobis est eligendi optio cumque nihil impedit quo minus id quod maxime placeat facere possimus, omnis voluptas assumenda est, omnis dolor repellendus. Itaque earum rerum hic tenetur a sapiente delectus, ut aut reiciendis voluptatibus maiores alias consequatur aut perferendis doloribus asperiores repellat.
if what workeeD?
I have no name
i noticed..that odd...check all the other ambassadors.
No no, I made this account with no name. My SWAG account is fine.
oh ok then ...got it lol ... well i cant see my smart score i cant see my messages unless i go to my profile idk y tho.
Did you type in a normal name to register with or use special characters?
I dont know I just looked something up and pasted this
theres nothing? you posted nothing ?
@joannaxox3 Exactly & No one can see their stuff at the moment
@.. wel i cant put your name cuz you got nun ...yes i cant see my stuff well my messages
alt + 255
what does alt+255 do?
Just to verify this was me
oh well my computer does this ringing sound when i push that .
You're using a Unicode character that essentially indicates, “INVISIBLE SEPARATOR”: http://www.fileformat.info/info/unicode/char/2063/index.htm . Because it isn't typically considered whitepsace, stripping a given string doesn't necessarily remove it.
We explicitly chose not to enforce on the server length limits to usernames because long usernames don't harm the system to our knowledge. We're still not convinced that was what affected things a little while ago. Likewise, we explicitly chose not to filter characters. That was because we wanted to allow you folks the expressive power of being able to use unicode characters in your usernames, and because in order to properly avoid all of the username duplication attacks and other such issues that can be caused with unicode, we'd have to eliminate large spans of that possibility. That said, we may start automatically stripping invisible separator characters during username submission.
I see, well this is very interesting. Thank you Shadow.
@shadowfiend Interesting! Then how comes when I hacked the client-side in this manner, it went down each time ?
@shadowfiend I agree that invisible characters are not resposinble for bringing it down, but you should still remove them, because users can pretend to be other users by appending them. I programmed a simple thing to patch the bug in PHP for you: http://pastehtml.com/view/cu5clntb0.html I still think that I may have been reposonsible for taking OS down because of some of my client-side calls, but maybe not...
No, Sean, you're not. You look silly. Stop embarrassing yourself.
A couple of things: (1) I've not completely ruled out that those actions are bringing the server down, since I don't know what the client-side actions are. (2) I will go so far as to repeat myself, since you apparently didn't read my reply: “Likewise, we explicitly chose not to filter characters. That was because we wanted to allow you folks the expressive power of being able to use unicode characters in your usernames, and because in order to properly avoid all of the username duplication attacks and other such issues that can be caused with unicode, we'd have to eliminate large spans of that possibility. That said, we may start automatically stripping invisible separator characters during username submission.” And, last but not least, we don't use PHP, thank goodness. We use Scala and the Lift framework. That said, your PHP snippet has an htmlspecialchars escaping call that is somewhat orthogonal to the purpose of the snippet.