No they didn’t, this is just a CVS receipt.
A lesson in Input Validation
Submitted 10 months ago by The_Picard_Maneuver@startrek.website to [deleted]
https://startrek.website/pictrs/image/b831d88a-ab5b-43e8-9a83-469ad6128fbf.jpeg
Comments
Okokimup@lemmy.world 10 months ago
FlyingSquid@lemmy.world 10 months ago
Are you sure? It doesn’t look long enough to be a CVS receipt.
JustARegularNerd@lemmy.world 10 months ago
What you can’t see is that’s only about 6% printed
Toes@ani.social 10 months ago
Oh this reminds me when people discovered all the printers at school were available on the WiFi
Potatos_are_not_friends@lemmy.world 10 months ago
That’s incredible.
Then again, school IT jobs are often given to “my nephew who is good with computers”, because the pay is often half compared to the private sector.
user224@lemmy.sdf.org 10 months ago
One teacher told us that once an IT technician at our school built the network, connecting 2 school institutions with ~7 buildings using only hubs. That network was apparently almost unusably slow, which isn’t surprising.
xpinchx@lemmy.world 10 months ago
I have a friend that does IT/networking for a school district and he makes bank, YMMV.
user224@lemmy.sdf.org 10 months ago
And not just printers. There may or may not also be a few Wi-Fi APs with login details admin:admin. And there also may or may not be many computers with RDP enabled without password. And those that have some password may or may not re-use the same short password for Administrator account. There also may or may not be SMTP server, though unfortunately in my case it doesn’t allow using it so send e-mails outside the network. It returns “Relay access denied” error.
betterdeadthanreddit@lemmy.world 10 months ago
If it makes you feel any better, before the days of ubiquitous wi-fi, printers on wired networks in my school were about as easy to discover and use from a distance. FTPing a text file to one would start a print job for that file and it would be trivial to mash together that information plus a list of printer addresses for the entire district network (courtesy of nmap).
This information was certainly never put to use.
21Cabbage@lemmynsfw.com 10 months ago
My school had a level of security on their printers…and also a shitload of hackers. Like, the IT department was reporting vulnerabilities discovered by the students to Apple amount of hackers.
Maggoty@lemmy.world 10 months ago
My high school had a level of security too. The same password on every work computer in the school.
Amazingly, I never resorted to changing grades. However logging into the admin account to play games instead of the 1,358th typing class was definitely on the menu.
rob_t_firefly@lemmy.world 10 months ago
I know that school, they have a pool on the roof.
originalucifer@moist.catsweat.com 10 months ago
my brain is churning through char limits... i just cant believe it would be large enough through multiple systems..but then, i dont know the char count of the script, compression techniques used, encapsulation etc.
programmer_belch@lemmy.dbzer0.com 10 months ago
It can just fetch the information one line at a time like a printing machine. I don’t think the receipt machine has that much memory to hold everything
wren@sopuli.xyz 10 months ago
The script is ~55k characters long, depending on the source. This transcript includes who is saying the line, as well as descriptive elements of the story, so the actual ‘words only’ version will be a bit shorter. From what I’ve seen, though, most of transcripts have these non verbal inclusions, so the person who added it to the special instructions likely copied those over as well.
I can’t speak to the other points, but allowing 55k characters is definitely wild.
Maddie@sh.itjust.works 10 months ago
Beautiful
nightwatch_admin@feddit.nl 10 months ago
Magnificent even
mp3@lemmy.ca 10 months ago
Anon would be proud
owenfromcanada@lemmy.world 10 months ago
I bet it was that Bobby Tables fella
MightyGalhupo@lemmy.world 10 months ago
I still can’t believe it’s been around 15 years
FlyingSquid@lemmy.world 10 months ago
And he still hasn’t graduated!
tslnox@reddthat.com 10 months ago
That guy’s everywhere!
rob_t_firefly@lemmy.world 10 months ago
Somebody once told me, unsanitized input’s gonna roll me…
BigBlackCoffee@lemmynsfw.com 10 months ago
That’s what she said.
ReiRose@lemmy.world 10 months ago
Said the actress to the bishop
Corkyskog@sh.itjust.works 10 months ago
I would be a little afraid of eating my order after that.
YoorWeb@lemmy.world 10 months ago
It depends, if the employer doesn’t treat his staff well, they’d give you extra portion.
afraid_of_zombies@lemmy.world 10 months ago
I do hope when someone reads about a Christian Nationalism lawsuit going on they don’t find out what law office is representing the guy who wants to hurt gay people. Then find the fax number on their site, go get a temp email at all the free sites that provide it, go to a send fax over the Internet site, and send them long faxes.
Railing5132@lemmy.world 10 months ago
An old trick you could do on old physical fax machines was to tape a couple of sheets of black construction paper together, feed them into the machine and tape them into a loop. Dial your special person and burn through all their toner. Of course, now it would just generate a bunch of emails.
Agent641@lemmy.world 10 months ago
Black fax - such an effective remote physical attack that fax companies had to actually hard-code a defence against it, to not print pages where there would be enough ink or toner dispensed that it could damage the machine or be a fire hazard
ouRKaoS@lemmy.today 10 months ago
Ahh, yes, the Infinifax™
I may have once pulled this with the Banana knock knock joke. Ran their machine out of paper.
AlecSadler@sh.itjust.works 10 months ago
I…never thought of this, thank you for the idea.
AnUnusualRelic@lemmy.world 10 months ago
What kind of idiot doesn’t check for the Shreck script when validating input? Bunch of amateurs.
eco_game@discuss.tchncs.de 10 months ago
Yooo this reminds me, I think there was an AITA on reddit some time ago about a guy who burned down a Pizza place due to putting the entire bee movie script in a message box
afraid_of_zombies@lemmy.world 10 months ago
Ok my copier story. We had a copier room in my high school with a little window in the door. I put a black sheet of paper on it, set it to copy 999 times, locked the door from the inside, then walked away. Turns out no one knows where the key was to the little copier room. I got caught and was punished. The end.
Honytawk@lemmy.zip 10 months ago
How many did it print?
get_off_the_phone@sh.itjust.works 10 months ago
Why do most of the comments in this thread match exactly with the comments in the linked reddit thread?
GrundlButter@lemmy.dbzer0.com 10 months ago
We’re not really that unique. We’re not consciously or likely even unconsciously referencing that thread or others like it. We’re just coming to the same witty conclusions those before us did.
Even your comment comes up every time there’s a similar thread or experience. Mine too.
Happy New Year, btw.
WeirdAlex03@lemmy.zip 10 months ago
raynethackery@lemmy.world 10 months ago
Great. Now I have to walk my ass down to the print pool.
EmperorHenry@discuss.tchncs.de 10 months ago
I would’ve put the super uncut extended edition of all three lord of the rings movies
Lunachocken@iusearchlinux.fyi 10 months ago
Why not entire txt files containing several hundred random characters such that the entropy is high enough compression is useless >:) but maybe it’s preferred.
EmperorHenry@discuss.tchncs.de 10 months ago
I don’t know what you’re talking about, I suggested the uncut extended LOTR trilogy scripts because each of those three movies are over 4 hours long.
Ad4mWayn3@lemmy.world 10 months ago
Set a character limit. Easy. A maximum reasonable length considering the attention span and efficiency of an employee to grasp such information if required should do the job
HikingVet@lemmy.ca 10 months ago
At least it’s not war and peace.
conditional_soup@lemm.ee 10 months ago
My God, it’s shrexcellent.
Seriously, though, it’s 2023 and big corporates are still out here with no input validation?
JakenVeina@lemm.ee 10 months ago
“Hey, there, this is Josh, with Let’s Game it Out!”
ryan@the.coolest.zone 10 months ago
"client side validation is fine, nobody's gonna open up the dev console"
bdonvr@thelemmy.club 10 months ago
Bold of you to assume they even thought about it