[Rant] Moral: Expectations lead to disappointment.

Started by hapless, August 05, 2009, 05:39:56 PM

Previous topic - Next topic

hapless

So I was sitting here, watching the ever-changing Who's Online page, when one of the Guests - presumably a googlebot - has dug up an old thread with a name that immediately gained my attention. So, I've skimmed through it, and got an (apparently valid) impression that those pages are still hidden.
Obviously I have too much free time... let the hunt begin! Anyway, a lot of people in the thread had heavy trouble locating them, so I expected a bit of a challenge, at least... and that was my mistake. They weren't even trying to hide... 20 minutes was enough to stumble upon the right pages.

*sigh*

Obviously, Honoured Moderators don't need my permission for anything... but here goes: If I said too much, or the topic's too pointless, feel free to edit and/or delete this post. I simply had to rant a bit, and shouting late at night isn't a very good idea.

//h

EDIT: Moved? Well, it IS DMFA-related, true... *chants*: "The Mod Knows Better Than Me... The Mod Knows Better Than Me... The Mod Knows Better..."
Chaosnet device not responding - check breaker on the Unibus

Sofox

It's like a lot of puzzles in adventure games. You'll hear one gamer complaining that he couldn't get it for hours and it was frustrating and illogical, while another gamer got it on the first go like it was the most logical thing in the world.

Corgatha Taldorthar

And just how do you know you managed to find them all?  ;)
Someday, when we look back on this, we'll both laugh nervously and change the subject. More is good. All is better.

hapless

Well, the general opinion back then was that there were two pages... have I missed some later event that increased the amount?
//h
Chaosnet device not responding - check breaker on the Unibus

techmaster-glitch

Quote from: hapless on August 05, 2009, 05:55:54 PM
Well, the general opinion back then was that there were two pages... have I missed some later event that increased the amount?
//h
...yeah. If I recall, the are now at least 5.
Avatar:AMoS



Keleth

I have yet to actually find them, then again I know nothing about where to begin ;)

So for now, I'm content to know they exist out of my eyes.
Help! I'm gay!

Aisha deCabre

Quote from: techmaster-glitch on August 05, 2009, 05:58:05 PM
Quote from: hapless on August 05, 2009, 05:55:54 PM
Well, the general opinion back then was that there were two pages... have I missed some later event that increased the amount?
//h
...yeah. If I recall, the are now at least 5.

I still believe there's only 3.  I searched -everywhere- but the archives, including the source pages.  I think someone was just trying to mess with our heads.
  Yap (c) Silverfoxr.
Artist and world-weaver.

hapless

#7
Quote from: techmaster-glitch on August 05, 2009, 05:58:05 PM
Quote from: hapless on August 05, 2009, 05:55:54 PM
Well, the general opinion back then was that there were two pages... have I missed some later event that increased the amount?
//h
...yeah. If I recall, the are now at least 5.
Sweet. I guess they're hidden by some different technique... now I have something to do... maybe even for years if you're kidding.

Quote from: Aisha deCabre on August 05, 2009, 06:03:00 PM
I still believe there's only 3.  I searched -everywhere- but the archives, including the source pages.  I think someone was just trying to mess with our heads.
"Someone"?

//h

APPEND: Ok, either the third one is done in a different way, or I'm somehow avoiding the right point of reference... Thanks again, that's gonna take some time :)
Chaosnet device not responding - check breaker on the Unibus

Naldru

#8
I have been assured by somebody who should know that there are only three secret pages.  I found three, and all I will say is that they are not in the archives.

Edit:

The same message said that the other two were made up by a certain somebody.
Learn to laugh at yourself, and you will never be without a source of amusement.

llearch n'n'daCorna

So... how do you know the person assuring you was telling the truth?

Just idly interested, here. I'm happy to have found all five pages, so...
Thanks for all the images | Unofficial DMFA IRC server
"We found Scientology!" -- The Bad Idea Bears

Forycles

Um... rapidly changing username... :erk

Yeah, I really need to see that therapist.

Past that, I've only found one, and I technically didn't even find it. I was linked to it(not on this forum).

Fibre

Quote from: llearch n'n'daCorna on August 05, 2009, 07:12:14 PM
Just idly interested, here. I'm happy to have found all five pages, so...
All five? There are at least 8 hidden pages that I've located.

hapless

Quote from: Fibre on August 05, 2009, 10:13:17 PM
Quote from: llearch n'n'daCorna on August 05, 2009, 07:12:14 PM
Just idly interested, here. I'm happy to have found all five pages, so...
All five? There are at least 8 hidden pages that I've located.
Argh. Argh, I say.
I forgot that pain and confusion are favourite dish around here... with freshly slain noob on close second place.
//h
Chaosnet device not responding - check breaker on the Unibus

Keleth

Help! I'm gay!

Scarydragon

Great. Now I'm going to go insane trying to find more hidden pages. 2 down, ? more to go...  :U
A Scarydragon approaches!

  [Attack]
>[Word Play]
     [Sarcasm]
     [Innuendo]
     [Backwards Logic]
     [Puns]
   >[Sarcasm]
  [Procrastinate]
  [Item]

Mao

It's fun to watch this topic keep coming back up.  No really.

hapless

#16
Quote from: Mao Laoren on August 06, 2009, 08:27:16 AM
It's fun to watch this topic keep coming back up.  No really.

I'd say "Sorry. Forgive me."... but I wouldn't forgive myself if I was you.
Anyway, got third one. X to go, where X is an integer in < 0 ; +Infinity ) range.

//h(ow can I be sure?)

ed: Corgatha, Sir, that's what I meant...
Chaosnet device not responding - check breaker on the Unibus

Corgatha Taldorthar

Someday, when we look back on this, we'll both laugh nervously and change the subject. More is good. All is better.

Naldru

The most authoritative voice would probably be if Amber went and said that there are x number of hidden pages.  After all, it's possible that there could be several hidden pages that haven't been found by anybody.  Wouldn't that be a shock to certain people.

Other than that, I suppose that the next best thing would be to analyze the posts to see which can be trusted.  One approach is to use the scientific method  of creating hypothesis and then testing them against the posts.  For example, one can make the assumption that there are multiple people who have found all or all but one of the hidden pages.  Based on this hypothesis, people claiming to have found several more hidden pages than anybody else would be automatically suspect.  Unfortunately, not all problems of this type are as simple as the "All green men always lie and all blue men always tell the truth" group of problems.  However, the old standby of motive, means, and opportunity is always a good framework within which to place such investigations.

With regard to the methods of hiding pages, there are a number of techniques.  Using php (which is used on this site), I could create a page that will only appear if the user goes to a specific page in the archive, then clicks on Demonology 101, and then clicks on Cast from the page that then appears.  Given over a thousand pages in the archive and eight tabs at the top of the page, this would yield over fifty thousand combinations that would have to be tested.  (I could also arrange it so that the page would only appear on alternate Tuesdays to make things even more difficult.)  Since the php code is not passed to the browser, analysis of the HTML source would not be useful. I believe that Amber would consider this cheating, and I would not expect such a technique to have been used. 

In the final analysis, there are individuals who will attempt to frustrate other readers by posting false and malicious information.  With regard to dealing with such individuals, I see only one suitable approach.
:mob
Learn to laugh at yourself, and you will never be without a source of amusement.

hapless

#19
Serious, scientifically worded answer? In MAH topic?
*implodes*

Of course, such convoluted thig is possible. But as the path becames more complex, the probability of finding it decreases. Above some level of complication there's no way left other than a script-assisted brute-force exploration of all available paths.

Fortunately, at least until the planned-for-oh-so-long-time upgrade happens (and yes, Amber, I completely understand your pain of having to adjust the next-arc ponters by hand), PHP seems to be used for not much more than the header portrait and equivalent of #include. I have some ideas to try... :)

//h(ave a nice night)
Chaosnet device not responding - check breaker on the Unibus

llearch n'n'daCorna

Quote from: Naldru on August 06, 2009, 06:08:17 PM
With regard to the methods of hiding pages, there are a number of techniques.  Using php (which is used on this site), I could create a page that will only appear if the user goes to a specific page in the archive, then clicks on Demonology 101, and then clicks on Cast from the page that then appears.  Given over a thousand pages in the archive and eight tabs at the top of the page, this would yield over fifty thousand combinations that would have to be tested.  (I could also arrange it so that the page would only appear on alternate Tuesdays to make things even more difficult.)  Since the php code is not passed to the browser, analysis of the HTML source would not be useful. I believe that Amber would consider this cheating, and I would not expect such a technique to have been used. 

Out of interest, could you show me how you'd implement such code?
Thanks for all the images | Unofficial DMFA IRC server
"We found Scientology!" -- The Bad Idea Bears

ooklah

I used to know where two where... now I think I can remember where one is...
<wakka wakka wakka wakka wakka wakka>
"Why no, officer, I am not made of pancakes."

hapless

Quote from: llearch n'n'daCorna on August 06, 2009, 08:07:29 PM
Out of interest, could you show me how you'd implement such code?

Well, all you need is a method of passing state around. Always available are:
GET variables - obvious as a barn... page.php?var=something...
Cookies - set by headers, so not visible in the HTML, but if somebody has disabled them it won't work, also with browser in paranoid "ask every time" mode he'll see them (and there's always the manual "show cookies" button...).
POST variables - require a <form>. There's <input type="image" /> that's barely distinguishable from a normal image link, but having a textual submit link may require fiddling with javascript iirc. Anyway, quite prominent in HTML source.

Both non-cookie cases would require you to either append the ?GET=VAR or a whole <form> to every link on every page, dynamically. Or only to the link leading to the next step of the secret combination, which makes it not very secret anymore. Also, all three can be manipulated - anybody could use a pre-generated one to skip the process.

Best option (I'd dare to say "the only practical option") would be a server-side store, either in a file or some SQL database. But to keep that status tied to specific browser session you'd need a cookie (gain here: cookie is just a random ID, doesn't contain the "status") or SESSID anyway, unless you're going to assume "same IP + same User-Agent = same session", which might be a problem when whole family using Firefox 3.5.1 from one public IP is trying to find the secrets at the same time. :)

After you have all of this set up...
Vol_911.php -> set_status(1);
demonology.php -> if (get_status() == 1) { set_status(2); } else { set_status(0); }
cast.php -> if (get_status() == 2) { show_link(); } else { set_status(0); }
any_other_page.php -> set_status(0);

Alternatively you may add a second check so once revealed the link will stay visible instead of disappearing on first load of any other change.
Oh, I forgot about Tuesdays... PHP's date handling is a little annoying, but generally simple.

//h(onestly, I think I've been trolled... You, Sir, obviously know how it's done... *yawn*)
Chaosnet device not responding - check breaker on the Unibus

llearch n'n'daCorna

Quote from: hapless on August 07, 2009, 05:24:10 AM
//h(onestly, I think I've been trolled... You, Sir, obviously know how it's done... *yawn*)

I know how _I'd_ do it. I was curious how someone else would approach it, on grounds of it might well show up some deficiencies in my approach.

It's also useful info in case I want to go make trouble, later... ;-]
Thanks for all the images | Unofficial DMFA IRC server
"We found Scientology!" -- The Bad Idea Bears

Stig Hemmer

I have found zero hidden pages and am quite happy with that.  There are too web pages that are easy to find that I will bother go look for those who aren't.
Stig Hemmer, at your disservice.

Garsemor

I found one by accident just sitting there in plain sight. I was just browsding the pages and there I saw it, plain as day. I'm happy whit what I found and I don't care about the others but now it's tearing me up inside knowing that I am unable to talk about it.

Naldru

#26
The coding of the algorithms mentioned above are made considerably simpler if you use the HTTP referrer header.  If the code for the second page detects that the referrer is the first page, it changes the link to the third page.  When the coding for the third page detects that it is being accessed using the modified link, it inserts the link to the secret page.  No persistence is required.

For those script kiddies out there, you can modify the code for the "Page Not Found" response so that it is logged in a database.  IP addresses responsible for large numbers of requests of nonexistent pages (If I understand the nature of the scripts that people are discussing, this should prove adequate.) would be flagged.  Flagged addresses would get periodic messages containing famous movie quotes such as "And that is why evil will always win.  Because good is stupid." or "Thank you for hitting the self-destruct button.".  Or you can come up with your own lines such as "So you wish to engage in a battle of wits.  Okay, but I feel awkward dealing with an unarmed opponent."

****

Edit:

Sure, you can spoof it.  But how do you know what to spoof it to?

You can turn off lots of information in your browser.  However, it tends to break a lot of applications so that you don't get to see the shiny pretties.

I don't think you quite understood.  You can make the chain as long as you like.  Each page looks to see if the referrer is set to the correct value and if the link to the page was modified in the correct method, perhaps by adding a parameter.  If both tests are satisfied it will then send the correctly modified URL to go to the next page, but only when you hit the correct link.  Since the modifications to the URL are in the PHP code they are not visible to the browser.  Therefore, anybody passing the correctly modified URL can be assumed to have gone through the earlier elements in the chain.

Also remember that you can set up dead ends by modifying all of the URL's on the page with meaningless parameters.
Learn to laugh at yourself, and you will never be without a source of amusement.

hapless

#27
Quote from: Naldru on August 07, 2009, 12:15:00 PM
The coding of the algorithms mentioned above are made considerably simpler if you use the HTTP referrer header.  If the code for the second page detects that the referrer is the first page, it changes the link to the third page.  When the coding for the third page detects that it is being accessed using the modified link, it inserts the link to the secret page.  No persistence is required.

Tools->Quick Preferences->Send Referrer Information->Disable. Now what? I won't find it EVER.
Also, both Dragonfly and Firefox's Modify Headers allow you to spoof it. Same thing as with the "store state in a cookie" problem.

Said that, you present a very elegant approach, no data stored anywhere. It's only drawback is the fact you're limited to a
page1->page2 (shows link)->secret page
chain, no way to add more steps. Unless... you make N copies of seemingly "normal" pages, with urls differing with capitalization of something, and do thing like
page1: link(Page2) -> Page2: if(ref) link(Page3) else link(page3) -> Page3: ... -> HyperSecretPage

//h(ow about that?)

PS. Best error messages are obscure error messages... see below ;)
Chaosnet device not responding - check breaker on the Unibus

RobbieThe1st

Quote from: hapless on August 07, 2009, 01:04:42 PM
Tools->Quick Preferences->Send Referrer Information->Disable. Now what? I won't find it EVER.
Also, both Dragonfly and Firefox's Modify Headers allow you to spoof it. Same thing as with the "store state in a cookie" problem.

Said that, you present a very elegant approach, no data stored anywhere. It's only drawback is the fact you're limited to a
page1->page2 (shows link)->secret page
chain, no way to add more steps. Unless... you make N copies of seemingly "normal" pages, with urls differing with capitalization of something, and do thing like
page1: link(Page2) -> Page2: if(ref) link(Page3) else link(page3) -> Page3: ... -> HyperSecretPage

//h(ow about that?)

PS. Best error messages are obscure error messages... see below ;)
Well, there are two things: One, I use RefControl myself; I generally have it spoof the current page so as to avoid getting blocked by hotlink protection. However, using this, a few sites won't work - they want specific referrers.
As such, I have it set such that only third-party requests(links to another site) get spoofed, and I think you will find that most people will do something similar - because its so much of a pain otherwise.
As far as faking the right page, that first requires that you -know- the right referrer to spoof in the first place.

The best option I see is to use session cookies on every page: You use GET to store the SSID, no worries about someone finding anything out with that. You justify the session data by building your archive and site dynamically, having lot of user-preferences that make things easier. Once you do that, its easy enough; you could do anything you want as far as complex chains of pages, or any other method.

---------

Llearch, I would love to know how you would do this, please elaborate.

-Robbie

Pasteris.ttf <- Pasteris is the font used for text in DMFA.

llearch n'n'daCorna

Thanks for all the images | Unofficial DMFA IRC server
"We found Scientology!" -- The Bad Idea Bears