40 comments

[ 4.6 ms ] story [ 96.1 ms ] thread
Hope for him that it's not just one variant of the payload that gets hidden / shown based on the backend response.
haha right, I hope he checked to see if there is also a rejection notice in a p tag somewhere, with logic that displays the correct one based on a boolean from the backend
Knows about inspect element but doesn't know how to take a screenshot?
At least he didn't put the monitor face down on a scanner. That was the greatest "screenshot" I'd ever received.
Are you not familiar with photography as a way to document moments in life?
Supreme in the bookmark bar? Cringe
Don't forget the sneaker raffle link.
So, maybe the title should of said "typical tech bro checking ..." instead?
"Typical cs dude" happens to be the subset of "Typical techbro", so expected, lol.
I wonder if people feel attacked by reading "Tech Bro"
What's wrong with this?

What would you prefer to see in the bookmarks bar instead?

Harvard had a similar bug - you could modify the url to find out if you had entry. They found out and revoked admission from all students who used the url on ethics violations.
...how is that an ethics violation?
It isn't, Harvard is just virtue signaling. Their admissions have always been fucked up. This is the same university that treats Asians as third-class candidates and openly defies the Supreme Court rulings on affirmative action.
Because otherwise, they will have to admit they messed up. Easier to blame it on the kids.
Am going to need a source for a claim like that.
That is quite an unetical move by Harvard, they are the ones that made the information public, and then punished those who viewed it.
Meh… the decisions were not finalized.

The HBS folks incorrectly thought that their work in the system was private.

TBH, they should be mad at the company and mad at themselves for not engaging in due diligence. That said, I can see how this would be an ethical violation, akin to asking a friend who works in the admissions department for an update.

i think the takeaway here is if you do this, just check the admit status of every single student
They would have needed the unique ApplyYourself ID for any other applicant.

I assume that these IDs were not trivial like intitials and last name.

(comment deleted)
When I was in university we had a page you could go to and see your grades which were released after a certain date. It also showed your cumulative GPA to two decimal places which oddly was not embargoed so, you could plausibly back-solve to figure out what your grades were. In my case I thought I had failed a class somehow because my GPA took a hit, turns out they had mistakenly left me registered class I withdrew from, which I cleared up.
This used to be a nightmare, for me. My dad still has this nightmare; he's 81. So... that's probably not trauma, right?
I graduated 20 years ago and I still regularly dream that it's the end of the semester and there's a course I had that I forgot to attend and need to go write the exam.
I really wish you hadn't said that. I had moved on.

More recently I'm wandering campus trying to find my next class.

Similarly graduated 10 years ago now. I still with regularity have bad dreams of exams and the anxiety of failing an exam that I had back then as well.

It doesn't help that at the time I was actually on the brink of failing some classes in my final year so I think it has just amplified the severity of the dreams I get.

In college I found all the CS final exams in a hidden folder structure on the urls
It would be funny if both scenarios were present in the HTML and the decision decided which text showed up at the proper time.
Back 20-ish years ago when NIS+ was used to federate ssh logins on multiple *NIX clusters at some CS department that shall remain nameless:

    getent passwd | awk | johntheripper

Say "hello" to trivial plaintext passwords of 6 tenured profs, a dozen associate profs, and 30+ students in a few minutes and without rainbow tables. (There was no ill-intent involved and the unfortunate parties were notified indirectly.) The flaw was giving everyone access to unsalted crypt password hashes. Exploring systems today would likely result in an instant Aaron Swartz-style crucifixion because of the cult of "zero tolerance" equals zero justice and zero proportionality because curiosity must be immediately murdered by the "culture of 'no'".