I'm #90 😎

If you want to know your number comment and I'll check o7

You can also check who has a certain ID by completing this url with it https://hexbear.net/create_private_message?recipient_id=

Also also, if you type in your OWN ID you can dm yourself lmaoooooo

The first user to join the site was Liberal (of course) and the second was beatnik

(p.s. if this post blows up please help me check people's IDs lmao)

PSA: if you're terrified of asking people for things, you can do your own by trial and error manual algorithm.

  1. Determine down to the minute when exactly your account was registered by hovering over the "joined X months ago" text on your profile page.

  2. Use OP's URL with a random number at the end.

  3. Determine when that user's account was registered. If their account is older than yours, increase the number and try again. If their account is younger than yours, decrease and try again. If their account is much older/younger than yours, increase/decrease by a few thousand. If it's only a few days older/younger than yours, increase/decrease by a few hundred. And so on. Should take no more than twenty or thirty attempts.

  • reddit [any,they/them]
    ·
    4 years ago

    Hit me

    (also sequential ids always make me :side-eye-1: but it's probably fine for this?)

    • QuillQuote [they/them]
      ·
      4 years ago

      why do they concern you? I've never really done forums until chapo so I've not given it much thought

      • reddit [any,they/them]
        ·
        4 years ago

        Whenever you make database IDs of any kind sequential you make it a lot easier to force browse/select other posts. Like, I can't brute force my way to a certain youtube video or download them all sequentially, but I can sequentially download every chapo post, if that makes sense.

        It only really becomes a problem if there's an actual exploit to use related to it, but it does increase the attack surface technically. Here's an example of how sequential IDs can make exploits more dangerous. Probably fine for an arachno-Bidenist shitposting forum tho

        • Neckbeard_Prime [they/them,he/him]
          ·
          4 years ago

          The most obvious way to abuse this would be harvesting user profile data, e.g., e-mail addresses and any other personally identifying info that is stored "behind" the profile page. Thankfully, Lemmy masks users' e-mail addresses for accounts other than the one belonging to the user ID that performs a user profile lookup:

          https://github.com/LemmyNet/lemmy/blob/main/lemmy_api/src/user.rs

          (See line ~496ish)

          So at least that's not an attack vector.