I'm #90 😎
If you want to know your number comment and I'll check o7
You can also check who has a certain ID by completing this url with it https://hexbear.net/create_private_message?recipient_id=
Also also, if you type in your OWN ID you can dm yourself lmaoooooo
The first user to join the site was Liberal (of course) and the second was beatnik
(p.s. if this post blows up please help me check people's IDs lmao)
PSA: if you're terrified of asking people for things, you can do your own by trial and error manual algorithm.
-
Determine down to the minute when exactly your account was registered by hovering over the "joined X months ago" text on your profile page.
-
Use OP's URL with a random number at the end.
-
Determine when that user's account was registered. If their account is older than yours, increase the number and try again. If their account is younger than yours, decrease and try again. If their account is much older/younger than yours, increase/decrease by a few thousand. If it's only a few days older/younger than yours, increase/decrease by a few hundred. And so on. Should take no more than twenty or thirty attempts.
@VolcelPolice pls ensure the process is volcel friendly.
The VolcelPolice user number is also 1096, for the theme of this thread
Strict volcel surveillance is going to be required for this, we need to know everything being looked at on all of your computers
Bit disappointed we didn't manage to snag 1312, should have held off a bit longer to get it
I quite enjoy your posts so I guess I just assumed you've been here longer than you have haha
1 isn't a user, it's the devs saying hi
@BioWarfarePosadist has 69
@jures has 420
666 isn't a user, it's the devs saying hi
@danisth has 777
@Neckbeard_Prime has 1312
@RadRev has 1488 (😬)
@Ruprecht has 1917
@migraine has 6969
Welp, it was nice knowing you guys. Everyone comment on this account going forward will be complaining about cancel culture.
:acab-2:
Edit: Based on what's returned by the Lemmy API, there is no user 666. If there was an account, it was originally created on July 26th, and has since been deleted, either by the admins or directly via the database.
go check again but this time look at the bottom left corner of the window :)
Gotcha; for what it's worth, it does the same thing if you submit any other invalid ID, like 0, -1, or (for now) 69420.
The API backend returns an HTTP 400 response status with "NotFound" in the response body; this is visible either via your browser's devtools (or Postman/cURL if you're a dev nerd like me).
Neckbeard_Prime has 1312.
RadRev has 1488.
666 is the devs saying hello.
Also mods pls remove if this is too much info
666 isn't actually a user, like ID #1
go to the page and look at the bottom left :)
you can also open your own user page ( https://hexbear.net/u/username ) in incognito/private mode and hover over the send message button to see the id in the bottom left corner.
i regret not telling anyone when i discovered this month ago on the test branch :angery:
I think users #200ish-1500ish all joined in the span of like 8 hours when the site first launched
on seeing this comment again I went and checked, and I'm 90 and you're 880 but were only separated in time by ~13 hours
Hit me
(also sequential ids always make me :side-eye-1: but it's probably fine for this?)
why do they concern you? I've never really done forums until chapo so I've not given it much thought
Whenever you make database IDs of any kind sequential you make it a lot easier to force browse/select other posts. Like, I can't brute force my way to a certain youtube video or download them all sequentially, but I can sequentially download every chapo post, if that makes sense.
It only really becomes a problem if there's an actual exploit to use related to it, but it does increase the attack surface technically. Here's an example of how sequential IDs can make exploits more dangerous. Probably fine for an arachno-Bidenist shitposting forum tho
The most obvious way to abuse this would be harvesting user profile data, e.g., e-mail addresses and any other personally identifying info that is stored "behind" the profile page. Thankfully, Lemmy masks users' e-mail addresses for accounts other than the one belonging to the user ID that performs a user profile lookup:
https://github.com/LemmyNet/lemmy/blob/main/lemmy_api/src/user.rs
(See line ~496ish)
So at least that's not an attack vector.
Smh, I need to delete my account and make new ones until I get a cool number