13

I am a non-technical person, but I believe that computers will always do what programmers tell them to do. Computers may take our orders literally and without any common-sense understanding, and programmers may be ignorant on what they actually told the computers to do (which is why we have SQL injections and XSS attacks), but overall, this understanding means that computers are not flawed, only the code that people write is flawed. This makes me feel safe and secure.

But according to an article that I totally did not ghostwrite bugs exist in software. This confuses me to no end. If modern-day computers follow all instructions literally, then bugs should, by definition, not exist...and any deviation from intended specs are merely problems with the code produced by human programmers. Clearly, I must be missing something fundamental. Please answer my question: why do bugs still exist?

Please hurry and answer my important question! I want as many Upvotes as possible, enjoy a few days as a Hot Network Question, and possibly get people to click on that cool article that is 100% not ghostwritten by me.

Questions like Why does XSS affect so many websites? and SQL injection is 17 years old. Why is it still around? seem to attract a lot of answers that, while are interesting to read, may not be of the highest-possible quality. In addition, the questions themselves can be "templated", meaning that we can endlessly spawn variants of "Why do X still exist?".

I find this a very serious attack vector for this site, because if X is popular or general enough (as you can see by my hypothetical example question), lot of people will rush in to answer the question and provide their own thoughts. This can fuel a cycle of growth, making the question more popular and ultimately monopolizing the time of SO users needlessly while potentially serving as a vehicle of self-promotion for the questioner (the two questions I linked to was being used to promote two articles written by the questioner). Ultimately, both attacks have been neutralized (and the links to the articles were removed)...but a vulnerability still exist and could be exploited again.

I'd like to know what steps Information Security SE is taking to prevent future attacks (even if it is to close these types of questions as being "too broad").

10
  • 2
    I'd like to know what you propose SE could do in order to "prevent future attacks". You assert by default that there's some way to do this by pre-emptively identifying posts that qualify as such attacks - and that SE is shirking a responsibility to apply this... both without substantiation. Have you developed a heuristic that they can apply to identify such questions? Other than 'set readers on it and have them apply critical thought, check links and names, flag/downvote bad posts without mercy' - which is what's resolved both of these situations and, well, is kinda the entire point of SE.
    – underscore_d
    Commented Jul 9, 2016 at 11:00
  • 1
    More to the point, even bad questions can generate great answers. If they do, then that's not a net negative, though I'd prefer the spammers didn't get clicks. Spamming users will be banned and repeated questions with equivalent propositions will be flagged as duplicates and closed. Again, I don't see how the existing model of SE isn't the best solution here.
    – underscore_d
    Commented Jul 9, 2016 at 11:07
  • 1
    I don't know if you can say the current system worked when both questions got HNQ status quickly before the questions were closed. "Setting readers on it" would be my preferred solution, but it doesn't seemed to have worked here, as readers may use their critical thought to write great answers rather than to read the questions and realize they are being manipulated. The good news with these types of limited questions is that it's based on a template...an expectation that all questions with some variant of "Why does X still exist?" would be closed would be enough to stop these "attacks".
    – Left SE On 10_6_19
    Commented Jul 9, 2016 at 15:24
  • 4
    Basically, what you are asking is that SE should improve their spam recognition engine (there is one) in order to counter real humans writing targeted messages with specific knowledge on how to bypass anti-spam systems and influence people thoughts (it was indeed the guy's job, "digital content marketing"). I think if you have any suggestion, I guess you will be welcome. Other than that, it seems more as a dream than a request to me...
    – WhiteWinterWolf
    Commented Jul 9, 2016 at 15:42
  • 2
    I'm not sure "users can post bad content" counts as a vulnerability. If it did, I would like to claim some Facebook bounty money, because the status update feature sure is vulnerable.
    – Anders
    Commented Jul 11, 2016 at 8:19
  • 1
    Autoclosing "Why does X still exist?" questions is not a solution. It would have closed yesterdays questions, but not tomorrows. The next time hidden self promotion pops up it will be in some other form.
    – Anders
    Commented Jul 11, 2016 at 8:21
  • 1
    The answer to all of them is "Because people are stupid." Why does PHP exist? Because people are stupid. Why do XSS and SQL injection exist? Because people are stupid. The solution is to get rid of stupid people.
    – cat
    Commented Jul 15, 2016 at 21:44
  • I agree that it seems like the system worked... the spammer is on probation; the site got some traffic, the discussions were interesting, and 50000 people read about SQLi. After spending 45 days across SE, it is clear that most upvoted and viewed questions have just the right combination of inviting opinions, while being phrased as requiring an exact answer-- I don't think this needs "solving" though.
    – Jedi
    Commented Jul 19, 2016 at 3:30
  • 9
    Suggested new title: Why do "Why do 'X' still exist?" questions still exist?
    – TRiG
    Commented Jul 20, 2016 at 11:21
  • @TRiG credit due to @smilebomb? This is deja vu...
    – Jedi
    Commented Jul 22, 2016 at 13:42

1 Answer 1

Reset to default
9

Just vote to close. This community is very good at quickly closing them down, so it really isn't a worry here.

7
  • 2
    Except, having gotten to both of these questions through HNQ (I spend my time on EE.SE), it's obvious that the reaction is currently to comment and/or answer, not flag. The questions are simple enough to have a wide variety of answers available and are easy to interact with. Are certain moderators/high-ranked users going to need to preempt the SE process as best they can to quash these? How off topic are they?
    – user2943160
    Commented Jul 9, 2016 at 16:26
  • 1
    No pre-empting required. When they appear they get VTC'ed and flagged. Then they get closed. They are off topic, basically because they are daft questions. They don't need to be closed in 5 seconds - the process works just fine.
    – Rory Alsop Mod
    Commented Jul 9, 2016 at 16:56
  • 1
    What close reason?
    – paj28
    Commented Jul 18, 2016 at 8:19
  • Unclear what you are asking is probably best
    – Rory Alsop Mod
    Commented Jul 18, 2016 at 8:22
  • 1
    Does this mean I can't gain anything despite calling dibs? Aww shucks!! I thought I'd found my path to a Socratic badge...
    – Jedi
    Commented Jul 19, 2016 at 3:19
  • 1
    Why does this thread still exist?
    – mzcoxfde
    Commented Oct 2, 2016 at 13:23
  • 1
    Mzcoxfde - there is no concept of threads here, so I'm not sure what you are asking. As far as this question, it is going to remain here as an FAQ item
    – Rory Alsop Mod
    Commented Oct 2, 2016 at 14:03

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .