How I found out we hadn't finished deploying the content filter
Posted by Entegy@reddit | talesfromtechsupport | View on Reddit | 68 comments
As I'm sure we all experienced, COVID forced a work from home policy that strained not just work procedures, but how IT works as well.
So with WFH, we needed a content filter solution on the computers instead of just the corporate firewall. We deploy it, configure it, done... or so we thought.
Some time later, a coworker messages me and says they found a problem on our website. They know I'm not on the web team, but could I help them prepare a ticket with the right terms to get it treated faster? This user always opens good, respectful tickets, so of course I help! Techs looking out for techs!
So we start a screen share session and we're preparing the ticket for the web team. My coworker then tries to describe a feature that should be on the website, says "this is how it is on
Well, product.com was full of ladies definitely not using the product my coworker was describing. A few flustered seconds later we got the tab closed, and I showed them how to clear the last hour of browser history. We discovered the product in question is at companyproduct.com and we immediately knew why.
We got the ticket finished and sent off to the web team. I then went and looked at the device web filter and found that we had somehow put exceptions in place without actually picking any categories to block! So exceptions to nothing were configured.
I sent a screenshot of no blocked categories to the coworker and they replied with the life of crime they would have led with their work computer had they knew the content filter wasn't working.
So maybe once in a while, check your filters! This is true for air conditioners, cars, and computers!
Money4Nothing2000@reddit
My co-worker was trying to price diagonal cutters and googled "pair of dykes".
We had to report a content filter suggestion to IT.
mizinamo@reddit
I was once working on a LaTeX document and wanted to insert an image into it.
So I googled
latex images.The results were … not what I had expected.
blind_ninja_guy@reddit
It's like the time I searched for the manual for the Unix head command on Google by typing well I think you can guess what comes next if you've ever worked with Unix or Linux. Don't do it, please. Just use the terminal for that man page.
mizinamo@reddit
I usually go to
linux.die.netwhen I want to read Unix manual pages online.-MazeMaker-@reddit
Reminds me of when a windows bug made me open up a web search for "FAT images" when I was trying to make a folder for some Factory Acceptance Test images
mizinamo@reddit
I would have guessed you were asking about the File Allocation Table or the filesystem based on that structure that was popular under MS-DOS and early versions of Windows. Either way, I don't think you got images of that, either.
ozzie286@reddit
Diagonal cutters.
Aazimoxx@reddit
From back 20yrs ago when I worked in a high school for my traineeship... The most common hit on the web filter was hotmale dot com. 🙄🤦♂️
The_WRabbit@reddit
We spent a pleasant afternoon at work one day confirming the mail filter was working. The amount of profanity we sent was therapeutic. We also discovered some Regex exceptions that weren't intended.
Loko8765@reddit
When I had oversight over a content filter (this was some 20–25 years ago, so in the infancy of content filtering), we discovered that one of the editor’s default filters was simply “URL contains the word ‘sex’”.
We discovered this because one of our major workflows involved submitting a form on a provider’s website, a form which submitted everything using the URL path (again, almost 25 years ago), and one of the fields was “sex”, the permissible values being “M” and “F”. That content filter was rolled back quickly.
harrywwc@reddit
and of course in those early days, the ever popular filtering of place names in the UK such as Sussex ;)
FuglyLookingGuy@reddit
You won't believe how hard it is to get a parcel sent to Gropecunt Ln, Oxford.
blind_ninja_guy@reddit
There's a Vietnamese person who I used to occasionally email whose last name was fuck. I'm not even joking. Luckily the University I was at was very unfiltered, because there was more than once where I sent an email that was like hello Mr fuck.
mizinamo@reddit
Scunthorpe, Penistone, …
blind_ninja_guy@reddit
I did the opposite of this at one point. A legitimate curse word appeared in a base64 encoded string, and after laughing when I figured out why the code was being blocked from submit, we went in and put an exception to that curse word occurring in code if it occurred surrounded by the specific base64 encoded gibberish.
AshleyJSheridan@reddit
Having implemented regular expressions filtering for profanity, I really hope you were using word boundaries?
ExaForce@reddit
I remember being on some tech forums back in the day when one of the mods posted an article that was supposed to be about Matsushita (Panasonic's parent company) but it ended up being posted as "Matsu****a" instead. The forums would also turn "grape" into "g****".
AshleyJSheridan@reddit
It's known as the Scunthorpe problem. Naive developers treat profanitory filtering like a basic find and replace, and it breaks many words and names.
Old-Class-1259@reddit
This was me once evaluating three classroom management systems. They all some weird quirks and none made it through to implementation. One would catch expletives and star them out, but would fail with some syntax like repeating the word:
shit shit shit = **** shit ****
Interestingly it also came with a glossary so (as an admin) you could actually learn some phrases and slang you may never have heard of. One was simply the name of a type of dessert. I can totally imagine a student being called in to a meeting to be asked why they were googling for a term related to sexual assult and in doing so the teachers accidentaly reveal to the student the darker meaning of an otherwise innocuous pudding.
PlatypusDream@reddit
What's the word?
Old-Class-1259@reddit
I think it was strawberry cheesecake. I don't want to check.
NDaveT@reddit
Do you do any business with anyone in the village of Scunthorpe?
udsd007@reddit
And discover that “specialist” matches “/cialis/i”.
The_WRabbit@reddit
And doCUMent and ANALysis.
Sintarsintar@reddit
apluSEXam.com
random_fucktuation@reddit
and expertsexchange.com
dreaminginteal@reddit
And the Pen Island website...
udsd007@reddit
And Italian power generation: powergenitalia.com .
Dekklin@reddit
^ Best one yet.
lazlowoodbine@reddit
therapistfinder.com
Gingrel@reddit
Do you ever use the chemical butanal?
MikeSchwab63@reddit
Try some of the town name on Newfoundland.
Mickenfox@reddit
Network admins on their way to blocking 83% of the internet because it's not their problem if no one can do anything on their devices
MikeSchwab63@reddit
Had a chat app force us to use flight deck because the alternative showed up as ****pit.
SlitheryBuggah@reddit
So I can send my boss an email telling him to go fuck himself and claim I was just testing the profanity filter - genious
The_WRabbit@reddit
From an anonymous external email as it was an edge filter of course.
ontheroadtonull@reddit
Does the filter block out edgy emails?
arkaycee@reddit
Or mails about edging?
SlitheryBuggah@reddit
Oh no fun if it anonymous 🤣🤣
The_MAZZTer@reddit
example.com is reserved for use as, IIRC, a placeholder for you to use in urls. Seems to me it would be a good site to use to test a content blocker, if you can manually add it to the block list
KnottaBiggins@reddit
Well, at least you had a unicorn to work with on this. Someone else wouldn't have even reported it.
SocklessEng@reddit
War game forums I was in many moons ago had the best(/s) find/replace filters. When I first joined I wondered why they talked about "shecks" not "shells" - right up until I saw the crown jewel - "cirbodily fluidstances"
mizinamo@reddit
Ah yes, the clbuttic era of "medireview" and "reviewuation"
oridginal@reddit
This is where I have to admit limitations on my understanding of the buttbuttinate language and ask for help 😅
JeffTheNth@reddit
I think it has to do with "analize"....? I can't figure out the original words either...
but this discussion does remind me of the story I heard at my first major job about a hundred e-invites that went out to executives and noted "African-American suit and tie required."
Find/replace nightmares.....
mizinamo@reddit
evalis a Javascript command that can be used to run some text as a Javascript command.Running any random text that people type in is likely to be a bad idea!
So there was a time around 2001–2002 where Yahoo tried to patch this by find-and-replace-ing
evalwithreviewin HTML email attachments, which turned "medieval" and "evaluation" into "medireview" and "reviewuation".https://revealingerrors.com/medireview
https://www.nytimes.com/2002/07/22/business/compressed-data-some-serious-word-scrambling-at-yahoo.html?unlocked_article_code=1.sU8.vk9z.eeSiuuUcEau3&smid=url-share
oridginal@reddit
Thank you for that!
Sophira@reddit
I'm pretty sure the missing word in this case is "eval", as in "evaluate"! I'm not entirely sure why that would be filtered, though.
Sophira@reddit
I'm pretty sure the missing word in this case is "eval", as in "evaluate"! Maybe an attempt at preventing XSS attacks?
MrDiemar@reddit
For "Shell", "Hell" was replaced with "Heck" so "Sheck".
And for "Cirbodily fluidstances" it's "cirCUMstances"
showyerbewbs@reddit
Not seeing a problem.
Content filter was deployed.
I checked CAB and there are no mentions of blocking categories.
Ticket rejected.
WizardOfIF@reddit
My coworker who did content filter testing had a list of website that should be blocked for nsfw content but that they knew had sfw landing pages. Surprisingly, playboy was their go to site at the time. Just in case the filter failed they wouldn't see any nudity from the homepage.
Kasper_Onza@reddit
I used a web comic (www.kevinandkell.com) as my test page. It always changed daily. Would not likely be used by the client.
And was saturated colours so good for testing the screen.
But I got to the point of putting g a card blue tacked to the screen explaining I am not reading comics on work time.
Entegy@reddit (OP)
Modern "I read it for the articles"!
NightMgr@reddit
The test article on balancing a tone arm, a decidedly nerdy techy thing, was in Playboy.
darkroot13@reddit
“I swear, I’m just on their site for penetration testing!”
Distribution-Radiant@reddit
Wrong kind of penetrating 😂
Awlson@reddit
Some would argue it is the only right kind. Haha
itenginerd@reddit
Well THAT would certainly have been helpful.... 🤦♂️(see the parallel comment I just posted for context)
PendragonDaGreat@reddit
Reminds me of first grade and the first time we got to go to the computer lab.
We were supposed to follow the instructions to go to the local library's website so we could find a book or something.
Library was at .org, instructions were to go to .com. Suddenly 20 kids looking on as topless Korean ladies loading in at just over dialup speeds.
Or more recently I love https://glazerscamera.com great selection of analog and digital and one of the best places to buy darkroom supplies and film. You can imagine that dropping "camera" off the end puts you somewhere completely different.
Hawkner@reddit
Had to raise issue for someone who was doing logistics work for Meta, because their client portal was getting blocked by filters cause meta ofc is facebook and such.
itenginerd@reddit
Happened to me long ago. Working woth a new customer whose chief complaint is that their web filter isn't working well at all. So I go over there, we hop in a conference room (glass walled to the hall, cuz they fancy back then), and I hook up to the projector to troubleshoot.
OK, I ask, how broken is it? It doesn't filter anything? Ok. Now I'll be honest. I didn't really believe them that it filtered nothing. They'd had a vendor engineer install it, so it couldnt be blocking NOTHING. It must be just a thing where they thing a site should be blocked and its in a different category or something. So I pulled up playboy.com (its racy enough to be in the Porn category but not racy enough for heads to roll--mine in particular--if I'm wrong). It loads up in all its glory. Shitshitshitshitshit
So here I am, with playboy.com up projected on the front wall of a conference room for everyone walking down the hall to see at my shiny new customer site, having a mild stroke.
Ended up being a 5 minute fix after that. They'd made a change on a different policy layer that made sense to the beginner mind, but to the policy compiler meant 'allow all'. It wasnt a big deal, but my butt still clenches when I think about that one...
TinyNiceWolf@reddit
"having a mild stroke" That was daring.
LupercaniusAB@reddit
HEYOOOOO!
arkaycee@reddit
It was interesting times in the late 80s or so when content filtering first became a thing, and then all those words that HR would've seriously talked to you about became necessary to put into work lists.
Roesjtig@reddit
Like deploying a WAF and not hooking it up to the loadbalancer.
Weird that testers are complaining in nonprod, and that the real users in prod are not complaining...
smokie12@reddit
So, your coworker was looking up X-Hamsters or what?
jamoche_2@reddit
The comment section on a blog I used to be on would often get political, and the owner was baffled when “socialism” would get blocked since it wasn’t on the list. Turns out socialism contains cialis, which was.