You can use this feature to find out the full text of the private scratchpad.

For example, if you want to know what follows "vec" in princepawn's scratchpad, you super-search the scratchpad for "veca", "vecb", ... putting each character after vec. This is very slow, so don't do it unless you really need to. It also sucks because the search is case-sensitive.

I tried this just to test that it works. It turns out that princepawn's scratchpad contains "$vector, 1, rand(2" (some letters may be ucased): super-search proves it.

I did the search with a little script that tries every character automatically (some think there are 2**31 characters). To find out the next character, just try (Update: readmored code)

Beware, this takes some time to finish. Some guesswork can help (I guessed that "or" would follow "vact").

You are aware, of course, that on the other side of that ruby is a webserver, with other people connected to it? Serving a site that many people complain has performance issues?

I'd have been perfectly happy with just "test code" that hadn't made a thousand hits on the server. It's neat, but I got the point from the code.

dep

--
Tilly is my hero.

I had posted this as a sidenote on a recent thread of mine. Either nobody noticed or nobody really cared, and I kind of had the same attitude. So what if you know that princepawn has the text 'vec' on his scratchpad? You can't tell whether it is located within code tags, or as a link to the perldoc, or in a chatterbox message copied from the chatterbox to his private scratchpad. So yes, while you can do a 'search only scratchpad nodes for the word "sex"'¹, there is no hope to discover the context of how it is used. For all you know, the sentence used might be 'My name is Nathan and I am of the male sex'. :)

¹ Well actually, the 'Scratch Pad' checkbox under the 'Search only the following sections' option is still disabled, but you can select 'Search all but...' and select all the other nodetypes.

Or maybe just nobody commented. (: Did anyone notice that scratchpads had a lot of changes done to them recently? The work isn't finished. This particular problem is well known and as the work for these changes progresses, this problem will go away.

Update: About one day later and most of the kinks are removed from scratchpads (mostly due to demerphq's diligence, again, it appears -- though I don't mean to not credit others who may have helped, ysth probably being one) including preventing private scratchpads from having their contents subject to search. And I managed to change Super Search to allow the 'scratchpad' box to be checked.

- tye        

What's the problem? You get to know that princepawn has an interest, and he gets the privacy. If he doesn't respond to a /msg, you can at least look at his nodes for a clue.

Well, with regex searches, and enough hits to the host, you could use binary searching to figure out the exact text of the scratchpad. Presuming printables (and newline) only, it'd take only 6 or 7 hits per character you wanted to guess. Look for /^[a-m]/ and if that fails, look for /^[n-z]/, otherwise look for /^[a-h]/ and so on. As you get each letter, you add it to the beginning: /^v[a-m]/.

So, yes, this is a leak, but a slow leak.

Hmm. That'd be an interesting article about why not to allow regex searches against text you can't eventually see. >>todo.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

How can you do a regexp search? I thought that super-search would allow only fixed text.