Did I just win?

This reminds me of an old folk tale of the trickster and the rich man.<p>A king passing through a town finds a man about to be punished for fraud. He intercedes and asks what the matter is. The trickster says in his defence, &quot;I ask people for things, and they give then to me&quot;. The king is incredulous but poses a challenge: &quot;You must ask and receive money from the richest man in town.&quot; The trickster agrees, but being short on assets, requests a loan. The king obliges, and the trickster arranges (eliding details) to induce the town&#x27;s richest resident to provide him with a wealth of goods. He returns to the king two days later with evidence in tow. The king is impressed by this demonstration, at which the trickster notes that he&#x27;d actually met the conditions 48 hours earlier when the king, wealthier than the town&#x27;s richest resident, had offered him a loan.<p>There&#x27;s something to those old stories.<p>(I&#x27;m not positive of the source but believe it&#x27;s included in Idries Shah&#x27;s <i>World Tales</i>.)

1. Create issues for items I need fixed on my github repos.<p>2. Offer a $100 bounty to people who can trick me into getting some string into my projects. The easiest way to &quot;trick&quot; me of course is to hide it inside of a PR which fixes a real issue.<p>3. Find and remove the string before merging the PR. I&#x27;ve had one of my issues fixed for free. Rinse and repeat!<p>Bonus Round: Stage an announcement on twitter and have someone cleverly trick me into including the string on my website (which I was totally going to do anyway). Post clever trick to code geek social media and reap the sweet free viral marketing and hackers trying to earn a Benjamin.

What exactly happened here? All I see is a highlighted line that seems to have already been there.

An acknowledgement of the win: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;DefuseSec&#x2F;status&#x2F;730903547747819520" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;DefuseSec&#x2F;status&#x2F;730903547747819520</a><p>The offer still stands though, if you&#x27;d like to try: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;DefuseSec&#x2F;status&#x2F;730904219419443200" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;DefuseSec&#x2F;status&#x2F;730904219419443200</a>

The offending commit: <a href="https:&#x2F;&#x2F;github.com&#x2F;defuse&#x2F;defuse.ca&#x2F;commit&#x2F;4770ad5c9d4851d40811c77b944f391aedbcf5d9" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;defuse&#x2F;defuse.ca&#x2F;commit&#x2F;4770ad5c9d4851d40...</a>

Took me a second to understand what happened. But yes, earned his $100.

Can someone link to context? Without it, I don&#x27;t see why this is even posted here.

Asked a question, won a beer token. It counts.

Are some of you actually arguing over whether or not the website qualifies as a &quot;software project?&quot; Goodness, maybe stop taking the world so literally&#x2F;seriously.

That is a gem of cleverness.

Troll level = 100%

Just beautiful :)

&quot;Mostly drunk ramblings of a programmer and crypto enthusiast.&quot;<p>Maybe we shouldn&#x27;t drink and &quot;crypto&quot;? :-)

Would you pay 100 usd to get on the front page of HN and who knows what other popular sites?<p>Maybe it&#x27;s just a marketing stunt

But wait, how did it happen ?

This just made my day.

It&#x27;s not clever to hack something that you can socially engineer, and that should be hacking 101. Clever win.

slow clap.

[[ obligatory reference to Betteridge&#x27;s law ]]

Another way to win this bounty would be to share some code with the string BackdoorPoCTwitter with the same color as the page background. If he copy and paste the code it could work. ^^

I guess a webpage is a software project...

Social Engineering is not accepted in most hacking contests.

Calling a website that happens to host static content in the same repo as its PHP source a &quot;release of a software project&quot; really seems like a stretch.