Comment On A Really Really Phat Pipe

Caching I presume?

And first.

m0ffx:

Caching I presume?

And first.

That would be one fast cache section.........

I presume that the divisor was far too small when calculating transfer size / time taken

Bandwidth TYPE-R

I suppose it could have been worse:

You: 1.41NaN MB/sec

That's the bandwith those people with stickers are getting.

captcha: ninjas - how appropriate

I really liked the chart with all the values at 1px and then the bar all the way across.

I'm calling shenanigans. You can modify the kbps query string parameter to give it whatever you want. ie.

http://www.bandwidthmeter.info/results.php?kbps=1234567890987654321&downloadtime=9.516&KB=791.5&recorded=1">bandwidthmeter.info

/yea i checked, kinda bored

And apparently I'm half-assed at my html skillz. lemme try again:

http://www.bandwidthmeter.info/results.php?kbps=1234567890987654321&downloadtime=9.516&KB=791.5&recorded=1

/whoa, captcha: kungfu

If I've done my math right, that means he can download at ~11.642e24 Terabytes per second

That's some pipe! :)

Verified. This is bogus; anyone can alter the URL.

The REAL WTF is using GET for this sort of thing?

Yeah, and my car's computer tells me I'm getting 99MPG when I coast to a stop. Sampling over a small time span and getting big numbers isn't surprising. I can't tell from the article whether that was the case or whether there was a programming bug. The latter is potentially funny, the former is ho-hum. (OK, the bar graph was fun.)

Just because you can make up your own "speed" by tweaking the URL doesn't mean there wasn't a quirk in the test that generated the number on its own. I've done ftp's of small files which would complete in less than one clock tick, and ftp reports amazing bandwidth calculations in such cases.

Of course, that doesn't mean it wasn't faked just to get on WTF.

Infinite!

Aha! You can modify the query params... well that answers everything. ;-)

http://www.bandwidthmeter.info/results.php?kbps=999999999999999999999999999999999999999999&downloadtime=0.516&KB=791.5&recorded=1

benryves:

Infinite!

So fast that it's finished downloading before the Mouse_Up event gets fired. Now that's pretty damn quick!

yep definately bogus, don't see how he could have generated http://www.bandwidthmeter.info/results.php?kbps=100000000000000000000000000000000000000000 randomly

Awww. It was fun until you guys ruined it for me:)

Just modify the URL huh?

The real "what the fuck?" is that you guys have time to sit around and figure that shit out.

But this is hardly "Worse than Failure(TM?)".

Another WTF: Looking at KungFu's link, the 28.8 kbps bar is the second-widest -- wider than all the other pre-defined bars.

benryves:

Infinite!

Bonus!

Rob Sirloin:

The real "what the fuck?" is that you guys have time to sit around and figure that shit out.

Ahh.. but that's what we like doing

HOLY COW I'M TOTALLY GOING SO FAST AW F***

There are about 10^79 electrons in the universe. A REALLY phat pipe would be able to download them all in 1 second.

yeah - I stumbled upon this thread while looking for bandwidth measurement tools. I don't really have an account. I don't really get the RSS delivered within moments to my email in box. I don't really program a computer as a job. yeah.

My results worry me a bit. Seems if I want to download, I end up uploadiing?

Yeah, well my ISP is actually sucking bits off my hard disk and casting them back out into cyberspace.
http://www.bandwidthmeter.info/results.php?kbps=-791.7

Are you satisfied with you speed?

I tried changing it to "armpit" kbps and no love. It just goes to 0.

m0ffx:

My results worry me a bit. Seems if I want to download, I end up uploadiing?

Your flux capacitor is plugged in backwards.

Aw, you think that's bad? My bandwidth is so small, my hard drive just got sucked into a black hole.

Henry:

There are about 10^79 electrons in the universe. A REALLY phat pipe would be able to download them all in 1 second.

Yes, but you'd have to factor in that light-speed latency shuttling them over from the opposite side of the Universe. And stealing all the electrons would really tick off the diners at the Restaurant.

I coulds download tha interwebs in no times!

mav:

Bandwidth TYPE-R

Except in the States, where it's Bandwidth TYPE-S

Even if the URL was altered by the submitter, aren't you not supposed to send data in plain text in URLs? The guy who wrote this page might go on to make another page and assume that plain-text changeable URLs are the way to go.

yourbank.com?loginname=admin&passwordchecked=yes

I dunno. I don't write web pages. It just seems like it's the kind of thing that's bad practice. Sure, no harm on this particular page, but that's not the point, is it?

Oh, what about:

http://www.bandwidthmeter.info/results.php?DROP_TABLE

--
I wonder where my signature and avatar went. I can see them on the sidebar, but not here.

http://www.bandwidthmeter.info/results.php?kbps=-1E10 is pretty slow...

that's not really a WTF... most of us are coders... many of use are web developers... if we didn't think of a bogus query string, or post situation as the likely cause within a few seconds of seeing the results, well... that wouldn't say much for our troubleshooting skills.

Rob Sirloin:

Awww. It was fun until you guys ruined it for me:)

Just modify the URL huh?

The real "what the fuck?" is that you guys have time to sit around and figure that shit out.

But this is hardly "Worse than Failure(TM?)".

themagni:

Even if the URL was altered by the submitter, aren't you not supposed to send data in plain text in URLs? The guy who wrote this page might go on to make another page and assume that plain-text changeable URLs are the way to go.

yourbank.com?loginname=admin&passwordchecked=yes

I dunno. I don't write web pages. It just seems like it's the kind of thing that's bad practice. Sure, no harm on this particular page, but that's not the point, is it?

Oh, what about:

http://www.bandwidthmeter.info/results.php?DROP_TABLE

--
I wonder where my signature and avatar went. I can see them on the sidebar, but not here.

SPACE.com is bad about putting everything in the URL. Especially when they have so many cool images that are begging to be re-purposed.

Example:
Ooh, pretty!
vs.
We're all gonna die!

themagni:

Even if the URL was altered by the submitter, aren't you not supposed to send data in plain text in URLs? The guy who wrote this page might go on to make another page and assume that plain-text changeable URLs are the way to go.

Yes or how about the fact that he obviously thinks that there is a factor of 1024 between Mbps and kbps. So this WTF is kind of giving and giving, a real showboat of how not to program web-pages.

Anybody finding other funny things that you can do with it?

m0ffx:

My results worry me a bit. Seems if I want to download, I end up uploadiing?

Pretty slick that it can interpret negatives and even scientific notation. I never noticed before that PHP would interpret post or get parameters in that way.

Try this:

http://www.bandwidthmeter.info/results.php?kbps=0xff

themagni:

Even if the URL was altered by the submitter, aren't you not supposed to send data in plain text in URLs?

It's more that every query string should identify a unique and permanent document. That's what REST really means.

MOD:

that's not really a WTF... most of us are coders... many of use are web developers... if we didn't think of a bogus query string, or post situation as the likely cause within a few seconds of seeing the results, well... that wouldn't say much for our troubleshooting skills.

Pretty much.

1) He used Get, and didn't bother to hash the display string at the very least.

2) He didn't put rational parameters on the number returned. It should have been obvious that the number couldn't be negative, or infinite either, but both of those are perfectly valid in his code.

3) He didn't bother to put a transaction ID or anything in his foolishly obvious Get parameters, so the data can be changed and changed and changed again and the program won't care.

Just a mess.

themagni:

Even if the URL was altered by the submitter, aren't you not supposed to send data in plain text in URLs? The guy who wrote this page might go on to make another page and assume that plain-text changeable URLs are the way to go.

yourbank.com?loginname=admin&passwordchecked=yes

I dunno. I don't write web pages. It just seems like it's the kind of thing that's bad practice. Sure, no harm on this particular page, but that's not the point, is it?

Oh, what about:

http://www.bandwidthmeter.info/results.php?DROP_TABLE

--
I wonder where my signature and avatar went. I can see them on the sidebar, but not here.

Why is it a bad idea when it is not sensitive or processing-critical data? The PHP code probably does something like this:

var $kbps = intval($_REQUEST['kbps']);

So results.php?DROP_TABLE or even results.php?kbps=DROP_TABLE would result in $kbps=0, no harm done.

The reason they probably did it this way was to prevent a browser refresh from running the test again. Or, possibly so that the results can be bookmarked and referenced again later without having to re-run the test.

Satanicpuppy:

1) He used Get, and didn't bother to hash the display string at the very least.

Why hash a string that doesn't have sensitive information? Thats like saying this forum should hash the value of ArticleId.

2) He didn't put rational parameters on the number returned. It should have been obvious that the number couldn't be negative, or infinite either, but both of those are perfectly valid in his code.

The test should never produce a negative number, but the display page needn't care so long as the parameter is cast to a numeric value and any numeric value could be processed without error.

3) He didn't bother to put a transaction ID or anything in his foolishly obvious Get parameters, so the data can be changed and changed and changed again and the program won't care.

Exactly, the program won't care. If you want to screw with the paramater, you get a screwed up result, GIGO, but the program doesn't crash, you can't run any code or inject arbitrary SQL, so there is nothing wrong with this.

I guess it will be cool (AGAIN) to have an AOL e-mail address. :^)

Looks like we finally beat the station wagon full of tapes!

Bandwidth: Nullity

Michael:

Satanicpuppy:

1) He used Get, and didn't bother to hash the display string at the very least.

Why hash a string that doesn't have sensitive information? Thats like saying this forum should hash the value of ArticleId.

2) He didn't put rational parameters on the number returned. It should have been obvious that the number couldn't be negative, or infinite either, but both of those are perfectly valid in his code.

The test should never produce a negative number, but the display page needn't care so long as the parameter is cast to a numeric value and any numeric value could be processed without error.

3) He didn't bother to put a transaction ID or anything in his foolishly obvious Get parameters, so the data can be changed and changed and changed again and the program won't care.

Exactly, the program won't care. If you want to screw with the paramater, you get a screwed up result, GIGO, but the program doesn't crash, you can't run any code or inject arbitrary SQL, so there is nothing wrong with this.

You're right on the money here. The posting was cute, to be sure. It doemonstrates that a user can get information as bad as he or she likes. The fact is that the site also provides a retest link that seems to return pretty accurate information, and to take its time i doing so.

So, it is cute, but not really a WTF.

Anonymouse:

Your flux capacitor is plugged in backwards.

That made my day. I love that line!

Dwayne:

HOLY COW I'M TOTALLY GOING SO FAST AW F***

WTF are you kids doing on my lawn?!

CAPTCHA: paint- my world with 1's and 0's.

Now we can download the *whole* internet :)

mkb:

themagni:

Even if the URL was altered by the submitter, aren't you not supposed to send data in plain text in URLs?

It's more that every query string should identify a unique and permanent document. That's what REST really means.

RFC 2616 only requires that a GET request be idempotent. There's no need for it to identify a "unique and permanent document". In fact, there are a number of provisions in HTTP/1.1 for that assume GET targets generally won't be permanent, such as the expiration date mechanism.

There's nothing wrong with using GET to implement a calculator, for example. (It'd be largely pointless, but not wrong.)

--
Michael Wojcik

Satanicpuppy:

MOD:

that's not really a WTF... most of us are coders... many of use are web developers... if we didn't think of a bogus query string, or post situation as the likely cause within a few seconds of seeing the results, well... that wouldn't say much for our troubleshooting skills.

Pretty much.

1) He used Get, and didn't bother to hash the display string at the very least.

2) He didn't put rational parameters on the number returned. It should have been obvious that the number couldn't be negative, or infinite either, but both of those are perfectly valid in his code.

3) He didn't bother to put a transaction ID or anything in his foolishly obvious Get parameters, so the data can be changed and changed and changed again and the program won't care.

Just a mess.

Well, sort of. I am not sure that post v. get buys you anything except this sort of embarrassment. Anyone with Firefox and Webdeveloper can alter what is being posted anyway.

The real WTF is that this was not designed with any real awareness of good coding practices. The best way to do this would have been to:
1) store the beginning and end of the download on the server connected to a session id and
2) Have the browser retrieve the graph via the session id.

This would have been trivial to do but many software engineers have no engineering skills.