Comment On Real Coders Don't Need Drivers

FIRST.  wow, im cool

Well, at least it worked... kind of...

Anonymous:

FIRST.  wow, im cool

No, you have too much free time ;)

4th place! not bad...

wow.



that's all I'm going to say.

WTF??!?

This guy is obviously an old-sk00l shell scripter who has just learned python. I've seen stuff like this as a BASH script too many times to count.

The sad thing is how often this happens. I was hired once to rewrite the back-end a non-functional adult website (no puns intended). The Perl scripts the last 60-an-hour consultant wrote were littered with backticked calls to MySQL.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland. The good news is that, since originally posting this way back in July of '04, I have only seen one or two other variations of this driver-less SQL sent in ...

When asked to fix an application here at the university that lets students create their own mailinglists, I stumbled over this python script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the author has discovered a way to avoid compiling a MySQL driver for Python - by using the "mysql" shell tool and parsing the output by splitting it by whitespace. (This will of course fail if anything resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Alex Papadimoulis:

Today feels like a great day to revisit this classic post from Stian Søiland.
The good news is that, since originally posting this way back in July
of '04, I have only seen one or two other variations of this
driver-less SQL sent in ...

When asked to fix an application here at the university that lets
students create their own mailinglists, I stumbled over this python
script that tries to synchronize database entries with Mailman.

In addition to exploring how to create ugly code with Python, the
author has discovered a way to avoid compiling a MySQL driver for
Python - by using the "mysql" shell tool and parsing the output by
splitting it by whitespace. (This will of course fail if anything
resembling a space is present in the database)

Also notice the creation of mysql_cmds.txt for stuff to be executed by the SQL server.

My apologies for the image; they didn’t have HTML syntax highlighting invented back when I originally posted this.

Can someone port this to Windows for me? [:P]

(I see that one way or another, the forum software is going to have to change...[8-)])

This could be a useful trick if you're using an obscure scripting language that really doesn't have MySQL drivers >:-)

--Daniel T

So I guess reposting old WTF's is a good way to say he's run out of real coding errors?

Wow, did the author of one of the WTF's get pissed at Alex or something?

Regretfully changing the software won't keep this from happening.  Even if you are required to sign up first this guy can sign up, post get banned and sign up again using yet another msn or hotmail address.

____________
I am that signature virus, propogating in an assited manner.

A co-worker pointed out to me... Judging from the setting, it was probably some poor kid fresh out of Programming 101 with no clue about database libraries, getting paid $5/hour to build this script. If it was in an professional/enterprise/production setting, fine, it's a WTF - in this case, it's probably just a clever student.

--Daniel T

One more comment ;-)

That screenshot is from EditPlus, isn't it? I love it!!!!

--Daniel T

This guy probably heard that "Python is a scripting language" so he's using it as a replacement for #!/bin/sh instead of the full-featured programming language that it is.

Anonymous:

Wow, did the author of one of the WTF's get pissed at Alex or something?

Regretfully changing the software won't keep this from happening.  Even if you are required to sign up first this guy can sign up, post get banned and sign up again using yet another msn or hotmail address.

____________
I am that signature virus, propogating in an assited manner.

Slightly more sophisticated software could weed out excessive repetitions, maybe. Also, just a line of code could get rid of those Javascript "injections."

Anonymous:

The sad thing is how often this happens. I was hired once to rewrite the back-end a non-functional adult website (no puns intended). The Perl scripts the last 60-an-hour consultant wrote were littered with backticked calls to MySQL.

Yes, but that's Perl - backticked calls to external programs are a long-standing tradition (albeit in this case a WTF-worthy one). Python makes you jump through slightly more hoops to do the same thing (and probably with good reason).

Anonymous:

Regretfully changing the software won't keep this from happening.  Even if you are required to sign up first this guy can sign up, post get banned and sign up again using yet another msn or hotmail address.

Slash ( http://en.wikipedia.org/wiki/Slash_%28weblog_system%29 ) does a very good job at filtering out trolls. 

Alex Papadimoulis:

by using the "mysql" shell tool and parsing the output by splitting it by whitespace. (This will of course fail if anything resembling a space is present in the database)

For what it's worth, the MySQL shell tool outputs tab separated values. So the script won't "fail if anything resembling a space is present in the database", just if there's a tab.

R.Flowers:

Slightly more sophisticated software could weed out excessive repetitions, maybe. Also, just a line of code could get rid of those Javascript "injections."

You wish. For example, I took a look at the LiveJournal code, and while the comment-parsing code is fairly secure (due to a paranoid HTML parser and rewriter) it had a number of additional checks required to handle web-browser specific quirks in parsing HTML, which obviously only got added in response to people noticing security holes. Also, anything short of a full parser (ideally whitelisting), preferably rewriting the HTML in an unambiguous fashion, probably won't cut it reliably due to various... interesting tricks involving HTML entities, comments, punctuation and the like.

Anonymous:

This could be a useful trick if you're using an obscure scripting language that really doesn't have MySQL drivers >:-)

--Daniel T

... as opposed to a language whose selling point is integration with the database at the web server.  Lets not forget that this code isn't running anywhere near a backend.  This code runs where UI is rendered.  :)

squirrel:

Anonymous:

This could be a useful trick if you're using an obscure scripting language that really doesn't have MySQL drivers >:-)

--Daniel T

... as opposed to a language whose selling point is integration with the database at the web server.  Lets not forget that this code isn't running anywhere near a backend.  This code runs where UI is rendered.  :)

Haha, my apologies to the Python coders (really!).  I don't know why I read this post as PHP.  Maybe the syntax coloring <g>.

Anonymous:

For what it's worth, the MySQL shell tool
outputs tab separated values. So the script won't "fail if anything
resembling a space is present in the database", just if there's a
tab.

Except the script uses .split(), not .split('\t'), so it will split fields on any whitespace, not just tabs.

R.Flowers:

Can someone port this to Windows for me? [:P]

(I see that one way or another, the forum software is going to have to change...[8-)])

Amusingly, as long as you have a cygwin/mingw compile of mailman sitting in c:\usr\local\mailman (or whatever your system drive is), this python script would work just fine, fwiw. :p (Unless they're shell scripts, guess you'd have to replace them with batch files that ran them inside the cygwin environment.)

Thankfully I can't see whatever got posted, and I don't really care anyway as long as it isn't another goatse. But I am a bit worried that next up is IE/ActiveX exploits.

and r. flowers, I find your avatar a bit umm, disturbing.

Not that that is a bad thing.

I think the only way to be rid of things like this is to deny all javascript and html and just simply block text all replies.  Even then you won't have a decent way around repeated lines in a post or even for someone to copy the entire first chapter of a novel into the post and upload, no repitition is necessary.  This then leads to the question of how long can a post get before you truncate it?  There is no perfect answer.


CAPTCHA = register (is someone trying to tell me something?)

Anonymous:

and r. flowers, I find your avatar a bit umm, disturbing.

Not that that is a bad thing.

I think I will change it. He's starting to disturb me, too. I found him by doing a Google image search for "WTF."

foxyshadis:

Thankfully I can't see whatever got posted, and I don't really care anyway as long as it isn't another goatse. But I am a bit worried that next up is IE/ActiveX exploits.

Don't know about that; someone was injecting invisible JavaScript that would quietly post a comment on IE on some of the other forum threads earlier, though. (At least, it would if it actually worked - so many script kiddies just don't test their code properly. I really don't know what the world is coming to...)



Besides, I use Konqueror, so I'm probably safe (you can more-or-less use the forum, as long as you pretend to be an IE user and don't try and use the fancy WYSIWIG HTML editor/toolbar - would it kill them to write portable code for once?).

would it kill them to write portable code for once?).

Yes.  It was part of the deal that Bill signed with the Devil.

I actually like the general approach for its decoupling qualities:

- No need to link a specific database library into the server

- Easily adaptable to other database CLIs - at least in theory

- Execution time is generally not an issue this days on web servers (unless you run Slashdot or some other popular site)

 

Anonymous:

This guy probably heard that "Python is a scripting language" so he's using it as a replacement for #!/bin/sh instead of the full-featured programming language that it is.

Now you're just trolling, aren't you?





BTW, does Python have weak references?
I just read an introductary book and there was no mention of this feature.

I like its highly modular architecture. It seems that /usr/local/mailman/bin/list_lists, /usr/local/mailman/bin/newlist and /usr/local/mailman/bin/rmlist are all separate scripts, called by os.popen and the like. They might be even some bash for all we know.

And intermediate mysql_cmds.txt is probably being created for efficiency reasons - the coder must have thought it's faster to have one call to os.* than thousands. This is optimization gone the absolutely wrong way. But it's nice he put some effort into it...

Of course.. the weakref module. It is seldemly used by Python programmers, though, usually only for backend maintenance stuff.

Yeah.. they are actually Python scripts as well.. but it would obviously take a bit more effort to open the files and read which mailman libraries they were using.

What I like about this code is how they are using "Python" like if it was bash, ignoring every possibility to use a normal database driver or mailman libraries. Of course, using Python instead of say bash will make it a bit easier to split those lists by  [a for a in existing if not a in db_list_names], but that is about the only Pythonish thing in the code - which of course in newer Pythons is done faster and easier by using sets.

Anonymous:

BTW, does Python have weak references?
I just read an introductary book and there was no mention of this feature.

Of course.. the weakref module. It is seldemly used by Python programmers, though, usually only for backend maintenance stuff.

Full documentation at http://www.python.org/doc/2.4.2/lib/module-weakref.html - as well as Python's standard weak references, there's also weakref proxy objects (which act almost like the actual object referred to - not a good idea to use carelessly, since they might disappear at any moment) and dictionaries with weak keys/values.

trollable:

BTW, does Python have weak references?
I just read an introductary book and there was no mention of this feature.

If you're looking for something in Python, first stop is the Global Module Index, always (second one is the standard library reference).

And in the Module Index you can find the Weakref module, introduced in Python 2.1.

(oh, and for the people who don't know python, it has at least 1 or 2 mysql modules, at least one of whom more or less compliant with Python's DB API 2.0)

trollable:

BTW, does Python have weak references?

Yes, it does. Use the weakref module.

trollable:

BTW, does Python have weak references?
I just read an introductary book and there was no mention of this feature.

I don't know - does C or C++?

Python is my favorite general-purpose scripting language (rather fond of JavaScript, but it has pretty narrow applications), but I didn't know about this syntax which still kind of blows my mind:

db_list_names = [a[1] for a in db]

This is definitely not typical Bourne-shell style.  Seems like the bass-ackwards kind of thing that might be possible in Perl, however.

That's a list comprehension. It's equivalent to doing:

db_list_names=list()

for a in db:

    db_list_names.append(a[1])

They don't need those temporary files

proc_open -- 
Execute a command and open file pointers for input/output
http://php.net/proc_open

oops. Didn't really read the code, beyond noticing mysql and the temp files. not php

http://www.python.org/doc/current/lib/module-popen2.html, the python equivalent of php's proc_open

My goggles! The eyes do nothing! O_o

jspenguin:

That's a list comprehension.

Interesting, though I find this concept kind of hard to... um... understand.

I don't know - does C or C++?




C++ - weak_ptr



C - Shouldn't be hard to roll your own, what do you think most of these GC languages are written in?

Probably the original coder didn't have root to install the "official"
MySQLdb  package.  Rather than annoy the sysadmin (or attempt
to install the MySQLdb package in his home directory), he decided to
take matters into his own hands.

Hey [I] , weren't there license restrictions with using MySQL client libraries - they first changed from lgpl -> gpl, then added the 3 licensing models: foss license, gpl license and commercial license?

For a time being, the situation was gpl for client code. Dunno the exact circumstances today. [^o)]^ Also, efficient bulk importing and exporting are normally not exposed via python db api.

Still WTF - for inserts etc this is weird. And the py is quite ugly. And os.system is very expensive on win32. [N]

 

Then you'll love generator expressions:
gen_exp = (a for a in something if a == 'foo')
will produce a generator which will produce the list of all values in 'something' that is 'foo'. So like a list comprehension but produces its values lazily.

Produce a list from that with list(gen_exp) :)

List comprehensions are the gift from god. So many stupid for loops can be stuffed into a little list comprehension. If you want to have a crash course in generator expressions and list comprehensions, take a good look at the results of the Python Coding Contest[1] that was held in the last week of last year; nearly all solutions used three nested generator expressions, except the winning one, which managed to use only two.

On second thoughts, maybe it's not so good for beginning Python coders to look at this code. ;-)

[1] http://www.pycontest.net/ranking/

fuck you guys are nerds go play wow or some shit