Comment On The Sorry Server

Sorry.

The Daily WTF has it's own WTF! Just setting the background to black to blank out sensitive details just doesn't work. If you select the text the full email address is revealed. I suppose though this is on a public page on the original site so not really a secret.

Maybe they name web servers after their favorite board games? Maybe "SETTLERSOFCATAN" is their SQL Server.

(In other news - typo: "Alex Hobson certainly does *know* where to look")

That's exactly why I never comment my code...

I'm no web programmer, but I assume the second comment implies the cgi and perl scripts are emitting hardcoded html.

"Alex Hobson certainly does not where to look"

I not that there is a typo above, but I do not not where it is.

frits:

I'm no web programmer, but I assume the second comment implies the cgi and perl scripts are emitting hardcoded html.

Not only that but they are probably using fixed string parsing to interpret the source HTML while it is being emitted.

Grep sed and awk are powerful tools thanks to regular expressions, but they can be abused and tortured beyond all recognition.

The same goes for Perl.

(try 1)

Knux2:

Maybe they name web servers after their favorite board games? Maybe "SETTLERSOFCATAN" is their SQL Server.

(In other news - typo: "Alex Hobson certainly does *know* where to look")

I'd name them all after Risk (risk1, risk2, etc.)

Let's contact J. Roberts to get more information on how it's implemented.

RiskStarWars, RiskLordOfTheRings, RiskSpongeBob, etc.

How about the very end of the page where this is found:

<!-- Crazy egg 2009--> 

<script type="text/javascript" src="http://cetrk.com/pages/scripts/0009/9066.js"></script> 

which links to a file that says:

//

Ok, I have to ask... who looks at page source code for no reason? Is there someone out there who enjoys this?

Seriously, who are you people?

I found this in the thedailywtf.com's source:

<span style="background-color: black; color: black">jroberts</span>

Looks like a real WTF to me ;)

> Seriously, who are you people?

I often look at source code for websites that aren't behaving as they should, to try and find out what is breaking and if I can get around it. In this case, the entire codebase sounds about as well-engineered and reliable as a house of cards made out of different-sized cards, so I'm sure if I had to interact with it for any length of time I'd end up viewing source as well.

DOA, I'm one of those dorks. The page gets flagged as 100% valid HTML which is very rare so when I see that I just have to take a look.

TRWTF is thinking the failed redaction of the e-mail address is a WTF. I, for one, think it was a calculated move done on purpose.

Then again, I may be having FAR too much faith in people.

Yeah, I had a good laugh at that. I'm sure it's probably intentional though, given the article!

frits:

I'm no web programmer, but I assume the second comment implies the cgi and perl scripts are emitting hardcoded html.

On the contrary, the perl script is probably emitting the "soft-coded" contents of /cgi-pub/course/newgetcourse_header.txt

Marco:

I found this in the thedailywtf.com's source:

<span style="background-color: black; color: black">jroberts</span>

Looks like a real WTF to me ;)

That's how I always encrypt my personal information!

VISA: 4687943124687
Social Security Number: 123-45-6789 AHHH!!! NO! Go away.

The Sorry Server is a Canadian fork of Apache. It replaces all client-side errors with 500 codes, and modifies outgoing content by injecting the letter "u", and rearranging "er" into "re".

We're still working on the ModEh patch. Sorry.

Jim:

How about the very end of the page where this is found:

<!-- Crazy egg 2009--> 

<script type="text/javascript" src="http://cetrk.com/pages/scripts/0009/9066.js"></script> 

which links to a file that says:

//

Oh, that;'s the fixed version, so you should be fine. The previous one had a bug in it:

// FIXME

The sorry server probably requests that page periodically to make sure everything is OK. Any changes to the particular string they are checking (title) would cause the sorry server to step in, intercepting requests and replying with a "sorry slug" or something.

A website that has
<!-- *snipped* a bunch of JavaScript that Google told us to put in. Seemed pretty pointless and caused an error. We don't need no stinking JavaScript. -->

<!-- span style="font-size:90%;">
<b>Non-WTF Job:</b>
<a href="http://jobs.thedailywtf.com/listing.aspx?JobId=1001480">C++ Developer at Good Grievance</a> (Ronkonkoma, NY)
</span -->

and

<!--
<a href="http://ru.thedailywtf.com"><img src="/Resources/Images/countries/ru.png" alt="Русский Вариант" height="11" width="16" border="0" style="border:solid 1px #CCC" /></a>
-->

Shouldn't be making fun of other people leaving comments in their html.

lastly

/* WTF would TDWTF be without a hack like this? */
if (document.getElementById
&& document.getElementById('MainContent')
&& document.getElementById('MainContent').style
&& document.getElementById('CommonSidebar')
&& document.getElementById('CommonSidebar').offsetHeight)
{
/* since there is no "good way" to have a "liquid" and a "stretchy"
column without tables(*), I'll use this bit of hackery. It usually
doesn't work in FireFox (since offsetHeight isn't known until
rendering is done), but it tends to work OK in everything else
most of the time and doesn't create a "jumpy" effect */
document.getElementById('MainContent').style.minHeight =
document.getElementById('CommonSidebar').offsetHeight;

//* If there is a good way, let me know and I'll mail you a couple
// WTF Stickers!
}

A "Sorry Server" is just a backup node/VIP for your primary node/VIP if it fails a content check. We used it to provide a "Sorry, we're undergoing maintenance" page if the main site was unreachable for various reasons.

I certainly does not where to comment.

To those leet hackers that are finding the 'redacted' email address, is this your first visit here?

And DeVry.edu is full of all types of these if you have the time to poke around.

Graham:

The Daily WTF has it's own WTF! Just setting the background to black to blank out sensitive details just doesn't work. If you select the text the full email address is revealed.

It's a running joke that you fell for hard. There is no need to redact what is publicly visible (eg. HTML for a public website) so Alex does the foreground trick just to troll people like you. Thanks for playing.

I need the Expiration date for that Visa card. Plz?

"Sorry server" is a term also used by certain Linux IPVS (load distribution) daemons. If the health check fails to match a page with a specific pattern, it will remove that particular server from the pool and, if none are left, will send all traffic to the sorry server.

Is the word "Univeristy" like a UUID or something?

Neville Flynn:

Let's contact J. Roberts to get more information on how it's implemented.

How in the world are we going to do that when his e-mail address had been redacted?

Better serv than sorry

<!-- important!/ if you make changes to this comment you must copy and repaste the left nav...

You're sure that this is not a Jacobite institution that tries to fight grade inflation by limiting As?

Captcha: caecus, what you think your users are blind?

I once had a coworker who put html comments in her php code, but she didn't understand html enough to use the right comment tags. She used "<!**" instead of "<!--".

Firefox was forgiving enough to figure out what she was trying to do when it rendered the page for the screen. But then someone tried printing the page out and all of the comments ended up mixed in with the text.

Graham:

The Daily WTF has it's own WTF! Just setting the background to black to blank out sensitive details just doesn't work. If you select the text the full email address is revealed. I suppose though this is on a public page on the original site so not really a secret.

Do you honestly think this was NOT done on purpose? O_o

Comments about comments... I should rest now.

TRWTF is the number of people being had by the obvious troll. Purposeful failed redaction is purposeful.

/* WTF would TDWTF be without a hack like this? */

I just typed random digits. Sorry.

Fenris:

lastly

/* WTF would TDWTF be without a hack like this? */
if (document.getElementById
&& document.getElementById('MainContent')
&& document.getElementById('MainContent').style
&& document.getElementById('CommonSidebar')
&& document.getElementById('CommonSidebar').offsetHeight)
{
/* since there is no "good way" to have a "liquid" and a "stretchy"
column without tables(*), I'll use this bit of hackery. It usually
doesn't work in FireFox (since offsetHeight isn't known until
rendering is done), but it tends to work OK in everything else
most of the time and doesn't create a "jumpy" effect */
document.getElementById('MainContent').style.minHeight =
document.getElementById('CommonSidebar').offsetHeight;

//* If there is a good way, let me know and I'll mail you a couple
// WTF Stickers!
}

To be fair, that last comment is pretty accurate.

Graham:

The Daily WTF has its own WTF! Just setting the background to black to blank out sensitive details just doesn't work. If you select the text the full email address is revealed.

Redaction at its finest; right up there with black rectangles in PDFs and undo logs in Word documents.

I suppose though this is on a public page on the original site so not really a secret.

Yes, there is that…

████████:

Graham:

The Daily WTF has its own WTF! Just setting the background to black to blank out sensitive details just doesn't work. If you select the text the full email address is revealed.

Redaction at its finest; right up there with black rectangles in PDFs and undo logs in Word documents.

I suppose though this is on a public page on the original site so not really a secret.

Yes, there is that…

How are people still falling for the fake redaction joke after it's been explained ten times over in the comments? You all need to █████ and maybe you should consider ████████ before you ████.

DOA:

Ok, I have to ask... who looks at page source code for no reason? Is there someone out there who enjoys this?

Seriously, who are you people?

I found a blank page on their site. The only thing in the source was the following comment:

<!-- Croatoan -->

Yeah, that's pretty sad.

In other news, you can see the full email address by highlighting the blacked-out part in your browser-- not exactly the best way to preserve confidentiality.

HTTP 506 I'm Sorry

Knux2:

VISA: 4687943124687

That fails Luhn. Did you mean: 4687943124685?

It also has the wrong number of digits, but that's another story...

<!--

Max:

Yeah, that's pretty sad.

In other news, you can see the full email address by highlighting the blacked-out part in your browser-- not exactly the best way to preserve confidentiality.

-->

There. Fixed it for you.

Marco:

I found this in the thedailywtf.com's source:

<span style="background-color: black; color: black">jroberts</span>

Looks like a real WTF to me ;)

This is the kind of trash you get when you edit your webpages in Frontpage.

Have a look at the 4th & 3rd from last lines on the main page:

<!-- Crazy egg 2009-->
<script type="text/javascript" src="http://cetrk.com/pages/scripts/0009/9066.js"></script>

going to the source of the .js:

//

Um.... I think it's time to re-review their site for legacy scripts.