- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Frast!!!one
Also, this clearly isn't a WTF. PHP runs on the server, and is guaranteed to run, while Javascript may be disabled in the client. Duh!
Admin
frist.Random()
Admin
Not much of a WTF if they were trying to avoid JavaScript.
Admin
<respectdemand>FRIST!</respectdemand>
<sarcasm>And it is obvious to any code monkey that SERVER-SIDE randomness was key to this application's security</sarcasm>
<trollevasion>I'm well aware that whether the PHP or the javascript picks a random number would not change security aspects of this particular app.</trollevasion>
Admin
They were obviously just worried about client side performance. They're doing a nice thing offloading some of the intensive calculations to a dedicated server farm.
Admin
Except the only line of PHP was to generate JavaScript code. Which wouldn't run anyway.
Admin
Admin
You are joking right? The flash object is created using javascript.
Admin
If they cared if the user had JS disabled or if they were trying to avoid JS they probably wouldn't be using the SwfObject plugin in the first place
Admin
Did anyone else read thedailyswf?
Admin
The real WTF is that they're using random numbers to force reload. You should use a timestamp instead, like this:
var t = Date(); var url = "file.swf?t="+foo.getTime();
Admin
Fixed my own wtf.
Admin
Angit me Fanniae valetudo.
Admin
This must be similar to TDWTF's typo.rand() function.
Admin
This may not be obvious to all, but I'd imagine using PHP instead of JS would have only 1 plausible effect.
Caching.
Instead of the flash url being random for every page load, it would only change between non-cached page loads.
IE: You could adjust the cache time of the video by adjusting the cache time for the page it was referred from.
Of course, you could just adjust the cache time of the video, but having them bound together plausibly has use.
But I'd probably want the code to be a bit more intent-oriented to explain that is what they wanted from it.
Admin
in b4 "all PHP devs are retards" or "this is why I wouldn't use PHP to put out my own mother if she was on fire"
Admin
This is pretty tame by WTF standards. Where's the ridiculously horrible code that makes me want to impale my face on the nearest pike?
Admin
Thank you, Captain Obvious... no sarcasm intended... Indeed, clicking Refresh or Back or Forward would result in the same page with the same flash object until the cache expires, whereas including the random function in the javascript would change it. Sometimes it's frustrating to say to someone "take a look at this funny video!" only to find that it's been replaced by someone throwing a puppy off a balcony.
Admin
Well it's pretty stupid but it's hardly outrageous. I would imagine the reason behind this is because PHP's rand() function takes two parameters to specify min and max bounds. The coder has used these to produce a random number between 100 and 999. Javascript's Math.Random() function takes no arguments and always returns a number between 0 and 1. Sure, it wouldn't be hard to convert this to the desired representation but by sending it off to PHP's rand() function he has saved himself a few extra lines of numeric conversion. The guy is clearly a bit lazy but he's not up (down?) to the standard of most WTF coders.
Admin
Admin
Admin
And? This ruffles your feathers?
Admin
Ah puppyrolling. It's my favourite thing after cheese.
Admin
somewhow the best "wtf?" in months
Admin
Avoiding Javascript is a pretty normal behavior, but a Flash file that can't produce a random number on its own?
Admin
Not to mention the fact that Flash has Math.random built in.
Admin
Well, if this 'abomination' </sarcasm> passes for a WTF these days, those 'Bad Code Allotments' we saw advertised some days ago might not be neccessary anymore. The bug-free era of coding is dawning...
Admin
Admin
What about the ayn.rand() function? It would randomly pick from words like "free", "market", "capitalism" and so forth.
Admin
You obviously have no understanding of the small details of web programming. If that page was loaded from the website, the SWF received a different parameter each time - and thus would behave differently each time.
On the other hand, if someone saved a local copy of the site (e.g. using wget), the SWF would receive the same parameter each time, thus behaving identically each time.
I bet that was the real reason for using php's rand() instead of JavaScript's Math.random(). That guy was simply too smart for you :D
Admin
Isn't that what all the cache related HTTP headers are for? Appending a random number is a dirty hack to something that already has an elegant solution.
Admin
I was thinking the same thing, you beat me to it. Touché, good sir.
Admin
Admin
Admin
So, 0.5?
Admin
function myRandom(){ return 9; }
Admin
No more wobbly letters in strange fonts. No more weird lines, flashing backgrounds, and consequent epileptic fits.
In theory, no more random dismissals by TDWTF, even when you get the captcha right (although I wouldn't bank on this).
Security through antiquity! Requiring the poster to form a correct sentence around the captcha is bot-tastic!
What's even better is that you can choose the corpus for your captchas in order to filter through only the finest dew-picked appropriate comments. High-class sites like this obviously require Latin. Many technical blogs can probably get by with remedial English. Those devoted to sports fans need little more than baby talk.
It's the wave of the future.
Contraxit hanc dum assidet Iuniae. (Otherwise, by my own rules, I wouldn't be allowed to respond.)
Admin
Sadly some poorly written web caches (some ISP ones spring to mind) choose to ignore those headers and instead rely on the GET string. This means the insertion of a timestamp or unique-enough string of some kind into the URL for every call is necessary as well as passing those headers.
Admin
FTFY
2nd attempt, now a spam filter nag?
Admin
Admin
ActionScript === JavaScript. They could have sent the same SWF each time and generated Math.random from within the Flash object
Admin
Or ActionScript's random function..
Admin
Admin
Have you actually READ what most people are capable of writing? "Hai, u r gud pursen, u wan b mi frend?" Some people, educated (??) people, have a bare grasp of the english language, and you expect them to know LATIN?!
By your rules, and my idiocy: "Tego" is the captcha I received, and it is the first word in this sentence.
Admin
Math.Random() * 899 + 100
Admin
It's not a parameter for the .swf file, it's just to make sure that your browser always downloads the latest version.
Admin
In fact, it's only using the random number as a parameter for the SWF file. Wouldn't be even easier to use ActionScript's Math.random()???
It's a double WTF!
Admin
In the interests of preventing caching there is no difference whether the query parameter is 386 or 0.3861531158954592. This parameter does not contain any useful information by itself, its only purpose is to generate unique URLs.
Admin
Admin