- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
If you'd do that, you could be sure that it would be the FIRST thing users notice in the next release. And they'd be upset. 'Who authorized this change', they'd cry.
Admin
for financial applications, it is often standard convention to use integers instead of floats to represent currency - IEEE 754 representation of decimal numbers add a certain amount of error into calculations that builds up over time. this is only a good thing if you're that guy in superman 3.
Admin
Hmmm... I've seen code like before. Along the lines of "Your first name may not contain any number/interpunction etc etc" That was definatly a requirement for the idiots using it, who couldn't grasp the fact that phonenumbers do not contain letters.
I don't think maintenance is the main problem with Brainf*ck.
Admin
I don't think this is really possible. You always have rounding. Multiply your integer-cent based dollar amount by 12.25% tax rate and you likely end up with something that needs to be rounded. Though it does change the equation to int * float which is less error-prone than float * float. Javascript is absolutely the worst for floating point math.
Admin
Just don't get carried away. Signing up for bank account the other day... Username: vt_Mruhlin25 PIN: 10** //I'm not going to give you ALL the digits, but the first two are relevant!
Error message: "Your username or PIN is invalid. Your username must be at least 5 characters long, must have at least one capital letter, must have at least one digit, must not contain the following characters: ' " ? / ! - + = Your PIN must be four digits long, must contain only numbers, must not be a consecutive run of numbers (i.e. 1234, 4321), must not resemble a year (i.e. 1983), must not be the same digit repeated consecutively (i.1. 4444)"
After double checking everything, I determined that I violated the "must not look like a year" rule. Apparently the eleventh century has a special meaning in my life, and everybody knows that.
/ I have no idea how you could say that ANY integer doesn't look like a year though...
Admin
Admin
Been there. Done that. :-(
Admin
Admin
Anybody who uses binary floating point variables to store money amounts in a financial application needs to be fired for gross incompetence, no excuses.
Read more here: http://www2.hursley.ibm.com/decimal/decifaq1.html
Admin
Admin
Admin
Hmm? What about calaculations where you divide? Or multiply by anything other than a whole number? How would you amortize an interest cashflow?
I don't think I can be convinced that binary math is an acceptable estimation for decimal math whenever money is involved...but please, do try to convince me.
Admin
lotusscript (unless you steal VB's)
Admin
Admin
Admin
Admin
Admin
[quote user="Synonymous Awkward"][quote user="FredSaw"][quote user="Mean Mr. Mustard"]No, you ninny! It means "Rolling On the Floor, Laughing Ass My Off"![/quote]Tongue-in-cheek humor isn't your strong suit, is it.[/quote]
yours either?
Admin
Actually, having gone back and looked more closely at the code, I believe it's the victim of several patchwork additions to the original, which probably really did attempt to validate for an integer. Then the program was expanded to have an input box for monetary, so rather than write its own validation they expanded validInt to handle that. Then they added an input box for percentages, so validInt got to test that input as well, and so on until they had the Frankenstein monster we see here.
Admin
Admin
The point is that integers can exactly represent a money amount down to the cent, so it doesn't matter whether they're binary or decimal. When you have calculations that yield a result which can't be exactly represented in cents, you round - but explicitly and in a well-defined way (banker's rounding). Thereby you can circumvent the problems you get when using the implicit rounding of binary floats on values that are supposed to be decimal.
It is, of course, only a poor and inflexible substitute for a proper arbitrary-precision decimal math implementation like Java's BigDecimal.
Admin
[quote user="brazzy"][/quote] There is no difference between "binary math" and "decimal math". There is only a difference between the possible values and rounding behaviour of inexact decimal and binary floating-point representations of numbers.
The point is that integers can exactly represent a money amount down to the cent, so it doesn't matter whether they're binary or decimal. When you have calculations that yield a result which can't be exactly represented in cents, you round - but explicitly and in a well-defined way (banker's rounding). Thereby you can circumvent the problems you get when using the implicit rounding of binary floats on values that are supposed to be decimal. [/quote]
I'm being pedantic here, but there is a difference between binary and decimal arithmetic. For one thing, the values that can be represented exactly differ by notation. In a domain where a value's representation's length is bounded (such as a computer), this indeed implies that the mathematics are different.
Admin
The username requeriments are a true wtf. Somebody confused password rules and applied them to usernames. Usernames are not supposed to be secret!!
Admin
Admin
I love this, mind if I circulate around my department? There's a guy I deal with who, when I ask him to press Enter, /always/ says, "where's Enter?" Then I remember he's put stickers on his keyboard labelled "Down a line" for Enter and "up a line" for backspace. Seriously I had this conversation on Wednesday last week then a colleague had the same conversation on Friday!
Admin
I'd hazard a guess at 1066. It is a very popular passcode in the UK, especially near Hastings, East Sussex. I know of a number of doors and alarms in the area that use that date.
Not sure why? Try Googling "Hastings, Battle of".
Admin
I'd hazard a guess at 1066. It is a very popular passcode in the UK, especially near Hastings, East Sussex. I know of a number of doors and alarms in the area that use that date.
Not sure why? Try Googling "Hastings, Battle of".
Admin
Hmmmm... I'm guessing the last two numbers are '66', which looks like the very fine year of the Battle of Hastings.
Admin
///
/// A description of the regular expression: ///
/// ^$-? /// Beginning of line or string /// Literal $ /// -, zero or one repetitions /// Any character in this class: [:digit:], any number of repetitions /// Literal . /// Any character in this class: [:digit:], exactly 2 repetitions /// End of line or string /// anyone? /// anyone, zero or one repetitions ///
/// ///
Hmm, now that I think about it, his comment was about PERL looking like a tray of type spilled on the floor. PHT
Admin
Whoops, my own WTF. Passed the entire line with the regular expression. Comment should have been:
Admin
10** <-- your first two digits are consecutive!
Admin
I hope you're properly ashamed of yourself. No high tea for you, with or without lashings of crumpet.
Be that as it may: we're seventy-odd into this post, and as usual we've got a whole chicken barn full of people going off on wild tangents, proposing better javascript, etc etc.
Two things are necessary to appreciate why the code, as presented, is just simply the most utterly awful piece of javascript ("The language of the Future!" (c) movies of the 1950s, in optimistic technicolor) I have ever seen.
It isn't quite the grotesque shambles that I've seen in previous WTFs based on javascript.
It isn't quite the grotesque shambles to which I (and, I assume, many others) have been forced to resort when interpolating (never writing, oh no. That would be too shoddy. I ... am an "Interpolator") javascript. I mean, what's with this ".value" thing?
It's worse than that, and it's two-fold.
(1) Idiot attempt to specify exactly what is wrong with the input, on a character by character basis. Not everything is a string. Regexps tend towards the "string" theory of input. A simple, but more polite and slightly more informative version of "You've Fucked Up. Try Again." would work here. We need to get back to OOP in reverse: the input is essentially an object; therefore we need to define the error in object terms (ie "This is not a valid date"). Not in Regexp terms.
(One could dig deeper here with a floating help for the exact format. One could also auto-convert, say, US phone numbers from a sequence of digits into a sequence of grouped and hyphenated digits. This is beyond our current enquiry, and left as the usual boring exercise for the reader. Not that most of you bloody readers need any encouragement. "Let fire the tangential comments of Hell!")
(2) All this checking is going to be done eventually on the server. Which is where it's meant to be done, for the 0.01% of users who don't get the concept of "date." (For those of you still posting your year of birth on WTF, a "date" involves taking a girl -- presumably over the age of 16, but with some of you I'm not so sure -- out and making her laugh. Also, complimenting her for no particular but at least one specific reason. Then saying you had a really good evening, and can I phone you some time next week?* At no point do you show her your birth certificate and warble on about the toy computer you had as a child. This is very important.)
Anyway, where was I? If necessary, the database will bounce the insert.
99.99% of users who get it wrong the first time will understand some vague error message like "Your yak: I love your yak. So nice, the yak-titties: milk for me and my uncle in Kyrghizstan! But unfortunately, we have allergy problem. Please enter US phone number as 999-999-9999."
The others can basically fuck off, to look at this from a commercial point of view.
Basically, the twit at the user end of the (typical) web interface has taken his job too seriously and thus produced a WTF. I think this is Alex' point.
Dare I mention MVC at this point?
(*) If she's a real slut, you can grab her tits at this point. How do you know she's a real slut? Simple. She'll have a giant neon sign over her head saying "I'm a real slut. Grab my tits. Watch out for the lion!"
Admin
Nope, the last two digits are not equal to each other. And I'm from America, so WTF do I care when the Battle of Hastings was?
/ Oh man, I just looked it up on a "this year in history" page. I really wish I could tell you what the only historical event that year was. It's pretty sad.
Addendum (2007-10-03 20:51):
Nope, the last two digits are not equal to each other. And I'm from America, so WTF do I care when the Battle of Hastings was?
/ Oh man, I just looked it up on a "this year in history" page. I really wish I could tell you what the only historical event that year was. It's pretty sad.
// Also, it's not that the first two digits were consecutive. My current PIN is that one backwards, meaning now the last two are consecutive...
Addendum (2007-10-03 20:51): I really suck at this whole appending thing.
Admin
Some script kiddie has inserted java crap in the comments.
WTF
Clean it up and get the site code safe from injections Alex
.....................
Admin
Its a clumsy implementation yes (youngblood I'd say), but long and involved data validation code blocks are NOT necessarily optional!
Often overlooked.
Admin
As evidenced by the asshat posting JavaScript here...
Admin
WTF? See http://worsethanfailure.com/Comments/Multiple-Choice.aspx
Admin
If anyone is interested, the source to the fixer script (<script>-linked to via the subject of the previous comment) is here:
http://marcansoft.com/transf/antixss.js
Admin
Oops, doesn't work with Firefox, presumably because the first XSS kills the entire innerHTML and firefox refuses to run anything else. No clue about IE. It works on Konqueror, though.
Admin
Is that the way it works?
I have, in the past, actually been stopped from putting any kind of data validation in the database. Everything was a varchar with checking mixed between the javascript and PHP.
Admin
Admin
Admin
Just gotta put this one in the code. Being serious, after some of the support calls our helpdesk has to take, implimenting code like this becomes a serious consideration. It seems like almost every day we get a call asking why the system is telling them that February 30th is an invalid date!!
I've gotta find a better company to work for!
Admin
Also known as "The Monkey Test"
Admin
I did that too. I took it off as users complained they couldn't submit their forms. (Sometimes the DNS couldn't be reached to find the MX. I never bothered to contact the mail server though.)
Non-polynomial is_email_ok() functions aren't hot.
Admin
I plan to kill you in the library with a candlestick because you are so Clueless.
Admin
Ummm. Wrong. If you store 0.1, you most definitely do not get 0.99999986. If you did, it would be totally impossible to do floating point math on the computer, as numbers would be off by an enormous amount.
You might get something more like 0.099999986 (note the '0' immediately to the right of the decimal point?)
Admin
Unfortunately it does change the mathematics, and rounding is a merely related but disinct matter.
Consider this: You have a set A_10 of all numbers that can be expressed exactly in decimal notation. And a set A_2 that can be expressed exactly in binary notation. A_10 =/= A_2. So, OBVIOUSLY, addition doesn't work the same in A_10 and A_2. By construction, there is nothing approximate about elements in A_2. And it's easy to show that A_2 is closed under addition.
They are DIFFERENT number systems, because they have DIFFERENT numbers.
Admin
Oh, please, elaborate. Name some readable, maintainable programming languages that do not have a regex library available.
Admin
STOP right there. No matter what you put after that sentence fragment, it is the single dumbest thing ever written on this site. You obviously need to brush up on just how obtuse a user can be... :/