- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
oh guys, I just changed my pin to 0000! I seem to be unable to log in!???
Admin
Hahah. Brilliant my friend. You've made my day!
Admin
Wow. That's all I can say. There needs to be some kind of consequence for people doing things like this, like some sort of global up/down voting for specific programmers. Just. Wow.
Admin
The Worsst WTF Failure
Admin
So the canonical 4-digit PI number would of course be 3.141? But where is the decimal separator on those machines you can get money out of? The old AT machine in my attic has a "." key, but the slot on the front is for putting floppy disks into, not for taking money out of.
I'm confused :)
Admin
PIN number? Why would anyone need a "Personal Identification Number number"? (Yes, I know it's the same as ATM machine, or calling a car(automobile, self-moving) an auto (meaning self), which many people do all that time...)
Admin
It's the answer to the question "How many PINs do you have?"
Admin
Add 1 and it will be great for purchasing birthsday cake candles.
Admin
BOFH would. He'd set his to 9834 and tell the users the pincode should start with 00 for increased security.
Admin
You mean one with a 286 CPU and the number starting with 3.14?
Sorry, these acronyms are taken already.
Admin
Please explain, why would reptiles be interested in mammaries?
Admin
Indeed it's Miss Elizabeth Bennet (First line of the book I beleive...) I'm amazed that any geeks know this! (I only know as I married a linquist with a penchent for classic lit.)
Admin
There was an episode of Doctor Who some time ago where a woman in a bridal dress suddenly materializes inside the TARDIS. This blows the doctor's mind and the only thing he can utter is "What?!" over and over again. This post had the exact same effect on me.
Admin
It's a fairly common (and sensible) requirement. I help design and support clinical databases. Nurses will generally use shared terminals on, for example, a ward. You don't want nurse B using nurse A's session to enter data, so nurses will generally get a lower timeout than an office-based admin who has sole use of a terminal.
We actually implement 3 timouts - in order of precedence, the user's timeout (if set), the group timeout (if set), the global timeout (fallback).
Well, that's the theory, but it generally comes down to bitching to the admin to get your timeout increased.
Admin
Yes. Page 1, sentence 1: It is a truth universally acknowledged, that a single man in possession of a good fortune, must be in want of a wife
Talk about your bizarre culture references. :D Oh mr. Darcy!
Admin
ah, but I'm shure you have used the term "bus" (referring to transportation) yourself multiple times without nursing qualms of that sort, haven't you? ;o)
Admin
"Nobody would ever use a zero at the start of their PIN!"
What an odd piece of code. Why would you take the PIN of the user as an arbitrary timeout value? Whatever happened to global variables...
Not to mention that a user who started their PIN with a 9 would stay logged in for at least 2.5 hours. The security team would love that.
Admin
To login please enter your User Name:******** Please enter your Timeout:****
Admin
In my youth we used to call them "pin codes" and everyone was happy.
Admin
The real WTF is that the article implies it was a clunky system because it was PHP based. It could have been just as clunky as an ASP or CGI based system... Although if it was ASP it would have been more enterprise, and thus no need to specifically say it was clunky.
Also, what's with everyone saying "brilliant" in comments now? Did the old joke police come and take away "brillant"?
Admin
Admin
There are those of us who prefer to sidestep this entire issue and refer to these numbers as "ATM codes", or more generally "[thing you're trying to access] codes".
Admin
Nah. The REAL WTF is pedantic idiots with no sense of humor.
Admin
And we have yet another pedantic idiot without a sense of humor.
The real WTF is why this site seems to attract them. Something in the ozone over Alex's office perhaps?
Admin
And then there were three.
Admin
And yet another one... See what I mean about them gathering?
Admin
HAHAHAHAHAH. Loved that.
Admin
Brillant!
Admin
Most development environments allow a 'search all documents in project' feature in the find dialog, allowing you to, of course, search all the documents in the project. He could have simply searched for all instances of getTimeOut() and taken appropriate action. Failing that, he could have band-aided the situation as follows:
the first approach is ideal, as the code is cleaner at the end, but takes the most time to implement. The second has the result of fixing the problem in a way that it's unlikely to come up again, but the code is still as bad as it was before (slightly worse, since that's something of a magic number). Simply telling the user to not use PINs below 1000 is prone to issues, as it's highly likely that someone will disregard your instruction, and this will become an issue that has to be 'fixed' on a regular basis.
Admin
Admin
EXPORT TMOUT=0 (If you remember this, poor you)
Admin
Sure? Actually I think it was very clever not to change the code.
Admin
I'm missing something here. SALT = Strategic Arms Limitation Treaty So SALT Talks = Strategic Arms Limitation Treaty Talks.
So what was your point?
Admin
Admin
KenW: What is there to wonder about it? There are plenty of nerds who love clear, logical rules and disdain those who don't follow the rules - without realizing that 1) there are often multiple alternative systems of rules that could be applied, 2) no one knows every logical rule that can be applied in a specific situation and that is ok, and 3) applying logical rules is not always necessary or even reasonable.
Even a nerd who is badly affected by this kind of adherence to a specific set of logical rules can make a good living as a computer programmer. Once they learn enough rules about programming practices, they are naturally abhorred by programmers who don't follow the exact same set of rules. Then they flock on the daily WTF to make fun of others who do things differently. On each post they align into groups according to their preferred solution to a particular problem, and these groups blame each other for doing things wrong, writing their posts wrong, etc.
But don't worry, before long you will be assimilated, if you aren't already.
Admin
It's an homage to Bob Metcalfe, obviously.
Admin
But I think what Steve actually meant to ask was "why on earth would anybody want the timeout to vary by password?"
Of course, I'm sorta old-fashioned. YAGNI and "emergent design" are all very fine, in their shiny, new, little way. I have this tedious hang-up over requirements, y'see...
Well, if you really want to implement different levels of security, you can use these things called "groups." That's on old-fashioned and ineptly-implemented Multics systems like Unix, so the concept of "security" is still rather fuzzy. Proper operating systems do things better. And then we have the default "Administrator" setting for MS stuff, which is always good for a laugh.
But no, you go ahead. Dealing with access issues on a user-by-user basis seems perfectly sensible to me.
Admin
You cringe at that, but I work on a system where it prompts you for exactly that. User, Pass, and timeout.
Big E
Admin
That's where SubVersion's Blame function or Microsoft Team System Annotate function comes in... You only need a SLAP function a long with it...
Admin
Hmm... Dwelve in the code. Twelve. Elves. A dozen elves dwelving in the code. Priceless!
Admin
Give to user 1337? admin noob )
Admin
To me this WTF looks really plausible. Maybe you need years to stumble across such one but I know they exist. This is kind of soft coding the time out period (at least they didnt use the birth date).
Admin
Just for adding to that:
English is a Crazy Language
An Excerpt from the Introduction, by Richard Lederer
Let's face it -- English is a crazy language. There is no egg in eggplant nor ham in hamburger; neither apple nor pine in pineapple. English muffins weren't invented in England or French fries in France. Sweetmeats are candies while sweetbreads, which aren't sweet, are meat.
We take English for granted. But if we explore its paradoxes, we find that quicksand can work slowly, boxing rings are square and a guinea pig is neither from Guinea nor is it a pig.
And why is it that writers write but fingers don't fing, grocers don't groce and hammers don't ham? If the plural of tooth is teeth, why isn't the plural of booth beeth? One goose, 2 geese. So one moose, 2 meese... One blouse, 2 blice?
Doesn't it seem crazy that you can make amends but not one amend, that you comb through annals of history but not a single annal? If you have a bunch of odds and ends and get rid of all but one of them, what do you call it?
If teachers taught, why didn't preachers praught? If a vegetarian eats vegetables, what does a humanitarian eat? If you wrote a letter, perhaps you bote your tongue?
Sometimes I think all the English speakers should be committed to an asylum for the verbally insane. In what language do people recite at a play and play at a recital? Ship by truck and send cargo by ship? Have noses that run and feet that smell? Park on driveways and drive on parkways?
How can a "slim chance" and a "fat chance" be the same, while a "wise man" and "wise guy" are opposites? How can overlook and oversee be opposites, while "quite a lot" and "quite a few" are alike? How can the weather be "hot as hell" one day and "cold as hell" another?
Have you noticed that we talk about certain things only when they are absent? Have you ever seen a horseful carriage or a strapful gown? Met a sung hero or experienced requited love? Have you ever run into someone who was combobulated, gruntled, ruly or peccable? And where are all those people who are spring chickens or who would actually hurt a fly?
You have to marvel at the unique lunacy of a language in which your house can burn up as it burns down, in which you fill in a form by filling it out and in which an alarm clock goes off by going on.
English was invented by people, not computers, and it reflects the creativity of the human race (which, of course, isn't a race at all). That is why, when the stars are out, they are visible, but when the lights are out, they are invisible. And why, when I wind up my watch, I start it, but when I wind up this essay, I end it?
Now I know why I flunked my English. It's not my fault, the silly language doesn't quite know whether it's coming or going.
Admin
So just use a random 4-digit number > 1000 and you're in
Admin
And even Churchill did it:
http://www.getitwriteonline.com/archive/022703.htm
Admin
Hey, I often put my personal PIN number into an automated ATM machine.
Admin
No offense, but what's wrong with all you people - giving obvious answers to obvious problems - duh!
What these post are for is fun - you don't have to prove that you are able to write a loop or two all the time.
Admin
Actually i made a pulldown with the wanted timeout(they wante me to make the timeout customizable), and used $_POST['timeout'] ;)
But yeah, I set his password to 1337 as i was in a wtf-shock.
Admin
Well, it's beeter than setting the PIN to the timeout value!