- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
So, that would just be idiotic design by the "web developer" that allows the user to use the URL to get around actually signing on with a username and password. Why would the solution to this problem be to change the URL to LOGGED_ON=YES? It's not that much harder to hack.
If someone wants to play around and manually type in the URL, they might very well try changing the YES to NO and see what happens.
Admin
I tried later on and it didn't work; they must have fixed it. The first time I tried, it did work.
Admin
wuzzah, uh,... Seriously?
Admin
[leonardVoice]
I believe you'd get your ass kicked saying a thing like that.
[/leonardVoice]
Admin
That's a wonderfull honey pot.
Or a good cloaking technic.
Admin
Amen, brother! Amen!
Sincerely,
Magic Duck
Admin
I am a developer of a realy nice CMS and we develop for firefox/mozilla/safari then do some hacks to get IE to look right... there's only one developer here who prefers IE and will use tables and transparent images to build a layout...
We're in the transition stage right now from that one developer and tables/transparent images to Divs and CSS. In this time the 'spacer.gif' is the bane of our web existance, it's a single pixal transparent gif that has been used for easy spacing on a webpage, so you'll see img tags all over our older sites with this image...... we've had trouble in several places becuase we will be 6 to 10 tables deep, all of our old code will create tables for everything. Even the class bully is scared by some of our HTML output......
Admin
... that is a reply to "awaiting troll points" or Elf 17... depending on which part of his message you look at....
Admin
I had heard of this recently.... it's called the 'shock and awe' secure network technology. I heard there's a cert for this too! gonna get certed and make some good cheese!
Admin
I just got certed and now I'm a MCSAWSNT. Sweeeeeeeeeeeeeet!
Admin
Nope.
The type of job most young people can expect involves phrases like "would you like to super-size that?" and "you want me to do what with my WHAT?"
The type of job you and your friends can expect involve ASP.NET.
Why? Because that's the type of jobs that are going around, and that are hiring you and your friends.
Today's lesson has been brought to you by the letter "DOH!".
Admin
What would a COBAL version look like?
Admin
"12345?!? That's the kind of password an idiot puts on his luggage!"
Admin
Debating stuff is not politically correct. It may tempt people to think, which is something uncomfortable for some.
Admin
... typos and all ...
The fun part about this is that it took that first generation 20-30 years to hit technological old-fogeydom; this new batch'll be staring down that barrel in 10 years, max. They'll be like athletes that blow out a knee or rotator cuff and have to retire at 30, but they won't have the multi-million dollar contracts to build retirement on, and there'll be a tidal wave of old-butt-kickers waiting to replace them at a better rate.
Good times.
Admin
Spoken like a true Haskell smuggie.
No, I don't really care. Since you completely missed the point of my entire post, I'll reiterate. It doesn't matter that your language of choice (which is obviously Haskell) is great for certain things. It's not as good as others for other things. Imagine that!
Wow, great going, dipshit. You think you're the high and mighty king of computing now? Get off your high horse and introduce yourself to the real world.
I knew I'd get some smug douche bag like yourself waxing eloquent about their vast knowledge. That's why I purposely didn't go into details. Obviously every CPU is different, retard, do I need to spell that out every time? The point of the oversimplification was not to go into details about which commands to deal with high-order bits in the extended registers the Foo chip can handle, it's that they all come down to the same basic principles. It is you, sir, who needs to shut the fuck up. Note also that I didn't point fingers in my original post. It was a generalization, and you certainly fit into that category.
Maybe you should actually read my post before you decide to go all out and personally degrade me. To quote:
Dipshit.
Admin
I just want to say, I admire you!
Admin
I use IE6 and IE7 beta 2 looks terrific. Maybe you missed that it's a beta somehow. And far more stable than some pre-1.0 browsers I could mention (cough-Mozilla-cough).
Admin
To responsd to you and clarify on the original post: nothing, if you keep it nice and are actually "discussing." The people I was referring to are the elitists, who always must assert their superiority. As long as it doesn't get personal, I'm all for discussing the merits and disadvantages of languages. I just have yet to see that happen on this forum (that's a lie--I've seen many good things in this very thread), because of the aforementioned idiots.
Admin
Dismissively,
Rob Briem
Admin
Can you please get a life. It annoys the crap out of me everytime I read one of your posts, I doubt i'm alone.
Sincerely,
!Gene Wirchenko
Admin
Hi Rob,
First of all, my message was indeed harsh and definitely portrayed me in a negative light. Secondly, thanks for taking me seriously enough to respond. Now that I've "cooled down," so to speak, let me respond.
3. Exactly right, and I actually considered that during posting. When it comes down to it, the old forum joke is true. I guess I thought that I wasn't alone in getting irritated by all the arguing and would post my thoughts. Obviously, they haven't really contributed to the converstaion, so it backfired.
4. No problem. I only hoped it pointed to the spiteful, yet sarcastic tone of the message. I guess, when it comes down to it, I was ultimately joking--it does bother me, but not to the extent which it seems.
5. Pointing out all the childish things a person does isn't much better. Honestly though, that message was typed in anger. If there's one person I've actually felt strong emotions toward in this thread, it's Gene. And not Wirchenko (I find the whole sincerely thing amusing, at the very least). I'm never justified in insulting someone, but the blantant personal diatribe Mr. Lysenko was dishing out was arguably at the same level.
6. I don't see your point here. This forum software sucks, and whether or not I register should not change anything from your point of view. There's nothing beneficial to being a member since you can't even edit your posts. I'm using my name, after all. Also, I can't even post from any browser besides IE, so that's limiting my posting as I normally don't use it.
7. I don't go away because usually it doesn't bother me that much, and I love reading this site.
Anyhow, even though you obviously don't like me very much, I thank you for the honest response.
Admin
I wouldn't say that there are no outstanding programmers using COBOL. Just that the programmers who believe they don't need to learn anything else, and that web apps are no different from what they were doing 30 years ago, aren't among them.
Admin
Get a job where thinking isn't required.
Admin
Done.
Admin
As you may have guessed or not, it is the typo the joke is about. Under the assumption the (assumed) constant/define of UNDER_NUCLEAR_ATTACK is not 0, the statement
status = UNDER_NUCLEAR_ATTACK
would assign this constant/define to status. The result of the operation would be the value of UNDER_NUCLEAR_ATTACK as well, that means, not null. The if(...) would get a true value and the launch_full_counterstrike() would happen, regardless of the value of status. The correct version would be a comparision (==), not an assignment (=).
Tichy
Admin
Develop with Firefox, test with IE, Firefox, Netscape, Opera, Safari, WindowEyes and Jaws. Sorry, no Konquerer.
Admin
Their FAQ is missing an entry:
Why would anyone do this?
Admin
I'm with Robert Glass on this one.
"Cobol is a very bad language, but all the others (for business applications) are so much worse"
Admin
Really? Our CICS programs build the HTML inline and then pump it out through the CICS web interface. It's Delta though.. not as bad as COBOL.
Admin
Ah, now I know who writes the software that gets hacked in movies.
Admin
now that's the real wtf.. I'm using Seamonkey 1.0 to post this very message
Admin
Wrong! Safari is Konqueror
Admin
Are you explaining the joke, explaining the explanation or are you pointing out the typo?
Admin
Can you please stop following up all Gene's posts with that remark. It annoys the crap out of me everytime I read one of your whines, I doubt i'm alone.
Admin
I'm telling you that you probably should try harder from Firefox 1.5.
no.Admin
First and last.
Tichy
Admin
You're using your name, just as I can use your name and anyone else can use your name. Anyone can jump into a discussion and claim to be you. So, the fact that you are not registered does change something from my point of view. Any follow-ups to the discussion with your name attached to it are suspect.
While there could be some tom-foolerey with registered users passing out their password, it's less likely than someone just coming along and posting with your name.
My point isn't exactly rocket science here. It's pretty surprising that someone with your outspokenness didn't even bother to think your points through even a little bit. For shame...
sincerely,
Richard Nixon
Admin
Hey George -
5. One of the many things I enjoy about this forum is that the discussions rarely devolve into expletive-laden tirades. You briefly stepped in that hole, but back out again; Lysenko fell straight to the bottom. (My opinion).
6. There are several reasons to register, none of which provide you with any direct benefit:
7. Then by all means, stay. Just pointing up some options.
Don't know you well enough to dislike you (yet - don't push it), just trying to keep things civil here. (OH SHIT!!! I just became a forum cop. SHITSHITSHITSHITSHIT, I mean DARNDARNDARNDARNDARN).
Now. Back to making fun of bad code.
- rob
Admin
Rob,
Some solid points. I have caved in to my own ego and registered. You win! (just kidding, I actually still win). As for the profanity, aren't colorful metaphors the spice of life? Though I agree, a flaming tends to only embarrass oneself, and rarely adds things to the discussion or causes change. Especially since I didn't think too hard about what I posted. My bad, what can I say?
Interestingly, I submitted something to Alex a few months ago and it was "added to the queue," but still hasn't showed up. A bit disturbing, perhaps, that there are that many WTFs that we haven't seen before?
Oh, and Richard: I'm surprised a man of your stature didn't simply assume that I was ego tripping...
Admin
Odd. Somehow I'd previously tried in another thread to quote someone, using Firefox, and it raped the code. These last two messages were in 1.0.7, so you don't even need 1.5.
I eat my words.
Admin
I try to not imagine what happens when sombeody submits this url after chaning "admin_password_reset" to "true" on this one:
http://www.schoolexpert.de/home.php4?BODY=welcome&ADMIN=true&admin_password_reset=false&LAND=nrw
Admin
It's so simple to act like a jerk, backpedal, and place the fault on the other party to the behavior. Your profanity was childish and out of place. Your ideas about the merits of registration were ill-founded and poorly thought out. Don't be surprised, just apologize.
sincerely,
Richard Nixon
Admin
Pfft. Everyone knows Triple-Rot-13 is much more secure.
Admin
To you? Don't flatter yourself.
Admin
Well... I'd say you get a full printout of their entire database. ;)
Admin
The offensive language you used was completely out of line. You should apologize for your poor behavior.
sincerely,
Richard Nixon
Admin
You can't be serious. If so, you are a bigger hypocrite than I thought.
Admin
NO U
Admin
One of the reasons I've never bothered to learn PHP is that I was at an introductory talk once, and the sample code had a password check which set a variable (let's call it 'auth') to 1.
"So, what if you put 'auth=1' on the end of the URL?"
The speaker tried it, and it worked... PHP helpfully mixes program-supplied and user-supplied variables. At least there you had to guess/know the name of the variable (and that it was there).
If there are security holes in the first examples new programmers see, it'll always be an uphill struggle from there on out...
Jiri
PS: that includes scanf("%s", fruit); but C is rather too widespread to ignore