- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
i self served myself this frist
Admin
I wouldn't touch the charting control with the username and password controls like that. Let alone the handling of the credit card information. Really, stay away from the site, the control, and anything associated with it - there is too much risk of website exploits and software malware.
Admin
Agreed, UNLESS there is full source code provided, and it is deemed worthwhile to perform a full audit of the codebase.
Admin
"... charting control for the company’s Web-based product ... Tim happily ponied up his credit card info..."
There's TRWTF, right there. Using your own credit card to purchase s/w for the company?
Please take your computer, pack it away in the box it came in, and take it back to the shop. You're too stupid to own a computer.
TRWTF2 is paying money at all, when JFreeChart has been around for ever.
Admin
What makes you think that our protagonist is using Java? How about ASP.Net, Ruby, etc, etc ??? Granted, there is probably a decent charting control for each and every one...
Admin
It didn't say the credit card was for his own personal account, just that it was his info. How do you know that he didn't have his own instance of a company credit card?
Please take your assumptions, pack them away in the skull they came in, and take them back to your mothers cunt. You're too stupid not to stuff yourself back up your mothers cunt.
Admin
Yes, it's called flot and written in JavaScript. (Works pretty well, btw)
Admin
So E-Mails are read off screen, hidden from sight?
Admin
What on earth are you talking about?
Admin
Did you read the story?
The story says that Tim clicked the "Forgot my username" link, filled out some stuff and got a username and password "on screen. in plain sight", instead of via e-mail. So, my question is: Does Tim usually read his E-Mail off screen, hidden from sight, or why is he so nervous about his username and Password appearing "on screen"?
Admin
Because if he puts in someone else's email address he'll get their username and password?
Admin
True. TRWTF? That's me.
Admin
So who here wouldn't have tried the owner's accocunt?
I know I would
Admin
It does not complain about receiving the password on screen instead of in an email.
It complains about getting the password in plain text.
That said getting the password on a webpage is marginally worse than receiving it on email. Not because of inadequate protection against black hats, but for the reason that it makes it plausible that another user could get the uname\password by acident if they enter the wrong email adress.
Admin
trwtf is mosquitoes delivering SARS
Admin
If all the username and password is used for is to get to the download page it might not be a problem. I've seen lots of sites that once you registered you didn't really get access to anything other than a ftp site with the files you want. Assuming they don't log your downloads and bill you based on how many times you download who cares if someone hacks your account? Of course that would be assuming that they did a minimal amount of security like not showing your whole cc number on the account page or something. Otherwise, mah download away my pirate friend.
Admin
Tim: Shred your credit card. Go to your credit card company and report the card lost. Get a new number issued immediately and get the old number turned off.
If you act quickly, this will be done before the Russian Mafia gets your credit card information.
Admin
Even the president's daughter knows that DEFCON 5 is the lowest threat DEFCON. Did you mean to say DEFCON 1, to indicate whatshisname was ready to fire?
Admin
A long time ago, in the era when a Pentium III was considered fast, another company did something equally stupid with their passwords.
That company was the domain registrar (whose name I won't use here, but it's the one that had a monopoly in the mid-90s - you know who they are).
It seems someone there had the bright idea of rolling out a management interface to all customers, and mailing them their credentials, unsolicited. And the passwords they used were blindingly, stupidly obvious - as I recall, if your domain name was "thingy.com", your password would be "thin0001".
So - think of a domain, and grab control of it by changing the autogenerated password to something else. When the story broke on slashdot, thousands of geeks immediately rushed to the site to see what we could get.
And this was how I found myself the new owner of "amazon.com".
I didn't change anything, of course, except to change the password to something random.
A few hours later, the new system had been taken down, and the accounts database presumably purged...
Admin
I buy things on my CC for the company all the time. Then I fill out an expense report and have the money in my checking account before the CC bill comes due. Then I pay the CC bill, take home my reward points, and come out ahead.
What kind of chicken shit company do you work for that doesn't let you expense back things you pay for?
Admin
Admin
ACCO is an office supplies company... I'm curious what purpose an accocunt would have...
On second thought, maybe I don't want to know.
Admin
A humane one that doesn't take advantage of its employees like that.
Admin
A bit strong, that, especially considering she died earlier this year.
Admin
TRWTF3 is not using Java.
Admin
Exactly - same here.
I pity the person quoted above, who must work for some soulless conglomerate, who can't get anything purchased without a six-month bidding period, approval of three vice-presidents, and filling out form R-37-stroke-B.
Those of us who work for small companies, for employers who trust us and whom we trust in return, think nothing of whipping out a personal credit card to buy a tool, a domain, an application, a $50 charting library, and then simply forwarding the email receipt on to the manager for reimbursement.
Admin
TRWTF is not knowing how DEFCON numbers work...
DEFCON 5 is the lowest state of readiness, not the highest.
Admin
Admin
Right or wrong, this is simply how software was ordered back then.
Admin
Guilty. In my defense, I'm Canadian and we don't have DEFCON numbers here. Our highest level of readiness comes annually. Every spring, when the moose get randy.
Admin
Having lived in Alaska, I can attest to the need for a DEFCON moose alert level. Especially if you get between a cow and her calf/calves.
Admin
Companies letting their employees pocket the frequent flier miles that could be going to the company is "taking advantage of them"? In that case, feel free to take advantage of me any time, I could always use more frequent flier miles.
Admin
Reward points obtained in this manner are taxable income.
Admin
Admin
Well, the very same NetworkSolutions did something else that was equally stupid (YMMV)... Resetting all their funky accounts, roles, profiles etc.
TRWTF was that they sent their brand new accound ID and passwords directly to domain registrants using postal mail, event if the small company I worked for was a reseller !
Given our clients were french, didn't know anything about this stuff and threw away the darn paper before we could spell "doh! didn't the shit just hit the fan?"...
Well, it was real fun to restore access to the domain.
(And oui, mon english is encore under construction...)
Admin
But they also have no cash value (as per the CC company), so it all evens out.
Admin
Admin
Well, he was behaving like an idiot...
Admin
Admin
+1. Mosquitos deliver West Nile, SARS is not transmitted by insects
Admin
That's what they (the insects) WANT you to think...
Admin
Kinda makes you want to use that company's software doesn't it
Admin
Anyone dumb enough to put in their credit card info on a sketchy site probably uses Java.
Admin
That is technically correct in Canada and was the stance of the CRA a few years back. However, I believe that there's been a change of policy and they no longer consider them to be taxable.
Admin
"...even the infirmed..."
It's "infirm", Bruce.
Admin
Admin
Admin
Yeah... I basically have two modes... silent and excessive. So sorry about that.
Now about the maternal death claim. I'm not saying it's not true, BUT... regardless of the veracity of such statements, the believability has been reduced to nil, due to generations of 5 year olds crying wolf in the playground.
Admin
We apologise for the fault in the subtitles. Those responsible have been sacked
Admin
Not if someone beat them into it.