• (cs)

    i self served myself this frist

  • JimmyCrackedCorn (unregistered)

    I wouldn't touch the charting control with the username and password controls like that. Let alone the handling of the credit card information. Really, stay away from the site, the control, and anything associated with it - there is too much risk of website exploits and software malware.

  • (cs) in reply to JimmyCrackedCorn

    Agreed, UNLESS there is full source code provided, and it is deemed worthwhile to perform a full audit of the codebase.

  • QJo (unregistered)

    "... charting control for the company’s Web-based product ... Tim happily ponied up his credit card info..."

    There's TRWTF, right there. Using your own credit card to purchase s/w for the company?

    Please take your computer, pack it away in the box it came in, and take it back to the shop. You're too stupid to own a computer.

    TRWTF2 is paying money at all, when JFreeChart has been around for ever.

  • JimmyCrackedCorn (unregistered) in reply to QJo

    What makes you think that our protagonist is using Java? How about ASP.Net, Ruby, etc, etc ??? Granted, there is probably a decent charting control for each and every one...

  • (cs) in reply to QJo
    QJo:
    "... charting control for the company’s Web-based product ... Tim happily ponied up his credit card info..."

    There's TRWTF, right there. Using your own credit card to purchase s/w for the company?

    Please take your computer, pack it away in the box it came in, and take it back to the shop. You're too stupid to own a computer.

    TRWTF2 is paying money at all, when JFreeChart has been around for ever.

    It didn't say the credit card was for his own personal account, just that it was his info. How do you know that he didn't have his own instance of a company credit card?

    Please take your assumptions, pack them away in the skull they came in, and take them back to your mothers cunt. You're too stupid not to stuff yourself back up your mothers cunt.

  • (cs) in reply to JimmyCrackedCorn
    JimmyCrackedCorn:
    What makes you think that our protagonist is using Java? How about ASP.Net, Ruby, etc, etc ??? Granted, there is probably a decent charting control for each and every one...

    Yes, it's called flot and written in JavaScript. (Works pretty well, btw)

  • Hannes (unregistered)
    The site had generously provided his username AND his password. On screen. In plain sight.

    So E-Mails are read off screen, hidden from sight?

  • Dave (unregistered) in reply to Hannes
    Hannes:
    The site had generously provided his username AND his password. On screen. In plain sight.

    So E-Mails are read off screen, hidden from sight?

    What on earth are you talking about?

  • Hannes (unregistered) in reply to Dave
    Dave:
    Hannes:
    The site had generously provided his username AND his password. On screen. In plain sight.

    So E-Mails are read off screen, hidden from sight?

    What on earth are you talking about?

    Did you read the story?

    The story says that Tim clicked the "Forgot my username" link, filled out some stuff and got a username and password "on screen. in plain sight", instead of via e-mail. So, my question is: Does Tim usually read his E-Mail off screen, hidden from sight, or why is he so nervous about his username and Password appearing "on screen"?

  • Anony (unregistered) in reply to Hannes

    Because if he puts in someone else's email address he'll get their username and password?

  • Hannes (unregistered) in reply to Anony
    Anony:
    Because if he puts in someone else's email address he'll get their username and password?

    True. TRWTF? That's me.

  • Mike (unregistered)

    So who here wouldn't have tried the owner's accocunt?

    I know I would

  • Taemyr (unregistered) in reply to Hannes
    Hannes:
    The story says that Tim clicked the "Forgot my username" link, filled out some stuff and got a username and password "on screen. in plain sight", instead of via e-mail. So, my question is: Does Tim usually read his E-Mail off screen, hidden from sight, or why is he so nervous about his username and Password appearing "on screen"?

    It does not complain about receiving the password on screen instead of in an email.

    It complains about getting the password in plain text.

    That said getting the password on a webpage is marginally worse than receiving it on email. Not because of inadequate protection against black hats, but for the reason that it makes it plausible that another user could get the uname\password by acident if they enter the wrong email adress.

  • blackle (unregistered)

    trwtf is mosquitoes delivering SARS

  • Mike (unregistered)

    If all the username and password is used for is to get to the download page it might not be a problem. I've seen lots of sites that once you registered you didn't really get access to anything other than a ftp site with the files you want. Assuming they don't log your downloads and bill you based on how many times you download who cares if someone hacks your account? Of course that would be assuming that they did a minimal amount of security like not showing your whole cc number on the account page or something. Otherwise, mah download away my pirate friend.

  • EvilSnack (unregistered)

    Tim: Shred your credit card. Go to your credit card company and report the card lost. Get a new number issued immediately and get the old number turned off.

    If you act quickly, this will be done before the Russian Mafia gets your credit card information.

  • The President of the United States (unregistered)

    Even the president's daughter knows that DEFCON 5 is the lowest threat DEFCON. Did you mean to say DEFCON 1, to indicate whatshisname was ready to fire?

  • Matt (unregistered)

    A long time ago, in the era when a Pentium III was considered fast, another company did something equally stupid with their passwords.

    That company was the domain registrar (whose name I won't use here, but it's the one that had a monopoly in the mid-90s - you know who they are).

    It seems someone there had the bright idea of rolling out a management interface to all customers, and mailing them their credentials, unsolicited. And the passwords they used were blindingly, stupidly obvious - as I recall, if your domain name was "thingy.com", your password would be "thin0001".

    So - think of a domain, and grab control of it by changing the autogenerated password to something else. When the story broke on slashdot, thousands of geeks immediately rushed to the site to see what we could get.

    And this was how I found myself the new owner of "amazon.com".

    I didn't change anything, of course, except to change the password to something random.

    A few hours later, the new system had been taken down, and the accounts database presumably purged...

  • Nite (unregistered) in reply to QJo
    QJo:
    "... charting control for the company’s Web-based product ... Tim happily ponied up his credit card info..."

    There's TRWTF, right there. Using your own credit card to purchase s/w for the company?

    Please take your computer, pack it away in the box it came in, and take it back to the shop. You're too stupid to own a computer.

    I buy things on my CC for the company all the time. Then I fill out an expense report and have the money in my checking account before the CC bill comes due. Then I pay the CC bill, take home my reward points, and come out ahead.

    What kind of chicken shit company do you work for that doesn't let you expense back things you pay for?

  • Pock Suppet (unregistered) in reply to The President of the United States
    The President of the United States:
    Even the president's daughter knows that DEFCON 5 is the lowest threat DEFCON. Did you mean to say DEFCON 1, to indicate whatshisname was ready to fire?
    Maybe he meant that world peace had suddenly broken out.
  • (cs) in reply to Mike
    Mike:
    So who here wouldn't have tried the owner's accocunt?

    ACCO is an office supplies company... I'm curious what purpose an accocunt would have...

    On second thought, maybe I don't want to know.

  • QJo (unregistered) in reply to Nite
    Nite:
    QJo:
    "... charting control for the company’s Web-based product ... Tim happily ponied up his credit card info..."

    There's TRWTF, right there. Using your own credit card to purchase s/w for the company?

    Please take your computer, pack it away in the box it came in, and take it back to the shop. You're too stupid to own a computer.

    I buy things on my CC for the company all the time. Then I fill out an expense report and have the money in my checking account before the CC bill comes due. Then I pay the CC bill, take home my reward points, and come out ahead.

    What kind of chicken shit company do you work for that doesn't let you expense back things you pay for?

    A humane one that doesn't take advantage of its employees like that.

  • QJo (unregistered) in reply to eViLegion
    eViLegion:
    QJo:
    "... charting control for the company’s Web-based product ... Tim happily ponied up his credit card info..."

    There's TRWTF, right there. Using your own credit card to purchase s/w for the company?

    Please take your computer, pack it away in the box it came in, and take it back to the shop. You're too stupid to own a computer.

    TRWTF2 is paying money at all, when JFreeChart has been around for ever.

    It didn't say the credit card was for his own personal account, just that it was his info. How do you know that he didn't have his own instance of a company credit card?

    Please take your assumptions, pack them away in the skull they came in, and take them back to your mothers cunt. You're too stupid not to stuff yourself back up your mothers cunt.

    A bit strong, that, especially considering she died earlier this year.

  • QJo (unregistered) in reply to JimmyCrackedCorn
    JimmyCrackedCorn:
    What makes you think that our protagonist is using Java? How about ASP.Net, Ruby, etc, etc ??? Granted, there is probably a decent charting control for each and every one...

    TRWTF3 is not using Java.

  • Matt (unregistered) in reply to Nite

    Exactly - same here.

    I pity the person quoted above, who must work for some soulless conglomerate, who can't get anything purchased without a six-month bidding period, approval of three vice-presidents, and filling out form R-37-stroke-B.

    Those of us who work for small companies, for employers who trust us and whom we trust in return, think nothing of whipping out a personal credit card to buy a tool, a domain, an application, a $50 charting library, and then simply forwarding the email receipt on to the manager for reimbursement.

  • (cs)

    TRWTF is not knowing how DEFCON numbers work...

    DEFCON 5 is the lowest state of readiness, not the highest.

  • (cs) in reply to Matt
    Matt:
    A long time ago, in the era when a Pentium III was considered fast, another company did something equally stupid with their passwords.

    That company was the domain registrar (whose name I won't use here, but it's the one that had a monopoly in the mid-90s - you know who they are).

    It seems someone there had the bright idea of rolling out a management interface to all customers, and mailing them their credentials, unsolicited. And the passwords they used were blindingly, stupidly obvious - as I recall, if your domain name was "thingy.com", your password would be "thin0001".

    So - think of a domain, and grab control of it by changing the autogenerated password to something else. When the story broke on slashdot, thousands of geeks immediately rushed to the site to see what we could get.

    And this was how I found myself the new owner of "amazon.com".

    I didn't change anything, of course, except to change the password to something random.

    A few hours later, the new system had been taken down, and the accounts database presumably purged...

    That's better than today's story, even if it's made up.

  • ideo (unregistered)

    Right or wrong, this is simply how software was ordered back then.

  • Bruce Johnson (unregistered) in reply to CodeNinja

    Guilty. In my defense, I'm Canadian and we don't have DEFCON numbers here. Our highest level of readiness comes annually. Every spring, when the moose get randy.

  • JimmyCrackedCorn (unregistered) in reply to Bruce Johnson
    Bruce Johnson:
    Guilty. In my defense, I'm Canadian and we don't have DEFCON numbers here. Our highest level of readiness comes annually. Every spring, when the moose get randy.

    Having lived in Alaska, I can attest to the need for a DEFCON moose alert level. Especially if you get between a cow and her calf/calves.

  • neminem (unregistered) in reply to QJo
    QJo:
    Nite:
    QJo:
    "... charting control for the company’s Web-based product ... Tim happily ponied up his credit card info..."

    There's TRWTF, right there. Using your own credit card to purchase s/w for the company?

    Please take your computer, pack it away in the box it came in, and take it back to the shop. You're too stupid to own a computer.

    I buy things on my CC for the company all the time. Then I fill out an expense report and have the money in my checking account before the CC bill comes due. Then I pay the CC bill, take home my reward points, and come out ahead.

    What kind of chicken shit company do you work for that doesn't let you expense back things you pay for?

    A humane one that doesn't take advantage of its employees like that.

    Companies letting their employees pocket the frequent flier miles that could be going to the company is "taking advantage of them"? In that case, feel free to take advantage of me any time, I could always use more frequent flier miles.

  • Canuck (unregistered) in reply to Nite

    Reward points obtained in this manner are taxable income.

  • trololo (unregistered) in reply to eViLegion
    eViLegion:
    QJo:
    "... charting control for the company’s Web-based product ... Tim happily ponied up his credit card info..."

    There's TRWTF, right there. Using your own credit card to purchase s/w for the company?

    Please take your computer, pack it away in the box it came in, and take it back to the shop. You're too stupid to own a computer.

    TRWTF2 is paying money at all, when JFreeChart has been around for ever.

    It didn't say the credit card was for his own personal account, just that it was his info. How do you know that he didn't have his own instance of a company credit card?

    Please take your assumptions, pack them away in the skull they came in, and take them back to your mothers cunt. You're too stupid not to stuff yourself back up your mothers cunt.

    [image]
  • RectumGrandum (unregistered) in reply to Matt

    Well, the very same NetworkSolutions did something else that was equally stupid (YMMV)... Resetting all their funky accounts, roles, profiles etc.

    TRWTF was that they sent their brand new accound ID and passwords directly to domain registrants using postal mail, event if the small company I worked for was a reseller !

    Given our clients were french, didn't know anything about this stuff and threw away the darn paper before we could spell "doh! didn't the shit just hit the fan?"...

    Well, it was real fun to restore access to the domain.

    (And oui, mon english is encore under construction...)

  • Decius (unregistered) in reply to Canuck
    Canuck:
    Reward points obtained in this manner are taxable income.

    But they also have no cash value (as per the CC company), so it all evens out.

  • asdf (unregistered) in reply to Nite
    Nite:

    I buy things on my CC for the company all the time. Then I fill out an expense report and have the money in my checking account before the CC bill comes due. Then I pay the CC bill, take home my reward points, and come out ahead.

    Yup, I know a guy who does all of the companies ordering on his own personal amex card. He did 200grand on his card last year, he has so many air miles that he never has to pay for a flight again.
  • Steve (unregistered) in reply to JimmyCrackedCorn

    Well, he was behaving like an idiot...

  • Andrew (unregistered) in reply to Canuck
    Canuck:
    Reward points obtained in this manner are taxable income.
    That's the first I've heard of that in Canada... I've been collecting rewards points on business expenses for ages and I've never received an income statement (T4) for filing with my taxes for any of them. They typically pay for my holidays.
  • FasterThanILook (unregistered) in reply to blackle

    +1. Mosquitos deliver West Nile, SARS is not transmitted by insects

  • (cs) in reply to FasterThanILook
    FasterThanILook:
    +1. Mosquitos deliver West Nile, SARS is not transmitted by insects

    That's what they (the insects) WANT you to think...

  • Sam I am (unregistered)

    Kinda makes you want to use that company's software doesn't it

  • (cs) in reply to JimmyCrackedCorn
    JimmyCrackedCorn:
    What makes you think that our protagonist is using Java? How about ASP.Net, Ruby, etc, etc ??? Granted, there is probably a decent charting control for each and every one...

    Anyone dumb enough to put in their credit card info on a sketchy site probably uses Java.

  • illluck (unregistered) in reply to Andrew

    That is technically correct in Canada and was the stance of the CRA a few years back. However, I believe that there's been a change of policy and they no longer consider them to be taxable.

  • (cs)

    "...even the infirmed..."

    It's "infirm", Bruce.

  • (cs) in reply to Bruce Johnson
    Bruce Johnson:
    Guilty. In my defense, I'm Canadian and we don't have DEFCON numbers here. Our highest level of readiness comes annually. Every spring, when the moose get randy.
    If you think your level of readiness is stressful, just think about how Randy feels.
  • YourName (unregistered) in reply to DCRoss
    DCRoss:
    Bruce Johnson:
    Guilty. In my defense, I'm Canadian and we don't have DEFCON numbers here. Our highest level of readiness comes annually. Every spring, when the moose get randy.
    If you think your level of readiness is stressful, just think about how Randy feels.
    A møøse once bit the President's daughter... No realli! And let me tell you, it was no laughing matter!
  • (cs) in reply to QJo
    QJo:
    A bit strong, that, especially considering she died earlier this year.

    Yeah... I basically have two modes... silent and excessive. So sorry about that.

    Now about the maternal death claim. I'm not saying it's not true, BUT... regardless of the veracity of such statements, the believability has been reduced to nil, due to generations of 5 year olds crying wolf in the playground.

  • (cs) in reply to YourName
    YourName:
    DCRoss:
    Bruce Johnson:
    Guilty. In my defense, I'm Canadian and we don't have DEFCON numbers here. Our highest level of readiness comes annually. Every spring, when the moose get randy.
    If you think your level of readiness is stressful, just think about how Randy feels.
    A møøse once bit the President's daughter... No realli! And let me tell you, it was no laughing matter!

    We apologise for the fault in the subtitles. Those responsible have been sacked

  • (cs) in reply to Zylon
    Zylon:
    "...even the infirmed..."

    It's "infirm", Bruce.

    Not if someone beat them into it.

Leave a comment on “Customer Self-Service”

Log In or post as a guest

Replying to comment #:

« Return to Article