- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Are you new here?
Admin
All cows are red.
Every red object can fly.
Therefore, all cows can fly.
The form of this argument is entirely correct, even though each of the statements are false. So this is not a fallacy. On the other hand, a collection of statements that are not correctly structured can be fallacious even if they are true:
Grass is green.
Airplanes can fly.
Therefore, some airplanes are not green.
Admin
"fallacy" may have been the wrong word to use, but I think my point stands.
Admin
(in addition to my other response) I wasn't calling the phrase "Wikipedia disagrees with you." a logical fallacy, I was claiming that the implication that Wikipedia is a source of truth is fallacious - in more ways than one.
Admin
Admin
I haven't used this for evil/righteous vengeance yet, but I have had offers.
Admin
Who wouldn't do something like this?
Admin
Admin
Admin
Professor DICK, no less!
YES! YES! YES!
Admin
I suspect that most web-deployed crystal reports that post back data from the client to their data source have the same vulnerability. Of course, now that I've disclosed it, I'd be stupid to use it.
Admin
Admin
Though it would be funny.
Addendum (2011-07-08 19:32): And WTF? SQL injection is NOT a medium priority. If the system weren't properly secured, you could load arbitrary .NET assemblies into the address space of the SQL Server (assuming, of course, SQL Server, since PL/SQL gives me the creeps).
What you did, some version of:
isn't bad, true, but this: is almighty (within the security constraints placed on the connection and the stored procedures, of course).Admin
The people who write Wikipedia -- okay, the more intelligent contributors -- see it as providing no more than the beginning of an answer.
In other words, if all you want is a quick answer -- say, what is the capital of Israel -- you read the article. Or maybe only the first few paragraphs. Now if you want to know what the answer really is -- which is why I picked that specific example, it's useful tinder for a flamewar -- you go to the sources & evaluate which one has the right answer. After all, the source might be a peer-reviewed article, some writing which is obviously trustworthy, the ramblings of some net-looney, or even xkcd.
Then again, about half of the articles are obvious works-in-progress, & may not even have a source. Which means you have a lot of work ahead of you to find the answer you're looking for.
(I meant to cite Jaime's post to explain what I was talking about, but as a casual user I don't have access to that tool. Or I'm as technologically incompetent as the real Jimmy Wales, & couldn't find it if my life depended on it.)
Admin
So just to be clear, it's using the actual users windows credentials (base64 encoded for added security of course), or the DB credentials? Is this an intranet application or public facing (being internal doesn't make it any less a WTF, just that there's a smaller pool of malicious users)?
Addendum (2011-07-08 16:48): If it's their own credentials, switching it over to https only would work, no?
Admin
It's not internal, and the credentials used are not tied to the user name. It is SSL, but since it's not the user's credential, it's a wtf.
Admin
Admin
Admin
I have also had that security message, you are allowed to change permissions but not view it. I don't know what that is supposed to be.
Admin
"an unnamed file contains an invalid path."
Johnson's Third Law of Computer Science: For every clear error message that fails to correctly appear, an anti-error message, with opposite clarity and properness, must also be created.
Admin
Q: What is your favorite color? A: #F6D8CE.
Admin
Albescent White?
you sure it's not #FAE5FA ? ddg sent me to this page when i searched for your favorite color.
Admin
Admin
Admin
Admin
I know someone who has one of those home security system. When the alarm goes off, the security company calls the home phone number and asks a secret question. If you get the answer right, they don't call the police.
I don't remember the question, but the correct answer for his account was "I have no idea, I'm just robbing the place".
--Joe
Admin
One of the worst ones i have had is a memorable date, but not your DoB. Fuck sake I am a single bloke with no kids, I'm supposed to have a memorable date? Fuck off,
Admin
I know where Weber Senior High School is. It's at either (0,0) or (-1,-1) coordinates, whichever the units are (probably degrees * 10^-5).
When I worked at Telenav, there were always complaints that by default the screen shows all blue. Turned out it was blue because default coordinates were (-1,-1), which must be pretty close to Weber Senior High School, in Atlantic Ocean.
Admin
Admin
Why do I now need JavaScript allowed to load the images in the article? I never needed that before, but now because of it, I can't view the article in my RSS reader.
DEATH TO Java* (JavaScript, Java VM, Java ANYHTING/EVERYTHING MUST PERISH)
Admin
Insecurity questions are stupid. They only make the situation worse, so I skip around them as much as possible. Google still hasn't forced me to yet. One of my credit cards want me to add one and throws me to a page to set one after login, but I can change the address to view transactions and make payments and then logout without adding insecurity questions.
When I am forced to use them, I like to select the ones that make no sense at all. So being a single guy, they are questions that pertain to my kids and wife that don't exist. Anyone targeting my account would have a hard time figuring those out from whatever information they do have. The actual answers tend to be variation on the idea of "This website was made by ass-sucking cum-buckets. Get a fucking clue, 2 passwords is not 2 factors." in hopes they store that plaintext and might see it.
Admin
... and of course since naturally you've never been laid, there's no chance of a memorable date arising from that, either.
Admin
The question isn't sexist. This comment of yours, however, is.
Admin
"pseudo-catalogs" surely. Unless its a pun that I've missed.
Admin
"You kids think you have it hard today. Hah!!!
"I had to run to school every day, from home to Portland, Maine, 2,500 miles!
"And then I had to swim from Portland to Nouakchott, Mauritania, 3,600 miles!
"And then I had to run overland, through the Sahara desert, 1,400 miles to Accra, Ghana!
"And then I had to swim again from Accra to the high school, which was in the freaking middle of the Atlantic Ocean, 650 miles offshore!
"Let's see any of you little pansies do that, twice a day, rain or shine, uphill both ways!
"But you brats think you have it hard walking 6 blocks to school! Hah!!"
Admin
Wikipedia is best treated as a search engine. The article is your search results, and the actual answer can probably be found by following the external links. You can start your assessment of quality by looking at the history tab and seeing if there has been a huge edit-war over the contents.
Admin
Admin
Awesome. It's like some crazy game of meme-poker.
Admin
the location of the school is 0 latitude and 0 longitude and how I hate that place, or the code that brings me there.
Admin
So you're saying that men aren't less familiar with color names than women (speaking broadly)?
Frequently, there is no difference between a sexist observation and a realistic one. or racist or classist or ageist or IQist, whathaveyou
Admin
Admin
Admin
Admin
Admin
Is the Sasktel one really a wtf? I looked at the site and it appears just fine. (as in it doesn't look like it does in the wtf.)
If you want a real wtf, try filling out their skill testing questions should you get an interview. They look like they were written 20 years ago and were never updated...
Admin
Captcha: duis duis know anything about females at this site?
Admin
Apparently not a spelling grrrl.
Admin
Clever but probably a bad idea as it is unlikely that they will have thought to hash the security question answer.
Admin
How about using an MD5 hash as you password, so your password is never plaintext?
Also, forced Irish Girl reference.
Admin
"'State Farm's contact form doesn't give me a lot of confidence in their back-end systems,' Jeff writes, 'I also wonder if the average State Farm customer can figure out that there is actually a character between the quotes.'"
About three years ago, I was in my State Farm agent's office and glanced at a screen containing my account information and was a bit surprised at how archaic it looked. I commented on it and the agent bluntly told me that State Farm's headquarters still uses MS-DOS so they were stuck with what they've got. I would imagine that hasn't changed any.