- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Frist Pst!!!!!!!!!!!1111111111111one
Admin
Clearly you can't understand the genius of this design! The graphics artists can modify images with notepad! Imagine how much easier that must be on them than opening up something like photoshop.
Admin
Oh.... My... God....
Bile just rose in my throat.
A greater horror has never been perpetrated.
--D
Admin
Because browser caches are clearly not clever.
Admin
I wonder whether or not these employees were paid "by the line" or not.
Admin
I should note that I once worked with an PHP-based OSS photo album that worked in a similar manner. Every image in the album was one PHP script that loaded the image from disk and echo'd it to the browser with a faked MIME type. The justification for this was security -- the author wanted a simple way to enforce privacy levels for different images within the same directory. It worked, but prevented browser caches from operating properly and was terribly slow, all for a feature that very few people used. It was one of the first things I ripped out of the script.
Admin
<font size="2">Sweet merciful crap. That's beyond hideous.
</font>
Admin
Um, displaying images through a filter script like that is a fairly reasonable way to deal with security. Done correctly, the browser can still cache the image, and the performance hit is not that great.
Admin
Other than their internal process of getting the images to the designers, I don't see the problem with this one. Whats the difference between this and putting the images into the database. In fact, this is a more portable solution than a database would be.
Admin
Yep yep, cause you wouldn't want people to be doing evil stuff like viewing your *gasp* pdf file icons if they're not authorized!
Admin
This is giving me all kinds of ideas for a new product line!
Admin
Special just doesn't do this code justice.
Let me guess. If they needed an animated GIF they would just use a timer and For Loop to display the images in a specified order.
Admin
It's really a bad way to solve the security problems. It does have far to much overhoad and it is not secure against cross scripting.(Anyone who can read the script can get the image).
A better and more secure way would be to simple have the images stored a place where the webserver will not serve them, and then use something like the php readfile function to show the file, it the user is allowed to read it. Much faster and more easy to manage.
Admin
The software industry has many clever people. It also has many smart people. These are not the same. <SIGH>
Sincerely,
Gene Wirchenko
Admin
I'm surprised no one has mentioned this yet:
The real WTF is that they should have stored the images in XML.
*ducks and runs*
Admin
Okay, that's pretty freakin funny.
I can see storing the images in base 64, but why would they put that in a flat file? Jeez, at least put it in a database, if you can't stand the idea of a simple directory.
Admin
Well, you know, this might make sense if those were .svg files (which are at least in some form human-readable and even human-editable), but doing this for binary files is just utterly ridiculous.
It's not a completely stupid strategy for stand-alone apps though (think bitmap resources in form of .xpm or something) - but for web apps, argh.
Admin
We have a winner.
PHP has some pretty impressive imaging functions. This isn't the way to use them. Not to mention you'd have to create at least one other script to encode the data reliably and format it quickly.
Admin
i would have extended the script to accept image uploads and include them via self-modification =D
Admin
The problem with that, for this, is that the "program" will serve whatever picture is passed to it in the $_GET['image'] field, which, as it's a get, can be hacked from the browser a la "http://www.stupidprogrammer.com/image.php?image=your_mom_naked.gif"
Completely insecure.
Admin
where have you got this picture from ?
Admin
Admin
Holy mother of god...
Did they, like, know that some browsers even allow you to embed the images into the HTML document? Cause if they didn't Graham should tell them, they may like it
Admin
Yes. Alex used to work there. He was the guy who had his stapler taken away.
Admin
Yep -- a common TDWTF-ism to protect the guilty.
Admin
Awww, you weren't supposed to tell them. They were supposed to wallow with uncertainty about the inside joke for weeks until it came up again.
Admin
Wow, now the artist can edit all graphics via ssh. How awesome is that?!
What about a function to vote the most innovative wtf? This one's surely gonna rock :D
Admin
Sorry, Mr Frosty. I'll endeavor to be more evil in the future.
I believe you have my stapler.
Sincerely,
WTF Batman
(aka DaveNY)
Admin
Heh. Just an example. Pretty much any site that has images worth swiping has them archived using a sequential identifier, linked to the page through a database. When those images are pulled using get data, you can use any one picture to iterate through their entire catalog, and rip out every single picture.
I was working for a company, and we were doing a project and needed picture data that belonged to another company that was owned by the same company that owned my company. Theoretically we were supposed to be cooperating, but it boiled down to a permanent pissing contest over resources. I got fed up with it one night, and wrote a scraper to pull every single picture and store it based on data that was easily croppable from their pages. Then I set it to run on our internal corporate network (so their admin's wouldn't notice the bot traffic on their external web address) and in the morning, we magically had all the data that we needed.
Got the idea from a project a roommate of mine put together...He called it "The Unstoppable Sex Machine" and it basically did the same thing, but with porn sites, and it didn't limit itself to one site. Hence, "your_mom_naked.gif".
Admin
If I could do the first 6 years of my career all over again, I'd do it without the cleverness. It's always cost me time, energy and precious patience.
Except in my UI. That type of cleverness gets me work.
Admin
O RLY? I think he was my cube neighbor.
Admin
It doesn't work. I thought that at least first 2 images (not cutted) should work.
Admin
Right, because if there are two things that both the internet and computer science were developed to serve, it's downloading porn and making jokes related to the former.
Admin
I found that I learned a lot when I was trying to be clever. As you said, it cost me time, energy, and frustration, but in the process of debugging it all, I learned a lot about the languages I was dealing with.
Some say that work isn't the place to be learning new things, but I say that they benefit in the long run when you understand your craft and tools better. After all, most places pay for training programs for just that reason.
Admin
There is a big difference between learning new things and compulsively being clever.
Sincerely,
Gene Wirchenko
Admin
I think it depends on what type of "clever" you are being. There's stupid-clever and there's good-clever. This was stupid clever.
Using good design patterns, organizing the structure of the application, re-using code properly to make it easier to maintain and less prone to bugs is good-clever. Even if it hurts more the first time, you'll be glad if you have to come back to maintain it (or glad that you don't have to debug it as much later).
Admin
Admin
Not always. If it wasn't for me trying to be clever I never wouldve learned how to deal with cookies in vbscript. Or learned about the number and size limitation of cookies. Or that it probably wasn't a brilliant idea to cache 7k worth of data in a cookie to increase page load times.
But hey, at least I was being clever at the time. ^_^
Admin
I can't believe nobody has pointed out that in the midst of being clever, there's no effort to check that the array index is in bounds!
I guess error checking isn't clever.
Admin
You were trying to increase the load times, so you made a 7k cookie? Cleverness asside, how does that accomplish the goal?
Admin
Except that each time you want to view a single image, no matter how small, the PHP script has to be parsed in its entirety. Way. To. Go.
Admin
If you do, keep it a secret. All new employees are expected to type the image directly into the script one byte at a time. Why do you think they gave Graham the task? It's his rite of passage. If he succeeds, he gets the honor of the next level: typing a mpeg into a script.
Admin
This isn't clever, it's just fucking stupid.
Admin
Things you shouldn't read just after eating lunch... ye gods and little fishies...
Admin
Sweet mercy...
I was not strong enough today. This TDWTF has broken me. I'm going to find a cubicle, and sit down and cry.
Admin
There is actually a script that will base64encode images for just this purpous.
...and I helped build it. sob
Admin
it's not the displaying of the images through a "filter script" that's the problem, it's the hardcoding of image data in the filter.
E.g.: perhaps better to cycle through all image files on disk at startup, read them into memory, and then serve them directly from memory ... which would cut down on disk IO.hardcoding the actual image data is retarded.
Admin
Putting images in a DB is pretty dumb as well (yes, there are times when it can be appropriate, but they are few and far between). There are much better ways to deal with it than putting the binary image in the db.
Admin
Personally, I like to generate a md5 hash of the image's contents, and use that as the filename. It helps me not duplicate content, but also renders image1.jpg - image10.jpg issues gone.
Admin
Those images seem to be missing all their null bytes.