- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I've heard that some people were able to generate md5 collisions, but I don't think it's exactly trivial.
http://eprint.iacr.org/2004/199
Admin
This should be called the organic software development life cycle. It greatly increases the lifespan of apps, but when they die, they tend to stay dead ;)
Admin
No kidding its rediculous. You guys would laugh your asses off at some of the stuff that happens around here. Hell, the mainframes running the mill Im at were built in 1982. We actually are upgrading the database server soon. We have the server (Interesting story behind that coming up right after this), but a potential labor strike in the near future has kept us from replacing it as we have other things that need to be dealt wtih now. Unfortunately they decided to purchase an Itanium server, I still have no idea why, but at least it should be fast.
So anyway, here is the story behind the new server:
The server was scheduled to be delivered last summer. When it finally arrived, the truck driver parked at shipping and receiving. He got out of the truck, untied the box, and went inside to ask where they wanted the box. He was informed that he had to take it to process control headquarters. Ok, no problem, the guy jumps back in his truck and heads off on his way.
Cut to the process control office in my section (not the main office). My boss receives a phone call as I am standing in his office talking to him. I overhear the following:
My Boss: "Dave Jones."
Guy: "You work for Bob Smith?"
Dave: "What? Who is this?"
Guy: "You work for Bob Smith?"
Dave: "Uh, yeah, why?"
Guy: "Well there's a package here for him and we can't get ahold of him."
Dave: "Uuh....ok. Where is it?"
Guy: "Sitting in the middle of the road."
Turns out the driver had never resecured the server box before leaving shipping and receiving. It ended up falling off the truck and was smashed beyond use and had to be returned. The best part is, no one knows what the hell the driver did after he lost his package. He just disappeared.
Admin
Your retarded, an animated GIF is an image file with the animation details embedded, it would be exactly the same. You sure you didn't write this code?
-!!!
Admin
A much cooler approach:
Admin
OK let's do a bit of reasonable-ness checking on your statement, shall we?
NOTE: my statistics knowledge is a bit rusty at this point, but I think the concept is fairly valid. =)
First, let's pretend that:
A) you aren't attacking md5 intentionnaly to find collisions, and
B) that it really does use all 2^128 possible hash values with approximately uniform distribution.
There are **roughly** 2^32 seconds in 100 years, or thereabouts, right?
Saving a random image (read: random output hash from MD5) once per second for 2^32 s ~ 100 years, is a specific instance of the generalized birthday paradox:
http://www.answers.com/topic/birthday-paradox
Specifically, there are N=2^128 possible numbers (hashes) to choose from, and there are n=2^32 pictures choosing their hash from that larger set.
Therefore, the chance that there is at least 1 duplicately chosen value is approximately:
1 - 1 / ( e^ ( 2^64 / 2^129 ) ) ~=~ 0.0
According to my estimate, to have a probability of 1/2 of choosing 2 duplicate MD5 hashes, according to the constraints I gave above, you would need to save images once per second for SQRT( 2^129 * ln 2 ) seconds, or about 21,719,381,355,163,562,491 seconds ~=~ 7 billion years.
This to have a 50% chance of collision.
-dave-
Admin
Wow, that would be a great sound-bite to take out of context...
Admin
<font size="4">T</font>hat sounds like http://aninaked.com; not that I had anything to do with that bit of code.
Admin
Sorry, I couldnt stop laughing after I read that line (Which I had a ROTFLMAO emoticon for use here)! Why do i suspect you have a VAX there?
From the rest of your story it sounds like you truly you are operating under the curse of the Itanic *grin*
Admin
Oh yeah.
<image>
<size><x value="2"/><y value="2"/></size>
<row>
<pixel>
<!-- a lovely pink -->
<red value="dHdvIGh1bmRyZWQgYW5kIGZpZnR5LWZpdmU=">
<green value="emVybw==">
<blue value="b25lIGh1bmRyZWQgYW5kIHR3ZW50eS1laWdodA==">
</pixel>
<!-- ... -->
</row>
</image>
Everybody's stomach on the floor? OK, I realize there are some design flaws in this schema. Such as not using namespaces.
Admin
Haha, yeah, our database server is indeed a VAX. Other parts of the plant use VAX to control their areas, but the computers controlling our mill are Modcomps... if anyone knows what the hell they are.
Admin
Congratulations! It sounds as if youre about to embark on an adventre, porting your legacy apps to openVMS (hence the Itanic purchase). Im in a state of shock just thinking about it....anyways if you ever get lumped with trying to get some spare parts for your MODCOMPs I hear NASA might have some bits and pieces...
Admin
Just FYI, there is one, and exactly one acceptable use of this technique: print(base_64_decode("R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=="); exit();
That's a transparent 1x1 gif, BTW.
Admin
I once worked for a company that embedded all of their images in a flat file that way - the reason was so they could print everything out and copywrite all the pages of the source code, including images. Not sure if that was the thinking here, but there could be some other reason we don't know about.
Admin
I don't think such a hardcopy would be of much use to a copywriter. I lean towards thinking that you meant to say "copyright", but that doesn't make any sense either, unless this was in the days before the Berne convention in one of those places where you had to jump though hoops to obtain copyright. And even then, you have to wonder what the $@!# those people were smoking.
Admin
Hilarity has officially ensued.
Admin
It looks like it's screaming while drowning in a container of boiling oil.
Admin
Two methods of improving your PHP-script
1. If you are using a database to hold the metadata about a file, just create a record and use whatever methods the database has to create a unique key. Save the filename using the key as input.
2. http://no2.php.net/manual/en/function.tempnam.php
Admin
What in the world makes that acceptable? Lazy web page designers who can't be bothered to learn CSS properly?
That sort of thing was a WTF back when it was still being used, and even more so nowadays.
Admin
??????! ??? ?????????!!!!
??\??!
???.
Admin
How the hell can using 1x1 transparent gifs in 2006 be considered acceptable?
Admin
For that .000000000000001% of potential visitors still using Netscape 4.0?
Admin
I don't see the problem, - I heard Flickr works like this
;)
Seriously, this is the first PHP WTF I've seen that has almost caused me a mental seizure.
Admin
Well done. probably the most useful contribution to this thread.
Admin
That woud amount to 0.0001 person, assuming the entire population of the earth visits the site.
Geeze, man. Get your facts straight.
Admin
YA RLY!!!
Admin
OMG
If you visit http://initech.co.uk/, their homepage says "Don't put all your eggs in one basket? With an initech solution, you can!"
Admin
Sincerely,
Gene Wirchenko
Admin
For those that don't know, the PHP language itself has images embedded in it... some PHP & Zend images, like logos, and a few easter eggs.
If you make a PHP application that has some images you do not want people changing, like your logo, icons, etc, then you're forced to come up with some kind of solution, like embedding those images directly in a part of the script that will later be compiled/encoded with ion, Zend, or SG, so that the images may be retrieved but not changed.
Admin
WE HAVE THEM WORKED.....in IE
without the PhP roundtrip. (If you do that then collisionworry become N/A)
There is an othe avenue to have them implemented in IE/ The tool that we have is a javascript library that encode/decode create/translate XBM, BMP and PNG graphic file format - 100% at client side. With that luxury we use the following road map to have image displayed in IE.
-Create multiple XBM files. Each have with as the background as black fore ground as whte represent only one color or an array of color .- See the following notes.
-Place them in the src of the Img elements. each one on top of the other. We take advantage of t he fact that IE treat XBM as one one color bitmap . The other color is transparent.
Using MS mask filter to have the background transparent and the foreground to the mask color of your choice. You can furher use Alpha and/or Gradient to have one XBM to display the ARRAY OF COLOR as well. It can be applied it either foreground or background image.or both . . . . Depend on how you place, the how many filter , and the order of those filters in the style/stylesheet attribute
WE HAVE THEM WORKED.....
Sorry:For fair business practice and for the vast amount of investment that we have put in our tools We are unable to have them post as a public domain property. If you need further information you can drop me a line at: E P H I T R A N @ G M A I L . C O M. ( I am a consultant living in Houston, Texas - Near Home of the Texas Longhorn).
Many thanks.
Phi.
Note:I have put notes on 'As the day pass by' and the 'Base64 for the IE of Dean. That discuss more about the Pros and Cons of many methode that we have them tested. and result. ( See them if you need further info)
Admin
Oh no, they were special
True, they were Very Special coders indeed.
Admin
Genius!
Admin
Did you guys happen to know there actually is a http://www.StupidProgrammer.com? I run the site and I would greatly appreciate it if you would not reference your_mom_naked.gif and my site in the same sentence. I do not run that type of site. :-)
Thanks!! Chris Reeder StupidProgrammer.com
Admin
There's actually nothing wrong with this. The program is going to be embedding images in email (kind of obvious if you've done this in the past).
Better to have the image data already encoded into strings than to have to load each image file and convert it to base64 for each email you want to send - especially if you're sending 1,000 emails at a time.
The real WTF is everyone who's commented so far and assumed that there couldn't possibly be a valid reason, and never stopped to wonder how images get embedded in the emails they receive every day, without needing external references.
Admin
thanks for info
Addendum 2022-10-30 22:22: I can advise you on where to look for texts of the best quality in almost any language nowadays. I've found specialists from this link who are capable of performing precisely that, therefore I strongly advise you to thoroughly review and read them. They've helped me multiple times, and I'm grateful for it.