- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
actually, not too bad. ok, they could have used something better than xml, but recording the series of coordinates is a good thing to do, since the way the signature is written contains additional information. just like for most handwrite recognition systems that use stylus or other pens, they use the direction of drawing too
Admin
You noticed :-}
Admin
The bitmap alone is not enough for forensic investigation to determine if it was more likely a valid signature or a forgery. Storing the stroke information (ie. timing) allows you to simulate the process of creating the signature, and compare that against other signatures (presumably stored in a database), or newly captured signatures from a verifiable signator. (and better if it captured time, pressure and location)
In any case the whole signature pad thing is probably useless because my signature never looks the same twice on those things, and doesn't remotely resemble my signature on paper. I'm not sure that if I were given the challenge to verify that any two of my signatures from the grocery store were signed by the same hand that it would be possible to state that they were with any degree of certainty.
Anyone aware of a legal challenge that verified the forensic examinability of electronic signatures?
Admin
During my senior project, I had a pleasant dream that was going very nicely until it was interrupted by everything going black and me seeing the words "segmentation fault" and then waking up. Coincidentally, I had spent a little too much time debugging the previous day...
Admin
Surely a simple way to reduce file-size here would be, ah, gzip/<insert preferred compression software here>? A quick test suggests that reduces file size by a factor of 30 on a 1250 "bit" file.
Admin
To everyone saying the original dev wrote the XML stupidly - am I seriously the only person who noticed that the dev didn't write the XML-generation code himself? He used a built-in function of a built-in class (DataTable).
Granted, there are better ways to put the data in a transmittable format, but don't blame him for the stupidity of the XML :P
Admin
Admin
Admin
Admin
Seems to me that the developers who think Java is good for everything also think that XML is good for everything. And they are so absorbed in that notion that they have no knowledge of JSON, YAML, etc.
Admin
Total comment bytes: 30137 Comment bytes regarding gargantuan ladies: 3138 Payload: 89.6%
Better than the original example, obviously, but it's still clear that some of you boys really need to get out more.
Admin
The bitmap was then printed, put on a wooden table...
Admin
290kB? Are you nuts, when it could be a mere 3 kB?!!!
Ah, the 80's. When 290kB was a significant chunk of change when it came to hard disk space. When it could take a significant amount of time to transfer across the network.
Today, it's 1/50th of a cent of hard disk space. It goes across a 100Mbit network faster than you can blink your eyes. And someone thought it was a WTF that you might, say, want to actually record the signing process rather than just the bitmap of the signature, and do it in a way which is endian-independent and platform agnostic.
Oh well, can't win 'em all, I suppose.
Admin
Admin
The real WTF is that they used trivial-to-fake bitmaps instead of impossible-to-fake smartcards for their digital signatures.
Admin
This is actually not that crazy. It is quite common for signature capture devices to store sigs as vectors - a sequence of lines. Perhaps they were just transmitting the input as generated by the device. I have done very similar things for my projects, although obviously not using XML.
Admin
What's easier to fake: A smartcard copy that can be mass-produced, or a signature that has to be trained?
(Answer: A signature image/picture that can be inserted into any document)
Admin
Admin
You proposed exactly as I did. Yes, I am the guy who submitted this WTF. We were migrating web applications from one environment to another, en masse, over a 3 month period (so you'll have to forgive me if I can't remember all the details here).
I don't recall exactly what the individual numbers did (I think they were x*y notation, and the numbers cited were made up, obviously... I didn't grab a sample). But I decided to Base64 encode the binary data... cut the payload down by 90% I believe.
And yes, the final result WAS a jpeg image. I was debating about changing it, but barely had enough time to implement the base64 fix before I had to move on to the next app. I could have made a career of fixing WTFs that I found in those apps, but I'm glad I didn't. I've since moved on to more interesting things.
Admin
Admin
Keybounce, surely you are a troll or you are simply ignorant of public key technology.
"What's easier to fake: A smartcard copy that can be mass-produced, or a signature that has to be trained?"
A signature is far easier to fake than a smartcard. A smartcard generates a private key when it is initialized. Anybody can see your signature and copy it. Nobody can see your private key to copy it. They could steal your card--but that attack is mitigated by revocation.
Admin
I can understand gargantuan ladies may be strong, but isn't carrying tons of molten steel a little too much?
Admin
XML.
The fatal spore with the funny name.
Admin
it is possible that any unnamed pixel is assumed to be white and the named ones are black. what we are seeing in the sample may be the dots of two "i" charaters, or a dot and some accidental poking of the screen. it is likely not x and y data, but as someone else said, it may be a one-dimensional projection of the two-dimensional space used in the pane. labeling every pixel would have been a still worse waste of space. if your universe (in this case, the color space) has two values and they are mutually exclusive, everything that is not one is the other. just pick the value suspected to be the minority componenet and only label the parts of the space conforming to that criteria.
the original programmer could have been aware that his solution was bad but that sending twice as many integers to represent the pixel location was worse so he linearized it all like this. it is not "good" but it is "better"
Admin
Hmm. While uxing XML was silly, this is not a WTF.
The system worked and it was easy to determine how it was done (even if it was done inefficiently) and thus would be easy to modify.
This is decent code.
Admin
I don't get it. It would have been much simpler to just print out the bitmap, place it on a wooden table, take a photo, fax it to the central office, scan the fax, convert the tiff to XML, and store the XML in the database.
Admin
X = 87 % 300 = 87, Y = int(87 / 300) = 0 X = 127 % 300 = 127, Y = int(127/300) = 0
So we have points at (87, 0) and (127, 0). However, as you mentioned, it seems unlikely to have that sequence of points for a signature.
Me too...Admin
If there were gargantuan ladies present, shouldn't they be using XXL instead of XML?
Admin
We don't know it, but Rube Goldberg is the patron saint of programming.
Admin
Admin
wee hours in the morning???? Its almost quitting time and I still read that as ladies
Admin
Alex, it would be funny if you intentionally put in misspellings like gargantuan ladies, and then had the page subtly update with the correct spelling x seconds later. You could do it with an animated gif pretending to be the first paragraph of text.
"Damn, I thought for sure it said gargantuan ladies and I was going to write a great comment but thank God I reread it before I posted because damn if that doesn't say ladles after all. Hmm, why can't I scrape the words? Aha!"
Admin
-i != i, (-i = 1/i)
0 = -0, and that's the only complex number where it works
Admin
To generalize: In a group, there is a unique identity element e. And each element x has a unique inverse under the group operation, symbolically written x * (x^(-1)) = e. e is its own inverse, since e * e = e.
Admin
Nope, still has the blame. If he had used a byte array instead of a dataset, .Net would have encoded the whole lot using a Base64 encoding representation; considerably smaller.
If you didn't know this was how a datatable would be encoded into XML, well, yeah, your fault.
(Nowadays, I'd probably use a byte array and the Windows Communication Foundation binary encodings - taking SOAP and XML out of the picture entirely. But I'm guessing this predates WCF.)
Admin
I don't think anyone is questioning storing the pixel order. The WTF is the stupid XML notation. First off, it didn't really need to be XML. But since it was XML a smaller (and more correct) form of XML could have been used. One example: <signature> <point value = 87/> <point value = 111/> </signature>
There was not need for the double sig element, especially since the interior element is NOT a signature, but just a single point. Not to mention the other numberous ways to encode the data (base64, csv, json, etc)
As far as the dev being dumb, yeah the dev was dumb. You can add attributes to the datatable to tell it to use a better form of outputing the results.
Admin
Can I use that as my sig?
Admin
I worked on a similar project years ago. As I recall the data source contained packed coordinates. I think an entire signature was less than 800 bytes of coordinates.
Wrote a C program to: Create blank bitmap in a predetermined size Unpack the coordinates Scale the coordinates to fit in your bitmap Plot each set of coordinates, drawing a line between them. For good measure, shade the lines so it is visible. Send them to be loaded in batch as blobs on the database.
Admin
You coulda just used 'dot'.
Admin
JPEG's monochrome encoding is called JBIG. It's based on CCITT fax encodings, similar to LZW-packed TIFF, and has no dct-coding to make it blurry and noisy.
Admin
I didn't realise it didn't say ladies until I read your comment!
Admin
Admin
Sounds like a temporary hack. There's nothing more permanent than that.
Admin
TRWTF is that almost every single person who has posted "better" encodings of the data has actually posted invalid XML.
Protip: attribute values must be quoted. <pixel x=0 y=4/> is not XML. The valid way to write this is <pixel x="0" y="4"/>.
But I guess it's asking a bit much to expect commenters on TDWTF to, you know, have the faintest understanding of the things they're pretending to be experts on.
Admin
Until i read your comment i only saw 'ladies' too!. :)
Admin
I'm glad I'm not the only one who thought that.
Admin
Admin
+25 internets.
Admin
Don't you see? This way they can use xslt to transform it into a bitmap!
Template select="/"
LOL
/ template
Admin