- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
And so the student becomes the master.
Admin
With that password, the student can become the mentor!
Admin
It's pretty bad that the mentor was writing code like that. It's even worse that the mentor thought he was a good enough programmer to teach others his bad ways. Ignorance FTL [:P].
Admin
This is nothing a couple of Mentos can't take care of.
Admin
he must be above all the "new thingies" those young bucks use! Ha, who uses RDBMS anyways! ^o)
CAPTCHA: DOOM
Admin
Well shit on me and call me a sunday :|
Admin
The mentor /still/ shouldn't have been groaning. If it was a flat text file surely a quick search and replace (ie sed "s/<h2/<h3/g") should have been enough...if anything that was an /advanatage/ of the flat file.
Oh, and I hope he used some obfuscated homebrew hashing algo on the password file.....
probably not.
Admin
Could've saved all that trouble by discovering the 'search engine'...
Admin
Are you kidding me?? And a client paid him for this. I hope the student introduced the master to the 20th century. Correct me if I'm wrong but what happens when the client inputs thousands of records and the text file database gets bigger and bigger? It might not be today or next month but if the client continues to use this for several years this could become a problem.
And don't get me started on the password.txt file.
Admin
This just reinforces my desire to create a web bot that simply crawls the web looking for password(s).txt.
I imagine I'd be quite surprised at what I'd find.
Everyone knows that for security reasons you create a passwords.txt and put the user names in it, and a seperate users.txt that contains the passwords. I mean, cmon now!
Admin
Right on. That's how my bank does it.
A file called AccountNumber with my balance in it and one called AccountBalance with my account number.
Admin
stupid forum...
The mentor /still/ shouldn't have been groaning.If it was a flat text file surely a quick search and replace (ie sed "s/<h2>/<h3") should have been enough...if anything that was an advantage of the flat file over a database (about the only one). Oh, and I hope he used some obfuscated homebrew hashing algo on the password file.....probably not.Admin
It's scary how often I see this happen. Before doing a project, always sit down the designers and the developers. It's amazing the time you save.
Admin
WTF! clearly, he should've named the file
obscurenameforthepasswordsfile.txt
Admin
Another perfect stinker! On a side note, where does one find a reference "Here's the best way to do a task..." for a particular language? Reading through the programming manual will give you the syntax structure for what needs to be done. To understand how to best apply a toolset seems to be reading through tons of posts on the web, skimming past flame wars on where to put the "{" etc.
I ask because I am now starting off with Flex-2 development. I'm ok with sytax, structure and relationships (to a degree at least), but, stuck at "whats the best way to do things like check for login status, cross communicate between panels/forms...is that a 'no/no' " and so on. Any suggestions on the best way to quickly get up on application-level-development for a particular language (is there a book series slanted this way??) - and if you have any particularly good suggestions on Flex2, I'd much appreciate it!
-Mike
Admin
But the Mentor was wearing over 35 pieces of flair!
Admin
passwords.txt .... that's just precious [Y]
Admin
If the entire 'DB' was really in a flat text file, it should be pretty easy to change all the H1's to H2 or whatever.
Admin
I've always like the O'reilly "cookbook" series...they always have good recipes for that sort of thing.
Admin
The password file looked fairly secure to me! Both the User ID and Password were "Doubly encrypted using ROT-13"!
Admin
The problem with consultants is that the ones with sufficient people skills to convince someone to give them the job often have insufficient development skills. This sounds like a salesperson who picked up a Learn HTML Programming in 21 days book. If PHB's had any brains at all, they'd think, in this order:
Admin
There is no such thing. You seem to be confusing language with implementation. Languages have features that may ease the burden of very small tasks but they do not change the basis of a good pattern.
Admin
Actually, this could be pretty easily done with a Perl/Python/awk/etc.
if /^\<H2.+\>.+\<\/h2\>/
s/font-size:14px;/font-size:16px; text-align:left;/
Or whatever...
Still a wtf.
Admin
FIRST!!!!
(OK, I know the actual "first" was nearly an hour ago, but no one had done it yet, and when has no being first actually stop someone from post "first"?)
Admin
Neither first, frist nor brillant!!!
Admin
The real WTF is that 'style=' is allowed in any element, ever.
When I waste time thinking about this (not often except when confronted with WTFery like today's example), I wonder just what they were thinking.
Admin
Um, I was talkiong about MY post, not James C's post ;)
Admin
Do you really think that someone who codes their layout into a flat file would know how to easily replace the formating using code?
Admin
Want to take out style=, eh?
Admin
Like I have always said:
Admin
Not really a WTF to me. There's nothing more fun than wading through a stylesheet with a ton of one-off styles. (Especially since, after awhile, you just flat run out of decent names for elements and start using td000001 and other egregious crap like that.)
Admin
Actually, that comment was directed at the "removing 'style='" comment, not at completely restying <h2> inline, which is, of course, completely dorky.
Admin
That is an instant CLASSIC!
You, sir, have a Paula (aka brillant) mind
Admin
Heck, no search and replace is necessary. Just put in at the top:
h2 { font-size: 18px !important; }
and that should override all the inline styles. It's just a quickfix, but it'll appease the clients while the html gets cleaned up.
But yeah, definitely time to get a new mentor.
Admin
"While the html gets cleaned up"?
Made me laugh out loud. Surely one thing that'll never happen. Ever.
I can only try to imagine...
< !-- 2003-03-10: quick css fix for now. Will cleand up html later -->
<!-- 2003-03-10: quick css fix for now. Will cleand up html later -->Admin
Just use google:
- I hope this guy didn't get an A on his project: http://dlib.cs.odu.edu/completed_projects/ncstrl+/authortool/password.txt
- This one has a special text file per each user: http://home.iae.nl/users/geerings/password.txt
- This message board is a hoot. Note that it stores all messages as html files: http://lostillusion.net/LI/Board/
- Not only does this one store the password on the web in cleartext, it also has only one possible user: http://www.anunciosdeocasion.com/cgi-local/password.txt
etc. etc. find more here: http://www.google.com/search?q=inurl%3Apassword.txt&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:officialAdmin
Perhaps followed by
< !-- 2006-04-19: corrected comment to "Quick CSS fix for now. Will clean up HTML later" -->
The HTML is still in the "later" pile. The comment is more accurate now though.
Sincerely,
Gene Wirchenko
Admin
Regarding steps to set up a web application, here is the quick list.
Admin
At some point in time, (early 2003,) XHTML 2.0 was going to have the STYLE attribute removed completely.
But people must have whined enough to get it put back. :-(
It's still in the draft specification.
Admin
I'm convinced that many sub-par consultants actually engineer these disasters as a form of job security. If you think about it, it makes sense.
Rather than deal with all that planning and design crap, you mash something together that works for the current situation. If you build a system that will inevitably fail as the client's business grows, you have an opportunity to come back in and do the same thing on a larger scale (interpreted, more $$$). If the client dies out, then you saved some otherwise unrecoverable brain cells.
I'll call it... Consulting 2.0.
Admin
Yes, that's true, but google only picks up links. He's talking about a spider that specifically requests "password.txt" in every single folder in every site it finds. Google won't. (On the other hand, some worm probably does.)
Admittedly most sites that stupid run a good chance of having an external link to it somewhere.
Admin
That's some WTF to be sure.
Surely the 'mentor' could easily fix the formatting problems with judicious use of sed?
Admin
I only wish I could comment on this without making my own employer look too brillant.
Admin
Actually the problem is not just with consultants. It is also with customers who want a cheap solution and buy without having any real idea what can actually be delivered for the amount of cash they are paying.
Also the consultants who can sell and actually deliver complex solutions cost a packet of cash. Said consultants are often undercut by the dodgy consultants with no real capability - this gives consultants in general a bad name.
<o:p> </o:p>BTW – I work for a consulting company who in general delivers quite complex stuff that customers are on the whole reasonably happy with. Hence the defence of consultants.
Admin
doubly-linked list of today's activity:
<FONT face="Courier New"> delete password.txt</FONT>
<FONT face="Courier New"> new <FONT color=#006400>brillantmoose</FONT>.txt: <FONT style="BACKGROUND-COLOR: #ff1493">"tickle my unda belly!"</FONT></FONT>
<FONT face="Courier New"> new <FONT color=#800080>ticklemyundabelly</FONT>.txt: <FONT style="BACKGROUND-COLOR: #7fffd4">"brillant moose"</FONT></FONT>
whoops! I dialed the wrong number again...WTF, this is even my phone! [li] <click>
Admin
Just curious, what difference does it make?
Admin
Smoothness is correlated with how much practice one has with selling/interviewing. Those who are really valuable generally don't interview a lot (because they get jobs right away).
At least in my experience. I've often picked those who don't interview quite as well (appear a bit flustered or speak too fast, that sort of thing). I look at qualifications primarily, of course, but if they're too smooth it makes me suspicious.
Admin
The real real WTF is the hard-to-guess username/password combination. I'm sure intruders would never try "admin:admin"!
Admin
Or 'New Text Document.txt' , or 'Book1.xls'
Everyone's got one of those somewhere and no one knows what they are for.
Admin
The point of CSS is that it controls the way HTML documents appear to the user.
The HTML document does not have to look like any particular image on-screen. This is because HTML can be presented in many ways -- on a computer, on a phone, on paper, or even read as speech for blind people. In HTML, a <p> tag means "this is a paragraph" but it does not have to be any particular font or color or size, or in any particular place on-screen. Some people might be blind and need to have the paragraph read aloud, others might have bad sight and need a very large font, or different colors that they see better. The user might be using a phone and have a very small screen.
You should not hardcode HTML directly into a database table, and you should not hardcode CSS directly into your HTML tags, either.
When classes are used with CSS, the class itself has the CSS attributes. That means you can create a class called "mainbody" for the main text of a blog, for example. Then you can set the font, color, size, etc., for the main text. It automatically applies to all elements that belong to that class, so the entire blog can have new colors just by changing one CSS file. People with special needs can create custom CSS to override the web site's settings in their own web browser.
If you hardcode the CSS directly into every page of the blog, then you lose all that.
The reason that the style attribute was left in is so that you can still write <span style="color: red"> I want some red text here </span> if you need to do that, because you might be unable to change the rest of the HTML (you might be sending HTML to a DailyWTF post, for example) or if you just want to make something red in just one place and you don't want a CSS class for that (and you don't care about people who are colorblind and can't see red things).