- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
In WV, if you have it to go, you arent charged tax.
Admin
Admin
Makes one wonder what Still mineral water is made from.
Admin
Admin
In the UK it makes a difference to the VAT, iirc. Cold food and drinks are zero rated if eaten take away, they're taxed at normal rate if they're eaten on the premises. Hot food is always taxed.
Although certain products are always zero rated/standard rated irrespective of where they're consumed.
Admin
The mysterious "A required resource was" message seems to come up across a variety of Corel products - I used to regularly get it in the original Multimedia Fusion before its publishers went independent. Unfortunately, though it may look like it's saying that everything's OK, the result of getting it was always disastrous - namely an instant crash, and it always happened at the exact point you thought "It's probably about time I saved".
Admin
Admin
In some countries, the advertised price is the pre-tax price, and the tax is added on as a separate line item.
Admin
Admin
Admin
"when I was younger, I said I wanted to meet and marry a girl that was rich, smart and pretty. Today I would be glad to find a girl that has any 2 of those"
Admin
Well, the lemonade is still lemonade now, so the extra 82 pence must be for the guarantee it'll still be lemonade after it leaves the store.
Admin
Indeed. But your are still paying 12% more tax if you eat in. Which is the reason why the bakeries got into trouble: People eat in, but the bakery only paid 7% tax instead of 19%. (read as: More of the money to pay has to be considered tax, even if the total mustn't change - the mustn't is intentional!)
So, if you eat in, more of the money the seller earns has to be passed over to the government. If you eat out, the amount is reduced.
The bakeries just always passed 7%, which is considered tax fraud.
Admin
Regarding the password one. It might not be clear to you if all you develop are windows applications, but if you are developing a web application it is standard practice to cover up the password using asterisks. I think this is a good design and just misunderstood by the poster.
Even on the password recovery screen (forgotten password), you should not show the password on the web page. For example, on my companies website, that I developed, if you forget your password, then you can retrieve it by entering your login name and type in the email where you want the password to be sent, and it will mail you what your password is, but NEVER (NEVER!) display the password in plain text on a web page.
Admin
Or maybe it is because of sales tax laws? Or course, you are the genius...
Admin
This isn't unique to web development. Any program that could possibly used in an environment when someone could potentially be looking at your screen (read: basically anywhere) should have the password field replaced by asterisks or dots or something so that it isn't directly visible.
Instead TRWTF in that picture is that it's asking you to confirm that you want to change your password from "******" to "*********". It might as well just ask you to confirm you want to change your password from "oldpassword" to "newpassword", it would be about as helpful of a confirmation.
Also, I dislike websites (or anything else really) that will e-mail me my current password. I much prefer it simply resetting my password and emailing me a temporary password that is required to be changed on first login. It's entirely possible that the password is used for other things and I just forgot that I used the same one for xyz.com website. Now I had an e-mail sent in perfectly plain text that contains a password that perhaps could be linked to everything from pointless forum accounts to my financial accounts, not what I'd call a good security practice. Also mailing the current password usually means that it's stored in the database as plain text, and even if it isn't it means it can be easily determined. Once again, not a good security practice.
Edit: Hmmm, on second thought this must be a troll. "you can retrieve it by entering your login name and type in the email where you want the password to be sent" In the case that it isn't, my username is Company_CEO and my e-mail is [email protected]. I expect my password soon.
Admin
You reply as if you are correcting me but in fact you are just repeating what I said. If you buy two bottles seperatly it will cost you less than buying two bottles with the offer.
Admin
"Regarding the password one. It might not be clear to you if all you develop are windows applications, but if you are developing a web application it is standard practice to cover up the password using asterisks. I think this is a good design and just misunderstood by the poster."
As the submitter, I totally understand why it did what it did and I agree with never showing the password. However, to make it unWTF for me a message of "the password will be changed, and no you can't see it" would be more meaningful than fields of stars.
Admin
Admin
It is stored in the database, which is secure. Only a few people know the database password, I am one. This also makes it easy to check the password for login.
Admin
I still wouldn't like the fact that the security of my password is linked to the security of "a few" other people and their practices.
Also: look into a fancy new thing called hashes. They're really neat
Admin
Admin
I didn't want to go into details about it because it is complicated, but I wrote a hash that is used to scramble the letters in the password, then it can be un-hashed using my UnhashPassword() function so you can compare it to what the user types in. Trust me, it is secure.
Admin
Solution 1 (your function): I obtain the database password, it doesn't matter how. Given that you use a simple scramble function I can look at the database and see exactly how long all the user passwords are. Also I can simply create a new user and assign a password of that same length, see what the function does and (fairly simply) reverse engineer what a given users password is. Alternatively I can simply find your code base and take a glance at UnhashPassword() and have access to every password stored.
Solution 2 (I like to call this the real way): I obtain the database password, it doesn't matter how. In the scenario passwords are stored after being passed through a one way hash. I can look at the database and see the hashed values of all passwords, however assuming you used an even remotely decent hash function I am still screwed because I cannot feasibly reverse the hash function and I am essentially stuck with a guessing game. In other words, having access to the database and/or code base gets me no closer to knowing a users password.
In your solution every password has 3 points of weakness (the user, the database, the code base). In the real way it has 1 (the user).
Using a one way hash that's even remotely well designed is also very quick. Going text->hash is very fast and comparing hashes is trivial. The point is that going hash->text is extremely time consuming and generally designed so that the time it would take to crack the password would be greater than the lifetime of said password.
Admin
I ACCIDENTALLY THE ERROR MESSAGE!
I ACCIDENTALLY THE WHOLE THING!
Admin
There. Does that clear it up for you? Everything is fine. There would only be a problem if the required resource was not actually required in the first place.
Admin
Actually this is just a friendly reminder about past performance. It's telling you that, at some point in the past a required resource did in fact exist. Think of it as a friendly daily status report.
Admin
I think we will have to agree to disagree about the best design in this scenario. I don't think you would be a good fit for my development team though, and if you worked at my company, I would keep an eye on you to make sure you didn't snoop in the security table.
Admin
And here I thought they were just charging extra to make sure that the product remained lemonade even if you bought two of them.
Admin
I got this far before realizing this was TopCod3r. Got me.
(Since I'm here... the best way to avoid leaks is not to keep sensitive data. Unreversible, salted, hashes are pretty good at minimizing risk of leaked passwords.)
Admin
If they order coke serve them their fucking coke and don't annoy people who are intelligent enough to only order what they want.
Admin
I think that's about the most common WTF you have when you order food or drinks
Last I was in France at the beach, going to a kiosk for some drinks:
"i would like to have 2 cokes, a fanta and an Ice Tea" "We don't have Ice tea" "Oh give me a sprite instead" "ok"
WTF
Admin
We programmers have to be careful and precise when constructing dialog messages. We wouldn't want to confuse the user now would we?
Admin
But available, it was not.
Admin
In parts of the south of the US 'coke' is actually the universal name for all soft drinks. Me: "I'll have a coke please" Server: "Ok, what kind"
Mind you the case of "..and would you like a drink with that" is likely just a cashier who doesn't care about their minimum wage job enough to actually listen carefully to what you're saying, and frankly I can't blame them
Admin
But if you now have access to everything in the database, why would you want a user's password?
Admin
Obviously someone mis-typed 3 pounds instead of 2 pounds.
Admin
I'm from Ohio too, but I never understood that part of our tax law. I ALWAYS take my food out with me! If I eat it there or not, because I just don't have time to wait that long. I also don't feel like puking out as I exit either :/
Admin
Reminds me of this
Admin
The last one clearly says something is missing, either the resource is missing or it's contents are missing. It says "A required resource was empty" or "A required resource was not found".
Admin
Reminds me of the joke where a guy gets married in his 20s to a beautiful woman, but she bleeds him dry financially and he gets divorced.
So he gets married again in his 30s to a smart girl, but she gives him an inferiority complex big time, and they separate.
Then when asked what he goes for in his 40s... and he says "big tits".
Admin
Actually they are pretty common, but they are all married :-(
Admin
Actually, both candidates will lower your taxes (thus increasing national debt). Do a little research before you go to the voting booth and before you make assumptions like that.
Admin
Stop me if you've heard this one: (1 * 3) < (3 / .5)
Admin
This Comment Is
[OK]
Admin
Don't know where you live but around here if it's "to go" then you don't pay taxes on dairy products, ie. it's cheaper.
Admin
Is there a skimmer on this ATM?
Admin
-Lego.
Admin
We seem to have a fair number of foreign readers. I have a question, what do they call a "McDonalds Quarterpounder" in Europe? Do they translate the weight into kilos? I suppose Burger King wouldn't have that problem with the Whopper.
Admin
I was leaving a comment and my comment was