- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
This isn't nearly as bad, but for my last CS course I took (operating systems...fun stuff), to access our grades we needed to choose a "magic word". I entered in my name and email and student id, but then accidentally hit enter before entering a magic word.
Well, there were no checks like "your magic word must be longer than 0 characters" or anything...it let me choose a blank magic word. I couldn't change it afterwards, and even worse the ONLY thing you need is your magic word to view your grades. So now if anyone goes to the course webpage and clicks the "login" button before entering anything, it goes straight to my grades.
The professor was very good otherwise. To his credit (or not) I think the site was set up by a TA (whoever wrote it seemed to not speak English as their first language, and the prof did). However I emailed him and never got a response.
Ah well, they're just grades...and I kicked ass in that class.
Admin
There's an "ER" sound in carrot? Like the one at the end of idea?
A glance in Webster's Encyclopedic Unabridged Dictionary of the English Language (c. 1989) reveals this: carat and carrot are both pronounced with the schwa in their second syllable, the sound used in the unstressed syllables of most words (the a in alone, the e in system, the i in easily, the o in gallop, and the u in circus), whereas proper pronounciation of caret would use the short i sound (the i of if and big).
So, all-in-all, I'm not at all surprised that most Americans would find the words to be homophones, given our tendency toward weakening vowel sounds whenever possible; however, it is true that in careful speech, caret should sound like "care"-"it" whereas carrot and carat should sound more like "care"-"uht".
CAPTCHA = shizzle
Admin
Typical reaction for somebody who most likely knows only 1 language (his own) to a guy's typo whose mother tongue is probably Greek, looking at his name ... I'm not sure but it's probably the typical american arrogance that your so ignorant of. I could have made some typos/syntax errors here aswell, but hey at least I can express myself in 4 languages ...
Erlend from Belgium ( that's a country in the middle of Europe dumbo ! )
Just been a little pissed now ;)
Admin
Snigger! He said homophone!
Admin
[quote user="do n"][quote user="Anonymous"]Caret. Carrot. They're not even homophones.[/quote]
Depends on where you're from. They're homophones to me (US, western Pennsylvania)
[/quote]
"Caret" rhymes with bet/get/net. "Carrot" rhymes with but/gut/nut.
Admin
Those who can't do, teach.
Admin
<FONT face=Tahoma size=2>You know your like is meaningless when you "bust a blood vessel" over how people are spelling CARET and CARROT when the actual issue at hand here is , as previously mentioned, that these courses do "prepare" people for real world applications.</FONT>
<FONT face=Tahoma size=2>This is what an IT degree does to you! No experience, all theory. Look how far it gets them!</FONT>
Admin
Jung gur shpxG..LL
What a load of crap. This is no theory! and no (good) practice either.
Admin
[quote user="Anonymous"]
[quote user="do n"][quote user="Anonymous"]Caret. Carrot. They're not even homophones.[/quote]
Depends on where you're from. They're homophones to me (US, western Pennsylvania)
[/quote]
"Caret" rhymes with bet/get/net. "Carrot" rhymes with but/gut/nut.
[/quote]
Are you aware that not everyone pronounces words the same way?
I'm not american, but even inside the US there are major differences between a new yorker's speech, a floridian, or a redneck from the deep south, there is no reason why one of them wouldn't pronounce "caret" and "carrot" the same way.
Admin
<FONT size=2>"I have never let my schooling interfere with my education." - Mark Twain (1835-1910) </FONT>
Admin
Hey, no need to bring his orientation into this conversation...
Admin
I'm curious. How many people on here pronounce "panache" to rhyme with "apache"?
Admin
Same here, and you guessed it; I'm also in Pittsburgh.
Admin
That's called dialect. ;)
Admin
The whole mess sounds pathetic to me. It's not intellectually hard to do good security, but people manage to find ways of screwing it up all the time, trying to take shortcuts rather than doing the work. I can't count the number of times I've seen an authentication field sent up through a GET statement, visible right there in the URL. The "smart" people will hash it, but it's still problematical, because you're letting the user change it. And the "hidden" field is sadly common as well. If $logged_in == TRUE {} as a javascript, common.
Always pass authentication information on a server-side session cookie, and, if at all possible, hit back to a database on a regular basis to make sure the cookie is valid for the session/user. Never store a password plain text, and never let a user send a password over an unencrypted connection, and even then, don't send it more than once...hash it against the sessions id, and check that value. DON'T USE MD5. Never leave authentication information where the user can see it. They should see a text box for username, a password box for password, and nothing else that is not cosmetic. Don't do anything related to security with javascript...that's not what it's for.
The stuff is all common sense to anyone with experience. Read any article on securing web applications and you'll see the same stuff. But if common sense were really common, there'd be no word for it, and nobody reads the instructions.
Admin
If that's true, then its not a Comp Sci class, its a math class. And he's a math professor.
I took a semester of RSA cryptography, and indeed, we wrote fewer than 200 lines of code all semester...we wrote over 1000 lines of mathematical proof.
Can we please, for all thats holy, post the name of the professor? We're not going to flame him or anything, I just want to know if this is a big school to tell CS prospects not to go there.
Admin
That explains it - in eastern PA we enunciate. Let me guess: you think at least your" and "you're" are homophones, too. "hour", "our", "are". I've heard the hillpeople pronounce those the same, too!
Admin
Admin
I'm certain that the Cheney with a Gun jokes will stop soon after the Conservatives stop telling Clinton with a Cigar jokes.
Admin
Admin
Just like with POST.
Admin
Caret, Carrot, and "Care It" are all homophonous in my corner of the States (Cleveland, OH). Since we do not have accents (though every one else in the world does), I'm sure that our pronunciation is the correct one. Add that to the fact that a caret (^) resembles a triangle and that carrots are generally symbolized as triangles (as the below image shows), it's easy an easy detail to mix up.
[image]
Admin
Actually, while "caret" rhymes with bet, get, and net, "carrot" does not rhyme with but, gut, or nut. It does rhyme with abbot, tenet, senate... If you can't hear the difference, seek out a local linguist. It's a lot of fun to explore sounds that we don't differentiate (just as native Japanese speakers have trouble with l's and r's).
Cleveland certainly has an accept all its own...(actually, the area around Lake Erie).
Still, how many Americans see the word caret in print? Not many, I'd say.
CAPTCHA = hacker
Admin
Hmmm .. I've lived in Boston, New York City, Phoenix and Portland and it's always been 'care-it'.
(krt) versus (krt) according to dictionary.com
Merriam-Webster has:
Pronunciation: 'ker-&t, 'ka-r&t versus
Pronunciation: 'ker-&t, 'ka-r&t
You people talk funny
Admin
really sad. that prof should be fired.
Admin
What are you in...seventh grade?
Admin
It sounds like the Professor was reading the book UPSIDE DOWN!
Admin
Europe?
Admin
Bah! I don't care what any website or official reference book says. Carrot and Caret are both pronounced the same way. Kah Are Air Eh It. I really don't know how or why people are pronouncing it with two syllables when it CLEARLY has five.
Admin
For what it's worth, the project for my Masters degree involved porting TeX (Knuth) to support a then-new typesetter. It was delivered to us as about 10K lines of unformatted, uncommented, unindented Pascal, all as nested subroutines under a single 'main' subroutine, that itself was a hack to get around some vile heap space limitation in the Pascal implementation on our mainframe.
I spent quite a while trying to format it in vi, quite a while analyzing it to figure out what it did, and how. I wound up changing ONE CHARACTER in the entire program to effect the change.
I didn't learn a damn thing about programming, I learned that even smart people can write the worst possible code in the worst possible way, and that as long as I jumped through enough hoops, they'd give me a diploma, even if they didn't teach me anything about computer science.
Admin
<FONT face=Arial size=2>This is a joke right? Holy crap!</FONT>
Admin
Why didn't they give you the web source code (the .web files)? Or at least get you a copy of the book? You did know that both the source to tex and metafont are published as books, right? Reading what comes out of tangle is a total PITA. That's just stupid. If you had read the source code, you'd know that it's not the worst possible code, it just gets mangled badly going through the preprocessor. That's what strips the comments, re-arranges all the procedures, and in general glorks up the works. OTOH, what comes out of weave (and printed out) is a lot better than what comes out of vgrind.
Admin
No, I just enjoy amusing jokes, sorry if you don't have a sense of humor.
Admin
We once had a PhD in electrical engineering that could not soldier two wires together ... he often told us that he could derive all that was needed for PID control - I told him that I just needed the controller repaired.
He was also offered the chance to teach Assembly at the local community college - I reminded him that he _did_not_ know Assembly - "no problem I have bought the book" was the response ...
sigh ...
captch == clueless :: how appropriate
Admin
Especially if you've got this.
https://addons.mozilla.org/firefox/966/
I use this extension to test against injection attacks, tampering with VIEWSTATE, and the like.
Admin
I chose the project because I was excited to get to work with something that had been written by Knuth himself. I figured I'd get to see real-world examples of how stuff *should* be done.
This was in the early 80's - there was no web - ergo, no .web files. There was DARPA, but we didn't have access, and I don't know if this would have been available on it anyway. At the time, I didn't know about the books (no clue when they were published). As for the mangled source, I asked why we had to work with it in that form, as opposed to getting, say, a nice clean listing. The professor told me it was all they would give us. IMHO, I think it was just to create difficulty (in what I had imagined as a nice easy learning exercise) to torture a grad-student.
Admin
Wish we had the web when I went to school *cries*
Admin
Just curious: Raider: are you a football fan, or just not a fan of Vince McMahon?
Admin
I just looked it up - the books were published in 1984 - I graduated in 1983, so the project was done in late 1982-early 1983 - before the books were available. I was born too damn soon!
Admin
Yea, I check all the input data on the backend, before I pass it forward, so even if they screw with the POST data, it'll throw errors when the program checks the data against what it should be. I usually use some kind of hash to compare against the session id and the username, and if it doesn't compare, I log the user out and make them start over.
The problem with a GET statement isn't jsut that it's in the damn URL, which is bad enough, it's that it's idempotent...I don't want a user to get back to the same page by clicking on a URL, if I care enough to make it secure in the first place. They better have the right session id, and they better be coming from a correct previous page, and they had better not have an invalid stored timestamp. If they don't, log 'em out. User friendly is fine when everything is happy and unsecure, but if you need secure, it's time to get user hostile.
I love firefoxes developer tools. Tamper data, web developer, view cookies. All good stuff. They make my life a hell of a lot easier...I used to sniff the damn data through homebrew proxies to make sure it looked right, and that is a huge pain in the ass.
Admin
It's the very nature of web applications that sessions can always be hijacked. Well, either that or you don't support proxy servers. The best you can do is to make the session id unpredictable, un-sniffable (by using https), and short lived. A good random number generating algorithm, a 32 character session id, and some anti-brute-force logic will give a site a statistically insignificant chance of having a session hijacked. Anything else is just wishful thinking as you send the session-keeping algorithm as part of the page to the client. You might be able to obfuscated it a little bit, but we all know how well obfuscation works for security. 90% of my apps allow bookmarking and arbitrary page access without compromising security. Often I even go the extra mile to make a page that someone might want to bookmark use a GET. I once encoded a big structure in base72 just to cram it in a url parameter. BTW, at the time I could find 72 characters that worked unencoded in a url, so that's why I chose base72.
All those little tweaks really do is unnecessarily punish users for bookmarking and using the back button. I've seen plenty of web apps that go apeshit when somewhen uses "open in new window". Why ruin a perfectly useful feature that you get for free?
Admin
Your reply is odd, considering the word "most" does not appear in the message to which you replied.
Admin
Oy. Yes, you were born too soon :-) The .web files have nothing to do with the WWW. They're source files in the web language, which is what TeX and metafont are written in. I'd recommend checking out the books, if you have a chance. Computers and Typesetting has two volumes consisting entirely of the source code of TeX and metafont. Another is the metafont source to the computer modern fonts. Knuth is a strong proponent of literate programming, and web is a contribution to that end. I know we had the web sources to TeX a little before your project, since that was what we were using at the time. It was readily available, and beat the pants off of XICS, which was the other fancy typesetting package we had. They were definitely torturing you. :-)
Captcha: paste
How appropriate for something about typesetting!
Admin
+4 Informative
Admin
+5 Interesting
Admin
-30 Stupid
The tone of the above post just actually offended me, and I'm an Australian. I really find this pointlessly offensive and of no educational or entertainment value whatsoever.
Which ever side of the debate on the merits of formal education you may sit, the language and tone used here detracts from any attempt at intelligent argument to the point of obscurity.
... wait a minute, on closer inspection, there is no intelligent argument there..... must be one of those pro-formal education dickheads!
Admin
Hit a sore spot, prof? Get a grip. Academia is chock-full of clueless guys who haven't seen a real application in years. Figure that you're the exception--not so clueless when it comes to programming savvy, but maybe a bit too touchy to hold down a real job.
Admin
I hope Dan is like me and realized that people often use the same passwords for other things. Perhaps the professor did too, or his peers? Perhaps he needs to exercise the importance of good coding and security habbits, by unleashing a reign of terror.
Or he could take the "high road" and quietly show the professor the problem, befriend him, and do well in the subject.
Or he could take the "low road" and grandstand in front of the class, prooving once and for all how uber leet he is.
I think we all know what is most cool to happen in this situation.
Admin