- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Tks for the correction......./me hangs his head in shame
Admin
Admin
WTF code were you reading? That's not what this code does at all: <cfset IDstring = CreateUUID()>
<cfset ThisCustomerID = Left(IDstring, 9) & LSDateFormat(Now(), 'MM-DD-YY')>
It creates a BRAND NEW UUID, truncates it, and then adds the date to it. Where do you see it grabbing the "customerID"? Yeah, but we're all idiots and you are our savior.
Admin
That's true of every generator of pseudo-random numbers. It's algorithmic. By definition.
Admin
He meant that after 82 days, there is a 1% chance that one of the days has a collision within that day. Of course his formula is still wrong...
Admin
For all of you tossing out math to argue over the probability of collisions, here's a nut for you: RNG's are not what they are called, thus you have some function to generate pseudo random numbers that will probably completely screw the correct formulae for true RNGs over completely, and not in a good way either. ;)
Admin
Admin
Admin
No, the poster's math is correct. Whenever you have a factor (1 - n/16^8), you also have a factor (1 - 16^8/16^8) = 0, so the probability of a non-collision is zero.
This is the expected result: when you have 16^8 customers, by some miracle of chance each assigned their own unique ID among 16^8 possibilities(because the programmer didn't feel like using the common-sense approach of having a sequential component growing in length to make the UID actually unique), your (16^8 + 1)th customer will necessarily get one of the UIDs that have already been assigned.
(If you have 367 people in a room, the chance that there is no birthay collision is not "practically" zero, it is actually mathematically equal to zero.)
Note, however, that that poster is not taking into account that the date is concatenated to the UID, this is probably an unintended oversight.
Anyway, I'd say it is HORRIBLE design to depend in any way on how a UID is generated, beyond considering the strength of the uniqueness guarantee. For many purposes, a sequential approach where the first UID is, say, 0 encoded as a N-bit number, and the nth UID is n encoded as an N-bit number, is a perfectly sane approach(for N so large that it will never be reached during the system's lifetime; 64 or 128 should certainly suffice for most needs, some small systems could get away with using 32, aka a standard unsigned int). With this approach, the first k bits would be the least frequently changed ones: this would be equivalent to shortening "00001", "00002", "00003", .. to "00", "00", "00", which is obviously less than optimal.
Admin
Perhaps Alex is a bit busy to try and cater for every single browser out there which has a slightly different interpretation of the standards... and so instead decides to spend his time keeping the 99% of people using mainstream browsers happy, rather than the one person who has made a choice to be different and so therefore should accept that some websites are broken.
Admin
I don't buy that excuse, I've seen plenty of people add dates to random numbers to try to ensure uniqueness. That is almost certainly what they are doing here. Chances are they truncated 9 characters either because of the hyphen in the UUID, or because they are storing it in a database field with only enough room for date+9 characters.
As for the argument about it being too long, I have 16 digits on my credit card, and some utility accounts with 20+ digits, and they are no more complicated to read over the phone than 9 digits would be. Take longer? Maybe, but not any harder. If you want something that can be communicated quickly, you use words or names that are unique, not randomly generated characters.
Admin
Many bad assumptions in there Wim. The UUID returned is advertised as random IN IT'S ENTIRETY. There is no guarantee that it won't return 10 straight perfectly random numbers that all share the same first 9 digits. You simply cannot assume that the random UUID generator randomizes each part separately and then combines them.
Admin
ColdFusion uses the time of day in its UUID generator, but only as the input for a "cryptographically strong random number generator": http://livedocs.adobe.com/coldfusion/6.1/htmldocs/functi54.htm
What you describe does match the standard time-based UUID generation algorithm: http://www.itu.int/ITU-T/studygroups/com17/oid/X.667-E.pdf
The standard time-based algorithm seems kinda broken though, as Raymond Chen pointed out elsewhere in this comment thread. Fortunately the standard provides alternatives.
Admin
By "slightly different" I assume you mean "more correct", since as far as I know KHTML is one of, if not the most standards compliant rendering engines available. If the problem is that KHTML doesn't render the standard properly, then Alex should do nothing, if KHTML renders according to the standard, Alex should fix it since standards compliant browsers are on the rise.
Admin
And the chances of you winning the lottery are 50% -- you either win or you don't.
Admin
According to the documentation, coldfusion uses a "cryptographically strong random number generator":
http://livedocs.adobe.com/coldfusion/6.1/htmldocs/functi54.htm
You can argue what it means to be a "cryptographically strong RNG". But I'm pretty sure that it won't "return 10 straight UUID's with the same 9 first digits".
Admin
Admin
guys, thanks for the excellent time i had reading all comments. i failed to see what exactly is wrong with uuid but the discussion really made my day :)
Admin
Indeed, I see that I was wrong.
Turns out that it is quite hard to post a comment to thedailywtf.com which is not B/S. Must be some kind of WTF-distortion field ;)
Oh well at least I learned something today...
Admin
Based on this thread, however, I see that I have to update my script to wipe out not only captcha with a colon but also "captcha-" and "captcha="
Admin
I know what you mean. The bottom line is, it's neither funny, clever, or thought-provoking. I just don't get it.
Admin
Probably should have just used the function
which returns a never repeating string of meaningless text.
Admin
Ok, Cold Fusion sucks...
Admin
I think I saw the same code the other day... Maybe it's time to leave.
D
Admin
I can think of one possibe motive behind the logic. If they wanted to know when the customer joined, that can just parse the ID to get the date and time. Kind of a piggy back database?
Admin
You are wrong. They are creating a customer ID from a portion of a generated UUID and a date. The customer ID will be different for each purchase. I thought that people who question the intelligence of others are supposed to be smart. See how that works?
Admin
No, your maths is wrong!
Take a simple case, pick 3 numbers (A, B, C) from 1-10. Your method says that the probability of no collision is:
Pnc = 0.9^3 = 0.9 * 0.9 * 0.9 = 0.729.
What you are trying to express here is the probability of:
(A != B) && (A != C) && (B != C).
The problem lies in that fact that (B != C) is not independent of (A != B) and (A != C). What you need to express is:
(A != B) && (A != C) && (B != C, given that ((A != B) && (A != C))).
Now, the third term is the above is 8/9 (9 possible values for B, C which don't match A, of which 8 don't match each other).
Hence:
Pnc = 0.9 * 0.9 * 8/9 = 0.72
The way Anon dealt with the problem is the correct way, which expresses:
1 && (B != A) && (C != A or B )
Giving:
Pnc = 1 * 0.9 * 0.8 = 0.72
Now, returning to the original problem:
We can say that:
Pnc = PRODUCT OVER x=0 to n-1 OF (1 - x/N)
Where n is the number of generated UUIDs and N is the pool. We can now take logs, and conver to a sum:
ln[Pnc] = SUM OVER x=0 to n-1 OF ln(1-x/N)
For large x, this can be approximated as an integral:
ln[Pnc] = INT OVER x=0 to n OF ln(1-x/N)
By my calculations, n=77162 gives just over a 50% chance of a collision and n=9292 gives a 1% chance of a collision.
Chris
Admin
I'm just wondering, why nobody is understanding the idea of this source. The developer just wanted to create some not "very random" UUIDs. The WTF is that LSDateFormat(Now(), 'MM-DD-YY') should be something like this: LSDateFormat(Now(), 'MM-DD-YY HH:MM:SS') or something like this. The idea behind all this stuff is to create similar UUIDs in order to improve database index performance.
Admin
The real WTF is everyone here assuming they know what the number is used for and that it should, in fact, be unique. Guess it's more fun to ASS-U-ME, which is what leads to a good bit of the content that shows up here. :)
Admin
Sorry don't want to get involved in a flame war, so my last comment on the issue. Perhaps I should have said "More correct", I don't know... that wasn't my point! I think if Alex was to do it "properly" and it broke in IE/Firefox and only worked in standards compliant browsers, his advertising revenue would suddenly start to decrease! No doubt he'll worry about the rise of the standards compliant browsers when the reverse is true!
Admin
[quote user="a/c"][quote user="Bill"]Like I said, unless you're Amazon, it will probably be fine.[/quote]
That depends on what the generated customer id is used for, actually. They could be using it to skip the automagic session management, in which case there could be huge collision problems. I work on sites that would go kaboom if we did that, and after seeing some of the stuff that people do in CF, it wouldn't surprise me.
Of course, it's more likely that they are using it to avoid perceived problems with CFTransaction / lack of knowledge of CFTransaction, or lack of triggers/sequences / lack of knowledge of triggers/sequences. Probably involves an Access database too. Blech.
Anyway, Paul N, if you are looking for a more sensible third party ColdFusion shopping cart, look me up. :)
Bay Area ColdFusion User Group meeting tonight!
Captcha: tastey -- um, that's spelled wrong.
Admin
Except that for GUIDs, (I assume this UUID s a GUID) the most significant digits are on the right... the left most digits change first....
Admin
Okay, that's it, somebody needs to run a simulation of this and report back the results!
Captcha: pneumonoultramicroscopicsilicovolcanoconiosis
Admin
The problem is there are lots of companies that have more than 1000 new customers a day. Worse there are plenty, plenty companies have far fewer than 1000 customers per day but the numbers shoots thru the roof come Christmas or if Oprah mentions them on her show.
So there you are, a company that is just meeting its bills and then your sales department hits the jack-pot (you could make as much sales in the next week as the entire last year) and your computer keeps crashing/mixing up orders.
But the time you figured out and fixed the problem the customer will have moved elsewhere.
Admin
I'm sorry you feel that way about theoretical physics. I believe this is a technology blog, so your comment doesn't make much sense.
Admin
Not hard to find out: Browser Standards [webdevout.net]
Admin
I nominate this as the post of month. This is what the site is all about.
Admin
This kind of WTF comes as no surprise to me to be written in ColdFusion.
At my last job we had a ColdFusion guy who thought it would be a good idea to only use the first 4 chars from a MD5 hash. After all, they are diffrent in the 3 tests that he did, so it must be always true....
Lets face it, ColdFusion is the VB of the web. If there is a bigger idiot magnet out there, I've not seen it.
captcha: tastey (ColdFusion? yeah, like a sh*t sandwitch)
Admin
Well you can be a Nazi without being Hitler, but being Hitler and not a Nazi could be tricky...
Admin
Admin
Uncanny. Bothering to make the same post at the same time.
Admin
Hang on. Where am I. Oh yeah. TheDailyWTF. Crap code for most languages...
All platforms attract idiots. They just become more visible when a platform has a smaller user base.
Admin
Be sure to use a cryptographically strong RNG. Like CreateUUID().
Admin
You are right! I would assume that after generating the the id they check if it is already taken, if it is, they generate a new one, until there a unused id is found. But the real WTF is still, why do they generate a 16 byte random number and only use 4 byte (assuming the UUID is the standard canonical form)?
Admin
No, its just more visible when the chronicly unskilled is your target demographic. But in this particular WTF, it just sounded so simmalar to my own experience.
Admin
It doesn't count since you're referring to it...
Admin
Huh? WTF are we reading geeky IDs over the phone for? We have these fascinating tools in this'ere century--we calls 'em computers. One of the really neat things that they make possible is fetching a name, as in a real, human name, from the DB, and using that in human communication. We also have some other sorta fancy stuff, like e-mail, and copy-and-paste, for times when there is actually a need to transmit an internal ID.
Review Database 101--GUIDs are not meant to hold meaningful data--only to guarantee uniquenes within the innards of the DB and related software.
[captcha: darwin--what would he say about the fitness of this species]
Admin
Admin
Just because there's no implementation doesn't mean it isn't technology.
Admin
and yes, coldfusion really sucks !