- Feature Articles
- CodeSOD
- Error'd
- 
                
                    Forums 
- 
                Other Articles
                - Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
 
 
            
Admin
So passwords must be a random length and random characters are said to be incorrect?
I also like the bit where if the user enters, say, 4 characters, they are told the password needs to be at least 5 characters, instead of 7 which is actually the minimum.
Admin
Now that's what I call secure!
Admin
Drat!
wunshine776@
"The character 's' is not supported in the 4th position"
Admin
Nice one :)) Better yet, there is the classic #define true false // happy debugging suckers !
Admin
Man, I've seen bad code, stupid code, ridiculous code, but purposefully fraudulent code? That is special.
Admin
Another old fun thing to find in code is #define private public
Admin
The character 's' is not supported in the 21th position either!
Admin
22th post?
Admin
I have recently found out that my current electricity retailer doesn't let me change my web account password. Their "technical support" script monkeys have apparently been instructed to advise people who wish to change their passwords to use the "retrieve forgotten password" function instead - and despite what they tell me, this doesn't actually change the password, merely generates an email containing the current password, in plain text.
I wonder if Marius's erstwhile coworker is now employed by their web design consultants.
Admin
#define private public won't do much harm. If you would have had #define public private That is an entirely different story :P
Admin
You forgot the first line of that script:
if( Math.random() <= 0.1) { window.alert("Smile, you're on candid camera!"); }Admin
Wow... just wow. I wouldn't even be able to come up with something that... evil.
Admin
Or, as the late Douglas Adams might have noted...
#define black white
(and get yourself killed on the next zebra crossing) :)
original quote
Apparently, akismet thinks this is spam because I put a URL in here. Well, I guess I just have to keep typing until akismet likes me... :)
Admin
Apart from totally screwing encapsulation.
Admin
Thanks, I needed a good laugh this morning.
I would also imagine that ever users initial password is set to something ridiculous to start start with. My guesses would be that the the user.setPassword goes something like this
if (userName.length < 5) return "*******" else if (userName.length > 5) return "secret" else return null
Admin
FTFY.
Admin
**
Password must be longer than 3 characters!
Password must be longer than 5 characters!
Password must be longer than 7 characters!
but lentgh of 7 gets past that test...
Admin
I can't make up my mind if this is evil or stupidity in action
Admin
Admin
Is this really 21th century code?
Admin
Mind == Blown
It will do plenty of harm if the person debugging assumes that an objects internal state can only be modified by means of its public interface.Come to think of it, it would probably be a bit similar to debugging a multi-threaded application that does not make use of any synchronization at all.
Admin
An ultimate form of job security for IT?
Admin
GenerateRandomError
'nuff said.
Admin
while (true) { [...] alert(GenerateRandomError(password)); }
that's my favourite part
Admin
23th post... would've thought 23rd, but apparently not
Also, nice trick making the end of the while look like the end of the else... classy
Admin
This code totally changes the playing field. Programming could become a lot more fun. How about after three failures, the input field moves away as soon as the mouse cursor approaches?
Or the screen could say, Multiple password failures detected. Verify Identity: Social Security Number ______________ Date of Birth (mm/dd/yyyy) ___________ Mother's Maiden Name ______________ ...
Admin
I know guys that evil. They always happen to be short tubby guys with short fat fingers. These bastards do the absolute minimum: come in at 11:00, check up on their their e-mail (reading any jokes out loud - you wanna hear a joke? you wanna hear a joke? ...), go out for a 90 minute lunch, come back, play games for a couple of hours, burping and farting the whole time, then head home around 3:00.
Except when the boss is around... These fuckers have an uncanny sense to be in the right place at the right time, to step into high gear to look busy, and make themselves look like some kind of demi-god.
True story, many years ago, new client coming up, I spent two weeks of work in one week getting the website ready, and needed just one piece of information, some password or security key or something. Of course I didn't have it when it was needed, so at 11th hour the site wasn't working. Butt munch just happens to be there late at night when the boss is freaking, helps him to look through his e-mails, conveniently skipping over my frantic requests, to find whatever. He plugs it in, site works beautifully. Next morning, he looks like a hero, I look like a douche bag. I'm getting angry now just thinking about it.
They pervade every industry. I remember in many of my non-IT jobs, these short tubby guys who do dick all until the boss is around. God have mercy if they do any work on your projects, you spend twice as much time undoing their shit, then doing it right. Stupid fucks.
Admin
Amateurs!
#define sizeof(x) (rand() % sizeof(x) + 1)
Admin
That's okay, C++ doesn't have encapsulation anyway.
Admin
I'm no JS expert, but doesn't this always return 0?
I believe Math.random() returns a random float between 0.0 and 1.0. Calling floor on that will result in 99.99999% of the time to return 0, only when Math.random() returns exactly 1.0, floor() will return 1.0 . Right?
Admin
This comment is not allowed in this position. Please refresh page and try a more secure comment!
Admin
I know exactly what/who you mean...thanks for reminding me...sigh
;)
Admin
Of course it does. How else would the following bit of code work?
switch (error) { case 0: return InvalidCharInPosError(password); default: }Admin
Laboriously lifts short fat middle finger tl;dr
Admin
What in the name of Hastur...
I guess that the aesop is "never attribute to malice what can be attributed to malice and stupidity"?
Admin
Ah, yes. I always think of Dennis Nedry (Jurassic Park) when I picture these guys. I knew a guy like that who worked in the same lab with me. One weekend I came in to work and needed something stored on the machine that he usually used. Browsing through the temporary files folder, I realized it was filled with videos of gay porn. I felt the sudden urge to wash my hands when I finished with that keyboard and mouse...
Anyway, you need to learn to protect yourself from people like that, especially if you suspect they are intentionally withholding information. Your "frantic requests" should have been CC'd to your boss after the first couple don't get a response (or after you talk to him in person and still get nothing). You should make a point of saying things like "Yep, boss, it's all done, all I need is that security key from Joe, as soon as he gets it to me, the site will be live." Bonus points if such an email is timestamped at 11:00pm on a Sunday from your work PC.
Or start emailing a few other strategic people with things like "The site can't go live until I get the security key. Unfortunately Joe hasn't been able to get it to me yet. Does anyone else know the key so we can get this site live? We need it ASAP."
The trick is being diplomatic. In your email, give the benefit of the doubt and assume best possible scenarios, that way everyone else can draw their own conclusions about how far off the mark you are, without making you look accusatory.
e.g. "Joe is being an ass and is ignoring my emails and refusing to give me the key" -- makes YOU look like a whining child.
"Is Joe sick at home today? Or is he working on a really high priority project? Because I've been trying to get the key from him, and I haven't been able to get a response from him at all." -- makes everyone who has seen Joe in the office, and knows he's not working on anything super high priority, realize that he's being an ass.
Admin
Hey! I resemble that remark!
I assume your job, like mine, involves reading TDWTF too then? Because surely you're not dicking around right now as well?
Admin
What's even better is that Math.random never returns 1.0 (the range of possible values includes 0 but excludes 1), so it is like playing Russian roulette with a anything but a revolver.
Admin
var error = 0;
Admin
Admin
I salute your Lovecraft reference.
Admin
From the "* 1", I'm guessing he was originally intending to return other random errors but was just too lazy to be more evil.
Admin
INVALID_ATT_SYNTAX DSE_UNWILLING_TO_PERFORM
Or simply
AcceptSecurityContext Error.
It will never even give you a slight hint of what went wrong.
Note: The INVALID_ATT_SYNTAX is also given when your password doesn't conform to the password policies. Go figure.
Admin
The standard doesn't allow it. Preprocessor cannot alter meanings of keywords.
Admin
You shall not pass(word)!
Admin
Do I enter the passoword before or after I enter the password?
Admin
+1
Admin
Admin
Yep. There's yer problem right there.
Admin
Protip: Being confrontational is often better than sitting back and getting really really mad, and then telling others on the internet. Did you ever, you know, do anything about it?
Re: TFA, TUWTF is that refreshing the page would somehow solve a null reference.