• sino (unregistered) in reply to Power Troll
    Power Troll:
    Buddy:
    really angry rant

    Protip: Being confrontational is often better than sitting back and getting really really mad, and then telling others on the internet. Did you ever, you know, do anything about it?

    Re: TFA, TUWTF is that refreshing the page would somehow solve a null reference.

    Where the hell's JokeExplainer? Seems like this board's infested with redditors and overused "memes" these days, shouldn't he be fielding these questions? ಠ_ಠ

    The code apparently runs inline, that is to say, as the script loads, it executes a thread-blocking browser prompt dialog, which allows you to type a value and click Ok or Cancel. If you click Cancel, it returns null.

    The lazy||evil bastard couldn't even be bothered to put an input field and a button on the page, to let the user drive the insanity.

    Therefore, the only way to break out of the never-ending cycle of thread-blocking (to wit: preventing you from closing your browser or accessing its chrome) alert() and confirm() calls IS to click cancel on the confirm, because ""!=null. At which point, the page becomes simply dead.

    We can't tell from the post, but presumably the original "programmer" was dickish enough to not even bother putting anything else on the page, so once you canceled, and read his parthean missive, you were left with a blank white page.

    I prefer to visualize it that way, anyhow.

    Cheers!

  • drusi (unregistered) in reply to Jay
    Jay:
    Maybe this is the least of the issues with this code, but exactly why does he multiply by 1? Maybe I'm missing some type conversion that this forces? I seem to recall being taught in elementary that multiplying by 1 was an identity transformation.
    I'm tempted to guess he doesn't have a clue how the random number generator works and just thought that was a vital part of the syntax.
  • sino (unregistered) in reply to frits
    frits:
    Ryan:
    And even worse - the Math.random() * 1. What a waste of 4/8 bytes.

    So he should remove it, and take a nibble out of crime?

    *clap, clap*
  • WhatIf (unregistered)

    So... What if somebody download the HTML page, points to the correct web address, and changes their password? For that matter, what happens if you run around changing random peoples passwords?

    Actually, that could be fun. Does the company have a directory of employees, and do they use their own software?

  • Dan (unregistered) in reply to Buddy
    Buddy:
    I know guys that evil. They always happen to be short tubby guys with short fat fingers. These bastards do the absolute minimum: come in at 11:00, check up on their their e-mail (reading any jokes out loud - you wanna hear a joke? you wanna hear a joke? ...), go out for a 90 minute lunch, come back, play games for a couple of hours, burping and farting the whole time, then head home around 3:00.

    Except when the boss is around... These fuckers have an uncanny sense to be in the right place at the right time, to step into high gear to look busy, and make themselves look like some kind of demi-god.

    True story, many years ago, new client coming up, I spent two weeks of work in one week getting the website ready, and needed just one piece of information, some password or security key or something. Of course I didn't have it when it was needed, so at 11th hour the site wasn't working. Butt munch just happens to be there late at night when the boss is freaking, helps him to look through his e-mails, conveniently skipping over my frantic requests, to find whatever. He plugs it in, site works beautifully. Next morning, he looks like a hero, I look like a douche bag. I'm getting angry now just thinking about it.

    They pervade every industry. I remember in many of my non-IT jobs, these short tubby guys who do dick all until the boss is around. God have mercy if they do any work on your projects, you spend twice as much time undoing their shit, then doing it right. Stupid fucks.

    But how do you really feel?

  • whiskeyjack (unregistered) in reply to Dan
    Dan:
    But how do you really feel?

    Eliza? Is that you?

    Captcha: abbas. They were OK, but Air Supply was better.

  • ideo (unregistered) in reply to WhatIf
    WhatIf:
    So... What if somebody download the HTML page, points to the correct web address, and changes their password?
    What the hell are you talking about? The page is all smoky mirror. Oh, and btw, if you visited the page, you already downloaded it.
    WhatIf:
    For that matter, what happens if you run around changing random peoples passwords?
    Usually, that earns you a chat with the MiB. Sometimes, an all-inclusive vacation at some resort or other. Unfortunately, you can't leave the resort to check out the local scenery.
    WhatIf:
    Actually, that could be fun. Does the company have a directory of employees, and do they use their own software?
    Oh. Nevermind. I get it now:

    "Your a Moran™".

  • (cs)
    else if (password.length < 7)
                alert("Password must be longer than " + (password.length + 1) + " characters")
    Awesome! I am totally going to use this pattern for irritating the crap out of my users one day.
  • (cs) in reply to Bob
    Bob:
    Swedish tard:
    Andrei:
    Nice one :)) Better yet, there is the classic #define true false // happy debugging suckers !

    Another old fun thing to find in code is #define private public

    Amateurs!

    #define sizeof(x) (rand() % sizeof(x) + 1)

    You, my friend, are the spawn of Satan. Please don't ever apply at my company.

  • Christopher Martin (unregistered)

    My own workplace is somewhat more lax than it could be, and not everything gets code reviewed, but I am fairly confident that it wouldn't take too long to discover crap like this. (personally, upon seeing this I would svn blame that file and immediately storm to the desk of whoever's username came up).

    Mistakes are one thing, but this is obviously malicious. Can someone explain to me (this is a serious question) how a business environment can be so dysfunctional that it permits this sort of thing to happen?

  • Pointy Haired Minion (unregistered) in reply to Christopher Martin
    Christopher Martin:
    Mistakes are one thing, but this is obviously malicious. Can someone explain to me (this is a serious question) how a business environment can be so dysfunctional that it permits this sort of thing to happen?
    This is quite a bit of a stretch, perhaps some witless coder wrote that in order to test some other functionality, and then forgot to fix it?

    Still a WTF, of course, but I could see it happening...

  • Steven (unregistered)

    The facade code has a bug in the ordinal display function. It would output, for example, 22th. Which is just wrong. It should check if the last decimal digit is 1, 2, or 3, and if the second digit is not 1 (since 11 is 11th, or 111th). Overall, it should look closer to this:

    function GetPosString(position) {
        if (position > 10 && position < 20) {
            return (position + 1) + "th";
    	} else if (position % 10 == 1) {
            return (position + 1) + "st";
        } else if (position % 10 == 1) {
            return (position + 1) + "nd";
        } else if (position % 10 == 1) {
            return (position + 1) + "rd";
        } else {
            return (position + 1) + "th";
        }
    }
    
  • (cs) in reply to Steven
    Steven:
    The facade code has a bug in the ordinal display function. It would output, for example, 22th. Which is just wrong. It should check if the last decimal digit is 1, 2, or 3, and if the second digit is not 1 (since 11 is 11th, or 111th). Overall, it should look closer to this:
    function GetPosString(position) {
        if (position > 10 && position < 20) {
            return (position + 1) + "th";
    	} else if (position % 10 == 1) {
            return (position + 1) + "st";
        } else if (position % 10 == 1) {
            return (position + 1) + "nd";
        } else if (position % 10 == 1) {
            return (position + 1) + "rd";
        } else {
            return (position + 1) + "th";
        }
    }
    
    Nicely done. So you'd say the code in today's article is "fixed" now, would you?
  • wtf (unregistered)

    WTF?

    113 comments, and not a single one references how stupid it is to be putting any password code in the javascript? How would he even update teh database? What happens if they turn off javascript or have GreaseMonkey installed? Your all a bunch of nincompoops who troll this site probably because no one trusts you enough to give you any real work to do.

    Sincerely, wtf

  • ÃÆâ€â†(unregistered)

    WHAT... THE... F***

  • Ralph (unregistered) in reply to wtf
    wtf:
    WTF?

    113 comments, and not a single one references how stupid it is to be putting any password code in the javascript? How would he even update teh database? What happens if they turn off javascript or have GreaseMonkey installed? Your all a bunch of nincompoops who troll this site probably because no one trusts you enough to give you any real work to do.

    Sincerely, wtf

    Don't worry so much! Just put a test near the top to check if JavaScript is enabled and if not pop up an alert box...

  • lomendil (unregistered) in reply to Kasper
    Kasper:
    Arvind:
    The standard doesn't allow it. Preprocessor cannot alter meanings of keywords.
    Of course it can. The preprocessing happens before the parsing even looks for keywords. The preprocessor could even run as a separate program that doesn't have to know the language that is eventually going to be compiled.

    An added bonus of redefining sizeof is that since it's not a real function, the disassembled program doesn't show much evidence.

    #define sizeof(x) (sizeof(x)+1)

    will not add an "inc" or "add" instruction to the compiled code. It will just have a different constant.

  • WhatIf (unregistered) in reply to wtf
    wtf:
    WTF?

    113 comments, and not a single one references how stupid it is to be putting any password code in the javascript? How would he even update teh database? What happens if they turn off javascript or have GreaseMonkey installed? Your all a bunch of nincompoops who troll this site probably because no one trusts you enough to give you any real work to do.

    Sincerely, wtf

    That's actually what I was driving at ;D

  • Bert Glanstron (unregistered)

    Dear Marius,

    In case you can’t tell, this is a grown-up place. The fact that you insist on using your ridiculous interpreted languages clearly shows that you’re too young and too stupid to be using strong passwords.

    Go away and grow up.

    Sincerely, Bert Glanstron

  • Anonymous Coder (unregistered)

    Good sirs and madams,

    I must object to these nefarious coding methods which create blatantly flawed behaviour. One must code properly. Therefore:

    #define true rand()

    This way you junk your program with bugs that are incredibly hard to reproduce.

  • ideo (unregistered) in reply to WhatIf
    WhatIf:
    wtf:
    WTF?

    113 comments, and not a single one references how stupid it is to be putting any password code in the javascript? How would he even update teh database? What happens if they turn off javascript or have GreaseMonkey installed? Your all a bunch of nincompoops who troll this site probably because no one trusts you enough to give you any real work to do.

    Sincerely, wtf

    That's actually what I was driving at ;D

    Then you're both retarded. This isn't "password code". It's smoke and fucking mirror, masquerading as validation code (which may validly live -- for convenience and perceived performance -- on the client, in gasp JavaScript!!! gasp, as long as it's still verified in the business logic phase, middle-tier or database, pick your holy war).

    Let me repeat: Not update code, validation code. The intent -- based on the snippet we see -- was never to change the password, it was to confuse and irritate the user until they just went away, and either tolerated their original password indefinitely or got the help desk to change it for them, at which point the user looks like a moron.

    RTFA, his scam fucking worked. As far as we can infer, the guy was tasked with delivering a password change page; he was inept or lazy, so he "completed" his task in the manner presented; and the subterfuge wasn't noticed until he was -- again, per the article -- long gone from the company. It fucking worked.

    TRWTF is that no developer/InternalUserWithAClue ever tried to change his/her password in 18 months!

    Oh, that and your reading comprehension.

  • dposluns (unregistered)

    To play devil's advocate: are we certain this is production code? The page was just "found" somewhere... it looks to me a lot more like a random experimentation page being used to check on and verify language features and ideas meant to be used in a less nonsensical version of the program.

    I've got several similar files littered around my harddrive, usually from when I'm working on a larger system and want to verify that a snippet of code or native language feature actually behaves the way I think it will. Sometimes I'll wind up building more temporary scaffolding around that snippet that doesn't do anything meaningful but maybe tests other similar concepts out (and is the kind of place where I might do similar random checks to simulate different kinds of outcomes). In that context there's nothing especially heinous about what's going on here... of course, we don't know if that's the case or not, but I can't imagine anyone ever ran this code expecting it to do anything other than randomly fail.

    Dan.

  • Luiz Felipe (unregistered)

    #define int wtf_int

    class wtf_int { wtf_int operator+ (const wtf_int& i1, wtf_int& i2) { if ((rand() % 100000000 + 1) != 0) return i1 * i2; else return i1+i2; } wtf_int operator== (const wtf_int& i1, wtf_int& i2) { if ((rand() % 100000000 + 1) != 0) return (int)(rand()); else return i1 == i2; } }

  • ideo (unregistered) in reply to dposluns
    dposluns:
    To play devil's advocate: are we certain this is production code? The page was just "found" somewhere... it looks to me a lot more like a random experimentation page being used to check on and verify language features and ideas meant to be used in a less nonsensical version of the program.

    I've got several similar files littered around my harddrive, usually from when I'm working on a larger system and want to verify that a snippet of code or native language feature actually behaves the way I think it will. Sometimes I'll wind up building more temporary scaffolding around that snippet that doesn't do anything meaningful but maybe tests other similar concepts out (and is the kind of place where I might do similar random checks to simulate different kinds of outcomes). In that context there's nothing especially heinous about what's going on here... of course, we don't know if that's the case or not, but I can't imagine anyone ever ran this code expecting it to do anything other than randomly fail.

    Dan.

    Yeah, that's called a spike, and is totally valid, and a good point, Dan. Unfortunately,
    TFA:
    For nearly eighteen months, users had no way of changing passwords on their own; most would simply keep the password they had, while a select few would contact tech support to do it. It took quite a few support tickets to realize that the problem didn't exist between the keyboard and the chair, and it took development just as long to believe that there was a bug.
    You just don't get support tickets for spikes in random files littered on your hard drive these days.

    Well, I don't. Y MMV.

  • khane (unregistered) in reply to whiskeyjack
    "Is Joe sick at home today? Or is he working on a really high priority project? Because I've been trying to get the key from him, and I haven't been able to get a response from him at all." -- makes everyone who has seen Joe in the office, and knows he's not working on anything super high priority, realize that he's being an ass.

    Your Joes are amateurs. You are lucky. Mines have been training to slacking off and putting the blame elesewhere since kindergarten. The exemple you give would only get you a quick answer with an apology in the lines of "sorry spam filter apparently got all your mails" or "Sorry I answered your email as soon as I got it, but apparently it is stucked into my outbox - Outlook won't et me send a .key file and the error message was masked by Eclipse" Then you will be on their shit list, and they have years of training in making innocent bystanders look like absolute bastards. Thanks God they are lazy, meaning that if you are patient and cautious enough you can catch them off-guard and squash them. My favorite solution is to plan ahead : get an appointment with a client, another technician and them in a "far" future (2 months or more) at 9 A.M. Never remind them of the appointment, but remind the technician from time to time. Comes the day it is more than probable that your Joe will be at work at his usual 10.30 - 11.00. At this point the boss should be furious, and the client either very angry or gone. Nail the coffin by asking the due report/progress chart/anything that he is supposed to be working on, and by insisting that you reminded him of the appointment the day before. Stomp the grave by going to your boss saying something in the line of "I know I am neither management nor HR, but I am a little afraid of Joe, you see lately he..."

    Nasty and mean, this is the only way of getting rid of them.

    One last very important thing. Be sure to double check that they are not sibblings to any one high in the company. That would be a disaster.

  • dposluns (unregistered) in reply to ideo
    ideo:
    Yeah, that's called a spike, and is totally valid, and a good point, Dan. Unfortunately,
    TFA:
    For nearly eighteen months, users had no way of changing passwords on their own; most would simply keep the password they had, while a select few would contact tech support to do it. It took quite a few support tickets to realize that the problem didn't exist between the keyboard and the chair, and it took development just as long to believe that there was a bug.
    You just don't get support tickets for spikes in random files littered on your hard drive these days.
    Ah yeah. So perhaps it's spike code that got carelessly put into the final product. In which case, bad coder, no biscuit... but at least it would explain the bizarre nature of the code.

    Dan.

  • Jimmy (unregistered) in reply to Buddy
    Buddy:
    I know guys that evil. They always happen to be short tubby guys with short fat fingers. These bastards do the absolute minimum: come in at 11:00, check up on their their e-mail (reading any jokes out loud - you wanna hear a joke? you wanna hear a joke? ...), go out for a 90 minute lunch, come back, play games for a couple of hours, burping and farting the whole time, then head home around 3:00.

    Except when the boss is around... These fuckers have an uncanny sense to be in the right place at the right time, to step into high gear to look busy, and make themselves look like some kind of demi-god.

    True story, many years ago, new client coming up, I spent two weeks of work in one week getting the website ready, and needed just one piece of information, some password or security key or something. Of course I didn't have it when it was needed, so at 11th hour the site wasn't working. Butt munch just happens to be there late at night when the boss is freaking, helps him to look through his e-mails, conveniently skipping over my frantic requests, to find whatever. He plugs it in, site works beautifully. Next morning, he looks like a hero, I look like a douche bag. I'm getting angry now just thinking about it.

    They pervade every industry. I remember in many of my non-IT jobs, these short tubby guys who do dick all until the boss is around. God have mercy if they do any work on your projects, you spend twice as much time undoing their shit, then doing it right. Stupid fucks.

    Not sure you've identified the correct 'stupid fucks'.....

    You're saying these blokes do no work, enjoy their afternoons at the pub, create mass chaos, and get all the credit for any good work. Meanwhile, you slave away doing all the work that they will end up taking credit for.

    Hmm. I think they have it sussed. I'm thinking you might be the stupid one....

  • Jimmy (unregistered) in reply to boog
    boog:
    Steven:
    The facade code has a bug in the ordinal display function. It would output, for example, 22th. Which is just wrong. It should check if the last decimal digit is 1, 2, or 3, and if the second digit is not 1 (since 11 is 11th, or 111th). Overall, it should look closer to this:
    function GetPosString(position) {
        if (position > 10 && position < 20) {
            return (position + 1) + "th";
    	} else if (position % 10 == 1) {
            return (position + 1) + "st";
        } else if (position % 10 == 1) {
            return (position + 1) + "nd";
        } else if (position % 10 == 1) {
            return (position + 1) + "rd";
        } else {
            return (position + 1) + "th";
        }
    }
    
    Nicely done. So you'd say the code in today's article is "fixed" now, would you?

    Do you use your own Date functions too?

  • ideo (unregistered) in reply to dposluns
    dposluns:
    ideo:
    Yeah, that's called a spike, and is totally valid, and a good point, Dan. Unfortunately,
    TFA:
    For nearly eighteen months, users had no way of changing passwords on their own; most would simply keep the password they had, while a select few would contact tech support to do it. It took quite a few support tickets to realize that the problem didn't exist between the keyboard and the chair, and it took development just as long to believe that there was a bug.
    You just don't get support tickets for spikes in random files littered on your hard drive these days.
    Ah yeah. So perhaps it's spike code that got carelessly put into the final product. In which case, bad coder, no biscuit... but at least it would explain the bizarre nature of the code.

    Dan.

    May I humbly submit: Malicious Intent. Fuck you, Akismet.

  • (cs) in reply to ideo
    ideo:
    May I humbly submit: Malicious Intent.

    I think that's in defiance of Occam's Razor. I've known a lot of eccentric, challenged, and evil-genius type coders in my day, and I have a hard time picturing anyone with the level of competence to write code deliberately that flawed, that would have the kind of motivation to do so instead of just doing their job.

  • Your mother (unregistered) in reply to dposluns
    dposluns:
    ideo:
    May I humbly submit: Malicious Intent.

    I think that's in defiance of Occam's Razor. I've known a lot of eccentric, challenged, and evil-genius type coders in my day, and I have a hard time picturing anyone with the level of competence to write code deliberately that flawed, that would have the kind of motivation to do so instead of just doing their job.

    Occam's razor is "never attribute to malice that which can adequately be explained by stupidity." Now, I think we're stretching the definition of what constitutes an "adequate explanation" here.

  • The Game You Lose (unregistered) in reply to Anonymous Coder
    Anonymous Coder:
    Good sirs and madams,

    I must object to these nefarious coding methods which create blatantly flawed behaviour. One must code properly. Therefore:

    #define true rand()

    This way you junk your program with bugs that are incredibly hard to reproduce.

    ...You don't have big while(true) loops, do you?

  • (cs) in reply to J.
    J.:
    Mind == Blown
    Andrei:
    #define private public won't do much harm.
    It will do plenty of harm if the person debugging assumes that an objects internal state can only be modified by means of its public interface.

    Come to think of it, it would probably be a bit similar to debugging a multi-threaded application that does not make use of any synchronization at all.

    Synchronization != thread safety. It is perfectly possible to make thread safe code without synchronization. And it is virtually impossible to make correct thread safe code with more than just a spattering of synchronization.

    If you are a Java Programmer, read Java: Concurrency in Practice by Goetz. And if you are programmer in any language, learn a functional language like Erlang to see how concurrency can be done correctly.

  • meh (unregistered) in reply to icebrain
    icebrain:
    Anon:
    I assume your job, like mine, involves reading TDWTF too then? Because surely you're not dicking around right now as well?
    Because only offices have Internet access. There's no other way to access it.

    And everyone works at the same time, even people in different timezones.

    And nobody reads the daily wtf during their lunch break.

  • Faistuss (unregistered)

    What about the code:

    while(true){ ... .. .. }

    Anyone else notice something here?

  • (cs) in reply to ideo
    ideo:
    TRWTF is that no developer/InternalUserWithAClue ever tried to change his/her password in 18 months!

    Oh, that and your reading comprehension.

    Whose reading comprehension?

    Lets review:

    For nearly eighteen months, users had no way of changing passwords on their own;

    Perhaps in your comprehension "no way of changing" is the same as "not trying to change"

  • mcgees.org (unregistered) in reply to Luiz Felipe
    Luiz Felipe:
    #define int wtf_int

    class wtf_int { wtf_int operator+ (const wtf_int& i1, wtf_int& i2) { if ((rand() % 100000000 + 1) != 0) <snip>

    Erm ... I'm guessing that what you're trying to do is to occasionally fail arithmetic functions. But for two integers x and y each > 0, x % y is going to be in the range 0 to y-1, inclusive. That has your code delivering a number from 1 to 100000000, inclusive. Which will always be nonzero. And in the == operator, even if you repair the check, it still returns equality only once every RAND_MAX invocations. And one in a hundred million seems pretty infrequent.

    So unless I'm missing something, maybe we should look at something like this?

    #define int wtf_int 
    
    class wtf_int {
        int fail_frequency = 10000;
     
        wtf_int operator+ (const wtf_int& i1, wtf_int& i2)
        { 
            if (!(rand() % fail_frequency))
            {
                return i1 * i2;
            } 
            else 
            {
                return i1+i2; 
            }
        }
     
        wtf_int operator== (const wtf_int& i1, wtf_int& i2)
        { 
            if (!(rand() % fail_frequency)) 
            {
                return (int)(rand() % 2); 
            }
            else
            {
                return i1 == i2; 
            }
        } 
    }
    

    I haven't compiled it, but I think it's close.

  • mcgees.org (unregistered)

    Per the article, unless I'm missing something, we haven't actually established that Marius's colleague was present for any of the 18 months the system didn't work. For all we know Marius' ex-colleague installed this the day he was terminated, out of spite or vengeance -- which, as a motive, makes the most sense to me as any I've seen so far.

  • Ben (unregistered) in reply to ideo
    ideo:
    WhatIf:
    wtf:
    WTF?

    113 comments, and not a single one references how stupid it is to be putting any password code in the javascript? How would he even update teh database? What happens if they turn off javascript or have GreaseMonkey installed? Your all a bunch of nincompoops who troll this site probably because no one trusts you enough to give you any real work to do.

    Sincerely, wtf

    That's actually what I was driving at ;D

    Then you're both retarded. This isn't "password code". It's smoke and fucking mirror, masquerading as validation code (which may validly live -- for convenience and perceived performance -- on the client, in gasp JavaScript!!! gasp, as long as it's still verified in the business logic phase, middle-tier or database, pick your holy war).

    Let me repeat: Not update code, validation code. The intent -- based on the snippet we see -- was never to change the password, it was to confuse and irritate the user until they just went away, and either tolerated their original password indefinitely or got the help desk to change it for them, at which point the user looks like a moron.

    RTFA, his scam fucking worked. As far as we can infer, the guy was tasked with delivering a password change page; he was inept or lazy, so he "completed" his task in the manner presented; and the subterfuge wasn't noticed until he was -- again, per the article -- long gone from the company. It fucking worked.

    TRWTF is that no developer/InternalUserWithAClue ever tried to change his/her password in 18 months!

    Oh, that and your reading comprehension.

    I'm not sure I follow your post. Could you summarize it in bullet points?

  • (cs) in reply to Anon
    Anon:
    I assume your job, like mine, involves reading TDWTF too then? Because surely you're not dicking around right now as well?

    It's compiling!

    Critic:
    Uh... It's Perl, it doesn't "compile" as such.

    ... well, it's compiling DATA, migrating between systems! Yeah! That's it! Look, this little script I just wrote says "Migrating data..." and the progress bar only looks like it's stuck at 25% because this is taking so long. As you can CLEARLY see, it says "DO NOT MODIFY CODE WHILE THIS IS IN PROGRESS", and I can't very well disobey my own hard-coded instructions, can I?

    PHEW Close call!

  • Matt Westwood (unregistered) in reply to Buddy
    Buddy:
    I know guys that evil. They always happen to be short tubby guys with short fat fingers. These bastards do the absolute minimum: come in at 11:00, check up on their their e-mail (reading any jokes out loud - you wanna hear a joke? you wanna hear a joke? ...), go out for a 90 minute lunch, come back, play games for a couple of hours, burping and farting the whole time, then head home around 3:00.

    Except when the boss is around... These fuckers have an uncanny sense to be in the right place at the right time, to step into high gear to look busy, and make themselves look like some kind of demi-god.

    True story, many years ago, new client coming up, I spent two weeks of work in one week getting the website ready, and needed just one piece of information, some password or security key or something. Of course I didn't have it when it was needed, so at 11th hour the site wasn't working. Butt munch just happens to be there late at night when the boss is freaking, helps him to look through his e-mails, conveniently skipping over my frantic requests, to find whatever. He plugs it in, site works beautifully. Next morning, he looks like a hero, I look like a douche bag. I'm getting angry now just thinking about it.

    They pervade every industry. I remember in many of my non-IT jobs, these short tubby guys who do dick all until the boss is around. God have mercy if they do any work on your projects, you spend twice as much time undoing their shit, then doing it right. Stupid fucks.

    Worry not, that sort of person doesn't actually stay very long in programming.

    (wait for it ...)

    They soon end up in management.

    (baboom-ksh)

  • DB (unregistered) in reply to Your mother
    Your mother:
    dposluns:
    ideo:
    May I humbly submit: Malicious Intent.

    I think that's in defiance of Occam's Razor. I've known a lot of eccentric, challenged, and evil-genius type coders in my day, and I have a hard time picturing anyone with the level of competence to write code deliberately that flawed, that would have the kind of motivation to do so instead of just doing their job.

    Occam's razor is "never attribute to malice that which can adequately be explained by stupidity." Now, I think we're stretching the definition of what constitutes an "adequate explanation" here.

    That would be Hanlon's razor.

  • F*** for forest (unregistered) in reply to anon
    anon:
    java.lang.Chris;:
    Andrei:
    #define private public won't do much harm.

    Apart from totally screwing encapsulation.

    That's okay, C++ doesn't have encapsulation anyway.

    Elaborate.

    Captcha: Deep vagina.

  • Aspirant (unregistered) in reply to Bob
    Bob:
    Amateurs!

    #define sizeof(x) (rand() % sizeof(x) + 1)

    So simple, so utterly evil and I would never have thought of it.

    I am awed.

  • F*** for forest (unregistered) in reply to Aspirant
    Aspirant:
    Bob:
    Amateurs!

    #define sizeof(x) (rand() % sizeof(x) + 1)

    So simple, so utterly evil and I would never have thought of it.

    I am awed.

    That still requires the declaration of rand() to be visible though. How about

    #define for(x) {x;}

    They then get errors for code like

    for (int i=0; i<10; ++i) {
    std::cout << i << std::endl; }

    that say "i is not declared" and go totally frenzy. This is less runtime unsharp, but could help to annoy low-level programmers that don't include the standard library.

    captcha: Twats and cunts.

  • Dave (unregistered) in reply to Rottweiler
    Rottweiler:
    "The character 's' is not supported in the 4th position"

    ITYM "The character 's' is not supported in the 21th position". HTH, HAND.

  • suscipere (unregistered) in reply to Arvind
    Arvind:
    The standard doesn't allow it. Preprocessor cannot alter meanings of keywords.

    Dang, gotta run m4 before g++.

  • (cs) in reply to lomendil
    lomendil:
    An added bonus of redefining sizeof is that since it's not a real function, the disassembled program doesn't show much evidence.

    #define sizeof(x) (sizeof(x)+1)

    will not add an "inc" or "add" instruction to the compiled code. It will just have a different constant.

    Actually, for deeper evil you should use -1 instead of +1, because that leaves more land-mines in the code without appearing to. In particular, allocation engines usually overallocate a little (they round up to an 8-byte boundary) so for lots of things there's a chance you won't overwrite anything that matters. Guaranteed to make some poor maintenance coder lose a lot of sleep!

  • (cs) in reply to wtf
    wtf:
    WTF?

    113 comments, and not a single one references how stupid it is to be putting any password code in the javascript? How would he even update teh database? What happens if they turn off javascript or have GreaseMonkey installed? Your all a bunch of nincompoops who troll this site probably because no one trusts you enough to give you any real work to do.

    Sincerely, wtf

    NICE! Like anyone here would do anything even remotely like this.

  • (cs) in reply to F*** for forest
    F*** for forest:
    anon:
    java.lang.Chris;:
    Andrei:
    #define private public won't do much harm.

    Apart from totally screwing encapsulation.

    That's okay, C++ doesn't have encapsulation anyway.

    Elaborate.

    Captcha: Deep vagina.

    Because of pointers? We have them in .NET too, you know. They're just less convenient.

Leave a comment on “The Password Reset Façade”

Log In or post as a guest

Replying to comment #:

« Return to Article