- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
The code apparently runs inline, that is to say, as the script loads, it executes a thread-blocking browser prompt dialog, which allows you to type a value and click Ok or Cancel. If you click Cancel, it returns null.
The lazy||evil bastard couldn't even be bothered to put an input field and a button on the page, to let the user drive the insanity.
Therefore, the only way to break out of the never-ending cycle of thread-blocking (to wit: preventing you from closing your browser or accessing its chrome) alert() and confirm() calls IS to click cancel on the confirm, because ""!=null. At which point, the page becomes simply dead.
We can't tell from the post, but presumably the original "programmer" was dickish enough to not even bother putting anything else on the page, so once you canceled, and read his parthean missive, you were left with a blank white page.
I prefer to visualize it that way, anyhow.
Cheers!
Admin
Admin
Admin
So... What if somebody download the HTML page, points to the correct web address, and changes their password? For that matter, what happens if you run around changing random peoples passwords?
Actually, that could be fun. Does the company have a directory of employees, and do they use their own software?
Admin
But how do you really feel?
Admin
Eliza? Is that you?
Captcha: abbas. They were OK, but Air Supply was better.
Admin
"Your a Moran™".
Admin
else if (password.length < 7) alert("Password must be longer than " + (password.length + 1) + " characters")Awesome! I am totally going to use this pattern for irritating the crap out of my users one day.Admin
You, my friend, are the spawn of Satan. Please don't ever apply at my company.
Admin
My own workplace is somewhat more lax than it could be, and not everything gets code reviewed, but I am fairly confident that it wouldn't take too long to discover crap like this. (personally, upon seeing this I would svn blame that file and immediately storm to the desk of whoever's username came up).
Mistakes are one thing, but this is obviously malicious. Can someone explain to me (this is a serious question) how a business environment can be so dysfunctional that it permits this sort of thing to happen?
Admin
Still a WTF, of course, but I could see it happening...
Admin
The facade code has a bug in the ordinal display function. It would output, for example, 22th. Which is just wrong. It should check if the last decimal digit is 1, 2, or 3, and if the second digit is not 1 (since 11 is 11th, or 111th). Overall, it should look closer to this:
function GetPosString(position) { if (position > 10 && position < 20) { return (position + 1) + "th"; } else if (position % 10 == 1) { return (position + 1) + "st"; } else if (position % 10 == 1) { return (position + 1) + "nd"; } else if (position % 10 == 1) { return (position + 1) + "rd"; } else { return (position + 1) + "th"; } }Admin
Admin
WTF?
113 comments, and not a single one references how stupid it is to be putting any password code in the javascript? How would he even update teh database? What happens if they turn off javascript or have GreaseMonkey installed? Your all a bunch of nincompoops who troll this site probably because no one trusts you enough to give you any real work to do.
Sincerely, wtf
Admin
WHAT... THE... F***
Admin
Admin
An added bonus of redefining sizeof is that since it's not a real function, the disassembled program doesn't show much evidence.
#define sizeof(x) (sizeof(x)+1)
will not add an "inc" or "add" instruction to the compiled code. It will just have a different constant.
Admin
That's actually what I was driving at ;D
Admin
Dear Marius,
In case you can’t tell, this is a grown-up place. The fact that you insist on using your ridiculous interpreted languages clearly shows that you’re too young and too stupid to be using strong passwords.
Go away and grow up.
Sincerely, Bert Glanstron
Admin
Good sirs and madams,
I must object to these nefarious coding methods which create blatantly flawed behaviour. One must code properly. Therefore:
#define true rand()
This way you junk your program with bugs that are incredibly hard to reproduce.
Admin
Let me repeat: Not update code, validation code. The intent -- based on the snippet we see -- was never to change the password, it was to confuse and irritate the user until they just went away, and either tolerated their original password indefinitely or got the help desk to change it for them, at which point the user looks like a moron.
RTFA, his scam fucking worked. As far as we can infer, the guy was tasked with delivering a password change page; he was inept or lazy, so he "completed" his task in the manner presented; and the subterfuge wasn't noticed until he was -- again, per the article -- long gone from the company. It fucking worked.
TRWTF is that no developer/InternalUserWithAClue ever tried to change his/her password in 18 months!
Oh, that and your reading comprehension.
Admin
To play devil's advocate: are we certain this is production code? The page was just "found" somewhere... it looks to me a lot more like a random experimentation page being used to check on and verify language features and ideas meant to be used in a less nonsensical version of the program.
I've got several similar files littered around my harddrive, usually from when I'm working on a larger system and want to verify that a snippet of code or native language feature actually behaves the way I think it will. Sometimes I'll wind up building more temporary scaffolding around that snippet that doesn't do anything meaningful but maybe tests other similar concepts out (and is the kind of place where I might do similar random checks to simulate different kinds of outcomes). In that context there's nothing especially heinous about what's going on here... of course, we don't know if that's the case or not, but I can't imagine anyone ever ran this code expecting it to do anything other than randomly fail.
Dan.
Admin
#define int wtf_int
class wtf_int { wtf_int operator+ (const wtf_int& i1, wtf_int& i2) { if ((rand() % 100000000 + 1) != 0) return i1 * i2; else return i1+i2; } wtf_int operator== (const wtf_int& i1, wtf_int& i2) { if ((rand() % 100000000 + 1) != 0) return (int)(rand()); else return i1 == i2; } }
Admin
Well, I don't. Y MMV.
Admin
Your Joes are amateurs. You are lucky. Mines have been training to slacking off and putting the blame elesewhere since kindergarten. The exemple you give would only get you a quick answer with an apology in the lines of "sorry spam filter apparently got all your mails" or "Sorry I answered your email as soon as I got it, but apparently it is stucked into my outbox - Outlook won't et me send a .key file and the error message was masked by Eclipse" Then you will be on their shit list, and they have years of training in making innocent bystanders look like absolute bastards. Thanks God they are lazy, meaning that if you are patient and cautious enough you can catch them off-guard and squash them. My favorite solution is to plan ahead : get an appointment with a client, another technician and them in a "far" future (2 months or more) at 9 A.M. Never remind them of the appointment, but remind the technician from time to time. Comes the day it is more than probable that your Joe will be at work at his usual 10.30 - 11.00. At this point the boss should be furious, and the client either very angry or gone. Nail the coffin by asking the due report/progress chart/anything that he is supposed to be working on, and by insisting that you reminded him of the appointment the day before. Stomp the grave by going to your boss saying something in the line of "I know I am neither management nor HR, but I am a little afraid of Joe, you see lately he..."
Nasty and mean, this is the only way of getting rid of them.
One last very important thing. Be sure to double check that they are not sibblings to any one high in the company. That would be a disaster.
Admin
Dan.
Admin
Not sure you've identified the correct 'stupid fucks'.....
You're saying these blokes do no work, enjoy their afternoons at the pub, create mass chaos, and get all the credit for any good work. Meanwhile, you slave away doing all the work that they will end up taking credit for.
Hmm. I think they have it sussed. I'm thinking you might be the stupid one....
Admin
Do you use your own Date functions too?
Admin
Admin
I think that's in defiance of Occam's Razor. I've known a lot of eccentric, challenged, and evil-genius type coders in my day, and I have a hard time picturing anyone with the level of competence to write code deliberately that flawed, that would have the kind of motivation to do so instead of just doing their job.
Admin
Admin
Admin
Synchronization != thread safety. It is perfectly possible to make thread safe code without synchronization. And it is virtually impossible to make correct thread safe code with more than just a spattering of synchronization.
If you are a Java Programmer, read Java: Concurrency in Practice by Goetz. And if you are programmer in any language, learn a functional language like Erlang to see how concurrency can be done correctly.
Admin
And nobody reads the daily wtf during their lunch break.
Admin
What about the code:
while(true){ ... .. .. }
Anyone else notice something here?
Admin
Whose reading comprehension?
Lets review:
Perhaps in your comprehension "no way of changing" is the same as "not trying to change"
Admin
Erm ... I'm guessing that what you're trying to do is to occasionally fail arithmetic functions. But for two integers x and y each > 0, x % y is going to be in the range 0 to y-1, inclusive. That has your code delivering a number from 1 to 100000000, inclusive. Which will always be nonzero. And in the == operator, even if you repair the check, it still returns equality only once every RAND_MAX invocations. And one in a hundred million seems pretty infrequent.
So unless I'm missing something, maybe we should look at something like this?
#define int wtf_int class wtf_int { int fail_frequency = 10000; wtf_int operator+ (const wtf_int& i1, wtf_int& i2) { if (!(rand() % fail_frequency)) { return i1 * i2; } else { return i1+i2; } } wtf_int operator== (const wtf_int& i1, wtf_int& i2) { if (!(rand() % fail_frequency)) { return (int)(rand() % 2); } else { return i1 == i2; } } }I haven't compiled it, but I think it's close.
Admin
Per the article, unless I'm missing something, we haven't actually established that Marius's colleague was present for any of the 18 months the system didn't work. For all we know Marius' ex-colleague installed this the day he was terminated, out of spite or vengeance -- which, as a motive, makes the most sense to me as any I've seen so far.
Admin
I'm not sure I follow your post. Could you summarize it in bullet points?
Admin
It's compiling!
... well, it's compiling DATA, migrating between systems! Yeah! That's it! Look, this little script I just wrote says "Migrating data..." and the progress bar only looks like it's stuck at 25% because this is taking so long. As you can CLEARLY see, it says "DO NOT MODIFY CODE WHILE THIS IS IN PROGRESS", and I can't very well disobey my own hard-coded instructions, can I?
PHEW Close call!
Admin
Worry not, that sort of person doesn't actually stay very long in programming.
(wait for it ...)
They soon end up in management.
(baboom-ksh)
Admin
That would be Hanlon's razor.
Admin
Elaborate.
Captcha: Deep vagina.
Admin
So simple, so utterly evil and I would never have thought of it.
I am awed.
Admin
That still requires the declaration of rand() to be visible though. How about
#define for(x) {x;}
They then get errors for code like
for (int i=0; i<10; ++i) {
std::cout << i << std::endl; }
that say "i is not declared" and go totally frenzy. This is less runtime unsharp, but could help to annoy low-level programmers that don't include the standard library.
captcha: Twats and cunts.
Admin
ITYM "The character 's' is not supported in the 21th position". HTH, HAND.
Admin
Dang, gotta run m4 before g++.
Admin
Admin
Admin