• Bert (unregistered) in reply to J
    J:
    JimBastard:
    and let the CF bashing begin in 3...2...1..

    Y'know it's actually pretty good.

    Just sayin' is all...

    yep it is

  • Demosthenes (unregistered)

    A grammar WTF in a WTF:

    "Among its many WTF's, the app used a grand total of 1 database table..."

  • (cs) in reply to DiverKas
    DiverKas:
    URL variables are the devil spawn of noobs reading all the doom and gloom about session variables.

    See this all the time. Even Amazon for a brief time had the same problem, and I could see other users shopping carts. Amazing what some people read.

    Zilog.com's development tools ticket support system used to have that bug. You could go and look at other people's support cases and chime in. TRWTF was that I knew solutions/hacks to so many problems listed there that I could do a way better job than the outsourced drone(s) who handled customer support there. In fact, they fixed it since I started unceremoniously helping other people out ;)

    Cheers!

  • (cs) in reply to lolwtf
    lolwtf:
    I'd like one along the lines of "I <= 2.9 math". But with the 9 overlined.
    That doesn't work. 2.9 (9 overlined) = 2.99999... = 3

    So you attempt to be geeky replaces "I <3 math" with "I <=3 math"

    Which, I suppose, is "I got fucked by math". Given the skills you showed off in your post, I suppose that's accurate.

  • (cs)

    I fight similar battles with a non-profit that I volunteer with (thankfully, none this dramatic). Sometimes it's really difficult for them because money really is a problem.

    Whenever we see WTF's where management needs to spend $X but refuses to, it's generally assumed that the money is there, and management is simply penny-pinching. With a non-profit, often the reality is that there really is NO money. Which means they can't afford to hire anyone. Which means someone on the volunteer board says "Oh, I can do that" or "Oh, my sister's kid can do that."

    In my case, it's me, taking care of a website with my basic knowledge of PHP. My worst goof was a simple script that allowed someone less web-savvy to update a table. Unfortunately, someone MORE web-savvy could perform a PHP code injection. Oops. Thankfully nobody found it (?) but it was live for years before I fixed it.

    This extends to far more than just software. I am a firm believer in "if something's worth doing, it's worth doing well". I end up making a lot of charitable donations to this organization, because of conversations that go:

    Me: "We really need to do X. It will cost $x." Rest of board of directors: "We know that's ideal, but we don't have the money. Y will have to do, it's much cheaper." Me: "Y is just a short term solution and we all know if we do Y, then we will be forced to live with it and it may be years before we see X, if ever. We really need to do it properly the first time." Board: "Well, where are we going to get the money to do X? Are you going to pay for it?" Me: ".... yes!"

  • (cs) in reply to Smash King
    Smash King:
    Anonymous:
    You gotta love developers who think different variations of base 64 encoding inherently means better security.
    And you gotta love T0pCod3r (and his offspring)'s "innovative solutions" even more. Sometimes they provide more fun than the article itself.
    I've lost count of the number of WTFs (or, as we now call them, falling for trolls -- or, more simply put, Whoosh!) that this post implies.

    (1) The Base64 poster was not TopCod3r. The man has standards. Anonymisation is beneath him. (2) The Base64 poster was obviously being Whoosh! ... I'm sorry; I've forgotten what that means. (3) As noted above, the Base64 poster caught an alarmingly large number of feebs with ... now I can't even make the sound. Where the hell are my dentures? (4) Alex/Jake/The Volcano Who Was Miss France 2007 -- I'm just throwing her in because I was intrigued by the picture on the Metro and I'm gettin' tired of Upstate Noo Yawk Girl -- has already posted on the Base64(Base64(Base64(Add Salt to taste(X))) thing. Only without the salt.

    Yup, I'm losing count. Dang. Must remember that the Yakuza only require the pinky -- not the opposable thumb as well.

  • Brad (unregistered) in reply to Bert

    LOL. Too bad it's actually spelled "ColdFusion" (without the space).

  • (cs) in reply to Fnord
    Fnord:
    Jim:
    Wow, I'm shocked. Passing personally identifiable information in the querystring without any obfuscation is just plain stupid. Needless to say, when our shopping cart software confirms a sale and passes us the user's CC number in the querystring, we have the good sense to BASE64 encode it on the client first. It's hardly rocket science.
    You, sir, are a genius.

    Like flies to a bug zapper...

    Ok, so some people jumped in to bag this, not knowing that this site is constantly patrolled by trolls. Well, good on them for knowing that simple encodings are not secure, and good on them for adding that to the conversation so that those who think changing base would fix the wtf learn quickly.

    I come here to learn about other's mistakes so that I might one day avoid them myself. Oddly, trolls like this, offering purported solutions that really aren't, help the conversation here. The real pissants are the bogans who guffaw at how many fell for the troll. One day their uppances will come!

  • Jim (unregistered) in reply to Capt. Obvious
    Capt. Obvious:
    lolwtf:
    I'd like one along the lines of "I <= 2.9 math". But with the 9 overlined.
    That doesn't work. 2.9 (9 overlined) = 2.99999... = 3

    So you attempt to be geeky replaces "I <3 math" with "I <=3 math"

    Which, I suppose, is "I got fucked by math". Given the skills you showed off in your post, I suppose that's accurate.

    We have a WINNER!

  • (cs)

    I found exactly the same query-string problem in a web app I've taken over. Worst. Security. Ever.

  • WebHawk (unregistered)

    I<3.14159265

  • AAAAHHHHH! (unregistered) in reply to Mr.'; Drop Database --
    I'd like one that says "I ♡ Unicode"

    ~ROTFLMAO!

  • Somedude (unregistered) in reply to Brad
    Brad:
    LOL. Too bad it's actually spelled "ColdFusion" (without the space).

    It is now, but it used to be Cold Fusion. I think version 6 is where they changed the name. When you see someone calling it "Cold Fusion", they are usually either someone that knows little about the language more than having heard the name, or a serious old time CF coder that is probably looking for a .NET job now.

  • (cs) in reply to Somedude
    Somedude:
    Brad:
    LOL. Too bad it's actually spelled "ColdFusion" (without the space).
    It is now, but it used to be Cold Fusion. I think version 6 is where they changed the name. When you see someone calling it "Cold Fusion", they are usually either someone that knows little about the language more than having heard the name, or a serious old time CF coder that is probably looking for a .NET job now.
    Where's the obligatory cold fusion joke? Where, I ask?
  • IanE (unregistered) in reply to Demosthenes
    A grammar WTF in a WTF:

    "Among its many WTF's, the app used a grand total of 1 database table..."

    Are you harping on the apostrophe S after "WTF"? If so, you need to go do some learnin' to know that that's the proper way to pluralize an acronym. The rules for 'postrophies aren't all that simplistic.

    I jus' don' want any other Demosthenes' to make the same mistake.

  • Who Knows (unregistered)

    Stupid people with money: The cause of and solution to all of life's problems.

Leave a comment on “The Revealing Spreadsheet”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article