• mystery (unregistered)

    Sorry.

  • Graham (unregistered)

    The Daily WTF has it's own WTF! Just setting the background to black to blank out sensitive details just doesn't work. If you select the text the full email address is revealed. I suppose though this is on a public page on the original site so not really a secret.

  • Knux2 (unregistered)

    Maybe they name web servers after their favorite board games? Maybe "SETTLERSOFCATAN" is their SQL Server.

    (In other news - typo: "Alex Hobson certainly does know where to look")

  • Lee K-T (unregistered)

    That's exactly why I never comment my code...

  • (cs)

    I'm no web programmer, but I assume the second comment implies the cgi and perl scripts are emitting hardcoded html.

  • averageJon (unregistered)

    "Alex Hobson certainly does not where to look"

    I not that there is a typo above, but I do not not where it is.

  • Patrick (unregistered) in reply to frits
    frits:
    I'm no web programmer, but I assume the second comment implies the cgi and perl scripts are emitting hardcoded html.

    Not only that but they are probably using fixed string parsing to interpret the source HTML while it is being emitted.

    Grep sed and awk are powerful tools thanks to regular expressions, but they can be abused and tortured beyond all recognition.

    The same goes for Perl.

    (try 1)

  • SR (unregistered) in reply to Knux2
    Knux2:
    Maybe they name web servers after their favorite board games? Maybe "SETTLERSOFCATAN" is their SQL Server.

    (In other news - typo: "Alex Hobson certainly does know where to look")

    I'd name them all after Risk (risk1, risk2, etc.)

  • Neville Flynn (unregistered)

    Let's contact J. Roberts to get more information on how it's implemented.

  • ThomasP (unregistered) in reply to SR

    RiskStarWars, RiskLordOfTheRings, RiskSpongeBob, etc.

  • Jim (unregistered)

    How about the very end of the page where this is found:

    <!-- Crazy egg 2009--> 
    <script type="text/javascript" src="http://cetrk.com/pages/scripts/0009/9066.js"></script> 

    which links to a file that says:

    //
    
  • (cs)

    Ok, I have to ask... who looks at page source code for no reason? Is there someone out there who enjoys this?

    Seriously, who are you people?

  • Marco (unregistered)

    I found this in the thedailywtf.com's source:

    jroberts

    Looks like a real WTF to me ;)

  • Anomynous Coward (unregistered) in reply to DOA

    Seriously, who are you people?

    I often look at source code for websites that aren't behaving as they should, to try and find out what is breaking and if I can get around it. In this case, the entire codebase sounds about as well-engineered and reliable as a house of cards made out of different-sized cards, so I'm sure if I had to interact with it for any length of time I'd end up viewing source as well.

  • Chris Haas (unregistered) in reply to DOA

    DOA, I'm one of those dorks. The page gets flagged as 100% valid HTML which is very rare so when I see that I just have to take a look.

  • TheAnonCoward (unregistered)

    TRWTF is thinking the failed redaction of the e-mail address is a WTF. I, for one, think it was a calculated move done on purpose.

    Then again, I may be having FAR too much faith in people.

  • Stephen (unregistered) in reply to Graham

    Yeah, I had a good laugh at that. I'm sure it's probably intentional though, given the article!

  • (cs) in reply to frits
    frits:
    I'm no web programmer, but I assume the second comment implies the cgi and perl scripts are emitting hardcoded html.
    On the contrary, the perl script is probably emitting the "soft-coded" contents of /cgi-pub/course/newgetcourse_header.txt
  • Knux2 (unregistered) in reply to Marco
    Marco:
    I found this in the thedailywtf.com's source:
    jroberts
    Looks like a real WTF to me ;)

    That's how I always encrypt my personal information!

    VISA: 4687943124687
    Social Security Number: 123-45-6789 AHHH!!! NO! Go away.

  • (cs)

    The Sorry Server is a Canadian fork of Apache. It replaces all client-side errors with 500 codes, and modifies outgoing content by injecting the letter "u", and rearranging "er" into "re".

    We're still working on the ModEh patch. Sorry.

  • Mike D. (unregistered) in reply to Jim
    Jim:
    How about the very end of the page where this is found:
    <!-- Crazy egg 2009--> 
    <script type="text/javascript" src="http://cetrk.com/pages/scripts/0009/9066.js"></script> 

    which links to a file that says:

    //
    

    Oh, that;'s the fixed version, so you should be fine. The previous one had a bug in it:

    // FIXME
    
  • Mike D. (unregistered) in reply to Marco
    Marco:
    I found this in the thedailywtf.com's source:
    jroberts
    Looks like a real WTF to me ;)
    Yeah, there should be a semicolon after "black".
  • alphabit (unregistered)

    The sorry server probably requests that page periodically to make sure everything is OK. Any changes to the particular string they are checking (title) would cause the sorry server to step in, intercepting requests and replying with a "sorry slug" or something.

  • Fenris (unregistered)

    A website that has

    <!-- *snipped* a bunch of JavaScript that Google told us to put in. Seemed pretty pointless and caused an error. We don't need no stinking JavaScript. --> <!-- span style="font-size:90%;"> <b>Non-WTF Job:</b> <a href="http://jobs.thedailywtf.com/listing.aspx?JobId=1001480">C++ Developer at Good Grievance</a> (Ronkonkoma, NY) </span -->

    and

    <!-- <a href="http://ru.thedailywtf.com"><img src="/Resources/Images/countries/ru.png" alt="Русский Вариант" height="11" width="16" border="0" style="border:solid 1px #CCC" /></a> -->

    Shouldn't be making fun of other people leaving comments in their html.

    lastly

    /* WTF would TDWTF be without a hack like this? / if (document.getElementById && document.getElementById('MainContent') && document.getElementById('MainContent').style && document.getElementById('CommonSidebar') && document.getElementById('CommonSidebar').offsetHeight) { / since there is no "good way" to have a "liquid" and a "stretchy" column without tables(*), I'll use this bit of hackery. It usually doesn't work in FireFox (since offsetHeight isn't known until rendering is done), but it tends to work OK in everything else most of the time and doesn't create a "jumpy" effect */ document.getElementById('MainContent').style.minHeight = document.getElementById('CommonSidebar').offsetHeight;

            //* If there is a good way, let me know and I'll mail you a couple
            //  WTF Stickers!
        }
    
  • Anon (unregistered)

    A "Sorry Server" is just a backup node/VIP for your primary node/VIP if it fails a content check. We used it to provide a "Sorry, we're undergoing maintenance" page if the main site was unreachable for various reasons.

  • me_again (unregistered)

    I certainly does not where to comment.

    To those leet hackers that are finding the 'redacted' email address, is this your first visit here?

    And DeVry.edu is full of all types of these if you have the time to poke around.

  • Anonymous (unregistered) in reply to Graham
    Graham:
    The Daily WTF has it's own WTF! Just setting the background to black to blank out sensitive details just doesn't work. If you select the text the full email address is revealed.
    It's a running joke that you fell for hard. There is no need to redact what is publicly visible (eg. HTML for a public website) so Alex does the foreground trick just to troll people like you. Thanks for playing.
  • Anonymous Coward (unregistered) in reply to Knux2

    I need the Expiration date for that Visa card. Plz?

  • Gwillem (unregistered)

    "Sorry server" is a term also used by certain Linux IPVS (load distribution) daemons. If the health check fails to match a page with a specific pattern, it will remove that particular server from the pool and, if none are left, will send all traffic to the sorry server.

  • hacksaw jim duggan (unregistered)

    Is the word "Univeristy" like a UUID or something?

  • Marc B (unregistered) in reply to Neville Flynn
    Neville Flynn:
    Let's contact J. Roberts to get more information on how it's implemented.

    How in the world are we going to do that when his e-mail address had been redacted?

  • ClaudeSuck.de (unregistered)

    Better serv than sorry

  • ClaudeSuck.de (unregistered)
    <!-- important!/ if you make changes to this comment you must copy and repaste the left nav...
  • The Old Pretender (unregistered)

    You're sure that this is not a Jacobite institution that tries to fight grade inflation by limiting As?

    Captcha: caecus, what you think your users are blind?

  • Rev. Johnny Healey (unregistered)

    I once had a coworker who put html comments in her php code, but she didn't understand html enough to use the right comment tags. She used "<!**" instead of "<!--".

    Firefox was forgiving enough to figure out what she was trying to do when it rendered the page for the screen. But then someone tried printing the page out and all of the comments ended up mixed in with the text.

  • (cs) in reply to Graham
    Graham:
    The Daily WTF has it's own WTF! Just setting the background to black to blank out sensitive details just doesn't work. If you select the text the full email address is revealed. I suppose though this is on a public page on the original site so not really a secret.
    Do you honestly think this was NOT done on purpose? O_o
  • (cs)

    Comments about comments... I should rest now.

  • TheAnonCoward (unregistered)

    TRWTF is the number of people being had by the obvious troll. Purposeful failed redaction is purposeful.

  • Anonymous (unregistered)

    /* WTF would TDWTF be without a hack like this? */

  • Knux2 (unregistered) in reply to Anonymous Coward

    I just typed random digits. Sorry.

  • Mister Zimbu (unregistered) in reply to Fenris
    Fenris:
    lastly

    /* WTF would TDWTF be without a hack like this? / if (document.getElementById && document.getElementById('MainContent') && document.getElementById('MainContent').style && document.getElementById('CommonSidebar') && document.getElementById('CommonSidebar').offsetHeight) { / since there is no "good way" to have a "liquid" and a "stretchy" column without tables(*), I'll use this bit of hackery. It usually doesn't work in FireFox (since offsetHeight isn't known until rendering is done), but it tends to work OK in everything else most of the time and doesn't create a "jumpy" effect */ document.getElementById('MainContent').style.minHeight = document.getElementById('CommonSidebar').offsetHeight;

            //* If there is a good way, let me know and I'll mail you a couple
            //  WTF Stickers!
        }
    

    To be fair, that last comment is pretty accurate.

  • ████████ (unregistered) in reply to Graham
    Graham:
    The Daily WTF has its own WTF! Just setting the background to black to blank out sensitive details just doesn't work. If you select the text the full email address is revealed.
    Redaction at its finest; right up there with black rectangles in PDFs and undo logs in Word documents.
    I suppose though this is on a public page on the original site so not really a secret.
    Yes, there is that…
  • Anonymous (unregistered) in reply to ████████
    ████████:
    Graham:
    The Daily WTF has its own WTF! Just setting the background to black to blank out sensitive details just doesn't work. If you select the text the full email address is revealed.
    Redaction at its finest; right up there with black rectangles in PDFs and undo logs in Word documents.
    I suppose though this is on a public page on the original site so not really a secret.
    Yes, there is that…
    How are people still falling for the fake redaction joke after it's been explained ten times over in the comments? You all need to █████ and maybe you should consider ████████ before you ████.
  • Anonymously Yours (unregistered) in reply to DOA
    DOA:
    Ok, I have to ask... who looks at page source code for no reason? Is there someone out there who enjoys this?

    Seriously, who are you people?

    I found a blank page on their site. The only thing in the source was the following comment:

    <!-- Croatoan -->
  • Max (unregistered)

    Yeah, that's pretty sad.

    In other news, you can see the full email address by highlighting the blacked-out part in your browser-- not exactly the best way to preserve confidentiality.

  • blah (unregistered)

    HTTP 506 I'm Sorry

  • (cs) in reply to Knux2
    Knux2:
    VISA: 4687943124687

    That fails Luhn. Did you mean: 4687943124685?

    It also has the wrong number of digits, but that's another story...

  • blah (unregistered) in reply to Max
    <!--<BLOCKQUOTE class="Quote"><div><i class="icon-quote"></i> <strong>Max:</strong></div><div>Yeah, that's pretty sad. In other news, you can see the full email address by highlighting the blacked-out part in your browser-- not exactly the best way to preserve confidentiality. </div></BLOCKQUOTE>-->

    There. Fixed it for you.

  • Mike (unregistered) in reply to Marco
    Marco:
    I found this in the thedailywtf.com's source:
    jroberts
    Looks like a real WTF to me ;)

    This is the kind of trash you get when you edit your webpages in Frontpage.

  • (cs)

    Have a look at the 4th & 3rd from last lines on the main page:

    <!-- Crazy egg 2009--> <script type="text/javascript" src="http://cetrk.com/pages/scripts/0009/9066.js"></script>
    going to the source of the .js:
    //
    Um.... I think it's time to re-review their site for legacy scripts.

Leave a comment on “The Sorry Server”

Log In or post as a guest

Replying to comment #:

« Return to Article