- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
... then they went for (presumably) some considerably higher-paid ones and still haven't got satisfaction. That smacks to me of severe management incompetence. They should have come to us and we'd have had done it in 3 months - and it would have been good.
Admin
But this is why more honest people (read: suckers like me) go down, because they aren't Machiavellian enough to think like this. (No aspersion intended.)
Admin
Admin
Life goes on... My Aunt married into a good family!
A lesson for all to remember.
Admin
It's not really "sent to the db" in plaintext either. The password is stored in plaintext in the DB. The select clause simply compares the SHA1 hash of the stored password against the SHA1 hash of the user input.
Admin
Admin
FTFY. (But any excuse that works for you is fine with me.)
CAPTCHA: genitus. Yes, even captcha knows me...
Admin
Rajesh, is that you?
Admin
Admin
No, not "considerably", but enough to be significant. You can get a good enough car (for UK purposes) for, say, £9000. By "good enough", bear in mind the main difference between the UK and the US. In the UK, 100 miles is a long way. In the US, 100 years is a long time.
Admin
Admin
Admin
My new meme for the day. Many Thanks.
Admin
I've had memes I could have replaced with very small managers.
Admin
I've explained this to many clients. Most get it, but one asked seriously, "Hmmm... What do I have to do to get all three?"
Admin
That's when you smile slyly because you know you have a logical illiterate on your hands, and if you play him like a particularly large and stupid fish you will (eventually) milk him for an avalanche of money.
No apology for the mixed metaphors, I wanted to enjoy myself.
Admin
And ... it's even worse ... they're using the mysql extension (really mysql is already extremely bad, but the one-query-max extension really shows how much of a joke a programmer can be).
Admin
Admin
On the contrary, you quite often get a lot less than you paid for.
Admin
Fish milk sounds delicious.
Admin
And nobody except the hackers noticed that the usernames and passwords in the database were not actually encrypted ? Right...
Admin
No it's not, not unless the connection to the database is encrypted; which I doubt. The password and username will be sent in their unhashed forms and then hashed at the server, there's no application side hashing going on.
It's a WTF on pretty much any level, all the way down to using string concatenation instead of parameters.
Admin
"Be sure . . . to drink . . . your . . . Ovaltine?"
A crummy commercial?
Son of a bitch.
Admin
Admin
If you so smart and have better top grade encryption plz be sending me teh codez.
Admin
Well, I'd consider adding a digit to the price of something to be in the category of "considerably more". Buying a car for, say, $4,000 instead of $40,000 is a big difference to me. Maybe to you $40,000 is almost as much as what you spend on lunch in a week.
Admin
A common scenario that has me crying goes like this:
Piggy: No, brick is too expensive and takes too long. Let's just build the house from straw.
Developer: But if you build your house from straw, the big bad wolf will come along and blow it down.
Piggy: No, there's no way a wolf could blow down a straw house. Straw houses are much stronger than brick. And besides, there are no wolves around here.
Developer: Umm, I really think that a big bad wolf could blow down a straw house fairly easily. And there have been numerous reports of wolves in this area.
Piggy: That's ridiculous. You're just trying to con me in to paying you a lot of money to build a brick house. While I'm not going to be fooled. I want a straw house, I tell you! It will be perfectly adequate!
Then the wolf blows down the house. Next conversation:
Piggy: Who could have known that that a wolf could blow down a strong house? Who could have predicted such a thing?
Developer: I'm sorry, but I tried to warn you about this.
Piggy: You! You're the one who told me that straw houses were stronger than brick! You lied to me!
Developer: What? I never said that! I said just the opposite!
Piggy: Oh, trying to escape responsibility for your mistakes, eh?
Admin
Admin
Developer: Good news, piggies! Development of your straw houses is going as planned, and should be about done at the end of this quarter.
Piggy 1: Hmm... straw houses. I was reading an article the other day about brick houses. Yes, I'm quite sure this is the way the industry is headed.
Developer: Yes, but you want to build this house in a region where there are no wolves, so straw will be fine. Remember? We had this discussion earlier this year, and you chose straw.
Piggy 2: True, but that was before we learned that our piggy competitors build their houses with brick. We don't want to seem outdated compared to them, do we?
Developer: But... there aren't any wolves. The other piggies are building their houses out of brick so that wolves can't blow their houses down-
Piggy 2: Right, so shouldn't we have the same protections?
Developer: No. For the third time, there aren't any wolves. Wolves can't survive in this climate. It doesn't make sense for us to spend extra money and time shipping in and using more expensive resources in order to solve a non-existent problem.
Piggy 1: Oh, we didn't say anything about extending the budget or timeline.
Developer: You're... you're kidding, right?
Piggy 3: Waah! Waah! I want brick! If you don't build the house out of brick, I'll sue you!
Piggy 1: Now now, calm down Henderson. Nobody's suing anybody. Our developer friend was just agreeing that brick was the best choice, weren't you Mr. Developer Guy?
Developer: I... but we're almost done... we'd have to start over...
Piggy 1: I'm sure you can make it work.
Developer: But...
Piggy 1: Thanks, you're a real hero.
Piggy 2: We'll check back with you in six weeks.
Piggy 3: Yeah, it better be done by then. Or else!
Admin
Admin
Admin
Admin
Nice.
Admin
BAH! Pish-posh! An anomalous example here and there does not constitute proof. Right-Shoring RULES!!
Admin
Piggy 4: Hey, let's also make it so the user can make any shape of house out of whatever they want!
Piggy 1: But they told us they want a straw house. We asked the questions, and here are the answers. Straw house please.
Piggy 4: Hmmm. I'll give you a "house framework" and build a straw house using that.
....time passes.
"House" delivery consists of a giant pile of straw, wood, bricks, plastic, silly putty and dried cow dung. The client is told to refer to the building instructions (AKA TFM) if they actually want something they can live in.
Admin
My guess would be: an unsuccessful attempt to break into the system may inform the attacker that a particular username is valid? Then it would merely be a case of cracking the password?
My understanding is that a failed login attempt should not provide to the attacker any information about the nature of the system being attacked. So letting the attacker know that he's succeeded in guessing a username is therefore, as suggested, "suboptimal".
I'd put it more strongly than that.
Admin
... or even:
Piggy 5: Even better idea. We don't know what the user wants to build the house out of, so what we will provide is a map to the various sites from which the various raw materials can be sourced. And what's more - we won't charge!
Admin
Or as they say in India, "Fast, Cheap, and Good: Pick cheap, we don't do the other two."
Admin
It's not worth it. I have replaced a manager with a small shell script. What happened? Did the waste of space and salary get fired? No, he carved out a niche for himself asking for meaningless status reports and reporting incorrect information to his boss, copying data from one doc to another to violate DRY/SSOT, and creating work for others. I went from having a manager who could be replaced by a shell script to a manager who had way too much time and nothing of value to do, and unfortunately the devil makes work for idle managers.
Admin
I replaced three co-workers with a short Fortran program once. That felt good.
Admin
[http://www.google.com/#q=encryption|encryption]
Admin
How do you add a link to a comment here?
Admin
Admin
Admin
Admin
I'm not contracting now, but my last contract job was so very bad, that I actually kept an evidence file and complaint outline up to date until the job was done (which was when I manipulated them into triggering my escape clause).
Admin
I'm curious. Why aren't you practicing law instead of managing IT?
Admin
Just a matter of pride, I guess! I would have done the same, or charged the six figure for them. "Just so they would learn"
Admin
I need to express my creativity, and while legal writing and trial practice do involve creativity, I need to create more than just arguments. Creating object models and letting my systems' behavior sort of emerge from my objects' interactions with each other gets me high.
Finally, I've been hired to replace the CTO at my company when he retires or has a nasty accident. I have stock options, an office in the corporate HQ, a continental supply chain running on my code, and a shitload of clout.
I wouldn't trade it for anything.
The law degree helped get me this position; I was hired by the CTO and the CEO, both of whom were impressed by the doctorate degree. About half of all legal laureates do not ever practice law. Maybe they only got their degrees to please their parents, like me.