• W (unregistered)


    There, the frist time for this string.

  • someone (unregistered)

    Let me guess: TRWTF is PHP, right?

  • Hfygt (unregistered)

    I am already using that as my production DB password since like years ago.

  • (nodebb) in reply to someone

    Yes PHP is ALWAYS the WTF, but this code WTF can be created in any language by the same programmer.

  • P.B. Floyd (unregistered)

    One time I had a collision with an IUD. Man was that painful.

  • Ano (unregistered)

    So basically the original programmer misunderstood the UUID abbreviation, and thought (s)he'd make themselves a (perhaps the?) Universally Unique IDjit?

  • Vault_Dweller (unregistered) in reply to P.B. Floyd

    You can be lucky it wasn't an IED

  • RichP (unregistered)

    Writing things to spec is directly related to programming.

  • Anonymous') OR 1=1; DROP TABLE wtf; -- (unregistered)

    I do recommend reading RFCs for fun during the first week of every April.

  • PHPCoder (unregistered)

    If one is running php on IIS, there's always trim(com_create_guid(), '{}');

  • Sole Purpose of Visit (unregistered)

    The ability to read a "Request for Comment" is not, I would submit, any more or less a useful skill than the ability to read a specification of any kind whatsoever. The things vary in quality and not-being-supercededness quite dramatically. And, mostly, the important skill in re RFCs is to know which libraries do interoperability based upon a particular combination of RFCs right, and which do not. So, unless you're in the business of frameworks and libraries, who really cares?

    The ability to shun and despise PHP, however ... that is a valuable ability. In this case, as in so many others.

  • Axel (unregistered)

    What's an RFC? Request for change? Resolution Finance Company? What?

    Seriously, what the f--- is RFC?

  • (nodebb)

    The UUID RFC (4122) is a good one to practice your RFC-reading on, since - as the errata show - it's ambiguous and contains a lot of self-contradictory statements that arise from getting confused about which end of the bit pattern is which.

  • (nodebb) in reply to Axel

    The RFC series is the closest thing the Internet has to legislation.


  • Axel (unregistered)

    It took some poking and clicking, but TIL that RFC does indeed stand for Request For Comments. It seems many (perhaps all?) Internet protocol standards were originally published as RFCs, apparently with an open-ended comment window, because the "RFC" prefix remains, even on very mature standards. Hence my confusion.

  • Andrew Cooper (google) in reply to Axel

    RFC = Request For Comments RFCs are the documents that specify pretty much all of the open standards and protocols that the Internet is built on, from the structure of domain names and UUIDs to IPv4, IPv6, TCP, HTTP, SMTP, and all the rest.

  • (nodebb)

    If you desire to read RFCs, make sure you get ahold of those dated April 1. Very enlightening!

  • (nodebb)

    RFC1 is worth reading for its historical significance. Apparently it was written in a bathroom.

  • (nodebb)

    I'm a little puzzled here. If the hash input contains the number of seconds since epoch, and a random number from 0 to that number, then hash collisions should be pretty unlikely, unless the number of hashes generated per second is in the thousands at least (birthday problem on approximately a 31-bit outcome space). Which might be the case, I suppose, but doesn't seem likely.

  • J (unregistered) in reply to Scarlet_Manuka

    The random number was not cryptographically secure, so, combined with a possibly strange timestamp (maybe just using month-day-year instead of full seconds) can cause collisions. Also, if you use the timestamp in certain ways there can be collisions as well. If you use a bad random number generator, you can get all sorts of collisions in UUIDs.

  • dexen deVries (unregistered) in reply to Scarlet_Manuka

    The UUIDs were used for secondary IDs of various objects held in DB. Certain scripts created multiple objects at once. Between the objects being created with the same time(), and PHP's rand() function being rather low-quality, UUID collisions were somewhat common.

    TRWTF was uuid column not even indexed UNIQUE, so not exactly real identifiers.

  • Anon (unregistered)

    One place I worked at had a UUID generator that used the server name for the first 8 characters, essentially turning a 32 character UUID into a 24 one.

  • Not IETF (unregistered) in reply to Axel

    There is a process to elevate RFCs to standards, but they are still mostly referenced by their RFC number, and not their STD number. Read about it in Wikipedia's Internet Standard article.

    Part of the issue is that IETF have no real power over the different vendors implementing standards. They can only say that they consider an RFC to be good enough to be called a standard, but not force anyone to follow them.

  • (nodebb) in reply to Andrew Cooper

    Good to know. I always believed RFC was something along Reality Functionality Collider.

  • Axel (unregistered) in reply to Not IETF

    Thanks to all of you who answered me. "Not IETF" made the comment that they (IETF) "have no real power," which got me to thinking. Who, other than governmental authority, does have the power to push a standard? Yet organizations like the IEEE creates hardware standards that are, for the most part, pretty widely followed. So is this really a distinction without a difference? Or is it that software is so much more flexible than hardware as to make a fixed standard just plain unrealistic? "We'll keep is as an RFC until no more comments are forthcoming." As in, "forever."

    I'm just a hardware guy who visits this site to try to stay current with what my software colleagues are dealing with. Thanks again, everyone.

  • (nodebb) in reply to Axel

    No-one enforces RFCs except to the extent that - since they generally cover communications protocols - there's little point in noncompliance if you want to communicate with others who do comply. No-one's stopping you from manufacturing a device that uses 190V 76Hz AC mains power, but try finding a socket to plug it into. Or customers. As it happens, the Internet was built on RFCs 791 and 793 so that was the significance of the series established.

    Everyone has the "power to push a standard" - actually having a working implementation helps - but if it doesn't do anything significantly different or better than what everyone else is already using then why should everyone be forced into using it?

    The name "Request For Comments" is in recognition of Crocker's memo regarding IMP Host software (RFC1), and the fact that - once published - their contents never change (so having been published as a Request For Comments it remains a Request For Comments).

    There are plenty of RFCs on the principles and processes of RFC publication and protocol standardisation; many of them can be found via the Editor's FAQ https://www.rfc-editor.org/faq

  • FormalWare (unregistered)

    Pseudo-randomness is a real hazard. Especially to "realism" in simulations.

  • AnonymousCoward (unregistered)

    I've seen Guid clashes twice in my lifetime each in a different company, and completely different scenario, and no, it wasn't my code in either case. So I think the "lifetime of the universe" quote is a bit misleading. Maths is a funny thing. For example (along the same line as Guid clashes) how many people do you need in a room so the chance of the next person arriving shares a birthday with one of the people already there is more likely than not. From memory, the answer is around 21.

  • (nodebb) in reply to AnonymousCoward

    As it happens, my memory is better than yours; I remembered it as 23, which was readily checked using any number of Internet sites.

Leave a comment on “A Unique Specification”

Log In or post as a guest

Replying to comment #:

« Return to Article