- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
those 'i's have different scope
Admin
And the outer i is always used.
Admin
In JavaScript, all vars are scoped to the function, not to individual blocks. That's why let was introduced in later versions.
Admin
NaN thNaNnk Nan'm goNaNng to be sNaNck.
Admin
It seems dumb that you are allowed to declare the i variable twice in the first place. But then, I'm not familiar with JavaScript.
Admin
Does it make sense to have a captcha in JavaScript? Someone attacking the website could read it from the DOM, can't he?
Admin
"It seems dumb" does sum up JS pretty well :trolly:
Admin
It's interesting (though not surprising) that
a='a'; a++;givesa=NaN, buta='a'; a+=1;givesa='a1'.Admin
Obligatory reference to wat: https://www.destroyallsoftware.com/talks/wat
Admin
"download a network driver"? Is this from the 1980s?
Admin
varget's hoisted to the top of the function/scope, and to avoid something likecausing problems they made the really weird choice to just make it so multiple calls to
varwould be ignored.Unfortunately this falls into the "let's make a language really forgiving so it becomes really easy to make something that'll work in it" school of thought that gives us pretty much every abomination that in retrospect was a terrible idea(yes, anyone can write JS that'll do something, but that also makes it really hard to write good JS since it's near impossible to write safe code that's also clear and concise).
Admin
the real DWTF is not the silly code generation but the code written in plain text in the html element
Admin
Wouldn't the code not also mean that there needs to be some URL which can actually be hotlinked? I mean, if the client completely validates the captcha, there is no prove whatsoover generated which could be checked by the server (maybe the referer header, but I doubt they checked it and you could just set it by hand if you would want to automatically download something from their server).
Also if you google for parts of the code, you find it on stackoverflow and other sites like years ago already, at least at some points are people spreading this captcha implementation to other people. Although their iterations only got up to 6 instead of 20 and they also used fewer variables, so they did not actually overwrite i.
Admin
I don't think there was much downloading of network drivers in the 80's. Unless it was done on a BBS. My entry into IT/Computers was as a "back room" service tech at a local computer store in upstate NY around my junior/senior year of high school. This was before one bought computers from the "Big Boys" like Sears. Well, actually, it was around the time of transition from the "computer store" to national retailers and well before one simply, "bought online." The path to getting network drivers, NIC drivers really, was to install them from the 3.5"/5.25" floppy included in the box. Absent that: get the model #, serial # and MFG name from the PC board, call their 800 number and wait a week for the floppy to arrive in the mail. The year: 1991.
Admin
Seems like a prime candidate for a ternary:
function foo(bar) { return bar ? 'qux' : 'plugh'; }
But yes, I'll have to agree that JS is a big pile of WTF
Admin
Obligatory: wat
Admin
TRWTF is that "i" is most certainly not NaN. It is Imaginary, but that's still a number. Just don't get me started on how easily most languages happily overload "i" to be some real number like say, a loop counter. There oughtta be a law. Or something.
Admin
TRWTF is how Javascript ignores errors. This code, at the very least, should cause your computer to implode.
Admin
Downloading network drivers? I did it just a couple months ago. Needed a driver for a USB/Ethernet dongle - didn't have the CD, and corporate group policy blocks Windows Update because IT manages deploying updates.
Admin
JavaScript's type coercion. a++ tries to convert variable a to an integer so that it can be incremented: a = Number('a') + 1, which results in a = NaN. The second example is string concatenation. Because the variable a='a' (which is already a String), JavaScript will coerce the second value into a string and then concatenate. So, 1 becomes '1', and a = 'a1'.
Admin
So the first few times he tried it without NaN and couldn't understand why it didn't work?
Admin
TRWTF is JavaScript happily assigning a loop variable to a numeric string, recognizing it as a number in the loop-exiting comparison, and yet still being unable to figure out how to increment it.
Admin
Heh, seems Gregor visited the same site I did (I needed an audio-driver) - the persistent "NaN" at the of the "captcha" seemed weird to me too... This might also explain why their downloads oscillate between "421 - too many connections" and breathtaking ~10kb/s download speed...
Admin
A good example of why javascript is an horrific language. This should not execute without a fatal scoping error.
Admin
well, maybe you're not a number
Admin
But who is Number One?
Admin
i is only imaginary if you are a mathematician. If you are an engineer it is j
Admin
You are, number 6
Admin
You should be embarrassed about languages where none of this generates a compile-time error or at least a run-time exception.
Admin
How did this Java actually tell a human from a robot? Did it check on the browser side before allowing the human to click on the link? If the robot simply ignores the script, what happens?
Admin
Or at the very least causes a linter to point and snigger at you.
Admin
The first PC I ever bought was in 1988. I bought it from Sears.)
Admin
Hey, somebody else wanted to download Realtek's drivers!
(also, you can just copy & paste the "captcha" characters, spaces included)
Admin
Still, its dumb enough that it would stop any modern bot, and thats probably enough.
Its not like they expect it to stop any real human so its not a security feature (unless they are complete morons ;) )
Admin
It's one of those captchas that rely on the site not being super important so that nobody will write a special robot for it. It's like "Type in the 5th word of the following" or "Type in 'ORANGE'".
Admin
It looks like you have to type two spaces between the second and third characters.
Admin
I'm surprised no one said "FrNaNst".
Admin
Clearly TRWTF was that Javascript didn't output an error message to a window on the computer of whoever wrote this brillant example of code.
Admin
i am not a number! I'm a free NaN!
Admin
In the dim and distant past I think Firefox used to have an option "Enable strict JavaScript warnings" (not to be confused with ES6 'use strict') which reported things like this, but this particular warning has since been removed.
Admin
I'm guessing they started off with no more than 8 characters in the captcha, got that working well enough, and then when they decided to extend it to 10 characters, just chucked a couple more variables into the loop without re-checking the output.