• NULLPTR (unregistered)

    password=new random(null);

  • P (unregistered)

    He certainly didn't for(c) that coming.

  • Xorium (unregistered)

    C was already used as the variable name.

  • (nodebb)

    "A sailor went to C C C, "To C what he could C C C, "But all that he could C C C, "Was the bottom of the deep blue C C C."

    That kind of pirate, I guess.

    Addendum 2019-10-14 07:22: GDMF GDMF Stupid stupid stupid forum software.

    "A sailor went to C C C,

    "To C what he could C C C,

    "But all that he could C C C,

    "Was the bottom of the deep blue C C C."

  • Tim (unregistered)

    TRWF is not using regex (never thought I'd say that!)

  • Church (unregistered) in reply to Tim

    I get where you're coming from, but we have to try and remember that sometimes a regex is a perfectly cromulent solution.

  • Abigail (unregistered)

    While it's obvious there is a 'C' missing in UPPERCASE_LETTERS, UPPERCASE_LETTERS isn't used in the method countMatches. Remy: Function overloading- the call inside the method is passing a character, not a string, so it's calling a different countMatches method.

  • (nodebb) in reply to Abigail

    Captain Obvious here ... let's assume that countMatches is called with UPPERCASE_LETTERS as on the second input parameters to the method ... I guess it can still be messed up, but yeah. I only "C" the first reported WTF's.

  • Jaloopa (unregistered)

    Am I missing something or does the code as presented just throw a stack overflow exception after repeatedly calling countMatches on the first character of charlist?

  • Conradus (unregistered) in reply to Steve_The_Cynic

    We joined the Navy To C the C And what did we C? We saw the C!

  • (nodebb)

    So much to comment on this...

    Real Programmers use C, because it is the easiest language to spell.

    Obviously this is not a Real Programmer, it looks a lot like Java (and I am all for it)...

  • (nodebb)

    Why not just implement a static {} block that fills the final static private field in a loop from A to Z? At least then you can maintain and debug that way more easily when you may have forgotten which letters start and finish the alphabet.

  • (nodebb)

    Fix this with


  • jay (unregistered)

    Umm, what? UPPER_CASE_LETTERS is never used in countMatches. And countMatches call itself recursively, passing the first characgter from the second parameter in to the inner call. So if the second parameter has at least one character, it will go into an infinite recursion loop.

  • (nodebb) in reply to jay

    My brain hurts now. What the hell is that snippet even supposed to be??

  • sizer99 (google) in reply to jay

    UPPER_CASE_LETTERS is the first charList passed in by whoever is calling this.

    Then the countMatches in the loop is a DIFFERENT countMatches (notice the prefix).

    Yes, it's all hideous. TRWTF as usual is not just doing a quick loop using the builtin .IsUpper() method. Whatever language/framework this is, it exists, I guarantee it. And then while you're doing that loop you can do the .IsNumber(), .IsSpecial(), blah blah blah because your password rules probably use those too.

  • Brian Boorman (google)

    Non-Latin uppercase characters anyone?

  • sizer99 (google) in reply to Brian Boorman

    These clowns couldn't even handle Latin 'C', much less Ü.

    Addendum 2019-10-14 15:58: Edit: I am somewhat surprised to see that this godforsaken commenting system actually handles Ü

  • (nodebb)

    StringUtils, btw, is that a class from the hideous library from a couple of days ago? I dare not look back, I need my eyesight for a few years longer.

  • Sole Purpose of VIsit (unregistered) in reply to sizer99

    I'm more surprised that it handles upper-case 'C'.

  • eric bloedow (unregistered)

    reminds me of an older story where someone tried to validate dates using the string "janfebmar-"...it would accept "anf" and "nfe" as valid!

  • LinAGKar (unregistered) in reply to sizer99

    Which should hopefully also let it handle non-English uppercase letters.

  • Pontus Gagge (google)

    TRWTF is promoting hard-to-memorize passwords by demanding usage of multiple character classes (while being dreadfully monolingual), rather than promoting password length through passphrases. The hash of even the most complex short (<9 character) password is easily brute-forced by GPU's these days. https://pages.nist.gov/800-63-3/

Leave a comment on “I See What Happened”

Log In or post as a guest

Replying to comment #:

« Return to Article