- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Finally, Frist!
Admin
TRWTF is Rob H. not being able to read but investing the time to take a screenshot, submit it to tdwtf and not questioning himself once what the "This setting is determined by your Windows diagnostic data setting" hint means... 🤦♂️
Admin
As for the article itself, why are you accessing your mysql database as root? Thankfully, when you do not supply a password, it tell you to get lost. All the other errors are happening because you do not have an open DB connection.
Admin
Worse: doing so using the old mysql_ library, rather than mysqli_ or, please, PDO.
Admin
I'm not sure what "counter-factually" means, but it doesn't mean the same thing as "counterfactually".
Admin
TY
Admin
More to the point. It seem as if the webserver is running as root. Hello godmode if you manage to compromise it...
Admin
I'm frankly disappointed no-one has yet made a "root beer" pun.
Admin
I don't think the fact that the code is using the mysql root user implies that the web server is running as root.
Admin
How much of that root beer had the developer already drunken when he designed the database access as root without a password?
Admin
As for the password change catch-22, a friend of mine showed a similar one to me: though at "normal" login, he could enter his full-length password (some 30 chars), he could not do so on the password change site. I analysed it and saw that here the password field was restricted to 15 chars.
Admin
I had a similar experience. The "I forgot password" allowed me to change the password to something the login page rejected as "there's no way that can be your password" because of those stupid draconian "must have at least 2 of the following items... not including the emoji for poo" fields. For logging in! What ever happened to correct horse battery staple? Why do I dread signing up on my iphone? because it will take at least 4 shifty things just to type any password they accept!?
Admin
Worse: Mysqli being something in the region of 17 years old and PDO being in there at least 15...yet still using mysql()
Admin
I've had almost the same experience, but inverted: I made an account using symbols on the password, then the login paged crashed when I tried logging in. I had to use the forgot password link and change to a plain alphanumeric password. Nowhere in the site was specifying that symbols are not allowed...
Admin
The top Port 31 is the one that's offline; that's why Port 32 (the one below it) has heroically chosen to take over its duties.
Admin
No root@localhost beer for you.
Admin
If everyone is talking about bad password handling: I found a website once where I could set a password with something like 30 characters but the login form only accepted something like 20. Worst: The page clearly saved passwords in clear text. The password reminder link just sent me a mail with my clear text password that was too long to enter. Luckily the 20 character limit was done on the browser side...
Admin
It's easy enough to understand how most of these happened. Typical low quality JS code in a website's UI.
But I really wonder how the HP switch graphic ended up with two 31s and no 32? Counting to (at least) 36 is something that's usually pretty easy to do; it's harder to special-case something in the middle. Obviously 32 is a magic binary number, but it's been a lot of years since we've had to worry about arithmetic overflow at a mere 5 bits.
Color me baffled about that one.
Admin
"peripatetic" huh? TDWTF is trying fancy words lately
Admin
Counter facts: Some counters start at zero, and some start at one. A very small proportion start at other values.
Admin
Robin, the comments section here is open to all our readers with a thirst for wordplay. I certainly tried to find a proper pop pun but sadly fizzled out. Give it your best shot! Perhaps you will succeed where I failed.
Admin
The password one made me laugh. Waaaay back in the day (Like when they were only around for a year or two), Amazon let you type as many characters as you liked as a password, but only actually used the first 8. I realized this when I knowingly typed my password wrong but hit enter instead of the backspace. Tried it a few more times intentionally to be sure. Thankfully, they fixed that bonehead move eventually.
Admin
Much more recently, big database vendors had (have?) the same issue ... think Oracle, DB2 ... they would allow you to specify long passwords, but only used the first (typically 8) characters. I think it was (is?) a *nix thing, for some flavours at least. I only saw it by accident, knowing I typed the wrong last bit of the password, but it still authenticated. I then had to try and see where it stopped accepting, and it was at 8 or fewer chars. NICE. Felt like I was back in the MS-DOS 6 days.
Admin
The Edge Browser Optional Settings are controlled by the Windows Optional Settings (in the Settings app). The Real WTF here is Microsoft Edge. "We don't want to keep losing market share to Google Chrome, so let's take their source code and make our own version of Chrome. People will love it!" Sigh.
Admin
RAM isn’t as important in gaming as it is in design or media editing, as running a game typically doesn’t use that much – anything over 8 GB is plenty. If you find yourself needing more for demanding tasks or the next generation of gaming, RAM is one of the quickest components to upgrade.