@Cassidy said:
Oh Jesus Shitting Christ.
There's a hip marketingy place in town that's looking for a backend developer. I sent out my resumé to the recruiter just now: we'll see what happens!
@Cassidy said:
Oh Jesus Shitting Christ.
There's a hip marketingy place in town that's looking for a backend developer. I sent out my resumé to the recruiter just now: we'll see what happens!
Extra bonus WTF: Just overheard the same guy talking to my other boss. Saying: "yeah, I was working over the weekend; since we strengthened the login procedure I couldn't get into the application, so I temporarily made it so the login check is always true." Well, he changed it back after, so I guess it's not dangerous? Or something?
@GNU Pepper said:
They begin sentences with phrases like "Well I've been doing this for ten years", and from then on you know they aren't listening.
In a previous job, I've had a guy use that as an argument in a discussion. Me: [argument that pertains to the discussion and makes logical sense, to me anyway]. Him: "I've been working here for thirty years." Then he looked at me, as if that was supposed to convince me I was wrong.
@GNU Pepper said:
I'm beginning to believe that the only way of avoiding this kind of bullshit is by single-mindedly focusing on distancing oneself from the masses of shit-tier developers as a primary career goal.
If I didn't have cold feet about it, I'd start my own company. That's the only way I can think of...
@GNU Pepper said:
I'd advise you to think very long and hard about your dreams of quitting. Are they really going to solve anything? Do you realistically believe that the next company magically won't have developers like this?
At this point, it's more that what's making me want to leave is the combination that he's my boss and also generally hard to reason with. I don't mind not having the last say in anything (if I wanted that, I'd get rid of my cold feet) but if someone's boss makes up a "fact" that's wrong, and his underling disagrees, the underling is basically wrong if the boss is backed by the rest of the firm, no matter what the truth is. I don't have a boss + 1. Perhaps this is one of those things that pass and the two of us can look back on later, but it's beginning to look like that won't be the case.
@Cassidy said:
It's hoping you could deduce that from the content of the error messages, or made the assumption that the user knew what they were doing.
I have since tried it out at home and found that Apache is a bad example, since part of the error message reads: "This is most likely caused by the lack of administrative priviledges (sic) associated with your user account." Since I can't currently think of a better example, and the error message seems to come from bash and not Apache, I guess I stand corrected, not to mention extremely pwned.
@blakeyrat said:
Instead you'll try running "whoop there-it --is" and it'll say "file not found" or "no permissions" or "don't work, fuck you". Because the system's too fucking stupid to realize the command needs other permissions and prompt you for it at the time you run the command. Like, you know, every other OS has done for like 7-8 years now.
I do like Linux, but I totally agree. Apache is a nice example. You want to restart it, and you get a bunch of shitty error messages that explain nothing. Then when you put sudo in front of it, it suddenly works. How come Apache can't figure out the user that tried to restart it, doesn't have the right permissions? Blakey probably has a good answer to that: I'm toon for TDWTFTV, back to you Blakey.
@Salamander said:
Ignoring that post's horrific overuse of colour, it doesn't really explain why sudo is considered bad. It rants on about how it lets users use their own password to run root commands, but not why that is a bad thing.
It's certainly better than giving people the actual root password, like they did before sudo was around (INB4: and ACL and SELinux and PAM, etc).
@blakeyrat said:
Don't try to do Blakeyrat, only Blakeyrat can do Blakeyrat.
I agree! What the fuck is wrong with people on this forum, anyw... Oh, wait.
@Cassidy said:
@toon said:
And uh, knowing the person involved: receptive? I don't think so.Ah, okay. I mistook his surprise (and potential revelation) to mean that upon learning something new he'd want to act upon it (rather than be in denial about its effects).
No, you're right, he wants to be good at what he does; it's just that he's got a real hair up his ass about being told how to do his job. So whenever he gets the perception that that's the case, he gets very defensive in an offensive sort of way (if that makes sense). He can't help it, but of course that doesn't make much of a difference to me. One of the reasons I'm considering leaving.
@Lorne Kates said:
@toon said:
mysql_real_escape_string, a soon-to-be-deprecated functionAgain? What's next, mysql_real_real_escape_and_encode_safer_string?
I know it's a done-to-death joke-- but the only reason the function has a stupid long name to begin with is becuase they kept deprecating escaping functions to make them "better". How is the next iteration going to be betterer?
The mysql_real_escape_string function is part of a relatively old MySQL API. In the mean time, they (not sure who "they" are but I assume it's PHP folks with MySQL folks) made a mysqli_* set which is a lot better than the mysql_* set. That, and PHP has a PDO layer now, which can talk to MySQL and supports query parametrization etc. So all the mysql_* functions will be deprecated in a few weeks in favor of the PDO and the mysqli_* functions.
@Cassidy said:
@toon said:
but has been aprofessionalPHP/MySQL developer for over six years, maybe seven.FTFY. Professionals generally won't make amateur mistakes repeatedly for that length of time. @toon said:
I've been thinking about leaving for a while now; maybe it's time I started drafting a resumé.Offer to QA his code to see where other vulns may be lurking. He'll be receptive to the idea, and then you can add "PHP/MySQL Testing and Hardening" to your resumé.
Well, by "professional" I guess I just meant that he makes his living being a full-time PHP/MySQL developer. And uh, knowing the person involved: receptive? I don't think so. It's a nice idea though: I could probably already add "query optimization" and "data modeling", I suppose.
So one of my two bosses (we're a three person shop) just wide-eyedly pointed me to the PHP manual page for mysql_real_escape_string, a soon-to-be-deprecated function for making string values safe for MySQL queries. The guy seemed genuinely surprised, as if he'd just had a revelation, at the second SQL injection example the PHP folks provide on that page. Look, they just enter ' OR ''=' and then the query becomes SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''!
TRWTF here, is that this person is not only my boss, but has been a professional PHP/MySQL developer for over six years, maybe seven. This man wrote a real large chunk of our code base. I've been thinking about leaving for a while now; maybe it's time I started drafting a resumé.
@Anonymouse said:
@amyb said:
Ah, I see the WTF. This should of course beif ($this->hasSomeCondition){
$query = "SELECT * from myTable WHERE itemId = '$itemId'";
} else {
$query = "SELECT * from myTable WHERE itemId = '$itemId'";
}
if ($this->hasSomeCondition){
$query = "SELECT * from myTable WHERE itemId = '$itemId'";
} else if (!($this->hasSomeCondition)){
$query = "SELECT * from myTable WHERE itemId = '$itemId'";
} else {
$query = "SELECT * from myTable WHERE itemId = '$itemId'";
}
if ($this->hasSomeCondition){ $query = "SELECT * from myTable WHERE itemId = '$itemId'"; } else if (!($this->hasSomeCondition)){ $query = "SELECT * from myTable WHERE itemId = '$itemId'"; } else if ($this->hasSomeCondition == FILE_NOT_FOUND){ $query = "SELECT * from myTable WHERE itemId = '$itemId'"; } else { $query = "SELECT * from myTable WHERE itemId = '$itemId'"; }
@FragFrog said:
@toon said:EDIT: maybe a default argument value is even better yet:
$dl = $downloads -> publishFile($oldFileName);Assuming this is PHP, method overloading is not really a viable option. It can be done, but the hoops you have to spring through don't exactly make it the simpler solution.
Who's talking about method overloading? AFAIK you can't have multiple methods of the same name in a class in PHP, if that's what you mean. I just meant that the second parameter gets a default value, say: false. So if the new name isn't specified, you mean that the old file should be published, but under the same name. Makes for more readable code.
@amyb said:
he tempfile resides on a linux filesystem, and the publishFile() method handling its creation/removal does so via system()...
Reminds me of this horror story.
@omgLOL said:
Hmm i don't see the bonus WTF, the *** parameter could be a signal for the publishFile method to just keep the old name? Maybe it would be better to make a separate parameter for that, but not really a big WTF don't you think? Or am i missing something?
Yes, I'd say you're missing something. I'd go for a construction like this:
$dl = $downloads -> publishFile($oldFileName, DownloadsClass::KEEP_ORIGINAL_NAME);
or maybe this is even better (but of course, I'm just a developer, not a software architect):
$dl = $downloads -> publishFile($oldFileName, $oldFileName);
EDIT: maybe a default argument value is even better yet:
$dl = $downloads -> publishFile($oldFileName);
@dhromed said:
If I want to do serious file managing, I use Total Commander.
Just taking a minute to say thanks. I'd never heard of Total Commander until that comment, but it came in very handy just now; I think I'll be using it more often in the future. Having said that, the default font the guy uses is really annoying (but can be changed easily, on the plus side!).
This sort of thing makes me wonder what else people are doing, but actually getting away with.
@topspin said:
I believe vi is supposed to be a powerful tool for typing really fast. It's got all kind of stupid weird-ass keys for:
- moving left, right, top, down: there's arrow keys for that. Welcome to the year of ... I don't know, some time before I was born??
- moving a whole word, deleting a whole word, etc. ... Guess what: Ctrl-arrow does that too in any other text editor. Combined with Shift for selecting and Del for deleting, I got word deleting in two logical moves.
- million other things like that.So it seems to begreat for typing. But my typing speed is not the bottleneck most of the time, I'm not a secretary. An IDE gives me better tools than that without spending years to learn it.
They very likely had arrow keys when vi was invented, probably in the 70's in the early UNIX days. My guess (but again, I'm not a vi user) is that they figured that by having the h, j, k, l thing be arrow keys, you don't have to move your fingers around as much. If you really want to type efficiently, it's actually not such a bad thought. Remember, this is about 40 years ago, when you really had to be a geek to even think about ever being near a computer. I'm not saying vi is the way to go over an IDE's editor; after all, the modern pointy-haired IDE designers have 40 years of user interface knowledge over those bearded birkenstock wearing vi hippies, but it's probably not like that weird interface doesn't have some merit.
@blakeyrat said:
@toon said:I suppose you dislike all those poor saps who spend so much time learning vi?If you, starting from scratch, spent 40 hours learning Vi and someone else spent 40 hours learning Visual Studio's editor (or Sublime Text as someone else posted), do you believe you would be more productive than the other guy? Do you have any evidence to back your opinion up? (And I mean real evidence, not Sheridan's retarded "popular = good" bullshit.)
The only reason you think Vi is so great is because you spent so long learning it. If you spent the same amount of time in any other equivalent tool, you'd have the exact same productivity. It's basically sunk cost fallacy in software form. I could be convinced with evidence, but I've never seen any and I doubt anybody pushing Vi actually has any.
Who said I think vi is great, or even good? I tried learning it twice, and after a few hours I figured it wasn't worth the time. My actual point was, that if you take the time to really learn a text editor built for programmers, you're more productive as a programmer than if you don't. I use Komodo Edit at work (wasn't my choice to make, but it's a decent editor), and I'm convinced that I'm more productive than I would have been, if I didn't know how to quickly select blocks of text, comment/uncomment, indent/unindent, drag/drop etc.
Actually, I do think that if one learns vi, then they can be more productive as a coder than with (for instance) Komodo Edit. But I say that because of all the geeks who tell me vi is so great, if you spend fuckloads of time learning it. I also think part of why feel that way, is because I imagine that if you're familiar with it, you can do things in a few keystrokes that (for instance) Komodo Edit makes you reach for the mouse to do which takes a little longer. But I can't actually prove it, and I never said I could.
@Soviut said:
It reminds me of some anal retentive graphic designers I know who spend their entire first day of a job carefully moving palettes around in all their Adobe apps; People who consider busywork to be productivity under the guise of "configuration".
Positioning those palettes, and learning the shortcut keys, are immensely useful in becoming more productive. It allows a designer to work without having to think about his or her tools. I suppose you dislike all those poor saps who spend so much time learning vi? If you're not going to put the tools you have to good use, then I suggest applying for a job as a PHP programmer. We're excellent at not giving a shit about how software is supposed to be used.
@flabdablet said:
CentOS is from the Red Hat stable, and traditionally everything that comes out of there takes an "everything and the kitchen sink" approach to default installations. The kind of experience you talk about is exactly why I prefer Debian, which installs very little by default. The Internet-based mini installer is also very small and still has a text-based installer that doesn't install any graphical bootup nonsense by default.
When I first moved to Debian I was occasionally disconcerted by the need to apt-get things I expected to find preinstalled (it doesn't come with traceroute? Seriously?) but since all that's required to pull in all the packages I generally need is a simple two-line script, I would not now have it any other way.
Plus, "Debian stable" is what the name implies. It's kind of outdated for those of us who want the latest stuff, but it'll stay up for years at a time.
@Ben L. said:
@toon said:@joe.edwards said:The usefulness of a layer you can't draw on is debatable. If you want to overlay light blue, then make a light blue layer and set it to overlay. It's simpler and it does the same thing.@dhromed said:@ASheridan2 said:
I suppose someone could get the source and add that feature... oh no, they can't, because it's closed source and we have to stick with whatever sucky features it's built with.You make it sound as if availability of source automatically causes good things like this to happen.
It's not automatic, but if an open source project had the same size user base as Windows Explorer, it'd be a virtual certainty that someone or other would take the time to implement a much-wanted feature like tabs.
If that were true, the GIMP would have a lot more features (such as adjustment layers).
You don't draw in the layer, you draw on the mask, which adds immensely to the power. That's only part of it, though. The whole point is that you can fiddle with the colors and levels and god knows what else, and change it later. Adjustment layers are why I wish Photoshop was free. If you never use photoshop and adjustment layers, but edit a lot of graphics: that's like finding and replacing without regular expressions. They're not necessary, but you're missing out if they're not in your life.
@joe.edwards said:
@dhromed said:@ASheridan2 said:
I suppose someone could get the source and add that feature... oh no, they can't, because it's closed source and we have to stick with whatever sucky features it's built with.You make it sound as if availability of source automatically causes good things like this to happen.
It's not automatic, but if an open source project had the same size user base as Windows Explorer, it'd be a virtual certainty that someone or other would take the time to implement a much-wanted feature like tabs.
If that were true, the GIMP would have a lot more features (such as adjustment layers).
@dhromed said:
@ASheridan2 said:
@blakeyrat said:
No but if I exposed you to my fullwitstupid-dumbfuckery, your brain would explode and then you'd have to clean your curtains.ftfy
I see we're too late!
Now who's going to foot the bill for the curtain cleaners?
@tchize said:
I have seen my share of such people. Logical answer is "Do you put your money in the trash bin so you can find it back later?"
+1
@ASheridan2 said:
@toon said:@GuntherVB said:What can we do about it, people are idiots
That's the sort of attitude that makes people go: "what can we do about it, developers are socially inept nerds".
Not really. The clue is in the name of this magical folder. It's got two words in it: 'deleted' and 'items'. [...] Personally, I think these users are fucking idiots.
I agree completely. However, I don't think all people are idiots. That remark sounded like a remark from the kind of person that decides if a statement makes sense, before it is uttered. The sort of person who somehow magically knows whether or not someone is a moron, before that person has finished their sentence. I say, first hear someone out, then decide if they're an idiot (like those users) or not.
@GuntherVB said:
What can we do about it, people are idiots
That's the sort of attitude that makes people go: "what can we do about it, developers are socially inept nerds".
@Charleh said:
'deleted items' folder
A contradiction in terms, if ever there was one.
@Charleh said:Apparently, they have been using Outlook for 15 years and they "haven't just started deleting emails by accident"...
Seems to me like indeed they haven't: I suspect they've been doing it for quite some time, and are only figuring that fact out just now.
@toon said:
@ASheridan2 said:I think the sad thing is it can take an idiot the same time to bang out several crappy "tutorials" of this calibre that it takes a better person to write one good tutorial. That's why the Internet is full of cruft, idiots outnumber the rest of us.
Absolutely. People ought to read more programming books. When I mention this fact to the sort of person who might write a crappy tutorial like that, they look at me like I'm some sort of dinosaur.
Inb4: not so much "fact" as "opinion", of course.
@ASheridan2 said:
I think the sad thing is it can take an idiot the same time to bang out several crappy "tutorials" of this calibre that it takes a better person to write one good tutorial. That's why the Internet is full of cruft, idiots outnumber the rest of us.
Absolutely. People ought to read more programming books. When I mention this fact to the sort of person who might write a crappy tutorial like that, they look at me like I'm some sort of dinosaur.
@Rhywden said:
The fun part about thie page in question: There's an article on there which explains that using "mysql_" functions instead of "MySQLi" functions is a foolish move to make.
@bridget99 said:
@bridget99 said:@toon said:A coworker of mine, we do all of our stuff in PHP, used to be in the automotive industry, and I don't mean as a developer. When reading his code I tend to run into the following.
<font face="Lucida Console" size="2">if(expressionA || (!expressionA && expressionB))</font>
I tried to tell him why he doesn't want to do this if expressionA is expensive, but it doesn't seem to sink in. Also, to nip a potentially very valid objection in the bud, in these cases it's not important that expressionA be false if expressionB is true.
I don't think that objection would be valid anyway. The way that's written, the overall condition is true if expressionA is true. If it's really important that expressionA be false under any circumstance, then that expression is broken.
TROLL!! HOW COULD YOU BELIEVE THAT?!? YOU ARE LEADING THE YOUNG ONES ASTRAY WITH THIS DRIVEL!!
Sincerely,
Some millimeter-shallow member of "Generation Don't-Tase-me-Bro" who's never kissed a woman
(CISA)
@blakeyrat said:
Plus how is that little kid going to get to the dikes to plug them up with his fingers if he has to cross a mountain? Is that the right country?
Yes. Not a true story, btw.
@blakeyrat said:Even the one in Cuba.
Obama closed that one. Oh wait...
@Zecc said:
@toon said:
That wasn't even meant chauvinistically, it was just a joke. A couple of Dutch guys are talking about roads, and all of a sudden the country's at war with the UK! Sorry for hijacking the thread, I guess?In retrospect I see my tone may have been sounded different, but I wasn't being sarcastic or anything, I was just joining in on the joke.Edit: I guess this goes to approve that self-deprecating humor is perfectly fine, but when used by other people it always sounds wrong. I had no intention to offend, I hope that's clear.
I'm just glad I didn't come across as a self-righteous look-at-us-Dutch-being-all-cool-with-water-y dickweed. There are more than enough chauvinistic folks on the Net as it is; no need for me to add to that particular onslaught of holier-than-thouiness. It's all good. Glad we got things straight. :)
To be sure, self-deprecating humor can easily be misunderstood, especially without body language to accompany it. I do think it's the best kind though. I like people who don't take themselves too seriously.
@Zecc said:
Oh right, how could I forget. A large part of your country was reclaimed from the sea.
I suppose you could keep at it until you unify your territory. I don't think the UK would like being annexed though, so you'd have to go around them. I'm pretty sure the Royal Navy could defeat you just by making a couple of waves.
That wasn't even meant chauvinistically, it was just a joke. A couple of Dutch guys are talking about roads, and all of a sudden the country's at war with the UK! Sorry for hijacking the thread, I guess?
I'm sure those Delta boys can figure something out.
@dhromed said:
@toon said:
dhromed's native country of the Netherlands, has a couple of municipalities in the Carribean.I really don't count those.
It probably means we get to have mountains. We're always the only country without mountains. :(
@dhromed said:
@toon said:
there's also Hawaii and Alaska.Everybody knows Hawaii and Alaska aren't really states.
But yeah, looks like that makes six.
A state where you can see the Rooskies from your porch: how American is that, really? I'll leave the answer to the reader.
@boomzilla said:It's actually nine when you include territories.
I just remembered that mine and dhromed's native country of the Netherlands, has a couple of municipalities in the Carribean. So we probably span a few as well...
The other day, I read that Puerto Rico wants to be a state, and that Obama is willing to listen if the Puerto Rican people are really up for it. If they go through with that, then that ought to generate more than a few WTF's in U.S.A.'s IT-land. Think of all those SELECT elements that have to be manually updated...
@dhromed said:
@toon said:
It's different for the U.S. because they span what, eight timezones?Four.
Are you sure about that? I knew the mainland spans four, but there's also Hawaii and Alaska. Maybe not eight but I'm pretty sure it's more than four.
@Cat said:
@spamcourt said:
@mihi said:or in a timezone (where 01:00 + 3 hours can once a year be 05:00 or 03:00)
This is TRWTF. Instead of making the clock move forward and backward and break all kinds of assumptions (like that an hour always unambiguously represents an instant in time) they could have just added or removed an hour in the day (so that it ends on 23:00 or 25:00). Sure, it would mean that sometimes hour > 24, but I can't see how this would be more problematic than the other way (and it's easier to understand for humans).Actually, if you store a combination of local time + local timezone, that IS unambiguous.
Daylight saving time doesn't actually change the time within a time zone, it changes a geographical region from one time zone to another. So a state in Central Standard Time (GMT - 6) moves to Central Daylight Time (GMT - 5) and back. If you store whether the instant was in CST or CDT it's unambiguous. In the fall, five minutes after 1:58 AM CDT is 1:03 AM CST.
It's only ambiguous if you store local time without a timezone.
I tried to explain this to my boss the other day, and he didn't get it either: the difference between local time and UTC on one hand, and the timezone on the other, are two different concepts. Most countries don't span over more than one time zone, so they don't go around calling it a different timezone when the time changes. It's different for the U.S. because they span what, eight timezones? So it's understandable that they have lots of different names for times and then confuse those names for timezones. But AFAIK, New York City (which I believe is in the timezone you're talking about) doesn't suddenly up and move hundreds of miles, twice a year. It's going to be in the same location, and therefore in the same timezone, no matter what TLA you give the time.
@dhromed said:
@boomzilla said:
I think people sending goatse should absolutely be forced to look at it every time they try to email the link.In order to reinvigorate them, no doubt.
I suddenly wonder if the guy who built that site back in the day, made a huge buck out of that, and if so, whether or not he's flaunting it.
@blakeyrat said:
Because every checkbox you add to a program doubles the QA time.
Not being familiar with proper QA (please don't ask *sniff*): why? Is it because then you need to test everything with the checkbox turned off, and everything with the checkbox turned on? The math seems solid but surely there are better ways to go about testing than try every possible inputs?
@dhromed said:
@joe.edwards said:
@jamiec said:For example, javascript for a simple rollover effect used to inject tens of lines of javascript when it could easily be done with 3 - and this was when jQuery was just a star in the sky.These can usually be accomplished with just CSS, with no script at all.
But not back then.
Listen to Dhromed, guys. Also, for cross-brwoser stuff with IE6... *shudder*. You're going to need a *lot* of JS to make a simple rollover.
@spamcourt said:
...all kinds of assumptions (like that an hour always unambiguously represents an instant in time)...
Those are TRWTF. Like for instance, assuming that minutes can't last several hours, because on some systems they can (I shit you not).
@gu3st said:
Also, sometimes.. if you call Date.Now() too soon.. it will return a ridiculous time as well. That's a fucking mindfuck.
...because it's probably not a JS WTF, but a browser one.
@Khalin said:
I agree with blakeyrat. When you set a property it means that you want to do something with it, it's not like "I want to set it for the future". The Visible property means that you want the control to be visible or not. It's like real life. Taking again the example of the box. if you want to show the item inside the box you MUST show the box first and the you CAN show the item inside the box, never before. MS is doing the right thing in here. if the control is not visible then the property need to return false because doesn't matter how you look at it, the control is NOT visible
Guess you're right.
Blakey, sorry for being all pissy, I overreacted; it's a pet peeve of mine. Not your fault. Used to work a lot of jobs with a lot of morons before I started programmig professionally...
@blakeyrat said:
You guys are way over-thinking this.
A lot of people have told me I over-think things in my yet-short life. I know you're being general and not talking to me specifically, and I'm willing to give you the benefit of the doubt, but 95% of those people were complete and utter morons. The other 5% were (mostly) very interesting people.
@pkmnfrk said:
Control.set_Visible(bool value) is setting the visibility flag, which I believe calls ShowWindow(hWnd, (BOOL)value) on the underlying window. This won't make the control visible if its parent is invisible, but it will set the flag, so that if the parent becomes visible, so will this one.
Control.get_Visible(), on the other hand, asks the question "is this control visible?" If the control itself is marked invisible, then that's easy. If it's visible, though, it needs to check the parent, and the parent's parent, etc, to determine visibility. If one of those is not visible, then it stands to reason that this control can't be visible either.
For me, it might be less confusing if set_Visible and get_Visible were each other's exact "opposites". There might be an is_Visible for what's now get_Visible, and get_Visible would return the value of the actual flag. Because it might be relevant for a developer to know, if a visibility flag is set, regardless of whether or not the control is actually visible.