The idiot strikes again



  • I wrote a lenghty post about my incompetent co-worker a few moths ago and his adventures in IIS land, here http://forums.thedailywtf.com/forums/p/10477/185301.aspx#185301, but now that he's not around (he's at a client), he continues to strike me with his idiocy.

    The story is like this: this other guy, brilliant (not "brillant") programmer started this project around the same time I came in - september if I recall correctly. Then, after only two weeks, he had to leave to one of our clients (because they like him) and this guy took over. The thing was already working, our manager laid the databases and gave him all the SQL code he had to use prior to the start. So, it WAS a two-week project. But after this guy took over, he took about three months to finish... finish meaning NO documentation and NO regard for the testers bug reports. Fast forward to today, he had to check in because the thing is about to being used, and he has already deployed it to the production, but the CEO thinks that the layout is "the most horrible thing he's ever seen"... So, I came in to fix it...

    Since... well, forever, we have polcies on Source Control. Everything gets checked in - mainly because... well, you know, backups, team cooperation, allows us (meaning me) to work at home, makes management easier... When I came in, I was told imediately about that and started using it. He, on the other hand, got told, but I THINK that after six years in college, he never used that kind of tool. So, the Admin came in and showed to him how it's done. Thing is, he DID add the project into the sourcesafe database, but that's it. He never checked code in, so the whole thing was outrageously out of date and messy beyond belief.

    But it's not like he wasn't doing backups. Because he was. Yep, you guessed it.

    Free Image Hosting at www.ImageShack.us

    The reason I say the SourceSafe entry was messy, was because the whole project (every file) inside SourceSafe was checked out to some folder called C:\Inetpub\WWWRoot . He had TWO work folders inside his computer, and one of them was the IIS root folder. Yes, he had a project running inside his IIS root folder. And, of course, he had backups for it!!!

    Second, we're supposed to NOT bypass the administrator when publishing stuff to the production server, because they need to know what we're doing and what we're publishing because... well, it's the production server and we're not supposed to debug code there. So, after taking down the whole pre-Sharepoint page for 3 weeks... yes... he started testing the thing on the production server. And, look! He made backups for his multiple versions, too!

    Free Image Hosting at www.ImageShack.us

    QuickPost Quickpost this image to Myspace, Digg, Facebook, and others!

    And you guys probably, by now, think I'm being mean to him. But no, the guy is that crappy indeed. Here's what's on our production server. If you're familiar with ASP.NET, you probably know it is compiled, right? I mean, your code doesn't belong on the server! And even if it was Classic ASP, why would you want your damn Visual Studio solution inside the Server?

    Free Image Hosting at www.ImageShack.us

    So, what should I do, other than killing him?



  • Oh, but wait (I feel like an infommercial guy). Everyone here (including me) loves code WTFs, so I'll give some insights on his treatment of SQL Injection!!!!

    using System;
    using System.Data;
    using System.Configuration;
    using System.Web;
    using System.Web.Security;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Web.UI.WebControls.WebParts;
    using System.Web.UI.HtmlControls;
    
    namespace Inject
    {
        public class Filtro
        {
            public string filtraTexto(String texto)
            {
                String[] maliciosa =  { "select", "drop", ";", "--", "insert", "delete", "xp_", "'", "into", "1=1", "union", "Union", "*" };
                String textolimpo = texto;
                string mal = string.Empty;
    
                for(int cont = 0; cont < 8;cont++)
                {
                    mal = maliciosa[cont];
                    textolimpo = textolimpo.Replace(mal, "");
                }
                return textolimpo;
            }
        }
    }
    

    :D



  • @glassx said:

    String[ maliciosa = { "select", "drop", ";", "--", "insert", "delete", "xp_", "'", "into", "1=1", "union", "Union", "*" };
     

    UPDATE WTF SET OMG_U_R_ROOT = 1;



  • @glassx said:

    Free Image Hosting at www.ImageShack.us
    mmmm.... pasta.

    Or does that just mean that it's all spaghetti code?

     



  • The text in the screenshots is in brazillian portuguese ("pasta" is just a word for "folder").

    Now, "mal" means "evil", so he's substituting an empty string for evil in order to prevent SQL injection attacks. SQL - evil = safe... Brillant!



  • [quote user="Renan "C#" Sousa"] Now, "mal" means "evil", so he's substituting an empty string for evil in order to prevent SQL injection attacks. SQL - evil = safe... Brillant![/quote]No, mal is a variable for iterating over the array of malicious words.



  • Well, iterating over part of the array anyway seeing as he's fixed the number of iterations in the for loop and then obviously added items to the list.



  • @glassx said:

    If you're familiar with ASP.NET, you probably know it is compiled, right? I mean, your code doesn't belong on the server! And even if it was Classic ASP, why would you want your damn Visual Studio solution inside the Server?

    With a .NET web site, I typically DO deploy the code to the server; .Net will compile it for you, and because my predecessors debugged all code on production, it will inevitably require tweaking to get it to work, and the code files being there makes that easy. Deployment is easier if you deploy the code files, you can just drag & drop from qa to production

    Of course, had he been using a .Net Web Application, .Net relies on the compiled .dll file, so the .cs files are completely unnecessary

    The visual studio project and solution files; however, are completely unforgivable in either circumstance.



  • @shepd said:

    UPDATE WTF SET OMG_U_R_ROOT = 1;
    You're doing it wrong. It's UPDATE WTF SET DROP_DATABASE_FOR_THE_LULZ=1. Oh, and seeing as we're talking about SQL injection... first one to post a reference to a certain comic strip is a prat.

     



  • Oh wait, I just finished deleting about SIX masterpage files, because he HAD to use a different masterpage for each ASPX file.

    Genius!



  • @DOA said:

    first one to post a reference to a certain comic strip is a prat.
     

    Lets nail that person to a few of his beloved tables.



  • @DOA said:

    @shepd said:

    UPDATE WTF SET OMG_U_R_ROOT = 1;
    You're doing it wrong. It's UPDATE WTF SET DROP_DATABASE_FOR_THE_LULZ=1. Oh, and seeing as we're talking about SQL injection... first one to post a reference to a certain comic strip is a prat.

     

     

     

    do you mean this one?

    LINK



  • @glassx said:

    So, what should I do, other than killing him?

    Get him fired maybe? Sorry to be blunt, but he's obviously in over his head.

    Point this out to his/your superiors.



  • @dabean said:

    @glassx said:

    So, what should I do, other than killing him?

    Get him fired maybe? Sorry to be blunt, but he's obviously in over his head.

    Point this out to his/your superiors.

     

    If he is fresh out of college, which I think might have been implied, then he doesn't need to be fired more than mentored.  If he's a seasoned proffessional then yes, fire him.  



  • @Zecc said:

    [quote user="Renan "C#" Sousa"] Now, "mal" means "evil" [ ... ]

    No, mal is a variable for iterating over the array of malicious words.

    [/quote] Maybe you need to go look at a Portuguese-English dictionary, huh?


  • @DaveK said:

    @Zecc said:

    [quote user="Renan "C#" Sousa"] Now, "mal" means "evil" [ ... ]

    No, mal is a variable for iterating over the array of malicious words.

    Maybe you need to go look at a Portuguese-English dictionary, huh?
    [/quote]

    http://lookwayup.com/lwu.exe/lwu/toEng?s=d&w=mal&slang=Por



  •  Funny.... He didn't exclude my favorite favorite database query to inject:

    SHUTDOWN WITH NOWAIT

     



  •  There are a lot of names that have "Into" in them.  For example, Clinton.  I'm surprised that didn't come up as a support issue.



  •  And I'm looking forward to your post "Return of the Idiot" in 3 months



  • [quote user="Renan "C#" Sousa"]

    @DaveK said:

    @Zecc said:

    [quote user="Renan "C#" Sousa"] Now, "mal" means "evil" [ ... ]

    No, mal is a variable for iterating over the array of malicious words.

    Maybe you need to go look at a Portuguese-English dictionary, huh?
    [/quote]

    http://lookwayup.com/lwu.exe/lwu/toEng?s=d&w=mal&slang=Por

    [/quote] Yes, that was my point; "mal" does mean "evil".  It was Zecc who said it did not.


  • Damn!  I used Ctrl-F5 several times to make sure that my first post really had failed to go through like it seemed to, and then it turns out to be there anyway.  There appears to be some kind of delay between when you return to the comment thread page after hitting "Post" and when your post actually becomes visible.  Sorry 'bout that.

     

    Totally Mr Clean'd.
    -mod



  • Oh, no, wait a minute, that's it, it just happened again.  I hit post and it dumped me straight back into the editor, with a blank comment box, but the comment did in fact go through.  Wonder if it'll take me back to the comment thread this time? 



  • @Zecc said:

    [quote user="Renan "C#" Sousa"] Now, "mal" means "evil", so he's substituting an empty string for evil in order to prevent SQL injection attacks. SQL - evil = safe... Brillant!

    No, mal is a variable for iterating over the array of malicious words.

    [/quote] 

    Then I assume that "textolimpo" is texto limpo, which means it's evil text that he's made-- ah-- limp?

    I've received some spam that he could inject to take care of the problem though.

     



  • @Salami said:

     There are a lot of names that have "Into" in them.  For example, Clinton.  I'm surprised that didn't come up as a support issue.

    Posting this reminded of a story of how it started:



    Another:

    • Wes just told me about SQL Injection. Ever heard of it? Man, that's so dangerous!
    • Yeah, but just use the parameters thing... don't just make the query on the fly...
    • That's not enough, dude, I tested and it works - even with parameters and stored procedures!
    • Ooookay...



      --------



      More stories... Just because a major part of his personality revolves around talking about buzzwords and obscure (to him) computer languages.



      One day we were talking about Cobol (because the other manager's father was a Cobol programmer) and he asked:
    • What about Ada, have you ever heard of it? I wrote a lot of it at college. (emphasis on "a lot")
    • What kind of language is it?
    • A programming language.
    • ........



      Then, the other day when my boss was asking about C++ and this kernel stuff (he's a VB guy), he asked again:
    • What about Prolog, have you ever heard of it? I wrote a lot of it at college. (emphasis on "a lot", again)
    • What kind of language is it?
    • It implements Artificial Inteligence for Telemarketing Call Centers. (I swear to god that was his answer)
    • ........



      Then, the other day, it was MY turn to ask him:
    • Dude, just close those DIV tags and it will switch views. Don't you know HTML at all? (he was doing web programming)
    • No.
    • .........



      --------



      In hindsight, I sort of understand why I had to re-do three months of his work in one day.



      At least refactoring is fun...



      =/


  • @glassx said:

    - A programming language.
     

    Ever heard of Ruby? I think it makes you rich by having lots of it. But be careful with python, it might kill ya!



  • Ah... Prolog and Ada...two languages I hope I never encounter again. And even though Prolog has its uses, Ada should be taken out behind the shed and shot. I pity the people who had to develop in that. 



  • @DaveK said:

    Yes, that was my point; "mal" does mean "evil".  It was Zecc who said it did not.
    No, I didn't. At least I didn't mean too.

     

    "Mal" as a noun does mean evil. Being Portuguese, I should know.

    I just meant that in this case it was probably just an abbrev. of the word "malicioso" or "maliciosa", since it is an iterator over the (first 8) elements of "maliciosa".

    "Maliciosa" means, shockingly enough, malicious. It should have been in plural ("maliciosas"), btw.

     

    I'm <font size="1">not really</font> sorry if you misunderstood me because I didn't express myself too well.



  • @Zecc said:

    It should have been in plural ("maliciosas"), btw.
     

    It probably should have been in English, as well.



  • @Salami said:

     And I'm looking forward to your post "Return of the Idiot" in 3 months

    Just so long as he never posts "The Phantom Idiot", "Attack of the Idiot", and "Revenge of the Idiot" ...



  • @RobFreundlich said:

    @Salami said:

     And I'm looking forward to your post "Return of the Idiot" in 3 months

    Just so long as he never posts "The Phantom Idiot", "Attack of the Idiot", and "Revenge of the Idiot" ...

     

    Or perhaps, The Idiot Begins, and The Dark Knucklehead.



  • @DOA said:

    You're doing it wrong. It's UPDATE WTF SET DROP_DATABASE_FOR_THE_LULZ=1
    I was about to post that that would be forbidden since it would be cleaned to "UPDATE WTF SET __FOR_THE_LULZ=1" but then I realized he was using case-sensitive replace. SQL is case insensitive. Good job sir.

    @Benanov said:

    Funny.... He didn't exclude my favorite favorite database query to inject:

    SHUTDOWN WITH NOWAIT

    Awesome! Though it's platform dependent...



  •  @dhromed said:

    Or perhaps, The Idiot Begins, and The Dark Knucklehead.

    Idiot.

    Idiot: De-Evolutions

    Idiot: Rise of The Idiots

    (Of course they'll won't be able to get the same idiot back for the third one, but that's okay-- they'll just call it a prequel)



  • @halcyon1234 said:

     @dhromed said:

    Or perhaps, The Idiot Begins, and The Dark Knucklehead.

    Idiot.

    Idiot: De-Evolutions

    Idiot: Rise of The Idiots

    (Of course they'll won't be able to get the same idiot back for the third one, but that's okay-- they'll just call it a prequel)

    I think you mean:

    Idiot.

    Idiot: Reloaded

    Idiot: Revolutions



  • @Zecc said:

    @DaveK said:

    Yes, that was my point; "mal" does mean "evil".  It was Zecc who said it did not.
    No, I didn't. At least I didn't mean too.

    Oh, I misinterpreted which part of the original post that you were contradicting.  Sorry.

    @Zecc said:

    "Mal" as a noun does mean evil. Being Portuguese, I should know.

    I just meant that in this case it was probably just an abbrev. of the word "malicioso" or "maliciosa", since it is an iterator over the (first 8) elements of "maliciosa".

    "Maliciosa" means, shockingly enough, malicious. It should have been in plural ("maliciosas"), btw.

    Well, it's difficult to guess the author's intent when all these words derive from the same root and have very similar meanings.  It could have been intended to mean "foreach (evil in evilnesses)" or it could have had the intent of "foreach (evil in deadlysins)", if you see what I mean; "mal" could have been either an abbreviation for the array, or a reference to the nature of the individual things that are listed in that array.

    @Zecc said:


    I'm <font size="1">not really</font> sorry if you misunderstood me because I didn't express myself too well.

    Good, I don't see any reason why you should be.  I misunderstood you because we speak two different languages natively.  That's not anybody's fault.  Just an opportunity to learn new things through misunderstandings and the correcting of them!



  • @dabean said:

    @halcyon1234 said:

     @dhromed said:

    Or perhaps, The Idiot Begins, and The Dark Knucklehead.

    Idiot.

    Idiot: De-Evolutions

    Idiot: Rise of The Idiots

    (Of course they'll won't be able to get the same idiot back for the third one, but that's okay-- they'll just call it a prequel)

    I think you mean:

    Idiot.

    Idiot: Reloaded

    Idiot: Revolutions

    Actually, I'm quite looking forward to "Friday the 13th Part WTF:  Idiot vs. Paula Bean in (Development) Hell".  


  • @DaveK said:

    @dabean said:

    @halcyon1234 said:

     @dhromed said:

    Or perhaps, The Idiot Begins, and The Dark Knucklehead.

    Idiot.

    Idiot: De-Evolutions

    Idiot: Rise of The Idiots

    (Of course they'll won't be able to get the same idiot back for the third one, but that's okay-- they'll just call it a prequel)

    I think you mean:

    Idiot.

    Idiot: Reloaded

    Idiot: Revolutions

    Actually, I'm quite looking forward to "Friday the 13th Part WTF:  Idiot vs. Paula Bean in (Development) Hell".  
    Lord of the Idiots: The Fellowship of the Idiot LotI: The two WTF's LotI: Return of the Idiot


  • The Idiot Menace, Attack of the Idiot, Revenge of the Idiot, Idiot: A new WTF, The Idiot Strikes Back, Return of the Idiot, Son of Idiot, Idiot Rides Again, Idiot... IN SPACE!, The Idiot Which trappedhimselfina Wardrobe, Prince Idiot, The Voyage of the Idiot Treader, The Idiot of Oz, Idiot: SG-1, Idiot: Atlantis, Idiot: Universe, Idiot of Truth, Idiot Continuum, Raiders of the Lost Idiot, The Idiot Skull, Die Another Idiot, Back to the Idiot, Idiot Final Conflict, A Very Idiot Parody, The Invisible Idiot, The Incredible Idiot,The 4D Idiot, Finding Idiot, Saving Private Idiot, The Lost Idiot, The Forbidden Idiot, Legally Idiot, Meet Idiot, Get Idiot, Idiot Games, Honey I Shrunk the Idiot, Land Before Idiot, Idiot on the Roof, National Idiot, Final Idiot, Final Idiot II, Final Idiot III, Final Idiot IV ..., The Last Idiot, Desparate Idiot, Little Idiot, Idiot Little, The Great Idiot, Idiot's Heroes, Idiot Runnings, The Idiot Clause, Idiot Identity, Idiot Supremacy, Idiot Ultimatum, Idiotbirds, Idiotplane, Idiot of the Snow, Who wants to be an Idiot?, Idiot Idol, Idiot Racer, The Making of Idiot, Idiot Behind the Scenes, Curse of the Were Idiot, Invasion of the Idiot Tomato, Idiot of the Worlds, The Idiot Machine, End of the Idiot, Half-Idiot, Half-Idiot 2, Half-Idiot 2 - Episode 1, Half-Idiot 2 - Episode 2, Age of Idiot, Grand Theft Idiot, Tomb Idiot, Idiot in a Hat, Idiot in a Hat Comes Back, Go Idiot, Go, Run Idiot, Run!, Super Idiot Brothers, Idiot: The Movie, Idiot in the Museum, The Day the Idiot Stood Still, Idiot and Prejudice, Short Idiot, The Idiot Hunter, Idiot Trap, Big Idiot, Buffy the Idiot Slayer, Cheaper by the Idiot, Idiot's Millions, Idiot Mountain, Birthday Idiot, Doctor Idiot, Three Weddings and an Idiot, The Idiot Limits, The Idiot Zone, The Idiot Show, IDIOT-E, Toy Idiot, One Flew Over the Idiot's Nest, Idiot Fiction, Lethal Idiot, Idiot Club, Eternal Sunshine of the Spotless Idiot, The Silence of the Idiot, Citizen Idiot, Idiot Impossible, It's a Wonderful Idiot, Idiot Now, Idiot - Pig in the City, Idiot of Glory, Idiot of Arabia, Forrest Idiot, A Clockwork Idiot, Monty Python and the Holy Idiot, The Maltese Idiot, Thomas the Tank Idiot, Idiot in the Rain, Idiot City, Full Metal Idiot, The Great Idiot, Touch of Idiot, Hotel Idiot, No Country for Old Idiot, Idiot on a Train, Idiot on a Plane, Idiot Runner, The Idiot Candidate, The Green Idiot, Soylent Idiot, Kill Idiot (Vols 1&2) Idiot the Sheep, Idiot for the Prosecution, Ben-Idiot, Million Dollar Idiot, Life of Idiot, Good Morning Idiot, Gone With the Idiot, Idiot Day, Idiot Soup, The Idiot Job, Dial M for Idiot, Anatomy of an Idiot, An Idiot Named Desire, The Idiot Story, Bride of Idiot, Funniest Home Idiot, Kate and Idiot, World of Idiot, Gears of Idiot, IdiotShock, Chrono Idiot, the Legend of Idiot, Idiot Land, Idiot Begins,  uh... The Idiot of the XXXth Olympiad?

    I think I scraped through the bottom of the barrel and a significant amount of solid rock.



  • @Eternal Density said:

    etc ...Final Idiot IV ..., The Last Idiot, Desparate Idiot, Little Idiot, Idiot Little, The Great Idiot, Idiot's Heroes, Idiot Runnings, The Idiot Clause, Idiot Identity, Idiot Supremacy, Idiot Ultim... etc
     

    I think you (or the funtool you used) could have done a bit better in certain titles than just to replace the first noun/person with "idiot".

    Ex:
    Saving Idiot Ryan > Saving Private Idiot
    Dial I for Idiot > Dial M for Idiot

    @Eternal Density said:

    I think I scraped through the bottom of the barrel and a significant amount of solid rock.

    I think you're stirring magma, even. ;)



  • Forest Idiot, The Shawshank Idiot (or The Idiot Redemption?), The Hudsucker Idiot, I for Idiot, Idiot Club, Reservoir Idiots, Idiot Fiction, Kill Idiot vol 1 and 2, Saving Idiot Ryan, The Idiot's Guide to the Galaxy, Monty Python and the Holy Idiot, Lucky Number Idiot, The Idiot Identity and the Idiot Supremacy.

    I could go on, but you wouldn't read any past these I think.



  • Idiot Side Story

    * slaps self for actually posting*



  • @Zecc said:

    Idiot Side Story

    * slaps self for actually posting*

     

    West Side Idiot?



  • @halcyon1234 said:

    Idiot.

    Idiot: De-Evolutions

    Idiot: Rise of The Idiots

    Night of the Living Idiots

    Dawn of the Idiots

    Day of the Idiots


  • ♿ (Parody)

    • The Idiot Commandments
    • Ben Idiot
    • Omega Idiot
    • E.I.: Extra Idiot
    • The Idiots of Iwo Jima
    • Idiot Encounters of the Third Kind
    • The Big Red Idiot
    • Big Fat Idiot
    • The Hunt for WTF Idiot
    • Idiotfeathers
    • On Golden Idiot


  • A.I. - Artificial Idiotism

    2010 - The Year When We Will All Be Idiots

    The Idiotism of Emily Rose

    9 1/2 Weeks of Idiotism

    The Good, the Bad, and the Idiot


  • Ah, what the hell.

    Idiot 2: Electric Boogaloo

    (P.S. to Renan: "idiocy" is the more commonly used form of "idiotism", at least in American English.)



  • @cconroy said:

    Ah, what the hell.

     

    Yeah, why not (bandwaggon here I come):

    A tale of two Idiots

    The Karate Idiot

     



  • @pbean said:

    Saving Idiot Ryan
     

    Dude, it is clearly suppoed to read, "Saving Private Idiot."



  • That's all epigonal, I prefer the original every day.



  • @pbean said:

    Forest Idiot
    Forrest!

    Also, The Wild Wild Idiot, and Deep Space Idiot

    @dhromed:

    Replacing the first noun does not reliably yield the funniest results.



  • The Pink Idiot, 2001: An Idiot Odyssey, The Usual Idiots, The Blair Idiot Project


Log in to reply