.jjj files



  • Being as busy (read: lazy) as I am, I decided it would be in my benefit to replace my eyeglasses online. You can upload your photo and do a virtual try-on before you order them, with the peculiar notice that you should send them an email if you have any problems. I can see why:

    Oooookay, since they made me register while doing this, I'll log in and upload it to my new account:

     

    Seems like their system would benefit from uniquely named files and foreign keys, instead of $userId.jpg.



  • Nice. First: Who in their right mind changes the [b]extension[/b] of a file when it's likely still a JPG at this point? Append something to the filename, at least - like "ORIGINALNAME-processed-IDENTIFIEROFSOMESORT.jpg"

    Second: I like how you can see some of the source code of a web application that is presumably not yours at all.



  • What's so special about the extension?

    I tack ".old" onto pretty much anything I'm backing up, and might use ".tmp" in this situation. ".jjj" isn't necessarily the worst thing in the world.

    TRWTFs:

    They're handling files but not file exceptions.

    They have source code output to the user.

    They have raw error messages output to the user.

    They're using the user ID as the entire filename (as has been mentioned).

    They're using temporary files at all for this.

    ...?



  • @Joeyg said:

    What's so special about the extension?

    I tack ".old" onto pretty much anything I'm backing up, and might use ".tmp" in this situation. ".jjj" isn't necessarily the worst thing in the world.

     

    Don't get me wrong, I use .bak for the same purpose. It was just the first thing that jumped out at me (probably because it's highlighted in red).



  • The website was deployed as a debug build, probably even has the original C# code in the virtual directory, so someone doesn't know how to properly publish an ASP .NET application to IIS. Then they allowed IIS to display detailed exception messages and debug info to any client, not just local or internal clients.

    Hopefully that site doesn't have any sensitive info.



  • @Joeyg said:

    What's so special about the extension?

    I tack ".old" onto pretty much anything I'm backing up, and might use ".tmp" in this situation. ".jjj" isn't necessarily the worst thing in the world.

    But they're not tacking "jjj" onto the end. They're (presumably) naming JPEG files with the extension "jjj".



  • @toth said:

    @Joeyg said:
    What's so special about the extension?

    I tack ".old" onto pretty much anything I'm backing up, and might use ".tmp" in this situation. ".jjj" isn't necessarily the worst thing in the world.

    But they're not tacking "jjj" onto the end. They're (presumably) naming JPEG files with the extension "jjj".

     

     

    They're tacking "jjj" onto the end of the part of the filename before the extension.

     



  • @emurphy said:

    @toth said:

    @Joeyg said:
    What's so special about the extension?

    I tack ".old" onto pretty much anything I'm backing up, and might use ".tmp" in this situation. ".jjj" isn't necessarily the worst thing in the world.

    But they're not tacking "jjj" onto the end. They're (presumably) naming JPEG files with the extension "jjj".

     

     

    They're tacking "jjj" onto the end of the part of the filename before the extension.

     

    I don't think so. They're calling SourceFileName.Replace("jjj", "jpg") and coming up with a filename like "someidentifier.jpg". If they were doing what you suggest, they would end up with a filename like "someidentifier.jpg.jpg".



  • I'm aware that they're replacing the extension, not appending it. My point was merely that the extension itself has no value (other than saving a call to 'file' to determine filetype) (sometimes) just because it's the extension.



  • @Joeyg said:

    I'm aware that they're replacing the extension, not appending it. My point was merely that the extension itself has no value (other than saving a call to 'file' to determine filetype) (sometimes) just because it's the extension.

    Sure, but why the hell would you name a JPEG "jjj" instead of "jpg" (or "jpeg")? Adding ".old" or ".bak" has a use, in that it clearly marks the file as not currently in use.



  • HTF do you get an eye examination via computer??? You have a webcam that checks for cataracts, coghan's dystrophy, et cetera?



  • @Duke of URL said:

    HTF do you get an eye examination via computer??? You have a webcam that checks for cataracts, coghan's dystrophy, et cetera?

     

    It tests for glaucoma by telling you to put your eye up to the speaker and then playing a pfft sound.



  • @Duke of URL said:

    HTF do you get an eye examination via computer??? You have a webcam that checks for cataracts, coghan's dystrophy, et cetera?

     

    Buying new glasses != Getting an eye exam



  • @flaquito said:

    @Duke of URL said:

    HTF do you get an eye examination via computer??? You have a webcam that checks for cataracts, coghan's dystrophy, et cetera?

     

    Buying new glasses != Getting an eye exam

     

     

    Buying new glasses - prescription check = really really stupid



  • @Someone You Know said:

    @Duke of URL said:

    HTF do you get an eye examination via computer??? You have a webcam that checks for cataracts, coghan's dystrophy, et cetera?

     

    It tests for glaucoma by telling you to put your eye up to the speaker and then playing a pfft sound.

    You win the thread!



  • @toth said:

    They're calling SourceFileName.Replace("jjj", "jpg") and coming up with a filename like "someidentifier.jpg".
    "I don't remember much about this guy but his initials are jjj.jjj"



  • @belgariontheking said:

    @toth said:

    They're calling SourceFileName.Replace("jjj", "jpg") and coming up with a filename like "someidentifier.jpg".
    "I don't remember much about this guy but his initials are jjj.jjj"

    J. Jonah Jameson...Junior Junior Junior?



  • This is one of my pet peeves....

    I know databases aren't the best place to store binary data, but a web application should never write to the filesystem.  There are just too many problems and too many security holes that can be opened up by configuring a web application to have the authority to write to files.  C# is more than capable of doing image retrieval and transformation on streams and there is never a need to store the image as a physical file to deliver it to the user.  The misconfigured Web.config that allowed the partial source code dump is also a good sign that somebody's cousin put this site together and manages it.



  • Also...  The source of the programming error seems to be that the developer is not very familiar with C#.  Line 131 uses C style error handling.  I'm guessing that the developer has some C experience and wrote all of his code with C style error handling.  Whenever he calls a framework method, he forgets that the framework will throw an exception instead of returning a non-zero value.



  • @Duke of URL said:

    Buying new glasses - prescription check = really really stupid

    I think they're just using the site to see what new frames would look like on their faces.

    Sometimes it's really hard to see what they look like in the store (like when you're me and you can only see clearly about 5 inches from your nose without your proper lenses).



  • @Jaime said:

    This is one of my pet peeves....

    I know databases aren't the best place to store binary data, but a web application should never write to the filesystem.  There are just too many problems and too many security holes that can be opened up by configuring a web application to have the authority to write to files.  C# is more than capable of doing image retrieval and transformation on streams and there is never a need to store the image as a physical file to deliver it to the user.  The misconfigured Web.config that allowed the partial source code dump is also a good sign that somebody's cousin put this site together and manages it.

    I really don't think that I like "GetImage.aspx?id=foo" better than "foo.jpg". For one thing, you need to write code to do the image streaming, and maintain that code, as opposed to just using a URI. For another, I don't think that image data is generally a good thing to put in the database because you're never going to take advantage of the relational nature of the DBMS. Now, there probably are cases in which storing binary data in the DB is the right thing to do, but it doesn't seem necessary to me. I'll grant that it can be dangerous if permissions aren't set up right, but it seems to me far better to just set up permissions correctly and store the files as files.



  • @toth said:

    @Jaime said:

    This is one of my pet peeves....

    I know databases aren't the best place to store binary data, but a web application should never write to the filesystem.  There are just too many problems and too many security holes that can be opened up by configuring a web application to have the authority to write to files.  C# is more than capable of doing image retrieval and transformation on streams and there is never a need to store the image as a physical file to deliver it to the user.  The misconfigured Web.config that allowed the partial source code dump is also a good sign that somebody's cousin put this site together and manages it.

    I really don't think that I like "GetImage.aspx?id=foo" better than "foo.jpg". For one thing, you need to write code to do the image streaming, and maintain that code, as opposed to just using a URI. For another, I don't think that image data is generally a good thing to put in the database because you're never going to take advantage of the relational nature of the DBMS. Now, there probably are cases in which storing binary data in the DB is the right thing to do, but it doesn't seem necessary to me.
    If you use an HTTPHandler, you can address it any way you'd like, for example, "GetImage.aspx?id=foo" could be "/DBImages/foo.jpg".  You also get a more more sophisticated way to do image-by-image permissions as the application code gets to manage the resource access.  This is where the relational DB comes in handy as you can link an image to a user account.  As for binary data in the database, there are solutions to make it better.  SQL 2008 has the filestream data type and Oracle has had the BFILE type for about ten years now.  Both physically store the data in the file system, but present it as if it is in the database.

    Sure, you have to write the code, but it's like 10 lines, 20 if you want to watermark it.

    @toth said:

    I'll grant that it can be dangerous if permissions aren't set up right, but it seems to me far better to just set up permissions correctly and store the files as files.
    Unfortunately, most people don't know how to set IIS up correctly in this scenario.  Using the aspnet account is the best option because it has almost no rights, but it can't access the network.  Also, any permission given to aspnet apply to all web applications that haven't been customized.  Once you decide to create a custom identity for the application, it's really easy to give it too many permissions.  Little stupid things like ASP.Net not being able to store compiled code usually prompts inexperienced admins to elevate permissions above what is necessary.



  • @evilspoons said:

    I think they're just using the site to see what new frames would look like on their faces.

    Sometimes it's really hard to see what they look like in the store (like when you're me and you can only see clearly about 5 inches from your nose without your proper lenses).

     

    5 inches? Wow, that's a lot. I'm down to 5 centimeters.

    I've only had 1 optometrician in my life actually take a picture of me when wearing the new frames. For some reason, nobody does that even though it's fucken' handy.



  • only five cm, mine is ... oh, sorry, you're not talking dicks ...



  • @Nelle said:

    only five cm, mine is ... oh, sorry, you're not talking dicks ...
     

    Yup. I can't see down the length of an erect member.

     

    Truly, something to reflect on whilst enjoying a nice round port, a pipe, and the evening newspaper.



  • @Duke of URL said:

    @flaquito said:

    @Duke of URL said:

    HTF do you get an eye examination via computer??? You have a webcam that checks for cataracts, coghan's dystrophy, et cetera?

     

    Buying new glasses != Getting an eye exam

     

     

    Buying new glasses - prescription check = really really stupid

    Maybe slightly overstating the case, although in general I agree. But you can get a prescription check, and then go and buy your glasses/contact lenses online. Doesn't seem to be worth if for glasses now the big chains have started selling the really cheap pairs that the websites had, but still a huge difference in price on contact lenses.



  • @davedavenotdavemaybedave said:

    But you can get a prescription check, and then go and buy your glasses/contact lenses online.
     

    A decent shop will take into account the fact that the new glasses will sit on your nose differently from your old ones, before they order/cut the lenses.

    Unless your deviation is simple and minor, buying it all online is just dumb.



  •  @dhromed said:

    @davedavenotdavemaybedave said:
    But you can get a prescription check, and then go and buy your glasses/contact lenses online.
     

    A decent shop will take into account the fact that the new glasses will sit on your nose differently from your old ones, before they order/cut the lenses.

    Never had that. Maybe I've never visited a decent shop, but typically they get your prescription, order the glasses and then make them fit once they are complete.

    My last visit was really awful: They did a prescription, ordered the lenses, put them into a £200 pair of glasses and I couldn't wear them. Every time I tried I got massive headaches. I complained and all I got was "Your prescription is correct, the glasses are not faulty.". I ended up typing my previous prescription into an online glasses maker and those ones both fit properly, let me see clearly, and don't give me any further headaches. I've tried the previous (shop-bought) ones again since and its still the same headaches after an hour. 



  • @Mole said:

    My last visit was really awful
     

    I suggest you take your business elsewhere. :)


Log in to reply