How to exploit a developer (article)



  • An article that was shared on reddit.

    Problem: You want to make the next social media Frankenstein CMS platform, but don't want to fork out for developers, designers, IT and all the rest that is needed.

    Solution: Try to trick some poor IT student into a fake competition, where the main prize is perpetual slavery to your project.

    Infuriating.



  • At least they don't require a fee to bribe a corrupt government official who won't let you have the Princess' booty... I think, at least.

    And these things happen fairly often, especially in graphics/web design. "Hey, give us copyrights for all your work, and you'll have a chance to win $MONEY!" Except the winner is CEO's father's brother's nephew's cousin's former roommate, nobody really gets paid, and the company now has a significant repository of work they can hack together.



  • It felt wrong liking your post. We need a way of changing the verb on a post by post basis. This one should have said:

    x people were horrified by this. Be horrified too.



  • @Keith said:

    It felt wrong liking your post. We need a way of changing the verb on a post by post basis. This one should have said:

    x people were horrified by this. Be horrified too.

    Actually, it would make a decent global replacement.


    Filed under: coding horror



  • I have the same problem with the "thumbs up" in Not Always Right. At least FSTDT has its own labels "WTF" and "Meh" for the votes.



  • And it'd still be better than WordPress.



  • At the risk of sounding like I'm part of TRWTF, I'll observe in passing that it's quite reasonable for the business data to be owned by the business. (Or, rather, for it to be not owned by the exploited student. Whether it should be owned by the business or the end-users is another discussion.)

    Still, entering a competition where the prize is USD3000 (more to the point, the equivalent in Nigerian dollars) and a permanent support millstone is also a serious WTF. Offering such a competition is a doubleplusunweak WTF. (My reading of the Wikipedia article on Newspeak suggests that the generally positive-sounding "strong" would be discarded in favour of the negatively-negative "unweak", weak having negative connotations.)


  • Considered Harmful

    @Steve_The_Cynic said:

    (My reading of the Wikipedia article on Newspeak suggests that the generally positive-sounding "strong" would be discarded in favour of the negatively-negative "unweak", weak having negative connotations.

    Well the goal was to make discouraged concepts sound always badungood and encouraged concepts sound good. I don't know that strength was a discouraged trait, per se.

    Really, more than the constant surveillance police-state, what really horrified me in that novel was the eroding of history and language and the isolating psychological effects. It's getting into your mind, and you start to wonder if you're the only one left who notices these things, and you feel like you could easily succumb and lose your identity.



  • My pro-bono days are over and gone. I am less eager to make magic with code. I get inspired now and again and want to help other coders so I head on over to Stack Overflow but after one post, Stack Overflow greatly curbs my enthusiasm because it starts to feel like a job and I get irritated at assholes taking pot-shots at me or my coding style 'to make me better'. But after time I have started to anticipate those things and tread lightly.

    Filed under: I need thicker SO skin


  • ♿ (Parody)

    @Frank said:

    I get irritated at assholes taking pot-shots at me or my coding style 'to make me better'.

    So you came here, where we take pot-shots at you and your code for the lulz to make us feel better.
    .
    .
    .
    .
    .
    .
    .
    .
    .
    Makes sense.



  • The difference is we aren't trying to improve him.

    It matters boom!


  • ♿ (Parody)

    @Matches said:

    The difference is we aren't trying to improve him.

    And yet he learns!


    Filed Under: And not just trolling...he's pretty decent at that already



  • Despite the semi-constant professing that I am TRWTF, I find this place rather welcoming because while there are jibes in my direction from time to time, the reality is that very few of us actually actively get pissed off with each other and it's more a general mentality of world-weariness and IT-world-weariness in particular. We're all kindred spirits (except maybe @Nagesh)

    We're not trying to improve each other, nor trying to impress each other and because we're not actively gaming the system except to find out more ways to break it, we can relax amidst the fucked-up-ness that is modern society.



  • Ok smart ass...the venues are different.

    On SO they try to convince everyone else that you are wrong and maybe you are (or not), it is perception.

    Example: Someone has a DB insert question that is clearly noob. So I give an appropriate answer to the skill set and out of nowhere the 'experts' fly out of the woodwork to tell me that my convention is wrong and that I didn't parameterize my SQL variables AND that if I am going to give an 'answer' to at least give the OP a correct answer...

    and I am like: "Fuck..."

    You see?

    Also on Stack Overflow, I may have to bump into one of those other programmers in the real world (the Coldfusion community is a smaller group and ships pass 'con frequencia'). SO I am under pressure its in my best interest to not upset these other dudes just in case I end up working with them on a project. Its happened before.



  • And this is why I am in no way upset that I can no longer log into SO.


  • ♿ (Parody)

    @Frank said:

    You see?

    I don't get it. [spoiler]Yes I do.[/spoiler]

    @Frank said:

    Coldfusion

    TRWTF, amirite? PHP is overrated in this category.



  • PHP is double TRWTF and I make twice the money specializing in Coldfusion.

    Filed under: Double motivator



  • The problem is you have clusterfucks like WordPress giving PHP even more of a bad reputation.



  • Weeeeell, I disagree (a little). I enjoy using WP. The interface is fairly user friendly. It inspires us at my work to improve and make changes to our CMS and do things the way they do things in UI (in several cases).



  • The user interface is the only redeeming feature. Under the hood... not so much. Especially, The Loop, which sounds like it actually was born out of a TDWTF story.


  • :belt_onion:

    @Frank said:

    So I give an appropriate answer to the skill set and out of nowhere the 'experts' fly out of the woodwork to tell me that my convention is wrong and that I didn't parameterize my SQL variables AND that if I am going to give an 'answer' to at least give the OP a correct answer...

    Isn't that exactly what happens here except half the people here are doing it intentionally obfuscated just to troll people?



  • Sql parameters are one of the few things I would at least mention as a 'hey, please read this link about sql injection. If you really want to do this type of thing, you must understand this concept even as a noob'

    It's one of the few areas where there's equal effort in doing it wrong vs right.

    Now, if they talked about single inserts vs batching when the question was how do I insert. .. That's typical stack overflow to me


  • ♿ (Parody)

    @darkmatter said:

    Isn't that exactly what happens here except half the people here are doing it intentionally obfuscated just to troll people?

    Expectations are everything, though.


  • Discourse touched me in a no-no place

    @Matches said:

    It's one of the few areas where there's equal effort in doing it wrong vs right.

    It's also an area where you can sell it to people on both the grounds that it is right (prevents injection) and that it is faster (much less statement recompilation).

    More correct and faster at the same time? For not a right lot more effort? Sign me up right now!



  • @Frank said:

    My pro-bono days are over and gone.

    I never had you down as a U2 fan.


  • BINNED

    Feature request: Cringe button



  • @antiquarian said:

    Feature request: Cringe button

    I could totally get the highest number of cringes received.



  • In fact, I might push the cringe rating over the edge.


    Adam Clayton, Larry Mullen Jr.



  • Say cringe again. I dare you, I double dare you muthafucka, say cringe one more goddamned time!

    Filed under: And you shall know my name is The Lord...



  • @Arantor said:

    Say cringe again. I dare you

    @arantor

    cri

    nge


    Filed under: Sets arantor up the mention bomb.



  • Do I look like a bitch?

    /me sadly does not have the hair or Samuel L. Jackson voice.



  • Oh you couldn't help yourself....Troll. 😛

    Here is my theory:

    Yes I try to give best practices about crap like that. But sometimes that shit is a barrier to reading and when you have a guy/gal that is cutting teeth and posting questions where you can clearly tell they are just trying to get elementary shit to work (which is painfully basic to you and me)... then I am not going step up my game and go for the 'confidence-jugular-blood-drain-move' by inundating them with ancillary and mostly nebulous shit on 'best practices' (if they have the interwebs they can, on their own time, discover and revel the why of best practices..and instead celebrate getting the computer to 'do something').

    Here would be the noob's reaction (who knows nothing): and I give them Nebulous BS "Holy shit, this guy is right, I better stop learning how to program 'hello world' and get my head around Egyptian hieroglyphics (which some deemed the first programming language), then get to understanding the abacus, and add on some conceptual shit about vacuum tubes and the early life of the people and their competing theories behind the dewey decimal system before I even consider approaching the dewey decimal system before I even start to write out a single line of code, because only then will be able to appreciate the complexities behind hello world...!!!"

    @sam can I get the "Avoid Nebulous Bullshit" badge along with the "Crescendos and Hyperbole" badge please?



  • Or the counter argument:

    You've taught a noob something that works, but is extremely dangerous. Not a little dangerous, full site compromising dangerous.

    You could show them "select * from employees where name = '" . $var1 . "'

    [In PHP for you]
    Or you could show them the safe method:
    $stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
    $stmt->bind_param('s', $name);

    Neither one takes more time or explaining, and neither one looks particularly scary. But the first is scary. REALLY scary. And it impacts everybody, not just the developer.

    Injection prevention is one of THE only things I'm anal about when it comes to teaching new people how to do things. It's one of THE few things that really matters when it comes to design and learning.

    [Edit] Or, you could just flag the question as a duplicate and link to http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php



  • And magic quotes were introduced to solve that very problem...



  • Don't ever mention magic quotes. They are wrong and have been burned.

    Even the PHP guys have deprecated that mess. http://www.php.net/manual/en/security.magicquotes.php



  • That's my point ;)



  • @Keith said:

    @arantor

    cringe


    BOOM! Goes the mention bomb mine!



  • I didn't get a mention there...



  • Have they been screwing with mention notifications again?



  • @Frank said:

    But sometimes that shit is a barrier to reading and when you have a guy/gal that is cutting teeth and posting questions where you can clearly tell they are just trying to get elementary shit to work (which is painfully basic to you and me)... then I am not going step up my game and go for the 'confidence-jugular-blood-drain-move' by inundating them with ancillary and mostly nebulous shit on 'best practices' (if they have the interwebs they can, on their own time, discover and revel the why of best practices..and instead celebrate getting the computer to 'do something').

    I think it's beneficial to teach correct practices first, even if they're a bit complicated. It takes a bit of an effort to "un-learn" something you started with and apply pretty much intuitively. Of course, there's a limit, and you're not going to get into proper encapsulation of methods in classes when writing a C++ "Hello World", but if you have to add a "actually, don't do this" disclaimer to your answer, then it's a wrong answer.

    Sure, it might be a little more difficult to understand parametrized queries or properly scoped methods. But fuck, programming ain't easy.


    Filed under: also, i wanted to quote a single sentence


  • ♿ (Parody)

    @Maciejasjmj said:

    ...but if you have to add a "actually, don't do this" disclaimer to your answer, then it's a wrong answer.

    Like most things, it's not always easy to figure out how far to go before the original point is lost and everyone starts playing Fizzbuzz golf again.

    I can understand being hard core on sql injection, but I wouldn't go apeshit if someone was simply emphasizing one particular thing, unless they went apeshit first.


    Filed Under: Flinging poo



  • You know...I'm not going to beat thier hands when they limping along on pre-k coding.

    I won't fucking do it (not on tiny shit). I don't care about my SQL example I talked about, because that was a BAD example.

    However, you can bet your ass that if they were sitting next to me THEN, I would voice concern on extraneous code and show different approaches to problems, and masturbate over the hypotheticals and get draconian on security practices.

    Now...

    Watch this video clip so you can feel my soul on this conversation.

    https://www.youtube.com/watch?v=i7sCxS6N3-4



  • Your soul is blocked at my work.



  • As Good As It Gets is a fantastic film.



  • You can't watch the video at your work? youtube must be blocked...?



  • @Maciejasjmj said:

    I think it's beneficial to teach correct practices first, even if they're a bit complicated. It takes a bit of an effort to "un-learn" something you started with and apply pretty much intuitively. Of course, there's a limit, and you're not going to get into proper encapsulation of methods in classes when writing a C++ "Hello World", but if you have to add a "actually, don't do this" disclaimer to your answer, then it's a wrong answer.

    Sure, it might be a little more difficult to understand parametrized queries or properly scoped methods. But fuck, programming ain't easy.

    Yes...I believe in use disclaimers but I try to teach people good ways to do stuff, but I always like to start with simple things to build confidence. After those things it is best practice time.



  • @Arantor said:

    We're all kindred spirits (except maybe @Nagesh)

    I'm not sure what @Nagesh is kin to, but I'm sure it's not human.



  • @HardwareGeek said:

    I'm not sure what @Nagesh is kin to, but I'm sure it's not human.

    [sarcasm]
    I am also sure that an A.I of my like is not developed anywhere in this world.



  • AHA! You're an AI!

    On the other hand, amanfromMars has nothing on @Nagesh. (amfM is from The Register's forum, went very quiet for a long time but is thankfully back on posting duty)



  • @Arantor said:

    AHA! You're an AI!

    On the other hand, amanfromMars has nothing on @Nagesh. (amfM is from The Register's forum, went very quiet for a long time but is thankfully back on posting duty)

    Did amFM pass Turing Test? No I am not an AI or any FAKE AI. I am real flesh, blood, sweat and tears human being. Ok, so not much on tears.


Log in to reply