bummer, it appears to be part of a library called "mocktest". I have no idea why such thing could be necessary
Posts made by aikii
-
RE: Subclasses in python: nailed it
-
Subclasses in python: nailed it
Just came accross this nugget :
def _compose(hook, func): if hook is None: return func if func is None: return hook def run_hook(): hook() func() run_hook.__name__ = func.__name__ return run_hook (...) class TestCase(unittest.TestCase): pending = globals()['pending'] pending = globals()['ignore'] def __init__(self, methodName='runTest'): super(TestCase, self).__init__(methodName) try: subclass_setup = self.setUp except AttributeError: subclass_setup = None try: subclass_teardown = self.tearDown except AttributeError: subclass_teardown = None self.setUp = _compose(self.__setup, subclass_setup) self.tearDown = _compose(self.__teardown, subclass_teardown)
SVN tells me it dates from 2009, so there's no chance I could get some explanation. My best guess is that it allows the subclasses to never call super() in setup and teardown, because this superclass makes sure it's called by overriding the submethod with a "composition". And indeed since the developer didn't know how to check if the method belongs to the subclass or the superclass, the actual supermethods are prepended with "__".
-
History : how injections were prevented by NukeSentinel add-on for PHPNuke
10 years ago, full-featured « portals » as we called them, were all the craze. PHPNuke was something easy to install on the many free php hostings that were available. At the time it was released, I even think this was the first freely available portal with so much features. But it had a price: unprofessional code, unstable, unmaintainable, insecure. If you want to know why security issues happened so widely, have a look at the sources of phpnuke, you'll know why you need to separate html, styles, sql, php code and javascript.
About every possible injection was possible : search engine, contact form, forged cookies, you name it. This was so impossible to maintain that other guys figured they should just add a layer on top of it, covering all the cases. That was the purpose of NukeSentinel, which is huge ( 21338 lines of code ), and which looks like someone is trying to put off the fires from a nuclear explosion by bringing buckets of water one by one.
A direct link to the sources was not so easy to find but here's a fork I found : https://trac.assembla.com/evoturkish/browser/html/includes/nukesentinel.php?rev=1
Look at line 30 and then see how that REGEX_UNION constant is used. The thing is, that's one of the few part of the code that is actually more or less readable.
I found an archive of one of the versions here : http://ftp.heanet.ie/mirrors/sourceforge/n/nu/nukescripts/NukeSentinel(tm)/version%202.5.1X/NukeSentinel_2518_Up.tgz ( notice it's only nukesentinel, the security add-on, not phpnuke by itself ). You'll also see amazing stuff like how menu are displayed and handled, in a html-in-strings-in-php-in-html tag soup way, along with copy pasta everywhere.
The most painful conclusion is to imagine how much work it actually needed.
-
RE: CMS commercial
Thanks for these remarks, especially for those who where specific about what's wrong in my phrasing. Most of my english experience comes from reading pedantic blogs and programming ;-) I get to orally speak english only on rare occasions
-
RE: CMS commercial
I'd be happy to know how to reformulate it correctly, if anyone can help ... :$
-
RE: CMS commercial
@savar said:
God, you must drive your coworkers crazy talking like that.
Sorry, English is not my first language. Did I say something wrong ?
-
CMS commercial
Following a link on the last post on thinkvitamin.com, I just came across that website http://firerift.com/ , which presents you a commercial. While, for sure, make a nice advertising about something technical must be hard, I bet they deserve some price for completely missing the point.
-
RE: The Official Website of Beijing 2008
In communist china, web standards complies to IE6.
-
RE: WTF on TDWTF.
TRWTF is the theme. My guess is there's the sound of a spaceship taking off every time an error dialog pops up.
-
Yet another clbuttic mistake prevents verizon subscription
Dr. Herman I. Libshitz tries to subscribe to a DSL service and ... guess what happens ;-)
http://www.philly.com/philly/hp/news_update/26089374.html
One another WTF is that offshore helpdesk suggest him to misspell his name
-
RE: Uhmm... maybe you should check your email?
Arguably a rhetoric question, which could mean instead that he wants you to know that he cares about that report, or just as a reminder if you still didn't send it, or simply put : let me interrupt you with a silly question because I'm the boss.
-
RE: Ubuntu WTFs
As for the restricted repository commented out, that's a license issue. Default setup considers you only want GPL software, which usually means you're incredibly lucky if all your hardware, protocols and other software needs are met, even for what is considered basic stuff ( playing all the video formats you need, full-accelerated graphic driver, and so on ). A shame indeed, I guess legal issues are what's really makes free software so clunky, and why all the hackers in the world can't do anything about it. It may seem an ultimate, unfixable deadend but Ubuntu guys got it right : fixing non-technical issues require non-technical workarounds, that is, they have great FAQs and great forums. Perhaps they could use more in-software hints as a workaround for what they can't legally automate.
And as no software comes with no bug, what really matters is the follow-up.
-
RE: The PHP Master Architect
I downloaded the code & examples before reading that thread on devnetwork.net. Taking it as a pure experimentation, his technique to download multiple files at the same time is quite creative ( while using a completely wrong vocabulary and WTFesque in the context of any real world application, but that's another point ) ; if he's a student, he's probably smarter than most other students in his class. I remember how it feels the first time you understand loops, pointers, recursion, IPC, network programming and so on ... that's ok to be proud the first time you understand how does XMLHttpRequest work. But proud for yourself, like when you finish a marathon. You think you're the king of the world for a few minutes, and then hope, for your own sanity, that this impression won't last, and keep going on other personal challenges. That attitude is sane when you're still in control and surrounded by sane people saying "hey, that's great for you. Now let's get back to everyday life". Or sane co-workers : "ok, great, looks fun ... now what about user's needs ?". But on forums, you'll always find clueless people to praise you, and that's not a good thing.
It goes downhill when I finally read the thread. I've seen that pattern before, he's saying he is ready for any criticism, while in fact he can't stand it. He answers every single line, saying that the others did not even try to understand, or that he's being rude, or not open-minded, or incompetent, or ...That seems to be a mental illness that spreads across forums, and not only programming forums. I remember that skatedrive guy ( it's french-speaking, sorry ; it's some kind of rollerskating accessory that allegedly helps keeping balance, braking, whatever. ). That guy said to be open to criticism but when told it was completely useless ( or at least inconvenient for what it meant to be used ), he decomposed every single line of the message and answered to every point, not admiting any flaw in his design, instead backfiring his opponents : "did you even try ? Do you know what you're talking about ? What do you mean by (...) ? I didn't say that, you don't understand and you're not even trying". Throughout his ~70 replies, he keeps standing on his point in the same manner. It's funny because everyone loves to make fun of arrogant people. But when you try to be really empathetic with that person, it's disappointing and really sad. If you wanted to heal that kind of person, debug his mind instead of making fun of him, what would you do ? Is he to be considered braindead ?
-
RE: Facebook (+1 informative)
Funny, I thought this was the exact same thing than facebox. Facebox is another (purposeless) social networking website, with a touch of annoying viral marketing. It's so shameful they just changed their name to netlog ( while facebox was probably an attempt to steal facebook's audience, I guess ? ). As [url=http://en.wikipedia.org/wiki/Facebox]the wikipedia artcile[/url] claims, this rebranding tries to evade all the bad press that "facebox" has when looking up on google ...
By reading the wikipedia article I felt all the shame on me : yup, [url=http://en.wikipedia.org/wiki/Lorenz_Bogaert]founder is Belgian[/url].
By the way, I deserve a (-1 off topic ). It's Monday morning after all ;-D
-
RE: MS Business Assessment SNAFU
Someone is really asking for a frontpage article here ;-)
This "bad request" response obviously comes from the server and is not client-generated ( if you check the headers you'll even see it's a generic error status 400 ). It's generated either by the server or probably by the "community server" application itself, which may have a limit on tag size.
As for the path itself, it does not depend on filesystem limitations on [url=http://en.wikipedia.org/wiki/Comparison_of_file_systems#Limits]filename/path length[/url].
Maximum length in url varies depending the browser, see [url=http://classicasp.aspfaq.com/forms/what-is-the-limit-on-querystring/get/url-parameters.html]URL length limits[/url]. The standard limit is 1024, while most browsers accept more than 2000 characters ( yes, even IE since 4.0+ )
-
RE: The WTF is local non-disclosure laws when the web is global, indeed
@tchize said:
Back to the France case, i don't understand why France simply doesn't keep the poll boxes closed until all poll station are closed. This will solve simply the problem. For canada, you could simply do the same, keep poll boxes closed for 12hours :) (Ok it can be a problem to ensure nobody add polls to the box during night
I think they essentially interview random people just out of the voting office. I don't think real partial results are available ( unless some offices close earlier than others ). It's indeed inaccurate but as in any survey, the number of samples allows to estimate a margin of error.
As for electronic vote, there's another similar "belgian story" : I just got an invitation to get a new electronic ID. I've read the documentation recently, and while it's not absolutely WTFed it's still anachronistic in some ways ( the API looks like a cobol-to-java mapping ) and only poor drivers are available ( indeed main drivers are for windows, there's no driver for mac intel and alright, there are opensource drivers for linux but they don't even build : makefiles are absolutely not generic and work only for whatever distro ... looks like someone needs a unix dev guru ). Belgian eID inconsistencies deserve a small article about it, someday.
-
RE: The WTF is local non-disclosure laws when the web is global, indeed
@fennec said:
I'm just wondering about the thinking behind what is essentially an "Ignorance is Strength" slant. Is the value of the time spent voting so petty that dispelling this ignorance would suddenly make voting worthless?
Oh, right. I underestimated your question! I overlooked that point of view. I'm in the waiting line, I want to vote and suddenly, I know it's already casted. Then wondering : ok, so what ? I'll wait to apply my own vote as anyone else already did.
That's a very responsible behavior. Too good to be true, in fact. Would it be the average joe, or even myself, if I'd eared the result I'd just quit the waiting line and enjoy the last hours of the week-end. Anyway, my own vote wouldn't have been more important a couple of hours sooner. Strange thing, eh ?
Another fact : throughout the campaign surveys are regularly published and it influences voters and politics. That's bad indeed. Surveys heavily contributes in transforming the politic scene into a spectacle. Forbidding publication of real time surveys is admitting surveys influence voters. Then why are they tolerated in the first place ?
Duh. My brain hurts. Back to those more accessible dumb computer problems :'( -
RE: The WTF is local non-disclosure laws when the web is global, indeed
@sibtrag said:
I view it as a rather simple call...the stories will not be suppressed indefinitely so there should be no conflict with the public's right to know or transparency or other important values. It is simply a matter of trading the chance for the fleeting glory or prestige of "the scoop" for a value more important and more lasting.
However, I'm not holding my breath.
A television reprensentative was interviewed on the subject ( from the official french-speaking television channel, RTBF, if I remember well ). He said that people that are so much interested in politics would have voted in the morning, while the less interested wouldn't care grabbing that information via foreign medias. And then made that pathetic conclusion : if we don't give the results before french television, nobody is going to watch us ! Here is the world of ethics we live in ...
-
RE: The WTF is local non-disclosure laws when the web is global, indeed
@fennec said:
@aikii said:
What's the point being in the waiting line if you hear a radio saying who's going to win ?
What's the point of being in line if you're totally unaware of who's going to win even though it's the exact same people anyway?
I'm afraid I must have missed some subtlety. Is it the usual "politics are all the same" rant ? O:-)
-
RE: The WTF is local non-disclosure laws when the web is global, indeed
@Brother Laz said:
40%, not 45%.
Otherwise agreed with the original poster; replace 'ban on publishing election results' with 'pollution and labour laws' and you know why the world will be in trouble within ten years.
:D
It was a random estimation with no politic aim ( french-speaking are a minority and that's the point ).
By the way, community wars occurs even on the wikipedia : while the [url=http://nl.wikipedia.org/wiki/Belgie#Taal]Dutch wikipedia article[/url] and the [url=http://en.wikipedia.org/wiki/Belgium#Demographics]English[/url] one announce 40%, the [url=http://fr.wikipedia.org/wiki/Belgique#Wallonie_et_Bruxelles_depuis_la_f.C3.A9d.C3.A9ralisation_:_affinit.C3.A9s_et_diff.C3.A9rences]French article[/url] announces between 40 and 45%. I didn't check by myself before throwing that number but nevertheless, it's funny. Since I didn't count by myself, I'll agree with the estimate of 40%.
About Sarkozy, in a geek perspective we could expect some more law enforcement around digital rights ( DADVSI & co ), I hope free software won't be hurt too badly. The economy needs it, after all.
In a broader point of view, it might be tempting to compare him to Georges W. Bush. But I find Sarkozy a lot smarter. And thus more "dangerous" if you don't agree with his ideas. Fortunately I don't think something as catastrophic as a "french irak" would ever happen.
-
RE: The WTF is local non-disclosure laws when the web is global, indeed
In a broader perspective, I liked this article ( found via programming.reddit.com ). The idea is that the web removes any "social context" in discussions. That's another issue, but with almost the same roots.
-
RE: The WTF is local non-disclosure laws when the web is global, indeed
( please excuse the last sentence typo, too late to edit. I tend to rewrite my sentences and often forget to remove irrelevant redundant words ... )
-
The WTF is local non-disclosure laws when the web is global, indeed
If you don't care about politics but are interested in information technology, you might be curious about what just happened last Sunday, when french people were electing their new president. I'm myself from Belgium, a small country north of France, and french-speaking as about 45% of the country. A fun fact is that everybody here knows about elections in France, but almost no one knows legislative elections will occur in Belgium in June ... no wonder Belgium is known for its taste for surrealism.
Ok, I come to my point.
In France, you can't publicly communicate partial results until 20h, that is when all polling stations are closed and bulletins counted in all/most of them. This is a democratic measure indeed ; your vote still count even if you're coming late to the polling station and the result is already 99.999% sure. What's the point being in the waiting line if you hear a radio saying who's going to win ?
So, french papers and TV know partial results ( mostly thanks to "real-time" surveys, I guess ) but can't communicate about it. So are french blogs or any other mean, indeed.
That law is only active in France. That means Belgian and Swiss journalists know the results and indeed communicate about it inside their own country. And on the web.
The three main french-speaking Belgian papers are le soir, la libre belgique and la dernière heure. Guess what, partial results were available on their front page all the day, and their servers were badly overloaded ( several minutes to get a single html file, with all other content than the election results removed ). Assuredly most requests were coming from France ... ain't ironic ?
Meanwhile, French bloggers were providing real-time results as being water content in air.
This is all ridiculous. This law makes sense to me, but is no more applicable. And I doubt any international/European law or agreement could happen to prevent this. What you would you do ?
-
RE: How do you change up a directory in DOS? Reboot!
At least you knew subdirectories existed. I know someone doing some internal support. Regularly, users say they've lost their files, and when asked where they think they saved it, their answer is "word". They don't know about directories. They don't know about the "my documents" folder. They don't even know explorer and have absolutely no remote idea what a filesystem could be. Don't know what they think ( if they even think about something ). Files randomly floating around, and word as a general purpose file manager.
Reminds me some other rather mystical behaviour. Back on those 386 days, when I was a teenager, a friend insisted on installing all games files in the very same directory. I mean, not C:\GAMES\4DDRIVIN and C:\GAMES\SNOOKER ; he had all files from 4D Sports driving and jimmy white snooker in that single C:\GAMES directory, along with a dozen other games. He just knew what files to remove when he needed to uninstall one of them. I just can't figure what he expected. Taking up less disk space ? Making his father think he has only one game ?
-
RE: Format is for sissies
@asuffield said:
@aikii said:
@asuffield said:
@JNeumann said:
Open Source is often bad programming because the first one out with something gets the kudos.
I can't think of any instances where this has been appreciably true.
Eh, I do. PHPNuke. I have to admit this one perfectly fits in the "be the first to release, whatever the price". Rampant over-featurism made the success of this product and source code is unmanageable. Being a web application, it's indeed full of security holes which must be circumvented by a third-party product ( "nuke sentinel" ) which barely filters requests in an absolute dumb manner ( checks for injection attempts in GET parameters, without having any clue of their use ).
Sure, some people rush things out there, but it hardly brought them any "kudos" - quite the opposite in fact, phpnuke is infamous for being a steaming pile of crap. Nobody uses it without regretting it.
For sure, anyone choosing phpnuke right now or even at least last two years should be beaten with a dead skunk.
But in early 2000's it got quite a success for a few years. Precisely because it looked easy and full of features. From a non-developer user perspective it's not so bad. Until you see how much pain it takes to secure it or add features by yourself. That's where the "worse than failure" paradigm perfectly fits.
I'd say that in 2003 it had an overall good reputation - for sure, some developers had already runaway screaming, but in terms of marketshare in 'free CMS' it was still a player and many people where confident about it. And that's all about 'apparent goodness' from a user's perspective.But that's my personal experience. To be a little more scientific we'd need some 4-to-8-years-old stats and surveys ;-)
-
RE: Format is for sissies
@asuffield said:
@JNeumann said:
Open Source is often bad programming because the first one out with something gets the kudos.
I can't think of any instances where this has been appreciably true.
Eh, I do. PHPNuke. I have to admit this one perfectly fits in the "be the first to release, whatever the price". Rampant over-featurism made the success of this product and source code is unmanageable. Being a web application, it's indeed full of security holes which must be circumvented by a third-party product ( "nuke sentinel" ) which barely filters requests in an absolute dumb manner ( checks for injection attempts in GET parameters, without having any clue of their use ).
For sure, it worked like an polluting factory. You manufacture cheap products with tons of features, but pretty soon, as a customer your product breaks for no reason, and as a developer, you lie in a pond of toxic mud.
But one example is not a proof. That kind of phenomena doesn't need opensource to happen ( remember tucows ? tons of closed-source freeware/shareware, and I'm damn sure a great part of them have to be messy in an unbelievable way, although the features may be really helpful ). It does not even need to be about software, hence the factory metaphor. The common thing might be about getting market shares whatever the price : be the first, be the cheapest, have the more features. It's all about short-term vision and being quantifiable ( you can make a list of features and tell the price, but comparing UI usability and source code quality is harder )
Accusing opensource software is just another iteration of the "kill the messenger" analogy.
-
RE: W3Schools WTF
I checked by myself navigator.appName, and indeed it gives Netscape ! I'm a bit surprised but that's certainly legacy stuff... like that silly "mozilla" in IE's user agent.
For w3schools, ok, to best honest that's not exactly a crappy site, but still it's getting old ( I couldn't find a mention about the date on the article ). Site design must not have changed since at least five years.
Appart from its good pagerank on google, w3schools is a very average reference. Most of the time examples are borderline ( I'm not saying they're WTFesque, though ) and it lacks good advices on page design.
I'd say nices references are
http://htmldog.com/
http://www.quirksmode.org/ ( not encyclopedic , but it's really great and very accurate )
http://www.alsacreations.com/ ( don't know if english content is as extended as the french one )
-
RE: The Clbuttic Mistake
Ahah
This kind of dumb replace is even sillier in french, which leads to in***sistant ***trived results. It's even more retarded when it's used in a chatbot that automatically kicks the user.
In the same idea, I've already seen parents forcing their child to use unusual words for stuff related to bodily functions. Okay well, that's all the path down to newspeak. It does not take long to express rudeness in another form anyway.
-
RE: Dreamincode.net
Well thank you, I think there's one other reason why I use spaces between parenthesis : depending on the font used, it's often ugly (by the way, parenthesis are already semantically ugly) (<- look how fast I learn)
I could as well use non-breakable spaces, but if I remember well, they tend to break for whatever reason; I think it's a bug in firefox textarea and wysiwyg implementations. I tested it some time ago, can't be sure.
-
RE: Dreamincode.net
Duh. I didn't even look at that website but you just poked(*) at my curiousness. I've looked at 4-5 entries and my conclusion is : run away screaming !
It's alright to wonder how boolean works but ... it shows one sure thing : don't ever expect to learn it on a forum.
Secondly, it shows how "code snippets" can be evil. Alright, when posted as a question, it easily shows how much the rest of the program must be bad. But code snippets as answers is the highway to copy-paste programming. People never learn. And they never question about their code design. That "I don't want to touch code that works" culture is one of our worst enemies ( that's something close to soft coding from today's articles ). Professionals should all know about refactoring, and amateurs should at least have heard of it. I mean, the real problem is that "I'm afraid to change more lines that the strict minimum" culture, not the actual effort it requires. As we all know, this barely postpones the effort needed to worse times.
(*) obviously English is not my native language. To my great surprise, while using mac's dictionary, looking up "poke", it showed several meanings including ... the BASIC instruction ! :D
-
RE: Dreamincode.net
Your question reminds me the Groucho Marx dilemma ( recently highlighted by Jeff Atwood from coding horror ) : "I don't want to belong to any club that will accept me as a member". Here is the webforum variation : you don't want to be advised by someone who has enough time to advise you. Forums are more about serendipity. Too many newbees expect too much from forums, posting their problem and just waiting for an answer, while what they really need is to be able to search by themselves. But alright, it's ok to hang around some forum to exchange tips, but never expect too much. It's more about feeling supported by other people, so, pick one where you feel welcome, better than some L337 forum.
-
RE: The SQL Query From Hell or... the Horror, the horror.
— wow, according to the logs this page generates about 400 queries .. oh wait, that's only one 400-lines query !
-
RE: Forum.www wtf
Ahah, I love the url it gives.
From now on, the forum should be nicknamed badger.
-
RE: Another VB WTF
one step forwards, two steps back ...
The for + swtich pattern seems to be a classic, but the reason is a real mystery to me.
Like many programming WTF bad habits, this must come from some specific everyday real life reasoning, but I don't get this one. Any ideas ?
Or it might come from a catastrophic book for beginners, in which case every copy must be burned along with its author.
-
RE: Happy serialization
You might want to re-check, there's a huuuuge hidden field which is indeed a session serialization, base64-encoded. But inside the field, I couldn't find any confidential value. By the way, there is some strange binary data. Wouldn't be surprised if it's actually "encrypted" data.
Their site does not look so bad, so I wonder if it's a WTFed workaround for a third-party tool. Or their portal was developed by "professional" programmers ( or bought as is ), and then this tool was made by someone a bit more inclined to WTFs. For whatever reason ( not reasonable enough, anyway ), they could not share information and used that obnoxious field ...
-
RE: You loose
This one's not bad, too :
http://www.ineo.be/mercator/ishop/web_gen/Procedure-modifRemise.html
You can set a 200% rebate and you get a negative total for you cart. But whatever I try ( cheating or not ), my session gets killed when I try to checkout. Website is either not in production, or it's not firefox compatible ...
The real WTF is that, according to their unbelievably pixelized pdf-to-wooden-table-to-jpg-to-html pricing list, this ecommerce thing is worth €900 ( per mercator user, whatever it means. you probably first need a license for their accounting software, a minimum of €500 if I get it right. )
-
RE: You loose
@tchize said:
This page lists mercator function (http://www.ineo.be/mercator/ishop/web_gen/home_f.html). Funny, you can really pass anything to searchSqlItem, like delet from stock?
Ahah, they even document their own leaks ! For sure, it takes a "WTF?!" moment to realize those parameters are directly passed via the url.
Like said previously, they seem to check if query is a select and nothing else. But the documentation gives out other tips. sqlExec only accepts predefined procedure names, and ... check out this example:
<font color="#800000" face="Helvetica"><font size="-0">
select date,str(piece,10) as doc,reference,nom as dev,
'<TD ALIGN=RIGHT>'+padl(transform(tot_ttc_dv,('999 999 999.'+replicate('9',n_dec))),15)+'' as total_ttc
from pieds_v,devises_x
where (devises_x.id=pieds_v.id_dev)
and (id_cli=cookies.id_cli) and (type=3)
order by date
</font></font>Yeah ! SQLHTML , here we are !
-
RE: You loose
@merreborn said:
Brute forcing properly salted MD5 could take quite some time, especially for good passwords.
For sure ... but what do you expect from this application and ultimately from its users ? ;-) In a couple of hours you'll get obvious passwords, and, a few days will be necessary for harder ones. I don't think it would take more than a week or two. Or does it ? I mean, if it takes years, we might as well publicize our password files, but this is not likely the case.
One could make a little bot that searches google for other sites using that mercator e-commerce application and automate the exploit, getting information and most probably enabling some changes. Like turkish hackers did for PHPNuke portals. Fortunately, unlike PHPNuke this particular application doesn't seem to be much spreaded and most probably this website doesn't have many users. But unlike PHPNuke, it involves money, which makes these leaks rather serious.
-
RE: You loose
Well, what brings the more security around this site is that ... it's not worth the effort ;-)
Anyway, there is also a user database ( you can replace the table name by 'users' ) ; and field names are available from subscription form. Then, you could just alias column names in the articles list query to display personnal information about users. Fortunately credit card numbers seem to be used only in a separate site. Clear passwords may be not avaiable but even if you get a hashed value, you can import them and bruteforce locally.
Being business, that's not secure enough. Available SQL injections could be (criminally) profitable and there is at least a potential privacy leak.
-
RE: You loose
A little update, being unfair to that mercator product. The wtf being it's an accounting software used as content management, well, you can expect suboptimal peformance.
But then I saw something Wayyyyy too classic :
http://217.136.227.214/scripts/foxisapi.dll/MercatorIshop.MercatorIshop.searchSqlItem?sql=select stock_x.* from stock_x where s_id_famil='N1PX0NSDNN' and s_cat3='DISTRI' and s_retour>=date() order by s_retour&n=25
Duh. You know what, don't do it ;-)
-
RE: You loose
Guess what, it's not even related to ajax. And when I look at the source I hope the author will stay away from it for a while.
This document is composed of 1 main document and 10 iframes. Doh!
Try to open the website on a 1024x768 screen you get an awful inside horizontal scrollbar.
For the frames, source code is just retarded. Document's header being invalid, the document type shows up ... http://217.136.227.214/scripts/foxisapi.dll/MercatorIshop.MercatorIshop.sqlExec?sql=p_prevente&page=ph_prevente. Don't hit too hard, website must have been done by a poor student working at one of these night shops ... the software it relies upon is probably not responsible for this wtf, but still, I'd stay away from that mercator e-commerce thing ( and by the way, presenting a product using a powerpoint on a website is another wooden table variation to me )
It's funny to see what all these iframes are used for. Look at this one. How cute, eh ? Enjoy the source code, now you know every clerk's birthday ;-)
-
RE: Javascript Date wtf
Yup, this recalls me a minor WTF which is an API inconsistency in ruby standard library.
You can get current day-of-week :
Date.today.wday
0 is sunday
You can build a date like this :
Date.commercial(year,week_number,day_of_week)
day_of_week must be 1-> 7 , 7 is sunday. Guess what, it throws an exception when you try setting day of week to 0.
You barely need to build a Date using another Date's day-of-week, but nevertheless, when it happens, chances of random crash are 14.3% until you figured it out ;-)
-
RE: Strange PHP/MySQL error
Yup, I hope you plan to refurbish your style a little. You should use templates, or more contemporarily ( to my point of view ) put the logic ( arguments processing, sql queries ) in a separate file, having only very simple and explicit php calls embedded in the HTML code. This way it's easier to reread, modify and spot security leaks. I don't want to promote over-designed applications, this is real basic and it's necessary.
In fact this almost looks like PHPNuke / PhpBB source code :'( I don't want to be rude but that's not acceptable in redistributed/professional code.
By the way, this code may be safe if magic_quotes is on. But that's a thing I wouldn't rely upon.
-
RE: The most headache-less path to Web Development?
That was confusing and you have a point. But I mean, it's a french-speaking programming language like cobol was aimed to look like english. The API is a bit like PHP, that is : triying to be exhaustive in a single "flat" namespace, which results in tons of verbose function names. OO is available in this language but as far as I know ( most of ) the api isn't, for legacy reasons I guess.
But really my point is : here is an example of "universal language wanabe". Commercially, they aimed the right market, big companies, being executive-friendly and presenting themselves as interfaceable with DB2, IBM iSeries ( formerly known as AS400 ). I'm sure quite many front-page articles are waiting around ;-)
A programming language not being natively english is not a WTF in itself but having to think in several languages while programming would be painful. But english being a monopolistic language is itself not fair .. well, that's a big issue. Still, I prefer to "think" in only one language, that is, english, while programming. Would be too confusing otherwise.
And about programming language trying to look like native language, that's another issue. Readability being one of the most important things today, that's relevant. But some programming languages just do it backwards and too verbosely : they look like native language, but they're ridiculously unreadable.
-
RE: The most headache-less path to Web Development?
@Ice^^Heat said:
Why are there so many languages???? C#, Java, Python, PHP, Perl....
Why can't we have just one ü<font face="Times New Roman" size="3">berlanguage???</font>
That's exactly how a windev was born. To put it short, just imagine sort of VB in french ... guess what, they're so ashamed you can't find a single line of code on their website.
If you feel prepared, just search for "wlangage". Indeed, they have also a web-oriented environment, which is cleverly named ... webdev.
No silver bullet ? Eh, guess what, people still make a living of that. Call it snake oil consultancy.
-
RE: Question arising from "Sprite Threading"
I'm surprised nobody came with the story slashdot reported recently
http://it.slashdot.org/article.pl?sid=07/03/22/1218238
There is a video of a demo on playstation 3, where each chicken has its thread. Unfortunately the file is quite slow to download and the recording is terrible.
Still, the rooster simulation is quite funny. -
RE: Web 3.0
The only backoffice you need is a form to upload pictures.
Your client will then be able to send in all the content he wants, process is easy : just write it down and take a picture. Don't forget the obligatory wooden table.
-
RE: E-commerce company on the leading edge of 90's technology
I remember having to process credit cards, so the company I worked for had to contact one of those intermediary credit card processing companies.
So I met the guys in a meeting room. And thank god I was still not really awake, and didn't explode in laughing - I mean, one of those guy looked like Leopold II of Belgium
Rest of the story is pretty much usual, boring file upload where each line look like some old school cobol format : n characters for credit card, full name on n characters padded with spaces, and so on. Eh, guess what, I'm even happy they didn't come with an XML format. Not too much WTFed though, apart from Leopold's incredible beard ; didn't expect anything fancy anyway. They even had a testing environment !
-
RE: E-commerce company on the leading edge of 90's technology
Looks like a pattern here. I guess despite its crappy software the company you work for earns huge amounts of money ( as all money transfer/processing company do ). So we have a reverse gnome business plan :
- Profit!
- ???
- Make crappy software
-
RE: This site's search WTF!
These pages got an higher rank because the keyword was found in the title and between <h1> tags.
They could use a <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"> in their header ( from here )