It's a good thing the malicious program didn't attempt to format the hard disk.
Posts made by shakin
-
RE: As a Precaution...
-
RE: Do I live in "Oregon (front)" or "Oregon (back)"?
@realmerlyn said:
I suspect they pulled a list of flags, and Oregon state is weird, having a different front and back.
If that is the case then this is probably a bigger WTF than is readily apparent. I suspect some programmer didn't want to type the 64 options in the list so he found a list of state and provincial flags on the net and wrote a script to convert the list and import it into a database (or just convert it into an HTML select box). While he probably could have typed all 64 options in five minutes the whole process of avoiding the typing probably took all day.
-
RE: FORBIDDENed swearword proofing
The code must be really weird. At first I thought it was filtering the whole word in which the curse word appeared, so you get "FORBIDDEN" instead of "clFORBIDDEN". It also appears to have a +1 character bug so "class had" loses the space and becomes "FORBIDDENhad". Strange. The +1 bug appears later on when "classroom" is replaced by "FORBIDDENoom", but now the whole word wasn't filtered. The filter appears to find the curse word, then filter out the entire part of the word before and including the curse, but leaves the remainder of the word.
The real WTF is that somebody obviously realized that a simple string replacement wasn't good enough, thought about the problem, then came up with this "solution". Sounds to me like a highly-paid consultant worked on it. At least when it's a string replacement you know the programmer didn't even think about the problem so the possibility exists that he or she is capable of producing a good filter.
-
RE: MS Business Assessment SNAFU
@TheRider said:
This may make sense for employees of big companies who don't know how their IT department is handling things.
So which option would you choose if you use a service provider?
-
RE: "Where are my files?"
The real WTF is the fact that nearly every corporate email system is setup with a ridiculously low amount of storage space and the fact that IT people are so clueless as to how users want to use email that they think it's the users' fault when they craft nasty workarounds or fail to archive their old email. Is it really so hard to give everyone a few GB of space? I know it can be done because I used to run our corporate email server and I didn't impose any limit on account storage. We were bought out by a big company and now have 200 MB per email account, which isn't nearly enough.
Our IT guy always tells us not to use email as a document storage facility, but he's ignoring the fact that most corporate documents sent through email are contextually linked to the email's author and content. We need to keep an archive of our email because information from a year or two ago may need to be recalled quickly. Email arrives to us in a format that's already reasonable for a permanent personal document archive (timestamped, sortable, and searchable) so why are we required to archive the email again somewhere else or create a nasty offline folder or other nonsense?
Disk space is cheap. Our 500 user email system can be stored on a 1 TB RAID array and give us plenty of storage. With 200 MB of storage each the whole company is only using 100 GB. That's 140 GB less storage than I have in my home desktop. Using SCSI drives you can build a TB array for well under $5000. Any company with 500 employees can spend that much several times over and given my conversations with upper management I know for certain that they'd all be behind spending money to give everyone more storage.
The worst part about IT is the fact that they think corporate computer use rules should be made to suit their needs instead of suiting the users' needs.
-
RE: Insurance rep WTF
When you don't discuss salaries the only one who benefits is your employer. That's why they don't want you talking about your salary with co-workers and why they hate salary surveys.
Think about the last time you asked for and got a raise. I got 10% six months ago. Obviously I'm worth the extra salary or I wouldn't have got it, so why wasn't I already making that money? Why won't your boss decide what the max he can pay you is and give that to you? Businesses want to pay you as little as possible to do your work and if your co-worker with the exact same job, performance, and experience as you gets paid 20% more they don't want you knowing about it.
If you discuss your salary with your co-workers and find out they make more than you, you're far more likely to ask for a raise then you otherwise would be.
Don't let the culture of fear beat you. Make sure you're getting the money you deserve.
-
RE: Need varargs? Use eval!
@Irrelevant said:
<.<
>.>
TRWTF is that the generally-accepted way of doing SQL in PHP is still escaping-and-concatenation. Seriously, perl (for example)'s only had parameterised queries as the de facto standard since... er... somewhere in the region of 1998 (version 1.0 of the DBI module -- it'd had parameterised queries since 1994, mind).
(Yes, I know about mysqli. That's all well-and-good, but how many people actually use it?)
It's a common way, but not "standard" in the sense that anybody with half a brain would do it that way. Think of php's mysql_ functions as the raw functions for accessing mysql in legacy php code. Since 2000 or earlier there have been libraries to properly access and query databases using parameterised queries. PEAR's Database library comes to mind as the official one. As if parameterised queries and other niceties weren't good enough, using a single set of functions for querying MySQL, Postgresql, SQL Server and other databases is certainly an important reason why you'd want to use something like PEAR for accessing a database.
IMO, PHP should have deprecated the mysql_ functions a long time ago, so I guess in a way it's their fault.