|
Optimus Prime Ribs posted:The minimum end is a bit low (I don't know where he got those figures from) but $80,000.00 isn't too inaccurate. That being said I'm still trying to talk the CTO into letting me move to vancouver or victoria and opening up an office up there. Bhaal fucked around with this message at 00:57 on Oct 9, 2012 |
# ? Oct 9, 2012 00:50 |
|
|
# ? May 25, 2024 08:55 |
PHP thank you for making me waste a day chasing down something that apparently is not a bug. My Wordpress plugin activation hook was not getting called, because I was developing the plugin in a GIT repository outside the webserver tree and symlinked that directory into Wordpress' plugins directory. I was following good practice and using __FILE__ in the hook registration, and that caused it to silently fail because the plugins directory path was not a prefix of __FILE__. gently caress you PHP.
|
|
# ? Oct 9, 2012 15:17 |
|
Closed as duplicate, but doesn't say which one? This bugtracker is almost as bad as GitHub Issues.
|
# ? Oct 9, 2012 15:22 |
|
I am in awe of that "resolution."quote:It is required as part of the require/include_once function. Sources file paths are always resolved. It is not a bug but a design choice, which allows many optimization.
|
# ? Oct 9, 2012 22:26 |
|
Our "IT Manager" (former "senior web programmer") at work...code:
quote:: there are comments in this query
|
# ? Oct 9, 2012 23:58 |
|
Admiral H. Curtiss posted:The best part is how he actually uses stack.size() (I'm assuming "stack" is an ArrayList) in that insane method -- if he knows it exists, why not just return that? It looks to me like the sort of code that people send as a joke to idiots who ask programming forums to do their homework for them.
|
# ? Oct 10, 2012 01:02 |
|
Code at our work is usually quite reasonable, but I just shivered at this line in a review:C++ code:
|
# ? Oct 10, 2012 19:20 |
|
I love that 1 hiding out over on the right. Pretty obvious what it does.
|
# ? Oct 10, 2012 19:49 |
|
code:
|
# ? Oct 11, 2012 00:04 |
|
Harm Barn Gumshoe posted:Code at our work is usually quite reasonable, but I just shivered at this line in a review: poo poo like that is why I love languages that let you instead write that as something like: code:
|
# ? Oct 11, 2012 02:48 |
|
ToxicFrog posted:poo poo like that is why I love languages that let you instead write that as something like: Hopeful that I'm missing sarcasm
|
# ? Oct 11, 2012 16:02 |
|
The composition notation is much more readable, though I prefer Haskell's syntax but whatever.
|
# ? Oct 11, 2012 16:07 |
|
To clarify I'd have probably just gone and added an integer overload of that Convert::min_to_sec function, but going by all those other functs it looks like that Convert module is getting pretty enormous as it is (or is it some system/3rdparty library?).code:
|
# ? Oct 11, 2012 16:24 |
|
Just discovered in a stylesheet I'm attempting to clean up:code:
|
# ? Oct 11, 2012 19:46 |
|
Shame Boner posted:Just discovered in a stylesheet I'm attempting to clean up: Now how's that for some obfuscation, like to see someone try to steal his design
|
# ? Oct 11, 2012 20:38 |
|
beoba posted:Hopeful that I'm missing sarcasm Nope. I genuinely prefer my code to read first operation first rather than last operation first. I mean, in practice seeing something like that would be a warning sign, but I wanted to reproduce the same sequence of operations the original code had. KaneTW posted:The composition notation is much more readable, though I prefer Haskell's syntax but whatever. So do I, but I prefer Clojure for day to day use overall.
|
# ? Oct 11, 2012 21:11 |
|
php:<? function CheckSQLInjection($Username, $requiredChars) { $Username=strtoupper($Username); $Username=" $Username"; $InjectArray=array("SELECT ", "UPDATE ", "INSERT ", " AND ", " OR "); while($temp=array_pop($requiredChars)) { if(strpos($Username,$temp)==false) { return 1; } } while($temp=array_pop($InjectArray)) { if(strpos($Username,$temp)<>false) { return 1; } } return 0; }?> I just want to, once, not find a horror in some code that I've been handed. That'd be nice.
|
# ? Oct 12, 2012 07:39 |
|
bobthecheese posted:I just want to, once, not find a horror in some code that I've been handed. That'd be nice. If my career has taught me one thing, it's that this old gem applies to software too: There is always more and it's always worse.
|
# ? Oct 12, 2012 07:56 |
|
At my old job, my boss had a friend who was a sysadmin for a local company, and who would do "security audits" on our servers every once in awhile. After one of these, we noticed one server in particular was running really slow. Restarting would fix it for a bit but would be running sluggish again before too long, so I logged on and uhh...found that multiple instances of find were choking the system. Eventually I found the source: a shell script called find_spaced_dirs.sh that was scheduled with the backup routine every 15 minutes. The script was basically this:code:
I'm not really sure why he was so paranoid. I can only imagine that some attack on one of his systems scarred him for life so he's making sure we never get caught off guard by a malicious process stashing executables in directories consisting of a single space. Rather than argue with the boss about why this was check was unnecessary and stupid, I rewrote the script to do something like use tree to list all directories on the filesystem and did a line-by-line pattern match on them. It'd do the same check in about 6 seconds. Big Nubbins fucked around with this message at 15:14 on Oct 12, 2012 |
# ? Oct 12, 2012 15:12 |
|
bobthecheese posted:Every. loving. Day.
|
# ? Oct 12, 2012 16:50 |
|
One thing that is related but not quite code: users don't understand what it means to develop an application. Release a new feature while improving stability? "Ok but you should have been working on making it stable instead and you should have done it better 1 star" Make it more stable? "I can't click then hit back to not pay like I used to!!!!!!! 1 star make it free again!!!" Have a minor issue that doesn't mean much? "This app is awful it used to be better and why doesn't it have {FEATURE} this app sucks uninstalled"
|
# ? Oct 13, 2012 02:18 |
|
bobthecheese posted:
My favorite is the use of == false and <> false, if only because both are completely wrong.
|
# ? Oct 13, 2012 03:20 |
|
Rather amused by this comment on a Firefox bug report:quote:FWIW, ConvertACEtoUTF is also quite poorly implemented. For each node decodeACE converts from from puny to UCS4 to utf16 to utf8. Then it converts utf8 to utf16 to ACE to and compares with the original to make sure that it didn't make any mistakes. Finally the utf8 result will be converted back to utf16 for Javascript.
|
# ? Oct 13, 2012 04:44 |
|
Mozilla's JavaScript implementation chokes at anything Unicode-related. https://bugzilla.mozilla.org/show_bug.cgi?id=508783 https://bugzilla.gnome.org/show_bug.cgi?id=680730#c8
|
# ? Oct 13, 2012 04:55 |
|
Refactoring some code at work we found an interesting data structure: Map<Person, Pair<Person, Money>> (we're a Java shop). The function that used it had each Person key in the Map and the Person in the Pair reference the same object.
|
# ? Oct 13, 2012 05:00 |
|
Doctor w-rw-rw- posted:One thing that is related but not quite code: users don't understand what it means to develop an application. Dealing with android users is a horror, but not a coding one. Their phone's firmware, however...
|
# ? Oct 13, 2012 05:02 |
|
TronPaul posted:Refactoring some code at work we found an interesting data structure: Map<Person, Pair<Person, Money>> (we're a Java shop). The function that used it had each Person key in the Map and the Person in the Pair reference the same object. I was once informed of a hash table, where to store a key/value pair, they first concatenated the key to the value (they were both strings), and then to lookup, it did a prefix search over the hash table entries.
|
# ? Oct 13, 2012 05:10 |
|
tef posted:I was once informed of a hash table, where to store a key/value pair, they first concatenated the key to the value (they were both strings), and then to lookup, it did a prefix search over the hash table entries. Our Verizon internal FancyHash did that as well.
|
# ? Oct 13, 2012 05:15 |
|
“Doing linear scans over an associative array is like trying to club someone to death with a loaded Uzi.”
|
# ? Oct 13, 2012 05:19 |
|
http://www.oracle.com lol
|
# ? Oct 13, 2012 11:19 |
|
Geekner posted:Dealing with android users is a horror, but not a coding one. Their phone's firmware, however... I just spent 8 hours straight trying to get a VideoView to resume, not restart when it went off screen. I failed.
|
# ? Oct 13, 2012 11:46 |
|
Holy poo poo this is real!
|
# ? Oct 13, 2012 12:41 |
|
Doctor w-rw-rw- posted:One thing that is related but not quite code: users don't understand what it means to develop an application. The trick here is to entirely ignore the comments page of your app, and just read the emails people send you. They're usually a lot more coherent.
|
# ? Oct 13, 2012 13:48 |
|
Aleksei Vasiliev posted:Rather amused by this comment on a Firefox bug report: While on the subject of amusing firefox bugs, check out this padding/scrollbar/textarea bug from 2002. Which still is not fixed.
|
# ? Oct 13, 2012 14:21 |
|
Shame Boner posted:At my old job, my boss had a friend who was a sysadmin for a local company, and who would do "security audits" on our servers every once in awhile. After one of these, we noticed one server in particular was running really slow. Restarting would fix it for a bit but would be running sluggish again before too long, so I logged on and uhh...found that multiple instances of find were choking the system. Eventually I found the source: a shell script called find_spaced_dirs.sh that was scheduled with the backup routine every 15 minutes. The script was basically this: I'm not sure if I could resist running: echo "Hi SecurityGuy!" > " " and just wait.
|
# ? Oct 13, 2012 14:29 |
|
bobthecheese posted:
I'm not familiar at all with SQL, but this got me interested: Why do SQL Injections work at all? It seems like a pretty strange oversight by SQL. And why is this a bad way to try and catch them? I'm not saying it's good, I just want to understand what the particular horror is here.
|
# ? Oct 13, 2012 15:53 |
|
SQL injections happen when you try to build a query string dynamically out of user input, and you get your string escaping wrong (like, because you're using php and php is a mess). The solution is to not build query strings dynamically. If your frontend is too fragile to handle input that has certain english words in them, banning specific words is probably not going to save you. You should be making certain that input isn't interpreted as anything other than text rather than trying to limit what people can put into the text. Vanadium fucked around with this message at 16:13 on Oct 13, 2012 |
# ? Oct 13, 2012 16:09 |
|
Markovnikov posted:I'm not familiar at all with SQL, but this got me interested: Why do SQL Injections work at all? It seems like a pretty strange oversight by SQL. And why is this a bad way to try and catch them? I'm not saying it's good, I just want to understand what the particular horror is here. SQL injection is something that opens up when you build a SQL command by concatenating strings. Everyone knows it's a bad practice at this point, except for people who don't know. Like, let's say you have a query like: "SELECT * FROM UserAccounts WHERE UserName = '" + userName + "' AND Password = '" + password + "'" If I enter my username as "Ithaqua' AND 1=1 --", I end up with: "SELECT * FROM UserAccounts WHERE UserName = 'Ithaqua' AND 1=1 -- ' AND Password = ''" The -- is a comment, so at this point I'm logging in as the specified user without having a valid password. It's not the fault of the SQL engine for doing what it's told, it's the fault of lovely developers for not taking precautions against a type of attack that's been well-known and well-documented for over a decade.
|
# ? Oct 13, 2012 16:14 |
|
The fact that SQL queries even are strings in the first place is pretty horrible. Using a binary API like most other things would be exponentially better.
|
# ? Oct 13, 2012 16:17 |
|
|
# ? May 25, 2024 08:55 |
|
tef posted:I was once informed of a hash table, where to store a key/value pair, they first concatenated the key to the value (they were both strings), and then to lookup, it did a prefix search over the hash table entries.
|
# ? Oct 13, 2012 16:18 |