Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!
«1503 »
 
  • Post
  • Reply
HappyHippo
Nov 19, 2003
Do you have an Air Miles Card?

Jabor posted:

To be fair, I don't think anyone would give someone an amount of medication literally measured in tonnes.

MG is a very common way of putting mg, especially in contexts where mg might be expected such as drug dosages. No one uses or expects megagrams (that would me Mg anyway). That bug is horrifying.

* # ? Mar 15, 2013 06:26
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 17, 2024 20:30
  • Quote
Doctor w-rw-rw-
Jun 24, 2008

HappyHippo posted:

MG is a very common way of putting mg, especially in contexts where mg might be expected such as drug dosages. No one uses or expects megagrams (that would me Mg anyway). That bug is horrifying.
Pretty sure mg -> MG isn't the problem - the problem is that both mg and μg capitalize to MG.
http://www.fileformat.info/info/unicode/char/3bc/index.htm

* # ? Mar 15, 2013 06:35
  • Quote
Bruegels Fuckbooks
Sep 14, 2004

Now, listen - I know the two of you are very different from each other in a lot of ways, but you have to understand that as far as Grandpa's concerned, you're both pieces of shit! Yeah. I can prove it mathematically.

Doctor w-rw-rw- posted:

Pretty sure mg -> MG isn't the problem - the problem is that both mg and μg capitalize to MG.
http://www.fileformat.info/info/unicode/char/3bc/index.htm

Oh gently caress, that's pretty nasty.

Granted everywhere I've ever seen a string comparison, people ToLower() then compare rather than ToUpper(). Maybe that's why?

* # ? Mar 15, 2013 06:43
  • Quote
Nippashish
Nov 2, 2005

Let me see you dance!
You mean you can't tell the difference between GREEK CAPITAL LETTER MU (U+039C) and LATIN CAPITAL LETTER M (U+004D) by sight?

* # ? Mar 15, 2013 06:46
  • Quote
Doc Hawkins
Jun 15, 2010

Dashing? But I'm not even moving!


 Non-ideographic writing systems are the true horror.

* # ? Mar 15, 2013 07:45
  • Quote
karms
Jan 22, 2006

by Nyc_Tattoo
Yam Slacker
The true true horror is not using scientific notation.

* # ? Mar 15, 2013 09:54
  • Quote
armorer
Aug 6, 2012

I like metal.
You guys all hit on all the major issues. The capital greek Mu is essentially an M, they are indistinguishable in this context. It was never my decision to capitalize everything, the app worked that way when we were brought in to work on it and nobody ever thought much of it. Fortunately this issue was not found in live data, but holy crap was I terrified when it was brought to light. In the end the decision was made to leave it so it capitalized everything. Instead of altering the code, this particular data set was altered so that µg was written out as micrograms (or mcg). I am uncomfortable with that decision for obvious reasons.

Edit:
Can you tell these apart?
http://codepoints.net/U+039C
http://codepoints.net/U+004D

armorer fucked around with this message at 13:13 on Mar 15, 2013

* # ? Mar 15, 2013 13:10
  • Quote
pokeyman
Nov 26, 2006

That elephant ate my entire platoon.
 Why mcg instead of ug?

* # ? Mar 15, 2013 14:02
  • Quote
evensevenone
May 12, 2001
Glass is a solid.
I just don't get what makes someone in this day and age think "Hey better convert that to uppercase before displaying it!" Like what, just in case their terminal is a Commodore 64?

* # ? Mar 15, 2013 14:24
  • Quote
DaTroof
Nov 16, 2000

CC LIMERICK CONTEST GRAND CHAMPION
There once was a poster named Troof
Who was getting quite long in the toof

evensevenone posted:

I just don't get what makes someone in this day and age think "Hey better convert that to uppercase before displaying it!" Like what, just in case their terminal is a Commodore 64?

When I worked on healthcare transaction software, the EDI standard required for HIPAA compliance was all uppercase. Pretty sure it's the same today. I assume it's for backwards compatibility with technology not significantly newer than C64.

* # ? Mar 15, 2013 14:37
  • Quote
HappyHippo
Nov 19, 2003
Do you have an Air Miles Card?

Doctor w-rw-rw- posted:

Pretty sure mg -> MG isn't the problem - the problem is that both mg and μg capitalize to MG.
http://www.fileformat.info/info/unicode/char/3bc/index.htm

Yeah I know? Someone thought it meant megagrams and thus wouldn't be that bad because no one could make that mistake. I was pointing out that MG is often read milligrams, which could be mistaken for a reasonable drug dose.

* # ? Mar 15, 2013 15:53
  • Quote
Munkeymon
Aug 14, 2003

Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.

armorer posted:

You guys all hit on all the major issues. The capital greek Mu is essentially an M, they are indistinguishable in this context. It was never my decision to capitalize everything, the app worked that way when we were brought in to work on it and nobody ever thought much of it. Fortunately this issue was not found in live data, but holy crap was I terrified when it was brought to light. In the end the decision was made to leave it so it capitalized everything. Instead of altering the code, this particular data set was altered so that µg was written out as micrograms (or mcg). I am uncomfortable with that decision for obvious reasons.

Edit:
Can you tell these apart?
http://codepoints.net/U+039C
http://codepoints.net/U+004D

Just replace 039C with http://codepoints.net/U+00B5 - problem solved forever, right guys?

* # ? Mar 15, 2013 16:23
  • Quote
armorer
Aug 6, 2012

I like metal.

Munkeymon posted:

Just replace 039C with http://codepoints.net/U+00B5 - problem solved forever, right guys?

No, because that still uppercases to U+039C. Or are you saying actually change the Unicode upper case glyph (which is clearly out of my control)?
* # ? Mar 15, 2013 16:32
  • Quote
Catalyst-proof
May 11, 2011

better waste some time with you

armorer posted:

You guys all hit on all the major issues. The capital greek Mu is essentially an M, they are indistinguishable in this context. It was never my decision to capitalize everything, the app worked that way when we were brought in to work on it and nobody ever thought much of it. Fortunately this issue was not found in live data, but holy crap was I terrified when it was brought to light. In the end the decision was made to leave it so it capitalized everything. Instead of altering the code, this particular data set was altered so that µg was written out as micrograms (or mcg). I am uncomfortable with that decision for obvious reasons.

Edit:
Can you tell these apart?
http://codepoints.net/U+039C
http://codepoints.net/U+004D

There is a single code point for micrograms, U+338D. It looks the same lowercase as uppercase: ㎍

* # ? Mar 15, 2013 17:31
  • Quote
Malloc Voidstar
May 7, 2007

Fuck the cowboys. Unf. Fuck em hard.
That looks awful.

edit: Why the hell is it in the CJK block?

Malloc Voidstar fucked around with this message at 18:00 on Mar 15, 2013

* # ? Mar 15, 2013 17:58
  • Quote
Catalyst-proof
May 11, 2011

better waste some time with you

Aleksei Vasiliev posted:

That looks awful.

Who cares? You can assign whatever font you want to whatever parts of the plane you want. If you don't like it, U+338E, ㎎, is right next door.

edit: That's a good question. Looking at the rest of the characters in the block, I'd have to say that they're generally formatted to fit in the wide-character columns you typically see CJK languages written in. That doesn't restrict their usage, though.

Catalyst-proof fucked around with this message at 18:04 on Mar 15, 2013

* # ? Mar 15, 2013 17:59
  • Quote
Zhentar
Sep 28, 2003

Brilliant Master Genius
All that assumes it's actually using Unicode, and not Windows-1252 or such.

* # ? Mar 15, 2013 18:10
  • Quote
evensevenone
May 12, 2001
Glass is a solid.
I really like that they implement unicode (or part of it), but not lower case. If it's really an EDI thing whoever came up with that must be completely braindead.

* # ? Mar 15, 2013 18:14
  • Quote
..btt
Mar 26, 2008

evensevenone posted:

I just don't get what makes someone in this day and age think "Hey better convert that to uppercase before displaying it!"

:v:

I mean, I agree entirely, I find this in particular ugly and visually distracting. Some people have a strange sense of aesthetics...

(this is Word 2013 for those that don't touch the Microsoft world - if you try to rename the tabs to correct the casing, it forces them back to upper-case)

* # ? Mar 15, 2013 19:03
  • Quote
Munkeymon
Aug 14, 2003

Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.

armorer posted:

No, because that still uppercases to U+039C. Or are you saying actually change the Unicode upper case glyph (which is clearly out of my control)?

What I was trying to get at is that it's not obvious (at least to me!) that the micro sign would uppercase to anything because that makes no goddamn sense (again, at least to me!).

* # ? Mar 15, 2013 19:06
  • Quote
Catalyst-proof
May 11, 2011

better waste some time with you

Munkeymon posted:

What I was trying to get at is that it's not obvious (at least to me!) that the micro sign would uppercase to anything because that makes no goddamn sense (again, at least to me!).

Are you stupid? It's a Greek letter. Why wouldn't a five-thousand year old language have capital letters?

* # ? Mar 15, 2013 19:19
  • Quote
Sinestro
Oct 31, 2010

The perfect day needs the perfect set of wheels.

horse mans posted:

Are you stupid? It's a Greek letter. Why wouldn't a five-thousand year old language have capital letters?

There is U+003BC, which is the letter. The question is why does U+00B5, which is just as a symbol for micro and micro alone, uppercase.

* # ? Mar 15, 2013 19:21
  • Quote
Catalyst-proof
May 11, 2011

better waste some time with you

Sinestro posted:

There is U+003BC, which is the letter. The question is why does U+00B5, which is just as a symbol for micro and micro alone, uppercase.

Because it's decomposed from U+03BC. This means that the two code points, while different semantically, originate from the same canonical human representation. Section 15.5 of the Core spec describes why this is the case in more detail.

Catalyst-proof fucked around with this message at 19:34 on Mar 15, 2013

* # ? Mar 15, 2013 19:24
  • Quote
Polio Vax Scene
Apr 5, 2009



 Oh hey just found this
code:
...
where inv.ItemStatus like '%Active%'
...
Inactive means Active!? What a country!


Don Mega posted:

I found a table in my company's database that stores passwords as plain text and I doubt my co-workers will care. They weren't too interested in preventing sql injections either.

I have to support software that does this. Everyone's username, everyone's password, right there in a big rear end table. And I have access to them all, every single client. I could dump tens of thousands of name/pass combos with a few minutes of copy+paste. It's a Microsoft product

* # ? Mar 15, 2013 19:37
  • Quote
armorer
Aug 6, 2012

I like metal.

horse mans posted:

There is a single code point for micrograms, U+338D. It looks the same lowercase as uppercase: ㎍

While this is good to know about (and I wasn't aware of its existence) it doesn't help the general problem. The horror in this case was not that µ was used to denote micro in the system. The horror is that the system capitalized data which originated from external systems where we have no control over the characters used, and that data represented drug dosages. The particular dataset with this problem was manually edited to not use µ before being loaded into the live system.

Capitalizing data in a software application is generally not considered to be criminally negligent manslaughter.

* # ? Mar 15, 2013 20:48
  • Quote
Munkeymon
Aug 14, 2003

Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.

armorer posted:

While this is good to know about (and I wasn't aware of its existence) it doesn't help the general problem. The horror in this case was not that µ was used to denote micro in the system. The horror is that the system capitalized data which originated from external systems where we have no control over the characters used, and that data represented drug dosages. The particular dataset with this problem was manually edited to not use µ before being loaded into the live system.

Capitalizing data in a software application is generally not considered to be criminally negligent manslaughter.

Hey, man, you only have to know the entire Unicode spec and how every single character decomposes in order to understand the output of lowercase(). Are you lazy or stupid or something?

This is seriously beginning to sound a like security thing in terms of sheer complexity and ease of loving it up horrifically.

* # ? Mar 15, 2013 21:21
  • Quote
ExcessBLarg!
Sep 1, 2001
 I always observe a moment of pondering and reflection upon invoking "#include <ctype.h>".

It's rarely a good idea, even if there's no choice in the matter.

* # ? Mar 15, 2013 21:46
  • Quote
Scaramouche
Mar 26, 2001

SPACE FACE! SPACE FACE!

Jabor posted:

I would be seriously worried about some "job security" dead man's switches buried in some of those queries.

I've already had 3 people from the client ask me if they thought 'is all this necessary or was he just making it so we had to keep paying him'

* # ? Mar 15, 2013 22:29
  • Quote
Opinion Haver
Apr 9, 2007

Munkeymon posted:

Hey, man, you only have to know the entire Unicode spec and how every single character decomposes in order to understand the output of lowercase(). Are you lazy or stupid or something?

This is seriously beginning to sound a like security thing in terms of sheer complexity and ease of loving it up horrifically.

My favorite stupid Unicode-related thing is how old versions of IE could be tricked into parsing +ADw-script+AD4-alert("owned");+ADw-/script+AD4- as UTF-7, leading to code execution.

* # ? Mar 16, 2013 01:42
  • Quote
shrughes
Oct 11, 2008

(call/cc call/cc)
https://github.com/Max00355/IonicDB/

IonicDB, a NoSQL database engine written in Python.

code:
    $ python server.py 12366
...
code:
    $ python client.py localhost 12366
    IonicDB> insert foo "if(3<2)else(sys.argv[0])+"
    IonicDB> select foo
    server.py

* # ? Mar 16, 2013 04:05
  • Quote
Opinion Haver
Apr 9, 2007

 How did you even find that?

* # ? Mar 16, 2013 04:10
  • Quote
shrughes
Oct 11, 2008

(call/cc call/cc)

yaoi prophet posted:

How did you even find that?

I was reading https://news.ycombinator.com/newest.

* # ? Mar 16, 2013 04:14
  • Quote
Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe
Isn't it Ionic, dontcha think? A little too Ionic... yeah I really do think.

* # ? Mar 16, 2013 06:32
  • Quote
evensevenone
May 12, 2001
Glass is a solid.
I'm sure "fix ALL security issues" is on the to-do list.



edit haha oh my god
code:
    def insert(self):
        if not os.path.exists(self.system+".ion"):
            with open(self.system+".ion", 'w') as file:
                pass
        with open(self.system+".ion", 'ab') as file:
            file.write(self.query+"\n")
        self.obj.close()
Hmm, I wonder what select looks like?

code:
    def select(self):
        if not os.path.exists(self.system+".ion"):
            self.obj.send("System "+self.system+" does not exist!")
            self.obj.close()
        else:
            with open(self.system+".ion", 'rb') as file:
                for x in file.readlines():
                    if self.query.strip("{").strip("}") in x:
                        self.obj.send(x)
                self.obj.close()
I was wondering how server.py was only 71 lines

evensevenone fucked around with this message at 08:39 on Mar 16, 2013

* # ? Mar 16, 2013 08:33
  • Quote
xf86enodev
Mar 27, 2010

dis catte!

..btt posted:

:v:

How did you get word2013 to run on win3.1?

* # ? Mar 16, 2013 12:23
  • Quote
OnceIWasAnOstrich
Jul 22, 2006

evensevenone posted:


edit haha oh my god


I was wondering how server.py was only 71 lines

You quoted a quarter of the server script and missed the best part!

Python code:
            self.obj, conn = s.accept()
            data = self.obj.recv(1024)
            if not data:
                continue
            try:
                data = eval(data)
            except:
                print 'error data'
                continue

* # ? Mar 16, 2013 15:19
  • Quote
Progressive JPEG
Feb 19, 2003

 The same author has a remote backup thing which seems to be pretty popular (253 stars, 20 forks). So far I've found:
code:
def login(username, password):
    if username not in users:
        return False
    elif hashlib.sha1(users[username]).hexdigest() == password:
        return True
    else:
        return False
Unsalted SHA1 for hashing passwords and storing them plaintext in server.py? Not the end of the world given this is probably just for someone's LAN...

code:
def upload(username, password, file, data):
    [...]
    data = data.split()
    for data in data:
        upload.write(chr(int(data)))
    [...]
That seems a little obtuse but whatever...

code:
def download(username, password, file):
    if login(username, password) is False:
        return "Login Failed"
    else:
        with open("files/"+file, 'rb') as file:
            return file.read()
lol what

(Hint: set file to "../../.ssh/id_rsa". Same issue in upload() (eg "../../.ssh/authorized_keys") and delete())

But its at least just meant to be on a LAN(?), and isn't as crazy as completely arbitrary shell execution. Hopefully they're still just in school or something, I'd probably have made similar mistakes back then.

* # ? Mar 16, 2013 16:18
  • Quote
Wheany
Mar 17, 2006

Spinyahahahahahahahahahahahaha!

Doctor Rope

Munkeymon posted:

This is seriously beginning to sound a like security thing in terms of sheer complexity and ease of loving it up horrifically.

Because it is.

Unicode is one of those Really Difficult Things.

* # ? Mar 16, 2013 17:30
  • Quote
b0lt
Apr 29, 2005

Progressive JPEG posted:

Unsalted SHA1 for hashing passwords and storing them plaintext in server.py? Not the end of the world given this is probably just for someone's LAN...
Don't forget non-constant time string comparison!

* # ? Mar 16, 2013 22:20
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 17, 2024 20:30
  • Quote
Munkeymon
Aug 14, 2003

Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.

Wheany posted:

Because it is.

Unicode is one of those Really Difficult Things.

Having a unit symbol that uppercases is going beyond difficult into just plain obtuse, but then it's a big, international standard designed by a committee, so I'm not really surprised that bizarre poo poo like that comes out of it.

* # ? Mar 18, 2013 20:20
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!
«1503 »