Coding Horrors: You can gather all your technical debt into one easy framework!

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1503 »

ephphatha: Dec 18, 2009

In production/Lib.pm:

code:

use CPAN::Module;

sub function_that_uses_CPAN::Module {
  my $obj = CPAN::Module::new()
  # Some work here using the created object.
  return;
}

In development/Lib.pm:

code:

#use CPAN::Module

sub function_that_uses_CPAN::Module {
  eval {
    require CPAN::Module;
  };

  my $obj = CPAN::Module::new()
  # Some work here using the created object.
  return;
}

For those wondering, the first version dies at compile time (which for this module was when the web server restarted) if CPAN::Module is missing. The second version apparently was modified after someone noticed this, except they don't check if the require fails, meaning the script dies at runtime when trying to use CPAN::Module::new(). No documentation or comments justifying why.

# ? Aug 29, 2013 02:09

Adbot: ADBOT LOVES YOU

# ? Jun 3, 2024 08:19

Smugdog Millionaire: Sep 14, 2002; 8) Blame Icefrog

My employer is taking on a new client and one of the first tasks is to audit the existing codebase to find the things that need to be fixed now. It's a simple CMS-driven website, with some special stuff for members.
In order to handle the 'remember me' checkbox on their login form, they store your integer ID to a cookie like 'Client_User_Cookie'. If you hit the login page with that cookie set to a valid user ID, the form will be pre-populated with username AND PASSWORD corresponding to that user. Passwords are transmitted in the clear (and hence stored that way too). The site doesn't use SSL, obviously.

You could scrape all the usernames and passwords for this site using bash + curl + grep in about 15 minutes.

# ? Aug 29, 2013 02:29

qntm: Jun 17, 2009

Ephphatha posted:

In production/Lib.pm:
code:
use CPAN::Module;

sub function_that_uses_CPAN::Module {
  my $obj = CPAN::Module::new()
  # Some work here using the created object.
  return;
}
In development/Lib.pm:
code:
#use CPAN::Module

sub function_that_uses_CPAN::Module {
  eval {
    require CPAN::Module;
  };

  my $obj = CPAN::Module::new()
  # Some work here using the created object.
  return;
}
For those wondering, the first version dies at compile time (which for this module was when the web server restarted) if CPAN::Module is missing. The second version apparently was modified after someone noticed this, except they don't check if the require fails, meaning the script dies at runtime when trying to use CPAN::Module::new(). No documentation or comments justifying why.

Perl lets you modify your import path (@INC) dynamically at run time, so the second form could have worked while the first one didn't.

Unrelatedly, that second case should read

code:

  eval {
    require CPAN::Module;
    CPAN::Module->import();
  };

to be properly equivalent.

# ? Aug 29, 2013 08:40

Maluco Marinero: Jan 18, 2001; Damn that's a
fine elephant.

Smugdog Millionaire posted:

My employer is taking on a new client and one of the first tasks is to audit the existing codebase to find the things that need to be fixed now. It's a simple CMS-driven website, with some special stuff for members.
In order to handle the 'remember me' checkbox on their login form, they store your integer ID to a cookie like 'Client_User_Cookie'. If you hit the login page with that cookie set to a valid user ID, the form will be pre-populated with username AND PASSWORD corresponding to that user. Passwords are transmitted in the clear (and hence stored that way too). The site doesn't use SSL, obviously.

You could scrape all the usernames and passwords for this site using bash + curl + grep in about 15 minutes.

Wow.

# ? Aug 29, 2013 12:23

Bognar: Aug 4, 2011; I am the queen of France; Hot Rope Guy

Smugdog Millionaire posted:

My employer is taking on a new client and one of the first tasks is to audit the existing codebase to find the things that need to be fixed now. It's a simple CMS-driven website, with some special stuff for members.
In order to handle the 'remember me' checkbox on their login form, they store your integer ID to a cookie like 'Client_User_Cookie'. If you hit the login page with that cookie set to a valid user ID, the form will be pre-populated with username AND PASSWORD corresponding to that user. Passwords are transmitted in the clear (and hence stored that way too). The site doesn't use SSL, obviously.

You could scrape all the usernames and passwords for this site using bash + curl + grep in about 15 minutes.

Oh my... that's awful. I've seen so many sites that don't hash passwords that I'm not even surprised about it anymore, but sending the passwords to anyone who asks is a whole new kind of idiocy.

# ? Aug 29, 2013 14:22

Ganondork: Dec 26, 2012; Ganondork

Smugdog Millionaire posted:

My employer is taking on a new client and one of the first tasks is to audit the existing codebase to find the things that need to be fixed now. It's a simple CMS-driven website, with some special stuff for members.
In order to handle the 'remember me' checkbox on their login form, they store your integer ID to a cookie like 'Client_User_Cookie'. If you hit the login page with that cookie set to a valid user ID, the form will be pre-populated with username AND PASSWORD corresponding to that user. Passwords are transmitted in the clear (and hence stored that way too). The site doesn't use SSL, obviously.

You could scrape all the usernames and passwords for this site using bash + curl + grep in about 15 minutes.

Oof, that's absolutely ridiculous. Since working for a small web company, I've learned the value of a password manager. As a bare minimum AT LEAST use SSL. Good find!

# ? Aug 29, 2013 15:48

Don Mega: Nov 26, 2005

It seems like the "we are not a bank, security doesn't matter" is a pretty common excuse among the ignorant. That was exactly what my boss told me when I brought up security concerns. It's not like the majority of people (especially among non-technical savvy) use the same password for all their accounts or anything :rolleyes:

Folks, don't ever assume your information is in good hands because it rarely is!

# ? Aug 29, 2013 18:36

Novo: May 13, 2003; ^{Stercorem pro cerebro habes}; Soiled Meat

Don Mega posted:

It seems like the "we are not a bank, security doesn't matter" is a pretty common excuse among the ignorant.

I actually had a candidate say this during an interview in response to being asked how he would store answers to security questions. Needless to say, he didn't get the job.

# ? Aug 29, 2013 19:02

New Yorp New Yorp: Jul 18, 2003; Only in Kenya.; Pillbug

Here's my security shame:

I worked at a place for several years that had a combo ASP .NET and classic ASP site. The .NET stuff was new development, but the actual profitable part of the site was classic ASP.

Since the classic ASP stuff was mature and worked, all of the logins for both sites went through the same classic ASP process. This made sense early on, when the new development was piggybacking on a lot of the existing infrastructure and database tables. Over time, they diverged and eventually became totally separate products, but implementing a proper membership provider was never a high priority on the product backlog.

Someone had attempted, at one point in the dim past, to put some sort of quarter-assed encryption in place (I think it just ROT13ed everything), but that's not even the real horror here.

After they put their encryption in place and converted all of the existing passwords over, they ended up with a bug: new users still had unencrypted passwords. The solution? Make the login page try the "encrypted" version of the password first, and if that failed, try the plaintext one. Bug solved!

Now my shameful admission: I worked there for 3 years and we never got around to doing anything about that. As far as I know, to this day, that site still stores all of its passwords in plaintext. I fought for a long time against putting a "reset password" link on the site. I tried to tell them that with a proper membership provider, that kind of functionality would be built-in, in the hopes that their desire for the feature would get the membership provider PBI finally put into a sprint. I also made the point that if we emailed people their passwords, it would be clear we weren't managing passwords properly, which is kind of a big deal when your service involves medical data.

# ? Aug 29, 2013 19:29

xtal: Jan 9, 2011; by Fluffdaddy

Don Mega posted:

It seems like the "we are not a bank, security doesn't matter" is a pretty common excuse among the ignorant. That was exactly what my boss told me when I brought up security concerns. It's not like the majority of people (especially among non-technical savvy) use the same password for all their accounts or anything

Folks, don't ever assume your information is in good hands because it rarely is!

The irony being that banks tend to have the shittiest, least secure websites made.

# ? Aug 29, 2013 22:09

Doctor w-rw-rw-: Jun 24, 2008

Speaking of security shame, here's a syllabus for Berkeley's (computer science) security class this semester:
http://people.ischool.berkeley.edu/~tygar/161/161.2013.08.29.syllabus.pdf

This particular professor is a special kind of bad. In summary:

Late to a class? You get an F and leave.
Late to section? You get an F and leave. By the way, four sections have been dropped. If you have a schedule conflict, report it by September 2nd, or get an F and leave.
Unanticipated absence due to family emergency or medical reasons? Full documentation must be submitted on the same day, or get an F and leave.
Religious absence? Submit it by September 2nd, or get an F and leave.
Cell phone beeps? Hell, even just your watch? Get an F and leave.
Use any non-medical electronic device at all? Get an F and leave.
Don't have a book yet? Pay $50 and also pay out the nose extra to get it overnighted; there's an exam on Monday. Oh, and the second textbook hasn't been published yet. Too poor? Too bad.
Requesting a re-grade? *All* of your exams will be re-graded.
Need to use the bathroom during a quiz? No.
Need to use the bathroom during an exam? Your test will be taken from you and photographed, and you will be escorted to the restroom.
Suspect someone is looking at your exam sheet? Stand up and report it immediately during the exam.

# ? Aug 30, 2013 00:58

leftist heap: Feb 28, 2013; Fun Shoe

And yet people pay good money to be put through that poo poo.

quote:

Need to use the bathroom during an exam? Your test will be taken from you and photographed, and you will be escorted to the restroom.

Am I stupid for failing to see or understand what photographing the exam is meant to accomplish? Am I going to somehow psychically alter the exam whilst making GBS threads? I don't get it. Isn't it enough to just take it?

# ? Aug 30, 2013 01:26

NinjaDebugger: Apr 22, 2008

rrrrrrrrrrrt posted:

And yet people pay good money to be put through that poo poo.

Am I stupid for failing to see or understand what photographing the exam is meant to accomplish? Am I going to somehow psychically alter the exam whilst making GBS threads? I don't get it. Isn't it enough to just take it?

Presumably if you then alter your previous answers, you will be failed, as you're assumed to have looked up answers in the john.

# ? Aug 30, 2013 01:43

leftist heap: Feb 28, 2013; Fun Shoe

Duh, right. Apparently my cheating skills aren't up to snuff.

What if just go to the bathroom before writing any answers? Didn't think of that, did you Dr. Tygar? :colbert:

# ? Aug 30, 2013 01:52

Harik: Sep 9, 2001; From the hard streets of Moscow
First dog to touch the stars; Plaster Town Cop

rrrrrrrrrrrt posted:

And yet people pay good money to be put through that poo poo.

Am I stupid for failing to see or understand what photographing the exam is meant to accomplish? Am I going to somehow psychically alter the exam whilst making GBS threads? I don't get it. Isn't it enough to just take it?

So if they decide you cheated somehow while in the bathroom they can go back and grade the photograph? No, that doesn't make any sense either, they insta-fail you for everything else so they'd just fail you for that too. The only conclusion is it's an object lession in Security Theatre.

# ? Aug 30, 2013 02:05

bucketmouse: Aug 16, 2004; we con-trol the ho-ri-zon-tal
we con-trol the verrr-ti-cal

A bit of a derail, but does anyone know a good standalone XML doc generator for C++? I'm staring at something like 200 completely undocumented lua-c bindings and beginning to feel nauseous.

Doctor w-rw-rw- posted:

Speaking of security shame, here's a syllabus for Berkeley's (computer science) security class this semester:

Oh the horror stories I could tell about one of my upper division cs professors. Have you ever calculated a md5 by hand, on paper? I have.

# ? Aug 30, 2013 02:43

HFX: Nov 29, 2004

bucketmouse posted:

A bit of a derail, but does anyone know a good standalone XML doc generator for C++? I'm staring at something like 200 completely undocumented lua-c bindings and beginning to feel nauseous.

Oh the horror stories I could tell about one of my upper division cs professors. Have you ever calculated a md5 by hand, on paper? I have.

Was it ment to show you understood the concept of a checksum? Otherwise it sounds like a completely retarded question. In fact, I have trouble thinking of any good reason for doing it that isn't ment as a test of an algorithm you just wrote (assuming you know your input and expected output).

# ? Aug 30, 2013 03:13

piratepilates: Mar 28, 2004; So I will learn to live with it. Because I can live with it. I can live with it.

bucketmouse posted:

A bit of a derail, but does anyone know a good standalone XML doc generator for C++? I'm staring at something like 200 completely undocumented lua-c bindings and beginning to feel nauseous.

Oh the horror stories I could tell about one of my upper division cs professors. Have you ever calculated a md5 by hand, on paper? I have.

You took a dump on that guy's desk after, right?

# ? Aug 30, 2013 03:28

Suspicious Dish: Sep 24, 2011; 2020 is the year of linux on the desktop, bro; Fun Shoe

bucketmouse posted:

Oh the horror stories I could tell about one of my upper division cs professors. Have you ever calculated a md5 by hand, on paper? I have.

Did you have to memorize the lookup table, or was that given to you?

# ? Aug 30, 2013 03:31

Fly: Nov 3, 2002; moral compass

xtal posted:

The irony being that banks tend to have the shittiest, least secure websites made.

I'm curious why you think so.

# ? Aug 30, 2013 03:36

xtal: Jan 9, 2011; by Fluffdaddy

Fly posted:

I'm curious why you think so.

This is an industry that uses 4-character numeric passphrases. Every bank I've used (admittedly only three) has the same limitation on e-banking passphrases. I recognize that not all do, but the best I've seen is 8 numeric characters.

I would say banks have an adequate amount of security for their importance when your passphrase (both online and on the actual account) can be any amount of any characters, two-factor authentication is mandatory and "we use HTTPS" isn't a trait worth marketing.

xtal fucked around with this message at 03:51 on Aug 30, 2013

# ? Aug 30, 2013 03:48

Fly: Nov 3, 2002; moral compass

xtal posted:

This is an industry that uses 4-character numeric passphrases. Every bank I've used (admittedly only three) has the same limitation on e-banking passphrases. I recognize that not all do, but the best I've seen is 8 numeric characters.

I would say banks have an adequate amount of security for their importance when your passphrase (both online and on the actual account) can be any amount of any characters, two-factor authentication is mandatory and "we use HTTPS" isn't a trait worth marketing.

Wow, the only 4-digit pass phrases I've seen are for ATM/Debit card PINs, and while that may not be very secure, a few missed will invalidate the card. Most online banking I've seen requires a bit more as a password, or at least allows for much more complex passwords.

On the other hand, I've seen some intranet SSO requirements based on the least common denominator require that passwords be at most 8 characters and only letters and digits, which is horrible, but that's not reflected in the consumer Internet banking product of that bank.

# ? Aug 30, 2013 04:11

Cocoa Crispies: Jul 20, 2001; Vehicular Manslaughter!; Pillbug

xtal posted:

This is an industry that uses 4-character numeric passphrases. Every bank I've used (admittedly only three) has the same limitation on e-banking passphrases. I recognize that not all do, but the best I've seen is 8 numeric characters.

Password generation policy is a subset of password security. Most banks lock you out after very few tries, and a four digit PIN is less likely to be written down on a scrap of paper in a wallet next to the ATM card it protects.

# ? Aug 30, 2013 04:16

sklnd: Nov 26, 2007; NOT A TRACTOR

Fidelity is my favorite example of bad bank password security. They allow authentication while phone banking via password entered through DTMF tones. This means that, during auth, your password is converted to some DTMF-tone equivalent representation before comparison to a stored value. If you have a Fidelity account, try altering a letter in your password on their website to the equivalent DTMF number (or another letter that occupies the same button on your phone dial pad), and watch your login succeed.

The entropy reduction from alpha-numeric to strictly numeric characters is pretty upsetting, and the maximum password length is something like 12 characters. Good job, guys.

# ? Aug 30, 2013 04:42

Rothon: Jan 4, 2012

Doctor w-rw-rw- posted:

Speaking of security shame, here's a syllabus for Berkeley's (computer science) security class this semester:
http://people.ischool.berkeley.edu/~tygar/161/161.2013.08.29.syllabus.pdf

This particular professor is a special kind of bad. In summary:

Late to a class? You get an F and leave.

Late to section? You get an F and leave. By the way, four sections have been dropped. If you have a schedule conflict, report it by September 2nd, or get an F and leave.

Unanticipated absence due to family emergency or medical reasons? Full documentation must be submitted on the same day, or get an F and leave.

Religious absence? Submit it by September 2nd, or get an F and leave.

Cell phone beeps? Hell, even just your watch? Get an F and leave.

Use any non-medical electronic device at all? Get an F and leave.

Don't have a book yet? Pay $50 and also pay out the nose extra to get it overnighted; there's an exam on Monday. Oh, and the second textbook hasn't been published yet. Too poor? Too bad.

Requesting a re-grade? *All* of your exams will be re-graded.

Need to use the bathroom during a quiz? No.

Need to use the bathroom during an exam? Your test will be taken from you and photographed, and you will be escorted to the restroom.

Suspect someone is looking at your exam sheet? Stand up and report it immediately during the exam.

That has to be some elaborate metaphor for overly burdensome security practices. It's just too nuts.

# ? Aug 30, 2013 04:45

QuarkJets: Sep 8, 2008

sklnd posted:

The entropy reduction from alpha-numeric to strictly numeric characters is pretty upsetting, and the maximum password length is something like 12 characters. Good job, guys.

Vanguard's maximum password length is ten :smith:

My minimum password length at work is 22 characters. My password is a loving sentence, and I mostly write open source software (science stuff)

# ? Aug 30, 2013 05:46

Gazpacho: Jun 18, 2004; by Fluffdaddy; Slippery Tilde

Doctor w-rw-rw- posted:

Speaking of security shame, here's a syllabus for Berkeley's (computer science) security class this semester:
http://people.ischool.berkeley.edu/~tygar/161/161.2013.08.29.syllabus.pdf

This particular professor is a special kind of bad. In summary:

Late to a class? You get an F and leave.

Late to section? You get an F and leave. By the way, four sections have been dropped. If you have a schedule conflict, report it by September 2nd, or get an F and leave.

Unanticipated absence due to family emergency or medical reasons? Full documentation must be submitted on the same day, or get an F and leave.

Religious absence? Submit it by September 2nd, or get an F and leave.

Cell phone beeps? Hell, even just your watch? Get an F and leave.

Use any non-medical electronic device at all? Get an F and leave.

At least he doesn't make people spend a night in the box.

# ? Aug 30, 2013 06:57

bucketmouse: Aug 16, 2004; we con-trol the ho-ri-zon-tal
we con-trol the verrr-ti-cal

HFX posted:

Was it ment to show you understood the concept of a checksum? Otherwise it sounds like a completely retarded question. In fact, I have trouble thinking of any good reason for doing it that isn't ment as a test of an algorithm you just wrote (assuming you know your input and expected output).

Nooope. We had to do 3 of them on one exam, iirc.

Not only was it pointless, the prof in question is notorious for basically being a real-life version of the boss from Dilbert. I need to track down the bad teachers thread at some point and post about him because I've honestly never seen anyone so stupid in a position of authority. I don't even mean 'I don't agree with his morals' figurative stupid, I mean platonic 'does not understand basic principles of physics such as gravity and friction and hence renders an entire class's semester projects unusable' stupid.

Suspicious Dish posted:

Did you have to memorize the lookup table, or was that given to you?

Given. Still was a giant pain in the rear end though.

# ? Aug 30, 2013 11:06

pigdog: Apr 23, 2004; by Smythe

xtal posted:

This is an industry that uses 4-character numeric passphrases. Every bank I've used (admittedly only three) has the same limitation on e-banking passphrases. I recognize that not all do, but the best I've seen is 8 numeric characters.

I would say banks have an adequate amount of security for their importance when your passphrase (both online and on the actual account) can be any amount of any characters, two-factor authentication is mandatory and "we use HTTPS" isn't a trait worth marketing.

Wow, that really does suck. Around here the minimum authentication for a bank is a 6-digit customer ID and a 6+ character main password... but to actually do anything you also need either a code card with 24 PINs (obsolete and only lets you transfer up to $200/day), a hardware PIN calculator, or government-issued ID card and its PKI. The customer ID and main password are only there to help in case a PIN calculator or other secure means of authentication gets stolen. Even the first internet banks required a PIN card at the very least.

# ? Aug 30, 2013 11:27

Bruegels Fuckbooks: Sep 14, 2004; Now, listen - I know the two of you are very different from each other in a lot of ways, but you have to understand that as far as Grandpa's concerned, you're both pieces of shit! Yeah. I can prove it mathematically.

Doctor w-rw-rw- posted:

Speaking of security shame, here's a syllabus for Berkeley's (computer science) security class this semester:
http://people.ischool.berkeley.edu/~tygar/161/161.2013.08.29.syllabus.pdf

This particular professor is a special kind of bad. In summary:

Late to a class? You get an F and leave.

Late to section? You get an F and leave. By the way, four sections have been dropped. If you have a schedule conflict, report it by September 2nd, or get an F and leave.

Unanticipated absence due to family emergency or medical reasons? Full documentation must be submitted on the same day, or get an F and leave.

Religious absence? Submit it by September 2nd, or get an F and leave.

Cell phone beeps? Hell, even just your watch? Get an F and leave.

Use any non-medical electronic device at all? Get an F and leave.

Don't have a book yet? Pay $50 and also pay out the nose extra to get it overnighted; there's an exam on Monday. Oh, and the second textbook hasn't been published yet. Too poor? Too bad.

Requesting a re-grade? *All* of your exams will be re-graded.

Need to use the bathroom during a quiz? No.

Need to use the bathroom during an exam? Your test will be taken from you and photographed, and you will be escorted to the restroom.

Suspect someone is looking at your exam sheet? Stand up and report it immediately during the exam.

Man, that is a ridiculously fast-paced course. If that's meant for undergrads then god help you all.

# ? Aug 30, 2013 12:37

One Eye Open: Sep 19, 2006; Am I awake?

Doctor w-rw-rw- posted:

Speaking of security shame, here's a syllabus for Berkeley's (computer science) security class this semester:
http://people.ischool.berkeley.edu/~tygar/161/161.2013.08.29.syllabus.pdf

This particular professor is a special kind of bad. In summary:

Late to a class? You get an F and leave.

Late to section? You get an F and leave. By the way, four sections have been dropped. If you have a schedule conflict, report it by September 2nd, or get an F and leave.

Unanticipated absence due to family emergency or medical reasons? Full documentation must be submitted on the same day, or get an F and leave.

Religious absence? Submit it by September 2nd, or get an F and leave.

Cell phone beeps? Hell, even just your watch? Get an F and leave.

Use any non-medical electronic device at all? Get an F and leave.

Don't have a book yet? Pay $50 and also pay out the nose extra to get it overnighted; there's an exam on Monday. Oh, and the second textbook hasn't been published yet. Too poor? Too bad.

Requesting a re-grade? *All* of your exams will be re-graded.

Need to use the bathroom during a quiz? No.

Need to use the bathroom during an exam? Your test will be taken from you and photographed, and you will be escorted to the restroom.

Suspect someone is looking at your exam sheet? Stand up and report it immediately during the exam.

Those two at least appear to be one medical emergency away from a lawsuit.

# ? Aug 30, 2013 12:53

Blotto Skorzany: Nov 7, 2008; He's a PSoC, loose and runnin'
came the whisper from each lip
And he's here to do some business with
the bad ADC on his chip
bad ADC on his chiiiiip

His grading is 1/3 quizzes, 1/3 exams and 1/3 the final and doesn't take any homework or attendance into account (a genuinely great way to do things for a class without real projects), but then he insta-fails you for the course and kicks you out of the room if you are late for one lecture or lab session. Seems conflicted.

# ? Aug 30, 2013 13:32

Hammerite: Mar 9, 2007; And you don't remember what I said here, either, but it was pompous and stupid.; Jade Ear Joe

Maybe the guy just really doesn't want to teach the course and came up with all of that as a scheme for making sure no student would take it. Then he can turn around to the department and say "Welp, I tried but there were no students motivated enough to take my course".

# ? Aug 30, 2013 13:35

KaneTW: Dec 2, 2011

It's intended to make the student count drop down to 75 or whatever.

# ? Aug 30, 2013 13:38

kitten smoothie: Dec 29, 2001

KaneTW posted:

It's intended to make the student count drop down to 75 or whatever.

Yeah, primarily he's trying to weed people out, and I guess maybe he's trying to make a statement of protest about the university not being able to provide sufficient TAs (I assume they don't have the budget to do so, because at a university as big as Berkeley you should be able to find plenty of willing and qualified victims so long as you can pay them).

Part of me wonders if once the student count drops below his crisis threshold, he'd say "hey folks, thanks for sticking this out, now let's have some fun" and start treating the students like the adults they are.

# ? Aug 30, 2013 14:06

zergstain: Dec 15, 2005

Doctor w-rw-rw- posted:

Speaking of security shame, here's a syllabus for Berkeley's (computer science) security class this semester:
http://people.ischool.berkeley.edu/~tygar/161/161.2013.08.29.syllabus.pdf

This particular professor is a special kind of bad. In summary:

Late to a class? You get an F and leave.

Late to section? You get an F and leave. By the way, four sections have been dropped. If you have a schedule conflict, report it by September 2nd, or get an F and leave.

Unanticipated absence due to family emergency or medical reasons? Full documentation must be submitted on the same day, or get an F and leave.

Religious absence? Submit it by September 2nd, or get an F and leave.

Cell phone beeps? Hell, even just your watch? Get an F and leave.

Use any non-medical electronic device at all? Get an F and leave.

Don't have a book yet? Pay $50 and also pay out the nose extra to get it overnighted; there's an exam on Monday. Oh, and the second textbook hasn't been published yet. Too poor? Too bad.

Requesting a re-grade? *All* of your exams will be re-graded.

Need to use the bathroom during a quiz? No.

Need to use the bathroom during an exam? Your test will be taken from you and photographed, and you will be escorted to the restroom.

Suspect someone is looking at your exam sheet? Stand up and report it immediately during the exam.

Jesus. This is an optional course, right? It's a 1xx course, which usually means freshman as well.

I wonder how many failing grade cases go to appeal, and if many are successful.

# ? Aug 30, 2013 14:12

Suspicious Dish: Sep 24, 2011; 2020 is the year of linux on the desktop, bro; Fun Shoe

kitten smoothie posted:

Yeah, primarily he's trying to weed people out, and I guess maybe he's trying to make a statement of protest about the university not being able to provide sufficient TAs (I assume they don't have the budget to do so, because at a university as big as Berkeley you should be able to find plenty of willing and qualified victims so long as you can pay them).

Part of me wonders if once the student count drops below his crisis threshold, he'd say "hey folks, thanks for sticking this out, now let's have some fun" and start treating the students like the adults they are.

Yeah, dude isn't that dumb, he knows exactly what he's doing.

# ? Aug 30, 2013 14:14

Scaevolus: Apr 16, 2007

zergstain posted:

Jesus. This is an optional course, right? It's a 1xx course, which usually means freshman as well.

I wonder how many failing grade cases go to appeal, and if many are successful.

It's an upper division course. It's one of 9 courses that fulfill a breadth requirement. http://www.eecs.berkeley.edu/csugrad/#upperdiv

# ? Aug 30, 2013 14:19

Sticky Profits: Aug 12, 2011

From the syllabus:

quote:

for security reasons, if you are late to class, you will not be allowed to take the quiz

I hope one of the lectures is on those security reasons.

# ? Aug 30, 2013 14:23

Adbot: ADBOT LOVES YOU

# ? Jun 3, 2024 08:19

Lumpy: Apr 26, 2002; La! La! La! Laaaa!; College Slice

So one of our favorite derails has been settled. Turns out doing_it_like_this is easier on the eye and faster to read thanDoingItLikeThis.

An Eye Tracking Study on camelCase and under_score Identifier Styles

# ? Aug 30, 2013 15:07

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1503 »