communist_goatboy:

I was reading the list of the top 25 most dangerous software programming errors according to SANS when I linked off to the CWE website and read this article that contains the code shown below.

 

int VerifyAdmin(String password) {

if (passwd.Equals("68af404b513073584c4b6f22b6c63e6b")) {

return(0);

} //Diagnostic Mode

return(1);

}

 

Software progamming error #26 (the syntax error).

 

Maybe it's just following the POSIX standard of returning zero for success and non-zero for error?  So if it returns zero, that means it successfully verified your admin status.  If it returns 1, that means it failed.
</devil'sadvocate>

DaveK:

Maybe it's just following the POSIX standard of returning zero for success and non-zero for error?  So if it returns zero, that means it successfully verified your admin status.  If it returns 1, that means it failed.
</devil'sadvocate>

Check the C++ example, I don't think that's their plan (Either that or the C++ example is the wtf instead).

 

Maybe they just really don't want  anyone logging in with that specific password... a blacklist password system rather than whitelist, ingenious! =P

 

DaveK:

communist_goatboy:

I was reading the list of the top 25 most dangerous software programming errors according to SANS when I linked off to the CWE website and read this article that contains the code shown below.

 

int VerifyAdmin(String password) {

if (passwd.Equals("68af404b513073584c4b6f22b6c63e6b")) {

return(0);

} //Diagnostic Mode

return(1);

}

 

Software progamming error #26 (the syntax error).

 

Maybe it's just following the POSIX standard of returning zero for success and non-zero for error?  So if it returns zero, that means it successfully verified your admin status.  If it returns 1, that means it failed.
</devil'sadvocate>

I think, just maybe, he might be referring to the fact that the equals() method is called equals with a lower-case e, and not Equals(). Java is afterall a case-sensitive language.
Minor wtf though if that's it.

MHolt:

DaveK:

communist_goatboy:

int VerifyAdmin(String password) {
    if (passwd.Equals("68af404b513073584c4b6f22b6c63e6b")) {
        return(0);
    }
    //Diagnostic Mode
    return(1);
}

Maybe it's just following the POSIX standard of returning zero for success and non-zero for error?  So if it returns zero, that means it successfully verified your admin status.  If it returns 1, that means it failed.
</devil'sadvocate>

I think, just maybe, he might be referring to the fact that the equals() method is called equals with a lower-case e, and not Equals(). Java is afterall a case-sensitive language.
Minor wtf though if that's it.

Or perhaps to the fact that passwd isn't defined anywhere (and password isn't used)?

vyznev:

Or perhaps to the fact that passwd isn't defined anywhere (and password isn't used)?

"passwd" is the global variable that you have to use. The "password" parameter only exists to confuse crackers. This is a well-known security pattern

bjolling:

vyznev:

Or perhaps to the fact that passwd isn't defined anywhere (and password isn't used)?

"passwd" is the global variable that you have to use. The "password" parameter only exists to confuse crackers. This is a well-known security pattern

Ahh yes, the anti-pattern pattern.  I try to live by it!

bjolling:

vyznev:

Or perhaps to the fact that passwd isn't defined anywhere (and password isn't used)?

"passwd" is the global variable that you have to use. The "password" parameter only exists to confuse crackers. This is a well-known security pattern

My mind is blown

MHolt:

DaveK:

communist_goatboy:

I was reading the list of the top 25 most dangerous software programming errors according to SANS when I linked off to the CWE website and read this article that contains the code shown below.

 

int VerifyAdmin(String password) {

if (passwd.Equals("68af404b513073584c4b6f22b6c63e6b")) {

return(0);

} //Diagnostic Mode

return(1);

}

 

Software progamming error #26 (the syntax error).

 

Maybe it's just following the POSIX standard of returning zero for success and non-zero for error?  So if it returns zero, that means it successfully verified your admin status.  If it returns 1, that means it failed.
</devil'sadvocate>

I think, just maybe, he might be referring to the fact that the equals() method is called equals with a lower-case e, and not Equals(). Java is afterall a case-sensitive language.
Minor wtf though if that's it.

 

Perhaps this is C# where it is "Equals".

 

tster:

Perhaps this is C# where it is "Equals".

On the site it's listed as a Java example.

Not quite sure about their use of brackets around the return value - it's unnecessary. Or is that just a C++ habit translated to Java?

 

PhillS:

 

tster:

Perhaps this is C# where it is "Equals".

On the site it's listed as a Java example.

Not quite sure about their use of brackets around the return value - it's unnecessary. Or is that just a C++ habit translated to Java?

 

In Java, the parentheses around the return value are purely optional and serve no actual purpose (some folks just like em)

 

snoofle:

PhillS:

On the site it's listed as a Java example.

Not quite sure about their use of brackets around the return value - it's unnecessary. Or is that just a C++ habit translated to Java?

In Java, the parentheses around the return value are purely optional and serve no actual purpose

Not that different to C++ in that respect, then.

snoofle:

In Java, the parentheses around the return value are purely optional and serve no actual purpose (some folks just like em)

Same for C++; I don't really remember any language where they are mandatory.

Let's start a holy war about whether parentheses are prettier than no parentheses.

Spectre:

Let's start a holy war about whether parentheses are prettier than no parentheses.

Don't bother.  The Ruby community have that war with themselves every few months. Or maybe it's just one long war with surges of activity and periods of relative peace, like the Israeli/Palestinian conflict.

PhillS:

 

tster:

Perhaps this is C# where it is "Equals".

On the site it's listed as a Java example.

 

ah.  I tried to look at the site but it wasn't loading this morning when I tried.

belgariontheking:

bjolling:

vyznev:

Or perhaps to the fact that passwd isn't defined anywhere (and password isn't used)?

"passwd" is the global variable that you have to use. The "password" parameter only exists to confuse crackers. This is a well-known security pattern

My mind is blown

That means the pattern worked.

Of course Murphy's law is infinitely recursive.  It acts upon itself until entropy has reached a maximum.

Witness the title of the original post.  (It took me a while to notice it.)

Muphry's Law is not Murphy's Law.

alegr:

belgariontheking:

bjolling:

vyznev:

Or perhaps to the fact that passwd isn't defined anywhere (and password isn't used)?

"passwd" is the global variable that you have to use. The "password" parameter only exists to confuse crackers. This is a well-known security pattern

My mind is blown

That means the pattern worked.

Indeed, after such a statement I could have posted my credit card number + expiry date and BTK still wouldn't have been able to use it. I call it "secure commenting on a public entity" or "SCOPE". It'll be big once I get this approved as an ISO standard

communist_goatboy:

Oh, Muphry, do you know no bounds?

communist_goatboy:

Software progamming error #26 (the syntax error).

 

Apparently not...

lolwtf:

 

Qwerty:

Of course Murphy's law is infinitely recursive.  It acts upon itself until entropy has reached a maximum.

Witness the title of the original post.  (It took me a while to notice it.)

Muphry's Law is not Murphy's Law.

And besides that, Murphy's law isn't recursive.  To wit:

Murphy's law:

Anything that can go wrong, will go wrong

DaveK's Oh-no-you-don't-get-away-that-easily corollary to Murphy's law:

Except Murphy's law.

DaveK:

Murphy's law:

Anything that can go wrong, will go wrong

DaveK's Oh-no-you-don't-get-away-that-easily corollary to Murphy's law:

Except Murphy's law.

 

How the heck can murphy's law go wrong?

dtech:

DaveK:

Murphy's law:

Anything that can go wrong, will go wrong

DaveK's Oh-no-you-don't-get-away-that-easily corollary to Murphy's law:

Except Murphy's law.

 

How the heck can murphy's law go wrong?

Exactly. Therefore Murphy's Law doesn't apply to itself: it isn't recursive, like DaveK said.

Zecc:

Exactly. Therefore Murphy's Law doesn't apply to itself: it isn't recursive, like DaveK said.

 

Murphy's law is recursive. Logic:

M_x = Murphy's Law for some object x
c_x = x can go wrong
w_x = x will go wrong

We have property M_x that states:  c_x → w_x        (or
if property c_x then property w_x       or
if something can wrong it will go wrong)

So:
(c_x ∧ M_x) → w_x   (if something can go wrong and Murphy's law is correct for that something that something will go wrong)

Note that M_x doesn't say anything about the case ¬c_x

If we replace the x with Murphy's law (or anything else that can't go wrong) Murphy's law is still valid for that thing, since Murphy's law doens't say anything about that thing.

dtech:

If we replace the x with Murphy's law (or anything else that can't go wrong) Murphy's law is still valid for that thing, since Murphy's law doens't say anything about that thing.

But Murphy's law can go wrong, can't it?

Now that I think of it, if it can go wrong, it most certainly does not apply to itself. If it can go wrong and applies to itself, then it will go wrong, which means it doesn't apply to anything, hence a contradiction.