@KattMan said:
yes yes, we are still alive here.
And to judge by the fact that today's Error'd uses /Comments/ rather than what.thedailywtf I wonder whether Alex et al. are losing the will to push it.
@KattMan said:
yes yes, we are still alive here.
And whatever you do, don't ask a friend who flies a crop-dusting aircraft to drop a tonne and a half of water on you for the Ice Bucket Challenge.
(I'm not sure whether that's been officially confirmed yet, but it was the initial hypothesis behind a [url=http://www.elmundo.es/cataluna/2014/08/26/53fc919c22601def7e8b4577.html]recent event in Cataluña[/url] which led to the guy on the ground being hospitalised).
@PJH said:
About 99% of the people with active accounts have moved over to the new forums - you may want to join up and repost there...
@dkf said:
Hmm,blobheadervalue1=inline%3Bfilename%3DPDF-BANK0479.pdf
andblobheadername1=Content-Disposition
would appear to be an interesting combination. What could possibly go wrong?
blobkey=id&blobcol=urldata&blobwhere=1314012714572
? Unless the BlobServer checks columns types, a bit of scanning could probably get a list of column names. The easy test would be blobcol=id
.
@RaceProUK said:
It should do, though in VS warnings are normally only shown once after a code change/full rebuild.
I've anonymised the name of the type and the parameters, but the rest (including the misspelling of retrieve) is unchanged.
public static Foo RetriveFromBarAndBaz(string bar, string baz) { try { Foo foo = PersistentClass<Foo>.RetrieveUnique("Bar= :bar AND Baz= :baz", new QueryParameter("bar", bar), new QueryParameter("baz", baz)); return foo; } catch { return null; throw; } }
I'm not sure which is worse: that my predecessor apparently thought that this was a sensible catch block (this is a representative member of a set of 10 similar methods), or that the compiler doesn't even give a warning about the unreachable throw statement.
@LoremIpsumDolorSitAmet said:
Talking of crazy standards, let's not forget that in the financial industry in England, b (billion) used to be, and is still in a few cases, interpreted as a million million, not a thousand million. Go go global confusion!
@El_Heffe said:
The so called "right to be forgotten" is really an attempt to restrict access to information that has always been public
That depends. As far as I'm aware, it's not a formally defined term, so there could be some people using it to refer to the right of a data subject to request that a data controller delete data about them which the controller no longer has a good reason to keep, independently of how the controller obtained that data or of whether they are publishing it.
The short version is that yes, court records are open, but that doesn't mean that anyone can do anything they want with them. (I think that the U.S. has the same concept in e.g. the way it regulates credit agencies: isn't there a limit to how long they can take into account a bankruptcy?)
The core principle here is that every company which processes (defined widely enough to include storing) data which can be linked to an individual must be able to justify that processing. They must have a specific purpose for processing it, and they must either have the consent of the individual or a specific need to process it. That need must be weighed against harm which would be caused to the data subject by the processing.
You can argue that the law is silly if you want, but the ruling is just saying that Google has to follow the same laws as everyone else, and that's not silly.
@blakeyrat said:
@pjt33 said:If it's monumentally unlikely that an attacker will break the token encryption then there's no need to include either the password or the hash: the existence of the token communicates the correctness of the password without the need for any shared session.Well fair enough, but now you're arguing for a design that would make retracting tokens impossible and mine isn't that way.
Huh? I'm pretty confident that you weren't expiring session tokens by changing users' passwords, so I don't see how not including the password in the token affects the ability to expire it.
@blakeyrat said:
It occurs to me that it might be more secure if, instead of username and password in the token, you put in the username and password hash. That way in the monumentally unlikely scenario that an attacker breaks your token encryption, they still don't have access to the original password. The code I wrote might already do this, I'd have to look...
@blakeyrat said:
I don't know what "MAC" stands for in this context.
@blakeyrat said:
Where the fuck were you people like a year and a half ago when I asked advice on this?
@blakeyrat said:
My API has a call that specifically does authentication-- the caller uses it, passes in their user/pass (over SSL of course), the API checks this and returns to them a token. The token consists if: the user's username, password, the max date they're authenticated until (an hour, unless they checked "keep me logged in", in which case it's 2 weeks), and some other basic info (for example, what client they belong to, whether they're an administrator for that client.)
Including the password in the token sounds like a bad idea. It also seems unnecessary.
And you don't say anything about MAC. Are you using an AES mode with built-in MAC?
@partizanin said:
It turns out, that the value passed to aPersonID is completely ignored and that vPersonID is a global package variable.
@dkf said:
For a bonus, what would be the right way to do the transform?
I'm not talking about FindControl: I'm talking about things like BoundColumn / BoundField, ObjectDataSource, etc. In all of the legacy WebForms projects I've worked with it's more laborious than it should be to work out whether a given method is dead code or not, because rather than just checking for references you have to do a full-text search for the name.
@Jaime said:
That leaves "ugly URLs" as the main objection to Web Forms, which is easily fixed with URL routing.
The only anonymisation applied is a global replace of a certain word with "Foo".
protected void ddlSiteGroups_SelectedIndexChanged(object sender, EventArgs e) { var formView = (FormView)((DropDownList)sender).Parent.Parent.Parent.Parent; if (formView.CurrentMode == FormViewMode.Edit) { ((DropDownList)sender).Parent.FindControl("pnlFoo").Visible = ((DropDownList)sender).SelectedValue == "-1"; ((DropDownList)((DropDownList)sender).Parent.FindControl("pnlFoo").FindControl("ddlFoos")).SelectedIndex = 0; } else if (formView.CurrentMode == FormViewMode.Insert) { ((DropDownList)sender).Parent.FindControl("pnlFoo").Visible = ((DropDownList)sender).SelectedValue == "-1"; ((DropDownList)((DropDownList)sender).Parent.FindControl("pnlFoo").FindControl("ddlFoos")).SelectedIndex = 0; } }
This is so packed with WTFs that I'm not even going to bother with the minor ones. Let's look at the biggies:
.Parent.Parent.Parent.Parent
: because refactoring never happens, so our position relative to the FormView
will never change.((DropDownList)sender)
repeated 7 times: because it's impossible to declare a variable within a method.if (condition) { stuff; } else if (other condition) { exactly the same stuff; }
: because if (condition || other condition)
would make too long a line. (FWIW, in this particular case it's guaranteed that one of the two conditions will succeed, but I can see an argument for defensive coding by not assuming that the third value of the FormViewMode
enum will never be used).@boomzilla said:
First he rants about how "things haven't changed from the 70s." But then when confronted with an invention of the 70s that makes it easier to write non-sucky (from the user's perspective and the deveoper's) applications, his response is, "I don't need to learn this new fangled stuff!"
@gu3st said:
Maybe done by someone a bit better it might be less crazy, but from what I've seen, Drupal really doesn't encourage you to do things in a correct manner by making the worst way possible the easiest way.
@flabdablet said:
@Mason Wheeler said:The point being made by the OP is that this seems like a silly and needless alternative to simply returning the original sequence.That would be a perfectly fair point if you were the kind of ableist who believes that it is right and proper for programming languages to support abstractions that are not instantly obvious to any user.
@El_Heffe said:
I never said they can't sue. Anyone can sue anyone else for any reason, no matter how wrong or stupid.
The short answer seems to be that you look at IntPtr.Size to decide whether you're on 32-bit or 64-bit, and then use an extern to LoadLibrary. The details can get quite messy if you're trying to support CF, Alpha processors, etc.
It's definitely doable, because the managed wrapper for sqlite3 does it. I might try to figure out how if no-one posts a solution first.
@HerrDerSchatten said:
I wouldn't consider allowing cross-workbook references a reasonable design choice.Excel adresses cells in other workbooks with the name of the Workbook.
...
So I wouldn't blame this on Microsoft stupidity - it's the result of a reasonable design choice.
@UpNDown said:
I'm mildly surprised that app servers aren't required to isolate requests from each other by using a classloader per request.The line is a static (class) member that attempts to store the session object for the current request. If you have more than one user, you'll have more than one session and any use of such a class member will cause race conditions.
@blakeyrat said:
There are Scottish in the US, and no they are not subject to the legal system of Scotland. What legal system a person is under depends on their place of residence, not their nationality.
@tchize said:
I think english speaking people have an expression for this behaviour: haters gonna hate.
@Mithious said:
It's using it to pick which set of tax tables to use, so technically it's actually if the person is resident in Scotland rather than being Scottish. But that would have made for a less amusing title.
@Jedalyzer said:
Pure syllabic languages (like Japanese) have trouble with directly transcoding or transliterating (as opposed to translating, which is meaning-based) words from non-syllabic languages (like English or Spanish).
@dkf said:
I vaguely remember that there's a consistent axiom system which makes them different, something to do with categorization of infitesimals.
@AndyCanfield said:
Am I poor white trash, or do you guys on thedailyWTF all have monitors that are six feet wide and display five thousand pixels?
<pre>
content as 10px text on TDWTF forums (except in preview, where it's a more readable 12px), so the line you quoted is less than 600px wide for me.
@thatmushroom said:
You're steeped in code through school, and writing code is integral to a CS degree in the way math is integral to a physics degree. (Yes, I know CS != software engineering, but that still seems like a common enough degree->career path).
To call it "integral" would be to exaggerate the relationship between writing code and the CS degree course I studied. In the first year, it was necessary to write a total of about 200 lines. In the second year there was a group project; I wrote maybe 400 lines, but there was one person on my team allocated to documentation who didn't code anything, and I can't remember whether the project manager wrote any code either. In the third year, I chose to do a software project, but other options were hardware, pure theory, or probably even psychology (UX). It was definitely possible to graduate with a good grade having written only about 200 lines of code.
Maths is integral to a CS degree in the way it's integral to a physics degree, but getting any experience at writing code is a bonus.
@theflin said:
looks dodgy to me too. If
if (ddlULOReports.SelectedValue != "0" || string.IsNullOrEmpty(ddlULOReports.SelectedValue))
{
string reportName = ddlULOReports.SelectedItem.Text;
SelectedValue
is null or empty, I would expect there to be a non-zero probability that SelectedItem
is null. But that's just a bug rather than a WTF.
@theheadofabroom said:
I realise I was a little sloppy in some of my previous posts, but let's put the onus on those who think that 0.9 != 1. We've given several proofs that it isn't, some even without glaringly obvious holes.
@PJH said:
I'm not quite sure how you'd enforce what you're after without generating false-positives on (other standard(-ish)) things such as in_addr_t which aren't in The Standard, but are nevertheless ubiquitous, without special-casing them. And what of in-house derived types; for example in our common headers we have a timestamp_t type which is based on uint64_t.
I haven't explained myself clearly enough. The intention would be to allow use of e.g. uint64_t
but to reject direct use of e.g. long int
. One of the things that has frustrated me more than once is trying to port something from C and having to deduce from context what width the original author thought an int
was.
@PJH said:
@The_Assimilator said:To be honest, they don't really need to be specified in user source files at all, since uint64_t (found in stdint.h) exists as a portable method of specifying a type that has 64 bits (provided your platform can handle them that is.) or uint_least64_t if you need an int that can hold at least 64 bits (other flavours are available.)typedef unsigned long long int uint64;I'm a C/C++ noob, but this shit... this shit is why I hate those languages with a passion.
int
types outside stdint.h
?
@HardwareGeek said:
An even bigger bug, not evident from the sample, is that the quick-and-dirty getTrans() I wrote never returns a trans with valid == false; therefore, the for loop never terminates, and I had to ^C the program under Linux, since it didn't segfault.
getTrans()
even guarantees never to return NULL
.
@anonymous234 said:
Sure. But find me one online service, just one, that accepts "John Smith"@example.com as a sign up email. Because I just checked a dozen and couldn't. So whoever has an email address with spaces and @s in it clearly doesn't care about actually using it, so they can live without using my website either.
public static bool IsUsableEmail(string addr)
{
try { new System.Net.Mail.MailAddress(addr); return true; }
catch { return false; }
}
@mikeTheLiar said:
Stumbled across these three methods in a ~10K LOC God-Object.
@dkf said:
Check for: at least one non-whitespace, non-@ character, “@
”, at least one non-whitespace, non-@ character, “.
”, at least one non-whitespace, non-@ character. You don't want any spaces, you want exactly one @, and you want a qualified host name (but don't bother validating that; that requires a DNS check). That only causes problems with people who have empty mailbox names (is that legal?), people who want to use a locally-resolving host, or misguided fools who insist on specifying their mail host via IPv6, but fuck 'em. Oh, and for assholes who just spam random crap in form fields.
@Bulb said:
No. A MITM can intercept the message to payment operator, throw it to /dev/null and send a response pretending the payment was processed. And the system orders shipping the product because it believes the money were charged, but they were not.
Sure, it requires a MITM or DNS poisoning, but still, unnecessary weakness.
@Anonymouse said:
In theory... yes. In practice... well, the last time I had to try to get a SOAP client written in .NET to be able to access a service written in Java, I had to sacrifice three black chickens during a lunar eclipse just to get them to talk to each other without choking on the ever-so-slight deviations from the supposedly common standard that each implementation had.
@cvi said:
For random examples and "inspiration", there's Shadertoy.
@TheSchutte said:
Regardless, what you are doing is not pertinent to the post. So please F off.
@PJH said:
@method1 said:To be more precise: going the full 5 years was taken as a sign of weakness, holding out in the hope that the government's popularity would lift.They've stopped the ability of the ruling party to call elections whenever they wish in the UK.Hmm - didn't realise that...
Who decides to call a general election?
After the Fixed-term Parliament Act was passed on 15 September 2011, the date of the next general election is set as 7 May 2015. The Act provides for general elections to be held on the first Thursday in May every five years. There are two provisions that trigger an election other than at five year intervals:
- A motion of no confidence is passed in Her Majesty's Government by a simple majority and 14 days elapses without the House passing a confidence motion in any new Government formed
- A motion for a general election is agreed by two thirds of the total number of seats in the Commons including vacant seats (currently 434 out of 650)
Before this Act, the duration of a Parliament was set at a maximum of five years, although many were dissolved before that. The decision to call a general election was made by the Prime Minister by asking the Queen to dissolve Parliament.
@Rhywden said:
I still can't wrap my head around this entirely asinine legislative process where you can tack on several distinct and completely unrelated issues to a bill which has nothing to do with the additions.
@szigya said:
I work on a system every day which is made of bugs. Today I realized how stupid can be a human being. If someone have to pay as a punishment, the system stores it with id 204. Az idiot wrote into the code insert into ... punishment_reason=402. I looked for it and there is no 402 id in the punishment reason table.
@szigya said:
$sql="select blablabla where date=".$date;The only problem was that it returned null every time, because $date had not rounded by quotes.
COCA or BNC? They're intended to be corpora for serious research, but that doesn't mean that they can't be put to silly purposes.
@Stormtalons said:
For what it's worth, I was incredulous that so many people had such a hard time reading a stock chart as well, especially after the reasoning for it was pointed out.
Isn't this a Google decision implemented in Chrome rather than an Oracle decision implemented in the Java plugin?