Comment On Mentors, the Freshmaker

And so the student becomes the master.

With that password, the student can become the mentor!

It's pretty bad that the mentor was writing code like that. It's even worse that the mentor thought he was a good enough programmer to teach others his bad ways. Ignorance FTL [:P].

This is nothing a couple of Mentos can't take care of. 

he must be above all the "new thingies" those young bucks use! Ha, who uses RDBMS anyways! ^o)

CAPTCHA: DOOM

Well shit on me and call me a sunday :|

The mentor /still/ shouldn't have been groaning.  If it was a flat text file surely a quick search and replace (ie sed "s/

Oh, and I hope he used some obfuscated homebrew hashing algo on the password file.....

probably not.

Could've saved all that trouble by discovering the 'search engine'...

Are you kidding me??  And a client paid him for this.  I hope the student introduced the master to the 20th century.  Correct me if I'm wrong but what happens when the client inputs thousands of records and the text file database gets bigger and bigger?  It might not be today or next month but if the client continues to use this for several years this could become a problem.

And don't get me started on the password.txt file.

This just reinforces my desire to create a web bot that simply crawls the web looking for password(s).txt.

I imagine I'd be quite surprised at what I'd find.




Everyone knows that for security reasons you create a passwords.txt and put the user names in it, and a seperate users.txt that contains the passwords. I mean, cmon now!

Anonymous:

This just reinforces my desire to create a web bot that simply crawls the web looking for password(s).txt.

I imagine I'd be quite surprised at what I'd find.




Everyone knows that for security reasons you create a passwords.txt and put the user names in it, and a seperate users.txt that contains the passwords. I mean, cmon now!

Right on.  That's how my bank does it.

A file called AccountNumber with my balance in it and one called AccountBalance with my account number.

stupid forum...


The mentor /still/ shouldn't have been groaning.If it was a flat text file surely a quick search and
replace (ie sed "s/<h2>/<h3") should have been enough...if anything that was an advantage of
the flat file over a database (about the only one). Oh, and I hope he used some obfuscated homebrew
hashing algo on the password file.....probably not.


It's scary how often I see this happen. Before doing a project, always
sit down the designers and the developers. It's amazing the time you
save.

WTF! clearly, he should've named the file

obscurenameforthepasswordsfile.txt

Another perfect stinker! On a side note, where does one find a
reference "Here's the best way to do a task..." for a particular
language? Reading through the programming manual will give you the
syntax structure for what needs to be done. To understand how to best
apply a toolset seems to be reading through tons of posts on the web,
skimming past flame wars on where to put the "{" etc.



I ask because I am now starting off with Flex-2 development. I'm ok
with sytax, structure and relationships (to a degree at least), but,
stuck at "whats the best way to do things like check for login status,
cross communicate between panels/forms...is that a 'no/no' " and so on.
Any suggestions on the best way to quickly get up on
application-level-development for a particular language (is there a
book series slanted this way??) - and if you have any particularly good
suggestions on Flex2, I'd much appreciate it!



-Mike

But the Mentor was wearing over 35 pieces of flair!

passwords.txt .... that's just precious [Y]

If the entire 'DB' was really in a flat text file, it should be pretty easy to change all the H1's to H2 or whatever.

MikeMontana:

. Any suggestions on the best way to quickly get up on application-level-development for a particular language (is there a book series slanted this way??) - and if you have any particularly good suggestions on Flex2, I'd much appreciate it!

-Mike

I've always like the O'reilly "cookbook" series...they always have good recipes for that sort of thing.

The password file looked fairly secure to me!  Both the User ID and Password were "Doubly encrypted using ROT-13"!

The problem with consultants is that the ones with sufficient people skills to convince someone to give them the job often have insufficient development skills.  This sounds like a salesperson who picked up a Learn HTML Programming in 21 days book.  If PHB's had any brains at all, they'd think, in this order:

1. I'm smooth, but I don't know jack about programming.
   
2. I know a ton of people like me.
   
3. This consultant is smooth.
   
4. Therefore, there's a decent chance s/he doesn't know jack about programming.

MikeMontana:

where does one find a reference "Here's the best way to do a task..." for a particular language? Reading through the programming manual will give you the syntax structure for what needs to be done. To understand how to best apply a toolset seems to be reading through tons of posts on the web, skimming past flame wars on where to put the "{" etc.

I ask because I am now starting off with Flex-2 development. I'm ok with sytax, structure and relationships (to a degree at least), but, stuck at "whats the best way to do things like check for login status, cross communicate between panels/forms...is that a 'no/no' " and so on. Any suggestions on the best way to quickly get up on application-level-development for a particular language (is there a book series slanted this way??) - and if you have any particularly good suggestions on Flex2, I'd much appreciate it!

There is no such thing. You seem to be confusing language with implementation. Languages have features that may ease the burden of very small tasks but they do not change the basis of a good pattern.

Actually, this could be pretty easily done with a Perl/Python/awk/etc.

if /^\.+\<\/h2\>/

   s/font-size:14px;/font-size:16px; text-align:left;/

Or whatever...

Still a wtf.

FIRST!!!!

 

(OK, I know the actual "first" was nearly an hour ago, but no one had done it yet, and when has no being first actually stop someone from post "first"?)

JamesCurran:

FIRST!!!!

 

(OK, I know the actual "first" was nearly an hour ago, but no one had done it yet, and when has no being first actually stop someone from post "first"?)

Neither first, frist nor brillant!!!

The real WTF is that 'style=' is allowed in any element, ever.

When I waste time thinking about this (not often except when confronted with WTFery like today's example), I wonder just what they were thinking.

Um, I was talkiong about MY post, not James C's post ;)

Do you really think that someone who codes their layout into a flat file would know how to easily replace the formating using code?

Cooper:

The real WTF is that 'style=' is allowed in any element, ever.

When I waste time thinking about this (not often except when confronted with WTFery like today's example), I wonder just what they were thinking.

Want to take out style=, eh?

Anonymous:

The problem with consultants is that the ones with sufficient people skills to convince someone to give them the job often have insufficient development skills.  This sounds like a salesperson who picked up a Learn HTML Programming in 21 days book.  If PHB's had any brains at all, they'd think, in this order:

1. I'm smooth, but I don't know jack about programming.
   
2. I know a ton of people like me.
   
3. This consultant is smooth.
   
4. Therefore, there's a decent chance s/he doesn't know jack about programming.

Like I have always said:

1. Those who can, Do


2. Those who can't, Sell


3. Those who can't sell, are Consultants

Not really a WTF to me.  There's nothing more fun than wading through a stylesheet with a ton of one-off styles.  (Especially since, after awhile, you just flat run out of decent names for elements and start using td000001 and other egregious crap like that.)

Actually, that comment was directed at the "removing 'style='" comment, not at completely restying <h2> inline, which is, of course, completely dorky. 

makomk:

Cooper:

The real WTF is that 'style=' is allowed in any element, ever.

When I waste time thinking about this (not often except when confronted with WTFery like today's example), I wonder just what they were thinking.

Want to take out style=, eh?

That is an instant CLASSIC!

You, sir, have a Paula (aka brillant) mind

Heck, no search and replace is necessary.  Just put in at the top:
h2 { font-size: 18px !important; }
and that should override all the inline styles.   It's just a quickfix, but it'll appease the clients while the html gets cleaned up.

But yeah, definitely time to get a new mentor.

Anonymous:

Heck, no search and replace is necessary.  Just put in at the top:

h2 { font-size: 18px !important; }

and
that should override all the inline styles.   It's just a quickfix, but
it'll appease the clients while the html gets cleaned up.

"While the html gets cleaned up"?





Made me laugh out loud. Surely one thing that'll never happen. Ever.


I can only try to imagine...





< !-- 2003-03-10: quick css fix for now. Will cleand up html later -->

Anonymous:

This just reinforces my desire to create a web bot that simply crawls the web looking for password(s).txt.

I imagine I'd be quite surprised at what I'd find.

Just use google:

• I hope this guy didn't get an A on his project: http://dlib.cs.odu.edu/completed_projects/ncstrl+/authortool/password.txt
• This one has a special text file per each user: http://home.iae.nl/users/geerings/password.txt
• This message board is a hoot. Note that it stores all messages as html files: http://lostillusion.net/LI/Board/
• Not only does this one store the password on the web in cleartext, it also has only one possible user: http://www.anunciosdeocasion.com/cgi-local/password.txt

etc. etc. find more here: http://www.google.com/search?q=inurl%3Apassword.txt&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official

Anonymous:

Anonymous:

Heck, no search and replace is necessary.  Just put in at the top:

h2 { font-size: 18px !important; }

and
that should override all the inline styles.   It's just a quickfix, but
it'll appease the clients while the html gets cleaned up.

"While the html gets cleaned up"?





Made me laugh out loud. Surely one thing that'll never happen. Ever.


I can only try to imagine...





< !-- 2003-03-10: quick css fix for now. Will cleand up html later -->

Perhaps followed by

< !-- 2006-04-19: corrected comment to "Quick CSS fix for now.  Will clean up HTML later" -->

The HTML is still in the "later" pile.  The comment is more accurate now though.

Sincerely,

Gene Wirchenko
 

Regarding steps to set up a web application, here is the quick list.

1. Setup a real Database. (MySQL, Oracle, PostgreSQL, etc.)
2. Setup your htaccess file
3. Use the tools your language supports (PHP, ASP, JSP, etc.)
1. e.g. If you find yourself inventing something... STOP, Google it, and get back to work
4. Do not put markup in the database
5. Modular is good, but use common sense
6. **If you're not sure, ask an expert!**
7. Lather, rinse, repeat
   

Cooper:

The real WTF is that 'style=' is allowed in any element, ever.

At some point in time, (early 2003,) XHTML 2.0 was going to have the STYLE attribute removed completely.

But people must have whined enough to get it put back.  :-(

It's still in the draft specification.

PCBiz:

Correct me if I'm wrong but what happens when the client inputs thousands of records and the text file database gets bigger and bigger?  It might not be today or next month but if the client continues to use this for several years this could become a problem.

I'm convinced that many sub-par consultants actually engineer these disasters as a form of job security.  If you think about it, it makes sense. 

Rather than deal with all that planning and design crap, you mash something together that works for the current situation. If you build a system that will inevitably fail as the client's business grows, you have an opportunity to come back in and do the same thing on a larger scale (interpreted, more $$$).  If the client dies out, then you saved some otherwise unrecoverable brain cells.

I'll call it... Consulting 2.0.

Noam Samuel:

Anonymous:

This just reinforces my desire to create a web bot that simply crawls the web looking for password(s).txt.

I imagine I'd be quite surprised at what I'd find.

Just use google:

• I hope this guy didn't get an A on his project: http://dlib.cs.odu.edu/completed_projects/ncstrl+/authortool/password.txt
• This one has a special text file per each user: http://home.iae.nl/users/geerings/password.txt
• This message board is a hoot. Note that it stores all messages as html files: http://lostillusion.net/LI/Board/
• Not only does this one store the password on the web in cleartext, it also has only one possible user: http://www.anunciosdeocasion.com/cgi-local/password.txt

etc. etc. find more here: http://www.google.com/search?q=inurl%3Apassword.txt&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official

Yes, that's true, but google only picks up links. He's talking about a spider that specifically requests "password.txt" in every single folder in every site it finds. Google won't. (On the other hand, some worm probably does.)

Admittedly most sites that stupid run a good chance of having an external link to it somewhere.

That's some WTF to be sure.



Surely the 'mentor' could easily fix the formatting problems with judicious use of sed?

I only wish I could comment on this without making my own employer look too brillant.

Actually the problem is not just with consultants.  It
is also with customers who want a cheap solution and buy without having any
real idea what can actually be delivered for the amount of cash they are
paying.



Also the consultants who can sell and actually deliver complex solutions cost a
packet of cash.  Said consultants are often undercut by the dodgy
consultants with no real capability - this gives consultants in general a bad
name.

 BTW – I work for a consulting company who in general
delivers quite complex stuff that customers are on the whole reasonably happy
with.  Hence the defence of consultants.

doubly-linked list of today's activity:

  delete password.txt

  new brillantmoose.txt: "tickle my unda belly!"

  new ticklemyundabelly.txt: "brillant moose"

whoops!  I dialed the wrong number again...WTF, this is even my phone! [li] <click>

 

loneprogrammer:

Cooper:

The real WTF is that 'style=' is allowed in any element, ever.

At some point in time, (early 2003,) XHTML 2.0 was going to have the STYLE attribute removed completely.

But people must have whined enough to get it put back.  :-(

It's still in the draft specification.

Note: use of the style attribute is strongly discouraged in favor of the style element and external style sheets. In addition, content developers are advised to avoid use of the style attribute on content intended for use on small devices, since those devices may not support the use of in-line styles.

Just curious, what difference does it make?

Smoothness is correlated with how much practice one has with selling/interviewing.  Those who are really valuable generally don't interview a lot (because they get jobs right away). 

At least in my experience.  I've often picked those who don't interview quite as well (appear a bit flustered or speak too fast, that sort of thing).  I look at qualifications primarily, of course, but if they're too smooth it makes me suspicious.

The real real WTF is the hard-to-guess username/password combination. I'm sure intruders would never try "admin:admin"!

BlackTigerX:

WTF! clearly, he should've named the file

obscurenameforthepasswordsfile.txt

Or 'New Text Document.txt' , or 'Book1.xls'

Everyone's got one of those somewhere and no one knows what they are for.

NancyBoy:

loneprogrammer:

Note: use of the style attribute is strongly discouraged in favor of the style element and external style sheets. In addition, content developers are advised to avoid use of the style attribute on content intended for use on small devices, since those devices may not support the use of in-line styles.

Just curious, what difference does it make?

The point of CSS is that it controls the way HTML documents appear to the user.

The HTML document does not have to look like any particular image on-screen.  This is because HTML can be presented in many ways -- on a computer, on a phone, on paper, or even read as speech for blind people.  In HTML, a <p> tag means "this is a paragraph" but it does not have to be any particular font or color or size, or in any particular place on-screen.  Some people might be blind and need to have the paragraph read aloud, others might have bad sight and need a very large font, or different colors that they see better.  The user might be using a phone and have a very small screen.

You should not hardcode HTML directly into a database table, and you should not hardcode CSS directly into your HTML tags, either.

When classes are used with CSS, the class itself has the CSS attributes.  That means you can create a class called "mainbody" for the main text of a blog, for example.  Then you can set the font, color, size, etc., for the main text.  It automatically applies to all elements that belong to that class, so the entire blog can have new colors just by changing one CSS file.  People with special needs can create custom CSS to override the web site's settings in their own web browser.

If you hardcode the CSS directly into every page of the blog, then you lose all that.

The reason that the style attribute was left in is so that you can still write <span style="color: red"> I want some red text here </span> if you need to do that, because you might be unable to change the rest of the HTML (you might be sending HTML to a DailyWTF post, for example) or if you just want to make something red in just one place and you don't want a CSS class for that (and you don't care about people who are colorblind and can't see red things).