|
This inspired me a little haiku! 
if (nameOfUser)
name ++;
for (var word = 0; word < name; lowercase(ref word)) {
Comments(ref products);
}
|
|
|
|
|
Well, with number two ... why not flush down the sh1t?
|
|
|
|
|
WTF? Whoever wrote that code needs to have a frontal lobotomy... As they are obviously antisocial psychopaths!
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
Given that they wrote the code to begin with, I think the lobotomy is already accomplished.
Software Zen: delete this;
|
|
|
|
|
What if he already had one? 
|
|
|
|
|
Those variable names look just like ones that were used at a place I used to work. There is a reason I don't work there any more. 
Just because the code works, it doesn't mean that it is good code.
|
|
|
|
|
Maybe someone else wrote perfectly sensible application with full names and such...and deployed it obfuscated...finally, someone (obviously not the same someone  ) reflected it back to code and sold it as his own 
|
|
|
|
|
|
True, it can weed out script kiddies searching for easy exploit to run.
However, for a targeted attack, it does not trick the attacker very long, as there is lots of way to fingerprint the underlying server.
I think a better protection is lying, not hiding. Make them believe you run on Apache while you are using IIS.
|
|
|
|
|
Who needs attacks based on vulnerabilities in the server or framework, when so many sites are open to SQLi, XSS or XSRF? 
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Who needs SQLi, when more sites are vulnerable to a DDoS?
You look at the entire chain, and a weak link cannot be justified with pointing out other dangers.
Bastard Programmer from Hell 
If you can't read my code, try converting it here[^]
|
|
|
|
|
A DDoS will take the site down for a while, or even permanently. SQLi will leak your entire database to any script-kiddie with the right tool, and you'll end up facing massive fines and compensation claims.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: you'll end up facing massive fines and compensation claims
I see lots of articles where some large firm leaked passwords, but I never heard anything about "claims" or compensation.
Even if you did not have the luxury of checking all the code of the outsourced devs' group for SQLi, and you'd have to rely on their word; point is that you don't ignore the rest of potential problems, simply because some other may exist.
..but yes, I do hope that claims will be more common in the future. Only then would companies have a financial incentive to keep their security up-to-date.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Sadly, that seems to be the default setting with Apache. I've seen it often with directory listings.
|
|
|
|
|
I just replaced
Math.PI
with
Trigo.π
Trigo being a static class and π a const double.
It works for ϕ (the Golden Number) also.
I tried that with ℮ also (the base of natural logarithms), but this is not a valid identifier character.
I never finish anyth
|
|
|
|
|
If this becomes widespread, reading code will be even more difficult than it is now. Leaving aside Chinese ideograms, Kanji, etc., how many of you would understand the following code (not the algorithm, its purpose):
double[] מחיר = new double[100];
double[] כמות = new double[100];
...
double סהכ;
for (auto אינדקס ;100 > אינדקס ;0 = אינדקס++)
[אינדקס]מחיר * [אינדקס]כמות =+ סהכ;
Do we really want to have to read code with Google Translate open in a separate window?
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
That's not a Math.PI replacement proposal, is it?
I was just exploring aroung Unicode and variable names and found out that using greek letter is allowed for identifiers.
But I'm not saying that it should be done. Of course having localized variable names would be a nightmare.
I never finish anyth
|
|
|
|
|
phil.o wrote: That's not a Math.PI replacement proposal
I stand corrected. I thought that this was something that you had actually encountered in production code. 
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
I do!
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
at least you don't need to spend money on an obfuscator.
|
|
|
|
|
Dunno about that, if I had to work on that codebase, I think starting by running it through a bottom end obfuscator that replaced all the variables with 'a', 'b', 'c', etc. would be a good start.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Im working at Japan, so 1 day my task is review some code of the internship, and he naming variables with Kanji (im not Japanese). Its like a pain in the a..
In code we trust !
|
|
|
|
|
Using escape characters is also fun:
public const double \u0050\u0049 = 3.14;
public const double PI = 3.14;
modified 15-Oct-15 8:25am.
|
|
|
|
|
That pretty much leads to code obfuscation
Even π is more readable than \u03C0.
But, again, I don't want to defend the use of extended unicode characters for type and member names. That was just a trial-for-fun, I'm exploring C# 6.
I never finish anyth
|
|
|
|
|
No! No public single-character identifiers! 
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
