Niantic Are a Bunch of Morons

So I play Pokémon Go. It’s something to do when I’m out and about on foot. I’ve recently got to the point where I actually care a bit about the relative strengths of my pokémon. To that end, I’ve started using the naming feature to include some details. However, due to the crazy short length limit for names, I have to abbreviate some of the longer pokémon names to fit the extra information in. Continue reading “Niantic Are a Bunch of Morons”

Walmart Dumbassery

So I was at Walmart today to purchase a couple of things. I encountered some truly dizzying dumbassery in not one, but two places. For reference, this was at the Sage Hill Walmart in Calgary.

First, I was buying cat litter. So I get to the cat liter section and what do I see? Well, take a boo at this:

Not carefully the top of the Slide box. Yup, that’s right. They’ve shoved it onto a shelf whose frontage space is shorter than the box is tall. I wonder what putz thought that was a good idea. To add insult to injury, the next shelf down does have enough space and in the position below, they have one of the smaller sized boxes (like the ones to the right of the Slide box in the picture).  Basically, whoever was setting up the shelves is <bleep> stupid.

But remember I said there were two cases? Well, take a look at this one (click on the image for full size so you can actually see the details):

Pay particular attention to the sale tags which read “2 for $3”. You’ll note they list the regular price as $1.67 and also proudly proclaim “Save 34¢ each”. This must be some kind of new math which I have not previously encountered. By my calculation, “2 for $3” means $1.50 each. Compared to the regular price, that is a 17¢ saving on each, or a total saving of 34¢. So, to the geniuses at Walmart, which is it: do I get 2 for $3 or do I save 34¢ each? It can be one or the other. Not both.

In the second case, I wasn’t actually buying the product so I didn’t bother trying to argue with them about it. I also didn’t have time to spend an hour arguing with bored store representatives to get them to understand why it was a problem.

The first problem is actually less problematic than the second one since in the first case, you know that they got the boxes in so there must be a way to get them out. And they had the correct price tags in place. The second one, however, probably has legal implications given that they are advertising two different sale prices for the same item. I wonder how often that particular error pops up (listing the total saving as though it is for each item).

Anyway, the moral of this story is that you should pay attention to price signs in stores. There’s a good chance I could have got that “2 for $3” item for the actual price of “2 for $2.66” which is what it would have to be to save 34¢ on each of the pair.

The other moral is for people who are stocking shelves and people who decide what the shelf layout should be. Make sure you put items on shelves where they can be properly accessed. There’s nothing more annoying that wanting to buy an item and having to solve a puzzle in order to get it off the shelf. That means the shelf needs to have front clearance to easily remove the item from the shelf, including any rotation that would typically occur and space for the customer’s hands. That means you can’t put a six pack of soda bottles on a shelf that has just a couple of millimetres clearance, either, but even that is better than the nonsense depicted above with the cat litter.

Welp, that’s all for now, folks.

 

Was Andy Dufresne Guilty?

I’ve just watched the latter half of Shawshank Redemptionfor the third time in about two weeks. If you haven’t seen it, you should watch it. I expect film school, drama, and even classics students to be studying it far into the future. But that’s not my point. Rather, this time I got to thinking about why I like the movie so much. I’m going to go into that here, so spoiler alert. You have been warned.

Continue reading “Was Andy Dufresne Guilty?”

Latest WordPress Security Debacle

Probably nobody is really aware of the recently discovered security flaw in the WordPress core. (See https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/ for the official word on the matter.) This flaw affects the wpdb object’s prepare() method and allows for potential SQL injection attacks. Of course, that raises an important question: why are we still getting these types of vulnerabilities in projects like WordPress? Well, I have an opinion on that. Obviously.

Anyway, you can see the technical details of the vulnerability over here. That link goes into more detail than you ever wanted on how the vulnerability works, why it’s a problem, and why it’s due to a fundamental flaw in the API design.

I don’t have anyting of substance to add to that analysis. However, I do want to say the following:

  • This is not due to WordPress’s use of PHP. Using another language but implementing things in any substantially similar way would have exactly the same problems.
  • This type of problem is not restricted to WordPress. Other high profile projects have been hit with similar API and/or implementation flaws.
  • Proper implementation which does proper input validation can help but will not fix fundamental API design flaws.
  • Incompetent or ignorant coders will find ways to implement security problems no matter how good your API is. However, that’s no excuse to just throw your hands up and say, “What’s the point?”.
  • Even where backwards compatibility is important, it is still possible to implement and deploy a new saner API and then deprecate the old problematic one. Every project with dodgy APIs like the one in this instance should be doing the same thing.
  • Rolling your own database abstraction layer is a dumb idea. Especially if the language environment you are using provides one that is reasonably good.

That’s about all I have to say on this matter at this time. I do encourage you to read the detail link above and understand it. It will give you some good insight on how not to design APIs with an eye toward database APIs.

The Train Crash Dilemma

You have, no doubt, at least heard of the train crash dilemma. Put simply, it goes something like this: A train is approaching a two-way switch. On the currently selected track, there is a group of five people who will be hit if nothing changes. On the other track, there is a single person who will be safe if nothing changes. You are in a position to be able to change the switch direction. Would you act (change the switch) or do nothing (leave the switch alone)? Continue reading “The Train Crash Dilemma”

MasterCard Enables Fraud

Yes, the headline is clickbait. However, it is also accurate.

So I had some fraudulent charges on my MasterCard back in June. That did not unduly alarm me. I knew I needed to call my card issuer and disput the charges. I did so and they reversed them, cancelled the card, and issued a new one. All was well with the world. This is what should happen, after all. Alas….

TL;DR: Cancelling a card and getting a replacement after a fraudulent doesn’t necessarily stop the fraudulent charges due to some fuckwit at MasterCard thinking that “force billing” (allowing a merchant to obtain the new card number) is a good idea. My conclusion: “force billing” should be illegal.

Continue reading “MasterCard Enables Fraud”

SourceCop Redux

Quite some time back, I mentioned SourceCop in a diatribe on source obfuscation. Today someone apparently representing SourceCop wrote a comment on that post which reads very much like a commercial for their product. I did not approve the comment because my blog is not a sales platform and also because it was quite long. I have, however, chosen to reproduce most of it here and address the points it makes. You may want to read the previous article for context. Continue reading “SourceCop Redux”

Color Basic and String Handling

In his recent article on Color Basic String Theory, Allen Huffman raises some interesting points. It turns out that Color Basic (on the TRS-80 Color Computer) has a very straight forward way of handling strings but there are some details that arise from it that may prove a bit surprising. Additionally, there are requirements and limitations that drive some of the design of the string handling system. I’m going to go into detail on just how Color Basic handles strings behind the scenes.

Continue reading “Color Basic and String Handling”