Niantic Are a Bunch of Morons

So I play Pokémon Go. It’s something to do when I’m out and about on foot. I’ve recently got to the point where I actually care a bit about the relative strengths of my pokémon. To that end, I’ve started using the naming feature to include some details. However, due to the crazy short length limit for names, I have to abbreviate some of the longer pokémon names to fit the extra information in. Continue reading “Niantic Are a Bunch of Morons”

Walmart Dumbassery

So I was at Walmart today to purchase a couple of things. I encountered some truly dizzying dumbassery in not one, but two places. For reference, this was at the Sage Hill Walmart in Calgary.

First, I was buying cat litter. So I get to the cat liter section and what do I see? Well, take a boo at this:

Not carefully the top of the Slide box. Yup, that’s right. They’ve shoved it onto a shelf whose frontage space is shorter than the box is tall. I wonder what putz thought that was a good idea. To add insult to injury, the next shelf down does have enough space and in the position below, they have one of the smaller sized boxes (like the ones to the right of the Slide box in the picture).  Basically, whoever was setting up the shelves is <bleep> stupid.

But remember I said there were two cases? Well, take a look at this one (click on the image for full size so you can actually see the details):

Pay particular attention to the sale tags which read “2 for $3”. You’ll note they list the regular price as $1.67 and also proudly proclaim “Save 34¢ each”. This must be some kind of new math which I have not previously encountered. By my calculation, “2 for $3” means $1.50 each. Compared to the regular price, that is a 17¢ saving on each, or a total saving of 34¢. So, to the geniuses at Walmart, which is it: do I get 2 for $3 or do I save 34¢ each? It can be one or the other. Not both.

In the second case, I wasn’t actually buying the product so I didn’t bother trying to argue with them about it. I also didn’t have time to spend an hour arguing with bored store representatives to get them to understand why it was a problem.

The first problem is actually less problematic than the second one since in the first case, you know that they got the boxes in so there must be a way to get them out. And they had the correct price tags in place. The second one, however, probably has legal implications given that they are advertising two different sale prices for the same item. I wonder how often that particular error pops up (listing the total saving as though it is for each item).

Anyway, the moral of this story is that you should pay attention to price signs in stores. There’s a good chance I could have got that “2 for $3” item for the actual price of “2 for $2.66” which is what it would have to be to save 34¢ on each of the pair.

The other moral is for people who are stocking shelves and people who decide what the shelf layout should be. Make sure you put items on shelves where they can be properly accessed. There’s nothing more annoying that wanting to buy an item and having to solve a puzzle in order to get it off the shelf. That means the shelf needs to have front clearance to easily remove the item from the shelf, including any rotation that would typically occur and space for the customer’s hands. That means you can’t put a six pack of soda bottles on a shelf that has just a couple of millimetres clearance, either, but even that is better than the nonsense depicted above with the cat litter.

Welp, that’s all for now, folks.

 

Latest WordPress Security Debacle

Probably nobody is really aware of the recently discovered security flaw in the WordPress core. (See https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/ for the official word on the matter.) This flaw affects the wpdb object’s prepare() method and allows for potential SQL injection attacks. Of course, that raises an important question: why are we still getting these types of vulnerabilities in projects like WordPress? Well, I have an opinion on that. Obviously.

Anyway, you can see the technical details of the vulnerability over here. That link goes into more detail than you ever wanted on how the vulnerability works, why it’s a problem, and why it’s due to a fundamental flaw in the API design.

I don’t have anyting of substance to add to that analysis. However, I do want to say the following:

  • This is not due to WordPress’s use of PHP. Using another language but implementing things in any substantially similar way would have exactly the same problems.
  • This type of problem is not restricted to WordPress. Other high profile projects have been hit with similar API and/or implementation flaws.
  • Proper implementation which does proper input validation can help but will not fix fundamental API design flaws.
  • Incompetent or ignorant coders will find ways to implement security problems no matter how good your API is. However, that’s no excuse to just throw your hands up and say, “What’s the point?”.
  • Even where backwards compatibility is important, it is still possible to implement and deploy a new saner API and then deprecate the old problematic one. Every project with dodgy APIs like the one in this instance should be doing the same thing.
  • Rolling your own database abstraction layer is a dumb idea. Especially if the language environment you are using provides one that is reasonably good.

That’s about all I have to say on this matter at this time. I do encourage you to read the detail link above and understand it. It will give you some good insight on how not to design APIs with an eye toward database APIs.

The Train Crash Dilemma

You have, no doubt, at least heard of the train crash dilemma. Put simply, it goes something like this: A train is approaching a two-way switch. On the currently selected track, there is a group of five people who will be hit if nothing changes. On the other track, there is a single person who will be safe if nothing changes. You are in a position to be able to change the switch direction. Would you act (change the switch) or do nothing (leave the switch alone)? Continue reading “The Train Crash Dilemma”

SourceCop Redux

Quite some time back, I mentioned SourceCop in a diatribe on source obfuscation. Today someone apparently representing SourceCop wrote a comment on that post which reads very much like a commercial for their product. I did not approve the comment because my blog is not a sales platform and also because it was quite long. I have, however, chosen to reproduce most of it here and address the points it makes. You may want to read the previous article for context. Continue reading “SourceCop Redux”

The “St. Ives” Riddle

I’m sure almost everyone has heard the “St. Ives” riddle in one form or another. It goes as follows:

As I was going to St. Ives,
I met a man with seven wives,
Each wife had seven sacks,
Each sack had seven cats,
Each cat had seven kits:
Kits, cats, sacks, and wives,
How many were there going to St. Ives?

There are a few variations to the above. This discussion is based on the above text as written so any criticism bringing in other versions or what have you is not relevant.

There are a few different answers for it. The general consensus seems to be that the correct answer is one. My assertion is that the general consensus is wrong. My reasoning generally parallels the reasoning that leads to the conclusion that one is the correct answer but the final conclusion differs.

First, the narrator is going to St. Ives. Normally, if you meet someone on the road, it’s because they are going in a different direction or are not going anywhere at all. (It seems that “meet” had a much tighter definition in the time when the riddle was first framed so this is actually reasonable.) In either of those cases, the only mentioned person or thing going to St. Ives would be the narrator. Thus, the answer is one, correct? After all, we know the narrator is going to St. Ives. Except that doesn’t fit. The rhyme specifically calls out “kits, cats, sacks, and wives” in the question. Note that it does not include the man or the narrator! That means that neither the narrator nor the man with the wives can be included in the answer.

The other assumptions I made to arrive at the above are:

  • The narrator is not a wife. That is a reasonable assumption but there is no actual evidence to support it. If the narrator happens to be a wife, that allows you to justify an answer of one. However, bringing in unstated information is generally not considered valid for a riddle since that would allow any random answers to be justified.
  • The second to last line is not there for mere decoration or to fill out the rhyme. That is a reasonable assumption since doing anything other than considering the entire text is cherry picking and that can be used to defend all manner of answers.

You could argue that everyone is going to St. Ives depending how you interpret “met”. Considering the age of this particular riddle, it’s reasonable to assume that “met” refers to oncoming traffic. If, however, we apply a looser modern interpretation of “met”, perhaps the narrator caught up with the man’s party, which is not unreasonable if he is travelling with seven wives. That would mean everyone is going to St. Ives. In that case, you would have to do the calculation and arrive at 2800 (the total number of kits, cats, sacks, and wives). Again, one suggested answer for this circumstance is 2801 but that’s not defensible at all, even if you do interpret things to include the narrator and the man. In that case, the answer would be 2802. However, as noted above, the question specifically enumerates the kits, cats, sacks, and wives so the man and the narrator should not be included. That means only 2800.

I should note at this point that there is a variation where the narrator only meets the seven wives and there is no mention of the man. In that case, if you count everyone and everything, then 2801 would be valid. However, as long as the man is mentioned, 2801 cannot be defended.

Civilization V – Venice

With the impending Civilization VI release, I thought it would be amusing to do a few posts about Civilization V, particularly because it looks like I won’t be able to purchase Civilization VI when it is released because all signs point to there being no Linux port. In fact, rumour has it there won’t ever be one and the reported reasons for that are complete BS. But that’s beside the point.

Just recently, I decided to finally play a game as Venice. I set it up as the one city challenge since, why not. Venice is only allowed to found one city anyway. The only difference for Venice in the one city challenge is that it is not possible to control additional cities (puppets). Continue reading “Civilization V – Venice”

cphulkd sucks

One of the unfortunate things about my day job is that I have to manage a server running cPanel. Some folks insist on cPanel because it has all these fancy gewgaws, features, widgets, and the like. However, once you start trying to manage a server running cPanel for more than a few trivial web sites, you start to discover just how terribly engineered it is, and it has absolutely no excuse for that. One particular feature I recently tripped over hard is cphulkd, which is cPanel’s answer to brute force detection. Continue reading “cphulkd sucks”

The PHP Encryptor Scam

At $dayjob, I recently encountered a WordPress installation that was created by some overseas developers on behalf of our client. Let’s call the client Fred. So Fred asks me to make a duplicate of his site on a subdomain so he can have some development work done without messing up the live site. That’s perfectly reasonable and ordinarily poses no problems. You just duplicate the WordPress files and database, update the configuration file, maybe fix a hard coded URL or two, and Bob’s your uncle. Alas, this time it was not that simple. Continue reading “The PHP Encryptor Scam”

Responding to Mythbusting Linux

I just encountered a video done by one Matthew Moore. He calls it “Mythbusting Linux”. You can find it over on Youtube here. For the most part, what Matthew says in the videos is accurate enough. However, there are a couple of points where he misrepresents or misunderstands the specific situation. Continue reading “Responding to Mythbusting Linux”