Coding Horrors: You can gather all your technical debt into one easy framework!

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1501 »

leper khan: Dec 28, 2010; Honest to god thinks Half Life 2 is a bad game. But at least he likes Monster Hunter.

Got some third party code to integrate into the build temporarily this morning.

Aside from being a "singleton" where there's no guarantee multiple things aren't created (you'll just leak resources), multiple of them could be useful, and doing in a thousand lines what you could do in a hundred, they intersperse field declarations, function declarations and internally defined classes without any structure. Oh and everything is public because of course it is.

How do people live with themselves like that.

Fake e:
Just found that one of the things (no accessor so it's internal) declared randomly though the code is only ever used in one function that will always allocate a new one and return it.

# ? Apr 24, 2017 15:16

Adbot: ADBOT LOVES YOU

# ? Apr 25, 2024 02:28

Hammerite: Mar 9, 2007; And you don't remember what I said here, either, but it was pompous and stupid.; Jade Ear Joe

nielsm posted:

The user account the process was running as did not have write access to C:\ so user Windows account virtualization kicked in and redirected the write to the user's personal VirtualStore directory instead. That's a feature of UAC that lets software access files in locations like C:\Program Files\ and C:\Windows\ and write to them without actually touching system-global stuff and requiring local administration permission.

Works as intended.

That's a "feature", silently putting files somewhere other than where I asked for them to be put rather than throwing a big noisy error about it so I know something is wrong? Windows can gently caress off too.

# ? Apr 24, 2017 15:29

Dirty Frank: Jul 8, 2004

Hammerite posted:

That's a "feature", silently putting files somewhere other than where I asked for them to be put rather than throwing a big noisy error about it so I know something is wrong? Windows can gently caress off too.

I want this from my programming languages and APIs etc, but for an OS I play films and games and print poo poo with I just want it to work. Windows would be worse without this feature, even if it does make devs lives harder sometimes.

# ? Apr 24, 2017 16:04

nielsm: Jun 1, 2009

It's a feature to make horrible old software that wants to write its configuration files in dumb places still work.

# ? Apr 24, 2017 16:09

SupSuper: Apr 8, 2009; At the Heart of the city is an Alien horror, so vile and so powerful that not even death can claim it.

Hammerite posted:

That's a "feature", silently putting files somewhere other than where I asked for them to be put rather than throwing a big noisy error about it so I know something is wrong? Windows can gently caress off too.

Software throwing big noisy errors on upgrades is what gets users to drop operative systems.

For reference, the illusion is intended for the software, not the user. If a non-admin application writes to "C:\butts", and then later goes on to read from "C:\butts", it still works, even though there was never actually anything in "C:\butts".

But it's the developer's job to specifically opt out of this behavior and handle file permission errors, which of course they don't.

# ? Apr 24, 2017 16:28

Hammerite: Mar 9, 2007; And you don't remember what I said here, either, but it was pompous and stupid.; Jade Ear Joe

I'm trying to have a good old self-indulgent whine here because I resent dealing with Oracle stuff all morning, and none of you are helping!

# ? Apr 24, 2017 16:40

Dirty Frank: Jul 8, 2004

Hammerite posted:

I'm trying to have a good old self-indulgent whine here because I resent dealing with Oracle stuff all morning, and none of you are helping!

haha, sorry bud. I'm entirely on the gently caress Oracle train though.

# ? Apr 24, 2017 16:41

SupSuper: Apr 8, 2009; At the Heart of the city is an Alien horror, so vile and so powerful that not even death can claim it.

Hammerite posted:

I'm trying to have a good old self-indulgent whine here because I resent dealing with Oracle stuff all morning, and none of you are helping!

Well it is Oracle's fault for leaving it to Windows to pick up its mess.

# ? Apr 24, 2017 16:43

Munkeymon: Aug 14, 2003; Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.

nielsm posted:

The actual hard part is keeping validation at both ends in sync, or ideally making a solution to use a single code base for both.

Just use WebForms :downs:

# ? Apr 24, 2017 16:59

Volguus: Mar 3, 2009

nielsm posted:

The actual hard part is keeping validation at both ends in sync, or ideally making a solution to use a single code base for both.

This is one of the arguments in favor of having javascript on the server. Sorry, that's just insane. Is just an object validation. Even if you have 1000 of them, their business rules don't change that often (or shouldn't) to actually be a burden to keep in them sync in different languages/platforms. And like someone pointed out earlier, validation on the client is optional (if it's wrong ... meh, the QA will let you know, not big deal either way). The server is what matters.

# ? Apr 24, 2017 17:29

nielsm: Jun 1, 2009

Volguus posted:

This is one of the arguments in favor of having javascript on the server. Sorry, that's just insane. Is just an object validation. Even if you have 1000 of them, their business rules don't change that often (or shouldn't) to actually be a burden to keep in them sync in different languages/platforms. And like someone pointed out earlier, validation on the client is optional (if it's wrong ... meh, the QA will let you know, not big deal either way). The server is what matters.

The biggest failure client-side validation can do is reject inputs that should be valid (and the server would accept), making it difficult to submit those particular values.

# ? Apr 24, 2017 18:03

NihilCredo: Jun 6, 2011; iram omni possibili modo preme:
plus una illa te diffamabit, quam multæ virtutes commendabunt

I guess a third option is to pre-submit the input through AJAX every N seconds, for validation only? A wasteful use of traffic, to be sure, but there's plenty of use cases where that isn't a concern.

e: less wastefully, make the "Submit" button do an AJAX call, and only refresh the page if the validation returns OK. Not as nice as real-time or semi-real-time validation, but almost as good.

# ? Apr 24, 2017 19:18

RandomBlue: Dec 30, 2012; hay guys!; Biscuit Hider

NihilCredo posted:

I guess a third option is to pre-submit the input through AJAX every N seconds, for validation only? A wasteful use of traffic, to be sure, but there's plenty of use cases where that isn't a concern.

Or just code the validation twice and use the same set of core unit tests to verify both paths. Validation isn't complicated and there are tons of JS libraries to cover the basics.

# ? Apr 24, 2017 19:20

boo_radley: Dec 30, 2005; Politeness costs nothing

NihilCredo posted:

I guess a third option is to pre-submit the input through AJAX every N seconds, for validation only? A wasteful use of traffic, to be sure, but there's plenty of use cases where that isn't a concern.

e: less wastefully, make the "Submit" button do an AJAX call, and only refresh the page if the validation returns OK. Not as nice as real-time or semi-real-time validation, but almost as good.

Or just validate when a field's value changes.

# ? Apr 24, 2017 20:11

NihilCredo: Jun 6, 2011; iram omni possibili modo preme:
plus una illa te diffamabit, quam multæ virtutes commendabunt

boo_radley posted:

Or just validate when a field's value changes.

Yes, that's what you do with client-side validation. I was suggesting a way to be lazy and write validation code only once (server-side) without inconveniencing the user too much. Calling server-side validation every time a field's value changes would spam a lot of requests.

# ? Apr 24, 2017 21:17

Bonfire Lit: Jul 9, 2008; If you're one of the sinners who caused this please unfriend me now.

SupSuper posted:

Well it is Oracle's fault for leaving it to Windows to pick up its mess.

Not just that; file system virtualization is disabled by default for any software that was compiled with Visual C++ 2008 or later. Oracle was either using an ancient compiler, or they actively enabled virt.

# ? Apr 25, 2017 01:05

TooMuchAbstraction: Oct 14, 2012; I spent four years making
Waves of Steel
Hell yes I'm going to turn my avatar into an ad for it.; Fun Shoe

Bonfire Lit posted:

Not just that; file system virtualization is disabled by default for any software that was compiled with Visual C++ 2008 or later. Oracle was either using an ancient compiler, or they actively enabled virt.

I'd give even odds on either. Toolchain upgrades for a company as venerable as Oracle can be seen as a massive cost with minimal benefit, but even assuming they did upgrade their compiler, there's still little reason, from their perspective, to get with the times on a feature that works "perfectly fine" as-is.

# ? Apr 25, 2017 01:07

kitten emergency: Jan 13, 2008; get meow this wack-ass crystal prison

Hammerite posted:

I'm trying to have a good old self-indulgent whine here because I resent dealing with Oracle stuff all morning, and none of you are helping!

http://bad.solutions

# ? Apr 25, 2017 02:13

Pollyanna: Mar 5, 2005; Milk's on them.

Today I learned that HTML attributes are case sensitive by React breaking a major piece of functionality due to a lowercase L. :shepicide:

# ? Apr 25, 2017 15:48

Lumpy: Apr 26, 2002; La! La! La! Laaaa!; College Slice

Pollyanna posted:

Today I learned that HTML attributes are case sensitive by React breaking a major piece of functionality due to a lowercase L.

I'm not sure how people use React without realizing that JSX != HTML, but there you have it.

EDIT:

One of the first things in the React docs posted:

Caveat:

Since JSX is closer to JavaScript than HTML, React DOM uses camelCase property naming convention instead of HTML attribute names.
For example, class becomes className in JSX, and tabindex becomes tabIndex.

Lumpy fucked around with this message at 15:56 on Apr 25, 2017

# ? Apr 25, 2017 15:52

canis minor: May 4, 2011

I wonder why they rely on object attributes rather than accessing the properties via getAttribute

# ? Apr 25, 2017 16:04

Pollyanna: Mar 5, 2005; Milk's on them.

Yeah the horror is me in this case for forgetting about it, really.

# ? Apr 25, 2017 16:19

brap: Aug 23, 2004; Grimey Drawer

The horror is actually that you're not using TypeScript which would have given you the correct attribute name instantly in auto-complete.

# ? Apr 25, 2017 16:27

Pixelboy: Sep 13, 2005; Now, I know what you're thinking...

QuarkJets posted:

So I've noticed that a lot of problematic code that gets brought up tends to be in javascript, is it because javascript is bad or is it just because a lot of unprofessional "developers" know and code in javascript?

Yes

# ? Apr 25, 2017 20:15

RandomBlue: Dec 30, 2012; hay guys!; Biscuit Hider

QuarkJets posted:

So I've noticed that a lot of problematic code that gets brought up tends to be in javascript, is it because javascript is bad or is it just because a lot of unprofessional "developers" know and code in javascript?

JavaScript is nice because when I'm looking at some horrible steaming pile of poo poo PHP code that barely functions and does poo poo like execute 300 loving queries for a single page or pull all the DB into PHP just to do aggregation or count poo poo I can think: "Well, at least it's not loving JavaScript."

# ? Apr 25, 2017 20:52

eschaton: Mar 7, 2007; Don't you just hate when you wind up in a store with people who are in a socioeconomic class that is pretty obviously about two levels lower than your own?

Volguus posted:

This is one of the arguments in favor of having javascript on the server. Sorry, that's just insane. Is just an object validation. Even if you have 1000 of them, their business rules don't change that often (or shouldn't) to actually be a burden to keep in them sync in different languages/platforms. And like someone pointed out earlier, validation on the client is optional (if it's wrong ... meh, the QA will let you know, not big deal either way). The server is what matters.

You use something like a predicate object to specify your validation rules, so that you can generate client-side JS from it on the server, and the code generator can do its best to guarantee the client-side JS and the business logic and the generated SQL all behave the same.

# ? Apr 25, 2017 23:47

Volguus: Mar 3, 2009

eschaton posted:

You use something like a predicate object to specify your validation rules, so that you can generate client-side JS from it on the server, and the code generator can do its best to guarantee the client-side JS and the business logic and the generated SQL all behave the same.

That's one way for sure. It will add an additional "compilation" (transpilation, shittyzation) step, but it would certainly be worth it if it's such a big pain to manually keep them in sync. In my book, this is at most a "meh, whatever" problem.

# ? Apr 25, 2017 23:51

DimpledChad: May 14, 2002; Rigging elections since '87.

You can also still have the validation on the server, but trigger it via AJAX when a user enters something in the form. That gives you the best of both worlds: you can have responsive client-side UI updates, and you can have a single source of truth for validation rules.

# ? Apr 25, 2017 23:53

Gazpacho: Jun 18, 2004; by Fluffdaddy; Slippery Tilde

My employer's product reads and reports (among other things) local time zone offsets from mobile devices. Implementations are available in JavaScript (the original), Objective-C and Android Java.

In JavaScript, a "time zone offset" is rear end-backwards from most written representations of time zone offsets. It is the number of minutes that must be added to a local time to convert it to UTC. This duplicates the behavior of a legacy Java method with the same name. Fair enough, as long as the semantics are understood.

Long ago, when the Objective-C and Android implementations were created, each one ended up calculating the local offset differently from the JavaScript one (ObjC by necessity, and Android by choice/accident/malice). And the signs came out wrong!

So naturally, those implementations report the absolute value of the offset. :gonk:

We do sell into the eastern hemisphere, in case you were wondering.

The product does lots of other dumb things with time, and the downstream team that develops on top of it never says anything to us about this, but regularly tries to stop us from fixing anything.

Gazpacho fucked around with this message at 05:59 on Apr 27, 2017

# ? Apr 27, 2017 03:39

Jaded Burnout: Jul 10, 2004

Gazpacho posted:

The product does lots of other dumb things with time, and the downstream team that develops on top of it never says anything to us about this, but regularly tries to stop us from fixing anything.

Every programming everything everywhere does dumb things with time. I've been working on a data pipeline so I've had to consolidate datetimes as represented by Ruby, PostgreSQL, Avro, and Java.

Ask each one for a number representing the current day of the week and you'll get a different answer every time.

# ? Apr 27, 2017 14:42

NihilCredo: Jun 6, 2011; iram omni possibili modo preme:
plus una illa te diffamabit, quam multæ virtutes commendabunt

Today, I had to add a quick fix to a legacy WebForms project. But to give it a test and ensure the quick fix worked properly, I needed to configure the very simple cfg.ini file.

Hmm, there's some odd syntax in this file. How does it load...

code:

Private Sub LoadConfigOptions(myConfigFilePath As String)
    Dim sr As New IO.StreamReader(myMapPath)
    While Not sr.EndOfStream
        Dim szLine As String = sr.ReadLine
        Try
            If szLine.Length = 0 Then Throw New Exception
            If szLine.StartsWith("--->") Then Throw New Exception
            If Not szLine.Contains("[=]") Then Throw New Exception
            Dim c() As Char = {"[", "]"}
            Dim szPar() As String = szLine.Split(c)
            If Not szPar(1) = "=" Then Throw New Exception
            Select Case szPar(0).ToUpper
                Case "COMPANY NAME" : _companyName = szPar(2).Trim(" ")
                Case "COMPANY ID" : _companyId = szPar(2).Trim(" ")
                Case "DATABASE CONNECTION STRING" : _szCnn = szPar(2).Trim(" ")
                ' and so on
            End Select

        Catch ex As Exception
        End Try
    End While
    sr.Close()
    sr.Dispose()
End Sub

Of course. Solid as a styrofoam brick.

# ? Apr 27, 2017 16:43

Seat Safety Switch: May 27, 2008; MY RELIGION IS THE SMALL BLOCK V8 AND COMMANDMENTS ONE THROUGH TEN ARE NEVER LIFT.; Pillbug

NihilCredo posted:

code:

Private Sub LoadConfigOptions(myConfigFilePath As String)
    Dim sr As New IO.StreamReader(myMapPath)
    While Not sr.EndOfStream
        Dim szLine As String = sr.ReadLine
        Try
            If szLine.Length = 0 Then Throw New Exception
            If szLine.StartsWith("--->") Then Throw New Exception
            If Not szLine.Contains("[=]") Then Throw New Exception
            Dim c() As Char = {"[", "]"}
            Dim szPar() As String = szLine.Split(c)
            If Not szPar(1) = "=" Then Throw New Exception
            Select Case szPar(0).ToUpper
                Case "COMPANY NAME" : _companyName = szPar(2).Trim(" ")
                Case "COMPANY ID" : _companyId = szPar(2).Trim(" ")
                Case "DATABASE CONNECTION STRING" : _szCnn = szPar(2).Trim(" ")
                ' and so on
            End Select

        Catch ex As Exception
        End Try
    End While
    sr.Close()
    sr.Dispose()
End Sub

Of course. Solid as a styrofoam brick.

Probably time to break out that entire cfg loader (and replace it with an INI reader written by someone who isn't retarded), but I bet at least one of those little cases affect global state and as such can't be reduced to a simple "give me a dictionary with what you discovered" implementation. Not like it even matters, because if it's like my legacy codebase there's no tests and no urge to test.

I like how this cargo-cults the sz Hungarian notation (I have a lesser form in the beyond-legacy VB6 -> VB.NET codebase I have to deal with too). Are strings in IL even null-terminated, or are they Pascal-style?

edit: Apparently they're both. The length is stored at the head so that .Length is fast, and they're null terminated, probably for fast interop. http://stackoverflow.com/questions/6293457/why-are-c-net-strings-length-prefixed-and-null-terminated

Seat Safety Switch fucked around with this message at 17:33 on Apr 27, 2017

# ? Apr 27, 2017 17:28

NihilCredo: Jun 6, 2011; iram omni possibili modo preme:
plus una illa te diffamabit, quam multæ virtutes commendabunt

Fortunately that website is legacy in the true meaning of the word - it's been 99% replaced by a new website made by other people that calls our (relatively) shiny new API, and it's only still online for one specific functionality that they haven't implemented yet for some reason. Hopefully they'll do it within a few months and we'll be able to delete all this poo poo.

The new website is in Angular 1.0 with a PHP backend, but hey, it's their horror now

EDIT: in totally unrelated news, is this attribute normal for Angular?

NihilCredo fucked around with this message at 18:32 on Apr 27, 2017

# ? Apr 27, 2017 18:26

Munkeymon: Aug 14, 2003; Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.

canis minor posted:

I wonder why they rely on object attributes rather than accessing the properties via getAttribute

Plain JS objects don't have getAttribute and information isn't supposed to flow from back from the DOM.

# ? Apr 27, 2017 20:41

Quebec Bagnet: Apr 28, 2009; mess with the honk
you get the bonk; Lipstick Apathy

NihilCredo posted:

EDIT: in totally unrelated news, is this attribute normal for Angular?

My (admittedly outdated) recollection is that ng-init is an override for initializing values that for some reason can't be done inside a controller. Using it to provide configuration at the root of the application smells of a poor application architecture.

# ? Apr 27, 2017 20:59

Ranzear: Jul 25, 2013

A fun lunch read:
https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

The response in mere hours:
https://www.nomx.com/

# ? Apr 27, 2017 21:09

NtotheTC: Dec 31, 2007

Looks like the nomx site is hammered right now. What did the response say?

That's loving amazing. Like... I couldn't even creatively come up with something that terrible as an April fools joke. And these guys are trying to ship it as an actual product.

And of course they're involved in bitcoins. Jesus christ. Gotta admit I laughed hard at the part where will@nomx claimed to be sending emails but they weren't getting though. It's entirely possible he was just using the product.

# ? Apr 27, 2017 21:55

Azerban: Oct 28, 2003

NtotheTC posted:

Looks like the nomx site is hammered right now. What did the response say?

That's loving amazing. Like... I couldn't even creatively come up with something that terrible as an April fools joke. And these guys are trying to ship it as an actual product.

And of course they're involved in bitcoins. Jesus christ. Gotta admit I laughed hard at the part where will@nomx claimed to be sending emails but they weren't getting though. It's entirely possible he was just using the product.

quote:

nomx Passes Security Tests After Blogger Claims to Have Penetrated nomx

Nomx - the world's most secure communications protocol, ensuring absolute privacy for personal and commercial email and messaging
27 April 2017

nomx is pleased to provide the following details regarding testing recently performed by a private cybersecurity blogger who claimed he could access any nomx device and that he could do so in minutes.

Background:

In 2016 nomx produced a number of devices based on a Raspberry Pi. These devices were primarily used for demonstration and media use, and were provided to numerous media to review nomx. A number were sold to early adopters who wanted to try nomx using this processor instead of waiting until future models were manufactured.

In January 2017 the BBC was provided a demo device for use in a forthcoming episode focused on personal security. The BBC later requested another device and that too was a Raspberry model.

Security Testing of a Rooted nomx Device:

The BBC provided the nomx devices for testing to a UK-based blogger who physically disassembled and rooted one of the nomx devices. Rooting was done, in his words, by disassembling the nomx case, physically removing memory card from the Raspberry and inserting it into his PC, and then resetting the root password. That is not an action a typical user would do, nor is it routine for a nomx device.

This process allowed him to access the nomx from his local network. He then created a very specialized code that was unique to the management page of the nomx device he had in his possession.

This code originated from a Cross Site Request Forgery, requires users to click a link or visit a hacked website, and that link then performs actions from the users� browsers when it downloads the package from the Internet.

Contrary to the blogger's claim that this was an easy, simply hack, in fact, the blogger couldn't make the code work and requested other participants to support his attempts and publicly stated so on his blog. The "payload" he developed was from a third party named Paul.

After he created the code, he loaded it to his own webpage to target the nomx device he had previously rooted and was in his possession and on his own network. He then simply modified the nomx data through a website link that he clicked himself to download the "payload" he created. The act of the attack would require very detailed information about the local nomx device and a subsequent phishing link sent to the proposed victim, or visiting a third party compromised website, and the victim must have been logged in to their nomx device initially and then accept the phishing link or visit the compromised website.

Further, the code requires that the user would repeat this action every single time they wanted to do each command (i.e. list accounts, create an account, change password, download mail, change password back to original password, and then additionally to �clean up� their tracks, remove log files, etc.) It simply could not occur in the real world and we proved that against the blogger�s attempts to do so (see below.)

Our Position:

nomx believes based on the actions of the blogger, his rooting of the device and specific code used that the threat was nonexistent for our users, even if they were to have an earlier versions and code, or which used a Raspberry chip. We informed our users of the risks of visiting third party websites while logged in as management or after logging out, but keeping web browsers open. Users could also check log files and validate if any such access occurred. No nomx devices, accounts or data was ever compromised and the blogger could not show any evidence of such actions. And 100% of the nomx users are satisfied with the nomx disclosure and actions in this event.

We were also notified by the BBC that we did not believe the blogger was being fair or accurate in his findings, because no nomx devices were actually compromised or could be compromised unless the users were to take those steps, which could not occur in a real world situation outside of the lab and was proven by the blogger himself, who failed to do so.

When confronted with these details, the blogger began to make statements that nomx was not as secure as we have promised. To counter the claims of the blogger, nomx invited him to perform such an attack on a live nomx device that was not previously rooted by a user and not located on the same network as the attack. We provided that offer through the BBC and the blogger has agreed to test the nomx devices in a fair manner.

The Testing of nomx in the Real World:

On April 26, nomx provided an email to the blogger from the nomx device with details and requested he hack the nomx device that submitted the email. These emails were also submitted to several interested media, including the BBC, who validated that the device was active and sending/receiving email. The blogger had previously claimed he could compromise the device �in a matter of minutes� but was not able to perform any such feat at any time. In fact, the blogger was not able to do anything at all, counter to his claims that he could, or that others could, and that it was very easy, and that it would affect nomx�s security.

An associate of the blogger who represented the claims publicly stated through media Twitter announcement that they would not participate in any tests, unless they could have physical access to the device in a network they choose. That is not what they originally claimed and demonstrates that their "simple 3-4 minute hack" is not real.

After confirming that they would not participate, we concluded our test with the blogger today and his partners and notified the media as well that this was the outcome. We are forensically examining the device to verify if in fact they attempted to log in to the device, countering assertions that they would not even try.

Regardless of the rhetoric and claims, to date, neither this blogger, his partners, or anyone else, is or was able to access, modify or even retrieve any data whatsoever on a nomx device even with all associated internal details. The only person ever affected by his claims was the blogger, by putting himself in the unique situation that he created, while attacking a device on his own network and in his possession, using code he created (with the help of others, as he discusses on his blog) on a device he rooted himself.

After multiple statements about the lack of security of nomx, the blogger failed to prove any such vulnerability and indeed, failed in his accusations that he could penetrate nomx in any way.

Results:

No nomx user was affected by this threat. No nomx user could be affected by this threat in the future. No nomx data was compromised, and the blogger has (finally) reluctantly verified this. He still has not publicly shared these statements, except via an email response to the BBC when directly asked on April 25 the response was:

From the BBC to nomx: "I understand from your replies that you state categorically that no nomx accounts have been affected by this hack. I have put your questions to [blogger] who has confirmed to me that he cannot say that any have."
While nomx is no longer based on Raspberry devices, we still maintain that the users' data is secured as we�ve demonstrated to the blogger, the media and our customers.

For Media:

We request that any media desiring to profile nomx security or this blogger to use this website with attribution to nomx (https://www.nomx.com) and to also include the statistics below. Due to large number of interested media, we are not able to respond to every reporter directly within the deadlines imposed and believe it is only fair to share with all media these same details. We invite all media who care to see on onsite demonstration of the nomx in action request and schedule a time in the Washington, DC or NYC areas in the coming weeks. We will provide a nomx and allow video, use of the nomx and any third parties to attempt to access the device.

For Media - Some statistics:

Number of nomx accounts that have been compromised since inception: 0

Number of Gmail accounts that have been compromised in the United States (from 2014): About 5 million to 24 million depending on source

Number of other cloud-based emails compromised as of 2016 = 272 million

Number of Yahoo accounts (including email) compromised 2013-2016: more than 1 billion

# ? Apr 27, 2017 21:57

NtotheTC: Dec 31, 2007

"Our users could just check the logs regularly to see if they'd been hacked anyway so it's not like it would even be secret. CHECK MATE BLOGGER"

# ? Apr 27, 2017 22:28

Adbot: ADBOT LOVES YOU

# ? Apr 25, 2024 02:28

FireWhizzle: Apr 2, 2009; a neckbeard elemental; Grimey Drawer

NihilCredo posted:

Fortunately that website is legacy in the true meaning of the word - it's been 99% replaced by a new website made by other people that calls our (relatively) shiny new API, and it's only still online for one specific functionality that they haven't implemented yet for some reason. Hopefully they'll do it within a few months and we'll be able to delete all this poo poo.

The new website is in Angular 1.0 with a PHP backend, but hey, it's their horror now

EDIT: in totally unrelated news, is this attribute normal for Angular?

If angular isn't the routing architecture and is just being used for two-way binding (fairly common because the alternative has been Knockout - PUKE), then they are passing initial page load data in this way. A better way if the software isn't using angular routing is to just pass an ID or something to the init, then have the controller make a request and fetch data that way.

# ? Apr 27, 2017 22:32

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1501 »