If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(uvureview.com)   Software glitch purges spring classes. Damn you, Robert'); DROP TABLE Students; --   (uvureview.com) divider line 148
    More: Fail, purges, purges spring  
•       •       •

6483 clicks; posted to Main » on 26 Dec 2012 at 8:34 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



148 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | 3 | » | Last | Show all
 
2012-12-26 03:59:26 PM
Oh, little Bobby Tables... you little prankster!
 
2012-12-26 07:31:29 PM
"Because of an error with the Oracle software, a thing called a 'table lock' which is not supposed to happen, that program failed and the process didn't complete, so the process ran and purged almost every student."

Hahahahahahahaha! Concurrency, it's not really a hard concept, Oracle. Too bad Larry Ellison's too interested in his yacht to be concerned with your little problem.
 
2012-12-26 08:36:49 PM
Nice headline
 
2012-12-26 08:38:28 PM
To program
 
2012-12-26 08:39:20 PM

DeadlockVictim: "Because of an error with the Oracle software, a thing called a 'table lock' which is not supposed to happen, that program failed and the process didn't complete, so the process ran and purged almost every student."

Hahahahahahahaha! Concurrency, it's not really a hard concept, Oracle. Too bad Larry Ellison's too interested in his yacht to be concerned with your little problem.


Soon as I saw the word "Oracle" I just shook my head and sighed.

FTA: "Ray Walker, associate vice president of information technology"

If he's the one who implemented Oracle, he should be sacked retroactively and forced to repay his salary from day one. Then flogged.
 
2012-12-26 08:40:17 PM

DeadlockVictim: "Because of an error with the Oracle software, a thing called a 'table lock' which is not supposed to happen, that program failed and the process didn't complete, so the process ran and purged almost every student."

Hahahahahahahaha! Concurrency, it's not really a hard concept, Oracle. Too bad Larry Ellison's too interested in his yacht to be concerned with your little problem.


Meh - I am no Oracle fanboi, but I suspect the error was with UVU's database management or more likely the error handling (or complete lack thereof) of the process doing the updates.
 
2012-12-26 08:40:59 PM
To gird
 
2012-12-26 08:41:03 PM

unchellmatt: DeadlockVictim: "Because of an error with the Oracle software, a thing called a 'table lock' which is not supposed to happen, that program failed and the process didn't complete, so the process ran and purged almost every student."

Hahahahahahahaha! Concurrency, it's not really a hard concept, Oracle. Too bad Larry Ellison's too interested in his yacht to be concerned with your little problem.

Soon as I saw the word "Oracle" I just shook my head and sighed.

FTA: "Ray Walker, associate vice president of information technology"

If he's the one who implemented Oracle, he should be sacked retroactively and forced to repay his salary from day one. Then flogged.


i45.tinypic.com
 
2012-12-26 08:41:28 PM
imgs.xkcd.com
 
2012-12-26 08:41:56 PM
For those of you not in the know...

imgs.xkcd.com
 
2012-12-26 08:42:08 PM
Well, maybe they've learned to sanitize their database inputs!
 
2012-12-26 08:42:27 PM
[Carwithdroptablelicenseplate.jpg]
 
2012-12-26 08:42:40 PM

Indubitably: To program


Oh hai thar.

You OK?
 
2012-12-26 08:42:53 PM

It's Me Bender: [imgs.xkcd.com image 666x205]


Impotent fists of rage, etc.
 
2012-12-26 08:43:49 PM
Well, maybe they've learned to sanitize their database inputs!
 
2012-12-26 08:44:55 PM

Kittypie070: Indubitably: To program

Oh hai thar.

You OK?


Always.
 
2012-12-26 08:46:58 PM

Fabric_Man: It's Me Bender: [imgs.xkcd.com image 666x205]

Impotent fists of rage, etc.


20-some seconds counts as a simulpost - no worries.

/ OTOH, on fark, nothing is obscure - especially xkcd.
 
2012-12-26 08:47:04 PM
A sql injection joke on the main page? Is this /. ?
 
2012-12-26 08:48:32 PM
blogs.knoxnews.com
 
2012-12-26 08:49:03 PM
I half expected this headline to crash the Fark servers
 
2012-12-26 08:49:32 PM

Kittypie070: Indubitably: To program

Oh hai thar.

You OK?


Indubitably.
 
2012-12-26 08:50:19 PM

Bad_ad85: Well, maybe they've learned to sanitize their database inputs!


Yeah, especially with all the grave's accented Shani`qkwas and Ro`tundras and Mo`Nikwaws out there.
 
2012-12-26 08:50:55 PM

Indubitably: Kittypie070: Indubitably: To program

Oh hai thar.

You OK?

Indubitably.


P.P.S. I made my own joke, just here, just now...
 
2012-12-26 08:51:44 PM

DeadlockVictim: Too bad Larry Ellison's too interested in his yacht to be concerned with your little problem.


I'm sure it runs on an indy OS on a Mac with solar power and unicorn poop.
 
2012-12-26 08:51:59 PM
It is a poor programmer who blames the platform.
It's not Oracle's fault you forgot to check to see whether or not the table was locked.
 
2012-12-26 08:52:19 PM
which is not supposed to happen

One of the big tenants of defensive programming (a href="http://en.wikipedia.org/wiki/Defensive_programming">wiki) is that everything that's not supposed to happen, will happen at least once (usually because someone is trying to break your software).

Making the software behave in a predictable manner despite unexpected inputs or user actions.

// back in the .com era, I wrote and code reviewed web apps for a living. You would be surprised at how much validation happened on the user (browser) side of a CGI app with little or no validation on the server side, bad bad bad. We used to craft HTTP requests in perl using LWP to pass whatever the hell we wanted to a CGI script. Now tools like web developer toolbar (firefox extension) make it ridiculously.

// can't believe buffer overruns and SQL injection are still a thing in this day and age. It's like they let anyone with a keyboard write code these days.
 
2012-12-26 08:52:19 PM

Indubitably: I made my own joke, just here, just now...


to jest
 
2012-12-26 08:52:49 PM

vudukungfu: Indubitably: I made my own joke, just here, just now...

to jest


Indeed.
 
2012-12-26 08:53:31 PM

Happy Hours: DeadlockVictim: "Because of an error with the Oracle software, a thing called a 'table lock' which is not supposed to happen, that program failed and the process didn't complete, so the process ran and purged almost every student."

Hahahahahahahaha! Concurrency, it's not really a hard concept, Oracle. Too bad Larry Ellison's too interested in his yacht to be concerned with your little problem.

Meh - I am no Oracle fanboi, but I suspect the error was with UVU's database management or more likely the error handling (or complete lack thereof) of the process doing the updates.


Could be. Either way, the solution is clear. We need to port this app to the cloud! NOW!
 
2012-12-26 08:53:59 PM
 
2012-12-26 08:54:14 PM

rohar: Happy Hours: DeadlockVictim: "Because of an error with the Oracle software, a thing called a 'table lock' which is not supposed to happen, that program failed and the process didn't complete, so the process ran and purged almost every student."

Hahahahahahahaha! Concurrency, it's not really a hard concept, Oracle. Too bad Larry Ellison's too interested in his yacht to be concerned with your little problem.

Meh - I am no Oracle fanboi, but I suspect the error was with UVU's database management or more likely the error handling (or complete lack thereof) of the process doing the updates.

Could be. Either way, the solution is clear. We need to port this app to the cloud! NOW!


To cloud
 
2012-12-26 08:54:27 PM
CSB:

I once spent some time working for a small business that was trying to set up an e-commerce site.  Owner of the company was looking to spend the least amount of money humanly possible, so hired a company (probably a guy in his basement) in Pakistan to do the job.  As the entire nation of Pakistan was firewalled off from Paypal (this was around 2003-04), they couldn't actually install and test the site, so it was given to me.  One of the first problems of many that I encountered was that whatever I did, the damn site would not accept my last name when creating a user. Kept saying something like "invalid name".  After digging through the code for a while (and I mean a long while - this thing was serious spaghetti code), I found out that their method of preventing SQL injection was to filter for a blacklist of SQL reserved words, and then reject any input containing them.  So if your name was Amanda, Tony, Cory, Isabelle, etc., this web app would simply reject your name.  The Pakistani programmers couldn't quite grasp what the problem was.

Needless to say this website never saw the light of day.
 
2012-12-26 08:54:44 PM
it also sends Milton his paycheck
 
2012-12-26 08:55:30 PM

Happy Hours: DeadlockVictim: "Because of an error with the Oracle software, a thing called a 'table lock' which is not supposed to happen, that program failed and the process didn't complete, so the process ran and purged almost every student."

Hahahahahahahaha! Concurrency, it's not really a hard concept, Oracle. Too bad Larry Ellison's too interested in his yacht to be concerned with your little problem.

Meh - I am no Oracle fanboi, but I suspect the error was with UVU's database management or more likely the error handling (or complete lack thereof) of the process doing the updates.


Yeah, this sounds like bad application programming, not the fault of the database itself.

Five bucks says the software they use was written to support a number of different RDBMSes, and doesn't properly account for the way Oracle does locking compared to other databases (table-level versus row-level locking, DDL locks, etc).
 
2012-12-26 08:55:41 PM
Damn, the payment deadline before you're dropped is a month -BEFORE- the term even begins?
How many schools do that? Mine puts you on a payment plan automatically if you haven't paid in full a couple of weeks after the term starts, and will drop you on that date if you still owe them from a prior term (though if you owe too much, you wouldn't be able to register).

Just curious, as I've never seen a school operate that way.

/Scholarships take care of mine, so I had to look that all up to make sure I wasn't crazy thinking a month prior was odd
 
2012-12-26 08:55:46 PM

ultraholland: it also sends Milton his paycheck


Who's Milton?
 
2012-12-26 08:56:04 PM
Lor M. Ipsum: I half expected this headline to crash the Fark servers

If fark is still running on perl, they probably used taint and DBI.

DBI gives you the quote() method, which takes input and properly sanitizes it for a given DB connection.

$user_input = $dbh->quote($user_input);

# $user_input is now sanitized and untainted
 
2012-12-26 08:58:18 PM

detroitdoesntsuckthatbad: [Carwithdroptablelicenseplate.jpg]


i135.photobucket.com

This one?
 
2012-12-26 09:00:23 PM
What, no backup?  farking IT newbies...
 
2012-12-26 09:00:33 PM
I must be old; first thing I thought of:

<img src="www.yourprops.com ">
 
2012-12-26 09:01:00 PM

stvdallas: What, no backup?  farking IT newbies...


To backup
 
2012-12-26 09:01:29 PM

buzzcut73: Damn, the payment deadline before you're dropped is a month -BEFORE- the term even begins?
How many schools do that? Mine puts you on a payment plan automatically if you haven't paid in full a couple of weeks after the term starts, and will drop you on that date if you still owe them from a prior term (though if you owe too much, you wouldn't be able to register).

Just curious, as I've never seen a school operate that way.

/Scholarships take care of mine, so I had to look that all up to make sure I wasn't crazy thinking a month prior was odd


Right near me is the largest community college in the midwest (and largest in the nation during most of the 1990's).  This year they switched to a policy where the payment deadline is 24 hours after your register for a class, whether that's the day the term starts or two months in advance.  I guess they really want their farking money.  Shiat's getting real for kids out there today.
 
2012-12-26 09:02:10 PM
I'm pretty sure the "--" at the end has nothing to do with the SQL injection, or am I wrong?
 
2012-12-26 09:03:02 PM

ultraholland: it also sends Milton his paycheck


Whoa, hold on there, Professor....
 
2012-12-26 09:03:11 PM

happydystopian: I'm pretty sure the "--" at the end has nothing to do with the SQL injection, or am I wrong?


You are correct, sir.
 
2012-12-26 09:04:54 PM

happydystopian: I'm pretty sure the "--" at the end has nothing to do with the SQL injection, or am I wrong?


Whoa, man, just following the architecture, yo.

Scale back your precriticisms, and find the  realart.
 
2012-12-26 09:06:38 PM
happydystopian : I'm pretty sure the "--" at the end has nothing to do with the SQL injection, or am I wrong?

-- starts a comment in SQL,

so after injecting your statement, you comment out any statement following yours
 
gja [TotalFark]
2012-12-26 09:11:45 PM
Let's hope someone has a bunch of these with last night on them.
encrypted-tbn0.gstatic.com
 
2012-12-26 09:12:35 PM
Oracle or not, it sounds like it was set to delete your classes unless if found a record that you had paid, not delete you if you have not paid.

Sounds like a subtle difference, but it is a difference
 
2012-12-26 09:13:12 PM
As an Oracle systems analyst, I have to say that the thing I like most about Oracle is the job security.
 
Displayed 50 of 148 comments

First | « | 1 | 2 | 3 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report