SomeBODY once told me the world was gonna troll me…
I was just in a literal CVS an hour ago and they have a sign on the receipt printer that says “please don’t grab receipt until it is done printing.” It’s like, shouldn’t the fact that you had to write a sign like that be an indicator that you’re printing out too much shit?
Walgreens allows email receipts. Such a simple solution lol
Yeah but clearly corporate knows that wasting paper and your time is better, we’re the problem to them.
Don’t stand in the way of their money. Hand it over!
At this point it is expected though. Imagine CVS would start and not print these anymore. There’d be petitions and demonstrations to get it back.
So the intern who hacked up the order website forgot a size limit on that field? Maybe one should check out what other things he messed up…
he didn’t, was some coding AI
I don’t think so. If it was AI, it would not even print the order…
QA strikes again
Input sanitization is important, y’all
And setting upperbound limits on input length. Because if you expose it to users, it’s not a matter of if some joker will insist on entering precisely 4,294,967,297 bytes of random data into it to see if they can crash your shit, it’s a matter of when.
“Fk it. Here’s the entire Qur’an.”
Should have instituted a char limit, that’ll teach you!
Speaking of which - can someone find the link for “Unicode does not work like this” kind of website that emphasizes that there is no simple “character limit”? Like "how many characters is an emoji? " or “Is NBSP a character”, “are non-latin punctuation marks a character”
Cannot imagine how this could be legit - you’d run into a hard limit unless you explicitly designed that field to be unbounded.
Meh, not that hard to default things to “string”, or similar. For example, the “text” type in PostgreSQL explicitly says “unlimited”, though it seems it’s up to 1Gb. See https://www.postgresql.org/docs/current/datatype-character.html
Similarly, it’s not like text fields on web pages automagically apply limits.
It’s not unimaginable that some dumbass could vibe-code themselves up an easily exploited form.
100% accurate, though vibe coding is optional.
If I have a set of requirements that don’t mention any type of restriction, then I won’t arbitrarily add one - as far as I know, I could be breaking intended functionality. If I’m invested in this, I’ll add it to the list of stuff that needs clarification, otherwise it’s gonna ship as specified, and eventually someone’s gonna file a change request.
Sincere question, are you not expected to clarify questionable business rules? I’ve never worked somewhere that leaving such an obvious issue like “unrestricted fields in a public-facing application” without getting it explicitly stated that that’s intended functionality wouldn’t have gotten me fired instantly.
Look around you, you’ll find “unrestricted fields in a public-facing app” (from a practical perspective) everywhere. Shrek’s script has what, less than 50k characters? That’s nothing, you can fit that in a Facebook post and still have more than enough to write a full movie review.
Where this would likely raise flags is when somebody decided that it needs to be printed, but that could be a different team, maybe outsourced, maybe after the main app was developed, maybe it’s just some “plug-and-play” system that also handles bulk printing jobs, who knows.
I wasn’t really referring to this post with that question - though it is relevant that leaving even an effectively unconstrained field like one that allows for the shrek script to be submitted would have seen me fired (if it had somehow passed QC, field sizes are one of the first things checked).
I was more curious about how different our experiences seem to be: you seem to imply a background where you’re expected to take the requirements as gospel with what you write based solely off that unless you’re personally invested, whereas in my experience engaging critically with the project is the single most important aspect of the development process, and not questioning potentially unwanted behavior leaves you open to firing (or criminal neglect if you’re dealing with medical PII, criminal records, etc…)
I’m quite genuinely interested in the different approach to development philosophy you present here.
A more serious answer - it depends greatly on where I’m working and what we’re doing.
I’ve worked in places where we’d receive outsource work. Usually we’d get fairly detailed instructions about what to do and what to avoid, that were discussed between our PMs/architects and the client, including tests for example that were agreed upon. You were supposed to follow those to the letter, but the most important part was that you needed to deliver quickly because the customer wanted to keep costs to a minimum. “Useless questions” (from their perspective) were seriously frowned upon, so if it wasn’t specified, the expected approach was to do whatever was quicker.
This occasionally lead to situations where their QC/UATs would identify issues with their business rules, but as long as it was compliant with the requirements we received, it would then come back to be changed (at additional cost, depending on how big the change needed to be).
Once accepted though, job done, grab your next work item and move on. Months later they could run into a situation like the one in the printer and come back asking for a fix, but very likely that would go into the CR bucket and a quote would be provided.
Of course if you’re working for a company that actually cares about what they’re building, the philosophy is completely different. If I’m working on our products, then I build a good understanding of what I’m working on, and I’m expected to flag any concerns or issues I encounter even before it reaches QC.
That said, I’ve never heard of a developer ever being criminally charged other than intentional misconduct - like, in the world. Look at the IBM Queensland Health payroll system fiasco, I’m not sure anyone was even fired, let alone prosecuted.
Or even the Boeing 737-MAX crashes - how do you build a system that pitches the nose down repeatedly, without limitations? Those guys who worked on the MCAS software would 100% have considered a scenario where an angle-of-attack sensor would provide bad data, and the consequences of repeated trim, but alas - 2 planes crashed, 350 people died, and what are the consequences? Some payouts…
These ‘unlimited’ scams are getting out of hand. All I wanted was to store the library of alexandria in plain text.
Yeah, sleepy and wasn’t thinking about file sizes. That 1Gb limit (or, the Tsql 65,536 * [something] limit) was what I was referring to, but rather obviously the plaintext script for the movie is a just a little tiny bit smaller than that (51kb).
It’s still a good deal larger than what in my experience can be fit into a receipt printer, but I can forgive their phrasing even if it was only a small part of the whole script. And aside from that, it does look to be a pretty modern device so it’s very possible that the stupid stupid 20kb file size limit that was so common has since been expanded (Last time I had to deal with a receipt printer the file was streamed over a serial connection into the printer cache before being run off G-code style. Incredibly charming piece of tech…)
It’s not hard to find badly designed webpages.
What I think is funny is every time this gets reposted, people start talking about food orders when it’s obviously* a Canadian weed dispensary.
This was 100% bound to happen.
*To Canucks who stopped buying all of their weed from Steve.
Bound check all data input, folks.
Ideally during input and on the API request.
if (str_contains($order['comment'],'Shrek')) { die('ONIONS HAVE LAYERS!'); }Please implement your Shrek checks responsibly
Try to make sure the “choose a password” field allows fewer chars than the “enter your password” field.
VARCHAR2(256)
Yay I fixed it.
10 print “Hello, world!”
20 goto 10
The most perfect code ever written
DO BEEP LOOPreally got on my mom’s nerves when I was a kid 😼
You are the one
Why does everything require “pov:”?
POV: you’re reading Lemmy comments
Nobody:
You are absolutely correct, but this is actually one of the very few times where it was used correctly, so credit where it’s due.
Waste of chemical waste.
Hilarious!
I hope the prankster typed all that out with his thumbs. No copy paste allowed.
Well, at least it isn’t Bee Movie.
Not saying Id spit on their food, well ya I guess thats exactly what Im saying.
Why? How does this negatively impact you, I’ve literally worked togo in a restaurant and this would have me rolling and giving extra goodies.
Shitty people who pretend to not be shitty use easy targets and excuses like this to fantasize about doing disgusting things and/or being mean to people
What?
I’m saying he’s being an ignorant douche
It prevents all the other people after them from ordering food. Worse, they can order food, but it will never arrive, leading to annoyed customers and bad reviews.
It creates unnecessary waste.
Both costs the owner money.
I’m sorry, but to me this is a Bobby Tables issue. The POS devs need to write some sort of sanity checks on customer provided inputs.
Can’t blame a customer for finding issues in shit software.
First, the question was
How does this negatively impact you
Second, just because you can find a flaw in software, you are not obliged to abuse it. Neither is it right to abuse it. If someone finds that a nuclear reactor has a security issue, the guy blowing it up is still a fucking piece of shit.
Makes some sense, I would assume just a receipt isn’t the only way to track orders like this (it gets fed to other systems too, again from my experience working in a role like this) I can’t imagine the impact is more then a slight annoyance unless you have a really old system.
Also restaurant owners suck, massively underpay their workers and treat them like they’re disposable, I think they can take the 3 cent hit this amount of receipt paper actually took.
Yes, continue championing the owner class. They really need your support right now.
You kinda need to touch grass, not everything in life is about class warfare.
I guessed someone would say shit like this.
Not every restaurant is owned by Evil, inc.
I gotta change that roller sooner, i gotta wait longer for the next order to come through. And maybe even other inconveniences I cant think of.
Now, someone else pointed out the sticker has a weed sticker on it, so maybe its not a food place, and Id expect weird shit like that at a pot shop I guess.
Also, I guess you and me have different senses of humor. (Nothing wrong with yours, just saying I wouldnt get any giggles outta this)
I do think one aspect is frequency, if it’s like a one-off, hilarious and unexpected IMO (prior to now already seen this meme it wouldn’t be as funny).
If it happens more… Yeah extremely annoyed real quick.
Look all im saying is the printer has a weed sticker on it.
Please go find a sense of humor, and stop punishing people for imagined slights with biohazards.
The fuck is wrong with you.
What the fuck are you talking about? Not agreeing on whats funny with someone does mean I don’t have a sense of humor.
And what imagined slights? I mentioned two inconveniences, not slights.
Edit, never mind the two inconveniences I mentioned, I thought you were responding to another comment I made in this thread. First part stands.
