0327: "Exploits of a Mom"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

mootinator
Posts: 69
Joined: Mon Mar 26, 2007 10:27 pm UTC
Location: Saskatoon, SK

Re: "Exploits of a Mom"

Postby mootinator » Wed Oct 10, 2007 8:11 pm UTC

Psh. I'd rather just change my last name to: <script>alert('Random Error. Please Reboot.');</script>

That way I'm only annoying un-savvy people, and not actually destroying data.

Or better yet <script>confirm('Is it OK to Cancel?');</script>
Last edited by mootinator on Wed Oct 10, 2007 8:15 pm UTC, edited 2 times in total.

iabervon
Posts: 58
Joined: Fri Nov 03, 2006 5:25 am UTC

Re: "Exploits of a Mom"

Postby iabervon » Wed Oct 10, 2007 8:13 pm UTC

ksr17 wrote:Come on boys, no "ultimate MILF" comment yet!?


On one hand, she's great. On the other hand, nobody wants to be the first to ask for her contact info.

segxr7
Posts: 3
Joined: Tue Jul 03, 2007 11:22 pm UTC

Re: "Exploits of a Mom"

Postby segxr7 » Wed Oct 10, 2007 8:18 pm UTC

I work for a company that does some business-level Web hosting. A few of our clients run some of the most horribly-written web applications I've ever seen in my life; as a result I've had this conversation way too many times:

Client: "We're trying to add a customer to our database, but it won't go through! I can add other people just fine, but I tried 5 times and it refuses to add this one person. I don't get it!"
Me: "Is the customer's last name O'Brien, by any chance?"
Client: "How on earth did you know that?!?"

I'm pretty sure the Irish are responsible for the majority of broken SQL queries.

mootinator
Posts: 69
Joined: Mon Mar 26, 2007 10:27 pm UTC
Location: Saskatoon, SK

Re: "Exploits of a Mom"

Postby mootinator » Wed Oct 10, 2007 8:25 pm UTC

iabervon wrote:
ksr17 wrote:Come on boys, no "ultimate MILF" comment yet!?


On one hand, she's great. On the other hand, nobody wants to be the first to ask for her contact info.


555-1234'; TRUNCATE Wang; -- ??

largemansArk
Posts: 1
Joined: Wed Oct 10, 2007 8:25 pm UTC

Re: "Exploits of a Mom"

Postby largemansArk » Wed Oct 10, 2007 8:28 pm UTC

It would be even better if you could work in a BEGIN TRAN, rendering the database unusable until someone for some reason decides to COMMIT.

sab39
Posts: 101
Joined: Mon Oct 08, 2007 2:01 pm UTC

Re: "Exploits of a Mom"

Postby sab39 » Wed Oct 10, 2007 8:32 pm UTC

mootinator wrote:
iabervon wrote:On one hand, she's great. On the other hand, nobody wants to be the first to ask for her contact info.

555-1234'; TRUNCATE Wang; -- ??

More likely 911-555-4242...

(H=4, A=2...)

codehead0
Posts: 7
Joined: Thu Jun 14, 2007 3:00 am UTC

Re: "Exploits of a Mom"

Postby codehead0 » Wed Oct 10, 2007 8:36 pm UTC

This is changing the subject from programming names, but this comic made me think of another naming situation.

In 1958 a man with the last name Lane names his sixth son Winner. A year later he named his seventh and last child Loser.

“Loser” Lane became and is a successful policeman and today has captured dozens of criminals. “Winner” became a druggatic and has been arrested at least 3 dozen times on breaking and entering charges.

Just thought I’d share that.

Domovoi
Posts: 215
Joined: Fri Aug 17, 2007 9:37 am UTC

Re: "Exploits of a Mom"

Postby Domovoi » Wed Oct 10, 2007 9:37 pm UTC

sab39 wrote:
mootinator wrote:
iabervon wrote:On one hand, she's great. On the other hand, nobody wants to be the first to ask for her contact info.

555-1234'; TRUNCATE Wang; -- ??

More likely 911-555-4242...

(H=4, A=2...)


Pretty sure it's 867-5309. Now we know her first name, too.

adhair
Posts: 10
Joined: Mon Jan 15, 2007 11:17 pm UTC

Re: "Exploits of a Mom"

Postby adhair » Wed Oct 10, 2007 10:23 pm UTC

I love how his name has trailing whitespace, for MySQL compatibility.

Austin

User avatar
sillybear25
civilized syllabub
Posts: 435
Joined: Tue Jun 19, 2007 2:19 am UTC
Location: Look at me, I'm putting a meta-joke in the Location field.

Re: "Exploits of a Mom"

Postby sillybear25 » Wed Oct 10, 2007 10:44 pm UTC

eryanv wrote:I'm not sure I get how the alt text relates to this comic, except being a very unusual name. Is it a reference to something?


It's another name prank. On her driver's license, it will read "Help, I'm trapped in a driver's license factory!"

You know, like a person trapped in a driver's license factory is sending out a distress signal by printing that on a driver's license...

Jokes are always less fun when you have to explain them... :(
This space intentionally left blank.

imMAW
Posts: 112
Joined: Sun Mar 18, 2007 10:30 pm UTC
Location: Chicago
Contact:

Re: "Exploits of a Mom"

Postby imMAW » Thu Oct 11, 2007 12:45 am UTC

So today I got a letter from the University of Missouri-Rolla. The person they sent it to? "Michael Delete 14039913wartz". I wasn't amused; if a technology school cant manage their their own databases, what is the world coming to? By the way, my last name isn't even wartz, although it is close.

bassett
Posts: 8
Joined: Fri Jul 27, 2007 8:45 pm UTC

Re: "Exploits of a Mom"

Postby bassett » Thu Oct 11, 2007 12:49 am UTC

This is by far the best comic yet. I can only imagine the migrains that would cause.

User avatar
connorsname
Posts: 30
Joined: Wed Sep 05, 2007 7:59 pm UTC

Re: "Exploits of a Mom"

Postby connorsname » Thu Oct 11, 2007 12:54 am UTC

If she was really smart she would had another name at the end that begins with a z. That way his name would be the last one typed in.

Jackson Marten
Posts: 2
Joined: Thu Sep 20, 2007 3:33 am UTC

Re: "Exploits of a Mom"

Postby Jackson Marten » Thu Oct 11, 2007 1:38 am UTC

I don't get this comic. However, given the amount of hilarity I often find bulging at the seams of this little nugget of internet joy, I can't help but giggle anyway.

I think this comic causes me to stockpile chortles for jokes like today's. Keep up the good work.

User avatar
muteKi
Angry is too weak a term. Try "Fluffy".
Posts: 372
Joined: Tue Dec 19, 2006 4:02 am UTC
Location: William and Mary, Williamsburg, VA

Re: "Exploits of a Mom"

Postby muteKi » Thu Oct 11, 2007 1:57 am UTC

segxr7 wrote:I work for a company that does some business-level Web hosting. A few of our clients run some of the most horribly-written web applications I've ever seen in my life; as a result I've had this conversation way too many times:

Client: "We're trying to add a customer to our database, but it won't go through! I can add other people just fine, but I tried 5 times and it refuses to add this one person. I don't get it!"
Me: "Is the customer's last name O'Brien, by any chance?"
Client: "How on earth did you know that?!?"

I'm pretty sure the Irish are responsible for the majority of broken SQL queries.


I don't have a lot of SQL knowledge, but I could understand the idea of the comic. This, however, I don't really understand too well.

EDIT: Looking it up, I'm guessing that it's based on the apostrophe.
Image

Pxtl
Posts: 44
Joined: Thu Sep 20, 2007 1:12 pm UTC

Re: "Exploits of a Mom"

Postby Pxtl » Thu Oct 11, 2007 2:31 am UTC

@muteKi

insert into users (lastname)
values('Smith');

becomes
insert into users (lastname)
values('O'Brien');

notice the preponderance of single-quotes. An apostrophe in text is the quickest way to discover SQL-injection-weakness. Imho, the use of single-quotes in SQL is a feature, not a bug, since they're used so often in English. It means that an injection weakness is hard to miss.

Gracenotes
Posts: 37
Joined: Thu Oct 11, 2007 2:29 am UTC

Re: "Exploits of a Mom"

Postby Gracenotes » Thu Oct 11, 2007 2:48 am UTC

I've been a reader of xkcd for a bit, but have registered just to mention that this comic strip is the most hilarious thing I have seen in well over a week; perhaps a month. It even prompted me to check if a site I'm involved in developing could have its SQL injected by a search. (Not really--the MySQL user doing the searching only has permissions to SELECT).

The next time someone asks for a noun for Mad Libs, I'll be sure to say "rock and everyone died. The End." or suchlike :P

User avatar
williamager
Posts: 299
Joined: Wed Dec 27, 2006 9:32 am UTC
Location: Aldeburgh, Suffolk (actually US...)
Contact:

Re: "Exploits of a Mom"

Postby williamager » Thu Oct 11, 2007 3:21 am UTC

Gracenotes wrote:I've been a reader of xkcd for a bit, but have registered just to mention that this comic strip is the most hilarious thing I have seen in well over a week; perhaps a month. It even prompted me to check if a site I'm involved in developing could have its SQL injected by a search. (Not really--the MySQL user doing the searching only has permissions to SELECT).

The next time someone asks for a noun for Mad Libs, I'll be sure to say "rock and everyone died. The End." or suchlike :P


This is terribly off-topic, and belongs in the intro thread, but are you the Gracenotes of Wikipedia fame?
Do I dare
Disturb the universe?
In a minute there is time
For decisions and revisions which a minute will reverse

User avatar
Geekthras
3) What if it's delicious?
Posts: 529
Joined: Wed Oct 03, 2007 4:23 am UTC
Location: Around Boston, MA

Re: "Exploits of a Mom"

Postby Geekthras » Thu Oct 11, 2007 3:36 am UTC

You know why all this happened?

Here:

School IT Programmer1: Don't you think we should sanitize the input?
Programmer2: What for?
Programmer1: Just in case someone enters something involving the string single-quote close paren.
Programmer2: Oh, but nobody would ever do that!
Programmer1: *heart attack*
Wait. With a SPOON?!

User avatar
Balsamic
Posts: 84
Joined: Fri Aug 24, 2007 12:00 am UTC
Location: Sydney, Australia
Contact:

Re: "Exploits of a Mom"

Postby Balsamic » Thu Oct 11, 2007 3:52 am UTC

Should I feel worried that this comic made be feel all warm and fuzzy inside? Absolutely hilarious. You've made my month.

Sadly Geekthras, I've had numerous conversations with supposedly qualified peers that sounded uncannily similar to that. I might start handing out this comic instead.
Oscar Wilde, The Picture of Dorian Gray wrote:I choose my friends for their good looks, my acquaintances for their good characters, and my enemies for their good intellects. A man cannot be too careful in the choice of his enemies.

mons00n
Posts: 1
Joined: Thu Oct 11, 2007 4:00 am UTC

Re: "Exploits of a Mom"

Postby mons00n » Thu Oct 11, 2007 4:01 am UTC

oh man, this one made me crack up for like 2 minutes...my girlfriend didnt get it :(

User avatar
Kudos
Posts: 28
Joined: Tue Oct 02, 2007 6:57 pm UTC

Re: "Exploits of a Mom"

Postby Kudos » Thu Oct 11, 2007 4:51 am UTC

I'm glad my mom didn't think of this. She probably would've tried. Maybe she did try but my father managed to stop her bizarre plot. Maybe the fight to name me was an epic struggle which ended with me getting a fairly normal but obscure name.

I wonder what the kids at school would've called me.

User avatar
Sophia
Posts: 4
Joined: Thu Oct 11, 2007 8:50 am UTC
Location: Middle of Oregon

Re: "Exploits of a Mom"

Postby Sophia » Thu Oct 11, 2007 9:42 am UTC

It's funny, earlier today my husband and I decided that we should name one of our children Sudo. After reading this comic, we we changed our mind ;)

I agree with whoever said that most schools would be running Access :-( even the national forest service around here uses it, and I live in Oregon where there is a lot of forest.

Yayuhz
Posts: 26
Joined: Sun Sep 09, 2007 10:13 am UTC

Re: "Exploits of a Mom"

Postby Yayuhz » Thu Oct 11, 2007 9:55 am UTC

Jackson Marten wrote:I don't get this comic. However, given the amount of hilarity I often find bulging at the seams of this little nugget of internet joy, I can't help but giggle anyway.

I think this comic causes me to stockpile chortles for jokes like today's. Keep up the good work.


Neither do I. Could someone please explain this for us?

(O lawd, this comic is pretty much the only thing in my life that makes me feel kinda dumb time to time =[ )

User avatar
Moo
Oh man! I'm going to be so rebellious! I'm gonna...
Posts: 6398
Joined: Thu Aug 16, 2007 3:15 pm UTC
Location: Beyond the goblin city
Contact:

Re: "Exploits of a Mom"

Postby Moo » Thu Oct 11, 2007 10:52 am UTC

Yayuhz wrote:Could someone please explain this for us?
It was explained earlier in the thread, but here goes my humble version (ps I'm assuming complete database ignorance here so forgive me if it sounds condescending).

If you wanted to add a student to a database or change some of their details, you would create a SQL statement to do it, which may look like this:
INSERT INTO TableStudents (StudentAge, StudentName) VALUES (13, 'John Smith');
where the single quote ' denotes the start and end of a string and the semi-colon ; denotes the end of the SQL statement.

And if you were to write a nice user-friendly application for an administrator to do this, you would let them enter the name and age in text fields and then programmatically run the same SQL query but with the 'John Smith' and 13 bits as variables:
INSERT INTO TableStudents (StudentAge, StudentName) VALUES (VariableAgeInteger, VariableNameString);

Now consider what would happen if that administrator added little Bobby Tables' details. When the variables get inserted into the SQL statement it will look like this:
INSERT INTO TableStudents (StudentName, StudentAge) VALUES (12, 'Robert'); DROP TABLE Students'--');
So the SQL engine will think that the single quote ' after Robert terminates the character string, the close brace ) terminates the VALUES section and the ; terminates the SQL statement, and then process whatever comes after that as a new SQL statement. This happens to be the instruction to drop (delete) the whole table of students, and then cleverly the -- makes everything after that a comment and thus ignored.

This makes all sorts of assumptions, like the fact that the table is called students but if it works, this is called a SQL injection attack.

Make sense?

EDIT: And so the bit about sanatizing your database inputs is a reference to the fact that a good programmer should anticipate SQL injection attacks and so process single quotes (or other characters that should not be in strings) in some way before letting them into the SQL statements.
Proverbs 9:7-8 wrote:Anyone who rebukes a mocker will get an insult in return. Anyone who corrects the wicked will get hurt. So don't bother correcting mockers; they will only hate you.
Hawknc wrote:FFT: I didn't realise Proverbs 9:7-8 was the first recorded instance of "haters gonna hate"

Domovoi
Posts: 215
Joined: Fri Aug 17, 2007 9:37 am UTC

Re: "Exploits of a Mom"

Postby Domovoi » Thu Oct 11, 2007 12:06 pm UTC

Sophia wrote:I agree with whoever said that most schools would be running Access :-(


Why would that be a bad thing? Access is perfectly suitable for smallish databases that need to be maintainable by people with limited technical knowledge. Like schools.

elminster
Posts: 1560
Joined: Mon Feb 26, 2007 1:56 pm UTC
Location: London, UK, Dimensions 1 to 42.
Contact:

Re: "Exploits of a Mom"

Postby elminster » Thu Oct 11, 2007 12:33 pm UTC

Geekthras wrote:*snip*
Programmer2: Oh, but nobody would ever do that!
Programmer1: *heart attack*

Yeah, i've learnt already that if it can be hacked... it will get hacked.

I've played alot of beta mmorpgs and loads of them make classic mistakes, leading to generic speed hacks/duping/invincibility/etc. If you have to leave something that can be abused (Generally done for smooth gameplay) check, log and deal with it (e.g. Kick/Bans/Resticted gameplay). I know of people who've made thousands of dollars from hacked game things (One guy made $2000 out of a weekend of hacking), so it's extremely worth while.
Image

julesh
Posts: 22
Joined: Wed Jul 04, 2007 9:20 am UTC

Re: "Exploits of a Mom"

Postby julesh » Thu Oct 11, 2007 3:06 pm UTC

SEN5241 wrote:Aren't you guys forgetting a 'commit;' statement in there somewhere?

*confused*
*maybe used to super old dbs's like DB/2 and IMS*

Oh, and the younger brother's name is probably Timmy'; sudo rm -rf / #


The app itself probably has a 'commit' somewhere after any update command it uses. Also, many databases have an automatic commit feature which most simple apps tend to use. Transactions are not always necessary.

yet another one
Posts: 65
Joined: Fri Oct 05, 2007 9:36 pm UTC

Re: "Exploits of a Mom"

Postby yet another one » Thu Oct 11, 2007 3:19 pm UTC

Holy shit, this comic is linked by Daring Fireball and kotte.org!

Reminds me that I should sanitize the inputs.
At least we are the people.

User avatar
dragonfrog
Posts: 172
Joined: Sat Oct 21, 2006 6:43 pm UTC
Location: Soviet Canuckistan

Re: "Exploits of a Mom"

Postby dragonfrog » Thu Oct 11, 2007 3:58 pm UTC

williamager wrote:In fact, a whole host of such situations could be considered: if, for example, one changes one's name to "Fire!", and someone calls one's name in a crowded room, who is at fault?


I know a girl named Fire. She even went to an arts and theatre-focused high school. I'm not aware of any theatre-stampedings having occurred on her account. Perhaps everyone there knew her, and would have been in danger of failing to escape had a fire broken out at the school...

In the interest of accuracy - Fire is actually her middle name, but it's what she goes by.

User avatar
Moo
Oh man! I'm going to be so rebellious! I'm gonna...
Posts: 6398
Joined: Thu Aug 16, 2007 3:15 pm UTC
Location: Beyond the goblin city
Contact:

Re: "Exploits of a Mom"

Postby Moo » Thu Oct 11, 2007 4:09 pm UTC

dragonfrog wrote:In the interest of accuracy - Fire is actually her middle name, but it's what she goes by.
want to be named Fire :-(
Proverbs 9:7-8 wrote:Anyone who rebukes a mocker will get an insult in return. Anyone who corrects the wicked will get hurt. So don't bother correcting mockers; they will only hate you.
Hawknc wrote:FFT: I didn't realise Proverbs 9:7-8 was the first recorded instance of "haters gonna hate"

jtniehof
Posts: 312
Joined: Mon Sep 10, 2007 9:00 pm UTC

Re: "Exploits of a Mom"

Postby jtniehof » Thu Oct 11, 2007 4:21 pm UTC

woktiny wrote:We have a guy here whose legal name is only one word, no "last name".

One-name guy I know puts it as last name, and puts "Mister" in the first name field if it's required.

szarka
Posts: 33
Joined: Mon Sep 24, 2007 9:45 pm UTC
Location: Spaceship Earth
Contact:

Re: "Exploits of a Mom"

Postby szarka » Thu Oct 11, 2007 5:02 pm UTC

Sophia wrote:It's funny, earlier today my husband and I decided that we should name one of our children Sudo. After reading this comic, we we changed our mind ;)


But, wouldn't it be useful to be able to say, "Sudo, clean up your room!" and such? You gotta do it!

Gracenotes
Posts: 37
Joined: Thu Oct 11, 2007 2:29 am UTC

Re: "Exploits of a Mom"

Postby Gracenotes » Thu Oct 11, 2007 5:22 pm UTC

williamager wrote:
Gracenotes wrote:I've been a reader of xkcd for a bit, but have registered just to mention that this comic strip is the most hilarious thing I have seen in well over a week; perhaps a month. It even prompted me to check if a site I'm involved in developing could have its SQL injected by a search. (Not really--the MySQL user doing the searching only has permissions to SELECT).

The next time someone asks for a noun for Mad Libs, I'll be sure to say "rock and everyone died. The End." or suchlike :P


This is terribly off-topic, and belongs in the intro thread, but are you the Gracenotes of Wikipedia fame?


Oh no! You've found me. I knew I shouldn't have worn my red and white striped shirt in public... <.< Yep, it is me. Hi :)

By the way, thank you for the pointer to the intro thread. I will add an introductory post to it shortly.

tehlaser
Posts: 15
Joined: Tue Aug 14, 2007 6:10 pm UTC

Re: "Exploits of a Mom"

Postby tehlaser » Thu Oct 11, 2007 6:05 pm UTC

My database professor offered to give extra credit to anyone who named their child either "Backus Naur" or "Anomaly." I recall thinking Anomaly would make a rather spiffy girl's name.

User avatar
Eoin
Posts: 47
Joined: Mon Oct 08, 2007 2:26 pm UTC
Location: Dublin, Ireland

Re: "Exploits of a Mom"

Postby Eoin » Fri Oct 12, 2007 8:46 am UTC

I'm got some very strange looks from my office-mates due to the laughter caused by this comic. I got stranger looks when I showed it to them and told them it was funny.

This one joins a select few on my office wall.

User avatar
Moo
Oh man! I'm going to be so rebellious! I'm gonna...
Posts: 6398
Joined: Thu Aug 16, 2007 3:15 pm UTC
Location: Beyond the goblin city
Contact:

Re: "Exploits of a Mom"

Postby Moo » Fri Oct 12, 2007 9:43 am UTC

Eoin wrote:I'm got some very strange looks from my office-mates due to the laughter caused by this comic. I got stranger looks when I showed it to them and told them it was funny.

This one JOINs a SELECT few on my office wall.
<INSERT tedious SQL joke here>
Proverbs 9:7-8 wrote:Anyone who rebukes a mocker will get an insult in return. Anyone who corrects the wicked will get hurt. So don't bother correcting mockers; they will only hate you.
Hawknc wrote:FFT: I didn't realise Proverbs 9:7-8 was the first recorded instance of "haters gonna hate"

woktiny
Posts: 97
Joined: Tue Sep 11, 2007 2:42 pm UTC
Contact:

Re: "Exploits of a Mom"

Postby woktiny » Fri Oct 12, 2007 2:29 pm UTC

Gracenotes wrote:(Not really--the MySQL user doing the searching only has permissions to SELECT).


That's actually still dangerous, depending on the content, of course, a user could use injection to download the whole database (in short) by using some funny where conditions and recording whether they yeild an error, and some inference.

szarka wrote:
Sophia wrote:It's funny, earlier today my husband and I decided that we should name one of our children Sudo. After reading this comic, we we changed our mind ;)


But, wouldn't it be useful to be able to say, "Sudo, clean up your room!" and such? You gotta do it!


Only until the child learns the appropriate response for sudo requests: http://comic.woktiny.net/22

segxr7
Posts: 3
Joined: Tue Jul 03, 2007 11:22 pm UTC

Re: "Exploits of a Mom"

Postby segxr7 » Fri Oct 12, 2007 6:12 pm UTC

woktiny wrote:
Gracenotes wrote:(Not really--the MySQL user doing the searching only has permissions to SELECT).


That's actually still dangerous, depending on the content, of course, a user could use injection to download the whole database (in short) by using some funny where conditions and recording whether they yeild an error, and some inference.


Not just that, but if the website has user accounts in an SQL table, you can login to anyone's account with a password of: "x' OR 1=1; --"

The query becomes something like: SELECT * FROM users WHERE username='admin' AND password='x' OR 1=1; --'

User avatar
dckx
Posts: 12
Joined: Sat Oct 13, 2007 12:36 am UTC

Re: "Exploits of a Mom"

Postby dckx » Sat Oct 13, 2007 12:42 am UTC

Moo wrote:
jsd1982 wrote:Unfortunately, NULL <> 'NULL' in any SQL database I've seen yet... :D
In fact, NULL <> *anything*
Get your head around THAT one.



Oh, that's fairly easy.... assuming you customarily think in terms of addressed bits and the like. I claim this is normal.


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: Google [Bot] and 42 guests