this post was submitted on 04 Apr 2024
960 points (97.4% liked)

Programmer Humor

19452 readers
147 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] BombOmOm@lemmy.world 85 points 7 months ago (28 children)

Assuming the accounting system this thing links with both does not protect from SQL injection attacks (many don't, despite it being easy to protect against) and also has a table named "Bills" with a field named "amount"; what this would do is go through every single Bills record and half the value in the amount field. This would completely fuck the system, particularly when it came to billing and tax filing as the numbers for accounts billing and receivable wouldn't even come close to matching each other. The accounting department would have a hell of a time fixing the damage.

[–] Aquila@sh.itjust.works 103 points 7 months ago (5 children)

Need to throw a rand() in there to make it less easy to unfuck

[–] Gork@lemm.ee 16 points 7 months ago (4 children)
[–] Mic_Check_One_Two@reddthat.com 47 points 7 months ago (3 children)

Yup. Rand() chooses a random float value for each entry. By default I believe it’s anywhere between 0 and 1. So it may divide the first bill by .76, then the second by .23, then the third by 0.63, etc… So you’d end up with a completely garbage database because you can’t even undo it by multiplying all of the numbers by a set value.

[–] proper@lemmy.world 23 points 7 months ago
[–] Buddahriffic@lemmy.world 15 points 7 months ago

Also, by dividing by a number between 0 and 1, you increase the amount it looks like it billed. So income will look like it's higher than outgoing funds, which will raise suspicions of embezzlement. And if someone actually is embezzling, whatever accounting tricks they've been using to hide it might just stop working because everything might need to be examined with a fine tooth comb. "Oh, the billing numbers aren't right, and also it turns out the invoice numbers aren't right either. Billing issue was tracked to a hack, but what's going on with these invoices?"

[–] affiliate@lemmy.world 5 points 7 months ago

if you're trying to be malicious, wouldn't it be better to multiply by Rand() instead of divide by Rand()?

assuming there are a decent number of recorded sales, you'd end up seeing many of the calls to Rand() returning values very close to 0. so, if you're dividing by those values, you'd end see lots of sales records reporting values in the thousands, millions, or even billions of dollars. i feel like that screams "software bug" more than anything. on the other hand, seeing lots of values multiplied by values close to 0 would certainly look weird, but it wouldn't be as immediately suspicious.

(of course a better thing would just be to use Rand() on a range other than [0,1])

load more comments (22 replies)