Category: Humor

Jamie Kitson followed the instructions to integrate their software with a new payment provider. The payment API was fairly straight forward, mostly a straightforward call to a web endpoint. As an error check, the request required an base-64 encoded, MD5 hash of its contents appended to the end of it.

Jamie did just that, in C#. And the payment processor balked: the hash was wrong. There was no information beyond that, just “bad hash”.

Jamie checked the output, hashed many different possible values, confirmed that a different MD5 hashing library generated the same results, and did all of the sane things one might to do check and see if you were correctly hashing an input. They checked the documentation, confirmed that they were hashing the right contents, confirmed that there wasn’t any salting, confirmed that nothing they were doing on their end was wrong.

Eventually, Jamie tried the JavaScript sample code provided by the vendor. And it gave a different result.

var hashVal = CryptoJS.MD5(hStr)
var hashVal = window.btoa(hashVal)

This seems pretty straightforward, right? We hash the content, and then Base64 encode it. It looks nearly identical to the C# code that Jamie was using. And requests generated using this method worked. So what was wrong?

Jamie checked out the docs for CryptoJS. The hashing functions didn’t return strings, they returned WordArray objects- arrays of 32-bit integers. But, when you attempt to use a WordArray as if it were a string, well: “When you use a WordArray object in a string context, it’s automatically converted to a hex string.”

The payment provider wasn’t Base64 encoding the hash. They were Base64 encoding the hex string representing the hash. That wasn’t just in their sample code, that was their actual implementation.

The WordArray object has its own Base64 conversion (hash.toString(CryptoJS.enc.Base64)), which generated output identical to Jamie’s.

So the payment provider used a cryptographic library without a full understanding of its interface, ended up treating hashes like hexadecimal strings, not binary data, and then required all customers to do the same- without documenting that requirement. Oh, and since the string is a hex string, you don’t need to Base64 encode it in the first place, making the whole thing extra silly.

And they’re handling payments, which raises all sorts of questions.

Making fun of the headlines today, so you don’t have to

The news, even that about Barbie opening day, doesn’t need to be complicated and confusing; that’s what any new release from Microsoft is for. And, as in the case with anything from Microsoft, to keep the news from worrying our pretty little heads over, remember something new and equally indecipherable will come out soon:

Really all you need to do is follow one simple rule: barely pay attention and jump to conclusions. So, here are some headlines today and my first thoughts:

Barbie opening day box office clobbers The Batman, Spider-Man and Guardians of the Galaxy

Personally, I didn’t think Ken had the balls to help pull this off.

Texas picked worst state to live in

So, Texas is now called the “Lone Star State” based on its Yelp reviews.

JFK’s Grandson, Jack Schlossberg, calls RFK Jr.’s Presidential Candidacy an “Embarrassment”

And you thought your family reunion was going to be awkward….

Trump giddily suggests White House cocaine belonged to the Bidens

Look, Joe Biden can’t be both Sleepy Joe and on cocaine. Pick one.

Comic Con opens

They have a speed dating booth at Comic Con so people can quickly find out who they won’t be having sex with.

Tesla’s Board of Directors return $735 million after being accused of overpaying themselves

Or, a buck twenty in Twitter stock.

‘Family Guy’ slammed by Russian official for how it portrayed the country in season finale

Look for Putin to call in Boris and Natasha.

Large alligator swims out of ocean and onto Alabama beach surprising visitors

… and doubling his cholesterol.

RIP Tony Bennett

What an amazing voice! And, he smoked more pot than Snoop. He’ll be missed by music fans and pot dealers around the globe. God speed.

Man points gun at Burger King workers in Wisconsin after they were unable to take his order, police say

Special orders don’t upset us, my ass.

More indictments coming

Sounds like Trump’s hairpiece saw its shadow; that means 6 more weeks of indictments.

Jury awards family $800K in Chicken McNuggets burn case

Would’ve been higher if they found real chicken …

Vice President Kamala Harris matches record for tiebreaking votes in Senate

While DeSantis breaks record for being a broken record.

In addition to dropping sales revenue, both Lindell and MyPillow are facing a $1.3 billion defamation lawsuit

… holy, sheet, Batman!

Paul Lander is not sure which he is proudest of — winning the Noble Peace Prize or sending Congolese gynecologist Dr. Denis Mukwege to accept it on his behalf, bringing to light the plight of African women in war-torn countries. In his non-daydreaming hours, Paul has written for Weekly Humorist, National Lampoon, American Bystander, Huff Post Comedy, McSweeney’s, Bombeck Writers Workshop Blog and the Humor Times, written and/or produced for multiple TV shows and written standup material that’s been performed on Maher, The Daily Show, Colbert, Kimmel, etc. Now, on to Paul’s time-commanding Special Forces in Khandahar… (See all of Paul’s “Ripping the Headlines Today” columns here.)

Latest posts by Paul Lander (see all)

The Florida governor says that his “Anti-Wokeland” will rival Disney World and eventually put it out of business.

In his continuing war with Disney World, Governor DeSantis has revealed a plan to create a competing amusement park called “Anti-Wokeland” using his ongoing political theme to fight “Woke ideology.”

Anti-Wokeland will emphasize binary gender as all entering guests will need to present their birth certificates to determine their gender at birth.

To signify that they have paid their admission, all male adults and boys will be issued blue bow ties to wear while in the park and adult females and girls will be given headbands with pink bows. Transgender individuals will not be allowed to enter the park unless they wear the bow tie or pink bow associated with their gender at birth and dress accordingly.

Upon entering the park, guests will face a huge bonfire. Alongside the bonfire are bookstands where they can buy books to toss into the fire, such as Catcher in the Rye, Uncle Tom’s Cabin, and various books featuring LGBTQ+ content and characters. Guests are also allowed to bring their own books to toss into the fire.

Adjacent to the bonfire is the Anti-Woke Library, where guests can choose from various textbooks and rewrite history. The main categories are civil rights, slavery and the Civil War.

Guests can then enjoy a number of game booths. “Dunk a Drag Queen” is expected to be one of the most popular attractions. Guests will throw baseballs at a target to have a drag queen manikin fall into a vat of water.

Two anti-abortion booths are planned. In Spin the Fetus, a plastic fetus is attached to the middle of a rotating wheel with various months of gestation around the edge of the circle. The guest wins a prize if the head of the fetus lands on any time 15 weeks or less. Similarly, guests toss balls into wooden boxes each representing a different gestation time. Balls landing in boxes 15 weeks or less win a prize.

Another booth has a huge map of the US with the states identified as red or blue with the appropriate color balloon. Each guest gets five darts to pop the blue balloons. The more blue balloons they pop, the bigger the prize.

The Gerrymandering Room is for adults, because it is a more complicated game. This is a competition in which ten guests compete to gerrymander a map of Florida . The winner is the guest who secures the most Republican seats.

In a final blow to his rival, DeSantis has created a variation on the Whack a Mole game. The guests use a large mallet to smash Mickey Mouse as he peeps out of each hole.

Diane de Anda is a third generation Latina and retired UCLA professor. Tired of cranking out technical articles in a “publish or perish” atmosphere, she now spends most of her time writing adult fiction, children’s books, parody, and satire.Her weapon of choice is the limerick, aimed with humor and a touch of malice at society’s icons, celebrities, politicians, and other irritating folk.

Latest posts by Diane de Anda (see all)

David S writes: “I’m undertaking a refactor and facelift of an Oracle APEX application.”

That, already, is the real WTF. Oracle Application Express, or APEX (formerly ApEx, formerly HTML DB) is Oracle’s offering in the low-code business application space. Using a WYSISYG designer, you build pages and bind them to SQL queries, stored procedures, etc., allowing users with little to no programming experience to design data driven applications.

Like all such tools: it works fine for the very simple tasks, but once you try and model real-world applications in it, everything falls apart. Some of this is just the nature of low-code tools. Some of this is because much of Oracle APEX is implemented in Oracle’s PL/SQL database language. Some of this is because Oracle keeps bolting features onto it, hoping that it finally gets the traction they want for it.

Which, on the scope of traction, you can see the collection of applications folks want to admit to having built in APEX here, which includes “Target Executive Search” (a job site for finding executives) and “My Karaoke”. APEX has range. There are dozens of other such sites, including Built with Apex itself..

But none of that is David’s problem. David inherited this PL/SQL code which is invoked from an APEX page.

DECLARE

v_func boolean;
rowcheck number;
watcher_id number;


CURSOR c1 IS 
SELECT * FROM CHR_WATCHER 
WHERE CHRW_CHANGE_NO = :P2_CHR_CHANGE_NO 
AND CHRW_ACTIVE = 1;

BEGIN


SELECT COUNT(*) 
INTO rowcheck 
FROM CHR_WATCHER 
WHERE CHRW_CHANGE_NO = :P2_CHR_CHANGE_NO 
AND CHRW_ACTIVE = 1;


IF rowcheck = 1 THEN 
SELECT CHRW_PER_ID 
INTO watcher_id   
FROM CHR_WATCHER C  
WHERE c.CHRW_CHANGE_NO = :P2_CHR_CHANGE_NO 
AND CHRW_ACTIVE = 1;

v_func:=send_email_watch (watcher_id, :P2_CHR_AUTH2, :P2_CHR_PERSON_RESP, :P2_CHR_CHANGE_DESC,:P2_CHR_CHANGE_NO,:P2_CHR_CHANGE_DATE);


ELSIF rowcheck > 1 THEN 
FOR record IN c1 
LOOP

v_func:=send_email_watch (record.chrw_per_id, :P2_CHR_AUTH2, :P2_CHR_PERSON_RESP, :P2_CHR_CHANGE_DESC,:P2_CHR_CHANGE_NO,:P2_CHR_CHANGE_DATE);

END LOOP;

END IF;

END;

First off, as is standard for PL/SQL, we need to declare all our variables in a block at the top. These variables include a cursor, which is Oracle’s main way of interacting with records.

At the top of the function, we use a SELECT INTO which is the other common way of interacting with data in the database. The query in this case is exactly the same as the cursor, except it’s a count of the records.

Then we have our logic: if the number of rows is 1, run the query again to populate a variable, and call the send_email_watch function with the results. If there are more than one rows, use the cursor and loop across the results, calling the same function.

Why the branch? It’s a mystery. My suspicion is that the code was originally written with the assumption there would only ever be one row handled by this code. Someone requested that it support multiple rows, so boom: we add a branch. This solution shows a radical lack of understanding regarding loops though, since a loop that only executes one iteration is still a loop.

“To be fair,” David writes, “it runs fine.” That doesn’t mean the code isn’t getting refactored, but it does at least do its job, which is something, I suppose.