the adjectives on the tip options are so weird lol What a shitty system to even exist
I want to know what it says under 30%.
“Scammed”
One day someone will use the SQL injection to execute code on the remote server to add message to the web site that tells the workers to unionise and demand actually fair wages and put an end to the whole tipping nonsense
Please write this code and I’ll do it
tomorrowwhen stuff opens today.
Little Bobby Tables says hi.
Hi!
You’re not so little anymore!
The meme says “IRS”, so it’s obviously intended to refer to America.
But outside of that context, they’d fucking deserve it for their shitty dark pattern UX trying to export American tipping culture into the civilised world. If people want to tip, they can do it using cash (so the money actually goes to the person you intended it to!). Or at most, there could be a little “tip” button in the corner somewhere that then takes you to a page like this. It shouldn’t be shoved in our faces like this.
Live in a country where tipping is practically unheard of. Lately pay terminals have started appearing in restaurants that have asking for tip enabled by default, and restaurants often don’t know how to disable it.
Well, at least there are some safeguards. I was handed the terminal so I put in my PIN code, not realising it was actually asking for a tip. I was pretty confused when it said “value too high” or something like that.
Taalen’s PIN > 0001 confirmed.
I, an American, was ashamed when I had to ask that a tip be removed from my bill at a restaurant in Camden.
CAMDEN WAS SUPPOSED TO BE WOKE AND Y’ALL FUCKING DOG OVER HERE
Pay your damn staff a good wage
Camden in Sydney? That’s appalling. It’s bad enough to be presented with a screen like in the OP. Needing to actually speak to a person to not have a tip added sounds probably illegal.
Camden Town in London actually; historically counterculture, but punk is dead at The Cheese Bar.
Ah right, cheers. Tbh my first guess was that it might be a place in Britain, but I didn’t know so I Googled it and all the results were about Sydney (including one from brittanica.com…).
Well, we did almost end up in Canberra at one point, but as luck would have it the wife’s boss didn’t support the transfer. It’s no Sydney, but anything would have been better than staying stateside. I don’t really miss it, and all my friends say it’s worse now 🙂
Who carries cash, though?
Germans.
Americunts shit on you when you tell them tipping culture is bad. Like, here in my third world country, where we all earn a misery compared to the minimum wage in burger land, we can say no to tips or just give a few cents or some more…fuck this. Food is already expensive. I am not going to waste extra cash for my food.
What code could I enter there to get them to pay me for the food? 🤔
I’d love to know what this would actually do.
Edit: Thanks for the responses and lively discussion!!
Assuming the accounting system this thing links with both does not protect from SQL injection attacks (many don’t, despite it being easy to protect against) and also has a table named “Bills” with a field named “amount”; what this would do is go through every single Bills record and half the value in the amount field. This would completely fuck the system, particularly when it came to billing and tax filing as the numbers for accounts billing and receivable wouldn’t even come close to matching each other. The accounting department would have a hell of a time fixing the damage.
Need to throw a rand() in there to make it less easy to unfuck
In the amount/2 term?
Yup. Rand() chooses a random float value for each entry. By default I believe it’s anywhere between 0 and 1. So it may divide the first bill by .76, then the second by .23, then the third by 0.63, etc… So you’d end up with a completely garbage database because you can’t even undo it by multiplying all of the numbers by a set value.
Satan?
does not protect from SQL injection attacks (many don’t, despite it being easy to protect against)
Every modern database library automatically protects against SQL injection, usually by using prepared statements (where the query with placeholders, and the placeholder values, are sent as two separate things). so a system would have to be written extremely poorly to be vulnerable to it.
This post is just a joke as developers should hopefully be aware of the OWASP top 10 security vulnerabilities.
Edit: Bad developers will do bad things, but any reasonable developer should be well aware of these risks.
Oh sweet summer child.
First, injection attacks are third on the owasp list, although they do roll xss into it too, which changed the name, since “shit sanitization on input” and “shit escaping before use” are the cause of both.
https://owasp.org/Top10/A03_2021-Injection/Secondly, SQL injection is freakishly common and easy. I don’t know of any database libraries that prevent you from directly executing an SQL literal, they just encourage parameterized statements.
I have personally run into plenty of systems where people build SQL via string concatenation because for whatever reason they can’t use an orm or “proper” SQL generator.
You can find them in the wild fairly often by just tossing
' or 1=1;--into fields in forms. If it gets mad in a way that doesn’t make sense or suddenly takes forever, you win!Don’t do that though, because it’s illegal.
Well no. If the programmer uses prepared statements, they are protected. If they use a prepared statement but actually just put their own unsanitized statement in there and execute it, it’s not protected.
Now, I’d like to say it is 2024 and everyone should be using AT LEAST prepared statements for security. I’ve seen people doing some scary things in my time, and that includes quite recently.
Bad developers will do bad things, but most DB framework documentation points people towards the right way to do things, which is why I said it’s not common any more.
Bad developers are common though. And good documentation won’t stop a bad developer from doing a bad thing.
I agree that SQLi isn’t as common as it once was, but it still very much exists.
Every modern database library automatically protects against SQL injection,
No. Every modern library allows using prepared statements, but very few (of any) force using them. If the developer doesn’t use them the libraries won’t do shit to protect you.
What I meant is that not many people write raw SQL in product code any more, other than for analytical purposes (which are often in a system like Apache Airflow rather than in product code). ORM systems have mostly taken over except for cases where you really need raw SQL for whatever reason.
Practically every dev learnt SQL and it’s really easy to put hands crafted SQL in code so it’s an easy mistake to make
Jokes on you. Restaurant owner too rich, behavior is within normal range for IRS AI.
Though the AI is interested on how your bank account is higher than it’s supposed to be.
Joke’s* on you
(Short for “The joke is on you”.)
I wish 15% and 18% were options. Normally it’s more like 20%, 25% (default), 28%, 30%
Too complicated. Just enter a negative number.
No negative sign on the keyboard. But you can enter 2147483647
Risky gamble there
