inb4 everyone puts their name as "null" in the HAI suggestions form. But if you do, just make sure to include a quality topic suggestion along with that, because not only do these suggestions help fuel the channel, they also get you "the viewer" a free HAI t-shirt if we use your suggestion. Submit here: docs.google.com/forms/d/e/1FAIpQLSfUdlvw6YgU44J8AnM2U_ZvRMyvh_CUM51LYSqF5nYJB9d1-w/viewform?usp=sf_link
I literally just started learning about databases in my coding school yesterday, and we already covered how to differentiate between a protected word like "null" or "sum" or "select" or anything like that, and the string version of that word smh
strictly speaking, "null (the value)" is a meaningless statement, since both the things we're talking about are values. a string is a type of value. you could say "null (the type)" and be correct for most languages
Exactly. The video is hugely false saying things wrong. A bad programmer wrote bad code. Databases don’t usually confuse these things at all. Nor does location come up as “null, null” from GPS or anything else. Only if you don’t know what you’re doing it may be converted to such thing.
"There is no easy fix" Yeah there is. Everytime this issue shows up it is a mistake. QA should always test true null input (i.e. nothing) and string null (i.e. the string literal "null"). They should never be confused unless you have impressively stupid type coercion or you are using query strings instead of parameterized queries, which is bad practice, as without proper sanitization you have security issues far larger than this one.
@@pitaya4151 No, the correct solution is definitely to have a strong type system. A lot of people are blaming the programmers / QA testers, but I don't know if that's really right if languages have such implicit type systems where you have to be on your toes all the time
My brother told me of a co worker at his store named J B Jones. Literally that was his entire legal name. He needed to get a name tag and somehow the computer terminal submission form kept rejecting the single letters as valid names so he wrote J (only) B (only) on there thinking someone would figure it out. Next week he received a name tag for Jonly Bonly Jones which he proudly wore. Somehow it messed up his payroll and he did not get paid for several weeks before they figured it all out. 😀
Under federal law your employer is required to get you paid on time. At my last job I accidentally filled out my direct deposit info wrong. I didn't get my first check deposited. I went into work and was told payroll was in another state and I'd have to wait until the following payday. I stood right in the HR office and called an attorney. That attorney contacted my state attorniey general. A private courier brought me my check before noon the next day from half the country away.
"there is no easy fix" the fix is called not being lazy and actually treating literal string "null" as a literal string. this is the stuff they teach within the first month of a cs program.
Yeah, but you now need to fix that lazy mistake in... well, almost everywhere. Without bricking whatever systems are running on the code you are fixing. That's the tricky part, not "not making the mistake"
@@samuelmellars7855 Or you could just, y'know, keep it in mind when building a database like any half-decent programmer, as opposed to fixing it with a bodge a decade or two down the line. Always sanitise your inputs, people. *Especially* when dealing with SQL and/or PHP.
If your database can’t handle “null”, the string, you need to seriously reconsider your hiring choices. Like, sanitising inputs to prevent the string “null” from becoming null, is like, a must know for working on a database. Makes me laugh, thinking you could preform something like a SQL Injection, through something as silly as a license plate.
Sanitizing inputs is important, but it isn't even needed to prevent this sort of screw-up. In SQL, NULL is the value, "NULL" is the string, and they aren't equal. When searching for values, == "NULL" will find the string "NULL", while to find actual null values, you have to say IS NULL. I'm guessing what they've done is read a bunch of values, feed them through some processing that destroys the distinction between strings and null values, then scanned through it. The problem isn't something they've forgotten to do, it's something stupid they're adding.
@@joemck85 as it said before, they are filing everything the cops missed under something called "NULL". My guess is instead of actually assigning it a null value they made a fake registration called NULL for all their filing errors. Now instead of editing that fake registration's values, they were accidentally editing this real persons record.
Or, since somehow the only evidence we have is apparently that he went to talk shows and said this happened, he just lied because that doesn't make any sense. Even if there was a careless cast to string, I'm certain most languages, assuming they didn't just error, would turn a Null/None into an empty string ""
I knew a man who had “NO TAG” as his plates some 30years age. At that time Virginia Police used that phrase for ANY vehicle not displaying a valid state license plate. He as well changed it after receiving thousands of parking tickets and fines.
The string "NULL" is distinct from the actual value "NULL" in any well-designed system. These are the consequence of poor design, not an innocent mistake.
In fact, it's the default in virtually every database and programming language. Someone would have to actively write code to treat them the same in any system I know of, even if the developer is incompetent enough to be creating SQL injections.
Just wait until you learn how many websites regularily fall victim to SQL Injections even though SQL has a command specifically dedicated to preventing that.
"You can't change your last name Mr. John Null." "Why not?" "I have to enter your current name before you can choose a new one." "But it's Null." "Sorry, my computer won't let me enter that. You can always try calling our central office. It's the one that puts you on hold for hours before randomly disconnecting."
Bruh I spent all day working on this name and all week getting the money for it, please let me change it! Null isn't the same as "null" . Null is a value, "null" is a string! Lemme change it!
_"can't change because current name does not exist"_ Ah gotta love these errors only a computer can make. The fact they can't deal with paradoxa gives me confidence that us humans are still the masters.
You would be surprised. I see this all the time. Plus, there is a whole section of hacking devoted to text injection, where programs expect ordinary text, but actually get code that is tricked into running. Bad programming is the cause, and there is no easy fix for bad programmers.
@Jonathan Williams You mean corporate scumbags hiring interns to pocket all the profits they can to buy tenth Ferrari because morons like you bought 'gubmint is bad' propaganda and let the IT systems be outsourced to incompetent private parasites instead of having proper in house IT workers? Because it works in countries who actually let government to do it instead of drinking 1% kool aid that private is da best and it will trickle down...
Sanitizing inputs does not really help this class of problem. DBs can handle nulls. If the string 'null' is making its way it, that means something upstream in the workflow is sanitizing its inputs, maybe even passing through some intermediate format that doesn't have an explicit null. But by the time it is hitting the DB, it is already a string.
To be fair, the string value "NULL" and the *_actual real true_* NULL are two very different things. A well-built database and software can handle "NULL" just as fine as things like "1 = 1" or " ';--" But that would imply competent programming and data management which is a fairy tale given the reality of software in the world. The silver lining is at least we get videos with terrible jokes thanks to them !
The question isn't so much _why,_ it's _how._ To my knowledge any database management program these days, be it Microsoft SQL, MySQL, Maria DB, etc., would treat the user input "Null" different from an actual Null, so seriously: *_HOW?_*
As a programmer myself, I can't imagine how one can write an application in such a stupid way that it doesn't distinguish a TEXT STRING with the value "NULL" from an actual NULL value. While it is relatively easy to mistake an EMPTY text string (one that does not contain any character) with the NULL value, as under some circumstances they can be both evaluated as "nothing", I can't imagine how one can mistake the "NULL" string, which consists of four characters and certainly doesn't look like an empty string, with the NULL value which is actually nothing and NEVER converts to the text "NULL".
I guess you haven't encountered Javascript implicit conversion. See, in their infinite genious, the developers of the language decided that it would be a *good* idea to automatically convert between textual strings and numbers, so if you, for instance, try to add the number 7 to the string "13", it will automatically convert the string to a number, add 7, and give you a final answer of 20. It can be supposed that this was convenient for developers of spreadsheet websites that would otherwise have to explicitly call a conversion method for every single binding, but this has nasty potential consequences. The one relavent to the video is what happens if you try to use a NULL to look up an entry in a string dictionary, the interpreter will detect that there's a type mismatch and try to implicitly convert NULL to a string to match the types. This results in the NULL turning into the string "NULL", and if an entry in the dictionary happens to have "NULL" as its key, well, congratulations, you have reproduced the circumstances leading to the bug in the video.
That can happen when exporting data to a format which doesn't have an explicit NULL value (e.g. CSV), and then importing it again. Of course, it shouldn't happen if you are careful, but it can happen without actual ill intent.
@@veryinactiveukmapping Most of the world, really. For example, the Russian license plates follow this pattern: 1 letter, 3 numbers, 2 letters. The city code is added at the end in the form of 2 slightly smaller numbers. While you can still pick the letters and numbers for your plate if you pay the price, you can't just use a word.
In my country it's SS xx ABC xxxx where ss is state code, xx two digit regn office code within the said state, ABC any no of alphabets in a sequence that increases after xxxx the 4 digit number reaches 9999 for eg: KA 56 AA 5623... And the only thing you can get is the last 4 nos that you can pre book before you register your vehicle. Once a registration is assigned, that vehicle carries it till it's end
@@veryinactiveukmapping Caribbean. It's different by island state but here it's PAA xxxx, where P represents the parish/function, AA is 1-2 optional letters added for larger parishes where there are not enough numbers for the population, or for extra function info (e.g. Z means "taxi", ZR means "route taxi"), then a 1 - 4 digit registration number. e.g. O 357, MA 1027, XM 4
I prefer TRUNCATE TABLE. See then all the data is gone and they wont know right away. With DROP TABLE someone will know right away from query errors and they can run a quick backup :P
_It might not be a vulnerability._ The dmv violation submitter might put the literal string "NULL" as a default plate# if the input is empty. Literally anything is possible, considering *the system let them submit empty license plates for traffic violations* in the first place… *Edit: When I say "submitter" I mean the machine that submits it to the database, sorry for any confusion on that.*
Most vulnerabilities are caused directly by human error (as opposed to software bugs). If you're training people to enter "NULL" for an empty plate# and then you allow someone to get a plate that says "NULL", then you have a problem. It may not be caused by the developers, but poorly trained employees (or bad business processes) are the most commonly exploited vulnerabilities. That's why phishing scams work.
The system should be flexible so you can enter whatever. You can exclude bad inputs by not letting people buy those plates and fining ones who have them, before taking them to court with a wad of traffic tickets thicker than a New York City phone book. This is much more efficient than trying to use some non-existent crystal ball wizardry to determine what stupid novelty plates someone will acquire 10-20 years down the road as part of a self-congratulatory TED talk or whatever.
@@atk05003 You don't train people to enter "NULL" for an empty plate. You leave the field empty. i.e. you don't type anything at all. It is a bug if the program confuses the two.
As a software developer, I would apologise but this is testing 101 nowadays. Someone fucked up, and it made it's way from development to signoff without anyone checking.
As a software developer, do you really thing the dmv pays a competitive wage or do they just get software developers who couldn't get a high paying job? Or if they use a third party company on a contract, do you think that third party is trying to make the most rock solid software, or just trying to finish it as quick as possible to move on to the next contract and make $$$?
@Shakhbulat Gazgireev so you're familiar with the subject matter then? Do you know what the concept of an inside joke is? Even if it's a large scale one, if you don't get the subject matter, you won't find it funny
They're both values, just of different types, depending on the language, null can be untyped (like in C#), a special type (like in JS), or just a special value (like in C). Whereas "null" is of some string type.
@@Aidiakapi "null" is a string of values, hence the name string. it's more than one value, which can itself contain a null value or use null as the ending marker.
What are they storing these names in? If it's anything other than a String or char array, then there are more underlying problems than simply mishandling null.
People who didn't even pass basic programming 101 getting jobs to code entire police databases meanwhile I'm out working minimum wage as an intern doing mundane tasks with a college degree and years of crippling debt. Economic efficiency at its finest.
Tell me about it. I once tried to get a minimum wage job at kohls. I was told I couldn't have it because I had no BS degree. Meanwhile, the greeter literally can't talk, the sales person is making everyone mad, and the cashier is literally yelling, "I CAN HELP YOU OVER HERE!" to literally no one. Once I accidentally agreed to an interview at a gas station. I wasn't interested in the job, so I basically did the opposite of what they teach you to do in an interview. I was hired on the spot! The truth is, companies don't want to hire smart people. They want to hire dum people.
Don't make yourself a victim to this world. There's a reason that some people are successful and some aren't, and it isn't how well you can follow orders 😉
And for that matter, the countless SQL Injections that still happen every year even though SQL comes with a command built specifically to make those ineffective.
ikr, had they sanitized the input data, this wouldn't have happened, It's so sad that the world is full of stupid people. real engineers know how to use nulls in their code.
@fireballdick I don't know about him, but I once found a system made entirely out of pink temperate planets. water was pink, clouds and sky were pink, the grass was either blue or green, but the majority was ocean anyways.
I recall reading a news article some years ago about someone who had the one-digit vanity license plate "0" in Illinois, which law enforcement from around the state (not thinking it could be a real plate) had routinely used as a dummy plate when testing systems. As I recall, the actual owner lived in Chicago and found out about the problem when his car was booted for tens of thousands of dollars in unpaid citations (which obviously weren't his).
That a street cop doesn't know one doesn't test systems in the production database I can understand, but the developers of said systems should know this and make sure proper checks are in place to prevent this from happening. In my company someone did this by accident once and the amount of paperwork we had to fill in and the checks we had to put in place were insane.
Some wannabe tough guy: "Don't mess with me, I'm pretty good in a fight" Some dude whose last name is Null: "oh yeah? My very existence destroys every database known to man."
Interesting that you can’t put “Samsucks” but I’ve literally seen a “cops suck” plate, it was over 10 years ago, but I remember it strikingly because of how dumb of an idea for a plate it was
lol! The best thing about this story is the thought that because of that anti cop plate, the cops won't be all that nice to him, which reinforces his anti cop attitude with each traffic stop! 🤣
In another state (I forget which)some had '0000000' as their license plate number and that's their unknown plate default and this person also had tens of thousands of dollars in fines.
I mean, in MSSQL you literally cannot use "null" as null the value. You need to use == "null" as a comparator for the string and is null as a comparator for the value. My guess is that the reason this happened in that the police database was defaulting to putting in "null" as a string as something the programmers added intentionally as a placeholder when the license plate was unknown.
The only thing that makes sense to me is if there's a step in-between (like in javascript or something) that is blindly coercing the result to a string and then using it in subsequent queries. Nit: Also, "null" would be an object name in most DBs, like `select null from "null" where "null" = 'null'`
Fun fact: Illinois apparently doesn't ban Russian curse words on vanity plates. I used to have a neighbor who had "Blyat" as his plate and no one seemed to know what that word meant.
@@fordprefect1587 Just in case you (or anyone else) doesn't get it, it's a joke. A rough (very) translation of Cyka Blyat is actually closer to "dirty whore" (putting it politely).
To be fair it's just laziness from the developpers. "NULL", "Null" or "null" as caracter chains (or strings) are not the same as the NULL marker of databases. Even the C from the late 70's knows how to manage strings and markers.
You're assuming the database was the issue and not cops manually (or their software automatically) entering "Null" as the license plate string into the database.
@@NathanVoge none of what I said fault the database tho? Everything I said put blame on lazy devs, being the ones in charge of the DB or the application. And it's more likely the app team's fault. Even if a DB isn't made to support null fields you can work around it just fine and still avoid problems like that.
Yeah any system that falls prey to this error is just poorly designed. It's not difficult to avoid. That said, it doesn't surprise me that there's poorly written code doing this in plenty of places.
@@jonathanzimmer8143 , Y2K, yeah I remember. We weren't sure what would happen. And I had to update firmware on some computers to prevent the otherwise inevitable problem.
@@NickRoman The money to solve the problem wasn't wasted, because the computers would have to be updated anyway. Fire insurance is not a waste of money just because your house didn't burn down.
I've worked on software that handles and issues license plates in Tennessee, so I have some insight into how this might happen. These days clerk's offices are using web apps on county and state intranets built to purpose. These use browsers, and the datatype of all inputs from a browser is a string. So what you have is a programmer who made a wrong assumption about people choosing the word "null" as a vanity plate name - or rather they likely didn't give it any thought until the bug came up. I had a similar snafu crop up where I was working where the original programming team assumed no 2 plates could ever have the same value. A reasonable assumption until someone let a vanity plate expire, then successfully appealed to the state to have the name opened back up for them for the second plate from 2 years ago. Our system wasn't having any part of it - until I backdoored the system and deleted the original expired plate because I didn't have the time to do a proper fix of altering the system to use a true primary key on auto-increment as it should have been doing in the first place. Besides, I was only altering the county's local copy of the record - the state official record still had the original expired plate's existence on file in the unlikely event anyone ever needs to know about it.
I don't get it though. Why is the Californian police DB storing "null" as a string, a string that can be matched against the plate "null"? Couldn't they use something like "PLATE-NA" - that is 8 characters, so that means it will never be a valid plate in the entire state (with the limit being 7). Or even better, just have the word null multiple times, as in "NULL-NULL-NULL-NULL"?
@@odysseyguyperson something like that won't be done because null is a wide spread programming convention. Their database is just poorly written when 'null' can be confused with ' "null" '.
Good morning, yes, I'd like to request the droptables license plate. Why would I like that license plate? It was... Umm... My grandfather's nickname, yes, Bob Droptables...
The problem (not for maps or automated contact systems, but for license plate issues) is not that they are confusing the two. The problem is that it would be manually written in as "NULL". And because of how the process is simplified, not even a car make and model os verified against the system's database (done for a variety of reasons), meaning every time a PO would write "NULL", then it would be redirected to the existing plate with that name, meaning it was redirected to the guy who thought it would be smart to try and use that license plate name. This comment's section is full of people assuming the database is holding 0=value:null="NULL" to be a true statement or something similar. When all it is doing, because of how it gets input, is going "NULL"="NULL".
@@ecamiran4004 I must say I didn't consider that. I was likewise confused that it must be a pretty poorly written piece of software to convert "Null" to the SQL representation of a null value.Thank you for pointing out a much more logical reason this would be difficult to fix. Cheers to you!
@Gustav 123 DROP [database name] is used to delete a database. Usually its used for deleting database on server by using the vulnerability on some SQL databases (the newest version has a patch to prevent this)
So let’s say that someone called “Noah Body” punches you at school. Then when you have to tell who punched you, you say “Noah Body” but it sounds like “nobody”, so Noah Body gets off scott free for punching you. ^ the whole video in a nutshell
Octogon Smuggler that’s what I was going at. In English I had to read up on the Epic poems by Homer and this was one of the short stories within. Poor guy got blinded as a result :(
Or that's what Joseph Tartaro expected, but rather anytime nobody knew who punched someone, it got tracked to him. So he gets charged for punching several people.
Fun fact. They don't let you do that. If there's a plate NULL you can't to NUII or NUIL. Or other things that replace it. So if PENIS is taken which it never can be, you can't take P3N1S
This is why it's very important to distinguish strings and senselessly labelled values such as true, false, null and undefined. In fact, as I was typing this, I just put quote marks around them to label them, and then I realised they were strings and removed them. Be careful out there, programmers
So I went to 0,0 on google maps after watching this and there’s a ton of those little blue dots where you should be able to have street view but there’s nothing there, I assume the pictures were submitted without coordinates so thank you for showing me another useless piece of interesting information
8legs Void Null is better, since Void means “nothing”, and some BAD databases can confuse “Void Null” for “a variable of type Void named Null”; this may or may not crash the program
They should - This is programming 101. Unit testing against the most common and obvious mistakes. Like leaving an entry field empty or putting letters in a field only intended for letters.
You can't fix lazy. Aside from SQL being a horrid mess of trash even today, most of these government agencies are running on databases created 30+ years ago.
It can not be fixed, not in a general sense. The problem is not the database itself, or even the access layer, but a problem of how data errors can creep in during the workflow. Unless you can lock down access to only be done through a strictly controlled application (so no API, and no web based interface, just direct desktop application), there are going to be places where inputs are being converted and changed, which introduces chances for 'make it safe' code to backfire and introduce a string where there should not be one. And once it is in the data flow, the DB has no way to distinguish an invalid null from a valid one.
@@nitehawk86 banking software is atrocious and outdated. The amount of security vulnerabilities are ridiculous. There was even a software that could only be interfaced with via internet explorer because it was programed for trident engine. I can guarantee that if some of that software got leaked to the major public it would be bad news for the entire banking community.
@@comic12558 not a joke, my real full name is 30 characters long, which back in early 2000s broke some character limits because some people who made programs for schools didn't think kids would have more than 3 names/words in their full names. In highschool there was even a kid with a 43 character fill name, which i believe was was 4 names/words and one combined name.
There actually is no easy fix. The tickets are printed and then scanned in again. So if you have the actual null value leave the physical ticket empty then you have no way of knowing if the ticket being empty was because of it being fed a null value or because of a printer error. They could of course have null values result in the printing of a non ASCII symbol, for example 💀but then they would need to update the detection software to support Unicode which would be a medium difficulty task, not easy.
@@fyz6034 funier... So, which language is that? I know it resembles English, but the spelling of that word in English , is "funnier". Since the op spelled all his words correctly ( Null means zzero in Norwegian too by the way ;) ), I must assume that, not only is your language low level, but it is lower level than the English you attempted using. Since all our languages has ancient roots, and since some of us still hold more true to the original source where words had a lot more meaning, and were far more complex than now, we must assume that our languages, that retain more of the original words, are of a superior, rather than inferior level, than the constructed languages ( like English), of modern times. Modern English is a language constructed to confuse and obfuscate, rather than enlighten and expand the users knowledge. null (adj.) "void of legal force, invalid," 1560s, from Middle French nul, from Latin nullus "not any, none," from ne- "not, no" (from PIE root *ne- "not") + illus "any," diminutive of unus "one" (from PIE root *oi-no- "one, unique").
Buddy, I like you, but it kind of feels like since you're doing stuff for nebula, the quality of your youtube videos is declining. In this specific case, it's very visible to me as a programmer, and apparently also to many other people complaining in the comments about the same thing. The fact that you glossed over the explanation of why NULL causes trouble is... fine, I guess? But the fact that you glossed over it by telling a wholly incorrect claim that databases and computer systems around the world can't distinguish between a string "NULL" and a literal value NULL (which is basically the same kind of difference as between the string "100" and literal number 100)... that was... well... bad.
Or as a translation to non-programmers. It's like saying it's impossible to distinguish between a Great Dane and a Chihuahua. Which, of course, isn't the case.
@@Arterexius that's a... weird simile. and incorrect. correct one (even though even weirder and forced) would be that it's like saying it's impossible to distinguish between a kennel containing a dog of a breed called No Dog, and a kennel in which there is no dog.
Yeah, he definitely should have explained that better. It is perfectly possible to distinguish null from “null”, but this mistake can happen in sloppy code.
@GunsOfThePhoenix Do you have a source for that? It sounds unrealistic as it doesn't even fit the Ukrainian number plate format AB1234CD (en.wikipedia.org/wiki/Vehicle_registration_plates_of_Ukraine)
0:46 "suggestions that you're a cop" I'm from New Zealand, but a friend of my parents has a license plate that is literally "IMACOP" (*His reason for the plate is because he drives a Holden Commodore which cops in our country use as cop cars*)
Another terrible potentially fatal mistake is putting a little trees air freshener in your car. Look up the video “this little tree air freshener is covering up something foul”
Just by the title I knew it Null is basically you saying to the database: you:hey database, this is what i want db: that's nothing you: no, it's a word db: no, it's nothing you: okay, I'll just put a string on the old plate then
@@TheAkashicTraveller oh god, I hate legacy typos. Especially if it's some ID (like this hypothetical one) I have to refer to in code, and then the typo propogates until there's dozens of usages and it never changes
inb4 everyone puts their name as "null" in the HAI suggestions form. But if you do, just make sure to include a quality topic suggestion along with that, because not only do these suggestions help fuel the channel, they also get you "the viewer" a free HAI t-shirt if we use your suggestion. Submit here: docs.google.com/forms/d/e/1FAIpQLSfUdlvw6YgU44J8AnM2U_ZvRMyvh_CUM51LYSqF5nYJB9d1-w/viewform?usp=sf_link
hi
Llun is Null but backwards
I predict that Sam will respond to this.
.
Email address *null@null.null
Name null
Suggested topic *null
Websites/articles to learn more about this topic null
You know ur database is bad when null (the value) is confused with "null" (the string).
lol if you could try using an escape sequence or comment that would be so much worse
But.... what about the bull ascii character? 🤔 0x00 vs not entering a value, may not not yield the same results.
I literally just started learning about databases in my coding school yesterday, and we already covered how to differentiate between a protected word like "null" or "sum" or "select" or anything like that, and the string version of that word smh
strictly speaking, "null (the value)" is a meaningless statement, since both the things we're talking about are values. a string is a type of value. you could say "null (the type)" and be correct for most languages
Exactly. The video is hugely false saying things wrong. A bad programmer wrote bad code. Databases don’t usually confuse these things at all. Nor does location come up as “null, null” from GPS or anything else. Only if you don’t know what you’re doing it may be converted to such thing.
"The requested human does not exist"
I want that line on my gravestone...
Lmao same
That was on my grandpas no joke lmao
Thats fucking genius
Not if I beat you to it.
Textbook Tunic5 👀
"There is no easy fix"
Yeah there is. Everytime this issue shows up it is a mistake. QA should always test true null input (i.e. nothing) and string null (i.e. the string literal "null"). They should never be confused unless you have impressively stupid type coercion or you are using query strings instead of parameterized queries, which is bad practice, as without proper sanitization you have security issues far larger than this one.
Or, use string literals, but make the string something that can never be on a plate - "NULLNULLNULLNULL" for example!
@@pitaya4151 No, the correct solution is definitely to have a strong type system. A lot of people are blaming the programmers / QA testers, but I don't know if that's really right if languages have such implicit type systems where you have to be on your toes all the time
Thinking of it, that would be a great way of doing SQL injection on police servers
@@pitaya4151 yeah, what could go wrong?
@@pitaya4151 What?
My brother told me of a co worker at his store named J B Jones. Literally that was his entire legal name. He needed to get a name tag and somehow the computer terminal submission form kept rejecting the single letters as valid names so he wrote J (only) B (only) on there thinking someone would figure it out.
Next week he received a name tag for Jonly Bonly Jones which he proudly wore. Somehow it messed up his payroll and he did not get paid for several weeks before they figured it all out. 😀
Jonly Bonly Bones is a hilarious ID lol. I used to know a kid just called H, pronounced “haich”. No idea what happened to him.
that's a Henry Cho joke... "Jonly Bonly from boldly go"
probably a common thing to happen
My Great great grandfathers name was JT. When he went to join the Army, they told him he needed a real name. He made up John Thomas on the spot.
Under federal law your employer is required to get you paid on time. At my last job I accidentally filled out my direct deposit info wrong. I didn't get my first check deposited. I went into work and was told payroll was in another state and I'd have to wait until the following payday. I stood right in the HR office and called an attorney. That attorney contacted my state attorniey general. A private courier brought me my check before noon the next day from half the country away.
"I bless the rains down in [NULL ISLAND]"
My stand 「Null Island」is undefeated!
Someone, get the anti weeb spray!
@@sandeater1133 Nah, too lazy being a resident of Null Island
I live in [redacted] road
How the fuck is this funny?
Oh right... We now laugh at stock images of chairs..
"there is no easy fix"
the fix is called not being lazy and actually treating literal string "null" as a literal string. this is the stuff they teach within the first month of a cs program.
And is a two second fix
Yeah, but you now need to fix that lazy mistake in... well, almost everywhere. Without bricking whatever systems are running on the code you are fixing. That's the tricky part, not "not making the mistake"
Just like the self retweeting tweet lol, lazy programming
Amen
@@samuelmellars7855 Or you could just, y'know, keep it in mind when building a database like any half-decent programmer, as opposed to fixing it with a bodge a decade or two down the line.
Always sanitise your inputs, people. *Especially* when dealing with SQL and/or PHP.
If your database can’t handle “null”, the string, you need to seriously reconsider your hiring choices. Like, sanitising inputs to prevent the string “null” from becoming null, is like, a must know for working on a database. Makes me laugh, thinking you could preform something like a SQL Injection, through something as silly as a license plate.
Sanitizing inputs is important, but it isn't even needed to prevent this sort of screw-up. In SQL, NULL is the value, "NULL" is the string, and they aren't equal. When searching for values, == "NULL" will find the string "NULL", while to find actual null values, you have to say IS NULL. I'm guessing what they've done is read a bunch of values, feed them through some processing that destroys the distinction between strings and null values, then scanned through it. The problem isn't something they've forgotten to do, it's something stupid they're adding.
@@joemck85 as it said before, they are filing everything the cops missed under something called "NULL". My guess is instead of actually assigning it a null value they made a fake registration called NULL for all their filing errors. Now instead of editing that fake registration's values, they were accidentally editing this real persons record.
just wait until they hear about bobby tables
They're probably still using COBOL...
Or, since somehow the only evidence we have is apparently that he went to talk shows and said this happened, he just lied because that doesn't make any sense. Even if there was a careless cast to string, I'm certain most languages, assuming they didn't just error, would turn a Null/None into an empty string ""
I knew a man who had “NO TAG” as his plates some 30years age. At that time Virginia Police used that phrase for ANY vehicle not displaying a valid state license plate. He as well changed it after receiving thousands of parking tickets and fines.
lol
That sounds like the man who got a "NO PLATE" set of plates. Story in my comment above.
Same with NA or N/A
@@RandyA7 You know that "NA" or "N/A" will be stored as a string and not a value, right?
@@MDFerriitbros a nerd 🤓
People with the surname "Null": *Exist*
Computer databases: I'm gonna pretend I didn't see that.
Off topic, but I really like your profile picture.
Imagine spawning at 0,0
You guys are wrong.
Variables are used.
So a String can hold anything, even null.
Just that unicode normaly is not supported.
Johnetta Erty morgana in this comment section, ** i never saw that comiiiiiing**
my science teachers last name is null🗿
The string "NULL" is distinct from the actual value "NULL" in any well-designed system. These are the consequence of poor design, not an innocent mistake.
Either that or some sort of sick prank.
In fact, it's the default in virtually every database and programming language. Someone would have to actively write code to treat them the same in any system I know of, even if the developer is incompetent enough to be creating SQL injections.
Just wait until you learn how many websites regularily fall victim to SQL Injections even though SQL has a command specifically dedicated to preventing that.
@@Chrischi3TutorialLPs I'm well aware of that, believe me. That, as well, is a consequence of poor design and/or dumbassery
"Coordinates 0,0"
Ah yes in the oldest anarchy server on minecraft
2B2T
THE OLDEST ANARCHY SERVER IN MINECRAFT
WHAT IF I TOLD YOU THAT ON THE OLDEST ANARCHY SERVER IN MINECRAFT
what if we are on the oldest anarchy server in minecraft 😳😳
fitMC will throw a fit over this comment
"You can't change your last name Mr. John Null."
"Why not?"
"I have to enter your current name before you can choose a new one."
"But it's Null."
"Sorry, my computer won't let me enter that. You can always try calling our central office. It's the one that puts you on hold for hours before randomly disconnecting."
Bruh I spent all day working on this name and all week getting the money for it, please let me change it! Null isn't the same as "null"
. Null is a value, "null" is a string! Lemme change it!
_"can't change because current name does not exist"_
Ah gotta love these errors only a computer can make. The fact they can't deal with paradoxa gives me confidence that us humans are still the masters.
Aah yeah, like most "help"desks nowadays!!
If your system confuses `null` and `"null"` it's pretty trash to be honest
It's good enough for government work though.
What else were you expecting.
You would be surprised. I see this all the time. Plus, there is a whole section of hacking devoted to text injection, where programs expect ordinary text, but actually get code that is tricked into running. Bad programming is the cause, and there is no easy fix for bad programmers.
if(value == null) then value = "NULL"; probably they did this LOL
ASCII 00 = null
This is an issue of not sanitizing input to a database which could open it up for other exploits such as SQL injection attacks.
@Jonathan Williams You mean corporate scumbags hiring interns to pocket all the profits they can to buy tenth Ferrari because morons like you bought 'gubmint is bad' propaganda and let the IT systems be outsourced to incompetent private parasites instead of having proper in house IT workers? Because it works in countries who actually let government to do it instead of drinking 1% kool aid that private is da best and it will trickle down...
Database programming 101: ALWAYS sanitize your inputs
Sanitizing inputs does not really help this class of problem. DBs can handle nulls. If the string 'null' is making its way it, that means something upstream in the workflow is sanitizing its inputs, maybe even passing through some intermediate format that doesn't have an explicit null. But by the time it is hitting the DB, it is already a string.
neeneko What he said
you dont want your inputs to catch COVID!
neeneko
That could potentially lead to problems down the road. Best to sanitise inputs/use whitelisting in line with best security practice.
Dear mister/miss HCl, thank you...
To be fair, the string value "NULL" and the *_actual real true_* NULL are two very different things. A well-built database and software can handle "NULL" just as fine as things like "1 = 1" or " ';--"
But that would imply competent programming and data management which is a fairy tale given the reality of software in the world.
The silver lining is at least we get videos with terrible jokes thanks to them !
agree mostly, but it's just lazy not to check the data type. ex: if you wanna be real lazy about it, if null: check data type.
What is it with 1=1
@@prithvirajb1953 destruction and death
came here to add this comment but, you were faster than me. null
"true NULL"
Whoa there! This got unnecessarily kinky quickly...
Why would a police database consider "null" the same thing as null...? Like, wtf?
@@mymo_in_Bb Yeah, but it's a police database, not your average shitty project that you do on your own and get bored of it in 2 weeks...
@@h-0058 When you get bored of a project after 2 weeks, then you've definitely done a wrong project ...
Government software is usually contracted out to cheap firms I believe
@@h-0058 Every government contract goes to the lowest bidder. Including that bridge you drive over to get to work every day.
Sleep well!
The question isn't so much _why,_ it's _how._
To my knowledge any database management program these days, be it Microsoft SQL, MySQL, Maria DB, etc., would treat the user input "Null" different from an actual Null, so seriously: *_HOW?_*
-programmer sees a "NULL" plate while driving
-brains: *null.pointer.exception*
-proceeds to crash into a tree
You'll be okay. Just don't de-reference it. Okay. Maybe dereference it. But definitely don't try to invoke it after you de-reference.
rip tree
@@steel.croissant yep
My Asian girlfriend must have ‘Null’ embedded in her eyes lol
@@maknyc1539 yeah lol
Great, now I HAVE to try it out.
@Not Bob watch me
Same
Voltaic had a good idea
Me too fellow commenter
No, don't do it!
Last name: Null
Computers: I have never met this man in my life
True
@@charleswesthoff5954 false, any well-built database/program can differenciate the string "Null" and the actual Null type, they just had shit devs
As a programmer myself, I can't imagine how one can write an application in such a stupid way that it doesn't distinguish a TEXT STRING with the value "NULL" from an actual NULL value. While it is relatively easy to mistake an EMPTY text string (one that does not contain any character) with the NULL value, as under some circumstances they can be both evaluated as "nothing", I can't imagine how one can mistake the "NULL" string, which consists of four characters and certainly doesn't look like an empty string, with the NULL value which is actually nothing and NEVER converts to the text "NULL".
I guess you haven't encountered Javascript implicit conversion. See, in their infinite genious, the developers of the language decided that it would be a *good* idea to automatically convert between textual strings and numbers, so if you, for instance, try to add the number 7 to the string "13", it will automatically convert the string to a number, add 7, and give you a final answer of 20. It can be supposed that this was convenient for developers of spreadsheet websites that would otherwise have to explicitly call a conversion method for every single binding, but this has nasty potential consequences.
The one relavent to the video is what happens if you try to use a NULL to look up an entry in a string dictionary, the interpreter will detect that there's a type mismatch and try to implicitly convert NULL to a string to match the types. This results in the NULL turning into the string "NULL", and if an entry in the dictionary happens to have "NULL" as its key, well, congratulations, you have reproduced the circumstances leading to the bug in the video.
Any software engineer who confuses a null (ASCII(0)) with an empty string needs to rethink their career choices.
That can happen when exporting data to a format which doesn't have an explicit NULL value (e.g. CSV), and then importing it again. Of course, it shouldn't happen if you are careful, but it can happen without actual ill intent.
Here's a simple answer for ya...
The software was most likely written in COBOL. :D
@The Mystic Savages
ORM-s are much slower than native SQL queries.
Requests for the “Null” license plate has increased dramatically.
Now, someone needs to put '
' as their license plate.
yEeT'; DROP ALL TABLES; --
CooCooWizard You say that as if that exact vulnerability isn’t all over the place...
@CooCooWizard Especially on government programs designed specifically for bureaucracy.
@@CoderShare Little table-yeeter, we call him
CooCooWizard honestly
seems more likely to break things than ‘null’ as a string, and null did break things
RUclips: Here's why you can't have NULL as a licence number.
Me who lives in a country where the plate format makes NULL impossible: Sure, why not.
the UK?
@@veryinactiveukmapping Most of the world, really. For example, the Russian license plates follow this pattern: 1 letter, 3 numbers, 2 letters. The city code is added at the end in the form of 2 slightly smaller numbers. While you can still pick the letters and numbers for your plate if you pay the price, you can't just use a word.
In my country it's SS xx ABC xxxx where ss is state code, xx two digit regn office code within the said state, ABC any no of alphabets in a sequence that increases after xxxx the 4 digit number reaches 9999 for eg: KA 56 AA 5623... And the only thing you can get is the last 4 nos that you can pre book before you register your vehicle. Once a registration is assigned, that vehicle carries it till it's end
@@veryinactiveukmapping Caribbean. It's different by island state but here it's PAA xxxx, where P represents the parish/function, AA is 1-2 optional letters added for larger parishes where there are not enough numbers for the population, or for extra function info (e.g. Z means "taxi", ZR means "route taxi"), then a 1 - 4 digit registration number.
e.g. O 357, MA 1027, XM 4
Pretty sure you can get it anywhere when you get a private plate, you can choose
Even better would a license plate saying
'); DROP TABLE *;
outplayed the mysql system
I prefer TRUNCATE TABLE. See then all the data is gone and they wont know right away. With DROP TABLE someone will know right away from query errors and they can run a quick backup :P
"Oh yes, little Bobby Tables we call him."
EXEC sp_MSForEachTable 'TRUNCATE TABLE ?'
@guilherme mauricio - thank you for the xkcd reference
_It might not be a vulnerability._ The dmv violation submitter might put the literal string "NULL" as a default plate# if the input is empty.
Literally anything is possible, considering *the system let them submit empty license plates for traffic violations* in the first place…
*Edit: When I say "submitter" I mean the machine that submits it to the database, sorry for any confusion on that.*
Most vulnerabilities are caused directly by human error (as opposed to software bugs). If you're training people to enter "NULL" for an empty plate# and then you allow someone to get a plate that says "NULL", then you have a problem. It may not be caused by the developers, but poorly trained employees (or bad business processes) are the most commonly exploited vulnerabilities. That's why phishing scams work.
The system should be flexible so you can enter whatever. You can exclude bad inputs by not letting people buy those plates and fining ones who have them, before taking them to court with a wad of traffic tickets thicker than a New York City phone book. This is much more efficient than trying to use some non-existent crystal ball wizardry to determine what stupid novelty plates someone will acquire 10-20 years down the road as part of a self-congratulatory TED talk or whatever.
@@atk05003 You don't train people to enter "NULL" for an empty plate. You leave the field empty. i.e. you don't type anything at all. It is a bug if the program confuses the two.
Alright furry.
Yooo LyricWulf! Funny seeing you here. I remember you from sheet music boss’s 1 million subscriber special
Was incredible
As a software developer, I would apologise but this is testing 101 nowadays.
Someone fucked up, and it made it's way from development to signoff without anyone checking.
null
' or 1=1 --
As a software developer, do you really thing the dmv pays a competitive wage or do they just get software developers who couldn't get a high paying job? Or if they use a third party company on a contract, do you think that third party is trying to make the most rock solid software, or just trying to finish it as quick as possible to move on to the next contract and make $$$?
Yeah I sorta hate the implication that this is a universal issue that hasn't been widely solved by sanitizing inputs, etc
These systems are very much legacy, though.
People now: Null is scary.
People before: What are you gonna do? Hack my free minecraft acount?
im not scared of any thing but null that scares me
@Shakhbulat Gazgireev yes, just because you don't get it doesn't mean it isn't a joke.
Good times.
null the Minecraft creepypasta: allow me to introduce myself
@Shakhbulat Gazgireev so you're familiar with the subject matter then? Do you know what the concept of an inside joke is? Even if it's a large scale one, if you don't get the subject matter, you won't find it funny
null is not the same as "null"
null is a value, "null" is a string
you're wrong, "null" is a value, null isnt ...
knowledge throws nullpointer
:D
They're both values, just of different types, depending on the language, null can be untyped (like in C#), a special type (like in JS), or just a special value (like in C). Whereas "null" is of some string type.
Null is a data type of NULL and "null" is a data type of string :P They are both values.
i am but null as a human
@@Aidiakapi "null" is a string of values, hence the name string. it's more than one value, which can itself contain a null value or use null as the ending marker.
*Simple: differentiate “null” and null value.*
I see you're not a programmer, then.
"null" = string
null = Null
If you all using c++ don't use null as a pointer
permanent and can't be changed later The comma placement in your comment really pisses me off.
@@raptorm8242 bruh, moment
@@Monk-E But that would ruin the lives of atleast hundreds of extra megabytes
"no easy fix"
NULL
"NULL"
Tadaaa.. Who is going to wire me millions of dollars now?
✌Null✌
@@alessandrohidalgo25 I was too, one means it is undefined while the other is the string "null".
What are they storing these names in? If it's anything other than a String or char array, then there are more underlying problems than simply mishandling null.
It's amazing how many bad programmers there are out there
Still not easy to change each and every system out there. Many database systems out there are old. I mean, ooooooold. At least over here where I live.
People who didn't even pass basic programming 101 getting jobs to code entire police databases meanwhile I'm out working minimum wage as an intern doing mundane tasks with a college degree and years of crippling debt.
Economic efficiency at its finest.
@Cant think of a name Well in Switzerland you get a start wage of 9,5k CHF as a web dev
Tell me about it. I once tried to get a minimum wage job at kohls. I was told I couldn't have it because I had no BS degree. Meanwhile, the greeter literally can't talk, the sales person is making everyone mad, and the cashier is literally yelling, "I CAN HELP YOU OVER HERE!" to literally no one.
Once I accidentally agreed to an interview at a gas station. I wasn't interested in the job, so I basically did the opposite of what they teach you to do in an interview. I was hired on the spot!
The truth is, companies don't want to hire smart people. They want to hire dum people.
@@wandererreece9540 that's literally the plot of Ted.
Don't make yourself a victim to this world. There's a reason that some people are successful and some aren't, and it isn't how well you can follow orders 😉
And for that matter, the countless SQL Injections that still happen every year even though SQL comes with a command built specifically to make those ineffective.
Thanks Sam! This actually seriously helped. I nearly did it and couldve been cost thousands! I'll choose NaN now after my grand mother!
This joke is underrated as hell.
"There is no easy fix" As if database engineers haven't been sanitising inputs since injection was discovered
Yeah but then there's people that code in php...
*As if database engineers haven't been told to sanitise inputs since injection was discovered
ikr, had they sanitized the input data, this wouldn't have happened, It's so sad that the world is full of stupid people. real engineers know how to use nulls in their code.
If you hook your database straight to the inter webs without anything in between... that’s a problem already.
"Ah, yes, we call him little Bobby Drop Tables."
That is such a wonderful comic.
Actually, as useful as that comic is, the code that allows those injections wouldn't cause this behavior.
I bet Bobby Tables' mother has that Null license plate as well.
There's a pretty big difference between writing "6E 75 6C 6C" in your database than to write "00" in your database
javascript.
00 is a valid string. You need to record the difference in *type*.
There goes my plans to change my name to null
was Ur name null before or u change it?
@@Prajwal.K ???
Prajwal Kumar ?????
It'd be better than that absolute disaster you have right now
Prajwal Kumar ???????
I guess this explains how the character "Null" came to be in No Mans Sky.
A comment about no man's sky was the last thing I expected to see here and that's why I love it
Blue_ JayC Frl you know how much I had to hyperjump to look for shit
@fireballdick I don't know about him, but I once found a system made entirely out of pink temperate planets. water was pink, clouds and sky were pink, the grass was either blue or green, but the majority was ocean anyways.
@Austin David Holy shit, I never even realized that!
MusicalSpoon Bro that literally sounds like the perfect system. Blue grass planets ftw
When you name your son "Robert'); Drop TABLE Students;--"
xkcd moment
little Bobby Tables, we call him
He's going to grow up to destroy great things.
Omg
ruclips.net/video/nXrvWCkgVdA/видео.html
I was talking to my coworker today about that comic
I recall reading a news article some years ago about someone who had the one-digit vanity license plate "0" in Illinois, which law enforcement from around the state (not thinking it could be a real plate) had routinely used as a dummy plate when testing systems. As I recall, the actual owner lived in Chicago and found out about the problem when his car was booted for tens of thousands of dollars in unpaid citations (which obviously weren't his).
That a street cop doesn't know one doesn't test systems in the production database I can understand, but the developers of said systems should know this and make sure proper checks are in place to prevent this from happening.
In my company someone did this by accident once and the amount of paperwork we had to fill in and the checks we had to put in place were insane.
Me, a Computer Science student clicking on this video: *oh no*
Same
Dominic64 TBLightning get a load of this guy
HAI: NULL breaks everything
All programmer and database admin: Badly managed DB or bad code.
Default option:
A third-world country where they won't pay their programmers enough.
@@bbunk22 comparing his plate, 'null', to null, and returning equal is bad code
Some wannabe tough guy: "Don't mess with me, I'm pretty good in a fight"
Some dude whose last name is Null: "oh yeah? My very existence destroys every database known to man."
He is the chosen one
@Haley Fucking Halcyon - Gaming Channel 90% databases known to man
*every database constructed by a mentally challenged 5 year old who knows literally nothing about computers
Interesting that you can’t put “Samsucks” but I’ve literally seen a “cops suck” plate, it was over 10 years ago, but I remember it strikingly because of how dumb of an idea for a plate it was
lol!
The best thing about this story is the thought that because of that anti cop plate, the cops won't be all that nice to him, which reinforces his anti cop attitude with each traffic stop! 🤣
@@LRM12o8 Time to get a pro-cop license plate
Cops do suck though
I like how the video shifted from a romantic gift to a bouy in the ocean.
Why the hell would null map to the string “null” and vis versa? This makes little to no sense and whoever programmed this wasn’t thinking straight.
They probably programmed it in a way that if no license plate was found, it automatically put the string "NULL" to fill the void.
Paskky Pask which is a horrible idea, considering people could choose that name
Type conversions most likely.
@@JJCUBER But it's way more understandeable than just randomly casting null to a string.
this is so batshit i can only assume it's somehow php's fault.
“You should learn to sanitize your database inputs.”
Read xkcd’s “Exploits of a Mom”.
😂
Oh, little Bobby Tables
In another state (I forget which)some had '0000000' as their license plate number and that's their unknown plate default and this person also had tens of thousands of dollars in fines.
I know how to configure my database to not confuse "null" the string with null the empty value in my freshman year in college for computer science :/
good
I mean, in MSSQL you literally cannot use "null" as null the value. You need to use == "null" as a comparator for the string and is null as a comparator for the value.
My guess is that the reason this happened in that the police database was defaulting to putting in "null" as a string as something the programmers added intentionally as a placeholder when the license plate was unknown.
The only thing that makes sense to me is if there's a step in-between (like in javascript or something) that is blindly coercing the result to a string and then using it in subsequent queries. Nit: Also, "null" would be an object name in most DBs, like `select null from "null" where "null" = 'null'`
R enters the chat:
> null null+null
[1] 10
R is stupid
@@joshua43214 R's null is NULL so...
and you definitely can't NULL
Fun fact: Illinois apparently doesn't ban Russian curse words on vanity plates. I used to have a neighbor who had "Blyat" as his plate and no one seemed to know what that word meant.
That's the only good thing about Illinois tbh
"Cyka Blyat" is the Russian god of bad driving. The Russians invoke her name every time they have a crash. ;)
ruclips.net/video/Qb3DkYZvzjU/видео.html
@@melkiorwiseman5234 that is... oddly specific.
@@fordprefect1587 Just in case you (or anyone else) doesn't get it, it's a joke.
A rough (very) translation of Cyka Blyat is actually closer to "dirty whore" (putting it politely).
To be fair it's just laziness from the developpers.
"NULL", "Null" or "null" as caracter chains (or strings) are not the same as the NULL marker of databases.
Even the C from the late 70's knows how to manage strings and markers.
Yes of course. That's a given... Kinda the whole premise of the story
You're assuming the database was the issue and not cops manually (or their software automatically) entering "Null" as the license plate string into the database.
@@NathanVoge none of what I said fault the database tho?
Everything I said put blame on lazy devs, being the ones in charge of the DB or the application. And it's more likely the app team's fault.
Even if a DB isn't made to support null fields you can work around it just fine and still avoid problems like that.
Yeah any system that falls prey to this error is just poorly designed. It's not difficult to avoid. That said, it doesn't surprise me that there's poorly written code doing this in plenty of places.
A lot of scripting languages don't... And you don't know what the police's system runs on.
There's an identical story to this where the plate was "No Tag" so every time there was a car parked with no plates the cop wrote no tag on the ticket
My mom named me ";DROP TABLE Students"
i've been having so much trouble getting a school to accept me into their program :(
Things may brighten up for you, Bobby.
Haha
Im confused
That's an xkcd
@@TheMinecraftMan757 Yeah, when they learn to sanatize their damn database inputs!
Fun fact: Null is also a german word and means zero.
Der Grund warum ich das Video angeklickt habe. 😂
only a millenial wouldnt know that.
Random Vids it’s also zero in dutch
Das Raddiche and people that don’t speak German
In American English, we use "null" to mean a piece of data that doesn't exist rather than a value of zero.
“They run the risk of breaking every modern database”
No they don’t
Correct. Idiot is just quoting an urban legend, possibly based on a real case which I outlined in my comment.
Remember Y2-K? Yeah. Me neither.
Hacking without hacking
@@jonathanzimmer8143 , Y2K, yeah I remember. We weren't sure what would happen. And I had to update firmware on some computers to prevent the otherwise inevitable problem.
@@NickRoman The money to solve the problem wasn't wasted, because the computers would have to be updated anyway. Fire insurance is not a waste of money just because your house didn't burn down.
I've worked on software that handles and issues license plates in Tennessee, so I have some insight into how this might happen.
These days clerk's offices are using web apps on county and state intranets built to purpose. These use browsers, and the datatype of all inputs from a browser is a string. So what you have is a programmer who made a wrong assumption about people choosing the word "null" as a vanity plate name - or rather they likely didn't give it any thought until the bug came up.
I had a similar snafu crop up where I was working where the original programming team assumed no 2 plates could ever have the same value. A reasonable assumption until someone let a vanity plate expire, then successfully appealed to the state to have the name opened back up for them for the second plate from 2 years ago. Our system wasn't having any part of it - until I backdoored the system and deleted the original expired plate because I didn't have the time to do a proper fix of altering the system to use a true primary key on auto-increment as it should have been doing in the first place. Besides, I was only altering the county's local copy of the record - the state official record still had the original expired plate's existence on file in the unlikely event anyone ever needs to know about it.
That is the longest way of saying "javascript" I've ever seen.
Programmers be clicking on this like "oh no i know exactly what happened here"
How did you know, like this was exactly what i tought
I don't get it though. Why is the Californian police DB storing "null" as a string, a string that can be matched against the plate "null"? Couldn't they use something like "PLATE-NA" - that is 8 characters, so that means it will never be a valid plate in the entire state (with the limit being 7). Or even better, just have the word null multiple times, as in "NULL-NULL-NULL-NULL"?
Good 'ol Bobby Tables.
reddit
@@CodeKujo what
Wendover: Says "days" when it's really years
Confirmed- Sam runs AliExpress shipping
shh
@@halfasinteresting null
@@halfasinteresting null
@@andrade4630 null
Null is the new lol 😆
The fines should not be his liability. Police officers should be diligent & note down the numberplate.
ccityplanner12 : The government doesn’t care. More money for them.
@@odysseyguyperson something like that won't be done because null is a wide spread programming convention. Their database is just poorly written when 'null' can be confused with ' "null" '.
DuesenJeff ok.
@@petersansgaming8783 Which shouldn't happen, period.
Police officers are only humans too. Their database system needs the fixing.
This happens to Ms. True where she can't access her apple account due to her last name.
Good morning, yes, I'd like to request the droptables license plate.
Why would I like that license plate?
It was... Umm... My grandfather's nickname, yes, Bob Droptables...
When he was younger, they would call him "little Bobby tables"
@Gustav 123 @Gustav 123 DROP [database name] is used to delete a database.
Ah, xkcd :)
But “Null” and dbnull.value are completely different things. Someone isn’t sanitizing their queries.
The problem (not for maps or automated contact systems, but for license plate issues) is not that they are confusing the two. The problem is that it would be manually written in as "NULL". And because of how the process is simplified, not even a car make and model os verified against the system's database (done for a variety of reasons), meaning every time a PO would write "NULL", then it would be redirected to the existing plate with that name, meaning it was redirected to the guy who thought it would be smart to try and use that license plate name.
This comment's section is full of people assuming the database is holding 0=value:null="NULL" to be a true statement or something similar. When all it is doing, because of how it gets input, is going "NULL"="NULL".
Ecamiran you clearly understand this more than me
@@ecamiran4004 I must say I didn't consider that. I was likewise confused that it must be a pretty poorly written piece of software to convert "Null" to the SQL representation of a null value.Thank you for pointing out a much more logical reason this would be difficult to fix. Cheers to you!
.
@@ecamiran4004 I was confused why everyone was talking about programming.
Ima call my son “Charlie DROP TABLE users;” and watch the havoc unfold.
@Gustav 123 DROP [database name] is used to delete a database.
Usually its used for deleting database on server by using the vulnerability on some SQL databases (the newest version has a patch to prevent this)
2012 called.
It wants bobby-tables.com back
You forgot two important details... What you mean to input into the user field is " Charlie' union drop table users /* "
@@Zantreful Union is used to fuse the output of two Select Statements together. Correct me if I'm wrong, but you should replace Union with ;
Imagine the reactions when first registering that at the national registry - it'd be the bureaucratic equivalent of a blue shell
I heard about someone doing something similar with their license plate but theirs was “NO TAGS.”
So let’s say that someone called “Noah Body” punches you at school. Then when you have to tell who punched you, you say “Noah Body” but it sounds like “nobody”, so Noah Body gets off scott free for punching you. ^ the whole video in a nutshell
You could have just used the Cyclops bit from the odessy... That's where this comes from..
Uh huh...
Octogon Smuggler That’s exactly what I was thinking lmao
Octogon Smuggler that’s what I was going at. In English I had to read up on the Epic poems by Homer and this was one of the short stories within. Poor guy got blinded as a result :(
Or that's what Joseph Tartaro expected, but rather anytime nobody knew who punched someone, it got tracked to him. So he gets charged for punching several people.
And that's why my license plate reads "ILUVHAX'); DROP TABLE tag;--"
Gottem
the ol' bobby tables
A fellow man of culture I see
^ xkcd in question xkcd.com/327/
What would that function do?
You can't choose null as yours.
Me, a bigbrain: uses i's instead of L's
Nuii
NuII
Fun fact. They don't let you do that. If there's a plate NULL you can't to NUII or NUIL. Or other things that replace it. So if PENIS is taken which it never can be, you can't take P3N1S
NuII
Its NULL, not Null. License plates are always capitalized.
I had “OMYPUSE” as plates in Dallas TX for years until they caught on what it sounds like when pronounced.
They have less of a sense of humour than the British. Something like that has been a joke ever since Mrs Slocum from the Are You Being Served series.
I remember when “Null” used to be a Minecraft creepy-pasta. It was like Herobrine, because people did sighting videos about it.
Me too
wasnt it alongcamejosh who made the thing?
lmao they're seeing nothing
"Breaking news: florida man hacks police database using his license plate"
That *Florida man* makes it alot better
Guy on roblox: types null
Roblox chat filter: *this user has said a word that to our archives does not exist*
Zap Zack Your English is Null
@@teonyi I don't see anything wrong there. It has some missing punctuation, I guess, but I assume that's not the issue.
They use Nil
Roblox chat filter ##### so ###
null
This is why it's very important to distinguish strings and senselessly labelled values such as true, false, null and undefined. In fact, as I was typing this, I just put quote marks around them to label them, and then I realised they were strings and removed them. Be careful out there, programmers
So I went to 0,0 on google maps after watching this and there’s a ton of those little blue dots where you should be able to have street view but there’s nothing there, I assume the pictures were submitted without coordinates so thank you for showing me another useless piece of interesting information
Editor: so how many stock images do you want
HaI: yes
I’m going to use “Anthony Null” for every singe website I sign up for now 😅
You should legally name yourself Null Null.
or Null Void
8legs Void Null is better, since Void means “nothing”, and some BAD databases can confuse “Void Null” for “a variable of type Void named Null”; this may or may not crash the program
I'm making my license plate "your" because I think it would be funny.
How so?
Ahh, my neighbor has the license plate of "sux2beu"
0:40
My buddy had a plate that said X35 L4R0 for several years...
soo i could, technically make my license plate "yeet"?
That's just asking to drive your car off a bridge or something
Annabelle Harvey if you want to get rammed off the road
You’re gonna get flipped off
Noou
I feel like issues like this should've been fixed long ago
They should - This is programming 101. Unit testing against the most common and obvious mistakes. Like leaving an entry field empty or putting letters in a field only intended for letters.
You can't fix lazy. Aside from SQL being a horrid mess of trash even today, most of these government agencies are running on databases created 30+ years ago.
I was fixing Y2K bugs in banking software in 2005, so... yeah...
It can not be fixed, not in a general sense. The problem is not the database itself, or even the access layer, but a problem of how data errors can creep in during the workflow. Unless you can lock down access to only be done through a strictly controlled application (so no API, and no web based interface, just direct desktop application), there are going to be places where inputs are being converted and changed, which introduces chances for 'make it safe' code to backfire and introduce a string where there should not be one. And once it is in the data flow, the DB has no way to distinguish an invalid null from a valid one.
@@nitehawk86 banking software is atrocious and outdated. The amount of security vulnerabilities are ridiculous. There was even a software that could only be interfaced with via internet explorer because it was programed for trident engine. I can guarantee that if some of that software got leaked to the major public it would be bad news for the entire banking community.
the matpatify extension made the perfect text (who's the killer) with GTLIVE on the opposite side of the HAI logo
Instead of using "Null", modern databases should use "Crazy Chicken Maze Express III: Horny Edition Super"
Ummmmmm, Ok
Gonna change my name to that
+El Lapras It's been four days
Or just have a separate PlateExists flag for the ticketing software
@@1sdani my REAL name i mean
Saw a plate with "oh ffs" thought it was pretty clever.
People with null in there names: break databases
Me with my long full name: breaks school computer system due to a character limit.
Waittt is this a joke orrrr
@@comic12558 not a joke, my real full name is 30 characters long, which back in early 2000s broke some character limits because some people who made programs for schools didn't think kids would have more than 3 names/words in their full names. In highschool there was even a kid with a 43 character fill name, which i believe was was 4 names/words and one combined name.
@@LukiSurkraBlade Would you mind telling your full name?
@@LukiSurkraBlade just marking my spot here
my full name is not on my medical insurance for that reason
Imagine trying to break the system and getting mad when you break the system.
5:30
Voice-over: "Final Days"
Screen: *"Final Years"*
vsauce: *heavy breathing*
Or is it?
Last time I was this early, Sam wasn’t obsessed with planes.
That's a lie, he's always been up for planes
Sam: “There is no easy fix.”
literally everyone who knows one (1) thing about computers: “If you’re *_STUPID.”_*
There actually is no easy fix.
The tickets are printed and then scanned in again. So if you have the actual null value leave the physical ticket empty then you have no way of knowing if the ticket being empty was because of it being fed a null value or because of a printer error.
They could of course have null values result in the printing of a non ASCII symbol, for example 💀but then they would need to update the detection software to support Unicode which would be a medium difficulty task, not easy.
Narrator: "The Final Days of Majuro"
Text on Screen: "The Final Years of Majuro"
Ah, so I've slipped into an alternate dimension.
The final days are at the end of the final years!
Damn time travellers
Fun fact: Null is number 0 in Estonian.
funier fact: null is equal to zero in lower level languages
@@fyz6034 funier... So, which language is that? I know it resembles English, but the spelling of that word in English , is "funnier".
Since the op spelled all his words correctly ( Null means zzero in Norwegian too by the way ;) ), I must assume that, not only is your language low level, but it is lower level than the English you attempted using.
Since all our languages has ancient roots, and since some of us still hold more true to the original source where words had a lot more meaning, and were far more complex than now, we must assume that our languages, that retain more of the original words, are of a superior, rather than inferior level, than the constructed languages ( like English), of modern times.
Modern English is a language constructed to confuse and obfuscate, rather than enlighten and expand the users knowledge.
null (adj.)
"void of legal force, invalid," 1560s, from Middle French nul, from Latin nullus "not any, none," from ne- "not, no" (from PIE root *ne- "not") + illus "any," diminutive of unus "one" (from PIE root *oi-no- "one, unique").
Same in Dutch, except it's "nul".
German too
In C++ NULL is defined as 0.
Buddy, I like you, but it kind of feels like since you're doing stuff for nebula, the quality of your youtube videos is declining. In this specific case, it's very visible to me as a programmer, and apparently also to many other people complaining in the comments about the same thing. The fact that you glossed over the explanation of why NULL causes trouble is... fine, I guess? But the fact that you glossed over it by telling a wholly incorrect claim that databases and computer systems around the world can't distinguish between a string "NULL" and a literal value NULL (which is basically the same kind of difference as between the string "100" and literal number 100)... that was... well... bad.
Or as a translation to non-programmers. It's like saying it's impossible to distinguish between a Great Dane and a Chihuahua. Which, of course, isn't the case.
Im only a week into my programming course but i actually understand this.
@@Arterexius that's a... weird simile.
and incorrect. correct one (even though even weirder and forced) would be that it's like saying it's impossible to distinguish between a kennel containing a dog of a breed called No Dog, and a kennel in which there is no dog.
Yeah, he definitely should have explained that better. It is perfectly possible to distinguish null from “null”, but this mistake can happen in sloppy code.
Just like with millennium error. Everyone was afraid of falling planes at 00:00 of 2000/01/01
1:27 Love how in the background stock video our G-Man is dealing with a screen he mistakenly thinks is touch-enabled.
Next video: Someone names their license plate "drop table LicensePlates"
my next licence plate: ; "DROP * FROM *"
@GunsOfThePhoenix They needed a fix?!
well nuking everything after someone ran one stop...probably something like: you. are. so. fired! LOL
yeah I think they like crack. :P
@GunsOfThePhoenix Do you have a source for that? It sounds unrealistic as it doesn't even fit the Ukrainian number plate format AB1234CD (en.wikipedia.org/wiki/Vehicle_registration_plates_of_Ukraine)
Is this a "Timmy ;; drop tables" thing? Like from XKCD.
EDIT - Yes, yes it is
How long can numberplates be again...?
0:46 "suggestions that you're a cop"
I'm from New Zealand, but a friend of my parents has a license plate that is literally "IMACOP"
(*His reason for the plate is because he drives a Holden Commodore which cops in our country use as cop cars*)
Another terrible potentially fatal mistake is putting a little trees air freshener in your car. Look up the video “this little tree air freshener is covering up something foul”
Coconut
A cluster of pine tree air fresheners is called a Felony Forest by police
Just by the title I knew it
Null is basically you saying to the database:
you:hey database, this is what i want
db: that's nothing
you: no, it's a word
db: no, it's nothing
you: okay, I'll just put a string on the old plate then
VinnT- -TnniV it's because of shitty code. My discord bots can easily tell the difference between python "None" and " 'None' "
where licence_pate='NULL'
- will return his licence plate
where licence_plate is null
- will return empty licence plates.
SQL and i fixed it
except for the typo in the first line, this indeed would work.
@UCK1YrLTWBZ1_pQexyAgCVIA Don't worry that's a legacy typo made when the database was first made.
@@TheAkashicTraveller oh god, I hate legacy typos. Especially if it's some ID (like this hypothetical one) I have to refer to in code, and then the typo propogates until there's dozens of usages and it never changes
My license plate is " DROP TABLES *