CodeSOD: Image Uploading |
The startup life is difficult, at the best of times. It's extra hard when the startup's entire bundle of C-level executives are seniors in college. For the company Aniket Bhattacharyea worked for, they had a product, they had a plan, and they had funding from a Venture Capitalist. More than funding, the VC had their own irons in the fire, and they'd toss subcontracting work to Aniket's startup. It kept the lights on, but it also ate up their capacity to progress the startup's product.
One day, the VC had a new product to launch: a children's clothing store. The minimum viable product, in this case, was just a Magento demo with a Vue Storefront front-end. Strict tutorial-mode stuff, which the VC planned to present to stakeholders as an example of what their product could be.
Everything was going fine until five minutes before the demo. The VC discovered a show-stopping problem: "The storefront is showing obscene images!"
The "obscene" pictures were just photographs of female models, typical for a clothing storefront. But since this was a children's store, the VC was in a panic. "I can't demo this to other investors!"
Setting aside the problems of why the VC hadn't noticed this more than five minutes before, Aniket was given his mission: take a pile of replacement images and upload them to the server.
Well, with the configuration the server had, there was no way to upload images through the UI. Aniket could SSH in, but that presented a new problem: he didn't have write access to the directory where the files lived.
While Aniket tried to make a plan of how to fix this, his phone blew up with texts from both the VC and from the CEO of Aniket's startup. "What's the status?" "What's the ETA?" "You need to go faster."
Aniket couldn't overwrite the images, but he did have access to some commands via sudo, specifically managing Nginx. And that gave Aniket an idea.
All the images served by the storefront lived under the url /images. Aniket wrote an Nginx rule to redirect /images to port 8000, dropped the new images in a directory that he did have write access to, and then ran python -m http.server 8000 to launch a webserver hosting the files in that directory on port 8000.
The VC got to start their demo on time. Aniket closed his laptop and texted his CEO. "I've done the job, but my laptop is now broken. I'm going to take it in for repair." Aniket then went out for a much needed walk and took the rest of the afternoon off.
[Advertisement]
Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!
|
Метки: CodeSOD |
CodeSOD: Junior Reordering |
"When inventory drops below the re-order level, we automatically order more," was how the product owner described the requirement to the junior developer. The junior toddled off to work, made their changes. They were not, however, given sufficient supervision, any additional guidance, or any code-reviews.
Dan found this in production:
let item = backend.fetchItem(itemId);
if (item.quantityOnHand <= item.reorderLevel) {
//automatic re-order
item.quantityOnHand++;
}
else {
item.quantityOnHand--;
}
backend.updateItem(item);
As you might imagine, "ordering refills" is slightly more complicated than "just alter the inventory quantity". This code didn't work. It should never have gotten released. And it's definitely not the junior developer's fault.
[Advertisement]
Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!
|
Метки: CodeSOD |
The Contract Access Upgrade |
Microsoft Access represents an "attractive nuisance". It's a powerful database and application development platform designed to enable end users to manage their own data. Empowering users is, in principle, good. But the negative side effect is that you get people who aren't application developers developing applications, which inevitably become business critical.
A small company developed an Access Database thirty years ago. It grew, it mutated, it got ported from each Access version to the next. Its tendrils extended outwards, taking over more and more of the business's processes. The ability to maintain and modify the database decayed, updates and bugfixes got slower to make, the whole system got slower. But it limped along roughly at the speed the business required… and then Larry, the user who developed, retired.
And that's where Henrietta comes in. She was hired on contract to take this ancient, crufty, Access database and reimplement it in C#, with a WPF front end (because "web application" sounded too scary a shift), with a SQL Server backend. The project was already in-flight, under the sober guidance of internal developers who had analyzed the Access database in detail.
There was already a source control server set up- an SVN server. Henrietta found that odd, but odder still was the change history: 100,000 commits from fewer than 20 developers, in only six years. Now, that's not ridiculous- but it's a steady cadence of two commits per developer per day, including weekends and holidays.
There was, fortunately, a lot of documentation. None of it was about the code, but instead about the organization. Who works for who, when a given management position was created, how long someone had been in that position. Nothing about the software internals. Definitely nothing about the custom UI framework someone had bolted on top of WPF.
When Henrietta noticed she couldn't find documentation about coding standards, or code review processes, she went to one of the other developers and asked: "What's our coding standard? And how do we handle code reviews?"
"Our whats? I don't know what those are."
Well, Henrietta finished up her first ticket, had her commit, and then did what all the other developers did: committed it right into the trunk of the repository.
Now, that was her first commit, and it was a training commit: she just needed to add some validation to the UI to make sure it didn't allow empty form fields. With that under her belt, her boss assigned her a new, more complex task. It needed her to make changes in the database, add new workflows to the application, a few screens, and so on.
"So," she asked, "is there a spec for this somewhere?"
"Oh," her boss said, "we don't write specs before we develop. Develop the feature and then write specs to describe its behavior."
Well, Henrietta didn't like to work that way, so she started by drawing mockups in a diagramming tool. This, as it turned out, was completely new to the organization. No one had ever done a screen mock up before. The handful of diagrams that did exist all were drawn with the same tool: Microsoft Paint.
Once Henrietta had decided what her feature was going to look like, she made a feature branch to start her work- and discovered that the way the application was architected, you couldn't conveniently develop in a local branch. In fact, you couldn't even get it to easily point at a development database. Everything had to go through trunk and get pushed to a dev server for testing- one dev server which all the developers had to share.
When Henrietta's code didn't work, she found out why: there was a "convenience library" developed by her boss that contained critical functionality for the application. If you didn't call certain methods in that library, the application wouldn't work. These methods were undocumented, and also, no one knew where the code lived. They only used the binary, compiled version of the library.
Once Henrietta had reshaped her code around the arcane bondage that the library demanded of her, she had reached the point where she didn't understand her own code anymore. Before she can get into the work of testing the code, a new issue rises to the top of the priority list and she's told to stop what she's doing and tackle that.
This was meant to integrate into a 3rd party SOAP-based web service. It transports sensitive data… over HTTP. There's no encryption at all. The WSDL file contains overlapping definitions of two different versions of the API, and the contradictions mean it's possible and easy to send malformed requests with unpredictable behavior. And when it does catch an error, it simply responds with "Error".
At this point, months had passed. So it was time for the organization to change their tooling. Everyone was commanded to update to the newest version of .NET Core, a new version of the IDE, and now a new code review tool. Crucible was rolled out with no instructions or guidance, and developers were expected to just start using it.
This delayed Henrietta's work on the 3rd party interface, so she went back to the complex feature with database changes. She discovered there are no foreign keys. Also, because there weren't any foreign keys, the data can't have foreign keys added, because the columns that should enforce referential integrity don't match up correctly.
Meanwhile, the Project Owner, frustrated by the slow development progress, started writing code themselves. They used the wrong set of project files, pushed it directly to a customer, and caused multiple crashes and downtime for that customer.
Back to the database, Henrietta discovered that there's really no abstraction around it, implementation details of the database have to be reimplemented into the UI. She built a UI control that encapsulated at least some of that functionality, and added it to the global UI library. Her boss noticed that change, and told her, "no, that's specific to your module, put it in a local library." Her boss's boss noticed that change, and said, "that UI control is very useful, put it in the global library."
Neither boss could agree on the correct location for it, so as a compromise, they created a new "global" library for "accessory controls".
Frustrated by all of this, Henrietta decided that she should try and get a local development environment set up. She ended up spending a few days on this, only to discover that certain stored procedures call out to other databases via hard-coded connection strings, and if she tried to run a local copy she'd simply start mangling data in other, production databases. Her boss noticed her spending time on this, and complained that she was wasting her time.
When Henrietta finally finished her big feature, she deployed it to the test environment. It blew up, but for reasons she could easily understand, and it only took a few days to fix it. The customer tested the feature, and it wasn't what they thought it was going to be. Once they understood the requirements, which weren't their original requirements, they were happy with the feature, but wished they'd gotten the feature they asked for. With this sign off, the Henrietta pushed the change to production, manually (because why would you automate deployments?). The customer's application immediately crashed because their database was incompatible with the current version of the code. There was, of course, no rollback procedure, so Henrietta was expected to spend a weekend combing through the customer's database to figure out which field contained a value that crashed the application.
After that, frustrated, Henrietta went to her boss. "Why are we doing things this way? We're spinning our wheels and making no progress because we have no process, no organization, and everything we do is fragile and we're not doing anything to fix the fundamental problems."
"That's the way we do it," her boss said. "Stop asking questions about everything, don't question anything, we're not going to change that. Just do your work or find a new job."
Henrietta took that advice to heart, and found a new job. All in all, she spent 8 months fighting her way upstream against a river of crap. It wasn't worth it.
[Advertisement]
Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!
https://thedailywtf.com/articles/the-contract-access-upgrade
|
Метки: Feature Articles |
CodeSOD: A Sniff |
In November of 2020, the last IE release happened, and on June 15th of this year, the desktop app officially lost support on Windows 10. But IE never truly dies.
Eleanor inherited a web application for a news service. And, you won't be shocked that it's still doing user-agent sniffing to identify the browser. That's just plain bad, but by the standards of user-agent sniffing, it's not terrible code.
function isIE() {
var myNav = navigator.userAgent.toLowerCase();
return (myNav.indexOf('msie') != -1) ? parseInt(myNav.split('msie')[1]) : false;
}
If it contains msie, split on that and assume the bit which follows is only the version number. Return the version number, or return false if it's not Internet Explorer.
Now, this method contains an annoying abuse of JavaScript that's common: sometimes this method returns a number, sometimes it returns false. Because of that, it needs to be called like this:
if (isIE() && isIE() <= 10) {
alert("The browser you are using is too old and not supported anymore. Please get a newer one.");
}
At first glance, you might think, couldn't I just do isIE() <= 10? Why use the initial && at all? And it's because of JavaScript's type coercion: false <= 10 is true.
Now, in fairness, false being roughly equivalent to zero is not an uncommon feature in languages, but the result here is just an annoying call that has to do the same string mangling twice because nobody thought through what the purpose of the function actually was. Then again, the whole function shouldn't be there, because it's 2022 and there's simply no excuse for this user-agent sniffing game.
[Advertisement]
Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.
|
Метки: CodeSOD |
Error'd: Poetry in Motion |
So much cringe here today. Obviously, the first submission below just reeks of professional sycophantry on so many levels. I can't decide which is more offensive, the barefoot butcher or the grotesque attempt to humanize a vogon. To take the edge off, I'll start you out with a very old shaggy dog punchline. The actual setup for this groaner is pretty horrible, though someone on the internet has dutifully compiled the definitive collection of all known variants. Sparing you that misery, I'll cut straight to the chase: Rudolf the Red knows rain, dear. Now you can decide which gag is more worthy: that, or this.
My English vocabulary cannot convey the complexity of my feelings about Beatrix W. who shared a monstrosity, reporting innocently "I was just looking for a book about AppleScript by a Japanese author." Is there a Japanese word for "thank you for this gift but never do it again?"
Or maybe there's a German word for it. What say you, Friend Foo? This week Foo A. has a fun one for us. "Halt entf"allt means stop omitted, so they're suggesting I should change to a train that doesn't even stop there!" Clearly, they're expecting you to jump nimbly aboard as it rolls through. I hope it at least slows down.
Newlyread Rudi sent in a screenshot titled <insert subject/title here> saying "I guess the game is to figure out what the location is? (The reason I used HTML entities in the title is because in a previous attempt to submit this WTF I used the actual characters, but resulted in a 500 error, so now I'm checking if that might have been the reason why. Which I guess would be a meta-WTF. :) )" So it might, and it wouldn't be our first. As the other joke goes, "what happens if you try it again?"
Easy-listening Dan snapped a shot of his infotainment system, remarking "I think it's a Reverse HTML Injection. At first, I thought they'd fix it quickly, but it's been like this for weeks." I've seen submissions like this before, but I'm not sure if I've run one.
With the last word for this week, Micha Thomas has us going and coming. "Coming from the same company that gave us the infamous Click 'Start' to shutdown Windows, this is what my Outlook greeted me with this morning"
[Advertisement]
Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.
|
Метки: Error'd |
CodeSOD: Classical Solutions |
CSS classes give us the ability to reuse styles in a meaningful way, by defining, well, classes of styling. A common anti-pattern is to misuse classes and define things like "redTextUnderlined" as a CSS class. Best practice is that a CSS class should define the role, not the appearance. So that class might be better named "validationError", for example. A class will frequently bundle together a bunch of stylesheet properties into a single, meaningful name. That's the ideal approach, anyway.
Now, Olivia's predecessor had an… interesting philosophy of how to use CSS classes.
.sup,
.headerLinkMain,
.headerLinkName,
.headerLinkAdmin,
.systemMsgMain,
.studentsLegendText,
.studentPagingSelected,
.studentPagingLink,
.studentErrorLegend,
.studentsBatchEditShellHeader,
.warningError,
.warningErrorTitle,
.staffLegendText,
.staffEditLabelRequire,
.staffEditLabel,
.staffEditLink,
.completeNote,
.staffNumberLinks,
.staffNotOK,
.staffViewPrevNextLink,
.staffViewPrevNext,
.staffViewPrevNextError,
.staffViewPrevNextErrorLink,
.staffNoteShowRecords,
.staffListFont01,
.courseListFont,
.staffTotalText,
.warningErrorStaff,
.warningErrorStaffTitle,
.warningLoginStaff,
.warningLoginLabel,
.textAdminSection,
.textAdminSectionError,
.textAdminSection102,
.studentEditLabelRequire,
.studentEditLabel,
.studentDOB,
.studentEditLabelError,
.studentEditLabelRequireError,
.textDemographicPopup,
.titleStudentDemogs,
.textStudentDemogs,
.textSection,
.textSectionBold,
.classesText,
.classesList,
.classUsrMultiple,
.classNote01,
.classNote02,
.subTitleAdminSection,
.warningErrorClass,
.warningErrorClassTitle
{font-size: 11px;}
.priFriHeaderText,
.headerMain,
.headerLinkMain,
.headerLinkName,
.headerAdmin,
.headerLinkAdmin,
.studentsBatchEditShellHeader,
.headerLinkSu,
.tabLink,
.titleTableRed,
.titleTableBlue,
.textBlueBold,
.textRedBold,
.error,
.schoolLinkBold,
.blueLight,
.tableTitleGreen,
.textGreenBold,
.titleGreenBig,
.headerSu,
.loginBlue,
.helpApps
.moreLinkRed,
.goLinkRed,
.moreLinkBlue,
.goLinkBlue,
.faqLink,
.listBlueBold,
.titleSettings,
.enrollmentStatusBoxHeaderText,
.studentsBatchEditSelectsText,
.studentsSelectsLabel,
.studentPagingSelected,
.studentListLabel,
.studentListLabelLink,
.studentListBold,
.studentErrorLegend,
.studentErrorLabel,
.studentListError,
.warningErrorTitle,
.staffNoteSave,
.staffLegendText,
.staffEditLabelRequire,
.noteUnsavedStaffRecord,
.staffSearchLabel,
.staffNumberLinks,
.staffViewPrevNextLink,
.staffViewPrevNext,
.staffViewLabelSort,
.staffViewLabel,
.courseViewLabel,
.staffViewPrevNextErrorLink,
.staffViewPrevNextError,
.staffEditLinkBold,
.backLink,
.warningErrorStaffTitle,
.warningLoginStaff,
.subTitleAdminSection,
.studentEditLabelRequire,
.studentEditLabelRequireError,
.titleDemographicPopup,
.titleStudentDemogs,
.subTitleDownload,
.textDownload03,
.labelDownload,
.subTitleSections,
.textSectionBold,
.classesViewEditLink,
.classesLable,
.classAddLabel,
.tdBold,
.backLinkUser,
.classAdmLabel,
.subTitleClasses,
.warningErrorClassTitle,
.dibelsTransitionMessage
{font-weight: bold;}
.titleSections,
.staffLegendText,
.staffNoteCancel,
.staffNotOK,
.staffTotalText,
.staffSearchLabel,
.textAdminSection,
.textAdminSection102,
.studentEditLabelRequire,
.studentEditLabel,
.studentDOB,
.textDownload02,
.subTitleSections,
.textSection,
.textSectionBold,
.subTitleSectionsClasses,
.classAddLabel
{color: #4B4B47;}
Now, you have a "good" mix of functional class names (.textStudentDemogs) and plenty that clearly involve actual styling (.loginBlue). But of course, that's not the WTF, the WTF is this developer's approach to organizing stylesheet rules: each style property is its own rule. Yes, they constantly repeated this pattern, all through the CSS file. It's "convenient", if you want to know all the classes of elements that explicitly have an 11 point font, but it's basically useless for anything else.
I find myself staring at it, trying to understand the logic that drove this design pattern. Did they write a script to generate this? Did they just do all their styling this way? How? Why? I feel like an archaeologist who just found an inscrutable relic and is stuck saying, "it must have served some ritual purpose". It's not an answer, it's just a shrug. I can't understand this, and frankly, I don't know that I want to.
[Advertisement]
Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.
|
Метки: CodeSOD |
CodeSOD: Repetition is an Echo |
Annie works in a bioinformatics department. There's a lot of internally developed code, and the quality is… special. But it's also got features that are on their critical path of doing their jobs.
One example is that, based on one input form, the next input form needs to display a drop down. The drop down elements don't change, but the individual item that's selected does. So, if the rank HTTP POST variable is set, we want to make sure the matching entry is selected.
if(isset($_POST['rank'])){
if($_POST['rank']=='superkingdom'){
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
}elseif($_POST['rank']=='phylum'){
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
}
elseif($_POST['rank']=='class'){
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
}
elseif($_POST['rank']=='order'){
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
}
elseif($_POST['rank']=='family'){
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
}
elseif($_POST['rank']=='genus'){
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
}
elseif($_POST['rank']=='species'){
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
}
}
Talk about duplicated code. And, of course, there's no else clause.
And, of course, there's a bonus SQL injection attack that Annie found:
$sql = "SELECT locus,accession,length,date,definition,organisim,host".
" FROM `gb` WHERE organisim LIKE '%".$_POST['orgname']."%'";
|
Метки: CodeSOD |
CodeSOD: The Device Search |
I started writing a paragraph about why this code Gilda found was bad, and then I had to delete it all, because I wasn't putting the entire block in context. At a glance, this looks almost fine, but I thought I spotted a WTF. But only when I thought about the fact that this C code runs inside of a loop that I realized the real problem.
rsts = get_device_by_id ( movq_p->nxt_device_id, &devc );
if ( ( rsts == CC_VL_SUCCESS ) &&
( strcmp ( devc.device_type, SPECIFIC_DEVICE ) == 0 ) )
{
specific_device_flag = CC_VL_TRUE;
}
/*
* Process device...
*/
if ( specific_device_flag )
{
...
}
So, inside of a loop, this iterates across a series of devices, represented by their nxt_device_id. They load that into a device struct, devc, and do some validation on the type of device in question. If the type of device is SPECIFIC_DEVICE, then we set a flag to represent that. Later in the code, we have special processing if it's that SPECIFIC_DEVICE.
The problem here is that this code runs inside a loop and specific_device_flag is never set to false. So as we iterate across the devices, if one of them is a SPECIFIC_DEVICE, every future device will also be treated as if it's a SPECIFIC_DEVICE.
Gilda writes: "Apparently this has been in the baseline code since before the project it is in was branched off so I don't know if anything was deleted between setting the specific_device_flag and testing for it."
The beauty of this bug is that depending on the order of the device enumeration, or the number of connected devices, it might never be seen. In fact, that's been mostly the case for Gilda's company. There have been a number of tickets resolved by "try unplugging all the devices and plugging them back in to different ports" or just "reboot the system". No one knew why.
My kingdom for an else clause. Or just a boolean assignment expression. Or, if you really want to use CC_VL_TRUE and not just "non-zero is true", a ternary might actually be more readable.
I've read C programming styleguides that require every if to have an else, and if the else is empty, a comment justifying its emptiness. I usually think that's overkill, but this code sample is a strong argument in favor of such a guideline.
[Advertisement]
Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.
|
Метки: CodeSOD |
CodeSOD: Tying Two Strings |
Lets say you have a simple problem. You have a string variable, and you'd like to store that string in another variable. You have a vague understanding of string immutability and something about the way references work in C#, but you don't really understand any of that. So, what do you do?
Well, if you're Tina's co-worker, you do this:
expiresIn = $"{accessToken.ExpiresIn}"
Now, the "advantage" of this is that it creates a new string object. So expiresIn holds a reference to a different piece of memory than accessToken.ExpiresIn. Is that valuable? Not in this case. expiresIn is a local variable that goes out of scope well before accessToken does.
The worst part? This co-worker tends to do this by default when assigning strings to variables, even inside of loops, which means there are a lot of unnecessary string copies going on, and thus a lot of extra garbage collection. And in the end, for no real benefit.
[Advertisement]
Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!
|
Метки: CodeSOD |
Error'd: Untimely Ripp'd |
This week we bring you a whole set of submissions that prove, once again, that web programmers just can't keep track of time. But first, a sop with a regular. Is a flying NaN safer than a Camel? I wouldn't recommend making either a habit.
Friend Argle B.is right, submissions to Error'd from actual desktop applications are rare. He explanes "I routinely expect this from websites. I did NOT expect to find it in MSFS. It came up when I deleted all the digits." Good for you, Mr. B. I can't type a lick without digits.
This week, johng shared us a headscratcher. He explains it thus: "Well, we all knew that the timeloop was coming but apparently the timeloop already occurred in 2020 (huh, pandemic you say?), so Meetup.com is ahead of us here and lists the devices where you've logged in and enabled push notifications, ordered by timeloop stamp." I can't figure out how they did this.
A bad movie fan, wisely anonymous, suspects his taste in cinema may degrade in his dotage. "I wonder how much $19.99 will be worth in 977 years when I finally see the movie. At least there's a bonus."
Nostalgia for his youth lead Michael to first seek, then shun a classic film. "Do I feel lucky^H^H^H^H^Hold?", he asked rhetorically. Well? Do you, punk?
Finally, antiquarian AJ found a rare copy of a moldy manga at Amazon. "Sadly this old manga is currently not available, but I hear even Napoleon liked it." Who knew?
[Advertisement]
Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!
|
Метки: Error'd |
CodeSOD: Compiling Datasets |
Managing datasets is always a challenging task. So when Penny's co-worker needed to collect a pile of latitude/longitude positions from one dataset and prepare it for processing in a C++ program, that co-worker turned to the tools she knew best. Python and C++.
Now, you or I might have dumped this data to a CSV file. But this co-worker is more… performance minded than us. So the Python script didn't generate a CSV file. Or a JSON document. Or any standard data file. No, that Python script generated a C++ file.
// scraped using record_data.py
const std::vector route_1 =
{
{ 35.6983464357, -80.4201474895},
{ 35.6983464403, -80.4201474842},
// several hundred more lines like this
};
const std::vector route_2 =
{
{ 35.8693464357, -80.1420474895},
{ 35.8693464392, -80.1420474821},
// another thousand lines
};
// more routes like this
Now, there are clear advantages to compiling in thousands of data-points instead of reading in data from a data file. First, no one can easily change the data points once you've built your code, which means no one can corrupt your data or make the file invalid easily. Second, the runtime performance is going to be significantly better and your compilation will be much slower, encouraging developers to think more carefully about their code before they hit that compile button.
I think this is the future of high performance computing, right here. No more are we going to pay the high costs of parsing data and letting it change without recompilation. Burn that data into your code.
[Advertisement]
Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!
|
Метки: CodeSOD |
CodeSOD: Double Narcissism |
In mythology, Narcissus was so enraptured by his own beauty that he turned away all potential lovers until he came across a still pool of water. Upon spying his reflection, he fell in love and remained there for the rest of his life. After his death, a narcissus flower grew in his place- a daffodil or jonquil.
One important element of Narcissus's myth is that while yes, he was incredibly self-absorbed, he was also beautiful. That's less true for this C# code from frequent commenter Sole Purpose Of Visit. There is nothing beautiful about this code.
namespace Initrode.Extensions
{
public class PhbDouble
{
protected double m_Value;
public PhbDouble(double avalue);
public double Value { get; set; }
public static PhbDouble Create(double avalue);
}
}
Now, it's easy to see that this is a useless wrapper class around a double. But what of that Phb on the front? Well this is anonymized, but in the original code, those were the developer's initials. Every class this developer wrote was tagged Phb. Every single one.
Sole Purpose Of Visit adds:
And no, there is/was no such thing as PhbInt or (rather sadly) a PhbBool.
The "signature" does, Sole assures us, "make it nice and easy to delete all his code".
Delete away.
[Advertisement]
ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.
|
Метки: CodeSOD |
CodeSOD: Paste Parse |
Sandra (previously) is still working with Bjorn. Bjorn also continues to like keeping things… simple.
"Simple" for Bjorn is "do as much in PHP as possible since I am okay at PHP, including templating out JavaScript. If I have any third party libraries, just copy and paste them into the project and never, ever use a bundler because WebPack is scary."
Which, in Bjorn's defense, WebPack and tools like it are scary, and I hate them all as a class. But that's a separate rant that's wildly off topic, so let's just get back to Bjorn.
Because Bjorn does JavaScript via PHP templates, copy/paste, and general "massage the code until it works", we end up with this nonsense line not only getting deployed, but staying deployed until someone has the time and budget to do a large scale refactoring of all of the code:
console.log(parseInt('abc'));
The surrounding code has been excluded, as it doesn't matter and offers nothing. This line exists, it doesn't work, and shouldn't be there.
[Advertisement]
Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!
|
Метки: CodeSOD |
The Silent Partner |
Lucio worked as a self-employed IT consultant. His clients tended to be small firms with equally small IT departments. When they didn't know where else to turn, they called on Lucio for help.
Over the years, Lucio befriended many of the internal IT employees that he worked with. One of them, Fabio, wisely decided to leave his position at a firm with 30 employees, where everyone's roles changed daily depending on the crisis at hand.
Soon after, Fabio landed an interview with an 80-person outfit. They were looking for someone who could take care of everything from mouse batteries to Excel spreadsheets to website software updates to issues in their homemade invoicing software.
Fabio could handle all of that, except for the software. The last time he'd coded anything was 15 years earlier, and even then he'd decided coding wasn't his forte. The interview was scheduled to take place online; Fabio asked Lucio to be in the room during the interview, hoping for a little secret assistance with any questions that were outside his knowledge.
Lucio didn't feel great about it, but he accepted, only to provide help with programming-related stuff and nothing else. As it turned out, the interviewer simply took Fabio's word at face value and did nothing to confirm his coding skills. Lucio never had to intervene, and Fabio got the job all on his own.
On the first day of the job, Fabio sent Lucio a selfie of himself at his new workplace. They'd already gotten him a uniform adorned with the company logo. His new boss toured him around the company offices, introducing him to his coworkers.
The next day, Fabio contacted Lucio. The company didn't have a helpdesk ticketing system, and Fabio lacked the clout to ask for such a big purchase. Did Lucio know of any free options?
As a personal favor, Lucio ended up installing UVDesk Community Edition on one of his own servers and provided Fabio the admin account. He warned his friend that this setup would only be temporary, and he'd have to arrange for something better later.
The next day after that, Fabio sought help for the homemade invoicing software, which crashed from time to time. Windows Process Manager was showing a steady increase of allocated memory. Lucio explained to Fabio what a memory leak was, and said that they'd have to look for the problem in the application's source code. Fabio replied that he didn't have access to the code yet.
And then, the company website was hacked. Lucio discovered that it was a WordPress site with a handwritten theme. Below is the single.php file responsible for rendering every post:
Lucio stopped looking at the theme code, because this was already more than enough for him:
$lang variable was never used (thankfully).if statements could have or operators as part of their conditions.if statements were spread all over the whole theme.Lucio told Fabio that the company would have to rebuild the website from scratch. When Fabio passed the word on to the theme developer, he was assured that "all vulnerabilities would be fixed." Lucio has his doubts, and expects Fabio to hand in his notice any day now.
[Advertisement]
Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!
|
Метки: Feature Articles |
Error'd: Shift-Meta-Errord |
The submissions this week seemed to have coincidentally developed a theme of self-reference. You tell me.
First, persistent Caleb S. tried over and over again to submit this same item for our consideration. He called it a "space-enfolding bus" and said that "There's apparently more space in this Afternoon Tea bus than meets the eye -- you can book seats for 500 adults and 500 children." Alas, his submission came without an image, so we asked for a do-over. Dutifully done, Caleb's second and third attempts both reported "Please use the comments from when I tried to submit this without an image." With that behind us, here is the image from the final attempt.
I thought there was some kind of mistake, but I finally figured it out. The Space-Enfolding Bus is also a Self-Enfolding bus, and it's been swallowed by its own singularity. Or else it's snowing very hard.
Next, intrepid tourist Andreas R. noted "I came across this while browsing for travel SIM cards. I didn't realize the United States had a population of over 300 trillion people! And one of the most interesting places to visit in the USA is America, go figure." Not only is America a place to visit in America, it's also a country in America. Is bullshit content generated for SEO truly a WTF anymore? Or is it just so de rigeur that it can only be a JFC? Either way, it's just recursive enough to clear this here bar. (Interestingly, note that since the USA has no official language, the boilerplate text has a NULL in it which could have been handled better or worse.)
Security dabbler Metal Rafa does, and does not, reporting "It's good to have options, especially for those who can't make up their minds about unsubscribing from a marketing email list or not. SentinelOne's mailing list software now lets them do both at the same time!"
Continental Faroguy found an error-rate error and shared it "Reddit was having trouble loading pages and the error rate report was not encouraging."
And finally, dedicated troublemaker Andy caught us in an edit and decided to rub our metaphorical nose in it. "I stumbled on this gem in my RSS reader. Is this maybe a bit cheeky? Perhaps a bit too on the nose? Sure. But there's no world in which I can pass it up." And no world in which I can turn it down, either. Roast crow, yum.
[Advertisement]
Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!
|
Метки: Error'd |
CodeSOD: The Wager |
We've all been there. We need to make a change to the codebase or else. The right solution is going to take time and refactoring. There's a quick fix that will keep the production system from falling over and crushing the business. So you make the quick fix, with the idea that, eventually, you'll really fix it.
And eventually never comes.
But Adam's co-workers have at least found a way to make that process rewarding for the developers involved.
This comment was added to the code-base in January, of 2017:
/*
* If this function is still here after 2017-Jul-01, chris@ owes sam@
* http://www.oldripvanwinkle.com/whiskey/family-reserve-23-year/
*
* Signed-off-by: Chris <chris@initech.com>
*/
As of July, 2022, that function is still there. But Chris is no deadbeat, and Sam has received a bottle of expensive whiskey, so at least there's some benefit to the ugly hack this comment surrounds.
Hopefully Sam drinks responsibly, moderating consumption so as to both enjoy the expensive bottle, but also to ensure landing right at the Ballmer Peak. Exceeding that limit is going to lead to a lot more comments like the one above, creating a positive feedback loop of alcohol and programming that is almost certainly going to lead to something worse than Windows ME.
[Advertisement]
Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!
|
Метки: CodeSOD |
CodeSOD: Exceptional Flags |
Something I see in a lot of code, and generally dislike, is this pattern:
if (debug) {
print("Some debugging message");
}
Obviously, the "right" answer here is to just use a logging framework and control the mode globally. Still, it's not uncommon to see these sorts of quick-and-dirty branches. I don't like them, but in many cases, they're not worth fighting over.
I bring this up because Drenab's submission, I believe, started with the same kind of intent. It's just, like so much bad code, absolutely misguided.
boolean flag = false;
if (flag) {
throw new Exception();
}
Clearly, the flag is meant as a compile time switch. Whoever wrote this wanted to stop normal execution at this point during debugging- perhaps not literal debugging, with an attached debugger, but some sort of debugging.
And you know what? While I don't like this- really don't like this- I can absolutely see writing this code to quickly inspect a problem I'm having a hard time replicating. What I can't see is including it in a commit. This is garbage code I don't intend to ever actually let anyone else see.
What I absolutely wouldn't do is chuck this snippet into a bunch of places in my codebase, which is what happened here. These blocks were spammed all over the place, and flipping flag would cause it to throw a generic exception.
[Advertisement]
Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!
|
Метки: CodeSOD |
CodeSOD: Busy Busy Busy |
One of the common mistakes in a beginner programmer is to wait using a busy loop. Need to pause a program? for(int i = 0; i < SOME_LARGE_NUMBER;i++) continue;
There are a lot of good reasons to not do this, but in microcontroller land, sometimes you actually do want to wait this way. There may be better ways, but there also might not- it depends on your specific constraints.
So, when David S found these lines of C code, it wasn't precisely a WTF.
CheKseg0CacheOn();
for (i=0;i<=SECONDS_1_U;i++) continue;
CheKseg0CacheOff();
This disables an optimization on the microcontroller, then busy loops for what should be one second, and then enables that optimization again. This code could be more clear, it could be refactored into a procedure, but this code, on its own, isn't automatically a WTF.
No, the WTF is what happened when the developer responsible needed to wait for three seconds.
if (*SYSSTATUS & System_Reset_Flag)
{
// CODE THAT DOES SOMETHING
}
CheKseg0CacheOn();
for (i=0;i<=SECONDS_1_U;i++) continue;
CheKseg0CacheOff();
CheKseg0CacheOn();
for (i=0;i<=SECONDS_1_U;i++) continue;
CheKseg0CacheOff();
CheKseg0CacheOn();
for (i=0;i<=SECONDS_1_U;i++) continue;
CheKseg0CacheOff();
In fact, the only constant for these busy loops was SECONDS_1_U, and all waits were just for one second. No attempt was made to come up with a more general solution that could calculate arbitrary waits, no attempt was made to turn this at least into a procedure for readability, or even a macro. No, it just gets repeated 249 times across 70 different files in the code base.
The developer responsible doesn't work there anymore, but it's fair to say they made their mark.
[Advertisement]
Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.
|
Метки: CodeSOD |
CodeSOD: Switching Notes |
"The app I work on is a 1.2MLOC big-ball-o-wtf," writes Mark B.
As with a lot of big piles of bad code, it's frequently hard to find a snippet that both represents the bad code and is concise enough to submit. In this case, the code in question shows a questionable grasp of both switch statements and enums.
// Default to expire note today
var noteDuration = NoteDurationType.ExpireToday;
switch (note.NoteDuration)
{
case NoteDurationType.LengthOfStay:
noteDuration = NoteDurationType.LengthOfStay;
break;
case NoteDurationType.ExpireToday:
// Default is to expire today
break;
}
// Save note, expiry date is set in this method and the Expiry date passed in the mobile json is ignored.
Note.Note.CreateNewTaskNote(oc, note.NoteId, trimmedNote, scheduleTask.AssetTreeId, ScheduleStartDate, noteDuration)
So, a few things. First, NoteDurationType has only two possible values: ExpireToday and LengthOfStay. This code defaults the variable noteDuration to ExpireToday, then does a switch- if note.NoteDuration is LengthOfStay, set the variable noteDuration to that, otherwise, leave it alone.
So, this entire switch could be replaced by noteDuration = note.NoteDuration. The effect is the same. But then, the variable noteDuration is only used once- on the following line where we create a new task note. Which means we could replace all this code with:
Note.Note.CreateNewTaskNote(oc, note.NoteId, trimmedNote, scheduleTask.AssetTreeId, ScheduleStartDate, note.NoteDuration);
Even if we're being generous, and say that this is some misguided null check, note.NoteDuration isn't nullable, so there's no need for any of this.
It's easy to write 1.2M lines of code if most of them are stupid.
[Advertisement]
Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!
|
Метки: CodeSOD |
Error'd: Sm"orgasbord |
This week we have a veritable grab-bag of all the most common sorts of website errors: the NaN, the null, the undefined, the bad text substitution and the wonky date math. Honestly, they're getting tedious. Somebody should build a tool to help developers scrub their code of impurities and dross. They could call it something catchy like, I dunno, purifier or lintbrush.
Timely Todd R. tells us "I left a window open in Workday for too long, and like a lot of other apps it threatened to log me out. I just wish I knew when that was..."
Foxy Foo A. yips "So often you post about undefined stuff, so can you please help me find Firefox undefined (or later, preferably)?" Readers? Can you help Foo find out?
Deviant Daniel digs nuisance nulls, exclaiming "I can’t wait to replace my car with a !".
Ambivalent Joat wavers "Even if I had wanted to add my comment about my recent experience, neither of the links was active (Share my experience or No thanks)."
Superlative Zach gloats "I wanted to check how much my subscription will cost to renew. Now I know :)". That's good for you, Zach, but we still don't. Is that $100 minus A WHOLE LOT, or $100 minus a trifling amount? And also, isn't Paramount Plus Premium doubly redundant? How can anything be more than paramount? It's all too much for me.
[Advertisement]
BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!
|
Метки: Error'd |
