The Daily WTF: Curious Perversions in Information Technology

Drain the Swamp

by Remy Porter in CodeSOD on 2017-10-30

You may remember Virginia N from An Extinction Event, where she struggles to refactor a legacy project with some… unusual design principles. ReSharper still continues to choke to death on their codebase, but her management has let her know, this won’t be a problem going forward.

“You see,” her boss explained, “we’re going to move the logic into stored procedures. That way, we can more easily re-use the logic between the Windows Forms client and the Web app.”

10 comments - Last comment @ 2018-04-03

The Key to Lookups

by Remy Porter in CodeSOD on 2017-10-24

After some “miscommunications about coding standards”, Nicolas’s company decided that they should have one of their internal developers do code reviews on anything that came from their external, third-party developers. Nicolas drew the short straw on the most recent project.

The specific problem in play is that they had config-data, structured as nested dictionaries. You know the kind of data-structure- something like:

16 comments - Last comment @ 2017-12-22

Secure Login

by Remy Porter in Representative Line on 2017-10-23

“I logged into the admin app.”

Julie’s boss had the username and password for the admin app, so that wasn’t too surprising.

35 comments - Last comment @ 2017-10-28

Abstract Test Case

by Remy Porter in CodeSOD on 2017-10-19

A great many breakfast cereals promise some sort of health benefit. This brand is good for your heart, that brand has 11 essential vitamins and minerals. This one’s got bran! Just because there’s a promise of health benefits doesn’t mean they actually exist- most of these cereals are lightly fluffed sugar held together with a smidge of starch.

Object-oriented languages promise a lot of code-health benefits, and used properly, they can certainly deliver. In this somewhat tortured metaphor, the Lucky Charms marshmallow of OO features is Inheritance. It’s tasty, it’s easy to explain, but it’s not really good for your code. A little bit, here-and-there, from time-to-time is great. But some folks buy the three pound bag and that’s just not good for anybody.

20 comments - Last comment @ 2017-10-24

Too Salty

by Remy Porter in CodeSOD on 2017-10-17

The first rule of building your own password storage mechanisms is don’t. Like most other highly-specialized wheels, you aren’t going to do as good a job as someone who specializes in it. It’s bad enough when you write your own date mangling code, but for security-critical features, like passwords or encryption, you’re begging for trouble.

Joni spotted some trouble: many of the users in the database had the same password hash. This, of course, should never happen- the password should be combined with a user-specific salt as part of the hashing, so that even if two users had the same password, they’d have different hashes.

29 comments - Last comment @ 2017-10-24

Refactoring the Conditional

by Remy Porter in Representative Line on 2017-10-11

Virginia N was trying to refactor some code, and that meant understanding where the value m_PSOC_SIG was used, and why. So, she did some searching, and found this line, which doesn’t contain our value:

ChangePosition("P",true,(bool)ar[6],(DateTime)ar[1],(DateTime)ar[5]);

43 comments - Last comment @ 2017-11-08

We Know How This Works

by Remy Porter in CodeSOD on 2017-10-10

One of the selling points of a language like Java is that it comes with a rich standard library of useful classes. This allows developers to completely ignore those useful features, and instead reinvent the wheel badly. Once this novel square wheel has come off the assembly line, it becomes the defacto standard for the organization.

Take, for example, Caiwan’s office. They have a… special date-handling library.

45 comments - Last comment @ 2017-10-13

Hired: State of Contracting

by Remy Porter in Sponsor Post on 2017-10-05

Our sponsor, Hired, passed us off a report they just published: “The State of Contract Work”. I said to myself, “Wait a second, I’m a contractor!” Well, technically, I’m more of a consultant or sometimes a trainer- one of those evil highly paid consultants who swing in, tell developers how to do their jobs, and leave behind nothing more than the smell of brimstone and invoices.

The bad thing about this line of work, at least from the perspective of a TDWTF article, is that if I encounter a real WTF, it’s because someone wants me to fix it. A WTF that is getting fixed isn’t really a WTF anymore. That doesn’t mean I don’t encounter some real head-scratchers from time to time.

40 comments - Last comment @ 2017-10-22

The Anty Pattern

by Remy Porter in CodeSOD on 2017-10-04

An anti-pattern that shows up from time to time here is the old “our IDE’s build output is mapped to a network drive on the web server”, but “Drummer” shows us a novel new variation on that theme.

It all started when a co-worker asked them, “how do I change the compiler version?” The code was built using Ant, so “Drummer” opened the build file and searched through it for a javac element- the Ant command which runs the Java compiler.

18 comments - Last comment @ 2017-10-08

Dashboard Confessional

by Remy Porter in CodeSOD on 2017-10-02

Three years ago, this XKCD comic captured a lot of the problems we have with gathering requirements:

27 comments - Last comment @ 2017-10-16