The Daily WTF: Curious Perversions in Information Technology

Development Tools

by Remy Porter in CodeSOD on 2026-03-25

A few holiday seasons ago, Paul S was doing the requisite holiday shopping online, looking for those perfectly impersonal but mildly thoughtful gifts that many companies specialize in. This was one of the larger such vendors, well known for its fruit-filled gift baskets. As is not uncommon for our readers, when the site started misbehaving, he pulled up the dev tools. He didn't solve the problem, but he did learn a lot about how they were managing their API keys, as this was exposed to the client:

    env: {
        APP_AUTH0_GUID: 'ctZZL1BqgKm9kBmDEKAjt0yBeQ47Cpwl XS0xxpLFS5g8o-EUpSu4fi9ecOqN19WnXn-EqI9yaupwme22bKuBd2jH3Kf3QngZ',
        APP_LOGGING_ENABLED: 'true',
        APP_LOGGING_SERVICE_PATH: 'r/api/logging/mbp-ui',
        REACT_APP_MBP_LOGGER_CONSOLE: 'ERROR',
        APP_TIQ_ACCOUNT: '1800flowers',
        APP_TIQ_PROFILE: 'full',
        APP_TIQ_ENV: 'prod',
        APP_PAYPAL_SDK_URL: 'https://www.paypal.com/sdk/js',
        APP_PAYPAL_CLIENT_ID: 'AcYrxrOkFwUnMKRoJmkOR0N6caopqRNqwNRxy6H-EvZ-IKUz22i-E0uT0uMT7JQZEC33Oy1HCNsgm_le',
        APP_PAYPAL_ENV: 'production',
        APP_PAYPAL_SOURCE: 'PWA',
        APP_VENMO_ENV: 'production',
        APP_VENMO_PROFILE_ID: '2705494007504552889',
        APP_AUTH_LOGIN_SOURCE: 'undefined',
        APP_SG_BASKET_SCRIPT: 'https://cdn2.smartgiftit.com/scripts/widgets/gift-basket.js',
        APP_AUTH_DOMAIN: 'login.celebrations.com',
        APP_AUTH_AUDIENCE: 'celebrations-prod.1800-flowers.auth0.com',
        APP_STATUS_BAR_ENABLED: 'true',
        APP_WALLET_ENABLED: 'true',
        APP_VERIFY_ADDRESS_HOST: 'api.edq.com',
        APP_VERIFY_ADDRESS_AUTH_TOKEN: '47d991c9-043e-4073-bee3-a5c8922baa3a',
        APP_FULLSTORY_ORG_ID: 'MXD30',
        APP_GRAPHQL_ENV: 'production',
        APP_VISA_CHECKOUT_API_KEY: 'B0LQRDVCE0LWKBHR880J14gCRlEjr_UqLhh6V-yYRAmcvD0W8'
}

1 comments - Last comment @ 08:02

The Barren Fields

by Remy Porter in CodeSOD on 2026-03-24

Today, it's not exactly the code that was bad. For some time, a government agency had been collecting information from users using fillable PDF forms. The user would submit the form, and then a data entry clerk would copy the text from the form into a database. This, of course, raised the question: why was someone manually riding the copy/paste button?

Sally was tasked with automating this. The data is already in a digital format, so it should be easy to use a PDF library to parse out the entered data and insert it into the database. And it almost was.

16 comments - Last comment @ 10:39

Completely Readable

by Remy Porter in CodeSOD on 2026-03-23

It is eminitently reasonable for companies to have "readability standards" for their code. You're writing this code for humans to read, after all, at least in theory. You need to communicate to future inheritors of your code.

But that doesn't mean readability standards are good. Tony's company, for example, has rules about returning boolean values from functions, and those rules mean you are expected to write code like this:

28 comments - Last comment @ 2026-03-24

Greater Than False

by Remy Porter in Representative Line on 2026-03-18

Today's anonymous submitter passes us a single line of JavaScript, and it's a doozy. This line works, but that's through no fault of the developer behind it.

{arr?.length && shouldNotShow === false > 0 (...)}

29 comments - Last comment @ 10:37

Poly Means Many, After All

by Remy Porter in CodeSOD on 2026-03-17

Capybara James sends us some code which is totally designed to be modular.

This particular software accepts many kinds of requests which it then converts into a request for a ListView. This is a perfect example of where to use polymorphism, so you can write one transform method that operates on any kind of request.

3 comments - Last comment @ 2026-03-17

A Little Twisted

by Remy Porter in CodeSOD on 2026-03-16

Dana sends us a WTF that'll turn your head. She was shopping for new hard drives, and was doing it from her phone, a fairly reasonable tool to use for online shopping these days. She opened the website of one vendor, and it was rotated 90 degrees. Or half-pi radians, for those of us that are more used to sensible units.

This was irrespective of any rotation settings on her phone, the website insisted on showing itself in landscape mode. This created quite the unusual appearance when she held her phone in portrait orientation: the browser chrome surrounding the content was in portrait mode, but the page itself was in landscape.

21 comments - Last comment @ 2026-03-24

Awaiting A Reaction

by Remy Porter in CodeSOD on 2026-03-12

Today's Anonymous submitter sends us some React code. We'll look at the code and then talk about the WTF:

// inside a function for updating checkboxes on a page
if (!e.target.checked) {
  const removeIndex = await checkedlist.findIndex(
    (sel) => sel.Id == selected.Id,
  )
  const removeRowIndex = await RowValue.findIndex(
    (sel) => sel == Index,
  )

// checkedlist and RowValue are both useState instances.... they should never be modified directly
  await checkedlist.splice(removeIndex, 1)
  await RowValue.splice(removeRowIndex, 1)

// so instead of doing above logic in the set state, they dont
  setCheckedlist(checkedlist)
  setRow(RowValue)
} else {
  if (checkedlist.findIndex((sel) => sel.Id == selected.Id) == -1) {
    await checkedlist.push(selected)
  }
// same, instead of just doing a set state call, we do awaits and self updates
  await RowValue.push(Index)
  setCheckedlist(checkedlist)
  setRow(RowValue)
}

18 comments - Last comment @ 2026-03-13

All Docked Up

by Remy Porter in CodeSOD on 2026-03-11

Aankhen has a peer who loves writing Python scripts to automate repetitive tasks. We'll call this person Ernest.

Ernest was pretty proud of some helpers he wrote to help him manage his Docker containers. For example, when he wanted to stop and remove all his running Docker containers, he wrote this script:

21 comments - Last comment @ 2026-03-16