Recent CodeSOD

Code Snippet Of the Day (CodeSOD) features interesting and usually incorrect code snippets taken from actual production code in a commercial and/or open source software projects.

Feb 2022

Switch Kicker

by in CodeSOD on

As covered previously, game code generally doesn't represent an interesting WTF. But bad e-commerce code certainly does. So today, Rhys sends us some JavaScript from a web-based fantasy-football (for non-USA values of football) site. Given that it handles microtransactions and in-game items passed between players, it's definitely more on the e-commerce side of things than anything else.

And much like that previous article, this one does involve a very large switch, but before we get to the switch, we have to get to the state validator:


by in CodeSOD on

We're going to do something a little different. I don't like to do posts about game related code. Games are entirely about shipping something out the door on tight timelines and tight budgets, and it's very much the category of "if it works it's good". There are exceptions, like when you ship an actual WTF, but "bad game code" is not really that interesting.

Awhile back, indie game VVVVVV went open source which gives us a picture of how the sausage is actually made. Now, this is emphatically not a WTF, this isn't wrong or a mistake, this is just the kind of thing that gets a game shipped, especially when it's a small budget indie game, by basically one person.

A Commentary on Military Force

by in CodeSOD on

Once upon a time, Simon worked for a company making software for missile systems. This was serious work, with serious testing procedures, and important standards around documentation.

Shortly before a live-fire test of a missile system, Simon knew better than to make any code changes, but he did want to improve the documentation. Adding comments was pretty low risk, so he went ahead and did that. By the time he was done, the Turbo Pascal code that controlled the missile looked like this:

Put Down the Pipe

by in CodeSOD on

Camden's team works on an internal Angular application. Angular is constantly releasing new versions, and while they're largely backwards compatible, as the rule goes: every change breaks someone's workflow. Camden's team started to upgrade to Angular 12, only to discover that one of their dependencies wouldn't resolve. It refused to work with any version of Angular greater than 8.

The specific dependency promised to safely sanitize external resources, like DOM snippets and URLs fetched from an external source. At its core, it wrapped around the Angular DomSanitizer object, which provided all the plumbing for handling sanitization.

Promotional Development

by in CodeSOD on

Upgrading to a new point release on the Linux kernel isn't the riskiest thing you can do in your infrastructure, but it's not completely without risk. It's not so much that the kernel maintainers are playing fast and loose- they're a very conservative bunch for the most part- but some application code might be making assumptions that become incorrect in the next release.

For Ramona's company, that happened. They updated the kernel, and immediately one of their libraries, written in C++, started segfaulting. Now, the developer behind it was still with the organization, but had climbed the ranks- he was no longer a Software Engineer, or even a Senior Software Engineer, but was now a Senior Solutions Architect and was not to be bothered with trivial things.

Getting Reported

by in CodeSOD on

Monica sends us a code snippet that comes from her organization's home-brewed reporting engine. She writes:

I have always found that "Homebrew Reporting Engines" are always full of WTF material. For some reason, coded reports are a "good place to learn the codebase" for junior engineers and usually have deadline of "just get that done".

Inner Exceptions

by in CodeSOD on

One of Raquel's junior developers was having some troubles. They had a Lua script that needed to call out to a Redis store to fetch data. The poor developer was getting useless "failed to communicate to redis," message and needed help figuring out what was going on.

Of course, the Lua script wasn't the problem. The company was building a full on Inner-Platform. The core application stack was actually in Java, but it was extensible with Lua scripts. The Java code was meant to handle all the plumbing and interacting with the data store, and the Lua code could then just be where developers put their business logic.

Leaky Logs

by in CodeSOD on

For years, Carla's company had a Java application with a memory leak. No one had the time, energy, or budget to actually do anything about the leak, so they "fixed" it by just forcing a nightly reboot.

When Carla asked about the nightly reboot, the elders who had been around for awhile simply said, "there were some issues we couldn't track down."

A Little Obtuse

by in CodeSOD on

AngularJS, (not to be confused with Angular, its successor project and ostensible replacement) made some… interesting design choices. Controllers existed in a tree, mapped to the DOM, and were glued together by a special object called $scope. You would store your data in the $scope, and depending on exactly how you did it, that data could be accessible at various levels within the tree. $scope also doubled as an event bus, so controllers could send messages up and down the tree as needed.

In short, there's a reason why AngularJS fell out of favor.

Validly Numeric

by in CodeSOD on

Writing validation rules is one of the more tedious tasks a developer might need to do. Like testing code, it's all about finding edge cases, checking boundaries, and being exhaustive in your search for invalid data. Garbage in, garbage out, and validation filters the garbage.

But you might also be a bit too thorough. Kevin found this validation rule in his C# codebase:

A Tern in the Stream

by in CodeSOD on

Java's streams feature allows developers to use functional programming techniques to operate on sets of data. Used correctly, it can create expressive and readable code. Used incorrectly, well…

Gevatter Tod found this while searching for a bug.


by in CodeSOD on

For a lot of real-world situations, I'm a big fan of "event driven programming", or as I think about it, "bus oriented programming". Instead of coupling objects directly, objects just publish events to a shared bus, and the events get routed to the other objects which care about them, in a declarative fashion. It's not a "write all programs" this way sort of stance, it's just there are a lot of real world cases where I've found this to be very effective.

Ricardo's co-worker seems to share my opinions, but perhaps maybe not quite my reasoning. This is the PHP code for handling checking out of their storefront:

Numb to Truth

by in CodeSOD on

In the ancient times, philosophers asked the hard questions, like What Is Truth? And just when we might thing those questions have been answered, Uli brings us a new twist on an old classic.

"I found this while browsing an ancient C++ codebase," Uli writes.