The Daily WTF

Joe inherited some C code that left him scratching his head.It doesn't start too badly:

We got a lot of good submissions this week, includingsome examples of test-in-prod we're saving for a specialedition. Not too many of the usual NaN/Null/Undefined sort, but we did also get a small rash of time failures.But frist, Henk highlights the curious case of QNAP's email subscription management page (which appears to be outsourced)."QNAP surely does not want to lose me!" he hoped.

Back in the heady days of the DotCom Bubble, startups were thick on the ground, and Venture Capital money was a flood- lifting startups atop a tsunami only to crash them back into the ground a short time later. Taliesyn once worked for one such startup.Taliesyn's manager, Irving, was an expert in AI. In the age of the DotCom Bubble, this meant Irving knew LISP. Knowing LISP was valuable here, because their core product was a database system built on LISP- specifically the Common LISP Object System, an object-oriented bolt-on for LISP.It was an object-oriented database system, akin to the modern NoSQL databases, but its architecture left a few things to be desired. First, since disk reads and writes were expensive operations, the system avoided them. All updates to data were done in memory, and someday, at some point, when the program felt like it, the changes would be written to disk. This meant that any failures or crashes could lose potentially days of data. Worse, the data was stored in one gigantic text file, which meant corruption could easily take out the entire database.These were legitimate problems, and due to the architecture, they were going to be challenging to resolve. That was the startup life, however- they had a minimum viable product, and just needed to pour energy into making it something worth using.Everyone looked to Irving, the AI and LISP expert, to guide them through this.Irving saw where the real problems lay. "Your database doesn't support SQL," Irving said."Well, sure," Taliesyn said. "That's our selling point."Irving nodded, and then, speaking slowly, as if to a particularly dense child, said, "A database needs to support SQL.""I mean, a relational database, sure," Taliesyn said, "but we're using an object oriented data model which means we don't need to do joins or-" Taliesyn kept talking, explaining why their database didn't support SQL, why it shouldn't support SQL, and why SQL support was not only off the roadmap, but so far off the roadmap that it was labelled "Here there be dragons."Irving nodded along, and ended the conversation with a, "Sure, that makes sense."Everything was fine for a few weeks, until one of Taliesyn's peers on a different team, Angela, shot him an email: "Hey, marketing is getting antsy about a SQL demo, and I've got half a dozen features blocked until you get me a build with that functionality. What's the timeline like?"Taliesyn was uncertain about what the timeline was like, since he had now clearly slipped into a parallel universe. He politely informed his peer that he had no idea what was going on, but would find out. It didn't take a great sleuth to figure out that Irving had started appending his own features to the roadmap.Taliesyn tracked Irving down and demanded to know what was going on."A customer is already using it!" Irving protested. "They wrote it themselves! So we should be able to do it easily. Frankly, it's embarrassing to say that we can't do something with our own tools that the customer is already doing!"Taliesyn knew that Irving was either wrong or lying, and asked to talk to the customer. Irving was, in fact, wrong. The customer had used LISP to write an extension to their object database (another one of those selling point features), and this extension used ODBC to open a connection to a relational database. This let them move data between the two different database systems."Irving," Taliesyn said, "they're not using SQL on our database, they're connecting to a relational database and using SQL there. SQL doesn't make sense for our data structure! We don't have tables, or keys, or relationships. It's objects! You're promising features that we can't deliver."Irving was unmoved. "We are making a database. A database must have SQL capability. It's structured query language- it's right there in the name! Our structure should be queried by structured query language."Taliesyn tried going over Irving's head, but upper management had no interest in actually solving personnel problems. Irving's buzzword laden ideas about why SQL was required seemed to jive with what their customers wanted, and the idea of shipping a non-SQL database was getting lost in the endless quest for the next round of VC funding.The result was a bolted on monster of broken implementations of SQL that infuriated the few customers who tried it, Irving got promoted, and Taliesyn ran as far from the trainwreck as possible before the company flamed out. [Advertisement] Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!

Michael has a confession. Once upon a time, a very long time ago, he needed to write some JavaScript to serialize data and send it as part of a request. The challenge for Michael is that he didn't actually know JavaScript or what its built in functions could do and the task was already past the deadline by the time it got assigned to him.

I've known a surprising number of developers who say, "Why use any higher level abstractions, you can just do this all in C, and the code will be cleaner and easier to read." Sometimes, they're right. Other times... not so much. And then there are the developers who find C too abstract for their tastes, and eschew things like structs.That's what Renee encountered when inheriting a chat server written in C. I'm guessing it was an IRC server, based on some terminology in the code.

...and we'll cry though we really don't want to.Celebrant Joe cheered "Happy birthday DailyWTF! My gift to you, yet anotherdate related Error'd for the pile."

Alan worked on a website which had a weekly event which unlocked at 9PM, Saturday, Eastern Time. The details of the event didn't matter, but this little promotion had been running for about a year and a half, without any issues.Until one day, someone emailed Alan: "Hey, I checked the site on Sunday, and the countdown timer displays 00:00:00."Alan didn't check their email on Sunday, and when they checked the site, everything was fine, so he set himself a reminder to check things out next Sunday, and left things alone for a week.Well, Alan forgot on Sunday. It was his day off after all, but he did remember to check first thing on Monday. When he came in, the timer read 00:00:00. Alan had a twelve o'clock flasher. Oddly, when he checked it after grabbing some coffee, the timer now showed the correct value.It was time to dig through the code. Now, this story happened quite some time ago, so the countdown timer itself was a Flash widget. But the widget received a parameter from the HTML DOM, which itself was generated by PHP, and it didn't take long to find the SQL query it was using to find the next event: SELECT next_event FROM event_timer.Yes, event_timer was a one column, one row table. A quick search through the codebase found the table referenced only one other place: backend_settimer.php.All the pieces came together: resetting the timer was an entirely manual process. Every Monday, Tina came in, and assuming she remembered, she reset the timer. Some days she did it late, or forgot entirely. Some weeks, she was on vacation. Maybe she remembered to delegate, maybe she didn't.For roughly 72 weeks, this had been how things had been working.The good news was that the date was getting parsed with the PHP strtotime function, which meant Alan merely had to go to the backend_settimer.php and set the value to Next Saturday 9pm, and let Tina know she didn't need to do this anymore. [Advertisement] Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!

We're all used to Java class names that are... verbose.Arno sends us a representative Java line, which demonstrates that this doesn't end with class names.

Visual Studio and the .NET languages support a feature known as "regions". Enclosing a block of code between #region SomeName and #endregion creates collapsible regions in the text editor.It can, in principle, help you organize your code. It does, in practice, make code like this, from Mark, possible."What do you mean, 'single responsibility principle?' This has one job! ADD A CLAIM. How can it get simpler than that?"The upshot of this, is that it's easier to see how one might refactor this function into multiple functions which collaborate. The downside is that this code has been like this for years. As a very bureaucratic insurance company, any refactoring efforts need to be budgeted for, you can't just refactor while working on other tickets- that's "misusing the budget".Instead, we get to enjoy the idea of simple functions, without actually having simple functions. [Advertisement] Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!

Good method names are one of the primary ways to write self-documenting code. The challenge there, is that documentation often becomes out of date.Take this delectable PHP nugget, from Nathaniel P, who has previously been tortured by bad date handling.

This week we have an unusual number of submissions involving dates or timestamps.That is, the usual sorts of error'ds, but unusually many of them.Gerald E. chuckled "I do love the back to the future movies. Butnow I can see Beck from the future."

Today's a simple one. We've all seen code that relies too heavily on string concatenation and eschews useful methods like Join.Nick L sends us this VB.Net example, written by a slew of mechanical engineers.

Juliano had this very non-WTF bit of PHP code:

Gavin continues work on the old C++ app he inherited. Today we get a delightful smattering of bad choices.

"The attached class connects to an Access database," writes Nicolai. That's always a good start for a WTF. Let's take a look.

Tim Y. is on Fire with this burn."Competing teams inside Google? Or just the AI recognizing marketing tactics?"

While Java didn't invent putting a toString method in the base class of every object, it certainly made it mainstream. The nice thing about the method is that it allows you to turn any object into a string, though it's up to the implementor to decide what a good string representation is. But what if you want to ensure that the object you're handed is really and truly a string, not just something you can convert to a string?teknopaul's co-worker found their own solution:

Comments explain a lot about our code. And sometimes, the comments explain more than the code itself.Alastair found this lovely comment, which demonstrates an excellent, if confusing, understanding of a boolean "or":

While poring through some VB .Net code, John noticed some odd things in their datamodel. For example, a different process would scan files, and log any "suspicious" files into a database. The program John supported would then report on that data.One of their classes had a property which looked like this:

You have some text, and need to replace every sequence of spaces with a single space. E.g., My text becomes My text. Now, if you're most of us, you ignore the famous quote and reach straight for regexes.But Samuel's co-worker isn't most of us.

An anonymous friend sent us our frist test in prod for this week. And then there will be more, and more, and more."This came up in Kaspersky's Blog's RSS. If you're luckythey might still have the error up in the original URL."I don't know if "chron" is just how "cron" translates to Russian and back, but the test appears to have succeeded.

Greg's co-worker really wanted to make sure that a variable was correctly set to true or false. So they did this:

Meta-programming- programs which generate programs- is a delightful hobby, but usually shouldn't be used in production code. Usually. I mean, if you're working in LISP, 90% of your program is going to be macros.But if you're using PHP and JavaScript, there's good odds that someone you work with has decided to combine these two tastes together to create something nobody wants to taste.This is a depressingly common anti-pattern, usually seen in the form of JavaScript code which looks like: if (1 == 2)- once upon a time one or both of those values were PHP variables, but we only see the resulting generated code.A more extreme version happened to our anonymous submitter.

Zeke sends us a C# snippet from an extract-transform-load process his company uses. It's... special.

When I first saw Nick L's submission, I thought to myself, "This is just decompiled code, so of course the names are bad."

Faithful Michael R. is good for a chuckle today. "I am using the free tier Infura right now but think I will go enterprisey straight away."Can't turn down a deal like that, eh?

Ulvhamne sends us some bad code that, well, I think at this point we should really coin a name for this particular anti-pattern.

Bob's employer had a data-driven application which wasn't performing terribly well. They had some in-house database administrators, but their skills were more "keep things running," and less "do deep optimizations". The company opted to hire a contract DBA to come in, address the performance problems, and leave.In actual fact, the DBA came in, ran some monitoring, and then simply wrote some guidance- generic, and frankly useless guidance. "Index on frequently queried fields," and "ensure database statistics are gathered on the appropriate schedule."The only meaningful output of the contractor's visit was a list of the badly performing stored procedures. Bob was given the list and told, "Go fix these."One stored procedure needed to populate variables with data from the order table. Specifically, it needed to collect sender_id, user_group, and file_ref from the orders table. Here's how it did that:

Marcus's team was restructuring the API, and the architect thus wanted a number of methods marked obsolete, to encourage developers to move to the new version of the API. So the architect created a Jira task, assigned it to a dev, and moved on.Somehow, this C# code got committed and merged, despite being code reviewed:

As oft discussed, null-terminated C-style strings are an endless source of problems. But there's no problem so bad that it can't be made worse by a sufficiently motivated developer.Today's rather old code comes from Mike, who inherited an old, MFC application. This code is responsible for opening a file dialog, and the key goal of the code is to configure the file filter in that dialog. In MFC, this is done by passing a delimited string containing a caption and a glob for filtering. E.g., "Text Files (.txt) | *.txt" would open a dialog for finding text files.

This week we have a special visit from a mythical beast: the snarklemma. But first, a non-error Error'd.Obsessive Optimizer Ian K."Walmart's nationwide network of warehouse stores meansthey can save time and money by shipping locally. FedExhas them covered: Their nationwide shipping fleet determinedthe shortest path from Houston to its largest suburb goes via Georgia."Not the shortest path, nor the fastest, but surely the cheapest one that meets the delivery date requirement. It's probably not an error, and I believe it, but I still can't believe it!

Yesterday we talked about bad CSS. Today, we're going to talk about bad HTML.Corey inherited a web page that, among other things, wanted to display a bulleted list of links. Now, you or I might reach for the ul element, which is for displaying bulleted lists. But we do not have the galaxy sized brains of this individual:

There is a surprising amount of debate about how to use CSS classes. The correct side of this debate argues that we should use classes to describe what the content is, what role it serves in our UI; i.e., a section of a page displaying employee information might be classed employee. If we want the "name" field of an employee to have a red underline, we might write a rule like:

Once upon a time, I was tuning a database performance issue. The backing database was an Oracle database, and the key problem was simply that the data needed to be partitioned. Great, easy, I wrote up a change script, applied it to a test environment, gathered some metrics to prove that it had the effects we expected, and submitted a request to apply it to production.And the DBAs came down on me like a sledgehammer. Why? Well, according to our DBAs, the license we had with Oracle didn't let us use partitioning. The feature wasn't disabled in any way, but when an Oracle compliance check was performed, we'd get dinged and they'd charge us big bucks for having used the feature- and if we wanted to enable it, it'd cost us $10,000 a year, and no one was willing to pay that.Now, I have no idea how true this actually was. I have no reason to disbelieve the DBAs I was working with, but perhaps they were being overly cautious. But the result is that I had to manually partition the data into different tables. The good news was all the writes always went into the most recent table, almost all of the reads went to either the current table or last month's table, and everything else was basically legacy and while it might be used in a report, if it was slower than the pitch drop experiment, that was fine.It was stupid, and it sucked, but it wasn't the worst sin I'd ever committed.Which is why I have at least some sympathy for this stored procedure, found by Ayende.

As oft stated, the specification governing email addresses is complicated, and isn't really well suited for regular expressions. You can get there, but honestly, most applications can get away with checking for something that looks vaguely email like and call it a day.Now, as complicated as the "accurate" regex can get, we can certainly find worse regexes for validating emails. Morgan did, while on a contract.The client side had this lovely regex for validating emails:

There are an infinite variety of ways to be wrong, but only very small number of ways to be right.PatientPeter W. discovers that MS Word is of two minds about English usage."Microsoft Word just can't seem to agree with itself on how to spell paycheck/pay check."Faithful readers know it's even worse than that.

So many languages eschew "truth" for "truthiness". Today, we're looking at PHP's approach.PHP automatically coerces types to a boolean with some fairly simple rules:

Strings in C are a unique collection of mistakes. The biggest one is the idea of null termination. Null termination is not without its advantages: because you're using a single byte to mark the end of the string, you can have strings of arbitrary length. No need to track the size and worry if your size variable is big enough to hold the end of the string. No complicated data structures. Just "read till you find a 0 byte, and you know you're done."Of course, this is the root of a lot of evils. Malicious inputs that lack a null terminator, for example, are a common exploit. It's so dangerous that all of the str* functions have strn* versions, which allow you to pass sizes to ensure you don't overrun any buffers.Dmitri sends us a simple example of someone not quite fully understanding this.

Gloria was a senior developer at IniMirage, a company that makes custom visualizations for their clients. Over a few years, IniMirage had grown to more than 100 people, but was still very much in startup mode. Because of that, Gloria tried to keep her teams sized for two pizzas. Thomas, the product manager, on the other hand, felt that the company was ready to make big moves, and could scale up the teams: more people could move products faster. And Thomas was her manager, so he was "setting direction."Gloria's elderly dog had spent the night at the emergency vet, and the company hadn't grown up to "giving sick days" yet, so she was nursing a headache from lack of sleep, when Thomas tried to initiate a Slack huddle. He had a habit of pushing the "Huddle" button any time the mood struct, without rhyme or reason.She put on her headphones and accepted the call. "It's Gloria. Can you hear me?" She checked her mic, and repeated the check. She waited a minute before hanging up and getting back to work.About five minutes later, Thomas called again."Hey, did you call me like 10 minutes ago?""No, you called me." Gloria facepalmed and took a deep, calming breath. "I couldn't hear you."Thomas said, "Huh, okay. Anyway, is that demo ready for today?"Thomas loved making schedules. He usually used Excel. There was just one problem: he rarely shared them, and he rarely read them after making them. Gloria had nothing on her calendar. "What demo?""Oh, Dylan said he was ready for a demo. So I scheduled it with Jack."Jack was the CEO. Dylan was one of Gloria's peers. Gloria checked Github, and said, "Well, Dylan hasn't pushed anything for... months. I haven't heard anything from him. Has he showed you this demo?"Gloria heard crunching. Thomas was munching on some chips. She heard him typing. After a minute, she said, "Thomas?""Oh, sorry, I was distracted."Clearly. "Okay, I think we should cancel this meeting. I've seen this before, and with a bad demo, we could lose buy in."Thomas said, "No, no, it'll be fine."Gloria said, "Okay, well, let me know how that demo goes." She left the call and went back to work, thinking that it'd be Thomas's funeral. A few minutes before the meeting, her inbox dinged. She was now invited to the demo.She joined the meeting, only to learn that Dylan was out sick and couldn't make the meeting. She spent the time giving project updates on her work, instead of demos, which is what the CEO actually wanted anyway. The meeting ended and everyone was happy- everyone but Gloria.Gloria wrote an email to the CEO, expressing her concerns. Thomas was inattentive, incommunicative, and had left her alone to manage the team. She felt that she was doing more of the product management work than Thomas was. Jack replied that he appreciated her concerns, but that Thomas was growing into the position.Julia, one of the other product managers, popped by Gloria's desk a few weeks later. "You know Dylan?"Gloria said, "Well, I know he hasn't push any code in a literal year and keeps getting sick. I think I've pushed more code to his project than he has, and I'm not on it."Julia laughed. "Well, he's been fired, but not for that."Thomas had been pushing for more demos. Which meant he pulled Dylan into more meetings with the CEO. Jack was a "face time" person, and required everyone to turn on their webcams during meetings. It didn't take very many meetings to discover that Dylan was an entirely different person each time. There were multiple Dylans."But even without that, HR was going to fire him for not showing up to work," Julia said."But... if there were multiple people... why couldn't someone show up?" Gloria realized she was asking the wrong question. "How did Thomas never realize it?"And if he was multiple people, how could he never get any work done? Dylan was a two-pizza team all by himself.After the Dylan debacle, Thomas resigned suddenly and left to work at a competitor. A new product manager, Penny, came on board, and was organized, communicative, and attentive. Gloria never heard about Dylan again, and Penny kept the team sizes small. [Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

It's incredibly common to convert objects to dictionaries/maps and back, for all sorts of reasons. Jeff's co-worker was tasked with taking a dictionary which contained three keys, "mail", "telephonenumber", and "facsimiletelephonenumber" into an object representing a contact. This was their solution:

A twitchy anonymous reporter pointed out that our form validation code is flaky. He's not wrong. But at least it can report time without needing emoticons! :-3That same anon sent us the following, explaining"Folks at Twitch are very brave. So brave, they wrote their own time math."

In the late 90s into the early 2000s, there was an entire industry spun up to get businesses and governments off their mainframe systems from the 60s and onto something modern. "Modern", in that era, usually meant Java. I attended vendor presentations, for example, that promised that you could take your mainframe, slap a SOAP webservice on it, and then gradually migrate modules off the mainframe and into Java Enterprise Edition. In the intervening years, I have seen exactly 0 successful migrations like this- usually they just end up trying that for a few years and then biting the bullet and doing a ground-up rewrite.That's is the situation ML was in: a state government wanted to replace their COBOL mainframe monster with a "maintainable" J2EE/WebSphere based application. Gone would be the 3270 dumb terminals, and here would be desktop PCs running web browsers.ML's team did the initial design work, which the state was very happy with. But the actual development work gave the state sticker shock, so they opted to take the design from ML's company and ship it out to a lowest-bidder offshore vendor to actually do the development work.This, by the way, was another popular mindset in the early 00s: you could design your software as a set of UML diagrams and then hand them off to the cheapest coder you could hire, and voila, you'd have working software (and someday soon, you'd be able to just generate the code and wouldn't need the programmer in the first place! ANY DAY NOW).Now, this code is old, and predates generics in Java, so the use of ArrayLists isn't the WTF. But the programmer's approach to polymorphism is.

It's good to handle any exception that could be raised in some useful way. Frequently, this means that you need to take advantage of the catch block's ability to filter by type so you can do something different in each case. Or you could do what Adam's co-worker did.

Joe sends us some Visual Basic .NET exception handling. Let's see if you can spot what's wrong?

April Fool's day is a day where websites lie to you or create complex pranks. We've generally avoided the former, but have done a few of the latter, but we also like to just use April Fool's as a chance to change things up.So today, we're going to do something different. We're going to talk about my Day Job. Specifically, we're going to talk about a tool I use in my day job: cFS.cFS is a NASA-designed architecture for designing spaceflight applications. It's open source, and designed to be accessible. A lot of the missions NASA launches use cFS, which gives it a lovely proven track record. And it was designed and built by people much smarter than me. Which doesn't mean it's free of WTFs.The Big PicturecFS is a C framework for spaceflight, designed to run on real-time OSes, though fully capable of running on Linux (with or without a realtime kernel), and even Windows. It has three core modules- a Core Flight Executive (cFE) (which provides services around task management, and cross-task communication), the OS Abstraction Layer (helping your code be portable across OSes), and a Platform Support Package (low-level support for board-connected hardware). Its core concept is that you build "apps", and the whole thing has a pitch about an app store. We'll come back to that. What exactly is an app in cFS?Well, at their core, "apps" are just Actors. They're a block of code with its own internal state, that interacts with other modules via message passing, but basically runs as its own thread (or a realtime task, or whatever your OS appropriate abstraction is).These applications are wired together by a cFS feature called the "Core Flight Executive Software Bus" (cFE Software Bus, or just Software Bus), which handles managing subscriptions and routing. Under the hood, this leverages an OS-level message queue abstraction. Since each "app" has its own internal memory, and only reacts to messages (or emits messages for others to react to), we avoid pretty much all of the main pitfalls of concurrency.This all feeds into the single responsibility principle, giving each "app" one job to do. And while we're throwing around buzzwords, it also grants us encapsulation (each "app" has its own memory space, unshared), and helps us design around interfaces- "apps" emit and receive certain messages, which defines their interface. It's almost like full object oriented programming in C, or something like how the BeamVM languages (Erlang, Elixir) work.The other benefit of this is that we can have reusable apps which provide common functionality that every mission needs. For example, the app DS (Data Storage) logs any messages that cross the software bus. LC (Limit Checker) allows you to configure expected ranges for telemetry (like, for example, the temperature you expect a sensor to report), and raise alerts if it falls out of range. There's SCH (Scheduler) which sends commands to apps to wake them up so they can do useful work (also making it easy to sleep apps indefinitely and minimize power consumption).All in all, cFS constitutes a robust, well-tested framework for designing spaceflight applications.Even NASA annoys meThis is TDWTF, however, so none of this is all sunshine and roses. cFS is not the prettiest framework, and the developer experience may ah... leave a lot to be desired. It's always undergoing constant improvement, which is good, but still has its pain points.Speaking of constant improvement, let's talk about versioning. cFS is the core flight software framework which hosts your apps (via the cFE), and cFS is getting new versions. The apps themselves also get new versions. The people writing the apps and the people writing cFS are not always coordinating on this, which means that when cFS adds a breaking change to their API, you get to play the "which version of cFS and App X play nice together". And since everyone has different practices around tagging releases, you often have to walk through commits to find the last version of the app that was compatible with your version of cFS, and see things like releases tagged "compatible with Draco rc2 (mostly)". The goal of "grab apps from an App Store and they just work" is definitely not actually happening.Or, this, from the current cFS readme:

We've got some of the rarer classic Error'd types today:events from the dawn of time, weird definitions of space,and this absolutely astonishing choice of cancel/confirm button text.Perplexed Stewart found this and it's got me completely befuddled as well!"Puzzled over this classic type of Error'd for ages. Ireally have no clue whether I should press Yes or No."

We've seen loads of bad date handling, but as always, there's new ways to be surprised by the bizarre inventions people come up with. Today, Tim sends us some bad date sorting, in PHP.

We all know that 2038 is going to be a big year. In a mere 14 years, a bunch of devices are going to have problems.Less known is the Y2030 problem, which is what Ventsislav fighting to protect us from.

As a general rule, I will actually prefer code that is verbose and clear over code that is concise but makes me think. I really don't like to think if I don't have to.Of course, there's the class of WTF code that is verbose, unclear and also really bad, which Thomas sends us today: