The Daily WTF

Agatha has inherited some Windows Forms code. This particular batch of such code falls into that delightful category of code that's wrong in multiple ways, multiple times. The task here is to disable a few panels worth of controls, based on a condition. Or, since this is in Spanish, "bloquear controles". Let's see how they did it.

Python is (in)famous for its "batteries included" approach to a standard library, but it's not that notable that it has plenty of standard data structures, like dicts. Nor is in surprising that dicts have all sorts of useful methods, like pop, which removes a key from the dict and returns its value.Because you're here, reading this site, you'll also be unsurprised that this doesn't stop developers from re-implementing that built-in function, badly. Karen sends us this:

Pike pike pike pike Pike pike pike.Lincoln KC repeated"I never knew Bank of America Bank of America Bank of America was amongthe major partners of Bank of America."

Industrial machines are generally accompanied by "Human Machine Interfaces", HMIs. This is industrial slang for a little computerized box you use to control the industrial machine. All the key logic and core functionality and especially the safety functionality is handled at a deeper computer layer in the system. The HMI is just buttons users can push to interact with the machine.Purchasers of those pieces of industrial equipment often want to customize that user interface. They want to guide users away from functions they don't need, or make their specific workflow clear, or even just brand the UI. This means that the vendor needs to publish an API for their HMI.Which brings us to Wendy. She works for a manufacturing company which wants to customize the HMI on a piece of industrial equipment in a factory. That means Wendy has been reading the docs and poking at the open-sourced portions of the code, and these raise more questions than they answer.For example, the HMI's API provides its own set of collection types, in C#. We can wonder why they'd do such a thing, which is certainly a WTF in itself, but this representative line raises even more questions than that:

I've had the misfortune of working in places which did source-control via comments. Like one place which required that, with each section of code changed, you needed to add a comment with your name, the ticket number, and the reason the change was made. You know, the kind of thing you can just get from your source control service.In their defense, that policy was invented for mainframe developers and then extended to everyone else, and their source control system was in Visual Source Safe. VSS was a) terrible, and b) a perennial destroyer of history, so maybe they weren't entirely wrong and VSS was the real WTF. I still hated it.In any case, Alice's team uses more modern source control than that, which is why she's able to explain to us the story of this function:

Henrik H's employer thought they could save money by hiring offshore, and save even more money by hiring offshore junior developers, and save even more money by basically not supervising them at all.Henrik sends us just one representative line:

The utility closet Ellis had inherited and lived with for 17 years had been a cesspool of hazards to life and limb, a collection of tangible WTFs that had everyone asking an uncaring god, "What were they thinking?"Every contractor who'd ever had to perform any amount of work in there had come away appalled. Many had even called over their buddies to come and see the stunning mess for themselves:

...sent us five wtfs. And so on anon.Item the first, an anon is "definitely not qualified" for this job. "These years of experience requirements are getting ridiculous."

Antonio has an acquaintance has been seeking career advancement by proactively hunting down and fixing bugs. For example, in one project they were working on, there was a bug where it would incorrectly use MiB for storage sizes instead of MB, and vice-versa.We can set aside conspiracy theories about HDD and RAM manufacturers lying to us about sizes by using MiB in marketing. It isn't relevant, and besides, its not like anyone can afford RAM anymore, with crazy datacenter buildouts. Regardless, which size to use, the base 1024 or base 1000, was configurable by the user, so obviously there was a bug handling that flag. Said acquaintance dug through, and found this:

While I'm not hugely fond of ORMs (I'd argue that relations and objects don't map neatly to each other, and any ORM is going to be a very leaky abstraction for all but trivial cases), that's not because I love writing SQL. I'm a big fan of query-builder tools; describe your query programatically, and have an API that generates the required SQL as a result. This cuts down on developer error, and also hopefully handles all the weird little dialects that every database has.For example, did you know Postgres has an @> operator? It's a contains operation, which returns true if an array, range, or JSON dictionary contains your search term. Basically, an advanced "in" operation.Gretchen's team is using the Knex library, which doesn't have a built-in method for constructing those kinds of queries. But that's fine, because it does offer a whereRaw method, which allows you to supply raw SQL. The nice thing about this is that you can still parameterize your query, and Knex will handle all the fun things, like transforming an array into a string.Or you could just not use that, and write the code yourself:

Arguably, the worst moment for date times was the shift from Julian to Gregorian calendars. The upgrade took a long time, too, as some countries were using the Julian calendar over 300 years from the official changeover, famously featured in the likely aprochryphal story about Russia arriving late for the Olympics.At least that change didn't involve adding any extra months, unlike some of the Julian reforms, which involved adding multiple "intercalary months" to get the year back in sync after missing a pile of leap years.Speaking of adding months, Will J sends us this "calendar" enum:

A good C programmer can write C in any language, especially C++. A bad C programmer can do the same, and a bad C programmer will do all sorts of terrifying things in the process.Gaetan works with a terrible C programmer.Let's say, for example, you wanted to see if an index existed in an array, and return its value- or return a sentinel value. What you definitely shouldn't do is this:

"No browser is the best browser," opinesMichael R. sarcastically as per usual for tdwtf."Thank you for suggesting a browser. FWIW: neither latest Chrome, Safari, Firefox, Opera work. Maybe I should undust my Netscape."

It's always good to think through how any given database operation behaves inside of a transaction. For example, Faroguy inherited a Ruby codebase which was mostly db.execute("SOME SQL") without any transactions at all. This caused all sorts of problems with half-finished operations polluting the database.Imagine Faroguy's excitement upon discovering a function called db_trans getting called in a few places. Well, one place, but that's better than none at all. This clearly must mean that at least one operation was running inside of a transaction, right?

Goodhart's Law states that when a measure becomes a target, it ceases to be a good measure. Or, more to the point: you get what you measure.If, for example, you measure code coverage, you are going to get code coverage. It doesn't mean the tests will be any good, it just means that you'll write tests that exercise different blocks of code.For example, Capybara James sends us this unit test:

Jon supports some software that's been around long enough that the first versions of the software ran on, and I quote, "homegrown OS". They've long since migrated to Linux, and in the process much of their software remained the same. Many of the libraries that make up their application haven't been touched in decades. Because of this, they don't really think too much about how they version libraries; when they deploy they always deploy the file as mylib.so.1.0. Their RPM post-install scriptlet does an ldconfig after each deployment to get the symlinks updated.For those not deep into Linux library management, a brief translation: shared libraries in Linux are .so files. ldconfig is a library manager, which finds the "correct" versions of the libraries you have installed and creates symbolic links to standard locations, so that applications which depend on those libraries can load them.In any case, Jon's team's solution worked until it didn't. They deployed a new version of the software, yum reported success, but the associated services refused to start. This was bad, because this happened in production. It didn't happen in test. They couldn't replicate it anywhere else, actually. So they built a new version of one of the impacted libraries, one with debug symbols enabled, and copied that over. They manually updated the symlinks, instead of using ldconfig, and launched the service.The good news: it worked.The bad news: it worked, but the only difference was that the library was built with debug symbols. The functionality was exactly the same.Well, that was the only difference other than the symlink.Fortunately, a "before" listing of the library files was captured before the debug version was installed, a standard practice by their site-reliability-engineers. They do this any time they try and debug in production, so that they can quickly revert to the previous state. And in this previous version, someone noticed that mylib.so was a symlink pointing to mylib.so.1.0.bkup_20190221.Once again, creating a backup file is a standard practice for their SREs. Apparently, way back in 2019 someone was doing some debugging. They backed up the original library file, but never deleted the backup. And for some reason, ldconfig had been choosing the backup file when scanning for the "correct" version of libraries. Why?Here, Jon does a lot of research for us. It turns out, if you start with the man pages, you don't get a answer- but you do get a warning:

Gretchen wanted to, in development, disable password authentication. Just for a minute, while she was testing things. That's when she found this approach to handling authentication.

...everything looks like a hammer."Where is this plane?" wonderederffrfez (hope I spelled that right),explaining "I was on a flight across Aus, and noticed that the back of seat display doesn't seem to know exactly where the plane is. There are two places where 'distance to destination' is displayed. They never matched and the difference varied through the flight." I have a suspicion this is related to the January 20 WTF.

Sandra from InitAg (previously) tries to keep the team's code quality up. The team she's on uses CI, code reviews, linting and type checking, and most important: hiring qualified people. Overall, the team's been successful recently. Recently.The company got its start doing data-science, which meant much of the initial code was written by brilliant PhDs who didn't know the first thing about writing software. Most of that code has been retired, but it is impossible to dispatch all of it.Which brings us to Stan. Stan was a one-man dev-team/sysadmin for a mission critical piece of software. No one else worked on it, no one else looked at it, but that was "okay" because Stan was happy to work evenings and weekends without anyone even suggesting it. Stan loved his work, perhaps a little too much. And as brilliant as Stan was, when it came to software engineering, he was at best "brillant".Which brings us to a file called utils/file_io.py. As you might gather from the full name there, this is a "utility" module stuffed with "file and IO" related functions. Let's look at a few:

Denilson uses a password manager, like one should. Except there was a router which simply would not let the password manager fill the password field. Sure, Denilson could just copy and paste, but the question of why remained.And that meant checking the HTML and JavaScript code the router served up. Just pulling up the dev tools brought up all sorts of "fun" discoveries. For example, the application was built in Vue, a front-end framework. But in addition to using Vue, it also used jQuery for some DOM manipulations. But it didn't just use jQuery. It loaded jquery-3.5.1.slim.min.js directly from its static files. It also loaded vendor.js which also contained the same version of jQuery. At least it was the same version.While browsing, Denilson found a function called reloadOnF5, which raises an interesting question: isn't that just what the browser does anyway?

Thomas worked for a company based in Germany which was looking to expand internationally. Once they started servicing other locales, things started to break. It didn't take long to track the problem down to a very "percise" numeric parser.

Tim H writes:

Do we need better verb tenses to describe a counterfactual present from the future perspective? Any trained linguists in the audience, please helped out.Reinier B. will wonder"Does this mean my cloud storage plan never expires? Or does it expire every day at noon? It's an obvious phishing mail though."

Doreann has touched this particular function many, many times. In all those times, she never noticed this particular little line, dropped in by a third-party contractor that has long since cashed their check and wandered off to other things.

Today's anonymous submitter sends us some C# code. This particular block of code controls whether two different columns are visible on the screen. If the field Dist_Por equals one set of constants, we display one column, if it equals a different constant, we display the other. Seems simple enough.My question to you is this: how many nested ternaries do you need to solve this problem?

I recognize that our comments system here leaves much to be desired, especially with regards to the spam filter. Lots of good comments get moderated, an annoying quantity of spam gets through. But today, I want to take a moment to talk about some of the spam we get. Because we get a lot. And since most of you never see it as most of it hits our moderation queue, I don't think you can appreciate how weird some of the spam we get is. Formatting preserved, but links- where they were present- stripped.We'll start with one of my "favorites", the sycophant:

Today we return to Jessica (previously), who still suffers under Windows Forms. But it's not all Windows Forms. There's also random CLI tools kicking around. CLI tools which should really be designed to run as a service,Let's start with the Main method of this particular tool.

Never let it be said that we at TDWTF dish it out and can't take it.Morgan immediately dished"I'm not sure what date my delivery will arrive but I will {PlanToBeAtHomeWhenItDoes}."

Grace sends us, in her words, "the function that validates the data from the signup form for a cursed application."It's more than one function, but there are certainly some clearly cursed aspects of the whole thing.

Grace was tracking down some production failures, which put her on the path to inspecting a lot of URLs in requests. And that put her onto this blob of code:

Last week's out of order logging reminded Adam R of a similar bug he encountered once.The log files looked like this:

There's something about hierarchical arrangements that makes top-down interference utterly irresistible to many managers and executives. Writers may also experience similar strife with their editors, a phenomenon Robert Heinlein described with the perfect metaphor: "After he pees in it himself, he likes the flavor much better."Sometimes, a leader leverages their hard-won wisdom and experience to steer a project onto a better path. But, all too often, someone's imagined wisdom and starving ego force a perfectly good train off the rails.Today, our friend and long-time submitter Argle shares an example of the latter:

"Zero balance due now!" shouteddavethepirate"To be fair, I had disputed a charge on a bill and they finally relented which should have actually resulted in them owing me $1.01, but I'm happy with the win." I'm sure yarr.

Matthias sends us what he calls the "tern of the century". Which, before I share it with you: bad news, it's just a regular bad ternary. But it remains bad in interesting ways, so it's definitely worth talking about. But let's not oversell it.

Philipp H was going through some log files generated by their CI job to try and measure how long certain steps in the process took. He took the obvious path of writing code to read the logfiles, parse out the timestamps, and then take the difference between them.Everything worked fine, until for certain steps, a negative timestamp was reported:

Today we have a true confession from Carl W. It has the benefit of being in R, which means that at a glance, I just assume "eh, looks fine to me." I guess I'm turning into Jimbo.But let's dig into it. Carl's first snippet is this:

Over the past few months, Ellis has been sharing the challenges of the modern job hunt. As I'm one week into my new gig, after a weird and protracted search, I thought I'd add my two cents, because kids: it's nasty out there, for sure.So, for starters, I wrapped up my time working on space robots, and have shifted over to farm robots. That's right, I'm a farmer now. While it may be less glamorous, the business prospects, and thus the prospects of continued employment, are better. That said, I'm working with a startup so I wouldn't say it's all that safe. Still, good change for now, and maybe I'll talk a bit more about what that's like at some point. But that's not where I want to focus today.While my job search was shorter than many folks- about two and a half months- it was still a difficult trek. The biggest thing to my advantage is that embedded software engineers are in low supply relative to their demand. Also, the training data for embedded software remains a very small proportion of AI training sets, so LLMs remain pretty bad at it. It's a good subfield to be in, right now.And yet, the market still sucks.Now, I'm an old person, which means I distribute resumes more as a k-selector than an r-selector. I wasn't sending out hundreds of resumes, but I did send out dozens, which honestly is much more than I usually do by an order of magnitude. Of the dozens I sent out, I scored four interviews, one of which was a cold call from a recruiter, which we'll talk about.Getting RailedOne interview was with a company in the railway industry. I spoke with their internal recruiter, and we discussed what kind of work I was doing, and what I'd like to be doing. It went well, and led to a call with the team. And that's where I found out they were hiring for a management position, not an engineering position. I was wildly unprepared for that conversation, and both sides of the conversation felt weird and awkward about it. Our expectations were misaligned, and by the end of it, neither I nor they wanted to continue the conversation. The commute would have been terrible, so no real loss from my perspective, but boy, am I annoyed with that recruiter.Nuke ItA second conversation, which I'm not counting as an interview, since I only spoke with the recruiter, was with a local contracting company. They handle a lot of government contracts (up to and including work on nuclear weapons), and were looking to staff up. The conversation with the recruiter went well, she had a number of positions (not involving nuclear weapons) that she wanted to recommend me for. She warned me that, as it was the end of the year, things might not move until early this year. I was fine with that. Things did move, though, right in the middle of the holidays I got an email saying the organization wasn't going to move forward with my candidacy. No further insight was provided, but given how enthused the recruiter was, I was mildly surprised. But I have a suspicion about what happened, based on two other positions.Fancy RobotsOne position was for another local robotics company. They had a brand spanking new office, had just matured their main product into something really polished and sell-able, had an on-site cafeteria and were eager to hire. Their interview process was a bit involved with a number of phone screens in addition to the whole day on-site, but everyone was great to work with. They had big scaling plans, and there were going to be plenty of positions behind me to bring on."We're going to get you your offer letter Monday or Tuesday of next week," their internal recruiter told me. "It's just our leadership team is at a summit, and we need them back before we send out offers."That was a weird thing to hear. It seems to me that you should be able to hire an engineer without clearing it with leadership, but what do I know? Monday came and went. Tuesday came. The recruiter called me back: "So, we're not hiring anyone for any position at this time." She was extremely apologetic, related how much the team was disappointed that they couldn't bring me on, and that if positions re-opened I was at the top of the list for hiring. I found out later that the company did a round of layoffs, and the recruiter (who was great through the whole process) was a victim of them.Left ColdA different position came from a cold call from a third-party recruiter. Now, I don't normally give third-party recruiters the time of day. I think, as an industry, they are parasites and scum, and generally more interested in their commission than making either employees or employers happy. But this position was doing embedded work for high-end audio-visual equipment for broadcasters, and was a massive raise. Oh, and it was 100% remote.I verified that this company was real, actually shipped products, and had a decent reputation in the industry. So with that, I decided to hear the recruiter out."They're really eager to hire," he said. "So the plan is this: we're going to set up one single panel interview for an hour. Everyone who needs to be involved in the decision will be there. After that, they'll review, and give you a thumbs up thumbs down ASAP."That was a terrifyingly short interview, for both sides, but I've gotten some great jobs that way, so I was down for it. It went great, everyone was happy. Everyone on the call wanted to move forward with hiring. There was just one problem: not everyone who was supposed to be making the decision was there. A member of their leadership team missed the interview. And they couldn't move forward without this gentleman's thumbs up.This lead to weeks of back and forth with the recruiter. They went from "eager to hire" to the recruiter saying "I don't know, I can't get anyone on the phone."Once again, the end of the story is that they opted to not hire for any roles, and yes, a round of layoffs ensued.On ReadWhile we're talking about recruiter cold calls, I got a cold text from a recruiter. I didn't particularly like that on its own, but hey, it's the modern era, everyone communicates via text. Worse, it was a significant down-level and salary decrease. So I replied back that I wasn't interested.

This week's episode is brought to you by the number two."Two Error'ds in two months from these guys!" exclaim'dThad H.Frist was this, about which Thad snarked "Canada got rid of the penny years ago. I guess the 407ETR took that literally."

Frequent contributor Argle Bargle (recently, or even in last week's Errord) works with a programmer called "Jimbo". Jimbo is a solid co-worker and a good programmer. He has more tenure at the company than Argle, which means Jimbo is who Argle goes to when he has questions.Recently, Argle worked his way through a rather complicated bit of code. It involved passing data between two different languages inside of a real-time system. Much of its functionality was opaque and complicated, so Argle wrote literal paragraphs of documentation explaining what the code did, how to invoke it, what the gotchas might be, and how to avoid them.Argle expected the pull request to take some time to complete, but Jimbo was on the spot and approved it quickly. Another reviewer chimed in, and in went the code.The next day, Argle and Jimbo were working together through some fresh code which depended on that request."Wait a second," Jimbo asked, "how does this data make it from one thread to another? It's mallocd. I don't see how it gets past that boundary.""You realize," Argle replied, "I documented this, in detail, in the code you reviewed yesterday afternoon.""Oh, that? I didn't read it.""That defeats the purpose of code reviews."Jimbo shrugged. "I'm sure it's fine."Argle writes:

Ever feel like it'd all fall to pieces if you so much as turned your head? In the comments section of our article seeking your seasonal horror stories, Wayne shared a holiday WTF of a different sort that's too good not to share:

It's common to see code in the form of if (false == true). We get a fair bit of it in our inbox, and we generally don't post it often, because, well, it's usually just a sign that someone generated the code. There's a WTF in that, somewhere, but there's not much to say about the code, beyond, "Don't generate code, pass data from backend to frontend instead."But Nicholas sends us one that shows a little more of interest in it.

We know 2026 is not a leap year. But how do we know that? We need to call some function to find out.Steve sends us a bit of representative code; on it's own, it's not so bad, but with the broader context, it's horrifying:

For the first Error'd of the future-facing year, we return to our most-hated pattern of every prior year. Namely, broken password mechanisms. Meanwhile, on a personal note, I'm sitting at a boarding gate behind a planeload of people who were scheduled on a flight 12 hours ago! Sure, first-world problems but hoo boy."I'll get on that right away" snapped longtime contributor Argle Bargle."I needed to make a helpdesk request. For some reason theythink I need to update my password. Sure, I can appreciatethat it's been a while since I've made any password change.The only catch is, I've only been with the company six months."

To be honest, math works the same way all year 'round. At least, it's supposed to."My Stack Exchange Inbox is Less Than Empty" declared Mike V."I guess this happens when you read a notification twice!"

How many times does it take to make something a tradition? Well, this is our third installment of Christmas in the Server Room, which seems pretty traditional at this point. Someday we'll run out of Christmas movies that I've watched, and then I'll need to start watching them intentionally. I'm dreading having to sit through some adaptation of the Christmas Shoes or whatever.In any case, we're going to rate Christmas movies on their accuracy of representing the experience of IT workers. One grants it the realism of that movie where Adam Sandler fights Pac-Man, while tells us that it's as realistic as an instructional video about the Turbo-Encabulator.Home AloneA Rube-Goldberg-quality series of misunderstandings and coincidences lead to bratty child Kevin being left... home alone through the holidays, defending his home from burglars, using a series of improvised, Rube-Golberg-quality booby traps, that escalate to cartoonish violence. The important lesson, however, is that the true meaning of Christmas is family.Like most cybersecurity teams, Kevin is under-resourced, defending an incredibly vulnerable system from attackers. His MacGyvered together collection of countermeasures all work, in the film, but none of them actually address the true vulnerabilities and could all be easily bypassed by a competent attacker.Kevin's traps are very much temporary solutions. But when temporary solutions become permanent, awful things can happen.Rating:Santa ClausThis one will be familiar to any MST3k fans. Santa Claus runs a North Pole factory on child labor and whimsical inventions. Oh, also, his North Pole factory is in space. On Christmas Eve, as he tours the world to reward good boys and girls, Satan sends a demon to tempt children into mild naughtiness. Once again, the true meaning of Christmas is being with those you love, unless you're one of the children in Santa's workshop. Those kids are working on Christmas.When things get truly dire for Santa, the children junior engineers staffing his workshop recognize that they can't manage the problem, so they fetch Merlin, the original greybeard. Yes, Merlin works for Santa, which implies that Santa and King Arthur may have met, and honestly, I'd rather watch that team-up movie. In any case, "terrified juniors clinging to a senior" is actually not very realistic. These days, the kids would just ask ChatGPT what to do, and end up putting glue on pizza.Rating:Violent NightWhat happens when we combine Santa Claus with Home Alone? We get the ultimate Santa-does-a-Die-Hard movie, Violent Night. Beverly D'Angelo plays Dick Cheney, an evil matriarch who runs a private military contractor and has stolen millions from US military operations abroad. Even more evil criminals take her family hostage to steal those millions. How are the criminals more evil than Dick Cheney? They're not only thieves, they also hate Christmas!The family is all horrible people, except for Trudy, the young girl who has been good all year and still believes in Santa Claus. And that means Santa is coming to town. With grenades and sledge hammers and machine guns. The movie also features one of the "best" uses of "Santa uses Christmas magic to go up the chimney" at the end.The entire villain plan is built around breaking into a super-protected electronic safe, and without spoiling too much, there's a twist in the film where someone has already broken into the safe, which makes one wonder how stupid the villains are (pretty stupid, actually). Also, while I understand the need for narrative convenience (and the Die Hard reference), the idea that the encrypted radios used by the evil villains, and the walkie talkie toy Trudy has to talk to Santa can actually operate on the same bands is... a bit of a stretch. RF bands and allocations and where and when you can use encryption is a whole thing.Rating:Christmas Card from a Hooker in Minneapolis - Tom WaitsA sex worker in Minneapolis sends a Christmas card to Charlie, presumably a former client or supervisor of hers, updating him on her life. With each verse her life seems to be getting better- until the final verse, which reveals it's all been a charade and she needs help. Like most Tom Waits songs, it's the story of the kind of person who is pushed to the fringes of society, tragic but hopeful, and loaded with empathy.I've recently been doing a job search of my own, and part of that has been "what dates did you work at $place?" and "give us some references?" and I realized that I'm terrible about keeping tabs on these kinds of things. The idea that I could send a Christmas card to a former client from years ago is absurd. Then again, how do we even know these cards get to Charlie? We just know that she wrote them, not that Charlie got them.Rating:I Am the Antichrist - The Dream EatersTwo songs this year? Are there even any rules anymore? The lord of the damned has a poppy intro track. I suppose this shouldn't go on a Christmas list, because it likely belongs at the antipodal part of the year. Y'know. Being the Antichrist and all.Rating:Star Trek II: The Wrath of KhanAn aging Captain Kirk is haunted by a mistake of his past: Khan Noonien Singh is back for revenge. This "Horatio Hornblower in Space" riff on Trek is packed with themes: revenge, sacrifice, the frightening power of technology, and an object lesson on why you shouldn't put things in your ears. It also proves that the best, most exciting space battles aren't swooping, wooshing, pew pew pews, but tense games of cat-and-mouse.As for its Christmas connections? What greater gift can Spock give to his crew but himself? His ultimate sacrifice is what ties the movie together, and of course, it means we got this incredible Christmas ornament out of it. Of all the Christmas spirits I have ever known, his was the most human.The whole prefix-code thing is a pretty incredible security blunder. A remote back door into any Starfleet vessel, guarded only by a 5 digit code? A 5 digit code that's stored in a database on every other starship? So if an enemy captures one vessel, they can thwart the entire fleet unless everyone updates their prefix code? That's a terribly security posture! And incredibly realistic! That is likely what the future will look like. So I guess that's a credible security blunder, if we're being pedantic.I bet they store the passwords in plain text too!Rating: [Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.