The Daily WTF

This week we have a veritable grab-bag of all themost common sorts of website errors: the NaN, the null, theundefined, the bad text substitution and the wonky date math.Honestly, they'regetting tedious. Somebody should build a tool to help developers scrub their code of impurities and dross. Theycould call it something catchy like, I dunno, purifieror lintbrush.Timely Todd R. tells us "I left a window open in Workday for too long, and like alot of other apps it threatened to log me out. I justwish I knew when that was..."

This week we have a veritable grab-bag of all themost common sorts of website errors: the NaN, the null, theundefined, the bad text substitution and the wonky date math.Honestly, they'regetting tedious. Somebody should build a tool to help developers scrub their code of impurities and dross. Theycould call it something catchy like, I dunno, purifieror lintbrush.Timely Todd R. tells us "I left a window open in Workday for too long, and like alot of other apps it threatened to log me out. I justwish I knew when that was..."

Ellen had just finished washing her hands when her phone buzzed. It vibrated itself off the sink, so there was a clumsy moment when it clattered to the restroom floor, and Ellen tried to pick it up with wet hands.After retrieving it and having another round of hand washing, Ellen read the alert: the UPS was in overload.That wasn't good. Their power supply was scaled for future growth- there was more than enough capacity to run all their servers off the UPS. So that meant something was very wrong. Ellen dashed out of the bathroom, conveniently located just off the server room, expecting to see something shorting out and sparking and an ugly cloud of smoke.But everything was fine. Everything in the server room continued to hum along nicely. Barry, the other server room tech, had already checked the UPS management console: something was drawing 2000W above the baseline load. "Something in here must be drawing extra power," Ellen said. Barry agreed, and they went off searching.While they searched, their phones pinged again: the UPS was no longer in overload."Weird," Barry said. "Do you think it's the health monitoring going off?""I mean, it could be," Ellen admitted. "But reporting an overload? I suppose we should open a ticket with the manufacturer."So Ellen did that, while Barry trotted off to make his trip to the restroom. A few hours later, the UPS manufacturer sent their reply, which in short was something like: "You clearly have misconfigured it. Check this wiki article on how to set alert thresholds. Closing this ticket."Frustrated, and full of coffee, Ellen traipsed back to the restroom to relieve herself. This time, she was halfway out the restroom door when her phone buzzed. The UPS was in overload again.Once again, there was nothing obvious going wrong, but the management console reported that something was drawing 2000W above the normal load. "Some device in here has to be going wildly wrong," Ellen said. "Did somebody plug in a fridge, or a space heater or something?""I dunno," Barry said. "Do you think we're going to need to do an inventory?""I suppose so," Ellen said. She checked her phone. "There are a few hours left in the day, let's see if there's some device we don't expect, or something.""Sure, but ah, gotta hit the head first," Barry said. He went to the restroom while Ellen pulled up the inventory of the server room and started walking the racks, looking for anything out of place.That's how they spent the rest of the day, searching through the server room, trying to figure out what might be drawing a whopping 2000W of power off the UPS. There was nothing unusual or out of place, however.Frustrated and annoyed, Ellen took one last trip through the restroom before she left for the day. And, like clockwork, she was just drying her hands on a paper towel when her phone pinged. The UPS was in overload again.Once is chance. Twice is coincidence. Three times is a pattern. When Ellen used the bathroom, the alert went off. When Barry used it, it didn't.Ellen looked around the bathroom. It was a spartan, functional room, without much in it. Lights. Exhaust fan. Sink. Sink. The sink used hot water. On the wall, under the sink, was a petite five liter instant-on hot water heater."Oh, they didn't."The next morning, they got an electrician in. Within a few minutes, Ellen was able to confirm that they, in fact, had: they had wired the bathroom circuit to the server room UPS, not building mains. Every time Ellen washed her hands, the UPS went into overload.The electrician was able to rewire the bathroom, which lifted that additional load off the UPS. That solved the obvious problem, and made everyone happy.Nothing could fix the other problem, however. Ellen couldn't bring herself to shake Barry's hands anymore. Maybe he just used cold water… maybe. [Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

Mario's team had a nasty stutter in the UI of their web application. Frequently, when going back to the server for data, the UI would just hang. The requests themselves were happening asynchronously, and it wasn't just network lag anyway- the server was able to serve up large JSON responses well within any reasonable timelines. Certainly nothing in the timing justified such a nasty UI hang. So what was going on?Well, in many of the places where they were handling JSON responses, specifically large JSON responses, this code was copy-pasted in multiple places:

I have a bit of a vendetta against the Singleton pattern. It's not to say that I won't use it, it's just that it's a pattern that gets overused and misapplied. The result is, instead of guaranteeing that only one instance of an object exists (because there can be only one), and just reinvent global variables.Today, George sends us some code that is in a Java factory class that constructs thread pools. In this case, the thread pool itself is returned as a singleton. I've got some questions about the logic of why that's the case, but that's what it is.And then there's this method/comment combination which is just… perfect.

Knock knock.Matthew shared a classic catch-22 that didn't catch any, explaining"Redditstatus.com is in the middle of a Reddit outage (actually,after the outage has been "restored" and we are "monitoring the situation").The whole point of hosting a status page separatelyis so that it does not share common failure mechanism with the site being monitored!"

Suri was about to add some new functionality to an existing application, and since it was a relatively big change, she spent a few hours tidying up the codebase. Sitting in there, in the code actually running in production, she found this:

Switches are great. Given a value, you can switch to different code paths based on that value. The problem is… what if you have other conditions too?Well, Hubert's co-worker found a way around that. Here's a heavily anonymized version of the pattern.

Kimberly L sends us an example of what is clearly template-generated code, so I think this is an opportunity to go on a rant.Now, the important thing to note here is that this code was in a packaged library that they were considering using.

Frequent contributor Argle (previous) is mildly famous, and not just around here. He writes:

Buffalo, New York is a recovering Rust Belt city which has given theworld several notable achievements. First, a fairly forgettable slicedmeat sandwich au jus more known for its barely edible stale roll thanfor the entirely unremarkable beef entombed within. Second, an innovativerepurposing of a castoff fowl appendage into a drunkard's delicacy (and MlleSimpson's famed befuddlement). Most of all, it's indispensable for the constructionof a lighthearted linguistic shibboleth: Buffalo buffalo buffalo buffalo...and so on. Unfortunately, the city also brings us bad news this week.But first,Tony H. reminds us of a famously scandal-ridden bank. Theirs might not have been the worst fraud in 2016 (or 2017, or 2018,or 2019) but apparently they're now tightening down the screws on consumer lending.Tony observes, frostily, "a credit card with a limit below zero is alarming even for Wells Fargo."

"We have an internal website that shows, among other things, the daily availability of my coworkers for the next three months to help with scheduling, especially when planning vacations," writes Alexander."This vacation planner data is represented as a table. An image of a table to be more precise."Displaying data as images is already a WTF. It's certainly not user friendly, it's definitely not accessible, and it makes one wonder whyyyy. That, however, is the least of the WTFs Alexander has in store for us.First, the front-end sent its HTTP requests to a single end-point. Every request went to the same URL. When the user clicked the button to show the vacation planner, the browser would submit a form- yes a form, creating a body which looked like:

Madeline inherited some Python 2.7 code, with an eye towards upgrading it to a more modern Python version. This code generates CSV files, and it's opted to do this by cramming everything into a 2D array in memory and then dumping the array out with some join operations, and that's the real WTF, because that's a guaranteed way to generate invalid CSV files. Like so many things, the CSV files are actually way more complicated than people think.But we're going to focus in on a smaller subset of this pile of WTFs. I'll lead with the caveat from Madeline: "I've changed some of the variable names around, for a bit of anonymity, but couldn't get variable names quite as terrible as the original ones."

Christopher Walker continues to struggle against ancient PHP applications in the automotive industry. With the point system behind him, there was a whole pile of internal applications for handling information about laws, misconceptions about the law, and other driver services.One, a home-grown CMS, was useful for publishing blog-style content about changes in the law. There was just one problem: if a post was published without a thumbnail, attempts to view that post failed with an error. It wasn't hard to find the offending line.

There's an old saying in programming: you don't have to spell correctly, you only have to spell consistently. As long as you mispell everything the same way, your language will understand your code. However, most editors and IDEs have spell-check integration, though, because it's hard to get everyone on a team to spell things wrong consistently.Unless, of course, you know just implement some bonus methods, like John's co-worker. This was frequently spammed in the Java codebase:

I remember when gasoline was under a dollar a gallon inthe US! And penny candy was only a penny! And a poundsterling could buy you a decent dinner, not just a fewounces of meat product! And the euro! Let me tell you about the euro!!

Crystal Reports falls into that category of tool which promises to help end users accomplish technical tasks easily. They can point it at a database, ask the database a question, and voila, a report pops out, complete with pretty fonts and colors.Like any such tool, however, there's a point where it starts getting technical. Jon's company passed that point ages ago, and hired on a dedicated Crystal Reports Developer to write reports that were too complicated for the end users. But even that has its limits, and eventually, their reporting needs outgrew what a Crystal Report implemented by their dedicated developer could do.So Jon's team was handed a pile of reports and told, "implement these as stored procedures in SqlServer." Now, there wasn't anything so fancy as being given requirements or any sort of description about what the reports were for, or what they did, or what would qualify as a successful port version an error. The reports themselves were the requirements: reverse engineer them exactly as written, doing a 1-to-1 mapping wherever possible.That was mostly fine, but there were a few "special" points in the original reports, where the developer had implemented their own custom Crystal Report functions. Including their own custom date functions. Like this one:

Another day, another time where someone from Brian's team needs to log into their MySQL database and kill a query. This particular query hangs while holding a lock, which hangs up every other query which needs to touch this table, which is a lot of them.

Taffer is the team lead on a team making security products. As such, they have very strict policies about how they write their code, they have very thorough code review systems, and they also have automated tests for everything.And yet, things can still slip through.Taffer submitted this change. It passed two code reviews. It didn't cause any unit tests to fail. It made it into the main branch, and sat there for two months. A team of very experienced, very senior developers didn't catch this glitch until a new hire happened to notice it during a review for something else.

Annalise has a pile of… unfortunate JavaScript. It's thousands of files with no real organization or logic behind their organization. It's got so much tech debt that it takes a full time developer just to keep it running, let alone provide support or add features or fix bugs. And the backlog of features and bugs is so long that it's best described in terms of א.Which is to say, there's a lot in there that nobody understands. So when you see a bunch of callbacks registered to onFunctionCall, you might assume that this handler is doing… something. You'd be wrong.

Yankee Ezra A.explains the screenshot below at some length. Says he:"I live in Newton, MA, an affluent, wealthy suburb of Boston.In general, city services are excellent, although thehome page of the website is a bit crowded, so I was gladto get an email with a link to the page where I couldsee how the city is handling my request/complaint aboutsidewalks, via the city's 311 service (I have no ideawhat the 311 stands for)When I went to the website, I found what you see in thephoto.I guess one can't really complain about one small errorin a large website." It's certainly an effective strategyfor keeping the complaints box empty!

Guillaume's company frequently uses consultants. It's a pretty standard setup: Guillaume's employer has many multi-year projects in flight, all of which are layered atop an existing ecosystem of in-house "do everything" applications, each full of their own WTFs.Because of the complexity, Guillaume's team has a pretty strict code review policy. Someone new to the team will write a merge request, a senior developer will coldly review it and provide huge amounts of comments. By the end of the process, the senior team member may have provided most of the code and architecture via those code review comments, and the junior member is left to just follow the instructions.When Guillaume was tasked to review a senior contractor's submission though, that felt like a change of pace. Guillaume still left a lot of comments, but it was more obviously a good merge request. Still, "good" is not "ready for production", and Guillaume ended up in a conflict with management: they wanted the merge now, he wanted the merge right: in compliance with their standards, containing no obvious gotchas, and with clear comments and documentation."This is a senior consultant," Guillaume's boss said, "and they know the product. You need to have a little trust in your senior developers' skills."Guillaume tried to explain that it wasn't about trust; everyone needed their code reviewed because more eyes was better. That didn't budge management, so Guillaume found a compromise: the merge could happen, if there was a follow up to fix the "less urgent comments". That made the users happy, that made Guillaume- well, if not happy, not irritated, and it definitely made the boss happy.One of those "less urgent" comments was on this line:

Managing true and false values is historically challenging. In the world of C, there's even a history to those challenges. Prior to the C99 standard, there wasn't a standardized version of boolean values, but there was a convention which most applications followed, based on how C conditionals and boolean logic works.In C, anything non-zero is considered "true". So, if(0) { … } won't execute the branch, but if(99) { … } will. As a result, when people wanted to make boolean equivalents, they'd use the C preprocessors to specify something like:

Matt P was spending a few hours trawling through a Java code base, working through the poorly documented logic and the bugs and the odd conventions. It was the kind of code base that rightly eschewed "magic numbers", favoring constants, but was also the kind of code base which took that to an extreme which arguably didn't help readability.For example:

This week brings an ongoing installment in a long-running gag, and a plea for helpwith a truly execrable pun. Can someone please find me some map-related material in Idaho? I promise not to credit you directly!Workaholic Stuart Longland flexes "Yes, I'm working on a Sunday. And yes, I've workedsome long hours in the past. But 56 hours in one day?I don't know whether to crow or cry!ButTRWTF is the fact these phantom work entriesre-incarnate after I delete them." In his own defense, Stuart explains (and I concur)"Monday-Friday is fairly meaningless after COVID and the Queensland Floods."

In many places, driver's licenses work on a point system. As you commit infractions, you gain or lose points, when your point score hits a certain threshold, your insurance company raises your rates or you may even lose your driver's license. Where Christopher Walker lives, you start with twelve points, and each infraction takes a few away. Once a year, you have the option to attend a workshop on safe driving, where you can then regain a few of those points.It's complicated and tedious, so several organizations, from the local department of motor vehicles to various insurance companies, have set up systems to manage this information. One of those organizations built a PHP application about fifteen years ago, and it gradually grew in kruft and complexity and confusion from that point forward. It works, but it's entirely unmaintainable.So Christopher was hired to help upgrade it to something hopefully supportable. It's still in PHP, but it's redesigned to use some best practices, switch to Laravel as its framework, and basically be as modular and component-oriented as possible.The real challenge was porting the existing data into the new system. The old schema was a mess. The "simple" problems were all around the fact that once upon a time the database only used ASCII, but was eventually upgraded to use UTF-8, but however that was done made it so that many characters like 'é' got mangled into '‡' or '§'.But all of that was nothing compared to the problems updating the revision history tables. The other developers had given up on the revision/audit history many years ago. Instead of providing detailed reports, they simply displayed "[username] changed this participant."The application tracked an audit log, and it was fairly thorough. At first glance, it even seemed pretty sensible. It had a timestamp, an action code (like "USRUPDATE" or "USRCREATE"), a "detailsaction" which contained what appeared to contain the new value of a modified field, and then a "request" which just seemed to log the raw SQL run to alter the table. That last one didn't seem important, so Christopher went ahead and started porting the old table to the new database.That's when Christopher hit the first speed bump. Some of the records were sane, comprehensible audit logs. Some of them simply weren't. For some of them, the audit fields conveyed no information. For others, you needed to look at the request field and try and reconstruct what happened from the raw SQL. Except that was easier said than done: many of the queries in the audit log referenced tables and fields which no longer existed, or had been renamed at some point. By combing through the huge pile of data, Christopher was able to determine that there were only about 20 different ways those queries got deprecated, so it wasn't too hard to come up with a script that could translate them into the new architecture.The other unusual edge case were that instead of storing SQL in the field, many stored a condensed array representing the row that was altered, like:a:23:{s:14:"participantsid";i:123456;s:5:"titre";s:8:"Monsieur";s:3:"nom";s:5:"[LAST_NAME]";s:6:"nom_jf";s:0:"";s:6:"prenom";s:6:"[FIRST_NAME]";s:10:"profession";s:1:"0";s:14:"naissance_date";s:10:"xxxx-xx-xx";s:14:"naissance_lieu";s:15:"STRASBOURG (67)";s:8:"adresse1";s:20:"[REDACTED]";s:8:"adresse2";s:0:"";s:11:"code_postal";s:5:"12345";s:5:"ville";s:9:"[REDACTED]";s:4:"tel1";s:14:"[REDACTED]";s:4:"tel2";s:0:"";s:5:"email";s:24:"[REDACTED]@gmail.com";s:6:"membre";s:0:"";s:15:"immatriculation";s:0:"";s:2:"ac";s:3:"NON";s:12:"permisnumero";s:12:"[REDACTED]";s:10:"permisdate";s:10:"2019-01-21";s:10:"permislieu";s:9:"PREFET 67";s:8:"remarque";s:0:"";s:14:"naissance_pays";s:0:"";}That wasn't terrible to manage, aside from the fact that the dumps didn't actually reference existing tables and fields. Christopher could figure out what the replacement tables and fields were and map the data back to actual audit log entries.That got Christopher 90% of the way there. But 90% isn't all the way, and the last ten percent was going to take a lot more time. Or perhaps was going to be impossible to do. Because the remaining audit log records stored queries that had nothing to do with the entity that was changed. Many of them weren't even modification statements.For example, the audit log entry that seemed to be about updating a workshop's status from "active" to "cancelled" was purportedly done by this query: SELECT lieux.departement FROM lieux JOIN stages ON stages.lieuxid = lieux.lieuxid WHERE stages.types = 'PAP' AND stages.stagesid ='123456'.Christopher summarizes:

Linda discovered a new anti-pattern, helpfully explained with comments.

Kerin inherited a scheduling application for a university. This application stored the scheduled days for a class in the database… as one comma-separated field. This was a problem for Kerin, who was hired to add predictive scheduling and classroom density measurements to the system.This particular function was written to take that data and transform it for display. Sort of.

Nullable types, at least in theory, make our code simpler and easier to maintain. If nothing else, we know when there's a risk of a null value, and can handle it with some grace. At least, that's how it works if we understand what they do.Boaz's co-worker knows that nullables are valuable, but doesn't quite get it.

Danish cookie connoisseur Jørgen N. contributes our starter course this week. "Cloudera has an interesting way of implementing "Required only" cookies." It's an exercise for the frist poster to explain to the peanut gallerywhat's so distasteful about third-party cookies.

"Don't concatenate long strings," is generally solid advice in most languages. Due to internal representations, strings are frequently immutable and of a fixed length, so a block like this:

Martin's company had written a set of command line tools which their internal analysts could then string together via shell scripts to do their work. It was finicky and fragile, but frankly didn't work too badly for most cases.There was one tool, however, which seemed to be the source of an unfair number of problems. Eventually, Martin sat down with an analyst to see what was going wrong. The program would exit successfully, but wouldn't actually do any of the work it was supposed to. Instead of doing the normal thing and writing errors to STDERR, the tool wrote to a file. Which file, however, was determined by reading some shell variables, but the shell variables used by each of the tools were slightly different, because why would you build a consistent interface for your suite of analytical tools?Eventually, Martin was able to figure out where the errors were going, and saw that it was failing to connect to the backend database. That was a simple matter- just fix the connection string- but why was it exiting successfully when it couldn't connect?

Let's say you saw a method called StrToGuid, in a C# codebase. Your first thought might be: "Wait, isn't there a built in parse? Well, I guess maybe they might do some sort of exception handling. But it still doesn't seem right." And then you'd take a look at the method signature and see that it takes both a string, and an integer named counter, and you'd think: "Wait, what?"Henrik H had a similar experience. His team hired a new developer, someone with 15+ years of experience. This is what they contributed to the codebase:

"There are a few more functions like this in the same file," writes Jenny, about today's submission. This is one which largely does speak for itself.

This week's edition of Err'd gets off to a flyingstart with one that came in "over the transom" as t'were.Ordinarily, expired certs are a bit mundane for thiscolumn, but in this case, where this foiblefetched up is at least worth a chuckle.Jim M. wrote directly to the editor with this explanation."If you're looking for compliance reports to prove that your cloudprovider has solid security practices, be wary of this WTF with Azure.Quoting the site, SOC 2 Type 2 attestation report addressesthe requirements set forth in the Cloud Security Alliance (CSA)Cloud Controls Matrix (CCM), and the Cloud Computing ComplianceCriteria Catalogue (C5:2020) created by the German FederalOffice for Information Security (BSI).Sounds impressive!The link for Azure DevOps SOC 2 Type 2 attestation reportgoes to this link,https://docs.microsoft.com/en-us/compliance/regulatory/offering-soc-2,which shows that the cert for this page has expired. Try it here:https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3"

Austin's team received a bug report. When their C# application tried to load certain settings, it would crash. Now, since this was a pretty severe issue in their production software, impacting a fair number of customers, everyone on the team dove in.It didn't take Austin long to spot the underlying problem, which isn't quite the WTF.

In the endless quest to get asynchronous operations right, we're constantly changing approaches. From callbacks, to promises, to awaits, to observables. Observables are pretty straight forward: we observe something, like a socket or a HTTP request, and when something happens, we trigger some callbacks. In a lightly pseudocode version, it might look something like:

Lacy's co-worker needed to collect groups of strings into "clusters"- literally arrays of arrays of strings. Of great importance was knowing how many groups were in each cluster.Making this more complicated, there was an array list of clusters. Obviously, there's a code smell just in this data organization- ArrayList<ArrayList<String[]>> is not a healthy sounding type name. There's probably a better way to express that.That said, the data structure is pretty easy to understand: I have an outer ArrayList. Each item in the ArrayList is another ArrayList (called a cluster), and each one of those contains an array of strings (called an answer, in their application domain).So, here's the question: for a set of clusters, what is the largest number of answers contained in any single cluster?There's an obvious solution to this- it's a pretty basic max problem. There's an obviously wrong solution. Guess which one Lacy found in the codebase?

Giles's company has a hard time with doing things in the database.In today's example, they attempt the very challenging task of generating unique IDs in a SQL Server database. Now, what you're about to see follows the basic pattern of "generate a random number and see if it's already been used", which is a fairly common anti-pattern, but it's managed to do this in some of the worst ways I've ever seen. And it can't even hide behind the defense of being written a long time ago- it's a handful of years old.Comments to this C# code have been added by Giles, and no, there were no comments.

Carolyn's company has a bunch of stringly-typed enums. That's already a problem, even in Python, but the other problem is that they need to display these in a human readable format. So, "ProductCategory" needs to become "Product Category". Now, it's true that every one of these stringly typed enums follows the PascalCase convention. It's also true that the list of them is constantly growing.So this is the method someone wrote for formatting:

Steve's predecessor knows: sometimes, stuff happens that makes you go "WTF". While Steve was reviewing some inherited PHP code, he discovered that this predecessor had built some code to handle those situations.

When companies reinvent their own accounting software, they usually start from the (reasonable) position of just mirroring basic accounting processes. You have transactions, for an amount, and then tagged with information about what the transaction actually represents. So, for example, if you wanted to find all the transactions which represent tax paid, you'd need to filter on some metadata and then sum up the amounts.It quickly gets more complicated. In some organizations, that complexity keeps growing, as it turns out that each department uses slightly different codes, the rules change over time, this central accounting database gradually eats older databases which had wildly different rules. Before long, you end up with a database so krufty that it's a miracle SQL Server doesn't just up and quit.That's the situation Giles W found himself in. What follows is an example query, which exists to answer the simple question: on 20th December, 2013, how much tax was paid across all transactions? For most database designs, that might be an expensive query, but hopefully a simple query. For this one… well… they may need to do some redesigning. Note the horizontal scrolling on today's code, there was no good place for me to add linebreaks for readability.

Shery sends us perfectly innocent looking Java class, marked up with some annotations. The goal of this class is to have an object which contains a list of names that is definitely not null. Let's see how we did.