The Daily WTF

Robert needed to fetch some details about pump configurations from the backend. The API was poorly documented, but there were other places in the code which did that, so a quick search found this block:

The dependency graph of your application can provide a lot of insight into how objects call each other. In a well designed application, this is probably mostly acyclic and no one node on the graph has more than a handful of edges coming off of it. The kinds of applications we talk about here, on the other hand, we have a name for their graphs: the Enterprise Dependency and the Big Ball of Yarn.Thomas K introduces us to an entirely new iteration: The Big Ball of MandelbrotThis gives new meaning to points “on a complex plane”.What you’re seeing here is the relationship between stored procedures and tables. Circa 1995, when this application shambled into something resembling life, the thinking was, “If we put all the business logic in stored procedures, it’ll be easy to slap new GUIs on there as technology changes!”Of course, the relationship between what the user sees on the screen and the underlying logic which drives that display means that as they changed the GUI, they also needed to change the database. Over the course of 15 years, the single cohesive data model ubercomplexificaticfied itself as each customer needed a unique GUI with a unique feature set which mandated unique tables and stored procedures.By the time Thomas came along to start a pseudo-greenfield GUI in ASP.Net, the first and simplest feature he needed to implement involved calling a 3,000 line stored procedure which required over 100 parameters. [Advertisement] Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!

We often point to dates as one of the example data types which is so complicated that most developers can’t understand them. This is unfair, as pretty much every data type has weird quirks and edge cases which make for unexpected behaviors. Floating point rounding, integer overflows and underflows, various types of string representation…But file-not-founds excepted, people have to understand Booleans, right?Of course not. We’ve all seen code like:

"On my admittedly old and cheap phone, Google Maps seems to have confused the definition of the word 'trip'," writes Ivan.

In programming, sometimes the ordering of your data matters. And sometimes the ordering doesn’t matter and it can be completely random. And sometimes… well, El Dorko found a case where it apparently matters that it doesn’t matter:

We talk a lot about the sort of wheels one shouldn’t reinvent. Loads of bad code stumbles down that path. Today, Mary sends us some code from their home-grown unit testing framework.Mary doesn’t have much to say about whatever case of Not Invented Here Syndrome brought things to this point. It’s especially notable that this is Python, which comes, out of the box, with a perfectly serviceable unittest module built in. Apparently not serviceable enough for their team, however, as Burt, the Lead Developer, wrote his own.His was Object Oriented. Each test case received a TestStepOutcome object as a parameter, and was expected to return that object. This meant you didn’t have to use those pesky, readable, and easily comprehensible assert… methods. Instead, you just did your test steps and called something like:

Yasmin needed to fetch some data from a database for a report. Specifically, she needed to get all the order data. All of it. No matter how much there was.The required query might be long running, but it wouldn’t be complicated. By policy, every query needed to be implemented as a stored procedure. Yasmin, being a smart prograammer, decided to check and see if anybody had already implemented a stored procedure which did what she needed. She found one called GetAllOrders. Perfect! She tested it in her report.Yasmin expected 250,000 rows. She got 10.She checked the implementation.

"I wonder what events, or lawsuits, lead TP-Link to add this warning presumably targeted individuals who updated firmware just ahead of performing medical procedures," writes Andrew.

Being a software architect is a difficult task. Part of the skill is rote software design based upon the technology of choice. Part of it is the very soft "science" of knowing how much to design to make the software somewhat extensible without going so far as to design/build something that is overkill. An extreme version of this would be the inner platform effect.Way back when I was a somewhat new developer, I was tasked with adding a fairly large feature that required the addition of a database to our otherwise database-less application. I went to our in-team architect, described the problem, and asked him to request a modest database for us. At the time, Sybase was the in-house tool. He decreed that "Sybase sucks", and that he could build a better database solution himself. He would even make it more functional than Sybase.At the time, I didn't have a lot of experience, especially with databases, but intuition told me that Sybase had employed countless people for more than a decade to build and tweak Sybase. When I pointed this out, and the fact the it was unlikely that he was going to build a better database than all that effort - by himself - in only a few days, I received a full-on dressing down because I didn't know what was possible, and that a good architect could design and build anything. While I agreed that given enough time it might be possible, it was highly unlikely that it would happen in the next three days (because I needed time to do my coding against the database to meet the delivery schedule). I was instructed to wait and he would get it to me in time.My Spidy-Senseâ„¢ told me not to trust him, so I went to the DBAs that day and told them what I needed. Since I had little relevant experience with setting up a database, I told them of my inexperience with such things and asked them to optimize it with indices, etc. They created it for me that day. Since it was their implementation of my (DB) requirements, I knew that it would at least pass their review. I then coded the required feature and delivered on time. Was it perfect? No. Could it have been designed better? In retrospect, sure. But I was new to databases and it was fast enough for the need at the time.At every meeting for the next three months, our manager asked the architect how his Sybase-replacement was coming along. He sheepishly admitted that while it was coming along well, coming up with a design that would support all of the features provided by Sybase was proving to be a bit more involved than he had imagined, and that it would take a while longer.Several months after that, he was still making schematics and flow diagrams to try and build a new and improved Sybase.Our manager never did do anything to stop him from wasting time.As for me, I learned an important lesson about knowing when to write code, and when not to write code. [Advertisement] ProGet supports your applications, Docker containers, and third-party packages, allowing you to enforce quality standards across all components. Download and see how!

Simon T tugged at his collar when the video played. It wasn’t much, just a video of their software being tested. It wasn’t the first time they’d tested Simon’s most recent patch, but it was going to be the last time. There were a lot of eyes in the conference room, and they were all turned on him.Simon worked for the kind of company which made missiles. The test in the video was one of the highly expensive tests of a real missile under real-world conditions. Several of these had already been done with this software package, so Simon hadn’t expected any problems to crop up. In this case, though, the missile left its launcher and sailed in a perfect parabolic arc into the ground 5 meters away from the launch site.Missiles diving headfirst into the ground mere meters from their launch site was officially considered a bad thing. There were all sorts of checkpoints and automated tests and simulations that were supposed to keep this thing from happening. It didn’t take long to find the problem.

When writing up a Code SOD, a big part of the goal is to provide context for the bad code. Why is it bad, what would be better,, etc. In other words, we need to… ShowContext. Vasco O has exactly the method for that.

Sam B. writes, "Only £11.99 for a call_user_func_array() warning? What a bargain!"

Containers make deployment easy, or at least that’s what it says on the label. It makes intuitive sense, though- instead of wrangling all your dependencies on a host OS, and then trying to understand why your app can’t see them, you bundle all the dependencies into a container and push that around when you want to deploy. It Just Works™.Sandra had just left a company which didn’t use containers, but containers wouldn’t have helped: the didn’t have a working deployment process, period. They didn’t even try deploying before the production push 9 months into the project, and the first twelve attempts consistently failed because someone hadn’t tested something, or someone didn’t update the script, or the requirements changed and were signed off but nobody told the development team. It meant a lot of nights, a lot of weekends, and a lot of meetings which devolved into circular firing squads.Enter Initrovent™, a cutting edge, SaaS provider which serviced the event planning industry. Karl, the Big Boss, assured Sandra that he completely understood the importance of deployments. “Oh, you don’t have to tell me,” he said. “I’ve seen so many failed deployments. We’re actually moving our platform into dockerized microservices with continuous deployment. We’ve build a process which works for us.”Overall, the gig sounded like a good fit, so Sandra started a few Mondays later. She spent most of the day “on boarding”, so it wasn’t until late in the afternoon that she tried to get her development environment set up. Based on her conversation with Karl, Sandra had assumed she’d pull down a container and be ready to go.She was half right. The company had one standard container. It had nothing in it. The install guide walked Sandra through spinning up one container and installing Apache, then another container for MySQL, then another for Memcache, then another for something only called “queue”, which reeked of some sort of inner-platform attempt at being “enterprise”, but Karl could only explain as being required “because of Docker”.That was Sandra’s first day. On her way out, she stopped by Karl’s office. “Hey, since I’ve got those containers set up, should I put them somewhere so other devs don’t have to set them up?”“What do you mean?” Karl asked.“Y’know, so they don’t have to set up from scratch every time? They can just use the containers I set up?”Karl nodded, as if he understood. “Oh, I don’t think that’s necessary. Besides, in my experience, every developer wants to set their environment up themselves. It’s fine.”“That’s not how containers work.”“Well, it works for us,” Karl said.The next day, Sandra pulled down the code. The install guide, in bright red text, loudly announced that it must be placed in the /projects/intirovent/planner folder, because the Docker container was hard-coded to use that mount point, and no other. Once she had the code downloaded, she tried to test it, and discovered nothing but error messages. She went back through the install guide, just to be certain, and then took a glance at the code.It was not microservices. It was a PHP monolith written using a 2012 release of CakePHP which had been endlessly tweaked in the intervening years. Lining up the errors she was seeing with the code, it quickly became obvious that unless a user was very careful with the application, they would see lots and lots of error messages. With a little practice, Sandra managed to get through the sign up process with only one cryptic 500 error, and even created an event.In that code there was a folder called microservices. It was a bunch of RESTful endpoints. Karl explained: “They’re small, and they’re web services.”“That’s… that’s not how microservices work.”“Well, it works for us.”That was Sandra’s second day. The week ground on like three fully interlocked gears, but by the end of the week, Sandra had not only cleaned up a few of the nastier bugs, but had finished off a new and rather large feature. She closed the ticket, and then Karl followed up: “Swing by, and I can show you how deployments work.”“Deployments? On a Friday afternoon?” Sandra asked when she got to Karl’s office.“Well, I did say we do continuous deployment.”“That’s… not how continuous deployment works.”“Well, it-”“-works for us?” Sandra took a seat to watch the show. She wasn’t surprised by what she saw.The purpose of containers is to have a single unit, with all its dependencies, which can be deployed, possibly to many different machines or VMs. That’s, at its core, how containers work. They’re easy to test, they’re easy to automate, and they’re easy to deploy.Karl didn’t test, didn’t automate, and the deployment… well. Karl SSHed into the one server which constituted their production environment, and then went over to /projects/intirovent/planner, where he issued a git pull. Karl pulled up the site in his browser, hit refresh a few times, and smiled when he saw the landing page. “Great work.”“That’s your deployment process?”“Yep. Works pretty great, doesn’t it?”The deployment process may have worked for Karl, but Sandra didn’t plan to work for him much longer. [Advertisement] Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!

Tim B did a little work with an e-learning vendor, with some very old code. The code in question happened to be so old that “this is server side JavaScript” was a horrifying novelty when they wrote it, instead of a standard deployment option via Node.The code in question is bad date handling code, which isn’t impressive. What is impressive is that it demonstrates a terrible approach to dates which I’ve never seen before. It doubles as a terrible approach to arrays which I have seen before, but… it remains special.

Ian S was going through the portfolio of applications maintained by his company, and stumbled across one that… well, from what he could tell, wasn’t written by a developer so much as spawned by an accident. 90% of the code was copy-pasted from somewhere else in the code, flow-of-control mostly used Exceptions as an attempt at doing GOTO-style logic, and there were piles of unused variables or variables used before initialization. Some modules/packages in the application were full of syntax errors, which implied that they weren’t actually included or used anywhere.From that mess, Ian extracted this.

If you've looked at job postings, you know that there's one thing really big and trendy right now, and that's blockchains. But the other trendy thing is Machine Learning! We'll talk about the Daily WTF's Initial Coin Offering at a later date, but for right now, we're excited to announce our new ML efforts.Specifically, we recognize that there's a certain structure and pattern to our articles, and instead of paying human writers, we can instead employ the latest machine learning systems to generate new articles that will be indistinguishable from the articles you know and love. The ideal tool, of course, would be an Recurrent Neural Network, which we could train based off previous articles. Unfortunately, that involves a lot of GPU power, and we're already using our GPUs to get ready for that ICO I mentioned. Shhhh. It's a secret.In any case, since we couldn't use an RNN, we opted for the next best thing: a Markov Chain. I'm sure what follows will be a perfectly good article.>actually all the saw the IP address the variable night Saving stream(r).collectors.toMap(x -> {try{return x.getInputStream(file != null, because the that can handle the servers were of the users who cannoying to times, they know how company he made a case where I might the mess of correct time. But oncept would financial time. While the time issues had to be users were off for it in their IDE was assigned to be used as that exchange. The server1 with it. The arrays.stream> m = Arrays.stream(r).collectors.toMap(x -> {try{return x.getFile%3AVictory!_Congress pass, which is night. This point.

TZ wrote, "Looks like somebody at Microsoft doesn't like static web pages!"

Werner sent us some code from the telcom industry. Before we even get to the code, we have to look at one of the comments.

Ruby is a nice little language, but I think it wouldn’t have exploded in popularity like it did without Rails. Nowadays, Ruby still seems to be the first choice of early-stage startups. A big part of that is how easy ActiveRecord makes database access.Adrian was doing some code reviews, when he came across this line:

There are certain programming problems that I generally say you shouldn’t try and solve yourself. Dates, of course, are a big one. They’re more complicated than you think, and unless you want to make managing a date handling library your life’s work, just use someone else’s.Encryption is another. There are so many subtle ways to do it wrong that unless it’s your specialty, you’re going to screw it up. Another similar problem is authentication.Artyom was having a bit of an authentication problem. He had inherited a Web Portal, written by a “security minded” developer. Since this developer was “security minded”, they took “common sense” security measures, like using JavaScript to prevent copy/pasting into the password field, and to prevent password managers from running. That was annoying enough, especially considering Artyom favored a 34 character password, but strangely… it never worked on the first attempt. Artyom always had to enter the password twice.Fortunately, the authentication method was well documented, and explained exactly what was going on:

"I got this email out of the blue from TI. By the way, my name isn't ALFONSO," writes Jamie.

Peter B’s company didn’t have the resource availability to develop their new PHP application entirely in-house, and thus brought in a Highly Paid Contractor™ to oversee that project. This story could end here, and you could fill in the rest, but Peter found an… interesting block of code during the autopsy on this disaster.Now, I want you to imagine that someone has handed you an integer. You need to know if that integer constitutes a valid HTTP status code. Now, this could get difficult, as just because a number falls between 100 and 599 doesn’t mean that it’s actually a defined status code. Then again, services may define their own status codes, and clients should understand the class of a status code, even if they don’t understand the number, so getting a 147 code isn’t wrong, so we can just probably assume any n where 100 <= n < 600 is valid enough.Sorry, I’ve gotten off track, because I really just can’t believe this code is the solution someone came up with.

Passion projects are so common in our industry that there are some people who won’t hire you as a programmer if you’re not also programming in your free time. That’s TRWTF, honestly. There’s nothing wrong with being the kind of programmer who shows up for your 9–5 and then goes home and doesn’t touch a computer until the next day.There’s also nothing wrong with passion projects. I have a bunch of them, usually carefully chosen to have absolutely no utility whatsoever, so they never start feeling like a job.A Fish of Greater Size (FoGS) has a passion project, which they work on with a number of friends. It’s a web application written in C… or C++… or maybe a little of both? FoGS isn’t entirely certain what they’re using precisely. It’s an existing code base.In that code base, there’s a CSS file. It sits in the site’s root directory, but there’s no entry in source control explaining how it got there. There’s no developer on the team who knows how it got there. None of them admits to putting it there. And yet, there it sits.

"Hi, $(lookup(BOOZE_SHOP_OF_LEAST_MISTRUST))$Have you been drinking while parsing your variables?" Tom G. writes.

No matter how much I personally like functional programming, I know that it is not a one-size fits all solution for every problem.Vald M knows this too. Which is why they sent us an email that simply said: “We have a functional programmer on the team”, with this representative line attached.

Darlene has a co-worker who discovered a problem: they didn’t know or understand any of the C++ libraries for manipulating dates and times. Checking the documentation or googling it is way too much to ask, so instead they opted to use the tools they already understood- a database. We’ve seen that before.There was just one other problem: this application wasn’t data-driven, and thus didn’t have a database to query.Darlene’s co-worker had the solution to that: create an in-memory Sqlite database!

We all know the old saying: “Some people, when confronted with a problem, think ‘I know, I’ll use regular expressions.’ Now they have two problems.” The quote has a long and storied history, but Roger A’s co-worker decided to take it quite literally.Specifically, they wanted to be able to build validation rules which could apply a regular expression to the input. Thus, they wrote the RegExpConstraint class:

Jeff W. writes, "You know, I don't think this one will pass."

Let’s imagine, for a moment, that you came across a method called setDate. Would you think, perhaps, that it stores a date somewhere? Of course it does. But what else does it do?Matthias was fixing some bugs in a legacy project, and found himself asking exactly that question.

May the gods spare us from “clever” programmers.Esben found this little block of C# code:

"Does this mean my package is here or is it also in development?" writes Nariim.

In Java 8, they added the Streams API. Coupled with lambdas, this means that developers can write the concise and expressive code traditionally oriented with functional programming. It’s the best bits of Java blended with the best bits of Clojure! The good news, is that it allows you to write less code! The better news is that you can abuse it to write more code, if you’re so inclined.Antonio inherited some code written by “Frenk”, who was thus inclined. Frenk wasn’t particularly happy with their job, but were one of the “rockstar programmers” in the eyes of management, so Frenk was given the impossible-to-complete tasks and given complete freedom in the solution.Frenk had a problem, though. Nothing Frenk was doing was actually all that impossible. If they solved everything with code that anyone else could understand, they wouldn’t look like an amazing genius. So Frenk purposefully obfuscated every line of code, ignoring indentation, favoring one-character variable names, and generally trying to solve each problem in the most obtuse way possible.Which yielded this.

Once upon a time, there was a project. Like most projects, it was understaffed, under-budgeted, under-estimated, and under the gun. Death marches ensued, and 80 hour weeks became the norm. The attrition rate was so high that no one who was there at the start of the project was there at the end of the project. Like the Ship of Theseus, each person was replaced at least once, but it was still the same team.Eric wasn’t on that team. He was, however, a consultant. When the project ended and nothing worked, Eric got called in to fix it. And then called back to fix it some more. And then called back to implement new features. And called back…While diagnosing one problem, Eric stumbled across the method getPartVersions. A part number was always something like “123456–1”, where the first group of numbers were the part number itself, and the portion after the “-” was the version of that part.So, getPartVersions, then, should be something like:

One of the more interesting things about human psychology is how bad we are at thinking about the negative consequences of our actions if those consequences are in the future. This is why the death penalty doesn’t deter crime, why we dump massive quantities of greenhouse gases into the atmosphere, and why the Y2K bug happened in the first place, and why we’re going to do it again when every 32-bit Unix system explodes in 2038. If the negative consequence happens well after the action which caused it, humans ignore the obvious cause and effect and go on about making problems that have to be fixed later.Fran inherited a bit of technical debt. Specifically, there’s an auto-numbered field in the database. Due to their business requirements, when the field hits 999,999, it needs to wrap back around to 000,001. Many many years ago, the original developer “solved” that problem thus:

"According to Outlook, it seems that I accidentally invited all of the EU and US citizens combined," writes Wouter.

Julio S recently had to attempt to graft a third-party document viewer onto an internal web app. The document viewer was from a company which specialized in enterprise “document solutions”, which can be purchased for enterprise-sized licensing fees.Gluing the document viewer onto their internal app didn’t go terribly well. While debugging, and browsing through the vendor’s javascript, he saw a lot of calls to a function called IsFunction. It was loaded from a “utilities.js”-type do-everything library file. Curious, Julio pulled up the implementation.