The Daily WTF

Technology improves over time. Storage capacity increases. Spinning platters are replaced with memory chips. CPUs and memory get faster. Moore's Law. Compilers and languages get better. More language features become available. But do these changes actually improve things? Fifty years ago, meteorologists used the best mainframes of the time, and got the weather wrong more than they got it right. Today, they have a global network of satellites and supercomputers, yet they're wrong more than they're right (we just had a snowstorm in NJ that was forecast as 2-4", but got 16" before drifting).As with most other languages, FORTRAN also added structure, better flow control and so forth. The problem with languages undergoing such a massive improvement is that occasionally, coding styles live for a very long time.Imagine a programmer who learned to code using FORTRAN IV (variable names up to 6 characters, integers implicitly start with "I" through "N" and reals start with any other letter - unless explicitly declared, flow control via GOTO, etc) writing a program in 2000 (using a then-current compiler but with FORTRAN IV style). Now imagine some PhD candidate coming along in 2017 to maintain and enhance this FORTRAN IV-style code with the latest FORTRAN compiler.A.B.was working at a university with just such a scientific software project as part of earning a PhD. These are just a couple of the things that caused a few head-desk moments.Include statements. The first variant only allows code to be included. The second allows preprocessor directives (like #define).

I once inherited an application which had a bug in it. Okay, I’ve inherited a lot of applications like that. In this case, though, I didn’t know that there was a bug, until months later, when I sat next to a user and was shocked to discover that they had evolved a complex work-around to bypass the bug which took about twice as long, but actually worked.“Why didn’t you open a ticket? This shouldn’t be like this.”“Enh… it’s fine. And I hate dealing with tickets.”In their defense, our ticketing system at that office was a godawful nightmare, and nobody liked dealing with it.The fact is, awful ticket tracking aside, 99% of users don’t report problems in software. Adding logging can only help so much- eventually you have a giant haystack filled with needles you don’t even know are there. You have no way to see what your users are experiencing out in the wild.But what if you could? What if you could build, test and deploy software with a real-time feedback loop on any problems the users were experiencing?Our new sponsor, Raygun, gives you a window into the real user-experience for your software. With a few minutes of setup, all the errors, crashes, and performance issues will be identified for you, all in one tool.You're probably using software and services today that relies on Raygun to identify when users have a poor experiences: Domino's Pizza, Coca-Cola, Microsoft and Unity all use it, along with many others.Now’s the time to sign up. In a few minutes, you can have a build of your app with Raygun integration, and you’ll be surprised at how many issues it can identify. There’s nothing to lose with a 14-day free trial, and there are pricing options available that fit any team size. [Advertisement] Otter allows you to easily create and configure 1,000's of servers, all while maintaining ease-of-use, and granular visibility down to a single server. Find out more and download today!

Oh, PHP. It's the butt of any number of jokes in the programming community. Those who do PHP often lie and pretend they don't, just to avoid the social stigma. Today's submitter not only works in PHP, but they also freelance: the bottom of the bottom of the development hierarchy.Last year, Ilya was working on a Joomla upgrade as well as adjusting several components on a big, obscure website. As he was poking around in the custom code, he found today's submission. You see, the website is in Italian. At the top of the page, it shows not only the date, but also the saint of the day. This is a Catholic thing: every day of the year has a patron saint, and in certain cultures, you might even be named for the saint whose day you were born on. A full list can be found on this Italian Wikipedia page.Every day, the website was supposed to display text like "18 luglio: santi Sinforosa e sette compagni" (July 18: Sinforosa and the Seven Companions). But the code that generated this string had broken. It wasn't Ilya's task to fix it, but he chose to do so anyway, because why not?His first suspect for where this text came from was this mess of Javascript embedded in the head:

There are two ways of accumulating experience in our profession. One is to spend many years accumulating and mastering new skills to broaden your skill set and ability to solve more and more complex problems. The other is to repeat the same year of experience over and over until you have one year of experience n times.Anon took the former path and slowly built up his skills, adding to his repertoire with each new experience and assignment. At his third job, he encountered The Man, who took the latter path.If you wanted to execute a block of code once, you have several options. You could just put the code in-line. You could put it in a function and call said function. You could even put it in a do { ... } while (false); construct. The Man would do as below because it makes it easier and less error prone to comment out a block of code:

"Troy! Troy!"Troy looked up from his keyboard with a frown as his coworker Cassie skidded to a halt, panting for breath. "Yes?""How soon can you get that new client converted?" Cassie asked. "We're at DEFCON 1 in ops. We need to be running yesterday!"Troy's frown only deepened. "I told you, I've barely had a chance to peek at their old system."The client was hoping to convert sometime in the next month—usually no big deal, as they'd just have to schedule a date, write a handful of database conversion scripts, and swing the domains to a fresh instance of their own booking software. It was that middle step that Troy hadn't gotten to. With no go-live date picked, working on new features seemed a higher priority.Cassie had been spouting doom-and-gloom predictions all month: the client's in-house solution read like mid-1990s code despite being written in 2013. She'd been convinced it was a house of cards ready to collapse at any minute. Apparently, she'd been right."Okay, slow down. Where's the fire?" It wasn't that Troy didn't believe her per se, but when he'd skimmed the database, he hadn't seen anything spectacularly bad. Even if the client was down, their data could be converted easily. It wasn't his responsibility to maintain their old system, just to get them to the new one. "Is this a data problem?""They're getting hundreds of new bookings for phantom clients at the top of every hour," Cassie replied. "At this rate, we're not sure we'll be able to separate the garbage from the good bookings even if you had a conversion script done right now." Her eyes pleaded for him to have such a script on hand, but he shook his head, dashing her hopes."Maybe I can stop it," Troy said. "I'm sure it's a backdoor in the code somewhere we can have them disable. Let me have a look.""You do that. I'm going to check on their backup situation."As Cassie ran off again, Troy closed his Solitare game and settled in to read the code. At first, he didn't see anything drastically worse than he was expecting.PHP code, of course, he thought. There's an init script: login stuff, session stuff ... holy crap that's a lot of class includes. Haven't they ever heard of an autoloader? If it's in one of those, I'll never find it. Keep pressing on ... header? No, that just calls ob_start(). Footer? Christ on a cracker, they get all the way to the footer before they check if the user's logged in? Yeah, right there—if the user's logged out, it clears the buffer and redirects instead of outputting. That's inefficient.Troy got himself a fresh cup of coffee and sat back, looking at the folder again. Let's see, let's see ... login ... search bookings ... scripts? Scripts.php seems like a great place to hide a vulnerability. Or it could even be a Trojan some script kiddie uploaded years ago. Let's see what we've got.He opened the folder, took one look at the file, then shouted for Cassie.

It’s Christmas, and thus technically too late to actually go caroling. Like any good project, we’ve delivered close enough to the deadline to claim success, but late enough to actually be useless for this year!Still, enjoy some holiday carols specifically written for our IT employees. Feel free to annoy your friends and family for the rest of the day.Push to Prod (to the tune of Joy To the World)

"Dealing with real customers is a hard job," Katya declared from the safety of the employee breakroom. "Dealing with big companies is even harder!""I know what you mean," her coworker Rick replied, sipping his tiny paper cup of water. "Enterprise security requirements, arcane contract requirements, and then they're likely to have all that Oracle junk to integrate with ...""Huh? Well, that too, but I'm talking about Google.""Google? What'd they do?" Rick raised an eyebrow, leaning against the wall by the cooler, as Katya began her story.As the lead architect, Katya was responsible for keeping their customers happy—no matter what. The product was a Java application, a server that stood between legacy backends and mobile apps to push out notifications when things happened that the customer cared about. So when one of their biggest customers reported that 30% of the Google Cloud messages weren't being delivered to their devices in production, it was all hands on deck, with Katya at the helm."So I of course popped open the log right off," she said, her voice dropping lower for effect. "And what do you think I saw? CertPathValidatorExceptions.""A bad SSL certificate?" Rick asked. "From Google? Can't be.""You've done this before," Katya pouted, jokingly. "But it only happened sporadically. We even tried two concurrent calls, and got one failure, one success.""How does that even work?" Rick wondered."I know, right? So we cURL'd it, verbose, and got the certificate chain," Katya said. "There was a wildcard cert, signed by an intermediate, signed by a root. I checked the root myself, it was definitely part of the global truststore. So I tried again and again until I got a second cert chain. But it was the same thing: cert, intermediate, trusted root.""So what was the problem?" Rick asked."Get this: the newer cert's root CA was only added in Java 7 and 8, back in 2016. We were still bundling an older version of Java 7, before the update.""Ouch," sympathized Rick. "So you pushed out an updated runtime to all the customers?""What? No way!" Katya said. "They'd have each had to do a full integration test cycle. No, we delivered a shell script that added the root CA to the bundled cacerts.""Shouldn't they be worried about security updates?" wondered Rick"Sure, but are they actually going to upgrade to Java 8 on our say-so? You wanna die on that hill?"It just pissed me right off. Why didn't Google announce the change? How come they whipped through them all in two days—no canary testing or anything? I tell you, it's almost enough to make a girl quit and start an alpaca farm upstate." [Advertisement] Atalasoft’s imaging SDKs come with APIs & pre-built controls for web viewing, browser scanning, annotating, & OCR/barcode capture. Try it for 30 days with included support.

The startup Juan worked for was going through a growth spurt. There was more work than there were people, and plenty of money, so that meant interviews. Lots, and lots of interviews.Enter Octavio. Octavio had an impressive resume, had worked for decades as a consultant, and was the project lead on an open source project called “JavaBachata”. Before the interview, Juan gave the project site a quick skim, and it looked like one of those end-to-end ORM/MVC frameworks.Juan planned to bring it up during the interview, but Octavio beat him to the punch. “You’ve probably heard of me, and my project,” he said right after shaking hands. “JavaBachata is the fastest Java framework out there. I use it on all my projects, and my customers have been very happy.”“Ah… we already have a framework,” Juan said, uncertain if this was an interview or a sales-pitch.“Oh, I know, I know. But if you’re looking for my skills, that’s the place to look. It’s open source.”While Juan pulled up the GitHub page, Octavio touted the framework’s strength. “I was doing no SQL before NoSQL was a thing,” he said. “All of our queries are executed in-memory, using TableBeans. That’s what makes it so fast.”Juan decided to start looking in the TableBean class, since Octavio brought it up. The bulk of the class looked like this:

Sheldon was a support engineer at Generic Media Co. In his 6 years with the company, he'd enjoyed working for several great managers—but then came the reorg. Once the dust cleared, he found himself in the wrong department, reporting to one of the most loathed individuals in the entire organization.Gene was the type of manager who believed his fancy title awarded him instant respect. No engineer who spent any time working with him had anything good to say. Sheldon went in hoping for the best ... but Gene's relentless micromanaging and childish stunts quickly ground Sheldon's optimism into dust. When it came time for Sheldon to go on an extended vacation, he felt like a shell-shocked veteran limping out of the trenches.The months away were bliss, but Sheldon couldn't enjoy the last few days out of dread. To his surprise, though, Gene wasn't waiting at his cubicle with twelve urgent tasks upon his return. There hadn't been a peep from Gene all vacation long: no emails, no meeting requests. It was getting close to performance review time; nothing about that, either.As Sheldon worked through his vacation backlong, it became starkly apparent that he was being allowed to work through his vacation backlog. No panicky IMs, emails, cubicle pop-ins. The radio silence extended into days, then weeks. Sheldon began to wonder whether Gene even still worked there. Not wanting to kick a potential sleeping dragon in the nose, he asked his coworkers instead."Of course he's still here," one of them grumbled. "If they haven't canned him by now, they're not going to."Soon after, Sheldon found out he had it exactly backwards.A meeting invitation from Gene landed in his inbox. Catch-up meeting, tomorrow. No agenda, no room booked. Distracted with work, Sheldon didn't immediately accept the meeting. By the end of the day, his desk phone rang.Gene. When had Gene ever phoned his desk? Frowning, Sheldon picked up."I need you to accept the invite," Gene blurted with no preamble. It was then that Sheldon's paranoia clued him into reality. Gene still works here. I'm the one who's out. Gene's extended avoidance had been just another of his immature games. They'd never even done that performance review, had they?"I'll be there," Sheldon muttered.All that night, Sheldon tried to put a positive spin on the situation. A job he'd enjoyed had been ruined by a terrible manager, it was true. But he'd soon be free to look for a better job and a better manager.Sure enough, once the meeting began, Gene smugly informed Sheldon that his role was going offshore, making him redundant. (Sheldon later found out that the offshore bit was a lie, but you didn't hear it from us.) Sheldon hoped this would be the last of their interaction, but it wasn't to be.Fast-forward to Sheldon's second-to-last day, 4:00 PM. Sheldon was leaving to pick up his kids from school. He was on a tight schedule, as he had a train to catch. He hurried to the lobby, summoned an elevator, and darted in.Just as he turned around, he spied Gene entering the lobby from the stairwell. Gene saw Sheldon as well, and flashed him a big smile.Not to be cowed, Sheldon smiled right back.Gene frowned, confused. "Do you have a minute?""No," Sheldon answered honestly as the elevator doors began to close."I need to collect your badge!" Gene yelled.The doors shut, and the elevator began its descent. You're a day early, Sheldon thought to himself, shaking his head.He made it to his train and boarded just in time. While shuttling along, he grabbed his phone and sent Gene a quick message via Google Hangouts. I'll be in tomorrow. You can have my badge then.The message seemed to have trouble going through. A few moments later, the Hangout closed. You have been successfully logged out.Strange. Sheldon switched to Slack. You have successfully signed out."What?" Sheldon blurted aloud.It got him thinking. Gene had just seen him leaving the building in a hurry, grinning like a fool. Did he think Sheldon had planted a bomb or something? Sheldon had no bombs, but he did have admin access to plenty of important systems. Had Gene gotten his account terminated in a panic?Sheldon called the IT department and confirmed his suspicions. There was even a note attached to his account, from Gene: DO NOT RE-ENABLE."What am I supposed to do for my last day?" Sheldon asked."No worries," the tech replied. "I'll roll it back."Upon returning the next day, Sheldon learned his security badge didn't work, either. The security guard at the front desk had to call Gene for authorization. Still too much of a wimp to show his face, Gene just told him to let Sheldon through."He couldn't even get my last day right," Sheldon said with a chuckle.Gene kept his distance whole day. Sheldon left at 4:00 PM again, this time headed for the whiskey bar with a few ex-colleagues to celebrate freedom. [Advertisement] Universal Package Manager - ProGet easily integrates with your favorite Continuous Integration and Build Tools, acting as the central hub to all your essential components. Learn more today!