• :-O (unregistered)

    omg

  • (cs)

    He's sorry? I'm sorry that I even looked at that.

  • super ninja (unregistered)

    Best WTF in ages.

  • (cs)

    Hey!

    At least the code is thoroughly commented!!

  • l1 (unregistered)

    Sweet. Reaaly sweet. Really, really sweet

  • Scared Silly (unregistered)

    Oh. My. God.

    Not only is that a bad hack, but it looks like it might be a security problem waiting to happen.

  • Jay (unregistered)

    Oh...my...

    I didn't know that the concept of screen scraping could get this ugly. But this guy managed to do it.

    Short list of "What ifs?":

    What if session debugging was shut off? (Aaron found that one)
    What if the log files got archived before being able to be read?
    What if the log files had a file system level error and could not be opened or read?
    What if the AccountID variable was moved elsewhere in the logs?

    What was this guy thinking?!

  • (cs)

    I am very curious to know what the original problem was; and how simple it was to correct!

  • erowid (unregistered) in reply to Jay

    I've seen a lot of WTFs, on this site and it the wild, but this is the first one that actually made my blood run cold.

  • Ronin (unregistered) in reply to ParkinT

    What if the account number went to a 7 character length?

  • Trevor Raynsford (unregistered)

    gobsmacked
    tears of disbelief
    head shaking
    speechless
    omg

  • (cs)

    <FONT color=#008200>I was honestly planning on removing this tomorrow,</FONT>

    <FONT color=#008200>

    </FONT>

    <FONT color=#000000>Obviously, it did not get removed.  So, was this programmer psychic?  I see this as a "sort of" message-in-a-bottle, let loose for someone to discover one day far in the future (hopefully, after he/she has left the organization)</FONT>

  • (cs) in reply to erowid
    Anonymous:
    I've seen a lot of WTFs, on this site and it the wild, but this is the first one that actually made my blood run cold.


    Agreed. This one had me in total shock. I had this feeling in my head and chest -- a scream trying to escape, being held back only by the knowledge that it'd probably get me fired.

    Seriously, what was this dude thinking? Using the log file as a data file? Yikes. Disaster waiting to happen.
  • (cs)

    Even if none of the what if's happen I can't imagine the extra file access helps the performance either.

  • (cs) in reply to ParkinT
    ParkinT:

    <font color="#000000">Obviously, it did not get removed.  So, was this programmer psychic?  I see this as a "sort of" message-in-a-bottle, let loose for someone to discover one day far in the future (hopefully, after he/she has left the organization)</font>



    Pre-emptive apology. The wave of the future.
  • (cs)

    So, to get the account ID, the code has to scan through "a few hundred megabytes?"

    Nice.

  • (cs)

    /* I'm so sorry, Current Developer
     * I'm so sorry if I've caused you any pain today.
     * I'm so sorry, Current Developer
     * But the IM beeps my tone
     * And I'm so easily called away...
     */

  • (cs) in reply to loneprogrammer

    Can we finally after all these years of bickering unanimously agree that this is a great WTF ??

    A classic!  WTF++ !

  • (cs)

    What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

  • (cs) in reply to ParkinT

    ParkinT:
    I am *very* curious to know what the original problem was; and how simple it was to correct!

    Alex Papadimoulis:

    if ( (AccountId == NULL) || (AccountId == "") ||
         (ServerSesion["AccountId"] == NULL) || (ServerSesion["AccountId"] == "") )

    This guy went or-happy. He's trying to account for situations where both the native and session AccountID variables are unset. Instead, he accounted for cases when either of them isn't. Fool.

  • ' OR 1 (unregistered)

    Holy god.

    The list of "what if?" questions could go on forever.

    Asynchronous logging? Users on proxies? Any sort of malicious user at all, ever?

  • (cs) in reply to jspenguin
    jspenguin:
    What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

    C#

    A real bad WTF. Think of people behind NAT firewalls, proxies...
  • Jake (unregistered) in reply to ParkinT
    ParkinT:

    <FONT color=#008200>I was honestly planning on removing this tomorrow,</FONT>

    <FONT color=#008200>

    </FONT>

    <FONT color=#000000>Obviously, it did not get removed.  So, was this programmer psychic?  I see this as a "sort of" message-in-a-bottle, let loose for someone to discover one day far in the future (hopefully, after he/she has left the organization)</FONT>

    I was thinking the same thing.  Look at this again:

    <FONT color=#008200>This is bad. Reaaly bad. It's a really, really bad hack. If you're an employee of Intertrode Communication, then I'm really, really sorry that you have to maintain this. I was honestly planning on removing this tomorrow...
    </FONT>

    <FONT color=#008200>He knew he was planning to leave it in.</FONT>

  • (cs)

    (ServerSesion["AccountId"] == NULL) || (ServerSesion["AccountId"] == "") )

    I'm not sure which programming language this is, either, but if it's a scripting
    language that doesn't require variable declarations, it's possible that his
    problem is a simple misspelling of "Session" ("Sesion"). He may be declaring a
    new hash/dictionary variable and then looking for a key in it, all at once.

  • (cs) in reply to connected

    Oh, I see funny WTFs but man...

    The comments "set abc equals True" can unhelpful, but this is the prime example of bad comments.  He might as well have a header file indexing all the sections of hacks he made!

    The comment is wtf.
    The code is wtf.
    The logic is wtf.

  • Asztal (unregistered)

    Let's not forget that ServerSession is spelled incorrectly :|

  • XioPod (unregistered)

    Alex Papadimoulis:
    ?AccountId=123456

     

    I take it thats not a querystring variable?!? that would be to easy...

  • Just an other application maintenance engineer (unregistered) in reply to WTF Batman

    NOOOOOOOOO! [:'(]

    All that crappy code I see every day doesn't seem that bad after all.

    I would like to hire this guy. Good laughs garanteed. He can generate new WTFs at a daily basis for team amusement.

  • Jonathan Thompson (unregistered)

    Ok, color me shocked beyond disbelief: if it can be found in the output file (I presume that the statements are written explicitly by the application with output statements somewhere) why couldn't he do a text editor search for the strings in the code that are written out, or even search for the text that is the debug output call, and trace back from there????  Even without that, there's always running things through the debugger and tracking where and when (within a reasonable value, based on buffering, and perhaps the debugger output code being buried within a library you don't have the source code for) the ID is written out, and backtracking from there.  Perhaps I'm smoking crack, but I'm thinking that would take less time to do than to figure out how to scan through all the debug output, and writing code to parse that, and test that mess to see that it appears to work at least some of the time...[:'(]

  • psullivan (unregistered) in reply to WTF Batman
    WTF Batman:
    (ServerSesion["AccountId"] == NULL) || (ServerSesion["AccountId"] == "") )

    I'm not sure which programming language this is, either, but if it's a scripting
    language that doesn't require variable declarations, it's possible that his
    problem is a simple misspelling of "Session" ("Sesion"). He may be declaring a
    new hash/dictionary variable and then looking for a key in it, all at once.


    Nice catch, I mean I've done it, misspelled a word somewhere and took forever to find it but this takes it to a whole new level.
  • xcor057 (unregistered)

    So you wondered why you're bank's online site ran so slow?  Now you know!  ROFL

  • (cs)

    Reads the entire log file, even after finding the account id? WTF?!

    Dave

  • (cs) in reply to connected
    connected:

    ParkinT:
    I am *very* curious to know what the original problem was; and how simple it was to correct!

    Alex Papadimoulis:

    if ( (AccountId == NULL) || (AccountId == "") ||
         (ServerSesion["AccountId"] == NULL) || (ServerSesion["AccountId"] == "") )

    This guy went or-happy. He's trying to account for situations where both the native and session AccountID variables are unset. Instead, he accounted for cases when either of them isn't. Fool.

    If you look carefully, the set of ORs is to trigger this incredulous block of code.  Confirmed by his comment "<FONT color=#008200>I can't seem to figure out why the AccountId variable isn't set.</FONT><FONT color=#000000>" </FONT>

    <FONT color=#000000>So, still, I have a strong belief the original problem was quite simple and would have been easier to find/fix (with a little good troubleshooting) than writing/testing/verifying this piece of crap block of code.</FONT>

     

    I am reminded of an incident, when working for a very large telecommunications manufacturer, who shall remain nameless (but their logo looks like the imprint left on the table from a wet coffee mug) and saw some of the C (not C++) source code for one of the systems.  There was a comment as follows:

    // I don't know why this works but leave it here.  We can fix it later

    This was a production device that had been updated and upgraded numerous times over many, many years without this issue being addressed.  The general attitude was, "It works, don't mess with it".

     

  • diaphanein (unregistered) in reply to ammoQ

    ammoQ:
    jspenguin:
    What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

    C#

    A real bad WTF. Think of people behind NAT firewalls, proxies...

    My guess is actually C++.  Looks like he might be mixing in some C-ish function calls and typedefs.  Unless the guy really had no clue (and decided to write his own file library while he was at this hack), things like the following make be believe this is a mash of C/C++

    f_open(LOG_PATH + "\sessionlog-" + LOG_FILE_DATE + ".log", 1);
      while (file != NULL)

    C# doesn't have a NULL contant, it does have null, though. Unless he's got lots of member functions for dealing with the file, f_open, f_EOF and f_close (why, for the love of god would one do that...), and a constant NULL defined somewhere, this has got to be C/C++ and not C#.

  • (cs) in reply to diaphanein
    Anonymous:

    ammoQ:
    jspenguin:
    What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

    C#

    A real bad WTF. Think of people behind NAT firewalls, proxies...

    My guess is actually C++.  Looks like he might be mixing in some C-ish function calls and typedefs.  Unless the guy really had no clue (and decided to write his own file library while he was at this hack), things like the following make be believe this is a mash of C/C++

    f_open(LOG_PATH + "\sessionlog-" + LOG_FILE_DATE + ".log", 1);
      while (file != NULL)

    C# doesn't have a NULL contant, it does have null, though. Unless he's got lots of member functions for dealing with the file, f_open, f_EOF and f_close (why, for the love of god would one do that...), and a constant NULL defined somewhere, this has got to be C/C++ and not C#.

    The "TString" should be the biggest clue.

  • lazyjay (unregistered) in reply to Asztal

    Anonymous:
    Let's not forget that ServerSession is spelled incorrectly :|

    Two words... Peer Review.

  • (cs) in reply to ParkinT

    At least he was polite!

    And at least he didn't pretend that his solution was any good.

  • (cs) in reply to lazyjay
    Anonymous:

    Anonymous:
    Let's not forget that ServerSession is spelled incorrectly :|

    Two words... Peer Review.

    This guy apparently has no peers.  He may have no friends (that would explain the apologetic tone in his comments)

  • (cs)

    <FONT style="BACKGROUND-COLOR: #ffff00" size=6>WWPD</FONT>

    <FONT size=4>What Would Paula Do?</FONT>

  • SuperCoder.toString() (unregistered)
    Alex Papadimoulis:

      while (file != NULL)
    {
    ...
    }


    Why use "if" while you can have "while". I wonder WTF if is for.
  • Dan (unregistered)

    At least the original coder explained the reason for the hack and what needs to be done to get rid of it. Yes, it's a really, really, bad hack but sometimes you gotta do what you gotta do.

  • .* (unregistered) in reply to diaphanein
    Anonymous:

    ammoQ:
    jspenguin:
    What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

    C#

    A real bad WTF. Think of people behind NAT firewalls, proxies...

    My guess is actually C++.  Looks like he might be mixing in some C-ish function calls and typedefs.  Unless the guy really had no clue (and decided to write his own file library while he was at this hack), things like the following make be believe this is a mash of C/C++

    f_open(LOG_PATH + "\sessionlog-" + LOG_FILE_DATE + ".log", 1);
      while (file != NULL)

    C# doesn't have a NULL contant, it does have null, though. Unless he's got lots of member functions for dealing with the file, f_open, f_EOF and f_close (why, for the love of god would one do that...), and a constant NULL defined somewhere, this has got to be C/C++ and not C#.

    If this is C++, there are even more WTFs. Like custom string classes, a reimplementation of the C file I/O system, using the character '' in an inline string, and using the integer "1" instead of a mode like FILE_READ in the f_open call.

  • (cs)

    Holy crap, I would never have even thought of doing something like that. That's ... freakin' terrible. Very good wtf though. Can't believe production code relies on debugging logs ... wow.

  • ChiefCrazyTalk (unregistered) in reply to whojoedaddy

    Kudos for him to find this "hack" the day before he quit his job, so at least the darn thing would work - but the real WTF is that he didnt bother to break out of his loop after he found  a match!

     

     

  • (cs)

    So I guess nobody at Aaron's company bothers to do code reviews.
    I can't imagine someone writing apologies for putting in super-WTF code if they knew that their manager or peers might review it.
    I think this is the first WTF I've seen on this site where the programmer knew he was doing the wrong thing, apologized for it and then went ahead and did it anyway!

    That takes the cake.

  • Alun Jones (unregistered) in reply to tiktin

    tiktin:
    Reads the *entire* log file, even after finding the account id? WTF?!

    Well, of course he does - after all, if he didn't read all the way through to the end, it might not close properly.

  • (cs) in reply to diaphanein
    Anonymous:

    ammoQ:
    jspenguin:
    What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

    C#

    A real bad WTF. Think of people behind NAT firewalls, proxies...

    My guess is actually C++.  Looks like he might be mixing in some C-ish function calls and typedefs.  Unless the guy really had no clue (and decided to write his own file library while he was at this hack), things like the following make be believe this is a mash of C/C++

    f_open(LOG_PATH + "\sessionlog-" + LOG_FILE_DATE + ".log", 1);
      while (file != NULL)

    C# doesn't have a NULL contant, it does have null, though. Unless he's got lots of member functions for dealing with the file, f_open, f_EOF and f_close (why, for the love of god would one do that...), and a constant NULL defined somewhere, this has got to be C/C++ and not C#.



    Hard to tell. The NULL constant is odd, but of course the guy could have defined it himself.
    It can't be C, because string concatenation with + is not possible in C. Many of the functions (or methods) have names resembling C standard library functions, but in C, it's fopen, not f_open.


  • asdf (unregistered) in reply to jspenguin

    I don't know, I think Alex's edits may be causing the confusion. The ServerSesion["AccountId"] would point to c# but everything else points to c or c++.

  • (cs)

    <FONT face=Verdana size=2>I don't see what the big deal is. This is really genius actually. He's got a situation where some data is getting lost, so he has the system auto-recover by pulling it out of some log files. Basically it’s an intelligent self-correcting file cache on the server…. Brilliant!</FONT>

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p><FONT face=Verdana size=2> </FONT></o:p>

    <o:p><FONT face=Verdana size=2> </FONT></o:p>

    <o:p><FONT face=Verdana size=2> </FONT></o:p>

    <o:p><FONT face=Verdana size=2></FONT></o:p> 

    <o:p><FONT face=Verdana size=2></FONT></o:p> 

    <o:p><FONT face=Verdana size=2></FONT></o:p> 

    <o:p><FONT face=Verdana size=2></FONT></o:p> 

    <o:p><FONT face=Verdana size=2></FONT></o:p> 

    <o:p></o:p> 

    <o:p><FONT face=Verdana size=2> </FONT></o:p>

    <o:p><FONT face=Verdana size=2> </FONT></o:p>

    <o:p><FONT face=Verdana size=2> </FONT></o:p>

    <o:p><FONT face=Verdana size=2> </FONT></o:p>

    <o:p><FONT face=Verdana size=2> </FONT></o:p>

    <o:p><FONT face=Verdana size=2> </FONT></o:p>

    <FONT face=Verdana size=2>No I’m fucking with you. This is the worst piece of crap I’ve ever seen. The comments make it look like he needed to leave for the day, so hey how about NOT CHECKING IN YOUR CODE ASSHAT! Step away from the keyboard, and return fresh tomorrow….. Geeze, and how this then made it into production is a complete WTF. Why oh why would anyone ever even think of such a thing is beyond me…. </FONT>

    <o:p><FONT face=Verdana size=2> </FONT></o:p>

    <FONT face=Verdana size=2>-Me</FONT>

     

  • (cs) in reply to asdf
    Anonymous:
    I don't know, I think Alex's edits may be causing the confusion. The ServerSesion["AccountId"] would point to c# but everything else points to c or c++.


    Wild guess: This is a C program translated to C# in a quick and dirty fashion.

Leave a comment on “The Apologetic Coder”

Log In or post as a guest

Replying to comment #:

« Return to Article