Comment On The Apologetic Coder

omg

He's sorry? I'm sorry that I even looked at that.

Best WTF in ages.

Hey!

At least the code is thoroughly commented!!

Sweet. Reaaly sweet. Really, really sweet

Oh. My. God.

Not only is that a bad hack, but it looks like it might be a security problem waiting to happen.

Oh...my...

I didn't know that the concept of screen scraping could get this ugly. But this guy managed to do it.

Short list of "What ifs?":

What if session debugging was shut off? (Aaron found that one)
What if the log files got archived before being able to be read?
What if the log files had a file system level error and could not be opened or read?
What if the AccountID variable was moved elsewhere in the logs?

What was this guy thinking?!

I am *very* curious to know what the original problem was; and how simple it was to correct!

I've seen a lot of WTFs, on this site and it the wild, but this is the first one that actually made my blood run cold.

What if the account number went to a 7 character length?

gobsmacked
tears of disbelief
head shaking
speechless
omg

I was honestly planning on removing this tomorrow,

Obviously, it did not get removed.  So, was this programmer psychic?  I see this as a "sort of" message-in-a-bottle, let loose for someone to discover one day far in the future (hopefully, after he/she has left the organization)

Anonymous:

I've seen a lot of WTFs, on this site and it the wild, but this is the first one that actually made my blood run cold.

Agreed. This one had me in total shock. I had this feeling in my head and chest -- a scream trying to escape, being held back only by the knowledge that it'd probably get me fired.

Seriously, what was this dude thinking? Using the log file as a data file? Yikes. Disaster waiting to happen.

Even if none of the what if's happen I can't imagine the extra file access helps the performance either.

ParkinT:

Obviously, it did not get removed.  So, was this programmer psychic?  I see this as a "sort of" message-in-a-bottle, let loose for someone to discover one day far in the future (hopefully, after he/she has left the organization)

Pre-emptive apology. The wave of the future.

So, to get the account ID, the code has to scan through "a few hundred megabytes?"

Nice.

/* I'm so sorry, Current Developer
 * I'm so sorry if I've caused you any pain today.
 * I'm so sorry, Current Developer
 * But the IM beeps my tone
 * And I'm so easily called away...
 */

Can we *finally* after all these years of bickering unanimously agree that this is a great WTF ??

A classic!  WTF++ !

What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

ParkinT:

I am *very* curious to know what the original problem was; and how simple it was to correct!

Alex Papadimoulis:

if ( (AccountId == NULL) || (AccountId == "") ||

     (ServerSesion["AccountId"] == NULL) || (ServerSesion["AccountId"] == "") )

This guy went or-happy. He's trying to account for situations where both the native and session AccountID variables are unset. Instead, he accounted for cases when either of them isn't. Fool.

Holy god.

The list of "what if?" questions could go on forever.

Asynchronous logging?
Users on proxies?
Any sort of malicious user at all, ever?

jspenguin:

What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

C#



A real bad WTF. Think of people behind NAT firewalls, proxies...

ParkinT:

I was honestly planning on removing this tomorrow,

Obviously, it did not get removed.  So, was this programmer psychic?  I see this as a "sort of" message-in-a-bottle, let loose for someone to discover one day far in the future (hopefully, after he/she has left the organization)

I was thinking the same thing.  Look at this again:

This is bad. Reaaly bad. It's a really, really bad hack. If you're an employee of Intertrode Communication, then I'm really, really sorry that you have to maintain this. I was honestly planning on removing this tomorrow...

He knew he was planning to leave it in.

(ServerSesion["AccountId"] == NULL) || (ServerSesion["AccountId"] == "") )

I'm not sure which programming language this is, either, but if it's a scripting 
language that doesn't require variable declarations, it's possible that his
problem is a simple misspelling of "Session" ("Sesion"). He may be declaring a 
new hash/dictionary variable and then looking for a key in it, all at once.

Oh, I see funny WTFs but man...

The comments "set abc equals True" can unhelpful, but this is the prime example of bad comments.  He might as well have a header file indexing all the sections of hacks he made!

The comment is wtf.
The code is wtf.
The logic is wtf.

Let's not forget that ServerSession is spelled incorrectly :|

Alex Papadimoulis:

?AccountId=123456

 

I take it thats not a querystring variable?!? that would be to easy...

NOOOOOOOOO! [:'(]

All that crappy code I see every day doesn't seem that bad after all.

I would like to hire this guy. Good laughs garanteed. He can generate new WTFs at a daily basis for team amusement.

Ok, color me shocked beyond disbelief: if it can be found in the output file (I presume that the statements are written explicitly by the application with output statements somewhere) why couldn't he do a text editor search for the strings in the code that are written out, or even search for the text that is the debug output call, and trace back from there????  Even without that, there's always running things through the debugger and tracking where and when (within a reasonable value, based on buffering, and perhaps the debugger output code being buried within a library you don't have the source code for) the ID is written out, and backtracking from there.  Perhaps I'm smoking crack, but I'm thinking that would take less time to do than to figure out how to scan through all the debug output, and writing code to parse that, and test that mess to see that it appears to work at least some of the time...[:'(]

WTF Batman:

(ServerSesion["AccountId"] == NULL) || (ServerSesion["AccountId"] == "") )

I'm not sure which programming language this is, either, but if it's a scripting 
language that doesn't require variable declarations, it's possible that his
problem is a simple misspelling of "Session" ("Sesion"). He may be declaring a 
new hash/dictionary variable and then looking for a key in it, all at once.

Nice catch, I mean I've done it, misspelled a word somewhere and took forever to find it but this takes it to a whole new level.

So you wondered why you're bank's online site ran so slow?  Now you know!  ROFL

Reads the *entire* log file, even after finding the account id? WTF?!

Dave

connected:

ParkinT:

I am *very* curious to know what the original problem was; and how simple it was to correct!

Alex Papadimoulis:

if ( (AccountId == NULL) || (AccountId == "") ||

     (ServerSesion["AccountId"] == NULL) || (ServerSesion["AccountId"] == "") )

This guy went or-happy. He's trying to account for situations where both the native and session AccountID variables are unset. Instead, he accounted for cases when either of them isn't. Fool.

If you look carefully, the set of ORs is to trigger this incredulous block of code.  Confirmed by his comment "I can't seem to figure out why the AccountId variable isn't set."

So, still, I have a strong belief the original problem was quite simple and would have been easier to find/fix (with a little good troubleshooting) than writing/testing/verifying this piece of crap block of code.

 

I am reminded of an incident, when working for a very large telecommunications manufacturer, who shall remain nameless (but their logo looks like the imprint left on the table from a wet coffee mug) and saw some of the C (not C++) source code for one of the systems.  There was a comment as follows:

// I don't know why this works but leave it here.  We can fix it later

This was a production device that had been updated and upgraded numerous times over many, many years without this issue being addressed.  The general attitude was, "It works, don't mess with it".

 

ammoQ:

jspenguin:

What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

C#

A real bad WTF. Think of people behind NAT firewalls, proxies...

My guess is actually C++.  Looks like he might be mixing in some C-ish function calls and typedefs.  Unless the guy really had no clue (and decided to write his own file library while he was at this hack), things like the following make be believe this is a mash of C/C++

f_open(LOG_PATH + "\sessionlog-" + LOG_FILE_DATE + ".log", 1);
  while (file != NULL)

C# doesn't have a NULL contant, it does have null, though. Unless he's got lots of member functions for dealing with the file, f_open, f_EOF and f_close (why, for the love of god would one do that...), and a constant NULL defined somewhere, this has got to be C/C++ and not C#.

Anonymous:

ammoQ:

jspenguin:

What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

C#

A real bad WTF. Think of people behind NAT firewalls, proxies...

My guess is actually C++.  Looks like he might be mixing in some C-ish function calls and typedefs.  Unless the guy really had no clue (and decided to write his own file library while he was at this hack), things like the following make be believe this is a mash of C/C++

f_open(LOG_PATH + "\sessionlog-" + LOG_FILE_DATE + ".log", 1);
  while (file != NULL)

C# doesn't have a NULL contant, it does have null, though. Unless he's got lots of member functions for dealing with the file, f_open, f_EOF and f_close (why, for the love of god would one do that...), and a constant NULL defined somewhere, this has got to be C/C++ and not C#.

The "TString" should be the biggest clue.

Anonymous:

Let's not forget that ServerSession is spelled incorrectly :|

Two words... Peer Review.

At least he was polite!

And at least he didn't pretend that his solution was any good.

Anonymous:

Anonymous:

Let's not forget that ServerSession is spelled incorrectly :|

Two words... Peer Review.

This guy apparently has no peers.  He may have no friends (that would explain the apologetic tone in his comments)

WWPD

What Would Paula Do?

Alex Papadimoulis:

  while (file != NULL)
  {
    ...
  }

Why use "if" while you can have "while". I wonder WTF if is for.

At least the original coder explained the reason for the hack and what needs to be done to get rid of it. Yes, it's a really, really, bad hack but sometimes you gotta do what you gotta do.

Anonymous:

ammoQ:

jspenguin:

What language is that? It's not C, it's not Java, it's not VB, it's not Perl or PHP.

C#

A real bad WTF. Think of people behind NAT firewalls, proxies...

My guess is actually C++.  Looks like he might be mixing in some C-ish function calls and typedefs.  Unless the guy really had no clue (and decided to write his own file library while he was at this hack), things like the following make be believe this is a mash of C/C++

f_open(LOG_PATH + "\sessionlog-" + LOG_FILE_DATE + ".log", 1);
  while (file != NULL)

C# doesn't have a NULL contant, it does have null, though. Unless he's got lots of member functions for dealing with the file, f_open, f_EOF and f_close (why, for the love of god would one do that...), and a constant NULL defined somewhere, this has got to be C/C++ and not C#.

If this is C++, there are even more WTFs. Like custom string classes, a reimplementation of the C file I/O system, using the character '\' in an inline string, and using the integer "1" instead of a mode like FILE_READ in the f_open call.

Holy crap, I would never have even thought of doing something like
that. That's ... freakin' terrible. Very good wtf though. Can't believe
production code relies on debugging logs ... wow.

Kudos for him to find this "hack" the day before he quit his job, so at least the darn thing would work - but the real WTF is that he didnt bother to break out of his loop after he found  a match!

 

 

So I guess nobody at Aaron's company bothers to do code reviews.
I can't imagine someone writing apologies for putting in super-WTF code if they knew that their manager or peers might review it.
I think this is the first WTF I've seen on this site where the programmer knew he was doing the wrong thing, apologized for it and then went ahead and did it anyway!

That takes the cake.

tiktin:

Reads the *entire* log file, even after finding the account id? WTF?!

Well, of course he does - after all, if he didn't read all the way through to the end, it might not close properly.

Anonymous:

ammoQ:

jspenguin:

What language is that? It's not C, it's not Java, it's
not VB, it's not Perl or PHP.

C#

A real bad WTF. Think of people behind NAT firewalls, proxies...

My guess is actually C++.  Looks like he might be mixing in some C-ish function calls and typedefs.  Unless the guy really
had no clue (and decided to write his own file library while he was at
this hack), things like the following make be believe this is a mash of
C/C++

f_open(LOG_PATH + "\sessionlog-" + LOG_FILE_DATE + ".log", 1);
  while (file != NULL)

C# doesn't have a NULL contant, it does have null, though. Unless
he's got lots of member functions for dealing with the file, f_open,
f_EOF and f_close (why, for the love of god would one do that...), and
a constant NULL defined somewhere, this has got to be C/C++ and not C#.

Hard to tell. The NULL constant is odd, but of course the guy could have defined it himself.

It can't be C, because string concatenation with + is not possible in
C. Many of the functions (or methods) have names resembling C standard
library functions, but in C, it's fopen, not f_open.

I don't know, I think Alex's edits may be causing the confusion. The ServerSesion["AccountId"] would point to c# but everything else points to c or c++.

I don't see what the big deal is. This is really genius actually. He's got a situation where some data is getting lost, so he has the system auto-recover by pulling it out of some log files. Basically it’s an intelligent self-correcting file cache on the server…. Brilliant!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

No I’m fucking with you. This is the worst piece of crap I’ve ever seen. The comments make it look like he needed to leave for the day, so hey how about NOT CHECKING IN YOUR CODE ASSHAT! Step away from the keyboard, and return fresh tomorrow….. Geeze, and how this then made it into production is a complete WTF. Why oh why would anyone ever even think of such a thing is beyond me….

 

-Me

 

Anonymous:

I don't know, I think Alex's edits may be causing the confusion. The ServerSesion["AccountId"] would point to c# but everything else points to c or c++.

Wild guess: This is a C program translated to C# in a quick and dirty fashion.