"Adding an account on Mint.com, it asks for the last 4 digits of my SSN and for the first 3 digits," John A. wrote, "Seriously? There are only 100 combinations left to guess the full SSN!"

When you read a lot of bad code, you start to get a sense of why the code exists. Often, it’s ignorance- of the language, of the functional requirements, of basic logic. Sometimes, it’s management interference, and the slavish adherence to policy over practicality. Other times, it’s just lazy or sloppy work.

And sometimes, the mysterious logic that gave birth to a WTF is just that- a mystery.

Secure Development

2014-04-16

Steven's multi-billion dollar tech firm spared no expense in providing him two computers. One was stuffed in a broom closet down the hall; he used it for email, Internet access, and other administrative items. At his cubicle sat the computer on which he did all his programming, connected to the company's separated development environment (SDE).

The SDE was a company-wide network that existed in parallel to the normal network. No Internet connectivity, and login was only possible with an RSA SecurID dongle. The stated purpose was to provide a secure environment for software development. The other devs on Steven's team had their own SDE boxes for the same purpose.

Bank of the West Los Altos branch vault

I Had My Reasons

2014-04-15

Trevor spent a huge amount of time writing a 2,000,000+ PHP/JavaScript/HTML system for an e-commerce company. Like a few other I'm-Special geniuses in our field, he believed that he could do it better than everyone else. For this reason, he came up with his own way of doing things. Database queries. Date-time logic. You name it.

Back around the turn of the century, governments were a different place to work at. The public trough, while not as fat as it had been, was still capable of providing funding for boondoggles handed out to friends and family. This was before deficit hawks made a sport of picking off small cost overruns that scurried around the fields of government largesse. Before billions was spent on wars of questionable necessity. Before mayors broke down the stereotype that all crack addicts were skinny.

In this heyday, Ray worked for a government department that contracted, managed and passed-through telecommunications services from external providers to other government departments. The department's central billing and administration system was built and run on the Ingres ABF framework and it's origin dated back to the early 90's. What's more, as soon as the application could be put into minimal funding status, it was. Even in the heady Internet bubble days, no money was spent beyond what was needed to keep the application running.

"I was hoping to take a trip to Hong Kong, but NON-STATIC METHOD seems to be a good value," writes Ryan.

Don't forget, The Daily WTF loves terrible emails. If you have some to share, mail in your mail!


Perfectly Safe to Open This (from Alex)

The Java-based application that Dan M. supports does something that is frequently accomplished by applications the world over - based on the value of a passed string containing a valid date, convert it to datetime. Simple stuff. Java even has built-ins to make this task even easier.

Well, the developer behind the below code decided to take the idea of date conversion using Java's built-ins and run with it ...way off of the reservation.

In the ancient time of 2008, people were still using Lotus Notes. Rumor has it that some still do, even today. Danny worked for an IBM partner which was a “full service” provider. It was the kind of company that you’d leas your entire IT infrastructure from, from servers to desktops and soup to nuts.

Their newest client was the state Nursing Board, the government agency responsible for keeping track of every nurse in the state- when they became a nurse, when they last paid to renew their license, any complaints or reports. From the IT side, this involved tracking payments, physical documents, and navigating custom Lotus Notes applications developed by the Board’s own development team. It was a giant pile of confusion with a highly manual and error prone process.

JH supports web-based property management software, which is exactly as exciting as it sounds. We've all been there: obsolete tech—their database was running SQL Server 2000 long past its sunset date—and outsourced development. The Indian office had a problem to solve: they'd already written a database function to return all completed work orders for a given tenant's unit, but since notifications were only sent once a day, the client wanted to scoop up any work orders from the previous day that were completed after that day's notification was sent. JH could have modified the function to look back at the previous day in five minutes, but then his company would have missed out on the incredible cost and efficiency gains of offshoring. Instead, JH was tasked with reviewing the code. The first thing he noticed was that, instead of just comparing the work order dates to the current date using SQL Server's GETDATE() function, the technician did this:

where datediff(day, @asofDate, wo.DTWCOMPL) between -1 and 0

View Article Archives >>