The Daily WTF: Curious Perversions in Information Technology

cURLing Up With a Good Hook

by Dan J. in Feature Articles on 2014-04-30

A year into his gig as a senior web developer for ClientServiCo, Eddie felt like he had a good grip on the many disparate systems he and his team had built for their clients over the years. Like most web-dev firms formed during the first bubble, the ClientServiCo team had survived by adopting whatever tools were the right combination of familiar, popular, and available at the time. This approach, while allowing them to be flexible in conforming to their clients' needs, also left a tangled legacy spread across a constellation of web hosts. Yeah, it was kludgy in parts. Sure, Eddie would look at some parts and wonder if the coder was high at the time, but hey - overall, it just worked and nobody complained! ...Then came the notification from their current host that a Drupal installation belonging to a ClientServiCo client was spewing spam and had to be taken offline.

The first oddity Eddie noticed was that Drupal wasn't running the entire site. Instead, it was just a calendar and event-registration system. The administrative section was powered by a CMS that ClientServiCo had written in-house during the aughts, and abandoned years ago in favor of something more robust. Though the site was meant to be accessible to authorized users only, the .htaccess and .htpasswd files which comprised the authorization system were only protecting the third part of the site: a set of static webpages written in FrontPage. With the Drupal system and admin backend both freely accessible from the web, it was incredible that the five year-old site had only recently been compromised. As a simple first step to stop the bleeding, Eddie moved the .htaccess file up one directory to protect the entire web root and trudged on.

77 comments - Last comment @ 2024-01-09

Your Letters are Numbered

by Dan J. in CodeSOD on 2014-04-23

The First Rule of Enterprise Software is: don't talk about enterprise software. The Second Rule of Enterprise Software is: when you do talk about enterprise software, make references to stylish dramas from the '90s starring Brad Pitt and Edward Norton to make it seem more exciting. However, the most important rule of enterprise software by far is Rule Number Three: Even the simplest little things can't be simple. Arthur was reminded of Rule Number Three on a recent trip into his employer's company-wide database.

The codebase Arthur maintained had a method for just about everything. "Hah!" You're probably thinking. "I bet it doesn't have a method that returns an array containing the letters of the English alphabet!" Well, Hah! yourself: stumbling across a call to GetAlphabetForHouseCombinedPortfolios in the bloated, inappropriately-generic UploadingTool class, Arthur was curious. Would it contain a hard-coded list of letters? A complex mathematical formula dependent on the current date that would baffle everyone by returning Hebrew when the clock switched out of daylight-savings time? No, like all proper enterprise solutions, the method invoked a stored procedure in the database. And that's why Arthur is proud to present sp_UploadingToolGetAlphabetForHouseCombinedPortfolios:

101 comments - Last comment @ 2018-02-08

Offshore Obfuscation

by Dan J. in CodeSOD on 2014-04-07

JH supports web-based property management software, which is exactly as exciting as it sounds. We've all been there: obsolete tech—their database was running SQL Server 2000 long past its sunset date—and outsourced development. The Indian office had a problem to solve: they'd already written a database function to return all completed work orders for a given tenant's unit, but since notifications were only sent once a day, the client wanted to scoop up any work orders from the previous day that were completed after that day's notification was sent. JH could have modified the function to look back at the previous day in five minutes, but then his company would have missed out on the incredible cost and efficiency gains of offshoring. Instead, JH was tasked with reviewing the code. The first thing he noticed was that, instead of just comparing the work order dates to the current date using SQL Server's GETDATE() function, the technician did this:

where datediff(day, @asofDate, wo.DTWCOMPL) between -1 and 0

63 comments - Last comment @ 2014-04-15