The Daily WTF: Curious Perversions in Information Technology

One Version of Events

by Remy Porter in Feature Articles on 2026-02-10

Jon supports some software that's been around long enough that the first versions of the software ran on, and I quote, "homegrown OS". They've long since migrated to Linux, and in the process much of their software remained the same. Many of the libraries that make up their application haven't been touched in decades. Because of this, they don't really think too much about how they version libraries; when they deploy they always deploy the file as mylib.so.1.0. Their RPM post-install scriptlet does an ldconfig after each deployment to get the symlinks updated.

For those not deep into Linux library management, a brief translation: shared libraries in Linux are .so files. ldconfig is a library manager, which finds the "correct" versions of the libraries you have installed and creates symbolic links to standard locations, so that applications which depend on those libraries can load them.

7 comments - Last comment @ 14:59

Invalid Passport

by Remy Porter in CodeSOD on 2026-02-09

Gretchen wanted to, in development, disable password authentication. Just for a minute, while she was testing things. That's when she found this approach to handling authentication.

passport.authenticate('local', { session: true }, async (err, user) => {
  if (err) {
    res.send({ success: false, message: 'Error authenticating user.' })
  } else if (!user) {
    User.query()
      .where({ username: req.body.username })
      .first()
      .then(targetUser => {
        if (targetUser) {
          const hash = User.hashPassword(
            targetUser.password_salt,
            req.body.password
          )
          if (hash === targetUser.password_hash) {
            res.send({
              success: false,
              message: 'Incorrect username or password.',
            })
          } else {
            res.send({
              success: false,
              message: 'Incorrect username or password.',
            })
          }
        } else {
          res.send({
            success: false,
            message: 'Incorrect username or password.',
          })
        }
      })
      .catch(err => {
        res.send({ success: false, message: 'Internal server error' })
      })
  } else if (user.firstLogin) {
//......
  }
})(req, res, next);

10 comments - Last comment @ 08:29

Brillant Python Programmers

by Remy Porter in CodeSOD on 2026-02-05

Sandra from InitAg (previously) tries to keep the team's code quality up. The team she's on uses CI, code reviews, linting and type checking, and most important: hiring qualified people. Overall, the team's been successful recently. Recently.

The company got its start doing data-science, which meant much of the initial code was written by brilliant PhDs who didn't know the first thing about writing software. Most of that code has been retired, but it is impossible to dispatch all of it.

13 comments - Last comment @ 2026-02-09

This Router Says **** You

by Remy Porter in CodeSOD on 2026-02-04

Denilson uses a password manager, like one should. Except there was a router which simply would not let the password manager fill the password field. Sure, Denilson could just copy and paste, but the question of why remained.

And that meant checking the HTML and JavaScript code the router served up. Just pulling up the dev tools brought up all sorts of "fun" discoveries. For example, the application was built in Vue, a front-end framework. But in addition to using Vue, it also used jQuery for some DOM manipulations. But it didn't just use jQuery. It loaded jquery-3.5.1.slim.min.js directly from its static files. It also loaded vendor.js which also contained the same version of jQuery. At least it was the same version.

19 comments - Last comment @ 2026-02-07

A Percise Parser

by Remy Porter in CodeSOD on 2026-02-03

Thomas worked for a company based in Germany which was looking to expand internationally. Once they started servicing other locales, things started to break. It didn't take long to track the problem down to a very "percise" numeric parser.

handleInput( value ){
   let value_ = value;
   if( value.substring( 0, 1 ) === '+' ){
      value_ = value.substring( 1 );
   }

   value_ = value_.split( '.' ).join( '' );

   if( this.usePercisionIfPercentage && value_.indexOf( ',' ) >= 0 ) {
      const parsedPreValue = value_.split( ',' )[ 0 ];
      const parsedCommaValue = parseInt( value_.split( ',' )[ 1 ], 10 ) < 10 ?
         parseInt( value_.split( ',' )[ 1 ], 10 ) * 10 : value_.split( ',' )[ 1 ].substring( 0, 2 );

      if( parsedCommaValue === 0 ) {
         value_ = parseInt( parsedPreValue, 10 );
      }
      else {
         const parsedValue = parseInt( parsedPreValue + parsedCommaValue, 10 );
         value_ = parseInt( parsedValue, 10 ) / 100;
      }
   }
   
   // do stuff with value_
}

15 comments - Last comment @ 2026-02-06

Wages of Inheritance

by Remy Porter in CodeSOD on 2026-02-02

Tim H writes:

Some say that OOP was the greatest mistake of all. I say they weren't trying hard enough.

15 comments - Last comment @ 2026-02-03

Honorable Conjunctions

by Remy Porter in Representative Line on 2026-01-29

Doreann has touched this particular function many, many times. In all those times, she never noticed this particular little line, dropped in by a third-party contractor that has long since cashed their check and wandered off to other things.

(user?.betaMode || !user?.betaMode) && (specialRuleCode())

18 comments - Last comment @ 2026-01-31

A Field Terned Visible

by Remy Porter in CodeSOD on 2026-01-28

Today's anonymous submitter sends us some C# code. This particular block of code controls whether two different columns are visible on the screen. If the field Dist_Por equals one set of constants, we display one column, if it equals a different constant, we display the other. Seems simple enough.

My question to you is this: how many nested ternaries do you need to solve this problem?

18 comments - Last comment @ 2026-02-02