Forums
Alliteration and an obscure synonym of "jumble". You know that can mean only one thing ... and let me say ... it's a looooong one today!
We'll start out with this simple piece of code that Jake Vinson tripped over while chasing bugs ...
Steve F. works at a large insurance company as a .NET programmer was excited to finally get a chance to use his skills and rewrite a VB6 modules. Unfortunately, since no one really understood how the existing module worked or even all that it did, the spec was basically to make sure the new component acted like the old one.
After a few painful weeks of analysis, Steve finally uncovered how the system did its thing. It was architected to store business rules in the database in pseudo-XML ("pseudo" enough that a regular XML DOM/Parser would not work). After XML was pulled from the database, strings were replaced and extracted in order to build a large VBScript string. The component then instantiated a Scripting Runtime and executed the script.
Ages ago, when I was first learning the syntax and style of T-SQL, I was always trying to figure out when you would ever need to use the ACOS function. Afterall, a relational database didn't seem to be the most conducive place for doing things like trigonometry. But I guess I never thought that way John Watson's colleague did ...
At some point in your career as a programmer, you will be tricked into maintaining a VBA (Visual Basic for Applications, aka Word/Excel macros) application. I'd tell you how to get out of it, but I really don't think it's possible. All I know is that at some point between admitting to have knowledge of Excel and cursing under your breath while typing VBA, you will be coaxed into giving some "quick help" on a spreadsheet.
I suppose one positive in this unfortunate reality is that we all seem to know that VBA maintenance rates slightly higher than dental work on the fun scale. In fact, the only time a VBA "application" elicited a "WTF" reaction from me was when the code was well structured and maintainable. No, seriously, there actually was VBA code like that.
I think that a lot of us cringe at the idea of "hard coding" certain things. Even thought it may be the "right" way to solve the problem, setting that date, name, or ID value in the code just feels awkward to do. I'm guessing that David Grant's predecessors don't quite get that "nails on a chalkboard" feeling when handling errors throughout their application ...
Talanb's colleague was well trained in best-practices. He knew it was a bad idea to hard code things and had a deep undesrtanding of code reuse. He also knew it was awfully silly to create different data structures for entities that were identical. Like a person's name and some coordinates. They're really the same thing if you think about it: firstname/lastname and longitude/lattitude, both just a simple Pair. Making two different structs would be as silly as hard coding your variable names ...
Jay Vashi had always heard rumors of the Yuri, the Mad Ukrainian. During his tenure, Yuri wielded enough power to make big architectural decisions on their projects. Some might say that, in retrospect, this was not the wisest of decisions, as Yuri had the habit of re-implementing framework functionality; array sizing was one of his favorites to do, redo, and redo again. He also had some fairly unique design habits, such as today's example of checking a constant variable in the code against a version listed in the database. It happens to be one of the few pieces of source code that Yuri had not deleted when he left the company ...
Vicky and a handful of colleagues were contracted to help architect and put together a network management system for one of their clients. They did a pretty good job: management appreciated the effort, users were happy, and the code was top-notch. And then they left.
Things, apparently, went down hill from there. They came back a couple years later to try to get the system back up and running. They were amazed at how some of the internal coders maintained the system. For example, they found this rather inventive way of removing colons from MAC address strings from the function that generates them ...
Steve L's was feeling pretty excited to start a new job. The company was getting into some challenging new projects and the guys he met in the interviews seemed bright and knowledgeable about the latest and greatest. Heck, one of them even had a blog.
After working there for a few days, Steve's excitement had faded into bewilderment. He questioned his new coworkers about their uniquely incorrect practices, but they just assured him that it was just different; some shops just did things differently. For example, they felt the need to have one extra layer of confirmation before doing "serious" things. Such "serious" methods would only do their thing when True was passed as the value of the Confirm parameter ...
Some people feel the need to fortify their house with the latest-and-greatest in home security: cameras, motion detectors, heat sensors, armed sentinel robots, etc. Others are really just looking for a "protected by ATP Systems" window decal. I've definitely observed the phenomenon in client websites. Some folks are just interested in a simple, universal password to "block" casual visitors from accessing their pages.
Shaun Dishman knew that his hardware vendor had a site like that with an incredibly obvious password. However, since he couldn't remember if it was their zip code, street address number, or "secret", he just did a quick View Source to find it. Shaun was quite surprised to discovered one of the most interesting WDS (Window Decal Security) implementations ever done ...
I like posting interview stories. They give me a sense of security that some of us are actually out there, stopping some of them from getting in. Of course, we all know they will eventually find a job ... but try not to think about that. No, just consider this nice collection of interview stories submitted anonymously by a forums member named CPound. Ironically, that's the same name as one of my favorite interview stories.
Nah'mean?
Yesterday, I learned an interesting lesson: PHP programmers are rrrreaaaallly sensitive. Honestly, be careful when suggesting that PHP (initially Personal Home Page tools, later changed to one of those ridiculous recursive acronyms, a programming language given for every $2/month web host plan, and a platform freely available for free operating systems), is overwhelmingly popular amongst hobbyist programmers. Don't even think of suggesting that using a scalable, vendor-supported, compiled, type-safe platform, such as ASP.NET or J2EE, is the only way to go for real web applications. You'll really hear it then. Heck, I'll even get some flak for suggesting not to suggest it.
But I digress. Yes, today I wanted to share with you an ASP page that Robin Rawson-Tetley came across while maintaining an e-commerce application at a client site. There was an interesting quirk about the site (naturally unrelated to the bug): when you went to checkout, it displayed the "please wait while we transfer you to our secure checkout" message and "clicked" quite a few times, indicating a lot of page redirects. What Robin discovered was the best way of avoiding Response.Redirect ever ...
It's been quite a while since I've posted PHP code. I tend to avoid posting code in that language since it just too easy of a target: PHP is used primarily by hobbyists and gives you just enough rope to shoot yourself with (need I say more than Variable Variables)? No less, I thought this code was worth sharing.
Submitted anonymously from a patient billing system, the original coder had some rather interesting programming techniques. He didn't quite believe in using variables, so he opted to store everything in the intrinsic Session object. Same thing with all fields in the Post and Get objects; those were always dumped into the Session as well. He just really liked the session. But what really struck me as ... interesting ... about the code was the handling of the "doaction" command submitted by the user ...
Thought I'd do a code-free post with a fun tale from Chris Launey, who works in web operations at a large media/entertainment company. While helping the engineers troubleshoot a problem with Cingular devices being unable to visit WAP sites, they discovered that their load balancer would ignore HTTP requests with more than 2000 bytes in the request header. It was fairly trivial to change the upper limit, but they were all a bit mystified at why a mobile phone would send such huge request headers ...
Were they uu-encoding a picture the user took with the phone and storing it in a cookie? Are they padding requests because they charge by the kilobyte? Turns out there were eighteen different request headers. Including this ...
Taka has the honor of being credited with the most posts from a single submission. I'm sure that's little consolation considering how much money his company spent on this open source1 system, and how much effort it has taken to get it working. No less, today's code is the fourth (parts 1, 2, 3) and final piece from the encryption module.
Note that, before using these "binary math" functions, the module must convert first convert decimals into a hexadecimal string, and then convert the hex string into a binary string ...
A little while back, David Knaack wrote in to tell me about August 29th, a day revered by him and his colleagues. August 29th is, after all Jed Day: the anniversary of Jed's 'de-hiring' date. David explains why they consider this such a celebratory event ...
A few years ago my coworkers and I had the pleasure of working with a unique individual named 'Jed'. He was hired to write the interface portion of a good-sized Delphi application that the company was rushing to get finished for an important client. While Jed was clearly a very bright guy and had an outstanding ability to create and visualize very complex code, he was also completely self-taught and had no experience maintaining projects, and so he generated quite a lot of code that employed some very unusual home-grown design 'patterns'. He had a very deep belief that exception handling was evil and that all methods should instead return a boolean value indicating success or failure. Unfortunately he tended not to check return results in his own code, and had a tendency to wrap code that used exceptions in empty exception handlers. The interface that he produced, while mostly functional, is extraordinarily brittle and nearly unmaintainable. We have encountered so many kinds and instances of bad techniques in his code that we now often refer to any particularly strange or brittle code as 'jedded up', or 'jed-code'. The comments he placed in his code were so unuseful and full of deliberate misspellings and made-up words that we've dubbed the language 'jed-speak',
Every now and then, if the code I posted is especially bad, I'll see quite a few readers question if the code is real. Today I'm expecting to read a lot of those comments. Heck, the first time I saw this code pattern submitted, I thought it was a fake. Seriously, no one would really do this in production code.
The second time it came in, I figured the same thing: just another guy making up a clever submission. By the third or fourth submission, I was pretty convinced that this pattern was real, but I was reluctant to post it because no one else would believe it. And then I spotted it myself. In the wild. On real, production code.
Err, wait ... no, scratch that. It's just a string. Sorry for the disappointment everyone. Dang, I really thought that Paladl had found the ever-so-elusive Superdate. But not this time ... just a string that was a DateTime that was a long that was a double (briefly) that was a Decimal that was a float ...
Tracy McKibben was trudging through code on the hunt for a bug and came across today's example. I was staring at it for a little bit and it got me thinking ... it's time for a new challenge! Think back to the Spot The WTF that I post every once in a while.
Today's challenge is called Fix The WTF and is best enjoyed if you've never programmed anything in T-SQL in your life before. The goal is pretty simple: write T-SQL code to increment a numeric value stored in a CHAR(2) string and see how much faster you can do it than the original "senior programmer" who wrote today's code. Assuming he was a pretty fast copy/paster, I'd say he took two minutes. Allright ... you ready ... set ... go!
If you've been a reading this site for while, you probably remember the Pop-Up Potpourri (and the Redux) from a while back. Well, I've collected another good mix of messages, so here's episode three ...
I've heard a lot of people complain that when you make the tools to build software too easy to use, it ends up making bad code. I necessarily don't buy that argument, but I have to admit it's pretty convincing when people like Matt Groves send in things like SQL Server DTS Wizard complaining about valid code
One of the many things that ASP.NET has made incredibly easy is dynamically showing/hiding text. You just put the text in a Label control and set the Visibility to false. I suppose you could do that with a Literal. Or a PlaceHolder. Or just about any of the System.Web.UI.HtmlControls. But if reeeaaally wanted to get creative, like Gavin's predecessor, you could place two labels around the block to turn it into one big HTML comment ...
Aug 05