Forums
"We had a programmer in our company whose specialty was to write functions that embodied his own personal traits," Winston Muller, writes "do absolutely nothing and mislead everyone to think that something was done."
Sep 11
/// <summary>
/// Log the user off the system. The method returns true or false for success or failure
/// </summary>
public bool Logoff(string strUser)
{
return true;
}
Lock and Key was originally published on January 22, 2008.
When a young, entrepreneurial beautician decided to open up a tanning salon, she wanted her new business to be "high-tech." She wasn't exactly sure what that meant, let alone how to go about doing it, so she retained the services of a software consulting firm to help her get there.
Dave G. writes, "I stumbled across this fairly innocent-looking line while implementing some new features:"
int _applicationId = SetApplicationId();
This is the second of two stories from the "Pitch a WTF" panel at PenguiCon. It's presented anonymously, only because my notes were caught in a horrific game of "keep away" perpetrated by reprogrammed assembly line robots I forgot to write down the submitter's email address. So if you're the submitter and would like me to 1984 your name back into the story, drop me a line.
Of all the things the lab's new printer could do, printing Bob's document didn't seem to be one of them. The printer sat in the hallway, hooked up to an old PC that was the de facto print server. Bob logged on, and pulled up the print queue. His print job sat patiently beneath the only other job.
Jeroen's colleague had the misfortune of being assigned to debug an intermittent, unspecified error in the one of the oldest of the legacy applications. "The good news is that I've isolated it to a database query," he told Jeroen, "the bad news is that I've isolated it to a database query."
Knowing that his colleague wasn't a big fan of databases, Jeroen offered his assistance. In response, he received the following image.
The German-designed Schuko power plugs and sockets have a few advantages when compared to the American-style (or, “normal” as we call them) plugs.
Matthew R recently took a team-lead position and was tasked with improving the quality of the company's application. He started with security, specifically the fact that user passwords were stored in plain-text. "But it's easier this way," the developer complained when Matthew suggested to change it, "plus, it's relatively easy to break modern encryption."
The PHP Candidate (from Tony)
Before bringing people in for an interview, we give them a simple questionnaire about PHP. While this might turn off some folks like Big Picture Thinker, we've found that it tends to weed out those certain developers.
The questions are no-brainers for experienced PHP developers, and require half a brain to Google. Following is a response I got to the question, What causes the PHP error 'Headers already sent' and how can you fix it?
"The application I've relevantly been assigned to maintain has quite the legacy," writes Jon Beebe, "it's been around since 1997 and has gone through dozens of different hands. Some might say that the work I do to it is built on the shoulders of giants, but not me. It's built squarely on the shoulders of Walker E. Richardson, Suuuuuuuuuupppperrrrr Geeeeeeeeennniuuuuusssss."
"I know Walker E. Richardson only through his code, but still, I feel that I know him quite well. After all, his code is everywhere, and it's often prefixed with something like this.
Our sponsors help pay the bills so please, try to check out what they do!
TDWTF Sponsors
Aurigma makes it incredibly easy for users to upload photos, documents, or any other kind of file directly into your app. Give your users the power to upload multiple files at once, resize photos prior to upload, and so many other things without any complications. New Relic is basically a magical, real-time performance and user monitoring tool that works on virtually any web platform: Java, Ruby, PHP, .net, Python, Ruby on Rails. I'm not sure how it works (magic?), but it's incredibly easy to use and is pretty inexpensive. Remember: performance is a must-have feature! Inedo - the makers of BuildMaster, the free, and easy-to-use, web-based deployment and release management tool. Going far beyond Continuous Integration, BuildMaster delivers a series of robust features unparalleled by other build-promote-deploy-distribute tools. Oh, did I mention it's free? SoftLayer - SoftLayer is the innovation leader in Cloud, Dedicated, and Managed Hosting with 13 data centers worldwide. We integrate best-in-class connectivity and technology into the industry’s only fully-automated platform, empowering enterprises with complete access, control, security, and scalability
And now, how about some Error'd!
Over the years, Armid transitioned from being a full-time developer to a full-time pen tester (as in penetration testing, not pen testing) and he hasn't looked back since. "I did enjoy writing code," he commented, "but there's something really satisfying about demonstrating an XSRF attack to that smug developer who swore up-and-down that his code was perfect." And with things like PCI Compliance to worry about, there are plenty of projects to keep him busy.
"It takes a lot to surprise me anymore," Armid added. "In fact, these days, I'm surprised if I don't find a SQL Injection vulnerability. That being said, the public-facing operations engine of a large (3,000+ employee) company really surprised me. To say that it was filled with back doors would almost imply that someone thought to install doors -- this system has more openings than walls. But there was one vulnerability in particular that trumped them all."
Vince the PM burst into Rick's office like a blister. "Have you replied to ticket 178843 yet? No? Why not? How could you not! This is urgent! It's a failure at the customer site!"
Rick calmly checked the ticket manager. The ticket had arrived only 45 seconds ago, so no, he had not replied to the ticket yet. Rick calmly and silently read the ticket while Vince hyperventilated over his shoulder. The customer reported that the database client failed with the error "Segmentation Fault - Core Dumped".
László van den Hoek was treated to a bit of nostalgia when his client asked him for some help. The company hired a markeiting firm to create a promotional website for them, but they were having some trouble getting it working. Although László was primarily a Java Enterprise developer, he used to do quite a bit of LAMP development in his university days, and he knew his way around PHP.
The marketing company had delivered the site with minimal documentation: essentially, and e-mail saying "the code's attached - good luck with it!" Unpacking the attached zip file into the web root gave a database error, but László recognized that the site was based Drupal and quickly figured out which file to change to get the database setup. After commeting out the development settings that were left in, adding a database user, and executing a SQL script, the error finally went away. Instead, he was greeted with...
Tennyson is lucky. While most .NET developers are limited to the .NET Framework (and the thousands of available third-party libraries) to solve their software development problems, Tennyson's toolbox touts the Global Services Enterprise Systems Framework. Well, technically, the GSESF is the only library allowed, but then again, it's the only library one should ever need.
"Third-party libraries introduce unnecessary risk into projects," the Global Services Enterprise Systems Lead Architect – or, The Architect, as he preferred to be called – would often say. "If the library is closed sourced, then we will be unable to fix bugs. If it is open-sourced, then we will not only have another codebase to maintain, but it will introduce certain legal risks."
"Our company's product is designed to help analysts aggregate all sorts of different data together," Charles writes, "we take a snapshot (a zipfile of the working directory) at various times, and create a few backup versions for good measure."
"From a programming standpoint, there are a few ways I could imagine implementing this functionality. This was not one of them."
The following is one of two stories we gathered during the Pitch a WTF panel at Penguicon. As I'm sure you'll come to understand, the submitter wanted both them and their company to remain anonymous. Thank you to everyone who came out and inflicted their horrors in person.
"One of our clients was having 'issues' with their mission-critical, flagship web application," writes Mark Doyle, "and of course, it was on me to fix them."
"I knew it was going to be a fun day when I saw this as the entirety of deafult.aspx. The code does absolutely nothing."
