Recent Articles

Oct 2014

The Shadow Over ShipPoint

by in Feature Articles on

In the winter of 2012-13, I was fired from the ill-rumored e-commerce company known as ShipPoint. Though I remained stalwart to the end, the wretched darkness embodied in ShipPoint's CTO and his twisted worshipers dogs me still, a malignant growth choking the very life out of my career aspirations. And although I fight every day to forget, to leave my time at ShipPoint behind, I still awaken in the uttermost black of night, shuddering, my mind wrenching itself free from nightmare's grip. I record this grim history only because I fear I may soon slip irredeemably into madness.

It was 2011 when, freshly downsized, I found myself wandering the LinkedIn Jobs Directory, seemingly in vain. I had almost made up my mind to hang out my shingle as a consultant when I received an email from a recruiter. I don't remember his name, nor the firm that he claimed to represent, only that he demanded that we meet in person; apparently he was privy to a lucrative opportunity whose details could only be revealed face to face. While suspicious, I must admit I was gripped by curiosity — tinged, I must now believe, with a touch of the wild. I met the recruiter, a grim, swarthy fellow of furtive glance and questionable heritage, in a refuse-choked alley far from the central business district. It was there, amidst the dumpsters and commercial-grade recycling bins, that I first heard in a grating croak the name whose syllables I would one day shudder to write.


CMD: Completely Malicious Data

by in Error'd on

What? Friday already!? Not quite, but close! We have something really good coming up tomorrow for Halloween, so here's your weekly dose of Error'd a day early. Enjoy!

--------


The Alpha-Team

by in Feature Articles on

In 2010, a crack development team was formed inside of a Fortune 500 company. These developers promptly escaped the maximum security Project Management Office and instituted an Agile Scrum. Today, they survive as green-field developers. If you have a problem, if traditional corporate IT can’t help, and if you can find them, maybe you can hire… Alpha Team.

When Thom interviewed at said Fortune 500 company, he didn’t know he was interviewing for Alpha Team. He assumed that it would be like any other huge enterprise development shop- tedious line-of-business applications that helped ship widgets but didn’t do much more. The product and the team was sold to him as being very exciting, and he liked the idea of the stability a large company offered, so Thom joined the Alpha Team.

The team room was slightly larger than the inside of a large van. John, the team lead, greeted Thom with a sly grin. “Great to have you on the team. You’ll be sitting between Albert and Murdock. I hope you don’t have any plans for lunch- today’s our weekly team lunch. Good chance for you to get to know everyone.”

The team’s architect, Murdock, grabbed Thom for a few minutes to brief him on the application’s architecture. It wasn’t surprising: a SQL server backend, a web-service based middle-tier, and a hybrid ASP.NET and WebForms presentation tier. “This application is extremely flexible,” Murdock said. “That’s the main goal, really. We’ve got it set up so our business analysts have a lot of control over the display, so that we aren’t wasting time just changing field names around.” The exact details were simply described as “magic”, which Murdock didn’t have time to explain right then; “It’s documented, and I need to crank on a few tasks, our burndown is terrible this sprint.”


Advanced Time Management

by in Representative Line on

Whenever a computer wants to sync its internal clock, usually right around reboot, it'll check in with a time server. This is built-in functionality that spans across every modern OS.

Now, in some cases you might have a reason to disable the time check - and that's fine.


It's Easier This Way

by in Feature Articles on

After more than two years at WTF Inc., I thought I'd seen everything that could be done wrong actually done wrong in the worst possible way. Whether it was DBAs who wcouldn't administer a database if their lives depended upon it, managers who wcouldn't manage anything, or business people who simply could not understand the concept of save a dollar today, spend ten tomorrow to fix it.

After that dalliance, I'm back in my chosen field. While crazy things sometimes get done in insane ways, it's usually in the name of beating the competition to market, and (almost) always with the understanding that it will be fixed later - at a price.


Undefined Favorites

by in Error'd on

"It's great I can ship my favorites to Europe, I just wish I knew what they were," writes Nick.


The Beginning of the Zend

by in CodeSOD on

Karol found a program that needs to look at a timestamp, and determine if that timestamp is before or after an expiration date. The code that was handling this looked like this:

public function _isSmsCodeExpired($id)
    {

        $genDateStr = $this->db()->query('SELECT date FROM table')->fetchColumn();

        if (empty($genDateStr))
        {
            return true;
        }
        
        $expireDateArr = array();
        $intervalSec = 120;

        $genDataTmp = explode(' ', $genDateStr);
        $genDataArr = explode('-', $genDataTmp[0]);

        $expireDateArr['year'] = $genDataArr[0];
        $expireDateArr['month'] = $genDataArr[1];
        $expireDateArr['day'] = $genDataArr[2];

        $genDataArr = explode(':', $genDataTmp[1]);

        $expireDateArr['hour'] = $genDataArr[0];
        $expireDateArr['minute'] = $genDataArr[1];
        $expireDateArr['second'] = substr($genDataArr[2], 0, 2);

        $intervalMin = (int) $intervalSec / 60;
        $intervalSec = (int) $intervalSec - ( $intervalMin * 60 );

        $expireDateArr['second'] += $intervalSec;
        $expireDateArr['minute'] += $intervalMin;

        $expireDateArr['second'] += $intervalSec;
        if ($expireDateArr['second'] > 60)
        {
            $expireDateArr['minute'] += 1;
            $expireDateArr['second'] = $expireDateArr['second'] - 60;
        }

        if ($expireDateArr['minute'] > 60)
        {
            $expireDateArr['hour'] += 1;
            $expireDateArr['minute'] = $expireDateArr['minute'] - 60;
        }

        if ($expireDateArr['hour'] > 24)
        {
            $expireDateArr['day'] += 1;
            $expireDateArr['hour'] = $expireDateArr['hour'] - 24;
        }

        $daysInMonth = date("t", strtotime($expireDateArr['year'] . "-" . $expireDateArr['month'] . "-01"));

        if ($expireDateArr['day'] > $daysInMonth)
        {
            $expireDateArr['month'] += 1;
            $expireDateArr['day'] = $expireDateArr['day'] - $daysInMonth;
        }

        if ($expireDateArr['month'] > 12)
        {
            $expireDateArr['year'] += 1;
        }


        $expireDate = new Zend_Date($expireDateArr);
        $now = new Zend_Date();

        if ($now->isEarlier($expireDate))
            return false;
        else
            return true;
    }

Security through Idiocy

by in Feature Articles on

The ticket Bruce found in his help desk queue seemed innocuous enough on the surface. A user in the Finance department complained about not being able to create a file named “Wire Transfer” in their network folder. Being in finance, they did this many times in the past, but suddenly it no longer worked. Bruce assumed the user was doing something wrong, and that it would be resolved in five minutes.

Bruce navigated to the Finance network share, and attempted to create a new file named WireTransfer.txt. A big, ugly “ACCESS DENIED: Security Policy Violation!” message box stared back at him. “That’s odd…” Bruce muttered, knowing he had write access to the directory. “I’ll bet Duane had something to do with this…”

Duane was the resident security “expert”, which always made him Public Enemy #1. He was a kooky old-timer, with a short temper and a low tolerance for human interaction. Duane spent most of his time researching everything but the threats their systems were likely to face. Bruce slinked up to Duane’s office, took a deep breath, and said, “Hey, Duane, I got a ticket for…”


Tokyo Meet-up & Site Fixes

by in Announcements on

Tokyo readers -- I am once again visiting your fine city this week, and thought it'd be fun to try for another Tokyo/TDWTF meetup. Earlier this year, we got together at an izakaya for nomihoudai:


Is It Safer to Use Numbers?

by in CodeSOD on

Mac didn't know anything about how the JavaScript on the search page worked, and he wasn't that great at CSS styling, but that didn't matter. He had his orders. As part of the latest round of enhancements, the front-end developer had added another search parameter which would be passed via the regular search URL, and the back end needed to be adjusted to accomodate. (You know... instead of 'http://initrode.com/search?a=xxx&b=yyy' it now was 'http://initrode.com/search?a=xxx&b=yyy&c=zzz'.)

No problem. Mac made his tweak in the code and ran a quick test...which failed instantly in a spectacular way. "WTF? It's a parameter. Must be already used..." he thought, but nope.


Parallel SQL Queries

by in CodeSOD on

Daniele worked at a pharmaceutical firm that had an old web application that allowed commercial customers to look up information. Since the data was quite complicated, there were numerous fields that needed to be queried in order to populate the form.

Unfortunately, as the amount of data in the system grew, the time to load the form grew as well. And grew. And grew.


The New Look is Here

by in Announcements on

As you may have noticed, the site looks quite a bit different! As I mentioned back in March, it's been almost seven years since the look and feel of The Daily WTF has been updated, and I was getting pretty tired of the "2003ish" vibe the site had.

You guys gave some fantastic feedback to help guide the new design, and in July I shared a preview look. After some more feedback - both on the GitHub issue tracker and the forums - we put on the finishing touches and launched the site this evening.


Sorry, but You Can't Do the Math

by in Error'd on

"I guess that Intuit might have reasons for not allowing me to say Math was my least favorite subject in school," writes Alan R.


A Stupid Comment

by in Feature Articles on

Paul worked for a branch of the Defence Department in Australia, writing reams of C++ using the standard template libraries on a Linux box. On a typical afternoon, Paul checked some code into CVS with a comment:

Fixed bug 7551, see issue report 2119. Tinky Winky is my favourite Teletubby.


Line by Line

by in CodeSOD on

In the bowels of a business unit, a director got a great deal on a third party software package. He bought it, without talking to corporate IT, and then was upset when it couldn’t gracefully integrate with any of the corporate IT assets. Eager to throw good money after bad, the director hired his nephew’s consultancy to build an integration tool to make his new toy work.

A few months later, the users complained about performance, and somehow, fixing this thing became Jeff’s problem. The process was simple enough: slurp enterprise data out of a text file, and pass the data on to the third-party tool. It didn’t take Jeff long to figure out why it performed poorly:


Bazooka Proof

by in Feature Articles on

Back in early 2000, Clint interviewed for a position as a software developer for a mid-sized engineering company of about 200-plus people somewhere in the deserts of Kerblekistan, located in very close proximity to the Elbonian mud fields. Everyone there, especially the women, was used to living in harsh conditions, and had grown extremely rugged as a result. The Kerblekistanis and Elbonians had been enjoying an uneasy peace, but kept a wary eye out for less-than-peaceful activities...

During the interview, the development team was ready to hire him when one of the bosses burst into the room and interrupted the interview to introduce himself. When he discovered that Clint had an IT background, he became very excited. They temporarily needed a network administrator until they could hire someone permanently, so for the first three months, Clint was assigned to be a network admin.


We Don't Need no Stinking Elses

by in CodeSOD on

We've all seen it before. I dare say we've all been a party to it.

First, we look at a block of code that needs to be modified. Then we determine which criteria needs to be added to address the case that we've been tasked to implement. Next, we add the condition and walk away before the waft from the code smell reaches our nostrils. Over time, a monstrosity like the following arises from the depths. Not something that couldn't be greatly improved by some fava beans and a nice refactor. I'm sure the unit tests that cover your production code base will ensure that your refactoring was successful. Right? Right??


Do the Math

by in Error'd on

"These car shades I found at Walmart were made especially for the American market," Bryan W. writes, "I mean just look - they work much better in Fahrenheit than in Celsius."


IP Address Denial

by in CodeSOD on

While trying to assign an address from his framed /29 route to the internal side of his Linksys AM300 router, Phillip S. received an unexpected "Local IP Address is not valid" error.

Being a web script error, Phillip correctly figured that he could dig into what condition would make the address come up as invalid. Turns out, his problem was that the router considers any IP address starting with 115 to be invalid, but Phillip found that there were a few other instances of hard coding and magic number abuse. On a positive note, at least it's not device-side code.


Oh So Secret Passwords

by in Feature Articles on

Our long-time friend, GRG, is back again, this time with tales of anti security...

A very long time ago, he worked at a University Computer Center. At the time, the school was the proud owner of two huge, hulking mainframes. (The faster of the two was big, gray, probably designed by a guy named Seymour, and was the fastest computer in the world for several years!) Unfortunately, the operating system was rather bare-bones. Thus, although you couldn't do much, you could do it without fear of the OS getting in your way. For example, you could store files (one directory per user), compile FORTRAN or COBOL or Pascal programs, or run SPSS, and that was about it. Unless you were willing to creatively think outside the box...


Enterprise GUID

by in CodeSOD on

Jonathon recently got a new co-worker who is an enterprise systems developer, with an emphasis on enterprise. For an enterprise-level WTF, today’s code is short, but it packs itself up with everything it could do wrong.

using System;

namespace Business.Common.Services
{
    /// <summary>
    /// Guid service.
    /// </summary>
    public class GuidService : IGuidService
    {
        /// <summary>
        /// Initializes a new instance of the System.Guid structure.
        /// </summary>
        /// <returns>A new GUID object.</returns>
        public Guid NewGuid()
        {
            return Guid.NewGuid();
        }
    }
}

Threadbare Down Under

by in Feature Articles on

Organizing a small development team is an art. Organizing a large team is a challenge. Organizing a global team, scattered across eight countries and four continents is a job for Sisyphus.

Scali’s company was in exactly that situation. Their self-appointed Sisyphus was actually named Steven. Steven’s slot on the org-chart was “Chief Application Architect for the Australian Region”, or CAAAR for short.


The Post Office is Wrong

by in Error'd on

Mark H. wrote, "Despite being a company that specializes in shipping orders, I guess Tiger Direct has no idea which zip codes are in which cities."


Ternary Operator Nesting Syndrome

by in Representative Line on

Back in July, I wrote about my disdain for ternary operators citing a monster representative line as being a great example of an attempt at cleverness gone too far.

Well, an anonymous submitter sent our way another ternary operator disaster but with a twist - nested within the call to "payRecordsList.Add", almost every parameter passed has its own ternary operator added.


Best of Email - Greatest Pitch EVER!

by in Feature Articles on

Trying to advance yourself in your career is really tough. Usually, if you want things to go your way, either you have to work really hard at it or pray that you know someone who might be willing to assist on your behalf.

Well, if the email that Dhruv received is any indication, you can forget about all that stuff. Yep, here's proof that, sometimes, opportunities just fall out of the sky.