Recent Articles

Mar 2021

A Query About Parsing

by in CodeSOD on

Query strings are, as the name implies, strings. Now, pretty much any web application framework is going to give you convenient access to the query string as a dictionary or map, because at the end of the day, it is just key/value pairs.

But what's the fun in that? Glen's application needed to handle query strings in the form: zones=[pnw,apac]&account_id=55. Now, enclosing the list in square brackets is a little odd, but actually makes sense when you see how they parse this:

A Warning Label

by in CodeSOD on

An anti-pattern I've seen too many times is using display text to drive logic. For example, I've see things like:

void btnClick(Object sender, EventArgs evt) { if (((Button)sender).Text.Contains("Done")) { … } }

Reinventing the Wheel

by in Feature Articles on

Vigyan Ashram Chemistry Lab

There are often two types of software development departments mentioned: the kind where software is the product, and the kind where software enhances or sells the product. ChemCo is a third type: a physical chemistry lab, one with extensive customization of lab setups and computer-controlled devices that need to be programmed, as well as a need for statistics and simulations to handle the results. The team includes one C/LabVIEW magician, one Octave specialist, one Java developer, and one Python scripter. Therefore, most of the computer-controlled setups have LabVIEW GUIs and C DLLs for the logic, though some have Python over top of the DLLs instead.


by in Error'd on

No loops, no branches, barely a pun and almost free of alliteration.

Constant Success

by in CodeSOD on

Dan was reviewing some PHP code written by a co-worker, as part of taking on a project. The code was in “support” mode, rarely receiving changes, getting bug fixes only when absolutely necessary, and nobody really wanted to be the person responsible for it.

One of those “not absolutely necessary” bugs was that sometimes, it just didn’t save data. The user would enter a product listing, hit save, get a success message back, but the listing wouldn’t actually be saved. No one had really dug into it, because having the end user do double data entry didn’t bother anyone but the end user.

The Threat of Existence

by in CodeSOD on

Imagine, if you will, that you see a method called FileExists. It takes a string input called strPath, and returns a bool. Without looking at the implementation, I think you'd have a very good sense of what it's supposed to do. Why, you wouldn't even expect much documentation, because the name and parameters are really clear about what the method actually does.

Unless this method was in the C# codebase "AK" inherited. In that case, the behavior of FileExists might surprise you:

For Gotten About Loops

by in CodeSOD on

Today's sample comes from Vasiliy, with no real explanation for where it is, or where it comes from. Frankly though, it doesn't need much setup.

switch (checks) { case 0: return new object[] { checkerSummary }; case 1: return new object[] { "", checkerSummary }; case 2: return new object[] { "", "", checkerSummary }; case 3: return new object[] { "", "", "", checkerSummary }; case 4: return new object[] { "", "", "", "", checkerSummary }; case 5: return new object[] { "", "", "", "", "", checkerSummary }; case 6: return new object[] { "", "", "", "", "", "", checkerSummary }; case 7: return new object[] { "", "", "", "", "", "", "", checkerSummary }; case 8: return new object[] { "", "", "", "", "", "", "", "", checkerSummary }; case 9: return new object[] { "", "", "", "", "", "", "", "", "", checkerSummary }; case 10: return new object[] { "", "", "", "", "", "", "", "", "", "", checkerSummary }; case 11: return new object[] { "", "", "", "", "", "", "", "", "", "", "", checkerSummary }; case 12: return new object[] { "", "", "", "", "", "", "", "", "", "", "", "", checkerSummary }; case 13: return new object[] { "", "", "", "", "", "", "", "", "", "", "", "", "", checkerSummary }; case 14: return new object[] { "", "", "", "", "", "", "", "", "", "", "", "", "", "", checkerSummary }; case 15: return new object[] { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", checkerSummary }; case 16: return new object[] { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", checkerSummary }; case 17: return new object[] { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", checkerSummary }; case 18: return new object[] { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", checkerSummary }; case 19: return new object[] { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", checkerSummary }; case default: return new object[] { checkerSummary }; }

UI That Looks Like $900 Million Bucks

by in News Roundup on

User experience, and its related topic of user interface design, are important. How important? Well the US government’s General Service Administration (GSA) took the time to build a website to explain what it is. What other proof do we need? Well not only did the GSA build a website, but they invested in the SEO necessary to make it top of Google organic search, right below the featured snippet from

Screenshot of Google search results, showing the US Usability site as the first hit

Which is why the saga and ongoing story of Citibank’s debt repayment blunder all the more amazing. Here’s a quick recap:

  • Revlon, which owed nearly $900 million to creditors from a 2016 debt facility, was working with Citibank to refinance their current obligations into a new loan
  • Citibank, who managed loan payments, intended to send out $7.8 million of interest payments to creditors using a system called Flexcube
  • Citibank intended to roll over the remaining loan principal into an internal “wash account” to avoid sending the entire amount owed to creditors
  • Instead, the offshore Citibank contractor responsible for this massive responsibility, misread the Flexcube UI and sent $900 million to all of Revlon’s creditors
  • Citibank begged for the cash back, and received $400 million back
  • A judge ruled that the remaining creditors can keep the cash. Citibank is miffed.
  • If you want more details written in only the way that Matt Levine at Bloomberg can, check out his piece from February.

{Obscure Reference Here}

by in Error'd on

Today's Error'd submissions all center around another common pitfall of the modern web application: failed text substitutions and the ensuing unintentional hilarity.

Reaching for Private Parts

by in CodeSOD on

Jaco was adding some caching to a Java application. Quite wisely, Jaco wrote plenty of tests around his change, ran the test suite, and confirmed everything was green. It ran fine in testing, but when it went to production, everything failed.

Well, as it turned out, the configuration for the production environment loaded slightly different Java classes. One of those "only-loaded-in-production" modules did this:

Not Exceptional

by in CodeSOD on

One of the powers of structured exception handling is that it lets you define your own exception types. That's useful, as your code can communicate a lot of information about what's gone wrong when you use your own custom exceptions.

But sometimes, the custom exception type leaves us asking more questions. Christophe found this Java code from a "big application for a big company".

Two Knowing Comments

by in CodeSOD on

Sometimes, it really is the comment which makes the code. Sometimes, the comments make simple (but still more complex than it needs to be) code less clear.

For example, Thomas provides this code, and comment, which… I understand what is happening here, despite the comment:

A Big Raise

by in CodeSOD on

Everyone likes getting a pay raise. Well, I suppose it depends on why. And HR isn't going to be too happy about your raise if it comes as the result of an easy-to-avoid software bug.

Cédric V's company makes payroll software mostly used in and around France. One of their customers had a problem: when paying employees, it would give them a significant raise- sometimes by two orders of magnitude, rarely by three or four.


by in Error'd on

It's hard to define what makes today's batch of submissions so special. Is it just the futility? Or is it the certainty that nobody nowhere knows nothing?

A Range of Skills

by in CodeSOD on

Ulvhamne works on a team with over a hundred other developers. It's a big group, working on a huge project. And some of the quality in that code base gets… variable. Worse, when a bug pops up, it can be tricky to even identify what in the code is triggering the bug, let alone what the root cause is.

For example, one of the config-file fields needed a number to specify the beginning and end of a range. If you put in a relatively short range- thousands or hundreds of values- everything worked fine. That was a pretty typical use case. But if you put in something closer to MAX_INT, everything worked fine for a little bit, but within moments the server would grind to a halt, memory would fill up, and the OS would hang as it ended up constantly thrashing pages to disk.

A Type of Code

by in CodeSOD on

Like the war between Emacs and Vim, developers also tend to wage a war between "strongly typed" and "loosely typed" languages. There are tradeoffs either way, and I think that's why you see things like TypeScript and Python's type annotations starting to creep into loosely typed languages- types when you need them, but not required. But if you're not comfortable with types, and don't really understand type casting, you might start writing some code like, well, like these examples.

Sashi found this C# code:

Leave Some Comments Behind

by in CodeSOD on

We have a lot of stories about the code coming from offshore/outsourced developers being of low quality. Today, Radu S sends us the reverse. He used to work for one of those offshore development shops. A customer started development in-house, and then decided that they didn't want to support their own code anymore, and shipped it off to Radu's company.

This block represents what he's working with:

Last One In

by in CodeSOD on

A lesson that everyone learns at some point is "don't write your own authentication code." Authentication, like encryption, and like dates, is incredibly complex and has all sorts of ways you can subtly mess it up and not realize your mistake.

Take, for example, this code from Christopher. His peer wrote this code, added a single test record to the database, saw that it worked, and called it a day.

And then I gave him my digits.

by in Error'd on

Franz K. anonymously ponders the meaning of existence after this encounter


Double Your Value

by in CodeSOD on

There are many ways to debug your code. You might use an actual graphical debugger, wrestle with GDB, just spam print statements, or rely on a logging framework to help you generate useful diagnostic output.

Since you're going to need some logging output no matter what, it's always good to heavily instrument your code. Using logging levels, you can control quite well what gets dumped when. Well, "LostLozz" had a co-worker who found an… interesting way to control logging.

The Secret to Success

by in CodeSOD on

"I was once working for a company that primarily dealt with Oracle products," Tai writes.

That vendor, who shall not be named again, provided an installer. Tai ran it, and it failed. Since the installer was a shell script, she opened up the file and took a look.

A Terned Around Discount

by in CodeSOD on

If you browse the Errords, it's easy to see that "giving customers a discount" is apparently harder than it looks.

Brian's company had one of those "discounts are hard" problems, way back when. Sometimes instead of a discount reducing the price, it would raise it. The root cause was that the sales team setting up the promotions weren't clear about whether the discount amount should be a negative or positive number. Instead of adding validation to ensure they always entered a negative (or at least, a zero amount), one of Brian's predecessors fixed the bug in their C# like this:

Worlds Collide

by in Feature Articles on


George had gotten a new job as a contractor at a medium-sized book distributor. He arrived nice and early on Day 1, enthusiastic about a fresh start in a new industry.