- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Heck, if the caller isn't careful with the filenames, it could be a doorway to getting the box owned. Imagine filename = "whatever; insert_command_to_give_remote_access_on_a_port_here; echo ". The final echo prevents the thing from returning an error code for whatever the rest of the command line happens to be.
Gotta be real careful with those system calls.
Admin
Exactly. This code has
Admin
Well, since Google, IBM, Oracle, and a few other Fortune 500 companies use it on a daily basis, I'd guess that it continues to be operator error. You've even admitted that you simply try to "work around" the issues rather than figuring out why they are occurring and figuring out what the proper solution is.
Which has an awful lot in common with most of the WTFs posted here. Particularly this one.
And, as for your particular statement -- sounds like an issue with something you were doing. Neither the JSP or httpd should have issues with other programs accessing /var or /usr (and both cp and tar do so in read-only mode, and not exclusive; Linux, like most Unix flavors, has no issues with mutliple programs opening files at the same time). And, of course, then there's the WTF of why you're do full backups every night, since /usr should change only when you install new software.
Oh, and BTW, flock is a Perl function as well. Not just a C one.
Admin
Nowadays, if you want to do full live filesystem backups in Linux, you should learn to use the Linux/Logical Volume Manager (LVM). With it, you can "freeze" a live block device (creates a block device you can access that will not change), back up that frozen filesystem (or just the block device with dd), then unfreeze it. End result is that you've got a consistent filesystem to back up from, and no files will change while you're backing up. System stays up, and all writes happen on the "live" version of the filesystem so apps keep running, oblivious to the fact that there's a frozen image of the filesystem.
Some filesystems support native level freeze and unfreeze, like xfs and I believe, ext2/3...
Admin
Are are saying that ERRORLEVEL cannot be negative? I am pretty sure it can...
Admin
Admin
It's also nicely reentrant and threadsafe
sigh :-)
Admin
** 13) The use of strcat over sprintf (I know, I'm scraping the bottom of the barrel here...) ...
Or snprintf, for that matter. Although you may be right that they'd better use strncat, or they'll probably just manage to introduce format string vulnerabilities...
Admin
HAHAHA! Imagine that! Thats freakin funny man.. even though i would personally think about getting another job if that was the case. Not just the concern about code quality but also the future trust with his boss..
Admin
I see red every time I see rediculous.
Admin
Remember that google uses it because it's cheaper, you can modify the source code, create a custom version, never have the owner of the OS pull the plug on you, no need for renewing licenses, etc., not because it's more nice or reliable. I imagine that the rest of companies have similar reasons.
Yes, it has lots in common. It's the "I don't know how to fix and I need it for yesterday, so I'll patch it" approach, so typical of system administrators for small systems :) Notice that in my administrator job I'm asked to keep the server running, not to solve weirds problems caused by other people's software.
I'll accept operator error. But I still think that computers should just work. Differents combinations if hardware/software have different peculiarities. That's why you got pre-configured computers which already have all peculiarities accounted for. When you mount your own computer, you always risk getting a hardware/software combo with some weird interaction. Of course you can handle better those interactions better as you get more experienced, why do we have those interactions in the first place? I want fail-less computers! And I want them cheap!
I do a backup every month,not every night :) (I do a weekly DB backup, too). I was getting tired of getting calls every first day of month about "the web not working". You're right that I must be doing something wrong.... but... what exactly? What can possibly be going wrong? I'm making a tar on a directory, not trying to launch a rocket.
What the hell, here you have the whole script. You can even see how I commented out the lines using cp and replaced them with tar. How exactly can a single line using cp or tar take down the servers is something beyond my imagination. I even make subdirectories fo the /home directory because it generated a tar file bigger than 4GB, and ext3 didn't like that. I imagine I'll have to use LVM like a poster says in a message after yours.
You'll also find some WTFs, like the fact that I was running seti@home for a while, and I killed it for the duration of the backup, or that I tried desactivating and activating DMA to solve some problems with the Seagate hard disk. Or the fact that I no longer bother on checking wether the servers are still there instead of blindly restarting them. Basically, they were going down every time, so I no longer checked. Maybe someone will find something useful on it. The comments are in catalan. I'm sorry I don't have time to translate it.
(one of my comments on the script says that it can take down the JSP server and slow a lot the apache server. I remember that *both* were taken down..... false memories?
Oh, you mean that there's a perl function that mimicks the flock C function behaviour. Sorry, I had to say it. I'm happy that perl has lots of useful functions, but I just couldn't stop myself from pointing that it's not a coincidence that both are called the same :) I used "man flock", and I got a C function, that's why I said it was a C function. I should have thought that perl would have a similar API.
Admin
Wow, am I the only person who thinks the manager just made up this story about a horrible coder and it was the manager that wrote all of the bad code? That seems like the most reasonable explanation to me.
Where I work, we have to put our initials, date and ticket # we are working on when we add or modify code.
So it would look something like:
// DN Ticket #1000 03/08/06 - Begin
....
// DN Ticket #1000 03/08/06 - End
I thought this was common practice so that when bugs crop up you can throw it back into the original developer's lap or at least ask him/her to explain in english what the code is doing (since a lot of coders do not provide enough useful comments).
Admin
most of the time, lingering sockets are caused by dirty clients not closing properly.
http://www.faqs.org/rfcs/rfc793.html
I find the diagramme on page 23 quite useful.
the captcha is quite dinky.
Admin
I have NEVER seen the above anyplace where there is a proper version control system in place. (though I'll admit I have not seen everything. Go over to www.subversion.org and take a look. It is free and it works pretty good. (There are also some comercal solutions you can buy - they might be better, but the advantage of the free ones is you can sneak it in the backdoor, and then force IS to support it after everyone uses it)
A real version control provides the same advantages (easy to see who last touched some line of code), plus it prevents the version comments from cluttering the code when you can figure it out on your own, if only you didn't have to scroll to read the entire function. As a bonus it allows you to try out code, revert latter when you decide there is a better way.
This should be programmer 101, something you learn on the first day of your first real job. Sadly many programmers do not know it. (Note, this is not something that should be taught in school, student projects are not big/long enough for version control to prove itself)
Admin
I/we use full source code control where I work, and we are also supposed to use code comments similar to those shown by ferrengi, alas most of us are to lazy to actually do it!
Admin
no, it's not. the C and C++ standards don't actually define the size of anything, and i've seen some compilers (for embedded code on DSP chips) where everything is 16 bits, its, chars, etc. and there, sizeof(char) would be two (2) ... !?
Admin
if you 'close' a socket by killing the process, rather than letting it do sock.close(), then the listening end will go into a FIN_WAIT state, which takes a (kernel configurable) delay to close, this is just because you killed it rather than shutting down cloanly.
Admin
No, the C standard requires that sizeof(char) == 1. On 16 bit systems that means that 1 byte is 16 bits long.
C has never required a byte have any particular number of bits. Perhaps because when it was first designed many machines with various bit lengths exists. I recall that one was 36 bits. I know there were others (we have had this discussion before, but I'm too lazy to search for it), perhaps 12 or 9 or something.
Systems where a byte is 16 bits do have problems because most code assumes that a byte is 8 bits. This is even more common than code that assumes that int is 32 bits, or sizeof(int) == sizeof(void *).
Admin
No, by definition sizeof(char) == 1 period
Admin
The tactful programmer would use the souce code management system to look up the check-in history and see who checked in that FUGLY code.
On second thought, that presumes they even have a SCM system and use it properly.
Admin
Hi,
Here is a sighting of a similar "design pattern", but posted as a Python Cookbook recipe ! I can't believe it...
Regards,
Nicolas
Admin
Why you little (insert namecalling)!
(Insert counter-retort and suggestion to co-locate named body parts.)
And that's final!
Admin
I felt like counting the WTF's Lol, yes, I know I am commenting on a post that is over four years old.
executing a program using system instead of using SQL C API. 1a) passing information to the program by writing to files.
the idea of waiting an arbitrary amount of time. 2a) the method used to do so.. wtf?
memory leak.
dead write to response variable (ok, this is pretty common). 4a) adding return values together, wtf? I can't explain anything about that
actionFlag with magic numbers. 5a) why does this function delete the files?
the code is gonna end up looking like execSqlCommand(2,file1,file2); writeSqlToFile(); execSqlCommand(0,file1,file2);
Admin
Error in cheat-sheet: This is how strcpy works: Say a = "abcd\0"; //\0 is string terminator strcpy(a, "ba\0"); //a=bacd
I see you haven't done this much...