• old_grizzled (unregistered)

    WTF?

  • Bob Johnson (unregistered)

    See ya, John!

    [BOB JOHNSON HAS LEFT THE CALL]

  • Otmane (unregistered)

    I like that kind of customers, I can make them believe everything is OK

  • MightyM (unregistered)

    Not a WTF. As we all know, if you don't see an error it isn't there.

  • Mike (unregistered)

    had me at "The users wanted a web service..."

    But pretty much sounds like most conference calls I have ever been in.

  • (cs)

    TRWTF is hotlinking to an image hosted on wikimedia.org. That server gets enough traffic on its own.

  • (cs)

    TRWTF is:

    Abby de-tensed, ended the call, then glanced sharply to the developers. “How does the UI currently validate?”

    “Don’t worry, it’s nothing that bad,” Dale said.

    “So we don’t have hundreds of area code 000 customers in production right now?” Abby asked.

    “No.”

    “Good,” Bruce said. “Don’t worry, we never will.”

    as soon as anything else is used to import data to the legacy then there will be major issues

  • faoileag (unregistered)

    Am I the only one who feels as if the story has been cut off, with the end missing? Why will they never have 000 area customers in production code? What solution does Bruce have in mind?

  • belzebub (unregistered)

    That's no WTF. I'm really tired of these mediocre stories - this is just something that happens to ALL of us at least once a week. Everybody knows that customers are stupid and they never know what they want, and if they think they know what they want, it's usually utterly wrong on over 9000 levels.

    That's what IT is all about. It's NORMAL. It shouldn't be, but it is, so it can't be considered a WTF. WTF is something totally out of ordinary, something that leaves every intelligent being speachless, facepalming or ROFL-ing.

    For example - if, in this case, Art would explain, that this retarded "validation" process was what they were doing manually for YEARS, and that half of the database was filled with manually-crippled nonsense, that would start looking like a WTF. Then, while Bruce would've lost it and had begun eating his pencil, Dale would try to explain why this "validation" was not a good idea. Then Art could calmly requested Dale removed from the meeting and explained to Abby, why this Dale is no longer welcome in this company. Meanwhile, Bruce, his mouth full of pencil splinters, starts banging his head on the table. Art switches to "no-nonsense" mode and says: "This validation will be done tomorrow at 8:00. This is all, thank you for your cooperation". Bruce and Abby, eyes full of tears, sack poor Dale and Bruce implements braindead phone number validation. After 2 months, Art leaves the company and his replacements stares bewildered at the 000* phone numbers. Few calls later, Bruce is fired for intentionally destroying countless data records.

    THAT would be a WTF.

  • TopTensio (unregistered)

    The real WTF is a senior programmer suggesting to send a fresh-out-of-college colleague into a conference call with the customer.

    In fact that was the only WTF I could find in the article, The rest is business as usual.

  • faoileag (unregistered)

    But to sum up...

    So Bruce is happy with client-side validation alone? If you are developing webservices that's careless at least and definitely a wtf.

    So Bruce wants to be customer-first. There's two ways to be so: a) if possible gently nudge the customer towards the solution he needs, not the one he describes. b) do as the customer asks, after all he is paying for your whatevers.

    In case of b) however, cover your backside. That means, tell the customer you are happy to put in the validation. but for legal reasons you need the spec. Prepare an email with whatever notes Dale has taken during the customers description of how validation should take place, then send it to the customers for them to ok it.

    If the customer wants telephone data that starts with an 000 area code, who are you to tell him otherwise? Do you know their legacy system? Perhaps their legacy system does handle that case, i.e. 0001231231 is, as a telephone number, flagged as invalid by the legacy system.

  • Jim Wales (unregistered) in reply to Zacrath
    Zacrath:
    TRWTF is hotlinking to an image hosted on wikimedia.org. That server gets enough traffic on its own.
    The Wikimedia Foundation is having a fundraiser today. Since you seem to care so much about the cost of traffic caused by hotlinking, I can only assume you have already made your donation by now.
  • faoileag (unregistered) in reply to belzebub
    belzebub:
    After 2 months, Art leaves the company and his replacements stares bewildered at the 000* phone numbers. Few calls later, Bruce is fired for intentionally destroying countless data records. THAT would be a WTF.
    That's why you shouldn't make such a weird validation go live until you have written confirmation from the customer that that is what he wants. And in a case like that, I would take a printout of the email home for my personal records (or forward the email, but a printout doesn't leave traces in the email system).
  • belzebub (unregistered) in reply to faoileag
    faoileag:
    That's why you shouldn't make such a weird validation go live until you have written confirmation from the customer that that is what he wants. And in a case like that, I would take a printout of the email home for my personal records (or forward the email, but a printout doesn't leave traces in the email system).
    I couldn't agree more - but point of my imaginary appendix was to show something which WOULD be a WTF. The current story isn't.
  • faoileag (unregistered) in reply to TopTensio
    TopTensio:
    The real WTF is a senior programmer suggesting to send a fresh-out-of-college colleague into a conference call with the customer.
    Why not? He's got to do it sooner or later anyway, so why not on an assignment Bruce thought rather simple. And after all, the mentor was meant to be in the conference call as well.
  • faoileag (unregistered) in reply to belzebub
    belzebub:
    but point of my imaginary appendix was to show something which WOULD be a WTF. The current story isn't.
    Agreed, at least on the customer side.

    But I think that a webservice that leaves validation to the user interface is a wtf and a big one. "Little Booby Tables" comes to mind immediately.

  • EvilSnack (unregistered)

    The only head-bursting moment is:

    “Wait- don’t you want an error telling you the data is bad?” Abby said.

    “Oh, no!” the voice replied. “We don’t want any errorneous data, so we don’t want any errors. Errors are bad.”

    Otherwise it's all, "WITWTF?"

  • ZoomST (unregistered) in reply to faoileag
    faoileag:
    And in a case like that, I would take a printout of the email home for my personal records (or forward the email, but a printout doesn't leave traces in the email system).
    Sorry, but doing it the right way leaves trace on the email system... that is, print out the email, put in a wooden table, take a picture of it and send the picture by email. That leaves traces. And if you aren't careful, it leaves traces on the wooden table as well.
  • (cs)

    Validation by pegs, holes and hammers.

  • (cs) in reply to faoileag
    faoileag:
    belzebub:
    After 2 months, Art leaves the company and his replacements stares bewildered at the 000* phone numbers. Few calls later, Bruce is fired for intentionally destroying countless data records. THAT would be a WTF.
    That's why you shouldn't make such a weird validation go live until you have written confirmation from the customer that that is what he wants. And in a case like that, I would take a printout of the email home for my personal records (or forward the email, but a printout doesn't leave traces in the email system).

    how would such traces be used against you anyway? surely evidence that the email existed outside of a single piece of paper is going to give you a much more secure evidence base that such an email existed? being able to validate it through your personal email provider outside the control of your employer is an added bonus in any unfair dismissal proceedings.

  • EvilSnack (unregistered) in reply to faoileag
    faoileag:
    But I think that a webservice that leaves validation to the user interface is a wtf and a big one. "Little Booby Tables" comes to mind immediately.
    Aside from offering the only possible improvement to that particular XKCD comic, this is certainly true. We validate at both the client and the server level. Never trust the client app once it's been on the customer's machine.
  • RFoxmich (unregistered) in reply to ratchet freak

    +1 - captcha immmitto - mya codo immitto bado phono numeros.

    ratchet freak:
    TRWTF is:
    Abby de-tensed, ended the call, then glanced sharply to the developers. “How does the UI currently validate?”

    “Don’t worry, it’s nothing that bad,” Dale said.

    “So we don’t have hundreds of area code 000 customers in production right now?” Abby asked.

    “No.”

    “Good,” Bruce said. “Don’t worry, we never will.”

    as soon as anything else is used to import data to the legacy then there will be major issues

  • faoileag (unregistered) in reply to ZoomST
    ZoomST:
    Sorry, but doing it the right way leaves trace on the email system... that is, print out the email, put in a wooden table, take a picture of it and send the picture by email
    You know, I always wondered how people who do not have a wooden table can follow the recommended procedure of posting some text on the internet?

    Do they have to download a stock photo of a wooden table first, print that out in DIN A3/Ledger size, put it on a plastic/steel table and put their text document on top of that?

  • smilr (unregistered) in reply to Algorythmics

    I would guess that exfiltrating such confidential information out of the company is frowned upon by Bruce's employers. I know for my own employer doing this would be grounds for termination and/or lawsuits.

    I agree that this is exactly the kind of document that a personal CYA plan would want to have, but gaining a copy often has it's own risks.

  • (cs) in reply to belzebub
    belzebub:
    That's no WTF. I'm really tired of these mediocre stories - this is just something that happens to ALL of us at least once a week. Everybody knows that customers are stupid and they never know what they want, and if they think they know what they want, it's usually utterly wrong on over 9000 levels.

    That's what IT is all about. It's NORMAL. It shouldn't be, but it is, so it can't be considered a WTF. WTF is something totally out of ordinary, something that leaves every intelligent being speachless, facepalming or ROFL-ing.

    For example - if, in this case, Art would explain, that this retarded "validation" process was what they were doing manually for YEARS, and that half of the database was filled with manually-crippled nonsense, that would start looking like a WTF. Then, while Bruce would've lost it and had begun eating his pencil, Dale would try to explain why this "validation" was not a good idea. Then Art could calmly requested Dale removed from the meeting and explained to Abby, why this Dale is no longer welcome in this company. Meanwhile, Bruce, his mouth full of pencil splinters, starts banging his head on the table. Art switches to "no-nonsense" mode and says: "This validation will be done tomorrow at 8:00. This is all, thank you for your cooperation". Bruce and Abby, eyes full of tears, sack poor Dale and Bruce implements braindead phone number validation. After 2 months, Art leaves the company and his replacements stares bewildered at the 000* phone numbers. Few calls later, Bruce is fired for intentionally destroying countless data records.

    THAT would be a WTF.

    Yes, that would have been a good one. But such things never happen in the real world, and thus are never posted here.

    Things have been going downhill here since Alexander the Great decided to delegate. I want my money back.

  • faoileag (unregistered) in reply to smilr
    smilr:
    I agree that this is exactly the kind of document that a personal CYA plan would want to have, but gaining a copy often has it's own risks.
    I know, I would definitely study my contract first.

    Then again, in this day and age of BYOD and 24/7 email readiness expected by some companies, no-one can prevent you from taking a picture of that email in the solitude of your home.

  • *yawn* (unregistered) in reply to faoileag

    TRWTF is that there is no WTF in today's story. Nothing to see here, move along.

  • faoileag (unregistered) in reply to tharpa
    tharpa:
    I want my money back.
    Preferably appended with zeroes if the number is less than ten digits long.
  • Martijn (unregistered) in reply to Zacrath
    Zacrath:
    TRWTF is hotlinking to an image hosted on wikimedia.org. That server gets enough traffic on its own.

    Nah, that's all good, we (I'm not a Commons guy, but I am a Wikipedia guy) want you to use content on WikiMedia projects. Tere are other reasons why you don't want to deeplink though, but if you're cool with that, so are we: https://commons.wikimedia.org/wiki/Commons:Reusing_content_outside_Wikimedia/technical#Hotlinking

  • (cs) in reply to Jim Wales
    Jim Wales:
    Zacrath:
    TRWTF is hotlinking to an image hosted on wikimedia.org. That server gets enough traffic on its own.
    The Wikimedia Foundation is having a fundraiser today. Since you seem to care so much about the cost of traffic caused by hotlinking, I can only assume you have already made your donation by now.
    I prefer to consider my attempt to reduce traffic as donation enough. Also I'm broke.
  • (cs) in reply to faoileag
    faoileag:
    tharpa:
    I want my money back.
    Preferably appended with zeroes if the number is less than ten digits long.
    Zimbabwean Dollars do for you?
  • Martijn (unregistered) in reply to Martijn
    Martijn:
    Zacrath:
    TRWTF is hotlinking to an image hosted on wikimedia.org. That server gets enough traffic on its own.

    Nah, that's all good, we (I'm not a Commons guy, but I am a Wikipedia guy) want you to use content on WikiMedia projects. Tere are other reasons why you don't want to deeplink though, but if you're cool with that, so are we: https://commons.wikimedia.org/wiki/Commons:Reusing_content_outside_Wikimedia/technical#Hotlinking

    Not giving attribution to the author however is a bit of a dick move.

  • faoileag (unregistered) in reply to dkf
    dkf:
    faoileag:
    tharpa:
    I want my money back.
    Preferably appended with zeroes if the number is less than ten digits long.
    Zimbabwean Dollars do for you?
    No, I think they've outgrown 10-digit numbers long ago.
  • (cs)
    Bruce in the article:
    So, maybe the users would discover big changes in UAT. So what? That was what user acceptance testing was for.
    Bruce is TRWTF.

    UAT is not the time to discover a need for big changes, especially in these days of incremental delivery and all that flooflah.

    OK, yes, I know it's a web service for linking a legacy back-end DP system and some sort of UI-linked processing, but you still can deliver prototypes that show how it will work. Unless you have no non-production environment, but even then Bruce's attitude is ARWTF, along with the environment.

  • (cs) in reply to Jim Wales
    Jim Wales:
    Zacrath:
    TRWTF is hotlinking to an image hosted on wikimedia.org. That server gets enough traffic on its own.
    The Wikimedia Foundation is having a fundraiser today. Since you seem to care so much about the cost of traffic caused by hotlinking, I can only assume you have already made your donation by now.
    Tu quoque'd
  • ¯\(°_o)/¯ I DUNNO LOL (unregistered)
    “What should we do if it fails?” Dale asked.

    “Remove the non-numerics.”

    “And if it’s too long?”

    “Just take the first 10 characters.”

    “And if it’s too short?”

    “Prepend zeroes until it’s 10 characters long.”

    “Wait- don’t you want an error telling you the data is bad?” Abby said.

    “Oh, no!” the voice replied. “We don’t want any errorneous data, so we don’t want any errors. Errors are bad.”

    That's not "validation", that's making shit up, and applying a bigger hammer to make a square peg fit in a round hole. Maybe that was TRWTF?

  • ¯\(°_o)/¯ I DUNNO LOL (unregistered) in reply to faoileag
    faoileag:
    Then again, in this day and age of BYOD and 24/7 email readiness expected by some companies, no-one can prevent you from taking a picture of that email in the solitude of your home.
    Do they require you to BYOWT too?
  • nitePhyyre (unregistered) in reply to EvilSnack
    EvilSnack:
    faoileag:
    But I think that a webservice that leaves validation to the user interface is a wtf and a big one. "Little Booby Tables" comes to mind immediately.
    Aside from offering the only possible improvement to that particular XKCD comic, this is certainly true. We validate at both the client and the server level. Never trust the client app once it's been on the customer's machine.
    Not really. It seems like this is an internal site. Worrying about an injection attack in that scenario is kind of like giving your keys to someone then worrying they might hot-wire your car.
  • Anon (unregistered) in reply to Jim Wales
    Jim Wales:
    Zacrath:
    TRWTF is hotlinking to an image hosted on wikimedia.org. That server gets enough traffic on its own.
    The Wikimedia Foundation is having a fundraiser today. Since you seem to care so much about the cost of traffic caused by hotlinking, I can only assume you have already made your donation by now.

    Don't worry, the advertisers who pay for article promotion on Wikipedia have it covered.

  • faoileag (unregistered) in reply to ¯\(°_o)/¯ I DUNNO LOL
    ¯\(°_o)/¯ I DUNNO LOL:
    faoileag:
    Then again, in this day and age of BYOD and 24/7 email readiness expected by some companies, no-one can prevent you from taking a picture of that email in the solitude of your home.
    Do they require you to BYOWT too?
    Now that Apple has dropped skeumorphism from their devices YOWT is mandatory.
  • Nibbler (unregistered) in reply to Bob Johnson
    Bob Johnson:
    See ya, John!

    [BOB JOHNSON HAS LEFT THE CALL]

    Could be worse.

    ["Conference! WOOOOOO! ... ... ... wait, do I have to press pound?" HAS LEFT THE CALL]

  • bob (unregistered) in reply to MightyM

    My current project believed this too, which is why they simply commented out all code that was reported to throw an error. Hundreds of files compiled and pushed to production, with maybe 1/6 commented completely out at random.

  • Martijn (unregistered) in reply to bob
    bob:
    My current project believed this too, which is why they simply commented out all code that was reported to throw an error. Hundreds of files compiled and pushed to production, with maybe 1/6 commented completely out at random.

    Soundes like vigil is something for you: https://github.com/munificent/vigil

  • (cs) in reply to Martijn
    Martijn:
    bob:
    My current project believed this too, which is why they simply commented out all code that was reported to throw an error. Hundreds of files compiled and pushed to production, with maybe 1/6 commented completely out at random.

    Soundes like vigil is something for you: https://github.com/munificent/vigil

    Vigil page:
    Vigil deleted a function. Won't that cause the functions that call it to fail?

    It would seem that those functions appear to be corrupted as well. Run Vigil again and it will take care of that for you. Several invocations may be required to fully excise all bugs from your code.

    Sounds to me more like it will excise all code from your code.

    This one looks like someone is taking the piss again, like the feminist programming language thing. "implore" and "swear" seem like peculiar ways to spell "assert".

  • Jeremy (unregistered)

    If this can't ever actually be a problem because they're prevalidated, then why not add this just to appease them?

    They already acknowledged you're validating before they get in the system, but that they aren't comfortable with that. Seems like there would be minimal harm in this extra layer of horrible nonsense.

    Ultimately, what's worse, a couple odd not real phone numbers that anyone could look at and see it isn't real getting fed to the system, or the whole system/import crapping itself at 11pm on a friday because they coded their entire universe to expect 10 digit phone numbers else burn-the-place-down?

  • Bruce W (unregistered)

    OK - Bruce here. For your reading pleasure, my original submission. Please let me know if the insanely overdone rewrite was necessary. Alex, I know you needed more authors to help out but you never rewrote my submissions like this.

    ==================== Original Submission =============== I am currently developing a web service call for updating demographic (address, phone numbers, etc.) for my company's account holders on a vendor's back-end system. The web service I am developing is replacing an existing web service. The requirements I received were, "Replicating the existing web service schema. Receive, store, and forward demographic changes to the vendor." Yeah, sparse and lacking.

    I completed development quickly and the system testing results were looking great. Everything was looking like the service was ready to integrate with the current UI. The last testing meeting before releasing the service to the UI team one of the testers said the service was not validating phone numbers. I bit my tongue and didn't blurt out, "If you wanted validation, you should have listed that in the requirements." Yes, yes, always validate your data. But there was no indication that the current web service I was replacing did any validation. Everything I had seen showed that the UI was validating phone numbers.

    I asked, "How should I validate the phone numbers?"

    "Oh, currently we make sure there are no non-numeric characters and that the phone number is 10 digits." Since we only work with US customers, this sounded logical.

    "So, you return an error to the UI if an incorrect phone number is received. What is the error code so I can replicate the functionality?," I asked.

    "No, we don't return an error. We strip any non-numeric characters and pre-pend zeros to make it 10 digits," came the reply.

    "You what?" I followed trying to hold back my rage of how casually the other team felt about stomping on key customer information. "Why would you do this?"

    "Well, the vendor's back-end system returned an error if we didn't pass a 10-digit phone number so we wanted to make sure there no errors," they replied matter of factly.

    "No. I will not replicate this functionality," came my reply, "I will return an error to the UI. If you don't like that, don't worry, the executive sponsoring this project will definitely not agree to this requested change when I show it to her."

    The request was quickly dropped. As a double check I logged into the application that the web service backs and tried changing a phone number. Yes, the UI made sure that phone numbers were 10 numeric characters. At least it looked like the old web service's creative assistance wasn't being used. And by standing my ground I avoided years of taunting for my friends on the business side like, "hey, were is area code 000 again?"

  • EmperorOfCanada (unregistered)

    I don't know how many rulesets I have built that were just as stupid as this. People would come up with detailed specifications that had such easy solutions. My favorite was an endless argument about a web form where the customer came up with a complicated interface for verifying postal/zip codes. It was page after page of flowcharts.

    My suggestion was that we move the country selection field to the top and this would then change the form below so as to match the phone number postal/zipcode format for that country (they only dealt with 4 countries). This caused huge uproar as they had already spent tens of thousands with a graphic artist and they couldn't justify more to have all the forms redesigned. So I cooked up a form changing example(5 minutes) and the first thing was an angry email saying that we were not to bill them any more than $5,000 for our in-house graphic artist. When I told them that it was me and it was 5 minutes work, they suggested that I should get out of software development into the much more lucrative world of graphic design.

  • Bruce W (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    Bruce in the article:
    So, maybe the users would discover big changes in UAT. So what? That was what user acceptance testing was for.
    Bruce is TRWTF.

    UAT is not the time to discover a need for big changes, especially in these days of incremental delivery and all that flooflah.

    OK, yes, I know it's a web service for linking a legacy back-end DP system and some sort of UI-linked processing, but you still can deliver prototypes that show how it will work. Unless you have no non-production environment, but even then Bruce's attitude is ARWTF, along with the environment.

    This was not during UAT, it was during system test. I delivered prototypes and incremental updates for testing. The testing team dropped this on my at the last minute. Yes, I could have done more research for the requirements (see my previous post of my original submission) but the point of this was the complete lack of caring that a middle-tier system was stomping on customer information.
  • (cs)

    My theory:

    The author had a virus on his computer causing a System.Environment.NewLine to be thrown in the article every minute. Thus, lots of lines that don't mean anything, don't contribute to the article, and are pretty much just junk.

    Also, that would be why you see pretty much a new paragraph for every sentence.

  • ih8u (unregistered) in reply to nitePhyyre
    nitePhyyre:
    EvilSnack:
    faoileag:
    But I think that a webservice that leaves validation to the user interface is a wtf and a big one. "Little Booby Tables" comes to mind immediately.
    Aside from offering the only possible improvement to that particular XKCD comic, this is certainly true. We validate at both the client and the server level. Never trust the client app once it's been on the customer's machine.
    Not really. It seems like this is an internal site. Worrying about an injection attack in that scenario is kind of like giving your keys to someone then worrying they might hot-wire your car.

    Booby tables? Sounds good. Incidentally, the site you're probably thinking about is NOT prepended with "se". Although if it were written and drawn by Randall, I'd probably read that too.

Leave a comment on “Long Distance to Valid”

Log In or post as a guest

Replying to comment #:

« Return to Article