• JF (unregistered)

    meh...funny?

  • (cs)

    I must say, that Null is a pretty software-crashing name :)

  • (cs)

    Obviously the chances of someone being named "Null" is not that bad. However, the fact that it took empty search fields to be a string value of "Null" is the WTF. It should've came back with something like "Please provide one or more search values"

  • gaus (unregistered)

    this smells like SQL-Injection? Inviting desaster to lunch...

  • (cs) in reply to wraith

    Or how about N.A. Jones?

    Or maybe <null> , the asshole who legally changed his name to have the angle brackets. It's unpronouncable.

  • Harrow (unregistered)

    I wouldn't be surprised to learn that no matter what criteria you enter, you will never be able to locate Dr. Stephen Null, Dr. Tomas Null, or Dr. William Null.

    -Harrow.

  • AndrewB (unregistered)

    If (lastName IS NULL OR lastName = 'NULL') THEN

    I can't think of what else it could be.

  • MX5Ringer (unregistered)

    How many of us tried to see if we could get on the site to check this though?

    I know I did (can't be bothered trying to find out how to register though, and havent got time to try and get in by force/stealth)

    Captcha:- pigeons

  • whicker (unregistered)

    The real wtf is that when hiding information in screen captures, don't use blur or mosaic. Use a solid color!

    I guess I should read the article now. meh.

  • grkvlt (unregistered)

    i like the login screen on their site - the helpful message is a haiku:

    Express Login A Fast Loading Page That Can Be Bookmarked For Your Convenience

  • (cs)

    Let me see if I get it: The WTF is that a search with no criteria searched for the STRING "Null" instead of either A) having an error message saying you need to enter criteria or B) Using the actual SQL value NULL. Right?

    Seems like a kinda tame WTF to me.

  • moe (unregistered)

    Is that phone number 1-858-480-1067 ??

    What are the results of the blood test? true, false, maybe, file not found?

    captcha: smile - anagram for imels

  • Tidus (unregistered) in reply to AndrewB

    Well, that could simply be the "lastName" variable referenced in a query without checking wether it is Null or not. Some OO-languages will always reply "null" when you ask for a null pointer to be casted as a String. Indeed it would be great if it showed somthin' quite like a NullPointerException or such.

    In fact, not checking before casting might either crash the application or give weird results like this. Interesting, through !

  • ernesti (unregistered)

    It'd be great name. Dr. Dev Null, I presume?

  • areinard (unregistered)
    Comment held for moderation.
  • Le Poete (unregistered) in reply to kirchhoff
    kirchhoff:
    Or how about N.A. Jones?

    Or maybe <null> , the asshole who legally changed his name to have the angle brackets. It's unpronouncable.

    And how would someone search for "The Artist Formelly Known As Prince" in the days he used that weird symbol as his name. It's not even a unicode character, neither a symbol of WingDing font.

  • (cs) in reply to ernesti
    ernesti:
    It'd be great name. Dr. Dev Null, I presume?
    In a James-Bond-like voice:

    The name's Null, Dev Null!

  • Been there done that don't care any more (unregistered) in reply to Le Poete
    Le Poete:
    kirchhoff:
    Or how about N.A. Jones?

    Or maybe <null> , the asshole who legally changed his name to have the angle brackets. It's unpronouncable.

    And how would someone search for "The Artist Formelly Known As Prince" in the days he used that weird symbol as his name. It's not even a unicode character, neither a symbol of WingDing font.

    ...Spock You-Couldn't-Pronounce-It

  • (cs) in reply to Le Poete
    Le Poete:
    kirchhoff:
    Or how about N.A. Jones?

    Or maybe <null> , the asshole who legally changed his name to have the angle brackets. It's unpronouncable.

    And how would someone search for "The Artist Formelly Known As Prince" in the days he used that weird symbol as his name. It's not even a unicode character, neither a symbol of WingDing font.

    It was easy, you searched for "Prince" and you got everything that had his prior discography and everything under "formally known as Prince". Remember, unofficially everyone still called him "Prince" or "The Artist", the name change was purely for legal purposes.

  • Dennis V. (unregistered)
    Comment held for moderation.
  • (cs)

    The Satanic Dr. Null.

  • omitted (unregistered)

    The dietician Gary Null has a radio show on Pacifica (which I would not recommend).

    The archetype for this one is Jon Bentley's story in one of the Programming Pearls books about the APL program that failed whenever it hit the Ecuadorean data set. Alas, the capital of Ecuador is Quito, a prefix of the magic token Quit.

  • Robert (unregistered)

    I can get to the site, because I work there. It's not true. The only way to get Mr. Null to come up in the search results is to enter "Null" in the name. The submitter did so and then deleted it before grabbing a screen shot. So, whoever you are, you're a liar.

  • Anonymous cardinal person (unregistered)

    Having worked for CardinalHealth before the phonebook website does not allow empty fields, although Dr. Null is a real person. This is fake. There are quite a number of WTF's here though. Ask me about the VB ap connecting to the Oracle database running a query to pull data from an SAP application...yeah...

  • Kevin (unregistered)

    Actually, this is not a search for a doctor - this is our internal phone book (Cardinal employee's). Still, rather disappointing...

  • Anonymous cardinal person (unregistered) in reply to Robert

    Does your last name start with K?

  • Anonymous cardinal person (unregistered)

    At this point I'm kinda amazed at the number of Cardinal employees/contractors who read WTF. Hello all! ::waves invitingly::

  • (cs) in reply to omitted
    omitted:
    The dietician Gary Null has a radio show on Pacifica (which I would not recommend).

    The archetype for this one is Jon Bentley's story in one of the Programming Pearls books about the APL program that failed whenever it hit the Ecuadorean data set. Alas, the capital of Ecuador is Quito, a prefix of the magic token Quit.

    A fuck-up that can be made by programmers in any language. APL doesn't even make it easier to make that mistake.
  • Jon (unregistered) in reply to grkvlt
    grkvlt:
    i like the login screen on their site - the helpful message is a haiku:

    Express Login A Fast Loading Page That Can Be Bookmarked For Your Convenience

    is there a 5-5-5 haiku I don't know about?

    I thought it was 5-7-5

  • Jon (unregistered)

    I think this is fake to be honest I can't see how this can be implemented. Null = null evals to false... so for a real null to be there then nothing should be returned..

  • Chacal (unregistered) in reply to omitted

    Precision: There are no magic tokens or reserved words in APL itself, so it must have been in the application.

  • (cs) in reply to Anonymous cardinal person
    Anonymous cardinal person:
    At this point I'm kinda amazed at the number of Cardinal employees/contractors who read WTF. Hello all! ::waves invitingly::
    Frankly it looks a bit suspicious that 5 cardinal employees make comments in a row, each within a minute of the last. Particularly since they're all unregistered. Almost as if one person was trolling under different names... But then, I suppose it's believable that someone at Cardinal saw the WTF and pointed it out to h(is|er) co-workers, but I would still think there'd be a bit more variance in the posting times.
  • sid (unregistered) in reply to Jon
    Comment held for moderation.
  • Kinglink (unregistered)

    After some thought this is a pretty good WTF. It's "Null". "Null" or "NULL" should NOT equal NULL

  • Another Anonymous Cardinalite (unregistered) in reply to Erzengel

    Wow, paranoid much? Consider this - in the R&D building where I work, everyone gets in around the same time in the morning, and most of us have WTF as one of our start pages.

  • ANOTHER cardinal employee (unregistered)

    Ha! I was shocked to see this as I just left the company. (my job moved to dublin! rat bastards!)

    ./wave at all my fellow ex-coworkers...

    aren't you all supposed to be fixing something?

    Naaa... it's a big company that stays behind the scenes for a HUGE amount of medical stuff. It's spread out all over the place so lots of IT.

  • Cowbert (unregistered)

    Null, Mr. Bond, I expect you to die!

  • (cs) in reply to Another Anonymous Cardinalite
    Another Anonymous Cardinalite:
    Wow, paranoid much?
    That's what I'm paid to be, so yes.
    Consider this - in the R&D building where I work, everyone gets in around the same time in the morning, and most of us have WTF as one of our start pages.
    I noted that there were explanations, I just had to make note of how suspicious it looked.
  • Anonymous cardinal person (unregistered)

    RSS readers all update at roughly the same time and since we all freaked when we saw it....

  • ASDF (unregistered)

    Hello, I'm doctor "; DROP TABLE; pleased to meet you.

  • bobbo (unregistered) in reply to ASDF

    Well done, you just made me spit tea all over my laptop screen.

  • Jim Hickstein (unregistered)

    Working with the UK NHS directory, it was said that there were quite a few of "Dr. Death" in the list; five or fifty, depending on who was telling the story. For some reason this got a laugh.

  • Yet another anonymous CH employee ... (unregistered) in reply to ASDF

    Either the submitter, Michael, was lying, or he was being very disingenuous in his submission.

    A quick look at the source for this page reveals:

    Quick search: if(input == null || input == ""){

    alert("Enter a value for QuickSearch");
    return false;
    
    }
    else if(noInvalidChar(input))
    {
    document.form1.submit();
    }
    

    Detailed search: if((fn == "") && (ln =="") && (location == "") && (business =="")){ alert("Enter a value for Detailed Search"); document.form9.firstName.focus(); } else{ if(noInvalidCharFn(fn)){ fnValid=true; if(noInvalidCharLn(ln)){ lnValid=true;

    }                   
    }
    }
    

    And no, submitting with only spaces in either the quick search or the detailed search textbox fields does not work, either. The noInvalidChar* routines trim whitespaces and validate that the resulting string is not empty.

    The only way he could have submitted a search request with no parameters would be to have modified the JavaScript code to disable this check locally, or performed some sort of submission trickery that a typical user would not be able to do. I personally did not bother to go out of my way to test this, but it's reasonable that bypassing the JavaScript check might result in a small issue like this. Hardly a WTF.

    There is also the very unlikely possibility that the page was corrected between Michael's screenshot and when the first CH employee attempted to confirm the result. I sincerely doubt such an important page would be updated with such thorough validation routines so quickly, however.

    I'm actually more curious as to why Michael would be searching for his doctor on an internal company phone book that I hope is not accessible to the public, however.

    This story was almost certainly fabricated, and makes me wonder about other stories on this site. Though you can't blame Jake, as he would obviously not be able to personally verify this himself before accepting the submission ...

  • (cs) in reply to Yet another anonymous CH employee ...

    Huh, wouldn't entering an invalid character result in nothing happening? Or did you leave out an else?

    Anyway, does the site actually claim anywhere that the articles are guarenteed to be real? Aren't these stories just supposed to be entertainment? If an occasional fictional story passes through, so what?

  • Yet another anonymous CH employee ... (unregistered) in reply to Erzengel

    Nah. Sorry, I didn't want to post the source to the entire non-public page here. If you fail that test, it just returns "no records found" and doesn't actually search anything.

    The only way this would be an issue is if the site is performing loose SQL queries based on the search strings, hoping that JavaScript filters the strings safely, but the backend should at least be protected against escape quotes. I hope. I don't have access to that to tell you, though.

  • Gabe (unregistered)

    For those who don't know, Null is a last name shared by 0.003% of all Americans. In 1990 it was the 4509th most popular last name.

  • (cs) in reply to Yet another anonymous CH employee ...
    Yet another anonymous CH employee ...:
    Either the submitter, Michael, was lying, or he was being very disingenuous in his submission.

    A quick look at the source for this page reveals:

    [...]

    Just a thought: what if you disable javascript? Does the form stil get submitted?

  • tyrannical (unregistered)

    Is it too late to have my name changed to Mr. No Carrier?

  • Anceps (unregistered)
    Comment held for moderation.
  • (cs)

    I figure this is possible if the backend DB is Oracle. After all, Oracle thinks NULL and the empty string are equal, doesn't it?

Leave a comment on “Paging Dr. Null”

Log In or post as a guest

Replying to comment #:

« Return to Article