• Pieter (unregistered)

    I came here for the comments and none were found :(

  • (cs)

    Personally, I've always thought that the 'Dim' keyword in VB says it all.

  • Gill Bates (unregistered)

    Hey no way, that is my code for Shopdateformat() in the asp.net framework! And the CleanseMessage() function used in IIS!

    CAPTCHA: oppeto (n.), the master of the oppressed puppet

  • (cs)

    This Highly Paid Consultant fellow seems to get a lot of work. Surely thousands of companies cannot be wrong with trusting him with their systems.

  • (cs)

    Writing an exception straight to the document, HTML tags and all. Sweet!

  • Kasper (unregistered)

    Dani was asked to replace this piece of crap^H^H^Hode with something better. How is that a WTF? He only need to understand the code enough to migrate data out of it into the new system.

    I guess he don't have to modify the existing system or write a new system from scratch. More likely there exists an off-the-shelf system, which is sufficiently better than the existing system.

  • ASP.Fred (unregistered)

    TRWTF is the syntax highlighting. The comments aren't colored as comments and there are wrongfully highlighted keywords and numbers, too. And best of all: it's made by hand with color tags, unlike other code samples on this site that are colored with JS.

  • faoileag (unregistered) in reply to ASP.Fred
    ASP.Fred:
    TRWTF is the syntax highlighting. The comments aren't colored as comments and there are wrongfully highlighted keywords and numbers, too.
    And what, in a world of individual preferences and syntax highlighting settings, would the right way to highlight a keyword be?

    Current setting for me at work: comments blue, keywords mustard, strings dark red, variables pale turquoise.

  • faoileag (unregistered)

    I love Sub CleanseMessage.

    Not only does it feature an arry named badChars that in reality holds bad strings, one of those strings is "".

  • faoileag (unregistered) in reply to TGV
    TGV:
    Writing an exception straight to the document, HTML tags and all. Sweet!
    It's a form of outsourcing.

    You see, if the customer/user sees that error message, he will contact support, explain what he has done so that the error can be reproduced, perhaps sent a screenshot...

    That, at least, is the theory.

    Since in theory theory and practice are identical, this allows you to get rid of regression testers, since their work is now done by the customers and you svae a ton of money.

    And the customers are happy as well since they can contribute to make the product a better product (this, also, is a theory).

  • (cs) in reply to faoileag
    faoileag:
    TGV:
    Writing an exception straight to the document, HTML tags and all. Sweet!
    It's a form of outsourcing.

    You see, if the customer/user sees that error message, he will contact support, explain what he has done so that the error can be reproduced, perhaps sent a screenshot...

    That, at least, is the theory.

    Since in theory theory and practice are identical, this allows you to get rid of regression testers, since their work is now done by the customers and you svae a ton of money.

    And the customers are happy as well since they can contribute to make the product a better product (this, also, is a theory).

    There was a website I saw a few years back. One user complained about a page not working for them - the answer the user got was "View the source of the page and there would be an SQL exception in an HTML comment - copy and paste it here, so we can look into it". yes - the entire SQL exception was dumped into the page - query and everything. Still, I guess it saved work when figuring out why something isn't working.

  • Chris Key (unregistered)

    TRWTF is looking for a new job when you're being asked to replace a bad system with something better.

    And the HPC was clearly being paid per line of code (comments excluded).

  • ¯\(°_o)/¯ I DUNNO LOL (unregistered) in reply to ASP.Fred
    ASP.Fred:
    TRWTF is the syntax highlighting. The comments aren't colored as comments and there are wrongfully highlighted keywords and numbers, too. And best of all: it's made by hand with color tags, unlike other code samples on this site that are colored with JS.
    I particularly like how it highlights the keywords in comments.
  • Fritz, a.k.a. Fritzo (unregistered) in reply to faoileag
    faoileag:
    ASP.Fred:
    TRWTF is the syntax highlighting. The comments aren't colored as comments and there are wrongfully highlighted keywords and numbers, too.
    And what, in a world of individual preferences and syntax highlighting settings, would the right way to highlight a keyword be?

    The right way would be to not highlight keywords in comments, faoileago.

  • Fritz, a.k.a. Fritzo (unregistered) in reply to Chris Key
    Chris Key:
    TRWTF is looking for a new job when you're being asked to replace a bad system with something better.

    They forgot to mention that Danio was an utterly useless employee who couldn't code their way out of a wet paper bag.

  • Rupee Everet (unregistered)

    http://www.cvedetails.com/cve/CVE-2004-2411/

    Captcha: persto - hey persto! I found it!

  • faoileag (unregistered) in reply to Fritz, a.k.a. Fritzo
    Fritz:
    faoileag:
    ASP.Fred:
    TRWTF is the syntax highlighting. The comments aren't colored as comments and there are wrongfully highlighted keywords and numbers, too.
    And what, in a world of individual preferences and syntax highlighting settings, would the right way to highlight a keyword be?

    The right way would be to not highlight keywords in comments, faoileago.

    I somewhat had hoped for a flamewar, perhaps red vs. blue for comments...

    CAPTCHA: venio - tried venioo but it didn't work.

  • Walky_one (unregistered) in reply to Fritz, a.k.a. Fritzo

    Did you ever get a task like this? Kind of "This is the old code. Now Improve it".

    • No Specs available.
    • No Docu available.
    • You need to do "incremental" improvement (e.g. you're not allowed to write a new system from scratch).
    • You need to be compatible with legacy data.

    Best thing you can do at this point? --> Quit working there. a) You don't really have a chance to do it "well" because doing it "well" would mean restart from scratch. (No it's not possible to "iteratively" improve the design of a bad application....) b) If you actually start working on that thing: All responsibility suddenly shifts to you. There is a bug in the system? Must be your changes that did it. (Maybe it was you. Maybe the bug was present for years... Who knows...) c) Reading bad code is HARD... VERY HARD... trust me. Understanding a whole application just from (bad) code --> almost impossible (ever heard of "side effects"? Good luck identify any possible side effects if you don't even understand what the code is SUPPOSED to do).

    Just for information: I'm responsible to "manage" some complex legacy code written by a different company with almost no comments or docu. And that code is reasonably well written. However fixing anything in the core of the system still feels like shooting a fox in a hen house while wearing blindfolds.

  • (cs) in reply to Walky_one
    Walky_one:
    However fixing anything in the core of the system still feels like shooting a fox in a hen house while wearing blindfolds.
    Shooting a fox in a hen house isn't that hard, even with blindfolds on, provided that: * I am allowed a shotgun with good spread. * Nobody minds if I shoot the hens as well.

    In practice, the second constraint is the troublesome one that introduces the most stress.

  • SumYunGai (unregistered)

    I'm pretty sure that's VP-ASP, a commercial shopping cart that's been around forever. And the best part is that I still maintain 2 sites that use it. They are both so heavily customized that we can't change platforms without major expense, so I'm stuck with it for now. One of the sites does several million dollars in sales each year, so I guess it works well enough after you patch all of the security holes.

  • Walky_one (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    Walky_one:
    However fixing anything in the core of the system still feels like shooting a fox in a hen house while wearing blindfolds.
    Shooting a fox in a hen house isn't that hard, even with blindfolds on, provided that: * I am allowed a shotgun with good spread. * Nobody minds if I shoot the hens as well.

    In practice, the second constraint is the troublesome one that introduces the most stress.

    Well... I'm usually required to pledge that all "Hens" are still there (without being able to count them... I wouldn't know how many there were anyway...)

  • (cs) in reply to Steve The Cynic
    Steve The Cynic:
    Walky_one:
    However fixing anything in the core of the system still feels like shooting a fox in a hen house while wearing blindfolds.
    Shooting a fox in a hen house isn't that hard, even with blindfolds on, provided that: * I am allowed a shotgun with good spread. * Nobody minds if I shoot the hens as well.

    In practice, the second constraint is the troublesome one that introduces the most stress.

    If the second constraint is something that concerns you, then you are clearly not a "highly paid consultant" of the type that wrote the article's code snippets.

  • Pauller (unregistered)

    Dani expected to find high quality, well organized code that would be easy to modify.

    ... That was the first mistake ...

  • Paul Neumann (unregistered) in reply to Pauller
    Pauller:
    Dani expected to find high quality, well organized code that would be easy to modify.

    ... That was the first mistake ...

    if that were the case, it wouldn't need fixed.

  • derp (unregistered)

    I had to deal with something like that. I rewrote a good portion of it, but it is such a mess I would have to rewrite the whole thing. I was able to remove several thousand lines of buggy code though. However now when there is an issue with any of those parts I rewrote I am responsible for issues. Yea me.

    validus - this shopping cart is not valid.

  • (cs) in reply to faoileag
    faoileag:
    Fritz:
    faoileag:
    ASP.Fred:
    TRWTF is the syntax highlighting. The comments aren't colored as comments and there are wrongfully highlighted keywords and numbers, too.
    And what, in a world of individual preferences and syntax highlighting settings, would the right way to highlight a keyword be?

    The right way would be to not highlight keywords in comments, faoileago.

    I somewhat had hoped for a flamewar, perhaps red vs. blue for comments...

    CAPTCHA: venio - tried venioo but it didn't work.

    Yeah... tohtml.com doesn't always do the right thing when highlighting...

  • anonymous (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    Walky_one:
    However fixing anything in the core of the system still feels like shooting a fox in a hen house while wearing blindfolds.
    Shooting a fox in a hen house isn't that hard, even with blindfolds on, provided that: * I am allowed a shotgun with good spread. * Nobody minds if I shoot the hens as well.

    In practice, the second constraint is the troublesome one that introduces the most stress.

    Am I to understand that nuking it from orbit is out of the question?

  • (cs)

    I wonder how easy it would be to create an infinite loop in Shopdateformat() by passing bad data. Probably pretty easy.

  • (cs) in reply to anonymous
    anonymous:
    Steve The Cynic:
    Walky_one:
    However fixing anything in the core of the system still feels like shooting a fox in a hen house while wearing blindfolds.
    Shooting a fox in a hen house isn't that hard, even with blindfolds on, provided that: * I am allowed a shotgun with good spread. * Nobody minds if I shoot the hens as well.

    In practice, the second constraint is the troublesome one that introduces the most stress.

    Am I to understand that nuking it from orbit is out of the question?

    While I appreciate the thoroughness of your plan, the cost would just be too high. So we're going to go with the CEO's nephew, who said that he could do it for a hundred bucks.

  • (cs) in reply to Rupee Everet
    Rupee Everet:
    http://www.cvedetails.com/cve/CVE-2004-2411/

    Captcha: persto - hey persto! I found it!

    WOW! Vulnerability per year! (2002-2007) They really deliver! At least one new vulnerability every year! And a real boost in 2004 with four new vulnerabilities.

    Real exciting stuff for such a low price!

  • (cs) in reply to snoofle
    snoofle:
    faoileag:
    Fritz:
    faoileag:
    ASP.Fred:
    TRWTF is the syntax highlighting. The comments aren't colored as comments and there are wrongfully highlighted keywords and numbers, too.
    And what, in a world of individual preferences and syntax highlighting settings, would the right way to highlight a keyword be?

    The right way would be to not highlight keywords in comments, faoileago.

    I somewhat had hoped for a flamewar, perhaps red vs. blue for comments...

    CAPTCHA: venio - tried venioo but it didn't work.

    Yeah... tohtml.com doesn't always do the right thing when highlighting...

    Which type did you use? It looks a lot better with "inet: VBScript"

  • (cs) in reply to Walky_one
    Walky_one:
    Did you ever get a task like this? Kind of "This is the old code. Now Improve it".
    • No Specs available.
    • No Docu available.
    • You need to do "incremental" improvement (e.g. you're not allowed to write a new system from scratch).
    • You need to be compatible with legacy data.

    Best thing you can do at this point? --> Quit working there. a) You don't really have a chance to do it "well" because doing it "well" would mean restart from scratch. (No it's not possible to "iteratively" improve the design of a bad application....) b) If you actually start working on that thing: All responsibility suddenly shifts to you. There is a bug in the system? Must be your changes that did it. (Maybe it was you. Maybe the bug was present for years... Who knows...) c) Reading bad code is HARD... VERY HARD... trust me. Understanding a whole application just from (bad) code --> almost impossible (ever heard of "side effects"? Good luck identify any possible side effects if you don't even understand what the code is SUPPOSED to do).

    Just for information: I'm responsible to "manage" some complex legacy code written by a different company with almost no comments or docu. And that code is reasonably well written. However fixing anything in the core of the system still feels like shooting a fox in a hen house while wearing blindfolds.

    That actually describes about 30% of the contracts my firm (deliberately) takes on. I agree with most of your post - except that it IS possible (not easy) to incrementally improve on a bad design...

  • ¯\(°_o)/¯ I DUNNO LOL (unregistered) in reply to Rupee Everet
    Rupee Everet:
    http://www.cvedetails.com/cve/CVE-2004-2411/

    Captcha: persto - hey persto! I found it!

    2004? I probably had to deal with an IDS signature for the damn thing. I really hated how we had to include vulns for all the crappy swiss-cheese web shites that were written by morons, and used by people who never updated even after bugs were fixed.

    IMNSHO, sometimes Darwin's way is the best.

  • (cs) in reply to Paul Neumann
    Paul Neumann:
    Pauller:
    Dani expected to find high quality, well organized code that would be easy to modify.

    ... That was the first mistake ...

    if that were the case, it wouldn't need fixed.

    The second is in quitting when he was apparently given the task to replace the whole thing anyway.

  • Julchen (unregistered)

    WOW!!! Stripping "" from an input is just an OMGWTF accident wating to happen...

  • QJo (unregistered) in reply to Coyne
    Coyne:
    Steve The Cynic:
    Walky_one:
    However fixing anything in the core of the system still feels like shooting a fox in a hen house while wearing blindfolds.
    Shooting a fox in a hen house isn't that hard, even with blindfolds on, provided that: * I am allowed a shotgun with good spread. * Nobody minds if I shoot the hens as well.

    In practice, the second constraint is the troublesome one that introduces the most stress.

    If the second constraint is something that concerns you, then you are clearly not a "highly paid consultant" of the type that wrote the article's code snippets.

    "Highly paid consultants" don't actually do the work -- if they're "highly paid" then it means they must be clever enough to be able to get someone else to do the actual work for them. Those someone elses are (obviously) far less well paid and consequently are low-skilled.

  • MrFox (unregistered)

    Why would he look for a 'better' job? They asked him to REPLACE the system, he din't have to do anything with the existing system.

  • Hannes (unregistered) in reply to MrFox
    MrFox:
    Why would he look for a 'better' job? They asked him to REPLACE the system, he din't have to do anything with the existing system.

    I don't get it either. They are asking him to replace it for a good reason. Also, who's saying that there are "no specs"? It's clear what the old system is doing (it's clear to the people who work with it), so it should be easy to figure out what the new system should do.

  • comment goat (unregistered)

    Hehe, I particularly enjoyed the repeated use of the name "Dani" instead of "he" or "she". Apparently snoofle didn't want to take chances guessing Dani's gender.

  • (cs) in reply to comment goat
    comment goat:
    Hehe, I particularly enjoyed the repeated use of the name "Dani" instead of "he" or "she". Apparently snoofle didn't want to take chances guessing Dani's gender.

    It's because Dani is Dani-sexual.

  • (cs) in reply to comment goat
    comment goat:
    Hehe, I particularly enjoyed the repeated use of the name "Dani" instead of "he" or "she". Apparently snoofle didn't want to take chances guessing Dani's gender.

    I know many women named Dani, but not a single guy. If I were to meet one, I would feel bad for him.

  • The Truth, The Hole Truth, And Nothing Butt (unregistered)

    The punch line to so many of these is that the writer started looking for their next job.

    Which suggests they only want jobs where everything is perfect, runs without problem, doesn't need to be changed - is it because in reality they're not that good a coder themself?

  • anonymous (unregistered) in reply to chubertdev
    chubertdev:
    comment goat:
    Hehe, I particularly enjoyed the repeated use of the name "Dani" instead of "he" or "she". Apparently snoofle didn't want to take chances guessing Dani's gender.

    I know many women named Dani, but not a single guy. If I were to meet one, I would feel bad for him.

    Most of the time they spell it "Danny", but if it's shortened from Daniel, either spelling should be equally acceptable. I've known at least a few, and although I don't know whether they spelled it Danny or Dani it's the same exact pronunciation either way.

  • (cs) in reply to anonymous
    anonymous:
    chubertdev:
    comment goat:
    Hehe, I particularly enjoyed the repeated use of the name "Dani" instead of "he" or "she". Apparently snoofle didn't want to take chances guessing Dani's gender.

    I know many women named Dani, but not a single guy. If I were to meet one, I would feel bad for him.

    Most of the time they spell it "Danny", but if it's shortened from Daniel, either spelling should be equally acceptable. I've known at least a few, and although I don't know whether they spelled it Danny or Dani it's the same exact pronunciation either way.

    I'd expect either Danny or Dan for a man.

  • RenHoek (unregistered)

    TRWTF is expecting high quality code when done by a highly paid consultant.

  • Essex Kitten (unregistered) in reply to Pieter
    Pieter:
    I came here for the comments and none were found :(

    You got the wrong site mate. The site you read for the comments is called Slashdot. One reads this one for the blue comments only.

  • brian gordon (unregistered)

    "--" starts a comment in SQL, and it's often used to make SQL injection easier. So they already have that.

Leave a comment on “The Best Shopping System EVER”

Log In or post as a guest

Replying to comment #:

« Return to Article