• Ben (unregistered)

    INSERT INTO Comments VALUES ('FIRST')

  • foo (unregistered)

    This the first as comment...

  • TheThing (unregistered)

    At the very least, you can't say TRWTF is (php/apache/IIS/java/.Net).

    Still, that is one fucked up system to maintain. I could imagine why they would charge 10.000$ just to look at it. That must be so they can pay the psychiatric bill for their developers.

  • Jeff (unregistered)

    (Job) Security through obscurity?

  • cheap (unregistered)

    the real WTF is he only charged $250 for someone who was desperate and had a system as hideous as that.

  • Paul (unregistered)

    You'd have to be bold to produce a system that rubbish and then try and charge that much for fixes!

  • kikito (unregistered)

    "Sometimes, bad software can be profitable"

    Just to give some context to that phrase: Selling drugs or killing people can be profitable sometimes, too.

  • Upsella (unregistered)
    Scott Selikoff:
    Richard’s business was run on the philosophy, “Once you buy from us, you’re stuck with us,”

    That's the way the business I work at runs as well.

    TRWTF is that Richard didn't mirror some of our other processes. We charge $10,000 just for a proof of concept. That's right. "Please come to our office next week so we can sell you something. Oh, and that will be $10k please."

    Don't get me started on the fact that we can't deliver what we sold them in the POC.

  • dkf (cs)

    That Richard sounds like a real dick.

    (There's an issue with the first paragraph of the story not appearing on the front page as a teaser. Otherwise pretty good for a first effort, Scott.)

  • Anonymous (unregistered) in reply to kikito
    kikito:
    "Sometimes, bad software can be profitable"

    Just to give some context to that phrase: Selling drugs or killing people can be profitable sometimes, too.

    I resent the suggestion that drug dealers are in the same category of evil as "Richard". Or murderers, for that matter. But there is a lesson to be learnt here: Stuart bought the system as is, without a code review to verify whether it was worth the money or hassle. Even if he didn't have any in-house coders, it would have been worth the consulting fees to bring in a consultant just for the purposes of code review. Well worth it, by the sounds of things.
  • RobFreundlich (cs) in reply to TheThing
    TheThing:
    At the very least, you can say TRWTF is (php&apache&IIS&java&.Net).
    FTFY
  • Hasteur (cs)

    And the moral of the story is:

    Never price any single component of software too high. The customer might hire a consultant and realize that you're charging almost a 1000% markup on something someone else can do

  • Anonymous (unregistered) in reply to dkf
    Comment held for moderation.
  • APH (unregistered)

    I can't help but wonder why Paul didn't offer to build a sane system for the $10,000 they would have to pay just to have the other consultant "look" at their own disaster.

    As a guy who's was once fresh out of college, a "real" project, with "real" money, which would help build a portfolio... I'd jump at the chance to do that.

  • ekolis (cs)

    Select * from *? You can DO that? Oh... My... God...

  • F (unregistered) in reply to APH
    APH:
    I can't help but wonder why Paul didn't offer to build a sane system for the $10,000 they would have to pay just to have the other consultant "look" at their own disaster.

    As a guy who's was once fresh out of college, a "real" project, with "real" money, which would help build a portfolio... I'd jump at the chance to do that.

    Maybe so, but you'd need to work from a proper spec. Which you'd presumably have to reverse-engineer from the existing disaster. If it's as bad as it's painted, that would be a major achievement for a rookie developer.

  • me (unregistered) in reply to ekolis
    ekolis:
    Select * from *? You can DO that? Oh... My... God...

    Not in Microsoft SQL Server. AFAIK. YMMV.

  • Tim (unregistered) in reply to ekolis

    Just tried it in MySQL. They must have been doing it in the MS SQL portion, MySQL just spits out its standard error message.

  • Michael (unregistered)

    I was once asked to put in a quote for a small upgrade. I figured that it would take a couple of weekends work at most so I padded to 3 weekends just in case. I then gave two quotes $1000/day T&M or $6000 fixed. I admit I had an advantage over my competitor in that I wrote every line of the app in question but my competitor (large, sky coloured, world-wide, activities) still managed to put in an estimate of $650,000 to start.

  • JamesQMurphy (cs) in reply to Tim
    Tim:
    Just tried it in MySQL. They must have been doing it in the MS SQL portion, MySQL just spits out its standard error message.
    I just tried in SQL Server 2005. Can't do it there either.
  • mott555 (cs) in reply to JamesQMurphy
    JamesQMurphy:
    Tim:
    Just tried it in MySQL. They must have been doing it in the MS SQL portion, MySQL just spits out its standard error message.
    I just tried in SQL Server 2005. Can't do it there either.

    SQL Server 2008 R2 doesn't like it either.

  • SCSimmons (cs) in reply to mott555
    mott555:
    JamesQMurphy:
    Tim:
    Just tried it in MySQL. They must have been doing it in the MS SQL portion, MySQL just spits out its standard error message.
    I just tried in SQL Server 2005. Can't do it there either.

    SQL Server 2008 R2 doesn't like it either.

    Well, that sucks. What if you need that functionality for some reason? Say, for instance, that you ... um ...

    (pondering)

    ... wanted to damn your immortal soul to Hell for all eternity? Why won't Microsoft let you just do it? Huh?

  • hikari (cs) in reply to mott555
    mott555:
    JamesQMurphy:
    Tim:
    Just tried it in MySQL. They must have been doing it in the MS SQL portion, MySQL just spits out its standard error message.
    I just tried in SQL Server 2005. Can't do it there either.

    SQL Server 2008 R2 doesn't like it either.

    Neither does Oracle 10g Release 2.

  • steve jobs (unregistered)

    This, my children, is why free software is communism and doomed to fail.

  • JamesQMurphy (cs) in reply to SCSimmons
    SCSimmons:
    Well, that sucks. What if you need that functionality for some reason? Say, for instance, that you ... um ...

    (pondering)

    ... wanted to damn your immortal soul to Hell for all eternity? Why won't Microsoft let you just do it? Huh?

    I'll do it for you. That will be $10,000, please.

  • ObiWayneKenobi (cs)

    I love consultants who have that mentality and fail to realize that writing good, high-quality software will keep clients coming - tossing out shit will make a quick buck but that's it.

    Agreed the real WTF is that Paul didn't say "This will save you for now, let's meet and talk about a new system to replace it."

  • untitled (unregistered)

    Personally I love other peoples bad code... it keeps me employed! :-)

  • Zylon (cs) in reply to Ben
    DailyWTF:
    Navigating passed the piles of database...
    Sigh.
  • leadacid (unregistered) in reply to hikari

    No go with SQL Server 2000. Incorrect syntax near '*'

  • Scott (unregistered)

    And for reference it doesn't work in sqlite either: SQL error: near "*": syntax error

  • WhiskeyJack (cs)

    He should have charged $1,000. Stuart would still have been happy to pay it, compared to the other quotes, and it guarantees that should Paul get called again (possibly to solve even more difficult problems) that he'll be well compensated for his efforts.

    Sometimes when people charge high prices it's because they really don't want the job, but if the client is really willing to pay, then at least they get something for it. Personally I call that the "F-U" price.

  • Yaos (cs)

    You guys are assuming SELECT * FROM * was sent directly to the database. They probably had a program that would query the server to find out how many databases there are, how many tables in each, and how many fields in each. The program would then run through a FOR...CASE loop that would pull the values out one at a time and write it to the disk. Once all values are pulled out they are then loaded using a mix of VisualBasic, XML for the if statements to run though.

  • Design Pattern (unregistered) in reply to JamesQMurphy
    Comment held for moderation.
  • akatherder (cs) in reply to Anonymous
    Anonymous:
    kikito:
    "Sometimes, bad software can be profitable"

    Just to give some context to that phrase: Selling drugs or killing people can be profitable sometimes, too.

    I resent the suggestion that drug dealers are in the same category of evil as "Richard". Or murderers, for that matter. But there is a lesson to be learnt here: Stuart bought the system as is, without a code review to verify whether it was worth the money or hassle. Even if he didn't have any in-house coders, it would have been worth the consulting fees to bring in a consultant just for the purposes of code review. Well worth it, by the sounds of things.

    How does that work when the consultant labels their code as garbage?

    Either, you don't pay them (i.e. they go bankrupt and you're back at square one with no software). Or they go fix it, which they are clearly incapable of doing.

    Also, who chooses the consultant?

    I'm asking out of curiosity, not challenging the concept.

  • akatherder (cs) in reply to Yaos
    Yaos:
    You guys are assuming SELECT * FROM * was sent directly to the database.

    I initially assumed that the SELECT statement was a representative statement in the aspx page and not passed directly to the DBMS. Primarily because no modern production DBMS would ever support a "SELECT * FROM *" query.

    After re-reading the article, it seems to be saying that it was in fact executing this query in the DBMS.

  • trwtf (unregistered) in reply to WhiskeyJack
    WhiskeyJack:
    Sometimes when people charge high prices it's because they really don't want the job, but if the client is really willing to pay, then at least they get something for it. Personally I call that the "F-U" price.

    I really hope you don't use that cursed abbreviation in actual speech. There's little in this world more pathetic than a grown man who would like to use the word "fuck" but dares not. (hey, at least it's a different sort of language nit-picking)

  • PedanticCurmudgeon (cs) in reply to SCSimmons
    SCSimmons:
    Well, that sucks. What if you need that functionality for some reason? Say, for instance, that you ... um ...

    (pondering)

    ... wanted to damn your immortal soul to Hell for all eternity? Why won't Microsoft let you just do it? Huh?

    As far as I know, condemning souls to perdition is scheduled for inclusion in the next service pack.
  • frits (cs) in reply to trwtf
    trwtf:
    WhiskeyJack:
    Sometimes when people charge high prices it's because they really don't want the job, but if the client is really willing to pay, then at least they get something for it. Personally I call that the "F-U" price.

    I really hope you don't use that cursed abbreviation in actual speech. There's little in this world more pathetic than a grown man who would like to use the word "fuck" but dares not. (hey, at least it's a different sort of language nit-picking)

    Sure there is. People who try to push their arbitrary rules on others via the internet.

  • RandomUser423706 (unregistered)

    I fear this can lead to little else but great evil, but (for MSSQL): EXEC sp_msforeachtable 'SELECT * FROM ?'

  • b_i_d (unregistered)

    Great story.

    And one every software developer learns at one point or another in his life (usually the hard way):

    Sometimes you just don't try to understand it. Just go with it, hack in your changes to the best of your knowledge and call it a day.

  • trwtf (unregistered) in reply to frits
    frits:

    Sure there is. People who try to push their arbitrary rules on others via the internet.

    True that. Observations, on the other hand, are fair game, as you will have noticed, since you just made one yourself.

    But really, I started hearing people say that - "eff you" - a few years ago, and it struck me as the most ineffective euphemism I'd ever heard. If you're offended by one, you're offended by the other, and if you're not offended by the actual word, the other sounds like an eight year old making his first forays into the brave world of dirty words. But it just makes me think of the famous Sean Penn line in Fast Times at Ridgemont High - "You pee-pee!" Doesn't quite have the same effect, does it?

  • Anonymous (unregistered) in reply to akatherder
    akatherder:
    Anonymous:
    kikito:
    "Sometimes, bad software can be profitable"

    Just to give some context to that phrase: Selling drugs or killing people can be profitable sometimes, too.

    I resent the suggestion that drug dealers are in the same category of evil as "Richard". Or murderers, for that matter. But there is a lesson to be learnt here: Stuart bought the system as is, without a code review to verify whether it was worth the money or hassle. Even if he didn't have any in-house coders, it would have been worth the consulting fees to bring in a consultant just for the purposes of code review. Well worth it, by the sounds of things.

    How does that work when the consultant labels their code as garbage?

    Either, you don't pay them (i.e. they go bankrupt and you're back at square one with no software). Or they go fix it, which they are clearly incapable of doing.

    Also, who chooses the consultant?

    I'm asking out of curiosity, not challenging the concept.

    All I'm saying is that you can always go to an independant third-party to review the code that some other third-party has written for you. If your original contract is worth its salt you will have some remit to refuse delivery if the code does not meet certain standards, which this code clearly didn't. Obviously you are then left in the position of having no system to take delivery of and that may be a burden to business in the short term, but if you're smart you will ensure this assessment is made part way through the project on an early prototype; after all, if there is a chance you're going to refuse delivery you don't want to get that nasty shock right at the end of the project.

    Of course, even if you do this half way through the project instead of right at the end, your business will be left in a difficult position because you may have wasted months waiting for a system that you then have to refuse. But surely this is better than the alternative of getting locked into a garbage system that sucks time and resources to fix? The company in today's article dodged a bullet this time by getting Paul to make a fix for them on the cheap, but how long will it be until a more major change is required? The simple fact of the matter is that they will have to throw away the code at some point, it's only a matter of time.

    There are plenty of consulting companies out there that will perform code reviews on third-party code - after all, you can find consultants to do whatever the hell you like, if the money is right. There is always a chance you'll get shafted by the code review consultants as well, but it mitigates the risk considerably.

    I don't think this is particularly outlandish. I have a friend who runs a one-man company making Java games for mobile phones who has paid for consulting time to assess a custom CRM system he had built for him. Why did he need a custom CRM system? I'm not really sure, something to do with integration into mobile platforms, but the point is that CRM is not his area of expertise so he paid a third-party consultant to assess it on his behalf before he took delivery. He even wrote in the original contract that delivery would not be taken until a third-party assessment had been made, so he was completely covered in the event that a rogue software company would try to take him on a ride with a substandard CRM system. Seems like a very logical thing to do when you have big money riding on a bespoke system that's being authored by a third-party.

    Wow, that turned into quite a long post, sorry about that.

  • Anonymous (unregistered) in reply to Yaos
    Yaos:
    You guys are assuming SELECT * FROM * was sent directly to the database. They probably had a program that would query the server to find out how many databases there are, how many tables in each, and how many fields in each. The program would then run through a FOR...CASE loop that would pull the values out one at a time and write it to the disk. Once all values are pulled out they are then loaded using a mix of VisualBasic, XML for the if statements to run though.
    There is some tongue-in-cheek humour to this post but I think the main point may well be accurate. No sane RDBMS allows you to do this because it is so fundamentally wrong and one of the main points of this story was that the application was just layer upon layer of misdirection and deliberate obfuscation. It sounds very plausible that the "SQL" he found was in fact processed by an additional layer that parsed out the identifiers are used them to build the actual SQL strings that were executed against the database(s).
  • Not a Lawyer (unregistered)

    You forgot the part of the story where Richard sues the pants (and other assorted items of clothing) off of Stuart and perhaps Paul for violating Richard's copyright on his bletcherous losing festering pile of copyrighted sludge.

    Just because you can see the software doesn't necessarily mean you're allowed to modify it.

  • t-bone (cs) in reply to Design Pattern
    Design Pattern:
    JamesQMurphy:
    I just tried in SQL Server 2005. Can't do it there either.
    well the following does work:
    exec ('select * from table1 ; select * from table2')
    But how do we define a string containing a select statement for each table in the database? Closest so far:
    select ('select * from ' + name + '; ') from sysobjects where type='U'
    
    But it's not a single string, it's a result set!

    If only we had MySQLs GROUP_CONCAT!

    So it might be possible in MySQL, a database that supports more WTFs than any other database known to humanity (MUMPS begs to differ!).

    (of course you can do it in MS SQL if you use a cursor)

    Or you could use undocumented procedures such as: sp_MSForEachtable 'select * from ?'

  • CoderDan (unregistered) in reply to APH
    APH:
    I can't help but wonder why Paul didn't offer to build a sane system for the $10,000 they would have to pay just to have the other consultant "look" at their own disaster.

    As a guy who's was once fresh out of college, a "real" project, with "real" money, which would help build a portfolio... I'd jump at the chance to do that.

    Hmmmm... let's see, a freshman coder.... 5 years from now when someone else looks at it they will write a WTF LOL We all hate legacy code, but sometimes you should just fix what's broken.

  • trwtf (unregistered) in reply to Anonymous
    Anonymous:
    All I'm saying is that you can always go to an independant third-party to review the code that some other third-party has written for you. If your original contract is worth its salt you will have some remit to refuse delivery if the code does not meet certain standards, which this code clearly didn't.

    I hope you had the foresight to put these standards in your contract, or else you're in for a lot of expensive arguing, and the $10K starts to look like a cheap by comparison.

    Obviously you are then left in the position of having no system to take delivery of and that may be a burden to business in the short term, but if you're smart you will ensure this assessment is made part way through the project on an early prototype; after all, if there is a chance you're going to refuse delivery you don't want to get that nasty shock right at the end of the project.

    Anyone who's buying a system of this sort already has a way they're doing things. That way has persisted for years in most cases, because it can be made to work - if you don't get your system, it can be made to work a little longer.

    The simple fact of the matter is that they will have to throw away the code at some point, it's only a matter of time.

    Or they'll get Paul in there every three months when the model lines change to put in some more numbers - now that he's worked out the trick, it's a $250 hour for him - not something to live on, but he can take his girl (or boy, if he prefers) out for a nice date on that. And you know that's easier for Stuart or whatever his name is than going back into the hell that he's found buying custom software to be.

    after all, you can find consultants to do whatever the hell you like, if the money is right.

    Yes, I call them "consultants" as well. Sounds so much nicer that way.

  • akatherder (cs) in reply to trwtf
    trwtf:
    after all, you can find consultants to do whatever the hell you like, if the money is right.

    Yes, I call them "consultants" as well. Sounds so much nicer that way.

    We're in luck; there's one born every minute!

  • esekoi (cs) in reply to SCSimmons

    neither oracle

  • not so humble (unregistered)

    This works in MS SQL:

    SELECT * FROM [*]

    Provided you created a table named *. Ugly though. Very ugly.

Leave a comment on “The Unmanaged Stock Management System”

Log In or post as a guest

Replying to comment #:

« Return to Article