The Daily WTF: Curious Perversions in Information Technology

Jonathan Lydall · 2026-02-09 Reply Edit Admin

Even ignoring the other WTFs, the nesting also makes readability more challenging than it needs to be, you can decide for yourself if the following (also assuming the User.Query().where(...).first() is a promise) is easier to read:

passport.authenticate('local', { session: true }, async (err, user) => {
  if (err) {
    res.send({ success: false, message: 'Error authenticating user.' })
    return;
  }

  if (!user) {
    try {
      const targetUser = await User.query()
        .where({ username: req.body.username })
        .first()

      if (!targetUser) {
        res.send({
          success: false,
          message: 'Incorrect username or password.',
        })
        return;
      }

      const hash = User.hashPassword(
        targetUser.password_salt,
        req.body.password
      )

      if (hash != targetUser.password_hash) {
        res.send({
          success: false,
          message: 'Incorrect username or password.',
        })
        return;
      }

      res.send({
        success: false,
        message: 'Incorrect username or password.',
      })
    } catch (err) {
      res.send({ success: false, message: 'Internal server error' })
    }

    return;
  }

  if (user.firstLogin) {
    //......
  }
})(req, res, next);

2026-02-09 Reply Admin

Allowing Javascript in the backend is just begging for WTFs.

Remy Porter · 2026-02-09 Reply Edit Admin

I mean, let's be honest, it creates a lot of WTFs on the front end. Sure, we can have the whole "blame the user, not the language," but JavaScript is emphatically not a sane language. It's gotten better, but the demand for backwards compatibility means that it will always remain a little insane.

2026-02-09 Reply Admin

Javascript is like that hot but crazy chick you dated in college. Oh the things she will let you do if you know how to flex her features. But she ain't the kind of girl you want to take to production.

2026-02-09 Reply Admin

An external problem is that the use of JS invites inexperienced developers. Everybody can write JS, after all! So it makes the step to contributing to the back-end smaller. Then, under pressure, that fatal step is taken (Can you write JS? Good! Here's the server repo.), and before you know it, your tech debt is larger than your node_modules directory.

2026-02-09 Reply Admin

My guess: the code paths were more sane in the past and someone came through and removed all error details in the name of security. Thus a bunch of paths that do exactly the same thing.

dpm · 2026-02-09 Reply Edit Admin

I've always hear JavaScript put down a lot here, and I know y'all are not stupid, so someone's gotta link me to a fair explanation of why it sucks. I created a widely used application for XXX and am currently maintaining two applications for ZZZ --- all three are .NET MVC C#/Razor/jQuery/JavaScript/EF on SQL Server . . . and all three are IMHO pretty good. Solid, reliable, easy for someone to come in raw and figure out how to fix/add something with a minimal learning curve. It helps that I work solo, so I have total control of the entire SDLC, but still I just don't see the problem with JavaScript. Am I lucky or a coding god or just intuitively avoiding the bad spots?

Addendum 2026-02-09 15:55: "I'm always hearing"

2026-02-09 Reply Admin

Like Remy says: "It's gotten better, but the demand for backwards compatibility means that it will always remain a little insane." One of the things I always found slightly not sane is that it didn't have an integer type, all numbers were floats (I say "were" because now we have things like Int8Array). One definitely insane thing is the whole 1+"1"="11" thing. It may be a help to newbies, but it's an annoyance to more experienced developers who know how data types are supposed to work.

Invalid Passport

Leave a comment on “Invalid Passport”