• Teodor Potancok (github)

    The guy who made this definitely deserves a vacation. A permanent one, that is.

  • (nodebb)

    "And this isn't some ancient, legacy project- the first commit to the project was in 2016"..... 2019 was an "Ancient legacy project" in todays world...

  • Industrial Automation Engineer (unregistered)

    Perhaps they still needed to support IE6?

    It would explain the image...

  • (nodebb)

    Did the original poster omit some checks or does this thing really allow me to download any and all files? Even if the Server.MapPath() refuses to process paths like "../../whatever" it's still a huuuuuge hole.

    P.S.: No. Supporting IE6 would definitely not explain the image. IE6 was perfectly capable of displaying tables. Maybe not perfectly, but well enough.

  • rosuav (unregistered)

    Silver lining: The exception handler actually sends the message back to the client, instead of just a generic failure.

  • Robin (unregistered)

    One of the best stories I've seen on here in a while. This is a multilayered onion of WTF!

    But I feel there's even more that's not been explicitly said, I feel. If the vacation data is served as an image, how is that image getting updated so that, when an employee books a holiday, other users will see that?

    Either there is a whole pile of WTFs with images being edited programmatically, or someone somewhere has to receive the approved holiday request and update the image(s) manually themselves. Surely either one of those possibilities is enough to convince anyone that this system is not exactly functioning as they would want??

  • (author) in reply to Robin

    I couldn't get this information from the submission, but my guess is that there's one person who maintains an Outlook calendar or an Excel spreadsheet or something, where they track approved vacation, and then they just screenshot that and upload the screen shot. I don't know that this is factually true, but in my heart of hearts, I know it's probably pretty close.

  • akozakie (unregistered) in reply to Remy Porter

    You may be wrong using present tense. Yes, this looks like a system originally built as a tool for an existing manual process, without any attempt at redesigning the process (already a WTF in most case). But a likely sequence of later events is: once it was running, someone finally asked the question "can we automate some of that"? So... they did. Piece by piece. With as little modifications to the parts that already work as possible. By now this could be a fully automated system handling vacation planning, with everything online - but keeping the design of the ultra-simplistic system that could have been almost static. The screenshot is now auto-generated, because "Hey, that page already works fine, and you want to completely rework it to display data? That's complex, can you imagine how many bugs it could generate? Can't you just create an image like the old one and put it where the old one is?"

    Which sadly isn't the weirdest legacy-driven WTF I've seen. I've seen this exact process in action too many times. Luckily usually from the outside.

  • (nodebb) in reply to Robin

    I strongly want the updating of the image to be the responsibility of Marge in HR. She's been with the company for over 40 years, and although not terribly good with computers in general, she is very proud of her skills in Microsoft Paint. :-)

  • WTFGuy (unregistered)

    @Bim:

    Genius! Sheer genius!

    The great Raymond Chen occasionally speaks of his psychic debugging skills. You seem to have psychic systems design & organizational behavior skills. Mad skillz they are too.

  • (nodebb)

    I think the idea that someone who we'll call calendar-updater is manually updating the image is spot-on. It would explain so much! Coordinating vacation time is part of their job description. They have some existing way of publishing these screenshots, but it's clunky and would-be vacationers don't like it. Calendar-updater hooks themselves a developer-fish on slack and uses a little friendship and flattery to cajole them. "We already have a process that works. Surely it couldn't be hard to just let people use our website to see the schedules. We could even show today's by default!"

    Dev-fish agrees, a little guiltily. After all, it should in theory be easy to slap something together, but unfortunately dev-fish is now doing work that would normally split between product, design, and QA, and to make matters worse they've never built a page from scratch before. Annoyed and having procrastinated, dev-fish resolves to do this quick and dirty and be done. There aren't going to be any libraries or tests or code reviews here. Dev-fish copies whatever patterns they've used most recently -- no time will be spent learning or debugging; they apply whatever pattern recent experience has taught them will definitely work. As soon as they see today's image on the site they fire off the link to calendar-updater and go back to fighting fires elsewhere.

    But there's a problem, reports calendar-updater! If nobody has added any vacation to a particular day yet they see some very ugly-looking page with a big red box and what is a "stack trace" anyway? Dev-fish is annoyed that they're not done with this yet. A default day image would be nice, but the image contains text like "Wed 21" so it can't be static. Eager to be done, dev-fish resolves to just show some text and call it a victory. Having redeployed they accept gracious thanks they're not entirely sure they deserve, but which beats the decided lack of gratitude that better-executed work often meets.

    And here we are!

  • Wizofaus (unregistered)

    Isn't TRWTF building a custom tool for your company that provides functionality that is generically useful for all corporations, and hence not surprisingly already a built-in feature of various existing software packages (pretty sure Outlook has something very similar)?

  • (nodebb)

    I can think of one reason why the whole thing happens through a single URL: easy whitelisting.

    ...and it's not that good of a reason, really.

  • löchlein deluxe (unregistered)
    Comment held for moderation.
  • Daemon (unregistered)
    Comment held for moderation.
  • Officer Johnny Holzkopf (unregistered) in reply to Remy Porter

    This sounds far too complicated. I'd rather assume the calendar-updater person edits the file in Excel, but then prints it, carries the printout to the scanner, and finally uploads the scanned image via FTP to the web server, via Internet, of course, because that's much easier. Bonus points, because today is teh webz era, calender-updater person is clever and uses Excel's HTML export, opens the HTML file in Internet Explorer, and prints it from there; continue with scanning and uploading as mentioned before. Now you will surely agree that such an important and skilled person needs to be paid $$$ and cannot be removed from the company. Of course, such a qualified employee can not go on vacation himself/herself/themselves/*/X/innen/d - because... who would do the vacation planning then?

  • ichbinkeinroboter (unregistered) in reply to Bim Zively

    Marge is Margarethe - because this process sounds SO German. Except then the holiday form would be photocopied and faxed ... (well certainly up to a few years ago)

  • dereferenced null pointer (unregistered)
    Comment held for moderation.
  • (nodebb) in reply to Wizofaus

    Isn't TRWTF building a custom tool for your company that provides functionality that is generically useful for all corporations, and hence not surprisingly already a built-in feature of various existing software packages (pretty sure Outlook has something very similar)?

    No no impossible. No tools exist that support the Process exactly as-is. The Process Is Different And Sacred! All Hail to The Process!

  • I dunno LOL ¯\(°_o)/¯ (unregistered)
    Comment held for moderation.
  • (nodebb)

    This is how things had to be done back when URLs didn't have paths.

  • (nodebb) in reply to yaytay

    When URLs didn't have paths? But isn't that what a URL is, a protocol, a hostname, and a path, with optional fragment identifiers and query parameters?

Leave a comment on “Submit Your Vacation”

Log In or post as a guest

Replying to comment #:

« Return to Article