• balana (unregistered)

    Im first not frist

  • bvs23bkv33 (unregistered)

    eleventh!

  • Quite (unregistered)

    Looks like the loop might have been copypasta from another appalling while loop that contains a user's attempts to log in. Because the users (or developers) are so terminally dozy, they allow not three, not five, but ten yummy opportunities to enter a valid username/password combination.

  • kktkkr (unregistered)

    Having more than ten words in a comment is obviously

  • A_L (unregistered)

    Oh...for security reasons...then it makes sense.

  • My Name (unregistered)

    Looks like an attempt at preventing an infinite loop in the presence of pathological input, i.e. replacing "a" -> "aa". Which could be a security issue (depending on where the code lives and where the input comes from), in the sense that it protects against denial-of-service attacks.

  • Not Frist (unregistered)

    Maybe it was written by a 10X Developer?

  • djingis1 (unregistered)

    So, on the topic of Hungarian notation...

  • Yazeran (unregistered) in reply to djingis1

    Boom!

  • JG (unregistered)

    It could be that the programmer was following a bloody stupid spec.

  • George Gonzalez (unregistered)

    It could be a slightly kludgey way to avoid an infinite loop, using up all of RAM, then furiously thrashing all of the paging file, slowing the system to a slow hobbled limping crawl, if the replacing substitutes the original with the original plus a few more characters.

    A slightly better way would be to stop when the output string reaches a certain length that it should never exceed, or checking that the replacement string does not have any part of the pattern in it beforehand. Yep, that's a lot better.

  • Adam H (unregistered)

    10 comments in and no one has complained about the Regex usage? Maybe it isn't TRWTF, but this code should absolutely use: https://msdn.microsoft.com/en-us/library/cft8645c(v=vs.110).aspx - rather than match the regex 4 times per replace.

  • (nodebb)

    As anyone knows, regex replacements can't handle more than 10 numbered groups ("\0" to "\9"). So this explains the number 10 ... no wait ... okay, obviously yes

    And I think it's a good idea to replace field names with their to-be contents several times to make sure the replacement is really done.

  • Joseph Osako (google) in reply to Not Frist

    Oh! So that's a 10X Developer!

    (And here I thought it was something dirty...)

  • wiseguy (unregistered) in reply to Joseph Osako

    An 'Up to 10x'-developer, anyway

  • Foo AKA Fooo (unregistered)

    I was gonna write a witty comment, but there are already more than 10, so I can't, for security reasons. :(

  • Foo AKA Fooo (unregistered) in reply to George Gonzalez

    Or not replace the output of previous replacements again:

    % echo aaa | sed s/a/aa/g aaaaaa

  • Jeremy Hannon (google)

    Hungarian notation was good in one context - pre .Net versions of VB - and then only for the GUI elements. It made it much easier to read since the IDE wouldn't easily tell you and would scream at you if you left the line unfinished to go figure it out. Whoever came up with THAT time waster is beyond me.

  • isthisunique (unregistered)

    Enterprise DDOS protection?

    It's normal for searching to LIMIT N + 1, process N results and use the +1 to show that there are more. This doesn't really look like that though.

  • isthisunique (unregistered)

    And the other thing, stupid solution for possibly stupid users running something to alter/change/corrupt/wipe billions of records.

  • Bla-key-rat (unregistered)

    This website S U C K S ! ! ! ! ! !!!!!!!

  • Nope (unregistered) in reply to Bla-key-rat

    Blakeybrat! How we've missed your eloquent contributions to the discussion!

  • Norman Diamond (unregistered)

    For job security reasons: Knowing how to fix the bug when it's eventually reported.

  • Norman Diamond (unregistered)

    For more than 1570 security reasons, someone might want to stop visiting this site.

  • SG (unregistered)

    Wondering, if the loop has a chance to run. "break" stops the whole loop. And the next time this func is called, the counter is reset...

  • Mischa (unregistered)

    I don't see the WTF here. It's not very efficient to use regular expressions here, but it is easy to see what the code does, which is better than an O(N) algorithm another developed does not understand. Also, it seems reasonable to have some measure to avoid an infinite loop. Maybe the programmer is German? In German, the word "Sicherheit" can also mean safety, which seems to be a valid reason for the break. And if you translate "Sicherheit" to English, the first word that pops up is security. The code isn't particularly good for several reasons, but I would not qualify it as a WTF.

  • SG (unregistered) in reply to SG

    Sorry, please ignore the comment. I did not see the ">" correctly.. :(

  • (nodebb) in reply to Nope

    Blakeybrat! How we've missed your eloquent contributions to the discussion!

    I don't remember any eloquent contributions from him; I must have missed them, too.

  • CrushU (unregistered) in reply to Jeremy Hannon

    I feel you could make a passable argument for Hungarian notation for Function/Method names if your IDE didn't automatically tell you what return value you'd get. For variable names, I don't really think that functions will end up being large enough that you'd need to confirm what type a variable was like that. (Function Arguments could fall into the same category as Function names.)

    But in most modern IDEs, that tell you the typing of variables and functions with a mouseover, there's no reason for Hungarian.

Leave a comment on “The Rule of Ten”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article