• frist (unregistered)

    We sell frists!

  • someone (unregistered)

    "What would you say the ratio of data handling to programming would be?"

    "I would say close to one hundred percent."

    So, a 1:1 ratio? That is, equal amounts of data handling and programming?

  • Andrew Sanders (unregistered)

    no, I am first!

  • ray10k (unregistered)

    Love it when the stories are a little longer like this, a very entertaining read. Also, I hope WSB! isn't around any more, but I'm not keeping my hopes up for that. Terrible companies like this tend to stick around until the last cent has been spent. On the other hand, that mention of how the office was "green" and therefore didn't have extra copies of her resume sounds to me like a confirmation that money was starting to get tight.

  • What? I'm not giving you my name. (unregistered)

    not FIRST due to missing ORDER BY

  • (nodebb)


    The code of 'We Sell Bonds!' is properly and carefully written. We do not change it to conform to someone else's mistakes.

    It was written to conform to someone else's mistakes! If they go and change behaviour it then why should we have to change anything?

  • LCrawford (unregistered)

    If Mr Chen ran a proper company, Alexis would have first entered each stack of customers into the Dev database, again in the QA database, and finally entered again into the Production database.

    Visualizing their system, they must have logged username+password to their audit logs in order to know who was really being logged

  • Richard (unregistered)
    1. "to lead" irregular verb, past tense is "led". Once could be a typo, twice is a mistake.

    2. "stored procedures were allowed because raw SQL was too advanced to trust to human hands." Implies that SPs are bad. SPs are a good idea for several reasons: Performance and separation of concerns.

    3. @someone... 1:1 is not 100%, its 50:50, so 50%

  • Brian (unregistered)

    And that's why I don't wear a suit to interviews. The kind of company who would dismiss someone for not dressing up, as Mr. Chen most certainly would have, is not the kind of company I want to work for. As the saying goes, dress for the job you want; had Alexis worn something more casual to match the sort of work environment she was looking for, she would likely have been spared from this nightmare.

  • Bill (unregistered)

    One of the best WTFs I've read in a long time. Keep up the good work!

  • isthisunique (unregistered)


    "Or a SOAP service that could interface directly with the database?"

    SOAP is the last thing you want to get involved in if you can avoid it. Its often OTT to solve simply problems and I wouldn't want something that complex near a holy database (I wouldn't want a language like vbsript near it or complex routines using the logic syntax provided by SQL).

    In respect to the duplicate field, the fix is incorrect. It is correct as a quick fix but only sweeps the real problem under the rug. In reality you need to fix that database integrity issue which was the original issue spotted. That would mean having username and password uniquely constrained but would also mean going back through and changing or deleting duplicate records.

  • my name is missing (unregistered)

    I once went to a programming interview at a company that at first seemed interesting. The second interview was a little odd but I figured it was something I just didn't realize. The third interview with the CEO lead me to realize the place was running a Ponzi scheme.

  • Leonardo Herrera (unregistered)

    Starring Ken Jeong as Mr. Chen, of course.

  • Rick (unregistered)

    This story made me weep inside. :( It was like reading about a car crash from the point of view of the sole survivor.

  • Angus (unregistered)

    I love the links to the explanation of this bug.

  • Raj (unregistered) in reply to ray10k

    Great story and great writing!

  • Roger (unregistered)

    Wow. That story was really entertaining ! So much WTF it doesn't seems real at all, but pleasing to read. (I really hope it didn't happened).

    In my opinion, the real WTF was accepting a non-developing position, even if that is a first job.

  • Kabi (unregistered)

    Fun fact: Identification by username and password is something that Amazon made back in the days (17+ years ago).

    I distinctly remember this, as I wanted to change the name on my Amazon account after I've got my very own banking account, and the telephone service told me that changing the name wasn't possible but I could create a new account with the same E-Mail but different password. Lo and behold, it actually worked; I had two separate accounts using the same E-Mail address. That "feature" has been removed a long time ago...

  • Powerjen (unregistered)


  • (nodebb) in reply to isthisunique

    In respect to the duplicate field, the fix is incorrect. It is correct as a quick fix but only sweeps the real problem under the rug. In reality you need to fix that database integrity issue which was the original issue spotted. That would mean having username and password uniquely constrained but would also mean going back through and changing or deleting duplicate records.

    Wrong again, they are dealing with users from multiple companies and requiring that those companies have names unique even across companies they know nothing about. Take a clue from network logins.. Domain first, then user name. If that had each company separated by domain then by default the users would be unique within domain. Problem solved. But this requires full rewrite of their user management system.

  • rich (unregistered)

    The best WTF I've read in a very long time!

  • operagost (unregistered) in reply to Leonardo Herrera

    I pictured James Hong as Mr. Chen, myself. Very straitlaced.

  • fragile (unregistered)

    Can we have a secret ending where Alexis ends up singing karokee in Pyong Yang?

  • Pesdi (unregistered) in reply to operagost

    I actually pictured Benedict Wong, given his extremely deadpan performance in Doctor Strange.

  • anonymous (unregistered) in reply to KattMan

    TRWTF was developing a "single sign on" system where "single sign on" means "the password on our site has to match the password on the user's other site, and then we can trick the user into thinking they're still on the same site". OAUTH tokens anyone?

  • ZB (unregistered)

    Your data entry services will no longer be required, Mr. Burton.

  • RichP (unregistered) in reply to operagost

    I was picturing Amy Wong's dad. "You enter data... you enter NOW!"

  • Carl Witthoft (google)

    We Sell Bonds.... James Bonds

  • masonwheeler (github)

    Great story, but something just doesn't smell right. How does a fresh-faced straight-out-of-college kid on her first programming job know deep SQL Server errata off the top of her head like that? That's not something I'd expect from anyone without several years of experience working in SQL Server (which you're not likely to get outside of a corporate environment!) under their belt.

  • ZZartin (unregistered)

    That sounds like the perfect job to show up to in a highly altered state of mind and just say screw quality of work while i cash paychecks and look for a real job.

  • Eric (unregistered)

    Unfortunately the anti-pattern of identifying people by "name and a insecure_plain_text_thing" is insanely common. Just knowing someone's name and birthday is enough to pick up their prescription at a pharmacy (assuming it's big enough the employees don't remember faces.) And if you know their social security number, well have fun with committing credit card fraud!

  • (nodebb) in reply to isthisunique

    SOAP is the last thing you want to get involved in if you can avoid it.

    Sometimes you can't. But there's some damn good frameworks that make with it relatively painless. (Of course, the developers of those frameworks are now Raving Slaves of Codethulhu, but that's their problem.) The nasty bit comes when you try to layer the other WS-Bullcrap on top of SOAP and basic WSDL; I looked at the spec for WS-SecureConversation once, but all I can remember of that is waking up later with a splitting headache in a hotel room in downtown Seattle.

  • Smash (unregistered) in reply to KattMan

    Kattman nailed it. It's absurd to think that your service should dictate what usernames or passwords are acceptable in other companies' databases. And his proposed fix is exactly what should be done too.

    And they don't even have to collect the Domain of every account. They certainly already have this information, seeing as they "integrate" with the broker's own system. All they'd need do to is to ask what Broker company the user is attempting to log in with.

    Excellent read Lorne, 9.8/10 would have my skin crawl again.

  • KZilla (unregistered) in reply to masonwheeler

    I don't know if you're trolling or being facetious, but anyone who took any halfway competent course for databases with SQL would have covered this bit with select statements. This isn't a vendor specific thing either with SQL Server.

  • (nodebb) in reply to KZilla

    He's neither trolling or being facetious, and his point is perfectly valid. I assume from your reply that you're interpreting "deep SQL Server errata" to mean "the fact that SELECTs without an ORDER BY have a nondeterministic order", but that's not what Mason is saying (and your interpretation doesn't make any sense - go look up the meaning of "errata"). Rather, by "deep SQL Server errata", Mason means "the fact that a 2-decade old version of SQL Server there was an ordering bug in particular queries using TOP that as a side effect guaranteed deterministic ordering in those queries even though this wasn't guaranteed by the standard and wouldn't be the case without the bug existing", which is indeed something that it would be remarkable for somebody fresh out of college to know.

    ... Either that, or I've misunderstood your misunderstanding, and you're actually saying that decades old history of query optimiser bugfixes is covered in all "competent" database courses and that bugs involving TOP are not in any way vendor specific. But given the level of improbable retardation that alternative hypothesis would imply, I'm assuming you in fact just don't realise what "errata" means or assumed that Mason was using it wrongly when in fact he wasn't.

  • Ed (unregistered)

    The story makes that company seem incredibly eerie, she is lucky to get out so soon before she became one of the pod people.

  • Ed (unregistered)

    You know, if these comments are moderated, why in the heck do you allow all those "frist post" posts in every thread? Is the moderator a really nice person?

    e: yes, the moderator is, and the moderator does not like that word you used

  • Zenith (unregistered) in reply to Pesdi

    Is it terrible that I pictured a mean version of Charlie Chan from the 1970s Hanna Barbera cartoon?

    Good story though. Reminds me of bits of two contracts I had. Unfortunately neither of those employers is likely to go under anytime soon.

  • Zenith (unregistered) in reply to Ed

    I strongly suspect that posting from a mobile device is the determining factor of what ends up in the moderation queue.

  • Duke of New York (unregistered)

    Nobody anywhere talks like the people in this story. "And now the day begins"? "Determine the cause of this disruption"? come on.

  • I Am A Robot (unregistered) in reply to Brian

    Dressing to match who you are meeting is the polite thing to do. Once you know they're wearing ketchup stained t-shirts and cut-off jeans you can do the same, but until then you aim higher

  • SD (unregistered) in reply to masonwheeler

    Well weird things can happen. I lost myself a small-shop fruit machine programming job simply by knowing about sequence points in C. One of the testers was teaching himself C and asked me. Loosely, I explained the difference between "for(a++;a++;a++)" and "somefunc(a++,a++,a++)". Suddenly there was silence behind me. Turning around, the chief programmer was glaring at me. The other programmer had gone red. The tester vanished. I was the new 3rd programmer. Last Friday of every month there was a piss-up, which occurred after my 1st week. The tester told me the chief programmer had exalted his authorita by claiming the result was unknown and that I'd basically shat upon an in-company long-standing joke. Strike two.

    Strike one isn't IT related but for completeness. Sometimes you're cursed. Just before I started, my car was stolen. Couldn't wait for insurance so I bought a banger. Turned out to be very powerful but with the wrong gearbox in it, very low geared. Day one when I turn up in it, it's all jokes. Lunchtime drag race. It left the chief programmer's brand spanking new ford cosworth turbo standing. Back in them days there was turbo lag.

    With the benefit of hindsight it should have been obvious the tester didn't like the chief programmer and was using me to facilitate that. In a new job normal "wtf" thoughts get put on hold. I'm not done. The banger itself was a stolen-recovery which itself got stolen on the eve of week 5, the next Friday piss-up. I get on a four carriage train to work only for it to split into two and the half I'm in pisses off to a different city. "Help! I want to get off!".

    I arrive at lunchtime. Bad vibes. The boss likes to check out the competitors fruit machines so first pub we visit, there's a large note on the floor. "Rounds are on me" (trying to make up for the vibes). Boss says, "try this machine, the punters don't like it, it never pays out". I put the change in the fruit machine and it did nothing but pay out.

    It appears this form lacks the space to continue.

  • Decius (unregistered) in reply to KattMan

    Telling one customer that they had a username/password collision with another customer that uses the same interface seems almost as problematic as them giving you hardcopy of the username and password on their own system.

  • (nodebb)

    Why when I heard the title I thought of Gary "U.S." Bonds from the 60's. Then I thought a bit and thought of Barry Bonds (home run king).

    Then after a while I thought of the savings bond my grandmother bought for me (about a month after I was born), and now it is worth a bunch of money (It had been lost for a bunch of years).

  • Friedrice the Great (unregistered) in reply to Zenith

    Or posting over a connection running through TOR. Shame on you, DailyWTF - respect my privacy and security!

  • Dave (unregistered) in reply to Friedrice the Great

    Why? If you're using TOR, you clearly don't.

  • Merus (unregistered)

    This was a top-tier WTF.

    My guess is that Alexis might have run across this kind of thing in a project. It's not uncommon for students to have very shallow experience in most things and one or two surprising spikes. It's also possible Alexis managed to get away with some Googling, and this was cut from the story for the sake of flow.

  • Olivier (unregistered) in reply to masonwheeler

    "How does a fresh-faced straight-out-of-college kid on her first programming job know deep SQL Server errata off the top of her head like that?"

    That anecdote is typically what a teacher could use to enforce in his students the importance of using ORDER BY. Then it would be a funny fact to Google after the course and it would somehow stuck to her memory.

  • Steve (unregistered)

    If you think about it, firing her was the best gift they could give her. She was overqualified for that position. And I think Mr. Chen realized that, and also saw it as dangerous to their whole operating structure.

  • Redsolo (unregistered) in reply to RichP

    Best one. You made me laugh!

Leave a comment on “We Sell Bonds!”

Log In or post as a guest

Replying to comment #:

« Return to Article