The Daily WTF: Curious Perversions in Information Technology

Secure This

by Alex Papadimoulis in Feature Articles on 2007-10-30

It's common knowledge that a security system is only as effective as its weakest point. You can install a reinforced steel door with a two-phase palm-print/retinal-scan entry to protect your home, but if you leave a first-floor window open, you're more vulnerable than your neighbor with a simple deadbolt. One of Nate's clients learned this lesson first hand with its e-commerce Web site. The operation didn't involve terribly sensitive data: there were no bank accounts, no Social Security numbers, nor even any credit card numbers. Pre-approved customers would simply sign in and place their orders. Accounts payable and fulfillment would take it from there.

Yet the Web site painted a different picture, featuring two-factor authentication, encrypted databases and a giant padlock graphic advertising "secure."

111 comments - Last comment @ 2007-11-15

Just a Little Chilly

by Alex Papadimoulis in Feature Articles on 2007-10-29

For many developers in a large company, visiting a department outside of I.T. is a rare treat. The people there are friendlier and, instead of the stolid I.T. grunt-nod, actually greet one another with a smile and words like “hello” and “how are you.” Not only that, but these departments often have donuts and other goodies in their break room past 9:03 AM! Apparently, without a horde of voracious programmers, such things can survive for more than three minutes.

Not too long ago, Devin was summoned to the Records Administration Department to see an issue that a user was experiencing first hand that couldn’t be remotely diagnosed. After wolfing down a handful of donuts from their break room, Devin stopped by to took a look. It was a pretty simple problem to fix: for whatever reason, the application’s registry entries were missing, so Devin added them and started up the application.

118 comments - Last comment @ 2008-09-02

Incredibly Accessible

by Alex Papadimoulis in Error'd on 2007-10-29

Kevin Sedgley was impressed with how accessible his local fire station's website is. Mousing over the image displays a movie clip showing the woman signing the page's text for the deaf...

94 comments - Last comment @ 2008-02-21

An Interesting Way of Excepting

by Alex Papadimoulis in CodeSOD on 2007-10-29

While spelunking through a cavernous J2EE application, Matt stumbled across this method, buried in a base Client Object class...

94 comments - Last comment @ 2007-11-21

Not Doing Nothing

by Alex Papadimoulis in CodeSOD on 2007-10-24

Nathan was going through some of his company's fairly buggy JavaScript calendar code, and saw this perfectly described function.

function DoNothing()
{
}

98 comments - Last comment @ 2014-03-20

Classic WTF: Lock In Key Security

by Alex Papadimoulis in Feature Articles on 2007-10-23

It's been a pretty hectic day (server outage, fun!); hope you don't mind a classic. Lock In Key Security was originally published on August 29, 2006.

Noah Nordrum isn't proud of what he's become. He is now, officially, a cracker. I mean, "kr@xx0rs." Err, I think. I don't know. I got that from my "3773 Speek" guide.

99 comments - Last comment @ 2025-10-26

Slightly More Sociable

by Alex Papadimoulis in Tales from the Interview on 2007-10-22

Today’s Tale from the Interview comes from Shanna...

Fresh out of college, and used to being the only woman in my engineering and computer science classes, I wasn't quite sure what to expect in the real world. I happily ended up finding a development job in a company which was nowhere near as unbalanced as my college classes had been. The company was EXTREMELY small and the entire staff, except the CEO, was in one office. I ended up sitting at a desk next to the office admin, another woman who was hired a month or two after me.

213 comments - Last comment @ 2011-01-14

WTf2c

by Alex Papadimoulis in CodeSOD on 2007-10-22

At Albert M.'s job, he was recently tasked with implementing a C++ module to calculate the earth's magnetic field at any point. While I'm sure most of you have that formula memorized, Albert was feeling a bit rusty and consulted the Internet to help him find the code. He was in luck. The National Geophysical Data Center had exactly what he needed, and provided two different versions: one written in Fortran and the other in C.

From all appearances, the C version was generated using f2c, which is a fairly ancient Fortran-to-C converter. Albert figured he'd just start with the C code and modify it as needed. But after staring at it for a few seconds, he decided the wisest course was to brush up on Fortran and pretend he never saw the C code. First, here's the original Fortran code:

67 comments - Last comment @ 2008-08-30

Obvious Requirements

by Alex Papadimoulis in Error'd on 2007-10-19

Fortunately, Potsie had the recommended requirements to view Charger Details...

75 comments - Last comment @ 2007-10-25

XML Upgrade

by Alex Papadimoulis in CodeSOD on 2007-10-19

As an e-commerce site selling specialized goods, Steve's company uses a third-party service that provides a Flash-based image viewer to display extra-large product images and allow visitors to zoom, pan, and so forth. Occasionally, the product images would get out-of-synch, so Steve was tasked with writing a script to ensure that images on the vendor's server matched images on the in-house server.

Determining which images were on the vendor's server was fairly easy; it just involved a HTTP Request with a product number in the querystring. The service responds with a comma-delimited list of image paths, like so:

82 comments - Last comment @ 2007-10-22

Banking So Advanced

by Alex Papadimoulis in Feature Articles on 2007-10-17

Last month, I wrote about US financial institutions, their failure to implement two-factor authentication, and the absurdity that has become Wish-It-Was Two Factor authentication. I thought that'd be the last I'd write about the topic, but when Steven King pointed me towards his bank, Synergy One. I couldn't resist a follow-up.

First and foremost, Synergy One seems to be a great, local institution. They invest in their community. They offer college scholarships. Heck, they even have student-run branches to encourage saving money while in high school. And this is exactly why it's such a shame that they've fallen prey to the Wish-It-Was Two-Factor placebo.

186 comments - Last comment @ 2017-07-30

Paperless PTO

by Alex Papadimoulis in Feature Articles on 2007-10-16

Many years back, Vinay's company phased out Form 11.18-B, or, as it was more commonly known, the vacation request form. Along with it went Form 11.18-M (sick day request form), Form 11.12-B (absence cancellation form) and Form 12.11-B (absence exceed form). They were all rolled into the new Absence Processing System (APS) as part of the company's Process Improvement Process, a far-reaching initiative to technologize all things bureaucratic. Most employees didn't care for the new APS. Before going electronic, applying for vacation was simple: Have your manager sign Form 11.18-B, send the yellow copy to HR and keep the pink one. Using the APS meant opening up the application, trying to remember your APS password, clicking to the vacation request form, filling it out and then telling your manager to follow the same steps in order to approve it.

Of course, that wouldn't be so bad, except for the fact that the APS was incredibly slow. As a basic Access application shared by tens of thousands of employees, response time in the APS ranged anywhere from two to 20 seconds. All the time saved in filling out a paper form was made up in triplicate waiting for the APS to respond.

99 comments - Last comment @ 2007-10-22

Taking It Outside

by Alex Papadimoulis in Error'd on 2007-10-15

Kevin Pickell was visiting London and decided to take the BBC tour. The scrolling marquee in the lobby had news headlines... with lots of bonus HTML-encoded characters still in it. Oops!

62 comments - Last comment @ 2008-08-28

Division By Zero, Solved Yet Again

by Alex Papadimoulis in CodeSOD on 2007-10-15

I thought that, when James Anderson announced the invention of nullity (i.e. Φ, or 0/0), we had finally gotten past the whole "impossibility" of dividing by zero. I don't know about you, but after installing the latest service pack including the "nullity patch," my programs happily hum along when they divide by zero. So why then did Mike C.'s predecessor bother with a DivisionWithZero method ... and why did he do it like this...

123 comments - Last comment @ 2013-08-17

No, Yes, or No?

by Alex Papadimoulis in Error'd on 2007-10-12

Kenneth Brody did a double-take on Question #4 in Home Depot's survey...

122 comments - Last comment @ 2008-08-28

XML Kōan from the Fourth Dimension

by Alex Papadimoulis in Representative Line on 2007-10-12

John Y recently had to deal with an XML-like dump from a "4D" database. This dump used a peculiar form of abbreviation in which letters were chosen seemingly at random from field names, in order to meet the well known XML limitation of only allowing 5 characters per tag name.

Sometimes less than 5 letters were used. Browsing this file, John encountered the following Zen-like line.

104 comments - Last comment @ 2008-09-28

Do Not Click!

by Alex Papadimoulis in Error'd on 2007-10-10

This popped up for Steve in Lotus Notes. I wonder if this is what happens when you click buttons labeled "do not click!"

73 comments - Last comment @ 2025-10-26

No Thanks, I Prefer SUBString!

by Alex Papadimoulis in CodeSOD on 2007-10-10

Apparently not satisfied with relying on Oracle's built in SUBSTR function, Connor's predecessor decided to write his own. Well, sort of...

Function SUBString(inputStr IN VARCHAR2,
                   startPos IN NUMBER,
                   endPos   IN NUMBER
                  ) RETURN VARCHAR2  IS
        result  VARCHAR2(100);
BEGIN
     result := null;
     SELECT SUBSTR(inputStr,startPos,endPos) INTO result FROM dual;
     RETURN result;
END;

105 comments - Last comment @ 2007-10-24

Avoiding Development Disasters

by Alex Papadimoulis in Alex's Soapbox on 2007-10-09

As most development managers know, the FBI's Virtual Case File (VCF) system has become the epitome of the software industry's most expensive failed project. Running taxpayers between $100 and $200 million dollars over four years, the VCF delivered little more than a mountain of useless documentation, nearly a million lines of code that will never run in production and a whole lot of costly lessons. Worse still, the lessons offered from this multi-million dollar failure could have just as easily been found in a $50 software engineering textbook. In fact, the major factors behind VCF's failure read much like such a book's table of contents:

Enterprise Architecture: VCF had none.
Management: Developers were both poorly managed and micromanaged.
Skilled Personnel: Managers and engineers with no formal training were placed in critical roles.
Requirements: They were constantly being changed.
Scope Creep: New features were added even after the project was behind schedule.
Steady Team: More people were constantly added to the team in an attempt to speed the project.

While these are all valuable lessons that every development manager should take to heart, one of the most important -- and certainly least discussed -- lessons stems from one of the rare correct decisions made on the project: the decision to cut bait and scrap the whole thing.

116 comments - Last comment @ 2010-08-04

Blinded By His Brightness

by Alex Papadimoulis in Tales from the Interview on 2007-10-08

Jay was excited: he finally landed a job interview for a developer position. While for many of us such an event registers pretty high on the “big deal, that happens to me all the time” scale, it was pretty rare for Jay. Like many of his young peers, Jay lacked experience in the industry. But unlike his peers, Jay did not have a college degree. And he lived in Mississippi, a state not exactly known as a hub for things high-tech. Or really even tech.

“Just work with what you’ve got,” a friend told him, “and you’ve got a damn good GPA from a damn good upstate New York public school. I mean, compared to the schools down here, that’s practically a college degree!”

106 comments - Last comment @ 2022-11-02

unset() It, and Forget It!

by Alex Papadimoulis in CodeSOD on 2007-10-08

When Rus sent in his résumé for a systems administrator position, he made the mistake of including "PHP" as a bullet point. It's not that he doesn't know PHP - it's that he does, and is often stuck with trying to debug problems that the PHP developers blame on "the system."

Recently, he was tasked with diagnosing a problem where files uploaded to the site ending up at zero bytes in size. It had been thwarting the PHP developer for nearly three weeks. Due to the distributed nature of the site, uploading a file involved posting the file to one page, programmatically urlencoding the file, and then posting to a different page. Not trusting that it was a problem with "the system," Rus looked at the previous working code in the commit history ...

69 comments - Last comment @ 2008-01-13

Constant Extensibility

by Alex Papadimoulis in CodeSOD on 2007-10-05

Thomas P was working on some code a while back where the original developer had devised a "clever" way of encoding errors.

Errors were encoded into a single integer rather than using a Boolean for each error that occurred. A nice way to overcomplicate things, but fine.

110 comments - Last comment @ 2010-07-09

A Very Valid validInt

by Alex Papadimoulis in CodeSOD on 2007-10-03

User-friendly data-validation is important. Rarely is a simple, red asterisk next to a form field enough to indicate what’s wrong with the input. Is it a required field? Is it too high? Is it not allowed? Generally, it’s a good idea to indicate what’s wrong with the form and how to fix it. For example, a good message for a poorly formatted currency field might be “must be formatted like currency (e.g. $9999.99).”

On the other hand, it can be easy to go too far. Take this snippet of validation code that Dai uncovered, for example. Even the most obtuse of users don’t need to be told “You must have a minus sign in the 1st position or immediately after a $ sign.”

122 comments - Last comment @ 2007-10-15

The Bug That Shut Down Computers World-Wide

by Alex Papadimoulis in Feature Articles on 2007-10-02

Where were you the morning of January 1st, 1984? Me? I was out living it up at Divestiture-fest ’84 and – let me tell you – it was quite a party. We drank until those seven little Baby Bells looked like fourteen, and kept drinking until it all looked like AT&T again. Ah, the good old days. But not all of us were out celebrating. Some – like Robert Reagan – were actually working, desperately trying to fix the bug that shut down computers across the world.

With all the “oh no, the world’s gonna end” date problems out there – Y2K, DST, The End of the Epoch, and Y2070 – it’s surprising that most haven’t heard of the day that the world actually ended. On that day – January 1st, 1984 – a single bug was responsible for shutting down – and keeping down – a whole lot of computer systems.

109 comments - Last comment @ 2021-10-27

Prisoner of Process

by Alex Papadimoulis in Feature Articles on 2007-10-01

When Eric C. arrived at his new job, it was with a huge sense of relief. His old workplace had been a haven for cowboy coders and anarchic hackers, where the only semblance of consistency was in everyone's preference to modify code directly in production.

"Finally," Eric thought as he flipped through the Developer's Handbook. "Real processes!"

58 comments - Last comment @ 2014-07-31