Alex Papadimoulis

Alex is a speaker and writer who is passionate about looking beyond the code to build great software. In addition to founding Inedo - the makers of BuildMaster, the popular continuous delivery platform - Alex also started The Daily WTF, a fun site dedicated to building software the wrong way.

Classic WTF: Front-Ahead Design

by in Feature Articles on
Summer breaks are a great opportunity to improve yourself. And what's a better way to use your summer break than to take some high end certification training. Prove that you're ready for the FAD! Original --Remy

In the past, I didn’t mix TDWTH and work too often, but with the tweaked name and tweaked direction on content, I knew this article would be a perfect fit.

As some of you know, I fill two important roles in my day job at Inedo, LLC. Not only am I a software developer, but I’m also the Chief Front-Ahead Design Evangelist. In this latter role, it’s my duty to spread and champion the revolutionary software development methodology known as Front Ahead Design (FAD).


Classic WTF: The Great Code Spawn

by in CodeSOD on
We're taking a little summer break this week for our regular articles. Since we're re-using articles, let's start with one about developer efficiency. Why write code when you can automate writing code? Original -- Remy

Several years ago, Dan D’s predecessor, Steve, came to the realization that many of us arrived at one point or another: writing data-access code can get boring and repetitive. To ease the tedium, Steve did what many developers in his position do. He wrote some code to generate a lot of code.

Unfortunately, Steve’s coding skills weren’t all too hot. Worse were his code-writing-code writing skills. In the years since The Great Code Spawn (as it has come to be known), the data-access layer has become an unmaintainable disaster – so much so that, rather than add a new database column, developers have “split” single fields into multiple through bit-shifting and string manipulation.


Classic WTF: All Pain, No Gain

by in CodeSOD on
It's a holiday here in the states. So enjoy this classic from the far off year of 2009. --Remy

"My company has very strict policy on direct access to the database," Steve writes, "no hand-built SQL in the front-end code and always use a stored procedure to access the data. The reasoning behind this was simple and sound: Avoid SQL injection attacks and increase database performance. "

"The execution, however, was not so simple and sound. They went through all the pain of needing to use stored procs, but none of the gain. I'll leave it as an exercise to the reader to see why."


Best of 2020: Copy/Paste Culture

by in Best of… on
As per usual, we'll be spending a few days looking back at some of our favorite stories of the year. We start with a visit to a place where copy/pasting isn't just common, it's part of the culture. Original -- Remy

Mark F had just gone to production on the first project at his new job: create a billables reconciliation report that an end-user had requested a few years ago. It was clearly not a high priority, which was exactly why it was the perfect items to assign a new programmer.

"Unfortunately," the end user reported, "it just doesn't seem to be working. It's running fine on test, but when I run it on the live site I'm getting a SELECT permission denied on the object fn_CalculateBusinessDays message. Any idea what that means?"


Classic WTF: 2012

by in CodeSOD on
As we enjoy our holiday today, in this seemingly unending year of 2020, our present to you is a blast from 2012, the year the world was supposed to end. Original --Remy

"Most people spend their New Year's Eve watching the ball drop and celebrating the New Year," writes Jason, "and actually, that's what I planned to do, too. Instead, I found myself debugging our licensing activation system." "Just as I was about to leave the office, I received a torrent of emails with the subject 'License Activation Failed'. One or two every now and then is expected, but dozens and dozens at four o'clock on New Year's Eve... not so good. It took me a moment to realize the significance of 4:00PM, but then it hit me: I'm on Pacific Time, which is UTC -8 hours.

"The error message that was filling up our logs was simply 'INVALID DATE' and for the life of me I couldn't figure out why. Our license code was a 32-bit number that represented the expiration date of the license and the features in the license. 7 of those bits represented the year since 2000, so obviously the date was fine up until 2127. After hours and hours of digging through PL/SQL, Java, JavaScript, Ruby, and some random shell scripts, I found the following.


Classic WTF: Functional Encryption

by in CodeSOD on
It's Thanksgiving Day in the US. Yesterday, we looked at a classic "encryption" story, and today, we should all be thankful that we don't have to support this encryption code. Original --Remy

Richard's company builds, hosts, and maintains a variety of small- and mid-sized web-based applications for their clients. Recently, one of their clients asked Richard to help audit a fraudulent transaction, which meant that Richard needed to dig through the code to see how to decrypt bank account numbers stored in the database. The search led him to H88493247329(), the method responsible for encrypting customer data. After spending a minute to add linebreaks and rename the variables, Richard asked his coworker why he obfuscated the code. His coworker scoffed, you should always encrypt your encryption functions -- it's completely insecure otherwise


Classic WTF: Top-grade, SHA1 Encryption

by in CodeSOD on
Is it that time of year already? Here in the US, we're prepping for the Thanksgiving holiday, so let's take a trip way back into the archives, and learn about the life of a moderately-paid-consultant. Original --Remy

Paul B always thought of himself as a moderately-paid consultant. With no real overhead, a policy against ties when meeting with prospective clients, and a general pickiness about the projects he'll take on, his rates tend to be pretty low. One company that looked right up his alley was a mid-sized manufacturing company that wanted a custom webshop. They went to the highly-paid consultants in town, but weren't too happy with the six-figure price tag. Paul's quote was in the five-figure range, which he felt was pretty moderate given that it was a several month project. Of course, the company wasn't too happy with his quote either, so they searched high and low for a three- or four-figure price. They eventually found one overseas.

Despite losing the bid, Paul never bothered unsubscribing from the company's mailing list - there was always something exciting about learning the latest in gimbal clamps and engine nozzle extensions. About a year and a half later, he received an exciting newsletter announcing that the webshop was finally live. Out of curiosity, he created an account to check things out. A few days later, he received an apology for lost orders - they didn't know who had ordered what, so they sent it to everyone who had signed up. And then came the "data breach" email — everyone's personal data (which, for Paul, was just his throw-away email) was now in the hands of some hackers. You get what you pay for never rang so true.


Classic WTF: Covering All Cases… And Then Some

by in CodeSOD on
It's Labor Day in the US, where we celebrate the labor movement and people who, y'know, do actual work. So let's flip back to an old story, which does a lot of extra work. Original -- Remy

Ben Murphy found a developer who liked to cover all of his bases ... then cover the dug-out ... then the bench. If you think this method to convert input (from 33 to 0.33) is a bit superflous, you should see data validation.


Archives