The Daily WTF: Curious Perversions in Information Technology

Brillant Perls

by Remy Porter in CodeSOD on 2022-10-06

Many years ago, a Paula Bean type was hired to make a Perl-based website. It became the company's flagship product, at least briefly, until a better version of the product was ready. But early adopters adopted it, and thus it had to keep operating, because you can't throw a way a 800kLOC web application just because it's fragile and unmaintainable.

And then the site got hacked. So now, fixing everything becomes incredibly important, and the task fell to Erik. He needed to do a security audit and identify vulnerabilities. Alone. In a 800kLOC application of extremely questionable code quality. For bonus challenges, there is no testing environment available and no budget to stand one up- even if anyone knew exactly what actually needs to be in that environment, because there's a bunch of databases and packages and extra software and no one is entirely sure what the production environment is.

17 comments - Last comment @ 21:54

Throw it $$OUT

by Remy Porter in CodeSOD on 2022-10-05

If there's one thing worse in code than magic numbers, it's magic strings. Sean inherited an antique Visual C++ application, and the previous developers were very careful to make sure every string was a named constant.

const char $$B[]   = "$$B";
const char $$E[]   = "$$E";
const char $$L[]   = "$$L";
const char $$IN[]  = "$$IN";
const char $$OUT[] = "$$OUT";
const char $CODE[] = "$CODE";
const char $ENDE[] = "$ENDE";

22 comments - Last comment @ 11:35

Unification of Strings

by Remy Porter in CodeSOD on 2022-10-04

As a general rule of thumb, when you see a class called StringConverter you know something is going to be wrong in there. That's at least what Erik thought when examining a bug in a totally different section of string handling code that just happened to depend on StringConverter.

StringConverter might sound like some sort of utility belt class with a huge pile of methods in it, but no- it's only got two. So we should take a look at both.

30 comments - Last comment @ 14:59

The Misleading PIN

by Remy Porter in CodeSOD on 2022-09-29

Tina needs to write some software that integrates with a hardware device. Thatdevice controls access via behind a PIN, and thus Tina's team needs to track the valid PIN, so that they can, via software, update or alter the PIN.

There's just one problem. That device has some opinions about how a Personal Identification Number should be represented:

34 comments - Last comment @ 2022-10-04

Top Slots

by Remy Porter in CodeSOD on 2022-09-28

Picking random items without repetition is its own special challenge. It's one of those things that's not actually hard, but some programmers have a difficult time coming up with solutions to the problem. Abraham has found these two examples in some code he maintains:

//pick 3 out of 4
    int alreadyUsed = 0;
    while (alreadyUsed < 3) {
        int rand = random()%4;
        if(!m_AllOptions[rand]->used) {
            m_AllOptions[rand]->used = true;
            alreadyUsed++;
        }
    }

17 comments - Last comment @ 2022-10-03

Containerization

by Remy Porter in CodeSOD on 2022-09-27

A large company with facilities all over the Asia-Pacific region opted to modernize. They'd just finished a pile of internal development that extended the functionality of a 3rd party package, and they wanted to containerize the whole shebang.

That's where Fred came in, about 9 months into a 12 month effort. Things hadn't gone well, but a lot of the struggles were growing pains. Many of the containers were built as gigantic monoliths. A lot of the settings you might need to do a Kubernetes deployment weren't properly configured. It was a mess, but it wasn't a WTF, just a lot of work.

26 comments - Last comment @ 08:07

A Valid Call

by Remy Porter in CodeSOD on 2022-09-26

"Never trust your inputs" is a generally good piece of advice for software development. We can, however, get carried away.

Janice inherited a system which, among many other things, stores phone numbers. Like most such systems, the database validates phone numbers, and guarantees that numbers are stored in a canonical format, as text.

18 comments - Last comment @ 2022-10-03

Model Years

by Remy Porter in Feature Articles on 2022-09-22

Caleb (previously) continues to work for a vehicle finance company. Most recnetly, he was working on a data ingestion application. Its job was to pull in a big ol' pile of CSVs from a mix of vendors and customers and feed it into a central database to keep things up to date.

"Application", however, is misleading. In reality, it was a suite of Access databases scattered around various network shares. Each represented a custom data loading pathway for a kind of data. It wasn't true that each was isolated from every other- frequently, the data flow would be "Open database \\fileserver\processing\vendor01.mdb, use the form to load the CSV file, then open \\fileserver\processing\process01.mdb, but only AFTER you've deleted the CSV file."

18 comments - Last comment @ 2022-09-29