Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!
«1503 »
 
  • Post
  • Reply
Bhaal
Jul 13, 2001
I ain't going down alone
Dr. Infant, MD

Optimus Prime Ribs posted:

The minimum end is a bit low (I don't know where he got those figures from) but $80,000.00 isn't too inaccurate.
Ah, I'm in the states and am mostly going from anecdotal stuff, but that's from people I know in alberta and calgary specifically. Now that I think about it also they are in the sphere of big oil firms like petro canada pre-takeover, and the corporate end of that industry seems like it shits money up there so that must be skewing my perspective. To them a recent grad taking a job for 60k was getting totally ripped off and anyone 8-10 years into their career not starting to break 6 figures was doing something wrong.

That being said I'm still trying to talk the CTO into letting me move to vancouver or victoria and opening up an office up there. :canada:

Bhaal fucked around with this message at 00:57 on Oct 9, 2012

* # ? Oct 9, 2012 00:50
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 25, 2024 08:55
  • Quote
nielsm
Jun 1, 2009



 PHP thank you for making me waste a day chasing down something that apparently is not a bug.

My Wordpress plugin activation hook was not getting called, because I was developing the plugin in a GIT repository outside the webserver tree and symlinked that directory into Wordpress' plugins directory. I was following good practice and using __FILE__ in the hook registration, and that caused it to silently fail because the plugins directory path was not a prefix of __FILE__.

gently caress you PHP.

* # ? Oct 9, 2012 15:17
  • Quote
Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe
Closed as duplicate, but doesn't say which one? This bugtracker is almost as bad as GitHub Issues.

* # ? Oct 9, 2012 15:22
  • Quote
raminasi
Jan 25, 2005

a last drink with no ice
I am in awe of that "resolution."

quote:

It is required as part of the require/include_once function. Sources file paths are always resolved. It is not a bug but a design choice, which allows many optimization.

That being said, anyone using symbolic links in prod across different sites should reconsider this choice as well.

Let close this bug and mark as duplicated.
* # ? Oct 9, 2012 22:26
  • Quote
Zamujasa
Oct 27, 2010



Bread Liar
Our "IT Manager" (former "senior web programmer") at work...
code:
// Old code I wrote months ago (and later made into a dedicated view)
$res = mysql_query("/* SELECT t.id, v.long mess of column names FROM old_crap t LEFT JOIN ... */ 
SELECT * FROM `new_view` ...");

quote:

:v:: there are comments in this query
:v:: would MYSQL be smart enough to know to ignore that?

:what:

* # ? Oct 9, 2012 23:58
  • Quote
Qwertycoatl
Dec 31, 2008

Admiral H. Curtiss posted:

The best part is how he actually uses stack.size() (I'm assuming "stack" is an ArrayList) in that insane method -- if he knows it exists, why not just return that?

It looks to me like the sort of code that people send as a joke to idiots who ask programming forums to do their homework for them.

* # ? Oct 10, 2012 01:02
  • Quote
Reformed Pissboy
Nov 6, 2003

 Code at our work is usually quite reasonable, but I just shivered at this line in a review:

C++ code:
const uint32 Interval_sec = static_cast<uint32>( Convert::float_to_int32( Convert::min_to_sec( static_cast<Float_T>( g_databaseClient.getUint( "updateInterval" ) ) ), 1 ) );
* # ? Oct 10, 2012 19:20
  • Quote
pokeyman
Nov 26, 2006

That elephant ate my entire platoon.
 I love that 1 hiding out over on the right. Pretty obvious what it does.

* # ? Oct 10, 2012 19:49
  • Quote
kingcrimbud
Mar 1, 2007
Oh, Great. Now what?
code:
if (SomeObject.SomeProperty == 1)
{
	AnotherObject.AnotherProperty = "YES";
}
Of course AnotherProperty is used as a bool later on with a sting comparison and SomeProperty shouldn't be a non-bool to begin with. It's like someone skipped the second day of their first programming class and has still never caught up.

* # ? Oct 11, 2012 00:04
  • Quote
ToxicFrog
Apr 26, 2008

Harm Barn Gumshoe posted:

Code at our work is usually quite reasonable, but I just shivered at this line in a review:

C++ code:
const uint32 Interval_sec = static_cast<uint32>( Convert::float_to_int32( Convert::min_to_sec( static_cast<Float_T>( g_databaseClient.getUint( "updateInterval" ) ) ), 1 ) );

poo poo like that is why I love languages that let you instead write that as something like:

code:
(let Interval_sec
     (->> "updateInterval"
       (. g_databaseClient getUint)
       (static_cast Float_T)
       (Convert/min_to_sec)
       (Convert/float_to_int32 1)
       (static_cast uint32)))
Rather than having to work backwards to untangle a mess of nested calls like that. :(

* # ? Oct 11, 2012 02:48
  • Quote
Progressive JPEG
Feb 19, 2003

ToxicFrog posted:

poo poo like that is why I love languages that let you instead write that as something like:

code:
(let Interval_sec
     (->> "updateInterval"
       (. g_databaseClient getUint)
       (static_cast Float_T)
       (Convert/min_to_sec)
       (Convert/float_to_int32 1)
       (static_cast uint32)))
Rather than having to work backwards to untangle a mess of nested calls like that. :(

Hopeful that I'm missing sarcasm

* # ? Oct 11, 2012 16:02
  • Quote
KaneTW
Dec 2, 2011

 The composition notation is much more readable, though I prefer Haskell's syntax but whatever.

* # ? Oct 11, 2012 16:07
  • Quote
Progressive JPEG
Feb 19, 2003

 To clarify I'd have probably just gone and added an integer overload of that Convert::min_to_sec function, but going by all those other functs it looks like that Convert module is getting pretty enormous as it is (or is it some system/3rdparty library?).
code:
const uint32_t interval_secs = Convert::min_to_sec(g_databaseClient.getUint( "updateInterval" ));
It's arguable that the prerequisite shoehorning to get things to work with that Convert module is the horror.

* # ? Oct 11, 2012 16:24
  • Quote
Big Nubbins
Jun 1, 2004
 Just discovered in a stylesheet I'm attempting to clean up:
code:
.black { color: white; }

* # ? Oct 11, 2012 19:46
  • Quote
piratepilates
Mar 28, 2004

So I will learn to live with it. Because I can live with it. I can live with it.

Shame Boner posted:

Just discovered in a stylesheet I'm attempting to clean up:
code:
.black { color: white; }

Now how's that for some obfuscation, like to see someone try to steal his design :smug:

* # ? Oct 11, 2012 20:38
  • Quote
ToxicFrog
Apr 26, 2008

beoba posted:

Hopeful that I'm missing sarcasm

Nope. I genuinely prefer my code to read first operation first rather than last operation first.

I mean, in practice seeing something like that would be a warning sign, but I wanted to reproduce the same sequence of operations the original code had.

KaneTW posted:

The composition notation is much more readable, though I prefer Haskell's syntax but whatever.

So do I, but I prefer Clojure for day to day use overall.

* # ? Oct 11, 2012 21:11
  • Quote
bobthecheese
Jun 7, 2006
Although I've never met Martha Stewart, I'll probably never birth her child.
php:
<?
function CheckSQLInjection($Username, $requiredChars)
{
    $Username=strtoupper($Username);
    $Username=" $Username";
    $InjectArray=array("SELECT ", "UPDATE ", "INSERT ", " AND ", " OR ");

    while($temp=array_pop($requiredChars)) {
        if(strpos($Username,$temp)==false) {
            return 1;
        }
    }

    while($temp=array_pop($InjectArray)) {
        if(strpos($Username,$temp)<>false) {
            return 1;
        }
    }

    return 0;
}?>
Every. loving. Day.

I just want to, once, not find a horror in some code that I've been handed. That'd be nice.

* # ? Oct 12, 2012 07:39
  • Quote
Wheany
Mar 17, 2006

Spinyahahahahahahahahahahahaha!

Doctor Rope

bobthecheese posted:

I just want to, once, not find a horror in some code that I've been handed. That'd be nice.

:hfive:

If my career has taught me one thing, it's that this old gem applies to software too: There is always more and it's always worse.

:smithcloud:

* # ? Oct 12, 2012 07:56
  • Quote
Big Nubbins
Jun 1, 2004
 At my old job, my boss had a friend who was a sysadmin for a local company, and who would do "security audits" on our servers every once in awhile. After one of these, we noticed one server in particular was running really slow. Restarting would fix it for a bit but would be running sluggish again before too long, so I logged on and uhh...found that multiple instances of find were choking the system. Eventually I found the source: a shell script called find_spaced_dirs.sh that was scheduled with the backup routine every 15 minutes. The script was basically this:
code:
find / -name " "
It brought the server to its knees because this script would take at least 20 minutes to complete, but after 15, another would begin executing, slowing things down further; then another, and another, etc.

I'm not really sure why he was so paranoid. I can only imagine that some attack on one of his systems scarred him for life so he's making sure we never get caught off guard by a malicious process stashing executables in directories consisting of a single space. Rather than argue with the boss about why this was check was unnecessary and stupid, I rewrote the script to do something like use tree to list all directories on the filesystem and did a line-by-line pattern match on them. It'd do the same check in about 6 seconds.

Big Nubbins fucked around with this message at 15:14 on Oct 12, 2012

* # ? Oct 12, 2012 15:12
  • Quote
PrBacterio
Jul 19, 2000

bobthecheese posted:

Every. loving. Day.

I just want to, once, not find a horror in some code that I've been handed. That'd be nice.
Hahaha, that's a pretty awesome, inventive horror, though. "function CheckSQLInjection". I seriously can't stop laughing at this :dance:

* # ? Oct 12, 2012 16:50
  • Quote
Doctor w-rw-rw-
Jun 24, 2008
 One thing that is related but not quite code: users don't understand what it means to develop an application.

Release a new feature while improving stability? "Ok but you should have been working on making it stable instead and you should have done it better :( :( :( 1 star"
Make it more stable? "I can't click then hit back to not pay like I used to!!!!!!! 1 star make it free again!!!"
Have a minor issue that doesn't mean much? "This app is awful it used to be better and why doesn't it have {FEATURE} this app sucks uninstalled"

:gonk:

* # ? Oct 13, 2012 02:18
  • Quote
Zamujasa
Oct 27, 2010



Bread Liar

bobthecheese posted:


Every. loving. Day.

I just want to, once, not find a horror in some code that I've been handed. That'd be nice.

My favorite is the use of == false and <> false, if only because both are completely wrong. :allears:

* # ? Oct 13, 2012 03:20
  • Quote
Malloc Voidstar
May 7, 2007

Fuck the cowboys. Unf. Fuck em hard.
Rather amused by this comment on a Firefox bug report:

quote:

FWIW, ConvertACEtoUTF is also quite poorly implemented. For each node decodeACE converts from from puny to UCS4 to utf16 to utf8. Then it converts utf8 to utf16 to ACE to and compares with the original to make sure that it didn't make any mistakes. Finally the utf8 result will be converted back to utf16 for Javascript.
* # ? Oct 13, 2012 04:44
  • Quote
Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe
Mozilla's JavaScript implementation chokes at anything Unicode-related.

https://bugzilla.mozilla.org/show_bug.cgi?id=508783
https://bugzilla.gnome.org/show_bug.cgi?id=680730#c8

* # ? Oct 13, 2012 04:55
  • Quote
TronPaul
Oct 11, 2012
 Refactoring some code at work we found an interesting data structure: Map<Person, Pair<Person, Money>> (we're a Java shop). The function that used it had each Person key in the Map and the Person in the Pair reference the same object. :bang:

* # ? Oct 13, 2012 05:00
  • Quote
zeekner
Jul 14, 2007

Doctor w-rw-rw- posted:

One thing that is related but not quite code: users don't understand what it means to develop an application.

Release a new feature while improving stability? "Ok but you should have been working on making it stable instead and you should have done it better :( :( :( 1 star"
Make it more stable? "I can't click then hit back to not pay like I used to!!!!!!! 1 star make it free again!!!"
Have a minor issue that doesn't mean much? "This app is awful it used to be better and why doesn't it have {FEATURE} this app sucks uninstalled"

:gonk:

Dealing with android users is a horror, but not a coding one. Their phone's firmware, however...

* # ? Oct 13, 2012 05:02
  • Quote
tef
May 30, 2004

-> some l-system crap ->

TronPaul posted:

Refactoring some code at work we found an interesting data structure: Map<Person, Pair<Person, Money>> (we're a Java shop). The function that used it had each Person key in the Map and the Person in the Pair reference the same object. :bang:

I was once informed of a hash table, where to store a key/value pair, they first concatenated the key to the value (they were both strings), and then to lookup, it did a prefix search over the hash table entries.

* # ? Oct 13, 2012 05:10
  • Quote
Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe

tef posted:

I was once informed of a hash table, where to store a key/value pair, they first concatenated the key to the value (they were both strings), and then to lookup, it did a prefix search over the hash table entries.

Our Verizon internal FancyHash did that as well.

* # ? Oct 13, 2012 05:15
  • Quote
tef
May 30, 2004

-> some l-system crap ->
“Doing linear scans over an associative array is like trying to club someone to death with a loaded Uzi.”

* # ? Oct 13, 2012 05:19
  • Quote
Bunny Cuddlin
Dec 12, 2004
 http://www.oracle.com



lol

* # ? Oct 13, 2012 11:19
  • Quote
Doctor w-rw-rw-
Jun 24, 2008

Geekner posted:

Dealing with android users is a horror, but not a coding one. Their phone's firmware, however...

I just spent 8 hours straight trying to get a VideoView to resume, not restart when it went off screen.

I failed. :cripes:

* # ? Oct 13, 2012 11:46
  • Quote
Workaday Wizard
Oct 23, 2009

by Pragmatica

Bunny Cuddlin posted:

http://www.oracle.com



lol

Holy poo poo this is real!

* # ? Oct 13, 2012 12:41
  • Quote
Murodese
Mar 6, 2007

Think you've got what it takes?
We're looking for fine Men & Women to help Protect the Australian Way of Life.

Become part of the Legend. Defence Jobs.

Doctor w-rw-rw- posted:

One thing that is related but not quite code: users don't understand what it means to develop an application.

Release a new feature while improving stability? "Ok but you should have been working on making it stable instead and you should have done it better :( :( :( 1 star"
Make it more stable? "I can't click then hit back to not pay like I used to!!!!!!! 1 star make it free again!!!"
Have a minor issue that doesn't mean much? "This app is awful it used to be better and why doesn't it have {FEATURE} this app sucks uninstalled"

:gonk:

The trick here is to entirely ignore the comments page of your app, and just read the emails people send you. They're usually a lot more coherent.

* # ? Oct 13, 2012 13:48
  • Quote
geonetix
Mar 6, 2011

Aleksei Vasiliev posted:

Rather amused by this comment on a Firefox bug report:

While on the subject of amusing firefox bugs, check out this padding/scrollbar/textarea bug from 2002. Which still is not fixed.

* # ? Oct 13, 2012 14:21
  • Quote
Hughlander
May 11, 2005

Shame Boner posted:

At my old job, my boss had a friend who was a sysadmin for a local company, and who would do "security audits" on our servers every once in awhile. After one of these, we noticed one server in particular was running really slow. Restarting would fix it for a bit but would be running sluggish again before too long, so I logged on and uhh...found that multiple instances of find were choking the system. Eventually I found the source: a shell script called find_spaced_dirs.sh that was scheduled with the backup routine every 15 minutes. The script was basically this:
code:
find / -name " "
It brought the server to its knees because this script would take at least 20 minutes to complete, but after 15, another would begin executing, slowing things down further; then another, and another, etc.

I'm not really sure why he was so paranoid. I can only imagine that some attack on one of his systems scarred him for life so he's making sure we never get caught off guard by a malicious process stashing executables in directories consisting of a single space. Rather than argue with the boss about why this was check was unnecessary and stupid, I rewrote the script to do something like use tree to list all directories on the filesystem and did a line-by-line pattern match on them. It'd do the same check in about 6 seconds.

I'm not sure if I could resist running:
echo "Hi SecurityGuy!" > " " and just wait.

* # ? Oct 13, 2012 14:29
  • Quote
Markovnikov
Nov 6, 2010

bobthecheese posted:

php:
<?
function CheckSQLInjection($Username, $requiredChars)
{
    $Username=strtoupper($Username);
    $Username=" $Username";
    $InjectArray=array("SELECT ", "UPDATE ", "INSERT ", " AND ", " OR ");

    while($temp=array_pop($requiredChars)) {
        if(strpos($Username,$temp)==false) {
            return 1;
        }
    }

    while($temp=array_pop($InjectArray)) {
        if(strpos($Username,$temp)<>false) {
            return 1;
        }
    }

    return 0;
}?>
Every. loving. Day.

I just want to, once, not find a horror in some code that I've been handed. That'd be nice.

I'm not familiar at all with SQL, but this got me interested: Why do SQL Injections work at all? It seems like a pretty strange oversight by SQL. And why is this a bad way to try and catch them? I'm not saying it's good, I just want to understand what the particular horror is here.

* # ? Oct 13, 2012 15:53
  • Quote
Vanadium
Jan 8, 2005

 SQL injections happen when you try to build a query string dynamically out of user input, and you get your string escaping wrong (like, because you're using php and php is a mess). The solution is to not build query strings dynamically.

If your frontend is too fragile to handle input that has certain english words in them, banning specific words is probably not going to save you. You should be making certain that input isn't interpreted as anything other than text rather than trying to limit what people can put into the text.

Vanadium fucked around with this message at 16:13 on Oct 13, 2012

* # ? Oct 13, 2012 16:09
  • Quote
New Yorp New Yorp
Jul 18, 2003

Only in Kenya.
Pillbug

Markovnikov posted:

I'm not familiar at all with SQL, but this got me interested: Why do SQL Injections work at all? It seems like a pretty strange oversight by SQL. And why is this a bad way to try and catch them? I'm not saying it's good, I just want to understand what the particular horror is here.

SQL injection is something that opens up when you build a SQL command by concatenating strings. Everyone knows it's a bad practice at this point, except for people who don't know.

Like, let's say you have a query like:

"SELECT * FROM UserAccounts WHERE UserName = '" + userName + "' AND Password = '" + password + "'"

If I enter my username as "Ithaqua' AND 1=1 --", I end up with:

"SELECT * FROM UserAccounts WHERE UserName = 'Ithaqua' AND 1=1 -- ' AND Password = ''"

The -- is a comment, so at this point I'm logging in as the specified user without having a valid password.

It's not the fault of the SQL engine for doing what it's told, it's the fault of lovely developers for not taking precautions against a type of attack that's been well-known and well-documented for over a decade.

* # ? Oct 13, 2012 16:14
  • Quote
Look Around You
Jan 19, 2009

 The fact that SQL queries even are strings in the first place is pretty horrible. Using a binary API like most other things would be exponentially better.

* # ? Oct 13, 2012 16:17
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 25, 2024 08:55
  • Quote
Mustach
Mar 2, 2003

In this long line, there's been some real strange genes. You've got 'em all, with some extras thrown in.

tef posted:

I was once informed of a hash table, where to store a key/value pair, they first concatenated the key to the value (they were both strings), and then to lookup, it did a prefix search over the hash table entries.
Maybe they used a crit-bit tree. (probably not)

* # ? Oct 13, 2012 16:18
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!
«1503 »