Coding Horrors: You can gather all your technical debt into one easy framework!

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1503 »

RoadCrewWorker: Nov 19, 2007; camels aren't so great

Jabor posted:

It's basically this. It makes no sense to waste half your screen area displaying a river of blank space just because some lines occasionally break into it - limiting lines to 80 characters allows you to make better use of that space, at the cost of having to wrap longer lines occasionally.

That makes the most sense, i just assumed editors with proper automated (indented) line-wrapping could take care of that. I guess putting it into the code instead of the presentation makes more sense where those editors aren't an option.

# ? Jun 21, 2013 23:36

Adbot: ADBOT LOVES YOU

# ? May 16, 2024 06:18

Plorkyeran: Mar 22, 2007; To Escape The Shackles Of The Old Forums, We Must Reject The Tribal Negativity He Endorsed

RICHUNCLEPENNYBAGS posted:

vi and emacs ahve linewrap so even if you're working in an 80 x 20 terminal window for some reason it's not a problem.

Automatic line wrap is loving awful.

# ? Jun 21, 2013 23:37

Tesseraction: Apr 5, 2009

The option to switch between the two has been loving useful for line-break sensitive scripting languages, though.

# ? Jun 21, 2013 23:39

MrMoo: Sep 14, 2000

RoadCrewWorker posted:

That makes the most sense

Sounds like a yospos rule #36 call. I don't see any reason why one has to lower oneself to suit people buying ridiculously small laptops. I get plenty of ribbing already at work for only a single 20" panel.

Glassfish WSDL importing has yielded some of the most entertainingly long function calls I have ever seen, almost wrapping twice on a normal monitor.

# ? Jun 21, 2013 23:51

Maluco Marinero: Jan 18, 2001; Damn that's a
fine elephant.

MrMoo posted:

Sounds like a yospos rule #36 call. I don't see any reason why one has to lower oneself to suit people buying ridiculously small laptops. I get plenty of ribbing already at work for only a single 20" panel.

I don't see why we have to lower our standards for people who can't be hosed to format their code to reasonable line lengths. I'm no PEP8 zealot, but it serves it's purpose and inordinately long statement lines are bad for reading, which you spend a great deal more time doing than writing.

# ? Jun 22, 2013 00:26

Opinion Haver: Apr 9, 2007

Today at work I saw a 59-argument function. That's a loving horror.

# ? Jun 22, 2013 00:53

Malloc Voidstar: May 7, 2007; Fuck the cowboys. Unf. Fuck em hard.

Jabor posted:

Java is obnoxiously verbose though, so 80 columns really isn't enough there - limit it to 120 or something. (120 is nice because then you fit two Java windows in the space that fits three other-language ones)

I've found 100chars to be a nice limit, at least for my code. 80 is way too short, but most lines I've written that ran well over 100chars were better rewritten as separate lines.

# ? Jun 22, 2013 01:12

IMlemon: Dec 29, 2008

yaoi prophet posted:

Today at work I saw a 59-argument function. That's a loving horror.

how

# ? Jun 22, 2013 01:30

QuarkJets: Sep 8, 2008

Lysidas posted:

Variable names like that make sense when you're in the middle of implementing an algorithm from a paper or textbook, but you rename them after you get it working

e: and you haven't needed to extend object since December 2008

It's also fun that the constructor returns an int some of the time (why does it return this int? And why 4? No one knows, not even the coder)

# ? Jun 22, 2013 01:37

Lysidas: Jul 26, 2002; John Diefenbaker is a madman who thinks he's John Diefenbaker.; Pillbug

I would have mentioned that too, but I figured it was a side effect of you typing pseudocode from memory. That "works" in 2.4 but not 2.6, and I don't have a 2.5 installation handy to see whether it works in that version.

Python code:

Python 2.4.3 (#1, Jan  9 2013, 06:47:03) 
[GCC 4.1.2 20080704 (Red Hat 4.1.2-54)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> class Test(object):
...   def __init__(self):
...     return 1
... 
>>> Test()
__main__:1: RuntimeWarning: __init__() should return None
<__main__.Test object at 0x2aba648c5750>

Python code:

Python 2.6.5 (r265:79063, Oct  1 2012, 22:04:36) 
[GCC 4.4.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> class Test(object):
...   def __init__(self):
...     return 1
... 
>>> Test()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: __init__() should return None, not 'int'

Python code:

Python 3.3.1 (default, Apr 17 2013, 22:30:32) 
[GCC 4.7.3] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> class Test:
...   def __init__(self):
...     return 1
... 
>>> Test()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: __init__() should return None, not 'int'

# ? Jun 22, 2013 01:50

Suspicious Dish: Sep 24, 2011; 2020 is the year of linux on the desktop, bro; Fun Shoe

Codepad runs 2.5

It fails.

2.5 was released 7 years ago.

# ? Jun 22, 2013 02:01

RICHUNCLEPENNYBAGS: Dec 21, 2010

Plorkyeran posted:

Automatic line wrap is loving awful.

I don't know about vi but emacs has an indicator so you know if it's a "real" linebreak (unless you turn on visual-line-mode or whatever) and anyway, it sure beats poo poo running off the screen.

yaoi prophet posted:

Today at work I saw a 59-argument function. That's a loving horror.

Been automating Office products, huh?

# ? Jun 22, 2013 03:09

Posting Principle: Dec 10, 2011; by Ralp

yaoi prophet posted:

Today at work I saw a 59-argument function. That's a loving horror.

how many of them ended up being NULL ?

# ? Jun 22, 2013 03:17

QuarkJets: Sep 8, 2008

Lysidas posted:

Python code:

Python 2.4.3 (#1, Jan  9 2013, 06:47:03) 
[GCC 4.1.2 20080704 (Red Hat 4.1.2-54)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> class Test(object):
...   def __init__(self):
...     return 1
... 
>>> Test()
__main__:1: RuntimeWarning: __init__() should return None
<__main__.Test object at 0x2aba648c5750>

Python code:

Python 2.6.5 (r265:79063, Oct  1 2012, 22:04:36) 
[GCC 4.4.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> class Test(object):
...   def __init__(self):
...     return 1
... 
>>> Test()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: __init__() should return None, not 'int'

Python code:

Python 3.3.1 (default, Apr 17 2013, 22:30:32) 
[GCC 4.7.3] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> class Test:
...   def __init__(self):
...     return 1
... 
>>> Test()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: __init__() should return None, not 'int'

Would the int even be accessible in any way? IE, if I called MyObject(args) would I get an int instances instead of a MyObject instance if that's what the constructor returns? :psyduck:

# ? Jun 22, 2013 03:44

Lysidas: Jul 26, 2002; John Diefenbaker is a madman who thinks he's John Diefenbaker.; Pillbug

QuarkJets posted:

Would the int even be accessible in any way? IE, if I called MyObject(args) would I get an int instances instead of a MyObject instance if that's what the constructor returns?

No; the value returned by __init__ is lost. Remember that all Python functions return None unless you specify otherwise -- if the return value of __init__ was used as the instantiated object you'd get None when creating an instance of any class.

Python __init__ methods are better described as "initializers" than "constructors". You can define a real constructor that returns the wrong thing, if you really want to:

Python code:

>>> class Test:
...   def __new__(cls):
...     return 1
... 
>>> t = Test()
>>> t
1

# ? Jun 22, 2013 04:02

Opinion Haver: Apr 9, 2007

Jerry SanDisky posted:

how many of them ended up being NULL ?

I don't remember, I didn't try searching for it in the codebase. I just closed my tab and tried to forget.

Anyway, PHP just did a beta redesign of their site! It looks very nice, very Web 2.0. Except all the links go back to the old version.

Opinion Haver fucked around with this message at 07:27 on Jun 22, 2013

# ? Jun 22, 2013 06:15

coaxmetal: Oct 21, 2010; I flamed me own dad

usually if you are using __new__ in python, you are either doing some hacker metaprogramming poo poo or you are making a mistake. Or quite possibly both.

# ? Jun 22, 2013 07:19

QuarkJets: Sep 8, 2008

Lysidas posted:

No; the value returned by __init__ is lost. Remember that all Python functions return None unless you specify otherwise -- if the return value of __init__ was used as the instantiated object you'd get None when creating an instance of any class.

Python __init__ methods are better described as "initializers" than "constructors". You can define a real constructor that returns the wrong thing, if you really want to:
Python code:
>>> class Test:
...   def __new__(cls):
...     return 1
... 
>>> t = Test()
>>> t
1

Look at what you've done; now you are the coding horror.

# ? Jun 22, 2013 09:22

evensevenone: May 12, 2001; Glass is a solid.

Maluco Marinero posted:

I don't see why we have to lower our standards for people who can't be hosed to format their code to reasonable line lengths. I'm no PEP8 zealot, but it serves it's purpose and inordinately long statement lines are bad for reading, which you spend a great deal more time doing than writing.

Yeah this. If we didn't PEP8 at work, we'd spend all day trying to decode each others 300 character multi-layered list comprehensions. The 80-character limit is just a little check to prevent you from outsmarting yourself.

# ? Jun 22, 2013 18:02

Volmarias: Dec 31, 2002; EMAIL... THE INTERNET... SEARCH ENGINES...

yaoi prophet posted:

Today at work I saw a 59-argument function. That's a loving horror.

Let me guess: someone didn't understand the concept of passing arrays, and instead had input1 through input50, along with a few other arguments.

# ? Jun 23, 2013 02:10

Jonnty: Aug 2, 2007; The enemy has become a flaming star!

Volmarias posted:

Let me guess: someone didn't understand the concept of passing arrays, and instead had input1 through input50, along with a few other arguments.

The only legitimate reason I can think of doing that is if you're doing function dispatch and you need to keep the signature the same so that other functions can use the arguments. You could use the *args, **kwargs pattern but that way can look cleaner if there's not too many arguments and I guess it makes the fact you're ignoring certain arguments more explicit.

# ? Jun 23, 2013 02:17

That Turkey Story: Mar 30, 2003

I guess I can imagine something like a window class that has a ton of arguments for construction, but unless the language/library supports named parameter passing and defaults it's probably a lot better to just pass in an object with datamembers that represent the parameters.

# ? Jun 23, 2013 02:36

Gazpacho: Jun 18, 2004; by Fluffdaddy; Slippery Tilde

I'm guessing it's just a series of customizations that clients asked for over an extended period and were hacked in the most immediately convenient way possible.

# ? Jun 23, 2013 06:07

Dietrich: Sep 11, 2001

Our sample order emailing system crapped out today.

The business problem is "When an order gets shipped, send an e-mail to the customer that tells them it's been shipped." The solution was developed by a space cadet who was on a crusade to make the database server do literally everything. He would frequently work for a good two weeks on something before showing it to me and the other developers to see if we thought it was a good idea. The answer was always "No, that's insane", but his response would always be "Well, I already finished it, sooooo...."

I'm going to quote the email I sent to the program owner on why it broke today.

quote:

The problem was that *SALES REP* put in a quantity on a test order of 999,999.

Here is why. (I am not making this up).

*OLD DEV* has a SQL Agent job (DeveloperAdmin_PullEmails) that calls an SSIS Job (DeveloperAdmin_PullEmails.dtsx) that calls three stored procdures (SampleOrder_usp_EMails_Select_NeedsPushed, DeveloperAdmin_usp_EmailTemplate_SendEmail, SampleOrder_usp_Emails_Update).

The middle of these three stored procedures calls is a .net CLR stored procedure (which *OLD DEV* didn't bother checking in the source code for, but luckally I was able to de-compile the binary into pseudo code to figure out what it did) which calls a stored procedure to get an HTML Email template from a table along with instructions on how to fetch data for it. For this particular job, that means calling two other stored procedures which exist in the sample order database - usp_sampleorderbaseflattened_selectbyID and usp_Sampleorderitembaseflattened_selectbyid. The second of these two stored procedures calls a view v_sampleorderitembaseflattened, which queries the table sampleorderitembase, which has a calculated column that queries the picklist table to get the "weight factor" from the unit of measure for the sample order item to multiply by quantity and return a line weight as decimal(7,3). This particular sample order is in KG, so that's 2.2046.

The problem is that 2,204,597.7954 has more than four digits before the decimal place so that caused a unit conversion error which caused the whole house of cards to fall flat on its face with the helpful error message "Error converting numeric to numeric".

If that error hadn't occurred, the usp_emailtemplate_sendemail stored procedure would then proceed to parse the html (stored in sql tables, of course) and replace some embedded placeholders with data retrieved from the source stored procedures, then return the html to the SSIS job which would call the final stored procedure, which calls another stored procedure to place the email in the outbound email queue and update the sample order database that the email has been sent.

None of these layers upon layers of stored procedures or ssis jobs or agent jobs are configured to email us in case of failure. (But they all track how many milliseconds they take to run by writing to a table in the devadmin database, you know, in case we ever needed to know how many milliseconds a stored procedure takes to run and we were too lazy to use sql profiler). We only saw that this was broken because our 3rd party DBA was looking at the server logs this morning and alerted us.

None of these elements are documented, unit tested, fault tolerant, do input or output validation, or have clearly understood contracts and roles.

This whole thing is a land-mine waiting to explode the first time we make a change to any of it's constituent parts.

*PROGRAM OWNER*, when I say "We are worried about our ability to support this application long term," this is the kind of stuff I'm talking about.

# ? Jun 24, 2013 17:29

Bunny Cuddlin: Dec 12, 2004

I'm tempted to post this whole code segment, but I think it's better to meditate on what someone was thinking when they wrote this line:

C# code:

if (LongErrorMessage != "System.Object")

# ? Jun 24, 2013 20:31

quiggy: Aug 7, 2010; [in Russian] Oof.

yaoi prophet posted:

Today at work I saw a 59-argument function. That's a loving horror.

How the gently caress does this happen :stare:

# ? Jun 24, 2013 20:49

npe: Oct 15, 2004

One possible scenario was explained in this very thread.

# ? Jun 24, 2013 20:59

quiggy: Aug 7, 2010; [in Russian] Oof.

npe posted:

One possible scenario was explained in this very thread.

Holy poo poo I forgot about the loving plane :lol:

# ? Jun 24, 2013 21:02

Zaphod42: Sep 13, 2012; If there's anything more important than my ego around, I want it caught and shot now.

yaoi prophet posted:

Today at work I saw a 59-argument function. That's a loving horror.

tell me this was autogenerated somehow or done by an intern so I can put down the pitchfork

npe posted:

One possible scenario was explained in this very thread.

Oh dear lord. I... I... er...

I can't even speak.

That's just....

...... :stare:

quiggy posted:

Holy poo poo I forgot about the loving plane

I seriously just lost my poo poo. Luckily my boss already went home for the day, because that was hilarious. :allears:

Zaphod42 fucked around with this message at 23:14 on Jun 24, 2013

# ? Jun 24, 2013 23:06

Malloc Voidstar: May 7, 2007; Fuck the cowboys. Unf. Fuck em hard.

This is horrifying but also justified?

Jonathan Garrett, Insomniac Games posted:

(s)elf-exploitation

Ratchet and Clank: Up Your Arsenal was an online title that shipped without the ability to patch either code or data. Which was unfortunate.

The game downloads and displays an End User License Agreement each time it's launched. This is an ascii string stored in a static buffer. This buffer is filled from the server without checking that the size is within the buffer's capacity.

We exploited this fact to cause the EULA download to overflow the static buffer far enough to also overwrite a known global variable. This variable happened to be the function callback handler for a specific network packet. Once this handler was installed, we could send the network packet to cause a jump to the address in the overwritten global. The address was a pointer to some payload code that was stored earlier in the EULA data.

Valuable data existed between the real end of the EULA buffer and the overwritten global, so the first job of the payload code was to restore this trashed data. Once that was done things were back to normal and the actual patching work could be done.

One complication is that the EULA text is copied with strcpy. And strcpy ends when it finds a 0 byte (which is usually the end of the string). Our string contained code which often contains 0 bytes. So we mutated the compiled code such that it contained no zero bytes and had a carefully crafted piece of bootstrap asm to un-mutate it.

By the end, the hack looked like this:

1. Send oversized EULA
2. Overflow EULA buffer, miscellaneous data, callback handler pointer
3. Send packet to trigger handler
4. Game jumps to bootstrap code pointed to by handler
5. Bootstrap decodes payload data
6. Payload downloads and restores stomped miscellaneous data
7. Patch executes

Takeaways: Include patching code in your shipped game, and don't use unbounded strcpy.

# ? Jun 25, 2013 00:32

Volmarias: Dec 31, 2002; EMAIL... THE INTERNET... SEARCH ENGINES...

quiggy posted:

Holy poo poo I forgot about the loving plane

Oh my god. I just saw that for the first time. Everyone on the train was staring at me :blush:

# ? Jun 25, 2013 01:27

Slanderer: May 6, 2007

Aleksei Vasiliev posted:

This is horrifying but also justified?

Holy poo poo that is wonderful

# ? Jun 25, 2013 01:30

kitten smoothie: Dec 29, 2001

Aleksei Vasiliev posted:

This is horrifying but also justified?

This reminds me of the story of AOL using a buffer overflow in their own AIM software as a means to identify unofficial clients and kick them off.

http://www.geoffchappell.com/notes/security/aim/index.htm

# ? Jun 25, 2013 01:40

Gazpacho: Jun 18, 2004; by Fluffdaddy; Slippery Tilde

Bunny Cuddlin posted:

I'm tempted to post this whole code segment, but I think it's better to meditate on what someone was thinking when they wrote this line:
C# code:
if (LongErrorMessage != "System.Object")

The dev responsible has a background in writing Unix admin scripts?

# ? Jun 25, 2013 04:00

TheresaJayne: Jul 1, 2011

Shudder::::

Well I once worked for a large media company in the London UK area, They do the websites for people like Womens Tennis Association, Premier League Football sites, Big Brother (the TV series) website to do the Video Streaming.

And their system works on a huge in house CRM with Drag and Drop Layout system.

The main class in the application is called article.java

15773 lines
113 import statements
800 lines of variable / static variable definitions
2000 lines of Getters and Setters with some SQL calls dropped in
Then the rest is all business logic.

Only the Senior Architects were allowed to touch this file although EVERY new dev wanted to get it refactored.

# ? Jun 25, 2013 12:34

Zaphod42: Sep 13, 2012; If there's anything more important than my ego around, I want it caught and shot now.

Aleksei Vasiliev posted:

This is horrifying but also justified?

quote:
Takeaways: Include patching code in your shipped game, and don't use unbounded strcpy.

Holy. loving. poo poo. :stare:

I.... I just don't even know how that's possible. Insomiac games, what the hell? That was 2004. :catstare:

You're a major developer with many, many successful shipped games under your belt.

Wow. Every part of that is solid loving gold. :allears:

I really love their hack solution too, and when it gets to garbling the data to avoid null terminators in the EULA string, that's just the best coding horror I've ever read.

Between the for-switch loop and this, I feel like the thread has to be all down hill from here. Prove me wrong.

kitten smoothie posted:

This reminds me of the story of AOL using a buffer overflow in their own AIM software as a means to identify unofficial clients and kick them off.

http://www.geoffchappell.com/notes/security/aim/index.htm

Well that's... creative? :unsmigghh:

Zaphod42 fucked around with this message at 22:34 on Jun 25, 2013

# ? Jun 25, 2013 22:28

b0lt: Apr 29, 2005

Zaphod42 posted:

Holy. loving. poo poo.

I.... I just don't even know how that's possible. Insomiac games, what the hell? That was 2004. You're a major developer with many, many successful shipped games under your belt.

Wow. Every part of that is solid loving gold. I really love their hack solution too, and when it gets to garbling the data to avoid null terminators in the EULA string, that's just the best coding horror I've ever read.

Between the for-switch loop and this, I feel like the thread has to be all down hill from here. Prove me wrong.

Well that's... creative? :unsmiggh:

# ? Jun 25, 2013 22:31

Dren: Jan 5, 2001; Pillbug

Zaphod42 posted:

Wow. Every part of that is solid loving gold. I really love their hack solution too, and when it gets to garbling the data to avoid null terminators in the EULA string, that's just the best coding horror I've ever read.

This is pretty standard stuff when writing an exploit. You write scripts to clean up your payload code and make running them a step in your build process.

# ? Jun 25, 2013 23:10

JawnV6: Jul 4, 2004; So hot ...

Zaphod42 posted:

Wow. Every part of that is solid loving gold. I really love their hack solution too, and when it gets to garbling the data to avoid null terminators in the EULA string, that's just the best coding horror I've ever read.

Slammer had to do the same thing. Didn't fix it up after, but it's pretty common to craft a payload to avoid a null byte.

# ? Jun 25, 2013 23:31

Adbot: ADBOT LOVES YOU

# ? May 16, 2024 06:18

Cerberus911: Dec 26, 2005; Guarding the damned since '05

Finally something to contribute.

The following is from a dev that has been around for over 6 months, and apparently has over 10 years of experience.

code:

 mainTitleContainer.visible = (mainTitleContainer.visible == false) ? true : false;

I've been going through a refactor of our app and the above just made me stop an go for a walk. All the features he has added are copy-paste of existing code with slight modifications.

# ? Jun 26, 2013 05:48

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1503 »