You are here


Error'd: These are not the Security Questions You're Looking for

The Daily WTF - Fri, 12/15/2017 - 12:30

"If it didn't involve setting up my own access, I might've tried to find what would happen if I dared defy their labeling," Jameson T. wrote.


"I think that someone changed the last sentence in a hurry," writes George.


"Now I may not be able to read, or let alone type in Italian, but I bet if given this particular one, I could feel my way through it," Anatoly writes.


"Wow! The best rates on default text, guaranteed!" writes Peter G.


Thomas R. wrote, "Doing Cyber Monday properly takes some serious skills!"


"I'm unsure what's going on here. Is the service status page broken or is it telling me that the service is broken?" writes Neil H.


[Advertisement] High availability, Load-balanced or Basic – design your own Universal Package Manager, allow the enterprise to scale as you grow. Download and see for yourself!
Categories: Fun/Other

Representative Line: An Array of WHY

The Daily WTF - Thu, 12/14/2017 - 12:30

Reader Jeremy sends us this baffling JavaScript: "Nobody on the team knows how it came to be. We think all 'they' wanted was a sequence of numbers starting at 1, but you wouldn't really know that from the code."

var numbers = new Array(maxNumber) .join() .split(',') .map(function(){return ++arguments[1]});

The end result: an array of integers starting at 1 and going up to maxNumber. This is probably the most head-scratchingest way to get that result ever devised.

[Advertisement] Scale your release pipelines, creating secure, reliable, reusable deployments with one click. Download and learn more today!
Categories: Fun/Other

The Interview Gauntlet

The Daily WTF - Wed, 12/13/2017 - 12:30

Natasha found a job posting for a defense contractor that was hiring for a web UI developer. She was a web UI developer, familiar with all the technologies they were asking for, and she’d worked for defense contractors before, and understood how they operated. She applied, and they invited her in for one of those day-long, marathon interviews.

They told her to come prepared to present some of her recent work. Natasha and half a dozen members of the team crammed into an undersized meeting room. Irving, the director, was the last to enter, and his reaction to Natasha could best be described as “hate at first sight”.

Irving sat directly across from Natasha, staring daggers at her while she pulled up some examples of her work. Picking on a recent project, she highlighted what parts she’d worked on, what techniques she’d used, and why. Aside from Irving’s glare, it played well. She got good questions, had some decent back-and-forth, and was feeling pretty confident when she said, “Now, moving onto a more recent project-”

“Oh, thank god,” Irving groaned. His tone was annoyed, and possibly sarcastic. It was really impossible to tell. He let Natasha get a few sentences into talking about the next project, and then interrupted her. “This is fine. Let’s just break out into one-on-one interviews.”

Jack, the junior developer, was up first. He moved down the table to be across from Natasha. “You’re really not a good fit for the position we’re hiring for,” he said, “but let’s go ahead and do this anyway.”

So they did. Jack had some basic web-development questions, less on the UI side and more on the tooling side. “What’s transpiling,” and “how do ES2015 modules work”. They had a pleasant back and forth, and then Jack tagged out so that Carl could come in.

Carl didn’t start by asking a question, instead he scribbled some code on the white board:

int a[10]; *(a + 5) = 1;

“What does that do?” he demanded.

Natasha recognized it as C or C++, which jostled a few neurons from back in her CS101 days. She wasn’t interviewing to do C/C++, so she just shrugged and made her best guess. “That’s some pointer arithmetic stuff, right? Um… setting the 5th element of the array?”

Carl scribbled different C code onto the board, and repeated his question: “What does that do?”

Carl’s interview set the tone for the day. Over the next few hours, she met each team member. They each interviewed her on a subject that had nothing to do with UI development. She fielded questions about Linux system administration via LDAP, how subnets are encoded in IPs under IPv6, and their database person wanted her to estimate average seek times to fetch rows from disk when using a 7,200 RPM drive formatted in Ext4.

After surviving that gauntlet of seemingly pointless questions, it was Irving’s turn. His mood hadn’t improved, and he had no intention of asking her anything relevant. His first question was: “Tell me, Natasha, how would you estimate the weight of the Earth?”

“Um… don’t you mean mass?”

Irving grunted and shrugged. He didn’t say, “I don’t like smart-asses” out loud, but it was pretty clear that’s what he thought about her question.

Off balance, she stumbled through a reply about estimating the relative components that make up the Earth, their densities, and the size of the Earth. Irving pressed her on that answer, and she eventually sputtered something about a spring scale with a known mass, and Newton’s law of gravitation.

He still didn’t seem satisfied, but Irving had other questions to ask. “How many people are in the world?” “Why is the sky blue?” “How many turkeys would it take to fill this space?”

Eventually, frustrated by the series of inane questions after a day’s worth of useless questions, Natasha finally bit back. “What is the point of these questions?”

Irving sighed and made a mark on his interview notes. “The point,” he said, “is to see how long it took you to admit you didn’t know the answers. I don’t think you’re going to be a good fit for this team.”

“So I’ve heard,” Natasha said. “And I don’t think this team’s a good fit for me. None of the questions I’ve fielded today really have anything to do with the job I applied for.”

“Well,” Irving said, “we’re hiring for a number of possible positions. Since we had you here anyway, we figured we’d interview you for all of them.”

“If you were interviewing me for all of them, why didn’t I get any UI-related questions?”

“Oh, we already filled that position.”

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!
Categories: Fun/Other

CodeSOD: ALM Tools Could Fix This

The Daily WTF - Tue, 12/12/2017 - 12:30

I’m old enough that, when I got into IT, we just called our organizational techniques “software engineering”. It drifted into “project management”, then the “software development life-cycle”, and lately “application life-cycle management (ALM)”.

No matter what you call it, you apply these techniques so that you can at least attempt to release software that meets the requirements and is reasonably free from defects.

Within the software development space, there are families of tools and software that we can use to implement some sort of ALM process… like “Harry Peckherd”’s Application Life-Cycle Management suite. By using their tool, you can release software that meets the requirements and is free from defects, right?

Well, Brendan recently attempted to upgrade their suite from 12.01 to 12.53, and it blew up with a JDBC error: [Mercury][SQLServer JDBC Driver][SQLServer]Cannot find the object "T_DBMS_SQL_BIND_VARIABLE" because it does not exist or you do not have permissions. He picked through the code that it was running, and found this blob of SQL:

DROP TABLE [t_dbms_sql_bind_variable] DECLARE @sql AS VARCHAR(4000) begin SET @sql = '' SELECT @sql = @sql + 'DROP FULLTEXT INDEX ON T_DBMS_SQL_BIND_VARIABLE' FROM sys.fulltext_indexes WHERE object_id = object_id('T_DBMS_SQL_BIND_VARIABLE') GROUP BY object_id if @sql'' exec (@sql) end ALTER TABLE [T_DBMS_SQL_BIND_VARIABLE] DROP CONSTRAINT [FK_t_dbms_sql_bind_variable_t_dbms_sql_cursor]

The upgrade script drops a table, drops the associated indexes on it, and then attempts to alter the table it just dropped. This is a real thing, released as part of software quality tools, by a major vendor in the space. They shipped this.

hljs.initHighlightingOnLoad(); [Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!
Categories: Fun/Other

CodeSOD: A Type of Standard

The Daily WTF - Mon, 12/11/2017 - 12:30

I’ve brushed up against the automotive industry in the past, and have gained a sense about how automotive companies and their suppliers develop custom software. That is to say, they hack at it until someone from the business side says, “Yes, that’s what we wanted.” 90% of the development time is spent doing re-work (because no one, including the customer, understood the requirements) and putting out fires (because no one, including the customer, understood the requirements well enough to tell you how to test it, so things are going wrong in production).

Mary is writing some software that needs to perform automated testing on automotive components. The good news is that the automotive industry has adopted a standard API for accomplishing this goal. The bad news is that the API was designed by the automotive industry. Developing standards, under ideal conditions, is hard. Developing standards in an industry that is still struggling with software quality and hasn’t quite fully adopted the idea of cross-vendor standardization in the first place?

You’re gonna have problems.

The specific problem that led Mary to send us this code was the way of defining data types. As you can guess, they used an XML schema to lay out the rules. That’s how enterprises do this sort of thing.

There are a bunch of “primitive” data types, like UIntVariable or BoolVariable. There are also collection types, like Vector or Map or Curve (3D plot). You might be tempted to think of the collection types in terms of generics, or you might be tempted to think about how XML schemas let you define new elements, and how these make sense as elements.

If you are thinking in those terms, you obviously aren’t ready for the fast-paced world of developing software for the automotive industry. The correct, enterprise-y way to define these types is just to list off combinations:

<xs:simpleType name="FrameworkVarType"> <xs:annotation> <xs:documentation>This type is an enumeration of all available data types on Framework side.</xs:documentation> </xs:annotation> <xs:restriction base="xs:string"> <xs:enumeration value="UIntVariable"/> <xs:enumeration value="IntVariable"/> <xs:enumeration value="FloatVariable"/> <xs:enumeration value="BoolVariable"/> <xs:enumeration value="StringVariable"/> <xs:enumeration value="UIntVectorVariable"/> <xs:enumeration value="IntVectorVariable"/> <xs:enumeration value="FloatVectorVariable"/> <xs:enumeration value="BoolVectorVariable"/> <xs:enumeration value="StringVectorVariable"/> <xs:enumeration value="UIntMatrixVariable"/> <xs:enumeration value="IntMatrixVariable"/> <xs:enumeration value="FloatMatrixVariable"/> <xs:enumeration value="BoolMatrixVariable"/> <xs:enumeration value="StringMatrixVariable"/> <xs:enumeration value="FloatIntCurveVariable"/> <xs:enumeration value="FloatFloatCurveVariable"/> <xs:enumeration value="FloatBoolCurveVariable"/> <xs:enumeration value="FloatStringCurveVariable"/> <xs:enumeration value="StringIntCurveVariable"/> <xs:enumeration value="StringFloatCurveVariable"/> <xs:enumeration value="StringBoolCurveVariable"/> <xs:enumeration value="StringStringCurveVariable"/> <xs:enumeration value="FloatFloatIntMapVariable"/> <xs:enumeration value="FloatFloatFloatMapVariable"/> <xs:enumeration value="FloatFloatBoolMapVariable"/> <xs:enumeration value="FloatFloatStringMapVariable"/> <xs:enumeration value="FloatStringIntMapVariable"/> <xs:enumeration value="FloatStringFloatMapVariable"/> <xs:enumeration value="FloatStringBoolMapVariable"/> <xs:enumeration value="FloatStringStringMapVariable"/> <xs:enumeration value="StringFloatIntMapVariable"/> <xs:enumeration value="StringFloatFloatMapVariable"/> <xs:enumeration value="StringFloatBoolMapVariable"/> <xs:enumeration value="StringFloatStringMapVariable"/> <xs:enumeration value="StringStringIntMapVariable"/> <xs:enumeration value="StringStringFloatMapVariable"/> <xs:enumeration value="StringStringBoolMapVariable"/> <xs:enumeration value="StringStringStringMapVariable"/> </xs:restriction> </xs:simpleType>

So, not only is this just awkward, it’s not exhaustive. If you, for example, wanted a curve that plots integer values against integer values… you can’t have one. If you want a StringIntFloatMapVariable, your only recourse is to get the standard changed, and that requires years of politics, and agreement from all of the other automotive companies, who won’t want to change anything out of fear that their unreliable, hacky solutions will break.

hljs.initHighlightingOnLoad(); [Advertisement] Atalasoft’s imaging SDKs come with APIs & pre-built controls for web viewing, browser scanning, annotating, & OCR/barcode capture. Try it for 30 days with included support.
Categories: Fun/Other

Error'd: PIck an Object, Any Object

The Daily WTF - Fri, 12/08/2017 - 12:30

"Who would have guessed Microsoft would have a hard time developing web apps?" writes Sam B.


Jerry O. writes, "So, if I eat my phone, I might get acid indigestion? That sounds reasonable."


"Got this when I typed into a SwaggerHub session I'd left open overnight and tried to save it," wrote Rupert, "The 'newer' draft was not, in fact, the newer version."


Antonio write, "It's nice to buy software from another planet, especially if year there is much longer."


"Either Meteorologist ( is having some trouble with OpenWeatherMap data, or we're having an unusually hot November in Canada," writes Chris H.


"This is possibly one case where a Windows crash can result in a REAL crash," writes Ruben.


[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!
Categories: Fun/Other

Representative Line: A Case of File Handling

The Daily WTF - Thu, 12/07/2017 - 12:30

Tim W caught a ticket. The PHP system he inherited allowed users to upload files, and then would process those files. It worked… most of the time. It seemed like a Heisenbug. Logging was non-existent, documentation was a fantasy, and to be honest, no one was exactly 100% certain what the processing feature was supposed to do- but whatever it was doing now was the right thing, except the times that it wasn’t right.

Specifically, some files got processed. Some files didn’t. They all were supposed to.

But other than that, it worked.

Tim worried that this was going to be difficult to replicate, especially after he tried it with a few files he had handy. Digging through the code though, made it perfectly clear what was going on. Buried on about line 1,200 in a 3,000 line file, he found this:

while (false !== ($file = readdir($handle))) { if ($file != "." && $file != ".." && ( $file == strtolower($file) ) ) { … } }

For some reason, this code required that the name of the file contain no capital letters. Why? Well, again, no documentation, no comments, and the change predated the organization’s use of source control. Someone put in the effort to add the feature, but was it necessary?

Tim took the line out, and now it processes all files. Unfortunately, it’s still only working most of the time, but nobody can exactly agree on what it’s doing wrong.

hljs.initHighlightingOnLoad(); [Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!
Categories: Fun/Other

News Roundup: Calculated

The Daily WTF - Wed, 12/06/2017 - 12:30

A long time ago, in a galaxy right here, we ran a contest. The original OMGWTF contest was a challenge to build the worst calculator you possibly could.

We got some real treats, like the Universal Calculator, which, instead of being a calculator, was a framework for defining your own calculator, or Rube Goldberg’s Calculator, which eschewed cryptic values like “0.109375”, and instead output “seven sixty-fourths” (using inlined assembly for performance!). Or, the champion of the contest, the Buggy Four Function Calculator, which is a perfect simulation of a rotting, aging codebase.

The joke, of course, is that building a usable calculator app is easy. Why, it’s so easy, that we challenged our readers to come up with ways to make it hard. To find creative ways to fail at handling this simple task. To misinterpret and violate basic principles of how calculators should work.

Well, I bring this up, because just a few days ago, iOS 11.2 left beta and went public. And finally, finally, they fixed the calculator, which has been broken since iOS 11 launched. How broken? Let's try 1+2+3+4+5+6 shall we?

For those who can't, or don't wish to watch the video, according to the calculator, 1+2+3+4+5+6 is 75. I entered the values in quickly, but not super-speed.

I personally discovered the bug for myself while scoring at the end of a round of board games. I just ran down the score-sheet to sum things up, tapping away like one does with a calculator, and got downright insane results.

The underlying cause, near as anyone has been able to tell, is a combination of input lag and display updates, so rapidly typing “1+2+3” loses one of the “+”es and becomes “1+23”.

Now Apple’s been in the news a lot recently- in addition to shipping a completely broken calculator, they messed up character encoding, causing “I” to display a placeholder character, released a macOS update which allowed anyone to log in as root with no password, patched it, but with the problem that the patch broke filesharing, and if you didn’t apply it in the “right” order, the bug could come back.

The root cause of the root bug, by the way, was due to bad error handling in the login code.

Now, I’ll leave it to the pundits to wring their hands over the decline of Apple’s code quality, worry that “is this the future of Apple?!?!!11?”, or claim “this never would have happened under Jobs”. I’m not interested in the broad trends here, or prognosticating, or prognostibating (where you please only yourself by imagining alternate realities where Steve Jobs still lives).

What I am interested in is that calculator app. Some developer, I’m gonna assume a more junior one (right? you don’t need 15 years of experience to reimplement a calculator app), really jacked that up. And at no point in testing did anyone actually attempt to use the calculator. I’m sure they ran some automated UI tests, and when they saw odd results, they started chucking some sleep() calls in there until the errors went away.

It’s just amazing to me, that we ran a contest built around designing the worst calculator you could. A decade later, Apple comes sauntering in, vying for an honorable mention, in an application they actually shipped.

[Advertisement] High availability, Load-balanced or Basic – design your own Universal Package Manager, allow the enterprise to scale as you grow. Download and see for yourself!
Categories: Fun/Other

Editor's Soapbox: Protect Yourself

The Daily WTF - Tue, 12/05/2017 - 12:30
We lend the soapbox to snoofle today, to dispense a combination of career and financial advice. I've seen too many of my peers sell their lives for a handful of magic beans. Your time is too valuable to waste for no reward. -- Remy

There is a WTF that far too many people make with their retirement accounts at work. I've seen many many people get massively financially burned. A friend recently lost a huge amount of money from their retirement account when the company went under, which prompted me to write this to help you prevent it from happening to you.

The housing bubble that led up to the 2008 financial collapse was caused by overinflated housing values coming back down to reality. People had been given mortgages far beyond what they could afford using traditional financial norms, and when the value of their homes came back down to realistic values, they couldn't afford their mortgages and started missing payments, or worse, defaulted. This left the banks and brokerages that were holding the mortgage-backed-securities with billions in cash flow, but upside down on the balance sheet. When it crossed a standard threshold, they went under. Notably Bear Stearns and Lehman. Numerous companies (AIG, Citi, etc.) that invested in these MBS also nearly went under.

One person I knew of had worked at BS for many years and had a great deal of BS stock in their retirement account. When they left for Lehman, they left the account in-tact at BS. Then they spent many years at Lehman. When both melted down, that person not only lost their job, but the company stock in both retirement accounts was worth... a whole lot less.

As a general statement, if you work for a company, don't buy only stock of that company in your retirement account because if the place goes belly up, you lose twice: your job and your retirement account!

Another thing people do is accept stock options in lieu of pay. Startups are big on doing this as it limits the cash outflow when they are new. If they succeed, they'll have the cash to cover the options. If they go bust, you lose. Basically, you put in the long hours and take a large chunk of the financial risk on the hopes that the managers know what they're doing, and are one of the lucky unicorns that "makes it". But large companies also pay people (in part) in options. A friend worked their way up to Managing Director of a large firm. He was paid 20% cash and 80% company stock options, but had to hold the options for five years before he was allowed to exercise them - so that he'd be vested in the success of the company. By the time the sixth year had rolled by, he had forgotten about it and let-it-ride, with the options auto-exercising and being converted into regular shares. When he left the job, he left the account in-tact and in-place. When the market tanked, so did the value of the stock that he had earned and been awarded.

When you leave a job, either voluntarily or forcibly, roll the assets in your retirement account in-kind into a personal retirement account at any bank or brokerage that provides that (custodian) service. You won't pay taxes if you do a direct transfer, but if some company where you used to work goes under, you won't have to chase lawyers to get what belongs to you.

Remember, Bill Gates routinely divested huge blocks of MS stock as part of diversifying, even while it was still increasing in value. Your numbers will be smaller but the same principle applies to you too (e.g.: Don't put all your eggs in one basket).

While the 2008 fiasco and dot-com bust will hopefully never be repeated, in the current climate of deregulation, you never know. If you've heavily weighted your retirement account with company stock, or have a trail of retirement accounts at former employers, please go talk to a financial advisor about diversifying your holdings, and collect the past corporate retirement accounts in a single personal retirement brokerage account, where you can more easily control it and keep an eye on it.

Personally, I'm retired. My assets are split foreign/domestic, bonds/equities, large/medium/small-cap and growth/blend/value. a certain percentage is professionally managed, but I keep an eye on what they're doing and the costs. The rest is in mutual funds that cover the desired sectors, etc.

The amounts and percentages across investment types in which you invest will vary by your age, total assets and time horizon. Only you can know what's best for your family, but you should discuss it with an independent advisor (before they repeal the fiduciary rule, which states that they must put your interests ahead of what their firm is pushing).

For what it's worth, over my career, I've worked at five companies that went under, more than twenty years down the road after I moved on. I have always taken the cash value of the pension/401(k) and rolled it into a brokerage account where I manage it myself. Had I left those assets at the respective companies, I would have lost over $100,000 of money that I had earned and been awarded - for absolutely no reason!

Consider for a moment that the managers that we all too often read about in this space are often the same ones who set up and manage these workplace retirement plans. Do you really want them managing money that you've already earned? Especially after you've moved on to the next gig? When you're not there to hear office gossip about Bad Things™ that may be happening?

One final point. During the first few years of my career, there were no 401(k)'s. If you didn't have a pension, your savings account was your main investment vehicle. Unless the IRA and 401(k) plan rules are changed, you can start saving very early on. At first, it seems like it accumulates very slowly, but the rate of growth increases rapidly as you get nearer to the end of your career. The sooner you start saving for the big ticket items down the road, the quicker you'll be able to pay for them. Patience, persistence and diversification are key!

As someone who has spent the last quarter century working for these massive financial institutions, I've seen too many people lose far too much; please protect yourself!

[Advertisement] Otter, ProGet, BuildMaster – robust, powerful, scalable, and reliable additions to your existing DevOps toolchain.
Categories: Fun/Other

CodeSOD: Pounding Away

The Daily WTF - Mon, 12/04/2017 - 12:30

“Hey, Herbie, we need you to add code to our e-commerce package to send an email with order details in it,” was the requirement.

“You mean like a notification? Order confirmation?”


So Herbie trotted off to write the code, only to learn that it was all wrong. They didn’t want a human-readable confirmation. The emails were going to a VB application, and they needed a machine-readable format. So Herbie revamped the email to have XML, and provided an XML schema.

This was also wrong. Herbie’s boss wrangled Herbie and the VB developer together on a conference call, and they tried to hammer out some sort of contract for how the data would move from system to system.

They didn’t want the data in any standard format. They had their own format. They didn’t have a clear idea about the email was supposed to contain, either, which meant Herbie got to play the game of trying his best to constantly revamp the code as they changed the requirements on the fly.

In the end, he produced this monster:

private function getAdminMailString(){ $adminMailString = ''; $mediaBeans = $this->orders->getConfiguredImageBeans(); $mediaBeansSize = count($mediaBeans); $adminMailString .= '###order-start###'."\n"; $adminMailString .= '###order-size-start###' . $mediaBeansSize . "###order-size-end###\n"; $adminMailString .= '###date-start###' . date('d.m.Y',strtotime($this->context->getStartDate())) . "###date-end###\n"; $adminMailString .= '###business-context-start###' . $this->context->getBusinessContextName() . "###business-context-end###\n"; if($this->customer->getIsMassOrderUser()){ $customers = $this->customer->getSelectedMassOrderCustomers(); $customersSize = count($this->customer->getSelectedMassOrderCustomers()); $adminMailString .= '###is-mass-order-start###1###is-mass-order-end###'."\n"; $adminMailString .= '###mass-order-size-start###'.$customersSize.'###mass-order-size-end###'."\n"; $adminMailString .= '###mass-start###'."\n"; for($i = 0; $i < $customersSize; $i++){ $adminMailString .= '###mass-customer-' . $i . '-start###'."\n"; $adminMailString .= '###customer-start###' . $customers[$i]->getCompanyName() . '###customer-end###'."\n"; $adminMailString .= '###customer-number-start###' . $customers[$i]->getCustomerNumber() . '###customer-number-end###'."\n"; $adminMailString .= '###contact-person-start###' . $customers[$i]->getContactPerson() . '###contact-person-end###'."\n"; $adminMailString .= '###mass-customer-' . $i . '-end###'."\n"; } $adminMailString .= '###mass-end###'."\n"; } else { $adminMailString .= '###is-mass-order-start###0###is-mass-order-end###'."\n"; } for($i = 0; $i < $mediaBeansSize; $i++){ $adminMailString .= '###medium-' . $i . "-start###\n"; if($mediaBeans[$i] instanceof ConfiguredImageBean){ $adminMailString .= '###type-start###picture###type-end###' . "\n"; $adminMailString .= '###name-start###' . $mediaBeans[$i]->getTitle() . "###name-end###\n"; $adminMailString .= '###url-start###' . $mediaBeans[$i]->getConfiguredImageWebPath() . "###url-end###\n"; } else if($mediaBeans[$i] instanceof MovieBean){ $adminMailString .= '###type-start###movie###type-end###' . "\n"; $adminMailString .= '###name-start###' . $mediaBeans[$i]->getTitle() . "###name-end###\n"; $adminMailString .= '###url-start###' . $mediaBeans[$i]->getMoviePath() . "###url-end###\n"; } else { throw new Exception('Bean is wether of type ConfiguredImageBean nor MovieBean!'); } $adminMailString .= '###medium-' . $i . "-end###\n"; } $adminMailString .= '###order-end###'."\n"; return $adminMailString; }

Yes, that’s XML, if instead of tags you used ###some-field-start###value###some-field-end#### in place of traditional tags. Note how in many cases, the tag name itself is dynamic: $adminMailString .= '###medium-' . $i . "-start###\n";

It was bad enough to generate it, but Herbie was glad he wasn’t responsible for parsing it.

hljs.initHighlightingOnLoad(); [Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!
Categories: Fun/Other

Error'd: Get Inspired

The Daily WTF - Fri, 12/01/2017 - 12:30

"The great words of inspirationalAuthor.firstName inspirationalAuthor.lastName move me every time," wrote Geoff O.


Mark R. writes, "Some countries out there must have some crazy postal codes."


"I certainly hope the irony isn't lost on the person who absolutely failed sending out a boiler plate email on the subject of machine learning!" Mike C. wrote.


Adrian R. writes, "I'd love to postpone this update, but I feel like I'm playing button roulette."


"It's pretty cool that Magneto asks to do a backup before an upgrade," Andrea wrote, "It's only 14TB."


Ky W. writes, "I sure hope that these developers didn't write the avaionics software."


[Advertisement] High availability, Load-balanced or Basic – design your own Universal Package Manager, allow the enterprise to scale as you grow. Download and see for yourself!
Categories: Fun/Other

CodeSOD: Aarb!

The Daily WTF - Thu, 11/30/2017 - 12:30

C++’s template system is powerful and robust enough that template metaprogramming is Turing complete. Given that kind of power, it’s to surprise that pretty much every other object-oriented language eschews templates for code generation.

Java, for example, uses generics- essentially templates without the metaprogramming. What we still keep is compile-time type-safety, and all the benefits of generic programming, but without the complexity of compile-time code generation.

Thierry L inherited a Java application, and the original developer seems to miss that degree of complexity.

public abstract class CentralValidationDistributionAssemblingService< DC extends DistributionChannel, DU extends DistributionUnit<DC>, AC extends AssemblingContext, EAC extends AC, A extends Assembly<DC>, AAR extends AbstractAssemblingResult<DC>, AARB extends AbstractAssemblingResultBuilder<DC, AAR> > implements DistributionAssemblingService<DC, AC, DU, AAR> { //… }

The best part about this is that the type abbreviations are an onomatopoeia of the choking noises I made when I saw this code:


hljs.initHighlightingOnLoad(); [Advertisement] Infrastructure as Code built from the start with first-class Windows functionality and an intuitive, visual user interface. Download Otter today!
Categories: Fun/Other

Thanks, Google

The Daily WTF - Wed, 11/29/2017 - 12:30

"Dealing with real customers is a hard job," Katya declared from the safety of the employee breakroom. "Dealing with big companies is even harder!"

"I know what you mean," her coworker Rick replied, sipping his tiny paper cup of water. "Enterprise security requirements, arcane contract requirements, and then they're likely to have all that Oracle junk to integrate with ..."

"Huh? Well, that too, but I'm talking about Google."

"Google? What'd they do?" Rick raised an eyebrow, leaning against the wall by the cooler, as Katya began her story.

As the lead architect, Katya was responsible for keeping their customers happy—no matter what. The product was a Java application, a server that stood between legacy backends and mobile apps to push out notifications when things happened that the customer cared about. So when one of their biggest customers reported that 30% of the Google Cloud messages weren't being delivered to their devices in production, it was all hands on deck, with Katya at the helm.

"So I of course popped open the log right off," she said, her voice dropping lower for effect. "And what do you think I saw? CertPathValidatorExceptions."

"A bad SSL certificate?" Rick asked. "From Google? Can't be."

"You've done this before," Katya pouted, jokingly. "But it only happened sporadically. We even tried two concurrent calls, and got one failure, one success."

"How does that even work?" Rick wondered.

"I know, right? So we cURL'd it, verbose, and got the certificate chain," Katya said. "There was a wildcard cert, signed by an intermediate, signed by a root. I checked the root myself, it was definitely part of the global truststore. So I tried again and again until I got a second cert chain. But it was the same thing: cert, intermediate, trusted root."

"So what was the problem?" Rick asked.

"Get this: the newer cert's root CA was only added in Java 7 and 8, back in 2016. We were still bundling an older version of Java 7, before the update."

"Ouch," sympathized Rick. "So you pushed out an updated runtime to all the customers?"

"What? No way!" Katya said. "They'd have each had to do a full integration test cycle. No, we delivered a shell script that added the root CA to the bundled cacerts."

"Shouldn't they be worried about security updates?" wondered Rick

"Sure, but are they actually going to upgrade to Java 8 on our say-so? You wanna die on that hill?

"It just pissed me right off. Why didn't Google announce the change? How come they whipped through them all in two days—no canary testing or anything? I tell you, it's almost enough to make a girl quit and start an alpaca farm upstate."

[Advertisement] Atalasoft’s imaging SDKs come with APIs & pre-built controls for web viewing, browser scanning, annotating, & OCR/barcode capture. Try it for 30 days with included support.
Categories: Fun/Other

A Handful of Beans

The Daily WTF - Tue, 11/28/2017 - 12:30

The startup Juan worked for was going through a growth spurt. There was more work than there were people, and plenty of money, so that meant interviews. Lots, and lots of interviews.

Enter Octavio. Octavio had an impressive resume, had worked for decades as a consultant, and was the project lead on an open source project called “JavaBachata”. Before the interview, Juan gave the project site a quick skim, and it looked like one of those end-to-end ORM/MVC frameworks.

Juan planned to bring it up during the interview, but Octavio beat him to the punch. “You’ve probably heard of me, and my project,” he said right after shaking hands. “JavaBachata is the fastest Java framework out there. I use it on all my projects, and my customers have been very happy.”

“Ah… we already have a framework,” Juan said, uncertain if this was an interview or a sales-pitch.

“Oh, I know, I know. But if you’re looking for my skills, that’s the place to look. It’s open source.”

While Juan pulled up the GitHub page, Octavio touted the framework’s strength. “I was doing no SQL before NoSQL was a thing,” he said. “All of our queries are executed in-memory, using TableBeans. That’s what makes it so fast.”

Juan decided to start looking in the TableBean class, since Octavio brought it up. The bulk of the class looked like this:

public String var000, var001, var002,… var199,var200;

“What’s this?” Juan asked, politely.

“Oh, yes, I know that looks awkward, but it actually makes the code much more configurable. You see, this is used in conjunction with the ObjectBean, and the appropriate dot-properties file.”

The .properties file was a mapping file, which could map ObjectBean columns to TableBean fields. So, for example, it might have a property like this:


That meant column 1 in the ObjectBean mapped to column 178 in the TableBean, so that you could conveniently access the data by calling objBean.getCol(1).

“Don’t you think these naming conventions are hard to maintain?” Juan asked. “It’d be nice to have names for things.”

Octavio shrugged. “I think that’s the problem with modern programmers. They just don’t know how to code without using variable names anymore.”

They didn’t hire Octavio, but he took it well. “It leaves me more time to work on my framework.”

hljs.initHighlightingOnLoad(); [Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!
Categories: Fun/Other

CodeSOD: The Delivery Moose

The Daily WTF - Mon, 11/27/2017 - 12:30

We know stereotypes are poor placeholders for reality. Still, if we name a few nations, there are certain traits and themes that come to mind. Americans are fat, loud, gregarious, and love making pointless smalltalk. The English are reserved, love tea, and have perfected the art of queuing. The French are snobbish, the Japanese have weaponized politeness, the Finns won’t stand within ten meters of another human being at the bus stop, and so on. They can range from harmless to downright offensive and demeaning.

Laurent is Canadian, working for an insurance company. Their software is Russian- in that it comes from a Russian vendor, with a support contract that gives them access to a Russian dev team to make changes. While reviewing commits, Laurent found one simply labeled: “Fix some Sonars issue”.

The change?

public enum CorrespondenceDeliveryMethods { MAIL("mail"), NOT_MAIL("moose"); }

Apparently, the Russian team has some stereotypes of their own about how documents are sent in Canada. Laurent adds:

Since this saved in the database and would thus imply 5 signatures to do a data migration, it is quite probable we’ll ultimately leave it as is. Which is a shame, because as we all know, the alternative to mail in Canada is to ask a Hockey player to slapshot the letter through the customer window, especially after they canceled their home insurance with us.

They should send a real Canadian hero [Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!
Categories: Fun/Other

Classic WTF: The Shadow over ShipPoint

The Daily WTF - Fri, 11/24/2017 - 12:30
What's this? A re-run of a spooky article on the day after Thanksgiving? Well, what's spookier than Black Friday? --Remy

In the winter of 2012-13, I was fired from the ill-rumored e-commerce company known as ShipPoint. Though I remained stalwart to the end, the wretched darkness embodied in ShipPoint's CTO and his twisted worshipers dogs me still, a malignant growth choking the very life out of my career aspirations. And although I fight every day to forget, to leave my time at ShipPoint behind, I still awaken in the uttermost black of night, shuddering, my mind wrenching itself free from nightmare's grip. I record this grim history only because I fear I may soon slip irredeemably into madness.

It was 2011 when, freshly downsized, I found myself wandering the LinkedIn Jobs Directory, seemingly in vain. I had almost made up my mind to hang out my shingle as a consultant when I received an email from a recruiter. I don't remember his name, nor the firm that he claimed to represent, only that he demanded that we meet in person; apparently he was privy to a lucrative opportunity whose details could only be revealed face to face. While suspicious, I must admit I was gripped by curiosity — tinged, I must now believe, with a touch of the wild. I met the recruiter, a grim, swarthy fellow of furtive glance and questionable heritage, in a refuse-choked alley far from the central business district. It was there, amidst the dumpsters and commercial-grade recycling bins, that I first heard in a grating croak the name whose syllables I would one day shudder to write.

"ShipPoint," he said in response to my question about their development environment, "is dedicated to becoming cutting-edge with their development tools and processes. They use Subversion, and I hear they have a focus on quality and testing." I proceeded through a phone interview, and then on to meet James Akeley, ShipPoint's development manager. Imploring that I call him "Jimmy", he proclaimed his easy-going attitude to be matched only by his and ShipPoint's commitment to quality. Though the pay was a bit on the low side, I accepted his offer. I was to start the following Monday, taking the train and then a bus to the ugly one-story building of nondescript gray that contained ShipPoint's offices, a geriatric hulk muttering tonelessly to itself as it wallowed in its crumbling and almost-abandoned office park by the seashore.

My first day at ShipPoint began as prosaically as one could expect with a simple task that would lead me through their codebase. As an e-commerce provider, ShipPoint's stock in trade was web applications written using ASP.NET, and I made careful note of several places where classic code smells made themselves apparent. The team went out to lunch, as was their custom. Jimmy drove, with Jack Mason, the second-most senior developer, in the passenger seat. Sharing the back with me was Rob Carter, the company's web designer — one who would prove himself my most stalwart companion in the unguessed-at trials that lay ahead. While our lunchtime discussion was generally mundane, with only Rob expressing any interest in developing familiarity with his new associate, I found an appropriate pause in the conversation to present Jimmy and Jack with the potential problems I had detected during my brief venture into the code. Given his repeated assertions regarding dedication to quality, I expected Jimmy, at least, to be keenly interested in my discoveries. My surprise was considerate when he and Jack rebuffed me, declaring that Dan Marsh — the CTO — didn't want us to spend time refactoring code. "He and the other executives think it's a waste of time," Jimmy explained, some small measure of remorse evident in his voice, while next to him Jack nodded his head approvingly. "They want us to focus on new deploying new features."

I was disappointed by this, and by the subsequent revelation that, though ShipPoint did indeed mandate Subversion for source control, Jimmy and Jack only ever copied all the files to a separate, timestamped folder before committing. While the two senior developers were hesitant to discuss their mysterious and unseen leader, I was eventually able to coax from Rob what little he knew of the enigmatic Mr. Marsh. It seemed Marsh wasn't a developer, but, after joining the company a decade prior, his possession of certain esoteric scraps of scripting knowledge qualified him as ShipPoint's sole IT person. His authority spread as the years went by, unquestioned by his superiors and the developers he eventually allowed to join his staff, until he now led all technological decision-making at ShipPoint from within the only private office on their floor, an office whose door opened by invitation only.

After several months of my attempted improvements being either stutteringly denied by Jimmy or gruffly rebuked by Jack, new allies arrived at ShipPoint. Arthur Gilman was a brave and clever youth who joined the company alongside his mentor. Walter Peaslee was a hoary old veteran who had been using .NET since the framework was in beta. If anyone could help me champion sane coding and source-management practices at ShipPoint, it was these dynamic individuals. And changes were surely needed, as the months had shown me deep-rooted stability issues that would cause pages to crash or take minutes to load. It had likewise become clear that the senior developers were unwilling or uninterested in tackling these issues, holding up Mr. Marsh's desire for them to complete his endless list of superficial improvements as reason to hack as quickly as possible, leaving Rob and me to fix up the messes they left behind them.

At Christmastime, a chink in the armor appeared. Jimmy announced that he was leaving the company, taking his passive deference to Mr. Marsh with him. I decided to take action, and, with the idealistic Arthur at my heels, endeavored to implement a few changes. First, set up a bug-tracking system and then begin using Subversion properly, setting my protégé to create branches that would let the team collaborate without creating multiple copies of the application's source. Jack agreed to the changes in principle, and victory seemed close at hand. Only no sooner had Arthur went live with the Subversion changes than a blood-curdling cry was heard from Jack's cubicle! His files, Jack insisted, were gone, and he accused us of the most sordid and calculated mayhem, insisting that we sought to discredit him before Mr. Marsh. Not waiting for Arthur to explain that the files had simply been moved to a branch folder, Jack stormed into the CTO's office. By the time we had returned perplexed to our workstations, a directive to return the source control repository to its previous state awaited us, bearing the CTO's imprimatur. This was merely a prelude of things to come as repeated future attempts to sanitize our source-control procedures (and reclaim the gigabytes of storage consumed by the many redundant copies of our source code) were met with similar fear, uncertainty, and doubt from Jack, rapidly followed by executive sanction.

In the venerable person of Walter Peaslee, I was sure a sane counterpart had been found to our volatile senior developer. But the hand of Marsh proved subtle. When attempting to bring Walter's vast experience to bear on our DevOps dilemma, great was my surprise when I found him languishing on a project to produce a report for ShipPoint's CEO. Harbored as the chief executive was on far alien shores, all features of the report required Mr. Marsh's approval. With a sigh that seemed to carry a weight beyond even his advanced years, Walter explained that the CTO would lead him on for weeks regarding the simplest decision, often ignoring multiple emails. With his calendar eternally full to ward off meetings, Mr. Marsh would eventually return terse feedback along the lines of "this is the wrong color", disregarding the actual functionality.

I was saddened, but not surprised, when Walter graciously notified me that he would be submitting his resignation at the end of the week. After being regaled with the sanity-challenging truth of his experience working with Mr. Marsh, I had not the heart to try to convince him to stay. Indeed, I wondered if he might have awakened to a reality that I, too, should embrace. Arthur, on the other hand, being young and impressionable perhaps to a fault, was distracted by a new assignment: the task of utterly redesigning the central UI of our flagship application. It was here, in this project, that the forces of order and of chaos manifest at the heart of ShipPoint would collide in a last, terrible sortie. My support had meanwhile been secured by a timely email from Mr. Marsh, promising to install me as the lead of a new team of developers, since, he astutely pointed out amidst aggravating hints that the two shared some dark and malignant tradition, Jack was content to be a lone wolf. I must admit that the appeal to my leadership aspirations led me to lapse into a period of content productivity, and as the months went by I mostly avoided Jack and his hasty, problematical contributions to the codebase wherever I could, bringing as much improvement to the features I implemented as possible without incurring the wrath of Jack or the dreaded and still unseen Mr. Marsh.

Arthur, alas, had no choice but to collaborate with Jack, who effectively owned the backend of the application he was redesigning. While I thought I had coached the young man to weather this abominable partnership, the elder developer proved maddeningly cunning. While Arthur attempted to coordinate front-end and back-end features in the hurried sprints that Mr. Marsh had demanded, each release was plagued by wave after wave of new bugs, lapping like a foetid, corrosive black tide at a bleak, doomed shore. It was only Rob's fortuitous glimpse of an email seen over Jack's shoulder that we determined Mr. Marsh had been secretly communicating a list of shadow features he had apparently sold to management, and Jack was hacking code at a maddening pace to deliver said features in each release. It was with grim resignation that I entered the repository and inspected the terrible results. I perceived that Arthur's excellent front-end work had been reduced to little more than window-dressing, twisted into whatever shapes Marsh and Jack required to realize their fiendish goals. When I opened the solution containing Jack's jealously-guarded back-end code, obfuscated though it was behind incomprehensible names like "Solution1" and "MvcProject4", only then did I begin to grasp the horror that had taken root beneath the facade of a UI redesign. I saw them in a limitless stream—flopping, hopping, croaking, bleating—surging inhumanly through the spectral moonlight in a grotesque, malignant saraband of fantastic nightmare! That interminable list of poorly-implemented features, its shapeless mass extending blasphemous profusions in all directions throughout the code. It seemed to surge and breathe even as I watched...

It was with a mind gone almost entirely over to the feverish that I found myself composing email after email to Mr. Marsh, laying bare the deleterious effect that this noxious circumvention of procedure was having on our product. Rob was good enough to support this dangerous endeavor, and together we believed we may have been turning the tide of the CTO's sentiment against Jack, whose bland reassurances had apparently blinded Mr. Marsh to the depth of the horror. This last flicker of naiveté on our part was efficiently snuffed when Arthur's employment was terminated without notice. Though no word from Mr. Marsh was forthcoming, Jack's smug explanation was that the youth was slowing down the delivery of critical new features, and, worse, his incompetent code changes were found to be at the root of the catastrophic server instabilities. Perceiving the tolling of a grim bell to have begun, Rob informed me he was thinking of getting out of the technology game altogether, returning to the simple pastoral life he had known while running an organic fruit stand outside a nearby beachfront town. I tried to reassure him that we would find a way to prevail, but in truth my own hope was waning. ShipPoint and its uncouth stewards had ground my desire to write excellent code and promote best practices down to their merest remainder. Deep within me a malaise had taken root, and I knew when I looked hard into the glass that the end was drawing near.

The harbinger came, as it so often does, with a revocation: came a day that Rob needed me to reconfigure something for him on the Production server that had long been my charge, when, upon attempting to connect, I was rebuffed by the server's protestations of an incorrect password. Under my questioning, Jack hesitantly and stutteringly informed me that the password had changed and he'd forgotten to update me. No sooner had he left to fetch the promised credential than my phone rang. Shouldering the receiver, I heard the voice of the spectral Mr. Marsh for the first time. Never have the words "Could you pop by my office for a sec?" been uttered in such a sardonic and inhuman tone as to induce in the listener a shocking wave of panic fear. I felt numb as leaden limbs carried me to the unopened door. Pulled into the dark recesses the portal revealed, I came face to face with unbounded horrors that defy description. Let me only say that the stated reason for my termination was "a change of corporate direction towards a smaller, more agile development team".

Though I survived my meeting with the terrible Mr. Marsh, I was rendered practically an invalid by my abruptly-curtailed employment at ShipPoint, and made my way to a relative's country home to engage in a lengthy convalescence. I received an email from Rob soon after my firing, informing me that he had left the company and was exiting the industry altogether, going so far as to delete his LinkedIn profile. The horrifying dreams in which I blindly shoveled hastily-implemented code into a branchless Subversion repository while pursued down lightless corridors by a shapeless unseen terror had begun to pass when the first job posting appeared. ShipPoint was calling, its unspeakable tendrils reaching out across the vast cosmic gulfs of the internet to ensnare unwary developers. And while I have sworn never to take a job without assurance of sane development practices again, I do not know that my programmer's soul will ever be entirely free of its taint...

So far I have not yet deleted my LinkedIn profile as Rob did. The tense extremes of horror are lessening, and I feel queerly drawn toward the job postings instead of fearing them. I see and do strange things in Subversion, and commit my changes with a kind of exaltation instead of terror. Stupendous and unheard-of splendors await me in Marsh's cube farm, and I shall seek them soon. Iä-R'lyeh! Codethulhu fhtagn! Iä! Iä! No, I shall not delete my LinkedIn profile—I cannot be made to delete my LinkedIn profile!

I shall coax Rob back into software development, and together we shall go to marvel-shadowed ShipPoint. We shall take the bus out to that brooding industrial park by the sea and dive down through black abysses of code to the Cyclopean and many-columned database, and in that lair of the Expert Beginners we shall dwell amidst wonder and glory for ever.

Photo credit: gagilas / Foter / CC BY-SA

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!
Categories: Fun/Other

Editor's Soapbox: Give Thanks for Well Routed Packets

The Daily WTF - Thu, 11/23/2017 - 12:30

It’s Thanksgiving here in the US, so we’re taking a long weekend. In lieu of a more traditional “from the archives” post, I’m going to give thanks.

You know what I’m thankful for? I’m thankful that data packets on the Internet are routed and handled the same way, regardless of which network originated them, nor which network is their destination, nor what they may contain. You could say that networks are… neutral about packets.

A few years ago, the FCC enshrined this common sense into its regulatory framework. We were all pretty happy about it, and were optimistic that it was done. Unfortunately, it’s never over, and the new management at the FCC wants to reverse that, and plans to vote about it in a few weeks.

Remember: prior to making Network Neutrality the regulated standard, network operators largely (but not completely) followed the rule anyway. Network Neutrality was the default, and then the bean-counters recognized an unexploited revenue stream (why should Netflix get to send data to our customers without paying us for the privilege?). The Internet worked under Network Neutrality, and the FCC only needed to enforce it by rule because network operators wanted to change the playing field.

In any case, if you’re thankful for an Internet that works, between gorging yourself in typical American fashion and arguing with your racist uncle, take a few minutes to do something about network neutrality.

I’d be ever so thankful if you did.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!
Categories: Fun/Other

CodeSOD: Arrject

The Daily WTF - Wed, 11/22/2017 - 12:30

There are some submissions that we get, and we simply sit on, because there’s nothing much to say about them. They’re awful code, but there’s no major comments to be added. It’s clear and simple in its awfulness.

For example, you have some code that needs to display details about colleges around the US. Each College has a name, a full name, a short name, a state and city where it exists, and full names for those states and cities. You are likely reaching for an object to store that information, but why do that, when you can employ what I call the “Arrject Pattern”. Y’know, when instead of using objects, you use multiple arrays and store related data at the same index? Stuff like what Kevin found in his codebase:

var schoolNames = new Array(); var schoolFullNames = new Array(); var schoolShortNames = new Array(); var schoolStates = new Array(); var schoolCities = new Array(); var schoolStateFullNames = new Array(); var schoolCityFullNames = new Array(); schoolNames[0] = "fsu"; schoolFullNames[0] = "Florida State University"; schoolShortNames[0] = "FSU"; schoolStates[0] = "fl"; schoolCities[0] = "tallahassee"; schoolStateFullNames[0] = "Florida"; schoolCityFullNames[0] = "Tallahassee"; schoolNames[1] = "tamu"; schoolFullNames[1] = "Texas A&M University"; schoolShortNames[1] = "Texas A&M"; schoolStates[1] = "tx"; schoolCities[1] = "college-station"; schoolStateFullNames[1] = "Texas"; schoolCityFullNames[1] = "College Station"; schoolNames[2] = "txstate"; schoolFullNames[2] = "Texas State University"; schoolShortNames[2] = "TX State"; schoolStates[2] = "tx"; schoolCities[2] = "san-marcos"; schoolStateFullNames[2] = "Texas"; schoolCityFullNames[2] = "San Marcos"; schoolNames[3] = "uaz"; schoolFullNames[3] = "University of Arizona"; schoolShortNames[3] = "U of A"; schoolStates[3] = "az"; schoolCities[3] = "tuscon"; schoolStateFullNames[3] = "Arizona"; schoolCityFullNames[3] = "Tuscon"; schoolNames[4] = "ucf"; schoolFullNames[4] = "University of Central Florida"; schoolShortNames[4] = "UCF"; schoolStates[4] = "fl"; schoolCities[4] = "orlando"; schoolStateFullNames[4] = "Florida"; schoolCityFullNames[4] = "Orlando"; schoolNames[5] = "ufl"; schoolFullNames[5] = "University of Florida"; schoolShortNames[5] = "UF"; schoolStates[5] = "fl"; schoolCities[5] = "gainesville"; schoolStateFullNames[5] = "Florida"; schoolCityFullNames[5] = "Gainesville"; schoolNames[6] = "uiuc"; schoolFullNames[6] = "University of Illinois at Urbana-Champaign"; schoolShortNames[6] = "U of I"; schoolStates[6] = "il"; schoolCities[6] = "urbana-champaign"; schoolStateFullNames[6] = "Illinois"; schoolCityFullNames[6] = "Urbana-Champaign"; schoolNames[7] = "uky"; schoolFullNames[7] = "University of Kentucky"; schoolShortNames[7] = "UK"; schoolStates[7] = "ky"; schoolCities[7] = "lexington"; schoolStateFullNames[7] = "Kentucky"; schoolCityFullNames[7] = "Lexington"; schoolNames[8] = "mizzou"; schoolFullNames[8] = "University of Missouri"; schoolShortNames[8] = "MIZZOU"; schoolStates[8] = "mo"; schoolCities[8] = "columbia"; schoolStateFullNames[8] = "Missouri"; schoolCityFullNames[8] = "Columbia"; schoolNames[9] = "usc"; schoolFullNames[9] = "University of Southern California"; schoolShortNames[9] = "USC"; schoolStates[9] = "ca"; schoolCities[9] = "los-angeles"; schoolStateFullNames[9] = "California"; schoolCityFullNames[9] = "Los Angeles"; schoolNames[10] = "ut"; schoolFullNames[10] = "University of Texas at Austin"; schoolShortNames[10] = "UT Austin"; schoolStates[10] = "tx"; schoolCities[10] = "austin"; schoolStateFullNames[10] = "Texas"; schoolCityFullNames[10] = "Austin"; schoolNames[11] = "utsa"; schoolFullNames[11] = "University of Texas at San Antonio"; schoolShortNames[11] = "UTSA"; schoolStates[11] = "tx"; schoolCities[11] = "san-antonio"; schoolStateFullNames[11] = "Texas"; schoolCityFullNames[11] = "San Antonio"; function showSearchResults(event, searchval) { var numResults = 0; var key = (event.keyCode || event.which); var results = ""; var firstresult = ""; if(searchval.length > 0) { var searchvalfixed = searchval.toLowerCase(); if(searchvalfixed.indexOf("the") == 0) { searchvalfixed = searchvalfixed.substr(3); } searchvalfixed = searchvalfixed.trim(); for(var i = 0; i < schoolNames.length; i++) { if(schoolFullNames[i].toLowerCase().indexOf(searchvalfixed) != -1 || schoolShortNames[i].toLowerCase().indexOf(searchvalfixed) != -1 || schoolCities[i].toLowerCase().indexOf(searchvalfixed) != -1 || schoolStates[i].toLowerCase().indexOf(searchvalfixed) != -1 || schoolStateFullNames[i].toLowerCase().indexOf(searchvalfixed) != -1 || schoolShortNames[i].toLowerCase().indexOf(searchvalfixed) != -1 || schoolCityFullNames[i].toLowerCase().indexOf(searchvalfixed) != -1) { numResults++; results += "<a href=\"javascript:fillSearch('" + schoolNames[i] + "','" + schoolFullNames[i] + "');\" >" + schoolFullNames[i] + "</a><br>"; if(firstresult.length == 0) { firstresult = schoolNames[i]; } } } if(numResults){ $("#resultsContainer").fadeIn("slow"); document.getElementById("resultsContainer").innerHTML = results; } else { $("#resultsContainer").fadeOut("slow"); } } else { $("#resultsContainer").fadeOut("slow"); } if (key==13 && firstresult.length > 0){ location.href = firstresult; } } function fillSearch(shortName,fullName){ document.getElementById("search_landing").value = ''; document.getElementById("search_landing").value = fullName; document.getElementById("search_shortname").value = shortName; $("#resultsContainer").fadeOut(); } function goToSchool(){ if(document.getElementById("search_shortname").value) location.href = document.getElementById("search_shortname").value; }

It’s worth noting that this was inlined in the HTML file, up in the header, and not included from a separate file.

hljs.initHighlightingOnLoad(); [Advertisement] Application Release Automation – build complex release pipelines all managed from one central dashboard, accessibility for the whole team. Download and learn more today!
Categories: Fun/Other

Jumped The Gun

The Daily WTF - Tue, 11/21/2017 - 12:30

Sheldon was a support engineer at Generic Media Co. In his 6 years with the company, he'd enjoyed working for several great managers—but then came the reorg. Once the dust cleared, he found himself in the wrong department, reporting to one of the most loathed individuals in the entire organization.

Gene was the type of manager who believed his fancy title awarded him instant respect. No engineer who spent any time working with him had anything good to say. Sheldon went in hoping for the best ... but Gene's relentless micromanaging and childish stunts quickly ground Sheldon's optimism into dust. When it came time for Sheldon to go on an extended vacation, he felt like a shell-shocked veteran limping out of the trenches.

The months away were bliss, but Sheldon couldn't enjoy the last few days out of dread. To his surprise, though, Gene wasn't waiting at his cubicle with twelve urgent tasks upon his return. There hadn't been a peep from Gene all vacation long: no emails, no meeting requests. It was getting close to performance review time; nothing about that, either.

As Sheldon worked through his vacation backlong, it became starkly apparent that he was being allowed to work through his vacation backlog. No panicky IMs, emails, cubicle pop-ins. The radio silence extended into days, then weeks. Sheldon began to wonder whether Gene even still worked there. Not wanting to kick a potential sleeping dragon in the nose, he asked his coworkers instead.

"Of course he's still here," one of them grumbled. "If they haven't canned him by now, they're not going to."

Soon after, Sheldon found out he had it exactly backwards.

A meeting invitation from Gene landed in his inbox. Catch-up meeting, tomorrow. No agenda, no room booked. Distracted with work, Sheldon didn't immediately accept the meeting. By the end of the day, his desk phone rang.

Gene. When had Gene ever phoned his desk? Frowning, Sheldon picked up.

"I need you to accept the invite," Gene blurted with no preamble.

It was then that Sheldon's paranoia clued him into reality. Gene still works here. I'm the one who's out. Gene's extended avoidance had been just another of his immature games. They'd never even done that performance review, had they?

"I'll be there," Sheldon muttered.

All that night, Sheldon tried to put a positive spin on the situation. A job he'd enjoyed had been ruined by a terrible manager, it was true. But he'd soon be free to look for a better job and a better manager.

Sure enough, once the meeting began, Gene smugly informed Sheldon that his role was going offshore, making him redundant. (Sheldon later found out that the offshore bit was a lie, but you didn't hear it from us.) Sheldon hoped this would be the last of their interaction, but it wasn't to be.

Fast-forward to Sheldon's second-to-last day, 4:00 PM. Sheldon was leaving to pick up his kids from school. He was on a tight schedule, as he had a train to catch. He hurried to the lobby, summoned an elevator, and darted in.

Just as he turned around, he spied Gene entering the lobby from the stairwell. Gene saw Sheldon as well, and flashed him a big smile.

Not to be cowed, Sheldon smiled right back.

Gene frowned, confused. "Do you have a minute?"

"No," Sheldon answered honestly as the elevator doors began to close.

"I need to collect your badge!" Gene yelled.

The doors shut, and the elevator began its descent. You're a day early, Sheldon thought to himself, shaking his head.

He made it to his train and boarded just in time. While shuttling along, he grabbed his phone and sent Gene a quick message via Google Hangouts. I'll be in tomorrow. You can have my badge then.

The message seemed to have trouble going through. A few moments later, the Hangout closed. You have been successfully logged out.

Strange. Sheldon switched to Slack. You have successfully signed out.

"What?" Sheldon blurted aloud.

It got him thinking. Gene had just seen him leaving the building in a hurry, grinning like a fool. Did he think Sheldon had planted a bomb or something? Sheldon had no bombs, but he did have admin access to plenty of important systems. Had Gene gotten his account terminated in a panic?

Sheldon called the IT department and confirmed his suspicions. There was even a note attached to his account, from Gene: DO NOT RE-ENABLE.

"What am I supposed to do for my last day?" Sheldon asked.

"No worries," the tech replied. "I'll roll it back."

Upon returning the next day, Sheldon learned his security badge didn't work, either. The security guard at the front desk had to call Gene for authorization. Still too much of a wimp to show his face, Gene just told him to let Sheldon through.

"He couldn't even get my last day right," Sheldon said with a chuckle.

Gene kept his distance whole day. Sheldon left at 4:00 PM again, this time headed for the whiskey bar with a few ex-colleagues to celebrate freedom.

[Advertisement] Universal Package Manager - ProGet easily integrates with your favorite Continuous Integration and Build Tools, acting as the central hub to all your essential components. Learn more today!
Categories: Fun/Other

CodeSOD: The Generated JavaScript

The Daily WTF - Mon, 11/20/2017 - 12:30

Once upon a time, I discovered a bug in some JavaScript. I went off to investigate the source, only to find… the JS wasn’t coming from a file. It was being generated by a server-side method. Through string concatenation. It was a simple generation, something along the lines of:

jsCode += "location.href = 'foo?id=" + someIdField + "';\n";

Bad, but a minor WTF- and the bug was caused because someIdField contained characters which needed to be escaped. It was actually unnecessary, and I could construct the logic completely on the client-side, which is what I ended up doing in that case.

I bring that tale up, because Konstantinos T has a special case of anguish.

<script> function droppy(droppy_id, max_files) { var droppy = new Dropzone(dropzone_name, { //(...) init: function() { this.on('addedfile', function(file) { //(...) var edit_button = '<?php ob_start(); include(__DIR__.'/dropzone_edit_button_template.php'); $include = ob_get_contents(); ob_end_clean(); echo str_replace(PHP_EOL, '', str_replace("'", '\\\'', str_replace('"', '\"', str_replace("/", "\/", str_replace('__script__','script',$include))))); ?> '; //(...)

Here, we see a client-side JS variable named edit_button. Stare at the variable initialization. What you see before you is a dank abyss, a gaping hole with a bottom so deep that the bottom may as well not exist. Here, we stand at a precipice.

The value of edit_button comes from PHP code, executed on the server-side. The actual template comes from an external PHP file, dropzone_edit_button_template.php. But that template, the result of all the other methods called here, returns a string that may not be safe for JavaScript, like my simple bug above. Thus, the chain of str_replace calls, nested one within the other.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!
Categories: Fun/Other


Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer