I’ll give an example. At my previous company there was a program where you basically select a start date, select an end date, select the system and press a button and it reaches out to a database and pulls all the data following that matches those parameters. The horrors of this were 1. The queries were hard coded.
-
They were stored in a configuration file, in xml format.
-
The queries were not 1 entry. It was 4, a start, the part between start date and end date, the part between end date and system and then the end part. All of these were then concatenated in the program intermixed with variables.
-
This was then sent to the server as pure sql, no orm.
-
Here’s my favorite part. You obviously don’t want anyone modifying the configuration file so they encrypted it. Now I know what you’re thinking at some point you probably will need to modify or add to the configuration so you store an unencrypted version in a secure location. Nope! The program had the ability to encrypt and decrypt but there were no visible buttons to access those functions. The program was written in winforms. You had to open the program in visual studio, manually expand the size of the window(locked size in regular use) and that shows the buttons. Now run the program in debug. Press the decrypt button. DO NOT EXIT THE PROGRAM! Edit the file in a text editor. Save file. Press the encrypt button. Copy the encrypted file to any other location on your computer. Close the program. Manually email the encrypted file to anybody using the file.
Christ
Do you think he would have better coding standards?
I wrote an algorithm that should be recursive but in expediency I wrote a loop that iterates 10 times.
It’s fine but I’m still mad 3 weeks later
I had to rewrite an iterative implementation I made for an exercise in school because the solution they prepared used recursion. I’m still mad about that. Admittedly the recursive solution was a tiny bit more elegant, but my solution worked too!
Good chance that’s more performant though, compilers can flatten for loops and you don’t have to waste as much time creating new stack frames each time you recurse
It might, I’m mostly mad because it seems like a classic recursion problem. Build a graph of nested references.
Unless I’m missing something, this is a pretty bog standard SQL injection, yeah?
It was a Java project and every class was in a separate Maven module.
I’m not going to share it here because it’s code I’ve written. I’m hiding in my own shame
VB.NET app that was installed on every employees computer to capture time sheets. Required VPN access so it could talk to the accounting DB using raw queries, zero input validation, and it used a pirated library for the time input grid control.
The IT staff who would install the program on all new machines (it didn’t work with their imaging system) had a script to suppress the message requesting a paid license. There was nothing special about this control, it was basically a rip off of built in winforms controls.
Source code was long lost, but reverse engineering and decompiling CIL/MSIL code is thankfully relatively straightforward.
The encryption thing is definitely weird/crazy and storing the SQL in XML is kinda janky, but sending SQL to a DB server is literally how all SQL implementations work (well, except for sqlite, heh).
ORMs are straight trash and shouldn’t be used. Developers should write SQL or something equivalent and learn how to properly use databases. eDSLs in a programming language are fine as long as you still have complete control over the queries and all queries are expressable. ORMs are how you get shit performance and developers who don’t have the first clue how databases work (because of leaky/bad abstractions trying to pretend like databases don’t require a fundamentally different way of thinking from application programming).
deleted by creator
I was told about a bug in a specific tool. It was being used in production. Apparently we’ve gotten a lot of complaints about it over the years, and they would complain if the site was actively used it always failed.
I couldn’t find it in the development branch in source control.
I asked if this tool was purchased from a third party. My boss, who was not a developer, said no. And he was very sure of that. But he didn’t know where the code was.
I was the developer with the most seniority, and I was there for less than a year at this point.
I looked again. I finally found it… In an unapproved pull request from a few years prior.
The meat of this tool basically took information to make an order and create an order in the system.
Any time we needed to insert a record, it would find the highest Id in the table, increment 1, and insert the new record, id and all. It did this for every entity that needed to be inserted. Address, customer… Everything.
Worse, very little validation was done. Want to order something but it’s out of stock? No problem, this tool just pushed it right through.
Want to ship something using a shipping method that doesn’t exist? You got it.
Want to ship something to an address that doesn’t exist? Sounds like the warehouse’s problem.
Knowing about the level of knowledge here, you know that there were no transactions. All sorts of unused records were left in the database when there was an error. The users would get a generic error and try again several times, too.
The worst part was, we have an already existing function that would take order information and try to make an order. And it would give you actionable errors!
This reminds me of a time at work when we got sued. The company was allegedly using (or had copies) of some tool we couldn’t have anymore. Annoying, but fine. However, to check this, they scanned all of our computers for the name of that company. They told us all to delete our entire local Maven repository. Someone who worked there was on the commiter list for a couple of open source projects. I just manually deleted those files because I knew for a fact that our central Maven repository didn’t have some of the versions of our own code on it and I wasn’t confident we wouldn’t need them again. Turns out I was right and needed to grab one later on to upload. Because I manually deleted the files with the company’s name instead of just deleting everything, the scanner thing they were running didn’t detect offending files. (Not that a file listing someone’s email address as a commiter to an open source project should be offending, but still.)
@i_dont_want_to I think part of me just died a little reading this.
My favorite in the thread by far
Doesn’t that mean that your encryption algorithm and key is stored inside the code?
And since you are opening the code in Visual Studio anyway, just follow the function called by the “Decrypt” button, copy the function into another project and now you have a decryptor.I believe so but I don’t remember the exact encryption algorithm and don’t have access to the code anymore.
This was the same place that had a 500 line file named glob_vars.cs which you can guess the content of because “passing around variables cause memory leak issues”.
My current workmate unironically calls his variables as “cat1”, “cat2”, etc.
He also didn’t knew about git, so before I arrived, he uploaded the code to production with scp.
Finally, my boss told me that he is priority, so if he doesn’t underestand git, we won’t keep using it. I would underestand if this was about a different language, but it’s git vs scp we’re talking about.
Long time ago, but by far the worst for me was when I inherited some code that a previous programmer had done. Every variable was a breakfast item. So if biscuit>bacon then scrambledeggs=10. Shit like that. It was a nightmare and luckily I only had to deal with it infrequently.
I have a friend that uses swear words 🤷♂️
I don’t know what’s worse… That program or that you put biscuits greater than bacon…
Actually I think the greater crime is biscuits being greater than bacon
unless they’re bacon biscuits
but BiscuitTop + Bacon + Eggs + BiscuitBottom is definitely better than biscuit, or bacon or eggs.
bacon++;
True, all are good.
Why do people do stuff like this, is the logic not difficult enough to follow on it’s own without a secondary definition table to consult!? Fucking hell.
Had a programmer like this when I was still an apprentice. He was so full of himself. Was originally a Java programmer but had to program in PHP because that was what ran on the server. I never found out why he couldn’t just put Java on the server. We had full control.
All his variables were first names. Like
$klausand$grobi. Because he was afraid of clashing with reserved keywords. The thing is, in PHP all variables begin withexactly to prevent this issue. So he brought that habit over from Java which was far superior and not such a “Mickey Mouse language”.I mean, he wasn’t totally wrong, especially back then PHP was awful. But he surrounded every function with
and(PHP was designed to be combined with HTML output outside of these tags) and had plenty of whitespace between them and couldn’t fathom why all his html files had huge swaths of whitespace at the start.His way of preventing SQL injection was to look for SQL keywords in user input and then throwing an error in the log files.
I don’t know how old you are but when I was in school, this was just going out of style. They saw this as job security. If you’re the only one who can work on the code, then they won’t fire you
Oh god, that’s worse than I’ve seen where a SQL query joining 10 tables aliased all of the tables as a, b, c, d, e, f, g, h, i, j.
It was a mess, and as a new dev on the project, trying to figure out which where clause was for which table and how things worked was a fucking nightmare. Trying to keep a dictionary of letters to real table names in your head as you looked at the query was very taxing. In the end, I just fixed it all to stop using aliases. Or to use short abbreviations.
Here’s a mock example:
SELECT j.delivery_eta, c.cat_desc, a.part_number, h.region_label, f.wh_loc, e.emp_last, g.state_flag, b.mfg_title, i.ship_track_code, d.order_sum, a.created_on, j.last_scanned_at, e.emp_first, c.cat_code, g.state_level FROM parts AS a INNER JOIN manufacturers AS b ON a.manufacturers_id = b.id INNER JOIN categories AS c ON a.categories_id = c.id INNER JOIN orders AS d ON a.orders_id = d.id INNER JOIN employees AS e ON d.employees_id = e.id INNER JOIN warehouses AS f ON a.warehouses_id = f.id INNER JOIN inv_state AS g ON a.inv_state_id = g.id INNER JOIN regions AS h ON f.regions_id = h.id INNER JOIN shipments AS i ON d.shipments_id = i.id INNER JOIN logistics AS j ON i.logistics_id = j.id WHERE (b.mfg_title LIKE '%Corp%' OR b.mfg_title LIKE '%Global%') AND c.cat_desc NOT IN ('Unknown', 'None', 'Legacy') AND (d.order_sum > 1000 OR d.order_sum BETWEEN 250 AND 275) AND e.emp_last ILIKE '%berg' AND (f.wh_loc IN ('A1', 'Z9', 'M3') OR f.wh_loc IS NULL) AND g.state_flag IN ('ACT', 'PENDING') AND h.region_label NOT LIKE 'EXT-%' AND (i.ship_track_code IS NOT NULL AND i.ship_track_code <> '') AND (j.delivery_eta < NOW() + INTERVAL '90 days' OR j.last_scanned_at IS NULL) AND (a.part_number ~ '^[A-Z0-9]+$' OR a.part_number IS NULL) AND ( (c.cat_code = 'X1' AND g.state_level > 2) OR (e.emp_first ILIKE 'J%' AND d.orders_id IS NOT NULL) );That’s how mainframe programmers at my workplace do SQL. I think they do it due to long table and field names and narrow mainframe COBOL files
deleted by creator
It’s all mine.
The worst programmer I ever seen was myself six months ago…Hopefully will be true in another 6 months too
I’ll consider myself lucky that the worst I’ve had to deal with was a 8K LOC C file that implemented image processing for a cancer detection algorithm. Nothing terribly tricky but just poorly organized. Almost no documentation at all. The only test was running this code against a data set of patient images and eyeballing the output. No version control other than cloning the project onto their NAS and naming it “v2” etc.
Research code can be really scary.
At my job there’s a class method that’s longer than that.
Get out
