You are here

Feed aggregator

Error'd: Hot in London

The Daily WTF - Fri, 05/02/2014 - 12:15

Ed W. wrote, "So what's the rule to convert Celsius to Fahrenheit? According to the weather on the my Yahoo page it's: Multiply by 7, divide by 5 and add 32 ... unless you're in London then add 100."

 

"In Milan, Italy, at Foot Locker it seems they aren't sure what their opening time is...wait, it seems that they aren't even sure what the days of the week are!" Carmine G. wrote.

 

"So, the Gender field is 'optional', yet the Title field is marked as mandatory and all choices are gender-specific," Ben writes.

 

"I'm really impressed with my Motorola Moto G. It's a really nice phone for the price. However, I was less impressed when I attempted to use Motorola's lost phone functionality," writes Tom.

 

"Looks like news.google.com got a bit confused with it's article groupings," Bri wrote, "I had no idea that David Brenner was involved in Afghan politics!"

 

"Just received this email about a service subscription and it's a little confusing," Ari S. writes, "Now is it the 44th of November or the 11th of Fourtyforthember?"

 

"What? An older version than I have now has been released? SIGN ME UP!" Shaun W. writes.

 

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

Sony Tape Storage Breakthrough Could Bring Us 185 TB Cartridges

Slashdot - Fri, 05/02/2014 - 11:24
jfruh (300774) writes "Who says tape storage is out of date? Sony researchers have announced a breakthrough in magnetic tape tech that increases the data density per square inch by a factor of 74. The result could be 185 TB tape cartridges. 'By comparison, LTO-6 (Linear Tape-Open), the latest generation of magnetic tape storage, has a density of 2 gigabits per square inch, or 2.5 TB per cartridge uncompressed.'"

Read more of this story at Slashdot.








Categories: Tech/Science News

Grad Student Makes Nanowires Just Three Atoms Thick

Slashdot - Fri, 05/02/2014 - 09:02
Science_afficionado (932920) writes "A Vanderbilt University graduate student, working at Oak Ridge National Laboratory, has discovered a way to create nanowires capable of linking transistors and other components made out of the monolayer material TMDC. His accomplishment is an important step toward creating monolayer microelectronic devices, which could be as thin and flexible as paper and extremely tough."

Read more of this story at Slashdot.








Categories: Tech/Science News

Coded Smorgasbord: The Long Way

The Daily WTF - Thu, 05/01/2014 - 12:15

Sometimes, a developer just needs to take the long way around. Sure, a line of code like DateTime StartTime = DateTime.Now looks simple and readable, but what happens if you want the StartTime variable to be not exactly now?

Craig’s co-worker figured out a better solution:

public string SomeFunc() { DateTime StartTime = new DateTime(DateTime.Now.Year, DateTime.Now.Month, DateTime.Now.Day, DateTime.Now.Hour, DateTime.Now.Minute, DateTime.Now.Second, DateTime.Now.Millisecond); //… do stuff }

So much better.

Now, though, we have a string that’s guaranteed to exist and be at least 6 characters long. We need to get the last six characters of that string. We could use a substring function, but that wouldn’t give us an opportunity to use our knowledge of LINQ functions. Kelly found this superior solution:

public string LastSixDigits { get { if (string.IsNullOrWhiteSpace(this.Number) || this.Number.Length < 6) return string.Empty; return this.Number.Reverse().Take(6).Reverse().Aggregate(string.Empty, (s, c) => s += c); } }

Finally, one of Jonathan’s peers needed to store a pair of strings as a single object. They could have used one of the many built-in types for that task, like a Tuple or KeyValuePair, but would that have provided a suite of overridden operators?

public struct StringString { public string Key; public string Value; public static bool operator ==(StringString dataItem1, StringString dataItem2) { return (dataItem1.Key == dataItem2.Key && dataItem1.Value == dataItem2.Value); } public static bool operator !=(StringString dataItem1, StringString dataItem2) { return (dataItem1.Key != dataItem2.Key || dataItem1.Value != dataItem2.Value); } public override bool Equals(object obj) { if (!(obj is StringString)) { return false; } return (this == (StringString)obj); } public override int GetHashCode() { return (Key.GetHashCode() + Value.GetHashCode()); } } hljs.initHighlightingOnLoad(); [Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

cURLing Up With a Good Hook

The Daily WTF - Wed, 04/30/2014 - 12:15

A year into his gig as a senior web developer for ClientServiCo, Eddie felt like he had a good grip on the many disparate systems he and his team had built for their clients over the years. Like most web-dev firms formed during the first bubble, the ClientServiCo team had survived by adopting whatever tools were the right combination of familiar, popular, and available at the time. This approach, while allowing them to be flexible in conforming to their clients' needs, also left a tangled legacy spread across a constellation of web hosts. Yeah, it was kludgy in parts. Sure, Eddie would look at some parts and wonder if the coder was high at the time, but hey - overall, it just worked and nobody complained! ...Then came the notification from their current host that a Drupal installation belonging to a ClientServiCo client was spewing spam and had to be taken offline.

The first oddity Eddie noticed was that Drupal wasn't running the entire site. Instead, it was just a calendar and event-registration system. The administrative section was powered by a CMS that ClientServiCo had written in-house during the aughts, and abandoned years ago in favor of something more robust. Though the site was meant to be accessible to authorized users only, the .htaccess and .htpasswd files which comprised the authorization system were only protecting the third part of the site: a set of static webpages written in FrontPage. With the Drupal system and admin backend both freely accessible from the web, it was incredible that the five year-old site had only recently been compromised. As a simple first step to stop the bleeding, Eddie moved the .htaccess file up one directory to protect the entire web root and trudged on.

Confident that the content was now protected, Eddie asked the host to restore permissions to the Drupal site so he could go looking for the actual attack vector. His suspicion, since the site hadn't seen an update since 2010, was a long-since patched bug in Drupal core. He was in the midst of reviewing changelogs to see which holes had been patched when it occurred to Eddie to check the account-creation settings. There it was, not a bug but a feature: "Visitors can create accounts and no administrator approval is required" was checked, meaning anyone on Earth could create an account, add stories or pages to the site or register for events, and that's exactly what they'd done. After zapping nine thousand users and ten times as many "stories", Eddie had a clean DB and restored it to the live site.

Naïve misconfiguration on a public-facing website earns an F, but is it really WTF? Perhaps not, but the very next day Eddie's phone lit up. Somehow, even the ringtone sounded frantic! On the other end was one of the clients' site administrators, and she was not calling to congratulate him on getting their site taken off the host's blacklist. No, although the site was back online, no one could register for events through the Drupal calendar. The admin was more than familiar with the tradition that, since Eddie had touched it last, the problem must be his fault. After she walked him through the issue, all Eddie had to go on was a dropdown failing to populate and a cryptic PHP warning about foreach() expecting certain parameters.

Eddie donned his fedora and bull whip and began another archaeological dig. This time, he found a custom Drupal module lurking in the /modules directory. This shadowy script was apparently managing the event registrations and should have been pulling in the missing data. It was mostly luck that brought Eddie's attention to an inconspicuous ten-line function called retrieveNameData.

When he parsed the code, Eddie did a double take - since the site's admin system was using ClientServiCo's home-made CMS instead of a Drupal module, the name data was being retrieved by making a cURL call to the admin system's URL. The use of cURL was odd but, even worse, the target URL resolved just fine in Eddie's web browser. "That's weird," Eddie muttered to himself, "if I can access the URL, why can't-" His eyes landed on the widget telling him he was logged into the site. Opening a different browser, he tried the URL again, and was left staring at an htpasswd dialog. Now that Eddie had the admin system under the intended access control, cURL's unauthenticated call was being summarily rejected. For the first time, Eddie found himself wishing the site's original developers were still around; he wouldn't be surprised to hear that this roadblock had kept them from applying authorization to either CMS in the first place.

With a new user in the .htpasswd file and the appropriate curlopts in place, the newly-hardened site was working again. This time, the admin did thank him, and Eddie was happy to tuck this chapter of ClientServiCo's history back in the drawer.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

CodeSOD: Seeing Sextuple

The Daily WTF - Tue, 04/29/2014 - 12:15

(Read to the tune of "The Way We Were")

Bitmaps Clog the corners of my RAM Giant, duplicated bitmaps of the memes that were

People say you can't have too much of a good thing. But for some things, even two of the same thing is one too many.

Such is the case with bitmaps. Well, not bitmaps, per se. Bitmaps are awesome. Bitmaps of memes involving the most interesting man in the world and some completely unrelated slogan. Bitmaps of fist pumping babies. Infogram bitmaps containing the insightful witticisms of Justin Bieber (admittedly, a small bitmap...but still). Everywhere you look, Bitmap awesomeness abounds.

But in-memory copies of bitmaps are a different story. Consider the following code, which is used to push a JPG image into the output stream of an HTTP response.

public void ResponseImageToBrowser(string fileName) { //convert image to byte array byte[] objImgData = ConvertImageToByteArray(new Bitmap(fileName), ImageFormat.Jpeg); MemoryStream objMemoryStream = new MemoryStream(); objMemoryStream.Write(objImgData, 0, objImgData.Length); Image objImage = Image.FromStream(objMemoryStream); HttpContext.Current.Response.AddHeader("Content-Disposition", "filename=" + fileName); HttpContext.Current.Response.ContentType = "image/Jpeg"; objImage.Save(HttpContext.Current.Response.OutputStream, ImageFormat.Jpeg); //close the file stream objMemoryStream.Close(); objMemoryStream.Dispose(); objImage.Dispose(); } private byte[] ConvertImageToByteArray(Image objImageToConvert, ImageFormat objFormatOfImage) { byte[] objByteImage; using (MemoryStream objMemoryStream = new MemoryStream()) { objImageToConvert.Save(objMemoryStream, objFormatOfImage); objByteImage = objMemoryStream.ToArray(); } return objByteImage }

Let's follow along.

First, the image is loaded into memory through the Bitmap class constructor. Then the bitmap class is saved into a memory stream (copy 2). This stream is converted into an array of bytes (copy 3).

Next, the byte array is written into a memory stream (copy 4) which is then loaded into an Image object (copy 5). Next, the Image object is saved into the output stream for the HTTP response (ostensibly, copy 6).

So in a mere 12 lines of code, a total of 6 copies of the images were placed into memory. Not sure if this qualifies, but Guinness has been notified just in case.

To rub salt into the wound, the above code could be replaced by two lines.

HttpContext.Current.Response.ContentType = "image/jpeg"; HttpContext.Current.Response.WriteFile(filename);

And finally, as a coup de grâce, notice how even the comments duplicate the method names. After all, if you're going to double down (or sextuple down), don't be afraid to go all in.

hljs.initHighlightingOnLoad(); [Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

Left Hand, Meet Right Hand

The Daily WTF - Mon, 04/28/2014 - 12:15

You have to love the folly of big companies. Bear Stearns. Lehman. Tyco. Enron. MF Global. MegaCorp. WTF Inc. They always put out advertisements telling us how soft and gentle their products are for us, our children and the planet. They cajole us with ads extolling the virtues of their products, and how we can't live without them. Of course, you know that they use the strictest rules and procedures to guaranty the safety of our personal data, and take every conceivable measure to make sure that things are done correctly. In short, we can trust them. There are rules for how to do everything. Protocols to be implemented. Procedures will be followed. Period.

Phone companies, especially, take extreme precautions when releasing software because the communications grid simply cannot be allowed to go down. Ever. I mean, it's critical that you be able to get important messages through, like: I'm on my way, or Pick up milk.

As such, it's important that every manager in every department involved in running any part of the phone system, including the call centers, can dot all the I's and cross all the T's.

Big Bob is not a real engineer these days. Mostly, he gets paid to help engineers, managers and customers communicate. His company partnered with another company that had a very rigid release schedule. Together, they built a very complex product to perform several services.

Then they had a stroke of misfortune luck; a large telco had taken an interest in the joint product and decided to purchase it. Naturally, some custom modifications were required, but BB and partners tried to remain as true to their corporate vision as possible.

The telco also demanded that they limit the frequency of their releases because the telco needed more time for their internal testing. BB and partners tried to accommodate the request.

One day, the telco started complaining that the partners' updates were causing a massive surge in support calls. Naturally, BB and partners shared their concern. However, the increase in volume wasn't unilateral; it was contained to one call center; the other call centers were unaffected. After BB made several adjustments, the telco still complained about the call volumes, but with varying levels of volume spikes, and only at the lone call center.

Eventually, an all-hands-on-deck conference call was set up so the telco project teams, procurement teams, test teams, call center managers, the cafeteria lady and BB & partner teams could hash it out.

Not long into the call, an all-out argument broke out between the call center management team and the other telco teams. Fingers were pointed. Blame was assigned. Nominees for being the sacrificial lamb were proffered:

Call Center: We are getting flooded with support calls at one call center! Capacity Planning: We ensure that there's enough capability to move the data; we don't manage what data gets sent Network Engineering: Our responsibility is to move the data across the network between the sender and recipient: the messages are getting through to you; we're good! Customer GUI Team: We are only generating messages that are needed, based upon customer interactions; we have no choice... Server Development Team: Listen, if anybody from the network team would have been in attendance at the last change control meeting, then MAYBE we wouldn't be here now! Network Engineering: It's not like we could go if we wanted to last week! Don't forget that we were fighting a fire caused by by your team! Need I rehash the domain controller issue? Yet Another Manager: Cool it guys - this had nothing to do with a single network load-balancer firmware upgrade. There are many irregular weeks of unexplained call volume

BB had to nearly bite through his lip to keep from pouring fuel on the fire. Clearly, they had forgotten that external folks were on the call.

Apparently, the call volume had started to impact on their performance figures, and it was CYA mode all around.

After some digging, it turned out that the increase in calls was exactly correlating with an advertising campaign that had recently begun, and precisely matched the success rate of the campaign. It had nothing to do with BB or his partner company.

At the end of the call, BB and partners thanked everyone for their time and hung up. BB and the software release manager wondered about what they had just heard. The telco call center was using them as a stick to block software releases, just because the sales department hadn't accurately forecast their own success.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

Error'd: Clbuttic Journalism

The Daily WTF - Fri, 04/25/2014 - 12:00

"The Wall Street Journal was a little late in 'target'ing April Fool's Day," writes Ryan.

 

Pascal wrote, "Oh no! CaptialOne's website ran out of strings!"

 

"This showed up on a Forbes article via the Android Newsstand app. I guess if you can't comment, 'null' will do," Bruce R. writes.

 

Ben A. wrote, "Call me crazy, but I don't think that's a kangaroo."

 

Andreas writes, "Nice clothes? No cat hair on them? Need to get somewhere in style? NO PROBLEM."

 

"I was notified that I need to update Preme for Windows, but luckily for lazy me, the expiry date won't be coming up any time soon," Kate K. writes.

 

Mike E. writes, "My new wireless router was supposed to come with an Ethernet cable but I received this one instead. I sure hope it's compatible."

 

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

Psychic Software

The Daily WTF - Thu, 04/24/2014 - 12:15

Lawrence’s first task at his new job would be an easy one. “All you gotta do is carry this across the finish line. It’s practically done already,” Chris the Costly Contractor informed him. Costly Chris was nearing the end of his contract and the company didn’t want to keep paying his jacked-up rates. That’s where Lawrence, the cheaper, full-time alternative to Chris, came in. “But, there are some recent change requests that we need to do. You’ll have the pleasure of talking to Becky about that,” Chris said with a sly grin.

The software was a simple CRM with a PHP front end. It was a straight-forward MVC application with a slew of stored procedures responsible for managing the data. Lawrence’s group worked on the UI layer.

Shepherd, guru, and leader of the UI effort was Becky, the designer. Becky’s background was in graphic design for print, and someone up the management tree had decided that design was design, and appointed her head of the user interface and experience group.

“I’m really proud of the search interface I came up with. You’ll love it,” Becky gushed to Lawrence during their first design meeting. “The results still need some work before they’re as perfect as my design.” Lawrence pulled up the application to find a simple search screen with exactly one field. It returned a single result field- the primary key of the user records. “See, that’s what I don’t like,” Becky said. “We need better information.”

“Like… their names? This is just their database ID, I could show their names. Or put in a link to their details.”

“You can do that?” Becky said. She smacked the conference room table with enthusiasm. “That would be awesome! Get to making that change right away. Get it done before next week.”

Lawrence made the change to the lone search field in all of 3.567 minutes.

A week later, Becky gushed again. “That is so cool!” She was honestly amazed at the simple change, and spent half the meeting puzzling over the “computer geek secrets” that Lawrence used. “This still needs more work, though. Just seeing someone’s name when you search isn’t enough. If I search for Robert Pattinson, I’ll see all of the Robert Pattinson’s in the world, and I’ll have no clue which one is which!”

“So… you want their company information in the search results? Displayed with their name? I can do that.” After further discussion, Lawrence returned to his desk and changed the search to display the contact’s full name, company, phone-number and address. He was sure that Becky would go through the roof with excitement after this round of changes.

Lawrence was wrong. “No, no, no, no, NO! What did you do to it? The screen is way too busy. This is too much junk. Besides, this still shows me too many results. Which is why I have a better idea.” Lawrence clenched his teeth and prepared for what was to come. “Say you do a search for Atlanta. You type Atlanta in the box, and it returns all sorts of Atlanta stuff. Guys from Atlanta, the Atlanta Widget Company, and people named Johnny Atlanta. That’s so confusing. If I want to call the City of Atlanta, I’m stuck paging through results. So what you need to do is only show results based on exactly what I meant to find.”

“On… exactly what you meant to find?”

“Exactly.”

Lawrence pondered Becky’s bright idea for a long moment. “Well, to do that, we’d need to add multiple search fields, or give the user a way to be more specifi-”

“No! That’s too complicated. This isn’t for computer geeks. If I type in ‘Atlanta’, it should show me the City of Atlanta, if that’s who I wanted to call. If I want Johnny Atlanta, it should show me that!”

“I… but….” Lawrence struggled to come up with an answer. “Unless we somehow magically make the computer psychic, this is impossible. I don’t even know how we’d…”

“Larry, this is not a time for excuses,” Becky said. “Just make this happen. This is 2014, and if we can put a man on Mars, then we can make a search smart enough to give the users what they want. User experience Larry, user experience!”

Lawrence shuffled back to his desk pondering the stupidity of her last statement. Then he spent a week trying to make the search field appear clairvoyant enough to fool Becky into thinking it was reading her mind. He never finished, though, because the entire project was unexpectedly scrapped, the company switched to an off-the-shelf CRM, and Becky went back into print design. Lawrence was gladly reassigned to a different project that had less telepathic requirements.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

CodeSOD: Your Letters are Numbered

The Daily WTF - Wed, 04/23/2014 - 11:45

The First Rule of Enterprise Software is: don't talk about enterprise software. The Second Rule of Enterprise Software is: when you do talk about enterprise software, make references to stylish dramas from the '90s starring Brad Pitt and Edward Norton to make it seem more exciting. However, the most important rule of enterprise software by far is Rule Number Three: Even the simplest little things can't be simple. Arthur was reminded of Rule Number Three on a recent trip into his employer's company-wide database.

The codebase Arthur maintained had a method for just about everything. "Hah!" You're probably thinking. "I bet it doesn't have a method that returns an array containing the letters of the English alphabet!" Well, Hah! yourself: stumbling across a call to GetAlphabetForHouseCombinedPortfolios in the bloated, inappropriately-generic UploadingTool class, Arthur was curious. Would it contain a hard-coded list of letters? A complex mathematical formula dependent on the current date that would baffle everyone by returning Hebrew when the clock switched out of daylight-savings time? No, like all proper enterprise solutions, the method invoked a stored procedure in the database. And that's why Arthur is proud to present sp_UploadingToolGetAlphabetForHouseCombinedPortfolios:

-- get alphabet and ids for each letter SELECT N.Number_ID AS [Filtering_ID], CHAR(N.Number_ID) AS [Filtering] FROM dbo.stbl_Number N WHERE N.Number_ID >= 65 AND N.Number_ID <= 90

The best thing about this solution is how easily it can be modified to support the exciting new lowercase letters that are starting to gain traction in some forward-looking businesses.

The perfect coda to this story is the stbl_Number table definition itself, which Arthur found to be thoroughly documented:

CREATE TABLE [dbo].[stbl_Number] AS ( Number_ID INT NOT NULL, -- Number ID. Should always match the value in the Number field Number INT NOT NULL, -- The number Number_Text VARCHAR(50) NULL, -- Textual representation of the number Number_Roman VARCHAR(50) NULL, -- Roman numeral representation of the number Number_GUID UNIQUEIDENTIFIER NOT NULL -- Globally unique identifier for the number )

Arthur wanted us to point out that the Number_Text field sometimes contained a value like "nine", and other times contained a value like "17". Arthur, we feel your pain. Just don't forget the First Rule of Enterprise Software.

hljs.initHighlightingOnLoad(); [Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

Desert Packet Storm

The Daily WTF - Tue, 04/22/2014 - 12:15

Jonathan D. was the system administrator for a school nestled in a war-ravaged city somewhere in the middle of the desert. What with bombings here, explosions there, and the odd RPG whizzing by, dealing with a converted bathroom as an office/datacenter just didn't seem to be all that big of a deal.

The school had roughly 100 computers split between two buildings, along with the laptops everyone used. His office, ...erm... converted bathroom housed all of the servers, and the main computer room for the high school/middle school (grades 6 and up) building was located right outside the door.

One morning, as the sun came up over the desert, he found that he was unable to connect to the internet. After trying to ping the gateway and getting no response, Jonathan tried pinging the data servers. Nada.

When he did a visual inspection of the servers which revealed that they looked fine, he thought that maybe the problem was with his desktop. While it was rebooting, he heard the volume of the students in the computer room explode. The computers in there were no longer able to see the server and had hung.

At this point, Jonathan knew the problem wasn't just with his desktop. If the computer room next door couldn't reach the servers right next to them, then the odds of any of the other computers further out being able to get through were pretty much nil. The network was down for the whole school. Had there been an attack?

Rebooting the (unmanaged) switches in his bathroom office yielded nothing useful. Finally, in desperation, he disconnected the servers and the computer room from the rest of the school. Shouts of victory arose from the computer room; they were able to work again!

Now he had to figure out where the problem was rooted. Jonathan isolated one switch at a time, working his way through the school until he had reached the computer room in the elementary building (grades 1-5). With some help from the technician in the computer room, he was able to identify one of the switches as being the cause of the problem.

He unplugged the ports in the switch, one at a time, until he noticed something strange. As he unplugged each port, both its light and the light below turned off. When he plugged it in again, both lights came back on.

"What's plugged into this port?" he asked the technician.

"Nothing! We don't have any computers plugged into that socket," he replied.

"Well something's plugged into it. Let's go take a look."

They walked over to the other end of the cable in the computer room and saw that a teacher had set up a little work area with a box of papers and some pens. When they moved the box out of the way, they found... a network cable plugged into the socket... and the other end plugged into the neighboring socket.

They talked with the teacher who had set up the work area, and found out that he normally brought in his laptop, along with a network cable. On this particular day he'd left the laptop at home, and he wanted to clean his workspace. He decided to tidy up the network cable by plugging both sides in, creating a feedback loop, which caused a network storm and wound up taking down the whole network.

Oops.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

CodeSOD: You Can't Handle the True!

The Daily WTF - Mon, 04/21/2014 - 12:00

We've all had that feeling before. We see something happening in front of us, yet because the sight doesn't conform to the worldview held within our brain, we just can't believe our own eyes. Dogs playing poker. Cats wearing panty hose. Politicians telling the truth. You get the idea. And depending on your personal threshold for incredulity, you might experience this feeling as a double take, a spit take or a psychotic break. If you happen to be prone to psychotic episodes, then I'm going to have to ask you to move on. Wait for tomorrow's WTF. Or maybe pet some kittens. Here's a picture to help you get started.

Feeling calm and relaxed? Good. Now let me tell you a story about Steve. Steve is what you call a 'skeptic' (which is scarily close to septic, but I digress). He questions absolutely everything he encounters. He walks with overly firm footfalls to make sure that the ground won't open up under him. He carries two watches to act as verification for the clock on his smartphone. He even checks his own pulse to make sure he's alive.

What's worse is that Steve carries this tendency into his job as a developer. He writes if statements with a true block, a false block and an else block. And when comparing strings? The equality operator just won't cut it. Consider the following code.

public static void setDelay(String delay) { String yes = "YES"; if ((delay.hashCode()) == yes.hashCode()) Scenario.delay= 10000; }

Passing a string as a parameter instead of a Boolean is something that, possibly, could be forgiven. But when it comes to checking for the value of the string, Steve is way too skeptical to just use an equal sign (or two). Instead, the hash code for both incoming value and the test value are generated and compared. Because, as everybody knows, the equality operator is not trustworthy for strings, but has no problem when comparing long integers.

Ironically (and not in the Alanis Morisette sense), by using the hashCode method, Steve has actually changed a simple comparison that was pretty certain to be accurate into one that actually could fail. After all, hashCode is not guaranteed to be unique for each string (that is, a perfect hash). So out there, somewhere, may be another string whose hashCode value actually matches the hashCode for "YES". And there are hackers working hard to find unanticipated ways to delay the scenario.

hljs.initHighlightingOnLoad(); [Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

Error'd: Social Insecurity Number

The Daily WTF - Fri, 04/18/2014 - 11:45

"Adding an account on Mint.com, it asks for the last 4 digits of my SSN and for the first 3 digits," John A. wrote, "Seriously? There are only 100 combinations left to guess the full SSN!"

 

"I was messing around with Nvidia's Linux Settings program when I came across this less than helpful tool-tip," Brendan writes.

 

"So much for my goal of answering 8 out of 10 questions correctly," writes Jan B..

 

Kyle wrote, "Visual Studio 2013 is self aware? Yeah, I'd call that a problem too."

 

Tink writes, "Apple created iBooks to help people enjoy reading, but I think I'd get bored with this line-up pretty quickly!"

 

"I don't understand how my license can have expired over 40 years ago, and yet I still have é( days to renew," Menno wrote.

 

David G. writes, "I guess CareerBuilder and I will just have to agree to disagree as to what constitutes a valid date or not."

 

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

Coded Smorgasbord: Sweet Mysteries of Life

The Daily WTF - Thu, 04/17/2014 - 12:00

When you read a lot of bad code, you start to get a sense of why the code exists. Often, it’s ignorance- of the language, of the functional requirements, of basic logic. Sometimes, it’s management interference, and the slavish adherence to policy over practicality. Other times, it’s just lazy or sloppy work.

And sometimes, the mysterious logic that gave birth to a WTF is just that- a mystery.

Timo can’t help but wonder why this method exists:

public DataModel getEditionModel() {    if ( true )        throw new IllegalArgumentException( "You shouldn't be here" );    return editionModel; }

Angela is still puzzling over this one:

String timeStampLength = "                          "; int lengthOfTimeStamp = timeStampLength.length();

Can you imagine a clearer way to express a numeric length?

Dennis found some code that needs to check the length of an array, so it does this:

function countDocuments() { var count = 0; for ( var i = 0; i < user.documents.length; i++) { count++; } return count; }

If only there were a built-in method that could tell us the length of an array...

And finally, Andrew sends us this example of defensive programming, that’s about as safe as we can make it:

Private Sub ImageList_DataBound(ByVal sender As Object, ByVal e As System.EventArgs) Handles ImageList.DataBound Try Catch ex As Exception If TypeOf ex Is ArgumentOutOfRangeException Then Throw New Exception("item not found in the list...") End If End Try End Sub hljs.initHighlightingOnLoad(); [Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

Secure Development

The Daily WTF - Wed, 04/16/2014 - 12:30

Steven's multi-billion dollar tech firm spared no expense in providing him two computers. One was stuffed in a broom closet down the hall; he used it for email, Internet access, and other administrative items. At his cubicle sat the computer on which he did all his programming, connected to the company's separated development environment (SDE).

The SDE was a company-wide network that existed in parallel to the normal network. No Internet connectivity, and login was only possible with an RSA SecurID dongle. The stated purpose was to provide a secure environment for software development. The other devs on Steven's team had their own SDE boxes for the same purpose.

One day, the Java install on Steven's SDE machine took a core dump and rolled around in it. Unfortunately, he couldn't troubleshoot the machine himself. Only SDE administrators could install or alter configurations on those boxes.

Steven logged a ticket. Within an hour, he was watching an SDE admin reinstall Java for him. Once the admin had unchecked all the predatory toolbar options and got the install going, he frowned at some files sitting in Steven's current working folder.

"Are these .exe files?" he asked.

Steven mirrored the frown with confusion. "Those are my team's development tools and deliverables."

"Is this approved software? Did we install these for you?"

"No. We wrote the code for those and built them."

"You can't install files on this machine!" the admin exclaimed.

"I didn't install them," Steven returned. "I compiled our first-party source code, developed entirely within the SDE, and created those .exe files. That's my job!"

"So you did install them!" the admin cried with gotcha flair.

Steven gaped. "That's not what the word 'install' means!"

Java had finished (actually) installing. The SDE admin left with a righteous gleam in his eye, which Steven shook off. Surely this wasn't going anywhere. If the admin tried to report anything, someone would fetch a dictionary, and everything would be fine.

Well, no. A few days later, Steven's entire team received an email stating they were in violation of Cyber Security policy for installing "malicious, unapproved" software on their SDE machines. The message ended with a sinister promise: Disciplinary actions are forthcoming.

Their immediate boss was powerless to defuse it. The case automatically escalated to Human Resources. The whole developer team was forced into numerous interviews with the sort of drones who couldn't hack Accounting or Finance in business school.

"All we did was develop software in the environment we were provided to develop our software in!" they explained for the umpteenth time.

Unblinking incomprehension. "Why did you install this software on your machines?"

"We didn't install anything! We compiled source code- the source code this company pays us to develop!"

"Well, is it malicious?"

"Of course it's not malicious! Some of this stuff is customer deliverables! We also have myriad scripts and some Java code. We've been doing this in the SDE per company policy for well over a year!"

"What's a Java?"

At the end of these interrogations, Steven's team was ordered to keep working, but immediately cease generating any "prohibited files." If they dared create one more project deliverables, they faced termination.

How are we supposed to meet our deadlines? Steven clicked Send on the email copied to numerous managers.

He and his team sat on their thumbs for a day. Finally, someone shed light on the real problem: the SDE team's definition of the word "install" was so ambiguous, it covered everything from putting down an SDK to setting an adorable kitten picture as one's desktop background.

The head of Cyber Security issued a development exception for Steven's team. They were allowed to develop software on the SDE, as long as all .exe's, .lib's, and other generated files were manually tracked within a shared drive Excel spreadsheet that locked up whenever someone forgot to close it. In the meantime, the SDE admins were to set up a special "development system" for Steven's team, where they'd officially be allowed to develop code. A high-level issue was raised against Cyber Security and the SDE admins to properly define the term "install" and adjust their policies accordingly.

Steven's team was assured they'd get their special dev system well before their development exception expired. Their skepticism toward this promise was entirely merited.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

CodeSOD: I Had My Reasons

The Daily WTF - Tue, 04/15/2014 - 12:00

Trevor spent a huge amount of time writing a 2,000,000+ PHP/JavaScript/HTML system for an e-commerce company. Like a few other I'm-Special geniuses in our field, he believed that he could do it better than everyone else. For this reason, he came up with his own way of doing things. Database queries. Date-time logic. You name it.

Some time back, Kenzal was brought on as a senior developer to work on the e-commerce system. As he spelunked his way through the system, Kenzal would find some piece of puzzling code and ask Trevor what he was going for, or why he did it that way. Trevor would invariably respond: I had my reasons.

Kenzal encounterd this particular snippet in the "critical logic" in the batch creation process, around 7,500 lines into in the 10K+ LOC invoice manger file, somewhere after running the query and checking for results:

<?php   $m = $SYSTEM->getValue('FULFILLMENT_CART_CONFIG');   if ($m == '') $m = 'LLLLSSSSSSSSLLLLLLLL';   $m = strtoupper($m);   $t = $this->db->getDataset();   $n = sizeof($t);   $sp = 0;   $lp = $n - 1;   $info = array();   for ($i=0; $i<$n; $i++) {       $info[$i] = array();       if (substr($m,$i,1) == 'L') {          foreach ($t[$lp] as $k => $v) $info[$i][$k] = $v;          --$lp;       }       else {          foreach ($t[$sp] as $k => $v) $info[$i][$k] = $v;          ++$sp;       }   }   return (array(0,$info)); ?>

Rather than just simply returning the result set, Trevor decided that the results needed to be reordered according to the value of some random string, manually popping and de-queuing the values in the array. When queried as to why he would write something like that, Trevor replied with his usual: I had my reasons.

Both Trevor and his code have since been replaced. When Trevor was asked to leave, he was told (among other things) that they had their reasons. All of the above code has since been replaced with:

<?php `return (array(0,$this->db->getDataset()));` ?> [Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

All Your RAM Are Belong to Us

The Daily WTF - Mon, 04/14/2014 - 12:15

Back around the turn of the century, governments were a different place to work at. The public trough, while not as fat as it had been, was still capable of providing funding for boondoggles handed out to friends and family. This was before deficit hawks made a sport of picking off small cost overruns that scurried around the fields of government largesse. Before billions was spent on wars of questionable necessity. Before mayors broke down the stereotype that all crack addicts were skinny.

In this heyday, Ray worked for a government department that contracted, managed and passed-through telecommunications services from external providers to other government departments. The department's central billing and administration system was built and run on the Ingres ABF framework and it's origin dated back to the early 90's. What's more, as soon as the application could be put into minimal funding status, it was. Even in the heady Internet bubble days, no money was spent beyond what was needed to keep the application running.

For developers, this meant a heavy reliance on shell scripts and other such tools to support the main application. And, considering the critical nature of the application (it did generate revenue...or at least caused numbers to be moved from one ledger to another within the government), any change went through enough manual testing to defoliated a acre of the Amazon rain forest generating the testing outputs.

So when Ray needed to make a bulk data change to the central database, he followed the prescribed steps. The appropriate shell script was created, followed by multiple runs on the test server to create the 3 type-set, calf leather bound volumes of input-output testing printouts. Once done, 5 levels of sign-off were collected. While there's no question that this was an extreme process (XP, but not in the productive way), by the time Ray ran the procedural gauntlet, he was confident that the script would do what it was advertised to do.

To run these scripts, the developers used one-off AT scripts on the server to schedule it to start after hours on the server in question. This mechanism, along with servers that had a good SMS notification system for failed AT jobs, meant that developers could schedule a script to run and then go home with confidence.

Ray set up him job to run at 6:30pm and with no notification of a failure, it was a sleep-filled evening. And he came in the next morning confident of it being a normal day. The sight of the wide-eyed, slightly perspiring system administrator combined with his opening statement of "Thank god you're here!" extinguished that.

"Fezzik's down!", he said. The servers were named after movie characters and Fezzik was the production server that Ray had scheduled the script on the night before.

"Um...define 'down'." Ray said, stalling while desperately trying to think of what weird permutation in the script could have caused this.

"It's not responding. The network controller says Fezzik's there. We can ping it. But terminal sessions are immediately frozen on connect and the applications running on that server are unreachable."

"So, it's not DOWN down then?" Ray asked as he reversed course and headed to the server room.

"It's down enough", came the reply.

At the server console, the user login shell was visible. The sys admin pushed a key. The server replied with an annoyingly cheerful beep. One key press, no characters, just a beep. The keyboard buffer was full. Ray felt queasy.

"Inconceivable. I have no idea what caused that." Ray said with an honesty that was quickly turning to desperation.

"Well", said the admin, "we did get some e-mails from the system this morning before it stopped responding. What the hell is rous_at_job.sh?"

Ray paused. "Why?"

"There's so many instances of it that we don't KNOW how many instances there are of it!"

Realization and dread in equal measures dawned on Ray. Instead of rous_at_job.sh running rous.sh param1 param2, Ray had instead set rous_at_job.sh to run rous_at_job.sh param1 param2! The script simply invoked itself, recursively, forever. So, for a little over 12 hours, like Agent Smith in the Matrix, rous_at_job.sh had patiently, one Kb at a time, taken over the memory and run-time capabilities of the server. By the time the system administrators had got in in the morning, rous_at_job.sh had successfully completed its quest for electronic domination and had physically run out of space to spawn another process.

The only option was to literally unplug the machine. The only saving grace was the fact that, given the current state of the processes, Ray was pretty certain that the server wasn't actually doing anything. Other than running rous_at_job.sh, that is.

The server came back no worse for wear. Going forward, developers were banned from running ANY job on the production server. Like magic, budget was found for a new data change management and scheduling system. And Ray spent a large percentage of his paycheck at the pub that Friday buying the system administrators beers.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.
Categories: Fun/Other

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer