Coding Horror

ErinGoBrath

We had an experienced .net and SQL contractor in that was trying to convince me that null and zero where exactly the same thing

:eek:

meep

ErinGoBrath wrote: »

We had an experienced .net and SQL contractor in that was trying to convince me that null and zero where exactly the same thing

:eek:

Reminds me of the story of Jennifer Null, and other unfortunately named individuals...

http://www.bbc.com/future/story/20160325-the-names-that-break-computer-systems

dazberry

Tony Hoare's billion dollar mistake:

Abstract: I call it my billion-dollar mistake. It was the invention of the null reference in 1965. At that time, I was designing the first comprehensive type system for references in an object oriented language (ALGOL W). My goal was to ensure that all use of references should be absolutely safe, with checking performed automatically by the compiler. But I couldn't resist the temptation to put in a null reference, simply because it was so easy to implement. This has led to innumerable errors, vulnerabilities, and system crashes, which have probably caused a billion dollars of pain and damage in the last forty years. In recent years, a number of program analysers like PREfix and PREfast in Microsoft have been used to check references, and give warnings if there is a risk they may be non-null. More recent programming languages like Spec# have introduced declarations for non-null references. This is the solution, which I rejected in 1965.

Wombatman

BrokenArrows wrote: »

A new service i came across today.
I wont post the name because it might cause them trouble.

When signing up you need to verify your phone number. You receive an SMS and enter the verification code on the website.

When you submit the verification code the site sends a API request and returns JSON containing the correct code and validates it in the browser!!!

SO you just need to do one invalid lookup to see the valid code return in the background which is easily visible with the Developer Tools.

Smart guys! Ive sent them an email.

BitGrail lost $170M because only client-side validation was used

https://twitter.com/bascule/status/962740918053888000

daymobrew

srsly78 wrote: »

Oh ho.... There is some useless bank in america that doesn't verify peoples email addresses AT ALL. So some gob****e with a similar name to me signs up using MY email address - and now I constantly get notifications about every purchase etc he makes. And yes there is a password recovery option which could be used to hijack account.

For 2 years my wife got texts from Ulster Bank indended for one of their customers. Notifications included reminders of meetings (with employee name) and addition of a new payee. She rang them and they played dumb - claiming that they would not be able to find the customer, even when given the appointment info (and employee name).

It wasn't fixed until I wrote to their Data Protection Controller, listing all the texts, and mentioning the Data Protection issue. It was the Data Protection Commissioner office that suggested this approach.

It was bizarre that the customer never fixed the issue.

Wombatman

BrokenArrows

Wombatman wrote: »

Had a junior do that to a live database. Luckily he noticed the number and knew something was up.

ROLLBACK

Evil Phil

BrokenArrows wrote: »

Had a junior do that to a live database. Luckily he noticed the number and knew something was up.

ROLLBACK

I may know of *somebody* who did something similar when they were a junior :pac:

BrokenArrows

Evil Phil wrote: »

I may know of *somebody* who did something similar when they were a junior :pac:

Ah we all ****ed up at some point.
I shutdown a production server which then failed to turn back on for a few hours and the automatic backup server failed to kick in too, so that was loads of fun!

Capt'n Midnight

BrokenArrows wrote: »

Had a junior do that to a live database. Luckily he noticed the number and knew something was up.

ROLLBACK

On the NT4 CD there is a wee file called rollback.exe

If you had upgraded from NT 3.51 it would try and rollback. YMMV on how well that went.


But if you had done a clean install it was GAME OVER.

daymobrew

BrokenArrows wrote: »

Ah we all ****ed up at some point.
I shutdown a production server which then failed to turn back on for a few hours and the automatic backup server failed to kick in too, so that was loads of fun!

Many years ago, on a Friday evening, I watched as a senior colleague ran "del /s" in a sub directory on a Windows machine. It seemed to be taking quite a while so he cancelled it. It had wiped the hard drive. We suspected that there was an error where a sub dir was linked to the root dir. :eek:

dazberry

BrokenArrows wrote: »

Ah we all ****ed up at some point.

I was working on some code in a large monolithic windows application in a bank, and it was an awkward piece of code to test - and I constantly had to log in and log out. So I disabled the login password verification, and finished the piece of work - and then checked all the changes back in.

Two weeks later someone was complaining that they could log into that app, but not a second app that used the same authentication mechanisms, when I got that cold fear feeling when I realised what I'd done.

So we "reset" the users password - blaming an obscure bug, re-enabled the password verification for the next release and told nobody

BrokenArrows

dazberry wrote: »

I was working on some code in a large monolithic windows application in a bank, and it was an awkward piece of code to test - and I constantly had to log in and log out. So I disabled the login password verification, and finished the piece of work - and then checked all the changes back in.

Two weeks later someone was complaining that they could log into that app, but not a second app that used the same authentication mechanisms, when I got that cold fear feeling when I realised what I'd done.

So we "reset" the users password - blaming an obscure bug, re-enabled the password verification for the next release and told nobody

haha. jesus thats a big ****up.

BrokenArrows

Came across some code today with a few IF conditions written like this:

if( "start".StartsWith(myparam) )
{

}
else if ( "stop".StartsWith(myparam) )
{

}

I mean it works but its so unintuitive.

Id always write it like:

if( myparam.StartsWith("start") )
{

}
else if ( myparam.StartsWith("stop") )
{

}

GreeBo

BrokenArrows wrote: »

Came across some code today with a few IF conditions written like this:

if( "start".StartsWith(myparam) )
{

}
else if ( "stop".StartsWith(myparam) )
{

}

I mean it works but its so unintuitive.

Id always write it like:

if( myparam.StartsWith("start") )
{

}
else if ( myparam.StartsWith("stop") )
{

}

That idiom is typically used to avoid null pointers, since myParam could be null bt "stop" and "start" cant be.

matrim

BrokenArrows wrote: »

Came across some code today with a few IF conditions written like this:

if( "start".StartsWith(myparam) )
{

}
else if ( "stop".StartsWith(myparam) )
{

}

I mean it works but its so unintuitive.

Id always write it like:

if( myparam.StartsWith("start") )
{

}
else if ( myparam.StartsWith("stop") )
{

}

Doesn't swapping them change the result

When myparam is longer than the value you get:

"start".StartsWith("start it all") will be false

"start it all".StartsWith("start") will be true

When myparam is shorter than the value:

"start".StartsWith("sta") will be true

"sta".StartsWith("start") will be false

GreeBo

matrim wrote: »

Doesn't swapping them change the result

When myparam is longer than the value you get:

"start".StartsWith("start it all") will be false

"start it all".StartsWith("start") will be true

When myparam is shorter than the value:

"start".StartsWith("sta") will be true

"sta".StartsWith("start") will be false

I'd assume that the parameter is always either "start" or "stop" and they used startsWith for some unknown reason.

Again, its done this way to avoid throwing a NPE.

matrim

GreeBo wrote: »

I'd assume that the parameter is always either "start" or "stop" and they used startsWith for some unknown reason.

Again, its done this way to avoid throwing a NPE.

I would have assumed that it was that they wanted to do some kind of command expansion.

sta = start
sto = stop

But of course that falls down because st which could be either would end up as start

Anesthetize

For String comparison using methods like equals(), it's generally better practice to put the quoted String first, e.g.

if ("SomeString".equals(otherString)) {
...
}

If otherString was null in this instance, this condition will evaluate to false. If we did it the other way we would get a null pointer.

Buford T Justice

*cough*

cython

Wombatman wrote: »

Met Eireann Website still using classic ASP :eek:

https://www.met.ie/default.asp

They must have heard you :P

https://beta.met.ie/

GreeBo

cython wrote: »

They must have heard you :P

https://beta.met.ie/

Hmm, in my day "beta" didnt mean "much slower"...:(

Pelvis

Search for your road and stick a space at the end. :rolleyes:

https://www.dublincity.ie/votersregistration/PublicPages/ereg.aspx?CID=

Lemming

When you hear the fvcknugget (whom can barely muster enough comprehension of basic SQL table joins) sat behind you saying "if you build it right you shouldn't need foreign keys" to try and justify their lazy attempts at not doing any work and forcing everyone else to have to sort the mess he creates anyway (including the long-suffering testers ... ), you know it's going to be a long, long day.

GarIT

Pelvis wrote: »

Search for your road and stick a space at the end. :rolleyes:

https://www.dublincity.ie/votersregistration/PublicPages/ereg.aspx?CID=

Whatever it’s supposed to do isn’t working for me on mobile. Works normally without the space does nothing with it.

GhostyMcGhost

GarIT wrote: »

Whatever it’s supposed to do isn’t working for me on mobile. Works normally without the space does nothing with it.

Exactly!

AlmightyCushion

GarIT wrote: »

Whatever it’s supposed to do isn’t working for me on mobile. Works normally without the space does nothing with it.

It's actually worse than nothing. It gives an error message saying your search string can't start/end with a space. So it checks there is a space at the beginning/end of the string and instead of dealing with it normally by trimming it, it just returns an error message.

Capt'n Midnight

If only there was a way to trim whitespace :mad:

GreeBo

Capt'n Midnight wrote: »

If only there was a way to trim whitespace :mad:

Or detect them...

Anesthetize

Capt'n Midnight wrote: »

If only there was a way to trim whitespace :mad: