|
PrBacterio posted:Now if only the C++ compiler optimized tail calls not to use any stack space Uhh, most do.
|
# ¿ Apr 20, 2010 16:27 |
|
|
# ¿ Apr 28, 2024 18:03 |
|
Plorkyeran posted:There's a difference between invalid input and input that has to be escaped. "gently caress you" in a phone number field should probably be rejected by the UI, but "O'Connor" in a name field certainly shouldn't be rejected. It might need to be escaped prior to being sent to the database, but that should be handled by the code that actually calls the database, not some higher level module. Sanitizing DB inputs is a coding horror. Prepared statements guys, or are you all 12 year old PHP script kiddies.
|
# ¿ Apr 21, 2010 02:19 |
|
Painless posted:First rule of optimization: assume that your compiler was written in 1983 by an army of white collared chimps with typewriters Well those are good, but I prefer mine First rule is READ THE loving ASSEMBLY. Second rule is PROFILE YOUR loving poo poo. The third rule is interchange 1 and 2 as approrpiate.
|
# ¿ Apr 28, 2010 01:22 |
|
Janin posted:The entire point of using tabs is so that it'll look different if somebody changes their editor's tab size. Some people like 2-space indentation, some people like 8-space; tabs let them both use whatever size they want. That's create, excecpt how do you format this: code:
|
# ¿ May 19, 2010 15:05 |
|
Janin posted:Your tax dollars and a summer intern Jesus. Christ. It at this moment I thank god that all of my coworkers are not only competent, but exceptional. We have no coding horrors (at least compared to the poo poo in this thread).
|
# ¿ Jun 4, 2010 02:23 |
|
mysql_real_escape_string is one of the greatest coding horrors of the modern error. Is there a fake escape string?
|
# ¿ Jun 10, 2010 22:58 |
|
Otto Skorzeny posted:PHP's 'default' mysql interface is a thin wrapper over mysql's C api. Said C api originally had the mysql_escape_string function, which was found to be buggy in that it had a shitton of vulnerabilities. The mysql devs deprecated (but didn't remove iirc) the function, and added a 'fixed' mysql_real_escape_string function. The PHP devs followed this change in the mysql C api in their interface to mysql. So there are two horrors here, in addition to the rather curious choice of any informed developer to not use prepared statements (aka parameterized queries). Incidentally, if you're stuck with PHP, you can use prepared statements via the mysqli module. Wait they left an API with KNOWN SECURITY VULNERABILITIES in? I've accused them of incompetence before, but that's just negligence in the extreme.
|
# ¿ Jun 11, 2010 03:07 |
|
MySQL is a coding horror. Is it possible to use a subquery yet
|
# ¿ Jun 12, 2010 02:31 |
|
Janin posted:Uh, yes? Subqueries were added over 6 years ago. Oh sorry, I meant without using an on disk temporary table and killing all performance.
|
# ¿ Jun 12, 2010 04:46 |
|
necrobobsledder posted:I'm going to just put out a minor coding "horror" I used to try to write in C when I was just starting out as a wee lad. Python, gently caress yeah.
|
# ¿ Jun 18, 2010 20:57 |
|
a) It's not doing 20 billion anythings (no idea where you got that). b) Hitting disk 200,000 times is quite a few, I hope you've got that wrapped in a transaction
|
# ¿ Jun 22, 2010 02:33 |
|
Kilson posted:If IssueNumberSequence.find_by_number() is O(n) in the sequence length, then it takes approximately 20 billion comparisons to fill the sequence. Uhh, doubtful. It's far more likely to be O(lg n).
|
# ¿ Jun 22, 2010 03:43 |
|
Not sure how to describe the coding horrors I've seen, but I'm consulting on a legal case, and jesus christ. <redacted>'s source code is a loving cluster gently caress, the core of the application is inside some shared library that thye don't even have the source for.
|
# ¿ Jul 8, 2010 15:19 |
|
Jesus christ my office just coding horror'd me. Normally I *love* the guys I work with, I read this thread and think "thank god my coworkers don't do this poo poo". I was out of the office today, I get back and a) all my tests are failing, b) there's duplicated functionality, c) they've got copy-paste of themselves. Did someone replace my coworkers with idiots?
|
# ¿ Jul 8, 2010 16:02 |
|
Spazmo posted:The real horror is using strcmp in the first place. strncmp is far safer. ... your default comparison function doesn't need to be written for cryptographic security, you have a special function to do that. You think the default strcmp should iterate over my 1 million char string just for funsies? And it further has dick-all to do with passwords, passwords should be hashed, it's for tokens and other such things that *are* plaintext.
|
# ¿ Aug 3, 2010 12:46 |
|
Internet Janitor posted:Oh boy almost ran out of memory! Lemme just allocate a couple objects to deal with the probl- I don't know about Java, but CPython at least preallocated an OutOfMemory exception.
|
# ¿ Aug 12, 2010 19:56 |
|
If you think that's a coding horror, your codebase is probably ok. I can think of a totally valid reason for that. The Color class isn't under your control and features general color management things, for your app you want to have a consistant UI, and you're starting with their definitions of what constitutes DARK GREEN, but that might be changed in the future.
|
# ¿ Aug 27, 2010 16:53 |
|
b0lt posted:Strings are immutable in C# like in java, why would it allocate a new string? Because otherwise you need to keep a ref to the old string, which depending on the relative sizes of the strings could be bad.
|
# ¿ Aug 31, 2010 16:33 |
|
It's amazing... not once does he actually use o[0].
|
# ¿ Sep 19, 2010 14:36 |
|
Vaginal Engineer posted:I don't know how terrible they are, but this is the standard for a number of mathematical languages inlcuding Maple and Magma. lua's another one. http://userweb.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD831.html
|
# ¿ Sep 19, 2010 17:45 |
|
snare posted:Database credentials. As in those used by the application to connect to the database, not those used by a user to authenticate with the application. Those would be a problem too though.
|
# ¿ Sep 20, 2010 14:23 |
|
I've never been responsible for employee interviews before, but if I ever am, I'm asking a question about how the candidate feels about type coercions.
|
# ¿ Sep 27, 2010 13:28 |
|
Hammerite posted:are you going to ask that in order to see whether they agree with you, or to see what knowledge they display about the subject and what reasoning they give for their opinion? Both.
|
# ¿ Sep 27, 2010 13:41 |
|
gibbed posted:Why is this a horror? Real horror spotted.
|
# ¿ Oct 7, 2010 14:33 |
|
Wheany posted:$get = sqlInjectionProtect($_GET); Pack it up, go home folks, this is the ultimate horror.
|
# ¿ Nov 9, 2010 21:25 |
|
ymgve posted:Might not be a horror (except for the fact that they're probably not used parameterized queries) - I assume the function does something like "Check if gpc_magic_quotes is enabled, if not, do manual escape of all variables." Uhh, escaping on insertion is definitely a horror. You don't escape input data. Ever.
|
# ¿ Nov 10, 2010 06:44 |
|
NotShadowStar posted:Sometimes you don't have a choice. I had to work on a RedHat Enterprise Linux box for a long time. Here's the thing about RedHat: they gently caress with standard libraries however they want so they're pretty much incompatible with anything outside of RedHat land. In this case, they had their own version of PHP 4.1 in which they EXPLICITLY DISABLED THE MYSQLI FUNCTIONS at compile time. I tried recompiling my own version of PHP but something else would randomly break on the system when I did so. So I couldn't do bound parameter statements and had to be stuck escaping SQL statements. Oh my god, it's like a meta-horror.
|
# ¿ Nov 10, 2010 22:51 |
|
Vanadium posted:Did the C++ thread not just tell a guy to go ahead with lots of string comparisons instead of bothering with a hashmap or whatever Are we talking about the thing where someone recommended some god-forsaken academic wackadoo datastruture that was completely inappropriate in place of a hashtable?
|
# ¿ Nov 15, 2010 06:11 |
|
From a client's project: in the test suite there are lovely blocks like:code:
|
# ¿ Dec 8, 2010 07:02 |
|
Orzo posted:You make it sound like writing something to eliminate 'dead code' is trivial. It isn't. You have to be extremely careful when writing an optimization like that since it's so dramatic (removing entire blocks of code). Who knows what the internal implementation is? All we know is that adding some things makes it not work anymore, and even if they look like completely trivial additions, it's entirely plausible that the algorithm pessimistically gives up (as it should) rather than making the statement that Microsoft is cheating (poorly) on one of many, many browser tests. As someone who works on a JIT, this is a crock of poo poo. The "optimization" fails in such hilarious ways it's exceptionally clear (IMO) that they either a) wrote the optimization without any consideration for the semantics of javascript, or b) wrote it specifically for this test.
|
# ¿ Dec 8, 2010 19:19 |
|
Munkeymon posted:What would you expect the logical and of two arrays to be? I'd expect an array, in a boolean context, to evaluate as bool(array.length). Javascript has this lovely thing where one item arrays are equivalent to array[0].
|
# ¿ Dec 9, 2010 18:28 |
|
Hammerite posted:The whole "omg PHP type-juggling" thing is a bit of a dead horse isn't it? Yeah it's not always terribly consistent, it's meant to allow you to Get poo poo Done quickly. It's not necessarily optimised for that, but it doesn't do too badly. It does give you ways to compare things carefully when you need to do so. Yeah, I forgot "gently caress my life" == 0 really helps make websites faster :?:
|
# ¿ Dec 11, 2010 06:43 |
|
http://codahale.com/how-to-safely-store-a-password/
|
# ¿ Dec 17, 2010 23:02 |
|
evensevenone posted:I pretty much assume that any password I use for a website that isn't a bank or something that hires real auditors could be hacked and stolen. Doubly so if the site was written in php. Yeah one of my banks has a character limit for passwords. It's great knowing the golf social networking site my company wrote likely has better password security than my bank.
|
# ¿ Dec 18, 2010 18:33 |
|
tuples are immutable, that is the objects they contain can't change, but there's no requirement that the objects they point to be immutable.
|
# ¿ Mar 28, 2011 16:38 |
|
PrBacterio posted:No the actual horror here is, why on earth does Python try to do a no-op assignment in this case after already having modified the list in-place? If you think about how += should be implemented on immutable objects for about a quarter of a second you'd figure it out.
|
# ¿ Mar 29, 2011 13:29 |
|
|
# ¿ Apr 28, 2024 18:03 |
|
MutantBlue posted:You've found the one thing that PHP is good for. It's not even classy looking. code:
|
# ¿ Apr 15, 2011 06:35 |