Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

TRex EaterofCars posted:

Example: Duff's Device.

No, Duff's Device is brilliant in every way.

Adbot
ADBOT LOVES YOU

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

nebby posted:

One thing I think would be really interesting would be the introduction of a kanji-like symbology so the density of information in code could go way up since the cardinality of characters would be much, much higher.

Do you ever stop masturbating to thoughts of how steeper learning curves could be added to programming?

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Khorne posted:

People write code that bad? I hope it was a first year student.

edit oh I see, this is just another "single entry and exit point" abortion

it seriously took me three readings to figure out how that code could possibly work

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

dustgun posted:

http://dev.rubyonrails.org/browser/trunk/activesupport/lib/active_support/core_ext/blank.rb
It's simple enough to just toss into whatever project you need to use it in.

Hell, just including all of ActiveSupport is a pretty decent idea. There's a lot of good stuff in there.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...
I just turn on warnings as errors. Honestly, I consider code that emits warnings sloppy, no matter why. I suppose I haven't built apps that have cases where a warning is unavoidable, though.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Cazlab posted:

php:
<?
private string ValidateFileContent()
        {
            // Validates the file content against the selected target
            // table.
            //if (StringUtil.EqualsIgnoreCase(this.DataTarget, this.TableName) == false)
            //{
            //    // Does not match target type.
            //    return "Invalid";
            //}

            // No errors.
            return null;
        }
?>
I ran into this just now. After being told to validate the file against potential EOF problems (trailing carriage returns and poo poo.)

Edit: c# not php, just did that for coloring.

This isn't necessarily terrible. I mean, the fact that it's a string instead of a bool or throwing an exception is pretty bad, but the way they removed the check isn't terrible, since maybe a lot of code calls it. Yes, that's what search and replace is for, but maybe they wanted the code to stay for now.

It's bad, but not a horror.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Chain Chomp posted:

Ok, I was right, that table is incredibly sparse.

It's kind of funny that an hour's worth of reading about database theory would have eliminated this problem.

I can't even figure out what he's thinking. Two minutes of asking a question would have solved his problem.

I remember when I was first trying to figure out how to make a web-based game, having only done one in mIRC script (christ, that's a coding horror all its own) and coming to the conclusion that I was probably going to have to make a separate table for each player.

I had to ask someone how I'd pull that off and she was like "wtf??? NO" and that pretty much fixed me.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

dwazegek posted:

I just came upon this. There are about 20 different variations for different properties, all almost identical, only the property names and default values differ.
code:
if (config["someProperty"] != null && config["someProperty"].Trim() != "")
{
    someProperty = config["someProperty"];
}
else
{
    someProperty = "defaultValue";
}

I actually wrote a String C# extension method to do something like this. But I think it was String.NullOrEmpty() or something.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

shopvac4christ posted:

Well, prepare to have nowhere to go when you die.

I remember playing in mIRC scripting. There are no arrays in this language (or weren't, yet).

So if I wanted to have, say, an array of players, my best method was

$[player. [ $+ [ $num ] ] ]

Things got worse before they had hashes. If I wanted to load a player's stats into a location...

$[player. [ $+ [ $num ] $+ ] .attack]

I wrote an entire game in this "language".

:suicide:

(I'll try to pull out some examples when I get home.)

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Teabiscuit posted:

My housemate does horrible things with variable names. His code often looks like this
code:
if (rapefucker1 == cockstick)
{
  for (int SHITCOCK = 0,sodomy > 20,SHITCOCK++)
  {
    ANALRAPE = CUNTBAGS;
    sodomy += ANALRAPE;
    if (sodomy != CUNTFINGERS)
    {
       sodomy = Dicklegs->dropthecunt(sodomy);
    }
  }
}
Sometimes i ask him what certain variables are doing and he says he has no idea but if he takes it out the program breaks.

This is hilarious.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

RegonaldPointdexter posted:

I saw this in some JavaScript yesterday:

code:
var change = true;
change = false;
while(change) {
  change = false;
No, I didn't remove any lines inbetween. It was exactly like this.

I actually did this in an early version of C#, to demonstrate a bug. I don't remember the exact circumstances leading up to this code, but I was having problems with string assignment, and this code actually looped forever:

code:
string s = "something";
s = "something else";
while (s != "something else") {
  s = "something else";
}
I was quite aggravated about this. No exceptions, nothing. I wish I could find the code again.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...
Today I saw something that made me cry since I'm pretty sure the guy that's writing this is getting paid more than me.

This guy spent four days writing an app in .NET which allowed you to put an x and y value in two textboxes and click "Plot" and it would plot a point at those values on another control. And his code didn't even work.

So today I gave him a story for "parsing" log files retrieved from a machine. The first iteration of this is simply "look for {FAIL!} in the log, if it's there, the test failed."

His solution looks something like this (he hasn't checked it in yet and I'm just going off memory of what I saw over the shoulder)

code:
StreamReader x = open file etc;
byte[] y = x.ReadToEnd();
int i = 0;
while (i != y.Length)
{
  i = i + 1;
  if (y == "{FAIL!}")
  {
    ....
I don't remember exactly how he was checking for the string, maybe he wasn't there yet, but I went back to my office and made head-shaped imprints in my desk.

When I left today he was "stuck" on a compiler error which said "You can't have a method with the same name as its containing type". How is this a hard error to interpret?

edit: Oh, also, at one point he wanted to make a flag "WaitForFinishTrueOrFalse", and also changed a boolean field from "WillCheckReturnValue" on an object to "IsCheckReturnValue". And then used it in a if (IsCheckReturnValue == true) statement as justification for why "is" was better.

Dessert Rose fucked around with this message at 05:32 on Nov 21, 2008

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

No Safe Word posted:

I assume he means something like a user story

Correct. It's a Scrum/Agile term.

Here's what he checked in:

code:
        public int RetrieveLog(string vmLog, string sourceLog)
        {
            VMName = vmLog;
            Source = Program.GetFilePath(sourceLog, Program.target_dir);
            byte [] logResults = null;
            int counter = 0;

            logResults = System.IO.File.ReadAllBytes(Source);
            while (counter != logResults.Length)
            {
                if (logResults[counter].ToLower() == "fail")
                {
                    returnCode = 1;  //failure return code
                    break;
                }
                counter++;
            }
        }
I think I want to kill myself.

(It doesn't work, so I think he removed it from the project file so that the project still built)

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Munkeymon posted:

I'm not musical enough to know what the hell that thing is :(

"flat" instead of "sharp".

Yeah, I replaced the code with about three lines of "actual" code (the rest being whitespace and return {constant} statements) ... oh, and mine worked.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...
More from the saga of terrible sdet!

I told him to make sure to separate view and controller/model code, and this is what he's come up with:

code:
        private void groupBoxRecordFormat_Enter(object sender, EventArgs e)
        {
            PrepareWriteRecordFormat();
        }

        private void PrepareWriteRecordFormat()
        {
            if (radioButtonHigh.Checked)
            {
                _RecordFormat = "2";
            }
            else if (radioButtonMedium.Checked)
            {
                _RecordFormat = "3";
            }
            else if (radioButtonLow.Checked)
            {
                _RecordFormat = "4";
            }
        }
:ughh:

Oh, also:

code:
        private void ProcessRecordButton()
        {
            if (_recordButtonIsOn)
            {
                _recordButtonIsOn = false;  // Button is dis-Engaged
            }
            else
            {
                _recordButtonIsOn = true;  // Button is Engaged
            }
        }

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

royallthefourth posted:

"What's this bullshit table full of sequential numbers? We don't need this!"
code:
DROP TABLE tblNextID

TRUNCATE TABLE tblNextID
I can't decide which would be the best!

I like TRUNCATE best because it isn't immediately obvious what's going on when the app breaks. Also, potentially it could go for a while without being noticed (if previous records are deleted)

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

geetee posted:

Ugh, I work with one of those. I think now is a great time for me to start poo poo again about the "guid" table. I talk so much poo poo about my coworkers. I really hope none of them are goons.

Yeah, the SDET we hired is one of those.

He seriously tried to defend the use of global variables.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

ehnus posted:

Really? Global variables? How heinous!

What's next, is he going to say that "goto" actually makes sense in certain situations?

Okay, look, there's a difference between there possibly being edge cases in which it can be used and...
code:
        private void ReadIniFile()
        {
            input = new FileStream("config.ini", FileMode.Open, FileAccess.Read);
            fileReader = new StreamReader(input);
            _buffer = fileReader.ReadLine();
            _inputFields = _buffer.Split('=');
            textBoxMovieName.Text = _inputFields[1];

            _buffer = fileReader.ReadLine();
            _inputFields = _buffer.Split('=');
            textBoxRecordTime.Text = _inputFields[1];

            _buffer = fileReader.ReadLine();
            _inputFields = _buffer.Split('=');
            _RecordFormat = _inputFields[1];
            PrepareReadRecordFormat();

            fileReader.Close();
            input.Close();
        }
I mean, I feel like I'm reading Ruby or something, except ugly.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

chocojosh posted:

What exactly is wrong with that code? He has an INI file with three lines in the form of X=Y and he's taking the second field of the first three lines and using them to populate values. How is it ugly?

Every variable there is global (well, technically it's private to the class but since the entire app is this one class... which is a big WTF all by itself) and the method doesn't return anything or take anything (because it uses global variables), for starters.

The config file name is hardcoded, in more than one place.

The code itself doesn't handle humans editing the file gracefully. Since he's using the INI format he intends humans to be able to edit it, and humans screw up a lot. Especially humans who aren't very good at using computers, which this app is targeted at.


The biggest WTF is simply that it took him an entire week of working 12h a day (he worked on it from home) to turn out code of this quality, and he gets paid more than I do.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

chocojosh posted:

Thanks, because of the comment you made about the goto I read it four times wondering where the goto was.

Outlaw: When I wrote a small desktop app for my company last summer, I just followed the "standard convention" at our office and used app.config. I believe ConfigurationManager.AppSettings was what I used.

I hope it didn't take him 60 hours to just come up with a 20 line function! If so.. are you looking to replace him?

Well, I was responding to someone trying to troll me for possibly suggesting that something in coding could NEVER have a use.

It's not just that function, it's his whole app.

Basically what we want to do is a GUI wrapper for a CLI app. Doing it in VBS would have been faster, but not as flexible, while doing it in C# allows us to do some other things that VBS can't do.

He has managed to take all the disadvantages of the VBS approach and apply them to the C# approach, and his code didn't work AT ALL until the end of the week. And it's still missing a few key features. His code review consisted of "Don't ever use global variables." "Well I wanted to get it working quickly..." "Don't use globals. It's terrible style. Also, catch the events you actually care about rather than events that are tangentially related. Further, your code doesn't even work." "Well this is just a review about the composition of the code..." "Okay. GLOBAL VARIABLES. VOID METHODS. CALLING TOSTRING() ON STRING VALUES."

My boss knows that he can't do the work effectively AT ALL and is, I believe, looking to replace him, but it's harder to find a competent SDET than you'd think.

The punchline is that this guy is on his contracting break from MS' Explorer team. I can't quite wrap my head around this situation at ALL.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Lone_Strider posted:

Holy poo poo, this is like a tell-tale mark for crappy devs. I bet when he was called on it he said "well I'm just making sure"

Seriously. textBox.Text.ToString()? Really? I mean, really?

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Vanadium posted:

That just makes the code more portable. In Ruby it is common practice to call .to_s on string-like objects

This is a level, right?

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

comaerror posted:


To this day I am ashamed of that if statement.

You should be really proud of your var naming, though. $fireme is genius.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

zergstain posted:

I may be a bit late posting this, but it looks like everything at work is escaped with mysql_escape_string(). I know it's deprecated and all, but I'm unable to find info on the real world security implications, or even why escaping ' isn't enough. Any examples I've ever seen rely on an unescaped '. Perhaps if I have enough evidence of what might happen, it can be changed. And no, I'm not going to rewrite it all to use whatever the gently caress it's called where you bind variables. I don't even know if mysqli is available.

The difference between escape and real_escape is only a problem if you're not using latin1.

If you can somehow magically escape all the ' characters assuredly, then in most cases you're safe, yes. But this is the problem with what you're saying -- the "real" coding horror:

quote:

I'm unable to find info on the real world security implications, or even why escaping ' isn't enough.

You don't know. You don't know whether or not an attack is possible. You do, however, know the best way to code it so that this entire class of attack is NOT possible.

The flaw is in your thought process. "Well, I don't know of any attacks that this doesn't prevent against, so this level of security is okay, I'll just use that." Why would you even want to think about that? Just code it the way that's not vulnerable to that class of attack AT ALL and go about your day.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Atom posted:

I challenge you to construct for me a sample query where prepared statements are any more secure than properly-used mysql_real_escape_string().

I challenge you to prove to me that mysql_real_escape_string() takes care of absolutely every possible SQL injection attack, including ones that may be discovered later.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

hexadecimal posted:

Also what should it return if its not of CVSRevision type? Since its an error anyway, I think 0 is as good as any other return value.

Yeah, "it's equal" is definitely as good as throwing a ComparisonException or something.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

zergstain posted:

I understand the effectiveness of this against network sniffers, but as far as stopping someone who has stolen the database (which is why we shouldn't store passwords as plain text, isn't it?), it seems pretty worthless. Maybe it could store the password as 2 rounds of sha256, and the browser could compute the hash once and just send everything separately, then the server hashes it again, and compares it with the database.

There is literally no, I repeat, no way that you can defend against someone who has stolen your db. If someone has hosed your poo poo that thoroughly you can't stop them from logging in as anyone.

The reason we don't store passwords as plaintext is because if I steal your db, you don't want to have to email all your users and go "Whoops, we hosed up, please change your password everywhere else you use the one you used for this site." You can just say "Hey, you'll need to reset your pw next time you log in", or somesuch.

The reason for challenge/response is so that if I (as evil hacker) am on unsecure wifi at, say, Starbucks, and you are there too, and you log in to the site over unsecure HTTP, I can't use anything I just saw (assuming I've seen your entire handshake with the site) to log in as you (except, perhaps, the cookie that you got sent back as your session token)

ed: The reason you can't defend against someone who knows everything you know is because a password is also known as a "shared secret". All the methods that we use to authenticate a user basically revolve around the idea that we're verifying that the client and the server both know some bit of data that's unique to that account. Since I've stolen the database, I've stolen all those bits of data - no matter how it's stored, somewhere all we're doing is verifying that one of us knows the same thing as the other one - and so I do know the shared secret. There's no way you can have the server know and yet not know what it's using to auth a user.

This is the same reason why DRM can only fail, as a sidebar; the client and server are the same person.

Dessert Rose fucked around with this message at 06:05 on Jan 11, 2009

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...
Well, except then you can't fight network sniffing.

But yeah, I'm an idiot and I have no idea what I was thinking when I wrote that :suicide:

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

hexadecimal posted:

Can you talk about the md5 exploit? Given an md5 hash, how hard is it to generate a string with a certain size limit that will generate same md5 hash? If that is no longer a hard problem, then if one stole your DB including md5 hashes, you are pretty much hosed right?

There has been no exploit in this department. The MD5 exploit has to do with me being able to generate colliding documents given that I control all the original documents.

So if I somehow got you to give it a password that I generated for you, I could then know another password that generated that same hash.

The MD5 exploit is much more useful in terms of certificate signing. If I want an SSL cert for, say, verisign.com, obviously verisign isn't going to give me one.

But if I generate two SSL certs - one for verisign.com, and one for dog&ponyshow.biz, and they both hash to the same MD5, then if I can get Verisign to sign my dog&ponyshow.biz cert, I can use their signature for my verisign.com cert and be a MITM without a security warning box popping up.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

da keebsta knicca posted:

It is a university, we basically have to some times use NULL not to make people angry.

To be fair, I'd be pretty pissed off if I had both sexes and you forced me to pick one.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...
the real wtf is that it actually saves to the file (without asking) and then asks if you want to save the file, but really it's asking "do you not want to delete the file?"

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Ledneh posted:

I had a coworker once who protested the Single Point of Return policy at my old job by replacing his returns with gotos to the end of the function with the return. He eventually won, on the proviso that he get rid of the gotos :v:

That is loving awesome.

So one of our devs got into a big fight with us (the testing half) about unit testing. He declared that his code was, in fact, unit tested.

This is what he thought constituted unit testing:
code:
            #region VerificationCodePart1
            if (System.Diagnostics.Debugger.IsAttached)
             {

                 if (File.Exists("Log.txt"))
                 {
                     Log = new FileStream("Log.txt", FileMode.Append);
                 }
                 else
                 {
                     Log = new FileStream("Log.txt", FileMode.OpenOrCreate);
                 }

                 Trace.Listeners.Add(new TextWriterTraceListener(Log));
                 Trace.WriteLine("");
                 Trace.WriteLine("********************New Install Selected*******************");
                 Trace.WriteLine("Install Button Clicked");
             }
            #endregion
            buttonCancel.Enabled = false;
            buttonInstall.Enabled = false;
            #region VerificationCodePart2
            if (System.Diagnostics.Debugger.IsAttached)
            {
                if (buttonCancel.Enabled == false)
                    Trace.WriteLine("Cancel button is disabled");
                if (buttonInstall.Enabled == false)
                    Trace.WriteLine("Install button is disabled");
            }
            #endregion

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

ScaryFast posted:

This isn't a coding horror but it has to do with web hosting

awesome, thanks for posting in "Web hosting horrors: post things that aren't coding horrors in any way".

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...
That's not really that bad. I mean, it's terrible in the "Your code should be figuring out how to format it for me" sense, but the regex itself isn't that bad.

Well, except for the spaces I suppose. What?

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Zombywuf posted:

I'm sorry, I seem to have wandered into the "Get butthurt about people not liking the way I code" thread. Can you please direct me to the thread about taking the piss out of code?

Uh, naming conventions that are not patently insane are not coding horrors.

For example, if he had named it it_nm_dx then perhaps you could say that was the real horror.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...
Haha, someone read about singletons, and the example was probably a logger. That's awesome.

Sometimes I write code like this - the part of my brain that says "You're doing too much" just disengages.

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...
What exactly is it about the for-switch loop that causes it to spread so widely?

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Fehler posted:

I actually had a good reason for this as well, as there was gonna be a final else that handled all lines after the third one.

code:
fgets(line, sizeof(line), file);
do stuff with first line
fgets(line, sizeof(line), file);
do stuff with second line
while (!feof(file)) {
do stuff
}

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Fehler posted:

code:
if(!feof(file)) {
 fgets(line, sizeof(line), file);
 do stuff with first line
 if(!feof(file)) {
  fgets(line, sizeof(line), file);
  do stuff with second line
  while (!feof(file)) {
    fgets(line, sizeof(line), file);
    do stuff
  }
 }
}
Is that really so much better?

eh. But your code is unclear: what if there IS only one line? Is that okay? It would seem to me that if I had to write special cases for lines 1 and 2, I should expect that the file will always have at least those two lines, and something else is an exceptional condition.

Adbot
ADBOT LOVES YOU

Dessert Rose
May 17, 2004

awoken in control of a lucid deep dream...

Randel Candygram posted:

Here's a real gem from the codebase I'm working with right now. It's in the middle of a few hundred nearly uncommented message definitions.
code:
message PeerXXX {
	required PeerAddr thisAddr = 1;
	// This field is tricky. Ideally, I could define a fixed size 7-bit
	// field, to represent values from 0 to 127, roughly the range of values
	// we're dealing with here. However, protocol buffers do not support this.
	// As a workaround, all but the first 7 bits are discarded. If taking the
	// modulo of 128 of this value is greater than 100, it should be ignored.
	required uint32 XXXPercent = 2;
	// Also, to you 'clever' programmers out there, don't even think of mangling
	// my protocol by assigning new behavior to 101-127. Use extensions.
	// They're there, they're supported, they don't break things, and I won't
	// feel compelled to find out where you live and draw pickles doing silly
	// things on your windows.
}
	// And don't think living in another country will stop me.

I enjoy how the final comment is after the brace, almost as a "P.S.".

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply