|
TRex EaterofCars posted:Example: Duff's Device. No, Duff's Device is brilliant in every way.
|
# ¿ Mar 28, 2008 20:56 |
|
|
# ¿ Mar 28, 2024 19:52 |
|
nebby posted:One thing I think would be really interesting would be the introduction of a kanji-like symbology so the density of information in code could go way up since the cardinality of characters would be much, much higher. Do you ever stop masturbating to thoughts of how steeper learning curves could be added to programming?
|
# ¿ Apr 1, 2008 01:51 |
|
Khorne posted:People write code that bad? I hope it was a first year student. edit oh I see, this is just another "single entry and exit point" abortion it seriously took me three readings to figure out how that code could possibly work
|
# ¿ Apr 1, 2008 21:51 |
|
dustgun posted:http://dev.rubyonrails.org/browser/trunk/activesupport/lib/active_support/core_ext/blank.rb Hell, just including all of ActiveSupport is a pretty decent idea. There's a lot of good stuff in there.
|
# ¿ Apr 8, 2008 21:02 |
|
I just turn on warnings as errors. Honestly, I consider code that emits warnings sloppy, no matter why. I suppose I haven't built apps that have cases where a warning is unavoidable, though.
|
# ¿ May 13, 2008 18:43 |
|
Cazlab posted:
This isn't necessarily terrible. I mean, the fact that it's a string instead of a bool or throwing an exception is pretty bad, but the way they removed the check isn't terrible, since maybe a lot of code calls it. Yes, that's what search and replace is for, but maybe they wanted the code to stay for now. It's bad, but not a horror.
|
# ¿ Jun 5, 2008 18:33 |
|
Chain Chomp posted:Ok, I was right, that table is incredibly sparse. I can't even figure out what he's thinking. Two minutes of asking a question would have solved his problem. I remember when I was first trying to figure out how to make a web-based game, having only done one in mIRC script (christ, that's a coding horror all its own) and coming to the conclusion that I was probably going to have to make a separate table for each player. I had to ask someone how I'd pull that off and she was like "wtf??? NO" and that pretty much fixed me.
|
# ¿ Jun 6, 2008 23:23 |
|
dwazegek posted:I just came upon this. There are about 20 different variations for different properties, all almost identical, only the property names and default values differ. I actually wrote a String C# extension method to do something like this. But I think it was String.NullOrEmpty() or something.
|
# ¿ Jun 24, 2008 23:29 |
|
shopvac4christ posted:Well, prepare to have nowhere to go when you die. I remember playing in mIRC scripting. There are no arrays in this language (or weren't, yet). So if I wanted to have, say, an array of players, my best method was $[player. [ $+ [ $num ] ] ] Things got worse before they had hashes. If I wanted to load a player's stats into a location... $[player. [ $+ [ $num ] $+ ] .attack] I wrote an entire game in this "language". (I'll try to pull out some examples when I get home.)
|
# ¿ Jul 1, 2008 22:49 |
|
Teabiscuit posted:My housemate does horrible things with variable names. His code often looks like this This is hilarious.
|
# ¿ Jul 3, 2008 19:57 |
|
RegonaldPointdexter posted:I saw this in some JavaScript yesterday: I actually did this in an early version of C#, to demonstrate a bug. I don't remember the exact circumstances leading up to this code, but I was having problems with string assignment, and this code actually looped forever: code:
|
# ¿ Aug 28, 2008 23:19 |
|
Today I saw something that made me cry since I'm pretty sure the guy that's writing this is getting paid more than me. This guy spent four days writing an app in .NET which allowed you to put an x and y value in two textboxes and click "Plot" and it would plot a point at those values on another control. And his code didn't even work. So today I gave him a story for "parsing" log files retrieved from a machine. The first iteration of this is simply "look for {FAIL!} in the log, if it's there, the test failed." His solution looks something like this (he hasn't checked it in yet and I'm just going off memory of what I saw over the shoulder) code:
When I left today he was "stuck" on a compiler error which said "You can't have a method with the same name as its containing type". How is this a hard error to interpret? edit: Oh, also, at one point he wanted to make a flag "WaitForFinishTrueOrFalse", and also changed a boolean field from "WillCheckReturnValue" on an object to "IsCheckReturnValue". And then used it in a if (IsCheckReturnValue == true) statement as justification for why "is" was better. Dessert Rose fucked around with this message at 05:32 on Nov 21, 2008 |
# ¿ Nov 21, 2008 05:28 |
|
No Safe Word posted:I assume he means something like a user story Correct. It's a Scrum/Agile term. Here's what he checked in: code:
(It doesn't work, so I think he removed it from the project file so that the project still built)
|
# ¿ Nov 21, 2008 22:33 |
|
Munkeymon posted:I'm not musical enough to know what the hell that thing is "flat" instead of "sharp". Yeah, I replaced the code with about three lines of "actual" code (the rest being whitespace and return {constant} statements) ... oh, and mine worked.
|
# ¿ Nov 22, 2008 00:06 |
|
More from the saga of terrible sdet! I told him to make sure to separate view and controller/model code, and this is what he's come up with: code:
Oh, also: code:
|
# ¿ Dec 4, 2008 19:09 |
|
royallthefourth posted:"What's this bullshit table full of sequential numbers? We don't need this!" I like TRUNCATE best because it isn't immediately obvious what's going on when the app breaks. Also, potentially it could go for a while without being noticed (if previous records are deleted)
|
# ¿ Dec 4, 2008 21:05 |
|
geetee posted:Ugh, I work with one of those. I think now is a great time for me to start poo poo again about the "guid" table. I talk so much poo poo about my coworkers. I really hope none of them are goons. Yeah, the SDET we hired is one of those. He seriously tried to defend the use of global variables.
|
# ¿ Dec 5, 2008 11:36 |
|
ehnus posted:Really? Global variables? How heinous! Okay, look, there's a difference between there possibly being edge cases in which it can be used and... code:
|
# ¿ Dec 5, 2008 20:15 |
|
chocojosh posted:What exactly is wrong with that code? He has an INI file with three lines in the form of X=Y and he's taking the second field of the first three lines and using them to populate values. How is it ugly? Every variable there is global (well, technically it's private to the class but since the entire app is this one class... which is a big WTF all by itself) and the method doesn't return anything or take anything (because it uses global variables), for starters. The config file name is hardcoded, in more than one place. The code itself doesn't handle humans editing the file gracefully. Since he's using the INI format he intends humans to be able to edit it, and humans screw up a lot. Especially humans who aren't very good at using computers, which this app is targeted at. The biggest WTF is simply that it took him an entire week of working 12h a day (he worked on it from home) to turn out code of this quality, and he gets paid more than I do.
|
# ¿ Dec 8, 2008 06:06 |
|
chocojosh posted:Thanks, because of the comment you made about the goto I read it four times wondering where the goto was. Well, I was responding to someone trying to troll me for possibly suggesting that something in coding could NEVER have a use. It's not just that function, it's his whole app. Basically what we want to do is a GUI wrapper for a CLI app. Doing it in VBS would have been faster, but not as flexible, while doing it in C# allows us to do some other things that VBS can't do. He has managed to take all the disadvantages of the VBS approach and apply them to the C# approach, and his code didn't work AT ALL until the end of the week. And it's still missing a few key features. His code review consisted of "Don't ever use global variables." "Well I wanted to get it working quickly..." "Don't use globals. It's terrible style. Also, catch the events you actually care about rather than events that are tangentially related. Further, your code doesn't even work." "Well this is just a review about the composition of the code..." "Okay. GLOBAL VARIABLES. VOID METHODS. CALLING TOSTRING() ON STRING VALUES." My boss knows that he can't do the work effectively AT ALL and is, I believe, looking to replace him, but it's harder to find a competent SDET than you'd think. The punchline is that this guy is on his contracting break from MS' Explorer team. I can't quite wrap my head around this situation at ALL.
|
# ¿ Dec 8, 2008 06:49 |
|
Lone_Strider posted:Holy poo poo, this is like a tell-tale mark for crappy devs. I bet when he was called on it he said "well I'm just making sure" Seriously. textBox.Text.ToString()? Really? I mean, really?
|
# ¿ Dec 8, 2008 19:21 |
|
Vanadium posted:That just makes the code more portable. In Ruby it is common practice to call .to_s on string-like objects This is a level, right?
|
# ¿ Dec 8, 2008 19:58 |
|
comaerror posted:
You should be really proud of your var naming, though. $fireme is genius.
|
# ¿ Jan 3, 2009 00:42 |
|
zergstain posted:I may be a bit late posting this, but it looks like everything at work is escaped with mysql_escape_string(). I know it's deprecated and all, but I'm unable to find info on the real world security implications, or even why escaping ' isn't enough. Any examples I've ever seen rely on an unescaped '. Perhaps if I have enough evidence of what might happen, it can be changed. And no, I'm not going to rewrite it all to use whatever the gently caress it's called where you bind variables. I don't even know if mysqli is available. The difference between escape and real_escape is only a problem if you're not using latin1. If you can somehow magically escape all the ' characters assuredly, then in most cases you're safe, yes. But this is the problem with what you're saying -- the "real" coding horror: quote:I'm unable to find info on the real world security implications, or even why escaping ' isn't enough. You don't know. You don't know whether or not an attack is possible. You do, however, know the best way to code it so that this entire class of attack is NOT possible. The flaw is in your thought process. "Well, I don't know of any attacks that this doesn't prevent against, so this level of security is okay, I'll just use that." Why would you even want to think about that? Just code it the way that's not vulnerable to that class of attack AT ALL and go about your day.
|
# ¿ Jan 7, 2009 20:03 |
|
Atom posted:I challenge you to construct for me a sample query where prepared statements are any more secure than properly-used mysql_real_escape_string(). I challenge you to prove to me that mysql_real_escape_string() takes care of absolutely every possible SQL injection attack, including ones that may be discovered later.
|
# ¿ Jan 8, 2009 01:21 |
|
hexadecimal posted:Also what should it return if its not of CVSRevision type? Since its an error anyway, I think 0 is as good as any other return value. Yeah, "it's equal" is definitely as good as throwing a ComparisonException or something.
|
# ¿ Jan 8, 2009 20:21 |
|
zergstain posted:I understand the effectiveness of this against network sniffers, but as far as stopping someone who has stolen the database (which is why we shouldn't store passwords as plain text, isn't it?), it seems pretty worthless. Maybe it could store the password as 2 rounds of sha256, and the browser could compute the hash once and just send everything separately, then the server hashes it again, and compares it with the database. There is literally no, I repeat, no way that you can defend against someone who has stolen your db. If someone has hosed your poo poo that thoroughly you can't stop them from logging in as anyone. The reason we don't store passwords as plaintext is because if I steal your db, you don't want to have to email all your users and go "Whoops, we hosed up, please change your password everywhere else you use the one you used for this site." You can just say "Hey, you'll need to reset your pw next time you log in", or somesuch. The reason for challenge/response is so that if I (as evil hacker) am on unsecure wifi at, say, Starbucks, and you are there too, and you log in to the site over unsecure HTTP, I can't use anything I just saw (assuming I've seen your entire handshake with the site) to log in as you (except, perhaps, the cookie that you got sent back as your session token) ed: The reason you can't defend against someone who knows everything you know is because a password is also known as a "shared secret". All the methods that we use to authenticate a user basically revolve around the idea that we're verifying that the client and the server both know some bit of data that's unique to that account. Since I've stolen the database, I've stolen all those bits of data - no matter how it's stored, somewhere all we're doing is verifying that one of us knows the same thing as the other one - and so I do know the shared secret. There's no way you can have the server know and yet not know what it's using to auth a user. This is the same reason why DRM can only fail, as a sidebar; the client and server are the same person. Dessert Rose fucked around with this message at 06:05 on Jan 11, 2009 |
# ¿ Jan 11, 2009 06:00 |
|
Well, except then you can't fight network sniffing. But yeah, I'm an idiot and I have no idea what I was thinking when I wrote that
|
# ¿ Jan 11, 2009 06:13 |
|
hexadecimal posted:Can you talk about the md5 exploit? Given an md5 hash, how hard is it to generate a string with a certain size limit that will generate same md5 hash? If that is no longer a hard problem, then if one stole your DB including md5 hashes, you are pretty much hosed right? There has been no exploit in this department. The MD5 exploit has to do with me being able to generate colliding documents given that I control all the original documents. So if I somehow got you to give it a password that I generated for you, I could then know another password that generated that same hash. The MD5 exploit is much more useful in terms of certificate signing. If I want an SSL cert for, say, verisign.com, obviously verisign isn't going to give me one. But if I generate two SSL certs - one for verisign.com, and one for dog&ponyshow.biz, and they both hash to the same MD5, then if I can get Verisign to sign my dog&ponyshow.biz cert, I can use their signature for my verisign.com cert and be a MITM without a security warning box popping up.
|
# ¿ Jan 11, 2009 06:19 |
|
da keebsta knicca posted:It is a university, we basically have to some times use NULL not to make people angry. To be fair, I'd be pretty pissed off if I had both sexes and you forced me to pick one.
|
# ¿ Jan 27, 2009 20:58 |
|
the real wtf is that it actually saves to the file (without asking) and then asks if you want to save the file, but really it's asking "do you not want to delete the file?"
|
# ¿ Jan 28, 2009 03:51 |
|
Ledneh posted:I had a coworker once who protested the Single Point of Return policy at my old job by replacing his returns with gotos to the end of the function with the return. He eventually won, on the proviso that he get rid of the gotos That is loving awesome. So one of our devs got into a big fight with us (the testing half) about unit testing. He declared that his code was, in fact, unit tested. This is what he thought constituted unit testing: code:
|
# ¿ Feb 5, 2009 21:26 |
|
ScaryFast posted:This isn't a coding horror but it has to do with web hosting awesome, thanks for posting in "Web hosting horrors: post things that aren't coding horrors in any way".
|
# ¿ Feb 8, 2009 06:59 |
|
That's not really that bad. I mean, it's terrible in the "Your code should be figuring out how to format it for me" sense, but the regex itself isn't that bad. Well, except for the spaces I suppose. What?
|
# ¿ Feb 11, 2009 18:35 |
|
Zombywuf posted:I'm sorry, I seem to have wandered into the "Get butthurt about people not liking the way I code" thread. Can you please direct me to the thread about taking the piss out of code? Uh, naming conventions that are not patently insane are not coding horrors. For example, if he had named it it_nm_dx then perhaps you could say that was the real horror.
|
# ¿ Feb 27, 2009 01:44 |
|
Haha, someone read about singletons, and the example was probably a logger. That's awesome. Sometimes I write code like this - the part of my brain that says "You're doing too much" just disengages.
|
# ¿ Mar 13, 2009 03:32 |
|
What exactly is it about the for-switch loop that causes it to spread so widely?
|
# ¿ Mar 17, 2009 01:59 |
|
Fehler posted:I actually had a good reason for this as well, as there was gonna be a final else that handled all lines after the third one. code:
|
# ¿ Mar 19, 2009 00:14 |
|
Fehler posted:
eh. But your code is unclear: what if there IS only one line? Is that okay? It would seem to me that if I had to write special cases for lines 1 and 2, I should expect that the file will always have at least those two lines, and something else is an exceptional condition.
|
# ¿ Mar 19, 2009 20:02 |
|
|
# ¿ Mar 28, 2024 19:52 |
|
Randel Candygram posted:Here's a real gem from the codebase I'm working with right now. It's in the middle of a few hundred nearly uncommented message definitions. I enjoy how the final comment is after the brace, almost as a "P.S.".
|
# ¿ Mar 26, 2009 21:01 |