Coding Horrors: You can gather all your technical debt into one easy framework!

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1501 »

Kharya: Sep 23, 2005; So how DO you chase off a half blind, crazed, sugar addict?

dancavallaro posted:

awesmoe posted:
Why is your dev server running different versions of stuff than your live server?

This is the real coding horror, along with not using prepared statements.

1) The server was built a couple years before I got there. (2 years ago)
2) The server was built before our current IT Manager got there (2.75 years ago)
3) The server was built using a glibc older than current stable
4) Apache was built with PHP statically compiled in.
5) Our IT manager is far too scared to try to upgrade everything.
6) Upgrading everything one at a time would cause a very long downtime.
7) The boss doesn't want to spend time migrating to a new server

Also, gently caress prepared statements.
They're slower when you just want to call it once in a request.
Security worries are moot if the input is sanitized properly.
We're running mysql 4.0 on the evil server because we don't want do accidentally erase everything by upgrading to 4.1.

Basically it comes down to, "If it ain't broke, don't fix it."

# ? Jan 3, 2009 02:15

Adbot: ADBOT LOVES YOU

# ? Apr 27, 2024 09:57

awesmoe: Nov 30, 2005; Pillbug

Kharya posted:

1) The server was built a couple years before I got there. (2 years ago)
2) The server was built before our current IT Manager got there (2.75 years ago)
3) The server was built using a glibc older than current stable
4) Apache was built with PHP statically compiled in.
5) Our IT manager is far too scared to try to upgrade everything.
6) Upgrading everything one at a time would cause a very long downtime.
7) The boss doesn't want to spend time migrating to a new server

These would all be good answers if I'd asked "why is your live server running old software" but I didn't. C'mon, surely you can see the benefit in (say) taking a clone of the live server, and making THAT your dev server?

# ? Jan 3, 2009 02:59

Lysidas: Jul 26, 2002; John Diefenbaker is a madman who thinks he's John Diefenbaker.; Pillbug

Kharya posted:

Basically it comes down to, "If it ain't broke, don't fix it."

But...it is broken. You have completely different environments on your dev and production servers, so you have no way to know whether code that you push out will actually work. That defeats the entire purpose of having a dev server.

# ? Jan 3, 2009 03:36

Blotto Skorzany: Nov 7, 2008; He's a PSoC, loose and runnin'
came the whisper from each lip
And he's here to do some business with
the bad ADC on his chip
bad ADC on his chiiiiip

Kharya posted:

Also, gently caress prepared statements.
They're slower when you just want to call it once in a request.
Security worries are moot if the input is sanitized properly.
We're running mysql 4.0 on the evil server because we don't want do accidentally erase everything by upgrading to 4.1.

Basically it comes down to, "If it ain't broke, don't fix it."

Except it is broke, and your input is not sanitized properly. You're using mysql_escape_string as your sanitization function. mysql_escape_string is broken and insecure. And you can't even use mysql_real_escape_string without upgrading to PHP >= 4.3.0 . Your poo poo be fuk'd.

_{e: also what Lysidas said}

# ? Jan 3, 2009 04:12

jarito: Aug 26, 2003; Biscuit Hider

Kharya posted:

Also, gently caress prepared statements.
They're slower when you just want to call it once in a request.
Security worries are moot if the input is sanitized properly.

This is the real horror right here. As someone who does security scanning and training for developers as a living, this never, ever works. Use prepared statements for god's sake.

# ? Jan 3, 2009 04:19

Avenging Dentist: Oct 1, 2005; oh my god is that a circular saw that does not go in my mouth aaaaagh

I see that Kharya is taking the middle-man out of the equation and just putting his horrible code/ideas in this thread directly! :xd:

# ? Jan 3, 2009 06:32

Painless: Jan 9, 2005; Turn ons: frogs, small mammals, piles of compost
Turn offs: large birds, pitchforks
See you at the beach!

Yesterday, I was asked "do you know why this crashes?" based on an "application has done terrible things and must die" dialog. I looked at the source, and it looked like this:

code:

int main( void )
{
  #include "initstuff.h"
  //#include "dostuff1.h"
  //#include "dostuff2.h"
  //#include "dostuff3.h"
  #include "dostuff4.h"
  //#include "dostuff5.h"
  //you get the idea, repeat about 50 commented dostuffxx.hs
  #include "shutdown.h"
}

I pressed "debug" and noticed that the main function overflowed the stack. Turns out, the dostuffxy.h that was not commented allocated some enormous arrays on stack. I "fixed" the problem by increasing the initial thread stack reserve size and wept silently.

# ? Jan 3, 2009 10:56

ih8ualot: May 20, 2004; I like turkey and ham sandwiches

Factor Mystic posted:

code:

year = ORIGINYEAR; /* = 1980 */

while (days > 365)
{
    if (IsLeapYear(year))
    {
        if (days > 366)
        {
            days -= 366;
            year += 1;
        }
    }
    else
    {
        days -= 365;
        year += 1;
    }
}

Whoops

If I ever teach an intro to comp sci class, I'll use this as an example. It's just so brilliant.

# ? Jan 3, 2009 19:48

trex eaterofcadrs: Jun 17, 2005; My lack of understanding is only exceeded by my lack of concern.

Painless posted:

Yesterday, I was asked "do you know why this crashes?" based on an "application has done terrible things and must die" dialog. I looked at the source, and it looked like this:
code:
int main( void )
{
  #include "initstuff.h"
  //#include "dostuff1.h"
  //#include "dostuff2.h"
  //#include "dostuff3.h"
  #include "dostuff4.h"
  //#include "dostuff5.h"
  //you get the idea, repeat about 50 commented dostuffxx.hs
  #include "shutdown.h"
}
I pressed "debug" and noticed that the main function overflowed the stack. Turns out, the dostuffxy.h that was not commented allocated some enormous arrays on stack. I "fixed" the problem by increasing the initial thread stack reserve size and wept silently.

We have a Java app similar to this at my shop. Holy poo poo, what a pile of garbage. It keeps throwing "out of heap" errors so I keep giving it more. It's amazing in its ability to use way over a gigabyte of RAM to make a 2MB file.

# ? Jan 3, 2009 20:15

PrBacterio: Jul 19, 2000

Painless posted:

code:

int main( void )
{
  #include "initstuff.h"
  //#include "dostuff1.h"
  //#include "dostuff2.h"
  //#include "dostuff3.h"
  #include "dostuff4.h"
  //#include "dostuff5.h"
  //you get the idea, repeat about 50 commented dostuffxx.hs
  #include "shutdown.h"
}

Jesus ... Christ. This is beyond anything ... I don't even have the words. For God's sake WHY? :gonk:

# ? Jan 4, 2009 07:45

beer_war: Mar 10, 2005

code:

bool some_function()
{
 //...

 return boolean_expression ? true : false ;
}

# ? Jan 4, 2009 17:29

Brain Candy: May 18, 2006

beer_war posted:

code:

bool some_function()
{
 //...

 return boolean_expression ? true : false ;
}

It has cousins that I see far too frequently:

code:

  boolean_expression == true

and the trulean :

code:

void foo()
{
  Boolean bool = bar();
  if(bool == null)
  {
    //...
  }
  else if(bool)
  {
    //...
  }
  else
  {
    //..
  }
}

# ? Jan 4, 2009 20:25

Zakalwe

May 12, 2002

Wanted For:

Terrorism
Kidnapping
Poor Taste
Unlawful Carnal Gopher Knowledge

beer_war posted:

code:

bool some_function()
{
 //...

 return boolean_expression ? true : false ;
}

That's a shooting offense. If you know enough to use the ternary operator then I expect you not to write code like that.

Students that I give grinds to have a habit of doing this when they come to me first. I beat it out of them.

code:

bool r = foo();

if(r == true){
    return true;
}
else {
    return false;
}

An old student of mine writes code like this:

code:

int i = 0;

while(i< 10){
    blah blah blah.

    i++;
}

He refuses to use for loops for any reason. He's the epitome of self-taught programmer. Never showed up for the class I taught and despite thinking he was the best in the class, ended up in the bottom half.

# ? Jan 4, 2009 22:09

Painless: Jan 9, 2005; Turn ons: frogs, small mammals, piles of compost
Turn offs: large birds, pitchforks
See you at the beach!

beer_war posted:

code:

bool some_function()
{
 //...

 return boolean_expression ? true : false ;
}

I've done that occasionally with cousin int_expression and uncle pointer_expression to make visual c++ shut up. Yeah, there are other ways, such as (bool)int_expression and !!pointer_expression. I don't like them :saddowns:

# ? Jan 5, 2009 00:14

Avenging Dentist: Oct 1, 2005; oh my god is that a circular saw that does not go in my mouth aaaaagh

Painless posted:

I've done that occasionally with cousin int_expression and uncle pointer_expression to make visual c++ shut up. Yeah, there are other ways, such as (bool)int_expression and !!pointer_expression. I don't like them

What is wrong with you why wouldn't you just use expression != 0

# ? Jan 5, 2009 00:22

biznatchio: Mar 31, 2001; Buglord

Brain Candy posted:

It has cousins that I see far too frequently:
code:
  boolean_expression == true

I don't necessarily consider that a coding horror.

# ? Jan 5, 2009 00:33

tef: May 30, 2004; -> some l-system crap ->

Well, it does depend on the language. Being explicit in a dynamic language can help somewhat.

# ? Jan 5, 2009 01:18

ih8ualot: May 20, 2004; I like turkey and ham sandwiches

I know I'm in the minority here, but I find

code:

int i = 0;
...
if (i){
   ...
}

to be unbearable. I should be able to read the if line easily, and reading "If the variable i..." doesn't make sense to me. Yes, I understand what it means, and yes, I understand that doing it this way prevents an extra boolean operation. I just think that it's easier to read "if (i != 0)" because it reads out like a sentence.

However, I find

code:

bool isEmpty = false;
...
if (isEmpty){
   ...
}

just fine. I can read the if line easily, and it makes sense.

And like I said, I know I'm probably in the minority.

# ? Jan 5, 2009 01:43

Zakalwe

May 12, 2002

Wanted For:

Terrorism
Kidnapping
Poor Taste
Unlawful Carnal Gopher Knowledge

ih8ualot posted:

I know I'm in the minority here, but I find
just fine. I can read the if line easily, and it makes sense.

<SNIP>

And like I said, I know I'm probably in the minority.

I'm with you, but perhaps for different reasons. If it's a boolean expression I don't use == true. If however the expression would rely on integral promotion to be boolean I'll use a comparison like the following

code:

bool is_odd(const int a)
{
        return( a%2 == 0);
}

The == 0 is strictly not necessary, but it's how I code

The same goes for checking pointers. I always use

code:

if(p == NULL)

rather than

code:

if(!p)

All of these things are pretty stylistic though. It does enhance code readability to a certain extent. Of course there is always the problem that it's slightly more likely that you'll use an assignment operator where you meant to use a comparison
(= vs ==)

# ? Jan 5, 2009 02:27

beer_war: Mar 10, 2005

Zakalwe posted:

I'm with you, but perhaps for different reasons. If it's a boolean expression I don't use == true. If however the expression would rely on integral promotion to be boolean I'll use a comparison like the following
code:
bool is_even(const int a)
{
        return( a%2 == 0);
}
The == 0 is strictly not necessary, but it's how I code

Fixed.

But yes, I usually choose the more verbose options when evaluating integers or pointers.

beer_war fucked around with this message at 03:41 on Jan 5, 2009

# ? Jan 5, 2009 03:38

Filburt Shellbach: Nov 6, 2007; Apni tackat say tujay aaj mitta juu gaa!

I force my boolean return values to be true or false so that I don't leak information and have to maintain that in APIs I write.

# ? Jan 5, 2009 03:48

Factor Mystic: Mar 20, 2006; Baby's First Post-Apocalyptic Fiction

Zakalwe posted:

code:

bool is_odd(const int a)
{
        return( a%2 == 0);
}

Perfect for the thread right here

# ? Jan 5, 2009 03:51

Avenging Dentist: Oct 1, 2005; oh my god is that a circular saw that does not go in my mouth aaaaagh

Sartak posted:

I force my boolean return values to be true or false so that I don't leak information and have to maintain that in APIs I write.

Paranoid programming is actually a really good example of a "coding horror." :colbert:

http://codepad.org/64BJzSQu

# ? Jan 5, 2009 03:57

Zakalwe

May 12, 2002

Wanted For:

Terrorism
Kidnapping
Poor Taste
Unlawful Carnal Gopher Knowledge

*Whoops* was trying to think of a simple case where I could drop a comparison. You get my point though

replace 1 with 0 on that code. Changing it to is_even means you can't just drop the comp.

# ? Jan 5, 2009 03:57

Filburt Shellbach: Nov 6, 2007; Apni tackat say tujay aaj mitta juu gaa!

Avenging Dentist posted:

Paranoid programming is actually a really good example of a "coding horror."

That's different. I'm not second guessing the language. I'm second guessing the user. :tinfoil:

# ? Jan 5, 2009 04:03

Avenging Dentist: Oct 1, 2005; oh my god is that a circular saw that does not go in my mouth aaaaagh

Sartak posted:

That's different. I'm not second guessing the language. I'm second guessing the user.

Nooo, what I mean is that, by definition any (initialized) boolean value in C++ is either true or false, and that any integral/float promotion turns true into 1 and false into 0. While, in theory, the standard allows for bool types to store their value in any form, (e.g. storing "true" as any non-zero value), attempting to determine what this value actually "is" is undefined by the standard. Besides that, I don't know of any C++ compiler that stores bools as anything but 0 or 1.

Furthermore, an optimizing compiler will likely ignore "== true" anyway, so chances are that you aren't doing anything in the first place. The moral of the story is: don't try to outsmart the compiler.

(I'm confining this discussion to C++ because it's one of the only languages that both has a "bool" type and allows "clever" conversions between types to peek at the underlying data.)

# ? Jan 5, 2009 04:16

Filburt Shellbach: Nov 6, 2007; Apni tackat say tujay aaj mitta juu gaa!

Avenging Dentist posted:

I'm confining this discussion to C++

Oh. In that case I guess I'm out. v

# ? Jan 5, 2009 04:19

beer_war: Mar 10, 2005

Zakalwe posted:

*Whoops* was trying to think of a simple case where I could drop a comparison. You get my point though

replace 1 with 0 on that code. Changing it to is_even means you can't just drop the comp.

That's not portable for negative numbers, though:

MSDN posted:

In Microsoft C++, the result of a modulus expression is always the same as the sign of the first operand.

I.e. -5 % 2 = -1

beer_war fucked around with this message at 07:51 on Jan 5, 2009

# ? Jan 5, 2009 07:44

Habnabit: Dec 30, 2007; lift your skinny fists like
antennas in germany.

beer_war posted:

That's not portable for negative numbers, though:

I.e. -5 % 2 = -1

But as long as 0 == -0, you're fine!

# ? Jan 5, 2009 08:22

tef: May 30, 2004; -> some l-system crap ->

We need to do a number of database lookups on every page, but since 'this would be slow', we have a much better way of speeding things up.

Every 2 hours a lookup xml file is created, and pushed out to the production webservers. This is then loaded in, and all queries are performed locally as xpaths against it.

We have a few problems with this approach - it's hard to add information quickly to this process, and when it falls over it takes down the entire website. The last time was because the machine run out of disk space, and so a corrupted file was pushed out.

Some people think it might be easier to run queries against the database, and then cache the results locally. The lead architect vehemently disagrees, because looking things up in the database might incurr a "large DB performance hit".

# ? Jan 5, 2009 13:36

zootm: Aug 8, 2006; We used to be better friends.

Good lord. Although relational databases are terrible for scaling, this does sound as though it's the worst possible way around that.

# ? Jan 5, 2009 14:45

tef: May 30, 2004; -> some l-system crap ->

The performance problems are all in the lead architects head , among many other problems.

He is the person who uses a hash like this (psedudocode):

code:

def set(hash, key, value):
    id = str(key) + str(value)
    hash[id] = value


def get(hash, key):
    for hkey,hvalue in hash.items():
        if hkey.startswith(key):
            return hvalue

I wish I was making this up.

Erk: I've already whinged about this:
http://forums.somethingawful.com/showthread.php?threadid=2803713&userid=0&perpage=40&pagenumber=30#post352266512

tef fucked around with this message at 15:36 on Jan 5, 2009

# ? Jan 5, 2009 15:31

Zombywuf: Mar 29, 2008

tef posted:

The performance problems are all in the lead architects head , among many other problems.

He is the person who uses a hash like this (psedudocode):
code:
def set(hash, key, value):
    id = str(key) + str(value)
    hash[id] = value


def get(hash, key):
    for hkey,hvalue in hash.items():
        if hkey.startswith(key):
            return hvalue
I wish I was making this up.

Don't forget the fun fact that substr(id, 12, 6) == dteYYMMDD. Structured record types are for turning into a string and then extracting the data as substrings of that.

(For those that don't know, I work with tef.)

# ? Jan 5, 2009 22:37

Randomosity: Sep 21, 2003; My stalker WAS watching me...

I have discovered an unholy trifecta brewing in a project I will likely be working on soon.

Javascript
YUI
HUNGARIAN NOTATION

Pray for me.

# ? Jan 5, 2009 23:56

hexadecimal: Nov 23, 2008; by Fragmaster

Personally, I like to do if( n&1 ) to check of it is odd or not. It is probably a lot faster than % operator.

vvvvvvvvvv What's wrong with it, dawg?

hexadecimal fucked around with this message at 00:37 on Jan 6, 2009

# ? Jan 6, 2009 00:15

floWenoL: Oct 23, 2002

hexadecimal posted:

Personally, I like to do if( n&1 ) to check of it is odd or not. It is probably a lot faster than % operator.

Coding horror right here (if you're actually serious).

Also another one for hexadecimal.txt.

# ? Jan 6, 2009 00:21

Vanadium: Jan 8, 2005

That might be faster, but it is not a really generic solution to the problem.

code:

template<typename T>
bool is_odd(typename boost::call_traits<T>::param_type i) { 
  std::ostringstream ss;
  ss << i;
  std::string s(ss.str());
  char c = *s.rbegin();
  return ((char) (c * 128)) / -128;
}

# ? Jan 6, 2009 00:39

narbsy: Jun 2, 2007

hexadecimal posted:

Personally, I like to do if( n&1 ) to check of it is odd or not. It is probably a lot faster than % operator.

hexadecimal, with each of your posts how you got into a masters program becomes more of a mystery.

# ? Jan 6, 2009 00:40

hexadecimal: Nov 23, 2008; by Fragmaster

Unless I am missing something, an odd number always has lowest bit set to 1, and even number always has it as 0?

if it is readability issue then why not have

code:

inline bool is_odd( const int & n ){ return n & 1; }

hexadecimal fucked around with this message at 00:51 on Jan 6, 2009

# ? Jan 6, 2009 00:42

Adbot: ADBOT LOVES YOU

# ? Apr 27, 2024 09:57

rotor: Jun 11, 2001; classic case of pineapple derangement syndrome

n&1 is a little weird, but I don't see what makes it a coding horror!!

# ? Jan 6, 2009 00:48

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1501 »