|
dancavallaro posted:
1) The server was built a couple years before I got there. (2 years ago) 2) The server was built before our current IT Manager got there (2.75 years ago) 3) The server was built using a glibc older than current stable 4) Apache was built with PHP statically compiled in. 5) Our IT manager is far too scared to try to upgrade everything. 6) Upgrading everything one at a time would cause a very long downtime. 7) The boss doesn't want to spend time migrating to a new server Also, gently caress prepared statements. They're slower when you just want to call it once in a request. Security worries are moot if the input is sanitized properly. We're running mysql 4.0 on the evil server because we don't want do accidentally erase everything by upgrading to 4.1. Basically it comes down to, "If it ain't broke, don't fix it."
|
# ? Jan 3, 2009 02:15 |
|
|
# ? Apr 27, 2024 09:57 |
|
Kharya posted:
These would all be good answers if I'd asked "why is your live server running old software" but I didn't. C'mon, surely you can see the benefit in (say) taking a clone of the live server, and making THAT your dev server?
|
# ? Jan 3, 2009 02:59 |
|
Kharya posted:Basically it comes down to, "If it ain't broke, don't fix it."
|
# ? Jan 3, 2009 03:36 |
|
Kharya posted:Also, gently caress prepared statements. Except it is broke, and your input is not sanitized properly. You're using mysql_escape_string as your sanitization function. mysql_escape_string is broken and insecure. And you can't even use mysql_real_escape_string without upgrading to PHP >= 4.3.0 . Your poo poo be fuk'd. e: also what Lysidas said
|
# ? Jan 3, 2009 04:12 |
|
Kharya posted:Also, gently caress prepared statements. This is the real horror right here. As someone who does security scanning and training for developers as a living, this never, ever works. Use prepared statements for god's sake.
|
# ? Jan 3, 2009 04:19 |
|
I see that Kharya is taking the middle-man out of the equation and just putting his horrible code/ideas in this thread directly!
|
# ? Jan 3, 2009 06:32 |
|
Yesterday, I was asked "do you know why this crashes?" based on an "application has done terrible things and must die" dialog. I looked at the source, and it looked like this:code:
|
# ? Jan 3, 2009 10:56 |
|
Factor Mystic posted:
If I ever teach an intro to comp sci class, I'll use this as an example. It's just so brilliant.
|
# ? Jan 3, 2009 19:48 |
|
Painless posted:Yesterday, I was asked "do you know why this crashes?" based on an "application has done terrible things and must die" dialog. I looked at the source, and it looked like this: We have a Java app similar to this at my shop. Holy poo poo, what a pile of garbage. It keeps throwing "out of heap" errors so I keep giving it more. It's amazing in its ability to use way over a gigabyte of RAM to make a 2MB file.
|
# ? Jan 3, 2009 20:15 |
|
Painless posted:
|
# ? Jan 4, 2009 07:45 |
|
code:
|
# ? Jan 4, 2009 17:29 |
|
beer_war posted:
It has cousins that I see far too frequently: code:
code:
|
# ? Jan 4, 2009 20:25 |
|
beer_war posted:
That's a shooting offense. If you know enough to use the ternary operator then I expect you not to write code like that. Students that I give grinds to have a habit of doing this when they come to me first. I beat it out of them. code:
code:
|
# ? Jan 4, 2009 22:09 |
|
beer_war posted:
I've done that occasionally with cousin int_expression and uncle pointer_expression to make visual c++ shut up. Yeah, there are other ways, such as (bool)int_expression and !!pointer_expression. I don't like them
|
# ? Jan 5, 2009 00:14 |
|
Painless posted:I've done that occasionally with cousin int_expression and uncle pointer_expression to make visual c++ shut up. Yeah, there are other ways, such as (bool)int_expression and !!pointer_expression. I don't like them What is wrong with you why wouldn't you just use expression != 0
|
# ? Jan 5, 2009 00:22 |
|
Brain Candy posted:It has cousins that I see far too frequently: I don't necessarily consider that a coding horror.
|
# ? Jan 5, 2009 00:33 |
|
Well, it does depend on the language. Being explicit in a dynamic language can help somewhat.
|
# ? Jan 5, 2009 01:18 |
|
I know I'm in the minority here, but I findcode:
However, I find code:
And like I said, I know I'm probably in the minority.
|
# ? Jan 5, 2009 01:43 |
|
ih8ualot posted:I know I'm in the minority here, but I find I'm with you, but perhaps for different reasons. If it's a boolean expression I don't use == true. If however the expression would rely on integral promotion to be boolean I'll use a comparison like the following code:
The same goes for checking pointers. I always use code:
code:
(= vs ==)
|
# ? Jan 5, 2009 02:27 |
|
Zakalwe posted:I'm with you, but perhaps for different reasons. If it's a boolean expression I don't use == true. If however the expression would rely on integral promotion to be boolean I'll use a comparison like the following Fixed. But yes, I usually choose the more verbose options when evaluating integers or pointers. beer_war fucked around with this message at 03:41 on Jan 5, 2009 |
# ? Jan 5, 2009 03:38 |
|
I force my boolean return values to be true or false so that I don't leak information and have to maintain that in APIs I write.
|
# ? Jan 5, 2009 03:48 |
|
Zakalwe posted:
Perfect for the thread right here
|
# ? Jan 5, 2009 03:51 |
|
Sartak posted:I force my boolean return values to be true or false so that I don't leak information and have to maintain that in APIs I write. Paranoid programming is actually a really good example of a "coding horror." http://codepad.org/64BJzSQu
|
# ? Jan 5, 2009 03:57 |
|
*Whoops* was trying to think of a simple case where I could drop a comparison. You get my point though replace 1 with 0 on that code. Changing it to is_even means you can't just drop the comp.
|
# ? Jan 5, 2009 03:57 |
|
Avenging Dentist posted:Paranoid programming is actually a really good example of a "coding horror." That's different. I'm not second guessing the language. I'm second guessing the user.
|
# ? Jan 5, 2009 04:03 |
|
Sartak posted:That's different. I'm not second guessing the language. I'm second guessing the user. Nooo, what I mean is that, by definition any (initialized) boolean value in C++ is either true or false, and that any integral/float promotion turns true into 1 and false into 0. While, in theory, the standard allows for bool types to store their value in any form, (e.g. storing "true" as any non-zero value), attempting to determine what this value actually "is" is undefined by the standard. Besides that, I don't know of any C++ compiler that stores bools as anything but 0 or 1. Furthermore, an optimizing compiler will likely ignore "== true" anyway, so chances are that you aren't doing anything in the first place. The moral of the story is: don't try to outsmart the compiler. (I'm confining this discussion to C++ because it's one of the only languages that both has a "bool" type and allows "clever" conversions between types to peek at the underlying data.)
|
# ? Jan 5, 2009 04:16 |
|
Avenging Dentist posted:I'm confining this discussion to C++ Oh. In that case I guess I'm out. vv
|
# ? Jan 5, 2009 04:19 |
|
Zakalwe posted:*Whoops* was trying to think of a simple case where I could drop a comparison. You get my point though That's not portable for negative numbers, though: MSDN posted:In Microsoft C++, the result of a modulus expression is always the same as the sign of the first operand. I.e. -5 % 2 = -1 beer_war fucked around with this message at 07:51 on Jan 5, 2009 |
# ? Jan 5, 2009 07:44 |
|
beer_war posted:That's not portable for negative numbers, though: But as long as 0 == -0, you're fine!
|
# ? Jan 5, 2009 08:22 |
|
We need to do a number of database lookups on every page, but since 'this would be slow', we have a much better way of speeding things up. Every 2 hours a lookup xml file is created, and pushed out to the production webservers. This is then loaded in, and all queries are performed locally as xpaths against it. We have a few problems with this approach - it's hard to add information quickly to this process, and when it falls over it takes down the entire website. The last time was because the machine run out of disk space, and so a corrupted file was pushed out. Some people think it might be easier to run queries against the database, and then cache the results locally. The lead architect vehemently disagrees, because looking things up in the database might incurr a "large DB performance hit".
|
# ? Jan 5, 2009 13:36 |
|
Good lord. Although relational databases are terrible for scaling, this does sound as though it's the worst possible way around that.
|
# ? Jan 5, 2009 14:45 |
|
The performance problems are all in the lead architects head , among many other problems. He is the person who uses a hash like this (psedudocode): code:
Erk: I've already whinged about this: http://forums.somethingawful.com/showthread.php?threadid=2803713&userid=0&perpage=40&pagenumber=30#post352266512 tef fucked around with this message at 15:36 on Jan 5, 2009 |
# ? Jan 5, 2009 15:31 |
|
tef posted:The performance problems are all in the lead architects head , among many other problems. Don't forget the fun fact that substr(id, 12, 6) == dteYYMMDD. Structured record types are for turning into a string and then extracting the data as substrings of that. (For those that don't know, I work with tef.)
|
# ? Jan 5, 2009 22:37 |
|
I have discovered an unholy trifecta brewing in a project I will likely be working on soon. Javascript YUI HUNGARIAN NOTATION Pray for me.
|
# ? Jan 5, 2009 23:56 |
|
Personally, I like to do if( n&1 ) to check of it is odd or not. It is probably a lot faster than % operator. vvvvvvvvvv What's wrong with it, dawg? hexadecimal fucked around with this message at 00:37 on Jan 6, 2009 |
# ? Jan 6, 2009 00:15 |
|
hexadecimal posted:Personally, I like to do if( n&1 ) to check of it is odd or not. It is probably a lot faster than % operator. Coding horror right here (if you're actually serious). Also another one for hexadecimal.txt.
|
# ? Jan 6, 2009 00:21 |
|
That might be faster, but it is not a really generic solution to the problem.code:
|
# ? Jan 6, 2009 00:39 |
|
hexadecimal posted:Personally, I like to do if( n&1 ) to check of it is odd or not. It is probably a lot faster than % operator. hexadecimal, with each of your posts how you got into a masters program becomes more of a mystery.
|
# ? Jan 6, 2009 00:40 |
|
Unless I am missing something, an odd number always has lowest bit set to 1, and even number always has it as 0? if it is readability issue then why not have code:
hexadecimal fucked around with this message at 00:51 on Jan 6, 2009 |
# ? Jan 6, 2009 00:42 |
|
|
# ? Apr 27, 2024 09:57 |
|
n&1 is a little weird, but I don't see what makes it a coding horror!!
|
# ? Jan 6, 2009 00:48 |