|
Zombywuf posted:Have I mentioned Emacs recently? there is/was an emacs thread around, please do post in it it needs to come back
|
# ? Feb 27, 2009 15:32 |
|
|
# ? Apr 25, 2024 11:26 |
|
Found this code today:code:
Lexical Unit fucked around with this message at 22:57 on Feb 27, 2009 |
# ? Feb 27, 2009 22:54 |
|
You forgot to mention that it took three people to craft that gem.
|
# ? Feb 27, 2009 22:59 |
|
Actually, more than 5 people have touched the file over the course of 5 years and all 5 of these people still work here. In fact, 3 of the 5 can be considered my supervisors.
|
# ? Feb 27, 2009 23:02 |
|
Lexical Unit posted:
Wow. How has this not blown up in your face yet? At the very least an exception could be raised if not all of the environment variables are set.
|
# ? Feb 27, 2009 23:12 |
|
Good question. I asked my boss the same thing. He shrugged. He is one of the 5. Edit: The rabbit hole gets deeper. The program comes with a .env that should be sourced before execution. That file looks like this: code:
Lexical Unit fucked around with this message at 23:55 on Feb 27, 2009 |
# ? Feb 27, 2009 23:41 |
|
code:
mr_jim posted:Wow. How has this not blown up in your face yet? I was more worried about someone modifying host, path, or file to include ";echo hackAccount::0:0::/root:/bin/bash >> /etc/passwd"
|
# ? Feb 28, 2009 03:39 |
|
Kelson posted:
I really hope that the program is running under an unprivileged account, but that might be expecting too much.
|
# ? Feb 28, 2009 04:40 |
|
mr_jim posted:I really hope that the program is running under an unprivileged account, but that might be expecting too much. Many of the more important files can still be read from even if they're unprivileged, and many risky apps can be executed as well. An attacker could, for example, use it to download privilege escalating malware (one of the many reasons your server should never execute wget...)
|
# ? Feb 28, 2009 05:47 |
|
quote:An attacker could, for example, use it to download privilege escalating malware (one of the many reasons your server should never execute wget...)
|
# ? Feb 28, 2009 07:56 |
|
mr_jim posted:I really hope that the program is running under an unprivileged account, but that might be expecting too much.
|
# ? Feb 28, 2009 08:19 |
|
I'm working on porting a ~30,000+ line embedded c app to linux. Now, the entire thing is a case study regarding coding horrors and I could go on for quite some time with fun examples from it, but here's my favorite so far:code:
|
# ? Mar 7, 2009 04:07 |
|
sklnd posted:I'm working on porting a ~30,000+ line embedded c app to linux. Now, the entire thing is a case study regarding coding horrors and I could go on for quite some time with fun examples from it, but here's my favorite so far: So... does it start writing to unallocated memory if the string gets longer than the size of printEnd? Man, that's so much easier and safer than just writing a simple logging function! Good work team, commit that poo poo.
|
# ? Mar 7, 2009 07:01 |
|
code:
|
# ? Mar 11, 2009 13:08 |
|
Not directly code-related, but my new job uses this horrible VCS from IBM, named "Synergy". Check out the rad 90's design (it looks even worse in UNIX): Use of the UNIX version involves SSH, port forwarding, and NFS. Its sole purpose appears to be to inhibit any useful development.
|
# ? Mar 12, 2009 02:17 |
|
code:
|
# ? Mar 13, 2009 03:26 |
|
Haha, someone read about singletons, and the example was probably a logger. That's awesome. Sometimes I write code like this - the part of my brain that says "You're doing too much" just disengages.
|
# ? Mar 13, 2009 03:32 |
|
Why... why am I calling this private method...
|
# ? Mar 13, 2009 05:39 |
|
Janin posted:
What's you're problem, would you rather gently caress with the std::cout singleton when you need to change logging behaviour? I'll admit it could use some thread safety and should really be two classes, but it's not horrific.
|
# ? Mar 13, 2009 11:37 |
|
Zombywuf posted:What's you're problem, code:
|
# ? Mar 13, 2009 12:18 |
|
I'm assuming the original developer was planning to add more sophisticated code later, like locking, but didn't get the time. Basically it's overcomplicated for what it does right now, but it's pretty clear as to how it's doing what it's doing.
|
# ? Mar 13, 2009 13:13 |
|
Zombywuf posted:I'm assuming the original developer was planning to add more sophisticated code later, like locking, but didn't get the time. Coding for the future can be appropriate, however, there's also a lot to be said for waiting until you have a better idea of what's needed before writing code. That way if you never need it then you've not wasted any time, and if what you actually turn out to need is different to what you thought you'd need, then there's less code that needs changing.
|
# ? Mar 13, 2009 14:25 |
|
TSDK posted:Perhaps he/she didn't get the time because he/she was always adding in code that wasn't actually needed. True, but as horrors go, this is unhorrorfic.
|
# ? Mar 13, 2009 14:38 |
|
Zombywuf posted:True, but as horrors go, this is unhorrorfic. edit: If you write code like this where you do something unnecessary because you believe it will be necessary in the future, you better at least comment why you are doing something unnecessary. If I saw this in a source tree I was working on, I would do something similar to what TSDK did without thinking twice. twodot fucked around with this message at 16:08 on Mar 13, 2009 |
# ? Mar 13, 2009 16:02 |
|
twodot posted:. . .they probably just aren't smart or curious at all. After all, if they were they would have bothered to look up irregardless. To actually add to the discussion: I do this kind of thing myself, for better or worse. For me, it's a defensive strategy; you can't be guaranteed the person who's going to be using or modifying that code later will know how it was meant to be used, especially if people don't read or write documentation, like where I work.
|
# ? Mar 13, 2009 16:36 |
|
julyJones posted:look up irregardless quote:To actually add to the discussion: I do this kind of thing myself, for better or worse. For me, it's a defensive strategy; you can't be guaranteed the person who's going to be using or modifying that code later will know how it was meant to be used, especially if people don't read or write documentation, like where I work. edit: To clarify my point, code which doesn't do anything but waste cycles at best offers no additional clarity, because there are lots of ways useless code can be introduced into a project. If you want to prevent people from using a function/class/whatever in certain ways you have two tools 1) Add asserts that stop people from doing whatever you are trying to stop them from doing 2) Add comments (or documentation I guess) telling them not to do it. If they don't read your comments, they likely won't read your code either. twodot fucked around with this message at 16:54 on Mar 13, 2009 |
# ? Mar 13, 2009 16:42 |
|
I think the real horror is the two copies of the string being created each time a message is printed.
|
# ? Mar 13, 2009 16:44 |
|
twodot posted:Is there some pet dictionary of yours I should use, because every dictionary I've looked it up in says it's a nonstandard usage of regardless. We use ANSI around these parts. None of that nonstandard city talk.
|
# ? Mar 13, 2009 16:47 |
|
twodot posted:Adding unnecessary code lets people more easily understand how it was meant to be used? I would think they would just be confused by the unnecessary code, and assume whoever wrote it wasn't thinking at the time, or that it was necessary at one point in them, but since then whatever reason it had to exist was removed, and it's unnecessary now. That is a possibility too, but my hope is always that when people see something they're not sure about, they'll ask around and get some opinions from people before removing code. My bet in this case would be that taking the time to write a dozen lines or so, if there's even a small chance there'll actually be a real logger implemented later, is better than leaving people to their own devices, in which case you might get a bunch of variations on screen and file output that'll be a pain to refactor later.
|
# ? Mar 13, 2009 17:01 |
|
Zombywuf posted:std::cout singleton Hahahahahahahaha
|
# ? Mar 13, 2009 20:46 |
|
My girlfriend was sent an auto-generated password to log into some medical site. We couldn't believe the password: ) |. / It worked fine to login, but I mean, who the hell thought of writing a generator to create those kinds of passwords?
|
# ? Mar 13, 2009 22:32 |
|
Never heard of the ole generate a password by taking a random 1x14 rectangle out of a piece of ASCII art? Oldest trick in the book, man.
|
# ? Mar 13, 2009 23:16 |
|
Lord Uffenham posted:Never heard of the ole generate a password by taking a random 1x14 rectangle out of a piece of ASCII art? Oldest trick in the book, man. Hahaha, that's great.
|
# ? Mar 13, 2009 23:27 |
|
I want my password to be Bender! o-(8 E|
|
# ? Mar 13, 2009 23:32 |
|
Avenging Dentist posted:I want my password to be Bender! o-(8 E| 5318008 is the best password
|
# ? Mar 13, 2009 23:38 |
|
Janin posted:Not directly code-related, but my new job uses this horrible VCS from IBM, named "Synergy". Check out the rad 90's design (it looks even worse in UNIX): Oh god, don't remind me. Our client used this for their source control, when we gave them a new release they always wanted us to (somehow) get code into it. We just gave up and put zips on our FTP. Only one machine had the software on it, and no-one on the project at the time knew how to use the drat thing, it was just one big clusterfuck. You don't happen to work for a large british utility company?
|
# ? Mar 14, 2009 00:24 |
I'm trying to fix a bug in some poorly written Actionscript 2.0 app. I wish I could post the entire source, this thing is a loving disaster. I already went through the supporting javascript, it's down to 30 very clear lines instead of 250 lines of garbled bullshit. The actionscript is thousands of lines though, gently caress. edit: here we go. Why pass it as an argument to the function when you can build it into the function name?? code:
fletcher fucked around with this message at 02:25 on Mar 14, 2009 |
|
# ? Mar 14, 2009 01:37 |
|
fletcher posted:I'm trying to fix a bug in some poorly written Actionscript 2.0 app. I wish I could post the entire source, this thing is a loving disaster. Oh cool, thanks for the heads up.
|
# ? Mar 14, 2009 02:15 |
TheSleeper posted:Oh cool, thanks for the heads up. I just wanted to vent
|
|
# ? Mar 14, 2009 02:16 |
|
|
# ? Apr 25, 2024 11:26 |
|
JingleBells posted:You don't happen to work for a large british utility company? No, it's an American company. Zombywuf posted:What's you're problem, would you rather gently caress with the std::cout singleton when you need to change logging behaviour? cout isn't a singleton, LogSingleton isn't a (proper) singleton, almost any use of "singletons" is dumb, and the particular implementation of static methods proxying to private method is absurd. MarsMattel posted:I think the real horror is the two copies of the string being created each time a message is printed. References are regularly used elsewhere in the code in lieu of return values, but I've never seen a single const reference parameter.
|
# ? Mar 14, 2009 05:43 |