|
Zamujasa posted:A new day, a new horror... If I'm becoming grating with Tales from The Boss, then let me know and I'll cut back on sharing them. Gazpacho fucked around with this message at 17:57 on Aug 1, 2012 |
#
?
Aug 1, 2012 17:49
|
|
|
|
| # ? Apr 29, 2024 00:50 |
|
|
E: Probably the wrong thread for this. Visual Studio is terrible anyways. VVV : tl;dr There's some weird quirk that will make the runtime crash violently (complete with call-stack corruption!) if it calls a method declared virtual within a C++ template. I've got no idea what causes it but I spent a good 4 hours today debugging what I thought was a memory corruption issue. I thought it was the original coder's fault (and was going to complain about it) but the code compiles and runs fine via g++ so I've got no idea. bucketmouse fucked around with this message at 01:47 on Aug 2, 2012 |
|
#
?
Aug 1, 2012 23:53
|
|
|
^^^ Ah, I can't speak to Visual Studio's C++ support. It's great if you're developing in a purely Microsoft world, like I am. And VS2012 is out on August 15th!  Microsoft is pretty good about responding to bug reports if you can come up with a minimal repro. bucketmouse posted:Visual Studio is terrible anyways. How so? New Yorp New Yorp fucked around with this message at 03:59 on Aug 2, 2012 |
|
#
?
Aug 2, 2012 00:20
|
|
|
Gazpacho posted:I don't have any problem with the series but just keep in mind that you never know who's reading and what they might do if they're able to somehow identify the site you're talking about. Yeah, I know. I try to fudge enough that the point is never lost; usually just recreating the disasters from memory is enough. I showed a close friend a real example of something instead of the fudged version and apparently the real thing is far worse than my summary. On that note, I found something better than the last exploit. A file uploader with no auth check, complete with painted-on "File types" list. (No actual type check is done inside, of course.) My favorite part: It seems to be ajax-enabled and even helpfully links to the uploaded file so you know where it is. No way this could be used for bad things, nope. (At least it seems to be completely unused, and isn't linked anywhere.) quote:"Security through obscurity" is the phrase that springs to mind. 
|
|
#
?
Aug 2, 2012 03:54
|
|
|
Ithaqua posted:How so? A lack of intellisense for C++/CLI was a pretty amazing horror in 2010. I think I've whined about that in this thread before actually...
|
|
#
?
Aug 2, 2012 04:05
|
|
|
hobbesmaster posted:A lack of intellisense for C++/CLI was a pretty amazing horror in 2010. I think I've whined about that in this thread before actually... I'm pretty much appalled every time I open a C++ project in Visual Studio. First usually by the C++, then by Visual Studio. 
|
|
#
?
Aug 2, 2012 04:13
|
|
|
bucketmouse posted:E: Probably the wrong thread for this. Visual Studio is terrible anyways. That's a sign you need to start playing with your project compiler settings - are you using COMDAT folding or other optimizations?
|
|
#
?
Aug 2, 2012 04:27
|
|
|
hobbesmaster posted:A lack of intellisense for C++/CLI was a pretty amazing horror in 2010. C++ doesn't have a grammar, and I'm pretty sure that isn't Microsoft's fault.
|
|
#
?
Aug 2, 2012 08:03
|
|
|
Can we post HTML? 
|
|
#
?
Aug 2, 2012 09:01
|
|
|
Biowarfare posted:Can we post HTML? Mother of GOD. My browser is crying, how could they possibly need so many fonts?!
|
|
#
?
Aug 2, 2012 10:44
|
|
|
Biowarfare posted:Can we post HTML?  All of those fonts, and then a ton of layers of Javascript bolted on, too. Did they just copy every loving font Google offers?
|
|
#
?
Aug 2, 2012 13:03
|
|
|
Biowarfare posted:Can we post HTML? Well, the important thing to remember is that all those font loads don't slow down the page load. Oh, wai  I'm going to pretend that's a page designed simply to show off every google font in a list. Because my small designer brain can't handle any other possibility.
|
|
#
?
Aug 2, 2012 13:30
|
|
|
Does it count as a horror to post a picture of HTML?
|
|
#
?
Aug 3, 2012 00:53
|
|
|
FrantzX posted:Does it count as a horror to post a picture of HTML? No. Next question?
|
|
#
?
Aug 3, 2012 01:32
|
|
|
what about huge blocks of javascript within a django for macro... So much generated code 
|
|
#
?
Aug 3, 2012 09:10
|
|
|
Does that site even render in IE? I thought IE had a limit of 31 stylesheets.
|
|
#
?
Aug 4, 2012 01:57
|
|
|
I actually had no idea Google Web Fonts was even a thing  Looks pretty awesome... obviously not going to use all 500ish of them though (where did 500 open source fonts spring up from overnight, anyway?)
|
|
#
?
Aug 4, 2012 12:21
|
|
|
Mr Dog posted:I actually had no idea Google Web Fonts was even a thing They're not all open-source, some of them are just free for web use. They contacted a lot of big font libraries for this, and most of them released some of their content. When Google recommends you want more fonts, they recommend a place like FontSquirrel or TypeKit, which provides a lot more fonts, but for a price. Of course, there are a few open-source fonts on there, like the Liberation, Droid, DejaVu (Bitstream Vera) series that Red Hat/Google contracted. And if you didn't here, Adobe has a new open-source font that looks pretty loving sweet.
|
|
#
?
Aug 4, 2012 14:15
|
|
|
I ran into a piece yesterday it was basically this:php:<?
function getSomeShit() {
$obj = $this->db->query("SELECT SOME SHIZ")->result_object();
if ($obj) {
foreach ($obj as $o) {
$output[] = $o;
}
return $output;
}
?>
|
|
#
?
Aug 4, 2012 18:42
|
|
|
revmoo posted:I ran into a piece yesterday it was basically this: So basically this could be condensed to: PHP code:
|
|
#
?
Aug 5, 2012 15:41
|
|
|
Golbez posted:So basically this could be condensed to: that will return an object, not an array (also the original function returns NULL if result_object() returns NULL. not the empty array) it could be written even simpler as: PHP code:edit: aren't these methods called fetch_*, by the way? Deus Rex fucked around with this message at 10:43 on Aug 6, 2012 |
|
#
?
Aug 6, 2012 10:41
|
|
|
Deus Rex posted:that will return an object, not an array (also the original function returns NULL if result_object() returns NULL. not the empty array) I didn't know anything about the actual methods; I was just seeing 'foreach [result]: put it in another array' and assuming $obj was an array, so it made no sense for him to put it in another array. Is that the horror?
|
|
#
?
Aug 6, 2012 13:31
|
|
|
I'm assuming it's CodeIgniter or some variant. The "horror" is that result_object is already an array of objects so iterating through them and appending them to a completely new array is pointless and also a waste of memory. result_object also returns an empty array if there are now resulting rows.
|
|
#
?
Aug 6, 2012 18:13
|
|
|
revmoo posted:I ran into a piece yesterday it was basically this:
|
|
#
?
Aug 6, 2012 23:34
|
|
|
That seems like a good habit. There are code paths where that method could return whatever was previously in $output. Although I'm sure the calling code would somehow continue on regardless of the return value.
|
|
#
?
Aug 6, 2012 23:53
|
|
|
At work on the production site, we have a single *.js file which is a bunch of other JS fileds minified+concatenated. We were having some issues with the Console object behaving inconsistently across browsers and versions. As you know, IE7 has no Console object and it is a pain to clean out log calls every time you want to test IE. So most people define a dummy Console object with the appropriate methods for browsers like IE7 that don't have it. I was trying to debug an IE7 issue in a 3rd party widget which we run on the site (and this is a separate horror in and of itself almost) that was throwing tons of console.log in browsers that supported it. IE7's terrible debug tools actually manage to point out the line in the 3rd party's script - the first call to console.log(). I quickly throw in my own version of the console fix just to make sure it is that, something I hastily wrote like- code:Great. There is a problem somewhere in the bowels of our giant, bloated core package. I open up all 10 of the files that the build script minifies into the package and do a search for 'console' Turns out 6 of the 10 scripts all implemented their own safe Console object. They all somehow managed to do a fairly lovely job of it, but of course the first script to act is the worst offender. It does the same undefined check I do above, then iterates over an array of all the Console methods to add a dummy function. Great right? Wrong. They left 'log' out of that array, so a Console object was being defined in IE, causing all the other workarounds to subsequently be disregarded because they all check 'typeof console' but it left off by far the most frequently used method. That took up a good portion of my day. thathonkey fucked around with this message at 00:35 on Aug 7, 2012 |
|
#
?
Aug 7, 2012 00:32
|
|
|
EDIT: ^^^^^ That reminds me of another story. So there's this thing called Chosen which is pretty drat handy in some situations. One detail about it though is your search value is checked against each option word for word (space delimited), and it only matches if your search value is found at the beginning of a word. However, you can pass an initialization option with a flag that will change the internal regex to look for your search value ANYWHERE inside of a word (basically dropping the '^' in the regex). This was exactly what I needed in one situation. So, awesome, and it was the first time we had used chosen in our site so I also chucked the .js into source control and off it went. Well, I don't go into the production instance that often, at least for the area that this was implemented in, but one day I was in there and noticed the filtering wasn't working properly. It hadn't all along, really. Long story short, it worked on my local, it worked on the dev instance, but not on production. Why? Well, that flag in the options was at the time a reasonably new addition, version 0.9.7. What happened was a coworker (who's been showcased in this thread before) had 0.9.5 on his local machine from long before when he was toying with the idea of adding it in to one of the things he was building. Well, about 10 days after I checked in the file and deployed it, he deployed his own code that utilized it, but instead of...doing anything right, he checked in his code, sans his chosen.js because he has absolutely zero deployment discipline, and manually chucked his (older) version of the file right onto the production server. That overrode the (newer version) chosen.js already up there and regressed out the initialization option that my own stuff relied on to be actually useful. I had to of course sleuth this all together and only knew it was him because 1) the file timestamp lined up with his code checkins, and 2) it's him, he's always the immediate suspect for anything dumb like this. I'd talk about the day he was doing straight up dev work on a very visible customer facing part of our site, but it's not healthy to my blood pressure to go into too much detail. I'm talking edit->save->immediately push to production and test it there from his browser. The CTO noticed this when passing by his screen, and then directly told him to not do that at all ever, aaaand the next morning I came in to find him doing it yet again on the same exact piece of dev work. "But I'm wrapping everything around if( userid==4) so nobody else will see it" was his rationale. Sedro posted:That seems like a good habit. There are code paths where that method could return whatever was previously in $output. Although I'm sure the calling code would somehow continue on regardless of the return value. And good luck guaranteeing that the entire codebase was checked against a change like that, because that "something somewhere" could be calling this function via: $func(); and the actual function name could be coming in from who knows where at runtime. Bhaal fucked around with this message at 02:20 on Aug 7, 2012 |
|
#
?
Aug 7, 2012 01:57
|
|
|
Doing a search when I get linked to one of those loving people lookup sites. But wait, something looks wrong here... wonder if it's wrong everywhere? welp
|
|
#
?
Aug 7, 2012 05:12
|
|
|
There's an Energy, Texas?
|
|
#
?
Aug 7, 2012 05:15
|
|
|
Aleksei Vasiliev posted:Doing a search when I get linked to one of those loving people lookup sites. But wait, something looks wrong here... wonder if it's wrong everywhere? Jay Harris I've finally tracked you down... This isn't a horror, it's awesome. I hate those no-effort/no-privacy aggregator sites with a passion.
|
|
#
?
Aug 7, 2012 05:19
|
|
|
Bhaal posted:Yeah, that's the risk. Something somewhere could very well be relying on that function to return either null or an array with elements but never an empty array, and now suddenly I've broken something downstream in some unexpected way by sending an empty array instead of null. It's probably a good idea to explicitly codify the actual behaviour of the function though, as in code:
|
|
#
?
Aug 7, 2012 08:48
|
|
|
Here's an old one. This was designed to save load on an outgoing mail server by sending mails in chunks instead of all at once.php:<?
// Pretend this is an array of about 30,000+ client email addresses
$emails = array( ... );
$chunk = 1000;
$it = floor(count($emails) / $chunk);
for ($i = 0; $i <= $it; $i++) {
$start = $i * $chunk;
$end = ($i + 1) * $chunk - 1;
$out = array_slice($emails, $start, $end);
sendMarketingMail($out, "* typical marketing spam *");
}?>It took me a few seconds to see the little flaw in his brilliant plan. (The actual incident was much worse than the above, too.) quote:And good luck guaranteeing that the entire codebase was checked against a change like that, because that "something somewhere" could be calling this function via: $func(); and the actual function name could be coming in from who knows where at runtime. But since it probably isn't, you could at least trigger an E_USER_DEPRECATED and use a custom error handler to log the locations and methods that are calling the function.
|
|
#
?
Aug 8, 2012 23:47
|
|
|
Coding anything around financial dates is just the worst. Custom dates for quarter end and special cases for when quarters start/end on weekends
|
|
#
?
Aug 9, 2012 15:44
|
|
|
Zamujasa posted:It took me a few seconds to see the little flaw in his brilliant plan. (The actual incident was much worse than the above, too.) I see at least the one, which is that the third argument is the length, not the end. But the other might be that array_slice returns an array. Does sendMarketingMail take in an array to be iterated through as its first argument, or just a single email address? If it takes an array, why not just give it a 1000-length array of email addresses to begin with?
|
|
#
?
Aug 9, 2012 18:05
|
|
|
Ari posted:If it takes an array, why not just give it a 1000-length array of email addresses to begin with? That's what the code is trying to do...
|
|
#
?
Aug 9, 2012 18:37
|
|
|
Ari posted:I see at least the one, which is that the third argument is the length, not the end. But the other might be that array_slice returns an array. Does sendMarketingMail take in an array to be iterated through as its first argument, or just a single email address? If it takes an array, why not just give it a 1000-length array of email addresses to begin with? The length bit is the horror, yes. (I should have added a sleep() in there after the sending, but forgot.) What it was supposed to do is send out these things in chunks, to avoid overloading a server with send requests. Then it'd move on to the next thousand, and so on. What it ended up doing is... hard to explain easily, but needless to say the further down the line you were, the more copies of the email you were sent.
|
|
#
?
Aug 9, 2012 18:49
|
|
|
Zamujasa posted:The length bit is the horror, yes. (I should have added a sleep() in there after the sending, but forgot.) I hope someone was chewed out for this at least. I wonder how many of these PHP errors caused by these developers would be mitigated by having a built-in REPL. I know Facebook has a PHP REPL but most people aren't going to go and download that.
|
|
#
?
Aug 9, 2012 18:54
|
|
|
Strong Sauce posted:I wonder how many of these PHP errors caused by these developers would be mitigated by having a built-in REPL. I know Facebook has a PHP REPL but most people aren't going to go and download that. php -a has popped open a REPL since PHP 5.0. It stopped sucking in 5.3, and is pretty awesome in 5.4.
|
|
#
?
Aug 9, 2012 19:37
|
|
|
What's a REPL and what's it for? 
|
|
#
?
Aug 9, 2012 19:45
|
|
|
|
| # ? Apr 29, 2024 00:50 |
|
|
McGlockenshire posted:php -a has popped open a REPL since PHP 5.0. It stopped sucking in 5.3, and is pretty awesome in 5.4. It seems to not work at all in Windows, and requires you to compile readline to have it run in Unix/Mac OSX. Not sure if that is the default
|
|
#
?
Aug 9, 2012 19:50
|
|