I say that snoofle, in class discussions about security, should print or email an example SQL script that would vandalise the production DB and make it look like someone else was responsible, thereby fooling investigations. To cover his ass, he should emphasise that it's hypothetical.
warmachine
@warmachine
Best posts made by warmachine
Latest posts made by warmachine
-
RE: Mandatory Java Security Training
-
RE: How can the same people do both of these things?
The network must be ABC.
-
RE: Little Bobby Tables' mother would be proud
Surely data entry would fail in the first place, assuming it was manual?
-
RE: Yale School of Art
Every page says its editable by everyone and there seems to be a variety of authors. All those artists and not one with a sense of colour, layout or taste.
For reasons that are beyond me, the background for the Summer Courses page includes a photo of Kim Jong-il. Why?
-
RE: Yes Virginia, even more WTFs are real
@hoodaticus said:
Someone needs to be fired for not getting the concept of a HASHMAP.
He resigned, which is why I'm maintaining this code. I am told his wife was worse. -
RE: Yes Virginia, even more WTFs are real
@geocities said:
Maybe they used to use a list of int-string-pairs, but later changed it to a HashMap for optimization purposes.
Or the original author of the code was afraid that calling get on a nonexistent value could throw an exception.
Starting as a list of int/string pairs for micro-optimization purposes would be a possible explanation but failing to remove redundant code when trying to micro-optimise becomes a WTF. Alas, checking the history, the code has always used a HashMap. As for, non-existent keys, the Map interface is defined as returning null if the key can't be found, so no exception is thrown. -
Yes Virginia, even more WTFs are real
Java programmers may be confused by this real, production code extract till they follow the code step-by-step.
private static Map<Integer, String> cdwEvents = new HashMap<Integer, String>();
...
public static String getCdwEventName(int code) {
if (cdwEvents == null || cdwEvents.size() == 0)
initiliaseCdwEvents();
int key = 0;
for (Iterator<Integer> i = cdwEvents.keySet().iterator(); i.hasNext();) {
key = i.next();
if (key == code) {
return (String) cdwEvents.get(key);
}
}
return null;
}
They will wonder why the algorithm is manually iterating over the lookup keys of an in-memory table to find a record when a standard library class can already do this. Then they will realise the record retrieval line is actually using the standard library lookup, making all the code around it pointless. That is, the function can be reduced to the following and even that's got redundant checks.
public static String getCdwEventName(int code) {
if (cdwEvents == null || cdwEvents.size() == 0)
initiliaseCdwEvents();
return cdwEvents.get(code);
}
Then they will say "WTF!"
I have to maintain code like this. Weep for me.
-
RE: Yes Virginia, WTFs are real
@Power Troll said:
How is this a WTF? When your job is outsourced, it'll be easier to refactor those numbers into a more appropriate, local language. That's simply incredible foresight.
This may not be that far from the truth. It was written by an Indian immigrant who probably did previously work on outsourced projects. -
Yes Virginia, more WTFs are real
You've heard of the global date table WTF. It's not as ludicrous as you might think. My company uses a concept not entirely dissimilar: a global record status table, where records in various tables can have a status column that refer to it. The columns are commonly named STATUS_ID. It is not quite as bad because a status id does not need to refer to an entry in the status table and they're really constants. Status table records cannot be edited by any UI screen but that's OK because the records aren't used anyway, even for presentation layer text.
For the education of junior programmers, an example of the pain this causes is when maintaining legacy code. Here are the first 10 status values (out of 1522) listed in a constants file. Guess which statuses apply for documents processed for a bespoke, mobile app. And no peeking at documentation because there isn't any.
public static final Integer ACTIVE = new Integer(1);<BR/> public static final Integer HIDDEN = new Integer(2);<BR/> public static final Integer DELETED = new Integer(3);<BR/> public static final Integer INACTIVE = new Integer(4);<BR/> public static final Integer OK = new Integer(5);<BR/> public static final Integer ERROR = new Integer(6);<BR/> public static final Integer PENDING = new Integer(7);<BR/> public static final Integer DOWNLOADED = new Integer(8);<BR/> public static final Integer DLOADING = new Integer(9);<BR/> public static final Integer NEW = new Integer(10);<BR/>
Yes, you correctly guessed it. It is, in fact...
public static final Integer PP_DRAFT = new Integer(100);
public static final Integer PP_DELETED = new Integer(101);
public static final Integer PP_PENDING = new Integer(102);
public static final Integer PP_REJECTED = new Integer(103);
public static final Integer PP_PUBLISHED = new Integer(104);
public static final Integer PP_BEING_PUBLISHED = new Integer(105);
Experienced Java programmers will find it odd that these constants are Integer objects, not int primitive types, and suspect bugs when comparing Integer objects with the == operator as that is reference comparison. As all STATUS_ID columns do not allow null, they'd conclude it's not a problem because primitive/object comparisons compare values, not references. They'd be incorrect because STATUS_ID of any record is loaded into Integer objects, not int primitive types, even though a null status of any record is not allowed.
Just to add frustration to bugs, these constants cannot be used in case statements because they're not actually constants.
To finish off with the absurd, all these 'constants' are defined in a dedicated Status class, which is Serializable. Because instances of Status that are never created, and would contain no data if they were, must be transportable.
Weep for me.
-
Yes Virginia, WTFs are real
The Daily WTF is not fiction, people really do write stupid code. This is actual, production Java code that I now have to support.
public static final int ZERO = 0;<BR/> public static final int ONE = 1;<BR/> public static final int TWO = 2;<BR/> public static final int THREE = 3;<BR/> public static final int FOUR = 4;<BR/> public static final int FIVE = 5;<BR/> public static final int SIX = 6;<BR/> public static final int SEVEN = 7;<BR/> public static final int EIGHT = 8;<BR/> public static final int NINE = 9;<BR/>
Weep for me.