The Daily WTF

Angela's team hired someone who was "good" at SQL. When this person started, the team had some regular jobs which ran in the mornings. The jobs were fairly time consuming, and did a lot of database IO. When their current database person left for another job, they hired someone who had a "good grasp" on SQL. We'll call him Barry.

Barry started out by checking the morning jobs every day. And over time, the morning jobs started getting slower and slower. That was a concern, but Barry swore he had it under control. Barry did not share that a handful of slow queries- queries which took three or so minutes to run- had suddenly started taking 75+ minutes to run. Barry didn't think about the fact that a little time with the query planner and some indexes could have probably gotten performance back to where it should have been. Barry saw this problem and decided: "I'll write a Python script".

import time from datetime import datetime, timedelta import pytz # for time zone current_date = datetime.now() day_number = current_date.weekday() # integer value: 0 is Monday hub_1_ready = False hub_2_ready = False hub_1_results = [] hub_2_results = [] job_ran_later = False # If this job is manually run later in the day, avoid sending a "both hubs failed" email # Monday (day_number 0) runs later than the other 6 days if day_number == 0: end_time = datetime.strptime("08:30", "%H:%M") end_time = end_time.time() # get just the time portion else: end_time = datetime.strptime("07:30", "%H:%M") end_time = end_time.time() # get just the time portion # If this job is run later in the day than the normaolly scheduled time if datetime.now(pytz.timezone('US/Central')).time() > end_time: job_ran_later = True # Starting when Morning jobs are scheduled to kick off, check for completion of both hubs every 3 minutes until end_time. If both hubs are not a Success by end_time, an email is sent while datetime.now(pytz.timezone('US/Central')).time() < end_time: h1 = session.sql("SELECT LOG_STATUS FROM PROD_CTRL.CTRL.DRB_EXECUTION_LOG WHERE LOG_PROJECT = 'SRC_PROD_1' AND date(log_start_date) = current_date AND date(LOG_END_DATE) = current_date").take(1) hub_1_results = [] hub_1_results.append(h1) if str(hub_1_results[0]) == "[Row(LOG_STATUS='SUCCESS')]": hub_1_ready = True h2 = session.sql("SELECT LOG_STATUS FROM PROD_CTRL.CTRL.SRC_EXECUTION_LOG WHERE LOG_PROJECT = 'SRC_PROD_2' AND date(log_start_date) = current_date AND date(LOG_END_DATE) = current_date").take(1) hub_2_results = [] hub_2_results.append(h2) if str(hub_2_results[0]) == "[Row(LOG_STATUS='SUCCESS')]": hub_2_ready = True # If both hubs are Success, then break out of while loop, even if it's not end_time yet if hub_1_ready == True and hub_2_ready == True: break time.sleep(180) # Sleep for 3 minutes before trying again if not hub_1_ready and not hub_2_ready and job_ran_later == False: message = "Neither Hub_1 nor Hub_2 finished in time for Morning jobs." context.updateVariable('METL_MESSAGE', message) raise ValueError("send email: "+message) elif hub_1_ready == False and hub_2_ready == True: message = "Hub_1 did not finish in time for Morning jobs." context.updateVariable('METL_MESSAGE', message) raise ValueError("send email: "+message) elif hub_1_ready == True and hub_2_ready == False: message = "Hub_2 did not finish in time for Morning jobs" context.updateVariable('METL_MESSAGE', message) raise ValueError("send email: "+message) elif job_ran_later == True: message = "This job was run manually later in the day. Check that both Source hubs have completed. If you did not run this job, you can probably ignore this email." context.updateVariable('METL_MESSAGE', message) raise ValueError("send email: "+message)

I don't particularly like any of this. Some of it is just little ugliness, like the fact that job_ran_later and the closing if statements could be written to be much more clear. Or the way that, after our main while loop, which we'll come back to, we compare boolean variables against boolean literals.

The core of it is the while loop, which checks the current time, and while it's before the target end time, it runs a pair of queries. For each query it runs, it empties an array, then append the results (which we know is only one value, because they take(1)) to the array. Then they check the first element of the array against an expected string.

Why the arrays? Who knows. Perhaps at one point they thought they'd keep the results from multiple iterations, then decided against it. Why do the check against the string in the Python code and not the query? No idea, but maybe I don't have a "good grasp" of SQL. That said, with my bad grasp, I'm pretty sure I could figure out how to do all that in one single query and not two that are almost identical.

In any case, if we don't see what we want in the database, we sleep for three minutes, then try again.

At the end of the process, we check what happened and output messages and raise exceptions based on what we did see in the database.

It's also worth noting that Angela's team used a pretty reasonable job management system. All of their other scripts doing similar jobs didn't include retry logic inside themselves- they just failed. That let the job runner decide whether or not to retry, and that allowed all sorts of valuable configuration options that are more fine grained than "sleep for 3 minutes".

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

There is no particular theme this week, except that I have noticed many of these contributors are providing "customized" email addresses. This is a practice which I too have followed, to detect who is selling my email address to spammers. I would use a consistent login id for many web sites, and a decent password generated by a mental algorithm, with a unique email address for each site. It worked great until some website wanted to know specifically what "my" email address is, and I couldn't remotely remember which of 300 variant email addresses I had signed up for their services with.

First up, Martin is traveling by air. "I have heard it's so beautiful this time of year, so I look forward to visit @arrCity_SLPH." Martin helpfully explains "First sentence is in Danish: Your SAS-booking has been confirmed."

 

Dr. Bob Bobbers, PhD would rather drive. "Somehow I'm projected to arrive 20 minutes ago. I had started in one timezone and was finishing in the next timezone to the east, and when I had connectivity, the ETA was right, but somehow seems to have stopped computing correctly when I went offline."

 

Caleb B. thinks Amazon's AI-generated coding practices don't compute. "I've been working with my kid a lot with her math homework explaining that the alligator eats the bigger number. I think someone at Amazon needs to learn it too."

 

Andrew knows that there's a difference between > and ⋝. "Tried to upload my insurance card back and front. Apparently I cannot please the webserver."

 

And finally, Daniel D. has a timely reminder that we should all bear in mind so that nobody else has to: "Set your country, set your time zone and they should match. Google thinks otherwise, offering only one option (Czechia) for the selected country (Slovakia). The timezone is correct as the whole Central Europe uses the same time (CET). But the basic rule of usability is: Don't make me think!"

 

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

Amity sends us a "weird" replacement, and I regret to inform you, it's not as weird as it should be.

$body = str_replace(['<pre><code>', '</code></pre>'], ['<pre>', '</pre>'], $body);

This PHP code scans through a string containing HTML and replaces all the <pre><code>.../<code></pre> tags with just <pre></pre>. And yes, that's a weird thing to do; these mean different things, after all. pre tells us the text is preformatted and things like extra whitespace and line breaks should be respected. code tells us the text represents some sort of code. Usually, that involves respecting the formatting, but it also generally involves rendering in a monospace font.

And this touches upon one of my complaints about this very site. A complaint I don't complain about much, because I could easily fix it, and also it doesn't bother me that much, but also, I don't want to be maintaining our little homegrown CMS more than I have to, so I haven't done it.

Quite some time ago, we did a redesign here. It was fairly necessary, as the site old 100% didn't work on mobile devices. At the time, one habit was en vogue amongst web developers: clear all the formatting rules from the default browser stylesheet and replace them with your own. I can sympathize with that, I suppose. It's certainly one way to deal with cross browser rendering quirks: burn everything to the ground and build up from scratch. You'll still have cross browser quirks, but they'll all be your fault, and your fault alone. And another "quirk" that showed up in that rebuilding, and a quirk I've seen on a depressing number of other sites: make pre content be in monospace.

For some reason I don't fully understand, there was a brief period in CSS styling where people willfully collapsed the distinction between pre and code, and just turned them into the same thing. I'm admittedly a bit of a semantic snob (HTML is a DATA format not a PRESENTATION format, it's still SGML to me).

In any case, this doesn't impact you, our dear readers, who instead get a sometimes confounding Markdown comment box with bad editing support. But I post articles here in pure HTML, and while I rarely need a pre tag, every once in awhile, the default site stylesheet throws me off.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

A few holiday seasons ago, Paul S was doing the requisite holiday shopping online, looking for those perfectly impersonal but mildly thoughtful gifts that many companies specialize in. This was one of the larger such vendors, well known for its fruit-filled gift baskets. As is not uncommon for our readers, when the site started misbehaving, he pulled up the dev tools. He didn't solve the problem, but he did learn a lot about how they were managing their API keys, as this was exposed to the client:

env: { APP_AUTH0_GUID: 'ctZZL1BqgKm9kBmDEKAjt0yBeQ47Cpwl XS0xxpLFS5g8o-EUpSu4fi9ecOqN19WnXn-EqI9yaupwme22bKuBd2jH3Kf3QngZ', APP_LOGGING_ENABLED: 'true', APP_LOGGING_SERVICE_PATH: 'r/api/logging/mbp-ui', REACT_APP_MBP_LOGGER_CONSOLE: 'ERROR', APP_TIQ_ACCOUNT: '1800flowers', APP_TIQ_PROFILE: 'full', APP_TIQ_ENV: 'prod', APP_PAYPAL_SDK_URL: 'https://www.paypal.com/sdk/js', APP_PAYPAL_CLIENT_ID: 'AcYrxrOkFwUnMKRoJmkOR0N6caopqRNqwNRxy6H-EvZ-IKUz22i-E0uT0uMT7JQZEC33Oy1HCNsgm_le', APP_PAYPAL_ENV: 'production', APP_PAYPAL_SOURCE: 'PWA', APP_VENMO_ENV: 'production', APP_VENMO_PROFILE_ID: '2705494007504552889', APP_AUTH_LOGIN_SOURCE: 'undefined', APP_SG_BASKET_SCRIPT: 'https://cdn2.smartgiftit.com/scripts/widgets/gift-basket.js', APP_AUTH_DOMAIN: 'login.celebrations.com', APP_AUTH_AUDIENCE: 'celebrations-prod.1800-flowers.auth0.com', APP_STATUS_BAR_ENABLED: 'true', APP_WALLET_ENABLED: 'true', APP_VERIFY_ADDRESS_HOST: 'api.edq.com', APP_VERIFY_ADDRESS_AUTH_TOKEN: '47d991c9-043e-4073-bee3-a5c8922baa3a', APP_FULLSTORY_ORG_ID: 'MXD30', APP_GRAPHQL_ENV: 'production', APP_VISA_CHECKOUT_API_KEY: 'B0LQRDVCE0LWKBHR880J14gCRlEjr_UqLhh6V-yYRAmcvD0W8' }

I've gone ahead and mangled the keys, and given that this was a few holidays ago, I'd hope the retailer in question has fixed their website. But as you can see, it was pushing API keys for payment processors, along with potential authentication tokens and internal IDs. Now, I would hope most of these required additional authentication to be useful, and that a malicious actor couldn't do anything nasty with this information- but that's a dim hope. Even with the data exposed here, I wonder if someone could flip APP_PAYPAL_ENV to "development" or "test" and run some transactions through. Or do the same with Venmo.

This is a React app, based on some of the keys, using Graphql for communicating with the back end, and that hits at the fact that it's a single-page application. Probably, the developers were trying to build once for the web and for a "website bundled in an app" deployment for smart phones. And the result is that they weren't thinking about the distinction between "public" and "private" information- they had state to manage,so they managed it. By sending it to the client. Where anyone could see it. But it looked good, they shipped it, and they made sales, so everyone was happy.

For a time.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

Today, it's not exactly the code that was bad. For some time, a government agency had been collecting information from users using fillable PDF forms. The user would submit the form, and then a data entry clerk would copy the text from the form into a database. This, of course, raised the question: why was someone manually riding the copy/paste button?

Sally was tasked with automating this. The data is already in a digital format, so it should be easy to use a PDF library to parse out the entered data and insert it into the database. And it almost was.

Sally shares with us, not code, but the output of her program which scanned the fields, looking for their names:

FieldType: Text FieldName: T5ZA1 FieldNameAlt: T5ZA1 FieldFlags: 25165824 FieldJustification: Left FieldMaxLength: 3 --- FieldType: Text FieldName: T5ZA2 FieldNameAlt: T5ZA2 FieldFlags: 25165824 FieldJustification: Left FieldMaxLength: 2 --- FieldType: Text FieldName: T5ZA3 FieldNameAlt: T5ZA3 FieldFlags: 25165824 FieldJustification: Left FieldMaxLength: 4

I could go on, Sally certainly shared many more examples, but you can get the gist. The names were all cryptic five character blobs. They all start with T5Z, and followed by "letternumber": A3, B9, C2, etc. It has the vibe of being autogenerated; someone just never considered that they might want clear names for the fields, and just let their editor autonumber them, but that has one counterpoint to it: the letter "O" is never used. T5ZN9 is followed by T5ZP1.

Sally was left scratching her head. Of course, she was going to have to write some sort of lookup that would convert the PDF's field names into database field names, but she expected that the PDF would provide at least some sort of guidance on that front.

I really enjoy that the alt-text for every field is also the field name, which is a clear accessibility "win".

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

It is eminently reasonable for companies to have "readability standards" for their code. You're writing this code for humans to read, after all, at least in theory. You need to communicate to future inheritors of your code.

But that doesn't mean readability standards are good. Tony's company, for example, has rules about returning boolean values from functions, and those rules mean you are expected to write code like this:

public bool Completed () { if (completed == true) { return true; } else { return false; } }

It's more "explicit" this way. Which I certainly would have explicit things to say if I were told I needed to write code this way. Also, what's with the non-indented return statements? Is that also part of their coding standards?

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

In only a handful of years, four Liverpudlian scruffs clawed their way from obscurity to unprecedented worldwide celebrity.
Yeah, yeah, yeah.
Already making a mint from "Money" and other hits, by 1965 they were MBEs, and suddenly discovered class solidarity -- with the rest of the singlet-clad bathers in their grottos of ducats. To be fair, a 97% marginal rate does make it hard for a lad to break into the ranks of true generational wealth.
So in 1966, George Harrison and his newly-minted toffs released the anti-government protest shriek of the upper class, and even now, we Americans share their pain in this our momen of reckoning with ... the Tax Man.

The Beast in Black first complained "I tried to get my W2 (for our non-Murican friends, that's the statement from your employer showing how much they paid you and how much tax they deducted) from ADP, and apparently their programmers did a number (two) on the form. TRWTF is that the damn form actually works if I add the slash separators to the date components."

 

And again he moaned "Frankly, I'm a little too scared by this WTF to be snarky; I'd expect a Tax Accounting firm - H&R Block in this case - to not have such basic accounting WTFs. Perhaps they should change their name to H&R Blockhead...?"

 

Adam R. remarked "It's tax season again. I hope their tax return backend is better than their JavaScript frontend that set the tooltip on this image to [object Object]."

 

Frustrated Dustin S. is trying to comply: "I logged into my credit union to download the tax documents for my account, but when I clicked on the link, this is what I got. Maybe doing taxes by invoice in the U.S. now?"

 

And looking to the future, the tax man cometh inevitably for Michael R. , though not today. "In green: I want to enter a discount for the items I'm selling. The error says:"Invalid discount amount. Please enter a discount of less than €0.00 (packaging costs + taxes).". Yes, I have also tried to enter -7,41 without any luck. In blue: It says:"Total amount approx.". Maybe one of the ebay lawyers figured out they are using float data types and wants to cover their bottoms against the rounding errors?"

 

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

Read (Part One here)

When Ellis awoke on Sunday, the unusual cold broke through her drowsiness right away. Her new thermostat was programmed to maintain a lower temperature overnight, but at 6:30AM, it was supposed to climb again, kicking the heat on right when she got out of bed.

Why was it so cold? Why was the furnace dead silent? Something must've gone wrong again. So soon?

It sucked to get out of bed when it was dark and cold, but Ellis had no choice. She forced herself to peel back the covers and launch into her morning routine. Her cat shadowed her, helpfully letting her know several times that his plate had no food on it.

She attended to the cat's needs first before approaching the thermostat downstairs. The set point was at the overnight setting even though it claimed to be following her programmed schedule. Using the touchscreen interface, she increased the set point manually. The heat cut on just fine from there, thank goodness.

Through her dehydrated, hungry, uncaffeinated haze, Ellis suddenly remembered the time change. They had "sprung ahead" for Daylight Saving Time. Had her new thermostat joined them in this archaic ritual?

It had not. Checking its day/time settings, Ellis found the time an hour behind. She pressed her index finger onto the hour, expecting a dial or drop-down or some other such control to appear. Nothing. Hours, minutes, and AM/PM were all fixed. Only the time zone could be changed. It was currently set to EST. Opening the drop-down menu, none of the options she skimmed over looked promising.

Her old thermostat (out of support, incompatible with her new HVAC system) had handled time changes all by itself, and had allowed every possible manual adjustment one could wish for. It frustrated Ellis that the latest so-called "smart" thermostat couldn't manage the same despite being hooked up to the Internet at all times.

Part of her wanted to keep digging at this, but it was way too early. Ellis was unprepared in every possible way to descend into a troubleshooting rabbit-hole. She had places to be that morning. The heat was working, that was all that really mattered. More importantly, someone from the HVAC company was already scheduled to perform a 1-week follow-up test of her newly-installed system in a couple of days. She could disable the schedule and make manual adjustments until the technician arrived.

With HVAC having taken center stage in her brainspace for over a month by that point, Ellis desperately needed to give herself this break.

The technician who arrived was equally mystified. He tried a factory reset of the thermostat, which had no effect. It was determined that future time changes would have to be handled manually by toggling the time zone between EST and ... Eastern. An unhelpful label that Ellis' sleepy brain had completely glossed over early on Sunday morning.

Annoying, but not the end of the world.

Once the technician tested her system (all good, thankfully) and left, Ellis sat down in front of her laptop to check her usual subreddits. Ah, the World Baseball Classic! Someone had posted a highlight reel of her favorite baseball team's best pitcher—arguably the best pitcher on the planet—recording 7 strikeouts in a single game. She opened up the video, eager to watch.

Why the hell is Ellis suddenly telling you about sportsball? Because, in an amazing coincidence, she spied the name of the company that had built her new thermostat, right there on the backstop behind home plate!

So they had WBC advertising money, but couldn't pony up for a sensible day/time interface. Ellis suspects she's in for an interesting couple of decades ... assuming her new system lasts that long.

P.S. Since Ellis has shamelessly segued her way into sportsball, there's something else she wants to share: a new player on her favorite team, Jhostynxon Garcia, is nicknamed The Password.

His younger brother Johanfran, also a baseball player, is called The Username.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Today's anonymous submitter passes us a single line of JavaScript, and it's a doozy. This line works, but that's through no fault of the developer behind it.

{arr?.length && shouldNotShow === false > 0 (...)}

Pedantically, this is JSX, not pure JavaScript, but the rules still apply.

So, fun fact in JavaScript: true > 0 is true, and false > 0 is false. Which generally makes sense, but why would you use that here? But this code is worse than it looks, thanks to operator precedence.

The highest precedence operation is the optional chain- arr?.length. The second highest operation? >. So the first part of the comparison that evaluates is false > 0. Which is false. Do you know what's next? ===. So we compare shouldNotShow to false. Then we && that with the potentially falsy value from our arr?.length.

It's all a mess, and it's all so we can compare against false, which we could have just done with a ! operator. !(arr?.length && shouldNotShow).

Our submitter credits this to an offshore team, and this does have the vibe of throwing characters at the problem until it passes the test. Less LLM-guided and more "manually executed Markov chain". That's also an accurate description of the rest of the code in this code base: hand crafted Markov chain generation.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

Capybara James sends us some code which is totally designed to be modular.

This particular software accepts many kinds of requests which it then converts into a request for a ListView. This is a perfect example of where to use polymorphism, so you can write one transform method that operates on any kind of request.

Let's see how they did it:

@Component public class ListViewTableRequestTransformer implements Function<TableExportRequest, ListViewRequest> { @Override public ListViewRequest apply(TableExportRequest request) { return new ListViewRequest(request.getFilters(), request.getRangeFilters(), request.getSearch(), request.getSort()); } } @Component public class ListViewFormulaRequestTransformer implements Function<FormulaExportRequest, ListViewRequest> { @Override public ListViewRequest apply(FormulaExportRequest request) { return new ListViewRequest(request.getFilters(), request.getRangeFilters(), request.getSearch(), request.getSort()); } }

Now admittedly, my first instinct for letting generics just handle this wouldn't work in Java thanks to type erasure. My excuse is that I've been using C++ templates for too long. But what's not pictured in this code is that TableExportRequest and FormulaExportRequest both implement the same base interface, which means polymorphism could still condense this down into a single function: ListViewRequest apply(RequestInterface request).

Duplicated code like this is like cockroaches. You've seen two, which means there are many many more lurking in the codebase. All of the various request types get their own identical method, differing only in signature.

All my explanation doesn't sum this up as pithily as Capybara James did, however:

There was an attempt to make the code modular and scalable. An attempt I say.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

Dana sends us a WTF that'll turn your head. She was shopping for new hard drives, and was doing it from her phone, a fairly reasonable tool to use for online shopping these days. She opened the website of one vendor, and it was rotated 90 degrees. Or half-pi radians, for those of us that are more used to sensible units.

This was irrespective of any rotation settings on her phone, the website insisted on showing itself in landscape mode. This created quite the unusual appearance when she held her phone in portrait orientation: the browser chrome surrounding the content was in portrait mode, but the page itself was in landscape.

Obviously, this is a terrible design choice. But Dana wanted to know more. So she started digging in. There was no sign of this behavior on a desktop, which sure, I'd hope not. Attempting to use wget to download the page caused a 403. Using curl downloaded a JavaScript challenge. Fine, they didn't want bots, but Dana wasn't a bot.

Poking around in the network tab of the desktop browser's debugging tools helped Dana learn a few things. First: the line endings in the files were all CRLF, implying that all development happened on Windows machines. Maybe that's not interesting, but in 2026, it feels unusual. Second, the page is setting a PHPSESSID cookie, so clearly the backend is written in PHP. But most important, Dana is able to piece together what she needs to successfully use curl to download the page, once pretending to be a desktop browser, and once pretending to be a mobile browser. With that, she ran a diff to see what changed.

The desktop version started with 42 blank lines. The mobile version started with 41. The rest of the pages were substantially the same, with two exceptions. First, the mobile page also added a stylesheet called stylesheet-responsive.css. I assume that name was chosen because irony is dead; nothing about this site is responsive. Second, there was a subtle difference in the body tags.

You see, both pages had a body tag like this:

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF">

But the mobile page, continued from there:

<!-- header //--> <body id="landscape_mode_only" marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF">

Yes, the mobile version has two body tags.

Dana writes:

Even though I don't have access to the real PHP source-code, I can imagine what it looks like.

Somewhere in that PHP source-code there is browser-detection (or rather browser-sniffing) and that toggles if it should serve a slightly different HTML code to the user. I do not want to work for that website, I do not want to look at that backend source-code. And I have to feel sorry and respect for the browser developers, as they have to write software that can handle completely broken HTML.

While I hate the results, the fact that the HTML specification originally required clients to render even the most broken HTML is arguably a really good design choice. Expecting people to do the right thing never works out for you.

Let's not forget their "responsive" CSS, which is obviously worth looking at, even if it's obvious what it must be:

@media only screen and (orientation:portrait) { #landscape_mode_only { height:98vw; -webkit-transform:rotate(90deg); -moz-transform:rotate(90deg); -o-transform:rotate(90deg); -ms-transform:rotate(90deg); transform:rotate(90deg) } }

This forces everything in the body to rotate sideways.

Look, actually responsive design is hard. But "just force the page into landscape mode no matter what the user does" is definitely not the solution.

And Dana points out one last thing:

As a cherry on the top, observe how the comment that marks the end of the header is placed after the <body> starts. Which is wrong already, but also stupid, because </head> already marks the end of the head. And the head is not really the header.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

Here's a weird email but IMO the erorr is just the odd strikethrough. Bill T. explains: "From my Comcast email spam folder. It was smart enough to detect it was spam, but... spam from a trusted sender? And either the delivery truck is an emoji (possible), an embedded image (maybe?), or Comcast is not actually blocking external images." I'd like to see the actual email, could you forward it to us? My guess is that we're seeing a rare embedded image. Since embedding images was the whole point of MIME in the first place, I have found it odd that they're so so hard to construct with typical marketing mass mailers, and I almost never receive them.

 

The WTFs are heating up for Peter G. . Or cooling off. It's one or the other. "Fiji seems to be experiencing a run of temperature inversions. Must be something to do with climate change. "

 

Back with a followup, dragoncoder047 has a plan to rule the world. "I was looking up some closed-loop stepper motors for a robotics project when StepperOnline gave me this error message. Evidently they don't think my project is a good idea. "

 

"My %@ package is missing!" ranted Orion S. "After spending the day restoring my system, I can offer alternatives such as the "@&*% you!" package."

 

Soon-to-be journalist Marc Würth buries the lede: "Not really looking for a job but that is certainly a rare opening." Okay, but what I really want to know is what that Slashdot article is about. Do I even have a Slashdot account still? Why, yes I do.

 

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

Today's Anonymous submitter sends us some React code. We'll look at the code and then talk about the WTF:

// inside a function for updating checkboxes on a page if (!e.target.checked) { const removeIndex = await checkedlist.findIndex( (sel) => sel.Id == selected.Id, ) const removeRowIndex = await RowValue.findIndex( (sel) => sel == Index, ) // checkedlist and RowValue are both useState instances.... they should never be modified directly await checkedlist.splice(removeIndex, 1) await RowValue.splice(removeRowIndex, 1) // so instead of doing above logic in the set state, they dont setCheckedlist(checkedlist) setRow(RowValue) } else { if (checkedlist.findIndex((sel) => sel.Id == selected.Id) == -1) { await checkedlist.push(selected) } // same, instead of just doing a set state call, we do awaits and self updates await RowValue.push(Index) setCheckedlist(checkedlist) setRow(RowValue) }

Comments were added by our submitter.

This code works. It's the wrong approach for doing things in React: modifying objects controlled by react, instead of using the provided methods, it's doing asynchronous push calls. Without the broader context, it's hard to point out all the other ways to do this, but honestly, that's not the interesting part.

I'll let our submitter explain:

This code is black magic, because if I update it, it breaks everything. Somehow, this is working in perfect tandem with the rest of the horrible page, but if I clean it up, it breaks the checkboxes; they're no longer able to be clicked. Its forcing React somehow to update asynchronously so it can use these updated values correctly, but thats the neat part, they aren't even being used anywhere else, but somehow the re-rendering page only accepts awaits. I've tried refactoring it 5 different ways to no avail

That's what makes truly bad code. Code so bad that you can't even fix it without breaking a thousand other things. Code that you have to carefully, slowly, pick through and gently refactor, discovering all sorts of random side-effects that are hidden. The code so bad that you actually have to live with it, at least for awhile.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

Aankhen has a peer who loves writing Python scripts to automate repetitive tasks. We'll call this person Ernest.

Ernest was pretty proud of some helpers he wrote to help him manage his Docker containers. For example, when he wanted to stop and remove all his running Docker containers, he wrote this script:

#!/usr/bin/env python import subprocess subprocess.run("docker kill $(docker ps -q)", shell=True) subprocess.run("docker rm $(docker ps -a -q)", shell=True)

He aliased this script to docker-stop, so that with one command he could… run two.

"Ernest," Aankhen asked, "couldn't this just be a bash script?"

"I don't really know bash," Ernest replied. "If I just do it in bash, if the first command fails, the second command doesn't run."

Aankhen pointed out that you could make bash not do that, but Ernest replied: "Yeah, but I always forget to. This way, it handles errors!"

"It explicitly doesn't handle errors," Aankhen said.

"Exactly! I don't need to know when there are no containers to kill or remove."

"Okay, but why not use the Docker library for Python?"

"What, and make the software more complicated? This has no dependencies!"

Aankhen was left with a sinking feeling: Ernest was either the worst developer he was working with, or one of the best.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

Every once in awhile, we get a bit of terrible code, and our submitter also shares, "this isn't called anywhere," which is good, but also bad. Ernesto sends us a function which is called in only one place:

/// /// Shutdown server /// private void shutdownServer() { shutdownServer(); }

The "one place", obviously, is within itself. This is the Google Search definition of recursion, where each recursive call is just the original call, over and over again.

This is part of a C# service, and this method shuts down the server, presumably by triggering a stack overflow. Unless C# has added tail calls, anyway.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

Our anonymous submitter relates a tale of simplification gone bad. As this nightmare unfolds, imagine the scenario of a new developer coming aboard at this company. Imagine being the one who has to explain this setup to said newcomer.

Imagine being the newcomer who inherits it.

David's job should have been an easy one. His company's sales data was stored in a database, and every day the reporting system would query a SQL view to get the numbers for the daily key performance indicators (KPIs). Until the company's CTO, who was proudly self-taught, decided that SQL views are hard to maintain, and the system should get the data from one of those new-fangled APIs instead.

But how does one call an API? The reporting system didn't have that option, so the logical choice was Azure Data Factory to call the API, then output the data to a file that the reporting system could read. The only issue was that nobody on the team spoke Azure Data Factory, or for that matter SQL. But no problem, one of David's colleagues assured, they could do all the work in the best and most multifunctional language ever: C#.

But you can't just write C# in a data factory directly, that would be silly. What you can do is have the data factory pipeline call an Azure function, which calls a DLL that contains the bytecode from C#. Oh, and a scheduler outside of the data factory to run the pipeline. To read multiple tables, the pipeline calls a separate function for each table. Each function would be based on a separate source project in C#, with 3 classes each for the HTTP header, content, and response; and a separate factory class for each of the actual classes.

After all, each table had a different set of columns, so you can't just re-use classes for that.

There was one little issue: the reporting system required an XML file, whereas the API would export data in JSON. It would be silly to expect a data factory, of all things, to convert this. So the CTO's solution was to have another C# program (in a DLL called by a function from a pipeline from an external scheduler) that reads the JSON document saved by the earlier program, uses foreach to go over each element, then saves the result as XML. A distinct program for each table, of course, requiring distinct classes for header, content, response, and factories thereof.

Now here's the genius part: to the C# class representing the output data, David's colleague decided to attach one different object for each input table required. The data class would use reflection to iterate over the attached objects, and for each object, use a big switch block to decide which source file to read. This allows the data class to perform joins and calculations before saving to XML.

To make testing easier, each calculation would be a separate function call. For example, calculating a customer's age was a function taking struct CustomerWithBirthDate as input, use a foreach loop to copy all the data except replacing one field, and return a CustomerWithAge struct to pass to the next function. The code performed a bit slowly, but that was an issue for a later year.

So basically, the scheduler calls the data factory, which calls a set of Azure functions, which call a C# function, which calls a set of factory classes to call the API and write the data to a text file. Then, the second scheduler calls a data factory, which calls Azure functions, which call C#, which calls reflection to check attachment classes, which read the text files, then call a series of functions for each join or calculation, then call another set of factory classes to write the data to an XML file, then call the reporting system to update.

Easy as pie, right? So where David's job could have been maintaining a couple hundred lines of SQL views, he instead inherited some 50,000 lines of heavily-duplicated C# code, where adding a new table to the process would easily take a month.

Or as the song goes, Somebody Told Me the User Provider should use an Adaptor to Proxy the Query Factory Builder ...

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

First up with the money quote, Peter G. remarks "Hi first_name euro euro euro, look how professional our marketing services are! "

 

"It takes real talent to mispell error" jokes Mike S. They must have done it on purpose.

 

I long wondered where the TikTok profits came from, and now I know. It's Daniel D. "I had issues with some incorrectly documented TikTok Commercial Content API endpoints. So I reached out to the support. I was delighted to know that it worked and my reference number was . PS: 7 days later I still have not been contacted by anyone from TikTok. You can see their support is also . "

 

Fortune favors the prepared, and Michael R. is very fortunate. "I know us Germans are known for planning ahead so enjoy the training on Friday, February 2nd 2029. "

 

Someone other than dragoncoder047 might have shared this earlier, but this time dragoncoder047 definitely did. "Digital Extremes (the developers of Warframe) were making many announcements of problems with the new update that rolled out today [February 11]. They didn’t mention this one!"

 

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

We mostly don't pick on bad SQL queries here, because mostly the query optimizer is going to fix whatever is wrong, and the sad reality is that databases are hard to change once they're running; especially legacy databases. But sometimes the code is just so hamster-bowling-backwards that it's worth looking into.

Jim J has been working on a codebase for about 18 months. It's a big, sprawling, messy project, and it has code like this:

AND CASE WHEN @c_usergroup = 50 AND NOT EXISTS(SELECT 1 FROM l_appl_client lac WHERE lac.f_application = fa.f_application AND lac.c_linktype = 840 AND lac.stat = 0 AND CASE WHEN ISNULL(lac.f_client,0) <> @f_client_user AND ISNULL(lac.f_c_f_client,0) <> @f_client_user THEN 0 ELSE 1 END = 1 ) THEN 0 ELSE 1 END = 1 -- 07.09.2022

We'll come back to what it's doing, but let's start with a little backstory.

This code is part of a two-tier application: all the logic lives in SQL Server stored procedures, and the UI is a PowerBuilder application. It's been under development for a long time, and in that time has accrued about a million lines of code between the front end and back end, and has never had more than 5 developers working on it at any given time. The backlog of feature requests is nearly as long as the backlog of bugs.

You may notice the little date comment in the code above. That's because until Jim joined the company, they used Visual Source Safe for version control. Visual Source Safe went out of support in 2005, and let's be honest: even when it was in support it barely worked as a source control system. And that's just the Power Builder side- the database side just didn't use source control. The source of truth was the database itself. When going from development to test to prod, you'd manually export object definitions and run the scripts in the target environment. Manually. Yes, even in production. And yes, environments did drift and assumptions made in the scripts would frequently break things.

You may also notice the fields above use a lot of Hungarian notation. Hungarian, in the best case, makes it harder to read and reason about your code. In this case, it's honestly fully obfuscatory. c_ stands for a codetable, f_ for entities. l_ is for a many-to-many linking table. z_ is for temporary tables. So is x_. And t_. Except not all of those "temporary" tables are truly temporary, a lesson Jim learned when trying to clean up some "junk" tables which were not actually junk.

I'll let Jim add some more detail around these prefixes:

an "application" may have a link to a "client", so there is an f_client field; but also it references an "agent" (which is also in the f_client table, surpise!) - this is how you get an f_c_f_client field. I have no clue why the prefix is f_c_ - but I also found c_c_c_channel and fc4_contact columns. The latter was a shorthand for f_c_f_c_f_c_f_contact, I guess.

"f_c_f_c_f_c_f_c" is also the sound I'd make if I saw this in a codebase I was responsible for. It certainly makes me want to change the c_c_c_channel.

With all this context, let's turn it back over to Jim to explain the code above:

And now, with all this background in mind, let's have a look at the logic in this condition. On the deepest level we check that both f_client and f_c_f_client are NOT equal to @f_client_user, and if this is the case, we return 0 which is NOT equal to 1 so it's effectively a negation of the condition. Then we check that records matching this condition do NOT EXIST, and when this is true - also return 0 negating the condition once more.

Honestly, the logic couldn't be clearer, when you put it that way. I jest, I've read that twelve times and I still don't understand what this is for or why it's here. I just want to know who we can prosecute for this disaster. The whole thing is a quadruple negative and frankly, I can't handle that kind of negativity.

.comment { border: none; } [Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Today's snippet from Rich D is short and sweet, and admittedly, not the most TFs of WTFs out there. But it made me chuckle, and sometimes that's all we need. This Java snippet shows us how to delete a file:

if (Files.exists(filePath)) { Files.deleteIfExists(filePath); }

If the file exists, then if it exists, delete it.

This commit was clearly submitted by the Department of Redundancy Department. One might be tempted to hypothesize that there's some race condition or something that they're trying to route around, but if they are, this isn't the way to do it, per the docs: "Consequently this method may not be atomic with respect to other file system operations." But also, I fail to see how this would do that anyway.

The only thing we can say for certain about using deleteIfExists instead of delete is that deleteIfExists will never throw a NoSuchFileException.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

Agatha has inherited some Windows Forms code. This particular batch of such code falls into that delightful category of code that's wrong in multiple ways, multiple times. The task here is to disable a few panels worth of controls, based on a condition. Or, since this is in Spanish, "bloquear controles". Let's see how they did it.

private void BloquearControles() { bool bolBloquear = SomeConditionTM; // SomeConditionTM = a bunch of stuff. Replaced for clarity. // Some code. Removed for clarity. // private System.Windows.Forms.Panel pnlPrincipal; foreach (Control C in this.pnlPrincipal.Controls) { if (C.GetType() == typeof(System.Windows.Forms.TextBox)) { C.Enabled = bolBloquear; } if (C.GetType() == typeof(System.Windows.Forms.ComboBox)) { C.Enabled = bolBloquear; } if (C.GetType() == typeof(System.Windows.Forms.CheckBox)) { C.Enabled = bolBloquear; } if (C.GetType() == typeof(System.Windows.Forms.DateTimePicker)) { C.Enabled = bolBloquear; } if (C.GetType() == typeof(System.Windows.Forms.NumericUpDown)) { C.Enabled = bolBloquear; } } // private System.Windows.Forms.GroupBox grpProveedor; foreach (Control C1 in this.grpProveedor.Controls) { if (C1.GetType() == typeof(System.Windows.Forms.TextBox)) { C1.Enabled = bolBloquear; } if (C1.GetType() == typeof(System.Windows.Forms.ComboBox)) { C1.Enabled = bolBloquear; } if (C1.GetType() == typeof(System.Windows.Forms.CheckBox)) { C1.Enabled = bolBloquear; } if (C1.GetType() == typeof(System.Windows.Forms.DateTimePicker)) { C1.Enabled = bolBloquear; } if (C1.GetType() == typeof(System.Windows.Forms.NumericUpDown)) { C1.Enabled = bolBloquear; } } // private System.Windows.Forms.GroupBox grpDescuentoGeneral; foreach (Control C2 in this.grpDescuentoGeneral.Controls) { if (C2.GetType() == typeof(System.Windows.Forms.TextBox)) { C2.Enabled = bolBloquear; } if (C2.GetType() == typeof(System.Windows.Forms.ComboBox)) { C2.Enabled = bolBloquear; } if (C2.GetType() == typeof(System.Windows.Forms.CheckBox)) { C2.Enabled = bolBloquear; } if (C2.GetType() == typeof(System.Windows.Forms.DateTimePicker)) { C2.Enabled = bolBloquear; } if (C2.GetType() == typeof(System.Windows.Forms.NumericUpDown)) { C2.Enabled = bolBloquear; } } // Some more code. Removed for clarity. }

This manages two group boxes and a panel. It checks a condition, then iterates across every control beneath it, and sets their enabled property on the control. In order to do this, it checks the type of the control for some reason.

Now, a few things: every control inherits from the base Control class, which has an Enabled property, so we're not doing this check to make sure the property exists. And every built-in container control automatically passes its enabled/disabled state to its child controls. So there's a four line version of this function where we just set the enabled property on each container.

This leaves us with two possible explanations. The first, and most likely, is that the developer responsible just didn't understand how these controls worked, and how inheritance worked, and wrote this abomination as an expression of that ignorance. This is extremely plausible, extremely likely, and honestly, our best case scenario.

Because our worse case scenario is that this code's job isn't to disable all of the controls. The reason they're doing type checking is that there are some controls used in these containers that don't match the types listed. The purpose of this code, then, is to disable some of the controls, leaving others enabled. Doing this by type would be a terrible way to manage that, and is endlessly confusing. Worse, I can't imagine how this behavior is interpreted by the end users; the enabling/disabling of controls following no intuitive pattern, just filtered based on the kind of control in use.

The good news is that Agatha can point us towards the first option. She adds:

They decided to not only disable the child controls one by one but to check their type and only disable those five types, some of which aren't event present in the containers. And to make sure this was WTF-worthy the didn't even bother to use else-if so every type is checked for every child control

She also adds:

At this point I'm not going to bother commenting on the use of GetType() == typeof() instead of is to do the type checking.

Bad news, Agatha: you did bother commenting. And even if you didn't, don't worry, someone would have.

.comment { border: none; } [Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.