I’ll give an example. At my previous company there was a program where you basically select a start date, select an end date, select the system and press a button and it reaches out to a database and pulls all the data following that matches those parameters. The horrors of this were 1. The queries were hard coded.
-
They were stored in a configuration file, in xml format.
-
The queries were not 1 entry. It was 4, a start, the part between start date and end date, the part between end date and system and then the end part. All of these were then concatenated in the program intermixed with variables.
-
This was then sent to the server as pure sql, no orm.
-
Here’s my favorite part. You obviously don’t want anyone modifying the configuration file so they encrypted it. Now I know what you’re thinking at some point you probably will need to modify or add to the configuration so you store an unencrypted version in a secure location. Nope! The program had the ability to encrypt and decrypt but there were no visible buttons to access those functions. The program was written in winforms. You had to open the program in visual studio, manually expand the size of the window(locked size in regular use) and that shows the buttons. Now run the program in debug. Press the decrypt button. DO NOT EXIT THE PROGRAM! Edit the file in a text editor. Save file. Press the encrypt button. Copy the encrypted file to any other location on your computer. Close the program. Manually email the encrypted file to anybody using the file.
Floats for currency in a payments platform.
The system will happily take a transaction for $121.765, and every so often there’s a dispute because one report ran it through round() and another through floor().
Did either of those do banker’s rounding?
One time, I had to request firewall access for a machine we were deploying to, and they had an Excel sheet to fill in your request. Not great, I figured, but whatever.
Then I asked who to send the Excel file to and they told me to open a pull request against a Git repo.
And then, with full pride, the guy tells me that they have an Ansible script, which reads the Excel files during deployment and rolls out the firewall rules as specified.In effect, this meant:
- Of course, I had specified the values in the wrong format. It was just plaintext fields in that Excel, with no hint as to how to format them.
- We did have to go back and forth a few times, because their deployment would fail from the wrong format.
- Every time I changed something, they had to check that I’m not giving myself overly broad access. And because it’s an Excel, they can’t really look at the diff. Every time, they have to open it and then maybe use the Excel version history to know what changed? I have no idea how they actually made that workable.
Yeah, the whole time I was thinking, please just let me edit an Ansible inventory file instead. I get that they have non-technical users, but believe it or not, it does not actually make it simpler, if you expose the same technical fields in a spreadsheet and then still use a pull request workflow and everything…
The corporate world runs on excel, never the best option, but everyone knows it so…
When I was interning in a cellular biology lab, I took their chemical inventory and converted it from excel to access. Complete with forms and reports. Spent some time training the permanent staff how to use it, explained how it was much more efficient than excel.
I don’t think they bought into it, but I tried.
I’ll consider myself lucky that the worst I’ve had to deal with was a 8K LOC C file that implemented image processing for a cancer detection algorithm. Nothing terribly tricky but just poorly organized. Almost no documentation at all. The only test was running this code against a data set of patient images and eyeballing the output. No version control other than cloning the project onto their NAS and naming it “v2” etc.
Research code can be really scary.
There was a website where users could request something or other, like a PDF report. Users had a limited number of tokens per month.
The client would make a call to the backend and say how many tokens it was spending. The backend would then update their total, make the PDF, and send it.
Except this is stupid. First of all, if you told it you were spending -1 tokens, it would happily accept this and give you a free token along with your report.
Second of all, why is the client sending that at all? The client should just ask and the backend should figure out if they have enough credit or not.
I agree but I would say if there are variable token costs depending on report it would be nice if client sent request to server, server calculates x tokens to be used, sends x to client, client confirms that’s acceptable, server does work.
Like if I expected a report to be 2 tokens but because of some quirk or a typo or something it cost 200 tokens I would like a chance to cancel it if it’s not worth it.
Here is my story:
There were console outputs after nearly every line. I asked about them: “Oh, I couldn’t get the debugger to work, so I print everything to the console”
This was everywhere. The whole program was like this. On a standard Linux machine. It wasn’t even remote debugging or something. Just a local C++ program.
The filenames where written in 8+3. Again, on a modern Linux machine. His answer? “You never know where we’ll port this software to”
Onto computers that were outdated decades ago? To embedded systems? Of course he had no answer for this except “just in case…”
I could tell you more, that software was the stuff for nightmares.
Was he trying to use a ide or like vim/clang/gdb for debugging before giving up?
He didn’t use an IDE, but I don’t remember what he tried. He also wasn’t a fan of googling stuff. Use the man pages and nothing else.
This was then sent to the server as pure sql, no orm.
ORMs are overrated.
Yeah but simply using entity framework would of made the configuration file a list of systems.
Not mine, but svn-based JDSL is the best related story that’s always worth sharing.
Oh, I’ve seen some doozies… The one I remember the most, and I’ve seen this twice, is this:
myClass.TheProperty = myClass.TheProperty;When I asked about it, the developer said that, well yes, because it reads from one place and sets in another! Not at all difficult to read!
Had a coding firm costing 1k+ euros which was unfamiliar with django select all() from DB just to cast that into a list each time a user opens the tool. That got real funny real fast when the customer started adding the announced 50k objects per day. They did that buried in about 50-60 api endpoints conveniently coded by hand instead of using genetic api endpoints available from django rest framework.
When the loading times hit 50s per click, the company took the money and ran. My colleagues and me spent 2 years and half that to fix that shit.
My current workmate unironically calls his variables as “cat1”, “cat2”, etc.
He also didn’t knew about git, so before I arrived, he uploaded the code to production with scp.
Finally, my boss told me that he is priority, so if he doesn’t underestand git, we won’t keep using it. I would underestand if this was about a different language, but it’s git vs scp we’re talking about.
Doom original source code, codebase is very messy and looks like my grandpa scrimbles on paper.
Speaking as an old person, back then they didn’t have the same concerns. Security? Ehh just don’t let bad guys access your computer.
Yeah a lot of old programs are either great programming or terrible.
A page that handled call requests. It was a table showing some information about the person, the case it’s related to and some other fields. It fetched everything from any table it touched. So the call was fetching all the information about the person. The case it was related to. The person who was assigned to the case, and since the case was linked a couple of layers in, all of that data as well.
I created a simple view that only fetched the data it needed. It went from over A GIGABYTE of data to less than 25mb of data of transfer to the web ui.
The encryption thing is definitely weird/crazy and storing the SQL in XML is kinda janky, but sending SQL to a DB server is literally how all SQL implementations work (well, except for sqlite, heh).
ORMs are straight trash and shouldn’t be used. Developers should write SQL or something equivalent and learn how to properly use databases. eDSLs in a programming language are fine as long as you still have complete control over the queries and all queries are expressable. ORMs are how you get shit performance and developers who don’t have the first clue how databases work (because of leaky/bad abstractions trying to pretend like databases don’t require a fundamentally different way of thinking from application programming).
It was a Java project and every class was in a separate Maven module.
