The Nightstar Zoo

Nightstar IRC Network - irc.nightstar.net
It is currently Thu Mar 23, 2017 9:10 am

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 115 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
 Post subject:
PostPosted: Tue Jul 19, 2005 8:28 pm 
gwalla wrote:
JESUS GOD

It's a fucking COOKIE. An entire ginormous SQL query in a COOKIE.


Y'know, I wasn't sure if anyone would top that one for sheer insecurity, but today's is even worse: it puts the SQL string in an HTTP GET querystring. It's so absurd it is almost inspired.


Last edited by Schol-R-LEA on Wed Jul 20, 2005 3:50 pm, edited 1 time in total.

Top
  
 
 Post subject:
PostPosted: Tue Jul 19, 2005 9:43 pm 
Schol-R-LEA wrote:
gwalla wrote:
JESUS GOD

It's a fucking COOKIE. An entire ginormous SQL query in a COOKIE.


Y'know, I wasn't sure if anyone would top that one for sheer insecurity, but today's is even worse: it puts the SQL string [b][i]in an HTTP GET querystring[/url]. It's so absurd it is almost inspired.


That gives me an idea... a CGI that accepts a binary file from the user and then executes it.

EDIT: Chalain, no fair editing this post to protect the world.


Top
  
 
 Post subject:
PostPosted: Tue Jul 19, 2005 10:24 pm 
It makes my head hurt. ;_;

My poor brainmeats...


Top
  
 
 Post subject:
PostPosted: Thu Sep 29, 2005 7:35 pm 
Offline
Nightstar Graveyard Daemon
User avatar

Joined: Mon Jun 03, 2002 8:30 pm
Posts: 1071
Location: Wouldn't you rather observe my Velocity?
anthonyr wrote:
EDIT: Chalain, no fair editing this post to protect the world.


...huh?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 29, 2005 7:46 pm 
Offline
Nightstar Graveyard Daemon
User avatar

Joined: Mon Jun 03, 2002 8:30 pm
Posts: 1071
Location: Wouldn't you rather observe my Velocity?
I found this turd in our codebase today. All classes that begin with Composite are GUI classes: they are essentially composite UI controls. In the framework we are using, they do not have to inherit from anything, but if they did it would be something like Window or Control or Widget. The Programmers That Went Before needed this control to be responsive even when it was busy querying the database. This is what they did:

Code:
public class CompositeActivitySearchTable extends Thread {



Nevermind that UI controls have no business querying a database directly. If Barbara Liskov was dead, we could strap magnets to her corpse and power a small city.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Oct 07, 2005 1:26 am 
Yet another gem from The Daily WTF


Top
  
 
 Post subject:
PostPosted: Fri Oct 07, 2005 2:09 pm 
Schol-R-LEA wrote:


Quote:
And what's wrong with the Peano axioms? Huh? HUH????

All that positional numeral system crap is just syntactic sugar.


Top
  
 
 Post subject:
PostPosted: Wed Oct 12, 2005 3:13 pm 
Offline
Entertainment
Entertainment
User avatar

Joined: Sat May 11, 2002 7:55 pm
Posts: 867
Location: 59°20'N 18°03'E
Sound familiar? :P


Top
 Profile  
 
 Post subject:
PostPosted: Thu Oct 13, 2005 1:07 pm 
There's not much I can say about this code. It speaks for itself:

Code:
#define CHAR_BELL   ((char) 0x07)
#define CHAR_TAB    ((char) 0x09)
#define CHAR_LF     ((char) 0x0a)
#define CHAR_CR     ((char) 0x0d)
#define CHAR_DQUOTE ((char) 0x22)
#define CHAR_SQUOTE ((char) 0x27)
#define CHAR_BS     ((char) 0x5c)

   .
   .
   .

sprintf(m_message, "Invalid input.%c%c%c%cExpected: %c%s%c%c%cReceived: %c%s%c, CHAR_CR, CHAR_LF, CHAR_CR, CHAR_LF, CHAR_DQUOTE, "<elided>", CHAR_DQUOTE, CHAR_CR, CHAR_LF, CHAR_DQUOTE, m_inbuf, CHAR_DQUOTE);


Top
  
 
 Post subject:
PostPosted: Thu Oct 13, 2005 2:17 pm 
Looks like they'd never been told about string escapes.


Top
  
 
 Post subject:
PostPosted: Fri Oct 14, 2005 5:45 pm 
Code:
try
{
    normal = normal.normal();
}catch( const ZeroDivide& )
{
    // Oh, well.
}


This is from an OpenGL framework that has apparently been used and unchanged for at least 3 years for one of my classes. It goes to great lengths to set up thorough exception handling... which it then ignores in every single case where an exception can be thrown as in the manner shown here.

The code is rife with such try/catch blocks.


Top
  
 
 Post subject:
PostPosted: Sat Oct 15, 2005 3:38 pm 
It looks to me as if they are trying to prevent the exceptions from propagating upwards, for some reason. Maybe they just disagree with the idea of exception handling, and really wanted to eliminate them from the code entirely...


Top
  
 
 Post subject:
PostPosted: Sat Oct 15, 2005 7:13 pm 
Schol-R-LEA wrote:
It looks to me as if they are trying to prevent the exceptions from propagating upwards, for some reason. Maybe they just disagree with the idea of exception handling, and really wanted to eliminate them from the code entirely...


Too bad languages with them tend not to be good at having other ways to detect errors.


Top
  
 
 Post subject:
PostPosted: Sat Oct 15, 2005 8:54 pm 
Schol-R-LEA wrote:
It looks to me as if they are trying to prevent the exceptions from propagating upwards, for some reason. Maybe they just disagree with the idea of exception handling, and really wanted to eliminate them from the code entirely...

But they also wrote the original code that throws exceptions in the first place.


Top
  
 
 Post subject:
PostPosted: Sat Oct 15, 2005 11:28 pm 
Chalain wrote:
anthonyr wrote:
EDIT: Chalain, no fair editing this post to protect the world.


...huh?


It was preemptive. :)


Top
  
 
 Post subject:
PostPosted: Wed Oct 19, 2005 1:03 am 
Code:
Video::Video(const char* winTitle, unsigned winWidth, unsigned winHeight, unsigned bPP, bool fullscreen)
{
   _window.Init("Balls Out", 800, 600, 32, false);
   _window.SetDrawCallback(Draw);
}

This is why I love warning level 4 in VS...

And yes, Balls Out is actually the name of our project.


Top
  
 
 Post subject:
PostPosted: Thu Oct 20, 2005 1:10 pm 
Raif wrote:
Schol-R-LEA wrote:
It looks to me as if they are trying to prevent the exceptions from propagating upwards, for some reason. Maybe they just disagree with the idea of exception handling, and really wanted to eliminate them from the code entirely...

But they also wrote the original code that throws exceptions in the first place.


Ah, well, un that case, they really are fscking morons.


Top
  
 
 Post subject:
PostPosted: Wed Oct 26, 2005 11:19 am 
So, the Big Boss wants to add support for opening and saving in this one particular file format. Unfortunately, it's a fairly complex format, with support for such features as individual record locking so that multiple processes can access the same file at the same time. Fortunately, the people who created the format also created a library of functions to access said file format.

Well, maybe "fortunate" isn't the right word.


So, I dive into the documentation.

Code:
The library is mostly written in FORTRAN77.  Some subroutines are written in
assembly to take advantage of computer capabilities not directly accessable by
FORTRAN.


Well, ok. No FORTRAN compiler, but what I do have is a precompiled DLL. So far, so good.


Next item:

Code:
ATTACH() - Attaches to a {format} file so that the data in the file can be read or
modified.  This must be the first subroutine called.

Calling Sequence: CALL ATTACH(IUNIT, IOSTAT)

Declarations:
        INTEGER IUNIT, IOSTAT

Argument Description:
        IUNIT   INPUT   The unit number to open the file with.
        IOSTAT  OUTPUT  A status parameter indicating the successfullness of the
                        attachment.  Set to 1 if successfull, or 2 if not.


Ah, yes, good old FORTRAN unit numbers. I'm having flashbacks to my days as a CompSci student. Also, "successfullness"? :nuts: But wait! How does it know which file to open? Another function call? Some sort of global variable? Magic?

And thus do we arrive at the point of this post, the thing that made me go "$#!%!@%!!!", buried back in Appendix B:

Code:
The name of the file to operate on is taken from the execution line, which must
be of the form "MYPROG DATA=filename [options]".  If the filename is not
specified on the execution line, it will be prompted for.


A library gets the file name from the command line! How in the h*** did anybody think that this was a good idea? Also, I'd like to see a FORTRAN library prompt the user in a GUI app! I mean, seriously, WTF is a library doing interacting with the user in the first place?

$#!%!@%!!!


Top
  
 
 Post subject:
PostPosted: Thu Oct 27, 2005 11:04 pm 
The best part of this is that it's not just some legacy library, it's a Windows DLL. Exsqueeze me? It's bad enough that a library is prompting the users, but this is a library specifically for a GUI system, prompting the user in text mode. Tent pegs, did they just throw the code in MS Fortran and compile it with the DLL file type, and not notice the mess it makes of the user interface? Have they ever actually tested it to see if it worked? Ye gods, what idiocy.

I don't imagine translating the code into C is a reasonable option? I mean, even aside from the sheer hellishness of it all?


Top
  
 
 Post subject:
PostPosted: Fri Oct 28, 2005 3:59 pm 
Google turns up a number of hits on "fortran to c converter", but I've never tried any of those widgets.


Top
  
 
 Post subject:
PostPosted: Fri Oct 28, 2005 4:06 pm 
Offline
Nightstar Graveyard Daemon
User avatar

Joined: Mon Jun 03, 2002 8:30 pm
Posts: 1071
Location: Wouldn't you rather observe my Velocity?
Raif and I were discussing exceptions today. I'm generally against them, but I confess that this is largely due to the amount of BAD exception code I keep seeing.

Right after this discussion, I came across this in our code:
Code:
// class Person.
    public static void populateGuests() throws SQLException {


Grr. Okay, this code uses the database; I understand that. But when I want to populate the guest info, why do *I*, the caller, have to worry about populateGuests SQL woes?

Five minutes later, this nearly killed my monitor:
Code:
// class DbAccess  <-- stop.  Go back and read that class name again.  Guess what it takes care of.  (In theory, anyway.)
    public static DbResultSet query(DbQuery query) {


query throws NOTHING. There are two possible reasons for this:

1.) query is hardened so as to never NEED to throw an exception. It will retry, reconnect, ressurrect, and/or possibly get out and rewire the entire internet if necessary.

2.) query catches and silences any exceptions.

Take a wild guess which.

If the query fails, it returns null instead of a DbResultSet object, which causes the caller to heave a NullPointerException approximately one line of code later.

P.S. Bonus @#$%!!: Guess why it is possible for populateGuests to receive a SQLException if DbAccess.query doesn't throw anything. (Hint: Raw, unmanaged SQL queries DO throw them.)


Top
 Profile  
 
 Post subject:
PostPosted: Sun Oct 30, 2005 6:53 pm 
Schol-R-LEA wrote:
Tent pegs, did they just throw the code in MS Fortran and compile it with the DLL file type, and not notice the mess it makes of the user interface?


Essentially, yes. All of the existing projects that use this library are command-line only. I'm pretty sure that this will be the first time that someone has used this particular library in a GUI app. Fun stuff. :lol: :arrow: :cry:

Schol-R-LEA wrote:
I don't imagine translating the code into C is a reasonable option? I mean, even aside from the sheer hellishness of it all?


Unfortunately, the code was written by someone other than us, and is subject to change. Also, the Big Boss mentioned above has a phobia of C. I think he had a traumatic event with a C compiler when he was a child.


Top
  
 
 Post subject:
PostPosted: Mon Oct 31, 2005 3:44 pm 
SomebodyElse wrote:
Unfortunately, the code was written by someone other than us, and is subject to change.


Is this "someone other than us" available for yelling at?


Top
  
 
 Post subject:
PostPosted: Mon Oct 31, 2005 9:50 pm 
Code:
if (val1 & val2 & val3) {...}
else if (!val1 & !val2 & !val3) {...}
else {...}

For the moment, the values are all bools, but should they become integers, or anything else for that matter, this code is no longer necessarily correct. Justification given: && causes short circuiting which is "less efficient".


Top
  
 
 Post subject:
PostPosted: Tue Nov 01, 2005 2:19 pm 
Raif wrote:
Code:
if (val1 & val2 & val3) {...}
else if (!val1 & !val2 & !val3) {...}
else {...}

For the moment, the values are all bools, but should they become integers, or anything else for that matter, this code is no longer necessarily correct. Justification given: && causes short circuiting which is "less efficient".


Eliminating a test is less efficient? On what planet is that? Besides, why is this particular conditional such a bottleneck that it needs such pipsqueak tweaking to run efficiently? This isn't premature optimization, it's premature pessimization - the code is not only harder to read, it's (probably) worse than the more obvious alternative. If this can't be justified with measurable profiler results, then the coder shoud be fired.


Top
  
 
 Post subject:
PostPosted: Tue Nov 01, 2005 5:44 pm 
Offline
Energizer Bunny
User avatar

Joined: Wed May 22, 2002 12:24 am
Posts: 1634
Technically they're about the same - worst case you're wasting two AND instructions. Here's A & B & C and A && B && C both in MMIX, assuming all values involved are integers, short circuiting is in effect, no optimization is taking place, and A B and C are in registers $1, $2, $3:

Code:
A & B & C
AND $4 $1 $2
AND $5 $3 $4
BZ $5 No
// yes-stuff
JMP AfterNo
No: //no-stuff
AfterNo:


Code:
A && B && C
BZ $1 No
BZ $2 No
BZ $3 No
// yes-stuff
JMP AfterNo
No: //no-stuff
AfterNo:


Note that modern compilers can and will change the order of evaluation of logical checks when they can: they will put inexpensive checks first, trying to eliminate possibilities as fast as possible, except for those checks that may have side effects (those functions not declared const), which they have to do in specific order.

Also "harder to read" is not anything here - the correct code is:

Code:
if (val1 && val2 && val3) {...}
else if (!val1 && !val2 && !val3) {...}
else {...}


Vorn


Top
 Profile  
 
 Post subject:
PostPosted: Mon Nov 07, 2005 11:14 am 
SomebodyElse wrote:
Also, I'd like to see a FORTRAN library prompt the user in a GUI app!


Before anyone has a chance to correct this statement, I'll do it for you. As it turns out, there is actually a GUI toolkit for FORTRAN. The library in question doesn't use it, but it exists, and therefore it is technically possible that a FORTRAN library could successfully prompt the user in a GUI app.


Top
  
 
 Post subject:
PostPosted: Tue Nov 08, 2005 3:26 pm 
The problem with the following code is that it not only decreases readability by several orders of magnitude, but can be found scattered *EVERYWHERE* throughout the library. It also has no code savings whatsoever, replacing a short statement with a much longer predefined name.

For a full listing of the code, see this. Frankly, the entire file is a massive WTF in its own right.

Code:
#define    BOOST_QUATERNION_NOT_EQUAL_GENERATOR  \
        {                                        \
            return(!(lhs == rhs));               \
        }
       
        template<typename T>
        inline bool                                operator != (T const & lhs, quaternion<T> const & rhs)
        BOOST_QUATERNION_NOT_EQUAL_GENERATOR
       
        template<typename T>
        inline bool                                operator != (quaternion<T> const & lhs, T const & rhs)
        BOOST_QUATERNION_NOT_EQUAL_GENERATOR
       
        template<typename T>
        inline bool                                operator != (::std::complex<T> const & lhs, quaternion<T> const & rhs)
        BOOST_QUATERNION_NOT_EQUAL_GENERATOR
       
        template<typename T>
        inline bool                                operator != (quaternion<T> const & lhs, ::std::complex<T> const & rhs)
        BOOST_QUATERNION_NOT_EQUAL_GENERATOR
       
        template<typename T>
        inline bool                                operator != (quaternion<T> const & lhs, quaternion<T> const & rhs)
        BOOST_QUATERNION_NOT_EQUAL_GENERATOR
       
#undef    BOOST_QUATERNION_NOT_EQUAL_GENERATOR


Top
  
 
 Post subject:
PostPosted: Mon Dec 19, 2005 4:30 pm 
Today's Daily WTF is in a category by itself.

It's a reinventing-the-wheel scenario...apparently, the author knew about vararg lists and POSIX file I/O, but not sprintf.


Top
  
 
 Post subject:
PostPosted: Thu Jan 05, 2006 3:26 pm 
Sample code from an OPC library for .net...

Code:
                If Object.ReferenceEquals(Value.GetType(), ValueDouble.GetType()) Then
                    ValueDouble = Value
                    UpdateString += ValueDouble.ToString
                ElseIf Object.ReferenceEquals(Value.GetType(), ValueInteger.GetType()) Then
                    ValueInteger = Value
                    UpdateString += ValueInteger.ToString
                ElseIf Object.ReferenceEquals(Value.GetType(), ValueBoolean.GetType()) Then
                    ValueBoolean = Value
                    UpdateString += ValueBoolean.ToString
                ElseIf Object.ReferenceEquals(Value.GetType(), ValueString.GetType()) Then
                    ValueString = Value
                    UpdateString += ValueString
                End If


... I saw this, commented it out, and replaced it with the following.

Code:
UpdateString += Value.ToString


Works perfectly. ;)

What is more worrysome than this, later in the code...

Code:
        Try
            If Not (m_Closing) Then
                If TextBoxValues.Text.Length > (TextBoxValues.MaxLength - 100) Then
                    TextBoxValues.Text = ""
                End If
                TextBoxValues.AppendText(UpdateString + vbCr + vbLf)
            End If
        Catch ex As Exception

        End Try


and...

Code:
        Try
            UpdateString = TimeStamp.ToString("HH:mm:ss.fff") + " "
        Catch ex As Exception

        End Try


Top
  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 115 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group