Always Up To Date on The Daily Wtf

Testing the Path to Pain

from user'Jinx!' on Flickr Test plan development. Regression analysis. Systems documentation creation. Test case execution. Regression testing.

If you're anything like me, then those words may as well have been boring, tedious, mind-numbing, tiresome, dreary, and the-worst-thing-in-the-world. Sure, they're all important and necessary, but you found out that, due to budgetary constraints, you couldn't personally do any of those things and could only focus on coding, you probably wouldn't complain. Julien G. certainly didn't mind, especially since the "drudge work" would still get done by the overseas team while everyone state-side was fast asleep.

Naturally, many of the other developers were upset that their work was being sent overseas. Emotions ranged from annoyed to absolute outrage, and some were angered to the point of resignation. Eventually, things cooled down and developers bought management's pitch that "the world-class, high-quality engineers" would be good for "synergizing and strategizing the bottom line."

Grouped Together

The offshore developers were split apart into different teams. There was one for infrastructure, one for database and data integrity, and another for working with the application's User Interface. This latter group was the one that Julien worked with.

Their job, in part, was to act as any dull, average customer and regression test the application. If at any point the application crashed or behaved strangely, they were to document the conditions leading up to the crash and send them back to with details of how the problem was recreated.

At first, things were rough. Julien spent many a late night with the offshore team, walking them through their hellishly complex application. But Julien felt it was worthwhile, as it forced him and his group to be more organized and provide more exact specs and concrete test cases. Soon enough, the offshore team was able to jump into the application and provide the right information back to developers, and the developers were sending back recompiled libraries to test with as quickly as possible.

As a result of the growing synergy, productivity was way up, morale was up, and — to the delight of management — the bottom line cost was way down. From all angles, everything looked like puppies and rainbows. That is, until it was time for Offshore Integration Phase 2.

Phasing Fail

With all the initial pains of getting the offshore team trained on using their software, it was time to put their "world-class" engineering skills to use. In addition to running loads of manual regression tests, the offshore team would be responsible for developing automated unit and regression tests. This, of course, meant that they'd need to be given access to the code and set up a testing environment at their location.

Being as large and complex as it was, their application wasn't the type with "run the installer and follow the wizard" installation instructions. In fact, there were 85 steps necessary to complete the installation, ranging from installing the database to editing configuration files. It wasn't all too difficult, as installing the application on a local workstation was often the first task given to newly-hired developers.

Julien sent these instructions to the offshore team and, the following morning, arrived to find a disappointing email.

Hi Julien,
After the program start-up reaches 45%, it quits unexpectedly.
Please confirm that latest code is the most recent.

Regards,
Ravi M.
Implementation and QA Lead
Hyderabad Group Inc.

After some re-verification, Julien confirmed that he had, in fact, sent the latest code. Just to make sure the install instructions were valid, he spent a good two hours installing the application on a brand-new server. The only thing he could guess was that some third-party component wasn't properly installed, so he sent an email back to Ravi to verify all components.

Hi Julien,
All components installed as per instructions. We followed instructions
three times, each time with a freshly formatted server. 

It still quits when the program start-up reaches 45%. Please advise.

Regards,
Ravi M.
Implementation and QA Lead
Hyderabad Group Inc.

The email routine continued, each time with the offshore team insisting that every instruction was followed perfectly. After a few weeks, the offshore managers had their weekly conference call with state-side managers and in doing so, accused the developers — specifically Julien — of blocking the offshore team's progress. With things getting heated up, Julien was charged with the task of watching the offshore group perform the install and configuration step-by-step, via a shared desktop across a sluggish network connection... at 3:00AM his time.

Just Following Orders

It was only about 4:30am when Julien was on his third cup of coffee, asking the offshore team to confirm step number 32 of 85 on the install and setup list. Julien was in the midst of wondering how feasible it might be to set up a recording of him saying "un-huh - confirmed' to go off at set intervals when he noticed something amiss in their copy/pasting of environment variables from the setup document.

"Hey guys," Julien jumped in, "did you do anything different this time with the setup? Like right now?"

"No," the offshore engineer responded, "we executed the steps exactly as prescribed."

"Okay, Julien said, "can you scroll back up a little bit in the configuration file?"

The offshore engineer complied and, located near the top, the following code stuck out:

' Environment variable for test provider
' 
set PATH_TO_TST_ENV=Path to the test environment (absolute, such as C:\TestEnv)

The line was exactly as it had appeared in the setup document — copied verbatim — beneath a heading that read: "Please recreate the application configure file precisely as listed below"

At this point, Julien could have died from shock if he weren't so tired. Baffled, he asked why they didn't substitute the path with the directory they had created in the previous step. "This is what you instructed us to do," the offshore engineer replied, "we followed exactly what was in the documents to avoid making any mistakes."

It was an unfortunate "ah-hah moment" for Julien; not only did the offshore engineer's response explain the issue at hand, but it explained a whole host of otherwise unexplainable and unreproducible bugs. After that day, Julien learned to be a lot more specific and careful with what he wrote. And while his days are no longer filled with running test cases, he's found he spends an awful lot of time testing and "debugging" the test cases, which, somehow, takes several times longer than executing them.

CodeSOD: Rendered Pointless

"The mastermind behind our system is the Senior Developer," wrote Daniel, "he's naturally an expert at all things code, but he especially excelled at back-end systems. After all, true geniuses always value function over form."

"The Senior Developer liked to do things a little differently, but we got over his quirks. Take, for example, this handy dandy function to ease the pains of those complicated cast operations we all hate."

   public T Cast<T>(object obj) { return (T)obj; }

"Why?" Daniel added, "so we can write 'someNumber = CastdataObject' instead of 'someNumber = (int)dataObject)'!"

"Of course, the real problems always camein when our super-experienced developer 'optimized' for performance. Because his concept of caching wasn't too strong, we'd often end up with code like this."

public List<OutstandingApproval> GetApprovals(List<Guid> clientList, Guid userId)
{
    List<OutstandingApproval> approvals = new List<OutstandingApproval>(GetApprovalsDAO(clientList));
    System.Web.HttpRuntime.Cache.Insert(userId + "approvals", approvals);
    return approvals;
}

"In addition to inserting but never retrieving from cache, the code uses userId as a cache key... which is nice and all, except that the data is not at all user-specific. But the real inspiration for sending this in is in the webpage optimization. According to the Senior Developer, this tweak reduces the page size, which makes things more optimal all around."

protected override void Render(HtmlTextWriter writer)
{
    using (HtmlTextWriter htmlwriter = 
       new HtmlTextWriter(new StringWriter()))
    {
        base.Render(htmlwriter);
        string html = htmlwriter.InnerWriter.ToString();
        html = Regex.Replace(html, 
          @"(?<=[^])\t{2,}|(?<=[>])\s{2,}(?=[<])|(?<=[>])\s{2,11}(?=[<])|(?=[\n])\s{2,}", 
          string.Empty);
        html = Regex.Replace(html, 
          @"[ \f\r\t\v]?([\n\xFE\xFF/{}[\];,<>*%&|^!~?:=])[\f\r\t\v]?", 
          "$1");
        html = html.Replace(";\n", ";");

        writer.Write(html.Trim());
    }
}

Daniel added, "sure, we could have told him that the regex replacements aren't exactly that fast. We could have also mentioned that the caching enabled in IIS rendered this entirely pointless. But be didn't; he knew he was right, and who were we to question the Senior Developer?

Error'd: Verified By Fail

"I've heard about verified by Visa, but this is something new," writes Velmu.

"Well then," Simon Timms wrote, "it might take some time to fill in all those arguments."

"I guess a 25% price increase is a good reason to be wowed," Steve Frein writes.

"I was recording some drums with my keyboard, and all of a sudden this came up," Jonathan Flusser wrote, "apparently it has to do with the Trash, and it's very hard to do!"

"I cancelled my free trial," notes Frederick Ding, "but I'd love to be paid $10/month for using 0 MB."

"I saw this at a pay station in a parking in Barcelona, Spain," Riccardo Zanussi writes, "I don't know if I really want to put my credit card in this machine."

"I found this in a book about iPhone programming," writes Mike Kerley, "the rest of the book seems to have received an equal amount of attention to detail."

"At first I thought this was just another way to ask me to enter 1," Nick S. W. noted, "but then it popped up when I entered 1. Is there another integer I'm forgetting about?"

Ryan Schlesinger writes, "I went looking for information about the iPhone release for Telus and found this instead."

"This left me in a bit of a quandary," wrote Dominic, "to install, or not to install?"

CodeSOD: Injection Proof'd

“When a ‘customer’ of ours needs custom-developed software to suit their business requirements,” Kelly Adams writes, “they can either ‘buy’ the development services from the IT department, or go to an outside vendor. In the latter case, then we’re supposed to approve that the software meets corporate security guidelines.”

“Most of the time, our ‘approval’ is treated as a recommendation, and we end up having to install the application anyway. But recently, they actually listened to us and told the vendor to fix the ‘blatant SQL-injection vulnerabilities’ that we discovered. A few weeks later, when it came time for our second review, we noticed the following as their ‘fix’.”

internal static string FQ(string WhichField)
{
   string expression = "";
   int num2 = Strings.Len(WhichField);
   for (int i = 1; i <= num2; i++)
   {
      string str = Strings.Mid(WhichField, i, 1);
      if (str == "'")
      {
         str = str + "'";
      }
      expression = expression + str;
   }
   return Strings.Trim(
      Strings.Replace(Strings.Replace(Strings.Replace(Strings.Replace(
      Strings.Replace(Strings.Replace(Strings.Replace(Strings.Replace(
      Strings.Replace(Strings.Replace(Strings.Replace(Strings.Replace(
      Strings.Replace(Strings.Replace(Strings.Replace(Strings.Replace(
      Strings.Replace(Strings.Replace(Strings.Replace(Strings.Replace(
      Strings.Replace(Strings.Replace(Strings.Replace(Strings.Replace(
         expression, 
            "xp_", "", 1, -1, CompareMethod.Text), 
            "sp_", "", 1, -1, CompareMethod.Text), 
            "--", "-", 1, -1, CompareMethod.Binary), 
            "alter table", "", 1, -1, CompareMethod.Text), 
            "drop table", "", 1, -1, CompareMethod.Text), 
            "create table", "", 1, -1, CompareMethod.Text), 
            "create database", "", 1, -1, CompareMethod.Text), 
            "alter table", "", 1, -1, CompareMethod.Text), 
            "alter column", "", 1, -1, CompareMethod.Text), 
            "drop column", "", 1, -1, CompareMethod.Text), 
            "drop database", "", 1, -1, CompareMethod.Text), 
            "1=1", "", 1, -1, CompareMethod.Text), 
            "union select", "", 1, -1, CompareMethod.Text), 
            "/*", "", 1, -1, CompareMethod.Text), 
            "*/", "", 1, -1, CompareMethod.Text), 
            "boot.ini", "", 1, -1, CompareMethod.Text), 
            "../", "", 1, -1, CompareMethod.Text), 
            "%27", "", 1, -1, CompareMethod.Text), 
            ";dir", "", 1, -1, CompareMethod.Text), 
            "|dir", "", 1, -1, CompareMethod.Text), 
            "<script", "", 1, -1, CompareMethod.Text), 
            "</script>", "", 1, -1, CompareMethod.Text), 
            "language=javascript", "", 1, -1, CompareMethod.Text), 
            "language=\"javascript\"", "", 1, -1, CompareMethod.Text));
}

Kelly adds, “of course this time, when we told them the application was still vulnerable so long that a hacker typed ‘1 = 1’ instead of ‘1=1’, they told us were beeing too picky, and had us install the application anyway.”

Alex's Soapbox: Patterns of Failure

Not too long ago, I was at a client site, working to understand and improve their development process. From a birds-eye view, their development organization was a lot like many other Corporate IT set-ups: they had a sizable portfolio of proprietary applications that were built for and used by different business groups. Some of these applications were “mission critical” and had highly formalized promotion and deployment processes, while others were ancillary and were hardly ever used. <shameless_plug>This, along with the medley of technologies and platforms, was why they sought our help in managing and automating their development processes with BuildMaster.</shameless_plug>

But as I dug deeper, I noticed that a significant portion of their applications weren’t applications at all. They were – for lack of a better word – “modules” that glommed together to form an ÜberApplication. Completely unrelated business functions – paid time-off tracking and customer mailing list management – lived side-by-side, sharing authorization principals, navigation controls, and even a “business workflow engine.”

Digging even further, I learned that most of these module-applications were derived from a “one-size-fits-all base application” of sorts. For example, the back-end paid time-off system was nothing more than a calendar with a custom UI for manipulating “events” (i.e. PTO requests). The front-end consisted of simply displaying these events to anxious employees who were gladly counting down the remaining days until a vacation from maintaining this amalgamation of a system. Other module-applications were “document managers”, “news posters”, or some other universal sounding name.

The whole thing may as well have been replaced by a pre-alpha version of Sharepoint or Google Docs. It was as if they had tried to build a skyscraper with Erector Sets. And not real Erector Sets, but some poorly-made knock-off.

The developers absolutely hated the ÜberApplication. It took longer to “customize” a template than to build an application from scratch, it was harder to test and deploy, and they never quite fit the business requirements The architect (who was the second successor since the original architect) despised it as well, and eventually convinced management to ditch it for constructing new applications from scratch.

Sadly, this was not the first time I’ve seen this set-up/architecture. At one of my first jobs, we had something comparable, except much less formalized and much more disorganized. And there are all the examples I’ve shared through The Daily WTF, but this recent experience got me thinking: how exactly do well-intentioned development organizations end up with horrible systems like this?

I See a Pattern Here

We human beings are quite remarkable at recognizing patterns. Take clouds, for example. A cloud dog looks nothing like a real dog, yet no matter how hard we try, once we see the dog in the cloud, that’s all we can see.

While this ability has clear evolutionary advantages, it’s often a disservice in today’s modern world. Pattern recognition yields many false positives, leading towards Gamblers’ Fallacy, prejudice, and can even extend to really poorly-written software.

Now, recognizing patterns at the micro level (i.e., code) is almost always a Good Thing. Code often does repeat itself, and consolidating repetitive code into subroutines tends to help throughout development and especially when it comes to maintenance. The real problem – and the one behind the aforementioned systems – is recognizing patterns at the macro/application level.

A Pattern of Failure

As completely different as Paid Time-Off tracking and Customer Mailing List management may seem on the outside, they do share quite a bit in common.

Navigation of some kind that links between major and minor functions in the application
Authentication and authorization for users of the application
Pages/screens that view and/or edit a single record
Lists that display multiple records based on some search criteria
Et cetera, and so on

In fact, if we kept going, the list of similarities between applications would grow much larger than the list of differences. But that doesn’t mean that they’re basically the same thing. Just as our canine friends share an astonishing amount of DNA with us, it’s our differences that make us so unique. The same holds true in software, and forgetting that fact will inevitably lead towards the dreaded Inner-Platform effect.

This is precisely how so many organizations end up with their own ÜberApplication. Consider, for example, that same portfolio of applications I described earlier. At one point, the applications evolved normally: i.e., they were built from scratch following development guidelines to suit the specific needs of the business client. And they looked something like this.

It’s hard to describe that portfolio as anything but chaotic, let alone accept that it’s actually how things should be. Let me repeat that last bit. A disparate application portfolio is a good thing. Proprietary software has a high strategic value to the organization, and building it in a manner that doesn’t meet the requirements largely defeats the purpose.

Still, it’s so easy — and so tempting – to forget that last part. Each new application built felt like reinventing the wheel, especially when they all had some variation of the same components: authentication, authorization, navigation, databases, etc. The rules for each of these applications were vastly different — a simple password required for one application, Active Directory group-based authorization for another — yet the designers had that overwhelming urge to abstract and “simplify” the process of creating new applications. This started at the requirements level by simply mandating that all applications share a universal set of requirements for certain things.

The uniformity was found in the UI: the layout must feature a header, a sidebar, and a footer, but the business customer can pick out the background color. It also was in the form layout: labels should be placed above form fields, and lists should always be sortable. And the database: there was to be a users table, groups table, roles table, etc.

Eventually, the applications started to blend together. Worse, the requirements conversation shifted from “how can we build software to meet these needs” to “how might we adapt the needs to meet our pre-determined requirements.”

Once the universal requirements had been defined, the next logical step was to abstract them into some sort of framework. After all, Duplication Is Evil, and it doesn’t make sense to re-implement the same User-Group-Principal-Role-Task-Operation security in each and every single application. Now, in addition to being uniformly developed, the applications were all dependent upon yet another in-house built codebase: the Global Application Framework. Granted, the GAF was little more than a wrapper on top of a framework (.NET), but somehow, it was perceived to be better.

The leap from here to the ÜberApplication wasn’t far. After all, application metadata was duplicated across several points: source control, server configuration, global navigation, and so on. Removing these points of duplication, along with consolidating all of the applications in one location, brought us to where we started.

Avoiding the Path to Inner Platform

The Road to WTF is almost always paved with good intentions, and there are few intentions more noble than making developers’ lives easier. Of course, given that developers’ lives are pretty easy as is, and there are a whole bunch of companies who build developer products, it’s pretty hard to improve, especially when your development department is just a cog in a large corporate machine. In fact, all too often, the opposite effect happens, and the “innovation” becomes one of the biggest obstacles.

Most of us developers embrace the Don’t Repeat Yourself/Duplication Is Evil principle, and we apply whenever we can to the software we create. But one of the deadliest pitfalls we can make is waving the wand of abstraction too quickly and too broadly, and we often forget that the consequence of unnecessary duplication is far less than the consequence of unnecessary consolidation.

Where's Our Webserver?

“HERE IT IS!” exclaimed Miha’s boss with a victorious look. “See! I told you that I’d find you a computer! Now we can get you doing something other than fetching coffee!” he chuckled.

The ‘new’ desktop was a rather outdated SGI Indy with a brownish patina that made it seem like it had been tucked away in a closet for years. But it was better than nothing! Up until this point, Miha had been doing nothing more than reading through outdated manuals for the one product that the company he was interning at developed and supported. He welcomed the lil’ blue marvel.

Soon after connecting everything and pressing the power button, Miha exhaled a sigh of relief as he watched the boot messages scroll, announcing that one service after another started up and that all sorts of hardware initialized. It'd take a good five or so minutes before the login screen would appear.

Joe - The Other Intern

While the system was going through its start-up calisthenics, Miha figured that he’d pop in and say hello to Joe, the other intern who started the same day that he did. But before Miha could get a word in, Joe interjected, “Check it out, Miha! I found a disk of demo programs and installed these cool 3D apps!”

Miha nodded as Joe fired up the programs. The rotating square, torus, decahedron, and bouncing ball demos all came to life on the screen.

“The best part of it all,” Joe grinned, “is that I don’t have to bring my CD player in anymore. There was a ton of space left on the box, so I just ripped my whole collection!”

“Yeah, heh, pretty cool there! Guess what, I finally got a computer!”

“Way to go!” Joe replied while doing a combo sweep and point motion,“You get an Octane like this one?”

“Nah,” Miha replied, “Just a second hand Indy XL for now, but better than nothing right!”

“Keep plugging away man, “ Joe snorted, “now that you’re online, maybe I’ll go ahead and share my MP3 stash with you - I've already got 500 megs worth!”

Unlike Miha, Joe had been doing real work from the comfort of a high-backed leather chair in front of a wall sized window overlooking the surrounding grounds with a top of the line SGI Octane at his disposal. Now, this wasn’t because Joe was any smarter or better than Miha. No, had Miha entered the building 15 minutes sooner, then he would have the VP of Software Development’s office, with its perks. Like a smug jerk, he even used the VP’s “#1 Boss” mug at the coffee machine.

Of course, the playing field would be leveled in about a week when the VP came back from his vacation, and the two interns’ new, permanent computers arrived, but for now, Joe took pleasure in reminding Miha of his assumed position.

It’s Possessed!

It didn’t take long after getting his 'new' Indy for Miha to start wondering if he could go back to reading through tech manuals while waiting for his real computer to arrive.

While Joe was in his ivory tower zipping around with 3D whatzits and his MP3s, Miha was having trouble doing things like displaying emails with attachments or minimizing windows. It’s not like anything didn’t work, it was just too slow to be productive. Joe had gone ahead and gave Miha instructions on how to connect to his machine, but it was pointless. Not just because of performance, but the network seemed glacially slow and his computer's hard disk was nearly maxed out.

Ironically enough, he was able to eventually get some work done, but only if he stayed well past the end of business - it was as if his computer was possessed!

The explanation came soon after in the form of an angry mob.

Let’s Get Him

“Excuse me, but is that your computer?” asked a passer by one day while Miha was in the midst of a cursing fit.

“Yeah, the stupid paperweight...” Miha started to reply but trailed off as he noticed the crowd of co workers gathering around his desk.

“THAT COMPUTER” began a red faced engineer who was leading the crowd, “IS OUR QA DEPARTMENT’S STOLEN WEB SERVER! WOULD YOU MIND TELLING US HOW IT CAME TO BE IN YOUR POSESSION???!?”

Feeling that his life may very well be in danger, Miha did his best to stammer, “My....b-boss...gave it....Imma intern!!!!” which was apparently enough to make the crowd migrate to his supervisor’s office where they may or may not have exacted some sort of revenge on the true server thief.

Soon after, one of the members of infrastructure group stopped by to shut down the computer and pack it up for transport and, with that, left Miha back where he started - back to reading through technical manuals while Joe worked in the lap of luxury.

But it all ended up well. About a week later, both his and Joe’s permanent computers arrived, making Miha once again productive. But Joe was left to explain to the VP why his once-pristine computer was now overflowing with MP3s and demos of spinning cubes.

Problematic Problem, Problem supply, and a Text-Destroying Problem

Problematic Problem (from Ben)
Way back when, I was responsible for doing on-site support for a fairly complex ERP solution that our company sold. My support radius was 100 miles, which meant I was on the road a lot and traveled to places I wasn't all that familiar with. My trusty navigation aide was a compass and a Rand McNally map book. Fancy, online mapping services weren't around yet, let alone super-fancy GPS units.

One day, I was assigned to visit a customer on the far end of my region (99.9999999 miles), first thing in the morning. It meant that, not only would I need to battle rush-hour traffic through the city, but then drive another 60 miles once that cleared. I was not a fan of early mornings, and getting that client on that wintry day meant a 5:30A departure with a 2.5 hour commute.

That morning, traffic was even worse than I anticipated. And to make matters worse, I had a terrible time finding the place. Fortunately, a kind fellow at the gas station pointed me in the right direction, and I was able to ring the client from the nearest pay phone to let them know I was running behind.

When I arrived, everything seemed to be downhill from there. I went to the receptionist, tacked on my visitor badge, headed over to the server room, set my briefcase down, and got to work. Before I could even try logging in, someone walked up to me and said, "hey, I know this isn't really your thing, but I'm desperate, and reeeeaaaallly need some help getting this report for our PM meeting."

It certainly wasn't my thing, but given that I was 30 minutes late, a little goodwill towards helping a company executive could only help. So I followed her to her office and helped troubleshoot the problem. An hour-and-a-half later, we had the report running, no problem. She was thrilled, and I headed back to the server room.

For some reason, I couldn't log-in to the server console, but the generous IT guy helped me past that hurdle by logging in with his credentials. But then I had another problem: I couldn't access any of the servers listed on my sheet. In fact, I couldn't even find a server that looked anything like ours.

I called the IT guy over again and asked him where our ERP server was. He shot a confused look to me, and said that he's pretty sure they don't have an ERP server. I assured him that they did, so he went back and looked into things on his end. Thirty minutes later, he assured me that they absolutely, positively, definitely don't have an ERP server.

We were both utterly confused. And then something dawned on me, and I silently prayed it wasn't true. I pulled out my sheet, showed it to the IT guy, and pointed towards the customer address heading. "That's you guys, right?"

As it turned out, not so much. Our actual customer was down the street, in another un-marked office building.

Problem supply (from Brendan)
Working as a coder for a small company that operates worldwide, I was on the team that deployed a project to China. Now I realize that my English is far from perfect, but dealing with Chinese customers in English has been quite the experience. One day, four months after going live with the new system, I received this mail from our Chinese client:

From: Louis Chang
To: Brendan ******
Subject: Problem supply
_____________________________________________________

Hi Brendan,

Sorry disturbing you. There is a problem with supply programme on the
button. Please advice?

Regards,

Lou Chang

Ah, the lingo of the busisness... I can imagine that you'd have the faintest idea what he was talking about... but don't worry, neither did I. So I replied to him, hoping to get a better description of his issue:

From: Louis Chang
To: Brendan ******
Subject: RE: Problem supply
_____________________________________________________

Hi Lou,

Could you please state your problem more clearly?

Thanks,
Brendan

I didn't have to wait long for his clarification, as his problem seemed to be really urgent.

From: Louis Chang
To: Brendan ******
Subject: RE: Problem supply
_____________________________________________________

There is a problem
with supply
programme on
the button.
Please advice?

Yup. Much better. Thanks.

A Text-Destroying Problem (from Esko Tanakka)
Back in 1999, I was just beginning my career and worked at a small store that built and configured computers for the public. Occasionally, I'd have to answer customer calls and help people with general computing problems.

One day, a man called in and immediately started complaining about how we sell utter crap, that we should take responsibility for our problems, and that he was owed money back because of the problems we caused.

I begged him to calm down and explain specifically what was wrong. He told me that our computer is destroying his text, and that something had to be done. At first, I thought his files were disappearing, but after more investigation, I discovered what his actual problem was: typing text in Microsoft Word overwrote previous text.

I told him that he simply had the INSERT key on, but he insisted that he never pressed that key, and that pressing the key did nothing. Running out of phone-support options, I told him he’d need to bring in his computer. But first, I needed his warranty information.

Well, it turned out that he bought the computer seven years earlier, then had another company install Windows 95 and the Corel Office Suite. After hearing that, I told him that I obviously couldn't take the machine in. That just made him more angry, and he accused me of working for "Satan and his minions", and threw all sorts of other ridiculous insults at me. But then all of a sudden, he calmed down. Apparently, he actually tried pressing the INSERT key (as I asked him to do before), and his computer stopped destroying his text.

Souvenir Potpourri: Salmiak Attack

Ever since the first Free Sticker Week ended back in February '07, I've been sending out WTF Stickers to anyone that mailed me a SASE or a small souvenir. More recently, I've been sending out the coveted TDWTF Mugs for truly awesome souvenirs. Nothing specific; per the instructions page, "anything will do." Well, here goes anything, yet again! (previous: Surprise!).

Finland, I surrender.

Ever since you sent me that ~~vomit-inducing, garbage-infused, ash-like, disgustingly-terrible, and nightmarishly-awful~~ delightful salmiakki two years ago, I've mocked you, your people, and your food every chance I got. You were an easy target, after all. I mean, there's just something seriously ~~sick, twisted, and demented~~ awesome about voluntarily subjecting yourself to that ~~"candy" that smells like foamy bathroom cleaner and tastes even worse~~ delicacy.

I can't say that I wasn't warned. "Do not anger the Finns," a Finlandite once told me, "for they have strange ways and a twisted sense of humor!" Well, it's true. Especially when the Finns are named Pekka and Toni.

"We remembered how 'disappointed' you were when there was no Salmiak products in a care package from Finland," they wrote, "and we decided that we had to undo this injustice that had been inflicted upon you. Thus, we embarked on a quest to gather all Salmiak products available in Finland. After two months spent on this quest, we found about 80 different kinds of this delicacy for you to enjoy." Now in case you're wondering what my reaction upon receiving so much Salmiak was, it was something like this.

Pekka and Toni continued, "although this is still far from the full assortment available in Finland, we believe this might 'satisfy' you for the time being. Bon appétit!"

Normally, I'd estimate that this amount of Salmiak would last me for a lifetime. Several lifetimes, in fact. Well, stellar lifetimes. You know, a good 15-30 billion years or so? But I'm going to try something a little different.

I registered Salmiyuck.com, and will chronicle my adventures in tasting Salmiak. I will of course attempt to get as many (unwitting) tasters as possible. So, here's to Salmiak!

As if all the Salmiak wasn't enough, Pekka and Toni (Finland) also enclosed "a hands-free appliance which actually needs to be held in hand to operate."

And finally, our friends from Finland also gave this "Billiardion (or whatever) dollar note from Africa."

Matt Lutton (Brookline, NH) sent some interesting finds from the past.

"At the end of 2009," wrote Andreas Reich (Hamburg, Germany), "I returned from a summer of travels, and was about to empty the stuff in my pockets in the trash, but then I remembered there was a guy who will happily take all kinds of souvenirs." This is true, Andreas, especially when the souvenirs are accompanied by a piece of Toblerone. Fun fact: the Holiday Inn key card was completely blank on both sides; no magnetic strip or anything.

"Enjoy your status as a new trillionaire," writes Bryan R (Sterling, VA).

"Here are some random tradeshow stuff," writes J Schwartz (Boca Raton, FL), "there is a citrus lip balm tube, some small mints, a USB hub (that may or may not be 2.0), a press-up calculator, a mini flashlight, and a weird pen/calculator object."

"Here's some stuff from London," wrote Martin Deutsch (London), "including some goodies from the Docklands Light Railway, Custom Haribo from one of our supplies at work, a free lollipop handed out to keep clubbers quiet, and some Ben+JErry's Post-it notes."

I'll let Scott Blackard's (Timerlake, NC) note explain, though I'll add ewwwwwwwwwwwwwwwww. That is, unless it's really old and not from like a deer or something. Then I should say, sweeeeeeeeeeeeeet.

S Lindehan (Netherlands) sent this Bassie en Adriaan DVD and a picture of a local Dutch church.

"I was going to buy an International Reply Coupon," writes Michael Landis (Ramat-Gan, Israel), "but then again, I had these in my pocket."

And finally, a small handful of random stuff.

Don't forget to snail-mail in your own souvenirs for some TDWTF stickers. Ultra-awesome souvenirs (like, say, steak) could even get you a TDWTF mug.

Error'd: Tell a programmer

"I guess the contact lens service that sent me this package couldn't read the label," wrote Mike Totman, "Maybe they should double check their prescription."

"Coming up next: someone will 'type words here.'" James Oakleywrote ,"Sounds exciting!"

"While playing Counter Strike: Source, I received this error," wrote Nick C " I sure wish I knew a programmer that could fix this."

"Okay," wrotes Serg, "first part? Check! Second part? Check. Third.... wait, WTF?"

"I guess Microsoft isn't quite used to success," writes Eric Packwood

This message popped up in Infrarecorder," notes Dan H, "I'm not sure why they were asking me, though."

"I think we have the harshest password policy ever," noted Devin Cameron.

"That's one way to say it," writes Marcus.

"Excellent!" writes Daniel, "Some Ass is available in HD!"

"I saw this a few months back," Scott Selikoff notes, "apparently, saving 0 cents is pretty spooky!"

"Unable to decide how much of a discount to give to random spam recipients," noted Michael Hoskins , "Pfizer takes the 'shotgun' approach to discounting."

CodeSOD: isValidNumber()

"When my company, a large financial corporation, decided to outsource overseas," Ned wrote, "they went for the best: CMMI Level 5. Not Level 3 or Level 4, but Level 5. 'Heck,' the CTO told us half-jokingly, 'the offshore team will make us look bad!'"

"It's hard to describe the 'high quality' code that gets checked-in to our repositories. 'Bloat' just isn't quite strong enough, nor is 'incredibly horrible mess that makes me want to smash everything in sight'. There were a lot of issues with the code, but this one is my best short examples: isValidNumber()."

    public static boolean isValidNumber(Integer number) {
        methodName = "isValidNumber";
        Logger logger = LoggingHelper.getLogger(LOGGER);
        logger.entering (CLASS, methodName);
         
        // parse this number. If you get an NFE, then its 
        // not valid, return false
        try {
            Integer.parseInt(number.toString());
        } catch(Exception ex) {
            logger.fine(methodName + " returns false");
            logger.fine("Number Format Exception when parsing");
            
            return false; 
        }

        logger.fine(methodName + " returns true");
        logger.exiting(CLASS, methodName); 
        
        return true;      
    }

Ned added, "no, it wasn't broken. No, it didn't produce incorrect results. No, in spite of the programmer’s best effort and it getting invoked literally thousands of times per second under full load, it wasn't really that big of a CPU hit. But it is just hard to understand how anyone could look at this and consider it a job well done. Or for that matter... necessary for it at all."

"At least it's CMMI Level 5 strong, though!"

Coded Smorgasbord: In A Rush, Properly Handled, and More

"This code was left by the Senior Software Consultant," Michael Wheeler writes, "I'm not sure if it's insurance against 'Return' not returning... or a comment that explained why the line of code was left in."

Public Shared Function GetItemFromValue(ByVal ddlControl As DropDownList) As Integer
    Dim i As Integer
    If ddlControl.Items.Count > 0 Then
        For i = 0 To ddlControl.Items.Count - 1
            If ddlControl.Items(i).Selected() Then
                Return i
                Exit For     'leaving this here cause we're in a rush
            End If
        Next
    End If
End Function

"We're aparantly pretty serious about 'properly' handling exceptions," writes Rami, "very, very serious."

public bool Receive( string FilePath )
{
    try
    {
        return true;
    }
    catch( Exception e )
    {
        ExceptionManager.Publish( e, Priorities.High );
        return false;
    }
}

"A nice example of ahead planning," Robert writes, "just in case the Earth's mass dramatically changes overnight, we are prepared for a fast, system-wide adjustment."

Public Function Newton()
    Newton = 9.81
End Function

"Some developers use JavaScript for validation, others use server-side code," Rio writes, "we, on the other hand, seem to use comments. It doesn't really validate anything, but hey, it's good."

If fromDate < toDate Then
   'it's good.
Else
   'it's not good.
End If

"I was going through some obscure code from the developers before me, and something caught my eye," Philippe wrote. "It was a class whose task was to transform data, and this is how it was instantiated."

Transformer optimusPrime = new Transformer();

"Gee thanks," Tobias N. Sasse writes, "that's helpful!"

public long getLength() {
  return 1000000;  // no clue
}

"I tried to put some italic tags around a bit of text today," writes Derek, "but somehow, it emboldened my text. I did some digging, and I found that our front-end developer has this in our CSS stylesheet."

i { color: #000; font-weight: bold; font-style: normal; }

"I guess the comment header is right," Brian M writes, "no po box for you!"

//*******************
//**
//** Function   - POBox
//** Purpose    - no po box
//**
//*******************
 
function POBox(eobj, eid) 
{

	return (true);
}

"So that's how you DeUnicode stuff" David Nguyen wrote, "and here I thought it involved a bit more than removing an italics tag."

function DeUnicode($_input){
  //added to strip out italics tag <i> from name
  $_input = str_replace('<i>', '', $_input);
  $_input = str_replace('</i>', '', $_input);
  return $_input;
}

More Best of the EmaiL

It's time once again for Share Your Bizarre Email day! mail in or post your favorite emails in the comments. Here's three to get started...

"My company takes safety very seriously," Adam wrote, "and here is a partially illustrative message. What's especially funny about it is that we receive examples and protips like this on a routine basis."

Colleagues,

While on travel last week a member of our staff got up at 3AM to go to the
bathroom. He tripped over a chair and fell into a coffee table, hitting
his head. He suffered a significant head injury and blood loss. He was
taken by ambulance to a local hospital emergency room. He had surgery at
the hospital at his travel site last Thursday. He came home Friday.
Sutures were removed Monday and he is due back to work tomorrow. He is
doing well and in fine spirits.

He and we have done a root cause analysis and make the following
recommendation to travelers: before retiring for the night review the
path to the bathroom in new hotel rooms and move any tripping hazards, if
possible. Further, consider leaving a light on in the bathroom with the
door slightly open or packing a portable night light in travel gear to use
in your hotel room.

Evin L-------
Safety Directory

"I work for a firm that is all about getting the most from their employees," Dan wrote.

Hi Dan,

You are correct. There is a discrepancy between the vacation time 
(2 weeks / 80 hours) and the newly-instituted 45-hour workweeks. 
At this time, we are not planning on increasing employee vacation 
benefits, so in order to meet the 45-hour requirement, you will 
need to either:

(a) use an hour from your sick/personal time for each vacation day

(b) work an additional hour for each vacation day

Note that, if you chose to work the extra hour, it must done 
within the same two-week pay period. Also, keep in mind that this 
policy will apply to company holidays as well.

Thank you,

Amber J------------
HR Generalist

"This email was sent by one of the company directors," wrote Brett M, "we have a good 300 employees, with 100 or more in IT."

Hi All, 

Yesterday there was a flood which luckily only damaged some ceiling
tiles in the downstairs loos and messed up the wall paint. It could 
potentially have damaged expensive computer equipment and the systems
our business relies on. 

The flood (of clean water from cistern) happened due to a blocked 
toilet so please follow these simple instructions  to avoid it 
happening again. 

1/ From time to time we all need to use a lot of toilet paper. On 
these occaisions use a little paper then flush, then use some more 
and flush. This can be repeated as many times as you need.  

2/ Do not flush anything apart from toilet paper (a little at a 
time) or something which has been eaten first. 

For those considering asking 'how much is a little paper', lets call 
it 12 sheets. 

Any further queries, don't hesitate to ask. 

Gerald F. ---------
Director (VP)

"At just about any office," writes Hansel Johnson, "there are some coworkers that you certainly wouldn't mind seeing nude, and subset of those who you certainly wouldn't mind seeing bouncing while nude."

From: Debbie A----
Sent: Wednesday, April 08, 2009 8:51 AM
To: IT_OPS
Subject: Bouncing New Dev in 5 Minutes
 
Please be advised- I will be bouncing Nude in 5 
minutes.   Please let me know if this presents an 
issue.

"I'm sure many in the office would rush to find a trampoline and some lawnchairs, and you can imagine their disappointment upon receiving the following email not more than a minute later..."

From: Debbie A----
Sent: Wednesday, April 08, 2009 8:52 AM
To: IT_OPS
Subject: RE: Bouncing New Dev in 5 Minutes
 
My apologies- Spell Check got me on this one-
 
“I will be bouncing NewDev in 5 minutes!”

CodeSOD: October Road

“Our codebase is a bit... backwards, to say the least,” writes Aaron Silver, “things that should go up don’t go up or down... instead, they’re painted orange .”

“The postProcessAddress address method is a good example of all of this.”


string[] months =
{
 "Jan", "Feb", "Mar", 
 "Apr", "May", "Jun", 
 "Jul", "Aug", "Sep", 
 "Oct", "Nov", "Dec"
};

if (processingClient.StreetAddress != null
  && string.IsNullOrEmpty(processingClient.StreetAddress.Line1))
{
  for (String month : months)
  {
  if (processingClient.StreetAddress.Line1 != null
    && processingClient.StreetAddress.Line1.Contains(month))
  {
    writeError(processingClient,
      errorList,
      "Street address line 1 is in date format ("
        + processingClient.StreetAddress.Line1 + ").");
  }
  if (processingClient.StreetAddress.Line2 != null
    && processingClient.StreetAddress.Line2.Contains(month))
  {
    writeError(processingClient,
      errorList,
      "Street address line 2 is in date format ("
        + processingClient.StreetAddress.Line2 + ").");
  }
  if (processingClient.StreetAddress.Line3 != null
    && processingClient.StreetAddress.Line3.Contains(month))
  {
    writeError(processingClient,
      errorList,
      "Street address line 3 is in date format ("
        + processingClient.StreetAddress.Line3 + ").");
  }
  }
}

Aaron adds, Aaron adds, “I’m not exactly sure what thought process lead to this, but the powers that be aren’t too keen about changing it, leaving our end users to adding random hyphens and spaces for those unfortunate enough to live on ‘October Road’.”

The Single Sign On

“It’s impossible,” Gerald said in a matter-of-fact tone, “simply impossible.”

“Now just so we’re clear,” Craig responded, “by ‘impossible’, you actually mean ‘a big pain in the ass’, but you’re a smart guy who can make it happen, right?” That drew a few chuckles from the handful of other coworkers who joined them in the conference room, but Gerald just sighed. “No, Craig, by impossible, I mean impossible. Not doable. Can’t be done. Im-poss-i-ble. Well I mean, unless you can somehow change the underlying structure of the way everyone communicates on the Internet.”

“But we don’t need to change it for everyone,” Craig jumped in, “just one client. Surely, you can do that!”

The situation at hand was not an uncommon one. Craig, one of the company’s top producing sales reps, had once again sold a client on a feature they did not have. He certainly didn’t lie about having the feature, but instead proposed an offer the client couldn’t refuse: if you buy it, we’ll build it.

Management, not being the type to turn down booked sales, couldn’t refuse the offer either. And thus, they sided with Craig on what ‘impossible’ actually meant. They also assigned Gerald and team to develop the much-needed feature: an IP-based authentication system that would allow users of their Software-as-a-Service product to access the system without ever needing to log in.

Gerald’s main objection with IP authentication was that the majority of users – and in fact, all of the users at the client site – were behind a router. Though they’d certainly each have an internal IP address assigned, they would all share the same public IP, making one computer indistinguishable from the next.

To make matters even more tricky, their application was used by hospitals to track certain kinds of patient data, which meant that HIPAA – the regulatory framework that defines how patient data must be stored and accessed – needed to be followed. And not just followed, but followed, tested, certified, re-certified, and double-tested. Any change to the HIPAA-related functions – authorization included – would need to go through a painful internal and external QA process.

Given the impossibility of getting the end-users internal IP address from the outside, Gerald figured that using cookies would be the next best thing. Have the user log-in once, and then store an authentication cookie on the computer for as long as possible. Sure, that meant clearing cookies would trigger a new login, but it seemed to be a fair and easy work-around. Well, not so much: the client vehemently rejected the idea, saying that their employees couldn’t be bothered with having to remember yet another login, even if only temporarily.

After going back to the drawing board, Gerald came up with another idea: configure the firewall proxy server on the client’s side to add a custom HTTP header (X-Forwarded-For) that included the original IP address. That idea went over just about as well: HTTP headers could be forged, and a malicious employee inside of the company could hack in too easily.

Gerald’s third proposal to the client involved a site-to-site VPN connection. The application server would be exposed access via the client’s internal network, which would not only allow them to use IP authentication, but Windows-integrated authentication as well. It was his best idea yet, and made things that much easier, as the client would be able to configure which username has access instead of which IP address. Unfortunately, the IT folks at the client weren’t a big fan of the approach, as “a VPN connection is inherently insecure.”

At wits end, Gerald came up with yet another idea: a “Single Sign On” approach of sorts. When the end-user would access their application, the system would look for an “authentication ticket” cookie. When not present, the user would be redirected to another server – which lived inside the network – whose sole purpose was to generate a secure authentication ticket that included the private IP address. The ticketing server would then redirect to hosted application, which would then verify the authenticity of the ticket and give the user access.

The client absolutely loved the idea. “This is exactly what we’re looking for,” the client’s project manager said, “no need to remember logins, plus solid security.” The sales contract was signed, and the project was officially a go.

And finally, three months later, the new feature was finished. It took three solid weeks of development time, two weeks of QA testing, several thousand dollars in new hardware, and tens of thousands of dollars for an external HIPAA assessment, but the sales rep and the client’s project manager said it’d be worth it: no more remembering logins. Now, all that was needed for implementation was a list of IP addresses that were allowed to use the computer.

“Hi Gerald,” the client’s project manager wrote in an email, “please provide the following IP with access to the system: 10.1.23.97.”

Gerald confirmed, and reconfirmed: only one user needed access to the system. And apparently, she really hated remembering logins.

CodeSOD: Unit Tested

“I was hired as a ‘best practices consultant’ to help bring a 300-developer company’s development practices into the 21st century,” wrote Ian, “and after six months, I had failed.”

“Our first objective was to introduce automated unit testing. They had all sorts of horribly interconnected code, and the tests would help reduce the fix-here/break-there problems. However, after many, many tutorial sessions with developers, and quite a few long meetings spent trying to convince them of the benefits, no tests emerged. The developers stubbornly held that testers should test code, not them.”

Ian continued, “Adding some teeth to our policies, we set-up a continuous integration server that emailed everyone reports of unit test code coverage. This way, managers could take responsibility for getting their teams to write unit tests. That seemed to do the trick: the number of unit tests and code coverage started to steadily climb on all projects.”

“I finally felt that all my efforts were worthwhile,” he added, “the overall health of the team’s code would now increase immeasurably. Less bugs, less time manual testing, and all that good stuff. And then I started to look at the unit test code.”

public class StaticDataRequestTest {

    @Test
    public void startClientReqest() {

        try {
            new StaticDataRequest().onData(null);
            assertEquals(
                " processing client static data request  ",
                true, 
                true);
        } catch (Exception ex) {
            assertEquals(
                " processing client static data request  ",
                true, 
                true);
        }
    }
}

Ian added, “I guess we got what we asked for.”