I'll give an example. At my previous company there was a program where you basically select a start date, select an end date, select the system and press a button and it reaches out to a database and pulls all the data following that matches those parameters. The horrors of this were 1. The queries were hard coded.

They were stored in a configuration file, in xml format.
The queries were not 1 entry. It was 4, a start, the part between start date and end date, the part between end date and system and then the end part. All of these were then concatenated in the program intermixed with variables.
This was then sent to the server as pure sql, no orm.
Here's my favorite part. You obviously don't want anyone modifying the configuration file so they encrypted it. Now I know what you're thinking at some point you probably will need to modify or add to the configuration so you store an unencrypted version in a secure location. Nope! The program had the ability to encrypt and decrypt but there were no visible buttons to access those functions. The program was written in winforms. You had to open the program in visual studio, manually expand the size of the window(locked size in regular use) and that shows the buttons. Now run the program in debug. Press the decrypt button. DO NOT EXIT THE PROGRAM! Edit the file in a text editor. Save file. Press the encrypt button. Copy the encrypted file to any other location on your computer. Close the program. Manually email the encrypted file to anybody using the file.

(page 3) 50 comments

sorted by: hot top controversial new old

[–] shnizmuffin@lemmy.inbutts.lol 7 points 3 weeks ago (1 children)

It's all mine.

load more comments (1 replies)

[–] Feyd@programming.dev 7 points 3 weeks ago (1 children)

This was then sent to the server as pure sql, no orm.

ORMs are overrated.

load more comments (1 replies)

[–] potatoguy@lemmy.eco.br 6 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

it wasn't funny in any way, but J~~SHIT~~BOSS "microservice" (it was a jboss service with one microservice inside, in a kubernetes pod, with only one core, tell me about redundancy). Service classes with over 2000 lines of code, it shouldn't even be called spaghetti code, more like lasagna code, the pasta came in layers, separation of concerns was a mere suggestion, code was not thread safe (and it needed to be), but there was only 40 Ejbs for each "stateless" service inside de EAR, so number go up, code goes better.

I refactored it, it's now in the glorious quarkus 3.27, on virtual threads and java 21, not hyperbole, but 5x more throughput and you don't need 7 phds in italian cousine.

Edit: I also saw, in Angular, the infamous:

if (variable === true || variable === 'true' || variable === "true") {

[–] vrek@programming.dev 6 points 3 weeks ago (5 children)

Why does it seem like Java is always the language with the worst code?

I mostly do local programs with c# or python so alot of your comment didn't make sense to me like quarks and ejbs but yeah it sounds horrible.

load more comments (5 replies)

[–] MoonRaven@feddit.nl 6 points 3 weeks ago

A page that handled call requests. It was a table showing some information about the person, the case it's related to and some other fields. It fetched everything from any table it touched. So the call was fetching all the information about the person. The case it was related to. The person who was assigned to the case, and since the case was linked a couple of layers in, all of that data as well.

I created a simple view that only fetched the data it needed. It went from over A GIGABYTE of data to less than 25mb of data of transfer to the web ui.

[–] mlg@lemmy.world 6 points 3 weeks ago

This one is funny because it 100% still exists somewhere, but I haven't had the chance to verify it again.

Okay so basically its a data recorder box (ex: brainbox) that connects to a bunch of industrial sensors and sends the data over the network with your preferred method.

Builtin firmware gives you an HTTP webui to login and configure the device, with a user # and password.

I think the user itself had a builtin default admin which was #0, which everyone uses since there wasn't really much use for other users.

Anyway, I was looking at the small JS code for the webui and noticed it had an MD5 hashing code that was very detailed with comments. It carefully laid out each operation, and explained each step to generate a hash, and then even why hashes should be used for passwords.

Here's the kicker: It was all client side JS, so the login page would take your password, hash it, and then send the hash over plaintext HTTP POST to the server, where it would be authenticated.

Meaning you could just mitm the connection to grab the hash, and then login with the hash.

I sat there for like 10 minutes looking at the request over and over again. Like someone was smart enough to think "hey let's use password hashing to keep this secure" and then proceeded to use it in the compleltly wrong way. And not even part of like a challenge/handshake where the server gives you a token to hash with. Just straight up MD5(password).

It was so funny because there were like a hundred of these on a network, so getting a valid hash was laughably easy.

I never got to check if this was fixed in a newer firmware version.

[–] purplemonkeymad@programming.dev 6 points 3 weeks ago (2 children)

Ok so this one is someone trying to move to "the cloud."

They had a database they used. It was on a server in the office. We were tasked to clone the db server to a hosted VM. Due to order of creation this got put on a new host without anything yet on it.

They needed a site to site VPN to keep privacy, that was all fine. However after the clone and during testing, their guy there said that this one part was really slow. We take a look and everything is good with performance of the server and of the VPN. I have to pop on to take a look.

It was in an office app and written in VB. (I forgot which one.) It was indeed slower on the hosted server. So I took a look at the function (he got it up for me) and I could instantly tell the issue.

This part was a lookup page that searched for you input. The function retrieved the entire table, then filtered the results in the client. I explained that transferring the whole table over the internet would be slower than on the local lan.

This guy said he originally wrote this, but "forgot VB."

In the end they decided not to update the app or keep the server in the office, but instead they rented some VDIs in the same data centre as the db.

load more comments (2 replies)

[–] wer2@lemmy.zip 6 points 3 weeks ago (2 children)

The C++ code went something like this:

Conver pointer to int
Serialize the int over IPC to self using Linux Message Queues
Delete/free the pointer
Read the int from the queue
Convert to pointer
"Use" the pointer

load more comments (2 replies)

[–] kryptonianCodeMonkey@lemmy.world 5 points 3 weeks ago (1 children)

Joined a new team and one of my first tasks was a refactor on a shared code file (Java) that was littered with data validations like if ("".equals(id) || id == null) { throw new IllegalArgumentException() }

The dev who wrote it clearly was trying to make sure the string values were populated but they apparently A) didn't think to just put the null check first so they didnt have to write their string comparison so terribly or else didnt understand short circuiting and B) didn't know any other null-safe way to check for an empty string, like, say StringUtils.isEmpty()

[–] vrek@programming.dev 6 points 3 weeks ago (3 children)

I mean... That's bad but not on the same scale of some of these other issues.

load more comments (3 replies)

[–] altphoto@lemmy.today 5 points 3 weeks ago

All about PTC's God awful piece of shit PLM/PDM systems IntraLink and PDMlink. I cannot believe the amount of trash code that company uses. And they get paid millions to basically screw the customers over. The costumer's CAD gets intertwined in a huge heap of automated HTML garbage. This leads to a total disaster.

load more comments