OR 

CodeSOD: Flip to a Blank Page

You have a web application, written in Spring. Some pages live at endpoints where they‘re accessible to the world. Other pages require authentication, and yet others require users belong to specific roles. Fortunately for you, Spring has features and mechanisms to handle all of those details, down to making it extremely easy to return the appropriate HTTP error. Unfortunately for you, one of the developers on your team is a Rockstar who i

favicon of http://thedailywtf.com

Error‘d: Stay Away From California

Deep down, I knew this was one of the most honest labels Ive ever seen, wrote Bob E. Some people struggle to get and keep a high credit score. I, on the other hand, appear to have gotten a high score, writes Pawe. Steve M. wrote, Im trying to register our travel insurance with ROL Cruises, but our travel policy has been rejected because its under age. This happens every time my mom tries to place a call in her car, writes Dylan S., Strangel

favicon of http://thedailywtf.com

Westward Ho!

Roman K. once helped to maintain a company website that served a large customer base mainly within the United Kingdom. Each customer was itself a business offering a range of services. The website displayed these businesses on a map so that potential customers could find them. This was done by geocoding the business addresses to get their longitude and latitude coordinates, then creating points on the map at those locations. Simple enough-exce

favicon of http://thedailywtf.com

Error‘d: An Unfortunate Sign

Found this in the School of IT. 404: Women not found. Fairly accurate, wrote Maddie J. In true Disney fashion, even their servers bid us farewell after Its a Small World After All had wrapped up, writes Daniel H. Lorens wrote, I thought the GNOME bugs in the new Bionic Beaver Ubuntu were going to drain my battery, but turns out theres a lot left. You know, I never click on ads, and this one certainally doesnt speak to my needs, but I have

favicon of http://thedailywtf.com

Crazy Like a Fox(Pro)

‘Database portability‘ is one of the key things that modern data access frameworks try and ensure for your application. If you‘re using an RDBMS, the same data access layer can hopefully work across any RDBMS. Of course, since every RDBMS has its own slightly different idiom of SQL, and since you might depend on stored procedures, triggers, or views, you‘re often tied to a specific database vendor, and sometimes a version.

favicon of http://thedailywtf.com

CodeSOD: Switch On Suppression

Krista noticed our article explaining that switches were replacements for ifs. She sent in a version she found in her codebase, around the same idea: @SuppressWarnings(incomplete-switch) @Transactional public void removeAssetFromPackage(Package pkg, Asset assetToRemove) { pkg.getAssets().remove(assetToRemove); // Delete from DB and asset store. removeAsset(pkg, assetToRemove); // If were removing LIVE asset, also delete AsyncJobs.

favicon of http://thedailywtf.com

Switch On Suppression

Krista noticed our article explaining that switches were replacements for ifs. She sent in a version she found in her codebase, around the same idea: @SuppressWarnings(incomplete-switch) @Transactional public void removeAssetFromPackage(Package pkg, Asset assetToRemove) { pkg.getAssets().remove(assetToRemove); // Delete from DB and asset store. removeAsset(pkg, assetToRemove); // If were removing LIVE asset, also delete AsyncJobs.

favicon of http://thedailywtf.com

CodeSOD: Why I Hate Conference Swag (and What can be Done About it)

Hey everyone - Im at a conference this week Id like to cover a WTF that Ive been seeing this week - VENDOR SWAG. Ok, if you are one of those poor souls who are always heads down in code and never attend workshops or conferences, this wont make much sense to you, but heres the deal - companies will set up a booth or a table and will pass out swag in exchange for your contact info and (possibly) a lead. To me, this is easily the dirtiest transa

favicon of http://thedailywtf.com

CodeSOD: Not a Not Bad Approach

In terms of elegance, I think the bitmask has a unique beauty. The compactness of your expression, the simple power of bitwise operators, and the way you can see the underlying implementation of numbers laid bare just speaks to me. Of course, bitmasks can be a bit opaque, and you may have to spend some time thinking about what foo = 0xFF0000 is actually doing, but there‘s also something alluring about it. Of course, bitmasks are surprising

favicon of http://thedailywtf.com

CodeSOD: Padding Your Time

Today will be a simple one, and it‘s arguably low-hanging fruit, because once again, it‘s date handling code. But it‘s not handling dates where it falls down. It falls down on something much more advanced: conditionals. Supplied by ‘_ek1n‘. if (min == 0) { if (hours == 12) { hours = 12; min = 00; } else { hours = hours; min = 00; } } My favorite part is the type-conver

favicon of http://thedailywtf.com

CodeSOD: The Secure Cloud API

Melindas organization has purchased a cloud-based storage system. Like any such system, it has a lovely API which lets you manage quotas and login tokens. It also had a lovely CLI, which was helpful for administrators to modify the cloud environment. Melindas team built a PHP front-end that could not only manage files, but also allowed administrators to manage those quotas. Melinda was managing those quotas, and when she clicked the link to view

favicon of http://thedailywtf.com

Keeping Up Appearances

Just because a tool is available doesnt mean people will use it correctly. People have abused booleans, dates, enums, databases, Go-Tos, PHP, reinventing the wheel and even Excel to the point that this forum will never run out of material! Bug and issue trackers are Good Things. They let you keep track of multiple projects, feature requests, and open and closed problems. They let you classify the issues by severity/urgency. They let you spec

favicon of http://thedailywtf.com

CodeSOD: Caught Up in the Captcha

Gregor needed to download a network driver. Upon clicking the link, a captcha appeared, presumably to prevent hotlinking to the driver files. It wasnt a real, image-based captcha, but a simple heres some characters, type them into the box. The code which popped up was S i u x q F b j NaN 4. He hit the new code button, and got T o A 0 J V s L NaN a. In fact, NaN showed up in the penultimate position in every code. Curious, Gregor pulled up the d

favicon of http://thedailywtf.com

CodeSOD: Wear a Dunder Cap

In the Python community, one buzzword you‘ll find thrown around is whether or not an approach is ‘pythonic‘. It‘s a flexible term, and something you can just throw out in code reviews, even if you‘ve never written a line of Python in your life: ‘Is that Pythonic?‘ The general rubric for what truly is ‘pythonic‘ is generally code that is simple and code that operates explicitly. There shouldn&

favicon of http://thedailywtf.com

CodeSOD: Rectangle Marks The Spot

If you need your users country of origin, there are many ways you can go about obtaining it programmatically. Some may opt for a simple drop-down that prompts the user to specify his/her country. If you dont want to burden your user this way, you might look at their session data and return their country of origin, time zone, or some other useful information. If you have fancy enough APIs at your disposal, you could even reverse geocode the user

favicon of http://thedailywtf.com

SLA-p the Salesman

A Service-Level Agreement (SLA) is meant to ensure customer issues receive the attention they deserve based on severity. It also protects the support company from having customers breathing down their neck for frivolous issues. All of the parameters are agreed upon in writing ahead of time and both sides know the expectations. That is, until a salesman starts to meddle and mess things up, as happened at the place Dominick worked for. Dominick w

favicon of http://thedailywtf.com

CodeSOD: Legacy Switchout

About a decade ago, I attended a talk. The speaker made the argument that legacy code may have many possible interpretations, but the practical view was to simply think of legacy code as code without unit tests. Thus, the solution to modernizing your legacy code was to simply write unit tests. Refactoring the code to make it testable would have the side effect of modernizing the code base, and writing tests would act as documentation. Its that ea

favicon of http://thedailywtf.com

CodeSOD: Look Ahead. Look Out!

Im an old person. Its the sort of thing that happens when you arent looking. All the kids these days are writing Slack and Discord bots in JavaScript, and I remember writing my first chatbots in Perl and hooking them into IRC. Fortunately, all the WTFs in my Perl chatbots have been lost to time. P has a peer who wants to scrape all the image URLs out of a Discord chat channel. Those URLs will be fetched, then passed through an image processing p

favicon of http://thedailywtf.com

Classic WTF: Security By Letterhead

Its a holiday in the US, so were turning back the clock a bit. How do you make sure nobody issues an unauthorized request for a domain transfer? This registrar has serious security to prevent just that kind of event. You know this must be a classic, because it involves fax machines. Original -- Remy Security through obscurity is something weve all probably complained about. Weve covered security by insanity and security by oblivity. And today, j

favicon of http://thedailywtf.com