AboutHave been programming since 1980.
Joined devRant on 6/8/2016
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
If you discount all the usual sql injections the most blatant was not our but a system one customer switched to after complaining over cost.
The new system was a bit more bare bones featurewize but the real gem was the profile page for their customers.
The only security was an id param pointing to the users primary key, which was an auto incrementing integer :)
And not only could you access all customer data but you could change it to.
But since the new system was built by their it chief’s son we realized it was not much we could do.2
I have multiple contenders ;)
A program used to sort emails.
We was in the process of moving from lotus notes to exchange and needed a way route emails to the right server internally.
Solution, a qmail to receive all emails, a script running by cron every minute to read the emails, check the recipient name to a list and resending to the right server. The script was written in php :P since that was the only way we at the time had to read an email into an object, it was run just like any other shell script :D
A multi threaded mail sender that fetch email addresses and content from a database and posted them through qmail using background execution and pipes to get the result back and then update the database, written in bash script.
A c program used in a similar way as in one but this time using dial up and uucp to fetch email and then drop these either into lotus notes or into a bbs for our customers to give them an email address. This was around 1993, so not to many isp’s offered email and not to many had internet anyway, dial up bbs was much more common.5
I had good support.
I got access to a computer at 10 when my mother brought home the ones they used for education to avoid them being stolen
That was a couple of sinclair ZX80
I the got to go to 5 different programming courses over the next 4 years before being able to get a summer job at 14 to by my own spectravideo 128.
At 1) I started teaching through mother job and at 18 I wrote my first commercial program for my father.
I am now 50 and still in the business:)3
Probably around 7 years old when planing on building a robot and discussing how we should get it to move. And also playing with lego.
Then at 10 years my mom lended home a couple if Sinclair ZX80 with 512 bytes of memory and I was hooked :D (they where brand new at that time)5
One of my most arrogant customers was one that constantly called support because she could not get things to work as she wanted.
We repeatedly told her that she was working against the way the system was built and that was what was causing her problems.
This was not a custom system for that customer but a cloud product we where offering with over a thousand customers on and it was designed with a certain workflow in mind.
Despite this she always complained that the system was wrong and we needed to fix it.
She was also always late for her deadline complaining that she did not get the information from her bosses in time and demanded we help her get it done :)
But I was fortunate that everyone at our company held a unified position that it was not out fault that her bosses gave her info late or that she tried to do things in a way the system was not designed for.
So when she got to aggressive we just offered her to go somewhere else.
I thing they finally did, after about two years.1
The closest thing to cutting edge was probably the first survey project.
We found something named remote scripting in a sub folder in the visual interdev default site.
It was the precursor to ajax, a few years before ajax was born and we used it to interactively call the backend from the page.
Otherwise I have mostly worked on mature projects where cutting edge is mostly avoided.
Anders Hjelsberg, creator of Turbo Pascal,C# and Typescript, three of my favorite languages.
Grace Hopper, fighting complacency and standing up for her self.
I don’t know if I would call it a quirk of the language or serious abuse of it :P
But I managed to get a null ref exception when comparing a local int variable to an int parameter to the same function in C#.
Since a local or parameter of type in cannot be null and I compared the variables them self and dud not try to access any property on them (and no extension method or implicit case or similar) my first thought, along with all colleagues that chipped in to help, was that this should not be possible.
Turns out the method was called through reflection and in that part it injected null as the base object to call the method on.
Since local variables actually are referenced through the parent object this was what was causing the null ref.
That took some time to figure out.4
Any one else having problems with the app crashing when opening items in notifications.
I regularly have the app on IOS iphone die just after opening a comment or similar, but almost exclusively in notifications.
Restarting it usually works, but today I had to restart it 4 times.3
The first program that was used at a company.
I wrote it on suggestion of my father to help with simplifying calculations for rental machines at his work and once finished it reduced time from start to finished report from 2-3 days down to 30 minutes, and corrections could be done in minutes instead of starting all over.
It also featured saving and loading old reports.
And for context, this was 1987 and excel did not exist and existing spreadsheets was not nearly as easy to use.6
The only serious, as in customer affecting, bug I never git fixed was an indexing bug that caused an exception requiring manual intervention by one of us.
Despite going at it for many years I never found the root cause before I left the company.
The reason it was so difficult was that it only occurred every second month or less and with different customers.
It was also not triggering directly when the error occurred but a while later once the error had caused accumulated errors until one value got negative.
Also, it was a combination SQL, backend code and frontend js and the time from initial error until an invalid value could be hours, days or even weeks.
And we never ever managed to replicate it our self and found no common pattern between occasions.
We think it was some kind of race condition when updating the db that caused duplicate values or a hole in the index series (db transaction or db index was not an option for various reason that would require a redesign of the central tables and most if the central code).
This then grew into multiple error on consecutive updates until one f them resulted in a negative number that then caused a regex in js to fail.2
One of my worst WFT moments was just over 2 years ago.
A former colleague had been tasked with “upgrading” our solution for handling customer specific CSS on our platform for building newsletter emails.
He had been with us for about 5 years and ported most of the front end gui over that time from classic asp to .net and C#.
This work started in November and with a pause over dec-mid jan for high season and Christmas leave he continued.
In the beginning if mars we had the first of multiple WTF on that when I realized that his solution required a lot of special CSS or rather LESS, more than the a actual HTML for the template, and all was custom less rules that was very hard to understand.
We found that he actually never really understood how LESS worked and had tried to do things in a very backward way. Another colleague jumped in and manage to clean it up a bit so it got down to manageable levels.
Then in the end of Mars came the next bigger WTF. This is a newsletter building application. Turns out the new LESS based solution was entirely dependent on the js version of LESS and only worked when running in the browser. Guess what, the email send engine is not a browser and css classes and rules generally does not work in emails.
The new solution was impossible to integrate with the part that built and sent the emails without some very heavy rework.
Oh, and it was also completely incompatible with 12 years of old newsletters and customer templates that just did not work.
And of cause, he had not shown any of this in code reviews but rather just merged it part by part to the new version branch interleaving it with 5 months of other work.
He left the company short after.11
Personally the coolest was the program I built for my fathers use on his job.
It was my first to be used commercially in the real.
That was a very big thing, I was 17 at the time an used turbo pascal 5.5 and he used it to compute how well all machinery was doing, they rented out diggers and other construction equipment to construction sites and manually compute this with a calculator took up to three days. (This was 1987 so there was not very many ready made programs for business, you often had to build your own)
With this program he had it done in around 30 minutes.
The next best was recently when I got my raft distributed consensus cluster server working. Its a little bit like zookeeper.
Building that purely from the research paper was rewarding but a bit of a challenge.1
A colleague was doing configuration on a server and needed to restart the network card.
So he clicked disable it, just to notice that his remote session died ...
Now where can we get a cab?8
Outlook and word for html rendering.
I know it was a business decision but its been a pain since 2007 and still is.
Around 27 hours at new customer location.
They had a server failure due to incompetence.
They had fired their own IT guy and called us 6 months later because the server stopped responding.
First diagnostic. 2 drives are dead in a raid 5 with one hot spare. Raid controller then proved to be broken once the disks was replaced.
Waiting for new raid controller and installing.
Backup non existing, no one changed dat tape during the 6 months without IT. The tape was just a transparent plastic band, no media left.
Raid config is stored in static ram on controller, no backup!
Several hours in tech support to find out how to rebuild raid config from existing disks.
Proves to be impossible to rebuild raid set due to some checksum failures.
More hours with support to enable some diagnostic read only mode to mirror low level content to external drive.
Then many more hours to copy parts of the tree until it gets an error, restart after that and go on.
In the end we got around 70% back.
During this time I manage to be in contact with the raid manufacturers all support centers, one in europe, one in the us and one in Taiwan, switching each time one if them closed for the night.
The customer later declined a steady support contract due to us being to expensive ;)
Some just don’t want to learn.6
20+ years ago we got a contract to replace an old home grown system for managing rented equipment for a company with offices in two countries with a new standard system.
I was tasked with building a few addon modules to handle import and reporting that the standard system lacked.
Over the course of 8 months and multiple trips to their head office for on premises development along side their people that knew how it should work (there was a lot of waiting for info so it was not 8 months of actual work) we finally was ready to present the finished solution.
After about one hour of demonstration their boss questioned why we did not demonstrate the connection to their corporate group accounting system ...
“Corporate group accounting?”
After some confused discussion it turns out that in one of the first meetings the sales person had they had mentioned this accounting system and that all accounting info was to be exported there.
This requirement was never listed in the specifications we got and looking into it it turned out that the standard system did not support such exports at all.
In the end we had to throw it all away as it proved impossible to get that info out of the system (which was not of our design).
We barely avoided having to repay all fees as their people had approved the specification but standing there without a clue to what he was asking for was a very scary experience, thinking “how could we miss this?”2
Finally I could get the correct computer :)
Just missing the raised arm for the screens instead of desk stands
(ok,my real desk is not transparent but it was to cool to not take ;) )3
Reading another rant about scrolling and decimal values I felt an urge to write about a bad practice I often see.
Load on demand when scrolling has been popular for quite some years but when implementing it, take some time to consider the pages overall layout.
I have several times encountered sites with this “helpful” feature that at the same time follows another staple feature of pages, especially news sites, of putting contact and address information in the footer ...
Genius right :)
I scroll down to find contact info and just as it comes in view new content gets loaded and pushes it out of view.
If you plan to use load on demand, make sure there is nothing below anyone will try to reach, no text or links or even pictures, you will frustrate the visitor ;)
The rant I was inspired by probably did not do this but its what got me thinking.
When the company my mother worked for was arranging computer courses and could not leave the computers in the borrowed classrooms.
They brought them home and I got to play with them :)
Sinclair ZX80 with 512 bytes of RAM (no hard drive, diskette or CD).
This was 38 years ago ;)6
Not really doubt my skills but definitely feeling inferior ;)
Reading stuff like this :
My parents have a very good grasp of what I do.
The first computer I got to try was one of the educational computers used for courses arranged by the company my mother worked for and my father studied programming before me ;)
There have been many occasions over the years.
The first was playing with a Sinqlair zx80 and getting it to print 0 instrad if syntax error ;)
The latest probably was when I started to understand react.js.
Answered a job ad in our morning news paper and got an interview.
After 2 hours or question I got an offer to try it for 3 days and I have been here since then, soon 25 years ;)7
Depends on the project.
If it is a full application I usually start with what information it will handle.
Then either sketch out some database or some pages depending on how much info I got and if I got any good examples.
The less info I have, the more I try to focus on use cases and workflow to try to figure out what data will be needed.
But for more niche projects, like supportive library, ex parsers, I either mock some test in linqpad or look for similar examples online to flesh out the idea.
But I tend to very quickly fill out the basic shape and try to get something that can be tested.
Then I can find if I need to rethink it.
Years ago we had a visit from a startup company developing a firewall and I got the chance to talk with one of their devs.
He explained the subtleties of security holes in websites and after I said something about our site being secure thanks to being behind a firewall he gently asked what would happen if he entered a specially crafted test into one of the text fields ... and he gave an example ...
I got a chill, went back to my seat and traced what it would do ...
That was when I learned about sql injection and his example would have killed the DB :/
Before going home I designed a way to secure the input which I then refined over a few days.
We still use that today after 17 years.
That one single sentence really showed to never be to proud of our security and I realized how vulnerable our site was.2
It was a Swedish computer in the 80s.
Used basic as main shell like c64 but its editor was worse than edlin if any one remembers that.
You could not use arrow keys to go to a line to change it but had to type a command like edit 80 to retrieve the line in an editor prompt.
It also lacked a lot of common basic commands.6