Programmer Humor

This was then sent to the server as pure sql, no orm.

ORMs are overrated.

Whatever im working on 💪

Private key for a third-party API hard-coded into the front-end web app

it wasn't funny in any way, but J~~SHIT~~BOSS "microservice" (it was a jboss service with one microservice inside, in a kubernetes pod, with only one core, tell me about redundancy). Service classes with over 2000 lines of code, it shouldn't even be called spaghetti code, more like lasagna code, the pasta came in layers, separation of concerns was a mere suggestion, code was not thread safe (and it needed to be), but there was only 40 Ejbs for each "stateless" service inside de EAR, so number go up, code goes better.

I refactored it, it's now in the glorious quarkus 3.27, on virtual threads and java 21, not hyperbole, but 5x more throughput and you don't need 7 phds in italian cousine.

Edit: I also saw, in Angular, the infamous:

if (variable === true || variable === 'true' || variable === "true") {

A page that handled call requests. It was a table showing some information about the person, the case it's related to and some other fields. It fetched everything from any table it touched. So the call was fetching all the information about the person. The case it was related to. The person who was assigned to the case, and since the case was linked a couple of layers in, all of that data as well.

I created a simple view that only fetched the data it needed. It went from over A GIGABYTE of data to less than 25mb of data of transfer to the web ui.

All about PTC's God awful piece of shit PLM/PDM systems IntraLink and PDMlink. I cannot believe the amount of trash code that company uses. And they get paid millions to basically screw the customers over. The costumer's CAD gets intertwined in a huge heap of automated HTML garbage. This leads to a total disaster.

Lots. But one that springs to mind is a custom CMS where a new dev decided to print out the sql generated for a particular content type on paper. He took it to the CTO without comment.

What was wrong?

It was 12 pages.

The C++ code went something like this:

1. Conver pointer to int
2. Serialize the int over IPC to self using Linux Message Queues
3. Delete/free the pointer
4. Read the int from the queue
5. Convert to pointer
6. "Use" the pointer

This one is funny because it 100% still exists somewhere, but I haven't had the chance to verify it again.

Okay so basically its a data recorder box (ex: brainbox) that connects to a bunch of industrial sensors and sends the data over the network with your preferred method.

Builtin firmware gives you an HTTP webui to login and configure the device, with a user # and password.

I think the user itself had a builtin default admin which was #0, which everyone uses since there wasn't really much use for other users.

Anyway, I was looking at the small JS code for the webui and noticed it had an MD5 hashing code that was very detailed with comments. It carefully laid out each operation, and explained each step to generate a hash, and then even why hashes should be used for passwords.

Here's the kicker: It was all client side JS, so the login page would take your password, hash it, and then send the hash over plaintext HTTP POST to the server, where it would be authenticated.

Meaning you could just mitm the connection to grab the hash, and then login with the hash.

I sat there for like 10 minutes looking at the request over and over again. Like someone was smart enough to think "hey let's use password hashing to keep this secure" and then proceeded to use it in the compleltly wrong way. And not even part of like a challenge/handshake where the server gives you a token to hash with. Just straight up MD5(password).

It was so funny because there were like a hundred of these on a network, so getting a valid hash was laughably easy.

I never got to check if this was fixed in a newer firmware version.

Ok so this one is someone trying to move to "the cloud."

They had a database they used. It was on a server in the office. We were tasked to clone the db server to a hosted VM. Due to order of creation this got put on a new host without anything yet on it.

They needed a site to site VPN to keep privacy, that was all fine. However after the clone and during testing, their guy there said that this one part was really slow. We take a look and everything is good with performance of the server and of the VPN. I have to pop on to take a look.

It was in an office app and written in VB. (I forgot which one.) It was indeed slower on the hosted server. So I took a look at the function (he got it up for me) and I could instantly tell the issue.

This part was a lookup page that searched for you input. The function retrieved the entire table, then filtered the results in the client. I explained that transferring the whole table over the internet would be slower than on the local lan.

This guy said he originally wrote this, but "forgot VB."

In the end they decided not to update the app or keep the server in the office, but instead they rented some VDIs in the same data centre as the db.

Joined a new team and one of my first tasks was a refactor on a shared code file (Java) that was littered with data validations like if ("".equals(id) || id == null) { throw new IllegalArgumentException() }

The dev who wrote it clearly was trying to make sure the string values were populated but they apparently A) didn't think to just put the null check first so they didnt have to write their string comparison so terribly or else didnt understand short circuiting and B) didn't know any other null-safe way to check for an empty string, like, say StringUtils.isEmpty()

The script I vibe coded to automate part of my job. It's sloppy and unrefined, but it works, and saves me a ton of effort.