war crimes in programming - A thread to discuss and share horrifying programming ideas/code

  • 🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.

My team's intern just found a critical bug by shitposting in our codebase

So our summer intern (who I'm 90% sure is a professional shitposter moonlighting as a dev) just saved our entire authentication service by being, well, an absolute agent of chaos.

Background: We have this legacy auth system that's been running since before TikTok existed. No one touches it. It's documented in ancient Sanskrit and COBOL comments. The last guy who understood it fully left to become a yoga instructor in Peru.

Enter our intern. First week, he asks why our commit messages are so boring. Starts adding memes to his. Whatever, right? Then he begins leaving comments in the codebase like:

// This function is older than me and probably pays taxes
// TODO: Ask if this while loop has health insurance
// Here lies Sarah's hopes and dreams (2019-2022), killed by this recursive call
The senior devs were split between horrified and amused. But here's where it gets good.

He's reading through the auth code (because "the commit messages here are too normal, sus") and adds this gem:

// yo why this token validation looking kinda thicc though
// fr fr no cap this base64 decode bussin
// wait... hold up... this ain't bussin at all
Turns out his Gen Z spider-sense wasn't just tingling for the memes. Man actually found a validation bypass that's been lurking in our code since Obama's first term. The kind of bug that makes security auditors wake up in cold sweats.

The best part? His Jira ticket title: "Auth be acting mad sus rn no cap frfr (Critical Security Issue)"

The worst part? We now have to explain to the CEO why "no cap frfr" appears in our Q3 security audit report.

The absolute kicker? Our senior security engineer's official code review comment: "bestie... you snapped with this find ngl"

I can't tell if this is the peak or rock bottom of our engineering culture. But I do know our intern's getting a return offer, if only because I need to see what he'll do to our GraphQL documentation.
Click to expand...
(Link)
5wW7wOH.jpeg
 
  • Winner
  • Horrifying
  • Lunacy
Reactions: jeff7989, TroonsDid911, Dopeypal and 12 others
Osama Bin Laden said:
imagine having to explain skibidi toilet to a bunch of shareholders
Click to expand...
So, there's this video game that was released by Valve Software called Half Life 2, okay?
And some time after the game released, a man named Garry modified it to create Garry's Mod, often abbreviated as GMod.
In Garry's Mod you can create character objects, most often humans, and you can pose them.
There's a channel on the website youtube dot com named "DaFaqBoom", and he is known for creating animations in Garry's Mod
So, this person decided to put the head of one of the Half Life 2 characters in a toilet prop, and animate it to sync its mouth movements to say -
"Brr skibidi dop dop dop yes yes"
Click to expand...
 
  • Winner
Reactions: Evil Whitey, Belisarius Cawl, Rango Dango and 6 others
Here's how the parsing function for my template module looked at one point. I was just starting to "use strict " and couldn't figure out how to use global variables but I figured using my objects $self hash would be an elegant solution. I actually had to come back and debug this after a few years of looking at it too.
sub parse_template {
my $self = shift;
my $line;
my $in_if = 0; my $in_loop = 0; my $in_js = 0; my $in_np = 0; # Use for syntax checking
$self->{'last'} = 'text'; # Inside which statement
$self->{'b'} = {}; # which line of current block are we in
$self->{'cblock'} = 0; # Whick block are we in
$self->{'bcount'} = $self->{'cblock'}; # KISS block id generator
my @structs;
$self->load_syntax($self->{'cblock'});
while ($line = shift @{$self->{'TEMPLATE'}}) {
$self->{'b'}{$self->{'cblock'}}{$self->{'last'}} = 0 unless (defined $self->{'b'}{$self->{'cblock'}}{$self->{'last'}});
# print "[$self->{'bcount'}][$self->{'cblock'}][$self->{'last'}]<$self->{'b'}{$self->{'cblock'}}{$self->{'last'}}> $line";
if ($in_np) { goto ENDNP; }
if ($line =~ /\Q$self->{'syntax'}{t}\E(\w+)/) { $self->{'BLOCK'}{'DEFINED'}{$1}++; }
if ($line =~ /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{'syn'}\E\s(.+)\Q$self->{'syntax'}{te}\E/i) {
my $change = $1;
#my $t = $self->separate( split /\Q$self->{'syntax'}{'ts'}\E\s*\Q$self->{'syntax'}{'syn'}\E\s+.+?\Q$self->{'syntax'}{te}\E/i,$line,2 );
my $t = $self->separate( split /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{'syn'}\E\s.+?\Q$self->{'syntax'}{te}\E/i,$line,2 );

my @a = ($change =~ m/(\w+)\s*=\s*['"]*(.+?)['"]*(?=\h+\w+\h*=|$)/g);
my $thisline = $self->{'b'}{$self->{'cblock'}}{$self->{'last'}}++;
if ($t) { $thisline++; }
$self->{'BLOCK'}{$self->{'cblock'}}{'jumps'}{$self->{'last'}}{$thisline} = ++$self->{'bcount'};
push @structs,$self->{'cblock'};
$self->{'cblock'} = $self->{'bcount'};
$self->{'BLOCK'}{$self->{'cblock'}}{'type'} = 'syntax';
@{$self->{'BLOCK'}{$self->{'cblock'}}{'syntax'}} = @a;
$self->load_syntax($self->{'cblock'});
push @structs,$self->{'last'}; $self->{'last'} = 'text';
next;
}
if ($line =~ /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{load}\E\s+\Q$self->{'syntax'}{file}\E\s*=\s*["']*(.+?)['"]*\/*\Q$self->{'syntax'}{te}\E/i) {
my $file = "$self->{'BASEDIR'}/$1";
$self->separate( split /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{load}\E\s+.+?\Q$self->{'syntax'}{te}\E/i,$line,2 );
if (-e $file) {
my @in = file_slurp($file);
unshift @{$self->{'TEMPLATE'}},@in;
push @{$self->{'BLOCK'}{'Files2'}}, $file;
} else { unshift @{$self->{'TEMPLATE'}}, "<strong>File not found: $file</strong>"; }
my $thisline = $self->{'b'}{$self->{'cblock'}}{$self->{'last'}}++;
next;
}
if ($line =~ /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{it}\E\s+(.+?)\Q$self->{'syntax'}{te}\E/i) {
my $statement = $1;
my $t = $self->separate( split /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{it}\E\s+.+?\Q$self->{'syntax'}{te}\E/i,$line,2 );
my $thisline = $self->{'b'}{$self->{'cblock'}}{$self->{'last'}}++;
if ($t) { $thisline++; }
$self->{'BLOCK'}{$self->{'cblock'}}{'jumps'}{$self->{'last'}}{$thisline} = ++$self->{'bcount'};
push @structs,$self->{'cblock'};
$self->{'cblock'} = $self->{'bcount'};
$self->{'BLOCK'}{$self->{'cblock'}}{'type'} = 'if';
$self->{'BLOCK'}{$self->{'cblock'}}{'statement'} = $statement;
push @structs,$self->{'last'}; $self->{'last'} = 'if';
$in_if++;
next;
}

if ($line =~ /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{et}\E.*?\Q$self->{'syntax'}{te}\E/i) {
warn "else, no if" unless ($in_if);
$self->separate( split /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{et}\E.*?\Q$self->{'syntax'}{te}\E/i,$line,2 );
$self->{'last'} = 'else';
next;
}

if ($line =~ /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{noparse}\E\Q$self->{'syntax'}{te}\E/i) {
my $t = $self->separate( split /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{noparse}\E\s+.+?\Q$self->{'syntax'}{te}\E/i,$line,2 );
my $thisline = $self->{'b'}{$self->{'cblock'}}{$self->{'last'}}++;
if ($t) { $thisline++; }
$self->{'BLOCK'}{$self->{'cblock'}}{'jumps'}{$self->{'last'}}{$thisline} = ++$self->{'bcount'};
push @structs,$self->{'cblock'};
$self->{'cblock'} = $self->{'bcount'};
$self->{'BLOCK'}{$self->{'cblock'}}{'type'} = 'noparse';
push @structs,$self->{'last'}; $self->{'last'} = 'text';
$in_np++;
next;
}

if ($line =~ /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{lt}\E\s+(.+?)\Q$self->{'syntax'}{te}\E/i) {
my $statement = $1;
if ($statement =~ /\w+[sS]\s*=\s*[\@\Q$self->{'syntax'}{t}\E](\w+)/) { $self->{'BLOCK'}{'DEFINED'}{$1}++; }
my $t = $self->separate( split /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{lt}\E\s+.+?\Q$self->{'syntax'}{te}\E/,$line,2 );
my $thisline = $self->{'b'}{$self->{'cblock'}}{$self->{'last'}}++;
if ($t) { $thisline++; }
$self->{'BLOCK'}{$self->{'cblock'}}{'jumps'}{$self->{'last'}}{$thisline} = ++$self->{'bcount'};
push @structs,$self->{'cblock'};
$self->{'cblock'} = $self->{'bcount'};
$self->{'BLOCK'}{$self->{'cblock'}}{'type'} = 'loop';
$self->{'BLOCK'}{$self->{'cblock'}}{'statement'} = $statement;
push @structs,$self->{'last'}; $self->{'last'} = 'text';
$in_loop++;
next;
}
if ($line =~ /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{e}\E\s*\Q$self->{'syntax'}{syn}\E.*?\Q$self->{'syntax'}{te}\E/i) {
$self->separate( split /\Q$self->{'syntax'}{ts}\E\s*\/\s*\Q$self->{'syntax'}{syn}\E.*?\Q$self->{'syntax'}{te}\E/i,$line,2 );
$self->{'last'} = pop @structs;
#$self->{'cblock'} = --$self->{'bcount'};
$self->{'cblock'} = pop @structs;
$self->load_syntax($self->{'cblock'});
next;
}
if ($line =~ /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{e}\E\s*\Q$self->{'syntax'}{it}\E.*?\Q$self->{'syntax'}{te}\E/i) {
warn "endif without if" unless ($in_if);
$self->separate( split /\Q$self->{'syntax'}{ts}\E\s*\/\s*\Q$self->{'syntax'}{it}\E.*?\Q$self->{'syntax'}{te}\E/i,$line,2 );
$in_if--;
$self->{'last'} = pop @structs;
$self->{'cblock'} = pop @structs;
next;
}
ENDNP: if ($line =~ /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{e}\E\s*\Q$self->{'syntax'}{noparse}\E.*?\Q$self->{'syntax'}{te}\E/i) {
warn "end $self->{'syntax'}{'noparse'} without if" unless ($in_np);
$self->separate( split /\Q$self->{'syntax'}{ts}\E\s*\/\s*\Q$self->{'syntax'}{noparse}\E.*?\Q$self->{'syntax'}{te}\E/i,$line,2 );
$in_np--;
$self->{'last'} = pop @structs;
$self->{'cblock'} = pop @structs;
next;
}
if ($line =~ /\Q$self->{'syntax'}{ts}\E\s*\Q$self->{'syntax'}{e}\E\s*\Q$self->{'syntax'}{lt}\E.*?\Q$self->{'syntax'}{te}\E/i) {
warn "endloop, no loop" unless ($in_loop);
$self->separate( split /\Q$self->{'syntax'}{ts}\E\s*\/\s*\Q$self->{'syntax'}{lt}\E.*?\Q$self->{'syntax'}{te}\E/i,$line,2 );
$in_loop--;
$self->{'last'} = pop @structs;
$self->{'cblock'} = pop @structs;
next;
}
push @{$self->{'BLOCK'}{$self->{'cblock'}}{$self->{'last'}}},$line;
$self->{'b'}{$self->{'cblock'}}{$self->{'last'}}++;
# print "[$self->{'bcount'}][$self->{'cblock'}][$self->{'last'}]<$self->{'b'}{$self->{'cblock'}}{$self->{'last'}}> $line";
}
if ($in_if) { warn " hanging if not closed "; }
if ($in_loop) { warn " hanging loop not closed "; }
}

sub separate {
my $self = shift;
my $prematch = shift; my $postmatch = shift;
my $ret = 0;
if (defined $prematch) {
#push @{$self->{'BLOCK'}{$self->{'cblock'}}{$self->{'last'}}},$prematch;
$ret = $self->{'b'}{$self->{'cblock'}}{$self->{'last'}};
${$self->{'BLOCK'}{$self->{'cblock'}}{$self->{'last'}}}[$ret] .= $prematch;
$ret++; }
if (defined $postmatch) { unshift @{$self->{'TEMPLATE'}},$postmatch; }
return $ret;
}
 
  • Horrifying
Reactions: Belisarius Cawl
morto di figa said:
Here's how the parsing function for my template module looked at one point. I was just starting to "use strict " and couldn't figure out how to use global variables but I figured using my objects $self hash would be an elegant solution. I actually had to come back and debug this after a few years of looking at it too.
Click to expand...
for future reference, you can just use the [code ] instead of spoilering it

 
  • Like
  • Informative
Reactions: morto di figa, Belisarius Cawl and Rango Dango
Osama Bin Laden said:
for future reference, you can just use the [code ] instead of spoilering it

Click to expand...
In turn you can use [PLAIN][CODE][/CODE][/PLAIN] to demonstrate the usage of tags without the space hack there
morto di figa said:
Here's how the parsing function for my template module looked at one point. I was just starting to "use strict "
Click to expand...
My thoughts on Perl 5:
Anyway, definitely turn on use strict and use warnings if using Perl 5 except maybe for the most disposable of scripts
 
  • Informative
  • Thunk-Provoking
Reactions: Safir and Vecr
Need to model a part for something I'm working on so I try FreeCAD. Have never used it before. The default cursor coordinate color is blue text on a blue background. It was easy enough to change but why the fuck would you ship a program with this as the default? Per my search people have been asking the same thing for over a decade
freecadbs.jpg
 
  • Informative
Reactions: TroonsDid911, Belisarius Cawl, Zeftax and 1 other person
Kosher Dill said:
We've done coding war crimes, but how about expanding our e-Nuremberg to crimes of talking about code?

Using any of the following words indicate an opinion that should be discarded:

Performant
Footgun
Bikeshedding
_____'s Law

What else?

(I'm leaving out "CoC language" like "be kind" or we'll be here all day)
Click to expand...
_____ is a code smell.
This is not to say that code smells do not exist, obviously they do. However, I've noticed that there is a particular kind of developer who will see a mechanism or paradigm misused and erroneously come to the conclusion that the mechanism/paradigm itself is bad. This kind of developer is so binary in passing judgement to "avoid abuse" that they inevitably end up abusing a different paradigm trying to do something that would have worked better using the original.
 
  • Like
Reactions: Vecr and Kosher Dill
Kosher Dill said:
We've done coding war crimes, but how about expanding our e-Nuremberg to crimes of talking about code?

Using any of the following words indicate an opinion that should be discarded:

Performant
Footgun
Bikeshedding
_____'s Law

What else?

(I'm leaving out "CoC language" like "be kind" or we'll be here all day)
Click to expand...
Pythonic / Zen of Python - These people likely only know one programming language, and poorly.
Modular - Especially love it when it comes up at the beginning of a project, all but guaranteeing hours of time be wasted on what is effectively premature optimization, instead of making something that fucking works.

I also enjoy this blog post a lot.

Back on topic, I once saw something like this in pre-production code:
Python: 
some_hash = {
    "input": some_unfiltered_user_input
   , "another key": value
   , ... 
}
# a few lines of code
some_hash = str(some_hash)
# a few more lines
some_hash = eval(some_hash)
Setting aside that eval() is bad.
Setting aside that an eval() containing user input is as close to a programming cardinal sin as I can imagine.
Setting aside that there are myriad ways to safely parse string representations of dictionaries.
At no point in the intervening lines was it useful or necessary to cast that dict to a string in the first place. I have never in my life been so utterly floored; the idea that someone could have successfully landed a job at my (or any) company and produced that still boggles my mind to this day.
Naturally, the codebase also contained many instances of the 'ol
Python: 
try:
    do a thing
except:
    pass
to go with the retardation above (always without comments to explain what the catchall was for, and never logging the error).
It gets worse; I looked up who'd worked on the project, hoping to see some offshore pajeet but no, it was a native.
 
  • Winner
  • Like
  • Feels
Reactions: TroonsDid911, AngryAboutInternets, Safir and 2 others
Uhh... like, imagine using uhh... C, haha, for production code. Like that would be a blunder-and-a-half! Imagine using unsafe programming languages in your project! Heh, that would be almost as much of a war crime as misgendering a trans coworker. Hahaha... yeah, that would be something... Heh... #Rust #MemorySafe
 
  • Like
  • Islamic Content
Reactions: Evil Whitey, Bababooey Warlock, nah and 2 others
A war crime that I almost committed was when I had just started working in programming professionally, and I had to create an editable table where the user would indicate an event (from a fixed list of possibilities) and indicate various other details. The program was internationalized (important for later). The way I would do it today is through an enumerator: the user picks an event, a function recieves the correspondent enumerated value and does the rest of the logic.
The genious idea I had at the time was not to compare the obviously fixed, static and universally compatible enumerator value, but to use the translated string as a comparison. Because some events had to be handled differently than others (e.g. show an additional form to fill out and shit), the code was full of shit like

JavaScript: 
const eventcode = getTranslation(event, language)

if(language === "en-US") {
    if(eventcode === "SHITCODE#1"){...}
    if(eventcode === "SHITCODE#2"){...}
    if(eventcode === "SHITCODE#3"){...}
    ...
} else if(language === "hu-HU") {
    if(eventcode === "SHITCODE#1"){...}
    if(eventcode === "SHITCODE#2"){...}
    if(eventcode === "SHITCODE#3"){...}
    ...
}

Frustrated, I asked the senior what I could do about it, and I am sure he still tells this story to himself when he wants a quick laugh. This code never saw the development server thankfully.
Another one of my colleagues however, who is the laziest piece of shit I've ever met, has used ChatGPT to translate code from JQuery into Angular compatible code, pasted it into the codebase, fixed the obvious undefined error shit he'd find, slap a comment on it and committed straight to main. The code itself was the most retarded shit I've ever seen, because of course it was: it was JQuery code, eaten up and shat out by an AI that was barely out of its diapers at the time
 
  • Lunacy
  • Horrifying
Reactions: Bababooey Warlock, Kuroyuri, Harvey Danger and 3 others
The Bitter Bard said:
Frustrated, I asked the senior what I could do about it, and I am sure he still tells this story to himself when he wants a quick laugh. This code never saw the development server thankfully.
Click to expand...
everyone has made this mistake at some point tbh its easy to catch and no harm done.
i have had to explain enums to pajeets multiple times in the last month however. they just dont get it. saw one fucker merge a pr where instead of a simple enum he defined a struct with a bunch of non-static const integers in it so he could instantiate it each time and access the constant. truly some of the big brain shit of all time.
 
  • Horrifying
Reactions: Bababooey Warlock and Zeftax
Osama Bin Laden said:


View attachment 6601541
Click to expand...
One problem I have with that video is it focuses too much on switch-case V if-else. It's not the type of boolean control structure that is at issue, it's what Alex put in the student script and is running inside the if statements. The Student class is Alex's generic NPC class and instead of having it inherited to be customised for different students and other NPCs, the index in an array that the class instance is present in is used to set all the custom individual NPC specific features. So much of that script is asking, What index am I, and then it asks this a number of different places to change things like NPC hair style or school uniforms. The normal way to do this is to construct the array and NPC classes with parameters in the NPC constructor that do everything that Alex is trying to set by checking what index the class is in the array of all NPCs. I have no idea if this would make a signifiant performance increase to change this. It’s just further proof that Alex is inept and refuses to grow from his mistakes. https://github.com/TypescriptWizard/YandereScripts/blob/main/StudentScript.cs

A good thing about the video is it shows that each individual feature is not at fault. It’s all Alex’s implementation of those features that exposes his ineptitude and lack of desire to learn and improve because the features on their own are generic across different games and therefore is not difficult problems as an industry to solve; Alex is just bad at it. He really should have just let TinyBuild to make his game for him.

44:38 “Infer” That is what the problem is. Alex is too autistic to infer anything.
 
  • Informative
  • Like
Reactions: Bababooey Warlock, Dopeypal and Osama Bin Laden
Sperg_rancher said:
My friends have a "worst practices" channel full of these.
6924903-db0239682b32cc035be1f11d155e2e72.jpg
Click to expand...
That is scary. How do you choose to not just call '=='. A lot of people will focus on the second function and think that's embarrassing. But It should be known that the first function is where you fucked up.

Some more war crimes:
 
stares at error messages said:
Some more war crimes:
Click to expand...
That video is a war crime by itself, I got through one minute and my eyes hurt from the constant clip changes and effects, is this really the type of content tiktok-brained zoomers want? Sure, I used to watch MLG when that was a thing, but this is just not conducive to staying focused on a video where I'm trying to learn something.
 
  • Agree
  • Like
Reactions: 11apocalyptic11, Verpa Teutonica Ingens, Orphaned Punk and 2 others
You must log in or register to reply here.
Back