|
Such messie code is dangerous as gasoline. One error and everything blows up.
I wont accept such stuff from my collegues. 
Press F1 for help or google it.
Greetings from Germany
|
|
|
|
|
Doing some code clean up and found this gem
if ( flag && test_fn() )
{
if ( test_fn() )
{
}
}
test_fn() isn't particularly expensive ... but really?
|
|
|
|
|
So presumably test_fn looks something like this:
private int _testCallCount = 0;
public bool test_fn()
{
_testCallCount++;
return (_testCallCount & 1) == 0;
}
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
At least it is not
if ( ((flag == true) && (test_fn() == true)) == true)
{
if ( test_fn()== true )
{
}
}
modified 19-Jan-21 21:04pm.
|
|
|
|
|
What if test_fn() does change a global such that, when the next time it runs, may not return true?
That makes perfect sense to call a function after already calling validating it.
I've set a flag that, when true, also calls a function within an If statement.
I once-again call the function to see if we're still good to go, especially in a parallel processing app that can change datapoints before another process gets to it.
I then recursion into the function during the function to ensure that no externals have changed while it is in process, for it calls additional functions.
And, if you believe I do all this, then hire me at $1 million a year and I'll gladly implement this into yer project!
|
|
|
|
|
MacSpudster wrote: I once-again call the function to see if we're still good to go
You really should be using locking :P
TVMU^P[[IGIOQHG^JSH A#@RFJ\c^JPL>;"[, /|+&WLEZGc
AFXc!L<br />
%^]*IRXD#@GKCQ R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_ADEPABIKRDFVS)EVLQK)JKQUFK[MUKs$GwU#QDXBER@CBN%
R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaK-iTV.C\y<pjxsg-b$f4ia> -----------------------------------------------
128 bit encrypted signature, crack if you can
|
|
|
|
|
I totally agree 
modified 19-Jan-21 21:04pm.
|
|
|
|
|
May be this poor guy think that check test_fn() 1 time is not True enough, and he do it twice just for sure 
In code we trust !
|
|
|
|
|
The application I'm newly tasked with maintaining is a large heap of WTF, but I picked this problem out to share because it demonstrates the supreme barrier to understanding that the prior developer(s) have constructed:
#define __2__
#if __2__
#else
#endif
  
Actually, there are many comments all over the code, but of the sort that tell you absolutely nothing:
if (max > -1)
{
...
}
Why name that variable maxCsvPosition when a careful analysis of the dozens of lines of surrounding code will tell you that? What are you, lazy? And even dozens of lines is often a luxury—many of the methods in this thing are many hundreds of lines long! The variable names are typically like the following, their scope often spanning many screens' worth of code:
ed1
s
sd
p
pd
Shouting curse words with great frequency has become my new affect here at t'office.
I despair 
|
|
|
|
|
Variable naming rule 0) You don't have to name the variables you don't create.
|
|
|
|
|
My deciphering of four of those variable names is:
s sd p pd
|
|
|
|
|
Your guess is at least as good as mine until I can dig in more deeply. p is not a pointer (at least not in C# parlance) but turns out to hold an instance of something called a FieldDef 
This code was clearly written by vandals
|
|
|
|
|
This inspired me a little haiku! 
if (nameOfUser)
name ++;
for (var word = 0; word < name; lowercase(ref word)) {
Comments(ref products);
}
|
|
|
|
|
Well, with number two ... why not flush down the sh1t?
|
|
|
|
|
WTF? Whoever wrote that code needs to have a frontal lobotomy... As they are obviously antisocial psychopaths!
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
Given that they wrote the code to begin with, I think the lobotomy is already accomplished.
Software Zen: delete this;
|
|
|
|
|
What if he already had one?
|
|
|
|
|
Those variable names look just like ones that were used at a place I used to work. There is a reason I don't work there any more. 
Just because the code works, it doesn't mean that it is good code.
|
|
|
|
|
Maybe someone else wrote perfectly sensible application with full names and such...and deployed it obfuscated...finally, someone (obviously not the same someone  ) reflected it back to code and sold it as his own
|
|
|
|
|
|
True, it can weed out script kiddies searching for easy exploit to run.
However, for a targeted attack, it does not trick the attacker very long, as there is lots of way to fingerprint the underlying server.
I think a better protection is lying, not hiding. Make them believe you run on Apache while you are using IIS.
|
|
|
|
|
Who needs attacks based on vulnerabilities in the server or framework, when so many sites are open to SQLi, XSS or XSRF? 
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Who needs SQLi, when more sites are vulnerable to a DDoS?
You look at the entire chain, and a weak link cannot be justified with pointing out other dangers.
Bastard Programmer from Hell 
If you can't read my code, try converting it here[^]
|
|
|
|
|
A DDoS will take the site down for a while, or even permanently. SQLi will leak your entire database to any script-kiddie with the right tool, and you'll end up facing massive fines and compensation claims.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: you'll end up facing massive fines and compensation claims
I see lots of articles where some large firm leaked passwords, but I never heard anything about "claims" or compensation.
Even if you did not have the luxury of checking all the code of the outsourced devs' group for SQLi, and you'd have to rely on their word; point is that you don't ignore the rest of potential problems, simply because some other may exist.
..but yes, I do hope that claims will be more common in the future. Only then would companies have a financial incentive to keep their security up-to-date.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
