You may have heard the advice "join a union", but nobody meant it like this. Original. --Remy.

The end of the quarter was approaching, and dark clouds were gathering in the C-suite. While they were trying to be tight lipped about it, the scuttlebutt was flowing freely. Initech had missed major sales targets, and not just by a few percentage points, but by an order of magnitude.

Heads were going to roll.

Except there was a problem: the master report that had kicked off this tizzy didn't seem to align with the department specific reports. For the C-suite, it was that report that was the document of record; they had been using it for years, and had great confidence in it. But something was wrong.

Enter Jeff. Jeff had been hired to migrate their reports to a new system, and while this particular report had not yet been migrated, Jeff at least had familiarity, and was capable of answering the question: "what was going on?" Were the sales really that far off, and was everyone going to lose their jobs? Or could it possibly be that this ancient and well used report might be wrong?

The core of the query was basically a series of subqueries. Each subquery followed this basic pattern:

SELECT SUM(complex_subquery_A) as subtotal FROM complex_subquery_B

None of this was particularly readable, mind you, and it took some digging just to get the shape of the individual queries understood. But none of the individual queries were the problem; it was the way they got stitched together:

SELECT SUM(subtotal) FROM (SELECT SUM(complex_subquery_A) as subtotal FROM complex_subquery_B UNION SELECT SUM(complex_subquery_C) as subtotal FROM complex_subquery_D UNION SELECT SUM(complex_subquery_E) as subtotal FROM complex_subquery_F);

The full query was filled with a longer chain of unions, but it was easy to understand what went wrong, and demonstrate it to management.

The UNION operator does a set union- which means if there are any duplicate values, only one gets included in the output. So if "Department A" and "Department C" both have $1M in sales for the quarter, the total will just be $1M- not the expected $2M.

The correct version of the query would use UNION ALL, which preserves duplicates.

What stunned Jeff was that this report was old enough to be basically an antique, and this was the kind of business that would burn an entire forest down to find out why a single invoice was off by $0.15. It was sheer luck that this hadn't caused an explosion before- or maybe in the past it had, and someone had just written it off as a "minor glitch"?

Unfortunately for Jeff, because the report was so important it required a huge number of approvals before the "UNION ALL" change could be deployed, which meant he was called upon to manually run a "test" version of the report containing the fix every time a C-suite executive wanted one, until the end of the following quarter, when he could finally integrate the fix.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

It's time to look back on a rough 2025, and wonder where we'd be if we missed any more red flags. Original. --Remy

Fresh out of university, Remco accepted a job that allowed him to relocate to a different country. While entering the workforce for the first time, he was also adjusting to a new home and culture, which is probably why the red flags didn't look quite so red.

The trouble had actually begun during his interview. While being questioned about his own abilities, Remco learned about Conglomcorp's healthy financial position, backed by a large list of clients. Everything seemed perfect, but Remco had a bad gut feeling he could neither explain nor shake off. Being young and desperate for a job, he ignored his misgivings and accepted the position. He hadn't yet learned how scarily accurate intuition often proves to be.

The second red flag was run up the mast at orientation. While teaching him about the company's history, one of the senior managers proudly mentioned that Conglomcorp had recently fired 50% of their workforce, and were still doing great. This left Remco feeling more concerned than impressed, but he couldn't reverse course now.

Flag number three waved during onboarding, as Remco began to learn about the Java application he would be helping to develop. He'd been sitting at the cubicle of Lars, a senior developer, watching over his shoulder as Lars familiarized him with the application's UI.

"Garbage Collection." Using his mouse, Lars circled a button in the interface labeled just that. "We added this to solve a bug some users were experiencing. Now we just tell everyone that if they notice any weird behavior in the application, they should click this button."

Remco frowned. "What happens in the code when you click that?"

"It calls System.gc()."

But that wasn't even guaranteed to run! The Java virtual machine handled its own garbage collection. And in no universe did you want to put a worse-than-useless button in your UI and manipulate clients into thinking it did something. But Remco didn't feel confident enough to speak his mind. He kept silent and soldiered on.

When Remco was granted access to the codebase, it got worse. The whole thing was a pile of spaghetti full of similar design brillance that mostly worked well enough to satisfy clients, although there was a host of bugs in the bug tracker, some of which had been rotting there for over 7 years. Remco had been given the unenviable task of fixing the oldest ones.

Remco slogged through another few months. Eventually, he was tasked with implementing a new feature that was supposed to be similar to existing features already in the application. He checked these other features to see how they were coded, intending to follow the same pattern. As it turned out, they had all been implemented in a different, weird way. The wheel had been reinvented over and over, each time by someone who'd never even heard of a circle. None of the implementations looked like anything he ought to be imitating.

Flummoxed, Remco approached Lars' cubicle and explained his findings. "How should I proceed?" he finally asked.

Lars shrugged, and looked up from a running instance of the application. "I don't know." Lars turned back to his screen and pushed "Garbage Collect".

Fairly soon after that enlightening experience, Remco moved on. Conglomcorp is still going, though whether they've retained their garbage collection button is anyone's guess.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

To be honest, math works the same way all year 'round. At least, it's supposed to.

"My Stack Exchange Inbox is Less Than Empty" declared Mike V. "I guess this happens when you read a notification twice!"

 

Adam R. discovered a new kind of mathematical quantity in use: "I was updating my billing address on a certain website, and this was the default value they filled in for my phone number. "Hmm, that's odd," I thought. Then I figured it out: they decided to take my phone number, written out as XXX-YYY-ZZZZ and eval()'ed that as a mathematical expression. The final result of that subtraction with my phone number was, in fact, -439. "

 

"Counting is hard" announces KT. "If mathematically no one reacted, how did they react?"

 

"Unicode this!" challenged Michael R. "Kızılelma is the new Kızılelma"

 

Reinier B. would like us to count the ways. "This piece of text on the LEGO Studio download page changes dynamically, which works OK-ish. But leave the page open for an hour or so and more and more "undefined" strings get inserted."

 

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

How many times does it take to make something a tradition? Well, this is our third installment of Christmas in the Server Room, which seems pretty traditional at this point. Someday we'll run out of Christmas movies that I've watched, and then I'll need to start watching them intentionally. I'm dreading having to sit through some adaptation of the Christmas Shoes or whatever.

In any case, we're going to rate Christmas movies on their accuracy of representing the experience of IT workers. One 💾 grants it the realism of that movie where Adam Sandler fights Pac-Man, while 💾💾💾💾💾 tells us that it's as realistic as an instructional video about the Turbo-Encabulator.

Home Alone

A Rube-Goldberg-quality series of misunderstandings and coincidences lead to bratty child Kevin being left… home alone through the holidays, defending his home from burglars, using a series of improvised, Rube-Golberg-quality booby traps, that escalate to cartoonish violence. The important lesson, however, is that the true meaning of Christmas is family.

Like most cybersecurity teams, Kevin is under-resourced, defending an incredibly vulnerable system from attackers. His MacGyvered together collection of countermeasures all work, in the film, but none of them actually address the true vulnerabilities and could all be easily bypassed by a competent attacker.

Kevin's traps are very much temporary solutions. But when temporary solutions become permanent, awful things can happen.

Rating: 💾💾

Santa Claus

This one will be familiar to any MST3k fans. Santa Claus runs a North Pole factory on child labor and whimsical inventions. Oh, also, his North Pole factory is in space. On Christmas Eve, as he tours the world to reward good boys and girls, Satan sends a demon to tempt children into mild naughtiness. Once again, the true meaning of Christmas is being with those you love, unless you're one of the children in Santa's workshop. Those kids are working on Christmas.

When things get truly dire for Santa, the children junior engineers staffing his workshop recognize that they can't manage the problem, so they fetch Merlin, the original greybeard. Yes, Merlin works for Santa, which implies that Santa and King Arthur may have met, and honestly, I'd rather watch that team-up movie. In any case, "terrified juniors clinging to a senior" is actually not very realistic. These days, the kids would just ask ChatGPT what to do, and end up putting glue on pizza.

Rating: 💾

Violent Night

What happens when we combine Santa Claus with Home Alone? We get the ultimate Santa-does-a-Die-Hard movie, Violent Night. Beverly D'Angelo plays Dick Cheney, an evil matriarch who runs a private military contractor and has stolen millions from US military operations abroad. Even more evil criminals take her family hostage to steal those millions. How are the criminals more evil than Dick Cheney? They're not only thieves, they also hate Christmas!

The family is all horrible people, except for Trudy, the young girl who has been good all year and still believes in Santa Claus. And that means Santa is coming to town. With grenades and sledge hammers and machine guns. The movie also features one of the "best" uses of "Santa uses Christmas magic to go up the chimney" at the end.

The entire villain plan is built around breaking into a super-protected electronic safe, and without spoiling too much, there's a twist in the film where someone has already broken into the safe, which makes one wonder how stupid the villains are (pretty stupid, actually). Also, while I understand the need for narrative convenience (and the Die Hard reference), the idea that the encrypted radios used by the evil villains, and the walkie talkie toy Trudy has to talk to Santa can actually operate on the same bands is… a bit of a stretch. RF bands and allocations and where and when you can use encryption is a whole thing.

Rating: 💾💾

Christmas Card from a Hooker in Minneapolis - Tom Waits

A sex worker in Minneapolis sends a Christmas card to Charlie, presumably a former client or supervisor of hers, updating him on her life. With each verse her life seems to be getting better- until the final verse, which reveals it's all been a charade and she needs help. Like most Tom Waits songs, it's the story of the kind of person who is pushed to the fringes of society, tragic but hopeful, and loaded with empathy.

I've recently been doing a job search of my own, and part of that has been "what dates did you work at $place?" and "give us some references?" and I realized that I'm terrible about keeping tabs on these kinds of things. The idea that I could send a Christmas card to a former client from years ago is absurd. Then again, how do we even know these cards get to Charlie? We just know that she wrote them, not that Charlie got them.

Rating: 🫦🫦🫦

I Am the Antichrist - The Dream Eaters

Two songs this year? Are there even any rules anymore? The lord of the damned has a poppy intro track. I suppose this shouldn't go on a Christmas list, because it likely belongs at the antipodal part of the year. Y'know. Being the Antichrist and all.

Rating: 🪩🪩🪩🪩🪩

Star Trek II: The Wrath of Khan

An aging Captain Kirk is haunted by a mistake of his past: Khan Noonien Singh is back for revenge. This "Horatio Hornblower in Space" riff on Trek is packed with themes: revenge, sacrifice, the frightening power of technology, and an object lesson on why you shouldn't put things in your ears. It also proves that the best, most exciting space battles aren't swooping, wooshing, pew pew pews, but tense games of cat-and-mouse.

As for its Christmas connections? What greater gift can Spock give to his crew but himself? His ultimate sacrifice is what ties the movie together, and of course, it means we got this incredible Christmas ornament out of it. Of all the Christmas spirits I have ever known, his was the most human.

The whole prefix-code thing is a pretty incredible security blunder. A remote back door into any Starfleet vessel, guarded only by a 5 digit code? A 5 digit code that's stored in a database on every other starship? So if an enemy captures one vessel, they can thwart the entire fleet unless everyone updates their prefix code? That's a terribly security posture! And incredibly realistic! That is likely what the future will look like. So I guess that's a credible security blunder, if we're being pedantic.

I bet they store the passwords in plain text too!

Rating: 💾💾💾💾💾

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

The holiday season is an opportunity for employers to show their appreciation for their staff. Lavish parties, extra time off, whatever. Even some of the worst employers I've had could put together a decent Christmas party.

But that doesn't mean they all go right.

For example, Mike S worked for one of those early music streaming startups. One year, the company booked a Russian restaurant in the neighborhood for the party. The restaurant was a gigantic space, with a ground level and a balconay level, but the company was only 70 people, so the company perhaps overbought for the party. Everyone stuffed themselves on appetizers and when the main course came out, it ended up as extremely fishy smelling leftovers in the office kitchen.

Two years later, they booked a party at the same place. But lessons were learned: they only booked the balcony. This meant the ground floor was free for someone else to book, and someone else did. Another party booked the ground floor, and they booked an extremely loud Russian pop band to play it.

The band was deafening and took absolutely no breaks. And while the previous time, everyone stuffed themselves on appetizers, this time there were barely any. But there also wasn't much main course coming out either. By 10PM, Mike was starving and deaf, so he left. At about 10:15, the food came out. But by then, most of the staff had left, which meant once again, the office kitchen got stuffed with very fishy smelling leftovers.

There was not a third Russian party.

Rachel went to her partner's holiday party. This large tech company was notorious for spending loads of money on the party, and they certainly booked a fairly amazing venue for it. But there was confusion with the catering order; while the company shelled out for a full buffet, the caterer decided to only provide finger foods, circulated through the party by waiters carrying plates. By 9PM, the employees had figured out where the kitchen was and were lying in ambush for the waiters. The small plates of chicken tenders and crab rangoons and spring rolls never made it more than two or three steps out of the kitchen before they were picked clean.

At least the company learned that lesson and stopped using that caterer.

But you know, not everything is about holiday parties, or days off. Companies have plenty of other ways to make their staff happy. Little benefits and perks can go a long way. Just take a page from Doug B's company, which put this sign on the badge reader:

Christmas will be a casual dress day.

I hear Doug's co-worker Bob Cratchit is going through some rough times.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

We've talked about the For-Case anti-pattern many, many times. And while we've seen some wild variations, and some pretty hideous versions, I think we have yet to see the exact example Ashley H sends us:

for (int i = 0; i < 4; i++) { if (i == 0) { step1(); } else if (i == 1) { step2(); } else if (i == 2) { step3(); } else if (i == 3){ finalStep(); } }

The specific names of the functions have been anonymized, but this illustrates the key points of what Ashley found.

It's been in the code base for some time, so she's not entirely certain where it came from, or what the company's code review practices were like at the time.

You see, this kind of code doesn't appear fully formed. It gets created, one step, after another, after another, after another. It's like a loop, but… uh… in a line. Without looping.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

Many of us who fly for business and/or pleasure are all too aware of the myriad issues plaguing the 21st-century airline industry: everything from cybercrime targeting ailing IT systems and Boeing's ongoing nightmare to US commercial airline pilots being forced to retire at age 65, contributing to a diminishing workforce that has less of the sort of wisdom that can't be picked up in a flight simulator. The exact sort of experience you want your flight crew to have if, say, your aircraft loses an engine during takeoff.

This is only the tip of the iceberg. And our submitter Greta, reporting from the inside, shows us that even a win could be a dangerous loss waiting to happen:

This will be a departure in that it's about something that is soon to happen, rather than that which already was. Looming in the near distance is an event about which I'm trying my best not to give into apocalypse fetishism, but it's difficult not to.

We make aircraft. They're large, expensive flying robots. Our company is tiny. We're slowly growing, but could very comfortably fit in the 1966 General Motors New Look bus featured in Speed. We've produced, on a good year, up to three aircraft, with all design, programming, assembly and testing done in-house.

This quarter (and into next quarter), we're about to have a whole lot of the right kind of problem; our orders have approximately quintupled, and they're for a heavily revised version of the aircraft that is still partially theoretical. The designs are sort of done, we have some of the hardware that will be running our code, and some of the code is written and working. Some of it is written and non-working. Some of it is yet unwritten. The code carried forward from the previous version has been flown, but none of the new code has flown.

Our development team is facing a fascinating pile-up of pressures.

There is a contingent of fixed-term contracted interns who have been doing some heroic heavy lifting but whose contracts are up in a couple of weeks due to the college schedule; new blood will need to be trained and in the trenches to backfill them.

Some of our (custom) hardware has known design faults and needs modification and re-production, or is in the middle of production and we all hope and pray that no modification requests are needed.

We're doing our damnedest to write production-worthy code and tests as we go, and I would describe the design and review atmosphere as healthy, but bugs can happen and are happening: bugs of the category where, if they were released to an aircraft in the sky, the aircraft would become suddenly reacquainted with the ground. Some of those bugs can be fixed in firmware, and for some of them we need to ask our long-suffering electrical engineer to pretty please pull off a miracle with a soldering iron so that we can continue development before a new board is released.

Fully-functioning test hardware is scarce, and on a near daily basis developers need to have a polite conversation about who gets to perform a flash validation (I have not observed rock-paper-scissors yet).

We also simply don't have the bodies to physically build aircraft in the way we have in the past. Upper management has painted a picture for me where six weeks from now, the CEO, managers, all of my developers and me may be assembling and testing one or two hundred batteries by hand. (I have demanded pizza if this comes to pass.)

All of this in service of an early Spring deadline, with a parade of non-negotiable activities like careful flight testing before it.

Safety is paramount, and no corners will be cut. But picture where we are now: a frenzy of development, then the eye of the storm, the company holiday shutdown, where we all try our best to enjoy the time off without dwelling on what we're getting ourselves into in 2026.

I've always purposely avoided jobs where my screw-ups might produce serious injury or death. I have the utmost respect for those who assume this awesome responsibility and care about doing the best job possible. I feel for Greta and others like her, and I really hope that if or when push comes to shove, her company prioritizes safety over all else. We've already endured too many horrific examples of what happens when corners are cut in service of budget and time constraints that were never realistic to begin with.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

Michael R. recently was Ghana but now he's back. In grand vacation tradition, he is now sharing the best of it with us. And a few more besides. Remember, it's not the journey itself that matters, it's the wtfs we make along the way. Watch me make a bunch as I attempt to weave a narrative around the shots.

First up, the likely inspiration for Michael's entire trip. I guess you don't need the actual website URL, you can find it easily.

 

In an effort to get trim for a long flight in a 17" seat, he engaged in a rigorous fitness regimen. The math here troubles him. "In the good old days 5g + 4.39g were 9.39g." (Yes, but nothing says that you need to add the weights, if one item contains the other.)

 

And he prepared by binge-watching travelogues and "reality" programming, noting here an automation failure ("Insert Date Here")

 

"I know my Donor Name but still need to figure out what WHB stands for."

 

On the ground or near it: "Nothing is older than yesteryear's election." I guess there's still a chance for a future election, so you might as well leave the posters up for name recognition?

 

"Windows Desktop makes a nice background at Soho in Accra https://www.instagram.com/soho_accra/?hl=en-gb" I want pictures of food, Michael!

 

And another Windows escape. Home again home again, jiggity jog. "Take this LHR T5 for letting me wait for my luggage for 30 mins."

 

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

A long time ago, Joey made some extra bucks doing technical support for the neighbors. It was usually easy work, and honestly was more about being a member of the community than anything else.

This meant Joey got to spend time with Ernest. Ernest was a retiree with a professorial manner, complete with horn-rimmed glasses and a sweater vest. Ernest volunteered at the local church, was known for his daily walks around the neighborhood, and was a generally beloved older neighbor.

Ernest had been working on transfering his music collection- a mix of CDs and records- onto his computer. He had run into a problem, and reached out to Joey for help.

"Usually," Ernest explained, "I can get one of the kids from the local university to help me out. But with the holiday break and all…"

No problem for Joey. He went over to Ernest's, sat down at the computer, and powered it up. The desktop appeared, and in the typical older user fashion, it was covered with icons. What was unusual was the names of the files and folders. Things like titwank. Or cockrot.pl and penis.pl. A few were named as racial slurs.

Clearly, the college students Ernest usually hired were having a laugh at the man's expense. That must be it. Joey glanced around the room, trying to think about how to explain this, when he noticed the bookshelf.

The first few books were guides on how to program in Perl. Sandwiched between them was Rogets Profanisaurous, a dictionary of profanity. Then a collection of comedy CDs by Kevin Bloody Wilson, the performer of such comedy songs as "I Gave Up Wanking," "The Pubic Hair Song," and "Dick on Her Mind".

"Ah, yes," Ernest said, "you'll need to pardon my desktop. Before I retired, I was a linguist, and I think you can guess what my speciality was."

"Profanity?"

"Profanity indeed. Now, I was hoping I could get someone to take a look at swallow.pl for me…"

Joey writes:

I always thought of Perl as an arcane language here here instead it has somehow been turned into a profane language.

Usually, profanity is what we use when reading Perl.

For whatever reason I seem to have kept this particular file. I must have taken it home to work on. I now consider it an art piece worthy of printing out and framing on the wall.

I think there is something to that, Joey, but I have to be honest: I'm not going to present the entire file in its true glory, because well, there are limits to the sorts of profanity we run on the site. But it's still worth sharing a few snippets:

We can start with some variable initializations:

my @wankoid; my $wankoff; open(SHIT,"discindex.htm"); @wankoid=<SHIT>; $wankoff=join("",@wankoid); my @toss=split(/\nLabel\:/,$wankoff); my $cockrot=0;

Or perhaps some regex matching:

$swallow=~s/\/\/.*//; $swallow=~s/^L:\\//; $swallow=~s/\r//; my @penis=split(/\\/,$swallow);

Uh… could we not?

for($i=0;$i<$#penis-1;$i++) { $rude=$curse[1]; %dirk=%$rude;; if(!exists($dirk{$penis[$i]})) { $dirk{$penis[$i]}=[($penis[$i],[{}],[{}])]; } $rude=$dirk{$penis[$i]}; @curse=@$rude; }

Wait… is "dirk" slang for something I don't know about?

There are a few other words in here that I don't recognize as profanity, like flk, plip, disind, baf, and tot. And SEE? SEE is profanity? How? Are these profane words I just don't know? I mean, Ernest was a professional profanologist, and I'm just an amatuer. Clearly I have a lot to learn.

If you know what those mean, leave a comment. If you don't know what they mean, but want to make up an answer, I dunno… leave a comment too?

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

As the single-digit Farenheight temperatures creep across the northeast United States, one's mind drifts off to holidays- specifically summer holidays where it isn't so cold that it hurts to breathe.

Luciano M works in Italy, where August 15th is a national holiday, but also August is the traditional time of year for everyone to take off, leaving the country mostly shut down for the month.

A long time ago, Luciano worked for a small company, along with some friends. This was long enough that you didn't rent compute from a cloud provider, but instead ran most of your intranet services off of a private server in your network closet somewhere.

This particular server ran mostly everything: private git hosting, VPN, email, and an internal Jabber server for chat. Given that it ran most services in the company, one might think that they were backing it up regularly- and you'd be right. One might also think that they had some sort of failover setup, and that's where you'd be wrong.

Late August 12th, the hard drive on their server decided it was time to start its own holiday. The main reason everyone noticed when it happened wasn't due to some alert that got triggered, but as mentioned, Luciano was friends with the team, which meant they used the Jabber server to chat with each other about non-work stuff.

Because half the country was already closed for August, getting replacements delivered was a dubious proposition, at best. Especially with the 15th looming, which not only made shipping delays worse, but this particular year was on a Friday, marking a 3-day weekend. Unless they wanted to spend the better part of a week out of commission, they needed to find an alternative.

The only silver lining was that "shipping is delayed" is the kind of problem which can be solved by spending money. By the time it was all said and done, they paid more for shipping than they paid for the drive itself, but the drive arrived by the 14th, and by the end of the day, they had the server back up and running, restored from backup.

And everything was happy, until August 12th, the following year, when the new hard drive decided to die the exact same way as the previous one, and the entire cycle repeated itself.

And on the third year, a hard drive also failed on August 12th. At least, by that point, they were so used to the problem that they kept spare drives in inventory. Eventually, someone upgraded them to a RAID, which at least kept the downtime at a minimum.

Luciano has long since moved on to a new job, but the date of August 12th is his own personal holiday: an unpleasant one.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

Our anonymous submitter was looking for a Microsoft partner to manage his firm's MSDN subscriptions; the pile of licenses and seats and allowed uses was complex enough to want specialists. In hopes of quickly zeroing in on a known and reputable firm, he tracked down the website of a tech consultancy that'd been used by one of his previous employers.

When he browsed to their Contact Us page, filled out the contact form, and clicked Submit, the webpage simply refreshed with no signs of actually doing anything. After staring at the screen for a moment, wondering what had gone wrong, Subby noticed the single quotes used within his message were now escaped. Clicking Submit a few more times kept adding escape characters, with no submission ever occurring. So he amended his message to remove every it's, we're, and other such contraction.

Without single quotes, the next submission was successful. It's impossible to say what was going on behind the scenes, but this seemed to suggest a SQL injection vulnerability in their form submission code. They were escaping "'" characters because they were building their query through string concatenation. But in addition to escaping the single quotes, it seemed to be rejecting any string which contained them.

A stellar first impression, to be sure. In fairness, this firm hadn't designed their own website. The name of the designer they'd contracted with, displayed in the webpage footer, looked more embarrassing than proud in light of his trouble.

An email address was listed beside the contact form. Subby sent a separate email alerting them of the bug he'd found. Hopefully, someone would acknowledge and channel it to the proper support contact.

A week passed. Subby never received a response or any confirmation that any of his messages had been received. Had that mailbox been abandoned after most, if not all, attempted contacts had mysteriously failed?

"I guess no SQL injection if it's never submitted!" Subby joked to himself.

He moved on to other prospects.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

Today's anonymous submitter sends us a short snippet. They found this because they were going through code committed by an expensive third-party contractor, trying to track down a bug: every report in the database kept getting duplicated for some reason.

This code has been in production for over a decade, bugs and all:

if (reportStatuses.indexOf(newStatus > -1)) { // add report to database }

This is server-side JavaScript running in NodeJS. The mistake here is easy to make, it's a simple transposition error. But it's also easy to catch. Any sort of testing at all would find it.

The specific problem, if you haven't spotted it, is where the comparison operator happens: we're passing newStatus > -1 into indexOf as a parameter: this is a boolean value. Now, neither true nor false are in the reportStatuses array, so indexOf returns -1. But -1 is a truthy value, so the condition evaluates to true, adding the report to the database, even if it's already there.

Our submitter writes:

How has no one noticed this? How is the company still in business? How does the world not come down crashing around us more every day?

How is the world not crashing down? Have you looked outside, recently? Tis the season to quote Clark Griswold:

Worse? How could things get any worse? Take a look around here, Ellen. We're at the threshold of hell.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

Three blind anonymice are unbothered by the gathering dark as we approach the winter solstice. Those of you fortunate enough to be approaching the summer solstice are no doubt gloating. Feel free, we don't begrudge it. You'll get yours soon enough. Here we have some suggestions from a motley crew of three or four or maybe more or fewer.

Mouse Number One is suffering an identity crisis, whimpering "I don't really know who I am anymore and I really hoped to have this information after modifying my profile."

 

Mouse Number Twö müses „While Amazon is trying to upsell me their service, I am wondering how their localization infrastructure must be implemented to enable errors like \".“

 

Mouse Number N is almost ready to square off with some back office programmer. "A very secure PIN on an obligatory wooden table."

 

Mouse Number 502 has gone bad. "This could be a gateway to something better. I think I'll apply."

 

Finally, an anon from some summer morn sent us this some time ago and it confused me so much I sat on it. I've never figured out what he was on about, so maybe you can explain it to me. Perhaps his snarky comment will be clueful? "When you don't know how to screenshot, print it out and scan it back in," he said.

 

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

We recently asked for some of your holiday horror stories. We'll definitely take more, if you've got them, but we're going to start off with Jessica, who brings us not so much a horror as an omen.

Jessica writes:

I work for a company in the UK which writes legal software for law firms.

This raises the question what illegal software for law firms might look like, but I understand her meaning.

In the UK, there is a system called "Legal aid", where law firms can give free legal services to people who otherwise couldn't afford it and get reimbursed from the government for their time. As one might imagine from such a system, there is a lot of bureaucracy and a lot of complexity.

The core of the system is a collection of billing rate sheets, billing codes for the various kinds of services, and a pile of dense forms that need to be submitted. Every few months, something in that pile changes. Sometimes it's something small, like moving a form field to a different alignment, or one police station changed its rate sheet. Sometimes it's a wholesale recalibration of the entire system. Sometimes it's new forms, or altered forms, or forms getting dropped from the workflow entirely (a rare, but welcome event).

The good news is that the governing body sends out plenty of notice about the changes before they go into effect. Usually a month, sometimes two, but it's enough time for Jessica's company to test the changes and update their software as needed.

That's what Jessica is working on right now: taking the next batch of changes and preparing the software for the change, a change that's scheduled to deploy a month from now. It's plenty of work, but it's not a hair-on-fire crisis.

Then, during a team meeting, her manager asked: "I haven't booked my holiday yet, and wanted to double check who is available to work over Christmas?"

"Why would anyone need to work over Christmas?" one of the senior developers asked.

Why? Well, one of the larger rate sheets was going to publish new changes on December 22nd, and the changes were expected to be rolled out to all clients on the same day.

"It's just a data update," the manager said weakly. "What could go wrong?"

Probably nothing, that was certainly true. But even just rolling out a change to payment rates was not a risk free endeavor. Sometimes the source data had corrections which needed to be rolled out with great haste, sometimes customers weren't prepared to handle the changed rates, sometimes there were processing pipelines which started throwing out weird bounds errors because something buried in the rate sheet caused a calculation to return absurd results. And sometimes the governing body said "it's just changes to rates," but then includes changes to forms along with it. There wasn't a single rate sheet update that didn't involve providing some degree of support, even if that support was just fielding questions from confused users who didn't expect the change.

The point is that Jessica's team, and every other vendor supplying software to lawfirms in the UK, will be making a major production update three days before Christmas. And from that, providing support to all their customers through that Christmas window.

The only good news? Jessica just started at this job. While the newbie is usually the person who gets stuck with the worst schedule, she's so new that she's not prepared to handle the support work alone, yet. So it's one of the senior devs who gets to work through the holiday this year.

Jessica writes:

Thank god it's not me this year!

Oh, don't worry Jessica. There will be plenty more holidays next year.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

(Read Part 1 here)

By the 10-month mark of her job search, Ellis still lacked full-time employment. But she had accumulated a pile of knowledge and advice that she wished she'd started with. She felt it was important to share, in hopes that even one person might save some time and sanity:

• This is your new normal. Take time to grieve your loss and accept this change. Act and plan as if this situation were permanent. It isn't, of course, but it does you no good to think that surely you won't be at this long, you'll definitely have a job by such and such time, etc. Minimize your expenses now: instead of viewing it as deprivation, make a game out of creative frugality. Do whatever it takes to preserve your physical and mental health. Remember your inherent worth as a living being, and rest assured that this does not diminish it in any way. Know that thousands, if not millions, are in this boat with you: people with decades of experience, people fresh out of school, people with doctorates, they're all struggling. Some have been searching for years and have cast thousands of applications out there, to no avail. This isn't meant to scare or depress you. This is to properly set your expectations.
• Take the time to decide what you REALLY want for the future. You might have to fight against a lot of panic or other tough emotions to do this, but it would help to consider your current assets, your full range of options, and your heart's desires first. What did you like/dislike about your past experience that might inform the sorts of things you would/wouldn't want in whatever comes next? Is there anything you've dreamed of doing? Is there any sort of work that calls to you, that you gladly would do even if you weren't paid for it? Are you thinking that maybe this might be the time to start your own business, go freelance, return to school, change careers, or retire? This may be a golden opportunity to pivot into something new and exciting.
• Work your network. This is the cheat code, as most jobs are not obtained by people coming in cold. If a friend or coworker can give you a referral somewhere, you might get to skip a lot of hassle. As your job search lengthens, keep telling people that you're available.
• Go back to basics. Don't assume that because you've job-hunted before that you know what you're doing with respect to resumes, cover letters, interviews, portfolios, LinkedIn, etc. AI has completely changed everything. If you can get help with this stuff, by all means do so. Before paying for anything, look for free career counseling and job leads offered by nonprofits or other agencies near you. Your library might offer career help and free courses through platforms like LinkedIn Learning. You can find tons of tutorials on YouTube for skills you may be lacking, and you can often audit college courses for free.
• Ask for help. Get comfortable asking for whatever you may need. Most people want to help you, if they only knew how. Times like these are when you learn how wonderful people can be.
• Streamline your search. Fake job postings are rampant. Avoid looking for or applying to jobs through LinkedIn. Check sites like Welcome to the Jungle, Jobgether, and Remote Rocketship for leads (feel free to share your own favorite lead-generators in the comments). Once you find a promising listing, go to the company's website and look for it there. Assuming you find it, save yourself some time by skipping straight down to the Qualifications list. Do you satisfy all or most of those? If not, move on. If so, read the rest of the listing to see if it's a good match for you. Apply directly from the company's website, making sure your resume contains their list of must-haves word-for-word. AI will be evaluating your application long before any human being touches it.
• Beware scams. They are everywhere and take all forms. For instance, you may be tempted to apply to one of those AI-training jobs for side cash, but they will simply take your data and ghost you. Scammers also come at you by phone, email, and text. If it's unsolicited and/or too good to be true, it's probably fake. Always verify the source of every job-related communication.
• If you make it to the interviewing stage, expect a gauntlet of at least four to get through. Thanks, Google! If you're in need of a laugh, take an interview lesson from the all-time champion himself, George Costanza.
• You will face rejection constantly. Even if you view rejection as a positive force in your life for growth, it's still hard to take sometimes. Whatever you feel is valid.
• Ghosting is also normal. Even for those who've already been through several rounds of interviews, who felt like they really nailed it, or were even told to expect an offer. Prepare yourself.

Even though Ellis had resolved to look more seriously into remaining freelance, she hadn't been able to help throwing resumes at full-time job postings whenever a promising one surfaced. After all, some income and benefits would really help while figuring out the freelance thing, right?

Unfortunately, she got so caught up in this tech writing assignment, that interview, that her new adventure wasn't just relegated to the side, it was fully ejected from her consciousness. And for what? For companies that forgot all about her when she failed to meet all of their mysterious criteria. Poof. Hours of study and research up in smoke, hopes crushed.

Clutter accumulated on her computer and around her normally neat house. Every time she looked at one of these objects out in the open, her brain spun off 14 new threads. I have to take that downstairs ... Oh! There's no room in that drawer, I'll have to clean it out first. Also gotta clean my eyeglasses while I'm there. No wait, I was gonna write that email! Oh wait, tomorrow, I'm going to the gym today. Lemme write this down. Where's my laptop?

Along with stress came resentment and frustration from a sense of never accomplishing anything. Finally, Ellis forced herself to stop and pay attention. She'd gone seriously off-course. Her feelings were telling her that if she persisted in this job search, she'd be betraying some deep truth about herself. What was it, exactly?

Being a storyteller, it helped her to consider her own tale. She realized that at the end of her life, she absolutely would not be satisfied saying, "Man, I'm glad I left all those software manuals to the world." With whatever time she had left, she wanted to center her gifts first and foremost, never again relegating them to the periphery. She wanted to leverage them to help others, find ways to build community, serve the world in ways that mattered deeply to her and aligned with her values. She wanted to further free herself from society's shoulds and have-tos.

Her last full-time gig would've given her five weeks of vacation. During her job search, how many weeks of vacation had she given herself? Zero, aside from those forced by illness or injury.

• Do better than Ellis. Give yourself regular sanity breaks. Take in sunlight and nature whenever possible. Do things that make your soul feel alive, that make you wonder where the time went. Laugh! Enjoy "funemployment."

Ellis was blessed with financial savings that had carried her thus far. From Thanksgiving to New Year's, she resolved to give herself the gift of unplugged soul-searching. How did she want to live the rest of her life? How would she leave the world better than how she'd found it? These were the questions she would be asking herself.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

When writing software, we like our code to be clean, simple, and concise. But that loses something, you end up writing just some code, and not The Code. Mads's co-worker wanted to make his code more definite by using this variable naming convention:

public static void addToListInMap(final Map theMap, final String theKey, final Object theValue) { List theList = (List) theMap.get(theKey); if (theList == null) { theList = new ArrayList(); theMap.put(theKey, theList); } theList.add(theValue); }

This Java code clearly is eschewing generic types, which is its own problem, and I also have to raise concerns about a map of lists; I don't know what that structure is for, but there's almost certainly a better way to do it.

But of course, that's not why we're here. We're here to look at the variable names. This developer did this all the time, a bizarre version of Hungarian notation. Did the developer attend The Ohio State? (Since all jokes are funnier when you explain them, Ohio State insists on being referred to with the definite article, which sounds weird, and yes, that's not the weirdest thing about American Football, but it's weird).

I worry about what happens when one function takes in two maps or two keys? theKey and theOtherKey? Or do they get demoted to aKey and anotherKey?

But I am left wondering: what is theValue of this convention?

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

Betsy writes:

I found this snippet recently in a 20-year-old RPG program.

Ah, yes, twenty years ago, RPG, that means this was written in the 1970s. What? No. That can't be right? That's how long ago?

Joking about my mortality aside, in the early oughts, most of the work around RPG was in keeping old mainframe systems from falling over. That entirely new code was being written, that new projects were being started twenty years ago is not a surprise, but it's unusual enough to be remarkable. That said, the last release of RPG was in 2020, so it clearly keeps on keeping on.

In any case, this developer, we'll call them "Stephen", needed to create an array containing the numbers 12 through 16.

Let's take a peek at the code.

D RowFld S 3 0 DIM(5) D X S 3 0 D Y S 3 0 C EVAL X = 12 C FOR Y = 1 TO %Elem(RowFld) C EVAL RowFld(y) = X C EVAL X = X + 1 C ENDFOR

The first three lines create some variables: RowFld, which is an array containing 5 elements, and will hold our offsets. X and Y are going to hold our numeric values.

We set X equal to 12, then we start a for loop from 1 to the length of our RowFld. We set the element at that index equal to X, then increment X.

The code is awkward, but is not exactly the WTF here. This particular program displays a file and a subfile, and these values are used to position the cursor inside that subfile. The array is never iterated over, the array is never modified, the array would 100% be better managed as a set of constants, if you didn't want to have magic numbers littering your code. More than that, the location of the subfile on the screen has never changed. And let's be fair, this didn't get rid of magic numbers, it just made them one through five, instead of 12 through 16, as the indexes in the array are just as arbitrary.

In other words, there's no point to this. Even if the specific version of RPG didn't have constants variables that you handle like constants would be fine (my checks on the documentation seem to imply that CONST first appeared in version RPG IV 7.2, which makes it look like circa 2016).

But there's one more bit of weirdness here. Stephen had several years of experience with RPG, and all of that experience was from the "free-format" era of RPG. You see, way back in 2001, RPG finally freed itself from its dependency on punchcards, and started allowing you to write code as just strings of text, without requiring certain things to exist in certain columns. This was a generally positive enhancement, and Betsy's team immediately adopted it, as did everyone running the latest versions of RPG. All new development was done using the "free-format" style, so they could write code like normal people. They even had a conversion tool which would do some simple string manipulation to convert legacy RPG programs into the modern style, and had basically abandoned the legacy style without looking back.

Except for Stephen, who insisted on the column oriented format. Who protested when anyone tried to modify their code to modernize it at all. "Oh, we used free-format at my last job," Stephen said when pressed, "but it's confusing and columns are just cleaner and more readable."

Eventually, someone else wrote a program that absorbed all the functionality in Stephen's program. Stephen kept plugging away at it for a few years afterwards, because a handful of users also refused to migrate to the new tool. But eventually they left the company for one reason or another, and Stephen found himself without users for his work, and left with them.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

Scared Stanley stammered "I'm afraid of how to explain to the tax authority that I received $NaN."

 

Our anonymous friend Anon E. Mous wrote "I went to look up some employee benefits stuff up and ... This isn't a good sign."

 

Regular Michael R. is not actually operating under an alias, but Ovostake doesn't know.

 

Graham F. gloated "I'm glad my child 's school have followed our naming convention for their form groups as well!"

 

Adam R. is taking his anonymous children on a roadtrip to look for America. "I'm planning a trip to St. Louis. While trying to buy tickets for the Gateway Arch, I noticed that their ticketing website apparently doesn't know how to define adults or children (or any of the other categories of tickets, for that matter)."

 

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

It feels like ages ago, when document databases like Mongo were all the rage. That isn't to say that they haven't stuck around and don't deliver value, but gone is the faddish "RDBMSes are dead, bro." The "advantage" they offer is that they turn data management problems into serialization problems.

And that's where today's anonymous submission takes us. Our submitter has a long list of bugs around managing lists of usernames. These bugs largely exist because the contract developer who wrote the code didn't write anything, and instead "vibe coded too close to the sun", according to our submitter.

Here's the offending C# code:

[JsonPropertyName("invitedTraders")] [BsonElement("invitedTraders")] [BsonIgnoreIfNull] public InvitedTradersV2? InvitedTraders { get; set; } [JsonPropertyName("invitedTradersV2")] [BsonElement("invitedTradersV2")] [BsonIgnoreIfNull] public List<string>? InvitedTradersV2 { get; set; }

Let's start with the type InvitedTradersV2. This type contains a list of strings which represent usernames. The field InvitedTradersV2 is a list of strings which represent usernames. Half of our submitter's bugs exist simply because these two lists get out of sync- they should contain the same data, but without someone enforcing that correctly, problems accrue.

This is made more frustrating by the MongoDB attribute, BsonIgnoreIfNull, which simply means that the serialized object won't contain the key if the value is null. But that means the consuming application doesn't know which key it should check.

For the final bonus fun, note the use of JsonPropertyName. This comes from the built-in class library, which tells .NET how to serialize the object to JSON. The problem here is that this application doesn't use the built-in serializer, and instead uses Newtonsoft.JSON, a popular third-party library for solving the problem. While Newtonsoft does recognize some built-in attributes for serialization, JsonPropertyName is not among them. This means that property does nothing in this example, aside from add some confusion to the code base.

I suspect the developer responsible, if they even read this code, decided that the duplicated data was okay, because isn't that just a normal consequence of denormalization? And document databases are all about denormalization. It makes your queries faster, bro. Just one more shard, bro.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

On Thanksgiving Day, Ellis had cuddled up with her sleeping cat on the couch to send holiday greetings to friends. There in her inbox, lurking between several well wishes, was an email from an unrecognized sender with the subject line, Final Account Statement. Upon opening it, she read the following:

Dear Ellis,

Your final account statement dated -1 has been sent to you. Please log into your portal and review your balance due totaling #TOTAL_CHARGES#.

Payment must be received within 30 days of this notice to avoid collection. You may submit payment online via [Payment Portal Link] or by mail to:

Chamberlin Apartments
123 Main Street
Anytown US 12345

If you believe there is an error on your account, please contact us immediately at 212-555-1212.

Thank you for your prompt attention to this matter.

Chamberlin Apartments

Ellis had indeed rented an apartment managed by this company, but had moved out 16 years earlier. She'd never been late with a payment for anything in her life. What a time to receive such a thing, at the start of a long holiday weekend when no one would be able to do anything about it for the next 4 days!

She truly had so much to be grateful for that Thanksgiving, and here was yet more for her list: her broad technical knowledge, her experience working in multiple IT domains, and her many years of writing up just these sorts of stories for The Daily WTF. All of this added up to her laughing instead of panicking. She could just imagine the poor intern who'd hit "Send" by mistake. She also imagined she wasn't the only person who'd received this message. Rightfully scared and angry callers would soon be hammering that phone number, and Ellis was further grateful that she wasn't the one who had to pick up.

"I'll wait for the apology email!" she said out loud with a knowing smile on her face, closing out the browser tab.

Ellis moved on physically and mentally, going forward with her planned Thanksgiving festivities without giving it another thought. The next morning, she checked her inbox with curious anticipation. Had there been a retraction, a please disregard?

No. Instead, there were still more emails from the same sender. The second, sent 7 hours after the first, bore the subject line Second Notice - Outstanding Final Balance:

Dear Ellis,

Our records show that your final balance of #TOTAL_CHARGES# from your residency at your previous residence remains unpaid.

This is your second notice. Please remit payment in full or contact us to discuss the balance to prevent your account from being sent to collections.

Failure to resolve the balance within the next 15 days may result in your account being referred to a third-party collections agency, which could impact your credit rating.

To make payment or discuss your account, please contact us at 212-555-1212 or accounting@chamapts.com.

Sincerely,

Chamberlin Apartments

The third, sent 6 and a half hours later, threatened Final Notice - Account Will Be Sent to Collections.

Dear Ellis,

Despite previous notices, your final account balance remains unpaid.

This email serves as final notice before your account is forwarded to a third-party collections agency for recovery. Once transferred, we will no longer be able to accept payment directly or discuss the account.

To prevent this, payment of #TOTAL_CHARGES# must be paid in full by #CRITICALDATE#.

Please submit payment immediately. Please contact 212-555-1212 to confirm your payment.

Sincerely,

Chamberlin Apartments

It was almost certainly a mistake, but still rather spooky to someone who'd never been in such a situation. There was solace in the thought that, if they really did try to force Ellis to pay #TOTAL_CHARGES# on the basis of these messages, anyone would find it absurd that all 3 notices were sent mere hours apart, on a holiday no less. The first two had also mentioned 30 and 15 days to pay up, respectively.

Suddenly remembering that she probably wasn't the only recipient of these obvious form emails, Ellis thought to check her local subreddit. Sure enough, there was already a post revealing the range of panic and bewilderment they had wrought among hundreds, if not thousands. Current and more recent former tenants had actually seen #TOTAL_CHARGES# populated with the correct amount of monthly rent. People feared everything from phishing attempts to security breaches.

It wasn't until later that afternoon that Ellis finally received the anticipated mea culpa:

We are reaching out to sincerely apologize for the incorrect collection emails you received. These messages were sent in error due to a system malfunction that released draft messages to our entire database.

Please be assured of the following:
The recent emails do not reflect your actual account status.
If your account does have an outstanding balance, that status has not changed, and you would have already received direct and accurate communication from our office.
Please disregard all three messages sent in error. They do not require any action from you.

We understand that receiving these messages, especially over a holiday, was upsetting and confusing, and we are truly sorry for the stress this caused. The issue has now been fully resolved, and our team has worked with our software provider to stop all queued messages and ensure this does not happen again.

If you have any questions or concerns, please feel free to email leasing@chamapts.com. Thank you for your patience and understanding.

All's well that ends well. Ellis thanked the software provider's "system malfunction," whoever or whatever it may've been, that had granted the rest of us a bit of holiday magic to take forward for all time.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.