Be even more DRY by having function that does quite a bit of everything, accepts different arguments, and returns different type. You only need to supply different strings to the first parameter
My first job out of college, my boss and I took over some code that was written by two genius PhDs (one math, one physics - we were working in finance.)
I noticed a variable (long word starting with z) used in a lot of places. Turns out it was the German word for "counter".
It was my first hint that most of the backend codebase was written as a competition between the two of them to seem the smartest.
On the front-end, I remember opening some many thousand line long file trying to figure it out. I scrolled pages and pages to the top of the file looking for a comment. I found one. The comment:
Similar story: a few years out of college I too inherited a codebase written in the 1990s by some genius phd, also in the finance field. Someone else clearly tried to clean it up before me. The word “WTF” was in comments throughout the codebase.
Could be worse - my first was a program where someone had written the source in Delphi and run it through a Delphi -> C converter and then they threw away the original Delphi code. The resulting spaghetti was the only production code available.
Gulp. I’ve left a comment like that or two. Probably isn’t helping the cause, but it’s waving a flag for the next person who’s got budget to clean it up.
Maybe this would be a good use for AI code generation. Reversable non-obfuscated obfuscated code. If you just obfuscate it it's pretty obvious what you're doing but if an AI can obfuscate it in a what that looks like something that is plausible that you could have written it you'd get away with it. Reversable so that you could undo it make updates and then reobfuscale.
This is the way it seems to go in the public sector, at least here in Norway.
1. Get an n year government contract for some huge public IT overhaul. E.g building a new hospital journal system for a large region(this example is real, google "helseplatformen")
2. Spend years developing this huge proprietary .net monolith with a waterfall model, and minimal user interaction and testing during most of the contract.
3. Release an MVP by the end of the contract that's barely suited for the task(inevitable due to inherently broken dev model) and causes a huge amount of problems
I've done big government contracts for many years as a consultant in Norway, and haven't really seen this. Guess it's because Java is so much better than those .NET monoliths ;)
But seriously, I guess it depends on the maturity of those writing the tender / anbud. Too often they get bamboozled by big4 like consultancies (Accenture, Sopra Steria etc..) that act more like project managers and sales people than developers.
The company I used to work for actually stopped giving offers on lots of these kind of projects. None of us wanted to work on these kind of bureaucratic nightmares where one is set up to fail. It's much more fun to deliver something of value, even if one doing something else could've squeezed out some more money. We "fired" clients that didn't give us opportunity to actually do good or have an impact.
I think more of these public sector tenders should stop focusing on "projects", and instead focusing on just getting the correct people that can help them iteratively move in the correct direction.
Unfortunately it's often hard to get money for this. Easier to say "we need X millions for this huge project".
The worst part is that the people who work for these companies who work for the government think that they're efficient. In reality, there are often startups out there which could build the same system better in 1/10th of the time.
The bigger an organization is, the more easy money they have, the worst their expectations are when it comes to software development. I once worked for such a company as a software developer and I was shocked that I kept getting positive reviews in spite of being the laziest I had ever been. I was spending most of my time watching videos on YouTube; but the little work I did between YouTube videos was somehow better than that of their average employee...
I've been involved in some big public sector projects and it indeed went like this, but I'd say most of the blame was on the government.
The tender requirements were written by a general tender-writing team of the government.
We only got to meet the actual users of the software-to-build after we'd won the tender. Apparently what was in the tender was a complete mismatch with what the actual users wanted (as far as they actually knew what they wanted).
What the users wanted didn't matter, because payment was based on checking off all tender requirements. Oh, one of the tender requirements was "all business logic needs to be configurable by the users" and more gems like that.
Definitely true in Denmark too, their back in 2010s new tax IT system (skat-something) made a friend of mine who was sub-subcontracted from his 1-man company a wealthy man (wealthy as fully pay for small flat in central Prague, then for big flat a bit more off and then land & building a house a bit further away, only from income from this within few years, with 2 kids and wife not working).
When you get most of daily contractor fees directly, you easily end up with 15,000k$ net monthly income, working mostly remotely, in a country that had median monthly income below 1,000$.
Not that he worked hard or anything, frequently fridays looked like 'ok I am free give me some work' which almost never came. It was done on some ancient long dead weblogic/wslt things, stuff I can hack together in ie apache camel or similar in few afternoons (not 100% of it but core definitely yes).
Definitely a fault of government, no private company will come and say 'hey we can do it in 10% of the time / costs but we wont be using these big brand technologies (TM)'. Can't imagine there wasnt some big corruption too. IIRC prod launch was some major clusterfuck which filled newspapers for some time.
Sounds like my experience with software procurement in state government in the USA. The basic problem as I see it is that the companies that get contracts aren't especially good at writing software, where they really shine is in understanding the intricacies of the procurement process.
Sounds like defense industry software. You have super geniuses laying down the actual design and hardware in a few years and troglodytes writing the code for 20 years.
The section on naming is amateur. Names like `fred` or 'asdf' are too obviously meaningless and wouldn't even pass a code review.
You want names that do describe your code but badly. If your function reads policies from the DB, filters them and calculates some missing data, be sure to name the function 'readPolicies'. Nobody will look at that function when chasing a bug related to the filtering part!
You may want to spread it across a few changes to get plausible deniability. You may also "fix" the name by changing it to something hopelessly generic like `initializeState`.
My favourite python function, get_data. Takes a dictionary called 'config'. Mutates it, sends it to another function called load_data. No docstrings anywhere.
Use micro-services! The more the better! And write each micro-service using a different programming language and build system. Make sure the protocols are not documented. And that the micro-services are called p376, f190 etc. Make sure that some micro-services need to access a specific server setup to build!
I did this at my last job. It's truly astonishing how much can run inside the database. Your whole application and business logic if desired. I wrote a lot of PL/SQL which actually was not that unpleasant although god knows who can maintain that after I'm gone.
What I saw there in particular was that any given team will try to solve their problems in their domain. For example, I was in the database administrator team, and they tried to do everything in the database and use database features for everything.
Then you have the DevOps/Middleware team who try to do everything in pipelines and with ansible scripts etc.
The best thing you could invest in imo. to be a good allrounder is really good knowledge of unix(like) systems and a shell which is available everywhere.
Write your cicd pipeline logic as shell scripts instead of e.g. the dsl of gitlab/github. That'll be usable in every domain!
> Hungarian Notation is the tactical nuclear weapon of source code obfuscation techniques; use it! Due to the sheer volume of source code contaminated by this idiom nothing can kill a maintenance engineer faster than a well planned Hungarian Notation attack. The following tips will help you corrupt the original intent of Hungarian Notation:
There should be more tips, like use "l" as a prefix to any number, like shorts. Also, make sure to sometimes distinguish shorts, ints and sometimes not!
Also, when you've accumulated about ten years of this, start using a different making scheme and make sure there are preferably random bits of Hungarian notation around. Make sure there's no record of why and no explanation of what Hungarian notation is and how to use it.
Worked with some guys like this, probably doing it intentionally. One guy liked single-letter vars & derivatives thereof. For example all the following might appear in the same 100 lines of code: a, aa, a_, aa_, aa__, A, AA, A_, AA_.
Often these were crazy code forking paths like:
* a is a 1 liner which calls a_ or aa depending on a conditional.
* a_ then returns something or calls a__ depending on a conditional.
* aa calls aa_ or aa__ depending..
* A, AA, A_ and AA__ might be some global states or boolean flags or cmdline args or env vars read in which effect all the above..
Another favorite was to use the same noun in different cases for different types of things. For example:
* servers - a function you call which returns a list of servers
* servers_ - a subfunction called by servers
* SERVERS - a boolean global variable switch to enable functionality
* Servers - a variable containing the list of servers used by all of the above
I once asked him to explain the differences and there was no consistency. Sometimes all-caps was the function, sometimes all-caps was the boolean, sometimes lowercase, whatever.
The best was clearly someone forced him to put in comments under duress.
However he ONLY commented the obvious stuff, like-
Extra points: leave old and outdated documentation and scripts in the repository. New documentation should go to a wiki that is not referenced in code and does not track versions. Different parts of the wiki should apply to different code versions.
My favorite is when the codebase is so deeply buried in macros and headers that send you on a wild goose chase to find any actual code that it becomes much easier to just dump the binary in ida/binja. The source code can lie but at least the compiled binary directly does what it says
That feeling when you finally, finally find the bit of code you’ve been looking for… and you can no longer remember why you were looking for it, because you’ve completely purged your short term memory.
Having to track down macros across several files really annoys me as well. When I write macros in C, I place them just above the code where they are used and undefine them immediately after.
One of my favorite tricks is to combine functions that get called recursively (ideally four-five calls before you get back to the first one in the circle) with objects that are gradually unpacked such that their identically named member functions do subtly different things.
> If you call your variables a, b, c, then it will be impossible to search for instances of them using a simple text editor.
My friends, it’s time we all learn regex. You’ve heard it’s unknowable, but a simple \b on either side of your target search is your friend too! It just means “there isn’t an alphanumeric character next to me!” It wants to get to know you! If you can’t search for a variable named a, it wants to help!
I'm that one man show, within a very dysfunctional org.
I write a lot of internal tools, unprompted, just to save time for me or colleagues I like.
I get bored sometimes, so deep inside some of them there's a naive Forth interpreter, and I then write some non performance critical logic in Forth. It's just a silly personal joke, at least until the proverbial bus hits me.
This "how to" guide describes, quite literally, a project I used to be on. I ran down the list and just went "Check. Check. Check. _pause_ Yeah, check. Check. Check."
Inherited one project where the previous developer enjoyed writing if cases like this
if (article > 0)
confusing early on becuase you would start thinking this is a beginning of arithmetic comparison of numbers when it actually was just a check if the article existed or not.
you no longer have to learn all that, there are plenty of frameworks and specs to combine into much greater complexity with great P deniability. OAUTH is a good place to start, add some graphQL parsing, there is plenty of similarly legit looking nosql.
[+] [-] Waterluvian|3 years ago|reply
1. Give all your Python class members a tedious naming convention.
2. Be DRY by writing helper functions that do name lookup based on a string of the last half of the member name.
3. Be even more DRY by having the function guess a little if the match isn’t exact
You now have an application where you cannot search for where members are referenced.
[+] [-] ziml77|3 years ago|reply
Clean Code was mental poison for me and certainly led to a bunch of overly abstracted or overly-DRY code.
[+] [-] kayodelycaon|3 years ago|reply
[+] [-] 9dev|3 years ago|reply
[+] [-] Tade0|3 years ago|reply
For some reason everyone tried to be clever with code reuse in them which almost always resulted in an unsearchable mess.
[+] [-] Stratoscope|3 years ago|reply
At that point you'll be singing How DRY I Am!
https://temperanceblues.web.illinois.edu/how-dry-i-am/
[+] [-] valand|3 years ago|reply
[+] [-] eximius|3 years ago|reply
[+] [-] xyzelement|3 years ago|reply
I noticed a variable (long word starting with z) used in a lot of places. Turns out it was the German word for "counter".
It was my first hint that most of the backend codebase was written as a competition between the two of them to seem the smartest.
On the front-end, I remember opening some many thousand line long file trying to figure it out. I scrolled pages and pages to the top of the file looking for a comment. I found one. The comment:
/* What is this shit? */
Written by someone who tried to help those guys.
[+] [-] haginile|3 years ago|reply
[+] [-] kwkelly|3 years ago|reply
[1] https://en.wikipedia.org/wiki/Integer#History
[+] [-] ascotan|3 years ago|reply
[+] [-] dfee|3 years ago|reply
[+] [-] tored|3 years ago|reply
[+] [-] zcw100|3 years ago|reply
[+] [-] gfaregan|3 years ago|reply
[+] [-] heavyset_go|3 years ago|reply
[+] [-] mtlmtlmtlmtl|3 years ago|reply
1. Get an n year government contract for some huge public IT overhaul. E.g building a new hospital journal system for a large region(this example is real, google "helseplatformen")
2. Spend years developing this huge proprietary .net monolith with a waterfall model, and minimal user interaction and testing during most of the contract.
3. Release an MVP by the end of the contract that's barely suited for the task(inevitable due to inherently broken dev model) and causes a huge amount of problems
4. Get another n year contract to fix the thing
5. Print money.
[+] [-] matsemann|3 years ago|reply
But seriously, I guess it depends on the maturity of those writing the tender / anbud. Too often they get bamboozled by big4 like consultancies (Accenture, Sopra Steria etc..) that act more like project managers and sales people than developers.
The company I used to work for actually stopped giving offers on lots of these kind of projects. None of us wanted to work on these kind of bureaucratic nightmares where one is set up to fail. It's much more fun to deliver something of value, even if one doing something else could've squeezed out some more money. We "fired" clients that didn't give us opportunity to actually do good or have an impact.
I think more of these public sector tenders should stop focusing on "projects", and instead focusing on just getting the correct people that can help them iteratively move in the correct direction.
Unfortunately it's often hard to get money for this. Easier to say "we need X millions for this huge project".
[+] [-] jongjong|3 years ago|reply
The bigger an organization is, the more easy money they have, the worst their expectations are when it comes to software development. I once worked for such a company as a software developer and I was shocked that I kept getting positive reviews in spite of being the laziest I had ever been. I was spending most of my time watching videos on YouTube; but the little work I did between YouTube videos was somehow better than that of their average employee...
[+] [-] kabes|3 years ago|reply
The tender requirements were written by a general tender-writing team of the government.
We only got to meet the actual users of the software-to-build after we'd won the tender. Apparently what was in the tender was a complete mismatch with what the actual users wanted (as far as they actually knew what they wanted).
What the users wanted didn't matter, because payment was based on checking off all tender requirements. Oh, one of the tender requirements was "all business logic needs to be configurable by the users" and more gems like that.
[+] [-] saiya-jin|3 years ago|reply
When you get most of daily contractor fees directly, you easily end up with 15,000k$ net monthly income, working mostly remotely, in a country that had median monthly income below 1,000$.
Not that he worked hard or anything, frequently fridays looked like 'ok I am free give me some work' which almost never came. It was done on some ancient long dead weblogic/wslt things, stuff I can hack together in ie apache camel or similar in few afternoons (not 100% of it but core definitely yes).
Definitely a fault of government, no private company will come and say 'hey we can do it in 10% of the time / costs but we wont be using these big brand technologies (TM)'. Can't imagine there wasnt some big corruption too. IIRC prod launch was some major clusterfuck which filled newspapers for some time.
[+] [-] ElfinTrousers|3 years ago|reply
[+] [-] pryelluw|3 years ago|reply
[+] [-] 2OEH8eoCRo0|3 years ago|reply
[+] [-] praptak|3 years ago|reply
You want names that do describe your code but badly. If your function reads policies from the DB, filters them and calculates some missing data, be sure to name the function 'readPolicies'. Nobody will look at that function when chasing a bug related to the filtering part!
You may want to spread it across a few changes to get plausible deniability. You may also "fix" the name by changing it to something hopelessly generic like `initializeState`.
[+] [-] adammarples|3 years ago|reply
[+] [-] deterministic|3 years ago|reply
Use micro-services! The more the better! And write each micro-service using a different programming language and build system. Make sure the protocols are not documented. And that the micro-services are called p376, f190 etc. Make sure that some micro-services need to access a specific server setup to build!
[+] [-] csours|3 years ago|reply
So I would say: find the most obscure place you can deploy code, and make sure it is not testable.
[+] [-] sureglymop|3 years ago|reply
What I saw there in particular was that any given team will try to solve their problems in their domain. For example, I was in the database administrator team, and they tried to do everything in the database and use database features for everything. Then you have the DevOps/Middleware team who try to do everything in pipelines and with ansible scripts etc.
The best thing you could invest in imo. to be a good allrounder is really good knowledge of unix(like) systems and a shell which is available everywhere.
Write your cicd pipeline logic as shell scripts instead of e.g. the dsl of gitlab/github. That'll be usable in every domain!
[+] [-] SCLeo|3 years ago|reply
I can't stop laughing.
[+] [-] cerved|3 years ago|reply
Also, when you've accumulated about ten years of this, start using a different making scheme and make sure there are preferably random bits of Hungarian notation around. Make sure there's no record of why and no explanation of what Hungarian notation is and how to use it.
[+] [-] steveBK123|3 years ago|reply
Often these were crazy code forking paths like:
* a is a 1 liner which calls a_ or aa depending on a conditional.
* a_ then returns something or calls a__ depending on a conditional.
* aa calls aa_ or aa__ depending..
* A, AA, A_ and AA__ might be some global states or boolean flags or cmdline args or env vars read in which effect all the above..
Another favorite was to use the same noun in different cases for different types of things. For example:
* servers - a function you call which returns a list of servers
* servers_ - a subfunction called by servers
* SERVERS - a boolean global variable switch to enable functionality
* Servers - a variable containing the list of servers used by all of the above
I once asked him to explain the differences and there was no consistency. Sometimes all-caps was the function, sometimes all-caps was the boolean, sometimes lowercase, whatever.
The best was clearly someone forced him to put in comments under duress.
However he ONLY commented the obvious stuff, like-
getCmdline # gets the cmdline
[+] [-] aurelianito|3 years ago|reply
[+] [-] epgui|3 years ago|reply
[+] [-] Sirened|3 years ago|reply
[+] [-] hinkley|3 years ago|reply
[+] [-] matheusmoreira|3 years ago|reply
[+] [-] semi-extrinsic|3 years ago|reply
[+] [-] adammarples|3 years ago|reply
[+] [-] eyelidlessness|3 years ago|reply
My friends, it’s time we all learn regex. You’ve heard it’s unknowable, but a simple \b on either side of your target search is your friend too! It just means “there isn’t an alphanumeric character next to me!” It wants to get to know you! If you can’t search for a variable named a, it wants to help!
[+] [-] gofreddygo|3 years ago|reply
[+] [-] bottled_poe|3 years ago|reply
[+] [-] TrackerFF|3 years ago|reply
Code like that should set off alarms very fast, and any code review should catch it early on.
[+] [-] fcatalan|3 years ago|reply
[+] [-] tored|3 years ago|reply
[+] [-] justinlloyd|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] tored|3 years ago|reply
[+] [-] throwaway14356|3 years ago|reply