Ever feel like it'd all fall to pieces if you so much as turned your head? In the comments section of our article seeking your seasonal horror stories, Wayne shared a holiday WTF of a different sort that's too good not to share:

Not a holiday problem, but a me being on holiday problem.

I was the sole SQL Server database admin back in the '90s for a pretty good-sized police department. Everything ran pretty darn smooth, and I took a week off, probably to go to ComicCon. I left VERY specific instructions to call me if there was a problem.

We had a consultant working with us, I was never clear on what he was doing, but he sat in his office every day typing away and looking busy. Apparently he was writing mods to our payroll pre-process system. Police payroll is complicated because pretty much every rank has a different union, and contract, that changes how things are paid out: if you hold or are paid overtime, how sick leave works, it's all pretty weird. Or was at the time. It was wonderful getting the Peoplesoft programmer saying "We can't do that!" when they wanted us to put our preprocess into their system.

ANYWAY, this system ran an extract every week which produced two files, overtime and leave, which was then sneakernetted down the street to the mainframe. On pay weeks, there was an absolute time window for when that 3.5" floppy had to be there as it could hold up mainframe jobs. We ran the extract at about noon and the disk was there by 1. Very solid.

Until I went on vacation.

Consultant in his infinite wisdom pushed his changes to our payroll database on an extract day. And crashed the database, making it impossible to run the extract. And it was payroll week. AND they didn't call me. He spent 4-5 hours MANUALLY UNDOING HIS CHANGES. And holding up the mainframe processing schedules.

Had they called me, I could have told them that the system automatically backed itself up, and they could have done a rollback to undo his changes and reverted to a good state and run the extract.

Come to think of it, I never did find out what his modifications were supposed to do.

It's baffling why Wayne was never called, but I assume it's because the consultant had assured everyone that he had the situation under control. He was either in a mad, panicked rush to fix what he'd broken, or, he was calm and fully confident in his own abilities.

Doth pride goeth before the missed paycheck?

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

It's common to see code in the form of if (false == true). We get a fair bit of it in our inbox, and we generally don't post it often, because, well, it's usually just a sign that someone generated the code. There's a WTF in that, somewhere, but there's not much to say about the code, beyond, "Don't generate code, pass data from backend to frontend instead."

But Nicholas sends us one that shows a little more of interest in it.

if ('N' == 'Y') { document.getElementById("USERID").disabled=true; document.getElementById("PASSWORD").disabled=true; }

Again, this is almost certainly being generated by the backend and sent to the frontend. I mean, it might be someone manually disabling a block of code by writing an if that'll never be true, but probably not in this case.

And what this tells us is that the backend is getting inputs, probaly from some sort of option field, and treating them as booleans. Y and N are clearly meant to be "yes" and "no", aka "true" and "false", but we're taking the stringly typed approach on the backend.

For future developers, I reiterate: send data to the frontend, so your 'if' looks more like: if(backendData.userSelectedOption=="Y"), or at the very least if you're going to evaluate the boolean expression, evaluate it on the backend, so the generated code is just if(false).

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

During the holiday season, we got some of your holiday WTFs. For the next few weeks, we'd love to see your New Year's Resolutions. Maybe ones for you- what WTF do you do that you want to stop doing? But mostly, we're looking for the resolutions you want to give other people- the teammate who microwaves salmon for lunch everyday (it's healthy protein bro), the pointy-haired-boss who thinks they can code because ChatGPT generates code, the company that thinks CI is too much of an expense. What in your day or workplace needs to take on a resolution for this year?

Click submit and let us know!

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

We know 2026 is not a leap year. But how do we know that? We need to call some function to find out.

Steve sends us a bit of representative code; on it's own, it's not so bad, but with the broader context, it's horrifying:

namespace Utils{ public static class Utils { public static bool IsLeapYear(int year) { return CultureInfo.CurrentCulture.Calendar.IsLeapYear(year); } … } }

CultureInfo.CurrentCulture.Calendar.IsLeapYear is a .Net built in function. It does what you think. This code wraps it in their own IsLeapYear function, in a class called Utils, in a namespace called Utils.

I think you can see where this is going: Utils.Utils is a "god" class that has all the random utility functions you might want in it. It basically wraps the .Net core library up in its own interface. Sure, it's only the parts that the application needs to use, but it's still a lot of useless code that just piles a big old heap of functions that could mostly be one-liners already in a big bucket.

And of course, not everyone follows this convention, which means that much of the code uses the core library directly, and much of it uses the Utils.Utils. The mixture creates a maintainability nightmare, and it shows: the application has an ever growing bug list.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

For the first Error'd of the future-facing year, we return to our most-hated pattern of every prior year. Namely, broken password mechanisms. Meanwhile, on a personal note, I'm sitting at a boarding gate behind a planeload of people who were scheduled on a flight 12 hours ago! Sure, first-world problems but hoo boy.

"I'll get on that right away" snapped longtime contributor Argle Bargle. "I needed to make a helpdesk request. For some reason they think I need to update my password. Sure, I can appreciate that it's been a while since I've made any password change. The only catch is, I've only been with the company six months."

 

An anonymous reader griped "When I tried to log into AliExpress by clicking on the sign in button, it gave me the registration form even though an account already exists under the supplied email address. The only way to sign in is to click back and then try again or switch to the mobile view."

 

Rolf B. reported "Well, I don't even want an account. I only want to download the "VMware Virtual Disk Development Kit" to attempt a repair of my broken vmdk. But the download button now requires to be logged in. Btw: If you attempt to use an email with a '+' in it, the form completely crashes on the first keypress in the password field."

 

"You can have too much security!" declares Karun R.

 

And another anonymous (ok, this one came from inside the house but shhh I won't say who) "They said "at least one special character" and provided a list. I gave them TWENTY-FOUR and still that wasn't good enough."

 

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

The market's been rough out there this year, and this "from the trenches" recap of the challenges is useful for everyone to review as we go into 2026. Original. --Remy

Ellis knew she needed a walk after she hurried off of Zoom at the end of the meeting to avoid sobbing in front of the group.

She'd just been attending a free online seminar regarding safe job hunting on the Internet. Having been searching since the end of January, Ellis had already picked up plenty of first-hand experience with the modern job market, one rejection at a time. She thought she'd attend the seminar just to see if there were any additional things she wasn't aware of. The seminar had gone well, good information presented in a clear and engaging way. But by the end of it, Ellis was feeling bleak. Goodness gracious, she'd already been slogging through months of this. Hundreds of job applications with nothing to show for it. All of the scams out there, all of the bad actors preying on people desperate for their and their loved ones' survival!

Ellis' childhood had been plagued with anxiety and depression. It was only as an adult that she'd learned any tricks for coping with them. These tricks had helped her avoid spiraling into full-on depression for the past several years. One such trick was to stop and notice whenever those first feelings hit. Recognize them, feel them, and then respond constructively.

First, a walk. Going out where there were trees and sunshine: Ellis considered this "garbage collection" for her brain. So she stepped out the front door and started down a tree-lined path near her house, holding on to that bleak feeling. She was well aware that if she didn't address it, it would take root and grow into hopelessness, self-loathing, fear of the future. It would paralyze her, leave her curled up on the couch doing nothing. And it would all happen without any words issuing from her inner voice. That was the most insidious thing. It happened way down deep in a place where there were no words at all.

Once she returned home, Ellis forced herself to sit down with a notebook and pencil and think very hard about what was bothering her. She wrote down each sentiment:

• This job search is a hopeless, unending slog!
• No one wants to hire me. There must be something wrong with me!
• This is the most brutal job search environment I've ever dealt with. There are new scams every day. Then add AI to every aspect until I want to vomit.

This was the first step of a reframing technique she'd just read about in the book Right Kind of Wrong by Amy Edmonson. With the words out, it was possible to look at each statement and determine whether it was rational or irrational, constructive or harmful. Each statement could be replaced with something better.

Ellis proceeded step by step through the list.

• Yes, this will end. Everything ends.
• There's nothing wrong with me. Most businesses are swamped with applications. There's a good chance mine aren't even being looked at before they're being auto-rejected. Remember the growth mindset you learned from Carol Dweck. Each application and interview is giving me experience and making me a better candidate.
• This job market is a novel context that changes every day. That means failure is not only inevitable, it's the only way forward.

Ellis realized that her job hunt was very much like a search algorithm trying to find a path through a maze. When the algorithm encountered a dead end, did it deserve blame? Was it an occasion for shame, embarrassment, and despair? Of course not. Simply backtrack and keep going with the knowledge gained.

Yes, there was truth to the fact that this was the toughest job market Ellis had ever experienced. Therefore, taking a note from Viktor Frankl, she spent a moment reimagining the struggle in a way that made it meaningful to her. Ellis began viewing her job hunt in this dangerous market, her gradual accumulation of survival information, as an act of resistance against it. She now hoped to write all about her experience once she was on the other side, in case her advice might help even one other person in her situation save time and frustration.

While unemployed, she also had the opportunity to employ the search algorithm against entirely new mazes. Could Ellis expand her freelance writing into a sustainable gig, for instance? That would mean exploring all the different ways to be a freelance writer, something Ellis was now curious and excited to explore.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

Who doesn't want a tech support call to handle a leaking printer? Enjoy this noir-flavored story from August. Original.--Remy

Everyone's got workplace woes. The clueless manager; the disruptive coworker; the cube walls that loom ever higher as the years pass, trapping whatever's left of your soul.

But sometimes, Satan really leaves his mark on a joint. I worked Tech Support there. This is my story. Who am I? Just call me Anonymous.

It starts at the top. A call came in from Lawrence Gibbs, the CEO himself, telling us that a conference room printer was, quote, "leaking." He didn't explain it, he just hung up. The boss ordered me out immediately, told me to step on it. I ignored the elevator, racing up the staircase floor after floor until I reached the dizzying summit of C-Town.

There's less oxygen up there, I'm sure of it. My lungs ached and my head spun as I struggled to catch my breath. The fancy tile and high ceilings made a workaday schmuck like me feel daunted, unwelcome. All the same, I gathered myself and pushed on, if only to learn what on earth "leaking" meant in relation to a printer.

I followed the signs on the wall to the specified conference room. In there, the thermostat had been kicked down into the negatives. The cold cut through every layer of mandated business attire, straight to bone. The scene was thick with milling bystanders who hugged themselves and traded the occasional nervous glance. Gibbs was nowhere to be found.

Remembering my duty, I summoned my nerve. "Tech Support. Where's the printer?" I asked.

Several pointing fingers showed me the way. The large printer/scanner was situated against the far wall, flanking an even more enormous conference table. Upon rounding the table, I was greeted with a grim sight: dozens of sheets of paper strewn about the floor like blood spatter. Everyone was keeping their distance; no one paid me any mind as I knelt to gather the pages. There were 30 in all. Each one was blank on one side, and sported some kind of large, blotchy ring on the other. Lord knew I drank enough java to recognize a coffee mug stain when I saw one, but these weren't actual stains. They were printouts of stains.

The printer was plugged in. No sign of foul play. As I knelt there, unseen and unheeded, I clutched the ruined papers to my chest. Someone had wasted a tree and a good bit of toner, and for what? How'd it go down? Surely Gibbs knew more than he'd let on. The thought of seeking him out, demanding answers, set my heart to pounding. It was no good, I knew. He'd play coy all day and hand me my pink slip if I pushed too hard. As much as I wanted the truth, I had a stack of unpaid bills at home almost as thick as the one in my arms. I had to come up with something else.

There had to be witnesses among the bystanders. I stood up and glanced among them, seeking out any who would return eye contact. There: a woman who looked every bit as polished as everyone else. But for once, I got the feeling that what lay beneath the facade wasn't rotten.

With my eyes, I pleaded for answers.

Not here, her gaze pleaded back.

I was getting somewhere, I just had to arrange for some privacy. I hurried around the table again and weaved through bystanders toward the exit, hoping to beat it out of that icebox unnoticed. When I reached the threshold, I spotted Gibbs charging up the corridor, smoldering with entitlement. "Where the hell is Tech Support?!"

I froze a good distance away from the oncoming executive, whose voice I recognized from a thousand corporate presentations. Instead of putting me to sleep this time, it jolted down my spine like lightning. I had to think fast, or I was gonna lose my lead, if not my life.

"I'm right here, sir!" I said. "Be right back! I, uh, just need to find a folder for these papers."

"I've got one in my office."

A woman's voice issued calmly only a few feet behind me. I spun around, and it was her, all right, her demeanor as cool as our surroundings. She nodded my way. "Follow me."

My spirits soared. At that moment, I would've followed her into hell. Turning around, I had the pleasure of seeing Gibbs stop short with a glare of contempt. Then he waved us out of his sight.

Once we were out in the corridor, she took the lead, guiding me through the halls as I marveled at my luck. Eventually, she used her key card on one of the massive oak doors, and in we went.

You could've fit my entire apartment into that office. The place was spotless. Mini-fridge, espresso machine, even couches: none of it looked used. There were a couple of cardboard boxes piled up near her desk, which sat in front of a massive floor-to-ceiling window admitting ample sunlight.

She motioned toward one of the couches, inviting me to sit. I shook my head in reply. I was dying for a cigarette by that point, but I didn't dare light up within this sanctuary. Not sure what to expect next, I played it cautious, hovering close to the exit. "Thanks for the help back there, ma'am."

"Don't mention it." She walked back to her desk, opened up a drawer, and pulled out a brand-new manila folder. Then she returned to conversational distance and proffered it my way. "You're from Tech Support?"

There was pure curiosity in her voice, no disparagement, which was encouraging. I accepted the folder and stuffed the ruined pages inside. "That's right, ma'am."

She shook her head. "Please call me Leila. I started a few weeks ago. I'm the new head of HR."

Human Resources. That acronym, which usually put me on edge, somehow failed to raise my hackles. I'd have to keep vigilant, of course, but so far she seemed surprisingly OK. "Welcome aboard, Leila. I wish we were meeting in better circumstances." Duty beckoned. I hefted the folder. "Printers don't just leak."

"No." Leila glanced askance, grave.

"Tell me what you saw."

"Well ..." She shrugged helplessly. "Whenever Mr. Gibbs gets excited during a meeting, he tends to lean against the printer and rest his coffee mug on top of it. Today, he must've hit the Scan button with his elbow. I saw the scanner go off. It was so bright ..." She trailed off with a pained glance downward.

"I know this is hard," I told her when the silence stretched too long. "Please, continue."

Leila summoned her mettle. "After he leaned on the controls, those pages spilled out of the printer. And then ... then somehow, I have no idea, I swear! Somehow, all those pages were also emailed to me, Mr. Gibbs' assistant, and the entire board of directors!"

The shock hit me first. My eyes went wide and my jaw fell. But then I reminded myself, I'd seen just as crazy and worse as the result of a cat jumping on a keyboard. A feline doesn't know any better. A top-level executive, on the other hand, should know better.

"Sounds to me like the printer's just fine," I spoke with conviction. "What we have here is a CEO who thinks it's OK to treat an expensive piece of office equipment like his own personal fainting couch."

"It's terrible!" Leila's gaze burned with purpose. "I promise, I'll do everything I possibly can to make sure something like this never happens again!"

I smiled a gallows smile. "Not sure what anyone can do to fix this joint, but the offer's appreciated. Thanks again for your help."

Now that I'd seen this glimpse of better things, I selfishly wanted to linger. But it was high time I got outta there. I didn't wanna make her late for some meeting or waste her time. I backed up toward the door on feet that were reluctant to move.

Leila watched me with a look of concern. "Mr. Gibbs was the one who called Tech Support. I can't close your ticket for you; you'll have to get him to do it. What are you going to do?"

She cared. That made leaving even harder. "I dunno yet. I'll think of something."

I turned around, opened the massive door, and put myself on the other side of it in a hurry, using wall signs to backtrack to the conference room. Would our paths ever cross again? Unlikely. Someone like her was sure to get fired, or quit out of frustration, or get corrupted over time.

It was too painful to think about, so I forced myself to focus on the folder of wasted pages in my arms instead. It felt like a mile-long rap sheet. I was dealing with an alleged leader who went so far as to blame the material world around him rather than accept personal responsibility. I'd have to appeal to one or more of the things he actually cared about: himself, his bottom line, his sense of power.

By the time I returned to the conference room to face the CEO, I knew what to tell him. "You're right, sir, there's something very wrong with this printer. We're gonna take it out here and give it a thorough work-up."

That was how I was able to get the printer out of that conference room for good. Once it underwent "inspection" and "testing," it received a new home in a previously unused closet. Whenever Gibbs got to jawing in future meetings, all he could do was lean against the wall. Ticket closed.

Gibbs remained at the top, doing accursed things that trickled down to the roots of his accursed company. But at least from then on, every onboarding slideshow included a photo of one of the coffee ring printouts, with the title Respect the Equipment.

Thanks, Leila. I can live with that.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

You may have heard the advice "join a union", but nobody meant it like this. Original. --Remy.

The end of the quarter was approaching, and dark clouds were gathering in the C-suite. While they were trying to be tight lipped about it, the scuttlebutt was flowing freely. Initech had missed major sales targets, and not just by a few percentage points, but by an order of magnitude.

Heads were going to roll.

Except there was a problem: the master report that had kicked off this tizzy didn't seem to align with the department specific reports. For the C-suite, it was that report that was the document of record; they had been using it for years, and had great confidence in it. But something was wrong.

Enter Jeff. Jeff had been hired to migrate their reports to a new system, and while this particular report had not yet been migrated, Jeff at least had familiarity, and was capable of answering the question: "what was going on?" Were the sales really that far off, and was everyone going to lose their jobs? Or could it possibly be that this ancient and well used report might be wrong?

The core of the query was basically a series of subqueries. Each subquery followed this basic pattern:

SELECT SUM(complex_subquery_A) as subtotal FROM complex_subquery_B

None of this was particularly readable, mind you, and it took some digging just to get the shape of the individual queries understood. But none of the individual queries were the problem; it was the way they got stitched together:

SELECT SUM(subtotal) FROM (SELECT SUM(complex_subquery_A) as subtotal FROM complex_subquery_B UNION SELECT SUM(complex_subquery_C) as subtotal FROM complex_subquery_D UNION SELECT SUM(complex_subquery_E) as subtotal FROM complex_subquery_F);

The full query was filled with a longer chain of unions, but it was easy to understand what went wrong, and demonstrate it to management.

The UNION operator does a set union- which means if there are any duplicate values, only one gets included in the output. So if "Department A" and "Department C" both have $1M in sales for the quarter, the total will just be $1M- not the expected $2M.

The correct version of the query would use UNION ALL, which preserves duplicates.

What stunned Jeff was that this report was old enough to be basically an antique, and this was the kind of business that would burn an entire forest down to find out why a single invoice was off by $0.15. It was sheer luck that this hadn't caused an explosion before- or maybe in the past it had, and someone had just written it off as a "minor glitch"?

Unfortunately for Jeff, because the report was so important it required a huge number of approvals before the "UNION ALL" change could be deployed, which meant he was called upon to manually run a "test" version of the report containing the fix every time a C-suite executive wanted one, until the end of the following quarter, when he could finally integrate the fix.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

It's time to look back on a rough 2025, and wonder where we'd be if we missed any more red flags. Original. --Remy

Fresh out of university, Remco accepted a job that allowed him to relocate to a different country. While entering the workforce for the first time, he was also adjusting to a new home and culture, which is probably why the red flags didn't look quite so red.

The trouble had actually begun during his interview. While being questioned about his own abilities, Remco learned about Conglomcorp's healthy financial position, backed by a large list of clients. Everything seemed perfect, but Remco had a bad gut feeling he could neither explain nor shake off. Being young and desperate for a job, he ignored his misgivings and accepted the position. He hadn't yet learned how scarily accurate intuition often proves to be.

The second red flag was run up the mast at orientation. While teaching him about the company's history, one of the senior managers proudly mentioned that Conglomcorp had recently fired 50% of their workforce, and were still doing great. This left Remco feeling more concerned than impressed, but he couldn't reverse course now.

Flag number three waved during onboarding, as Remco began to learn about the Java application he would be helping to develop. He'd been sitting at the cubicle of Lars, a senior developer, watching over his shoulder as Lars familiarized him with the application's UI.

"Garbage Collection." Using his mouse, Lars circled a button in the interface labeled just that. "We added this to solve a bug some users were experiencing. Now we just tell everyone that if they notice any weird behavior in the application, they should click this button."

Remco frowned. "What happens in the code when you click that?"

"It calls System.gc()."

But that wasn't even guaranteed to run! The Java virtual machine handled its own garbage collection. And in no universe did you want to put a worse-than-useless button in your UI and manipulate clients into thinking it did something. But Remco didn't feel confident enough to speak his mind. He kept silent and soldiered on.

When Remco was granted access to the codebase, it got worse. The whole thing was a pile of spaghetti full of similar design brillance that mostly worked well enough to satisfy clients, although there was a host of bugs in the bug tracker, some of which had been rotting there for over 7 years. Remco had been given the unenviable task of fixing the oldest ones.

Remco slogged through another few months. Eventually, he was tasked with implementing a new feature that was supposed to be similar to existing features already in the application. He checked these other features to see how they were coded, intending to follow the same pattern. As it turned out, they had all been implemented in a different, weird way. The wheel had been reinvented over and over, each time by someone who'd never even heard of a circle. None of the implementations looked like anything he ought to be imitating.

Flummoxed, Remco approached Lars' cubicle and explained his findings. "How should I proceed?" he finally asked.

Lars shrugged, and looked up from a running instance of the application. "I don't know." Lars turned back to his screen and pushed "Garbage Collect".

Fairly soon after that enlightening experience, Remco moved on. Conglomcorp is still going, though whether they've retained their garbage collection button is anyone's guess.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

To be honest, math works the same way all year 'round. At least, it's supposed to.

"My Stack Exchange Inbox is Less Than Empty" declared Mike V. "I guess this happens when you read a notification twice!"

 

Adam R. discovered a new kind of mathematical quantity in use: "I was updating my billing address on a certain website, and this was the default value they filled in for my phone number. "Hmm, that's odd," I thought. Then I figured it out: they decided to take my phone number, written out as XXX-YYY-ZZZZ and eval()'ed that as a mathematical expression. The final result of that subtraction with my phone number was, in fact, -439. "

 

"Counting is hard" announces KT. "If mathematically no one reacted, how did they react?"

 

"Unicode this!" challenged Michael R. "Kızılelma is the new Kızılelma"

 

Reinier B. would like us to count the ways. "This piece of text on the LEGO Studio download page changes dynamically, which works OK-ish. But leave the page open for an hour or so and more and more "undefined" strings get inserted."

 

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

How many times does it take to make something a tradition? Well, this is our third installment of Christmas in the Server Room, which seems pretty traditional at this point. Someday we'll run out of Christmas movies that I've watched, and then I'll need to start watching them intentionally. I'm dreading having to sit through some adaptation of the Christmas Shoes or whatever.

In any case, we're going to rate Christmas movies on their accuracy of representing the experience of IT workers. One 💾 grants it the realism of that movie where Adam Sandler fights Pac-Man, while 💾💾💾💾💾 tells us that it's as realistic as an instructional video about the Turbo-Encabulator.

Home Alone

A Rube-Goldberg-quality series of misunderstandings and coincidences lead to bratty child Kevin being left… home alone through the holidays, defending his home from burglars, using a series of improvised, Rube-Golberg-quality booby traps, that escalate to cartoonish violence. The important lesson, however, is that the true meaning of Christmas is family.

Like most cybersecurity teams, Kevin is under-resourced, defending an incredibly vulnerable system from attackers. His MacGyvered together collection of countermeasures all work, in the film, but none of them actually address the true vulnerabilities and could all be easily bypassed by a competent attacker.

Kevin's traps are very much temporary solutions. But when temporary solutions become permanent, awful things can happen.

Rating: 💾💾

Santa Claus

This one will be familiar to any MST3k fans. Santa Claus runs a North Pole factory on child labor and whimsical inventions. Oh, also, his North Pole factory is in space. On Christmas Eve, as he tours the world to reward good boys and girls, Satan sends a demon to tempt children into mild naughtiness. Once again, the true meaning of Christmas is being with those you love, unless you're one of the children in Santa's workshop. Those kids are working on Christmas.

When things get truly dire for Santa, the children junior engineers staffing his workshop recognize that they can't manage the problem, so they fetch Merlin, the original greybeard. Yes, Merlin works for Santa, which implies that Santa and King Arthur may have met, and honestly, I'd rather watch that team-up movie. In any case, "terrified juniors clinging to a senior" is actually not very realistic. These days, the kids would just ask ChatGPT what to do, and end up putting glue on pizza.

Rating: 💾

Violent Night

What happens when we combine Santa Claus with Home Alone? We get the ultimate Santa-does-a-Die-Hard movie, Violent Night. Beverly D'Angelo plays Dick Cheney, an evil matriarch who runs a private military contractor and has stolen millions from US military operations abroad. Even more evil criminals take her family hostage to steal those millions. How are the criminals more evil than Dick Cheney? They're not only thieves, they also hate Christmas!

The family is all horrible people, except for Trudy, the young girl who has been good all year and still believes in Santa Claus. And that means Santa is coming to town. With grenades and sledge hammers and machine guns. The movie also features one of the "best" uses of "Santa uses Christmas magic to go up the chimney" at the end.

The entire villain plan is built around breaking into a super-protected electronic safe, and without spoiling too much, there's a twist in the film where someone has already broken into the safe, which makes one wonder how stupid the villains are (pretty stupid, actually). Also, while I understand the need for narrative convenience (and the Die Hard reference), the idea that the encrypted radios used by the evil villains, and the walkie talkie toy Trudy has to talk to Santa can actually operate on the same bands is… a bit of a stretch. RF bands and allocations and where and when you can use encryption is a whole thing.

Rating: 💾💾

Christmas Card from a Hooker in Minneapolis - Tom Waits

A sex worker in Minneapolis sends a Christmas card to Charlie, presumably a former client or supervisor of hers, updating him on her life. With each verse her life seems to be getting better- until the final verse, which reveals it's all been a charade and she needs help. Like most Tom Waits songs, it's the story of the kind of person who is pushed to the fringes of society, tragic but hopeful, and loaded with empathy.

I've recently been doing a job search of my own, and part of that has been "what dates did you work at $place?" and "give us some references?" and I realized that I'm terrible about keeping tabs on these kinds of things. The idea that I could send a Christmas card to a former client from years ago is absurd. Then again, how do we even know these cards get to Charlie? We just know that she wrote them, not that Charlie got them.

Rating: 🫦🫦🫦

I Am the Antichrist - The Dream Eaters

Two songs this year? Are there even any rules anymore? The lord of the damned has a poppy intro track. I suppose this shouldn't go on a Christmas list, because it likely belongs at the antipodal part of the year. Y'know. Being the Antichrist and all.

Rating: 🪩🪩🪩🪩🪩

Star Trek II: The Wrath of Khan

An aging Captain Kirk is haunted by a mistake of his past: Khan Noonien Singh is back for revenge. This "Horatio Hornblower in Space" riff on Trek is packed with themes: revenge, sacrifice, the frightening power of technology, and an object lesson on why you shouldn't put things in your ears. It also proves that the best, most exciting space battles aren't swooping, wooshing, pew pew pews, but tense games of cat-and-mouse.

As for its Christmas connections? What greater gift can Spock give to his crew but himself? His ultimate sacrifice is what ties the movie together, and of course, it means we got this incredible Christmas ornament out of it. Of all the Christmas spirits I have ever known, his was the most human.

The whole prefix-code thing is a pretty incredible security blunder. A remote back door into any Starfleet vessel, guarded only by a 5 digit code? A 5 digit code that's stored in a database on every other starship? So if an enemy captures one vessel, they can thwart the entire fleet unless everyone updates their prefix code? That's a terribly security posture! And incredibly realistic! That is likely what the future will look like. So I guess that's a credible security blunder, if we're being pedantic.

I bet they store the passwords in plain text too!

Rating: 💾💾💾💾💾

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

The holiday season is an opportunity for employers to show their appreciation for their staff. Lavish parties, extra time off, whatever. Even some of the worst employers I've had could put together a decent Christmas party.

But that doesn't mean they all go right.

For example, Mike S worked for one of those early music streaming startups. One year, the company booked a Russian restaurant in the neighborhood for the party. The restaurant was a gigantic space, with a ground level and a balconay level, but the company was only 70 people, so the company perhaps overbought for the party. Everyone stuffed themselves on appetizers and when the main course came out, it ended up as extremely fishy smelling leftovers in the office kitchen.

Two years later, they booked a party at the same place. But lessons were learned: they only booked the balcony. This meant the ground floor was free for someone else to book, and someone else did. Another party booked the ground floor, and they booked an extremely loud Russian pop band to play it.

The band was deafening and took absolutely no breaks. And while the previous time, everyone stuffed themselves on appetizers, this time there were barely any. But there also wasn't much main course coming out either. By 10PM, Mike was starving and deaf, so he left. At about 10:15, the food came out. But by then, most of the staff had left, which meant once again, the office kitchen got stuffed with very fishy smelling leftovers.

There was not a third Russian party.

Rachel went to her partner's holiday party. This large tech company was notorious for spending loads of money on the party, and they certainly booked a fairly amazing venue for it. But there was confusion with the catering order; while the company shelled out for a full buffet, the caterer decided to only provide finger foods, circulated through the party by waiters carrying plates. By 9PM, the employees had figured out where the kitchen was and were lying in ambush for the waiters. The small plates of chicken tenders and crab rangoons and spring rolls never made it more than two or three steps out of the kitchen before they were picked clean.

At least the company learned that lesson and stopped using that caterer.

But you know, not everything is about holiday parties, or days off. Companies have plenty of other ways to make their staff happy. Little benefits and perks can go a long way. Just take a page from Doug B's company, which put this sign on the badge reader:

Christmas will be a casual dress day.

I hear Doug's co-worker Bob Cratchit is going through some rough times.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

We've talked about the For-Case anti-pattern many, many times. And while we've seen some wild variations, and some pretty hideous versions, I think we have yet to see the exact example Ashley H sends us:

for (int i = 0; i < 4; i++) { if (i == 0) { step1(); } else if (i == 1) { step2(); } else if (i == 2) { step3(); } else if (i == 3){ finalStep(); } }

The specific names of the functions have been anonymized, but this illustrates the key points of what Ashley found.

It's been in the code base for some time, so she's not entirely certain where it came from, or what the company's code review practices were like at the time.

You see, this kind of code doesn't appear fully formed. It gets created, one step, after another, after another, after another. It's like a loop, but… uh… in a line. Without looping.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

Many of us who fly for business and/or pleasure are all too aware of the myriad issues plaguing the 21st-century airline industry: everything from cybercrime targeting ailing IT systems and Boeing's ongoing nightmare to US commercial airline pilots being forced to retire at age 65, contributing to a diminishing workforce that has less of the sort of wisdom that can't be picked up in a flight simulator. The exact sort of experience you want your flight crew to have if, say, your aircraft loses an engine during takeoff.

This is only the tip of the iceberg. And our submitter Greta, reporting from the inside, shows us that even a win could be a dangerous loss waiting to happen:

This will be a departure in that it's about something that is soon to happen, rather than that which already was. Looming in the near distance is an event about which I'm trying my best not to give into apocalypse fetishism, but it's difficult not to.

We make aircraft. They're large, expensive flying robots. Our company is tiny. We're slowly growing, but could very comfortably fit in the 1966 General Motors New Look bus featured in Speed. We've produced, on a good year, up to three aircraft, with all design, programming, assembly and testing done in-house.

This quarter (and into next quarter), we're about to have a whole lot of the right kind of problem; our orders have approximately quintupled, and they're for a heavily revised version of the aircraft that is still partially theoretical. The designs are sort of done, we have some of the hardware that will be running our code, and some of the code is written and working. Some of it is written and non-working. Some of it is yet unwritten. The code carried forward from the previous version has been flown, but none of the new code has flown.

Our development team is facing a fascinating pile-up of pressures.

There is a contingent of fixed-term contracted interns who have been doing some heroic heavy lifting but whose contracts are up in a couple of weeks due to the college schedule; new blood will need to be trained and in the trenches to backfill them.

Some of our (custom) hardware has known design faults and needs modification and re-production, or is in the middle of production and we all hope and pray that no modification requests are needed.

We're doing our damnedest to write production-worthy code and tests as we go, and I would describe the design and review atmosphere as healthy, but bugs can happen and are happening: bugs of the category where, if they were released to an aircraft in the sky, the aircraft would become suddenly reacquainted with the ground. Some of those bugs can be fixed in firmware, and for some of them we need to ask our long-suffering electrical engineer to pretty please pull off a miracle with a soldering iron so that we can continue development before a new board is released.

Fully-functioning test hardware is scarce, and on a near daily basis developers need to have a polite conversation about who gets to perform a flash validation (I have not observed rock-paper-scissors yet).

We also simply don't have the bodies to physically build aircraft in the way we have in the past. Upper management has painted a picture for me where six weeks from now, the CEO, managers, all of my developers and me may be assembling and testing one or two hundred batteries by hand. (I have demanded pizza if this comes to pass.)

All of this in service of an early Spring deadline, with a parade of non-negotiable activities like careful flight testing before it.

Safety is paramount, and no corners will be cut. But picture where we are now: a frenzy of development, then the eye of the storm, the company holiday shutdown, where we all try our best to enjoy the time off without dwelling on what we're getting ourselves into in 2026.

I've always purposely avoided jobs where my screw-ups might produce serious injury or death. I have the utmost respect for those who assume this awesome responsibility and care about doing the best job possible. I feel for Greta and others like her, and I really hope that if or when push comes to shove, her company prioritizes safety over all else. We've already endured too many horrific examples of what happens when corners are cut in service of budget and time constraints that were never realistic to begin with.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

Michael R. recently was Ghana but now he's back. In grand vacation tradition, he is now sharing the best of it with us. And a few more besides. Remember, it's not the journey itself that matters, it's the wtfs we make along the way. Watch me make a bunch as I attempt to weave a narrative around the shots.

First up, the likely inspiration for Michael's entire trip. I guess you don't need the actual website URL, you can find it easily.

 

In an effort to get trim for a long flight in a 17" seat, he engaged in a rigorous fitness regimen. The math here troubles him. "In the good old days 5g + 4.39g were 9.39g." (Yes, but nothing says that you need to add the weights, if one item contains the other.)

 

And he prepared by binge-watching travelogues and "reality" programming, noting here an automation failure ("Insert Date Here")

 

"I know my Donor Name but still need to figure out what WHB stands for."

 

On the ground or near it: "Nothing is older than yesteryear's election." I guess there's still a chance for a future election, so you might as well leave the posters up for name recognition?

 

"Windows Desktop makes a nice background at Soho in Accra https://www.instagram.com/soho_accra/?hl=en-gb" I want pictures of food, Michael!

 

And another Windows escape. Home again home again, jiggity jog. "Take this LHR T5 for letting me wait for my luggage for 30 mins."

 

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

A long time ago, Joey made some extra bucks doing technical support for the neighbors. It was usually easy work, and honestly was more about being a member of the community than anything else.

This meant Joey got to spend time with Ernest. Ernest was a retiree with a professorial manner, complete with horn-rimmed glasses and a sweater vest. Ernest volunteered at the local church, was known for his daily walks around the neighborhood, and was a generally beloved older neighbor.

Ernest had been working on transfering his music collection- a mix of CDs and records- onto his computer. He had run into a problem, and reached out to Joey for help.

"Usually," Ernest explained, "I can get one of the kids from the local university to help me out. But with the holiday break and all…"

No problem for Joey. He went over to Ernest's, sat down at the computer, and powered it up. The desktop appeared, and in the typical older user fashion, it was covered with icons. What was unusual was the names of the files and folders. Things like titwank. Or cockrot.pl and penis.pl. A few were named as racial slurs.

Clearly, the college students Ernest usually hired were having a laugh at the man's expense. That must be it. Joey glanced around the room, trying to think about how to explain this, when he noticed the bookshelf.

The first few books were guides on how to program in Perl. Sandwiched between them was Rogets Profanisaurous, a dictionary of profanity. Then a collection of comedy CDs by Kevin Bloody Wilson, the performer of such comedy songs as "I Gave Up Wanking," "The Pubic Hair Song," and "Dick on Her Mind".

"Ah, yes," Ernest said, "you'll need to pardon my desktop. Before I retired, I was a linguist, and I think you can guess what my speciality was."

"Profanity?"

"Profanity indeed. Now, I was hoping I could get someone to take a look at swallow.pl for me…"

Joey writes:

I always thought of Perl as an arcane language here here instead it has somehow been turned into a profane language.

Usually, profanity is what we use when reading Perl.

For whatever reason I seem to have kept this particular file. I must have taken it home to work on. I now consider it an art piece worthy of printing out and framing on the wall.

I think there is something to that, Joey, but I have to be honest: I'm not going to present the entire file in its true glory, because well, there are limits to the sorts of profanity we run on the site. But it's still worth sharing a few snippets:

We can start with some variable initializations:

my @wankoid; my $wankoff; open(SHIT,"discindex.htm"); @wankoid=<SHIT>; $wankoff=join("",@wankoid); my @toss=split(/\nLabel\:/,$wankoff); my $cockrot=0;

Or perhaps some regex matching:

$swallow=~s/\/\/.*//; $swallow=~s/^L:\\//; $swallow=~s/\r//; my @penis=split(/\\/,$swallow);

Uh… could we not?

for($i=0;$i<$#penis-1;$i++) { $rude=$curse[1]; %dirk=%$rude;; if(!exists($dirk{$penis[$i]})) { $dirk{$penis[$i]}=[($penis[$i],[{}],[{}])]; } $rude=$dirk{$penis[$i]}; @curse=@$rude; }

Wait… is "dirk" slang for something I don't know about?

There are a few other words in here that I don't recognize as profanity, like flk, plip, disind, baf, and tot. And SEE? SEE is profanity? How? Are these profane words I just don't know? I mean, Ernest was a professional profanologist, and I'm just an amatuer. Clearly I have a lot to learn.

If you know what those mean, leave a comment. If you don't know what they mean, but want to make up an answer, I dunno… leave a comment too?

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

As the single-digit Farenheight temperatures creep across the northeast United States, one's mind drifts off to holidays- specifically summer holidays where it isn't so cold that it hurts to breathe.

Luciano M works in Italy, where August 15th is a national holiday, but also August is the traditional time of year for everyone to take off, leaving the country mostly shut down for the month.

A long time ago, Luciano worked for a small company, along with some friends. This was long enough that you didn't rent compute from a cloud provider, but instead ran most of your intranet services off of a private server in your network closet somewhere.

This particular server ran mostly everything: private git hosting, VPN, email, and an internal Jabber server for chat. Given that it ran most services in the company, one might think that they were backing it up regularly- and you'd be right. One might also think that they had some sort of failover setup, and that's where you'd be wrong.

Late August 12th, the hard drive on their server decided it was time to start its own holiday. The main reason everyone noticed when it happened wasn't due to some alert that got triggered, but as mentioned, Luciano was friends with the team, which meant they used the Jabber server to chat with each other about non-work stuff.

Because half the country was already closed for August, getting replacements delivered was a dubious proposition, at best. Especially with the 15th looming, which not only made shipping delays worse, but this particular year was on a Friday, marking a 3-day weekend. Unless they wanted to spend the better part of a week out of commission, they needed to find an alternative.

The only silver lining was that "shipping is delayed" is the kind of problem which can be solved by spending money. By the time it was all said and done, they paid more for shipping than they paid for the drive itself, but the drive arrived by the 14th, and by the end of the day, they had the server back up and running, restored from backup.

And everything was happy, until August 12th, the following year, when the new hard drive decided to die the exact same way as the previous one, and the entire cycle repeated itself.

And on the third year, a hard drive also failed on August 12th. At least, by that point, they were so used to the problem that they kept spare drives in inventory. Eventually, someone upgraded them to a RAID, which at least kept the downtime at a minimum.

Luciano has long since moved on to a new job, but the date of August 12th is his own personal holiday: an unpleasant one.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

Our anonymous submitter was looking for a Microsoft partner to manage his firm's MSDN subscriptions; the pile of licenses and seats and allowed uses was complex enough to want specialists. In hopes of quickly zeroing in on a known and reputable firm, he tracked down the website of a tech consultancy that'd been used by one of his previous employers.

When he browsed to their Contact Us page, filled out the contact form, and clicked Submit, the webpage simply refreshed with no signs of actually doing anything. After staring at the screen for a moment, wondering what had gone wrong, Subby noticed the single quotes used within his message were now escaped. Clicking Submit a few more times kept adding escape characters, with no submission ever occurring. So he amended his message to remove every it's, we're, and other such contraction.

Without single quotes, the next submission was successful. It's impossible to say what was going on behind the scenes, but this seemed to suggest a SQL injection vulnerability in their form submission code. They were escaping "'" characters because they were building their query through string concatenation. But in addition to escaping the single quotes, it seemed to be rejecting any string which contained them.

A stellar first impression, to be sure. In fairness, this firm hadn't designed their own website. The name of the designer they'd contracted with, displayed in the webpage footer, looked more embarrassing than proud in light of his trouble.

An email address was listed beside the contact form. Subby sent a separate email alerting them of the bug he'd found. Hopefully, someone would acknowledge and channel it to the proper support contact.

A week passed. Subby never received a response or any confirmation that any of his messages had been received. Had that mailbox been abandoned after most, if not all, attempted contacts had mysteriously failed?

"I guess no SQL injection if it's never submitted!" Subby joked to himself.

He moved on to other prospects.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

Today's anonymous submitter sends us a short snippet. They found this because they were going through code committed by an expensive third-party contractor, trying to track down a bug: every report in the database kept getting duplicated for some reason.

This code has been in production for over a decade, bugs and all:

if (reportStatuses.indexOf(newStatus > -1)) { // add report to database }

This is server-side JavaScript running in NodeJS. The mistake here is easy to make, it's a simple transposition error. But it's also easy to catch. Any sort of testing at all would find it.

The specific problem, if you haven't spotted it, is where the comparison operator happens: we're passing newStatus > -1 into indexOf as a parameter: this is a boolean value. Now, neither true nor false are in the reportStatuses array, so indexOf returns -1. But -1 is a truthy value, so the condition evaluates to true, adding the report to the database, even if it's already there.

Our submitter writes:

How has no one noticed this? How is the company still in business? How does the world not come down crashing around us more every day?

How is the world not crashing down? Have you looked outside, recently? Tis the season to quote Clark Griswold:

Worse? How could things get any worse? Take a look around here, Ellen. We're at the threshold of hell.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

Three blind anonymice are unbothered by the gathering dark as we approach the winter solstice. Those of you fortunate enough to be approaching the summer solstice are no doubt gloating. Feel free, we don't begrudge it. You'll get yours soon enough. Here we have some suggestions from a motley crew of three or four or maybe more or fewer.

Mouse Number One is suffering an identity crisis, whimpering "I don't really know who I am anymore and I really hoped to have this information after modifying my profile."

 

Mouse Number Twö müses „While Amazon is trying to upsell me their service, I am wondering how their localization infrastructure must be implemented to enable errors like \".“

 

Mouse Number N is almost ready to square off with some back office programmer. "A very secure PIN on an obligatory wooden table."

 

Mouse Number 502 has gone bad. "This could be a gateway to something better. I think I'll apply."

 

Finally, an anon from some summer morn sent us this some time ago and it confused me so much I sat on it. I've never figured out what he was on about, so maybe you can explain it to me. Perhaps his snarky comment will be clueful? "When you don't know how to screenshot, print it out and scan it back in," he said.

 

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!