DevDisasters
An Intern Battles the Monster App
What Martin wanted was to fulfill his internship requirement for his degree and possibly earn a little spending money for his efforts. He got both of these and the experience of meeting "The Monster."
During the second to last summer ahead of completing his degree, Martin started his six-month-long internship at a small company that needed assistance in modernizing its enterprise point-of-sale/inventory software. And it wanted to get it done on the cheap. In Martin's case, cheap meant minimum wage and three college course credits.
The software he would be working on fit neatly into a growing niche group of retailers as a "best of breed" application and, for end users, it worked all right. It had a clever name, making it easily identifiable to those within reach of a search engine, but Martin called it "The Monster."
At the time of The Monster's birth, the original developer was hailed as a genius far ahead of his time, and he still is.
Development started around 1996 in Visual Basic and had been automatically converted to Visual Basic 6 and later on to Visual Basic .NET with the automated upgrade tools in Visual Studio. The source code tallied in at around 30K lines all told, separated into files named xx01-xx30.vb, redefining global variables around the code base. So, by the time Martin came along, it was crashing Visual Studio 2013 multiple times a day.
Frustrated with having to work in what was effectively a mirror-universe version of Visual Basic, Martin tried to convince the powers that be that a complete rewrite in a modern language would be way easier than trying to make sense of the code. He tried arguing that The Monster was devoid of structure and looked like it had been run through an obfuscator. However, Martin's plea fell upon deaf ears, as he was told that he could not understand how difficult that would be for such a large and complex application.
Instead, the company limited Martin's ultimate modernization effort to just migrating the way the app stored its back-end information.
Considering this background, you might think the back-end storage was based on Microsoft Access or FoxPro. Nope -- it used text files as databases. While this worked great years ago, some of the company's more established clients were finding things were getting a bit slow when files started to grow larger and larger every year. The poor performance made back-end storage a fairly important and badly needed feature.
While there were many pieces of code in The Monster that made Martin ask "WTF!?," it was this odd use of parameters after running into (the equivalent of) null pointer problems around the mid(asc()) -part of this snippet that caught his attention (comments aren't production and are added for clarification):
Public Sub secure(ByVal x As Short)
Dim ax As Short
Dim j As Short
Dim txt As String
Dim i As Short
Dim ix As Short
Dim xtst As Short
Dim vartxt As New VB6.FixedLengthString(30)
vartxt.Value = "a[S_e`RT]`2bm"
Select Case x
Case 0
xtst = calcxtst(txt, xtst, j, ax) ' <-- pass uninitialized variables as parameters
If glb2.tstnum <> xtst Then
MsgBox(" ERROR 425 : Invalid object use ", 0, "ERROR!")
FileClose() : End
End If
...
Case Else
MsgBox(" ERROR 426 : Invalid object use ", 0, "ERROR!")
End Select
End Sub
Function calcxtst(txt, xtst, j, ax) As Integer
txt = glb2.yline1
xtst = calcstno(j, ax, txt, xtst) ' <-- do nothing with said parameters and pass them on
txt = glb2.yline2
xtst = calcstno(j, ax, txt, xtst)
txt = glb2.yline3
xtst = calcstno(j, ax, txt, xtst)
Return xtst
End Function
Function calcstno(j, ax, txt, xtst) As Integer ' <-- use said parameters as loop counters and temp variables
For j = 1 To 36
ax = Asc(Mid(txt, j, 1))
If ax > 32 Then xtst = xtst + ax
Next j
Return xtst
End Function
What did the code do? It was responsible for storing text "securely" in the back-end "database." The reason for passing a parameter of the short data type? That's the character's ASCII number of the secure data.
Unfortunately for Martin, he wasn't allowed to update the application to use real security inherent to any modern language or database. Rest assured, though, in Martin's six-month tenure, he delivered the functionality that he promised. And users of The Monster will appreciate a new major update, even if they don't know what a "back-end database" is – that is, as long as the company can get a spare SQL Server database license.
About the Author
Mark Bowytz is a contributor to the popular Web site The Daily WTF. He has more than a decade of IT experience and is currently a systems analyst for PPG Industries.