An Intern Battles the Monster App -- Visual Studio Magazine

An Intern Battles the Monster App

What Martin wanted was to fulfill his internship requirement for his degree and possibly earn a little spending money for his efforts. He got both of these and the experience of meeting "The Monster."

By Mark Bowytz
10/05/2015

During the second to last summer ahead of completing his degree, Martin started his six-month-long internship at a small company that needed assistance in modernizing its enterprise point-of-sale/inventory software. And it wanted to get it done on the cheap. In Martin's case, cheap meant minimum wage and three college course credits.

The software he would be working on fit neatly into a growing niche group of retailers as a "best of breed" application and, for end users, it worked all right. It had a clever name, making it easily identifiable to those within reach of a search engine, but Martin called it "The Monster."

At the time of The Monster's birth, the original developer was hailed as a genius far ahead of his time, and he still is.

Development started around 1996 in Visual Basic and had been automatically converted to Visual Basic 6 and later on to Visual Basic .NET with the automated upgrade tools in Visual Studio. The source code tallied in at around 30K lines all told, separated into files named xx01-xx30.vb, redefining global variables around the code base. So, by the time Martin came along, it was crashing Visual Studio 2013 multiple times a day.

Frustrated with having to work in what was effectively a mirror-universe version of Visual Basic, Martin tried to convince the powers that be that a complete rewrite in a modern language would be way easier than trying to make sense of the code. He tried arguing that The Monster was devoid of structure and looked like it had been run through an obfuscator. However, Martin's plea fell upon deaf ears, as he was told that he could not understand how difficult that would be for such a large and complex application.

Instead, the company limited Martin's ultimate modernization effort to just migrating the way the app stored its back-end information.

Considering this background, you might think the back-end storage was based on Microsoft Access or FoxPro. Nope -- it used text files as databases. While this worked great years ago, some of the company's more established clients were finding things were getting a bit slow when files started to grow larger and larger every year. The poor performance made back-end storage a fairly important and badly needed feature.

While there were many pieces of code in The Monster that made Martin ask "WTF!?," it was this odd use of parameters after running into (the equivalent of) null pointer problems around the mid(asc()) -part of this snippet that caught his attention (comments aren't production and are added for clarification):

Public Sub secure(ByVal x As Short)
  Dim ax As Short
  Dim j As Short
  Dim txt As String
  Dim i As Short
  Dim ix As Short
  Dim xtst As Short
 
  Dim vartxt As New VB6.FixedLengthString(30)
    vartxt.Value = "a[S_e`RT]`2bm"
 
  Select Case x
    Case 0
      xtst = calcxtst(txt, xtst, j, ax) ' <-- pass uninitialized variables as parameters
      If glb2.tstnum <> xtst Then
        MsgBox(" ERROR 425 : Invalid object use ", 0, "ERROR!")
        FileClose() : End
      End If
    ...
    Case Else
      MsgBox(" ERROR 426 : Invalid object use ", 0, "ERROR!")
  End Select
End Sub
 
Function calcxtst(txt, xtst, j, ax) As Integer
  txt = glb2.yline1
  xtst = calcstno(j, ax, txt, xtst) ' <-- do nothing with said parameters and pass them on
  txt = glb2.yline2
  xtst = calcstno(j, ax, txt, xtst)
  txt = glb2.yline3
  xtst = calcstno(j, ax, txt, xtst)
  Return xtst
End Function
 
Function calcstno(j, ax, txt, xtst) As Integer ' <-- use said parameters as loop counters and temp variables
  For j = 1 To 36
    ax = Asc(Mid(txt, j, 1))
    If ax > 32 Then xtst = xtst + ax
  Next j
  Return xtst
End Function

What did the code do? It was responsible for storing text "securely" in the back-end "database." The reason for passing a parameter of the short data type? That's the character's ASCII number of the secure data.

Unfortunately for Martin, he wasn't allowed to update the application to use real security inherent to any modern language or database. Rest assured, though, in Martin's six-month tenure, he delivered the functionality that he promised. And users of The Monster will appreciate a new major update, even if they don't know what a "back-end database" is – that is, as long as the company can get a spare SQL Server database license.

About the Author

Mark Bowytz is a contributor to the popular Web site The Daily WTF. He has more than a decade of IT experience and is currently a systems analyst for PPG Industries.

Printable Format

comments powered by Disqus

Featured

Oh Data! Microsoft Ships First Major OData Update in Nearly 8 Years

Microsoft today shipped a preview of OData .NET 8. OData v7.0 was released in August of 2016.
Full Stack Hands-On Development with .NET

In the fast-paced realm of modern software development, proficiency across a full stack of technologies is not just beneficial, it's essential. Microsoft has an entire stack of open source development components in its .NET platform (formerly known as .NET Core) that can be used to build an end-to-end set of applications.
.NET-Centric Uno Platform Debuts 'Single Project' for 9 Targets

"We've reduced the complexity of project files and eliminated the need for explicit NuGet package references, separate project libraries, or 'shared' projects."
Creating Reactive Applications in .NET

In modern applications, data is being retrieved in asynchronous, real-time streams, as traditional pull requests where the clients asks for data from the server are becoming a thing of the past.
AI for GitHub Collaboration? Maybe Not So Much

No doubt GitHub Copilot has been a boon for developers, but AI might not be the best tool for collaboration, according to developers weighing in on a recent social media post from the GitHub team.