Skip to main content

Add as a preferred source on Google


DevDisasters

An Intern Battles the Monster App

What Martin wanted was to fulfill his internship requirement for his degree and possibly earn a little spending money for his efforts. He got both of these and the experience of meeting "The Monster."

  • By Mark Bowytz
  • 10/05/2015

During the second to last summer ahead of completing his degree, Martin started his six-month-long internship at a small company that needed assistance in modernizing its enterprise point-of-sale/inventory software. And it wanted to get it done on the cheap. In Martin's case, cheap meant minimum wage and three college course credits.

The software he would be working on fit neatly into a growing niche group of retailers as a "best of breed" application and, for end users, it worked all right. It had a clever name, making it easily identifiable to those within reach of a search engine, but Martin called it "The Monster."

At the time of The Monster's birth, the original developer was hailed as a genius far ahead of his time, and he still is.

Development started around 1996 in Visual Basic and had been automatically converted to Visual Basic 6 and later on to Visual Basic .NET with the automated upgrade tools in Visual Studio. The source code tallied in at around 30K lines all told, separated into files named xx01-xx30.vb, redefining global variables around the code base. So, by the time Martin came along, it was crashing Visual Studio 2013 multiple times a day.

Frustrated with having to work in what was effectively a mirror-universe version of Visual Basic, Martin tried to convince the powers that be that a complete rewrite in a modern language would be way easier than trying to make sense of the code. He tried arguing that The Monster was devoid of structure and looked like it had been run through an obfuscator. However, Martin's plea fell upon deaf ears, as he was told that he could not understand how difficult that would be for such a large and complex application.

Instead, the company limited Martin's ultimate modernization effort to just migrating the way the app stored its back-end information.

Considering this background, you might think the back-end storage was based on Microsoft Access or FoxPro. Nope -- it used text files as databases. While this worked great years ago, some of the company's more established clients were finding things were getting a bit slow when files started to grow larger and larger every year. The poor performance made back-end storage a fairly important and badly needed feature.

While there were many pieces of code in The Monster that made Martin ask "WTF!?," it was this odd use of parameters after running into (the equivalent of) null pointer problems around the mid(asc()) -part of this snippet that caught his attention (comments aren't production and are added for clarification): 

Public Sub secure(ByVal x As Short)
  Dim ax As Short
  Dim j As Short
  Dim txt As String
  Dim i As Short
  Dim ix As Short
  Dim xtst As Short
 
  Dim vartxt As New VB6.FixedLengthString(30)
    vartxt.Value = "a[S_e`RT]`2bm"
 
  Select Case x
    Case 0
      xtst = calcxtst(txt, xtst, j, ax) ' <-- pass uninitialized variables as parameters
      If glb2.tstnum <> xtst Then
        MsgBox(" ERROR 425 : Invalid object use ", 0, "ERROR!")
        FileClose() : End
      End If
    ...
    Case Else
      MsgBox(" ERROR 426 : Invalid object use ", 0, "ERROR!")
  End Select
End Sub
 
Function calcxtst(txt, xtst, j, ax) As Integer
  txt = glb2.yline1
  xtst = calcstno(j, ax, txt, xtst) ' <-- do nothing with said parameters and pass them on
  txt = glb2.yline2
  xtst = calcstno(j, ax, txt, xtst)
  txt = glb2.yline3
  xtst = calcstno(j, ax, txt, xtst)
  Return xtst
End Function
 
Function calcstno(j, ax, txt, xtst) As Integer ' <-- use said parameters as loop counters and temp variables
  For j = 1 To 36
    ax = Asc(Mid(txt, j, 1))
    If ax > 32 Then xtst = xtst + ax
  Next j
  Return xtst
End Function

What did the code do? It was responsible for storing text "securely" in the back-end "database." The reason for passing a parameter of the short data type? That's the character's ASCII number of the secure data.

Unfortunately for Martin, he wasn't allowed to update the application to use real security inherent to any modern language or database. Rest assured, though, in Martin's six-month tenure, he delivered the functionality that he promised. And users of The Monster will appreciate a new major update, even if they don't know what a "back-end database" is – that is, as long as the company can get a spare SQL Server database license.

About the Author

Mark Bowytz is a contributor to the popular Web site The Daily WTF. He has more than a decade of IT experience and is currently a systems analyst for PPG Industries.

comments powered by Disqus

Featured

  • VS Code 1.125 Adds Copilot Spend Meter After Billing Shock

    VS Code 1.125 adds in-editor visibility into additional Copilot budget usage as GitHub's AI-credit billing model continues to draw developer scrutiny.

  • TypeScript 7.0 RC Moves Microsoft's Go Rewrite Into the Mainline Compiler

    Microsoft's Go-based TypeScript rewrite has reached Release Candidate status, moving from a separate native-preview package into the regular TypeScript npm package while leaving some ecosystem-facing API work for TypeScript 7.1 or later.

  • Microsoft Highlights Visual Studio Live! Event Lineup and Longtime Developer Community Role

    A Microsoft MVP Blog post on Visual Studio Live!'s longevity arrives as the 2026 conference series continues with upcoming stops at Microsoft HQ, San Diego and Orlando.

  • Using Local AI to Cut Copilot Usage-Based Billing Shock

    After being gobsmacked by the new billing plan using almost all my monthly credits in one or two days, I tried pushing some Copilot-style coding work onto local models in VS Code. What I found was less "free AI" and more "pick your pain": cloud charges on one side, heavy local resource use and long waits on the other.

Most   Popular

Subscribe on YouTube