The recent flame war on ColdFusion brought to mind somthing that happened about 10 years ago.

I worked in a fairly large department that used a spreadsheet as the bug-submission-tracking “system”. Naturally, the person who assigned the work kept it open at all time, making it impossible for anyone to actually open it to enter a new bug.

My boss was modestly technical, but could understand anything if you broke it down into reasonable bites (arguably one of, if not the best boss I’ve ever had). Part of my job was to evaluate new technologies to see if they could be of use in our department. This time around, it was ColdFusion.

I installed and played with it a while, and decided that the best way to get a feel for it was to build a throw-away system that actually did something of substance. Having been inflicted with the daily arguments about who left the bug-spreadsheet open, I decided that I’d build a bug-tracking system - at least it was something to focus on.

I built it and it worked. Then someone saw it on the screen on my PC and asked if they could enter a bug report. I told them it was just a test-bed. They nodded, and began to type away. A few days later, my boss was asking around what happened to the bug reports entered by this person (remember that my ’system’ wasn’t being used by anyone, so she had no reason to think the bugs might be in it). I just happened to put 2 and 2 together, and we all had a good laugh. Then she decided that maybe we should use my system, for real.

Um, wait a minute - no passwords, everything passed in clear-text, etc. No matter, it was just within our department, and nobody would abuse it….(actually, nobody ever did)

The thing actually worked fairly well. I started the bug tracking numbers at 300, so that they could prime it with the bugs from the spreadsheet. Over the next year, the users feature-creeped the thing into a fairly useful utility.

Then it was my time to move on to another project. I trained the noobie they hired on how it worked, what made it tick under the hood, the database, all its tables, etc. Even the script that [re]created the database from scratch. After all, you always do these things in a script, right?

It was a ksh script that looked something like this:

#!/bin/ksh
echo "DO NOT EVER RUN THIS SCRIPT - IT DESTROYS, THEN RE-CREATES THE DATABASE"
exit 1
drop table ...
create table ...
...
# prime the database
insert into table values (...

This particular script was also read-only, just to make sure that it was never run after people started using the system.

About a week later, everyone is running around - why are all the menus truncated? Where are all the bug reports? Wha….

Then my boss asks me to look at it. It took me 1 second to find the problem. The bug numbers for newly entered bugs were coming out at 305, 306, 307, … Hmmm, between that, and the fact that all the menus had been reduced to their original default values, it seemed that the database had been reset.

We went to the person responsible for the system. He explained that he wanted to see what the database-creation script did, so he ran it. I asked how he was able to execute a read-only script. He replied that he saw that it was read-only, so he made it executable. I asked what he thought when it printed the do-not-run-ever message and exited without doing anything. He said he saw that, but really wanted to see what it did, so he commented out the ‘exit 1′ and ran it again. Then, when the users started complaining, he kept re-running the script to try and fix the problem.

We rolled back to the last checkpoint, and re-entered the few missing bugs by hand (thankfully I had programmed it to dump stuff to log files).

Doh!!!

Published on Daily WTF by snoofle

Submit: