neya 5 years ago

I feel like this could lead to very opinionated, non-constructive comments/flame, but if were to give you an example, I'd suggest taking a look at Wordpress eco-system. While Wordpress core's codebase has improved significantly over the years, some of the plugins haven't.

The top pick goes to WooCommerce, although an open source E-commerce solution on top of Wordpress, it has some terrible decisions under the hood.

The top pick would go to mixing presentational logic with business logic. For example, to render a table, instead of exposing an array of objects to allow the developer to loop through it as he/she sees fit, WooCommerce will force you to use a PHP function that renders a table for you and there's actually no way to modify the presentation logic if you wanted to.

It's a really fundamental programming paradigm that even top open source companies fail to adhere to.

Again, I'm not saying this to attack them or the maintainers behind the code, just my opinion of why I think it's bad quality code while respecting the fact that developers still do take time and effort for us to enjoy something with freedom and zero cost.

  • superasn 5 years ago

    An indirect thing you can learn from this example is that how little code quality matters when it comes to product popularity or revenue.

    WordPress and its plugins are most often cited as examples of bad code and to top it off it is written in PHP - a programming language hated by a lot of programmers.

    Yet when it comes down to it, WP powers 33.6% of all websites on the internet. Just think for a second how big that number is!

    So if the software gets the job done and the end-user can easily understand it, it really doesn't matter if you write it in what language, using what code patterns.

    • Nextgrid 5 years ago

      Revenue for the company behind Wordpress itself? Maybe.

      Revenue for the end-user? No way. Wordpress sites are high maintenance due to its enormous attack surface and dubious code quality. I would never even consider it as it will just be a liability I don't want to deal with.

      • superasn 5 years ago

        I think a very easy way to mitigate that problem is by using something like siteground that mantains and optimizes that for you.

        I don't have direct experience with then myself but that's what I've heard most successful wp blogs do

        • quickthrower2 5 years ago

          I have moved entirely to a JAM stack i.e. static sites with JS to add functionality via apis. I’m happy with this because if my host dies or pisses me off I can very simply move to another host. And my choice is any host, from S3 to classic shared hosting to CDN edge providers to a raspberry pi hanging off my router.

          It’s a lot cheaper, and cms using tools like Hugo or Jekyll is really a lot better than WP because let’s face it you’ll end up editing the theme pho files in Wordpress. I now use metalsmith for new sites instead of Hugo as it’s more hackable.

          One thing thars a bit harder is Wordpress is nice for a techie working with a non techie content editor. I’m making do with markdown and github for that but a solution to that problem could be a indie hacker idea.

          • johnsonjo 5 years ago

            Ghost [1] seems like a good alternative blog platform for non-techies if you really dislike WordPress. It's a CMS like WordPress but it focuses mainly on blogging unlike WordPress which does e-commerce as well. If anyone here is interested in JAMstack with ghost here's a Gatsby ghost integration which brings CMS like content management to JAMstack [2].

            [1]: https://ghost.org

            [2]: https://gatsby.ghost.org/about/

    • regularjack 5 years ago

      > to top it off it is written in PHP - a programming language hated by a lot of programmers.

      You could say that about any language. PHP is loved by many programmers too.

      • BoorishBears 5 years ago

        Not to the degree that PHP is hated.

        • gremlinsinc 5 years ago

          It's only hated by those who haven't grokked modern php > 7.0. Thanks to laravel the php ecosystem has grown quite a bit over the past few years. I know many rails devs who prefer laravel/php to rails for what it brings to the table. Sure ruby is prettier syntax, but php isn't as horrible as it used to be. Now if it could catch up on parallel/asynch it'd have a better time.

          Sure there's sexier languages like elixir and go and rust, but well designed php code is a pleasure to work w/.

        • ezekg 5 years ago

          I’d argue PHP is so hated because of WordPress and the terrible code/practices associated with its ecosystem.

          • gremlinsinc 5 years ago

            Amen to that, I live/breathe for laravel projects, I contemplate slitting my wrists when working on wordpress.

            • rocketpastsix 5 years ago

              Laravel projects can be just as bad of a codebase as WordPress.

              • gremlinsinc 5 years ago

                yeah, I'm working on one now (picking up where Indian devs left off) ... Code is laravel 5.2, every controller injects session, requests, etc into the constructor, then injects a 'manager' which is basically a loose repository structure, laravel 5.3 > somewhere makes it so using requests/sessions in constructor you generally want to wrap that in middlware...

                So upgrading is a huge nightmare. This is one reason I'm not a fan of repository pattern, more classes to inject everywhere even when they're not fully needed. When just making a fatter model would suffice.

                Also lots of bad php practices...everywhere else. Bad devs can work on any code base, but laravel core code is pretty beautiful, and laravel's community encourages better code, if some bad actors write shitty code the rest of us have to clean up that's on them, but woocommerce is owned by Automattic and has bad code, you'd think they'd fix it or something being a large company.

                There's also tons of great packages out there that are written way more OO and with testing and best practices than there are for wordpress. Laravel is also easier to optimize, and the data structure for wordpress can get out of hand as well.

                ltdr; Yes, lots of bad laravel code -- but that's on the individual dev, core laravel and lots of laravel packages use php best practices and encourage good coding. Easier to write better code in laravel than it is a wordpress plugin.

      • chriswarbo 5 years ago

        We usually gain a better understanding of the world through numbers rather than booleans.

        It's true that programmers hate PHP. It's true that programmers love PHP. It's true that programmers hate other languages. It's true that programmers love other languages.

        This isn't very useful, as you seem to imply; but only due to the boolean perspective.

        Numerically, PHP is hated far more than other languages, and loved far less (StackOverflow surveys come to mind, but I'm sure there's a whole lot more data on this)

        • rocketpastsix 5 years ago

          The StackOverflow surveys only show you the data from the people who want to answer. It's always going to be skewed one way or another. I use and like PHP, and I rarely do the SO survey because I never see it in time.

      • Insanity 5 years ago

        I do think PHP holds a larger share of "hate" than most other languages.

        • gremlinsinc 5 years ago

          I don't know... Ask me most days and I'll tell you how much I hate javascript and it's horrible ecosystem and incongruity...

          but I can't live without using it as it's pretty much the only option for what it does....

          In my fullstack workflow js is way worse than php.

          Just to use it properly requires setting up an entire elaborate webpack setup (thank god for laravel mix), then there's a gajillion frameworks to choose from if you go that route, best practices are argued constantly on forums/reddit/hn....

          I'd like to build an app on node but I can't ever get past bootstrapping the damn app before I get frustrated at the time it takes just to dive right in.

          • chriswarbo 5 years ago

            > Ask me most days and I'll tell you how much I hate javascript... but I can't live without using it as it's pretty much the only option for what it does

            Very true, unfortunately.

            > Just to use it properly requires setting up an entire elaborate webpack setup

            This sounds like a self-imposed problem. I've been writing JS for over a decade and never touched webpack (I think it's some sort of compiler/linker)

            > there's a gajillion frameworks to choose from if you go that route

            Emphasis on the word "if". Frameworks are there to make life easier; if they're making your life harder, don't bother. Most things are easy enough in "Vanilla JS", now that IE6 compatibility is less important.

            > best practices are argued constantly on forums/reddit/hn

            Arguing over best practices is a sign of a healthy community, which is passionate about quality rather than settling for "it runs". Learning about new ideas can be useful for framing our thinking, even if we don't directly apply those approaches.

            Those sort of arguments shouldn't have much impact on how we actually Get Things Done though, since we know more about the engineering requirements of our particular project than random people online, and we'll be more productive using known-good methods which we're experienced with.

            > I'd like to build an app on node but I can't ever get past bootstrapping the damn app before I get frustrated at the time it takes just to dive right in.

            I've not used Node in years, but again that's a choice; if it makes life harder, dump it and use something easier. Node.js bootstrapping complications aren't really a fault of the JS language; heck, you can use FastCGI if you like (that's how PHP is often run).

            • gremlinsinc 5 years ago

              > I've not used Node in years, but again that's a choice; if it makes life harder, dump it and use something easier. Node.js bootstrapping complications aren't really a fault of the JS language; heck, you can use FastCGI if you like (that's how PHP is often run).

              The bootstrapping issue is...that there's really no structure imposed.. I can setup an express script anyway I want, but I'm used to a little more syntactical sugar via rails/laravel world where you know where configs/migrations/models go. Sure I can set it up just like that, but having a go-to way of doing things is nice...

              > there's a gajillion frameworks to choose from if you go that route

              Vanilla js is super difficult if you need reactivity and to maintain state across the app. I'm not sure there's many Single Page Applications or PWA applications that are built using vanilla JS (unless possibly you use Svelte which compiles down to vanilla, but still you're coding using a framework and not vanilla js regardless of what the output is).

              It's still ugly and convoluted mess - the ecosystem. It's a lot like php was before laravel/composer (pre 2011).

              > Just to use it properly requires setting up an entire elaborate webpack setup

              Webpack basically loads the scripts/files you need when you need them for specific parts of the app. It's similar to grunt/gulp and there are other tools out there. Laravel Mix sits on top webpack and has a simplified already configured way of using it, and it works for apps that aren't just laravel apps, so I often throw it in my workflow if I'm branching out or trying a different language or framework.

              My point was just that php isn't necessarily the most hated, as I know plenty of people who hate js. They might even be equally hated.

    • sebazzz 5 years ago

      > An indirect thing you can learn from this example is that how little code quality matters when it comes to product popularity or revenue.

      An that is the exact reasons why it is hard to address implementing more tests, and addressing technical debt.

  • sleavey 5 years ago

    Agreed. The core code is actually pretty well written considering the concrete backwards compatibility standards enforced by the devs, but most plugins are a total mess (and I'm saying that as a plugin author). I guess it is mainly due to PHP's low bar for entry and PHP's historical (but arguably not now) lack of enforcement of good programming practices.

    There is potential for change though. There is a project backed by the core devs (can't remember the name) which will score plugins by their code standard and show the score in the plugin directory.

    • allenskd 5 years ago

      I feel it's not that PHP is low bar but rather widely accessible out of the box on almost all web hosting services... you don't have to set up a lot of stuff before running your web application.

      I'd argue the only reason PHP still remains at the top is because no one has made X language to work out of the box with cpanel installations and run with little to no modification to run, lets say, django apps or RoR apps. Maybe if Python or any other language spent more time on improving that type of accessibility in the realm of web applications we could see PHP fragmenting in the later years...

      • combatentropy 5 years ago

        I think the main reason I still prefer PHP after doing web development for over a decade is not its syntax but its set-up.

        Picture me, often the only programmer, supporting several-dozen business web apps. Each app is in its own directory. To add a route, I just make a new PHP file. This eases mingling other, static, files in that same directory: CSS, JS, HTML, PDFs, documents, spreadsheets, images, and videos that the users wanted to supplement the app with. Maintaining a list of routes in some other file would complicate things, especially with the number and complexity of the apps that we have. (User-uploaded files are stored elsewhere.)

        That is really a feature of CGI, and FastCGI, not PHP. But I like PHP more than Perl, and I'm not sure how well the FastCGI frameworks for other languages are written. For example, I often dream of using JavaScript in FastCGI.

        But then again I am also spoiled by the extent of PHP's standard library. It's mainly a bunch of functions in the global namespace, but an alphabetic namespace is vast, and there have been just a handful of times that I wanted to make a function whose name was already taken.

        PHP is also stable. I've never had a problem with a script bringing down other parts of the website or even other parts of the same app (except that one time when a coworker wrote a PHP script that built SQL dynamically and did it in a bad way, and used up all the RAM on the server).

        PHP has been fast for me, even back in 2005. Then again I don't use third-party frameworks. I have written a few helper libraries, to reduce code repetition.

codr7 5 years ago

It doesn't work, energy follows thought and it makes no sense to focus it on what you want to avoid. Take or leave.

That being said, the worst I ever saw was the in-house business nonsense I was paid to deal with as a Java consultant. The worst code isn't open source from my experience, subjecting it to public scrutiny would mean suicide for the companies involved.

  • SmellyGeekBoy 5 years ago

    This matches my experience. Open source projects tend to get the worst parts fixed. It's in-house applications, usually written in VB / Delphi / Java, that have been supported and added to over the past 20 years where the true horrors lie.

    As you say, I doubt many businesses would be willing to put this kind of code out there.

jasode 5 years ago

An example of bad code that always stuck with me was the flawed CDDB disc id hash algorithm.[0]

I was reminded of that short-sighted decision every time I ripped a bunch of CDs and saw how importing song titles was not automatic because a dozen different discs had the same hash ids which resulted in collisions[1]. It ended up creating needless friction for millions that depended on that discid.

What's sad is I'm not even sure if one can extract any useful "lessons learned" from it! The programmer that wrote it was not an amateur script kiddie; he had a computer science degree from Uni California. Apparently, he didn't realize he was writing a flawed hash algorithm as he wrote it.

One could say that hash algorithms should be "peer reviewed". Well, he got unsolicited peer review that pointed how his homegrown hashing computation was flawed but he ignored the suggestion to improve it.

[0] >Ti Kan wanted to use a hash. He could have chosen something like CRC32, which would have given him a 32 bit number, yielding 4 billion unique IDs. Instead he wrote his own hash. [...] Ti Kan was made aware (not by me) of this problem back in 1994, and given a script to convert this format into a CRC32-based format, but he rejected it because the deployed base was too big. At that point it was probably in the high dozens. -- excerpt from http://quimby.gnus.org/circus/notes/cddb.html

[1] https://forums.macrumors.com/attachments/multiple-matches-jp...

[2] wiki: https://en.wikipedia.org/wiki/CDDB#How_CDDB_works

  • the8472 5 years ago

    That advice is wrong too, a 32bit number would have been insufficient due to the birthday problem.

    • jasode 5 years ago

      I don't think any reasonable person would expect zero collisions. The weakness of CRC32 for even distribution of hash values was well-known. (CRC32's goal was a fast "checksum" instead of strong cryptographic hash.)

      The point was CDDB's non-invented-here home-grown hash algorithm was worse than CRC32. He didn't extract the maximum entropy from the discs' metadata of song times to minimize future collisions.

    • planteen 5 years ago

      Exactly. Assuming 10 songs per CD, you should see your first collision after around 6500 CDs. If he did CRC64, it would be after 400 million CDs.

    • justaj 5 years ago

      Why not use a SHA256 (or SHA512) then?

      • rahimnathwani 5 years ago

        Because CDDB pre-dated the publication of SHA-* (2001) by at least 6 years.

AnaniasAnanas 5 years ago

Here you go https://github.com/progwml6/Natura/blob/1.7.10/src/main/java...

Tip: If you ever end up in a situation where you have to copy-paste code with minor changes then there is something that you are doing wrong. In this case using arrays and loops would be a much better solution.

  • pjc50 5 years ago

    That looks nasty, but surprisingly hard to fix with loops because everything is of different types. If I were fixing it I'd look to some kind of code generation solution, even if just a hacky python script parsing a CSV.

    (addShapedRecipe is just begging to have ASCII art as its canonical form)

    • AnaniasAnanas 5 years ago

      Most of them are of the types button and item though.

  • thih9 5 years ago

    But: avoid premature optimisation, it could lead to overly complex abstractions.

    Simple, clear structures with little repetition are ideal.

    Copy pasted data is painful to work with but still relatively easy to maintain and fix.

    Overly complex and unintuitive abstractions are the most difficult to maintain and improve.

    • ilaksh 5 years ago

      But it's very repetitive code and uses identifiers like "var3" and "var4".

  • allenskd 5 years ago

    The function addShapedRecipeFirst (List recipeList, ItemStack itemstack, Object... objArray) is really doing a number on me... gonna be fun not touching that code for a few months and when you come back you don't even know what the heck you are doing

  • ksaj 5 years ago

    I've never seen so many typographic rivers in source code before. Almost reminds me of a cross-eyed holograph.

  • thrower123 5 years ago

    Good god, my eyes, they burn.

spion 5 years ago

How about examples of open source code to learn whats really, really good, together with why it was designed that way? Seems like that would be way more useful.

Or examples of projects that did things one way, but later refactored, and why they refactored.

  • convolvatron 5 years ago

    i dont think you really get very deep into it by reading code without working with it. sure, there are surface syntactic niceties one can bikeshed.

    the real meat of the matter comes when you are trying to make a change. is the structure robust? is there convenient tooling that helps you do what you need to do? does the system require extensive boilerplate to do simple things? does the system come crashing down in some unrelated area when you are trying to make simple changes?

    it may be surprising, but large old codebases usually have huge hunks that serve no real purpose whatsoever except to glue together two pieces that would be much happier talking directly to one another.

    I really wish as a community we could abandon the 70s business notion that software is a concrete artifact that one invests in and sells. its a really poor model. software is a process. code that is not being maintained is largely just dead. as developers we should be evaluating software as a living thing that responds to its environment...not as a shrink wrapped item we unbox and review on youtube.

  • allenskd 5 years ago

    I think someone starting, or intermediate, or perhaps advanced won't be able to tell what's good or bad... even I have problems sometimes identifying what would be the best approach of implementing a good design and could end up implementing a bad one easily.

    And refactoring as almost always a must... unless you are stuck in a legacy support project where you are just hacking fixes away despite the glaring flaws and the client doesn't want to spend any more money on improving things.

kissgyorgy 5 years ago

That's a really bad idea. You need to have a good counterexample, otherwise it's just wasting time at the best case. A lot of people learn from really bad codebases and picking up the same style which is terrible. You should look at GOOD codebases instead!

  • theSage 5 years ago

    I did some work on html2text when I started off and while the little parts did make sense, the whole library was confusing for me. I couldn't change anything without breaking tests.

    On the other hand I've been tinkering with curio for a while now and it's a fresh breath compared to that.

    My trouble is that I still don't understand what makes the html2text thing "bad". What particular thing there caused me to not like working with it? I'm trying to understand that.

    I've been book hunting + figuring out if it's something that I did not know which would have made the code a lot easier to work with (stuff got a lot easier after I cleaned up my set theory understanding)

    - https://github.com/dabeaz/curio - https://github.com/Alir3z4/html2text

otras 5 years ago

If you’re interested in a case of unnecessary optimization and effort, the infamous left-pad npm library has been refactored to only add to the string O(log(n)) times. It is short but not sweet.

https://github.com/left-pad/left-pad#readme

  • ksaj 5 years ago

    I think it needs more // comments. Hilarious.

Sir_Cmpwn 5 years ago

Here's some old code of mine:

https://github.com/vatt849/LibMinecraft/blob/master/LibMinec...

The whole library is a trip if you want to read a bunch of bad C#. Highlights:

- Generated documentation

- Giant switch/case instead of a more organized dispatch map

- Large swaths of commented code instead of using version control

- try...catch statements that just eat the errors

- Inconsistent code style

- This thing:

https://github.com/vatt849/LibMinecraft/blob/master/LibMinec...

I've written something similar from scratch since, which I'm still not entirely satisfied with, but is much better for reference:

https://github.com/ddevault/TrueCraft

The client-side networking code lives here:

https://github.com/ddevault/TrueCraft/blob/master/TrueCraft....

https://github.com/ddevault/TrueCraft/blob/master/TrueCraft....

https://github.com/ddevault/TrueCraft/tree/master/TrueCraft....

Notable improvements:

- Handwritten docs only where necessary

- Uses a stream implementation for decoding this particular wire format

- Has a different and better abstraction for reading packets out

Still has bad error handling though.

jstarfish 5 years ago

The source for Terraria is notoriously terrible.

https://github.com/TheVamp/Terraria-Source-Code

It is another example of how even inelegant code full of hardcoded values can be successful.

  • czr 5 years ago

    (Note that this is decompiled source – the original probably at least has comments here and there)

twhitmore 5 years ago

Libraries can be useful despite imperfections, and poor design decisions can occur in overall good libraries. So we can't judge too harshly.

Having said that:

1) iText PDF library used to have some fairly poor & duplicated code. Column layout was a highlight. Also strange ideas overemphasizing subclasses, eg. for paragraph styles. (Correct approach: use values rather than types.)

2) Tomcat webserver back around 2007 used to have some amazing 'clustering' code to deploy your webapp across multiple servers. But it lacked proper knowledge & hence control of what it was doing. IIRC there was no clear master, and a server couldn't tell what had been started on it versus what had been replicated since a peer was seen to be running it. Effect: replication would be additive only, contexts would just replicate everywhere uncontrolled, and there was no good way to stop/ undeploy an app across the cluster.

blattimwind 5 years ago

Drupal 6/7 would be an example for "widely used [at the time] but pretty bad". I don't know how many of the issues across all layers were addressed in later versions.

OpenSSL is still an excellent example for very messy code where even maintainers / frequent contributors regularly get lost. Also a good example for designing many bad APIs and poor docs. libsodium is a good counterexample, although the internal structuring of the code base is a bit atypical, it is logical and consistent. (It does have some API idiosyncrasies which cater specifically to dynamic bindings, like providing a constant always as a #define/macro but also as an exported function; and it has a bit of an issue where you have both legacy APIs and newer APIs, but the docs are pretty clear on which is which).

BorgBackup is an example of how you don't want to mix C and Python code, and also contains various bits that only 1-2 people on the planet really bothered to understand, besides demonstrating other issues of organically grown code bases.

bradknowles 5 years ago

There are an infinite variety of things that you don’t want. If you focus all your energy on those things, then you won’t have anything left to do the positive things you do want.

You have to turn that equation around. Even if all you know right now is the negative thing you don’t want, you have to figure out how to reframe that into the positive thing you do want. On,y then can you make positive progress towards that thing you want — and by the way, you will naturally avoid the things you don’t want by focusing on the things you do want.

Sure, examples of bad stuff can be instructive, but only so far as it helps you further clarify the good stuff you’re actually trying to achieve.

arthev 5 years ago

While usually focusing on smaller snippets, thedailywtf.com is a site about (mostly) code wtfs. A fair number of management wtfs too, though.

pjc50 5 years ago

> fall along the lines of "fail to see the forest for the trees"

I think I'm going to need an example to understand this?

Having said that, one of the most informative programming books I've ever read was C Traps And Pitfalls. Flags common easily-made errors and explains them, which in turn fixes misconceptions about the language. I feel most languages could do with one.

RickJWagner 5 years ago

Just a side note-- this is the beauty of Open Source. If there is some bad code (we all write it), it can be improved with a little help from Open Source "friends".

All of us are stronger than any one of us. Long live Open Source!

craftoman 5 years ago

Many JavaScript libraries like Fastify (Node.js) for example. You always get a nice & clean API but if you look under the hood you would be amazed at how much spaghetti code can be written in a project.

sam_lowry_ 5 years ago

Jgit is amazingly bad for a piece of software built on top of well thought out data structures if git. Some if its flaws could be attributed to Java IO design, though.

peterwwillis 5 years ago

Anything related to OpenStack, but particularly jenkins-job-builder is rather horrible.

jxub 5 years ago

Many, if not most OSS packages which are released by academics or universities.

yamann 5 years ago

https://github.com/mholt/caddy not only a mediocre code, but the guy behind it received lots of money from Mozilla as an innocent promising open source project author, then he made it as a paid product.