The * stupidest things I’ve done in my programming job

I’m not ashamed of those sins any more, so here you go :)

1. ORM

Stupidity
Building my own Object Relational Mapping framework.
Consequence
Project is a mess after 2 years of maintenance with hardcore hacks to bypass my own ORM and call custom SQL queries.
What should I have done
Use hibernate, iBATIS, Cayenne or something similar.

2. EAV

Stupidity
Using an Entity-Attribute-Value model database schema design.
Consequence
Non scalable solution and total impossibility to run any useful queries on the database level.
What should I have done
Use an ordinary normalized database schema design.

3. Database Access

Stupidity
Synchronize (serialize) database access using one shared connection.
Consequence
Zero scalability. Very slow response times when more than 10 users where using the application.
What should I have done
Don’t do that and use a connection pool such as c3p0 and use a “new” (reused) connection returned from the pool for every request/response cycle.

4. IDE

Stupidity
Avoided learning and using an Integrated development environment.
Consequence
Inability to build test and deploy the application quickly and generally do anything useful.
What should I have done
Get familiar with an IDE. NetBeans, eclipse etc.

5. Transactions

Stupidity
Not using them.
Consequence
Corrupt data in an application involving e-shop like functionality.
What should I have done
Use database transactions. When in MySQL use InnoDB.

6. Prepared Statements

Stupidity
Using Statements, string concatenation and naive character escaping to assemble my own “safe” queries.
Consequence
SQL Injections possible in my application. I managed to login using ‘or 1=1;delete from users;– and alter the database state in a very nasty way.
What should I have done
Use Prepared Statements which correctly assemble and escape the query properly depending on the JDBC driver used.

7. Business Logic

Stupidity
Doing it in the template (JSP).
Consequence
Messy non maintainable application.
What should I have done
Do it in an MVC style with servlets or with a Front Controller. Even better by using an existing open source MVC framework such as Struts, Spring MVC etc.

Of course, all the bad choices above have probably made me a better programmer.

69 Responses to “The * stupidest things I’ve done in my programming job”

  1. alex Says:

    Hey ioannis,

    I think that “6. Prepared Statements” is a must ‘stupidity’ for all programmers :)

  2. steven Says:

    woah, that was quite a stupid list… i hope you werent being paid while you did this. thats enough to turn a company belly up

  3. Ryan Says:

    Hopefully wtih the use of ORMs you won’t be writing too many queries for jdbc anyway :)

  4. TheBull Says:

    We all go through our “I shouldn’t have done that” phase. At least you weren’t so arrogant as to think everything you did was awesome and learned from it all. Good for you. I would rather hire someone who knew his/her mistakes and didn’t want to repeat them.

  5. Anonymous Says:

    I believe most of the programmers have done the same things before they know there are something better. Good for you.

  6. Jan Says:

    Programmers always make errors like you. But they are not aware of that. It’s good that you wrote it down. It a set of nice advices I would said. :-) Have a nice day, Jan

  7. cherouvim Says:

    Thanks for the comments.

    @steven, yes I was a full time developer when I did all these stupid things. I am still working for that company, and apart from developing, I lead teams of developers, train and code review them in order to avoid similar situations :)

  8. Ben Says:

    Those are pretty big mistakes, and a bit too scary to be chalked up to niavity. Were there any good solutions around at the time, or were you forced to build something from scratch? If the latter, its an unfortunate situation many of us are forced into. If the former.. I guess I’m just glad that you’re apologetic now.

  9. Eric Says:

    Can’t fully agree with the ORM mistake.

    I don’t know the order of implementation but let’s say that Hibernate came first. If the iBatis or the Cayenne teams thought the same then these implementations would not come into existence. It is possible that they did not know of each other but more likely, considering the large number of ORMs out there, they had something else in mind.

    So, don’t necessarily consider it a mistake to create your own ORM, especially if you have some extra requirements and the current options don’t quite fulfill them.

  10. Swizec Says:

    Not learning an IDE isn’t stupid because IDE’s in my opinion have way too many bells and whistles instead of promoting the one thing that’s important: code.

    Sure, don’t use notepad either. I find that a good editor, like Kate, is the perfect balance between a simple editor and a full-blown IDE. It does syntax highlighting for more languages than you’d ever care to know existed, has an integrated console, opens multiple files and makes it easy to switch between them and has a “find in files” feature for when you just don’t know where you want to look for something.

    And if you really needed it can have a “symbol viewer” as well, but I find those useless.

    What more than that could an IDE provide me that wouldn’t be more of a distraction than a useful tool?

  11. tb Says:

    … almost reinvented iBatis. Been working on a small app and decided to do away with writing the same persistance boilerplate code. Thought to myself ‘I’ll write it once and put in a lib for reuse’. Then in the middle of I just stopped for some reason and started thinking about that. Did a little ‘googling’ and came across iBatis. I think those type of stories point to the ‘evolutionary’ origins of some of the products like iBatis or Hibernate. Guess it’s a fun little experience/experiment to end up heading down the same road other have taken and realize their motivation. I was just lucky to stop before I went too far ;-)

  12. cherouvim Says:

    @Ben: I was a fresh postgraduate straight out of Uni. No “enterprise” knowledge at all. All the solutions where around back then (that is 3 years ago).

    @Eric: It’s simply a matter of “reinvent the wheel” syndrome. I’ve heard of hibernate back then but I thought that doing it my own way would be good!

    @Swizec: I do “hardcore” mass text manipulation with text editors, but the IDE is invaluable. Try messing around with a good one and when you get used to it (2-4 weeks?) you will never look back!

  13. Geir Says:

    Swizec:
    What more than that could an IDE provide me that wouldn’t be more of a distraction than a useful tool?

    Refactoring.

  14. Eric Says:

    Re the IDE, I’ve got 2 guys in the team who refuse to use an IDE in favour of vi. The speed of their output together with the quality and all associated stuff like unit tests and documentation leaves all the IDE users in the dust.

    Consider; they have a dual head setup with 10 desktops as provided by KDE. One each screen, i.e 2 per desktop, they have 4 Konsoles. Within each Konsole they have anything up to 15 sessions, i.e. bash shells. Within each session they have screen running which is configured by a utility that opens 1 screen for each major directory in a Mavenized project. This gives, on average 6 shells.

    The last time I looked, they had 500+ shells open, the majority of which had vi running. If you ask them to check some source they go straight to it. No scrolling through windows of an IDE. Add to this the ability for vi to have single file, double file and multiple file sessions and the numbers become mind boggling. Then add the ability for vi to create sub shells and it becomes seemingly incomprehensible but these guys know where everything it.

    Even more amazing they have desktops or screens or Konsole sessions opened onto other machines, sometimes many remote sessions in this way.

    They do admit that some tools provided by IDEs are not part of this setup but when this occurs they just use the IDE for that task. Actually, I’ve been corrected on this one; they say they always use the best tool for the specific task!

    So what am I saying? I’m *not* saying that an IDE is better that everything else or vice versa. What I see as the project lead is the IDE providing a nice friendly and cosy environment where tools like code suggestion seems to hinder the learning of an API. I see the power users making huge strides in what appears to be chaos but is actually totally controlled. I do see that the IDE camp will not even try the vi camp because the vi camp make it look like a black art. I see the vi guys silently smiling when the IDE guys have again come against a limitation of the IDE.

    I guess it comes down to each to their own. However, at times, usually at highly stressful times, I find myself wishing the IDE guys would learn the vi way ;-)

  15. cherouvim Says:

    @Eric: “Right tool for the right job” is always true. vi is superb but the IDE support proves invaluable many times per day. Refactoring, testing, debugging, deploying, ant automations, profiling etc…

  16. Eric Says:

    I think this is where the opinion between the IDE and vi camps is different.

    Refactoring: for simple cases it’s swings and roundabouts but refactoring using an IDE does not cover the situation where the refactoring has been caused by a project outside of the current IDE managed source. The vi guys simply run

    vi `fgrep -rl thingThatChanged topOfSourceTree`

    and then check everything first and then when happy either run a vi command to make the changes or a similar stream edit command to do the same.

    Testing: unit tests should be part of the deployment anyway. If this is not simple then shell scripts are used and graphical testing is the same for both IDE and vi.

    Deploying: should be totally automated via Maven/Ant/Make etc.

    Profiling: no difference aside from the ability to just run the profiler rather than the profiler _and_ the IDE in memory at the same time.

    Debugging: (I’ve left this last) seems to be one of those things which is hard to accept. In a nutshell the vi guys don’t use the debugger only log tracing. I sometimes think they don’t tell the full story but they both say they never use the debugger and wouldn’t even know how to. I guess the results speak for themselves.

    By the way, they do admit that certain jobs are more efficient in an IDE but they don’t do them ;-)

  17. Chad Okere Says:

    I tried using Oracle Toplink, which is the default JPA implementation and found myself writing platform-dependent SQL (MySQL) due to annoying limitations in both toplink and MySQL’s JDBC drivers. In particular, if you want to read a huge dataset out of MySQL you have to use strange flags when you open your connection to prevent cashing which leads to out of memory errors (you can’t do it in the JDBC URL, so there’s no way to pass those flags using JPA).

    Toplink itself had issues it didn’t need to have, for example, any collections you use get loaded entirely into memory and flushed, you can’t modify a collection and have it saved in the DB immediately, despite the fact there’s no real reason for that.

    So in other words, using a off the shelf ORM may not save you from writing SQL if you’re doing something complex. On the other hand, even with writing the occasional query using JPA saved a TON of time.

  18. KoW Says:

    seen too many of those at my current employer to think it’s funny

  19. alex Says:

    yeah buddy from what i’ve read you are really stupid :D

  20. Andreas Marschke Says:

    Well how is that ol’ speech go… Experience is something u get shortly before you dont need it anymore… XD

  21. Huzefa Says:

    During my academic days and one year during my professional period(when I was fresh) I have also did all these thing, but I am happy that I have done all these thing and I can better visualize that how these frameworks and libs are working than others.

  22. icloud Says:

    This is extremely useful! Thanks for sharing!

  23. keer Says:

    One of the MOST STUPID things is making mistakes straight from the blog title.

  24. Dimitris Andreou Says:

    That’s the trouble when there is nobody to supervise a freshman. You know, unless you weren’t saying what you were doing or committing code at all, someone should have stopped you, but seemingly none did, so nobody knew better.

    Embedding a generic data model into the generic data model the database already provides (while killing query evaluation times in the process) is a recurring issue, which points to the lack of in-depth database courses in some Unis (any course which explains query plans and indices should be protective enough).

    Out of curiosity: I see you say that a custom ORM was a bad idea. How about a custom MVC web framework? :)

    (I also uploaded other “stupid mistake” stories on my blog: http://code-o-matic.blogspot.com)

  25. cherouvim Says:

    @Dimitris Andreou: Very valid comment ;) Thanks. Building your own MVC framework is a common mistake as well (which I’ve done twice) but a very educational one. Building a CMS on top of that is yet more fun! :)

  26. Al Says:

    You can debug an application with log statements. Sure. But why would you want to? After 15 years of s/w development I still see this kind of nonsense brought up. ‘Star’ developers with hundreds of vi shell sessions open are the guys most likely to commit the list of mistakes posted here.

  27. sal Says:

    For years I thought the correct way to write an app was to first build a framework and then build the app on that framework. That way, I could re-use that framework. It never worked out that way. Reuse of the framework almost always ended up with me doing more work in app1 as I tried to complete app2. I look back at my early career wondering how productive I might have been if I just wrote the damn app and look for reuse cases after.

  28. Amine Says:

    This is one reason why to be Sun certified :) In the Sun Certified Enterprise Architect certification, all the needed recommendations are learnt in order to build scalable reliable and secure enterprise information systems.

  29. Dennis Sellinger Says:

    Bravo! I’ve always said if we don’t do mischief, it likely that we don’t do anything. The important thing is to learn from our mistakes.

    cheers.

  30. web development Says:

    Biggest mistake is not to find open source components available for the functions that you want. In short write only once and dont write same code again.

  31. SJS Says:

    Of all the reasons to use an IDE, ‘deploying’ is not one of them. You end up with a system where you can *only* deploy in the IDE, and nobody on the project really understands what needs to be done to deploy the application.

    Been there, done that, watched a man-month of code get discarded because of IDE incompatibilities.

    You should *always* be able to discard any/all IDEs (or editors — e.g., “requires emacs to compile” is a no-no) and *still* be able to checkout, update, compile, test, deploy, and run your application. The IDE should be a multiplier (something that helps you do something better), not a dependency.

  32. Sara Says:

    Nothing is more refreshing than a developer who can admit when he is wrong! Keep rocking.

  33. Dave Ross Says:

    I still blame the custom ORM that took up more than half our resources for the downfall of a startup I used to work for. When the company went broke, the ORM still wasn’t complete.

    If you’re doing something at home in your spare time, or if you don’t have a deadline/budget to meet, then it’s ok to try rolling your own libraries. But, if time is of the essence, it’s better to use an off-the-shelf solution and focus your energy on your user experience and business logic.

  34. Josh Says:

    Try messing around with a good one and when you get used to it (2-4 weeks?) you will never look back!

    The correct way to say this is:

    Try messing with a good one and when you get used to it (2-4 weeks?) you may never look back!

    I get frustrated with people who make assertions like this assuming that those of us who eschew IDEs must not have tried them. I have gotten quite familiar at various times with Borland’s old IDE, Visual Studio of various incarnations, and Eclipse.

    Personally, I hate them all. We could spend forever talking about why, and why you think the reasons are invalid, and why I don’t think you understand the import of my reasons, etc.

    But don’t assume that everyone will have the same response you have.

  35. Chris Says:

    This is a really great resource. Lots of beginners don’t know that these are mistakes, and I think this post can help readers avoid them. I learned many of these the hard way, too. :) Thanks!

  36. Sebastian Says:

    Kudos to you for admitting these mistakes. Others will learn from them.

  37. dev-interview Says:

    I know a company that has a full time developer to maintain an .NET ORM and he is fixing bugs most days and hes not close to being done. One can buy a good ORM for .NET applications for under $1K. Do not waste time on writing your own ORM layer code.

    gb
    http://dev-interview-questions.blogspot.com

  38. Collin Cusce Says:

    Unfortunately, these are things they don’t teach in school. Most developers don’t hear of these sins until they commit them themselves.

    It’s ok, we’ve all committed at least one of these at some point *pats your head*.

  39. Hatem Nassrat Says:

    I think the biggest design mistake for a web app might have been Java.

  40. Daily del.icio.us for February 8th through February 9th — Vinny Carpenter's blog Says:

    [...] ioannis cherouvim » Blog Archive » The * stupidest things I’ve done in my programm… – I’m not ashamed of those sins any more, so here you go [...]

  41. cherouvim Says:

    @SJS: Thanks, very valid comment. Our projects are still tied to NetBeans and yes, this worries me.

    @Josh: Yes, you are right.

    thanks all for the comments! :)

  42. Hassan Kamal Says:

    You have definately learnt things instead of just doing them, A “REAL” senior programmer is usualy not there in places where programme desgn level decision
    making is required. Its so crucial for a successfull project, this is what makes people
    do such mistakes. Its not your fault at all! its the companies fault that they didnt
    have an expert for providing solutions to their customers rather they depended
    on fresh people so that they dont have to pay them good money

    Thanks and regards

  43. Mario Says:

    Are you sure you picked your career well? Perhaps it just wasn’t meant for you. And what idiot allowed you to be the lead and actually make those mistakes in real world projects.

  44. Denis Richardson Says:

    The worst kind of developer is the ones that thinks they are smart… even smarter than the rest… And when they are wrong, they are incapable of recognizing it… Even if they did, they could never assume admit that they are wrong… In a million years… even if their own life depended on it. The EGO is simply too large.

    Trying to reason with them seem like a waste of time or a never ending battle, a mind struggle… as sort of intellectual competition. It’s unfortunate, but the truth is that they need to smash their own face against the wall to learn… They are incapable of learning from others…. I suppose that works as well… not as efficient, but overtime they will get there… Is it ignorance, stupidity or just plain stubborness…

    I must admit, I’m equally fascinated on how some can make such compelling comments on technologies without actual practical experience.

    My suggestion to all of them is, try walking a mile over the fence before making such a judgement call. You might even learn something interesting and refreshing.

    If NOT well… good luck with the large EGO attitude.

  45. Michel Platini Says:

    Some of those are my mistakes also :-)

  46. foo bar Says:

    IDE’s are overrated. Most of the other points are quite good, although my opinion is that ORM is overrated in general, not just whether you implement your own or use an off the shelf one.

    I prefer coding in a simple text editor, doing command line builds that can be scripted, and running automated regression tests.

    The best thing about an IDE is a good debugger, and I’m not against ever using an IDE, but Eclipse tends to get in my way more than not, havn’t used Netbeans or other non-MS IDE’s, and Microsoft’s best IDE was Visual Studio 6, they’ve dumbed it down and bloated it up since then, and even VS6 had the (typical Microsoft) defect of using it’s proprietary build settings instead of real makefiles.

    Of the other ‘mistakes’, glad to see someone realize the value of a normalized database schema. When you really understand the relational model data access gets much better.

  47. Derek Says:

    I wrote a dialog box that would take a String of input once because I missed it in JOptionPane. That got me the title of DialogBoxBuffoon for a few years.

    Meh.

  48. Christos Says:

    I have to learn a lot yet as far as all those technologies are concerned but what I realized reading such things (mainly Spring Framework) is that when you develop a project you have to concentrate mainly on the project’s business logic. In most cases all this stuff you will need (ORM, transaction management, Aspect Programming, MVC etc) is already available and you can find what fulfills the main percentage of your needs. When you need something special, I think it’s a better idea just to extend something already used; most of such tools are open source.
    Thanks for sharing!

  49. Dimitris Andreou Says:

    @Derek,
    There was once some guy that implemented a fancy pop-up style window that was able to display information when someone hovered the mouse over something. It took him about 2 months to fully develop and debug it, and it was horribly slow.

    He was quite surprized when he faced the fancy “tooltip” notion.

    Swing is, like most ui comprehensive toolkits, very large and easy to miss things, but one must ask himself when creating something generic functionality: isn’t this commonly needed? Because if it is, surely someone must have already done it.

  50. Ran Says:

    Yeah, you are stupid.

  51. Paul Says:

    The sad thing is all these people who called you stupid have made mistakes themselves, they’re just too arrogant to realise it. I wouldn’t employ them if they paid me.

  52. Raghavan alias Saravanan M Says:

    A good and may definitely be useful for the readers!

    #1 seems to be sheer stupidity though keeping the credits/knowledge aside.
    #2 seems to be a news to me :). Looking at it.

    Cheers,
    Raghavan alias Saravanan M.

  53. Marcel Huijkman Says:

    Some say you’re stupid, but you’re smart enough to do something with that knowledge. So I call you smart :-). Everybody has to learn from copying, reinventing, mimicking and so. (That how baby’s survive, and programmers too.) And life is also about lessons learned and how to avoid pitfalls. Of course there are smart people, who don’t make mistakes, but I’ll bet they don’t take any risk also. When you’re in a creative mood, you will sometimes find yourself trapped in a dead-end-situation, or in a didn’t-I-read-this-somewhere-Deja-Vu.
    And in the end, there is always something learned.
    “A day not learned, is a day not lived.” Keep up the learning (and the sharing) :-)

    Greetings from A Dutch guy

  54. RaiulBaztepo Says:

    Hello!
    Very Interesting post! Thank you for such interesting resource!
    PS: Sorry for my bad english, I’v just started to learn this language ;)
    See you!
    Your, Raiul Baztepo

  55. TCOP Says:

    Stupidity is to know you are wrong and never admitting it, leading to the non-ending cycle of repeating the same stupid thing again and again.

    Stupidity also is:
    leaving the accumilated experience on hard core assembly and demo making!
    You rulled man! I miss those days where ‘win’ did not exist and we were exploring asm and interrupts on the black screen. Remember the distance of the simple pc user and us? It was chaotic! :)

    You’d better upload some of your hardcore – assembly x86 demos!

  56. Fabio Brandão - Blog » Blog Archive » As coisas estúpidas feitas quando se trabalha com programação Says:

    [...] Este post foi traduzido e alterado deste link: http://blog.cherouvim.com/the-stupidest-things-ive-done-in-my-programming-job/ [...]

  57. Atanas Palavrov Says:

    Hehe, I make nearly same ‘stupidest things’ last years under .NET ;)
    And to be honest, my first was writing in 90s my own MS-DOS GUI from scratch … with low level assembly routines and c++, and to implement C++ exception handling with macros and setjump() on Borland C 3.1 :D
    But from other side this is the best way to get deep knowledge in technologies and experience to know how to avoid these mistakes in future …

  58. Jeff Burton Says:

    EAV is stupidity? Maybe sometimes. Maybe most of the time. But: do you understand what problem EAV is intended to solve? Do you have a better solution? If so, tell us.

  59. cherouvim Says:

    @Jeff Burton: You are right, EAV surely has it’s uses and I should have written “Stupidity: using EAV for problems that are solved by a properly normalized database schema design”. Most dynamic websites and basic web applications surely don’t need EAV.

  60. 10 More Ways To Get An Article On DZone Says:

    [...] The * stupidest things I’ve done in my programming job (via cherouvim.com) [...]

  61. Preeti Edul Says:

    Nice list! I’ve used EAV, tempting at first, as it can really reduce the programming effort required.. but when its time to test, the devil laughs ;-)

  62. FitzChivalry Says:

    Is it possible to create a database-based application in which the users can specify their own fields WITHOUT using EAV? I’m looking into this option, and would love to hear that there are alternatives out there that I haven’t yet run across….

  63. Practice Management Software UK Says:

    I had tried programming in past and at that time i only listen music, that’s why i lost the job. So this is the stupidest thing i had done while doing programming job :)

  64. Web Developer Says:

    Ive been a victim of 6, and am now feeling guilty about 5! I should know better but I have so many older applications that seem to run okay without transactions its not worth changing them yet!

  65. Jack Says:

    I’m very guilty of number 5! *holds head in shame*

  66. Magdalena Deprato Says:

    We know all about the lively tactic you make worthwhile thoughts on your website and even cause participation from visitors about this situation and my simple princess is in fact learning a lot of things.

  67. Harry Says:

    I think when someone realize their mistake this is the best thing to prepare for future.

  68. Maryon Mayor Says:

    it seems that all the stupidest things youve done was you were trying to reinvent the wheel. :) remember DRY(dont repeat yourself) principle… but it seems that you learned your lesson…

  69. Blog Says:

    Very good article.Thanks bro.

Leave a Reply

You must be logged in to post a comment.