Do not run this script, ever!



  • The recent flame war on ColdFusion brought to mind somthing that happened about 10 years ago.

    I worked in a fairly large department that used a spreadsheet as the bug-submission-tracking "system". Naturally, the person who assigned the work kept it open at all time, making it impossible for anyone to actually open it to enter a new bug.

    My boss was modestly technical, but could understand anything if you broke it down into reasonable bites (arguably one of, if not the best boss I've ever had). Part of my job was to evaluate new technologies to see if they could be of use in our department. This time around, it was ColdFusion.

    I installed and played with it a while, and decided that the best way to get a feel for it was to build a throw-away system that actually did something of substance. Having been inflicted with the daily arguments about who left the bug-spreadsheet open, I decided that I'd build a bug-tracking system - at least it was something to focus on.

    I built it and it worked. Then someone saw it on the screen on my PC and asked if they could enter a bug report. I told them it was just a test-bed. They nodded, and began to type away. A few days later, my boss was asking around what happened to the bug reports entered by this person (remember that my 'system' wasn't being used by anyone, so she had no reason to think the bugs might be in it). I just happened to put 2 and 2 together, and we all had a good laugh. Then she decided that maybe we should use my system, for real.

    Um, wait a minute - no passwords, everything passed in clear-text, etc. No matter, it was just within our department, and nobody would abuse it....(actually, nobody ever did)

    The thing actually worked fairly well. I started the bug tracking numbers at 300, so that they could prime it with the bugs from the spreadsheet. Over the next year, the users feature-creeped the thing into a fairly useful utility.

    Then it was my time to move on to another project. I trained the noobie they hired on how it worked, what made it tick under the hood, the database, all its tables, etc. Even the script that [re]created the database from scratch. After all, you always do these things in a script, right?

    It was a ksh script that looked something like this:

    #!/bin/ksh
    echo "DO NOT EVER RUN THIS SCRIPT - IT DESTROYS, THEN RE-CREATES THE DATABASE"
    exit 1
    drop table ...
    create table ...
    ...
    # prime the database
    insert into table values (...
    

    This particular script was also read-only, just to make sure that it was never run after people started using the system.

    About a week later, everyone is running around - why are all the menus truncated? Where are all the bug reports? Wha....

    Then my boss asks me to look at it. It took me 1 second to find the problem. The bug numbers for newly entered bugs were coming out at 305, 306, 307, ...   Hmmm, between that, and the fact that all the menus had been reduced to their original default values, it seemed that the database had been reset.

    We went to the person responsible for the system. He explained that he wanted to see what the database-creation script did, so he ran it. I asked how he was able to execute a read-only script. He replied that he saw that it was read-only, so he made it executable. I asked what he thought when it printed the do-not-run-ever message and exited without doing anything. He said he saw that, but really wanted to see what it did, so he commented out the 'exit 1' and ran it again. Then, when the users started complaining, he kept re-running the script to try and fix the problem.

    We rolled back to the last checkpoint, and re-entered the few missing bugs by hand (thankfully I had programmed it to dump stuff to log files).

    Doh!!!



  • Give this guy a hand grenade and tell him to never ever pull the pin. Then run.
    Problem solved.

    But TheRealWTF(tm) is that someone needs to run such a script to see what it does. Those drop table, create table, insert statements are hardly rocket science, are they?



  • @ammoQ said:

    Give this guy a hand grenade and tell him to never ever pull the pin. Then run.
    Problem solved.

    But TheRealWTF(tm) is that someone needs to run such a script to see what it does. Those drop table, create table, insert statements are hardly rocket science, are they?

    It was actually a *little* worse than that - I was fairly new to databases back then, so the script was heavily documented so I would remember what it did (the subtleties of the different types of indices, etc. were a bit beyond my scope). There was a rather lengthy comment at the top decribing how it would blow away and re-create everything in the default configuration. When I turned it on for real users, I also added another comment at the top indicating WHY it should never be run again. My old boss just looked at me and smiled after that day. *sigh*



  • This won't have happened if you could use EditGrid. Only one people working on the spreadsheet at a time is so historical.



  • Well , this is the kind of things you do when you are a newbie. I did it myself, at my first job. That's why you have backups.

    This isn't really a WTF.



  • @diegoami said:

    Well , this is the kind of things you do when you are a newbie. I did it myself, at my first job. That's why you have backups.

    This isn't really a WTF.


    Only because you did it too does not make it a non-WTF.



  • If you never want a script to be run-- runned-- ran-- executed, why not just delete the script? Or at least disable it in a way more effective than Read Only, like commenting

    Sure, the guy eventually running it is a complete tool ("Hey! Look at this warning! I will ignore it!"), but really, a comment and ReadOnly isn't any kind of safety precaution.

    But then again, who expects an idiot like that to come near the script and not start asking questions?



  • @dhromed said:

    If you never want a script to be run-- runned-- ran-- executed, why not just delete the script? Or at least disable it in a way more effective than Read Only, like commenting

    Sure, the guy eventually running it is a complete tool ("Hey! Look at this warning! I will ignore it!"), but really, a comment and ReadOnly isn't any kind of safety precaution.

    But then again, who expects an idiot like that to come near the script and not start asking questions?


    One reason to keep the script is that you might want to install a second system (for testing, for another user group, whatever) one fine day in the future.



  • To be entirely honest, I think you need to learn to make yourself better understood. Misleading comments are worse than no comments! Your message said that it will "destroy and then re-create" the database -- to someone who doesn't know SQL, this doesn't sound at all harmful or dangerous. It says it re-creates everything and nothing will be lost.

    You should have been clearer and stated that the script "irreversibly erases all data from the database" or something similar.



  • The company I currently work for has:

    1. A script actually named DO_NOT_RUN_THIS_SCRIPT_EVER
    2. Another piece of test software that prints in bold font on a red background, "If you're not Pat or Mark, press 'Back' now, otherwise you're going to be really sorry"
    3.  Yet another piece of test software that prints a message along the lines of "When you enable this feature, you will lose control of the system, and will have to reboot to recover", followed by a Yes/No prompt.

    Every simgle one of these test routines have been "accidentally" run by folks who should have known better.

    Right now, we've got the really destructive tests hidden behind pressing a key that normally does nothing, then multiple levels of confirmation dialogs. If that doesn't work, I'm going to write up an interactive IQ test, or a series of progressively-harder Sudoku puzzles, or something.

    -Mark



  • @dhromed said:

    If you never want a script to be run-- runned-- ran-- executed, why not just delete the script? Or at least disable it in a way more effective than Read Only, like commenting

    Sure, the guy eventually running it is a complete tool ("Hey! Look at this warning! I will ignore it!"), but really, a comment and ReadOnly isn't any kind of safety precaution.

    But then again, who expects an idiot like that to come near the script and not start asking questions?


    He also had "exit 1" as the first line of the script (after the comment), which someone had to manually remove or comment out in order to run it.  Whoever ran this really had to jump through a few small hoops to do so -- it really doesn't sound like an accident. 



  • @mbessey said:

    Yet another piece of test software that prints a message along the lines of "When you enable this feature, you will lose control of the system, and will have to reboot to recover", followed by a Yes/No prompt.


    So do I hit "Yes" or "No" if I want to cancel the operation?



  • @shadowman said:

    @mbessey said:
    Yet another piece of test software that prints a message along the lines of "When you enable this feature, you will lose control of the system, and will have to reboot to recover", followed by a Yes/No prompt.


    So do I hit "Yes" or "No" if I want to cancel the operation?

    For some real fun, 'Cancel' should be added.



  • This gave me an idea for a user-punishing site. The site would be normal, but at the bottom right or left would be a big shiny red button saying "DO NOT PRESS THIS EVER!" When the button is clicked, an ok,cancel dialog pops up saying "THIS WILL DESTROY YOUR COMPUTER! HIT CANCEL TO ABORT!" When they click OK, the script'll use some latest IE bug to execute malicous code that'll bring down a program that wipes the hard drive (and execute it of course).

    Somehow, I think that users would learn pretty fast if this button were on all web pages.



  • @shadowman said:

    @mbessey said:
    Yet another piece of test software that prints a message along the lines of "When you enable this feature, you will lose control of the system, and will have to reboot to recover", followed by a Yes/No prompt.


    So do I hit "Yes" or "No" if I want to cancel the operation?

    I just looked at the actual message again:

    Warning: Turning on the <the feature> means that you'll lose control of the device, and you'll have to reboot to recover. Are you sure you want to activate <the feature>?

    • Yes
    • No

     



  • @mbessey said:

    Right now, we've got the really destructive tests hidden behind pressing a key that normally does nothing, then multiple levels of confirmation dialogs. If that doesn't work, I'm going to write up an interactive IQ test, or a series of progressively-harder Sudoku puzzles, or something.

    -Mark


    Or my personal favorite: "Enter any 13 digit prime number to continue..."


  • You should know that "do not do xxx ever" attracts people, for example just compare the number of views for this thread with the other threads.

     

    Or my personal favorite: "Enter any 13 digit prime number to continue..."

    "Hit any user to continue..." might be nice as well :-)



  • @mbessey said:

    The company I currently work for has:

    1. A script actually named DO_NOT_RUN_THIS_SCRIPT_EVER
    2. Another piece of test software that prints in bold font on a red background, "If you're not Pat or Mark, press 'Back' now, otherwise you're going to be really sorry"
    3.  Yet another piece of test software that prints a message along the lines of "When you enable this feature, you will lose control of the system, and will have to reboot to recover", followed by a Yes/No prompt.

    Every simgle one of these test routines have been "accidentally" run by folks who should have known better.

    Right now, we've got the really destructive tests hidden behind pressing a key that normally does nothing, then multiple levels of confirmation dialogs. If that doesn't work, I'm going to write up an interactive IQ test, or a series of progressively-harder Sudoku puzzles, or something.

    -Mark



    One software package has used the following for years as a global password override, though I believe it's now being phased out as the modules are progressively revamped:

    1. User enters a fixed backdoor password
    2. Program generates and displays a random string
    3. User must enter a hash of the string to continue
    where the only folks with an interactive hash generator were the original developers.



  • @GoatCheez said:

    an idea for a user-punishing site.
     

    I think myspace has a patent on that particular business method.



  • @Mateo_LeFou said:

    @GoatCheez said:

    an idea for a user-punishing site.
     

    I think myspace has a patent on that particular business method.

     

    TRWTF is replying to a thread 2 years old.



  •  TRWTF is being surprised that a thred featured on the front page will not be extended.  I've come to count on it.  



  • @belgariontheking said:

     TRWTF is being surprised that a thred featured on the front page will not be extended.  I've come to count on it.  

     

     Whoops! Thought I had already seen the day's post and didn't check the front page again...

    My bad...



  • @MasterPlanSoftware said:

    @belgariontheking said:

     TRWTF is being surprised that a thred featured on the front page will not be extended.  I've come to count on it.  

     

     Whoops! Thought I had already seen the day's post and didn't check the front page again...

    My bad...

    ok then we'll let you off easy.  You only have to program SSDS for two days.  We were going to give you a whole week. 



  • @belgariontheking said:

    @MasterPlanSoftware said:

    @belgariontheking said:

     TRWTF is being surprised that a thred featured on the front page will not be extended.  I've come to count on it.  

     

     Whoops! Thought I had already seen the day's post and didn't check the front page again...

    My bad...

    ok then we'll let you off easy.  You only have to program SSDS for two days.  We were going to give you a whole week. 

     

    ...Shit.


Log in to reply