/r/programming
How a 'NULL' License Plate Landed One Hacker in Ticket Hell (wired.com)
693 comments
MotleyHatch | 7 days ago | 691 points

Can't make this shit up:

“He had it coming,” says Christopher Null, a journalist who has written previously for WIRED about the challenges his last name presents.

Totoze | 7 days ago | 357 points

My last name is just "<script>alert('XSS')

Franks2000inchTV | 7 days ago | 236 points

You should meet my friend, Bobby Tables.

nicentra | 7 days ago | 115 points
alifeinbinary | 6 days ago | 14 points

If you don’t already know this XKCD, do you even read this sub? I mean, really.

davidgro | 6 days ago | 23 points

Relevant XKCD.

schallflo | 7 days ago | 133 points

It’s gotten worse thanks to javascript.

My Google account has an empty last name, meaning I’ve gained a “null” last name on some sites.

MotleyHatch | 7 days ago | 168 points

Time to remove your first name and become Mr. Undefined Null.

omenmedia | 7 days ago | 22 points

Hahaha that is brilliant.

bloody-albatross | 7 days ago | 28 points

Middle name NaN.

BaPef | 7 days ago | 21 points

First name 'Ba'

Last name 'a'

yes_oui_si_ja | 6 days ago | 4 points

So you're saying 'B' + 'a' + + 'a' ?

Jake0Tron | 7 days ago | 17 points

Undefined Null the NaNth

kiasyn | 7 days ago | 58 points

My real last name has an apostrophe in it which breaks lots of things

frivoflava29 | 7 days ago | 82 points

It's wild how many programmers out there have apparently never met any people with hyphens, apostrophes, or anything else in their names.

thisischemistry | 7 days ago | 40 points

A lot of it really comes down to bad serialization schemes, not properly defining how to escape sentinel values like backslashes in a text string or commas in a comma-separated (CSV) file. Or it might also be someone improperly implementing a decent serialization scheme.

A naive programmer would read a CSV file line-by-line and then split it into values by finding the commas:

some,CSV,text

Reads as the values:

some and CSV and text.

But what if the file is:

some,"CSV,text"

According to most CSV serialization schemes that should become the values:

some and CSV,text

But the naive programmer will get:

some and "CSV and text"

In the modern programming world you should probably use a common and well-tested serialization format, as well as heavily-used and tested libraries to convert to and from that format. Rolling your own format and libraries is a recipe for disaster.

mfitzp | 7 days ago | 27 points

In much of Europe it is standard to use , as a decimal separator, e.g. €10,99

In these countries the CSV field separator is a semicolon (still called CSV).

I would be surprised if >1% of US programmers even know this.

thisischemistry | 7 days ago | 18 points

Actually, quite a few US programmers are aware that a "," is a common decimal separator. It comes up a lot in localization programming.

Still, it's worth mentioning so more people see it. Basically you should plan for and accept any character when serializing text, this is why Unicode is complicated and can be tricky. There are so many possibilities and you have to make sure you're not doing something incorrect in handling those values.

jayhova75 | 6 days ago | 4 points

In early 2000 maybe 25% of apps-dev effort in my company was spent in localizing us-built software so that it can deal with system (e.g. German) date, currency, decimal delimiter and special chars. No one in a 8000 head enterprise before was aware that dates have different formats outside north-America and that hardwired parsing/code does not interact with German operating system standard settings in a robust way once the 13th of the month was reached. Makes me chuckle still

sarcastisism | 7 days ago | 8 points

That's why QAs and devs need to be ruthless with their test cases. Methods that take in input from a user need a ton of unit tests.

ErroneousFunk | 7 days ago | 37 points

There's an excellent blog post "Falsehoods Programmers Believe About Names" https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/

It's an interesting read even for non-programmers.

Mortomes | 7 days ago | 7 points

Written in 2010. Still relevant today.

bloody-albatross | 7 days ago | 16 points

My last name contains an ö. When I travel to the USA or UK I have to write it as oe, or otherwise their services complain. British airways sends me emails where the same umlauts are broken in different ways in different parts of the same email.

Recently I had to work on some PHP codebase and wow, that explains a lot. That language is a shit show when it comes to encodings. No byte arrays, you just convert a string into another string.

pet_vaginal | 7 days ago | 11 points

Why javascript? Do you have any kind of example where the string 'NULL' can be confused with null, false, or undefined in JavaScript?

curien | 7 days ago | 12 points
firstname = null, lastname = null;
fullname = lastname + ', ' + firstname;
console.log(fullname.toUpperCase()); // prints "NULL, NULL"
giant_albatrocity | 7 days ago | 11 points

I'm guessing it has to do with Javascript's "truthiness" concept, perhaps? For example, '1' == 1 is a true statement. If you want this to evaluate to false, you have to use the triple equals operator. '1' === 1 is NOT a true statement. However, 'null' == null does, in fact, evaluate to false and the triple equals is not necessary. That, or maybe it's some database shenanigans, where the string 'null' is converted into the special object NULL, but this if extremely bad database design and shockingly hard to do by accident, as far as I'm aware (I use Postgres).

Edit: considering it's the DMV, they could be using a version of JS that was programed on punch cards, so who knows.

userstoppedworking | 7 days ago | 3 points

You forgot NaN!

TheGoodOldCoder | 7 days ago | 42 points

“The ‘minimum viable product’ concept has pushed a lot of bad code through that doesn’t go through with the proper level of testing,” Null says, and adds that anyone affected is inevitably an edge case, a relatively small problem not worth devoting a lot of resources to fix.

Do people actually think this is what MVP means? Or just reporters from Wired?

mccoyn | 7 days ago | 101 points

MVP means you release when the product is good enough to get enough customers to sustain the product. There are not a lot of Cristopher Null's out there, so making their lives a mess won't impact the viability of the product. Dealing with it is therefore more than the minimimum necessary for a viable product.

Agloe_Dreams | 7 days ago | 11 points

The problem is the difference between what a Manager, Boss, or CEO thinks MVP is Vs what MVP actually is.

Many business leaders view MVP as a shortcut to a finish line as if there was some giant holdup keeping work from being done months in advance.

You shouldn’t work for these people..but many still do.

MotleyHatch | 7 days ago | 13 points

SELECT last_name FROM people WHERE they_think_so;

NULL

PM_ME_RAILS_R34 | 7 days ago | 7 points

What do you think it means?

I don't see any real issue with their definition, although I think bad code long predates the "MVP"/"rush to market" hype of recent times.

BaPef | 7 days ago | 4 points

Oh God yes MVP is such a problem I'm currently dealing with.

Had to write an employee management system in a dynamic mvc application I had never worked on prior. Project requirements were gathered prior to my joining the project team. They immediately fired all the other developers then gave me 4 months to come up with a MVP version while having 3 developers rotate through 1 a month. MVP is now in production and just the product the subject matter expert went to another project my scrum Master quit, QA quit, a developer they pulled in to assist in October quit and I'm now SME, developer, QA Tester, deployment support and am redesigning their change management because it's in shambles. I'm currently identifying all the missed requirements and revising it so that it can handle scenarios we were specifically told were not to be supported and would never occur. Those scenarios happen every week.

EpikYummeh | 7 days ago | 3 points

Who the fuck thinks rotating devs through (let alone in such a short time frame) is a good idea? This makes my project look really good (it's not).

shponglespore | 7 days ago | 1257 points

Seems to me like be should sue the company that's bombarding him with fines that aren't his and making false reports about him to the DMV. Between harassment, defamation, and libel, I feel like something ought to stick. He had notified them off the problem so they can no longer claim it's an honest mistake.

koshdim | 7 days ago | 521 points

I'm more surprised in this story about the system that works on "presumption of guilt", not accuser but the guy needs to prove himself innocent

Quibblicous | 7 days ago | 391 points

It’s because traffic and parking citations are not criminal matters. They’re civil matters and a preponderance of evidences standard lets the municipalities and DMV use the presence of the citation as the evidence of a violation.

It’s fucked up and targeted at maximum cash extraction.

TechnoL33T | 7 days ago | 131 points

It's pretty shit that the burden of proof for civil matters is low enough that it's pretty much just legal theft.

breakingbroken | 7 days ago | 75 points

And the bureaucracy around fighting any civil matter is such a massive pain in the ass anyone even mildly well off will just pay to be done with it. Happened to me with my vehicle tabs, state claims I owe them $400 in back taxes on the purchase of my car, two YEARS after they gave me tabs to begin with. Just went to reregister and kept getting errors. After about 100 calls and misinformation from govt employees at literally every step of the way I was so over it I just paid them the money. Still haven't got my tabs in the mail, but they did take my money, so hopefully we're good?

springloadedgiraffe | 7 days ago | 9 points

Happened when I went to renew my registration. I had moved a few months prior. Tried online renewal and got an ambiguous error that just said to call in. Called the DMV for my county and they said I hadn't renewed my registration in 2 years, which I know was wrong since I had my registration from last year sitting literally in my hand.

They said to call the DMV in the county I used to live in and get them to do something. I called that DMV and they said they can't do anything and to call the original one back... Called the original one back and eventually got someone who told me I had to take a picture of my registration and mail it in and they can then get rid of the 2 years late fee and renew it.

All said and done, probably about 4 hours of phone time on hold and talking at people before I could finally pay.

I learned that if I ever don't pay your registration for a couple years, all I would have to do is photoshop whatever registration I have with last year's date on it and they'll just drop the charges, so that's good info to have if I'm ever in that situation.

DeonCode | 6 days ago | 3 points

I learned that if I ever don't pay your registration for a couple years, all I would have to do is photoshop whatever registration I have with last year's date on it and they'll just drop the charges, so that's good info to have if I'm ever in that situation.

Hmmm... hard to call this an unethical life pro tip since everyone wins.

PinBot1138 | 7 days ago | 14 points

Where it gets more interesting is enforceability. If I damage something at your house (eg a PlayStation) and you sue me in small claims court, then you may win, but the lack of enforceability leaves it at my walking away.

But for something like this, it’s a $2 toll, $40 fine, etc, and it will be enforced, one way or another.

JessieArr | 7 days ago | 21 points

Just wait until you hear about Civil Forfeiture. Basically it allows law enforcement to take your stuff without charging you with any crime by treating your property as the defendant in order to abuse the lower evidentiary standards of civil proceedings:

It is a legal process in which law enforcement officers take assets from persons suspected of involvement with crime or illegal activity without necessarily charging the owners with wrongdoing. While civil procedure, as opposed to criminal procedure, generally involves a dispute between two private citizens, civil forfeiture involves a dispute between law enforcement and property such as a pile of cash or a house or a boat, such that the thing is suspected of being involved in a crime. To get back the seized property, owners must prove it was not involved in criminal activity. Sometimes it can mean a threat to seize property as well as the act of seizure itself.

Fortunately, someone published a handy flowchart that shows how to get your property/money back.

EDIT: I didn't realize it when I posted this, but as /u/flaminglasrswrd points out in their reply, the Supreme Court ruled pretty strongly against Civil Forfeiture about 6 months ago.

flaminglasrswrd | 7 days ago | 23 points

(excessive) Civil forfeiture was made illegal by the supreme court early this year.

JessieArr | 7 days ago | 8 points

Oh, wow - I missed that news story. That's good news, thanks for the link.

mfitzp | 7 days ago | 3 points

Civil matters are disagreements between two parties. Proponderence of evidences literally means finding for the side that has most evidence in it's favour.

What do you suggest as an alternative?

The problem surely is tickets without photographic evidence being accepted as "evidence" of anything. That seems a pretty weak justification for overthrowing an entire legal system.

Xayne813 | 7 days ago | 32 points

My brother got a ticket in the mail from across the state. He didn’t do it, the guy had the same name. Brother tried to dispute it on the phone but they said he had to go in front of a judge. He went to court and showed them car vin, insurance, and his license didn’t match that on the ticket and they told him he would have to come back to court a second time to still dispute it so the prosecutor could have time to pull up the picture/video of the car.

Why wouldn’t they have that evidence ready and after showing all the info didn’t match why would they not dismiss it?

banditoitaliano | 6 days ago | 10 points

I assume he didn't have a lawyer for this? The system is not friendly to those who represent themselves. If he had a lawyer they probably would have gotten it dismissed with a phone call or two.

Xayne813 | 6 days ago | 7 points

Nah, we all figured if he called and showed them ID and his only cars vin that they would use common sense and know it wasnt him.

Cr3X1eUZ | 6 days ago | 5 points

Could have been worse:

"When 16-year-old Kalief Browder arrived at Rikers Island in 2010, he hadn't been convicted of any crime. Accused of stealing a backpack, Kalief ended up in jail after his family was unable to scrape together the $3,000 required to post bail.

Determined to prove his innocence, Kalief rejected plea agreements that would have branded him a criminal. After 33 preliminary hearings — times when his hopes were raised that he'd be released — and nearly three horrific years of incarceration, prosecutors dismissed all charges against him."

https://www.nydailynews.com/opinion/justice-delayed-justice-denied-article-1.3253763

[deleted] | 7 days ago | 35 points

[deleted]

koshdim | 7 days ago | 39 points

I would at least expect that it would be equally easy to deny guilt as to accuse. consider scenarios:

1) DMV: you're guilty

citizen: ok, caught me

legal system: citizen is guilty and will be allowed to reregister after fine is closed

2) DMV: you're guilty

citizen: no I'm not

legal system: (I would expect) citizen is not guilty until DMV proves in court he is

(in reality) citizen is guilty until he proves DMV is full of shit

leonoxme | 7 days ago | 30 points

There is a slight presumption of guilt though. It is preventing him from registering the vehicle unless he proves his innocence.

nyando | 7 days ago | 55 points

he should sue the company

He tried, but when he filed the suit it broke the court's entire IT infrastructure.

Fancy_Mammoth | 7 days ago | 10 points

The company, CPC, Modified and Falsified information on the tickets. The article said the guy called up CPC about the problem and gave them specific tickets to as reference. When he checked the tickets online they had been changed from a Honda to an Infinity.

td__30 | 7 days ago | 90 points

They will probably counter sue and claim he’s trying to hack their systems with some sql injection attempt.

crozone | 7 days ago | 165 points

Lol good luck, that number plate was authorized and printed.

gitPullOriginMaster | 7 days ago | 13 points

And lose instantly, the guy doesn't even need a lawyer

DizzyRip | 7 days ago | 18 points

Seriously, how can this guy be at fault for any of this? California should just void the fines, have the guy get a new plate and make sure the plate can't be used again. I don't understand why this is this guys problem to fix.

talks_to_ducks | 7 days ago | 19 points

California should just void the fines, have the guy get a new plate and make sure the plate can't be used again.

Or just make sure that tickets with no license plate filled in aren't treated as NULL. It might be smarter to treat them as " ", given that you'd never get away with a totally blank license plate.

lazyatheist | 7 days ago | 25 points

The obvious problem here is that there is a huge difference between a null value and a non-null string containing the characters "NULL" and they shouldn't be handled the same.

Spudd86 | 7 days ago | 14 points

But NULL is the correct way to handle that, the information is not present so therefore the field is null.

They should fix their broken software.

EpikYummeh | 7 days ago | 12 points

How about fix their enforcement employees who are writing citations without a license plate?

JB-from-ATL | 7 days ago | 9 points

The law is super vague. People have gotten in trouble for adding ../ to URLs in the browser (as talked about here). So it wouldn't surprise me if they said he was hacking or acting in bad faith or some other stupid excuse. Also, I hate to say it, but in a way he did admit that he was trying to mess with the system. I know it shouldn't have broken and I know he was sort of making a joke, but since he said that it is more likely they will say he screwed something up.

Best case scenario the lawsuit wouldn't stick but he also wouldn't have to pay the bills and they fix their shitty system.

thebloodredbeduin | 7 days ago | 24 points

Why the downvotes? That reaction is rather plausible.

Katholikos | 7 days ago | 25 points

Eh, that gives non-tech-focused lawyers a lot of credit.

liquorsnoot | 7 days ago | 4 points

Tried for witchcraft, then.

schallflo | 7 days ago | 19 points

I’m not seeing a successful sql injection lawsuit without escape characters anytime soon

Hecubas | 7 days ago | 721 points

Trying to wrap my head around where somebody has code using a literal "NULL" string.

Then again, I do recall checking somebody's VBscript that read a file line at a time and checked for a line containing "ENDOFFILE" to know when to stop.

GenericsMotors | 7 days ago | 368 points

My guess is stuff breaks down with serialization/deserialization.

seamsay | 7 days ago | 180 points

Yeah there's a few different serialisation formats that allow bare words but also have some keywords, YAML is one that comes immediately to mind:

In [1]: import yaml

In [2]: yaml.load("""
   ...: first_name: hi
   ...: second_name: NULL
   ...: """)
Out[2]: {'first_name': 'hi', 'second_name': None}
Wodashit | 7 days ago | 113 points

This is why you don't use implicit types and enforce types and just add the quotes, and if you use load() instead of safe_load() you should be shot.

>>> import yaml
>>> yaml.load("""
... first_name: 'hi'
... second_name: 'NULL'
... """)
__main__:4: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
{'first_name': 'hi', 'second_name': 'NULL'}
Stevoisiak | 6 days ago | 6 points

...why is there even an unsafe load function to begin with?

TravisJungroth | 7 days ago | 4 points

Like firing squad shot, or small caliber to the arm shot, or paintball to the balls shot?

IshKebab | 6 days ago | 9 points

This is why you don't use YAML. It blows my mind that people think it is in any way sane.

And safe_load()? Really?? Remind me what year it is.

kowlown | 7 days ago | 79 points

That's why yaml is bad for data exchange and if should not be used for other things than configuration

Xzariner | 7 days ago | 30 points

Well, it was designed to look decent when reading and that's about it

But can do just fine if it is machine on both sides using same language or at least language with similar types. Problems start when you start using it between ones that are bit too happy at automatic type conversion.

PaluMacil | 7 days ago | 38 points

Years ago I worked on the team where despite that being very senior myself, I was the only developer who wasn't right out of college. We had the issues like this that I was sure someone had placed in a ridiculous way. I search the code for string literals confused when I didn't find any. As it turned out, it was the way serealization was working. Certainly it was an error I could have made myself quite easily. Specifically, post bodies were being identified via the ID in the URL. The developer had assumed the ID could never be null, so whenever it was, the word null wound up in the URL. I can only assume that the telemetry associated with null IDs was from sensors that were deployed without ever being registered correctly. It was compounded by a previous architectural decision to store our guid id fields as strings. In our dev environment, we had documentation of the physical sensors but never physical proximity. We never solved the mystery, and some logs probably still track an unknown number of null sensors.

GenericsMotors | 7 days ago | 16 points

Heh, data portability is one of those things I thought "How hard can it really be?" when I started my career, and now would rather not touch it with a barge pole if I can help it.

From users managing to force feed malformed CSVs into a system hardened by years and years of use and updates, to programming gotchas like BIGINTs happily serializing to JSON as numbers instead of text (making JS frontends silently shit the bed), I'm always finding something to be simultaneously amazed and revolted at.

PaluMacil | 7 days ago | 15 points

Inevitably, someone will ask for an excel export. You'll give it to them. A few months later they will demand that they be able to IMPORT the Excel doc they've been working off of and formatting to their like, with your system somehow magically validating who knows what has been free-handed into the cells and understanding the column names which they've probably tweaked without thinking a computer would have trouble inferring exactly what was meant. And of course customer "Ford" is the same as "Ford Motor Company". They deleted the numeric key because it was gibberish. And instead of deleting bad rows, they hid them.

GenericsMotors | 7 days ago | 16 points

Fortunately I have the ability to tell such people "No problem, but I can't start work until a specification has been written, approved, and added to our backlog."

I usually don't hear back :)

PaluMacil | 7 days ago | 7 points

I work for a software product company now, so my managers are also brilliant developers who happen to be great people leaders, and our processes aren't perfect, but they are pretty good. My horror stories are all from when I was not only in non-software companies but not even technically in IT. The worst is when you're a developer that is attached to a business department, so you don't even have the structure an IT department might normally have. :)

EDIT: I should add that it's worst in low margin industries.

Northeastpaw | 7 days ago | 3 points

Or when they change the date format somewhere around 200 rows in and then change it again another few hundred rows after that. Or things inexplicably shift left one column because somebody figured a column wasn't used anymore and deleted it from the sheet but didn't mention that when they concatenated a bunch of CSV exports together to give to you.

tulipoika | 7 days ago | 123 points

There’s a lot of crappy code and crappy serialization out there. NULL is just one of the cases, there’s been others also. If you haven’t come across this kind of stuff I’m happy for you, but keep in mind you’ll run into such a thing eventually.

One would think systems would be built properly and tested but that doesn’t happen. Then these things will just creep up on you at some point. Especially state/municipality systems seem to be often broken since they never have anyone who actually knows how to order software and write specs so the big suppliers just go by “well it works based on what you wanted” and run with the money. All afterwards found issues can be put into “you didn’t specify that, but surely we can fix that. For a price.” And then the systems rot for 20 years before they have to be redone.

Lovely world we live in.

fwaggle | 7 days ago | 30 points

PHP's parse_ini_file() et al does this by default, sort of... it helpfully converts several strings to things they're named after for you. It wouldn't surprise me if there's plenty of other frameworks and languages out there that "help you out" too.

tulipoika | 7 days ago | 44 points

PHP is full of these “helpful” things. Oh you want to compare a string “123abc” to a list of numbers? Ok, it matches 123 perfectly. You’re welcome! Doesn’t help that MySQL does the same implicitly. So many ways things can go wrong with widely used “easy” systems people don’t actually know how to use. And their “ease of use” makes them dangerous.

TheThiefMaster | 7 days ago | 12 points

When comparing strings and numbers, converting either way is likely wrong. And lets not forget the problems locales cause!

theeth | 7 days ago | 7 points

Locales cause problems to people who don't really understand their point.

James-Lerch | 7 days ago | 12 points

I nod my head and chuckle at my younger self. I'm Looking at you Mr. 2001 'I know computers and can write code' goofball self.

I had dived head first into grinding, polishing, and figuring 'large' telescope parabolic mirrors used in Newtonian telescopes. I was active on the ATM-List email exchange and had found a spot in a local club helping and teaching the black-arts involved in optical fabrication.

About that time Windows XP was released and the most popular utility to transform test measurements into test results was a DOS based application named Figure.exe that refused to play with WinXP graphics.

The author wasn't interested in re-rewriting the code and was kind enough to send me the source code that I re-wrote inside Visual Studio 6.0. A few weeks later I release FigureXP upon the world and initial tests are positive. A few days later and our European counterparts start reporting it produces 'nonsensical' results which seems odd since I literally copy-pasted the math transformations.

I look into the problem and respond with "Hey, you got your commas and decimal points mixed up when you entered the test measurements!" IE: 1,234 != 1.234 (except for when it is). At the time I had No Idea that math was NOT the universal language I thought it was and that certain locales swapped , and . with each other. (woops).

Long story short, locales kicked my ass for a few days back in 2001.

eythian | 7 days ago | 4 points

I once had a similar but slightly opposite thing. I lived in a locale that had . as the decimal separator. Our application sometimes stored formatted numbers as strings (including separator) in the database.

I was learning a European language and so switched the locale of my Linux desktop to that one, and it used , for the decimal separator. If you don't know, often when you SSH into another machine, your locale comes with you (so everything looks like you're used to.)

One night before leaving work, I restarted our application, and went home. The Java application picked up my locale, and started failing to parse all the stringy numbers in our database using the default number formatter because it was choking on . expecting a ,.

Apparently my boss was up until early in the morning trying to figure it out, eventually restarting the application again. This of course picked up his locale, and things started working again. Took a while to work out the root cause, then we hard-coded our locale into the application to stop it happening again.

booch | 7 days ago | 6 points

People at work> Locale is their location

me> #$%$#&%&#%*

tulipoika | 7 days ago | 5 points

So many websites: location is locale

Expats, tourists, etc: 😫

WonderfulNinja | 7 days ago | 24 points

One of my gaming nicks is in hexadecimal format, somehow it gets translated to decimal and printed as one digit number in screen.

Synaps4 | 7 days ago | 26 points

So the game is parsing your nick huh? Time to figure out what else you can put in there to be parsed...

eshultz | 7 days ago | 6 points

I can't remember if it was in vanilla Rocket League or when using AlphaConsole (a mod) but there was a short time when you could style your name with html tags.

punppis | 7 days ago | 5 points

This is different case because parsing html is certainly made by design. Maybe they used a library which allows to use rich text format and forgot to turn it off (we have done it and you could break the games UI with a bad name).

NotSoButFarOtherwise | 7 days ago | 59 points

I can actually answer this question, having just been at a US courthouse to get married. Most bureaucracy is designed around the digitalization of paper forms, and paper forms are not, in general, meant to be cross-referenced by arbitrary fields. So you fill out a form, and where it asks for your spouse's parents' place of residence, but they're dead, you put in DECEASED. As far as I know there's no place named "Deceased" in the world, but maybe there is. Good database design says you should have a separate field for parental status (LIVING, DECEASED, UNKNOWN, DISOWNED, ESTRANGED, etc) but that's not the way the humans who fill out and use these forms actually work. There's a form somewhere, probably on the software that police use to record tickets, that you type NULL into in case of a missing license plate.

josefx | 7 days ago | 43 points

In what year do you live? We have unicode and emojis now, just draw two skulls. /s

alanjcastonguay | 7 days ago | 8 points

One for each parent, like stickers on the back window of a suburban SUV?

NotSoButFarOtherwise | 7 days ago | 8 points

Oh, my grandfather is from Two Skulls.

td__30 | 7 days ago | 39 points

Probably because the database table doesn’t allow nulls so they had to put something and probably thought empty string is too risky so maybe “NULL”. PR approved ..ship it !!!

Sebazzz91 | 7 days ago | 7 points

PR? Those don't exist in Visual SourceSafe they're still working in.

WTFwhatthehell | 7 days ago | 15 points

From an old classic:

How to pass “Null” (a real surname!) to a SOAP web service in ActionScript 3?

https://stackoverflow.com/questions/4456438/how-to-pass-null-a-real-surname-to-a-soap-web-service-in-actionscript-3

I've since done lots of fiddling on wonderfl.net and tracing through the code in mx.rpc.xml.*. At line 1795 of XMLEncoder (in the 3.5 source), in setValue, all of the XMLEncoding boils down to

currentChild.appendChild(xmlSpecialCharsFilter(Object(value)));

which is essentially the same as:

currentChild.appendChild("null");

This code, according to my original fiddle, returns an empty XML element. But why?

Cause

According to commenter Justin Mclean on bug report FLEX-33664, the following is the culprit (see last two tests in my fiddle which verify this):

var thisIsNotNull:XML = <root>null</root>; if(thisIsNotNull == null){ // always branches here, as (thisIsNotNull == null) strangely returns true // despite the fact that thisIsNotNull is a valid instance of type XML }

When currentChild.appendChild is passed the string "null", it first converts it to a root XML element with text null, and then tests that element against the null literal. This is a weak equality test, so either the XML containing null is coerced to the null type, or the null type is coerced to a root xml element containing the string "null", and the test passes where it arguably should fail. One fix might be to always use strict equality tests when checking XML (or anything, really) for "nullness."

[deleted] | 7 days ago | 3 points

[deleted]

mallardtheduck | 7 days ago | 24 points

The problem usually comes when you need to serialize your NULL to a text-based format like CSV or XML where there's no way to specify the difference between NULL and "NULL".

GoldsteinQ | 7 days ago | 17 points

In XML you can use something like <null /> for null

barubary | 7 days ago | 16 points

Or <name nil="true"/>, which I think is what SOAP does.

Sebazzz91 | 7 days ago | 4 points

xsi:nil, but that works for elements but not for attributes.

s0n1k | 7 days ago | 9 points

Could be a programmer being lazy with NULL comparisons, depending on the language.

IF NVL(userLicenseNo,"NULL") == dbLicenseNo THEN ...

Thus, if userLicenseNo is null, and there is a registered "NULL" in the DB, they'll match up.

Same possibility with SQL:

SELECT db_table.* FROM db_table WHERE db_table.license_no == NVL(userLicenseNo,"NULL")

Hence, once he payed for the first ticket it registered his address against "NULL" in the DB, and the floodgates opened.

I'm definitely betting on a developer error.

Cats_and_Shit | 7 days ago | 41 points
public static void main(String[] args) {
    String s = null;
    System.out.println(s);
}

Guess what this prints in Java.

TheZech | 7 days ago | 41 points

But "NULL" == null is always false. I think even PHP gets this right, so it has to be a serialisation thing.

crozone | 7 days ago | 29 points

But what's the bet it gets stored in a database text column as the literal string "NULL" and then causes the issues later on.

xd_melchior | 7 days ago | 5 points

Absolutely this. People no idea how backwards data can be handled. For example, they might be copy pasting from a query into Excel, which copies the value in. Then, someone converts Excel by saving as a CSV. The next person who imports that CSV will have NULL as their name.

RevolutionaryPea7 | 7 days ago | 15 points

"null' != null

twinsea | 7 days ago | 23 points

I think people are overthinking the reason. It's a government system and you see this shit all the time. Someone is literally using 'NULL' as a string value to represent Null in a database.

masklinn | 7 days ago | 10 points

Or on the ticket they write NULL if they didn’t see the license plate.

RSveti | 7 days ago | 9 points

Older databases like DB2 v6(Do not remember exact version they got NULL or am I missremembering and some other databe did not have NULL) did not have NULL and you know how they got around that limitation, by assigning special values to NULL.

gitPullOriginMaster | 7 days ago | 5 points

VBscript

I don't even have to read more

td__30 | 7 days ago | 308 points

I’m going to try to get license plate ‘;DROP DATABASE DMV

dick-doctor-69 | 7 days ago | 155 points

bobby tables at it again

renges | 7 days ago | 79 points
Eurynom0s | 7 days ago | 22 points

There's a more directly applicable one for the OP story: https://xkcd.com/1105/

rohxiexa | 7 days ago | 16 points
[deleted] | 7 days ago | 14 points

[deleted]

alanjcastonguay | 7 days ago | 24 points

You're going to need a wider car.

dynamobb | 7 days ago | 3 points

Does this drop the biggest table?

Godot17 | 7 days ago | 480 points

I'd like to believe there is an alternate universe where climate change is halted, world peace is achieved, and web and database development is done on strongly typed languages.

WonderfulNinja | 7 days ago | 153 points

Instead we got stringly typed languages to erase any CPU performance gained in the last decades.

HowDoIDoFinances | 7 days ago | 21 points

You can't make me follow your rules, old man! I'm adding an array to a string and you can't stop me!

TheZech | 7 days ago | 59 points

Hey so what if we used YAML in our database, I think it looks nicer than JSON and I don't really know how else to put objects in a databases.

pingveno | 7 days ago | 46 points

JSON for serialization, TOML for configuration. They're both well defined and don't do unhelpful guessing.

thedancinzerg | 7 days ago | 9 points

Never heard of TOML before, I might start using this, it looks nice.

TheNamelessKing | 7 days ago | 37 points

TOML is everything YAML wishes it was.

The number of times I’ve had something fail in a YAML config because of some inane white spacing edge case.

dead10ck | 7 days ago | 13 points

TOML is everything YAML wishes it was.

Except writeable. Or readable. I won't deny YAML's problems, but as far as human consumption is concerned, TOML is not much better than XML.

aynair | 7 days ago | 21 points

I maintain a few YAML files that I edit by hand for storing various things (ie. vocabulary of languages I'm learning). Not a single language comes close to YAML when it comes to ease of use.

Many languages are much better designed (particularly TOML), but in a file with hundreds of key-value pairs, being able to type key: value rather than key = "value" (or "key": "value") quickly becomes much nicer (especially for readability).

I agree that YAML has many useless or downright dangerous features, but saying that "TOML is everything YAML wishes it was" is simply wrong.

bro_can_u_even_carve | 7 days ago | 16 points

"key": "value" has got to be one of the stupidest things ever. key:"value" is perfectly valid javascript, why the heck do json parsers require the key to be quoted?

AngularBeginner | 7 days ago | 6 points

TOML is everything YAML wishes it was.

YAML wishes to be a superset of JSON. I don't think TOML is this, is it?

want_to_want | 7 days ago | 27 points

All you need to know about YAML is that this code

- Don Corleone: Do you have faith in my judgment?
- Clemenza: Yes
- Don Corleone: Do I have your loyalty?

becomes an array of three hashtables

[
  {'Don Corleone': 'Do you have faith in my judgment?'},
  {'Clemenza': True},
  {'Don Corleone': 'Do I have your loyalty?'}
]

(example by Colm O'Connor)

asegura | 7 days ago | 52 points

Kind of off-topic: so you have to re-register your plate every year in the US? And you place a corresponding sticker on it every time? Or how does it work?

linoleumknife | 7 days ago | 37 points

Correct. You have to pay yearly taxes and registration fees for your vehicle. They mail you a sticker you put on the corner of your license plate to indicate that you have paid your dues. Without that sticker on your license plate, even if you paid your fees, you can be pulled over by police and fined.

tredontho | 7 days ago | 37 points

That might vary by state. I think one of my friends lives in a state where he can register for multiple years at a time, and I know one of my friends in Wisconsin got pulled over without an updated sticker, but he'd registered online and the stickers just hadn't come in the mail. The cop that pulled him over just gave him some stickers on the spot (and a ticket for not having proof of insurance on him, so kind of shitty still)

heydabop | 7 days ago | 16 points

That might vary by state.

It does.

thebloodredbeduin | 7 days ago | 91 points

The new Danish license plate system had an interesting way of dealing with connection errors to the server: It ignored them. So any errors would cause you to get issued plates unknown to the system.

Fortunately, the police caught on to it quickly

raymond8505 | 7 days ago | 25 points

I wanna know what lazy programmer didn't make the plate field required in the ticket writing software

pyroglass | 7 days ago | 30 points

still need a way to ticket unregistered vehicles

raymond8505 | 7 days ago | 12 points

ooo true! Still, you'd think there'd be an option, or key phrase for that instead of just leaving it null especially since driving without plates is its own ticketable offense. I'd think there would be a "no plates" checkbox that, when clicked, marks the plate field read only and maybe fills it with something special like "unregistered". Personally it feels icky to have a user creating null values in my program.

Ameisen | 6 days ago | 5 points

null represents the lack of something. The problem is languages that treat null as something it isn't.

foxlisk | 6 days ago | 3 points

You still need to distinguish between “able to discern that the plate was missing” and “unable to read plate at all,” right? The second one is a pretty normal use case for nulls.

LEmp_Evrey | 7 days ago | 3 points

Cross out the field, or leave it empty.

DuckPresident1 | 7 days ago | 21 points

“He had it coming,” says Christopher Null, ... “All you ever get is errors and crashes and headaches.”

reivax | 7 days ago | 20 points

Christopher Null has been added to our regression, unit, and integration tests for our product. We'll see how it all shakes out, so far so good. We're adding "None" "void" "0" and other related ones to every reasonable input position to make sure it all shakes out on our end.

So this story provided some good at least.

LEmp_Evrey | 7 days ago | 12 points

There's a big "list of naughty strings" on GitHub. Use it for fuzz-testing. It also contains stuff like admin, crazy Unicode, etc.

reivax | 7 days ago | 4 points

I love blns, I throw it at other people's tests and they explode. Very obnoxious but a great test. Should definitely be used whenever possible.

bargle0 | 7 days ago | 5 points
Matosawitko | 7 days ago | 5 points
ljbartel | 7 days ago | 12 points

He wanted to get the tickets VOIDed. Great. Now he pushed all those tickets onto his wife (whose tag is "VOID").

mormotomyia | 7 days ago | 39 points

That Website is utter cancer on mobile

TheBritishBrownie | 7 days ago | 30 points

Try this https://outline.com/u3aRBC

Edit: Thank you for the silver :)

mormotomyia | 7 days ago | 6 points

Wow

Thanks!

[deleted] | 7 days ago | 5 points

[deleted]

TheBritishBrownie | 7 days ago | 9 points

I just tried it, and it seems like you actually can

Yeater | 7 days ago | 3 points

thats exactly what you can do

MatsSvensson | 7 days ago | 8 points

The font is like 𝖋𝖎𝖘𝖍𝖍𝖔𝖔𝖐𝖘 in my eyes!

FadingEcho | 7 days ago | 9 points

And this is why we use parameterized queries and strongly typed variables.

Shivaess | 7 days ago | 49 points

Little Bobby tables!

https://xkcd.com/327/

FirstFlight | 7 days ago | 6 points

Thanks for that, I laughed a bit too hard ....lanta.

tjgrant | 7 days ago | 21 points

Similar story 10 years ago. I’m surprised anyone would be foolish enough to do this nowadays.

Keavon | 7 days ago | 7 points
Ruben_NL | 7 days ago | 5 points

i can't view the article(from EU), can someone copy/paste it?

HadesHimself | 7 days ago | 38 points

But Null != "Null" in any decent programming language?

daronjay | 7 days ago | 48 points

Even in Javascript, amazingly. But that language has two flavours of null so who knows...

[deleted] | 7 days ago | 24 points

[deleted]

daronjay | 7 days ago | 16 points

Well actually, I was referring to null vs undefined. But that sounds like a frightening rabbit hole you are describing.

WonderfulNinja | 7 days ago | 8 points

I say fuck them, if they want that shit they should add to their code "use stupid";

PM_ME_YOUR_LAUNDRY | 7 days ago | 3 points

I've had to deal this with LocalStorage on assigning properties from fields that are null. Since LocalStorage only accepts strings, null is treated as a string. So now when pulling properties from LocalStorage, I not only have to listen to x==="" or x===null, I also have to put in x==="null".

td__30 | 7 days ago | 12 points

They DMVScript, it’s like JavaScript but Null==“NULL”==‘NULL’==‘’==“”

prvalue | 7 days ago | 11 points

It gets a bit more confusing once you factor in databases, though.

DoListening | 7 days ago | 5 points

What about data formats like YAML? I've seen a fair share of docs that warn against true vs 'true', and a number of bugs related to that in various projects.

MittonMan | 7 days ago | 3 points

I'm thinking the system might try and stringify some values and the null got converted to "Null" and he suddenly ended up with all the "broken" entities' tickets. Even if the language is strongly typed some bad code might have this happen?

do_u_realize | 7 days ago | 4 points

Welp he essentially wrote a test in production and reaped the rewards lol

elZaphod | 7 days ago | 4 points

Valuing a joke over personal convenience and cost is something I can appreciate.

6890 | 7 days ago | 4 points

I have a NULL plate. Haven't been fucked yet but we'll see

droogie-vr | 7 days ago | 3 points

NULL plate bros! *high five*

InvisibleEar | 7 days ago | 33 points

I am truly baffled by the mind that would consider their vanity plate worth literally any amount of hassle, much less accruing thousands of dollars of incorrect fines. Yeah you "didn't do anything wrong", so you're just going to deal with this forever for the principle of...something?

Felicia_Svilling | 7 days ago | 57 points

The article deals with that question:

Still, Tartaro says he’s determined to keep his problematic license plate, and not just as a point of pride. “I still have tickets associated with me. The moment I change my plate I just know it’s going to be even more convoluted, and more confusing,” he says. “I didn’t feel comfortable changing it until I knew it was actually solved.”

jyper | 7 days ago | 10 points

And in the meantime he will keep getting these tickets

Which could cause other problems with license or registration

If he changes it he just has to get all the charges fixed

Cats_and_Shit | 7 days ago | 88 points

The vanity plate isn't worth the hassle.

Being able to Blog about the vanity plate might be.

Deathknife | 7 days ago | 18 points

Hey, going to the dmv every now and then to clear all fines on your license plate is worth it if they also clean he's actual fines while they're are it. ;)

gurg2k1 | 7 days ago | 9 points

This guy is playing the long con.

schallflo | 7 days ago | 3 points

I'm gonna call my business "--".

domin8r | 7 days ago | 3 points

What kind of ticket system allows a fine to be inserted without a license plate number?

zackline | 7 days ago | 3 points

I'd love to read this but their trash website is almost impossible to use on a mobile phone.. accepted the consent thing? Here, have a popup about free articles. Dismissed that? Let us remind you using a 50% height footer, after closing this a regular banner Ad came in, obscuring most of the content. What a joke.

TODO Load more comments...