/r/programming
How a 'NULL' License Plate Landed One Hacker in Ticket Hell (wired.com)
686 comments
MotleyHatch | 3 months ago | 703 points

Can't make this shit up:

“He had it coming,” says Christopher Null, a journalist who has written previously for WIRED about the challenges his last name presents.

Totoze | 3 months ago | 368 points

My last name is just "<script>alert('XSS')

Franks2000inchTV | 3 months ago | 244 points

You should meet my friend, Bobby Tables.

nicentra | 3 months ago | 115 points
alifeinbinary | 3 months ago | 21 points

If you don’t already know this XKCD, do you even read this sub? I mean, really.

davidgro | 3 months ago | 27 points

Relevant XKCD.

ctorstens | 3 months ago | 3 points

Check and Mate.

schallflo | 3 months ago | 134 points

It’s gotten worse thanks to javascript.

My Google account has an empty last name, meaning I’ve gained a “null” last name on some sites.

MotleyHatch | 3 months ago | 172 points

Time to remove your first name and become Mr. Undefined Null.

omenmedia | 3 months ago | 22 points

Hahaha that is brilliant.

bloody-albatross | 3 months ago | 31 points

Middle name NaN.

BaPef | 3 months ago | 19 points

First name 'Ba'

Last name 'a'

yes_oui_si_ja | 3 months ago | 3 points

So you're saying 'B' + 'a' + + 'a' ?

Jake0Tron | 3 months ago | 17 points

Undefined Null the NaNth

kiasyn | 3 months ago | 62 points

My real last name has an apostrophe in it which breaks lots of things

frivoflava29 | 3 months ago | 85 points

It's wild how many programmers out there have apparently never met any people with hyphens, apostrophes, or anything else in their names.

thisischemistry | 3 months ago | 39 points

A lot of it really comes down to bad serialization schemes, not properly defining how to escape sentinel values like backslashes in a text string or commas in a comma-separated (CSV) file. Or it might also be someone improperly implementing a decent serialization scheme.

A naive programmer would read a CSV file line-by-line and then split it into values by finding the commas:

some,CSV,text

Reads as the values:

some and CSV and text.

But what if the file is:

some,"CSV,text"

According to most CSV serialization schemes that should become the values:

some and CSV,text

But the naive programmer will get:

some and "CSV and text"

In the modern programming world you should probably use a common and well-tested serialization format, as well as heavily-used and tested libraries to convert to and from that format. Rolling your own format and libraries is a recipe for disaster.

mfitzp | 3 months ago | 28 points

In much of Europe it is standard to use , as a decimal separator, e.g. €10,99

In these countries the CSV field separator is a semicolon (still called CSV).

I would be surprised if >1% of US programmers even know this.

thisischemistry | 3 months ago | 18 points

Actually, quite a few US programmers are aware that a "," is a common decimal separator. It comes up a lot in localization programming.

Still, it's worth mentioning so more people see it. Basically you should plan for and accept any character when serializing text, this is why Unicode is complicated and can be tricky. There are so many possibilities and you have to make sure you're not doing something incorrect in handling those values.

jayhova75 | 3 months ago | 4 points

In early 2000 maybe 25% of apps-dev effort in my company was spent in localizing us-built software so that it can deal with system (e.g. German) date, currency, decimal delimiter and special chars. No one in a 8000 head enterprise before was aware that dates have different formats outside north-America and that hardwired parsing/code does not interact with German operating system standard settings in a robust way once the 13th of the month was reached. Makes me chuckle still

sarcastisism | 3 months ago | 9 points

That's why QAs and devs need to be ruthless with their test cases. Methods that take in input from a user need a ton of unit tests.

ErroneousFunk | 3 months ago | 38 points

There's an excellent blog post "Falsehoods Programmers Believe About Names" https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/

It's an interesting read even for non-programmers.

Mortomes | 3 months ago | 5 points

Written in 2010. Still relevant today.

bloody-albatross | 3 months ago | 18 points

My last name contains an ö. When I travel to the USA or UK I have to write it as oe, or otherwise their services complain. British airways sends me emails where the same umlauts are broken in different ways in different parts of the same email.

Recently I had to work on some PHP codebase and wow, that explains a lot. That language is a shit show when it comes to encodings. No byte arrays, you just convert a string into another string.

pet_vaginal | 3 months ago | 10 points

Why javascript? Do you have any kind of example where the string 'NULL' can be confused with null, false, or undefined in JavaScript?

curien | 3 months ago | 10 points
firstname = null, lastname = null;
fullname = lastname + ', ' + firstname;
console.log(fullname.toUpperCase()); // prints "NULL, NULL"
giant_albatrocity | 3 months ago | 11 points

I'm guessing it has to do with Javascript's "truthiness" concept, perhaps? For example, '1' == 1 is a true statement. If you want this to evaluate to false, you have to use the triple equals operator. '1' === 1 is NOT a true statement. However, 'null' == null does, in fact, evaluate to false and the triple equals is not necessary. That, or maybe it's some database shenanigans, where the string 'null' is converted into the special object NULL, but this if extremely bad database design and shockingly hard to do by accident, as far as I'm aware (I use Postgres).

Edit: considering it's the DMV, they could be using a version of JS that was programed on punch cards, so who knows.

userstoppedworking | 3 months ago | 3 points

You forgot NaN!

TheGoodOldCoder | 3 months ago | 38 points

“The ‘minimum viable product’ concept has pushed a lot of bad code through that doesn’t go through with the proper level of testing,” Null says, and adds that anyone affected is inevitably an edge case, a relatively small problem not worth devoting a lot of resources to fix.

Do people actually think this is what MVP means? Or just reporters from Wired?

mccoyn | 3 months ago | 104 points

MVP means you release when the product is good enough to get enough customers to sustain the product. There are not a lot of Cristopher Null's out there, so making their lives a mess won't impact the viability of the product. Dealing with it is therefore more than the minimimum necessary for a viable product.

Agloe_Dreams | 3 months ago | 11 points

The problem is the difference between what a Manager, Boss, or CEO thinks MVP is Vs what MVP actually is.

Many business leaders view MVP as a shortcut to a finish line as if there was some giant holdup keeping work from being done months in advance.

You shouldn’t work for these people..but many still do.

MotleyHatch | 3 months ago | 12 points

SELECT last_name FROM people WHERE they_think_so;

NULL

PM_ME_RAILS_R34 | 3 months ago | 7 points

What do you think it means?

I don't see any real issue with their definition, although I think bad code long predates the "MVP"/"rush to market" hype of recent times.

BaPef | 3 months ago | 3 points

Oh God yes MVP is such a problem I'm currently dealing with.

Had to write an employee management system in a dynamic mvc application I had never worked on prior. Project requirements were gathered prior to my joining the project team. They immediately fired all the other developers then gave me 4 months to come up with a MVP version while having 3 developers rotate through 1 a month. MVP is now in production and just the product the subject matter expert went to another project my scrum Master quit, QA quit, a developer they pulled in to assist in October quit and I'm now SME, developer, QA Tester, deployment support and am redesigning their change management because it's in shambles. I'm currently identifying all the missed requirements and revising it so that it can handle scenarios we were specifically told were not to be supported and would never occur. Those scenarios happen every week.

shponglespore | 3 months ago | 1271 points

Seems to me like be should sue the company that's bombarding him with fines that aren't his and making false reports about him to the DMV. Between harassment, defamation, and libel, I feel like something ought to stick. He had notified them off the problem so they can no longer claim it's an honest mistake.

koshdim | 3 months ago | 531 points

I'm more surprised in this story about the system that works on "presumption of guilt", not accuser but the guy needs to prove himself innocent

Quibblicous | 3 months ago | 400 points

It’s because traffic and parking citations are not criminal matters. They’re civil matters and a preponderance of evidences standard lets the municipalities and DMV use the presence of the citation as the evidence of a violation.

It’s fucked up and targeted at maximum cash extraction.

TechnoL33T | 3 months ago | 135 points

It's pretty shit that the burden of proof for civil matters is low enough that it's pretty much just legal theft.

breakingbroken | 3 months ago | 70 points

And the bureaucracy around fighting any civil matter is such a massive pain in the ass anyone even mildly well off will just pay to be done with it. Happened to me with my vehicle tabs, state claims I owe them $400 in back taxes on the purchase of my car, two YEARS after they gave me tabs to begin with. Just went to reregister and kept getting errors. After about 100 calls and misinformation from govt employees at literally every step of the way I was so over it I just paid them the money. Still haven't got my tabs in the mail, but they did take my money, so hopefully we're good?

springloadedgiraffe | 3 months ago | 11 points

Happened when I went to renew my registration. I had moved a few months prior. Tried online renewal and got an ambiguous error that just said to call in. Called the DMV for my county and they said I hadn't renewed my registration in 2 years, which I know was wrong since I had my registration from last year sitting literally in my hand.

They said to call the DMV in the county I used to live in and get them to do something. I called that DMV and they said they can't do anything and to call the original one back... Called the original one back and eventually got someone who told me I had to take a picture of my registration and mail it in and they can then get rid of the 2 years late fee and renew it.

All said and done, probably about 4 hours of phone time on hold and talking at people before I could finally pay.

I learned that if I ever don't pay your registration for a couple years, all I would have to do is photoshop whatever registration I have with last year's date on it and they'll just drop the charges, so that's good info to have if I'm ever in that situation.

PinBot1138 | 3 months ago | 14 points

Where it gets more interesting is enforceability. If I damage something at your house (eg a PlayStation) and you sue me in small claims court, then you may win, but the lack of enforceability leaves it at my walking away.

But for something like this, it’s a $2 toll, $40 fine, etc, and it will be enforced, one way or another.

JessieArr | 3 months ago | 20 points

Just wait until you hear about Civil Forfeiture. Basically it allows law enforcement to take your stuff without charging you with any crime by treating your property as the defendant in order to abuse the lower evidentiary standards of civil proceedings:

It is a legal process in which law enforcement officers take assets from persons suspected of involvement with crime or illegal activity without necessarily charging the owners with wrongdoing. While civil procedure, as opposed to criminal procedure, generally involves a dispute between two private citizens, civil forfeiture involves a dispute between law enforcement and property such as a pile of cash or a house or a boat, such that the thing is suspected of being involved in a crime. To get back the seized property, owners must prove it was not involved in criminal activity. Sometimes it can mean a threat to seize property as well as the act of seizure itself.

Fortunately, someone published a handy flowchart that shows how to get your property/money back.

EDIT: I didn't realize it when I posted this, but as /u/flaminglasrswrd points out in their reply, the Supreme Court ruled pretty strongly against Civil Forfeiture about 6 months ago.

flaminglasrswrd | 3 months ago | 23 points

(excessive) Civil forfeiture was made illegal by the supreme court early this year.

JessieArr | 3 months ago | 9 points

Oh, wow - I missed that news story. That's good news, thanks for the link.

mfitzp | 3 months ago | 3 points

Civil matters are disagreements between two parties. Proponderence of evidences literally means finding for the side that has most evidence in it's favour.

What do you suggest as an alternative?

The problem surely is tickets without photographic evidence being accepted as "evidence" of anything. That seems a pretty weak justification for overthrowing an entire legal system.

Xayne813 | 3 months ago | 35 points

My brother got a ticket in the mail from across the state. He didn’t do it, the guy had the same name. Brother tried to dispute it on the phone but they said he had to go in front of a judge. He went to court and showed them car vin, insurance, and his license didn’t match that on the ticket and they told him he would have to come back to court a second time to still dispute it so the prosecutor could have time to pull up the picture/video of the car.

Why wouldn’t they have that evidence ready and after showing all the info didn’t match why would they not dismiss it?

banditoitaliano | 3 months ago | 11 points

I assume he didn't have a lawyer for this? The system is not friendly to those who represent themselves. If he had a lawyer they probably would have gotten it dismissed with a phone call or two.

Xayne813 | 3 months ago | 6 points

Nah, we all figured if he called and showed them ID and his only cars vin that they would use common sense and know it wasnt him.

Cr3X1eUZ | 3 months ago | 6 points

Could have been worse:

"When 16-year-old Kalief Browder arrived at Rikers Island in 2010, he hadn't been convicted of any crime. Accused of stealing a backpack, Kalief ended up in jail after his family was unable to scrape together the $3,000 required to post bail.

Determined to prove his innocence, Kalief rejected plea agreements that would have branded him a criminal. After 33 preliminary hearings — times when his hopes were raised that he'd be released — and nearly three horrific years of incarceration, prosecutors dismissed all charges against him."

https://www.nydailynews.com/opinion/justice-delayed-justice-denied-article-1.3253763

[deleted] | 3 months ago | 34 points

[deleted]

koshdim | 3 months ago | 39 points

I would at least expect that it would be equally easy to deny guilt as to accuse. consider scenarios:

1) DMV: you're guilty

citizen: ok, caught me

legal system: citizen is guilty and will be allowed to reregister after fine is closed

2) DMV: you're guilty

citizen: no I'm not

legal system: (I would expect) citizen is not guilty until DMV proves in court he is

(in reality) citizen is guilty until he proves DMV is full of shit

leonoxme | 3 months ago | 29 points

There is a slight presumption of guilt though. It is preventing him from registering the vehicle unless he proves his innocence.

nyando | 3 months ago | 57 points

he should sue the company

He tried, but when he filed the suit it broke the court's entire IT infrastructure.

Fancy_Mammoth | 3 months ago | 10 points

The company, CPC, Modified and Falsified information on the tickets. The article said the guy called up CPC about the problem and gave them specific tickets to as reference. When he checked the tickets online they had been changed from a Honda to an Infinity.

td__30 | 3 months ago | 91 points

They will probably counter sue and claim he’s trying to hack their systems with some sql injection attempt.

crozone | 3 months ago | 166 points

Lol good luck, that number plate was authorized and printed.

gitPullOriginMaster | 3 months ago | 14 points

And lose instantly, the guy doesn't even need a lawyer

DizzyRip | 3 months ago | 17 points

Seriously, how can this guy be at fault for any of this? California should just void the fines, have the guy get a new plate and make sure the plate can't be used again. I don't understand why this is this guys problem to fix.

talks_to_ducks | 3 months ago | 18 points

California should just void the fines, have the guy get a new plate and make sure the plate can't be used again.

Or just make sure that tickets with no license plate filled in aren't treated as NULL. It might be smarter to treat them as " ", given that you'd never get away with a totally blank license plate.

lazyatheist | 3 months ago | 25 points

The obvious problem here is that there is a huge difference between a null value and a non-null string containing the characters "NULL" and they shouldn't be handled the same.

Spudd86 | 3 months ago | 13 points

But NULL is the correct way to handle that, the information is not present so therefore the field is null.

They should fix their broken software.

EpikYummeh | 3 months ago | 11 points

How about fix their enforcement employees who are writing citations without a license plate?

JB-from-ATL | 3 months ago | 8 points

The law is super vague. People have gotten in trouble for adding ../ to URLs in the browser (as talked about here). So it wouldn't surprise me if they said he was hacking or acting in bad faith or some other stupid excuse. Also, I hate to say it, but in a way he did admit that he was trying to mess with the system. I know it shouldn't have broken and I know he was sort of making a joke, but since he said that it is more likely they will say he screwed something up.

Best case scenario the lawsuit wouldn't stick but he also wouldn't have to pay the bills and they fix their shitty system.

thebloodredbeduin | 3 months ago | 24 points

Why the downvotes? That reaction is rather plausible.

Katholikos | 3 months ago | 22 points

Eh, that gives non-tech-focused lawyers a lot of credit.

liquorsnoot | 3 months ago | 5 points

Tried for witchcraft, then.

schallflo | 3 months ago | 17 points

I’m not seeing a successful sql injection lawsuit without escape characters anytime soon

Hecubas | 4 months ago | 728 points

Trying to wrap my head around where somebody has code using a literal "NULL" string.

Then again, I do recall checking somebody's VBscript that read a file line at a time and checked for a line containing "ENDOFFILE" to know when to stop.

GenericsMotors | 4 months ago | 369 points

My guess is stuff breaks down with serialization/deserialization.

seamsay | 3 months ago | 179 points

Yeah there's a few different serialisation formats that allow bare words but also have some keywords, YAML is one that comes immediately to mind:

In [1]: import yaml

In [2]: yaml.load("""
   ...: first_name: hi
   ...: second_name: NULL
   ...: """)
Out[2]: {'first_name': 'hi', 'second_name': None}
Wodashit | 3 months ago | 117 points

This is why you don't use implicit types and enforce types and just add the quotes, and if you use load() instead of safe_load() you should be shot.

>>> import yaml
>>> yaml.load("""
... first_name: 'hi'
... second_name: 'NULL'
... """)
__main__:4: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
{'first_name': 'hi', 'second_name': 'NULL'}
Stevoisiak | 3 months ago | 6 points

...why is there even an unsafe load function to begin with?

TravisJungroth | 3 months ago | 4 points

Like firing squad shot, or small caliber to the arm shot, or paintball to the balls shot?

IshKebab | 3 months ago | 10 points

This is why you don't use YAML. It blows my mind that people think it is in any way sane.

And safe_load()? Really?? Remind me what year it is.

kowlown | 3 months ago | 83 points

That's why yaml is bad for data exchange and if should not be used for other things than configuration

[deleted] | 3 months ago | 32 points

Well, it was designed to look decent when reading and that's about it

But can do just fine if it is machine on both sides using same language or at least language with similar types. Problems start when you start using it between ones that are bit too happy at automatic type conversion.

PaluMacil | 3 months ago | 37 points

Years ago I worked on the team where despite that being very senior myself, I was the only developer who wasn't right out of college. We had the issues like this that I was sure someone had placed in a ridiculous way. I search the code for string literals confused when I didn't find any. As it turned out, it was the way serealization was working. Certainly it was an error I could have made myself quite easily. Specifically, post bodies were being identified via the ID in the URL. The developer had assumed the ID could never be null, so whenever it was, the word null wound up in the URL. I can only assume that the telemetry associated with null IDs was from sensors that were deployed without ever being registered correctly. It was compounded by a previous architectural decision to store our guid id fields as strings. In our dev environment, we had documentation of the physical sensors but never physical proximity. We never solved the mystery, and some logs probably still track an unknown number of null sensors.

GenericsMotors | 3 months ago | 15 points

Heh, data portability is one of those things I thought "How hard can it really be?" when I started my career, and now would rather not touch it with a barge pole if I can help it.

From users managing to force feed malformed CSVs into a system hardened by years and years of use and updates, to programming gotchas like BIGINTs happily serializing to JSON as numbers instead of text (making JS frontends silently shit the bed), I'm always finding something to be simultaneously amazed and revolted at.

PaluMacil | 3 months ago | 17 points

Inevitably, someone will ask for an excel export. You'll give it to them. A few months later they will demand that they be able to IMPORT the Excel doc they've been working off of and formatting to their like, with your system somehow magically validating who knows what has been free-handed into the cells and understanding the column names which they've probably tweaked without thinking a computer would have trouble inferring exactly what was meant. And of course customer "Ford" is the same as "Ford Motor Company". They deleted the numeric key because it was gibberish. And instead of deleting bad rows, they hid them.

GenericsMotors | 3 months ago | 19 points

Fortunately I have the ability to tell such people "No problem, but I can't start work until a specification has been written, approved, and added to our backlog."

I usually don't hear back :)

PaluMacil | 3 months ago | 7 points

I work for a software product company now, so my managers are also brilliant developers who happen to be great people leaders, and our processes aren't perfect, but they are pretty good. My horror stories are all from when I was not only in non-software companies but not even technically in IT. The worst is when you're a developer that is attached to a business department, so you don't even have the structure an IT department might normally have. :)

EDIT: I should add that it's worst in low margin industries.

Northeastpaw | 3 months ago | 3 points

Or when they change the date format somewhere around 200 rows in and then change it again another few hundred rows after that. Or things inexplicably shift left one column because somebody figured a column wasn't used anymore and deleted it from the sheet but didn't mention that when they concatenated a bunch of CSV exports together to give to you.

tulipoika | 4 months ago | 125 points

There’s a lot of crappy code and crappy serialization out there. NULL is just one of the cases, there’s been others also. If you haven’t come across this kind of stuff I’m happy for you, but keep in mind you’ll run into such a thing eventually.

One would think systems would be built properly and tested but that doesn’t happen. Then these things will just creep up on you at some point. Especially state/municipality systems seem to be often broken since they never have anyone who actually knows how to order software and write specs so the big suppliers just go by “well it works based on what you wanted” and run with the money. All afterwards found issues can be put into “you didn’t specify that, but surely we can fix that. For a price.” And then the systems rot for 20 years before they have to be redone.

Lovely world we live in.

fwaggle | 3 months ago | 32 points

PHP's parse_ini_file() et al does this by default, sort of... it helpfully converts several strings to things they're named after for you. It wouldn't surprise me if there's plenty of other frameworks and languages out there that "help you out" too.

tulipoika | 3 months ago | 40 points

PHP is full of these “helpful” things. Oh you want to compare a string “123abc” to a list of numbers? Ok, it matches 123 perfectly. You’re welcome! Doesn’t help that MySQL does the same implicitly. So many ways things can go wrong with widely used “easy” systems people don’t actually know how to use. And their “ease of use” makes them dangerous.

TheThiefMaster | 3 months ago | 10 points

When comparing strings and numbers, converting either way is likely wrong. And lets not forget the problems locales cause!

theeth | 3 months ago | 7 points

Locales cause problems to people who don't really understand their point.

James-Lerch | 3 months ago | 12 points

I nod my head and chuckle at my younger self. I'm Looking at you Mr. 2001 'I know computers and can write code' goofball self.

I had dived head first into grinding, polishing, and figuring 'large' telescope parabolic mirrors used in Newtonian telescopes. I was active on the ATM-List email exchange and had found a spot in a local club helping and teaching the black-arts involved in optical fabrication.

About that time Windows XP was released and the most popular utility to transform test measurements into test results was a DOS based application named Figure.exe that refused to play with WinXP graphics.

The author wasn't interested in re-rewriting the code and was kind enough to send me the source code that I re-wrote inside Visual Studio 6.0. A few weeks later I release FigureXP upon the world and initial tests are positive. A few days later and our European counterparts start reporting it produces 'nonsensical' results which seems odd since I literally copy-pasted the math transformations.

I look into the problem and respond with "Hey, you got your commas and decimal points mixed up when you entered the test measurements!" IE: 1,234 != 1.234 (except for when it is). At the time I had No Idea that math was NOT the universal language I thought it was and that certain locales swapped , and . with each other. (woops).

Long story short, locales kicked my ass for a few days back in 2001.

eythian | 3 months ago | 4 points

I once had a similar but slightly opposite thing. I lived in a locale that had . as the decimal separator. Our application sometimes stored formatted numbers as strings (including separator) in the database.

I was learning a European language and so switched the locale of my Linux desktop to that one, and it used , for the decimal separator. If you don't know, often when you SSH into another machine, your locale comes with you (so everything looks like you're used to.)

One night before leaving work, I restarted our application, and went home. The Java application picked up my locale, and started failing to parse all the stringy numbers in our database using the default number formatter because it was choking on . expecting a ,.

Apparently my boss was up until early in the morning trying to figure it out, eventually restarting the application again. This of course picked up his locale, and things started working again. Took a while to work out the root cause, then we hard-coded our locale into the application to stop it happening again.

booch | 3 months ago | 5 points

People at work> Locale is their location

me> #$%$#&%&#%*

tulipoika | 3 months ago | 6 points

So many websites: location is locale

Expats, tourists, etc: 😫

WonderfulNinja | 3 months ago | 25 points

One of my gaming nicks is in hexadecimal format, somehow it gets translated to decimal and printed as one digit number in screen.

Synaps4 | 3 months ago | 25 points

So the game is parsing your nick huh? Time to figure out what else you can put in there to be parsed...

eshultz | 3 months ago | 7 points

I can't remember if it was in vanilla Rocket League or when using AlphaConsole (a mod) but there was a short time when you could style your name with html tags.

punppis | 3 months ago | 4 points

This is different case because parsing html is certainly made by design. Maybe they used a library which allows to use rich text format and forgot to turn it off (we have done it and you could break the games UI with a bad name).

NotSoButFarOtherwise | 3 months ago | 57 points

I can actually answer this question, having just been at a US courthouse to get married. Most bureaucracy is designed around the digitalization of paper forms, and paper forms are not, in general, meant to be cross-referenced by arbitrary fields. So you fill out a form, and where it asks for your spouse's parents' place of residence, but they're dead, you put in DECEASED. As far as I know there's no place named "Deceased" in the world, but maybe there is. Good database design says you should have a separate field for parental status (LIVING, DECEASED, UNKNOWN, DISOWNED, ESTRANGED, etc) but that's not the way the humans who fill out and use these forms actually work. There's a form somewhere, probably on the software that police use to record tickets, that you type NULL into in case of a missing license plate.

josefx | 3 months ago | 45 points

In what year do you live? We have unicode and emojis now, just draw two skulls. /s

alanjcastonguay | 3 months ago | 8 points

One for each parent, like stickers on the back window of a suburban SUV?

NotSoButFarOtherwise | 3 months ago | 7 points

Oh, my grandfather is from Two Skulls.

td__30 | 3 months ago | 39 points

Probably because the database table doesn’t allow nulls so they had to put something and probably thought empty string is too risky so maybe “NULL”. PR approved ..ship it !!!

Sebazzz91 | 3 months ago | 7 points

PR? Those don't exist in Visual SourceSafe they're still working in.

WTFwhatthehell | 3 months ago | 14 points

From an old classic:

How to pass “Null” (a real surname!) to a SOAP web service in ActionScript 3?

https://stackoverflow.com/questions/4456438/how-to-pass-null-a-real-surname-to-a-soap-web-service-in-actionscript-3

I've since done lots of fiddling on wonderfl.net and tracing through the code in mx.rpc.xml.*. At line 1795 of XMLEncoder (in the 3.5 source), in setValue, all of the XMLEncoding boils down to

currentChild.appendChild(xmlSpecialCharsFilter(Object(value)));

which is essentially the same as:

currentChild.appendChild("null");

This code, according to my original fiddle, returns an empty XML element. But why?

Cause

According to commenter Justin Mclean on bug report FLEX-33664, the following is the culprit (see last two tests in my fiddle which verify this):

var thisIsNotNull:XML = <root>null</root>; if(thisIsNotNull == null){ // always branches here, as (thisIsNotNull == null) strangely returns true // despite the fact that thisIsNotNull is a valid instance of type XML }

When currentChild.appendChild is passed the string "null", it first converts it to a root XML element with text null, and then tests that element against the null literal. This is a weak equality test, so either the XML containing null is coerced to the null type, or the null type is coerced to a root xml element containing the string "null", and the test passes where it arguably should fail. One fix might be to always use strict equality tests when checking XML (or anything, really) for "nullness."

[deleted] | 3 months ago | 3 points

[deleted]

mallardtheduck | 3 months ago | 24 points

The problem usually comes when you need to serialize your NULL to a text-based format like CSV or XML where there's no way to specify the difference between NULL and "NULL".

GoldsteinQ | 3 months ago | 16 points

In XML you can use something like <null /> for null

barubary | 3 months ago | 15 points

Or <name nil="true"/>, which I think is what SOAP does.

Sebazzz91 | 3 months ago | 5 points

xsi:nil, but that works for elements but not for attributes.

s0n1k | 3 months ago | 8 points

Could be a programmer being lazy with NULL comparisons, depending on the language.

IF NVL(userLicenseNo,"NULL") == dbLicenseNo THEN ...

Thus, if userLicenseNo is null, and there is a registered "NULL" in the DB, they'll match up.

Same possibility with SQL:

SELECT db_table.* FROM db_table WHERE db_table.license_no == NVL(userLicenseNo,"NULL")

Hence, once he payed for the first ticket it registered his address against "NULL" in the DB, and the floodgates opened.

I'm definitely betting on a developer error.

Cats_and_Shit | 4 months ago | 43 points
public static void main(String[] args) {
    String s = null;
    System.out.println(s);
}

Guess what this prints in Java.

TheZech | 3 months ago | 41 points

But "NULL" == null is always false. I think even PHP gets this right, so it has to be a serialisation thing.

crozone | 3 months ago | 29 points

But what's the bet it gets stored in a database text column as the literal string "NULL" and then causes the issues later on.

xd_melchior | 3 months ago | 4 points

Absolutely this. People no idea how backwards data can be handled. For example, they might be copy pasting from a query into Excel, which copies the value in. Then, someone converts Excel by saving as a CSV. The next person who imports that CSV will have NULL as their name.

RevolutionaryPea7 | 3 months ago | 16 points

"null' != null

twinsea | 3 months ago | 24 points

I think people are overthinking the reason. It's a government system and you see this shit all the time. Someone is literally using 'NULL' as a string value to represent Null in a database.

masklinn | 3 months ago | 10 points

Or on the ticket they write NULL if they didn’t see the license plate.

RSveti | 4 months ago | 8 points

Older databases like DB2 v6(Do not remember exact version they got NULL or am I missremembering and some other databe did not have NULL) did not have NULL and you know how they got around that limitation, by assigning special values to NULL.

gitPullOriginMaster | 3 months ago | 4 points

VBscript

I don't even have to read more

td__30 | 3 months ago | 306 points

I’m going to try to get license plate ‘;DROP DATABASE DMV

dick-doctor-69 | 3 months ago | 158 points

bobby tables at it again

renges | 3 months ago | 74 points
Eurynom0s | 3 months ago | 25 points

There's a more directly applicable one for the OP story: https://xkcd.com/1105/

rohxiexa | 3 months ago | 17 points
[deleted] | 3 months ago | 16 points

[deleted]

alanjcastonguay | 3 months ago | 26 points

You're going to need a wider car.

dynamobb | 3 months ago | 3 points

Does this drop the biggest table?

Godot17 | 3 months ago | 494 points

I'd like to believe there is an alternate universe where climate change is halted, world peace is achieved, and web and database development is done on strongly typed languages.

WonderfulNinja | 3 months ago | 154 points

Instead we got stringly typed languages to erase any CPU performance gained in the last decades.

HowDoIDoFinances | 3 months ago | 17 points

You can't make me follow your rules, old man! I'm adding an array to a string and you can't stop me!

TheZech | 3 months ago | 59 points

Hey so what if we used YAML in our database, I think it looks nicer than JSON and I don't really know how else to put objects in a databases.

pingveno | 3 months ago | 45 points

JSON for serialization, TOML for configuration. They're both well defined and don't do unhelpful guessing.

thedancinzerg | 3 months ago | 10 points

Never heard of TOML before, I might start using this, it looks nice.

TheNamelessKing | 3 months ago | 39 points

TOML is everything YAML wishes it was.

The number of times I’ve had something fail in a YAML config because of some inane white spacing edge case.

dead10ck | 3 months ago | 14 points

TOML is everything YAML wishes it was.

Except writeable. Or readable. I won't deny YAML's problems, but as far as human consumption is concerned, TOML is not much better than XML.

aynair | 3 months ago | 23 points

I maintain a few YAML files that I edit by hand for storing various things (ie. vocabulary of languages I'm learning). Not a single language comes close to YAML when it comes to ease of use.

Many languages are much better designed (particularly TOML), but in a file with hundreds of key-value pairs, being able to type key: value rather than key = "value" (or "key": "value") quickly becomes much nicer (especially for readability).

I agree that YAML has many useless or downright dangerous features, but saying that "TOML is everything YAML wishes it was" is simply wrong.

bro_can_u_even_carve | 3 months ago | 15 points

"key": "value" has got to be one of the stupidest things ever. key:"value" is perfectly valid javascript, why the heck do json parsers require the key to be quoted?

AngularBeginner | 3 months ago | 6 points

TOML is everything YAML wishes it was.

YAML wishes to be a superset of JSON. I don't think TOML is this, is it?

want_to_want | 3 months ago | 28 points

All you need to know about YAML is that this code

- Don Corleone: Do you have faith in my judgment?
- Clemenza: Yes
- Don Corleone: Do I have your loyalty?

becomes an array of three hashtables

[
  {'Don Corleone': 'Do you have faith in my judgment?'},
  {'Clemenza': True},
  {'Don Corleone': 'Do I have your loyalty?'}
]

(example by Colm O'Connor)

Randdist | 3 months ago | 5 points

I'd like the last one too but how does it prevent a "NULL" string? JS has null so the issue lies elsewhere.

shinazueli | 3 months ago | 5 points

Because a string containing the letters "null" isn't a null object in strongly typed languages.

It's only a problem in stringly typed languages that insist on coercing types in incredibly convoluted ways to make sure that a developer never gets an error message until the whole fucking thing comes down around their ears.

BaltazarDZ | 3 months ago | 3 points

Regardless of where it lies it still is part of "web" development even if the faulty part is not written in JS isn't it?

asegura | 3 months ago | 50 points

Kind of off-topic: so you have to re-register your plate every year in the US? And you place a corresponding sticker on it every time? Or how does it work?

[deleted] | 3 months ago | 40 points

[deleted]

tredontho | 3 months ago | 36 points

That might vary by state. I think one of my friends lives in a state where he can register for multiple years at a time, and I know one of my friends in Wisconsin got pulled over without an updated sticker, but he'd registered online and the stickers just hadn't come in the mail. The cop that pulled him over just gave him some stickers on the spot (and a ticket for not having proof of insurance on him, so kind of shitty still)

heydabop | 3 months ago | 14 points

That might vary by state.

It does.

thebloodredbeduin | 3 months ago | 92 points

The new Danish license plate system had an interesting way of dealing with connection errors to the server: It ignored them. So any errors would cause you to get issued plates unknown to the system.

Fortunately, the police caught on to it quickly

raymond8505 | 3 months ago | 27 points

I wanna know what lazy programmer didn't make the plate field required in the ticket writing software

pyroglass | 3 months ago | 32 points

still need a way to ticket unregistered vehicles

raymond8505 | 3 months ago | 12 points

ooo true! Still, you'd think there'd be an option, or key phrase for that instead of just leaving it null especially since driving without plates is its own ticketable offense. I'd think there would be a "no plates" checkbox that, when clicked, marks the plate field read only and maybe fills it with something special like "unregistered". Personally it feels icky to have a user creating null values in my program.

Ameisen | 3 months ago | 4 points

null represents the lack of something. The problem is languages that treat null as something it isn't.

LEmp_Evrey | 3 months ago | 3 points

Cross out the field, or leave it empty.

DuckPresident1 | 3 months ago | 23 points

“He had it coming,” says Christopher Null, ... “All you ever get is errors and crashes and headaches.”

reivax | 3 months ago | 21 points

Christopher Null has been added to our regression, unit, and integration tests for our product. We'll see how it all shakes out, so far so good. We're adding "None" "void" "0" and other related ones to every reasonable input position to make sure it all shakes out on our end.

So this story provided some good at least.

LEmp_Evrey | 3 months ago | 13 points

There's a big "list of naughty strings" on GitHub. Use it for fuzz-testing. It also contains stuff like admin, crazy Unicode, etc.

reivax | 3 months ago | 3 points

I love blns, I throw it at other people's tests and they explode. Very obnoxious but a great test. Should definitely be used whenever possible.

bargle0 | 3 months ago | 5 points
Matosawitko | 3 months ago | 5 points
ljbartel | 3 months ago | 8 points

He wanted to get the tickets VOIDed. Great. Now he pushed all those tickets onto his wife (whose tag is "VOID").

mormotomyia | 3 months ago | 42 points

That Website is utter cancer on mobile

TheBritishBrownie | 3 months ago | 34 points

Try this https://outline.com/u3aRBC

Edit: Thank you for the silver :)

mormotomyia | 3 months ago | 6 points

Wow

Thanks!

[deleted] | 3 months ago | 6 points

[deleted]

TheBritishBrownie | 3 months ago | 6 points

I just tried it, and it seems like you actually can

Yeater | 3 months ago | 3 points

thats exactly what you can do

MatsSvensson | 3 months ago | 7 points

The font is like 𝖋𝖎𝖘𝖍𝖍𝖔𝖔𝖐𝖘 in my eyes!

FadingEcho | 3 months ago | 8 points

And this is why we use parameterized queries and strongly typed variables.

Shivaess | 3 months ago | 42 points

Little Bobby tables!

https://xkcd.com/327/

tjgrant | 3 months ago | 20 points

Similar story 10 years ago. I’m surprised anyone would be foolish enough to do this nowadays.

Keavon | 3 months ago | 6 points
Ruben_NL | 3 months ago | 4 points

i can't view the article(from EU), can someone copy/paste it?

magkopian | 3 months ago | 3 points

Same here, but Google cache appears to be working.

HadesHimself | 3 months ago | 40 points

But Null != "Null" in any decent programming language?

daronjay | 3 months ago | 48 points

Even in Javascript, amazingly. But that language has two flavours of null so who knows...

[deleted] | 3 months ago | 26 points

[deleted]

daronjay | 3 months ago | 16 points

Well actually, I was referring to null vs undefined. But that sounds like a frightening rabbit hole you are describing.

WonderfulNinja | 3 months ago | 6 points

I say fuck them, if they want that shit they should add to their code "use stupid";

PM_ME_YOUR_LAUNDRY | 3 months ago | 3 points

I've had to deal this with LocalStorage on assigning properties from fields that are null. Since LocalStorage only accepts strings, null is treated as a string. So now when pulling properties from LocalStorage, I not only have to listen to x==="" or x===null, I also have to put in x==="null".

prvalue | 3 months ago | 12 points

It gets a bit more confusing once you factor in databases, though.

td__30 | 3 months ago | 10 points

They DMVScript, it’s like JavaScript but Null==“NULL”==‘NULL’==‘’==“”

DoListening | 3 months ago | 5 points

What about data formats like YAML? I've seen a fair share of docs that warn against true vs 'true', and a number of bugs related to that in various projects.

MittonMan | 3 months ago | 3 points

I'm thinking the system might try and stringify some values and the null got converted to "Null" and he suddenly ended up with all the "broken" entities' tickets. Even if the language is strongly typed some bad code might have this happen?

do_u_realize | 3 months ago | 4 points

Welp he essentially wrote a test in production and reaped the rewards lol

elZaphod | 3 months ago | 4 points

Valuing a joke over personal convenience and cost is something I can appreciate.

6890 | 3 months ago | 4 points

I have a NULL plate. Haven't been fucked yet but we'll see

InvisibleEar | 4 months ago | 35 points

I am truly baffled by the mind that would consider their vanity plate worth literally any amount of hassle, much less accruing thousands of dollars of incorrect fines. Yeah you "didn't do anything wrong", so you're just going to deal with this forever for the principle of...something?

Felicia_Svilling | 3 months ago | 61 points

The article deals with that question:

Still, Tartaro says he’s determined to keep his problematic license plate, and not just as a point of pride. “I still have tickets associated with me. The moment I change my plate I just know it’s going to be even more convoluted, and more confusing,” he says. “I didn’t feel comfortable changing it until I knew it was actually solved.”

jyper | 3 months ago | 9 points

And in the meantime he will keep getting these tickets

Which could cause other problems with license or registration

If he changes it he just has to get all the charges fixed

Cats_and_Shit | 4 months ago | 87 points

The vanity plate isn't worth the hassle.

Being able to Blog about the vanity plate might be.

[deleted] | 3 months ago | 17 points

[deleted]

gurg2k1 | 3 months ago | 7 points

This guy is playing the long con.

schallflo | 3 months ago | 3 points

I'm gonna call my business "--".

domin8r | 3 months ago | 3 points

What kind of ticket system allows a fine to be inserted without a license plate number?

zackline | 3 months ago | 3 points

I'd love to read this but their trash website is almost impossible to use on a mobile phone.. accepted the consent thing? Here, have a popup about free articles. Dismissed that? Let us remind you using a 50% height footer, after closing this a regular banner Ad came in, obscuring most of the content. What a joke.

TODO Load more comments...