Do not mess with NULL

A story worthy of Friday happened with American security researcher Joseph Tartaro. He wanted to stand out by ordering not just an individual number for a car, but also linking it to his craft. My first thought was to play around with SEGFAULT or something like that. But in the end, he settled on the NULL number for his car and the VOID for his wife. Did you feel something was wrong? About what innocent prank turned out for him, about another curious Mr. Null and instructive bugs when checking data types in user input, read under the cat.







So, in 2016, our programming joker got his new funny car numbers and probably rubbed his hands gloatingly. He even had the hope that such a move would save him from penalty tickets. Not that he violated much, but the idea of ​​breaking the system in this way seemed very interesting for the security specialist.



Problems began a year later when he tried to renew the online numbers. And I was very puzzled by the site intended for this.







The system considered the number entered by him incorrect. The programmers were screwed up somewhere, and the NULL that he entered as a text value seemed to be checked incorrectly. Loose typing error? However, he managed to extend the number for a year by the code in the link, and somehow further he forgot the whole thing.



However, as it turned out, these were far from problems. Further, the story reminded an old joke:



A soldier in the middle of the field is trying to somehow repair a caterpillar that has fallen off the tank. Suddenly, out of nowhere, a fairy appears and asks:

- What are you doing, servant?

- Yes, tr ### yus.

- Do you really want to?

- (dreamily) I want ...

The fairy waved her wand ... And the tower fell off the tank.


So, in early 2018, he received a well-deserved fine of $ 35. He could have protested it, but it was easier to pay, the amount is small. And then the fairy waved her wand ... And fines for unpaid parking lots, stops in the wrong place and other similar joy fell in the mailbox. Dozens and dozens of fines in the amount of $ 37, $ 60, $ 74, $ 80 ... From completely different corners of California. According to completely different models of cars. Due to another typing curve, the NULL value in the database was associated with his personal data. And each time, as a valiant law enforcement officer forgot to enter the car number into the system when issuing a fine, the prize went to our hero (it would be worthwhile to kick the developers of the frontend at the same time for the lack of checking for filling out one of the key parameters).



At one point, he received two fines written in the same place with a difference of several hours on completely different models of cars. For complete happiness, old fines with an unspecified number were retrospectively applied to him. So, he even got fines for 2014, when he did not even have this number. As a result, fines worth more than $ 12,000 hung on him.







Parking fines were dealt with by the private company Citation Processing Center. Naturally, Joseph contacted them and tried to explain the situation. Naturally, the manager on the phone softly went into the cold, asked to send them back receipts so that they could figure it out. But this would mean the loss of the only hard copy confirming the incorrectness of the fine. And it's good that he did not send. He later noticed that in the open fines database available online, the original model of the car was replaced by him. Another round of conversations with managers, just as useless.



As a result, he had to turn directly to DMV (Department of Motor Vehicles, a state-owned unit involved in the registration of vehicles), and with their help he was able to quickly reduce the amount to $ 6262, but this did not solve the original problem. New fines kept coming. At the time of writing the original Wired article, 2 fines totaling $ 140 were unpaid. What is most sad, DMV denies him the extension of numbers for the next year, until the fines are closed. Moreover, it is not very clear where to go and who should be given the kumpole so that this problem can be repaired. DMV notes that their system correctly recognizes its numbers and recognizes the absurdity of the situation. However, parking issues are the responsibility of local authorities, which they cannot influence in any way. So the story may well have a sequel. The prank failed.



Mr. Null



Christopher Null was even more unlucky. Unlucky to be born with that name. If Joseph Tartaro suffers only with fines and only about the last year, Christopher permanently plunges deeper and deeper into the abyss of suffering in parallel with the development of digital technology.



Especially inconvenient for him is the widely developed concept of MVP (minimum viable product), which in some cases directly coincides with the concept of "herak-herak, and production."



Even if we omit all the school-level jokes about his last name, as well as the accusations of trying to attract attention in this way (and this is a good way if you are a technical journalist, of which Christopher is), oddities arise when working with some sites and applications .



According to Christopher, most sites handle the Null surname correctly. Some report that the field cannot be empty, or that it is a reserved word. In rare cases, applications simply fall off. Interestingly, according to his observations, the larger the company is behind the application or site, the more problems there will be with his last name.



Separately, his data filtering throws Null out of already saved data. So, sometimes he receives letters to Media LLC (while the name of the company is Null Media LLC), and sometimes he is simply referred to as “Mr.” in any spam. He even had to work out workarounds. For example, put the second name or initial in the same field with the last name or just add a dot at the end. But sometimes the stubbornness of the system is invincible.



So, Bank of America completely refused to accept his e-mail null@nullmedia.com. Their system simply refused to accept null in the user part of the address, they even had to make an alias info @ specifically for the bank. But banking software was actively developing, and after a few years ... it stopped accepting null even as part of a domain name. The poor fellow had to create a banal Gmail account for the most stubborn. Also containing null, but not at the beginning of the username.



Have you encountered any oddities while processing system values? Tell us in the comments.



Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending it to your friends, a 30% discount for Habr users on a unique analogue of entry-level servers that we invented for you: The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to divide the server? (options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).



Dell R730xd 2 times cheaper? Only we have 2 x Intel TetraDeca-Core Xeon 2x E5-2697v3 2.6GHz 14C 64GB DDR4 4x960GB SSD 1Gbps 100 TV from $ 199 in the Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - from $ 99! Read about How to Build Infrastructure Bldg. class c using Dell R730xd E5-2650 v4 servers costing 9,000 euros for a penny?



All Articles