Developer scored huge own goal by deleting almost every football fan in Europe
- Reference: 1745220670
- News link: https://www.theregister.co.uk/2025/04/21/who_me/
- Source link:
This week, meet a reader we'll Regomize as "Pete" who told us of the time he worked for a news and sport website that faithfully reported the result of every major sporting event, and plenty of minor ones too.
"The information for each football match contained lots of statistical data, including the attendance," Pete told Who, Me? All the info was stored in what he described as "a fairly straightforward MySQL database, with unsurprising names."
[1]
A table named "MATCH," for example, had fields for "RESULT" and "ATTENDANCE."
[2]
[3]
"All the data came in XML files, which were parsed by a Perl program and the MySQL database updated," Pete explained.
The site ran smoothly until the day one of the staff journalists pointed out that one match report listed the crowd as zero.
[4]
The journalist had attended the match and, even though it was a very minor fixture, felt his estimate of the crowd – 450 hardy souls – should be faithfully recorded.
Pete checked his code, noticed an error in the way it parsed files that had produced the absent crowd, and set about making a fix.
In the production database.
[5]
Of course he made a mistake and changed the attendance for every match in the database to 450.
Cup Final? Pete's site said only 450 showed up. Sold-out derby between ancient enemies? Only 450 fans could be bothered. Televised match with heaving stands? Your eyes deceived you, as Pete's site told you the fixture attracted just 450 spectators.
[6]Static electricity can be shockingly funny, but the joke's over when a rack goes dark
[7]Dev loudly complained about older colleague, who retired not long after
[8]Tech trainer taught a course on software he'd never used and didn't own
[9]After three weeks of night shifts, very tired techie broke the UK's phone network
Pete realized it was only a matter of time before readers of the site would complain about the inaccurate data.
"The good news for me was that all the original XML files were in a backup directory I could access," he told Who, Me? All Pete had to do was find a way to extract the right attendance values from those files – which covered every event the site had ever reported – and overwrite the incorrect attendance figures.
Perl was Pete's weapon of choice, and he scripted a solution to scour the backups and create a file listing the correct attendance values. All that remained was to import them to the production database.
Which worked.
"As far as I can tell, nobody noticed," Pete told Who, Me?
What happened when you messed with the production database? To share your story, [10]click here to send an email to Who, Me? Our mailbag is close to empty again, so please share a story! ®
Get our [11]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/databases&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aAYXRwsD13qlhmT_QvnOdAAAAAk&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/databases&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aAYXRwsD13qlhmT_QvnOdAAAAAk&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/databases&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aAYXRwsD13qlhmT_QvnOdAAAAAk&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/databases&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aAYXRwsD13qlhmT_QvnOdAAAAAk&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/databases&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aAYXRwsD13qlhmT_QvnOdAAAAAk&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/04/14/who_me/
[7] https://www.theregister.com/2025/04/07/who_me/
[8] https://www.theregister.com/2025/03/31/who_me/
[9] https://www.theregister.com/2025/03/24/who_me/
[10] mailto:whome@theregister.com
[11] https://whitepapers.theregister.com/
Re: Number games
Was that the Marklar vs. Marklar game?
Re: Number games
I prefer their spaceship.
It never gets old
Working on production code? I learned many moons ago that doing that even on relatively unimportant systems will almost always result in unexpected consequences.
P.S. Yes, it took a few panics for that to sink in.
Re: It never gets old
Article mentions perl, hardly an example of doing things right.
Wiped billions of dollars off the value of several funds by running an UPDATE without a WHERE clause. Full-on stomach-sinking P45-anticipating panic.
Fortunately we had triggers on every table writing every single change off to audit tables, so managed to use those to undo the screw-up in less than an hour.
Important lesson learned - any manual SQL goes inside a rollback transaction, verify number of records updated first, then switch the rollback out for a commit. Or just avoid having to run manual SQL on production DBs...
Ah, production databases
In the Notes environment, I have long since learned that if there is a change to be made, make a non-replica copy of it on the server, restrict ACL access to only you, the server and the person authorizing the change, then fiddle to your heart's content until you're happy with the result.
Then you can ask the requester to review the change and, if approved, move it to the production db.
If there's a problem after that, you can point to the email saying the change was approved.
Of course, that only works on databases that are not hundreds of GBs in size.
Number games
There were 450 who noticed sending 450 complaints getting 450 answers in 450 words telling 450 to look 450 times until the 450 were gone. A goal-in-450 solved the day by scouring 450 tapes in 450 seconds after 450 minutes of coding and saved the day in just about 450 milliseconds.