And I am sad today. I spent 2–3 hours today on the site http://attendance.gov.in and this blogpost. I run tech startups, love code and hate to waste time on shitty things. Bad code pushes my buttons and a site of such magnitude should do better. I went through the site and was amazed to see the joke it was. What saddened me was that not only is it bad code its also a hogwash!

To begin with; the interwebs, social media and even primetime news has been abuzz with the new modern design of the site and are celebrating the fact that its responsive. I was intrigued and went to checkout the site. The proud Indian in me was elated to read that in a tweet. When I visited it, I had a mixed feeling. I liked that a government site was finally looking modern but was dissapointed to see that they used the shortest route with zero effort. The site is using a free and open-sourced template made by Almsaeed Studio available at https://github.com/almasaeed2010/AdminLTE. Here’s the demo page http://almsaeedstudio.com/AdminLTE/. Its easily one of the most popular admin dashboard UI Kits available on GitHub. I wished the government had given better attribution to the original source. But this didn’t push me into the rabbit hole.

I realised my computer started acting weird once I visited the site. Weird as in getting stuck, especially the browser. Paranoid, I started checking my system’s processes and thats when I started discovering the crap that was hidden from plain sight!

The culprit was http://attendance.gov.in. So, what did I do? Right click and view source. And in a minute I found the devil was somewhere in dashboard.js; the _ONLY_ file which seemed to have been modified by the team in charge of the project. What I discovered makes me ashamed. Ashamed to be an engineer of Indian origin.

dashboard.js

I won’t even comment on the poor indentation, variable naming conventions and bad commenting practises. Look at line 4 in the image above and you’ll weep if you know JavaScript. I mean who uses async: false? Isn’t that completely defeating the fact its an AJAX? And that too inside a setInterval function set to repeat every 8 seconds! Thats making sure that your browser hangs atleast once every 8 seconds. I had quickly discovered the culprit making my system hang.

In plain English; every 8 seconds the code tries to get some data from a remote server and while it fetches the data; it tells the browser lets make the PC hang!

It doesn’t stop there. There are multiple such setInterval blocks. If you are in India and with the connection speeds we have; this is a nightmare! The more you look into the code, the more you realise that it was done by someone who had no clue what he/she was doing. [Tip: JavaScript callbacks].

That brings me to the backend they are using. From the headers it seems they are using PHP with CodeIgniter MVC. I don’t understand the logic of using a fat MVC when all you need is a fast API endpoint. Maybe I am paranoid about performance, but this looks a dumb idea if you want to scale and want the people of India to actually use the site. [Tip: Barebone REST API].

English analogy, they are using aeroplanes instead taxis to transport passengers within the same city.

I didn’t go into the security audit as I was afraid I would discover something far worse.

Finally there was this gem;

Hardcoded numbers. Screenshot taken on 8th of October, 2014 morning.

Thats hardcoded data for one of the charts. xAxis and yAxis data points present in the JavaScript source. Which means authentication chart is a static one it has data for 28/09 — 1/10. I wonder how they plan to update it, someone editing the JS code daily? [Tip: Do real work].

In plain English; the data you see for some of the charts is not being updated. Its all just dummy data packed in a good UI. A hogwash!

They say you are as strong as your weakest member, so the people at National Informatics Centre, I think you used your weakest members for this ambitious project. You could have done better!