james mckay dot net
because there are few things that are less logical than business logic

Programmer jargon: Cargo Cult

This is the first in an irregular series of blog posts about jargon that you’ll find from time to time being bandied about by programmers who read blogs, such as my good self.

I’ll start off with a tale first told by the physicist Richard Feynman. The story goes that during the Second World War, various Pacific islands were invaded first by the Japanese then by the Americans. They set up Air Force bases, with runways and control towers and ground traffic controllers with headphones and batons to direct the aeroplanes to where they had to park up and drop off supplies. The natives were amazed: they had never seen anything like it.

Eventually, the Second World War came to an end, and the Japanese and the Americans packed up and went home. The natives, however, built their own runways, bamboo control towers and large bamboo mock-ups of aeroplanes, and stood wearing bamboo headphones and waving bamboo sticks in a vain attempt to summon the aeroplanes from the sky with their cargo. Needless to say, no planes came. They had copied the form of what the Americans were doing, but they didn’t understand why they were doing it.

Sounds far fetched? Apparently it’s a true story, and some of these cargo cults are still in existence today.

In a programming context, the term “cargo cult” is used to refer to someone doing something without properly considering why they’re doing it, or whether what they’re doing is even appropriate. Blindly copying and pasting code from tutorials and code samples on the web is one example. If you’ve ever seen something like this:

void Page_Load(object sender, EventArgs e)  
    try {  
    catch (Exception ex) {  

and wondered what that Console.WriteLine statement is doing in a web application, which doesn’t even have a Console to WriteLine to, it’s because someone has cargo culted something over from a console application in a code sample on MSDN. Another example is claiming that stored procedures are the answer to SQL injection vulnerabilities, when in actual fact it’s all to easy to subvert this by smashing strings together in your stored procedure and exec-ing the result:

create procedure ListStudents(@OrderBy varchar(100)) as  
    declare @sql varchar(200)  
    set @sql = 'select * from Students order by ' + @OrderBy  
    exec @sql  

One thing about cargo culting is that we all do it at some stage or another when we’re getting to grips with a new and unfamiliar technology. This is why code reviews are such a good idea: someone more knowledgeable about the technology concerned will be able to pick up on mistakes such as these and fill in the gaps in our knowledge. But the important thing is that we should always ask why we’re doing what we’re doing, and not just stick around indefinitely at the cargo cult level.