See the discussion of this post on Hacker News, Lobste.rs, /r/webdev, and /r/programming.
A long time ago at one of my first software jobs, I received a bug report for a internal product that I didn't even know existed.
It turned out to be an application that serves up basically every form that any employee within the company might need. Essentially a catch-all resource. Do you need to report someone to HR? There is a form for that. Do you need a contract for a new client? There is a form for that.
The responsibility of maintaining the project had been bounced from team to team over the years. Apparently it belonged to my team. And by my team, I mean me.
Oh, the horror.
It was a single code file with over 11,000 lines of VBScript.
Countless people had made changes to this file over the years. But they did not appear to be software developers. Their roles ranged from IT support to business analyst. I'm shocked at how little value the project was given considering how many employees used these forms each day.
It looked like the entire file would execute through from top to bottom, although I never actually confirmed it. The code followed a rough pattern of fetch some data about the user, check if some conditions are met, then do some action which repeated a thousand or so times. The conditions were often as simple as:
If (usrrps = 5) And (wauth <> "") Then
What came next was usually a combination of displaying a form, accessing a file on a shared drive, running a SQL query on who know whose database, and sending an email to a hardcoded address.
Now, I had never used VBScript before (and haven't since then), but many variables appeared to be unused. The names were indecipherable. Synonyms were littered throughout.
Something I found hilarious is that a variable might be used on lines 200-210 and then again on line 8544. No where else.
Much of the logic appeared redundant. Probably copy and pasted at some point then later diverged. Like, how many times does the user need to be authenticated in one code file? Once I dared to clean this up and reuse the authentication response, but it broke everything. I never figured out why. To this day I sometimes lie in bed wondering what could have caused this.
There was no version control. The only context about code changes was in the bug tracker and in the code comments, though I learned the hard way to not trust those.
There was no test environment. If I made a change, I had to test it in "production". All of the program's state was based on the user's privileges so we would impersonate whoever reported the bug such that we could see what they saw.
There were no unit tests. If I made a change that caused some other "feature" to break, there was essentially a 0% chance I would know about it until a week later when Jeff in marketing would report a bug.
What is the moral of the story?
I have no idea.