Threads for cgaebel
-
I’m impressed this wasn’t caught in code review. It was very obvious to me that there was a bug as I scrolled through. It was also very out of place among many automated refactorings.
-
Well, here’s your chance to become a famous security researcher. Just scroll through the rest of the Apple’s open source code and spot the other very obvious bugs.
Sorry for the snark, but this is no different from dozens of other bugs that exist for months or years, and then when it’s pointed out, everybody says “oh, it’s so obvious.” X had a bug like this once:
if (geteuid != 0)Stupid bug, missing parens means the function isn’t called; instead its address is compared to 0. There were likewise hundreds (though not thousands, X being less popular than ios) of comments complaining about how X developers can’t read code, or C sucks, or if only they had enabled this compiler warning it never would have happened.
-
-
I don’t know how “casual” it was, but I did exactly that when a link to that diff was posted on HN. The title didn’t say what the issue was, I hadn’t heard of the bug before, and I had no idea what I was looking for, other than that there’s a bug or hole or something bad going on in there.
And I did spot the double goto the instant it scrolled in view.
Actually I think glancing through diffs is a very nice way to catch things like that. By contrast, having someone tell you to read through goodness knows how many thousand lines of reasonably mature code is, well.. meh. Been there, done that. The thing with good diffs is that they break things up for you for review. And it’s new code that hasn’t been seen by too many pairs of eyeballs, so easy-to-catch oopsies are more likely to be present. But if you just start with a huge code dump, it’s your responsibility to chunk it into parts for which you have the attention span to review carefully enough. It does take a lot of effort and it can be quite demotivating.
I wish I could tell source-changes@openbsd to mail me diffs along with the commit logs. Right now I only stop on some of the more interesting sounding ones and go on cvsweb for the diffs.
-
-
-
-
I’m Clark Gaebel.
I’m somewhat involved in the Haskell and Rust communities, and do lots of high performance, low level functional programming stuff.
I currently work at Jane Street.
-
Stackoverflow should buy
code.tips!
-
Intriguing, if cryptic. But from where I sit, this is just a project named “Atom” hosted on Github. Is there any more information on it, something that connects it to Github besides the Github-employed members?
-
Answering myself: https://github.com/atom/welcome/blob/master/lib/welcome.md
You are one of the first people to use GitHub’s new text editor!
-
-
-
-
Surprisingly great paper for something out of a social sciences journal!
I hope this helps curtail the ridiculous amounts of money being spent on advertising these days.
I feel late to this party, but apparently Ulrich Drepper works at GS now? Huh.