🔥 CVE-2019-14287
— The Hacker News (@TheHackersNews) October 14, 2019
A flaw in Sudo—that comes installed on almost every #Linux OS—could let users run commands as "root" even when they're restricted.
Details ➤ https://t.co/NeFvITBR73
How? Just by specifying user ID "-1" or "4294967295" in the command instead of the root. pic.twitter.com/zlvC7PSYrI
It happened to me because I was plugging the charging cable on the left. It's a know issues with MacBook Pro built in 2018~2018.
— Pierre 🦌 (@pierrerenaudin) October 9, 2019
Charging at the right side make the kernel_task vanish.
Holy crap. Huge bug uncovered in computational chemistry software because different operating systems sort files differently and the published scripts don’t handle it well. If you do or rely on calculated NMR chemical shifts, this is a must-read. https://t.co/p0PNpMIGgf
— Lucas Moore (@LucasCMoore) October 8, 2019
My previous employer had a piece of software that would uninstall Arial if you removed it.
— SwiftOnSecurity (@SwiftOnSecurity) October 2, 2019
After reboot, all your computer’s interface would be in Arial Italic since it couldn’t find the main Arial file.
All your menus and windows. Nobody knew why this happened until I was hired. https://t.co/IUD2QkRPdx
From the "how the fuck did this hardware bug happen" department: Sandy Bridge GPUs cannot access the low 1MB of RAM, plus five pages.
— Hector Martin (@marcan42) September 16, 2019
The pages at 0x20050000, 0x20110000, 0x20130000, 0x20138000, 0x40004000.
Specifically. pic.twitter.com/rMN20Lt3xX
That US-EAST-1 outage on AWS caused 0.5% of customers to lose their data, ouch. https://t.co/ZUeUW58f23
— Kevin Beaumont (@GossiTheDog) September 3, 2019
i think every day about how cable internet is IP over MPEG. this is a literal fact. DOCSIS sends downstream data in MPEG frames because that's what the cable networks are optimized for and what all the switching equipment understood when cable broadband took off
— Utterly dispassionate, documentary hog slaughter (@gravislizard) September 3, 2019
I MISSPELLED "ostringstream" ONCE AND IT TURNED OUT THAT C++ HAD INCLUDED, I GUESS AS A PRANK, A CLASS WHICH IS EXACTLY THE SAME AS ostringstream EXCEPT THE NAME IS MISSPELLED AND IT EMITS MEMORY-CORRUPTED STRINGS ???!?!? pic.twitter.com/MN4AFEWOvK
— mcc (@mcclure111) March 9, 2019
"If you want a vision of the future, imagine a boot stamping on a human face - forever" so *thats* what he meant 🤔🤔
— ༻ᵏᵘᵐᵃᵛⁱˢ༄༜ (@kumavis_) February 26, 2019
Javascript is weird. pic.twitter.com/0p9TrEYetF
— ShadowCheetah (@shadowcheets) August 12, 2019
If you think the response time on your HTTP calls is bad, I just got a 503 via paper mail... 😂 pic.twitter.com/lrGbMeW3zO
— Shawna Scott (@shawnacscott) August 6, 2019
“How many kinds of USB-C™ to USB-C™ cables are there?
— Peter Steinberger (@steipete) July 16, 2019
tl;dr: There are 6, it's unfortunately very confusing to the end user.” https://t.co/WDWrxRna80
Verilog is a wonderful language because you find things like this in the standard (1364-2005 5.4.2)
— Luke Wren (@wren6991) July 12, 2019
How can you write something like this and not go "wait, go back, we fucked up" pic.twitter.com/pUJnzHwRvG
I guess at least they do what all the other finalizer supporting VMs do: Offer finalizers but say "maybe we won't run them".
— mcc (@mcclure111) July 10, 2019
I can't think of another language feature, in any language, that works like finalizers. A *suggestion* to run some code. Optional. If the language wants. pic.twitter.com/YWTtn5cyUY
— Ryan C. Gordon (@icculus) July 9, 2019
“I also found that, instead of making a regular AJAX request, this page instead loads an image from the Zoom web server that is locally running. The different dimensions of the image dictate the error/status code of the server.” 🤯 https://t.co/ilZTqz68Ko
— Peter Steinberger (@steipete) July 9, 2019
Amazing, 7 Eleven launch mobile payment app: a day after launching it attackers stole half a million USD from customers, as the app had no security around password reset (any user could reset anybody else’s password) https://t.co/EyBrcFYMlL
— Kevin Beaumont 🌈 (@GossiTheDog) July 4, 2019
I am excited to have written:
— Shafik Yaghmour (@shafikyaghmour) June 22, 2019
P1705R0
“Enumerating Core Undefined Behavior”https://t.co/EdMFyquRN5#cplusplus pic.twitter.com/fqbcrcEFPk
Oracle fixes a bypass for a bypass fix of a bypass that was bypssed during fixing a bug that was used to bypass the bypass fix of a serialization issue in weblogic. https://t.co/dFAzfuQNyd
— Hamid K (@hkashfi) June 16, 2019
Post by @apenwarr on why we can't have nice things in networking: "The world in which IPv6 was a good design" https://t.co/eTdFPHWnNi
— Fabian Giesen (@rygorous) June 12, 2019
"We report a surprising finding that the inclusion of hyphens in paper titles impedes citation counts, and that this is a result of the lack of robustness of the citation database systems in handling hyphenated paper titles."https://t.co/PJVs5tZxtP
— John Regehr (@johnregehr) June 10, 2019
LRT, money quote from the web page: pic.twitter.com/h8TrIVxkX3
— Fabian Giesen (@rygorous) June 11, 2019
this morning in "computer nightmares" i found the ultimate nightmare inside of Nixpkgs: purposefully crafting SHA-1 collisions to support Google Chrome's update mechanism, due to its non-deterministic download URLs. what the fuck https://t.co/MR8fyKCwEn pic.twitter.com/Vj5XQE56RT
— Chad Blaze: Endgame (@stdlib) June 6, 2019
Me, knowing most of the house is asleep: "Alexa, set volume to 20%."
— Paul Annett 🇪🇺 (@PaulAnnett) June 2, 2019
Alexa, yelling at the top of her lungs: "Sorry, you can only set the volume between 0 and 10!!!"
This is what poor test coverage looks like pic.twitter.com/IspA2GuGNq
— Jess West 🐚 Vacay in Mexico 🏖️ (@jessicaewest) May 6, 2019
A discontinued insulin pump is in demand *because* it contains a security vuln that can be exploited to provide healthcare https://t.co/ztoUhsAKyf
— Ryan Naraine (@ryanaraine) May 6, 2019
From @BernsteinA: "Throwback to my favourite bug report." #gamedev #gamedevelopment #Terrorarium #why pic.twitter.com/E2PZHoKt5K
— Terrorarium 🍄🌵 (@TerrorariumGame) April 30, 2019
I did it. I found the all-time dumbest security question answer requirement. Good job @fedex. pic.twitter.com/a6PBoHUT4z
— Luke Millar (@ltm) April 28, 2019
last week i got to witness an engineering department lose a full day's work because if you put an emoji in a git commit message, Atlassian Bamboo chokes on it forever and you're forced to rebase master, like you should NEVER DO. this was of course referred to as The Emojiency
— Chaos (@chaosprime) April 21, 2019
Fun JavaScript quirk I ran into: a really large setTimeout() delay makes the delayed function execute (almost) immediately. 🤦♂️
— David K. 🎹 (@DavidKPiano) April 20, 2019
Basically, don't setTimeout() for longer than ~25 days. pic.twitter.com/PuaMsRVfPt
Feeling down? iOS jailbreak you've been working on for a year got patched? Fuzzer not finding any bugs? Miss the 90s where everything crashed? Change your time format on Windows to 90 characters! Watch everything fall over as they get 90 character formats from Windows APIs! pic.twitter.com/obqDurtRFC
— Brandon Falk (@gamozolabs) April 20, 2019
She just straight up started naming random people who live in Michigan. pic.twitter.com/gBXnja0Y4t
— ashe dryden (@ashedryden) April 19, 2019
this episode has a funny implication: to write a C or C++ compiler that is taken seriously, you must implement a language that is not specified or defined anywhere other than "it must produce the expected results on this small collection of dusty deck codes" https://t.co/sLLQuxdYei
— John Regehr (@johnregehr) April 15, 2019
"...the user agent string for the latest Dev Channel build of Microsoft Edge: "... Edg/74.1.96.24" We’ve selected the “Edg” token to avoid compatibility issues that may be caused by using the string “Edge,”..."
— Nathan Froyd (@froydnj) April 9, 2019
We are now deliberately misspelling words in the User-Agent string.
— Peter Steinberger (@steipete) April 3, 2019
the immaculate joy of writing standard libraries pic.twitter.com/EpbKcoFATS
— iximeow (@iximeow) April 6, 2019
CONDUCTOR: we’re stopping the train so we can reboot the engine computer
— bletchley punk (@alicegoldfuss) December 14, 2018
ME: pic.twitter.com/bafD2lZjED
If you told me that setting a sprite’s color in Unity couldn’t happen off the main thread, I would already be angry at you, but nevertheless I was not emotionally prepared to find out the reason why pic.twitter.com/e7iAYfMmPI
— Christine Love (@christinelove) January 22, 2019
Valid C, invalid C++:
— Stephen Checkoway (@stevecheckoway) January 27, 2019
for (int i = 0; ;) {
int i = 1;
return i;
}
Valid C and C++:
for (int i = 0; ;) {{
int i = 1;
return i;
}}
🌶️ HOT JAVASCRIPT TIP: 🌶️
— Lynn (@chordbug) February 5, 2019
to increment some counter on the page,
node.innerText += 1
doesn't work (0 → 01 → 011 → ⋯), but
node.innerText -= -1
works fine (0 → 1 → 2 → ⋯)
"Ⱥ" and "Ⱦ" are Unicode characters, which increase in length (from 2 to 3 bytes) when lowercased. Nasty.
— @mikko (@mikko) November 5, 2018
Found them from the "Big List of Naughty Strings" - list of strings which have a high probability of causing issues when used as user-input data. https://t.co/mBX2CAdnnH
This is hell pic.twitter.com/SBLgsq6BpQ
— BooDoo (@BooDooPerson) November 5, 2018
them: is 10 the highest CVE score you can have?
— Kenn White (@kennwhite) September 25, 2018
me: ?
them: a website has unauthenticated, remote access via a single get request
me: seems like a 10.
them: which returns select * on a quarter million unencrypted credit card #'s.
me: okay, maybe 11.
Stories from Antivirus land: clamav uses libmspack, libmspack had vuln in 2012, libmspack fixed it+adds regression test, clamav detects regression test as malware, libmspack can't be distributed any more because webhost of libmspack uses clamv... pic.twitter.com/gecw8ypnPG
— hanno (@hanno) August 9, 2018
Be careful when reversing #unicode strings. You may be surprised…
— Daily Python Tip (@python_tip) August 6, 2018
>>> s = "Welcome in 🇬🇧”
>>> s[::-1]
'🇧🇬 ni emocleW'
(thanks @piskvor for the inspiration!) pic.twitter.com/JKNb0MotzQ
ask me how my day is going pic.twitter.com/2Vfkg4Km1f
— zach (@ztellman) August 11, 2018
I thought this was a joke.
— Hector Martin (@marcan42) June 19, 2018
It wasn't a joke.https://t.co/5CKhMOBTSK https://t.co/M0MJIIlm4Y
how and why would you even build a system that behaved like this pic.twitter.com/SHr9zep1m2
— 100% clean soup (@vogon) June 19, 2018
You keep using the word 'fsync', I do not think it means what you think it means... If you manage data on Linux, you don't want to miss this popcorn worthy debugging on the #Postgres hackers list: https://t.co/MJGKtoeQgE
— xzilla (@robtreat2) April 2, 2018
Load-bearing optimization, n.
— David Smith (@Catfish_Man) May 24, 2016
A performance-related change (for example adding a cache) that accidentally becomes required for correctness
"Hey Alex why are you so hard on American railways?" pic.twitter.com/Tj5eEZW8fp
— Alex "Bloomer" Forrest 🚉🌸 (@380kmh) March 21, 2018
*Halved* render time with @appleseedhq on a particular scene using OSL (Windows, VS 2015, exception handling enabled) by replacing `float4() {}` by C++11's `float4() = default` in OIIO. The former disabled __forceinline, among other things. Details: https://t.co/byVZkshKCz
— François Beaune (@franzbeaune) March 16, 2018