Sorry About Computer

New decade, new nonsense

Apparently, they designed their smart contract language after Ethereum, ignoring the fact that Ethereum has been trying for years to switch to WebAssembly with good old 8-bit bytes. (Apparently it’s actually going to happen this year, along with the switch to proof-of-stake…?)

— comex (@comex) June 4, 2020

Thinking of starting a series about "How Windows locales work" and each article is just "they don't", "they really don't" and "you don't want to know"

— fasterthanlime 🍉 (@fasterthanlime) May 26, 2020

I think it's just getting force read as month-day-year

— Skye (@SeerSkye) May 24, 2020

I was wondering what led to that "flag" being defined and now my jaw is on the floor

— Daniel Morsing (@DanielMorsing) May 23, 2020

Thousands of high school students have to re-take their AP tests because the submission website doesn't support HEIC photos and crashed out on them. Insane story from @mcsquared96

— nilay patel (@reckless) May 20, 2020

Oh my god is incredible, especially djb's response which is basically "You should all run qmail with a softlimit that prevents this from being exploitable" rather than actually admitting there's a bug

— Matthew Garrett (@mjg59) May 19, 2020

*scrolls down*


— iximeow (@iximeow) May 17, 2020

Deep inside the Windows Bluetooth stack, there is a function:


This function is an example of environmental storytelling- a thread.

— your least favorite construct (@XMPPwocky) May 15, 2020

Probably should have anticipated that making my Animal Crossing character name a SQL injection string would cause all kinds of problems with associated apps/sites 🙃

— Ian Coldwater 📦💥 (@IanColdwater) April 27, 2020

What the actual fuck is this? Is this a thing that really happens?

— Andrew Ervin (@Andrew_Ervin) April 4, 2020

The governor of New Jersey just put out the call on live TV that he is desperate for Cobol programmers right now.

— Jim Manico (@manicode) April 4, 2020

shut the fuck up

— salad bar ham cubes (@flangy) April 4, 2020

Industry pro-tip: do not change the script to accidentally push an empty folder to your live steam depot

— Rami Ismail (@tha_rami) April 2, 2020

Not quite what I was hoping for Edge.

— Julie Hubschman (@juliehubs) March 3, 2020

i'm sorry but what the fuck (

— whitequark (@whitequark) March 2, 2020

How many services have you DDoSed by forgetting to add the second argument to the useEffect hook?

— ⛰ Alex Banks ⛰ (@MoonTahoe) February 24, 2020

If any sufficiently advanced technology is indistinguishable from magic, then any bug resulting from that technology is indistinguishable from a curse.

— Dieter Bohn (@backlon) February 21, 2020

So I learned of an amusing bug today:

Docker for Windows won't run if you have the Razer Synapse driver management tool running.

But the reason is the funny part...

— foone (@Foone) February 18, 2020

by hilarious, I mean

— hello again (@bobpoekert) February 2, 2020

I always appreciate that my car dealership gives me appointment reminders in milliseconds-since-midnight-Jan-01-1970

— Squirrel Eiserloh (@SquirrelTweets) February 4, 2020

I've been trying to figure out why the main menu performance on Warcraft 3 Reforged is so bad.

It ends up the whole main menu is a web app running on Chrome. This thing runs worse than the actual game (likely because it's pegging an entire core of my CPU.)

— Colin Cornaby (@colincornaby) January 31, 2020

⏲️ As of today, we have about eighteen years to go until the Y2038 problem occurs.

But the Y2038 problem will be giving us headaches long, long before 2038 arrives.

I'd like to tell you a story about this.

— John Feminella 🌠 (@jxxf) January 19, 2020

Last month I canceled a random charge for $4.99 per month from HP called "InstantInk". Wasn't sure what it was for. I've had it for over a year but had no idea what it did.

I just found out what it did

— Ryan Sullivan (@ryandonsullivan) January 17, 2020

nothing to see here just including a header like a normal person would

— Luna ✨ (@lunasorcery) January 5, 2020

I broke Giant’s handheld scanner system by only buying two things

— Ars Technica (@arstechnica) January 13, 2020

You've got to be shitting me...

One of our office chairs turns off monitors... we couldn't believe it, but we have it on tape.

Surprisingly, there even is a known issue for it:

— Roy van Rijn (@royvanrijn) January 6, 2020

Captcha refusing to let me proceed until I agree that a picture of a bicycle is the same thing as a bicycle seems like bad news for the future of robot cars

— 💀 kill 💀 tim 💀 faust 💀 (@crulge) January 6, 2020

Parking meters in NYC malfunctioning since the 1/1/2020 due to software end date : Comments:

— Hacker News (@hacker_news_hir) January 4, 2020

Apparently a non-trivial number of systems are experiencing #Y2020 bugs. A common Y2K "fix" just postponed things by 20 years, interpreting 00-19 as the 2000s and 20-99 as the 1900s. 20 years is now up, some of those systems are still in use, and they think it's 1920. Oooops.

— Jef Poskanzer (@jef_poskanzer) January 4, 2020

New web developer: So what is a 'px' unit?
Old web developer: It stands for 'pixel'.
NWD: So 1px is 1 pixel wide?
OWD: Oh my no, it has nothing to do with pixels.
NWD: ...
OWD: ...
NWD: Fuck you.
OWD: Completely fair.

— Laurie Voss (@seldo) January 1, 2020

WWE 2K20 isn't Y2K20 compliant (the game crashes unless you set the date back to a 2019 one)

— NESbot (@NESbot_feed) January 1, 2020

Reminder: addition of floating point numbers is NOT associative...
(0.1 + 0.2) + 0.3 ≠ 0.1 + (0.2 + 0.3)
...and this is true in basically _any_ language that uses floating point numbers. Here it is in javascript in the browser console:

— Mark Kriegsman (@MarkKriegsman) December 28, 2019

Cool news: your modern car is, in fact, a data nightmare waiting to happen

— Patrick George (@bypatrickgeorge) December 17, 2019

Looks like I picked a bad day to set this app up

— Ian Walker (@ianwalker) December 12, 2019

Java's URL consider two hostnames equal if they resolve to the same IP address (use URI instead!)

We don't even need deep learning for that. Remember when a human decided that reusing nearby digit glyphs was a good strategy for compressing documents?

— Erling Ellingsen (@steike) December 10, 2019

Wow look at that! What a good feature

— Katelyn Gadd (@antumbral) November 15, 2019

Uh… True with a capital T evaluates to false, in Lua. Um. Thanks

— mcc (@mcclure111) November 1, 2019

round() and round() we go

Cursed API: std::chrono::duration

> years is equal to 365.2425 days (the average length of a Gregorian year). months is equal to 30.436875 days (exactly 1/12 of years).

— J is for Jordan who Rose from the dead (@UINT_MIN) January 24, 2019

🔥 CVE-2019-14287

A flaw in Sudo—that comes installed on almost every #Linux OS—could let users run commands as "root" even when they're restricted.

Details ➤

How? Just by specifying user ID "-1" or "4294967295" in the command instead of the root.

— The Hacker News (@TheHackersNews) October 14, 2019

It happened to me because I was plugging the charging cable on the left. It's a know issues with MacBook Pro built in 2018~2018.
Charging at the right side make the kernel_task vanish.

— Pierre 🦌 (@pierrerenaudin) October 9, 2019

Holy crap. Huge bug uncovered in computational chemistry software because different operating systems sort files differently and the published scripts don’t handle it well. If you do or rely on calculated NMR chemical shifts, this is a must-read.

— Lucas Moore (@LucasCMoore) October 8, 2019

My previous employer had a piece of software that would uninstall Arial if you removed it.
After reboot, all your computer’s interface would be in Arial Italic since it couldn’t find the main Arial file.
All your menus and windows. Nobody knew why this happened until I was hired.

— SwiftOnSecurity (@SwiftOnSecurity) October 2, 2019

How did MS-DOS decide that two seconds was the amount of time to keep the floppy disk cache valid?

From the "how the fuck did this hardware bug happen" department: Sandy Bridge GPUs cannot access the low 1MB of RAM, plus five pages.

The pages at 0x20050000, 0x20110000, 0x20130000, 0x20138000, 0x40004000.


— Hector Martin (@marcan42) September 16, 2019

That US-EAST-1 outage on AWS caused 0.5% of customers to lose their data, ouch.

— Kevin Beaumont (@GossiTheDog) September 3, 2019

i think every day about how cable internet is IP over MPEG. this is a literal fact. DOCSIS sends downstream data in MPEG frames because that's what the cable networks are optimized for and what all the switching equipment understood when cable broadband took off

— Utterly dispassionate, documentary hog slaughter (@gravislizard) September 3, 2019


— mcc (@mcclure111) March 9, 2019

"If you want a vision of the future, imagine a boot stamping on a human face - forever" so *thats* what he meant 🤔🤔

— ༻ᵏᵘᵐᵃᵛⁱˢ༄༜ (@kumavis_) February 26, 2019

Javascript is weird.

— ShadowCheetah (@shadowcheets) August 12, 2019

If you think the response time on your HTTP calls is bad, I just got a 503 via paper mail... 😂

— Shawna Scott (@shawnacscott) August 6, 2019

Files are fraught with peril

“How many kinds of USB-C™ to USB-C™ cables are there?

tl;dr: There are 6, it's unfortunately very confusing to the end user.”

— Peter Steinberger (@steipete) July 16, 2019

Verilog is a wonderful language because you find things like this in the standard (1364-2005 5.4.2)

How can you write something like this and not go "wait, go back, we fucked up"

— Luke Wren (@wren6991) July 12, 2019

I guess at least they do what all the other finalizer supporting VMs do: Offer finalizers but say "maybe we won't run them".

I can't think of another language feature, in any language, that works like finalizers. A *suggestion* to run some code. Optional. If the language wants.

— mcc (@mcclure111) July 10, 2019


— Ryan C. Gordon (@icculus) July 9, 2019

“I also found that, instead of making a regular AJAX request, this page instead loads an image from the Zoom web server that is locally running. The different dimensions of the image dictate the error/status code of the server.” 🤯

— Peter Steinberger (@steipete) July 9, 2019

Amazing, 7 Eleven launch mobile payment app: a day after launching it attackers stole half a million USD from customers, as the app had no security around password reset (any user could reset anybody else’s password)

— Kevin Beaumont 🌈 (@GossiTheDog) July 4, 2019

I am excited to have written:

“Enumerating Core Undefined Behavior”

— Shafik Yaghmour (@shafikyaghmour) June 22, 2019

Oracle fixes a bypass for a bypass fix of a bypass that was bypssed during fixing a bug that was used to bypass the bypass fix of a serialization issue in weblogic.

— Hamid K (@hkashfi) June 16, 2019

Post by @apenwarr on why we can't have nice things in networking: "The world in which IPv6 was a good design"

— Fabian Giesen (@rygorous) June 12, 2019

"We report a surprising finding that the inclusion of hyphens in paper titles impedes citation counts, and that this is a result of the lack of robustness of the citation database systems in handling hyphenated paper titles."

— John Regehr (@johnregehr) June 10, 2019

LRT, money quote from the web page:

— Fabian Giesen (@rygorous) June 11, 2019

this morning in "computer nightmares" i found the ultimate nightmare inside of Nixpkgs: purposefully crafting SHA-1 collisions to support Google Chrome's update mechanism, due to its non-deterministic download URLs. what the fuck

— Chad Blaze: Endgame (@stdlib) June 6, 2019

Me, knowing most of the house is asleep: "Alexa, set volume to 20%."

Alexa, yelling at the top of her lungs: "Sorry, you can only set the volume between 0 and 10!!!"

— Paul Annett 🇪🇺 (@PaulAnnett) June 2, 2019

This is what poor test coverage looks like

— Jess West 🐚 Vacay in Mexico 🏖️ (@jessicaewest) May 6, 2019

A discontinued insulin pump is in demand *because* it contains a security vuln that can be exploited to provide healthcare

— Ryan Naraine (@ryanaraine) May 6, 2019

From @BernsteinA: "Throwback to my favourite bug report." #gamedev #gamedevelopment #Terrorarium #why

— Terrorarium 🍄🌵 (@TerrorariumGame) April 30, 2019

I did it. I found the all-time dumbest security question answer requirement. Good job @fedex.

— Luke Millar (@ltm) April 28, 2019

last week i got to witness an engineering department lose a full day's work because if you put an emoji in a git commit message, Atlassian Bamboo chokes on it forever and you're forced to rebase master, like you should NEVER DO. this was of course referred to as The Emojiency

— Chaos (@chaosprime) April 21, 2019

Fun JavaScript quirk I ran into: a really large setTimeout() delay makes the delayed function execute (almost) immediately. 🤦‍♂️

Basically, don't setTimeout() for longer than ~25 days.

— David K. 🎹 (@DavidKPiano) April 20, 2019

Feeling down? iOS jailbreak you've been working on for a year got patched? Fuzzer not finding any bugs? Miss the 90s where everything crashed? Change your time format on Windows to 90 characters! Watch everything fall over as they get 90 character formats from Windows APIs!

— Brandon Falk (@gamozolabs) April 20, 2019

She just straight up started naming random people who live in Michigan.

— ashe dryden (@ashedryden) April 19, 2019

this episode has a funny implication: to write a C or C++ compiler that is taken seriously, you must implement a language that is not specified or defined anywhere other than "it must produce the expected results on this small collection of dusty deck codes"

— John Regehr (@johnregehr) April 15, 2019

"...the user agent string for the latest Dev Channel build of Microsoft Edge: "... Edg/" We’ve selected the “Edg” token to avoid compatibility issues that may be caused by using the string “Edge,”..."

We are now deliberately misspelling words in the User-Agent string.

— Nathan Froyd (@froydnj) April 9, 2019


— Peter Steinberger (@steipete) April 3, 2019

the immaculate joy of writing standard libraries

— iximeow (@iximeow) April 6, 2019

CONDUCTOR: we’re stopping the train so we can reboot the engine computer

— bletchley punk (@alicegoldfuss) December 14, 2018

If you told me that setting a sprite’s color in Unity couldn’t happen off the main thread, I would already be angry at you, but nevertheless I was not emotionally prepared to find out the reason why

— Christine Love (@christinelove) January 22, 2019

Valid C, invalid C++:
for (int i = 0; ;) {
int i = 1;
return i;

Valid C and C++:
for (int i = 0; ;) {{
int i = 1;
return i;

— Stephen Checkoway (@stevecheckoway) January 27, 2019


to increment some counter on the page,

  node.innerText += 1

doesn't work (0 → 01 → 011 → ⋯), but

  node.innerText -= -1

works fine (0 → 1 → 2 → ⋯)

— Lynn (@chordbug) February 5, 2019

"Ⱥ" and "Ⱦ" are Unicode characters, which increase in length (from 2 to 3 bytes) when lowercased. Nasty.

Found them from the "Big List of Naughty Strings" - list of strings which have a high probability of causing issues when used as user-input data.

— @mikko (@mikko) November 5, 2018

This is hell

— BooDoo (@BooDooPerson) November 5, 2018

them: is 10 the highest CVE score you can have?
me: ?
them: a website has unauthenticated, remote access via a single get request
me: seems like a 10.
them: which returns select * on a quarter million unencrypted credit card #'s.
me: okay, maybe 11.

— Kenn White (@kennwhite) September 25, 2018

Stories from Antivirus land: clamav uses libmspack, libmspack had vuln in 2012, libmspack fixed it+adds regression test, clamav detects regression test as malware, libmspack can't be distributed any more because webhost of libmspack uses clamv...

— hanno (@hanno) August 9, 2018

Be careful when reversing #unicode strings. You may be surprised…

>>> s = "Welcome in 🇬🇧”
>>> s[::-1]
'🇧🇬 ni emocleW'

(thanks @piskvor for the inspiration!)

— Daily Python Tip (@python_tip) August 6, 2018

ask me how my day is going

— zach (@ztellman) August 11, 2018

I thought this was a joke.

It wasn't a joke.

— Hector Martin (@marcan42) June 19, 2018

how and why would you even build a system that behaved like this

— 100% clean soup (@vogon) June 19, 2018

Javascript and the blockchain: The gift that keeps on giving

You keep using the word 'fsync', I do not think it means what you think it means... If you manage data on Linux, you don't want to miss this popcorn worthy debugging on the #Postgres hackers list:

— xzilla (@robtreat2) April 2, 2018


Load-bearing optimization, n.

A performance-related change (for example adding a cache) that accidentally becomes required for correctness

— David Smith (@Catfish_Man) May 24, 2016

"Tonight I was using my iPhone to airplay a March Madness game to our Apple TV. When I misplaced my phone, I used my Apple Watch to ping it. The ping noise played through the Apple TV… Thanks a lot 🙄"

"Hey Alex why are you so hard on American railways?"

— Alex "Bloomer" Forrest 🚉🌸 (@380kmh) March 21, 2018

*Halved* render time with @appleseedhq on a particular scene using OSL (Windows, VS 2015, exception handling enabled) by replacing `float4() {}` by C++11's `float4() = default` in OIIO. The former disabled __forceinline, among other things. Details:

— François Beaune (@franzbeaune) March 16, 2018

The long tail of fixing Meltdown and Spectre

It's just a cube, how hard could it be
A texture mapped cube, except the textures are all wrong


JSON feed

Atom feed