← Back to context

Comment by this_user

10 hours ago

Their legendary "goto fail" debacle as well as the ease with which ios has repeatedly been jailbroken would disagree. I think geohot once quipped: "My lawyer could write a better malloc."

10 comments

this_user

Reply
Veserv  10 hours ago

I much prefer the defect where the root password was the empty string [1].

https://security.it.miami.edu/stay-safe/sec-articles/macosx-...

[1] Actually, the defect was that creating a root account was a unprivileged action, so anybody could create a root account on your machine with a password of their choice. The most obvious presentation is that you could login to root by pressing enter twice with the empty password; the first time creating root with the empty password and the second time logging you in.

ninju  10 hours ago

12 year old coding bug

https://www.imperialviolet.org/2014/02/22/applebug.html

  • Jtarii  10 hours ago

    Never understood that if statement style, it seems to only exist to create subtle bugs.

    • bch  5 hours ago

      I think of it as BSD style, though of course it could be suggested/mandated elsewhere -

        [...]Use a space after keywords (if, while, for, return, switch). No braces are used for control statements with zero or only a single statement unless that statement is more than a single line, in which case they are permitted.[0]

      As I look, GNU guide is less specific, but examples[1] show the same style.

      The good thing is that -Wmisleading-indentation [2] (comes along with -Wall) catches this indentation error.

      [0] https://man.openbsd.org/style - happens to be same for at least NetBSD.

      [1] https://www.gnu.org/prep/standards/html_node/Syntactic-Conve...

      [2] https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html

    • array_key_first  9 hours ago

      It's slightly less lines of code which is nice. I'm someone who prefers terseness so I get it.

      However, it's bad. I much prefer the rare, elusive, postfix if:

         goto fail if (condition);

      It can create some very readable code when used right, with short and simple conditionals.

wfme  10 hours ago

Dare we not look to Android.

goto fail was relevant in 2014 - perhaps not the most useful point in 2026.