new | ask | show | jobs
this_user 16 hours ago  [ - ]

Their legendary "goto fail" debacle as well as the ease with which ios has repeatedly been jailbroken would disagree. I think geohot once quipped: "My lawyer could write a better malloc."

Veserv 16 hours ago  [ - ]

I much prefer the defect where the root password was the empty string [1].

https://security.it.miami.edu/stay-safe/sec-articles/macosx-...

[1] Actually, the defect was that creating a root account was a unprivileged action, so anybody could create a root account on your machine with a password of their choice. The most obvious presentation is that you could login to root by pressing enter twice with the empty password; the first time creating root with the empty password and the second time logging you in.

ninju 16 hours ago  [ - ]

12 year old coding bug

https://www.imperialviolet.org/2014/02/22/applebug.html

Jtarii 16 hours ago  [ - ]

Never understood that if statement style, it seems to only exist to create subtle bugs.

bch 11 hours ago  [ - ]

I think of it as BSD style, though of course it could be suggested/mandated elsewhere -

  [...]Use a space after keywords (if, while, for, return, switch). No braces are used for control statements with zero or only a single statement unless that statement is more than a single line, in which case they are permitted.[0]
As I look, GNU guide is less specific, but examples[1] show the same style.

The good thing is that -Wmisleading-indentation [2] (comes along with -Wall) catches this indentation error.

[0] https://man.openbsd.org/style - happens to be same for at least NetBSD.

[1] https://www.gnu.org/prep/standards/html_node/Syntactic-Conve...

[2] https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html

array_key_first 15 hours ago  [ - ]

It's slightly less lines of code which is nice. I'm someone who prefers terseness so I get it.

However, it's bad. I much prefer the rare, elusive, postfix if:

   goto fail if (condition);
It can create some very readable code when used right, with short and simple conditionals.
 16 hours ago  [ - ]
[deleted]
youngtaff 16 hours ago  [ - ]

iOS (and MacOS) now use Google’s BoringSSL instead and have for many years

dieortin 14 hours ago  [ - ]

Do they? Based on what I’ve seen with a quick search, this doesn’t seem to be true

gsnedders 13 hours ago  [ - ]

See e.g. https://developer.apple.com/documentation/network/creating-a... where the logging output makes it clear BoringSSL is what is used.

Or comments such as: https://github.com/apple-oss-distributions/Security/blob/rel...

Unsurprisingly, given BoringSSL doesn't have a stable API (yet alone ABI), it isn't exposed as a system library.

wfme 16 hours ago  [ - ]

Dare we not look to Android.

goto fail was relevant in 2014 - perhaps not the most useful point in 2026.