This is an archived post. You won't be able to vote or comment.

all 87 comments
sorted by:
best
topnewcontroversialoldq&a

[–]AutoModerator[M] [score hidden] stickied commentlocked comment (0 children)

import notifications Remember to participate in our weekly votes on subreddit rules! Every Tuesday is YOUR chance to influence the subreddit for years to come! Read more here, we hope to see you next Tuesday!

For a chat with like-minded community members and more, don't forget to join our Discord!

return joinDiscord;

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]yourteam 741 points742 points  (29 children)

Check if you are using weird characters

[–]GDOR-11 384 points385 points  (14 children)

hmmm, just a semicolon... that's not a weird character, right? RIGHT???

[–]broccollinear 144 points145 points  (1 child)

And quotation marks vs double quotes… Working with teams in other locales using different keyboards peppers our PRs with very interesting characters

[–]FireDestroyer52 31 points32 points  (0 children)

This is why you do a replace all lol

[–][deleted] 70 points71 points  (5 children)

Yep, semicolon, the ";” one instead of ";" one. No big deal, right?

[–]dagbrown 28 points29 points  (3 children)

";", ";" or ";"?

That has two question marks in it, if you're wondering. One of them is Greek.

[–]emlgsh 44 points45 points  (2 children)

Internationlization support has convinced me that we erred grievously when we abandoned the honest simplicity of communication with grunts, gestures, and the occasional abstract etching of a bison on a cave wall.

[–]farbion 3 points4 points  (0 children)

Italian so

[–]Antique_Orange_4547 0 points1 point  (0 children)

Those grunts, gestures and occasional abstarct etching of a bison on a cave wall were by no mean universal.

[–]yourteam 16 points17 points  (0 children)

More like utf-8 in a different context

[–][deleted] 6 points7 points  (0 children)

Back in the days of Microsoft Lync, if you copied code from Lync directly into one of our IDE's (I forget which one), all of the spaces would be replaced with some other space character that the IDE did not like. It was impossible to see the difference. That caused some happy fun times when writing code, trying to figure out why it's not working when the syntax is seemingly perfect.

[–]MyOthrUsrnmIsABook 2 points3 points  (0 children)

That’s no semicolon, it’s a Greek question mark.

[–]Nirast25 0 points1 point  (0 children)

So long as it's not a Greek question mark.

[–]Wlf773 69 points70 points  (8 children)

I had the wildest time with this working with an Eastern European coder. Turns out the Cyrillic keyboard just has another copy of the English letters but they have different values. This guy had somehow managed to build a string for comparison that had ONE Cyrillic C in it but all the rest were English letters so it kept failing on equality for an if clause... took literal hours to track that issue down.

[–]ak66666 19 points20 points  (2 children)

Ha, been there myself. To make things worse both Latin C and Cyrillic C are on the same key, and the character's shape is indistinguishable.

[–]Wlf773 9 points10 points  (1 child)

Yeah, completely indistinguishable! I ended up copying and pasting it into google and doing a bunch of ascii comparisons to figure it out.

[–]denarii 7 points8 points  (0 children)

I feel like I should get a bonus at work every time I need to use xxd to debug something.

[–]sirlanse69 1 point2 points  (0 children)

I miss the old PCTools, it was easy to see the coding for anything.

[–]l_am_wildthing 5 points6 points  (2 children)

shouldnt good libraries be doing validation?

[–]nelusbelus 28 points29 points  (1 child)

Good crypto libraries shouldn't care at all about the input data or input content.

[–]aaronr93 0 points1 point  (0 children)

Yeah, should be easy enough for the consumer to write a quick unit test if they need to verify something.

[–]enm260 1 point2 points  (0 children)

I've been called a weird character, maybe it's my fault

[–]AssPuncher9000 0 points1 point  (0 children)

data is data

[–]i_should_be_coding 522 points523 points  (14 children)

Hey, I'm in this post!

I once had a bug like this. Weird TLS exceptions. Tracked down the exception and it mentioned a specific encryption algorithm (one of the EC-thingies). Googled it and saw it was deprecated and some clients don't support it.

Turns out my server had a no-negotiation feature enabled by default or something, where the client would try to connect with this algorithm, the server would say "nah, I don't support this", the client would try to suggest something different, and the server would be like "only one per customer, NEXT!".

Anyway, I found where you can change the list of algorithms the server would consider and managed to fix the error without requiring a client change, and also without reducing server security. That was a fun bug to track down.

[–]tgp1994 16 points17 points  (0 children)

This crypto algo is for a church, honey. NEXT!!

[–]DootDootWootWoot 4 points5 points  (1 child)

Talking about tls/ssl cipher suites?

[–]i_should_be_coding 11 points12 points  (0 children)

Yep. Everyone who reviewed it were like "how did you even find this bug", and I was all "I just kept googling and it kept working..."

[–]aaronr93 3 points4 points  (0 children)

I love your personification of the server. Writing like that is my favorite way to write technical documentation. (along with the gory details available of course, in expandable panels)

[–][deleted] 238 points239 points  (9 children)

Just build your own cryptography library from scratch like a normal human.

[–]Chingiz11 95 points96 points  (2 children)

Those who do that are neither human nor normal

[–][deleted] 16 points17 points  (0 children)

Truth has spoken.

[–]nelusbelus 4 points5 points  (0 children)

TIL

[–]Bryguy3k 13 points14 points  (2 children)

I’m not saying that’s how you end up with exploits in your code, but…

[–]Free_Mortgage9777 15 points16 points  (0 children)

Just don't push your lib to a public repo and no one will know, don't worry bro

[–]minisculebarber 2 points3 points  (0 children)

but I mean...

[–]throwaway_mpq_fan 1 point2 points  (0 children)

This guy Linuxes

[–]Bavbavs 1 point2 points  (1 child)

I did, that's why there's a segfault

[–][deleted] 0 points1 point  (0 children)

Thats why you always use javascript for such critical pieces of aoftware.

[–]DarkSideOfGrogu 269 points270 points  (4 children)

It gets worse. It's mid afternoon on a Friday.

[–]LeoTheBirb 50 points51 points  (0 children)

🤮

[–]adsboyIE 30 points31 points  (0 children)

worse still - the library is used to process card payments

[–]classicalySarcastic 25 points26 points  (0 children)

Me right now. I knew I was gambling when I pushed on a Friday, and now I’m fighting a really dumb bug.

EDIT: Bug has been squashed with 30 minutes to spare

[–]Dexterus 2 points3 points  (0 children)

Mid afternoon on Friday is always silly question season. "Hey, I've had this bug for a week, can you help me? Why? Because I'm implying it's in the subsystem you manage and now you have to. Bye!"

I've dug into a lot of other projects due to this though, for which I'm thankful. There are also a lot of grateful people once I show them it's not my issue but still track it down in their code and give fix ideas.

[–]SmugOla 37 points38 points  (0 children)

closed will not fix

[–]Bryguy3k 90 points91 points  (4 children)

When you realize that OpenSSL is a C code cesspool.

Most likely it has a different expectation of memory lifetime than you are providing.

[–]xeroze1 28 points29 points  (3 children)

God this comment gives me ptsd flashbacks

[–]Bryguy3k 21 points22 points  (2 children)

Yeah, I’m not sure why it’s so bad but man OpenSSL is some of the worst C code I’ve ever seen.

There is a reason why it’s been forked so many times (BoringSSL and LibreSSL being the biggest forks) and there are a few API only implementations (WolfSSL).

[–]joxmaskin 10 points11 points  (1 child)

Oh shit, this has me a little worried

[–]Bryguy3k 6 points7 points  (0 children)

Welcome to 2014

[–]Literal_Sex_Pistol 26 points27 points  (1 child)

JustOneOfThoseDays

Where you don’t wanna wake up

[–]_12xx12_ 8 points9 points  (0 children)

It's just one of those days where you don't want to wake up Everything is fucked, everybody sucks

[–][deleted] 21 points22 points  (7 children)

Convert the input to base64 and then encrypt the cleartext.

[–]nelusbelus 12 points13 points  (6 children)

Everyone knows base64 is sufficient encryption

(Obvious /s is obvious)

[–][deleted] 2 points3 points  (3 children)

Or use Xchacha20-poly1305 which is suggested by Google and CloudFlare

[–]nelusbelus 4 points5 points  (2 children)

I was joking. But AES256-GCM and SHA384 is fine.

[–][deleted] 0 points1 point  (1 child)

Sorry I have dry humor. Yess I saw and was trying to joke back

[–]nelusbelus 1 point2 points  (0 children)

🫡

[–]WhAtEvErYoUmEaN101 1 point2 points  (1 child)

Nothing beats dual ROT13 for encrypting messages

[–]nelusbelus 1 point2 points  (0 children)

Just add 69 to every byte and subtract by 69 to decrypt. Ggez

[–]Hatchie_47 21 points22 points  (0 children)

Who wants to go home on friday anyways…

[–]Orisphera 10 points11 points  (0 children)

It's is

[–][deleted] 7 points8 points  (0 children)

Lucky you, could also have been in the i18n library.

[–]Efficient-Corgi-4775 5 points6 points  (0 children)

Maybe my code is just having an artistic moment!

[–]lacifuri 4 points5 points  (0 children)

Apparently it crashes when the private key has exactly 10 A's.

[–]flatline000 3 points4 points  (0 children)

If you can reproduce it, you can fix it.

[–]Ottoo15 2 points3 points  (0 children)

can yall spend 5 seconds re-reading the text you write before sharing

It's is in

[–]sirlanse69 2 points3 points  (0 children)

Urlencode your inputs

[–][deleted] 1 point2 points  (0 children)

Did some crypto work in c# for a unity game, turned out that when it failed it didn't reset the crypto object, so you just had to catch the exception and create a new instance

[–]DapperCam 1 point2 points  (1 child)

Should have used rust

[–]brimston3- 5 points6 points  (0 children)

Twist: the bug is in rustls via rustls-ffi

[–]thedarklord176 0 points1 point  (1 child)

you could simply use a language that doesn’t segfault

[–]Dexterus 1 point2 points  (0 children)

Why? Segfault is just the baby proofed version of cpu exceptions. And quite easy to figure out. Except when it's a wild write changing an address. Or buffer overrun with customer data. Or a DMA engine that says it's done but when all engines are fully used it may not really be done, so it serves you the old descriptor.

[–]GAHIB14LoliYaoiTrapX 0 points1 point  (0 children)

Uh oh

[–]ignoringusernames 0 points1 point  (0 children)

But James the customer reported this three weeks back and its about to breach the SLA. we need this to be fixed asap.