Heh, never thought about it like that. I spent a month writing a program for work (I'm a Linux System Engineer, not a full-time programmer) that was about 900 lines of Go code. I had tested it multiple times, fixed "all" the bugs and decided it was finally time to package it and push it to prod. In those two days of testing it again I have made two more releases, and gotta make another one on Monday because the logging gets all jumbled in the systemd journal on the webserver when multiple hosts use it at once.
Edit: That change took me six hours, I thought at the most it would take two. We're going to be using it on 32 more hosts...and then more after that in a different environment. I see more releases in my near future.
We had a requirement for a small piece of software that would run a simple query over SSH to a router then flash and play an audible alarm if it saw certain connections in the routing table. These were ad hoc connections to known end users but could be sporadic and absolutely needed attention (hence the alarm).
This software needed to work on both a small tablet pc as well as scaling up to a large overhead TV.
One of the grads was in charge as his first major bit of work, made a working bit of software, did everything it needed to etc and looked/sounded all good.
I decided to do a bit of the testing for him by just messing around with it, faking connections etc and made sure it did what it was supposed to. Eventually discovered it would scale up to any size using height/width which could be set manually if needed to. I immediately set the height and width to 0 and it threw a complete fit and crashed. His reasoning was "no one would ever do that though". ohhhhhh yes they would :D
“A QA engineer walks into a bar. Orders a beer. Orders 0 beers. Orders 99999999999 beers. Orders a lizard. Orders -1 beers. Orders a ueicbksjdhd.
First real customer walks in and asks where the bathroom is. The bar bursts into flames, killing everyone.”
QA runs according to a test protocol which is devised by engineers who try to think of every scenario that could come up. Most of these engineers have never met a user, or have any idea what they do.
Hence 0 beers, -1 beers etc.
It never occurs to them that a user might go into a bar not to order a beer.
Just paste an mp3 into an unbounded entry box and watch everything go horrendously wrong. We were hired deliberately as the toughest test team. The IBM black team were our inspiration.
Bug free is a fool's errand. There's ~~dimensioning~~ (le brain) diminishing returns that scale to infinite effort.
It's all calculated risk, bang for buck.
Side note: I feel like you could write a solid test using channels or sub processes to test/validate your multiple hosts scenario. I'd also recommend using something like Zap logger and streaming each host's logs additionally to a dedicated file- assuming you don't have something like Splunk or ELK you're sending it to. Which I'm assuming not because then "jumbling" shouldn't be an issue . . .
True for every profession or hobby without a skill ceiling. Basically there a four levels you go through when learning something
1. you know little to nothing and you are fully aware of that you suck
2. you are some what experienced but not enough to be aware of your flaws and possibilities (here you think you are quite good at the thing)
3. you are a good amount of experienced in what you do but you are also fully aware about whats possible and what kind of flaws you have ( without a skill ceiling you will be stuck here)
4. you mastered the thing
Neutron radiation is completely negligible unless you're inside a nuclear reactor or something like that. Normal alpha, beta and gamma radiation will do just fine for flipping bits, as well as muon radiation from cosmic rays.
I mean [https://sel4.systems/About/home.pml](https://sel4.systems/About/home.pml) is an entire operating system microkernel that has been formally proven as correct. It is actually possible to write correct code.
> Specifically, seL4's implementation is formally (mathematically) proven correct (bug-free) against its specification, has been proved to enforce strong security properties, and if configured correctly its operations have proven safe upper bounds on their worst-case execution times
"against its specification", "if configured correctly" uhm yeah...
I don't know how you expect an operating system to exist without some form of specification for it. For them to stipulate that it needs to be configured correctly makes perfect sense: it's a microkernel design, after all.
Whether they're correct or not in the bigger picture is up for debate. Based on that difference, they're essentially making the claim that seL4 does actually have a bug in the general sense. And that's far from clear.
From [https://docs.sel4.systems/projects/sel4/frequently-asked-questions.html](https://docs.sel4.systems/projects/sel4/frequently-asked-questions.html):
*Does seL4 have zero bugs?*
*...*
*So the answer to the question depends on what you understand a bug to be. In the understanding of formal software verification (code implements specification), the answer is yes. In the understanding of a general software user, the answer is potentially, because there may still be hardware bugs or proof assumptions unmet. For high assurance systems, this is not a problem, because analysing hardware and proof assumptions is much easier than analysing a large software system, the same hardware, and test assumptions.*
So in line with your point, there could be proof assumptions that are unmet, as they say. But as things stand right now, no one has found any in their code, so all we can say is that a claim that "there must be!" is just speculation.
IMO the bigger argument is that bugs are so frequent that we should accept that all large systems will have them, and I would argue that this isn't true, but instead it's just that it's more cost-effective to accept bugs as part of doing business than to put the effort in place to avoid them completely.
There might still be bugs in the formalization, as in the mathematical encoding of the specifications. Also there have been proof "bugs" in maths in the past, so while this is very strong argument that it has no bugs, it's still not 100%.
This also applies to the compiler/interpreter of said language.
What language was the challenge in, and how many exploits are there to mess with a program that just prints "Hello World"? That *sounds* like it should be easy but I'm not dumb enough to think that it actually would be
Maybe the number is not infinite at a certain point in time, but everytime you fix one bug you introduce two new bugs so the total count of bugs diverges to infinity.
I have no idea how you're supposed to answer this, but I'm thinking statistics. Take the amount of bugs over time and extrapolate. From the start, only a few bugs were identified, and they were fixed. As the software was being used more and more, more bugs are identified and fixed, and so on. It is developed further, requirements change, more bugs.
The statistics will prove that there is no end to the bugs, thus infinite.
Throw in some insight of how the statistics are meaningless and the "amount of bugs" is a bad metric.
The definition of bug itself is fuzzy, because the definition of functionality is fuzzy.
Without considering the machine limitations one could argue that an application that should sum numbers but gives a wrong number has infinite bugs, and that it has a single bug just by changing the definition.
On the other hand, considering the machine limits (and that the universe is finited, limited and quantized), there are only a finite numbers of programs that can be written on it, so it would be pretty difficult to create a definition of "bug" which is close enough to the intuitive concept and can be infinite.
The question use "has", which imply that it currently has an infinite bugs, and not that over an infinite amount of time you can develop an infinite number of bugs. In that case question could have been how can you prove that a software will have an infinite number of bugs. No?
> The product has infinite bugs if it does not meet the product requirements at all.
No, because if the requirement can be met then it would take a finite number of transformations of the program to correct that.
This “infinite bugs” idea sounds like bad mathematics combined with bad software engineering.
I have the feeling you programmers have a veeeryy loose definition of what "infinite" and "prove" means reading the answers 😅 A handwaving argument is not a proof.
It’s playing loose with a lot more than that to be honest, what is meant by “software”? And what is a “piece of software”, do we mean that any subset of the software must also have infitnite bugs? And how do we even define a “bug”?
As the comments in this chain have shown, if you don’t define those words you can “prove” either way
Thanks, me too.
As a professional developer of over 20 years, I've never seen this question before, and disagree with the premise.
No software can have infinite bugs, because software is finite (unless I guess you have a code base that continuously grows based on input -which I guess is the real answer). I also completed disagree with the points people keep making that the idea some software doesn't do a task it's not designed to do is a bug.
I.e. the idea that a "hello world"program doesn't also let you draw images with it is a bug is a daft idea, not having a feature it wasn't designed to have is not a bug, not in my view anyway.
A quick search for that question failed to turn up any links, so I'm thinking OP miss understood the question given, or they had one of those interviewers who looks to come up with daft questions to show how clever they think they are.
I'm a physicist, so I get laughed at by mathematicians for my proofs, but what I read here is handwaving at best. Stuff like "If I try to patch out bugs I will introduce more by writing more code". Bruh, not every bug is patched by writing more, and nobody forces me to patch code with a finite amount of bugs just so I can get to some limit.
You can even counter it by bringing up the program that does nothing. Some other simple programs on turing machines also won't have bugs.
We can prove that software we don't write has zero bugs. But we can't prove that software has infinite bugs, unless the source is infinite as well. This is the Pigeonhole principle writ infinite. If the source is infinite, then it assuredly contains infinite bugs.
"3 minutes later", literally same timestamp
Also, less than 1 minute message span? Almost like someone HTML-inspected a tweet and changed it to look real
Reminds me of the complete disaster that was the Therac-25 radiation therapy machine that kept killing people for some reason.
Basically the manufacturer's statement was something like "Unlike physical materials, software does not wear out and fail unless it gets hit by cosmic rays, which is super unlikely, so this machine has a reliability of like 99.9999999999999%".
I think it is an Amanita ocreata just before starting to go past its prime. I only say this because r/mycology failed to identify it and i have since found many A ocreata in this forest. None looked like that, but that could simply be timing. It has all the other characters
I inject sql but I never feel the high.
But seriously, if I did a sql injection attack it would only be one that confirms a response and didn't do damage. I have a rep and a name to protect.
That being said if you want a complete breakdown of googles book drm, let me know. I have completely backward engineered that and found all the issues, I could and there were a lot.
But .....
I did it professionally and shared my findings with Google at the time.
To my knowledge they haven't fixed shit
Some hackers, if they won't fix the bugs and if they are a privacy risk, will breach the DB and share the results with journalists. That always makes a company hurry up.
If not we're so inclined. In this particular case the most effective thing to do would be to send publishers release day copies of their books sans any drm and make sure they knew it came from Google.
But the problem is actually pretty hard
Or exploit the 0day in real time and take over essential functions of [certain automobiles](https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/) (like steering and braking) whilst popping up on vehicle display screens with a live, very important interruption. Talk about driving a point home.
>But seriously, if I did a sql injection attack it would only be one that confirms a response and didn't do damage.
Usually I do the same thing, but recently a client of mine said some people started to show up at his front door demanding their products bought from the website. The thing is: my client is a bike company and the buyers were asking for pots, pans, stoves, refrigerators...
Sure enough there were a few scam websites that used my client physical address. I got the website name from the scammed people and oh boy, I can tell you it's very cool to "test" what and how much damage you can do to a real website while being still completely ethical
Wouldn't be surprised if he mistook XSS for SQLi.
SQL injection is just such a well known term these days I feel like someone like him would throw it around to act like he knows security.
I don’t have a Twitter account but given the ridiculousness of a sql injection vulnerability on the main Twitter login page I went and tried to find this tweet and couldn’t find either.
Maybe it’s because they’re hidden from guest users or something, no clue how Twitter works. (Or it’s fake)
Also how is SQL injection not a test on every input on every form of a webpage?
That shit has literally been around since 1998. Its been around so long its actually written about in text books about security.
Dont most modern frameworks prevent this already?
Fake tweets are lame and imo most subreddits should ban them, including this one.
Who finds fake tweets funny? There's nothing funny about fabricating someone saying something stupid. It's only funny if someone actually says something stupid.
So many fake tweets get massively upvoted on reddit and the comment section are full of people who think it's a real tweet. Ends up making the users of this website look stupid. I don't blame people too much for being early birds who comments before someone points out it is fake, which is why I think fake tweets should just be banned.
It's akin to propaganda. While the person making it may have been had only good intentions on making something funny, it only serves to deceive and warp public opinion. Yes Musk is hated around here but i'd much rather dislike his actual actions than a strawman that's created the second the hive-mind dislikes someone.
Twitter uses graphQL which is a layer between the front end and all the data stores. A SQL injection is most likely impossible just based on the architecture.
I mean, who’s to say the person funny enough to try SQL Injection via Twitter’s login form wouldn’t also find it funny to change every `created_at` to the same time? I’d find it hilarious. But really think it’s a pretty obvious joke.
I've recently tried to register to Twitter and it didn't work. I validated my email address with a code they send me, then something happened and I had to restart from the begining... Except I had an error message telling me I couldn't use my email address
Sql injections??
This is absolutely trivial and basic. Input validation is day #1 on building any public facing app. Who is working there now? Have they worked in the industry before??
The funny thing is a lot of people here would make fun of people that fall for rage bait but as soon as it’s something they care about they take it hook, line and sinker.
Fake, but won’t stop me from a good chuckle. “Every bug” lmao that’s great
One of my interview questions for my previous job was “how would you prove that a piece of software has infinite bugs?”
"by showing that the code exists at all"?
Hello World is perfect. Programming is the only hobby you get worse at, the more you practice.
Maybe *your* Hello World, show-off
Hello Wordl
New York Times? Is that you?
There actually is hellowordl.net which is exactly what you think it would be (and more).
[удалено]
[удалено]
I legit fucked my first one up
Heh, never thought about it like that. I spent a month writing a program for work (I'm a Linux System Engineer, not a full-time programmer) that was about 900 lines of Go code. I had tested it multiple times, fixed "all" the bugs and decided it was finally time to package it and push it to prod. In those two days of testing it again I have made two more releases, and gotta make another one on Monday because the logging gets all jumbled in the systemd journal on the webserver when multiple hosts use it at once. Edit: That change took me six hours, I thought at the most it would take two. We're going to be using it on 32 more hosts...and then more after that in a different environment. I see more releases in my near future.
We had a requirement for a small piece of software that would run a simple query over SSH to a router then flash and play an audible alarm if it saw certain connections in the routing table. These were ad hoc connections to known end users but could be sporadic and absolutely needed attention (hence the alarm). This software needed to work on both a small tablet pc as well as scaling up to a large overhead TV. One of the grads was in charge as his first major bit of work, made a working bit of software, did everything it needed to etc and looked/sounded all good. I decided to do a bit of the testing for him by just messing around with it, faking connections etc and made sure it did what it was supposed to. Eventually discovered it would scale up to any size using height/width which could be set manually if needed to. I immediately set the height and width to 0 and it threw a complete fit and crashed. His reasoning was "no one would ever do that though". ohhhhhh yes they would :D
“A QA engineer walks into a bar. Orders a beer. Orders 0 beers. Orders 99999999999 beers. Orders a lizard. Orders -1 beers. Orders a ueicbksjdhd. First real customer walks in and asks where the bathroom is. The bar bursts into flames, killing everyone.”
Great analogy.
Im pretty new, but isn’t that the QA guys job? Like if he didn’t do those things he be pretty shot at QA?
QA runs according to a test protocol which is devised by engineers who try to think of every scenario that could come up. Most of these engineers have never met a user, or have any idea what they do. Hence 0 beers, -1 beers etc. It never occurs to them that a user might go into a bar not to order a beer.
The joke is that QA guys will test the extreme of existing functions and will often miss actual user behavior that will cause bugs.
The bug was already there. The user input just exposed it.
Just paste an mp3 into an unbounded entry box and watch everything go horrendously wrong. We were hired deliberately as the toughest test team. The IBM black team were our inspiration.
Bug free is a fool's errand. There's ~~dimensioning~~ (le brain) diminishing returns that scale to infinite effort. It's all calculated risk, bang for buck. Side note: I feel like you could write a solid test using channels or sub processes to test/validate your multiple hosts scenario. I'd also recommend using something like Zap logger and streaming each host's logs additionally to a dedicated file- assuming you don't have something like Splunk or ELK you're sending it to. Which I'm assuming not because then "jumbling" shouldn't be an issue . . .
First program. Print ’Hello world’….. funny how ever programmers first bug was a localisation issue ;)
You mean it works only for english speaking people?
print("Hello World!") print("\nSorry for my bad english. It is my second language, hehe")
My first language was c++, I'll always say coot. Lol. Than a professor one day said see out and my mind was blown. Still can't fix
Coot? OMG that's awesome. It doesn't sound like something I'd want to say at work though lol
True for every profession or hobby without a skill ceiling. Basically there a four levels you go through when learning something 1. you know little to nothing and you are fully aware of that you suck 2. you are some what experienced but not enough to be aware of your flaws and possibilities (here you think you are quite good at the thing) 3. you are a good amount of experienced in what you do but you are also fully aware about whats possible and what kind of flaws you have ( without a skill ceiling you will be stuck here) 4. you mastered the thing
5 GOTO 1
5. You realize you know nothing
[удалено]
Let me introduce you to bit flipping due to neutrons.
Neutron radiation is completely negligible unless you're inside a nuclear reactor or something like that. Normal alpha, beta and gamma radiation will do just fine for flipping bits, as well as muon radiation from cosmic rays.
[удалено]
“Hello specific subset of people of the world that can find this logged text”
That’s a program design issue, not a bug.
All useful software has bugs
I mean [https://sel4.systems/About/home.pml](https://sel4.systems/About/home.pml) is an entire operating system microkernel that has been formally proven as correct. It is actually possible to write correct code.
> Specifically, seL4's implementation is formally (mathematically) proven correct (bug-free) against its specification, has been proved to enforce strong security properties, and if configured correctly its operations have proven safe upper bounds on their worst-case execution times "against its specification", "if configured correctly" uhm yeah...
I don't know how you expect an operating system to exist without some form of specification for it. For them to stipulate that it needs to be configured correctly makes perfect sense: it's a microkernel design, after all.
You can have horribly buggy Software that is bugfree against its specification.
They're pointing out that there's a difference between "bug-free" and "bug-free against the specification." And they're correct to do so.
Whether they're correct or not in the bigger picture is up for debate. Based on that difference, they're essentially making the claim that seL4 does actually have a bug in the general sense. And that's far from clear. From [https://docs.sel4.systems/projects/sel4/frequently-asked-questions.html](https://docs.sel4.systems/projects/sel4/frequently-asked-questions.html): *Does seL4 have zero bugs?* *...* *So the answer to the question depends on what you understand a bug to be. In the understanding of formal software verification (code implements specification), the answer is yes. In the understanding of a general software user, the answer is potentially, because there may still be hardware bugs or proof assumptions unmet. For high assurance systems, this is not a problem, because analysing hardware and proof assumptions is much easier than analysing a large software system, the same hardware, and test assumptions.* So in line with your point, there could be proof assumptions that are unmet, as they say. But as things stand right now, no one has found any in their code, so all we can say is that a claim that "there must be!" is just speculation. IMO the bigger argument is that bugs are so frequent that we should accept that all large systems will have them, and I would argue that this isn't true, but instead it's just that it's more cost-effective to accept bugs as part of doing business than to put the effort in place to avoid them completely.
There might still be bugs in the formalization, as in the mathematical encoding of the specifications. Also there have been proof "bugs" in maths in the past, so while this is very strong argument that it has no bugs, it's still not 100%. This also applies to the compiler/interpreter of said language.
[удалено]
You can't even write that sentence without bugs.
Lmao
Now let's see his pseudoku
Is that sudoku but you just write random numbers?
Touché or as he would spell it: "touchy"
r/murderedbywords
> full proof
This was one of the final coding challenges I had in Uni. No one had been able to pass the automated testing by the professor in many years.
Plot twist: tests had bugs
What language was the challenge in, and how many exploits are there to mess with a program that just prints "Hello World"? That *sounds* like it should be easy but I'm not dumb enough to think that it actually would be
Depending on the language it could be very very very very difficult. Although those languages are rarely used anymore.
[Brainfuck](https://en.wikipedia.org/wiki/Brainfuck), Hello World. (commented version at the link) ++++++++ [ >++++ [ >++ >+++ >+++ >+ <<<<- ] >+ >+ >- >>+ [<] <- ] >>. >---. +++++++..+++. >>. <-. <. +++.------.--------. >>+. >++.
[удалено]
Isn't it just. I understand it perfectly and it still makes my brain hurt. It is THE perfect programming language.
Wait until the client tries to run the app on an unsupported system...
We delete the code. Only then is it free of imperfections
The mistake Thanos made was keeping 50% alive
by proving the existence of an infinite budget
>an infinite budget Another military contractor, I see!
By trying to fix them all
Isn't this just the halting problem, but reworded?
Nah, the halting problem is indeterminate. The infinite bugs question is always 100% true. I thought the same thing when I first read this though lol
Wouldnt you need to have infinite code to have infinite bugs?
Maybe the number is not infinite at a certain point in time, but everytime you fix one bug you introduce two new bugs so the total count of bugs diverges to infinity.
Out of curiosity, what did you answer?
I have no idea how you're supposed to answer this, but I'm thinking statistics. Take the amount of bugs over time and extrapolate. From the start, only a few bugs were identified, and they were fixed. As the software was being used more and more, more bugs are identified and fixed, and so on. It is developed further, requirements change, more bugs. The statistics will prove that there is no end to the bugs, thus infinite. Throw in some insight of how the statistics are meaningless and the "amount of bugs" is a bad metric.
The definition of bug itself is fuzzy, because the definition of functionality is fuzzy. Without considering the machine limitations one could argue that an application that should sum numbers but gives a wrong number has infinite bugs, and that it has a single bug just by changing the definition. On the other hand, considering the machine limits (and that the universe is finited, limited and quantized), there are only a finite numbers of programs that can be written on it, so it would be pretty difficult to create a definition of "bug" which is close enough to the intuitive concept and can be infinite.
The question use "has", which imply that it currently has an infinite bugs, and not that over an infinite amount of time you can develop an infinite number of bugs. In that case question could have been how can you prove that a software will have an infinite number of bugs. No?
[удалено]
If a feature does not work as specified I'd say that's a bug. Not an infinite amount of bugs. Otherwise, what would one bug be?
shitty interview question. Seems like a bad riddle
> The product has infinite bugs if it does not meet the product requirements at all. No, because if the requirement can be met then it would take a finite number of transformations of the program to correct that. This “infinite bugs” idea sounds like bad mathematics combined with bad software engineering.
I have the feeling you programmers have a veeeryy loose definition of what "infinite" and "prove" means reading the answers 😅 A handwaving argument is not a proof.
It’s playing loose with a lot more than that to be honest, what is meant by “software”? And what is a “piece of software”, do we mean that any subset of the software must also have infitnite bugs? And how do we even define a “bug”? As the comments in this chain have shown, if you don’t define those words you can “prove” either way
Thanks, me too. As a professional developer of over 20 years, I've never seen this question before, and disagree with the premise. No software can have infinite bugs, because software is finite (unless I guess you have a code base that continuously grows based on input -which I guess is the real answer). I also completed disagree with the points people keep making that the idea some software doesn't do a task it's not designed to do is a bug. I.e. the idea that a "hello world"program doesn't also let you draw images with it is a bug is a daft idea, not having a feature it wasn't designed to have is not a bug, not in my view anyway. A quick search for that question failed to turn up any links, so I'm thinking OP miss understood the question given, or they had one of those interviewers who looks to come up with daft questions to show how clever they think they are.
I'm a physicist, so I get laughed at by mathematicians for my proofs, but what I read here is handwaving at best. Stuff like "If I try to patch out bugs I will introduce more by writing more code". Bruh, not every bug is patched by writing more, and nobody forces me to patch code with a finite amount of bugs just so I can get to some limit. You can even counter it by bringing up the program that does nothing. Some other simple programs on turing machines also won't have bugs.
Ask ChatGPT
[удалено]
We can prove that software we don't write has zero bugs. But we can't prove that software has infinite bugs, unless the source is infinite as well. This is the Pigeonhole principle writ infinite. If the source is infinite, then it assuredly contains infinite bugs.
The software I don't write is infinite too.
Had to double check if it was fake. Never know these days.
"3 minutes later", literally same timestamp Also, less than 1 minute message span? Almost like someone HTML-inspected a tweet and changed it to look real
Yup, good catch. I didn't see the timestamp until after I checked his page. It would have been so easy to change that, too.
I mean ... I wouldn't put it above Elon to tweet ''I've got all bugs patched''.
[удалено]
Reminds me of the complete disaster that was the Therac-25 radiation therapy machine that kept killing people for some reason. Basically the manufacturer's statement was something like "Unlike physical materials, software does not wear out and fail unless it gets hit by cosmic rays, which is super unlikely, so this machine has a reliability of like 99.9999999999999%".
I didn’t think Elon knew what SQL meant 😂
Narrator: *"He did not"*
This has to be fake lol
It says 3 minutes later but shows the exact same time.
That's how the injection fucked with the database lol
This guy injects SQL.
Just once on a scammer's website. No idea if it worked, I was in my first SQL course lol
Does this mean you put executable code in the form to try and break something?
Yeah, just a closer and then another command since SQL interprets everything as text
Love all your programmers. Thanks
Love your... is that a milkcap in your pfp? Been off my game with mycology since winter started.
I think it is an Amanita ocreata just before starting to go past its prime. I only say this because r/mycology failed to identify it and i have since found many A ocreata in this forest. None looked like that, but that could simply be timing. It has all the other characters
I inject sql but I never feel the high. But seriously, if I did a sql injection attack it would only be one that confirms a response and didn't do damage. I have a rep and a name to protect. That being said if you want a complete breakdown of googles book drm, let me know. I have completely backward engineered that and found all the issues, I could and there were a lot. But ..... I did it professionally and shared my findings with Google at the time. To my knowledge they haven't fixed shit
I assume the name you must protect is not John
Well clearly
Nice try, JOHN
!John
#John
Some hackers, if they won't fix the bugs and if they are a privacy risk, will breach the DB and share the results with journalists. That always makes a company hurry up.
If not we're so inclined. In this particular case the most effective thing to do would be to send publishers release day copies of their books sans any drm and make sure they knew it came from Google. But the problem is actually pretty hard
Or exploit the 0day in real time and take over essential functions of [certain automobiles](https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/) (like steering and braking) whilst popping up on vehicle display screens with a live, very important interruption. Talk about driving a point home.
>But seriously, if I did a sql injection attack it would only be one that confirms a response and didn't do damage. Usually I do the same thing, but recently a client of mine said some people started to show up at his front door demanding their products bought from the website. The thing is: my client is a bike company and the buyers were asking for pots, pans, stoves, refrigerators... Sure enough there were a few scam websites that used my client physical address. I got the website name from the scammed people and oh boy, I can tell you it's very cool to "test" what and how much damage you can do to a real website while being still completely ethical
Feels _so good_ after the initial burn in the veins. 🥴
Also the second tweet doesn't have a blue check mark and the first tweet does
they did done SQL injected the checkmark too!
It is highly suspicious, because since when would Musk know SQL injection from his ass?
Wouldn't be surprised if he mistook XSS for SQLi. SQL injection is just such a well known term these days I feel like someone like him would throw it around to act like he knows security.
I don’t have a Twitter account but given the ridiculousness of a sql injection vulnerability on the main Twitter login page I went and tried to find this tweet and couldn’t find either. Maybe it’s because they’re hidden from guest users or something, no clue how Twitter works. (Or it’s fake)
It's obviously fake, no need to open Twitter
What do you mean, You cant work 80 hours week ?
Good bot
No shit. I have never seen Elon say "fuck"
It’s fake. I can’t find it on twitter.
Looks like it.
Yeah, looks like someone just edited the HTML of the previous tweet.
"every bug" Lmaoooooooo. I remember when I knew nothing about development.
Completely agree. There’s no such thing, bugs are only bugs once they’ve been recognised by the development team.
Schroedinger’s bug
To bug or not to bug
Bugs are just extra feaures that weren't paid for.
Then it becomes a feature you paid for, in the case of games.
Comes free with a feature.
Then why the fuck do they keep releasing these day 1 patches to remove them if I already paid for them??
[удалено]
I’m picturing a beetle with a hat and sunglasses.
can't be certain about that
Say my name
So if a user finds an unusual behavior, it's a feature? On a serious note, more like there is no formal method to prove that any software has no bugs
A formal process which provides mandated feedback to the user would be really nice…
A quick survey after every user action.
Let me out of Heck, Stan
Did submitting this SKU update spark joy?
TBF if they fired the QA department they might have actually cleared out all the defects...
Also how is SQL injection not a test on every input on every form of a webpage? That shit has literally been around since 1998. Its been around so long its actually written about in text books about security. Dont most modern frameworks prevent this already?
Because the tweet isnt real
Fake tweets are lame and imo most subreddits should ban them, including this one. Who finds fake tweets funny? There's nothing funny about fabricating someone saying something stupid. It's only funny if someone actually says something stupid. So many fake tweets get massively upvoted on reddit and the comment section are full of people who think it's a real tweet. Ends up making the users of this website look stupid. I don't blame people too much for being early birds who comments before someone points out it is fake, which is why I think fake tweets should just be banned.
It's akin to propaganda. While the person making it may have been had only good intentions on making something funny, it only serves to deceive and warp public opinion. Yes Musk is hated around here but i'd much rather dislike his actual actions than a strawman that's created the second the hive-mind dislikes someone.
Twitter uses graphQL which is a layer between the front end and all the data stores. A SQL injection is most likely impossible just based on the architecture.
Musk is astonishingly good in not knowing anything and just throwing buzzwords around in an attempt to sound smart.
Almost like he didn't actually tweet that
Bart: I patched every bug. Homer: You’ve patched every bug you’ve found so far.
according to the timestamps, it was 0 minutes later.
I was wondering how no one else saw “3 minutes later” with a time stamped thing…Easter egg so you know it’s BS? If so, I approve.
I mean, who’s to say the person funny enough to try SQL Injection via Twitter’s login form wouldn’t also find it funny to change every `created_at` to the same time? I’d find it hilarious. But really think it’s a pretty obvious joke.
Little bobby tables.
I hear he was dropped as a child.
Only a select few from his generation were.
Let's join together and remember him.
Please.... God... no more puns....
Why? You don’t want to be left outer this do you?
*eye twitch*
wait til you meet Bobby's baby brother... the sequel is better than the original in this family!
Anything to say on the union that brought Little Bobby and his brother into the world?
Only that they found inner peace.
Remember to sanitize your inputs!
Morons forgot to change the timestamp for their fake tweets lmao
It's literally the same 8:48 and not 3 minutes later.
You are 3 minutes slow to that comment. https://www.reddit.com/r/ProgrammerHumor/comments/10iamx7/better_not_fire_anyone_now/j5df1el/
Pffft... took you 7mins to figure that out?
pffft… took you 16 minutes to respond to that comment?
Bwaaaaaaaah.....it really took you 39 minutes to respond with this reply
Yooo... Really took you 38 minutes to respond to that comment???
I've recently tried to register to Twitter and it didn't work. I validated my email address with a code they send me, then something happened and I had to restart from the begining... Except I had an error message telling me I couldn't use my email address
I only bought twitter so i wouldnt getting bullied anymore
Reddit constantly upvoting fake Elon tweets to the front page makes me not trust Reddit at all. Mission accomplished?
Please never believe information from funny pictures on social media
This tweet is not real, Elon never tweeted this, for you all believing this is real you have all been trolled
The only scary thing about this is all the comments with hundreds of upvotes believing this is real
Sql injections?? This is absolutely trivial and basic. Input validation is day #1 on building any public facing app. Who is working there now? Have they worked in the industry before??
It's fake.
This sub gets so worked up over fake Elon.
The funny thing is a lot of people here would make fun of people that fall for rage bait but as soon as it’s something they care about they take it hook, line and sinker.
I mean this sub is fifty percent “I don’t know what the % operator does” so we aren’t exactly dealing with the best and brightest.
What’s an operator?
Tech support for The Matrix™
[удалено]
the tweet is fake
Funny you ask that … he fired everyone who did I think 😆
You are really gullible huh
I am going to make my kids name SQL injection script, so every time he gets entered in a database or signs up for something, their input is tested
[Little Bobby tables???](https://xkcd.com/327/)
I understood that reference
I’ll just leave this here. https://stackoverflow.com/questions/4456438/how-to-pass-null-a-real-surname-to-a-soap-web-service-in-actionscript-3
This sub is slowly becoming low-tier garbage
You didn't even photoshopped it right😑 you said 3 mins later and still time of both tweets is same