Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nicoburns 4 days ago

You are however replying to thread where a Dropbox engineer calls it "a right of passage" to introduce such bugs to their codebase. Which suggests that it is by no means unheard of for these problems to crop up in real-world code.

tptacek 4 days ago | parent | next [-]

Again: introducing surprising correctness bugs? Crashing programs? Absolutely. I don't know how many different ways I can say that my concern here is the misuse of a security term of art. Dropbox engineers do not have as a rite of passage introducing or finding RCE vulnerabilities in Go code. Would that it were so! My job would be much more interesting.

zozbot234 4 days ago | parent [-]

> correctness bugs? Crashing programs? Absolutely.

Denial of service can absolutely be a security issue, as can any correctness bug if it leads to unintended behavior or corrupted data.

tptacek 4 days ago | parent [-]

If that's where we're at, where unhandled exceptions are the security issues we're hanging on, I'll consider my argument won.

zozbot234 4 days ago | parent [-]

That might be a reasonable argument if you were guaranteed an unhandled exception in this instance. Unfortunately that's not the case.

tptacek 4 days ago | parent [-]

If you could demonstrate something better than that, we wouldn't be arguing about the severity of DOS attacks.

samus 4 days ago | parent | prev | next [-]

Doesn't Dropbox write a lot of Python extensions in C for speedup?

pclmulqdq 4 days ago | parent [-]

Excuse me, but in this thread we are bashing go, not making logical arguments.

ioasuncvinvaer 4 days ago | parent [-]

What is the argument?

pclmulqdq 4 days ago | parent [-]

That Dropbox is very happy with unsafe languages despite the top-level comment.

blub 4 days ago | parent | prev [-]

Many FAANG & co engineers are overrated. If every new hire is introducing concurrency bugs in a Golang codebase, refactor, do better review and maybe use concurrency questions instead of leetcode.

I’ll take tptacek’s word over most FAANG type on such topics if we’re doing appeals to authority. The guy is very practical, unlike the Rust community which is incredibly focused on theoretical correctness instead of real-world experiences.