abadideaFeb 2, 2024

A few times I have told the anecdote that the singly most baffling thing I ever saw in a code review — not the most insecure, just the most “how could a real programmer have written this? how could this ever make sense?” thing — was simply a C++ variable “number_of_trucks” … declared as float. Unambiguously referring to real physical trucks in a fleet.

Reader, it’s been over ten years and I am blowing the gods damn whistle. I had edited that story to protect the guilty: the variable was named number_of_planes. It was shipped by a company whose name begins with “B” and rhymes with “GOING out of business.”

Show threadsotolfFeb 2, 2024
@0xabad1dea I'm just waiting for you to learn about javascript and lua :p
Show threadabadidea
@sotolf I am more aware than you could possibly imagine
Feb 2, 2024 at 7:54amWeb
Show threadDr. D'narFeb 2, 2024
@0xabad1dea oh no. Dare I ask?
Show threadabadideaFeb 2, 2024
@drdnar I’ve been a professional source code security reviewer since 2011, that’s all 😂 cursed all the way down