One does not simply
telnet into Mordor.

One ssh-es in,
using an exploit in a compression library,
shipped to them by their trusted distro in a supply chain attack.

A classic bug for a leap day: At work, colleagues discovered and fixed a bug in a lesser used tool that only occurs on February 29th. It did trip up the tests, so no one got to merge until it got identified and resolved.

The source file in question hadn't been touched in over 4 years. Last leap year, the 29th was on a Saturday, so likely no one noticed.

What was annoying is that the logic had been clearly written with the intent of handling leap years. A leap year check condition was present, validated only on a February > 28th, but had to get inverted.

You may wonder why we wouldn't have used the languages' standard library date functions to validate the date - unfortunately the language in question doesn't have such a sophisticated standard library (language omitted to protect the innocent).

Best #37C3 quote so far:

[...] to observe the international compressor holiday [...]

Context: Newag's train "DRM"

Congratulations to Sergio Benitez on releasing rocket.rs 0.5.0! Thank you for this great framework. 👏

I got to follow rocket's journey to async and stable #rust with the PrivateBin directory service. Coming from Python flask apps, it is really easy to pick up and get going with your webservice, offering static & templated content, easy to create web forms and JSON APIs.

Thanks to rust's strict type system I could focus on the logic and didn't have to waste time double checking and casting data received by clients. If my API accepts an integer in a certain parameter, Rocket will ensure I only receive valid requests in my logic.