hngopher.com

       [HN Gopher] Parsing Integers in C
       ___________________________________________________________________
        
       Parsing Integers in C
        
       Author : 8organicbits
       Score  : 31 points
       Date   : 2025-11-13 20:25 UTC (2 hours ago)
        
 (HTM) web link (daniel.haxx.se)
 (TXT) w3m dump (daniel.haxx.se)
        
       | johnisgood wrote:
       | Quick link to the code:
       | https://github.com/curl/curl/blob/3d42510118a9eba12a0d3cd4e2...
        
       | piker wrote:
       | "I think we in the curl project as well as more or less the
       | entire world has learned through the years that it is usually
       | better to be strict when parsing protocols and data, rather than
       | be lenient and try to accept many things and guess what it
       | otherwise maybe meant."
       | 
       | Found this explicit rejection of the Robustness principle[1]
       | fascinating. It comes after decades of cURL operating in the
       | environment that was an ostensible poster child for the benefits
       | of the principle--i.e., HTML over HTTP.
       | 
       | [1] https://en.wikipedia.org/wiki/Robustness_principle
        
         | jesse__ wrote:
         | The more experienced I get, the more I've started to think that
         | most of the 'principals', 'patterns' and 'best practices'
         | tossed around in the industry are mostly bullshit.
         | 
         | Be attentive to the classes of bugs you (and your team)
         | produce, and act accordingly to correct those.
        
         | DannyB2 wrote:
         | Being liberal in what you accept is fine, as long as what you
         | accept is precisely documented. But then, is that actually
         | "being liberal"?
         | 
         | Better advice is to not do something unexpected -- even if that
         | unexpected result is clearly documented, but someone did not
         | read it.
        
         | trollbridge wrote:
         | I disagree with the robustness principle. Be strict in what you
         | accept - require them to meet the spec.
        
         | Quekid5 wrote:
         | I think it's been a commonly held opinion in security circles
         | for at least 15+ years that the Robustness principle is
         | generally counterproductive to security. It (almost inevitably)
         | leads to unexpected interactions between different systems
         | which, ultimately, allow for Weird Machines to be constructed.
         | 
         | An argument can be made that it was instrumental in
         | bootstrapping the early Internet, but it's not really necessary
         | these days. People _should_ know what they 're doing 35+ years
         | on.
         | 
         | It is usually better to just state fully formally up front what
         | is acceptable and reject anything else out of hand. Of course
         | some stuff _does_ need dynamic checks, e.g. ACLs and such, but
         | that 's fine... rejecting "iffy" input before we get to that
         | stage doesn't interfere with that.
        
       ___________________________________________________________________
       (page generated 2025-11-13 23:01 UTC)