Hacker News new | past | comments | ask | show | jobs | submit login

Perfect. Awesome bug. Awesome Post Mortem. This was just fun to read.

While this might have been caused by mistake - these types of bugs can be (and are) abused by hackers.

https://www.owasp.org/index.php/Regular_expression_Denial_of... https://en.wikipedia.org/wiki/ReDoS

The post also links to this video: https://vimeo.com/112065252




Well in this case a post contained 20K whitespaces, so I wouldn't jump to the conclusion that it was a mistake rather than intentional.


Yeah, I'm trying to figure out how you even get 20,000 spaces into a Stack Exchange post, and how it would render in your browser.


I can tell you how.

A shitty Belkin KVM in certain configurations can allow this to happen.

There's a bug which keeps generating chr(32) characters when you activate the keyboard shortcut (scroll lock twice), and try to switch to another machine.

It will keep pumping out those spaces on whatever fields was selected at the time, so if you take your time before you switch back, you are going to be in for a lot of fun.

Haven't read the link yet, but wanted to share this sooner than later.


On a related note: Is there any easy way to tell Vim when in insert mode not to accept extra spaces at the end of a line, except a single one?

I've got of course checks in place that warn about trailing spaces and my Git hooks outright refuse a commit with trailing spaces. But it would be nice to catch that at the insert level.

You know, it may be cat who's typing.


Not exactly at insert mode, but this may be helpful:

    autocmd BufWritePre * :%s/\s\+$//e
Before you save a file, it removes all trailing whitespace (ironically using the same regex as in the article -- hasn't given me trouble yet though)


Nice find! Another one I heard about was that Microsoft's Windows keyboards, when used on a Mac, will sometimes insert a Control-P into the middle of your typing if you press the Windows key. Most apps just ignore it, but apparently not all!


Bottle of tequila on the spacebar


A bottle of Tres Commas?


Eh, just type a single space.

Then copy the entire post and paste it a couple dozen times.


Only 35 keystrokes are required to get 20K+ spaces.[1]

[1] https://stackoverflow.com/questions/4606984/maximum-number-o...


I'm thinking perhaps you didn't get the Silicon Valley reference?


Never got around to pirating it. My bad.


Welcome to Reddit News.


I don't read anything programming-related on Reddit anymore, but are they also now too cool to watch TV?


It was in a multiline code block, so it just had a tonne of horizontal scroll.

See the edit: http://stackoverflow.com/revisions/38484433/2


If he had used tabs instead of spaces this wouldn't have been a problem.


Or at the very least, trim whitespace on save :)


Still hasn't killed as many characters as GRRM


Good find! Where did you see this? Or was it in the comments via Nick Craver?


The article said:

    > The malformed post contained roughly 20,000 consecutive
    > characters of whitespace on a comment line that started
    > with -- play happy sound for player to enjoy. For us,
    > the sound was not happy.
So I just searched:

    https://www.google.co.uk/search?q="play+happy+sound+for+player+to+enjoy"+site%3Astackoverflow.com


"deleted 20507 characters in body"

Hahaha


Cat laying its head on the spacebar.

Mine does that on the Control key all the time.


At least it wasn't a squirrel... http://www.citylab.com/design/2016/01/map-squirrel-cyberatta...


Browsers typically collapse whitespace, so it probably would render as a single space.


I frequently complete eBay feedback 'comments' fields[0] with a variety of Unicode spaces and Firefox at least doesn't seem to collapse them.

[0] eBay insists on something being entered and when it was a routine transaction with a vendor I seldom have anything useful to say.


Not sure if you're a frequent eBayer, but the common behavior in that community is just "A+++++++++" with some arbitrary number of "+" indicating that everything went fine.


He's no doubt observed that and is using whitespace to rail against the ridiculousness of that convention.


was in code tags, so had a very long horizontal scroll bar :P


Not in a pre....


I wouldn't jump to any conclusion ;)

But I do know that tools often make it easy for people do incredibly stupid things by accident. Like the 'sudo remove file' command followed by '-rf' in the wrong place. I rimraf a lot; it's very useful. It's a miracle I haven't wiped out any computers doing so...


I think it'd be possible to inject this kind of thing into your code if you're just starting out with vim, aren't cognisant of all commands you invoke, and then copy/paste all code straight into a browser.


Yeah, I agree, when starting out with VIM, my spacing and tab usage was inconsistent at best.


Have to agree. I read a Post Incident Review like this and I'm like "Yep, totally see how that could happen. Thanks for solving it and thanks for letting me know why it happened".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: