My understanding is that for the sake of simpler interfaces such as SMS, which they let hold the whole service back for a long long time, they had a "follow [username]" feature - and if the person had to approve follow requests, it would send one to them. To accept the request, you just sent "accept [username]" and the follow would happen. However, they never actually checked that a request had ever been sent before allowing you to accept it, allowing you to simply force anyone to follow you with a single tweet.
Next time you make a seemingly obvious mistake, don't feel too bad. Even Twitter did it.
I wrote a script to accept invitations to every group ID from 1 to 10000. It even added me to groups that didn't exist yet, presumably just adding my ID and the group ID to a table. So when someone created a group to rant about me being in all their groups, I was in it and, as the first member, an admin.
Facebook fixed the bug when I reported it and first kicked me out of my legitimate groups, then fixed that too, though they didn't pay bounties then.
but then, I've had my share of turrible bugs too, so i'm not here to poke fun.
Downvoters: most programming languages don’t silently convert strings (i.e., usernames) to array indices. Even Python doesn’t do this. While this particular bug probably wouldn’t be possible in most other languages, I’m only commenting because it’s rare and amusing to see bugs that are so language specific. I’m not making a generic “lol PHP” joke.
And it's certainly possible in Python to accidentally use a map as a list or vice versa, if the map has integer keys.
var arr = ["one", "two", "three"];
arr["2"] === "three"; // true
> Arrays cannot use strings as element indexes (as in an associative array) but must use integers. Setting or accessing via non-integers using bracket notation (or dot notation) will not set or retrieve an element from the array list itself, but will set or access a variable associated with that array's object property collection. The array's object properties and list of array elements are separate, and the array's traversal and mutation operations cannot be applied to these named properties.
First sentence, “An array in PHP is actually an ordered map.”
† btw, have you seen this? https://stackoverflow.com/questions/2473989/list-of-big-o-fo... pretty detailed investigation of big-O for PHP arrays
def __getitem__(self, x):
i = iter(Foo())
But interfaces are just one way to declare a type. The question is, did it convert it to a new type?
Well, what type was it before? If you want to talk about LSP, you're a bit stuck here since you can't prove anything about a method in python. (And here, we declared its type, and we said nothing about it being iterable or a sequence.) You have to run it because you don't know that a. Foo has __iter__ or __getitem__, b. that they accept the arguments you're going to pass, c. let alone that they're designed to, d. that the object won't simply delete them halfway through.
All that iter() is going to do is look for those methods and make assumptions that if you wrote __getitem__ that you meant it. At which point maybe LSP works, after all, you'll prove that it has that property by running the code and fixing it if it breaks.
But... python nevertheless will nevertheless construct this proxy to use your class based on inspection, which seems an awful lot like coercion to me.
: Quoth Wikipedia: Let 𝜙(𝑥) be a property provable about objects 𝑥 of type T. Then 𝜙(𝑦) should be true for objects 𝑦 of type S where S is a subtype of T.
>>> b'egg' + u'spam'
>>> True + 1
fizzbuzz = lambda n: [print((“fizz” * m % 3 == 0) + (“buzz” * m % 5 == 0) or m) for m in range(n)]
..it did get annoying after a while.
There most infamous “mistake”, at least as I see it, was neglecting to backup their database data. That was just unforgivable.
From the Fortune article “Let's remember why Jack Dorsey was fired as Twitter's CEO”
(credit: https://twitter.com/FakeUnicode/status/989868697660477440 )
It is possible to retweet-with-quote the tweets, but not to retweet directly or (as far as I can tell) to link to individual tweets directly.
EDIT: It is possible to link to individual tweets. Added links.
The user says (tweet_id 989794618467409920 - https://twitter.com/i/web/status/989794618467409920 ) that there are "many bugs" using the account in various clients.
tweet_id 829989674353573889 ( https://twitter.com/i/web/status/829989674353573889 ) may be my all-time favourite tweet. (A tweet by @, with name @, contents @)
Which seems reasonable to me. At-replies were not something that Twitter started with, but instead were community-driven with software support added later:
It's a good reminder that it's always easier to relax restrictions than to tighten them.
But then again, if Twitter early on were run by the sort of people who were inclined to lock down everything, it might not have evolved enough to be really useful to people. I hazily remember the Friendster guy getting really mad that people were creating accounts for non-human things that they loved, like cities and bars and companies. I think he went on a banning spree. Instead of saying, "Look how much people love my platform! Let me support them in their efforts."
I guess Google Plus and Friendster are good examples of how that mindset works out.
I remember having to merge multiple "person" Facebook accounts into a single "business" Facebook account for a client once business accounts became available.
It was extra hard not only because FB made the process cumbersome, but because everyone in the company seemed to have taken it upon themselves at some time in the past to create a person account for the business. Sales people, the owner, various marketing people no longer with the company, etc...
Friendster definitely doesn't have that problem, because despite being a pioneering social network, one that existed before MySpace or Facebook, it is now defunct.
Basic validation is something I've always pushed for even for MVPs as that often goes hand in hand with platform security (another thing I still push for in MVPs)
I achieved this by entering a greater than symbol (>) in the input field. Twitter presumably tried stripping any HTML tags, which resulted in an empty string. I'm not sure if this still works; they might have fixed that bug. Presumably something similar happened with the accounts that have empty @ handles.
I just tried it and got the following error:
> Name can't include 'invalid characters'
Note how it doesn’t define "invalid characters".
I guess Github does the same:
Reddit has the nice /u/... thing, but I suppose that is a bit awkward when saying URLs out loud.
One of the reasons why we created this database of huge disallowed usernames: https://github.com/dsignr/disallowed-usernames
This only worked if 'obar' or 'oobar' was unregistered, but it was a pretty nifty way to steal single word usernames, and speaks to some strange validation/truncation somewhere in the code.
I still don't quite get how this doesn't work. Why are they handling "NULL" as a special case? What's coercing "NULL" into null?
I.e., if the value looks like JSON, it will parse it and return the object tree, otherwise it will return the original value as a string?
This sounds like a horrible idea in general - I'd say the authors of this forgetting that certain english words by themselves are valid JSON is a nice cherry on top but hardly the worst problem caused by this.
Clicking on a link to a tweet has 1/20 chance of ever actually loading the tweet. All other occurrences are evenly split between loading nothing except the top bar and calling it a day, and throwing an error message. Reloading the directly or using the reload button they provide will usually result in the rate limiting message.
I don’t even bother clicking on twitter links anymore. I just hope it worked for someone else and they paste the contents in the comments.
Pinterest would be up there too. It's useless if you don't have an account on mobile and desktop.
Edit: Just tried it myself, might want to add a -site:pinterest.co.uk as well.
Really says a lot doesn’t it.
Nearly impossible to test properly (or was), breaks the whole html model, results in bugs just like this one.
And yes, rate limits.
Twitter came up with the ui framework "Bootstrap" long ago and it was a game changer for responsive frontend layouts.
I never did push it to the point of security exploitation.
There's another one, https://twitter.com/@home. It redirects back to Twitter's home page.
I discovered this while looking for "@home", which is a homeware store.
Also can't retweet them.
It used to be that once a week or longer I would find some amusing bug. But now it's not uncommon for that I encounter dozens of bugs daily on various popular services that are worth $millions or $billions, which is just obnoxious. Not only that, but usually the services have no way of filing a bug report or getting in touch with support.
It seems like internet giants are becoming too big for their britches, and also they're forcing each other into this insane cycle of "ship first, fix later" just to stay competitive.
What can we do about this, if anything?
I probably hit at least 24 bugs a day on my phone. Apps crashing. Back not working right. Apps popping up and disappearing. Unexpected latency causing wrong things to be clicked on. They're all just papercuts, but there are so many of them.