Parsing Integers in C

https://daniel.haxx.se/blog/2025/11/13/parsing-integers-in-c/

30•8organicbits•2h ago

Comments

johnisgood•1h ago

Quick link to the code: https://github.com/curl/curl/blob/3d42510118a9eba12a0d3cd4e2...

piker•1h ago

"I think we in the curl project as well as more or less the entire world has learned through the years that it is usually better to be strict when parsing protocols and data, rather than be lenient and try to accept many things and guess what it otherwise maybe meant."

Found this explicit rejection of the Robustness principle[1] fascinating. It comes after decades of cURL operating in the environment that was an ostensible poster child for the benefits of the principle--i.e., HTML over HTTP.

[1] https://en.wikipedia.org/wiki/Robustness_principle

jesse__•53m ago

The more experienced I get, the more I've started to think that most of the 'principals', 'patterns' and 'best practices' tossed around in the industry are mostly bullshit.

Be attentive to the classes of bugs you (and your team) produce, and act accordingly to correct those.

DannyB2•40m ago

Being liberal in what you accept is fine, as long as what you accept is precisely documented. But then, is that actually "being liberal"?

Better advice is to not do something unexpected -- even if that unexpected result is clearly documented, but someone did not read it.

trollbridge•37m ago

I disagree with the robustness principle. Be strict in what you accept - require them to meet the spec.

Quekid5•9m ago

I think it's been a commonly held opinion in security circles for at least 15+ years that the Robustness principle is generally counterproductive to security. It (almost inevitably) leads to unexpected interactions between different systems which, ultimately, allow for Weird Machines to be constructed.

An argument can be made that it was instrumental in bootstrapping the early Internet, but it's not really necessary these days. People should know what they're doing 35+ years on.

It is usually better to just state fully formally up front what is acceptable and reject anything else out of hand. Of course some stuff does need dynamic checks, e.g. ACLs and such, but that's fine... rejecting "iffy" input before we get to that stage doesn't interfere with that.

Nano Banana can be prompt engineered for nuanced AI image generation

Rust in Android: move fast and fix things

Guests ejected mid-stay from bankrupt hotel chain Sonder

Zed is our office

OpenMANET Wi-Fi HaLow open-source project for Raspberry Pi–based MANET radios

Launch HN: Tweeks (YC W25) – Browser extension to deshittify the web

Checkout.com hacked, refuses ransom payment, donates to security labs

Disrupting the first reported AI-orchestrated cyber espionage campaign

Piramidal (YC W24) Hiring: Front End Engineer

GitHub Partial Outage

Show HN: DBOS Java – Postgres-Backed Durable Workflows

Blue Origin lands New Glenn rocket booster on second try

SlopStop: Community-driven AI slop detection in Kagi Search

SIMA 2: An agent that plays, reasons, and learns with you in virtual 3D worlds

Think in math, write in code

Blender Lab

Disrupting the first reported AI-orchestrated cyber espionage campaign [pdf]

Remind: A sophisticated calendar and alarm program

The Useful Personal Computer

The Eggstraordinary Fortress

Denx (a.k.a. U-Boot) Retires

Heartbeats in Distributed Systems

Why do we need dithering?

IBM Patented Euler's 200 Year Old Math Technique for 'AI Interpretability'

How To Build A Smartwatch: Software

We cut our Mongo DB costs by 90% by moving to Hetzner

Human Fovea Detector

The Grand Egyptian Museum's Astonishing Arrival

Android developer verification: Early access starts

Steam Machine