ProgrammerHumor
devMindGames
Discussion
Wait, people think we comb through random form submissions? If it doesn’t light something on fire in production, I’m not touching it. Take prod down, and maybe the council will acknowledge your presence.
Got a URL for me?
Google.com
bro gave the boss fight
Must already be broken... none of the search results were actually relevant; it's just a load of spammy nonsense
chatgpt.com
http://localhost:3000
I don't think I should put that into my searchbar but still want to
I once worked on an upload form where people could upload text files, but text files don't tell you about the encoding.
Just taking the text as is and putting it into the database lead to encoding issues so we had to manually encode it to be the same encoding as the database.
We implemented automatic encoding detection by simply trying to parse it as UTF8 or UTF16 and checking if it contained illegal characters.
Inputting illegal characters directly would probably lead to parsing issues so this would have showed up in our error logs.
Just taking the text as is and putting it into the database lead to encoding issues
Not knowledgeable about databases, just curious, why? It's not treated as a blob of bytes?
DBs can store as BLOB, but at one point you have to decode it, so why not at write
Thanks for the explanation. Personally I would probably store it unchanged because decode methods can evolve, but yeah it's one design decision among many.
Little Bobby tables enters chat. AppSec team sobbing in the corner
Yeah bro it’s impossible to store plain text in a database
Several different teams would retrieve that data.
So instead of having to let them do the decoding themselves and potentially breaking things as they might all use different ways it was much easier to just store it correctly.
Otherwise the python data analysis team, the java backend server team or the any potential new ones would have to reinvent the wheel of correctly de/en-coding it themselves.
Wait, when your app has users and they see that in a client form, they do not think there’s a bug ? They don’t report it ?
Yeah right. Until the BI analyst comes to you complaining about your shitty data.
I’ve come across things like this accidentally before if i’m writing a quick splunk query, or sometimes on dashboards that count logs based on message type.
The one time I was able to track it down it was a actually an encoding error, but in our log ingestion pipeline 🫠
Wait, you think this is just some random guy and not one of the most influential Ruby (and Rails) developers?
I don't want to make too much of it since it's clearly a joke, but I think Patterson knows what he's talking about.
I have clients that comb through shit like that or some other tedious thing sometimes. They will always inevitably find something that, while there is definitely an explanation behind it, the explanation is not immediately at hand by me (or anyone), and because of that they then proclaim that means the sky is falling. While it usually gets worked out, I'm always amazed at how panicked they are. Their jobs must suck balls if they're truly that on edge over nothing, but it's also fairly obvious that it's an "issue" being propped up as a mechanism to complain and then potentially get free work. Long story long, in those moments, I'm always so tempted to just be like WEIRD SHIT HAPPENS CHILL THE FUCK OUT.
I dream of working somewhere where the highlighter girly putting in tickets about strange symbols in form submissions doesn't somehow make it up the chain to a critical issue.
[removed]
Before leaving my project I created a user called [Object Object] in the test environment. You don’t sign up, it uses your name. I am wondering if it’s going to lead to some confusion.
Thinking of changing my name legally to Null.
There are people with the surname Null.
They can't get passports, driving licences, etc.
There's also someone who got the licence plate "null", and kept getting fines for speeding, parking, etc. because the system would use "null" if no plate details were included in reports.
That seems like an easy way to speed for a few months then have the tickets thrown out when they fix it.
Or getting 500 parking tickets in your name
That actually seems accurate for me. But its because I was in a legal battle with the council and purposely getting them because their stupidly written by-laws meant they could scare people into paying but not actually enforce them.
If i remember right, the company contracted for the tickets would send him the original tickets. Then, once they found that he drives a different car, they'd illegally change the vehicle description on the tickets and then resend them. Basically, if he didnt keep the original paper ticket, he'd have no record of it
If no licence plate was included in the reports how would they get the fine
When no licence plate information was included, the value was set as "null".
When the "null" licence plate was assigned to the owner, all of the reports missing a licence plate (where the plate field contained "null") were assigned to the newly created "null" licence plate and therefore the owner of the plate.
I may be a stupid ass Powershell guy but the string "null" is not equal to $null. How would they get the fine?
Again, I'm a dumbass so someone please teach me
Different languages treat null differently.
Or maybe in this case, inputs weren't sanitised properly.
Because if they didnt enter a plate in the report it would fallback to 'null' which now matched his plate
Wasn't there a guy named Dell Null?
I like my user name to be “OR 1=1–“
I did that in an online uni exam and they sent out an email the next day saying there was something wrong with one of the questions so marks were being ignored for it 🤭
Truly the silent killer of front-end sanity. A classic.
You are evil!
I use that as my pronoun settings in Microsoft Teams.
There’s that lady called Jennifer Null who’s had IT issues her entire life
My favourite Unicode character is U+200B , the zero width space. You can imperceptibly smuggle the characters inside any string.
won't .trim() just remove that? or a string replace /\s/ regex?
Bold of you to assume people run regex replacements on any input.
true, I only do that when reading from the db
Most people are just passing it through whatever sanitisation and trimming functions provided by the language or framework which will od this.
That is the first I do to clean databases. I'm not even knowledgeable, I just work with social science.
Yourregexewouldremoveanywhitespacesinastring.
obviously you'd do this to both ends of the input only
But the fun is in putting that character inside and inbetween random words, not just the beginning and end of the text.
I'll let them have their fun
That's nice of you :)
Probably depends on the language, I know in some languages it is not removed with trim because it is not considered a standard whitespace character. I know C# does not remove it with Trim and I don't think Javascript does either
I also quite enjoy to place U+2800 in random places.
⠀
You know I bet you could make a script that runs in the background that just constantly spams that character and nobody would ever notice except that nothing that relies on string matching would fucking work anymore. This is far more evil than the greek question mark replacement.
That character cost two developers a day at work when my colleague had copy-pasted an endpoint name from an API documentation into a string in our code, and it for whatever reason contained that zero width space character.
And thus the call failed but everything looked right when inspecting the variables and string literals. Finally, I got a bit suspicious that something like this could be in some of the strings so I copy-pasted the piece of code into Notepad++, enabled Show All Characters, and there the culprit was now in plain sight.
You're delusional if you think I look at data in prod every time a form gets submitted
someone will need to look at that form, so they might file a bug
I even know the title of the bug: "Form isn't working"
And here is the user submitted bug description, “Form isn’t working for me”
What?
At worst, when he is in the screen where his data is shown, he can screenshot that and make a report there
Well it can still cause issues. And if the thing crashes they will look at the recent logs
hey calm down
I forget, what character causes the second one? Swear I've seen it 100 times in subtitles. Guessing it's UTF8 rendered as ASCII
I strongly suspect it's a GBP ’ symbol.
I meant a ’.
Hey Siri, how do I type ’?
Damn.
You alright bud?
Probably not. 😂
It's UTF-8's ’ being read as something as Windows-1252 (as each of those characters aren't in the standard ASCII set)
’
Nah, i don't care. I just nuke that account and move on
This is the way.
Being actively malicious gets a paddling
My birthday is always 01/01/1970
Good to know
mom said its my turn to repost this
It's just as fun as adding fake HTML encoding issues
I'm being tasked with writing a full suite of Chaos tests for the APIs at my company. Lots of ideas for tests cases to add in this thread. Thanks, folks!
https://paulbutler.org/2025/smuggling-arbitrary-data-through-an-emoji/
Also there's the right-to-left override character.
https://www.fileformat.info/info/unicode/char/202e/index.htm
WHAT THE FUCK
This is evil. I love it.
notably RLO shenanigans were used to hack LinusTechTips, and others.
basically if you send file[RLO]fdp.exe by email it appears like fileexe.pdf
say you had a made-up company called flexe or something, you can send over a file called flexe.pdf for them to open up, pretty devious.
Don't forget mixed RTL text from different languages.
Thanks! That's actually diabolical
Just add ^M at the end of every input
Same. I once spent hours wondering why my code wasn’t matching anything—turns out the “empty” strings were full of invisible betrayal. Who uses zero-width anything as a separator? That’s not clever, that’s dark magic.
added some items called java.lang.NullPointerException on staging... my colleagues did not like it.
Evil. Too evil. You must be stopped
I put 'undefined' in my responses.
Posting 10year old tweets, huh?
I did this. There was an event where we registered with team names. First year we had some unicode characters in the team name and everywhere at the event they were rendered differently. So next year I did it intentionally and got part of the team name from /dev/random. However they had fixed whatever bugs they had so now it was rendered the same everywhere.
This is purpusfully causing time and financial damage, just because. Just think about it a little more maturely and you realize how sad this is. It’s really not funny, it’s like going to a doctor with an MRI scan and drawing in stuff that looks like cancer, but with a pen. Of course the medicinal stuff is much more important, but it’s just very petty, cringe and damaging. It’s a character flaw. These kinds of people will absolutely do similar things in other life situations.
Exactly. The worst part is that this specifically messes with software written to be able to accept multilingual text input, since it's so easy to sanitize monolingual English input with a whitelist and simply throw away characters like the ones used in the post.
You can't do that if you have to be able to accept exotic characters such as those that are used in many non-English languages.
So congratulations to the guy in the post for making it harder for software devs to internationalize software correctly thus making it harder, for example, for people from foreign backgrounds to be able to write their names correctly and otherwise use online apps! You've done your part to make life a little bit worse for everyone who isn't English speaking.
[object Object]
is another good one
This is Posted once every month. This is Repost bro.
The link from same sub 8 years ago. Posted multiple times and deleted by mods.
Bold of you to assume filters won't just auto flag it as spam.
Nah, we just assume it’s from your end
He has a Dev I'll Will.
Good luck receiving that jira when you’re the 15th person assigned and 14 other people could not figure this out.
NULL
No need to be that creative. I broke by bank's app by putting an UTF-8 emoji on the account name.
I once lost my shit at a developer who fixed a data corruption issue by simply filtering those fields out. Would have worked for this, but for us it was random valid characters instead of a person's name.
Took 3 people to explain why it wasn't a solution.
There are 2 reasons why a dev or data scientist would care about this: 1) Your submission, specifically, is important. 2) There is statistical significance in the amount of entries with these characters, which wouldn't be the case for someone doing this as a joke.
Otherwise it will probably be either ignored or sanitized.
Monster
Posting 10year old tweets, huh?
Posting 10year old tweets, huh?
It's aerobatics to cause panic among developers with just one symbol.
Apr 20, 2016
bro how can you still have unicode bugs on modern apps in this day and age
Some people just wanna see code burn
Adding [Object] after my username to flashbang the QA tester
Nope. evil. Straight to hell. Nope.
The submission wouldn't raise an error so we wouldn't gaf.
Sometimes when I’m pissed off at the help docs I search a discouraging phrase in their site search. Marketers look at that shit lol
Nah, I'm just gonna assume it's something on the user's end. Problem solved.
I just like to slap on a good old </body> in random HTML forms
🤔But sometimes they do have 🙃 bugs.
I guess Satan really does exist after all
This is sick 😈
Every dev's nightmare wrapped up in a tweet. 😂 Just wait till they start dropping emojis and SQL injections into the mix. RIP clean data! 🤯
OK gpt
Your submission was removed for the following reason:
Rule 2: Content that is part of top of all time, reached trending in the past 2 months, or has recently been posted, is considered a repost and will be removed.
If you disagree with this removal, you can appeal by sending us a modmail.