12 year old coding bug https://www.imperialviolet.org/2014/02/22/applebug.html

Jtarii · 2026-04-20T21:27:25 1776720445

Never understood that if statement style, it seems to only exist to create subtle bugs.

bch · 2026-04-21T02:14:01 1776737641

I think of it as BSD style, though of course it could be suggested/mandated elsewhere -

  [...]Use a space after keywords (if, while, for, return, switch). No braces are used for control statements with zero or only a single statement unless that statement is more than a single line, in which case they are permitted.[0]

As I look, GNU guide is less specific, but examples[1] show the same style.

The good thing is that -Wmisleading-indentation [2] (comes along with -Wall) catches this indentation error.

[0] https://man.openbsd.org/style - happens to be same for at least NetBSD.

[1] https://www.gnu.org/prep/standards/html_node/Syntactic-Conve...

[2] https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html

array_key_first · 2026-04-20T21:52:16 1776721936

It's slightly less lines of code which is nice. I'm someone who prefers terseness so I get it.

However, it's bad. I much prefer the rare, elusive, postfix if:

   goto fail if (condition);

It can create some very readable code when used right, with short and simple conditionals.

youngtaff · 2026-04-20T21:38:24 1776721104

iOS (and MacOS) now use Google’s BoringSSL instead and have for many years

dieortin · 2026-04-20T22:56:54 1776725814

Do they? Based on what I’ve seen with a quick search, this doesn’t seem to be true

gsnedders · 2026-04-21T00:12:58 1776730378

See e.g. https://developer.apple.com/documentation/network/creating-a... where the logging output makes it clear BoringSSL is what is used.

Or comments such as: https://github.com/apple-oss-distributions/Security/blob/rel...

Unsurprisingly, given BoringSSL doesn't have a stable API (yet alone ABI), it isn't exposed as a system library.

dieortin · 2026-04-21T21:57:11 1776808631

Seems like they use BoringSSL on their open source distributions, but their own library on their own platforms: https://forums.swift.org/t/native-implementations-and-boring...

gsnedders · 2026-04-23T01:15:50 1776906950

CryptoKit isn't relevant to `goto fail`, which was the origin of this thread, given CryptoKit merely implements primitives and not TLS.

If you really are doubting what gets used for TLS, open up Console.app, start streaming, run `nscurl https://example.com/` (or load it in Safari, etc.), and you'll see logging like:

    default com.apple.network boringssl 18:11:46.229209-0700 libboringssl.dylib nscurl boringssl_session_apply_protocol_options_for_transport_block_invoke(2360) [C1.1.1.1:2][0x1008cef10] TLS configured [server(0) min_version(0x0303) max_version(0x0304) name(redacted) tickets(false) false_start(false) enforce_ev(false) enforce_ats(false) ats_non_pfs_ciphersuite_allowed(false) cc_mode_enforced(false) ech(false) pqtls(true), pake(false)]

It really is boringssl which is nowadays used for TLS by the Network framework.

youngtaff · 2026-04-22T11:49:19 1776858559

iOS Safari definitely used BoringSSL last time I checked it with Frida