Max Levchin’s Shamir Secret Sharing story
this is amazing. “This is the story of a catastrophic software bug I briefly introduced into the PayPal codebase that almost cost us the company (or so it seemed, in the moment.)” tl;dr: UNIX libc API standardisation failure bites again — the getpass() API had differing behaviour between Linux and Solaris, where SysV compatibility caused passwords to be truncated after 8 bytes. horrific
(tags: via:hn paypal security getpass libc system-v unix linux solaris bugs war-stories)