The incredible thing is this is actually the result of an explicit design decision.

The compiler accepts most GCC flags. Unrecognized flags (e.g., architecture- specific -m flags, unknown -f flags) are silently ignored so ccc can serve as a drop-in GCC replacement in build systems.

They’re so committed to vibing that they’d prefer if the compiler just does random shit to make it easier to shove it haphazardly into a build pipeline.

Cryptography is hard and programmers are notoriously really really really bad at it.

I have never seen or heard of a single example of a study that would be unethical due to true findings being predictably harmful to people.

These studies are not examples because their methodology doesn’t hold up to the slightest scrutiny. They are not seeking the truth in any way.

maybe they were looking for extra special characters like 🁄 or ⶸ. Who am I kidding, RFC 1738 tells us that literally everything is unsafe and you know, we need to prepare for the inevitable occasion when the password somehow ends up inside an URL.

The characters “<” and “>” are unsafe because they are used as the delimiters around URLs in free text;
the quote mark (“”") is used to delimit URLs in some systems.
The character “#” is unsafe
The character “%” is unsafe

It ends up with

Thus, only alphanumerics, the special characters
$ - _ . + ! * ’ ( ) ,
are safe