[implicit]

I remember that. One of the crypto libraries was implemented by using unsafePerformIO to access a global handle to /dev/urandom rather than accepting another parameter.

For what it's worth, this bug was an outlier. The pitfalls of unsafePerformIO are relatively well-known.

For contrast, there a bug in PHP's opcode cache that causes memory corruption in our setup. The best we've managed to do to deal with that by patching PHP to bump the refcount of some object to a billion. The failure condition is sufficiently obscure that it took us multiple man-months to figure that much out.