837

cross-posted from: https://jlai.lu/post/6002282

He revealed the secrets !

you are viewing a single comment's thread
view the rest of the comments
[-] xmunk@sh.itjust.works 5 points 7 months ago

As someone who has written a DB handle... that shit is hard, I had to be extremely careful to protect against SQL injection. Everyone rolling their own is how we return to the Era of XSS and SQL Injection on every website. I'd prefer to have young devs use libraries and contribute as they gain knowledge.

[-] KindaABigDyl@programming.dev -3 points 7 months ago

that shit is hard, I had to be extremely careful to protect against SQL injection

People need to learn to be careful

[-] xmunk@sh.itjust.works 4 points 7 months ago

They do... but the road to naturally learning that lesson comes with the cost of enabling botnets and destroying businesses. Maybe there should be a qualification exam to be a developer but when there isn't we need to make sure more junior developers have the best tools they can get to fight against foot guns.

Also, on the topic of security, a lot of good senior level developers don't have the specialized knowledge to do shit like build a password validation system that isn't vulnerable to a timing attack or know what a timing attack is...

And timezones, fuck timezones, I've written code that correctly handled timezones (and subsequently threw it away when Canada decided to DST on a different weekend). Imagine how shitty it'd be if we constantly had to reinvent the wheel when it came to timezones.

Oh, and forget about databases... do you know how fucking hard it is to write an ACID compliant WAL? The reason postgres is the default open source database (and why so many databases are just layers built on top of postgres's engine) is because it's fucking hard. Mongo still (IIRC) has consistency issues, they were a tech darling for half a decade and can't manage to NoSQL as well as Postgres.

Also, good luck building a GUI with anything more complicated than curses style box art characters.

I started mildly disagreeing with you but I disagree even more that I've thought about other tools people would need to roll on their own.

[-] KindaABigDyl@programming.dev -1 points 7 months ago

a lot of good senior level developers don’t have the specialized knowledge to do shit like build a password validation system that isn’t vulnerable to a timing attack or know what a timing attack is

Please don't tell me that. It's terrifying

this post was submitted on 14 Apr 2024
837 points (97.3% liked)

Programmer Humor

19623 readers
1 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS