Love the part where he claims that if your users are authenticated, it’s not untrusted input. I mean, surely you trust all of your users to run any code on your server, right?
Impressive and unsurprising. As soon as you start getting complex libraries with multiple dependencies it becomes nearly impossible to review everything. At one time I had an interest in contributing to some AI libraries, but they’re a mess as soon as you go looking for points of improvement.
Which is funny because when I first started my CS degree in the late 80s (get off my lawn) we used to make fun of the beginning Java classes because it seems 90% of coding was to import the right library.
It’s funny how solvable that problem is now. I remember seeing that comic, I think over a decade ago now, and thinking about how true it was. It really shows you have far we’ve come in CS.
It’s kind of funny because it looks like it is nonsense dreamt up by a non-programmer. But it actually works.
I thought it was poking fun at the tutorial saying instead of learning to code, import a library from someone who knows how to code.
That’s what libraries are for. I’m no security expert and the sensible thing to do is using a library instead of taking a class.
Counterpoint: “not knowing your libraries” + “blind trust in the maintainer” will give you stuff like this: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in
(the thread itself is worth a read. But also very impressive is the list of big players who fell for exactly this mentality)
Jesus that was one hell of a thread
I dont want to see the words “low quality tooling” ever again.
Love the part where he claims that if your users are authenticated, it’s not untrusted input. I mean, surely you trust all of your users to run any code on your server, right?
Impressive and unsurprising. As soon as you start getting complex libraries with multiple dependencies it becomes nearly impossible to review everything. At one time I had an interest in contributing to some AI libraries, but they’re a mess as soon as you go looking for points of improvement.
Works as well.
Which is funny because when I first started my CS degree in the late 80s (get off my lawn) we used to make fun of the beginning Java classes because it seems 90% of coding was to import the right library.
That is a large part of coding
It’s basically import antigravity
Time travel is a prerequisite but don’t worry, you can just
from __future__ import antigravityFuture libraries still makes me laugh.
It’s literally this comic, five years and a research team later.
It’s funny how solvable that problem is now. I remember seeing that comic, I think over a decade ago now, and thinking about how true it was. It really shows you have far we’ve come in CS.
More like all the research teams.
And 10 years
This made me smile.
From the hovertext: “I wrote 20 short programs in Python yesterday. It was wonderful. Perl, I’m leaving you.”
After years of a dozen other languages, I finally tried Perl the other day.
Never again, if I can help it.
from Lemmy import Upvote from Fediverse import Posts from ActivityPub import Submit target_post = 'https://lemmy.ca/post/18691085' num_votes = 8 post = Posts.open(target_post) package = Upvote(post, num_votes) package.Submit(target_post)or something
Good because I was confused. I’ve written similar code