Ask HN: Things programmers should get rid of in 2017

17 points by zatkin ↗ HN

28 comments

[ 3.5 ms ] story [ 24.4 ms ] thread
Interesting question.

I would say - Password only ssh logins; Old / Vuln libs; non tests covered code; XSS and SQL Injection from all the code. - But this is really boring.

AI witch threatens to take over developers occupation - this is more interesting idea for future consideration.

But really I just want to see one thing to be destroyed - idea that creating new tools will solve all the issues (looking at you JS world) instead of improving existing ones or even real deep thinking about the problem beforehand. And then dropping it (new tool) after something new more shiner comes up.

> Password only ssh logins

Dear lord, this still happens? :)

Of course not. Your SSH key on a server lands there magically using quantum entanglement-based key distribution protocol.
This is a little funny, because I haven't spun up a new server in years with a password. They've all had my public keys from the get-go.
How often do you deploy servers? And how much of that is cloning[#] a prepared virtual machine?

I realize that there are ways to install an OS and preconfigure it at one go, but those need some non-trivial mechanics in place. Also, it is (was until quite recently) much easier to share a password between machines with LDAP than having the same with user keys.

Programmers tend to have quite skewed idea on what operates the production, as they rarely see the details.

[#] Cloning an already installed system is usually a stupid thing, unless you make sure that SSH host keys don't get shared (and several similar things).

> And how much of that is cloning[#] a prepared virtual machine?

Shouldn't this or using deployment scripts be "almost always?"

> much easier to share a password between machines with LDAP than having the same with user keys.

I think this is a different subject, no? I've never had to do this.

> Programmers tend to have quite skewed idea on what operates the production, as they rarely see the details.

I've worked as both a programmer and a sysadmin for large enterprises, so I've seen both sides!

> Cloning an already installed system is usually a stupid thing, unless you make sure that SSH host keys don't get shared (and several similar things).

No it isn't. It's fine to have a "base" image that you use to then run deployment scripts on, if done correctly. Way better than having to go through a 20+ step process of securing a new Linux or Windows box :)

>Dear lord, this still happens? :)

For what it's worth, every time I've seen this question asked here, the answer has been yes.

And unprotected keys while we're at it.
Their massive egos. It's you "I know algorithms and wouldn't touch a framework of any kind if kill me" boys and girls. Every second comment thread on this site ends like that.
Hahaha, I'm sorry? Maybe elaborate, I don't see this much!
Crazy long working hours. Work/life balance will make you a better human being... but it will also make you a better programmer (https://codewithoutrules.com/2016/11/10/work-life-balance-so...).
Would you suggest taking more time off, or working less hours for less pay?

I always hear that during an 8 hour day you only really work for 4-6 of those hours, but if I was able to work 4-6, and get to see more sunlight during my day I would! Although I would dislike being paid less.

Whoa whoa, why do we have to get paid less? Here in lies (one of) the problems with our industry. We should work 40 hours a week and be done with it. Seriously. In the United States we are (more often than not) paid as exempt employees. This has some interesting legal ramifications in that according to the Fair Labor Standards Act exempt workers professional knowledge workers essentially have no rights at all (under that Act. Other laws and standards at other levels may affect this in other jurisdictions).

Why is that? Well simple. We are Professional Knowledge Workers. In every place I have ever lived I have been on the correct side of the supply and demand curve. There has been a low supply and a very high demand for my particular type of professional knowledge work. The theory goes that if you are a professional knowledge worker you have the ability to move from one job to another with more ease that other classes of workers. Thus, we as professional knowledge workers don't need the level of labor protection that other classes of workers need. Not only that but my particular brand of professional knowledge work sure makes organizations a lot of money; far more than I take back in the form of pay.

So, why should I work a substantial amount of overtime in order to make them even more money faster and without any additional compensation? Good question, I don't. If my employers would like to try to guilt me into doing more, I don't let them. If my employer wants to threaten me, I threaten back. If I have a team (which I often have), I hold them to the same standard as me. It can be painful at first. Companies can get really touchy. But after they see the benefits they praise this way of working (Better, less buggy, more stable code. Higher engineer retention rates. More successful feature releases. To name a few benefits).

Have I had to put my money where my mouth is on this? Absolutely yes. Interestingly, I have never been fired or reprimanded for not working overtime. I have however walked out because I have gotten tired of being guilted, threatened, or harassed about it. It hasn't happen often, but it has happened.

Work 40 honest hours a week. Go home. Enjoy life. Let your brain relax. Stop being treated like a slave to the organization who pays you and start working like a highly sought after individual.

I agree. after working long hours to "save the day" for a startup I was at, my boss called me into his office to tell me to stop. If you give more, they will keep asking for more.

Since that conversation with him over 5 years ago, I work 40 hours a week with overtime when it makes sense. There is no need to push yourself. The company won't go under if you go home at 5.

I only mentioned being paid less because most companies (I assume) want their workers sitting for 8 hours - working or not.

At my current place I feel that (and I've been told) as long as you work you're able to work where/when/how ever you want. I ~do~ feel bad if I leave the office earlier than 5pm most days. Realistically myself and many others don't work the full 8 hours there's breaks of talking, bathroom, stretching, etc.

I've never been asked to work overtime, but if I have to get something done (hasn't happened yet) I'll work on it from my couch at home if it's not a huge deal.

I would be fine with working from the office a few days a week and working from home the other days of the week for only 6 hours a day, or maybe even less depending how I feel for the day. When I mention this to people outside of our industry they scoff and essentially say "well you get paid to work so work". While I understand I need to work to make a living it's inefficient most of the time. I'm not trying to be lazy it just hardly works out in anyone's best interest. I doubt I could bring this up to my current employer or future employer, and they would be OK with be working less hours per day for the same amount of pay.

Here, here.

There are essentially two forces at play that drive the current default work culture --

1) Fetishization of work itself -- which I happily stole from an article posted on HN some time ago.

2) Arbitrary deadlines -- these usually come from the business side ("suits") in collusion with one's superiors. Notice I said arbitrary. If the competition has rolled out a new feature that seems to have a payoff, then a crash program - pardon the pun - might have justification. But a lot of times deadlines are set by a manager's vacation calendar or horoscope, who knows?

1. As others said, don't work more than 40 hours a week (or find a job where that's the norm if you can't do that at current job).

2. Beyond that, depends what you want. I've traded shorter workweeks for less pay, but I've got enough experience that the base pay is pretty good. There's also consulting and other routes... I made full list in an excerpt from the book I'm working on: https://codewithoutrules.com/2016/09/16/sane-workweek/

I've seen a company where the most likely cause of death for engineers was a heart attack. There were two deaths in a short period (two months or so).

You could see it was a sensitive topic.

Javascript. Let it go back to what it's good at, basic web interactivity.
Half of HN would be unemployed in that case :-)
I got my password emailed to me in plain text the other day. So that's still a thing.
What app / site did that? Please do share.
Family Tree DNA did this at one point. Not only that but they took any password and converted it to uppercase. So aHa is the same as AHa and AHA, etc. I was less than ecstatic when I found that out
Building SPAs when they're not needed.
Over-architecting the software. Sometimes a simple problem can be solved with simple scripts.