32 comments

[ 5.3 ms ] story [ 74.6 ms ] thread
The issues are absolutely hilarious
The issues are reddit...
This is fun and all, but if the message that this tries to pass along is "don't bother with proper security because it's very hard/impossible, do your best and ship, you can always fix your code", than that's bullshit. Secure coding is possible and is our responsability when we are writing code that others are meant to use somehow, and if most of the devs lack the formation in secure coding and if many companies don't ensure the code is secure to some standards, then that's not a law of the nature but instead our own sloppiness and laziness as an industry. Lucky we are that the world does not know yet how to hold us to a high enough standard.
There is no message, only your imagination.
It's a nice thing to have though...
‘The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it.’

—Robert H. Morris Sr.

Due to Spectre and generally feeling negative about my interaction with the Internet, I was thinking about taking every account I have online in order and trying to figure out how to do without it.

However, the fact is, I feel safer not relying on monthly statements for things these days, because I want to identify any shenanigans in a timely fashion.

Even people I know in their 70s transitioned to the computer/smartphone age long ago.

(comment deleted)
>Lucky we are that the world does not know yet how to hold us to a high enough standard.

I'm not sure what you mean, could you elaborate? Wouldn't it be a good thing if the world held us to a higher standard?

It would certainly be a good thing, what I meant was that programmers currently are able to be lazy because very few people are able to judge the quality of their work.
The message I understand is: less code, less bugs, less problems, better to maintain. But it is already my way of thinking.

Essentially, keep it simple. And only write code that you need.

alternatively; why write code when your software company can grow on hype alone?
I somewhat disagree, the author is perfectly aware that putting this code out can cause security issues and is willing to accept patch when necessary. For example 9 hours ago he added support for windows in responses to reported issues. Please take time to read contributing rules before complaining about a totally legit FOSS project:

All changes are welcome as long as no code is involved. If you run into any bugs, please file an issue and explain how that was even possible.

So I kindly invite you to discuss this issue directly with the author through GitHub issues manager as he had invited you.

... and the best way to discuss it is to not post any comment at all.
No code of conduct?
The best part is the cost! It costs nothing to host and runs basically everywhere.
Sure it's free, but it can still be difficult to implement at scale in large companies. There's probably a market opportunity for a consulting service to help companies implement nocode frameworks. (/sarcasm ;)
Humor aside, this makes an important point: Each unit of code is a liability, so we had better make sure it is providing value.
One of my favorite phrases is "your best code is the code you don't write."

Loving this.

5 days later and this project has more than 1,000 stars. This is not funny anymore.
... and a couple of hours later it has 12,000 stars. It's funny again.