That’s what libraries are for. I’m no security expert and the sensible thing to do is using a library instead of taking a class.

@bort@sopuli.xyz
link
fedilink
25
edit-2
7M

I’m no security expert and the sensible thing to do is using a library instead of taking a class.

Counterpoint: “not knowing your libraries” + “blind trust in the maintainer” will give you stuff like this: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in

(the thread itself is worth a read. But also very impressive is the list of big players who fell for exactly this mentality)

Jesus that was one hell of a thread

I dont want to see the words “low quality tooling” ever again.

Impressive and unsurprising. As soon as you start getting complex libraries with multiple dependencies it becomes nearly impossible to review everything. At one time I had an interest in contributing to some AI libraries, but they’re a mess as soon as you go looking for points of improvement.

Love the part where he claims that if your users are authenticated, it’s not untrusted input. I mean, surely you trust all of your users to run any code on your server, right?

Create a post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.
  • 1 user online
  • 77 users / day
  • 211 users / week
  • 413 users / month
  • 2.92K users / 6 months
  • 1 subscriber
  • 1.53K Posts
  • 33.8K Comments
  • Modlog