• mac@infosec.pub
    link
    fedilink
    arrow-up
    147
    arrow-down
    1
    ·
    8 months ago

    I thought it was poking fun at the tutorial saying instead of learning to code, import a library from someone who knows how to code.

    • lowleveldata@programming.dev
      link
      fedilink
      arrow-up
      43
      arrow-down
      2
      ·
      8 months ago

      That’s what libraries are for. I’m no security expert and the sensible thing to do is using a library instead of taking a class.

        • gears
          link
          fedilink
          arrow-up
          7
          ·
          8 months ago

          Jesus that was one hell of a thread

        • unique_hemp@discuss.tchncs.de
          link
          fedilink
          arrow-up
          4
          ·
          8 months ago

          Love the part where he claims that if your users are authenticated, it’s not untrusted input. I mean, surely you trust all of your users to run any code on your server, right?

        • Gabu@lemmy.ml
          link
          fedilink
          arrow-up
          3
          ·
          8 months ago

          Impressive and unsurprising. As soon as you start getting complex libraries with multiple dependencies it becomes nearly impossible to review everything. At one time I had an interest in contributing to some AI libraries, but they’re a mess as soon as you go looking for points of improvement.

    • billwashere@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      8 months ago

      Which is funny because when I first started my CS degree in the late 80s (get off my lawn) we used to make fun of the beginning Java classes because it seems 90% of coding was to import the right library.