this post was submitted on 03 Apr 2024
427 points (89.2% liked)

Programmer Humor

32453 readers
713 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 89 points 7 months ago (28 children)

How is this funny? 8 Upvotes at current writing???

[–] [email protected] 164 points 7 months ago (21 children)

It's kind of funny because it looks like it is nonsense dreamt up by a non-programmer. But it actually works.

[–] [email protected] 147 points 7 months ago (4 children)

I thought it was poking fun at the tutorial saying instead of learning to code, import a library from someone who knows how to code.

[–] [email protected] 41 points 7 months ago (1 children)

That's what libraries are for. I'm no security expert and the sensible thing to do is using a library instead of taking a class.

[–] [email protected] 25 points 7 months ago* (last edited 7 months ago) (3 children)

I’m no security expert and the sensible thing to do is using a library instead of taking a class.

Counterpoint: "not knowing your libraries" + "blind trust in the maintainer" will give you stuff like this: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in

(the thread itself is worth a read. But also very impressive is the list of big players who fell for exactly this mentality)

[–] [email protected] 7 points 7 months ago (1 children)

Jesus that was one hell of a thread

[–] [email protected] 3 points 7 months ago

I dont want to see the words "low quality tooling" ever again.

[–] [email protected] 4 points 7 months ago

Love the part where he claims that if your users are authenticated, it's not untrusted input. I mean, surely you trust all of your users to run any code on your server, right?

[–] [email protected] 3 points 7 months ago

Impressive and unsurprising. As soon as you start getting complex libraries with multiple dependencies it becomes nearly impossible to review everything. At one time I had an interest in contributing to some AI libraries, but they're a mess as soon as you go looking for points of improvement.

[–] [email protected] 24 points 7 months ago

Works as well.

[–] [email protected] 7 points 7 months ago

Which is funny because when I first started my CS degree in the late 80s (get off my lawn) we used to make fun of the beginning Java classes because it seems 90% of coding was to import the right library.

[–] [email protected] 5 points 7 months ago

That is a large part of coding

load more comments (16 replies)
load more comments (22 replies)