- Nov 1, 2018
- 47
How cut-and-pasted programming is putting the internet and society at risk
- Thread starter numike
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Apr 9, 2020
- 656
"if you’re going to re-use someone else’s wheel, shouldn’t you check that it’s reliable first?"
The person stating this has clearly never done software development. But sure, just read through 200 000 lines of code before you are allowed to use logging. And of course you also have to have the IT security knowledge to do that.
Imagine you require from ever person before using any device, be it TV, fridge, bicycle, laptop, car, ... that they also know how it was built, how it looks from the inside and whether it is safe to use. That's about the same amount of work and time. We would still be living in trees.
From the title I expected a warning about not using StackOverflow or tutorial code just as is, because those are often example codes without any safety checks. But calling library usage "cut-and-pasted programming" (sic) seems pretty odd.
The person stating this has clearly never done software development. But sure, just read through 200 000 lines of code before you are allowed to use logging. And of course you also have to have the IT security knowledge to do that.
Imagine you require from ever person before using any device, be it TV, fridge, bicycle, laptop, car, ... that they also know how it was built, how it looks from the inside and whether it is safe to use. That's about the same amount of work and time. We would still be living in trees.
From the title I expected a warning about not using StackOverflow or tutorial code just as is, because those are often example codes without any safety checks. But calling library usage "cut-and-pasted programming" (sic) seems pretty odd.
You looking at it the wrong way, you not using the bicycle you building it, and if you just copy others without understanding what you doing, you get a mediocre product. If you copy pasting over 200k lines of code, you doing something wrong.
I agree with the article, we cursed with lazy and mediocre developers that copy paste others code, and there's lots of drawbacks including performance costs (not only security). Lots of outdated code online that don't take into account newer standards (not to mention you could be copying the wrong solution for your problem).
I rather take months to write my code from scratch, with all the ups of downs of debugging, rather than copying someone elses dirty code (unfortunally this is not possible for everyone, due to lack of knownledge and time constrains).
As for the context of the article itself, Java Libraries having exploits is not news to anyone, and that particular game Minecraft, is dirty code from top to bottom.
Last edited:
- Apr 9, 2020
- 656
If I have to build a bicycle before I can use it, that is even worse.
Using a library is not the same as copy and pasting.
The people who think they have the knowledge to build everything from scratch are the same that program their own encryption algorithms and build in errors because they are simply no cryptographic experts. I see this over and over happen in ransomware. The ones we cannot crack are usually those that use crypto APIs properly instead of attempting crypto themselves. (Granted, there are also people who use the crypto APIs the wrong way, but they would not do better if they wrote the API code themselves)
You cannot be an expert in everything and if you attempt to do that, you write the same dirty code that you are trying to avoid.
Using a library is not the same as copy and pasting.
The people who think they have the knowledge to build everything from scratch are the same that program their own encryption algorithms and build in errors because they are simply no cryptographic experts. I see this over and over happen in ransomware. The ones we cannot crack are usually those that use crypto APIs properly instead of attempting crypto themselves. (Granted, there are also people who use the crypto APIs the wrong way, but they would not do better if they wrote the API code themselves)
You cannot be an expert in everything and if you attempt to do that, you write the same dirty code that you are trying to avoid.
Last edited:
Is pretty clear I was not talking of libraries, and yes, a jack of all trades is a master of none.
- Apr 9, 2020
- 656
That was not clear to me because the 200 000 lines of code are an estimation for the log4j library (the article demanded that we review all the log4j code) and you were referring to copy and pasting those lines. Probably just a misunderstanding then. I do agree that you should not just copy and paste code.
Similar threads
