●Stories
●Firehose
●All
●Popular
●Polls
●Software
●Thought Leadership
Submit
●
Login
●or
●
Sign up
●Topics:
●Devices
●Build
●Entertainment
●Technology
●Open Source
●Science
●YRO
●Follow us:
●RSS
●Facebook
●LinkedIn
●Twitter
●
Youtube
●
Mastodon
●Bluesky
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
Forgot your password?
Close
This discussion has been archived.
No new comments can be posted.
Load All Comments
Full
Abbreviated
Hidden
/Sea
Score:
5
4
3
2
1
0
-1
More
Login
Forgot your password?
Close
Close
Log In/Create an Account
●
All
●
Insightful
●
Informative
●
Interesting
●
Funny
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
bybradley13 ( 1118935 ) writes:
IMHO, these problems stem from the following source problems:
- Incompetent developers. Look at the number one problem, number one for years now: injection. I teach students how to avoid this the first time they touch a database, which is typically in year two of their degree program. It doesn't matter: half of them still write injectable queries, even though using "prepared statements" isn't any more complex. The thing is: there is so much code to be written, that even these students - who evidently don't u
byswilver ( 617741 ) writes:
Too many frameworks... that's a good one. You're worried about the vulnerabilities in some of the most stable, highly scrutinized, fully unit tested and secure frameworks Java has on offer and because of that... you roll your own.
I guess I know what is really wrong with the industry: developers that think they can create their own framework, replacing several dozen man years of coding, debugging and testing in just a few days -- and then having the arrogance to think it will contain less vulnerabilities ri
byBongo ( 13261 ) writes:
I think there’s a side issue: only by trying to write one’s own, does one start to understand the problem. So as a learning excercise, trying to write one’s own is really useful. And then, use a proper framework. Otherwise there’s the opposite problem of people relying on frameworks which they don’t understand.
Parent
twitter
facebook
byWrath0fb0b ( 302444 ) writes:
There are two separate things: knowing what a framework does and knowing how it does it. In order to roll your own, you need to know both. But if things are documented right, the former is really enough.
Let me give a overly-trivial example (Python for simplicity, hardly matters):
from ecdsa import VerifyingKey
vk = VeryifyingKey.from_pem( VK_KEY_DATA )
assert vk.verify(signature, message):
What I would absolutely expect an engineer working on this code to understand is as follows:
(1) Elliptic Curve come in priv
byBongo ( 13261 ) writes:
Ah, I see. Thanks, I learnt something :)
Yeah it was just my experience, using Python for sysadmin stuff, where I was struggling with the multiprocessing module, and through some fault of my own, still causing lockups. So I went the way of learning the basics of fork, pipes, select, and message relaying, and then I started to appreciate what a multiprocessing module was really trying to solve. Likewise, after following the route of using callbacks to handle messages from other processes, with closures, I dis
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Slashdot
●
●
Submit Story
It is much harder to find a job than to keep one.
●FAQ
●Story Archive
●Hall of Fame
●Advertising
●Terms
●Privacy Statement
●About
●Feedback
●Mobile View
●Blog
Do Not Sell or Share My Personal Information
Copyright © 2026 Slashdot Media. All Rights Reserved.
×
Close
Working...
Working...