undefined | Better HN

0 pointsskulk2y ago0 comments

If it's something you want others to use, why not reuse audited libraries? For something for which security is important, no one wants to audit your homegrown HTTP parser/TOR implementation/etc.

0 comments

8chanAnon2y ago

It's not as extensive as you're suggesting. HTTP parsing is handled by Node.js and it merely connects to an existing Tor server running in the background. The thing is, if I use any kind of third-party software then I end up with much more than I'm needing. For example, what is involved in running a websocket? Mention websocket to anyone and they'll tell you that you need a package like ws or something. Fact is, basic websocket functionality can be had with a few dozen lines of code. Same with DNS. Think you need a package for that?

Besides, even a well-designed library can be fatal for security if it is not handled correctly.

j / k navigate · click thread line to collapse

0 pointsskulk2y ago0 comments

If it's something you want others to use, why not reuse audited libraries? For something for which security is important, no one wants to audit your homegrown HTTP parser/TOR implementation/etc.

0 comments

8chanAnon2y ago

Besides, even a well-designed library can be fatal for security if it is not handled correctly.

j / k navigate · click thread line to collapse