undefined | Better HN

0 pointsFazebooking2mo ago0 comments

1) no one cares if it works. No one cared before how your code looked as long as you are not a known and well used opensource project.

2) there are plenty of services which do not require state or login and can't be hacked. So still plenty of use cases you can explore. But yes i do agree that Security for production live things are still the biggest worry. But lets be honest, if you do not have a real security person on your team, the shit outthere is not secure anyway. Small companies do not know how to build securely.

0 comments

JohnMakin2mo ago

> 1) no one cares if it works. No one cared before how your code looked as long as you are not a known and well used opensource project.

Forgive me if this is overly blunt, but this is such a novice/junior mindset. There are many real world examples of things that "worked" but absolutely should not have, and when it blows up, can easily take out an entire company. Unprotected/unrestricted firebase keys living in the client are all the rage right now, yea they "work"until someone notices "hey, I technically have read/write god mode access to their entire prod DB", and then all of a sudden it definitely doesn't work and you've possibly opened yourself to a huge array of legal problems.

The more regulated the industry and the more sensitive the business data, the worse this is exacerbated. Even worse if you're completely oblivious to the possibility of these kinds of things.

geerlingguy2mo ago

> Forgive me if this is overly blunt, but this is such a novice/junior mindset.

Unfortunately the reality is there are far more applications written (not just today but for many years now) by developer teams that will include a dozen dependencies with zero code review because feature XYZ will get done in a few days instead of a few weeks.

And yes, that often comes back to bite the team (mostly in terms of maintenance burden down the road, leading to another full rebuild), but it usually doesn't affect the programmers who are making the decisions, or the project managers who ship the first version.

FazebookingOP2mo ago

I'm an architect and have 20 years of experience.

I have seen production databases reachable from the internet with 8 character password and plenty others.

But my particular point is only about the readability of code from others.

j / k navigate · click thread line to collapse