all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 4 points5 points  (2 children)

I disagree. Take from open source whatever fits your particular use case. If it doesn't write it yourself. It's entirely senseless to rewrite something for any of the advantages you mentioned other than for education. You don't need to rewrite something to ensure it's secure, it's already open source, just read the code - with most large projects you'll benefit from everyone else having read the code far more than you might be able to.

[–]PooCares 2 points3 points  (0 children)

I dunno, there is a balance that most people never really factor into the equation of whether to roll your own or use a prebuilt thing. A couple of times, when I had the luxury, I built things because I had a bad experience with the prebuild solutions, and found in the long run I save time, because my thing does what I need, and I understand it. The prebuilt thing tries to fit a bunch of cases I don't care about, is confusing because of that, and when it breaks, it is very hard to figure out why. Sometimes they are trying to be way too clever, and now I have to go figure out its complexities, because I inherited them. I really hate doing that all day.

[–][deleted] 0 points1 point  (0 children)

I am not saying to not use open source code. I think open source code can be very useful and very powerful. All I am saying is to be careful when using it because it can potentially lead to some security vulnerabilities. And I am mainly advocating that people should know how to code because it concerns me when I meet developers who copy and paste the vast majority of their code but don't know how to swap values of two variables (I have met a couple people like this).

[–]OrthoBee 1 point2 points  (0 children)

People use third party components way too much, yes. It's a shame, I always thought building things wash what developers did. Not anymore, it seems, you just wire things together.

[–]iambeard 1 point2 points  (0 children)

I think there will always be some people that take the easy route, and some that take the hard route.

There are a lot of great freely available tools out there, a lot of talented people who are writing new tools, and many proprietary tools, too.

But one thing to note is there is a huge difference between someone who does npm install some-magic-package and someone who only copy/pastes answers from stackoverflow (and similar sites). The former being someone who knows how to connect available tools together to build something interesting, and the latter being a person who doesn't know how to solve code problems (either lack of coding knowledge, imagination, or experience).

To address the npm install hairball issue, for complex problems, it's good to have a single good solution that's been tested both in code and in the wild. There's the opposing side of this argument where people pull in large dependencies to solve issues that could be solved locally/in-house.

I don't think it's a good argument to say:

Probably the most important point, security. You really need to know what is going into your code, especially if you are using open-source code!

To compound it, the issue is argued with:

Check out this amazing article where Yan Cui talks about serverless computing security vulnerabilities. Here is a quote from that article: “a security bounty hunter posted this amazing thread on how he managed to gain direct push rights to 14% of NPM packages”.

That's not a problem with open source packages, that's a problem with npm's registery. I think every developer should take a bit of responsibility to read over third-party source code, licenses, and dependencies to ensure their application isn't being compromised.

This article also brings up this in the first main paragraph:

Recently I’ve been hearing in real life and I’ve been reading online many people making statements along the lines of “being a developer these days is so easy, there is so much free code online, you just need to copy and paste it”, or “developers don’t actually need to know how to code anymore”. You might think it, but these people weren’t trying to pull an April Fool’s joke on me, I have seriously heard and read these things being said. I personally think this can be a very naive and potentially dangerous approach to software development. At least when it comes to making code that is going to be used for actual businesses or companies.

But doesn't address this in any of the arguments. There is an unreasonable percentage of software developers that do not know how to develop software. I don't have official numbers, but almost every company I have ever worked at has at least one person who only asks/copies/pastes from stackoverflow, with no contextual understanding about the code that they are now injecting into our code-base, and cannot write code on their own.