Reflections on Trusting Example Code
Steve Loughran's How to Own an OSS Project, part 1 and especially How to Own an OSS Project, part 2 bring up the always-relevant issues of security, transparency, and trust. In particular, the second entry asks a most insightful question: how can you trust the documentation?
It doesn't help when the documentation suggests outdated practices which are, at best, dangerous and, at worst, completely wrong. (I've patched a few of these in Perl 5, myself.) Add to that active malice, such as a recent dangerous answer to a novice question in comp.lang.lisp, or running obfuscated code outside of a locked-down sandbox, and it's almost a wonder there aren't more security problems related to source code posted on the Internet.
|hahaha. lispers are sick.|
|Well, I have always known lispers are strange at least, but the code at comp.lang.lisp was really unfair. I think that trying to destroy someone's data by using his belief in my professionality is sick. I wanted to learn Lisp too, but right now, I better learn some real language, not language for people with personality disorders.|
|That comp.lang.lisp case is horrible, and I'm really surprised there wasn't more of a backlash against the trouble-maker. I do think that malicious example code will become more prevalent going forward as it's an obvious way to bypass the ever-improving security mechanisms in mainstream OS's. It takes advantage of people's pride at hacking / doing something for themselves, as well as the traditionally benign nature of programming education available on the net.|
|Yikes! A bit harsh. Way to discourage a new programmer.|
|That's really amazing. If it had been an anonymous reply, I could believe it came from some misguided kid trying to get his kix. But (apparently) coming from a professional programmer posting under his own name?? Who would even consider hiring this person for any reason after that example of his ethics? I, too, am surprised there wasn't more of a backlash.|