Reflections on Trusting Example Code

by chromatic

Steve Loughran's How to Own an OSS Project, part 1 and especially How to Own an OSS Project, part 2 bring up the always-relevant issues of security, transparency, and trust. In particular, the second entry asks a most insightful question: how can you trust the documentation?

It doesn't help when the documentation suggests outdated practices which are, at best, dangerous and, at worst, completely wrong. (I've patched a few of these in Perl 5, myself.) Add to that active malice, such as a recent dangerous answer to a novice question in comp.lang.lisp, or running obfuscated code outside of a locked-down sandbox, and it's almost a wonder there aren't more security problems related to source code posted on the Internet.


5 Comments


2007-03-17 07:04:18
hahaha. lispers are sick.

2007-03-17 12:24:40
Well, I have always known lispers are strange at least, but the code at comp.lang.lisp was really unfair. I think that trying to destroy someone's data by using his belief in my professionality is sick. I wanted to learn Lisp too, but right now, I better learn some real language, not language for people with personality disorders.
Anthony Cowley
2007-03-17 13:00:52
That comp.lang.lisp case is horrible, and I'm really surprised there wasn't more of a backlash against the trouble-maker. I do think that malicious example code will become more prevalent going forward as it's an obvious way to bypass the ever-improving security mechanisms in mainstream OS's. It takes advantage of people's pride at hacking / doing something for themselves, as well as the traditionally benign nature of programming education available on the net.
James Polera
2007-03-17 22:01:39
Yikes! A bit harsh. Way to discourage a new programmer.
John Wiersba
2007-03-20 09:49:08
That's really amazing. If it had been an anonymous reply, I could believe it came from some misguided kid trying to get his kix. But (apparently) coming from a professional programmer posting under his own name?? Who would even consider hiring this person for any reason after that example of his ethics? I, too, am surprised there wasn't more of a backlash.