| It's largely a wetware problem. I am fascinated with extreme malpractice in the software field such as https://en.wikipedia.org/wiki/British_Post_Office_scandal or https://en.wikipedia.org/wiki/Enshittification which are mainly software development being eclipsed by business concerns but also everyday malpractice such as when you come across a registration form on the web that doesn't let you use certain characters such as quotes or words like "INSERT" or "DELETE" in your password. Last week there was this weird case, https://news.ycombinator.com/item?id=39078372 because (1) they are not in control of quoting strings in their app because they aren't quoting systematically, (2) they are not in control of quoting strings in their app because their web application firewall quietly mutates form submissions according to arbitrary rules, and (3) are likely to be storing passwords in the databases in plain text, but in their case (4) they say they aren't storing passwords at all which makes me wonder why they ask for them, are they (5) passing the password on to some other application, making it a possible nexus to steal passwords? Bell Labs wrote on how to do it the (almost) right way but I bet people are still (6) hashing passwords without a salt, but at least I got the last laugh on folks who (7) thought "authentication is hard lets go shopping" cause their authentication-as-a-service vendor got bought and got shut down. There are various selfish memes that take a good idea but become a substitute for critical thinking such as: test-driven development, agile, "learn a programming language", functional programming (e.g. use the real Y Combinator and you lose, sorry,) "OO Sux", etc. There are also non-overlapping communities of practice such as * Windows devs vs Linux devs
* People who use stored procs in databases and those who don't, ... which make it hard for the software developer community to rise up against ignorance and malice. |