[XorNot]

"best-practice" is a specific, over-used term in the tech industry. People instinctively give opinions and say "well best-practice is..." to fortify it against being criticized, and then lean heavily on the fact that if you actually ask them to support that notion then they imply or accuse the questioner of being hostile.

"It's best practice" should invite the question of "according to who, in which publications? What are the circumstances of the practice, are they similar to our circumstances?"

[aspenmayer]

> A weasel word, or anonymous authority, is a word and phrase aimed at creating an impression that something specific and meaningful has been said when in fact only a vague, ambiguous, or irrelevant claim has been communicated. The terms may be considered informal. Examples include the phrases "some people say", "it is thought", and "researchers believe". Using weasel words may allow one to later deny any specific meaning if the statement is challenged, because the statement was never specific in the first place. Weasel words can be a form of tergiversation and may be used in advertising, (popular) science, opinion pieces and political statements to mislead or disguise a biased view or unsubstantiated claim.

https://en.wikipedia.org/wiki/Weasel_word

Edit:

Verb tergiversate (third-person singular simple present tergiversates, present participle tergiversating, simple past and past participle tergiversated)

(intransitive) To evade, to equivocate using subterfuge; to obfuscate in a deliberate manner.

(intransitive) To change sides or affiliation; to apostatize.

(intransitive, rare) To flee by turning one's back.

https://en.wiktionary.org/wiki/tergiversate

[nonrandomstring]

There's a spectrum isn't there, between weasel words that are avoidant and non-attribution which is done out of respect or kindness. News is full of passive prose; "A source claimed yesterday", because anonymous sources need protection. A barrister might say in court; "It has been said that...", not to invite libel or misidentify a witness. Or a teacher might say "It's been brought to our attention that some children..." not to embarrass a kid in front of everyone.

[aspenmayer]

These are good points. Here are some links I found relating to legitimate points you have raised:

Why does The New York Times use anonymous sources? https://www.nytimes.com/article/why-new-york-times-anonymous...

A Look at Journalists' Use of Anonymous Sources https://www.voanews.com/amp/journalists-use-anonymous-source...

Society of Professional Journalists Ethics Committee Position Papers: Anonymous Sources https://www.spj.org/ethics-papers-anonymity.asp

Everything-but-the-kitchen-sink: a guide to confidential sources https://ethics.journalism.wisc.edu/2018/12/07/the-everything...

https://en.wikinews.org/wiki/Wikinews:Avoid_weasel_words

https://en.wikipedia.org/wiki/Wikipedia:Avoid_peacock_terms

https://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style/Word...

https://en.wikipedia.org/wiki/Puffery

[bongodongobob]

Nah. Best practice usually means "assume a spherical cow". The idea is to point in the right direction because there are no one size fits all solutions for anything. It's a starting point that isn't stupid and is backed by the blood of poor bastards from the past.

[RaftPeople]

But frequently, in technology, the term "best practice" is used where it's not really settled whether it's a good practice 80% percent of the time or only 20% percent of the time.

If you look at the history of industry trends over the last X decades, most of which were replaced by the next trend due to the pain that was eventually discovered, you will find many people claiming the new trend was "best practice" typically mid-way through the hype cycle and before the actual trade-offs become well known.

[pixl97]

I mean, not writing your own encryption library is best practice.

[Eisenstein]

If someone asks you 'why?' can you tell them? If not, you are using it as a weasel word. If so, then you are using it as shorthand for 'I could explain it but I don't think I need to right now'.

[ruszki]

Or literally that’s the only information what you really have. I haven’t met a single person except universities who knew more about this topic (ie they’re rare). Even the library/interface which is used is not well understood usually, even on the surface level.

[briHass]

It's not clear, even, to what depth this 'best practice' applies. Writing your own crypto primitives is probably a bad idea, but what about combining them? AEAD approaches demonstrate there can be nuance even with battle-tested primitives and how they're combined or used in practice. Oh, but what about key derivation or protecting the keys in general? What good is that library's encrypt method if the DIY key secrecy/rotation/exchange is sloppy?

[simonkagedal]

Same goes for “anti-pattern”.