[system7rocks]

This is amazing. Seriously, more things should be custom-coded. Why not?

[bosch_mind]

For fun, sure. Small mistake can be big security nightmare

[whiterknight]

1000 lines are easier to secure than 5 million lines

[agentultra]

“You can write software that has no obvious bugs or you can write software that obviously has no bugs.”

I think that was ewd?

[naniwaduni]

You can, of course, also write programs that have known bugs. Or even programs that have bugs that obviously shouldn't be there, but are anyway.

[victorbjorklund]

Not if 1000 lines are written by you alone and not checked by anyone else vs 5 million lines of code written by thousands of people and checked by countless more. Linux is probably more secure than 1000 lines of C code from a junior developer.

[whiterknight]

I think this is vastly overrated:

- how much code actually gets read outside of top 2-3 projects?

- how many of those readers can detect security problems?

- why are others inherently better at detecting problems than the author?

Wouldn’t 1000 lines read by 2 people be better than a million read by 10?

[mplewis]

Not if you’re the only author!

[a2128]

For a blog? If you don't put anything important on the server itself I can't imagine a hacker could do much. Maybe put a nasty image on your front page, or put their Bitcoin address pretending it's the place to send donations, but it would take a lot of time and effort to remain hidden for hardly any gain.

[knowitnone]

or take over your server?

[remram]

Unless your server has very unusual features, or there are VERY serious kernel vulnerabilities, all an attacker can do is read files accessible to the server's user or run code as the server's user.

And possibly serve attacker-controller content to other users.