Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@Lensflare I'm curious
Wtf is that thing.
I don't wanna use Google, I'm scared.
The name alone sounds incredibly stupid.... -
@IntrusionCM It’s a payed service that is supposed to train devs to write code that is more secure.
The process is like this:
You see some code and try to find a security problem in it, then you pick one of four code changes (like PRs) that would fix the security problem.
That sounds nice in theory. But the tasks and the code is just completely useless. It is often huge and you have to read all of it just to find the problem somewhere. Which is a waste of time. It would make sense as an exercise how to review PRs, maybe. But not to learn about security.
The examples are often wrong, misleading, and annoying.
It focuses way too much on gamification and feels like a shitty coding related game. -
@Lensflare sounds meh.
Security starts on another level than code imho, too.
Sure it's maybe easier to grasp it via code, but I think it is better to understand the general problem instead of one possible implementation.
Thx for explanation -
@IntrusionCM Everything @Lensflare said is exactly right. What's worse about it is that 9 times out of 10 - if you actually do know this stuff fairly well - is you can spot the flaw in a few seconds, a minute or two at most (and that one time you don't it's PROBABLY because they word the flaws in a weird way sometimes, and/or there is arguably two flaws that COULD possibly fit depending on interpretation so you're not totally sure). It's when you have to choose the solution where it becomes an utter nightmare. SO time-consuming, bad code that would get rejected out of any decent code review, and then when you finally get to a point of saying "okay, I'm 100% sure it's answer X", nope, it's not, and then you start to wonder if you're really just a total fucking moron or whether it's really THAT flawed... so, you do it again, and you take the time to look stuff up, maybe even do some quick test code to be sure... and you realize that no, it's not you, it indeed really is THAT flawed.
-
@fzammetti hate stuff like that.
Trick questions fucked me up since school.
Especially when the teacher tells you: yes it is not entirely correct, but this is a choice question so the most correct answer should be picked.
These are things that I really hate.
Hate. Not dislike, I hate stuff like that.
You see that, over there?
That massive, 10-ton bag of dicks sitting there in the corner?
Secure Code Warrior can eat that ENTIRE FUCKING THING!
SO many flaws in their tests... SO much HIGHLY questionable content... utterly RIDICULOUS bullshit code with no comments and no context... asking me fucking Angular questions when I'm doing an Express test... two answers that are IDENTICAL... and a busted-ass site on top of it all.
I hate this motherfucking bullshit SO much, and at this moment I hate my employer even more for forcing me to deal with it.
But, hey, I hope you enjoy no work getting done today since you seem to prefer I do this instead, so I guess I'll just scare my dog some more as I yell about this bullshit.
Fuck you Secure Code Warrior, fuck you very, VERY much.
rant