Details
Joined devRant on 2/3/2024
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Got to talking with someone in our company about AI generated code. I said we still have to audit the code, understand how it works, and ensure there isn't any nefarious libraries or code in what is produced. Like what we "should" be doing when we find libraries on the web. I explained how people will purposely create libraries that are spoofs of other libraries, but have malicious code embedded in them. It doesn't take much to imagine someone using a sketchy AI to push this kinda code.
How do you reasonably fight this if we start increasingly relying on generated code by AI? So I suggested we need an AI to review AI generated code. Then we need an AI to review the AI that reviews the AI generated code. Then...3 -
“httpOnly cookies prevent XSS attacks”… wow.
As if not being able to get your cookies is going to stop me from doing bad things.
When I'm in via XSS, it's over. I'm changing the page content to your sign-in form with “please sign in again” notice, but it sends email/password straight to me. What percentage of users is going to enter their data? What do you think? With password managers prefilling data, and the annoyance being one “enter” hit away, I think a lot of users will fall for that. No one, including you, will be able to tell the difference without devTools.
You can rotate the session token, but good luck rotating the user's password.
Oh, did I tell you I could register a service worker using XSS that will be running in background FOREVER?
But don't listen to me. Don't think. Just use httpOnly and hope for the best. After all, your favorite dev youtuber said they could protect you from XSS.4 -
A developer might think "now that computers have more RAM and an abundantly strong CPU, I am free to create resource-hungry inefficient software!"
This sets a dangerous precedent.
Computers can only get faster if the software stays efficient while the processors get faster and the RAM increases.
If computers get more powerful but software also gets more bloated and less efficient, it defeats the performance benefit.
Also, software must be efficient to extend the battery time on portable devices.
Jody Bruchon video: https://youtube.com/watch/...9 -
I feel like the world has truly gone nuts
I hope we wake up at some point
but even these words won't make sense to anyone, because they're all words that have had their meanings rewritten... we're in a kill box, and all the signs are there, and yet we drudge along, ignoring the red flags
slowly suffocating, justifying the suffocation
but even those words have been rewritten
it feels like the stories of USSR my mom would tell me, unknowing that that wasn't how the western world worked in the 90s. Her attitude towards life makes more sense now, because that's how you'd have to act to survive in such a place. I didn't like her acting that way, but I might have to do the same one day4