You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
@Jonathan_Blow this is what I'd talk about if you ran a conference on simplicity. Why aren't game engines / level editors / photoshop collaborative? Because we have to rewrite that code every. damn. time.
Because it's harder to do that than make things non-collaborative. And it's hard to make things collaborative in an actually useful way. Which doesn't mean we shouldn't do it, but, if people can't even make non-collaborative things good, how can they do the harder version?
:/ Fair. I get the sense that as we lower barriers to entry, so many new devs come that the average dev is worse, and software becomes worse. Eg C -> Java -> JS frontend development. I don't think making programming simpler (as in easier) will improve quality either.
I think it will, because it's easier to do the right thing. The simplicity also lets us make better tools that help us find out the right thing in more complex cases. And we can use that to increase competition, which would drive up the quality demands. That part is essential.
Maybe. I agree good tools make good devs better. They just also allow junior devs with no security knowledge to ship insecure products. Maybe we're in an uncanny valley, since there's so much pent up demand. Competition seems to be making the games I play better, despite unity?
Competition is key, but good tools can make it very obvious what you have to do, by guiding the user to certain decisions. If it works for games, it works for tools. It can be amplified by having simple and memorable rules and quick actions so users make subconscious decisions.
Good tools can make it so easy to deal with security and complexity that it becomes shameful to say you didn't fix some bugs because you didn't have time. As an example of that, and of gamified tools, I made a time travel debugger with a fast interface. http://clinei.github.io/codeliteral
So for context, coding boot camps like GA don’t teach security. Our tools don’t protect you from common web vulnerabilities if you don’t know what you’re doing. I don’t know if they ever will - should express come with built in input validators + scrypt?
This is not theoretical. I’ve found plenty of ‘CORS: *’ headers in real sites because “uh it wasn’t working so I copied from SO”. Design is not powerful enough on its own to protect junior devs from their own inexperience and lack of knowledge.
I'm not sure how to tackle that problem directly. But indirectly, I would make everything else easier so the junior devs have more time to learn about security. And if we can get them to care about quality in general, through competition or ease of use, it will leak into security
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
