Hacker News new | past | comments | ask | show | jobs | submit login

I think we're arguing the same thing.

Write an abstraction on top of the hard to use API for the majority to use, and people who need to use the low level API directly can learn to do so.




Strange how we end up here after calling me elitist... Please remember this for next time you interact with someone.


You started off by insulting people who write code that has security holes. I started off by saying the solution is to make APIs that make writing security holes harder.

You characterized people who write code with security holes as "stupid/lazy", that is elitism.

About ~10 years ago, a lot of databases used to ship with no PW on by default. This lead to a lot of information disclosures as people new to the cloud based world setup a DB and all of a sudden it was world readable with no authentication needed.

When this happened, a bunch of experienced DBAs started saying the problem was mass incompetence on the part of these "young developers who think they know how to be a DBA." Their proposed solution was for companies to start hiring "real DBAs".

The actual solution was to have databases not allow exposure over a public IP unless a password is set, which is now the default on the vast majority of databases, and when it isn't, there are giant warning banners that flash everywhere alerting developers to the giant security hole they are about to deploy.

I'm not saying elitism is always bad. Those DBAs who understand exactly how query optimizers work and exactly how databases store everything under the hood are needed, just as the developers who know the detailed ins and outs and proper usage of low level operating system APIs are needed.

But if a lot of otherwise capable developers keep making the same mistake using some tool or API or cloud service, instead of trying to assign blame to individuals for being stupid or lazy, we as an industry should instead ask ourselves why so many people are having the exact same problem.

I'm elitist about plenty of things, and it took me time to realize that just because I know the "best" or "correct" way for something to be done, doesn't mean that everyone else needs to do that thing in the "best" way.

Anything in this world meant for usage by a large number of people, a product, API, flat packed furniture, setting up a printer, needs to cater to the needs of the job that people want to get done. Saying people are "doing it wrong", well, at best that approach gets companies put out of business (see: Everyone selling smartphones who wasn't Apple/Google), and at worst the harm can be magnified many fold.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: