I don't think the point of this article was to be a copy and paste twitter alternative, it's more to show that it's possible to do it (at least that's what I got out of it).
There's also no hashing/salting of user passwords or anything. Even with some minor coding experience you should be able to pick this out.
I get that, but when I'm not browsing Hacker News I keep company with hundreds of teens who take code like this and implement it into their own sites, or edit it a bit and redistribute it. I think releasing code of this standard without specifically stating that it is not ideal for actual public use, you put these teen's sites at risk - perhaps without even realising it.
I don't think all code should have to come with a warning label.
I'm 17 years old, falling into your teen category, and there is no way I would ever run that code in a production environment - just by looking at it I can tell it's unfit.
You use Hacker News, you don't fall in to my teen category. :) (That's a compliment.)
Have a look at some of the sites here if you have time: rev.iew.me/users & you'll see what I mean.
For the record, I agree, code shouldn't have to come with a warning label; but I have seen many a site taken taken down by similarly bad code. I do my very best to help these youngsters where I can, because I was in their position once too. (Hence why I am here, to learn more and be able to offer more help to those who don't know so much.)
In my experience (still a teen...) it's the rule until proven otherwise. I mean just by being a teen many people assume you have some level of technical knowledge, but it doesn't go beyond helping people with setting up their computers and phones...anything like programming is like an "oh, really?" to a "oh, wow [you can actually do it]!" thing.
Well, to be specific, that was the case for me from 13 to 16, then I started prefacing that with "I'm majoring in computer science" and then the discrimination started to go away.
I'll admit that I'm no PHP expert, but I was under the impression that htmlentities prevented XSS by converting all special html characters to their equivalent html entity.
If HTML entities works properly, and it is used properly, shouldn't it prevent XSS since an attacker who inputs something like <script>alert("xss")</script> would simply see the message displayed back to them instead of the browser actually executing it?
I haven't read the article in full, but I wonder why the author hasn't used laconi.ca (the free open source software which is used by identi.ca). Why should you be creating a new microblogging solution when a perfectly good open platform exists?
Interesting. I would have given the same answer some time ago, yet lately I have the feeling that I learn more from installing, configure and dive into somebody else' code and extend / change it than writing something from scratch. I guess both are valid 'methods' to learn, although the latter benefits open source projects like laconi.ca as well.
I personally think that both are valid methods to learn, but that you learn different things from going the separate ways. i.e. when I'm writing something from scratch I have to learn every little detail of what I'm trying to do, whereas taking a look at someone else's code I could gloss over a lot of the implementation details but learn how the author decided to implement some of the relevant/important parts, how to extend, and otherwise generally contribute to a project.
Wordpress is the complete blogging solution, or so I'm told. So why did I bother to code a CMS for myself from scratch? Because I wanted to learn and it better suited my needs.
First, it's interesting that they call this an intermediate level tutorial/article. I'd definitely put a microblog in the begginer category (The "build a blog in 15 mins" screen cast is one of the first things people watch when getting into Rails).
Second, in the time it took to write this article, one could have built the actual app to provide for download or as an open-source project.
Personally I'd still take this kind of article any time over the "why [Twitter | Facebook | etc] is the [next Google | biggest failure ever]", "5 timeless principles for [ building startups | coding | marketing] I just thought of, having done it for almost a year now" or anything from TechCrunch & co.
