Autonomía digital y tecnológica

Código e ideas para una internet distribuida

Linkoteca. Stack Overflow


The tricky bit, as a new study called An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples, is working out which code is OK and which isn’t.

After analysing real code from Stack Overflow, the researchers found a small but still significant number of examples where this happened over a 10-year period to 2018.

The team reviewed 72,483 C++ code snippets for weaknesses defined by the industry Common Weakness Enumeration (CWE) guidelines, finding 69 representing 29 different types of security flaw, most often CWE-150 (‘Improper neutralization of space, meta, or control sequence’).

I’d be fascinated to see a study that compared cutting and pasting code – which carries the small risk of copying and pasting security errors – with coders who don’t copy and paste code and solve unfamiliar problems by always writing their own solution.

Solving the problem yourself carries three possible penalties: #1 it will take longer; #2 there is a good chance that the code (which solves a problem the developer is not well versed in solving) will make it in to the world without ever being reviewed by another person; and #3 if it does go unreviewed, there is a good chance the developer will never learn of their mistake and could well end up repeating it, even cutting and pasting it, into other projects.

Prosus (PROSY) has announced its intention to acquire Stack Overflow for 1.8 billion dollars. This is tremendously exciting news for our employees, our customers, our community members, and for our shareholders, and I will share a bit more about what it all means.

How you use our site and our products will not change in the coming weeks or months, just as our company’s goals and strategic priorities remain the same. As the acquisition is finalized, and we continue to partner with Prosus, I will keep you all posted through my regular quarterly blog posts and Teresa Dietrich, our Chief Product and Technology Officer, will do the same in her quarterly community blog posts.

Formalmente compartir conocimiento es una práctica habitual de cualquier proceso de aprendizaje, pero ella misma ha evolucionado negativamente en el proceso. Hemos dejado de lado otros aspectos fundamentales como son la curiosidad, la lectura pausada de la documentación oficial, las recomendaciones de los pesos pesados en ciertas materias y nos hemos quedado en la superficie de la mayoría de los problemas de una forma meramente oportunista o ligada al falso incremento de la productividad personal/grupal.

Nadie quiere que se deje de usar StackOverflow. Lo vamos a seguir usando, con cariño. Nos encanta. Lo que hago es un llamamiento a que por un lado exploréis documentación oficial cuando lo tengáis claro o realmente sea necesario, y por otro a separaros de la respuesta fácil descontextualizada. Tenéis que intentar construir soluciones serias y no cargada de piezas de código heterogéneas. Y además, y más importante, tenéis que entrenar vuestros cerebros.