| ▲ | integralid 8 hours ago | |||||||
>What type of developer chooses UX and performance over security? So reckless. Initially I assumed this is sarcastic, but apparently not. UX and performance is what programmers are paid to do! Making sure UX is good is one of the most important things in programmer job. While security is a moving target, a goal, something that can never be perfect, just "good enough" (if NSA wants to hack you, they will). You make it sound like installing third party packages is basically equivalent to a security hole, while in practice the risk is low, especially if you don't overdo it. Wild to read extreme security views like that, while at the same time there are people here that run unconstrained AI agents with --dangerous-skip-confirm flags and see nothing wrong with it. | ||||||||
| ▲ | zymhan 3 hours ago | parent | next [-] | |||||||
Installing 3rd party packages the way Node and Python devs do regularly _is_ a security hole. | ||||||||
| ||||||||
| ▲ | toss1 3 hours ago | parent | prev [-] | |||||||
Even more wild to read that sarcasm about "removing locks from doors for 87% speedup" is considered extreme... And yes, we agree that running unconstrained AI agents with --dangerous-skip-confirm flags and seeing nothing wrong with it is insane. Kind of like just advertising for burglars to come open your doors for you before you get home - yeah, it's lots faster to get in (and to move about the house with all your stuff gone). | ||||||||