[Wolves] Scumbags Hack Xoops site

Fri Oct 21 01:59:58 BST 2005

> Them days are going going gone. true there are still some juicy consultancy 
> jobs around but remember my favourite (needs to be said in a strangled voice) 
> "Oh na mate I can get it cheaper on ebay" these days everyone's a web expert 
> or MS expert, plug and play has killed us all so has the ubiquitous wizard.

The days where a run of the mill website will get you anywhere on the 
web is also going going gone. At the end of the day, companies on a 
budget can always take shortcuts and opt for something free and off the 
shelf - but for anybody with more than the most basic of requirements, 
they will quickly find that they don't quite fulfil their requirements. 
There will always be a place for bespoke application development - and 
the web is becoming more and more about applications than simple 
brochureware websites.

> we seem to have moved on to slagging off the developers now I know 
> what you'll say "Shite developers = shite app" But thats not true is it? and 
> to be honest if its just about cleaning up the code maybe you could help?

Well, if all you need is to simply pull an app off the shelf and start 
using it, then assuming its reasonably secure then yes, shite developers 
doesn't instantly mean shite app. But the moment you want to start 
extending and customising that software, it becomes a hassle and extra 
time for developers. And when developers have to spend longer hacking 
away at poorly written open source software for their clients, clients 
get charged more and all of a sudden that investment in free software 
isn't looking so great.

And the biggest problem with the code is that its rarely a case of 
cleaning up code - its about trying to hack your way through the mess of 
poor (or completely lacking) design decisions made by teams of amateur 
programmers who know nothing about good software design and architecture.

> 
> 
>>it's not the same for all software.  Software with developers with a
>>clue have special teams for security auditing and tracking.
> 
> 
> Behave, you're talking about an org that has some money who can afford to pay 
> for that sort of setup.
> 

No offence, but thats nonsense. You don't need to be a huge organisation 
with money to have teams dedicated to maintaining standards and auditing 
code - all you need are smart, dedicated developers and such is the 
beauty of open source, you can find these people who are willing to 
commit their time to a project.

Not only that, but with good practices you can make it a lot easier to 
not only avoid problems, but make it easier to isolate and fix problems. 
I'm talking about strong, automated tests. The majority of the most 
commonly deployed web apps don't even come with automated unit tests. 
Unit tests should be considered absolutely essential, especially on a 
project where there are often several developers working on the same 
code base.

Sorry to turn this into a rant about good development practice, but its 
essentially what it comes down to with a lot of these horrible codebases.

Cheers
Luke