If you talk to any programmer they will tell you how a particular tool, programming language, OS, sucks and that X is the best. if you talk to any programmer they will tell you how the code they currently work on sucks, if they had written it in Node.js it would have been much better.
I have had the chance to work with someone that complained fiercely about the code in the project we were working on. I say chance, because we also worked on another project from scratch. We wrote the requirements, the documentation, and are responsible for every single line of code that was added to this project. Yet 6 months after, the same complaint were coming. He still said the code sucked even though he wrote it.
I am not saying he is a bad programmer. I may say he is actually a good programmer because we are in the business of making shitty software that breaks. Every programmer knows that when you revisited old code you wrote, you
delete it improve it before anyone else sees it, because it sucks.
When I ask for advice about some programming issues I encounter, whether it be security, coding standards, graphic design, user experience, the advice is always a cliché.
- A good programmer always use unit testing.
- A good programmer never use md5 to hash passwords
- A good programmer always thinks about the next programmer that will read his or her code.
- A good programmer always document his code.
- A good programmer solve real problems.
I might as well add “A great leader leads by example”. It may sound good, but it is an empty statement. Every real project I worked on was a mess. By that I mean even my own. I have worked on countless project where the passwords are stored as plain text in the database. After a few complaints, the passwords were hashed ...
$password = $_POST['password'];
$password = md5($_POST['password']);
The web is full of people that tell you how things should be, yet it is different than how things are. One of the reasons you will see great programmers take shortcuts is the dead line. When the there is a disconnect between the manager, the developer, the business team, there is no way to know how long a project will take to complete. The manager (sometimes a former programmer) that assumes the project should be easy to complete, gives a very short time of completion to the business team. The developer suffering from "impostor syndrome" ignores all the cliché advices and type as fast as he can to complete the project. Then someone collect his code and post it on the Daily WTF.
Security on a website is something not to be taken lightly, however there are a lot of optimization that are present just for the sake of making the code beautiful. I suspect we will have code beauty competition anytime soon. Until then, deploy your crappy code.
1. A Guardian Force or GF is an independent energy force. By combining it with para-magic, it is possible to control tremendous energy. Memory loss is a possible side effect, but this has not been proven as of yet.