this post was submitted on 26 Feb 2024
183 points (95.5% liked)

Programming

17677 readers
38 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 2 years ago
MODERATORS
 

As someone who spends time programming, I of course find myself in conversations with people who aren't as familiar with it. It doesn't happen all the time, but these discussions can lead to people coming up with some pretty wild misconceptions about what programming is and what programmers do.

  • I'm sure many of you have had similar experiences. So, I thought it would be interesting to ask.
you are viewing a single comment's thread
view the rest of the comments
[–] PhlubbaDubba@lemm.ee 39 points 10 months ago (3 children)

That IT subject matter like cybersecurity and admin work is exactly the same as coding,

At least my dad was the one who bore the brunt of that mistake, and now I have a shiny master's degree to show to all the recruiters that still don't give my resume a second glance!

[–] homoludens@feddit.de 18 points 10 months ago

"But why? It both has to do with computers!" - literally a project manager at my current software project.

[–] jadero@programming.dev 9 points 10 months ago (1 children)

That IT subject matter like cybersecurity and admin work is exactly the same as coding,

I think this is the root cause of the absolute mess that is produced when the wrong people are in charge. I call it the "nerd equivalency" problem, the idea that you can just hire what are effectively random people with "IT" or "computer" in their background and get good results.

From car software to government websites to IoT, there are too many people with often very good ideas, but with only money and authority, not the awareness that it takes a collection of specialists working in collaboration to actually do things right. They are further hampered by their own background in that "doing it right" is measurable only by some combination of quarterly financial results and the money flowing into their own pockets.

[–] PhlubbaDubba@lemm.ee 3 points 10 months ago

Doesn't help that most software devs don't have the social IQ to feel comfortable saying "no" when they're offered something that they don't feel comfortable with and just try making it work by learning it on the fly, even learning a company enforced format of code layout is often left for new hires to just figure out. If it weren't for how notepad++ has an option to replace tabs with spaces, I'd have screwed my internship over when I figured out that IBM coding (at least at the time) requires all spaces instead of any tabs after a stern talking to from my supervisor!

[–] huginn@feddit.it 8 points 10 months ago (3 children)

Idk I'm not sure I'd trust any dev who doesn't consider cyber security in their coding. So much development is centered around security whether that's auth or input sanitization or SQL query parameterization...

If you're working on an internal only application with no Internet connectivity then maybe you can ignore cybersec. But only maybe.

[–] Mesa@programming.dev 12 points 10 months ago* (last edited 10 months ago) (1 children)

No one's saying to ignore it.

If I own and run a sandwich shop, I don't need to be on the farm picking and processing the wheat to make the flour that goes into my bread. I could do that, but then I'd be a farmer, a miller, and a sandwich maker. All I need to know is that I have good quality flour or bread so that I can make damn good sandwiches.

[–] huginn@feddit.it 1 points 10 months ago (1 children)

I'm confused where cybersec sits in your sandwich analogy. If every time you sold a sandwich someone could use it to steal all the money in your business you'd probably need to know how to prevent reverse sandwich cashouts.

I'm not talking about advanced, domain specific cybersec. I don't expect every developer to have the sum total knowledge of crowd strike... But in a business environment I don't see how a developer can not consider cybersec in the code they write. Maybe in an org that is so compartmentalized down that you only own a single feature?

[–] Mesa@programming.dev 1 points 10 months ago

In a few words, I'm reiterating the point that a professional software developer =/= professional cyber security expert. Yes, I know that I should, for example, implement auth; but I'm not writing the auth process. I'm just gonna use a library.

[–] Solemn@lemmy.dbzer0.com 2 points 10 months ago (1 children)

... You know not all development is Internet connected right? I'm in embedded, so maybe it's a bit of a siloed perspective, but most of our programs aren't exposed to any realistic attack surfaces. Even with IoT stuff, it's not like you need to harden your motor drivers or sensor drivers. The parts that are exposed to the network or other surfaces do need to be hardened, but I'd say 90+% of the people I've worked with have never had to worry about that.

Caveat on my own example, motor drivers should not allow self damaging behavior, but that's more of setting API or internal limits as a normal part of software design to protect from mistakes, not attacks.

[–] huginn@feddit.it 2 points 10 months ago (1 children)

It's fair to point out that not all development is Internet connected, but ~58% of developers work in web dev.

5% in desktop apps

3% in mobile

2.4% in embedded

And then of the remaining I'd be shocked if few of their domains excluded Internet facing devices.

https://survey.stackoverflow.co/2023/#section-developer-roles-developer-type

But you're right to point out development isn't a monolith. Professionally though: anyone working in a field where cybersecurity is a concern should be thinking about and knowledgeable of cybersec.

[–] Solemn@lemmy.dbzer0.com 2 points 10 months ago

I didn't realize just how siloed my perspective may be haha, I appreciate the statistics. I'll agree that cyber security is a concern in general, and honestly everyone I know in industry has at least a moderate knowledge of basic cyber security concepts. Even in embedded, processes are evolving for safety critical code.

[–] PhlubbaDubba@lemm.ee 2 points 10 months ago (1 children)

Well, at least I know from this that some folks give my résumé the first look! Not exactly more than cold comfort though, especially when I've already built a career in business management after a family friend gave me a leg up when the "I don't want to do my job!" HR sorting bots kept discarding my resume for not having gone to Harvard for either my Bachelor's or Master's.

[–] huginn@feddit.it 1 points 10 months ago* (last edited 10 months ago)

My part of the hiring cycle they've already gotten past the pipeline / bots. I'm there to do architecture and design questions 😉

But I do read every resume.