Hacker News new | past | comments | ask | show | jobs | submit login

This would be a failed assignment in an entry level uni programming course. How on earth does a Microsoft developer accomplish such a thing as bringing an incomplete and unsafe program to production deployment?



What, do you think that just because the mistake is easy to understand and identify, that experienced developers won’t make it?

Experienced, smart, and savvy programmers will make all sorts of mistakes in their code, even stupid mistakes. It takes an immense amount of effort and savvy to reduce, mitigate, and recover from bugs in production code. Meanwhile, management applies pressure to ship new features. The kinds of teams and people that manage to ship high-quality code on a regular basis are teams with a lot of different types of people on them—you need someone who can make the case to management that these efforts need resources and are in the best interests of the company, you need someone to drive team culture and figure out what kind of practices will reduce bugs, you need people who work on automated tooling, you need people to run disaster scenarios, you need technical coders who can make frameworks that are easy to use but hard to misuse.

Nobody I met came with any of those skills out of college.

Multiply the difficulty when you’re working with distributed systems, like this one.


> Nobody I met came with any of those skills out of college.

Exactly. Experience is key.

> Meanwhile, management applies pressure to ship new features.

This quantity over quality mindset, combined with the industry's rampant ageism and veneration of newness over all else, is making things worse at an alarming rate.


Yes, experienced smart developers can make dumb mistakes, but this is pretty dumb. More importantly, it's the type of thing that should have been caught in a pull request or with a test, if not immediately after writing the code in question. Their process is severely lacking if a basic auth bug of this nature got through to production.


> Experienced, smart, and savvy programmers will make all sorts of mistakes in their code, even stupid mistakes

Reason why I've been uninstalling the agent on each Azure VM since 5 years: you can't make mistakes in code you don't have, at the cost of losing integration with the dashboard.


> This would be a failed assignment in an entry level uni programming course

This wouldn't be an assignment in an entry level uni course.

"Write an agent running on a machine capable of providing remote command execution, authentication and that must report OS metrics externally". Next week's lab : "Recursion".


This wouldn’t be any type of assignment in an entry level uni programming course. Entry level uni programming courses are things like “implement a noughts and crosses game in Java”, not “implement a bespoke authentication workflow for a large-scale public cloud provider”.


It's called quality assurance. Or the lack of it. In a normal development process you have design and testing all acconpaniated by reviews. But there commes tailoring and you skip some testing ( it uses code from previous tested project) and maybe some reviews. At the end of the project you shall have some lessons learned, but they are there just to please management. Add to this the fact that the people who will have to fix the mess are never the same who did the original development and you have a picture. And unfortunately this is not MS specific.


Lack of negative unit or integration tests.


This is the correct reason. Add security audit (internal/external) as well. Don't blame the developers. Blame the process. There will be days on which even the world's smartest person makes mistakes.


I agree auditing would be prudent but frankly the developer is the first line of defence and will share my blame.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: