110
this post was submitted on 06 Feb 2024
110 points (94.4% liked)
Programming
17424 readers
88 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I've got a lot of these.
Programming is not doing leetcode problems all day long. Those problems can be a good brain exercise or a good prep for a [misguided] technical interview but in a real programming job you have next to no chance of running into problems like those. Even if you do, you're an idiot if you spend hours toiling away at a problem that somebody else already solved much more efficiently than you will. Your boss doesn't give a crap if you pulled all of the code straight from your brain.
Programmers are not hackers. The reverse might be true but hacking is about finding problems (and exploiting them) while programming is about fixing problems.
A programmer can do anything that involves code. Maybe not quite this succinct but I think most will assume you can write a mobile app or a website just because you say you can code. Websites, games, apps, and so on are written in code but they all involve different technologies, toolsets, and standards. I'm sure I could fumble my way through any kind of software but don't expect it done quickly if it's not my area of expertise.
You have to find a problem before you can fix it. All good programmers are hackers.
Programmers have the source code right in front of them, hackers usually don't. It's quite amazing what they can do taking shots in the dark.
depends. Desktop code, sure, reverse engineering from assembly takes some time but some good dissasemblers might be able to produce some C skeleton to start from. Though you might get lucky just exploiting the supply chain of bloated open source with a hellton of vulnerabilities deps/infra like glibc, apache or sudo.
But web code? Sure, minifiers exist but not every website uses them and even if their do, thanks to all the new stuff since ES5 you can for example spend way less time doing something like finding a Math.random() based, ergo cryptographically utterly broken PRNG.
Or for example you can easily rule out whether the website uses header-to-cookie based CSRF protection by just checking the console on any authenticated write-like request. The rest could be automated with things like zaproxy or selenium/curl-impersonate/puppeteer scripts.
"Hacking" also has plenty of specialties like programming. When I think of hacking my first thought is remote, non-http services. Webservers are fair game for hacking but they're also meant for public consumption so I'd guess monitoring is a bit more severe (not that companies don't skimp on intrusion detection).