undefined | Better HN

0 pointsevertedsphere2y ago0 comments

types have nothing to do with this, strictly speaking; the same problems would exist if you serialised structures containing functions in a typed language to e.g. a dll or a .class file and asked users to load it at runtime

the problem is in fact the far more subtle principle of "don't download and run random code, and definitely don't make it the idiomatic way to do things," and i'm not sure you can blame your use of eval()-like things on the fact that they exist in your language in the first place

0 comments

rowanG0772y ago

The difference is that no one shares data in a statically typed language by sending over dlls or .class files. The entire point is that something so dangerous has been normalized because of dynamic typing.

evertedsphereOP2y ago

poor engineering choices are just that, choices

rowanG0772y ago

Some tools make poor choices harder or impossible. That's the entire point of static typing too. In this case python encouraged insecure design choices by making them very easy and even presenting them to users.

j / k navigate · click thread line to collapse

0 pointsevertedsphere2y ago0 comments

0 comments

rowanG0772y ago

evertedsphereOP2y ago

poor engineering choices are just that, choices

rowanG0772y ago

j / k navigate · click thread line to collapse