Programmer Humor

19488 readers

1034 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

[email protected]

858

Me after I got fired (feddit.de)

submitted 9 months ago by [email protected] to c/[email protected]

68 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 12 points 9 months ago (1 children)

It's not hard to do. What would be hard would be getting it through code review. Like the example provided.. how would that ever get through code review for a merge? Must not be a well-protected code base?

[–] [email protected] 12 points 9 months ago (1 children)

Publish your own package to PyPI that on import does some evil stuff. Name the package something similar to a known, but not too well known package. Supply chain attacks are even less defended against than other stuff.

All this relies on companies being shit though, but well, we all know that's the case in a lot of places.

[–] [email protected] 7 points 9 months ago

Yea... pipeline and dependency auditing isn't trivial if you want to catch the subtle stuff. Even most of the devs that know how to do it are going to respond with, "above my pay grade..." unless they're somehow actually getting paid enough to be arsed to do it correctly...