On Tue, 2011-03-22 at 11:36 -0400, Deny IP Any Any wrote: > On Tue, Mar 22, 2011 at 11:19 AM, Nathan Hamiel <[email protected]> wrote: > > Who in their right mind would use VI/VIM for doing actual development?
Quite many use VI/VIM and Emacs for such things. Usually those who use either use it for pretty much anything and everything. Can't even recall how many times I come across code with the VI stuff at the bottom. Though for all I know could be emacs, but pretty sure it was VI. > It's > > an editor and its use in development for anything beyond writing or editing > > simple scripts is just not smart. Well less than ideal, but not smart might be going a bit far. You have to have some intelligence to be using VI or Emacs in the first place. Its not like nano where the instructions are on the screen and its easy to use. I always have to go look up commands anytime I am forced to use VI. Emacs I don't believe I have ever touched. > If the developer were using an actual IDE > > he would have seen the beginning line underlined in red indicating a syntax > > error. The IDE would have alerted them to the fact there was a problem and > > it wouldn't have made it in to production in the first place. That's one > > takeaway Tumblr should be thinking about. > > > > The syntax highlighting in VIM would alert them to the invalid syntax, > if they were using it. Or any editor with syntax highlighting, be it an IDE or text editor including VIM. Though not all syntax highligters will display broken code, that typically is a feature of an IDE. Though the code/mistake likely would have been the wrong color either way. > More importantly, maybe they should have some Dev or QC servers. Or viewed the page right after modifications, which clearly did not happen or any form of testing or QA. But even worse than any editing tools or failure to do any QA. Who puts sensitive information directly into pages like that? That alone seems to be their biggest mistake. The rest would be minor and some what moot if they weren't putting sensitive information in pages like that. Even if no error, if that page is not parsed by PHP, you just gave them pretty much everything they need to exploit. Short of giving them a direct way in to exploit, access those resources. -- William L. Thomson Jr. Obsidian-Studios, Inc. http://www.obsidian-studios.com --------------------------------------------------------------------- Archive http://marc.info/?l=jaxlug-list&r=1&w=2 RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml Unsubscribe [email protected]
