Fuck, I’ll look at code I wrote like a month ago and be like, “what was I thinking?”. So I try to fix it, run into some stupid issue and be like, “oh, right.”
And this is why comments are useful on code who’s purpose or reasoning isn’t super obvious or even looks counter intuitive.
It’s not internal, but there are other private address ranges beyond 192.168.0.0/16. 10.0.0.0/8 is another common one. Container platforms like to use 172.16.0.0/12.
If it’s your only layer of security, it’s not good. But when a website doesn’t tell you whether or not an email account exists when you try a username and password, it’s still obscurity (you’re not confirming one way or the other) but it’s still a useful level of security. IPs are generally not given out for a reason. Most people don’t even realize they don’t get hacked simply because they aren’t targeted. That you even route local traffic via the internet is interesting to begin with and makes me wonder if you truly are prepared for a targeted attack. Maybe you decided it’s not worth the effort but maybe you don’t know how. I don’t know. But nonetheless, you’re making yourself more of a target.
If you hard code their services into your product, sure. But you should be abstracting away from that. Then it’s just writing new plugins instead of redesigning everything.
Your suggestion is incompatible with the current infrastructure of either Google Play or Apples’ App Store. It’s nearly impossible to do that you’re asking without severely limiting the app.
Games are actually a really bad example. They’re generally not written from scratch and use an engine. So there’s usually not a lot of work to keep it up to date. When they don’t make enough money from it though, they will retire it. It happens.
And Node modules? Are you kidding. The constant updates are usually security patches. If you’re properly using semver then it shouldn’t be an issue. You can either stick with the major or minor release depending on your needs. But those packages are also in your boat. Someone is developing them and patching them. They may drop old minor versions because they can’t support that many different releases. Because backwards compatibility is expensive.
Seriously, please tell me you’re at least securing whatever application you’re writing. Do you even do an npm audit (or yarn, whatever you use) and patch the findings?
Especially in web development, security is absolutely important. Sometimes yeah, you may not implement a feature. But that’s because your app lacks development resources like another developer. I’m sure it’s great to keep working on the exciting stuff like new features. But the “boring” stuff is still damn important.
That’s expensive. Increases the attack surface. Degrades performance by requiring more overhead. Bloats the size of the OS. Sure, you can care about backwards compatibility over all of that. But apps will likely continually get developed regardless of backwards compatibility. So there’s still cost.
Again. I’m afraid you lost your point somewhere. Development rarely is ever completed. If it’s truly “completed” then it’s an extremely simple app with no real value and probably not worth anything. If it has value and isn’t simple, then it can always be improved. So hosting isn’t the only reason for ongoing payment. Continued development is extremely legitimate. Is it possible someone might abuse it? Sure. But software development never stops. It will always go into sustainment after release and when sustainment is over, the app is retired.
I, uh, think your point is getting away from you here though, yeah? You can argue about the real intent (and we can pick and choose whatever OS you want), but the fact of the matter is OSes update for legitimate reasons and allowing older apps to run is expensive and/or insecure. App development does not and should never stop. Even Linux is patching vulnerabilities constantly. And new features do occur. Buying an app once is outdated in the connected age.
The permissions framework is a lot more than just claiming Google wants tracking all to itself. That’s conspiracy level shit. The permissions framework has undergone immense changes from earlier ones from small things like giving an app an approximate location instead of detailed to also allowing permissions to be given at the time it’s needed and to require asking every time. Did you even use older android? All the permissions were from the get-go and you had no idea how it was being used. Permissions are so much nicer and the sandboxing has evolved. Your understanding of permission changes is extremely naive and simple. Applications are much safer now than on earlier android. This is objective truth.
Compatibility mode basically means the runtime being used is a different one and any vulnerabilities that existed in that mode (not every one obviously) is now introduced. It’s why Windows XP compatibility mode requires admin rights because it’s entire authorization scheme was different and apps in that mode can do things that normally require elevated privileges. Microsoft recommends updating apps to not require compatibility mode for these very reasons. Even just the threat model alone is expanded due to the increased attack surface. I’m tired of developers who can’t take security seriously.
Compatibility mode is for software that isn’t being supported anymore. It also is a huge security vulnerability. Android doesn’t have it for a reason. Things usually fall out did too not updating the permissions to match the newer Android versions. That’s a good thing. I’m tired of developers who don’t consider security important.
And do you not agree with me? I’m confused. You’re talking about continuous development being a good thing. Are you not suggesting that is something that costs money? I don’t even know what your argument is anymore.
Is it difficult, sure. But not being easy doesn’t mean its wrong. And the expectation is more to do with keeping a job. You can’t just let your software go obsolete. And should software really be a cash cow where you write something once and you get paid forever? Doesn’t feel right to me.
With such a black and white view of bugs, sure. Eith how bugs work in the real world, it’s a lot more complex than that.
Did you just say progress is what’s wrong with software development? Really. Do you even know how software development works before criticizing how it works?
Honestly, there’s no such thing as bug free. I’m not in support of never ending bug support fixes for life. It just isn’t possible. Especially with new versions, etc. If you don’t give them upgrades, it now creates more work as you’re supporting multiple branches. This is why OSes have end of support. There will always be bugfixes.
I mean, if you want updates or fixes for bugs that’s on work that occurred after you paid? Or are you suggesting we go back to the old model of super expensive software that gets sunsetted in a few years anyway?
Development costs money. When you buy an app, development doesn’t stop. What kind of nonsense are you peddling here? How do you have such a rudimentary understanding of work and effort and how they all cost money?
Unless it’s using built-in cloud storage. Like some password managers “sync” via Google drive or OneDrive, etc.
For someone who gets paid hourly, I’m only willing to go so far with unpaid work past when I’m supposed to stop.