but it shipped. how many projects do each of us have that just sit in a repo somewhere that we never ship because "it's just not ready yet" or because we fear public scrutiny of our code. i'll speak for myself because there's easily a handful of projects that are probably ok to "ship" but that i let stagnate because i worried about this sort of comment.
and honestly, it doesn't matter. the author has no responsibility to you or to anyone to write hardened production-ready code. if his app gets rooted, it's on him, and it's honestly the responsibility of everyone that runs it to determine if that's a risk they're willing to live with.
but the quality of the code has little bearing on the fact that this product didn't exist some while ago and now it does. maybe it'll influence somebody to create a desktop version or to contribute some security fixes, or maybe it'll just spark some design discussion. it shipped and irrespective of its quality, it's making at least one person more productive.
Unescaped user input which reads/writes/etc to the filesystem. Intermix of PHP4/5 all over the place. Zero separation of presentation and business logic. It also has code which references a MySQL database and missing library files.
Can we just all collectively downvote this and/or change the title to "Daily WTF: ..."
Someone clearly made a project that works for what they want, so shame them? I'm pretty sure HN is supposed to more about learning and growth than about putting others down to show off your pre-existing knowledge, discouraging them from growth or discouraging others from helping them grow.
Your "criticisms" aren't even valid criticisms, they're hyperbolic. Zero separation of presentation and business logic? I looked at the code. Zero separation means everything is in one file. Yes, the author mixes presentation and logic in many instances, but where is the presentation code in the file node.php? Oh, look, some business logic is separated to its own file, just like one would expect with "zero separation". Seriously, why should we throw a hyperbolic insult that doesn't even address the problem? I can't think of any good reason to be destructive here.
EDIT: After discussing this more in replies, I found the guidelines for Show HNs. It looks to me like these comments violate the guidelines for Show HN comments. If HN is going to be comfortable place for people to share their work, this shit needs to stop. Every time I see shit like this I think about how little good it does to post a Show HN unless you already have a business behind the project. Even when there's low-hanging-fruit that one could easily help with, some "rockstars" would rather make insults than contributions.
You point out one example where it's somewhat separate and I can point out many where it's not. I can also point out numerous massive security flaws, utterly unused code, the obviously unprepared .DS_Store shit, and code which attempts to load missing libraries and SQL inserts when it's blatantly billed as "no database required"
This isn't some arbitrary work-in-progress "Show HN" project. It's being released and advertised as a fully working product which is quite the polar opposite, absolutely filled with security holes and should be approached with serious hesitation before someone were to actually utilize it.
I'd also argue every single one of my criticisms is incredible valid and hardly hyperbolic.
>You point out one example where it's somewhat separate and I can point out many where it's not.
That's great. You SAID "zero". And you pointed out zero examples to defend your statement. I pointed out one example that completely invalidates your statement, which is all that is needed. Because 1>0. Here, let me help. "Your application doesn't do a good job of separating business logic and presentation." Was that hard? I didn't say anything hyperbolic, I didn't recommend downvotes or call his application "WTF" in that statement. It WAS NOT HARD.
>I can also point out numerous massive security flaws, utterly unused code, the obviously unprepared .DS_Store shit, and code which attempts to load missing libraries and SQL inserts when it's blatantly billed as "no database required"
Did you do that, or did you try and insult the author? I see others in this thread pointing out specific issues that will help the author. You can't do that? Or is the author not worthy of your help, but somehow IS worthy of the time you spent to insult the author's project?
>I'd also argue every single one of my criticisms is incredible valid and hardly hyperbolic.
Sorry, but if you say "zero" and it's not true, that's hyperbole. It's either hyperbole or it's not, there's no such thing as "hardly hyperbolic." You exaggerated and you knew it was an exaggeration, OR you thought you were making a true statement. Either way, wrong.
My point is you are not offering anyone anything. Who do you help by insulting the author? The author? Or do you think you're protecting the world from bad software?
BTW, here's the rule I think you're violating:
>When disagreeing, please reply to the argument instead of calling names. E.g. "That is an idiotic thing to say; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
One could argue I'm breaking the same rule in arguing with you, though...
Sorry but I have to agree with meritt here. This a SHOW HN, and the project is not ready at all.
Even if one disegards bad architecture,the project suffers from too many security flaws. The creators should have a look at http://www.phptherightway.com/ which is really basic guidelines for any modern PHP project.
PHP suffers from bad rep because of developpers that clearly dont know what they are doing. They have client-side skills for sure.
But i would feel totally embarassed if someone linked to something i've made and that would look like the source code.
I'm not saying i'm a PHP "rockstar". But there are channels where beginners can get code reviews for free (IRC,reddit,...) before making a project official.
Or someone with the relevant domain knowledge could look at the ideas and consider whether this guy may be worth talking to or hiring onto the design team for a similar project. Otherwise some guidance would be nice.
The idea isn't to shove people out of the circle when they present something they've been working on.
