Hacker News

A collection of technical things every software developer should know (2017)

2025-09-2218:258546github.com

A collection of (mostly) technical things every software developer should know about - mtdvio/every-programmer-should-know

You can’t perform that action at this time.


Read the original article

redbell

Karma: 11403
...
 @Hacker__News
@hacker._news

Comments

  • By hu3 2025-09-2219:082 reply

    If you are starting your career and panic reading such list, that would take years to learn, if even. Don't worry.

    Most of these items are more like nice to know than should know.

    Yeah it would be great if every software developer knew everything. But I doubt even the repository owner know all that is listed.

    My best advice to newcomers is get your hands dirty and stay away from endless hours of courses, YouTube videos and "awesome lists".

    • By sho_hn 2025-09-2219:38

      Absolutely. This kind of list isn't the price to entry.

      Toward the middle of your career you should have a reasonable understanding of roughly what's in all of those and why someone cared to write them down, and be able to know when to consult them. And you will know at least a few of them very well.

    • By mr_mig 2025-09-2221:171 reply

      The repository owner does not know everything, and has already forgotten many things he used to know from the list

      But it’s a distilled and curated list of the resources I’ve found important to have at hand and revisit periodically

      • By hu3 2025-09-2222:401 reply

        That's nice and all except the title is misleading and discouraging to new devs. I would even put a disclaimer on top of fixing the title.

        But I guess it wouldn't be clickbaity then.

        • By mr_mig 2025-09-2311:16

          There is a disclaimer, but not very clear I guess

  • By hangonhn 2025-09-2219:071 reply

    I'm a little surprised by the answers in "Cryptographic Right Answers". Both libsodium and Chacha20-Poly1305 are not FIPS-compliant. "AES-GCM" is but it has important gotchas in regards to the IV and per key data volume. "AES-GCM-SIV" is more resilient but "AES-GCM-SIV" isn't FIPS compliant either but there is a proposal underway to certify it. So the cryptographic right answer is "it depends". FIPS compliance may not matter to some people but it does a lot to others depending on the context.

    I think the safe answer is AES-GCM using envelope encryption?

    • By NoahZuniga 2025-09-2219:361 reply

      If you use libsodium, its very hard to screw up your encryption. If you use AES-GCM, it sounds at least like you can screw it up. Surely you'd want to use the first one?

      • By hangonhn 2025-09-2220:351 reply

        Totally agree with you on this but I think in some settings FIPS-compliance is a requirement -- especially anything to do with the Federal government. The obvious fix is for FIPS to catch up but until then the three choices the document listed aren't great. The first two don't meet the requirements and the last choice, as you've pointed out, can be a bit of a foot gun. I wonder if AES-CBC-HMAC (i.e. Fernet) should be listed as a choice for FIPS? Like keep the original 3 and then have a sub-heading: FIPS-compliant: AES-CBC-HMAC or AES-CTR-HMAC like it did originally.

        • By allersj 2025-09-2220:59

          That list is geared towards developers who don't have a strong background in cryptography and helping them choose a secure algorithm that is easy to implement. Because if you get it wrong, more vulnerabilities will be introduced.

          Working around janky compliance standards is a whole separate topic.

  • By random3 2025-09-2219:36

    :) Soon to be renamed to "a historical collection of things every software developer had to know about."

    Will start with "software used to be..."

HackerNews

About