Hacker News new | comments | show | ask | jobs | submit login

Poorly written post on several fronts. The English is poor (forgivable), but the points made about the structure and security of wikis are not well taken, and reflect of misunderstanding of WikiNature (http://c2.com/cgi/wiki?WikiNature).

On a more practical level, the post points out some flaws in EmacsWiki, asserts that some arbitrary alternatives would be better (MediaWiki vs. OddMuse), but does not propose a path to get there from here or explain how the switch would be worth the work.

Personally, I think it would be kind of neat to convert the EmacsWiki into OrgMode, push it to a Git repo and publish it the way Worg is published.

I disagree that you can handwave around public editing of executable code that is by convention copied and pasted to hundreds of machines by invoking "WikiNature".

I agree that unsecured editing of code is a problem, and I did not mean to imply otherwise. I recommend reading "On Trusting Trust" if you're interested in such issues.

There are already other mechanisms in place to distribute Emacs code, like any of the Emacs package managers and Git, and yet EmacsWiki continues to be a place where code is collected and discussed.

I don't think moving to another wiki system would change that, since any other wiki system would have the same shortcomings as OddMuse in this respect. There is a straight trade-off between maintaining security on wiki pages and their utility. OddMuse does a good job, like all wikis, of keeping a page history that allows all edits to be audited. A new wiki might prevent editing of the code, or only allow editing by "verified" users, but that still provides no real improvement to security, since anyone can sign up and post code. Neither, incidentally, does a Git repository like GitHub or Gitorious; if you're unwilling to read and understand the code you download, you still have to put your faith in folks you don't know. Even if you do read and understand the code, you still can't be sure.

More importantly, however, is your implied assertion that security is a problem in practice. Have there been any cases where malicious code was posted on EmacsWiki? Did it cause harm?

I'm getting the feeling like "publicly editable code" is a manufactured issue to be divisive, but I could just be unaware of a security problem that has been pervading the Emacs community.

I have no idea why 5 paragraphs of message board comment is supposed to get me to ignore the fact that anyone on the Internet could backdoor my Emacs by editing a wiki page.

He's right; community code is a model that works on Github and absolutely does not work on an unauthenticated Wiki.

Well, there goes my relaxing afternoon. ;)

At least I'm pretty sure I don't have many emacs packages that originally came from a file on Emacswiki...

I looked too. Crazy that it took a Batsov post to get me to realize how dumb that system is.

I don't agree with the post on many levels. But "The English is poor"? That complaint sounds like a low blow. Native speakers are a minority of total English speakers, and the majority may have something to say, too.

I'm still giving you an upvote because you bring up Worg.

It certainly wasn't meant to be a low blow...I apologize if it came off that way. I meant it as part of a larger argument to support my impression that the post was not well thought out.

Well, that's a first (regarding my "Poor English"). You shouldn't confuse poor English with poor proofreading, though :-)

I wouldn't have called it poor English! I wouldn't have guessed from the text that you aren't a native English speaker - I had to check your About page to be sure.

Your writing isn't as polished as, say, Paul Graham's writing, but then very few people can write at that standard.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact