it's insulting to refer to them as kids and criticism like this is only helpful if you give examples: this article does not do that, just making wide sweeping statements about "how bad" it all is. i had a quick look at github, it didn't look like it stunk, but i don't know ruby nor the framework they use.
they didn't appear to use pbkdf2 or similar to derive their crypto keys, so that isn't good. but at least they didn't make up their own algorithm (though maybe they're making their own crypto protocol--hopefully not--i couldn't tell from the code).
it's very easy to say "this sucks", it's harder to say "this sucks and here's why" and it's even harder to say "this suck and here's why and here's how i do it in my deployed product"
I call everyone 'kids,' it's not meant to be offensive. I'm 24 myself.
The 'here's why' part gets tricky with security stuff. I don't want to be complicit in people trashing accounts. And if you read, I did submit patches.
And they are making up their own protocol. It's currently not documented.
they didn't appear to use pbkdf2 or similar to derive their crypto keys, so that isn't good. but at least they didn't make up their own algorithm (though maybe they're making their own crypto protocol--hopefully not--i couldn't tell from the code).
it's very easy to say "this sucks", it's harder to say "this sucks and here's why" and it's even harder to say "this suck and here's why and here's how i do it in my deployed product"