The default settings of some libraries and tools are so useless, or even dangerous, that they should never be used. While they give the impression of being easy to use or performant, they actually represent traps for the unwary user. I look at some examples, consider the reasons why these bad defaults might have arisen, and offer some guidelines for setting up projects with good defaults.
Presented at PyCon UK 2017: http://2017.pyconuk.org/sessions/keynotes/unsafe-at-any-speed/
Links and resources:
Tom Eastman's Serialization talk: http://s3.eastman.net.nz/serialization/, https://www.youtube.com/watch?v=kjZHjvrAS74
Update! PyYAML seems to be safe by default as of 26th August 2017: https://github.com/yaml/pyyaml/issues/5
Li and Evans, Insecure by Default?: https://www.cs.virginia.edu/~evans/pubs/webframeworks2016/insecurebydefault.pdf
The Zen of Python: https://www.python.org/dev/peps/pep-0020/