This is a super weird point to focus on from that whoooole situation.
iAvicenna@lemmy.world 8 months ago
Horrible practices by this app yes still can’t help but feel anon seems to think he is a hacker for writing a python script to scrape a public database. Also scold app devs for not dealing with sensitive information carefully, release them in the most vile online platform possible so you can boast about your average python scripting skills?
Knoxvomica@lemmy.ca 8 months ago
iAvicenna@lemmy.world 8 months ago
Not to me, yes the app sucks, yes the use case of the app also sucks, yes devs are either super green or even mostly AI (these have been discussed extensively and I agree with all).
But can’t commend public release of such sensitive data in such a place. You can still bury this app and the company without compromising people’s sensitive data. Makes for less of a show and less opportunity to boast but yea.
Taldan@lemmy.world 8 months ago
yes devs are either super green or even mostly AI
Solely blaming the devs tells me you have no experience with Firebase security
iAvicenna@lemmy.world 8 months ago
No I don’t but if the firebase sucks isn’t it devs job to be knowing this? They might have warned their supervisors (or higher up) and simply disregarded, that is also another possibility in which case the blame obviously goes to them not the devs.
Taldan@lemmy.world 8 months ago
That’s exactly what hacking is.
'90s hacking movies may have given you a different idea of what cybersecurity looks like, but this is what the real world is like
Also, Google deserves a scolding here. Firebase’s default configuration is absolutely atrocious. One of the few critical vulnerabilities I’ve seen where the system is working as intended. Dubbed the hospital gown vuknerability because they leave the backend wide open by default
surewhynotlem@lemmy.world 8 months ago
I’m going to get on my grumpy old man soapbox. I understand making things idiot proof for end users. End users are idiots. But do we have to make things super safe for developers now too? Do we want to add a warning to rm so we don’t accidentally remove the wrong directory?
Any developer who doesn’t know to check permissions and accessibility on their database deserves to have their AI vibe coding bot taken away.
iAvicenna@lemmy.world 8 months ago
I mean this is just writing a script to access a public database, this is not even exploiting a code vulnerability. So there is an area between digital numberfalls on the screen and accessing a public database which I would consider more of hacking.