I wonder if this was made by AI or a shit programmer
-
I found a bad programmer!
I found someone who hasn't yet made their big dumb mistake. Give it time.
-
I found someone who hasn't yet made their big dumb mistake. Give it time.
I've dodged the bullet for 20 years, now. I guess i had better get cracking
-
Not below average dev necessarily, but when posting code examples on the internet people often try to get a point across. Like how do I solve X? Here is code that solves X perfectly, the rest of the code is total crap, ignore that and focus on the X part. Because it's just an example, it doesn't really matter. But when it's used to train an LLM it's all just code. It doesn't know which parts are important and which aren't.
And this becomes worse when small little bits of code are included in things like tutorials. That means it's copy pasted all over the place, on forums, social media, stackoverflow etc. So it's weighted way more heavily. And the part where the tutorial said: "Warning, this code is really bad and insecure, it's just an example to show this one thing" gets lost in the shuffle.
Same thing when an often used pattern when using a framework gets replaced by new code where the framework does a little bit more so the same pattern isn't needed anymore. The LLM will just continue with the old pattern, even though there's often a good reason it got replaced (for example security issues). And if the new and old version aren't compatible with each other, you are in for a world of hurt trying to use an LLM.
And now with AI slop flooding all of these places where they used to get their data, it just becomes worse and worse.
These are just some of the issues why using an LLM for coding is probably a really bad idea.
Yeah, once you get the LLM's response you still have to go to the documentation to check whether it's telling the truth and the APIs it recommends are current. You're no better off than if you did an internet search and tried to figure out who's giving good advice, or just fumbled your own way through the docs in the first place.
-
Yeah, once you get the LLM's response you still have to go to the documentation to check whether it's telling the truth and the APIs it recommends are current. You're no better off than if you did an internet search and tried to figure out who's giving good advice, or just fumbled your own way through the docs in the first place.
whether it's telling the truth
"whether the output is correct or a mishmash"
"Truth" implies understanding that these don't have, and because of the underlying method the models use to generate plausible-looking responses based on training data, there is no "truth" or "lying" because they don't actually "know" any of it.
I know this comes off probably as super pedantic, and it definitely is at least a little pedantic, but the anthropomorphism shown towards these things is half the reason they're trusted.
That and how much ChatGPT flatters people.
-
Believe it or not a lot of hacking is more like this than you think.
I think that’s less about “hacking” and more about modern day devs being overworked by their hot-shit team lead and clueless PMs and creating “temporary” solutions that become permanent in the long run.
This bucket was probably something they set up early in the dev cycle so they could iterate components without needing to implement an auth system first and then got rushed into releasing before it could be fixed. That’s almost always how this stuff happens; whether it’s a core element or a rushed DR test.
-
Social engineering is probably 95% of modern attack vectors. And that's not even unexpected, some highly regarded computer scientists and security researchers concluded this more than a decade ago.
This has been the case for 40+ years. Humans are almost always the weakest link.
-
This post did not contain any content.
Disabling index and making the names UUID would make the directory inviolable even if the address was publicly available.
-
This post did not contain any content.
Does anyone have a source for this?
-
It's a public firebase bucket
That should be criminally negligent.
-
This post did not contain any content.
Peak Vibe Coding results.
-
Bananas as a Service
bananas in pyjamas
-
Does anyone have a source for this?
wrote on last edited by [email protected]The original article is paywalled (I mean, registration-walled?), this summary is not
404 Media reported that 4chan users claimed to be sharing personal data and selfies from Tea after discovering an exposed database.
-
What was the BASE_URL here? I’m guessing that’s like a profile page or something?
So then you still first have to get a URL to each profile? Or is this like a feed URL?
wrote on last edited by [email protected]Possibly from the decompiled APK. 404media reported that they found the same URL as the posted one in the APK (archive link).
-
This post did not contain any content.
who'd have thought that javascript and client side programming was incredibly susceptible to security flaws and deeply unsafe
-
who'd have thought that javascript and client side programming was incredibly susceptible to security flaws and deeply unsafe
As much as I dislike JavaScript, it isn't responsible for this. The person (or AI) and their stupidity is.
-
whether it's telling the truth
"whether the output is correct or a mishmash"
"Truth" implies understanding that these don't have, and because of the underlying method the models use to generate plausible-looking responses based on training data, there is no "truth" or "lying" because they don't actually "know" any of it.
I know this comes off probably as super pedantic, and it definitely is at least a little pedantic, but the anthropomorphism shown towards these things is half the reason they're trusted.
That and how much ChatGPT flatters people.
wrote on last edited by [email protected]Yeah, it has no notion of being truthful. But we do, so I was bringing in a human perspective there. We know what it says may be true or false, and it's natural for us to call the former "telling the truth", but as you say we need to be careful not to impute to the LLM any intention to tell the truth, any awareness of telling the truth, or any intention or awareness at all. All it's doing is math that spits out words according to patterns in the training material.
-
who'd have thought that javascript and client side programming was incredibly susceptible to security flaws and deeply unsafe
who'd have thought that being shitty programmer was incredibly susceptible to security flaws and deeply unsafe instead of javascript
-
Disabling index and making the names UUID would make the directory inviolable even if the address was publicly available.
Sounds like a good case for brute forcing the filenames. Just do the proper thing and don't leave your cloud storage publicly accessible.
-
Sounds like a good time
-
Social engineering is probably 95% of modern attack vectors. And that's not even unexpected, some highly regarded computer scientists and security researchers concluded this more than a decade ago.
The percentage is closer to 75% than 95%.
