I wonder if this was made by AI or a shit programmer
-
What big advantages does pathlib provide? os.path works just fine
- Everything is in one library which offers consistency for all operations.
- You can use forward slashes on Windows paths, which makes for much better readability.
- You can access all the parts of a pathlib object with attributes like .stem, .suffix or .parent.
- You can easily find the differences between paths with .relative_to()
- You can easily build up complex paths with the / operator (no string additions).
Just off the top of my head.
-
Yeah the internet by design is a public space, and we must be responsible and treat it as such when handling sensative data.
Again, it was very wrong for people to take that data and especially to post like that.
The company also has to do their part and produce at least some kind of barrier to the data.
Even using UUIDs and making sure the data wasn't query-able would have been something.
The web is a public space by design. The internet? I don't think you can make that case well. Https and all that. Private infra abounds.
-
- Everything is in one library which offers consistency for all operations.
- You can use forward slashes on Windows paths, which makes for much better readability.
- You can access all the parts of a pathlib object with attributes like .stem, .suffix or .parent.
- You can easily find the differences between paths with .relative_to()
- You can easily build up complex paths with the / operator (no string additions).
Just off the top of my head.
wrote on last edited by [email protected]if you don't need those, why burden the program with another dependency?
-
if you don't need those, why burden the program with another dependency?
It's in the standard library, just like os or shutil.
-
That's not a "senior developer." That's a developer that has just been around for too long.
Secrets shouldn't be in configurations, and developers shouldn't be mucking around in production, nor with production data.
That's just a senile developer
-
Terrible analogy. You have permission to read books in a library.
Forgetting to lock your door isn't granting permission to people enter your house, and it doesn't grant people permission to take your valuables. It may be neglectful to leave your door unlocked, but it doesn't imply granting permission to enter your house.
Same goes with computer security. Leaving your computer insecure may be neglectful, but it does not imply someone has permission to take your data.
Then how do I know what I am not allowed to access?
In this specific case there was no (formal) indication that the data was out of bounds.
I can't put 10 pdf files in a web dir and claim 5 are public and 5 are private, then charge you with a crime for viewing them.
You can't have "unauthorized access" when there's no authorization at all
-
This post did not contain any content.
dev came from marketing. pictures wouldn't show up with all that security enabled.
-
Then how do I know what I am not allowed to access?
In this specific case there was no (formal) indication that the data was out of bounds.
I can't put 10 pdf files in a web dir and claim 5 are public and 5 are private, then charge you with a crime for viewing them.
You can't have "unauthorized access" when there's no authorization at all
If I'm clicking around on a website and find a gallery of images, that's something I'm supposed to have access to. If I start typing in URLs that aren't linked anywhere on the site, then I'm accessing stuff the site hasn't explicitly indicated I have access to. If I'm doing this with the intent of getting data and distributing to others, then yeah that would be illegal.
The law allows for someone to exercise judgement. The people who do this are not so coincidentally called Judges. If the 4chan guys had have been white hat and reported the issue to the site owners, then they'd be fine. But it's obvious to anyone their intent was to get private information, they poked around to find some private information, and then distributed that private information to others causing a privacy violation. Yes, it was easier to do than it should have been, but it's obvious they had malicious intent and it's obvious they were accessing information they weren't supposed to access.
A crime being really easy to commit doesn't make it no longer a crime. Many times I've seen things that I could easily steal, but I don't steal things when I have an opportunity to do so because a) stealing is wrong and b) saying "they just left this thing out there in a place anyone could steal it" would not be any kind of legal defense. Simply because you're presented an opportunity to do a crime doesn't mean it's acceptable to do a crime, both legally and morally speaking.
-
This post did not contain any content.
crack heads, meth heads, what's the diff
-
This post did not contain any content.
These people should serve jail time. I'm not kidding.
-
An app called Tea
was marketed as a safespace for women and used government issued IDs as a way to verify users.4Chan users leaked all of the IDs onto the larger internet.
So it essentially became a honey trap, either through malice or sheer incompetence.
-
- Everything is in one library which offers consistency for all operations.
- You can use forward slashes on Windows paths, which makes for much better readability.
- You can access all the parts of a pathlib object with attributes like .stem, .suffix or .parent.
- You can easily find the differences between paths with .relative_to()
- You can easily build up complex paths with the / operator (no string additions).
Just off the top of my head.
wrote on last edited by [email protected]I suppose os.path is simpler? It's a string and operation.
Python is all about 'attention efficiency,' which there's something to be said for. People taking the path of least resistance (instead of eating time learning the more complex/OOP pathlib) to bang out their script where they just need to move a file or something makes sense. I'm with you here, but it makes sense.
...Also, os.path has much better Google SEO, heh.
-
These people should serve jail time. I'm not kidding.
wrote on last edited by [email protected]I'm no lawyer, but this seems like at least grounds for a class action lawsuit, I would think. Like, it seems like privacy and security is implied (however ironic for an app like this) when requiring users to upload their PII.
Also, I assume their privacy policy didn't mention that they were just gonna publish their users' PII.
-
It can be both. The company can be at fault for not keeping something secure while the people who steal the data are at fault for stealing data. Data leaks and hacks are not mutually exclusive.
I don't disagree with your main point, but I'm not sure it's really even "stealing", as that means to take without permission. In this case, the storage permissions were configured so that the files were publicly available to everyone, so everyone had permission to access them.
Semantics though. It's still unethical to access that data, even if it's not technically stealing.
-
So it essentially became a honey trap, either through malice or sheer incompetence.
wrote on last edited by [email protected]Well, I get what you mean, but a "honey trap" idiom in English, also called a "honeypot scheme", usually refers to utilizing romantic connections to influence people to make decisions or release confidential information.
-
There's nothing wrong with eating a banana with a knife and fork, either.
Except living with the shame.
Most monkey-esque insult
-
This post did not contain any content.
Guess someone spilled the tea
-
This post did not contain any content.
Almost definitely both were involved.
-
The web is a public space by design. The internet? I don't think you can make that case well. Https and all that. Private infra abounds.
The data was on the public web in this case
-
Yeah, if I leave my house door wide open for a few weeks and I get robbed, it's still burglary.
Terrible analogy. A webserver is not at all like a door. It doesn't block or allow traffic to and from your file system.
A web server is more like a receptionist. It handles requests. "Can I have your basic catalog?" "Certainly, here you go."
"Can I get this item from your basic catalog?" "Certainly."
"I don't see it in your catalog, but my buddy said he got this other item from you. Can I have this other item too?" "Absolutely."
"Can I borrow your stapler?" Sure. "How about a pad of paper?" "Of Course". "Can I just have the contents of your supply closet?" "Here you go." "How about your accounting files, can I get those?" "No problem!" "How about your entire customer list?" "Consider it done!"
When you hire a receptionist and specifically tell them to give customers anything they request, that's entirely on you. You have to at least make a token effort to restrict access to only authorized users before you can even claim that a particular user was unauthorized.
This wasn't burglary. This was putting up signs that say "come in" and labeling everything in your house with "free" stickers.
