Vibe coding your MFA

imallama@lemmy.world

That your company has an in-house software dev team is impressive. Does the revenue-generating business have access to that team?

Not OP, but in a similar situation. We have in-house dev for both tooling/infrastructure as well as revenue generation. For better or worse, leaders have neglected the software tooling and infrastructure that we use to build and deliver our revenue generating software for decades. Some serious cracks in the foundation showing and we might finally start fixing things.

lemmyingly@lemm.ee

We just sent the code, provide the phone number we sent it to

mynameisigglepiggle@sh.itjust.works

I'm a fan of AI, I know that's unpopular here but I think it's a cool tool.

But you need to know what you are doing and how to program. I've said before we are going to see sooo much of this

The reality is we will always need engineers. Certainly not ready yet, but we probably won't always need "programmers" - which is a shame because I do get a kick out of solving a really complex problem in a super elegant way

hugenerd@lemmy.ca

Oh I know, I was expecting some sort of slam on vibe coding and AI about how to use it in the most outlandish way possible.

theeighthdoctor@lemmy.zip

I've seen very similar in the wild, the webapp would send a request to the API with the numbers so that the captcha image was generated

fundmecfsresearch@lemmy.blahaj.zone

I’m embarrassed by how long it took me to see an issue.

buttnugget@lemmy.world

We’re so used to seeing this kind of setup that it just seems normal lol

elrik@lemmy.world

Even if it didn't outright display the code you need to enter, my guess is this and similar implementations hide further vulnerabilities like: the numbers aren't generated with a secure random number generator, or the validation call isn't resistant to simple brute force quickly guessing every possible number, or the number is known client side for validation, etc.

mystikincarnate@lemmy.ca

Honestly, probably not much less secure than SMS.

dragontypewyvern@midwest.social

Yep. There's going to be some absolutely massive breach at some point that hurts a lot of people.

ourkaos@lemmy.today

It probably just always displays the one code.

knock_knock_lemmy_in@lemmy.world

This doesn't ring true. How are you defining this homogenous class?

no_username@lemm.ee

what if 435841 is the most secure 6 digit numerical code?

why use another?

valmond@lemmy.world

I use the random number 4, I even rolled a dice to get a real random number instead of those "pseudo" random numbers. (XKCD?)

hakunawazo@lemmy.world

grue@lemmy.world

Well, maybe it's less a "class" and more a "good ol' boy's club."

randelung@lemmy.world

AI is a tool like any other. I wouldn't turn on a power tool, set it down in a construction site, and expect everything to be done the next day.

Copilot saves a lot of time and mental load. I'd never let it vibe code, though. Suggesting is all it gets to do.

decended_being@midwest.social

I counted the boxes and compared to the number of digits.

agent641@lemmy.world

No amount of vibe coding will ever be able to match the absolute atrocities produced by a first year engineer

knock_knock_lemmy_in@lemmy.world

There are definitely clubs. Harvard clubs, Mckinsey clubs, Goldman Sachs clubs, masons rotary clubs.

But only people who did MBAs together are in the same club. The qualification means next to nothing, only the specific personal connections made.