this post was submitted on 25 Jul 2025
614 points (98.1% liked)
Technology
73232 readers
4604 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Horrible practices by this app yes still can't help but feel anon seems to think he is a hacker for writing a python script to scrape a public database. Also scold app devs for not dealing with sensitive information carefully, release them in the most vile online platform possible so you can boast about your average python scripting skills?
That's exactly what hacking is.
'90s hacking movies may have given you a different idea of what cybersecurity looks like, but this is what the real world is like
Also, Google deserves a scolding here. Firebase's default configuration is absolutely atrocious. One of the few critical vulnerabilities I've seen where the system is working as intended. Dubbed the hospital gown vuknerability because they leave the backend wide open by default
I'm going to get on my grumpy old man soapbox. I understand making things idiot proof for end users. End users are idiots. But do we have to make things super safe for developers now too? Do we want to add a warning to rm so we don't accidentally remove the wrong directory?
Any developer who doesn't know to check permissions and accessibility on their database deserves to have their AI vibe coding bot taken away.
I mean this is just writing a script to access a public database, this is not even exploiting a code vulnerability. So there is an area between digital number waterfalls on the screen and accessing a public database which I would consider more of hacking.
This is a super weird point to focus on from that whoooole situation.
Not to me, yes the app sucks, yes the use case of the app also sucks, yes devs are either super green or even mostly AI (these have been discussed extensively and I agree with all).
But can't commend public release of such sensitive data in such a place. You can still bury this app and the company without compromising people's sensitive data. Makes for less of a show and less opportunity to boast but yea.
Solely blaming the devs tells me you have no experience with Firebase security
No I don't but if the firebase sucks isn't it devs job to be knowing this? They might have warned their supervisors and simply disregarded, that is also another possibility in which case the blame obviously goes to higher up not the devs.