• REDACTED@infosec.pubEnglish
      111·
      23 hours ago

      At least they had real intelligence, doing stuff like this is basically so stupid you’d be clinically braindead

    • _stranger_@lemmy.world
      18·
      1 day ago

      Has the general discourse settled on a proper epithet for this new version?

      “vibe coders” doesn’t feel derogatory enough.

      • 2deck@lemmy.world
        6·
        13 hours ago

        Agreed, they’re getting off light. I’ve worked with people who felt the code, but werent always able to communicate their ideas. I’d say theyd fit the idea of vibe coding without ai.

        The concept is taken, and doesn’t describe the intent well. How about “pseudocoders”.

        • SpaceCowboy@lemmy.ca
          2·
          5 hours ago

          Yes. The original post that coined the term was using “vibe coding” to indicate how problematic it is to build software by generating code based on vague prompts.

          But a lot of people didn’t read the entire post and just thought the term sounded cool and used it as if it was positive thing.

          Now we’re seeing the negative impacts of vibe coding, just as the original post predicted. So it started as derogatory, somehow became something positive, but it’s going back to being derogatory again.

        • _stranger_@lemmy.world
          3·
          1 day ago

          My point entirely. It’ll probably stick though. Ah well, I’m sure script kiddies were called far more derogatory things that didn’t stick either.

  • katy ✨@piefed.blahaj.zoneEnglish
    20·
    1 day ago

    i’m ashamed to say that took me a while to figure out what was wrong mostly because i didn’t think someone would be that dumb.

  • Treczoks@lemmy.world
    25·
    1 day ago

    This could be vibe coding, or just an intern “doing the web site”.

    Neither should have write access to production code.

    • katy ✨@piefed.blahaj.zoneEnglish
      6·
      1 day ago

      i mean either one of those fucked up but it’s also on the qa/testing team and the deployment team that they let it GET to production.

      • Petter1@discuss.tchncs.de
        1·
        6 hours ago

        O saved the ass of the company I worked for at software QA multiple times 🤭

        Most of the time, it was just miscommunication between decision makers and devs and I had to explain to both why it is not working how it is now and that none of them is clearly to blame for the situation.

        I still work for that company, but manage IT infrastructure now, but I am confident that my successor will still do good job, than unlike me, he has a proper education in programming, 😂 I was literally in vibe code state

        (Thank you AI)

      • melfie@lemy.lol
        4·
        1 day ago

        You mean the QA teams a lot of companies laid off because management decided the developers (and now AI) can just write all the automated tests?

  • prettybunnys@sh.itjust.works
    15·
    1 day ago

    This could also be a funny translation issue.

    My bank sends a text message to me with the first code and a second code I enter.

    They tell me the first code in a similar way so I can verify they sent it to me, then I enter the other code in the text.

  • -RJ-@lemmy.worldEnglish
    51·
    2 days ago

    That’s up there with: "You cannot use this password, it’s already in use by … "

    • rumba@lemmy.zipEnglish
      6·
      1 day ago

      When I first added 2fa to page, I had a bug and made it do that to compare the values.

      production or test, it’s likely debug code.

    • mcv@lemmy.zip
      17·
      12 hours ago

      What!? It’s more user friendly this way. No need to make the user switch to a totally different device when you can tell them right here!

      /s

      (I hate pointing out sarcasm, but it’s better not to risk it these days.)

      • Cousin Mose@lemmy.hogru.ch
        1·
        1 day ago

        Even with autofilling it on iOS, macOS you still have developers that need to fuck with form fields using JavaScript because they think they’re smarter than you.

    • nogooduser@lemmy.worldEnglish
      142·
      2 days ago

      It’s better than nothing and some people would really struggle to do other types of 2FA.

      • djsoren19@lemmy.blahaj.zoneEnglish
        8·
        1 day ago

        I’ll be homest with you, some people really struggle with email 2fa. The amount of working Americans I have spoken with who don’t understand how to have two tabs open at once is genuinely frightening.

      • nogooduser@lemmy.worldEnglish
        141·
        2 days ago

        App based 2FA is better. Either the app generates a time based code that you enter into the site or the site sends a push notification to the app asking you to verify the login attempt.

        Passkeys are good too as they replace the password completely and leave the 2FA part to the device.

          • Opisek@piefed.blahaj.zoneEnglish
            4·
            2 days ago

            If it’s alright with your threat model, you can put the time-based OTPs into your password manager of choice, like Bitwarden. Upon filling your username and password, it places your OTP in your clipboard, so that you can simply paste it in. This does of course reduce the security of the system slightly, since you centralize your passwords and your OTPs. When opting for this method, it is therefore imperative to protect your password manager even more, like via setting up 2FA for the password manager itself or making sure your account gets locked after something like 10 minutes of inactivity. The usability aspect is improved by using a yubikey or another similar physical key technology.

            • Victor@lemmy.world
              2·
              2 days ago

              Very good point. I have Bitwarden set up as a passkey for at least one account. I should remove that. 👍

              • Opisek@piefed.blahaj.zoneEnglish
                2·
                1 day ago

                Well, they’re not a bad thing per se, it’s just important to remember that by doing that you are essentially delegating the access security (including any means of MFA) from the target website to the password manager. I.e., instead of inputting password and 2FA code for example.com, you have to input your password and 2FA code for the password manager itself. This has the same security guarantees, so long as you don’t set your vault to—for example—never lock automatically.

                For the case of passkeys, using Bitwarden, even with 2FA does reduce the security level in my eyes somewhat, since I’d argue passkeys to be a more secure measure than password + OTP. Unless, of course, you use a different passkey to authenticate yourself to Bitwarden.

                TLDR; be careful about putting everything inside Bitwarden. You’ll be fine if you make sure to protect your password manager adequately, but if you put OTP secrets (or passkeys) for other website inside Bitwarden AND only use password authentication for Bitwarden without any MFA, then you are effectively reducing your MFA back to a single factor (the Bitwarden password).

                I’m afraid user authentication on the internet is broken beyond salvation. It’s already complex enough to grasp fully for tech-savvy people, meanwhile we’ve taught the general population to use password123 for all their accounts and write it on a post-it for a good measure.

          • nogooduser@lemmy.worldEnglish
            4·
            1 day ago

            You don’t for the one time codes because there is a standard that is supported by many authenticator apps.

      • PlexSheep@infosec.pub
        1·
        1 day ago

        TOTP, FIDO2 or not worrying about logins and just using {GitHub,Google,Microsoft,selfhosted.lan} as identity provider with OIDC

  • exu@feditown.comEnglish
    13·
    2 days ago

    Just delay accepting the numbers for 10 seconds to simulate the time needed to check SMS and type them.