Looks like someone left their debug code in.
this post was submitted on 16 Jun 2025
1638 points (100.0% liked)
Programmer Humor
24266 readers
1340 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 2 years ago
MODERATORS
No amount of vibe coding will ever be able to match the absolute atrocities produced by a first year engineer
I’m embarrassed by how long it took me to see an issue.
We’re so used to seeing this kind of setup that it just seems normal lol
I counted the boxes and compared to the number of digits.
SAME. I did it like 3 times. And was like huh. Looks good to me.
Even if it didn't outright display the code you need to enter, my guess is this and similar implementations hide further vulnerabilities like: the numbers aren't generated with a secure random number generator, or the validation call isn't resistant to simple brute force quickly guessing every possible number, or the number is known client side for validation, etc.
what if 435841 is the most secure 6 digit numerical code?
why use another?
I use the random number 4, I even rolled a dice to get a real random number instead of those "pseudo" random numbers. (XKCD?)
This goes back even further, Randall is referencing the ps3 security, that has a constant instead of a random number. That allowed failOverflow to remove one variable and reverse the private key to sign ps3 apps.
The hitech world was crazy back then, I programmed the DS with some similar hack made by some dude on the internet. Fun times.
It probably just always displays the one code.
Maximized efficiency at the expense of security. Can happen to anyone.
The code is sent as part of a payload to the front-end for local validation
Yep. There's going to be some absolutely massive breach at some point that hurts a lot of people.
Honestly, probably not much less secure than SMS.
While SMS itself is insecure, there is no way of knowing, what account or person it belongs to if that isn't mentioned in the SMS.
Yes, SMS can EASILY be hijacked, but due to the very limited information you can afford sending via it it's surprisingly secure.
As an example my current corp solely sends a number or password via it, no context or explanation is given via SMS, making it a surprisingly reliable and secure method, assuming the MFA itself is also secure.
Spear phishing disagrees with you.
If you're targeting a specific individual, cloning their SIM or performing another number hijack or even intercepting their SMS in flight, are all viable.
For broader, more general attacks SMS is usually enough to keep anyone out.
I love it, hate having to check my phone for these, brilliant choice to put the code onscreen
It's just a failsafe, in case the vibe coded 2FA actually tries to send the code to a phone number where the first 6 digits are all x.
I achieve better results when I'm drunk-coding.
Gotta hit that Ballmer peak
The ballmer peak is real though.
I’ve written some code I’m quite proud of while drunk
During COVID, I was bullied by my bosses and severely depressed. I gave my 2 weeks notice and, as part of transferring the knowledge, I drank a few strong beers and made a Zoom presentation in front of 50 people about some obscure assembly language stuff that no one cared about because it was too weird yet essential for the company. After one hour of being perfect, I answered some questions and I went back to sleep.
I won't do it again though because it's bad for one's health, but it was awesome.
Do you also need to be drunk to be proud of it?
That’s my secret cap.
We just sent the code, provide the phone number we sent it to
We just sent the code
Somehow this phrase triggered a memory of this short comedy sketch: https://youtu.be/LButXcZ57pc
You're going to have a phase where very important software systems are going to be designed and maintained by people who are not developers in the traditional sense. LLMs give the MBA class an excuse to do cost cutting, which you're seeing across the board. This means either them or more junior developers will be brought in as glorified prompt engineers. The code they end up creating will be based on all the problems of the LLMs. Hallucinations, etc. After the dotcom boom and the move to digitize everything, the value of a company ended up becoming the software and data it produces. This gave the nerds a great employment leverage over the MBA class, because it's not like they were going to solve all the problems and digitize all the value. Now this trend is reversing, and the value of many non-software companies is actually in the software they produced over the past two decades. During this time, large amounts of jobs were lost after moving on premise hosting to the cloud. Now these same handful of tech companies who already own the infrastructure of an increasing number of companies, is also producing LLM agents that are meant to replace the brains and value behind their software. So if a group of AI companies like OpenAI, Microsoft, Amazon, Google, etc all start owning both the infrastructure, data and the brains to create and maintain the software, who really begins to own all of these companies over time?
At any rate, the failure potential of these changes are high and itself will hopefully create a lot of jobs by knowledgeable people who come in to fix the mistakes...
I'm already seeing a permutation of this at my workplace with Microsoft's low/no code automation frameworks. Power Platform I believe is the name. Also seeing it with some other proprietary automation tools.
While I respect the motivation of these business folks to try and automate their processes, it's distressing watching these people slap together something of equivalent quality to what I'd expect from freshman in an intro to programming course (I've been an assistant for some of those classes, it's not pretty) and then try and balance all sorts of business critical stuff on top of their mess.
What is extra frustrating is that we already have in-house software devs for this sort of stuff. They're already understaffed, but this motivation for automation could be a perfect opportunity to right-size that team, build a proper "tech project management" group, and really start to lean hard into making the best use of all these tools. Instead, a few enterprising project managers took a single continuing education course for some proprietary automation software and somehow got the office politics clout to spin it into an entire department based around their little pet system.
Meanwhile I'm sitting here in Systems Admin and Enterprise Architecture land watching these half assed "solutions" eating absurd amounts of resources to do shit that could be accomplished with a small DB and maybe 1k lines of code.
No, you cannot have a VM with a fucking 1TB drive. We've seen the files that go into and out of your current systems and if you found some way to bloat those into anywhere close to 1TB then something is seriously wrong.
PowerBI especially, they keep sending all their queries to the first gateway server we built instead of spreading them over the multiple ones we have. The end up maxing out the RAM and bringing the primary gateway down. Now, it should automatically offload new queries to the other gateways when one gets full, but queries are handled by batch, so if one batch is too big it can't split that batch over multiple gateway servers. We've reached the point where we can't just add more resources to the VM, they need to split shit up better.
So I guess all this is to say that it's already happening to a limited degree. I don't enjoy being a gatekeeper, but so many fucking people need so much more training before they start trying to automate shit, and the ever increasing marketing of "you don't need to have a single coherent thought in your head to become a process efficiency master" is fucking poison.
What's the saying? Rather have a lazy smart person than an industrious idiot?
load more comments
(2 replies)
This means either them or more junior developers will be brought in as glorified prompt engineers.
Oh, sweet summer child. It's not going to be junior developers; they still have self-worth. An un(der)paid intern or outsourced contractors, however? They're fine working for scraps and no health insurance.
load more comments
(10 replies)
I'm a fan of AI, I know that's unpopular here but I think it's a cool tool.
But you need to know what you are doing and how to program. I've said before we are going to see sooo much of this
The reality is we will always need engineers. Certainly not ready yet, but we probably won't always need "programmers" - which is a shame because I do get a kick out of solving a really complex problem in a super elegant way
AI is a tool like any other. I wouldn't turn on a power tool, set it down in a construction site, and expect everything to be done the next day.
Copilot saves a lot of time and mental load. I'd never let it vibe code, though. Suggesting is all it gets to do.
I've seen very similar in the wild, the webapp would send a request to the API with the numbers so that the captcha image was generated
We've sent a link and your credentials to all registered phone numbers, please click on it so we know which one you are
The password you have chosen is already in use by a different user ([email protected]). Please choose a different password.
I was curious to see how to get a Masters of Fine Arts with vibe coding but this is much funnier!
In case you're legitimately wondering about the acronym, it's multi-factor authentication
load more comments
(1 replies)
That's so convenient: don't even need to get out your phone.
Now we’re gonna blame any shitty bug on vibe coding, even if it was just a crappy engineer
load more comments
(1 replies)
view more: next ›