@01189998819991197253 @ConstantPain
Security isn't binary, it's a spectrum. You apply the level of security that is appropriate for each situation.
Of course it's *possible* to brute force it, but by the same logic you could brute force jwt tokens, or api keys, or even ssl certs.
It's literally *impossible* to apply "max security" to everything, so you have to prioritize.
What happened was unconscionable, but insisting uuid are mathematically breakable isn't helpful, and can make it worse.
sounds like firebase itself is a hack.
I'm honestly embarrassed by my fellow devs more often than not these days.
What the fuck happened to craftsmanship? Or taking pride in your work?
oh right, techbro startup culture garbage ended it.
@Vince @KickMeElmo malbolge is computationally intense to generate. It's self-modifying, is ternary instead of binary, and after each operation the next opcode gets replaced by its mod 94 value.
It's like the insane sudoku of coding.
Right?
pretty sure there are more possible chess positions than atoms in the earth (universe?), so even if every atom of our planet were converted to transistors there'd be no way to fully represent all possibilities.
@SpaceCowboy @JackbyDev
In a legal context there's also the concept of a "reasonable expectation of privacy". The computer abuse and fraud act defines hacking as accessing data or systems you are not authorized to access.
A better analogy is putting your journal in a public library and getting mad when somone reads it.
I'm not saying what these ass holes did was right, I'm saying that the company weakened their legal position by not protecting the data.