a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment

Yup. It is so scarily easy to upload keys, passwords, etc. into github without realizing it. Especially if you are working with a build system. You set it up, forget about it, upload it to github so your partner can build too, and whoopsies. All your databases and everything else is suddenly there for the taking.

I'm working on some CSS shit for a pretty high level app right now. Most of the stuff the team is working on it way over my head. Apparently the company believes in "microsystems" so there are at least 6 different endpoints we connect to and 4 servers you have to set up before you can see the front end. Everything was fine and git-ignored and there were warnings everywhere. Then they updated the build system. One merge later we had all the build.example.xzy files and the main engineer's build.xyz file. I probably would have never noticed, and it was still in a private dev brand, but I'm glad someone did sooner rather than later.

The reality is, even smart people make mistakes. And it turns out the super geniuses aren't really all that smart about the tiny details. That's why you have 3rd party security consultants. They don't have to be a genius with bold ideas and phenomenal code. All they have to do is check the little shit. Especially with the rate of growth some start ups are experiencing, I wouldn't be surprised if we see more and more fundamental flaws being exposed. I'm just going to laugh when someone injects code or is able to drop a table in the "next big app".