I mean good, gives them time to fix their shit. Purpose of this app is still bullshit though
I stay away from anything this ghoul has to offer
How hard is to enable security audits on GitHub? I’ve literally done it in two clicks. Also how hard is to type “Make me a redteaming GitHub bot that checks every PR and every commit” to an AI provider’s CLI if they don’t want to do that?
Also once again, why they just don’t use Mistral (baguette local language model) to implement ADB checks?
Meanwhile Mr Paul is all about how bad this app is, how he won’t help fix it or do anything for the government(because he was asked i think).
This app needs more work, and second, the attacker needs access to the phone. Now you can access the phone when it’s unattended, steal it, do what you do and then give it back, or do some remote code hacking.I miss the old definition of hack.
I really can’t remember an era where the term hack wasn’t used incorrectly but this case seems a lot more fitting than usual
I hate that melon husk ruined the term “Grok”. Grok, by Heinleins definition, was closely related to Hack, by its original definition in relation to tech. Not to drill new holes, nessecarily, but to understand a system so well that the holes, or lack thereof, are just readily apparent.
Yep, I remember a MSFT vet actually teaching me the term ~15 years ago, when I was working for thrm and … yep, just another thing Elon has fucking ruined by association/appropriation.
Elon quite literally does not grok Grok.
I grok, man
I’m waiting for Melon to ruin “Butlerian jihad”.
thanks for explaining. every time I read grok the bigot in me is like eww Elon, now I know is yet another thing this guy ruined
That message at the bottom was written by “it’s open source so it must be safe” type security expert
“Technically ready”, as per the post the dude replied to. It’s “good enough” to fool idiots. For people that care to scratch the surface, the veneer falls off super easy
Step 1: open source a broken software that was vibe coded in 5 min
Step 2: wait for the internet to fix it
Step 3: profithat was vibe coded in 5 min
When you get proof, like the bots in reddit who all said for sure vibecode, please do share it with us.
I’m not saying its probably not, but you guys throw stuff and thats it, we are done. Other than that, I agree not safe.isn’t it the same everywhere now?
- CEO vibes code some shit that gets some attention
- Sends it your way
- Can you make this production quality?
At least fucking send me the prompts so I understand what you wanted to express instead of me reverse engineering this shit for days
I know this impossible because of that one guy who wants EU app dev on their resume, but the OS devs need to collectively say fuck you and let the shit hit the fan
because of that one guy who wants EU app dev on their resume,
this is the kind of people I despise and who I think deserve eternity in hellfire, but also deserve being spit in the face by all their friends and family
They should be tied in a sack with a cat, a monkey, and a goose, and the whole thing chucked in the river.
How about we don’t phantasize about lynching? Although I get the sentiment, but that’s going too far.
As if Ursula knew what she is talking about. Nevertheless, this is a terrible idea and most likely something with another agenda behind, other than the stated reasons.
With that being said, we need another president for the commission and perhaps a completely different commission. How many years until her term ends?
Well, im glad its opensource
Half-expecting it to become closed source ‘to prevent people from hacking it so easily’ as a result of the embarrassment of this sort of thing.
And this is government software handling sensitive information. I thought people were required to have higher qualifications and good security knowledge to develop software there, we are cooked if this is the norm.
Yeah so it turns out that basically the entire field of cyber security is 95% a complete joke.
As evidenced by everything gets hacked all the fucking time and massive data breaches are so commonplace they’re usually barely newsworthy.
There of course are a small number of people who can actually oversee/implement reasonably secure code development, but, well, that costs money and takes time, but it does not cost anywhere near as much money or time to just confidently lie to people and pretend you know what you’re doing.
Governments tend to just defer to “industry experts”, which basically means ‘big dumb idiot corporation that verifies their robustness via a human centipede of paid consultants’.
Highly qualified people are probably not interested in working for the government. Or maybe this was outsourced to some cheap private company, who knows.
You would think right. I recently had a transit pass loading application update and demand that I turn off developer mode to continue use. This app is also run by a government agency across the pond(canada). Went over to the play store reviews and were all complaining about it.
They allege it was to help protect accounts and personal data. Ok, then why doesn’t my bank account get compromised regularly? Or any other account I’ve logged into on my phone literally ever because I had turned on dev mode weeks after getting my first android 10 years ago. This application has been janky for years and only in the past month have they made positive changes to its functionality. I am biased and maybe more irked then necessary but I do expect better/the minimum from these kinds of institutions.
They allege it was to help protect accounts and personal data.
TBH it scares me that more and more things may go this way. You want online banking, or w/e? Well! You better use “trusted device”! What does “trusted device” mean? It means the device is locked down against its “owner”.
It’s like a relentless march where personal computing dies and corporate computing takes over. Ever more, our technology answers to big tech, not us.
Also doesn’t help that these companies pass around money with eachother and government entities all the time so they don’t tecnically need any of our business to function. Which enables them to pull this kinda shit and wait for us to get mad enough or to put up with it.
My concern in the long run is that over time the newer generations arent going to ever learn/know how freeing personal computing used to be. They’ll gradually put up with worser and worser and this intrusive encroach on our technological freedom is going to look terribly different in the coming decades.
My concern in the long run is that over time the newer generations arent going to ever learn/know how freeing personal computing used to be.
Oh absolutely! It becomes normalized for those who never knew any other way.
I lucked out, my pa was a techie and got me steered towards the importance of tech freedom. Not everyone is so fortunate. Tech is almost an extension of our minds now. How we remember. How we learn. How we communicate. When we give away control of our devices to big tech, it’s like giving away control of our thoughts and emotions. Even our culture.
Governments are the biggest pushes of AI, this was probably vibe coded.
I’ve seen worse examples of government software handling sensitive information.
Why would you tell them about this? LLMs are creating a golden era of cracking, and exploits are currency.
Some people actually want to improve the world without needing to get rich quick
What, by helping governments impose online controls on their own people? So thankless.
Sometimes people won’t understand that an idea can’t work until they try implementing it and the practical issues hit them in the face. Better now than once everyone is forced to use it.
I guess if they have a bug bounty you’re still helping the fuckers, just taking cash for it. At least this way they are looking stupid and incompetent.
Apparently respecting highest privacy standards doesn’t have anything to do with cybersecurity standards.
A shiny new bucket doesn’t leak, but the lid can’t be locked so anyone with two hands should be able to open it up and see what’s inside. Sure, it’s private, but not secure.
The only way they will get the message is if there is a concerted white hat campaign targeting EU lawmakers to show them the error of their ways. If they refuse to see, then some black hats need to make them feel it.
Everyone knew this was coming. The German state can’t produce quality software.
the COVID tracking app was pretty solid as far as I remember… even the CCC gave it’s recommendation back in the day.
The CCC said it was technically solid. But it was wildly expensive, which was not that big of a deal since we had COVID
Oh, they definitely can. But one can choose to accidentally make programming mistakes
Looking at AusweisApp2, just works.
And, is there already a 1.0 release of the new App or is this still pre release?
